Some people were the victims of their own stupidity by downloading russian cracks for programs with non-detectable trojans in them that got passed the laughable downgraded defenses from the online banking in Belgium.
The problem of online russian attacks with a very high sophistication level and a precision of targeting can be bigger than the media led us to believe.
When I am upset I say no and when not i say 'yes, but you have to....' and than people look at me with great eyes and say 'I can't do that' and than I say 'sorry'. Most of the times, it takes some more time and things get done, but as they should be, not as they could be.
I don't know if you know the story about the naked king ?
There was once a king and he wanted always to have the best clothes. He wanted to look at his finest the whole day every day. Every day he paraded with his new clothes in the streets of the capital. One day two smart crooks came by and said they would make the most beautiful clothes. He believed them and made so-called invisible clothes for him. His friends, family and court didn't have the courage that the king was naked when he went outside in the capital to parade in his invisible clothes. It was a good laugh for the citizens of the capital and a very embarassing moment for the naked king.
The ITsecurity advisor should say to the king that if he places these services or servers on the network his whole system will go down and that he will be the laughing stock of the internet. Even if he gets fired for that.
If there is one rule in life is that you don't write down what you don't want to be remembered and proven afterwards. It is surprising what people sometimes write down in email and than forget that email is not a conversation. It is digital paper and it is saved automatically on different locations.
Now in Flanders one political businessfriend was so smart to write down in email how he wanted the minister to circumvent the law to get some contracts and the minister was so smart to respond to that, elaborating.
Even very smart people can do some very stupid things in email.
some tricks to stop shooting yourself in the foot, the head and the heart
* if you want to respond because you are angry, respond to yourself
* if you do not have to respond, don't
* if you have to respond, respond legally in email. A word like 'received' is enough. This doesn't indicate anything else than just that. Better even is that you mail, "I do not agree with this".
* do not accept emailtranscripts of phone or other conversations as the final version
* think twice which emailservice to use
So you are doing some business espionage and are looking for business intelligence ? SWell you will love the new egov environment.
Everything has now to be done by electronic documents that can de downloaded and saved as PDF. Those are most of the time neither encrypted neither autodestructing so once you've got them, you will just have to crack a password if there is one.
So at the end of the project there are thousands of documents with confidential business information flowing around on networks, pc's and laptops (yes, let the children play on P2P dad and don't forget to let your wireless connection open) and networks.
Targeted attacks against those networks and users of these networks are the future. Big money, smart hackers, faraway countries and attack codes and routes we are only discovering bit by bit.
So you are sitting in a discussion and you hear some security-bullshit that says you shouldn't worry about a thing, that what you are thinking is not possible, it is just FUD and you are paranoid
name program OS protocol whatever and
exploit vulnerable hack attack security scan
and the discussion can be closed
ps set Google advanced to 100, english and last 2 years
closed three discussion that way on one day
Was at a conference last.
The guy (an engineer from a very very important thing) showed us a best practice how to use different identifiers to find important secret information about businesses in a closed official database.
"You copy paste it in a text file on your laptop"
maybe we should call the textfile 'business identifiers for ----- database" so the botnet operator knows what to do with it
and it is very secure, believe me..... Trust us... blindly by preference.
If you know something about security and follow security news you are welcome if you some things to write that are interesting and don't make the Belgian news.
you will have access to a lot of different resources that are private now (1200 RSS feeds, 4000 links with a cache of the article,....) after 25 posts.
to be clair
freeware goes in freeware.skynetblogs
videos goes in vids.skynetblogs.
bookz and docs goes in books.skynetblogs