Monday, October 29, 2007

VLAO site defaced and my comments ...

Last night the VLAO site (Vlaams Agentschap Ondernemen) was defaced by some Turkish Nationalists. This was not the first time this year as we saw as well some defacements from the Ministry of Defense site and even my own son's clan-gaming site.
The hacker seems to be against the Belgian authorities who are favouring (citing the hacker) Kurdistan and the PKK.
I was interviewed a few moments ago on Radio 1 during the magazine 'Vandaag' concerning the repeating problem of defacements of sites. You can hear this interview shortly at our press page.

Wednesday, October 24, 2007

Hackers hacked at ...

A fellow blogger Didier Stevens witnessed a MITM attack on the TLS at this weekend ( is a hacker/security conference held in Luxembourg). Thomes Roessler, who was also in the room, managed to capture a lot more than a screenshot and posted his fact-findings here at this link.

Quote from his post:
So, what happened? As I said in a spontaneous lightning talk after that session, my diagnosis was that somebody was running a man-in-the-middle attack on a room full of security people. The tool they were using rewrote the TLS certificates that were shown by servers, but tried to keep the human-readable information in the certificate intact. (As Benny K notes in a comment, "the certificate seemed fine".)

Several people found it fascinating that several security professionals in the room still accepted the forged certificate while they new they were connected to a hostile wireless network. What if this happened during an anti-malware conference?
Would the result be different? In my opinion it shows the real thougts from a bad minded security guy. Is that not the real difference between the real security and the anti-malware world which is still a little bit different? I don't know.

Saturday, October 20, 2007

EICAR, MP3 Spam, media stuff, etc ...

I'm getting ready for the EICAR member's meeting this year in Munich, Germany this year. The timing is exceptional as we did have to suspend the EICAR's conference this year. However EICAR is back very strong and we will announce more about the upcoming cconference during the next weeks!
Like I told in my former blog I'm terribly busy and the media is also terribly busy with me. I got a very interesting interview with Koen Fillet from Radio 1 and also the newspaper 'De Morgen' asked my reaction about the fraude countermeasures from the FCCU in Belgium. You will find those 2 interviews shortly on my press page.
And more is coming in P-magazine normally next week .... a magazine with sometimes .. eh interesting 'babes'. ;-)
And how's everything on the malware front ... well I see more MP3-spam coming up: this is again a new beginning upcoming problem, maybe not really problematic for enterprises but definitely for home users! So pay attention from now for MP3-spam.
GFI notified me concerning this new problem. A sample of this mp3 spam can be downloaded at .

Oh yes, at the end of next week I'm leaving for a city trip to Lissabon with my wife. I can assure you: I need it!

Friday, October 12, 2007

De Morgen, De Zevende Dag, South Russia, Luxembourg ...Busy Weeks...

I'm not blogging a lot these days as I'm really unbelievable busy on a lot of fronts .... I wrote a nice opinion article about the online-bank hacking in the newspaper 'De Morgen' this week (Tuesday) and as reaction I got the VRT 'Zevende Dag' calling me and asking me to explain my opinion next Sunday live on television. (Have a look at my press page if you want to read this article.) So if you want to see me 'live', just tune to VRT één 'De Zevende Dag' between 11 and 13 o'clock now 14 October. I just wanted to post this earlier but guess what: I was in Luxembourg and got loads of problems with my internet access. I'll try to find a better hotel next week as I will return to Luxembourg for business again. Meantime a Russian marketing agency asked me to do a keynote speech for the South-Russia IT Summit. So if everything turns out correctly I will be there next month around 15 November. I will post more on this shortly. And that's not the end yet ...

Sunday, October 07, 2007

Belgian online banking hacking problem is not new.

A lot of media attention came up the last 2 days as it appeared that the on-line banking possibilities of 3 banks (Dexia, KBC and Argenta) were hacked by the Russian maffia.
Well to my opinion this is NOT a new incident. It's just now that one quality newspaper 'De Tijd' came up with this story and most other media followed and created a lot of attention to this story. This is definitely nothing new as I already brought this to the attention of the media during an opinion article for Data News for Infosec this year and also during an interview for the magazine Knack several months ago and even for the magazine 'Koppen' a few weeks ago. But ... nobody seems to be carefully reading or paying attention to what I told at that moment.

So what happened? Well the normal problems came up of course ... pc's with bad protection ... a combination of spyware, backdoors, keyloggers, phishing, no hardware tokens used, key saved on the hard drive, etc and 'tada' your online banking account was cracked. Of course this is not interesting for the bankaccount holder as he saw a few days later that he didn't have any money left on his account. But what again is the basic problem?

Yes, you guessed it ... bad protection on one or both sides and that's of course the 'real' reason why suddenly a lot of banks are improving their security this year, isn't it? Maybe not, but still even with the best protection in place there will be always a possible 'dedicated' way to steal your data or your money. If it's done by a dedicated attack you always will loose ...
and what did I told everybody about dedicated attacks at the end of last year: it is growing and it's underestimated. Something I also spoke about during my roadshow for KMO-IT and in one of my YouTube broadcasts.

BTW I was interviewed by radio station 'Bel RTL' for this topic. I will post this to my press page shortly. Did you notice it as well: Didn't you saw any real malware expert coming up in any broadcast about this matter? And oh yes, who told the press that the attack actually came from the Russian maffia ...