27-09-07

Google Ads context doet soms rare dingen

trotz_1

deze contextual ads zijn veel te laat want de verkiezingen zijn al lang voorbij en trouwens deze tegenkandidaat voorzitter zou een pub krijgen voor de officiële sp, wel contextuele ads zijn een gevaarlijk goedje gewoonweg

soms wel grappig

00:13 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

24-09-07

what would the risk assessment be if Belgium would spit ?

Just simple, you can't even start because there are so many unknown factors and so many things that would take years to negotiate and so many scenario's with so many different possible outcomes that the balance could tilt totally in the direction of 'don't start what you can't end.'

Belgium is not tsjechoslavkije. The economies, transport and public infrastructure are much more intertwinned than was the case in tsjechoslov. There is one capital Brussels that brings in billions of Euro's each year for both regions because it is an international diplomatic capital. Playing with Belgium and losing Brussels would have immediate effects on every region. The unknown factor is if the European Commission and the hundreds of other organisations and institutions would stay if Brussels was to become 'independent'. This would not be up for the ex-belgians to decide. Can you imagine Brussels without European institutions ? Half of its center would be a ghosttown, real-estate prices would crash and employment would follow, because there would be no strategic reason for all those headquarters to stay in Brussels.

The social security, health care and pensions are another factor with which one can't play without making a risk assessment. And when you note the risks, you will see that the only effect would be that the risks would afterwards be distributed among smaller populations that would be more vulnerable to demographic trends, privatisations and epidemics. Do not forget that Flanders will have in 10 years from here a population that would have more pensioners and older sick people than the other regions.

And there are so many other risks and unforeseenable events and scenario's that the old rule of IT should come back to politics.

Do not fix it if it ain't broke

Just patch it a little here and a little there. And go on with the work you were elected for.

14:29 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

European Nuclear industry doesn't think about cyberwar

http://www.eurosafe-forum.org/grafik/eurosafe_2007_progra...

This franco-german organisation called 'eurosafe' treats security problems around and with the nuclear industry. But is is solely focused on environmental and mechanical aspects of security. In the last years only one presentation was given about the security of the software they were using.

It is like the neighbor who has dogs, guns, metal doors and anti-burglar windows but who controls his garage door with wifi or bluebooth. Security is not only the things that you see. It is thinking about the things that could happen and the things you don't know about yet but should investigate. They should investigate their cybernetworks and their software and be absolutely sure that everything is 1000% as it should be now and in the future.

Scade networks and network connections need to be as secure as the anti aircraft missiles around the nuclear installations.

12:43 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

23-09-07

the difference between quantitative and qualitative risk assessment

I am reading a lot nowadays about risk assessment. The best advice I should give you is to read several books before talking to consultants because every book seems a bit different from another, so without having enough background information the consultants will be able to push you in a particular direction. If he is just out to earn a lot of money, he will set up a very complicated and enduring process that will lead nowhere on the field.

Today I experienced a good example of the difference between quantitative and qualitative risk assessment.

The belgian national railways are working on their infrastructure and for this reasons trains to the coast would take 40 minutes more than usual.

In the quantitative risk assessment the probability of having a sunny weekend this weekend is statistically nearly non-existant. And so if one informs everybody that is on the train during the weeks before would be sufficient.

In the qualitative risk assessment there is a probability that there can be a very sunny weekend during these weekends and so there is a possibility that thousands of people will take the train who didn't take the train during the weeks before because there was no sun. So you should foresee communication on tv and radio and in the press and you must foresee more extra trains and be prepared that if anything else goes wrong you have the procedures in place to restore the network or trainnetwork because otherwise there will be an exponential dynamic of chaos.

A stupid example. I do not believe there is any professional risk assessment in our national railway company.

23:56 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

Chinese cyberattacks becoming more complex

Since many years there have been reports that cyberwar is next on our doorstep and some films (even recent ones like die hard 4) have glamorized this. The panick around the Chinese cyberattacks on our cyberinfrastructure is good for a big laugh. Why ?

For three reasons. First European Commission nor any European country is investing appropriately in cyberdefense and the protection of the networks and infrastructure. The fact that in Belgian there is still no CERT and the Belgian government in place have done nothing to implement what it has voted with the new Telecomlaw is just typical.

Secondly The reports that the Chinese are building (just as the Americans who are even actively seeking to recruit hackers) a Cyberarmy are already several months old. What do you think those thousands of cybersoldiers would do all day behind their screens ? Play videogames ? Watch movies ? Like any soldiers they would like some action..... See if their stuff actually works. Even without telling 'on paper' their superiors who afterwards can deny everything.

Thirdly The malicious traffic coming out of China is - aside from these cyberattacks - something every admin is used to. According to one study there are millions of botnet infected computers behind the great political internetfirewall of China. You can't get a political internetmessage out of China, but you may freely bombard the world with phishing, viruses and spam. China is saying it will change that and start filtering that malicious traffic, but we will have to see it before believing.

The most interesting part about the Chinese story is that according to a new newsreport coming out of the States is that they infiltrated the Pentagon Network by hopping in from the networks from their 'trusted' firms. Every  network has - had ? - priviliged network acces for the supportpeople from the firms that installed and furnished the goods and services. Should we trust any network blindly knowing that there are now thousands of cybersoldiers working all over the world ? Hackers are one thing, but cybersoldiers are different.

Question a belgian journalist should ask  Do we have a cyberarmy - a cyberstrategy ? On paper.... we a an virtual army on paper...

23:45 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

Scada network, cyberattacks and nuclear powerplants

SCADA networks are old networks that were placed many years ago to control the electricity and other networks that are the backbone of our economy. At that time security was no issue at all because no one else had access and no one even know it even existed. But you know how it goes. Somebody somewhere has a great idea and finds a business model and it gets implemented before a cynical or security guy has something to say about it (the are just a pain in the ass for management....).

So these networks got connected to the internet. Management was modernized from one day to another. Welcome to the 21th century. They had modernized access and management sure, but they had access and management over a totally insecured and never tested network.

If that network was to count pigeons, who would care ? But these networks are controlling and managing power lines, water infrastructure and the rest.

Why would any hacker want to disrupt that ? Well, for one thing he may find it more fun than just changing the frontpage of some stupid site with an automated tool. And what about cybersoldiers and cyberwarstrategy ?

For the Belgians, remember there was one network that went down during the Y2K timeframe. It was the SCADA network for incident control in our nuclear powerplants. In the US it took a hacker 2 weeks to penetrate and more or less 'own' a nuclear powerplant network (hey iranians, why build one yourself, spare yourself the trouble and hack one in the US - joke). Luckily it was an exercise.

 In our small country there is a website linked to nuclear business that has published on the web the total structure of its database behind the website. The strict Belgian cyberlaw has no formulae to be more precise and inform the authorities without risk. (maybe time to change this if there will ever be a new government....)

23:36 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

21-09-07

NYT totally free, others may follow

Some years ago publishers were sure that advertising wasn't bringing in enough money and that surfers would be willing to pay (micropayments) for each article they would write - even before reading them. They thought that their content was so good that people would actually pay more to read it online. The New York Times was one of the first to decide this.

Now many years later, the online advertising market has exploded and people aren't so willing to pay for the content, even quality content. Everything turns around content these days, but content that brings in reaers and so advertising.

In belgium many publications are still behind walled garden asking money for each article. Maybe they will now follow the american examples they have followed so many years ago. It is possible that they hesitate because online advertising hasn't made the difference here Yet.

23:08 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |