New PGP key

Just a short notice that I updated my PGP key. Barely anyone ever used my key and sent me encrypted email. But as I'm lately getting more involved in CERT/CSIRT related activities and communication with teams around the world, there was a need for starting encrypting my mails again.

My key can be found on the usual keyserver(s) and the fingerprint is: 16BD 01DD DD08 1144 48DF 4464 D3FB 8E48 B68C F245

I'm not sure if I'll pick up blogging again soon, but don't unsubscribe just yet. My move to Japan was very interesting and the adventure has only just started!

(Cartoon courtesy of XKCD)


The unofficial BruCON party guide (plz RT)

The third edition of BruCON is about to happen and I'm really looking forward to it. This is an attempt to the Hitchhikers Guide to the... euhm... fun bits of BruCON. Besides the workshops, presentations and training of BruCON, there are also some social events you can attend. So here we go.

First is SushiCon, the pre-BruCON get-together at a Japanese restaurant. Details here. After dinner we'll head for the Belgian beer heavens. You can just join us for a beer later as well. Check Twitter for last minute movements.

Second main event is of course the BruCON party @ Havana Club on Monday evening! Feel free to throw some events of your own and list them on the wiki. For ad-hoc meetings, follow the #brucon hashtag.

The BruCON wiki also has a small list of bars / restaurants (plus recommendations of beer) etc you can explore! It's far from complete so please expand this page based on what you know or discover!!

Now what about Travel aka How to get around? Apart from the basic BruCON Travel page, here are some tips:

Once in the city, the metro/tram will probably be your main mode of transportation! The metro connects the BruCON hotel (Ibiz) with the city center (Grand place) and the BruCON Venue @ VUB. Check out this awesome Google map with all of the known BruCON (party) locations. (hat tip to @5M7X)

Metro Stops: Here is the network map of the Metro:
Payment: You can get a pre-paid 10-journey card at newsstands and vending machines at the stations: (if they sell the MOBIB one, it's RFID based on Calypso). The difference between the MOBIB and the JUMP card is that the JUMP also allows you to take the train between the different Brussels stations (but not beyond Brussels).

Getting from Ibiz hotel to Grand Place:
Take Tramway route 4 direction GARE DU NORD. At 8:08, get off at stop BOURSE (5 min.) or alternatively, you can walk for +-25 minutes.
Getting from VUB (BruCON) to Grand Place:
Walk to stop DELTA (3 min.). Take Metro route 5 direction ERASME. Get off at stop GARE CENTRALE (12 min.) and walk to Grand Place. (check Google map)
Getting from Ibiz hotel to VUB:
This PDF map from VUB explain all the possible transits from all major stations (South (Midi), Central and North)

So I hope this helps. Have fun but keep it safe! See you all at BruCON!

UPDATE: First new event on Saturday already popped up (hat tip to Andreas):

Moeder Lambic feat. Stone Brew Co. 30 Belgian beers on tap, 30 US specialty beers from Stone Brewing Co on tap, and to finish it off, the Cantillon Zwanze will be served on saturday. Historic event not to miss for any beer geek. Date: Saturday, 17th @19:00
Keep checking the events page for updates!!


Help improve the CISSP community. Support Wim.

My blog kinda died down after being involved with BruCON and I wasn't really planning on blogging again unless I had some good (original) content. Since I'm going for the JLPT1 certification in the next years, this may take a while. BUT I'll make an exception today to support Wim.

A lot of us in the infosec community have a CISSP. The first reason is to bypass the HR checklist filters but is there really an added value besides it? I hear a lot of the people in this community being more critical with the years. Especially the CISSP code of ethics is something I think is too black and white.

But why only complain about it? Why not TRY to change things for the better. This is why Wim Remes has decided to try for a board election. I know him personally and I can vouch a 100% for him. Here are some of his points:

  • A closer collaboration with the information security community at large. This means recognition of what is currently considered to be an outlawish community but what I consider as a treasure trove of knowledge and capability that remains untapped. Either because we are afraid of what we don't understand or because hackers are still suffering from a bad image. Not in my book!
  • A review of the certification requirements for the flagship (ISC)2 certification, the CISSP, in order to bring it back to the level it once was on. Ideally with the incorporation of more in-depth requirements on a technical level, requirements in soft skills and, possibly, the addition of a written paper requirement that would show the knowledge the candidate has acquired during the learning process. This last requirement would feedback into the community becoming a valuable resource for security professionals globally.
  • I am from Europe. I still feel that many of the subject covered by (ISC)2 and other organizations are focused on the US. My goal is to widen the efforts to a global approach that brings communities from different continents together instead of seperating them further. While there is a different in laws, culture, etc. across continents, I firmly belief that we have more in common and there needs to be a better collaboration in order to address the security challenges we have coming at us.

Check out more details here. Or listen to the latest Eurotrashsec podcast where he explains more about his views.

For the latest updates, follow the #wim4board hashtag on Twitter

Don't just take my word for it. I can also see that I am not the only one who thinks this is a good idea. He has the support of a lot of good people.

You don't have the certificate? Then give out a shout to him online and throw up a blogpost!

Got for it Wim!!!


How to follow #Blackhat / #Defcon / #BsidesLV without being there (2011 edition)

Note: update of my similar older posts

Well, I'm one of the poor souls who couldn't make it to the Blackhat/Defcon / SecurityBsides fun. There are some ways to follow the events in Vegas (real time). ;-)

The first tool is to use twitter and follow the hashtags #defcon, #blackhat and #bsideslv. If you have a twitter account, I would recommend installing tweetdeck and setting up 3 search columns. For those without a twitter account, you can use the Twitter search (and import it through RSS) or even better: which is more interactive. Alternatively, give monitter also a try. Has a more Tweetdeck column "feel". I like it.

Keep an eye on the Security Bloggers Network (RSS). A lot of security bloggers will be covering the event.

You can also monitor Flickr for the tag 'defcon19' (RSS). And this site collects all the @blackhat and @defcon pictures from twitter: and

This social media aggregator also looks nice:, and (all your tweets and twitpics are belong to us!) ;-)

I think that's more then enough to follow the event except for a live video stream. And in a limited way, for Blackhat there is one: Giving it a go as we speak.

If you have more tips, feel free to mention them in the comments.


Are you a pentester? Then read this!

If you work in a Redteam, then the following "project" is certainly one to take note of!!!

The Open Penetration Testing Bookmarks Collection …is just that, a collection of handy bookmarks I initially collected that aid me in my day to day work or I find in the course of research. They are not all inclusive and some sections need to be parsed but they are all good reference materials. I find having this Hackery folder in Firefox an easy way to reference syntax, tricks, methods, and generally facilitate and organize research. Hopefully the initial set will grow and expand. Opening it up to everyone will facilitate a knowledge transfer.
Speaking of Pentesting, a lot of people have been complaining about the difference of quality and the lack of a standard for Pentesting assignments. So here we have it: the "Penetration Testing Execution Standard" has been kicked off by some experienced people from the field! It's far from finished but I expect some good things to come from it. Check it out!!!


The Dutch National Cyber Security Strategy

Our Dutch neighbors will start a National Cyber Security Center. will play a major role and published the strategy document this week. A lot of non-brainers are in there like the need for more international collaboration etc... There is an English version so you can read it yourself.

Download here

They did mention the need for more individual responsibility but apart from awareness campaigns, I'm not sure how they will achieve this. A lot of reports show that 30-50% (some even more) of consumers are infected with some kind of malware and this is certainly a problem that we need to tackle.

There was one little detail in the report that sparked my interest: "International Watch and Warning Network (IWWN)". I never heard about this before so please excuse me while I'll go Google it!

Does your country have a strategy? Link it below! ;-)

When a CERT has to break the law

I spotted an interesting article on ZDnet Australia today: "Fraudsters escape as laws bind AusCERT".

AusCERT head Graham Ingram said the logs were previously viewable in plain text, but are now stored in a protected MySQL format.

"They are encrypted and we can't break that by law," he told an audience at the National Security Australia conference in Sydney yesterday.

This was the part that caught my eye. Is this a new trend? Is this a legal issue limited to Australia? At least I hope so. There have been many examples on police getting exempt from certain security laws like the "police trojans" (Germany). I have mixed feelings about such actions but I totally support a CERT or forensics team bypassing "protected" parts of a system if crimeware is involved. I'm just wondering if the malware writers had this legal issue in mind when they 'protected' the info or if they were just protecting their assets against competitors?

Speaking of CERTs, CERT Polska published a really interesting article today on the new Zeus malware involving banking trojans that infect Blackberries and Android phones. Check it out here. Now that banks are gearing towards dual authentication through phones and/or mobile apps, the threat landscape just followed. Where there is money, there is.....


Threat Whitepapers of the week to read

Several interesting papers turned up on my Twitterfeed last week. I recommend you read them. Most of them share some "themes". Enjoy!!

Some might have a (hidden) commercial message and a little FUD, but it's better then reading the Sunday newspaper. Hey, at least for me. ;-)


#blackhat day 1: my small collection of articles, pics, video, tools and quotes

While not being at Blackhat USA, BsidesLasVegas or Defcon, I did put my own advice to practice on how to follow the conferences online. There is probably a lot more and a lot that I missed but here is a small selection of information that caught my eye. Enjoy.


Twitter quotes:
Related posts:


How to follow #Blackhat / #Defcon / #BsidesLV without being there (updated x4)

Note: this is a rehash of a previous blogpost

Well, I'm one of the poor souls who couldn't make it to the Blackhat/Defcon / SecurityBsides fun. There are some ways to follow the events in Vegas (real time). ;-)

The first tool is to use twitter and follow the hashtags #defcon, #blackhat and #bsideslv. If you have a twitter account, I would recommend installing tweetdeck and setting up 3 search columns. For those without a twitter account, you can use the Twitter search (and import it through RSS) or even better: which is more interactive.

Keep an eye on the Security Bloggers Network (RSS) and a Technorati search (RSS). A lot of security bloggers will be covering the event.

You can also monitor Flickr for the tag 'defcon18' (RSS). And this site collects all the @blackhat and @defcon pictures from twitter: and

This social media aggregator also looks nice: and (all you tweets and twitpics are belong to us!) ;-)

I think that's more then enough to follow the event except for a live video stream. ;-)

If you have more tips, feel free to mention them in the comments.

Update: added SecurityBSides (thanks @webantix), shame on me for forgetting
Update 2: I know there is a video stream for Blackhat but it's not free so that's why I didn't mention it!
Update 3: Added
Update 4: Added


Wikileaks needs YOUR help!!

If you don't know what wikileaks is, read this first. Wikileaks is under fire and need helps. And there are several ways to do that. I made a 25 euro donation and dedicated this blogpost to them to help. I'm asking you to do the same or help them in any way you can!

WikiLeaks a small organization going through enormous growth and operating in an adverserial, high-security environment which can make communication time consuming and the acquisition of new staff and volunteers, also difficult since they require high levels of trust.

To try and deal with our growth and the current difficult situation, we want to get you to work together with our other supporters to set up a "Friends of WikiLeaks" group in your area. We have multiple supporters in most countries and would like to see them be a strong and independent force.

Please write to if you are interested in helping with Friends of WikiLeaks in your area. You will receive further instructions.

We also have significant unexpected legal costs (for example flying a legal team to Kuwait, video production. Collateral Murder production costs were $50,000 all up).

Any financial contributions will be of IMMEDIATE assistance.

Please donate and tell the world that you have done so. Encourage all your friends to follow the example you set, after all, courage is contagious. (Source: Wikileaks)

Related posts:


Hacking = Innovation

I didn't really expect my rant to make it to today. It's funny to see that the term is almost as religiously debated as the choice of favorite linux distro.

I never said that we couldn't use the term hacker in more meaning then the original one, but we should also explain the other (positive) meanings from time to time. Which was my purpose and goal.

My problem is the use of the word hacker, just to grab attention and get more hits to the news article. Even if it barely fits the case of a cybercriminal. That was my real issue.

But I give journalists credit for sometimes writing good articles without hyping the word hacker. This week there was this NYT article on a study done on US powergrid vulnerabilities. Ok, they used the term "cyberwarrior" but maybe only once. And did a great piece on hackerspaces before. So it isn't all bad all the time.

Now some people said that it should be generally accepted that it means a criminal and I don't completely agree. Just have a look at wikipedia:



Analogous meanings in other fields are:

Yes, you can scold me for using wikipedia. But besides the many meaning of this word mentioned here, was the category that they belong to!!! INNOVATION!! And not just the old "meaning" of taking things apart. Hacking = innovation. And I hope we can communicate this as counterbalance to some of the press out there.

Have a look at this BruCON presentation by Astera on Hackerspaces and make up your mind.

Building Hackerspaces Everywhere - Astera - BruCON 2009 from security4all on Vimeo.


Three strike law threatening Belgium and "The Internet is freedom"

I saw this Datanews article (Dutch) that a Senator has proposed a three strike law for copyright protection in Belgium. I hoped that this insanity would stay in the UK and France but it seems it has come to Belgium as well. Spying on citizens and disconnecting them from the internet is not the way!!

As the internet has become a central part of our lives, it's becoming a basic right and need like electricity and water. And every person has the right to have it. You can't regulate a market that refuses to innovate and protect their "dying way". Labeling our children as pirates or terrorists is not the way to solve this issue.

Just last week, the copyright watchdog SABAM in Belgium was accused of not paying 200 million euro (zita) due fees back to artists. Yet, "pirates" are accused of causing all the issues.

I hope that everyone involved in this discussion takes 30 minutes to look at this presentation of Lawrence Lessig below that he gave before the Italian parliament. He explains it better then I ever could. Have a look! Take the time!

Blog and tweet about this. Engage others and write to your elected politicians. Don't sit idle!


The media spinwheel on the word Hacker. My rant of the day.

Hacker Disables More Than 100 Cars Remotely ( This story circulated a lot on different websites and on Twitter today and is the reason for this rant.

Normally I have high regards for for the articles they write, including the series they did on hackerspaces. But with this article, they really disappointed me. I'm used that the main media makes this mistake but not Wired.

How would you define an ex-employee, guessing or stealing a former co-worker's password to access the system and screwing with it out of revenge? A cybercriminal? A hacker?

Wrong and wrong. It's an insider threat! He really must had mad 1337 skills to pull this one off!

I know that the word hacker is a confusing term meaning a lot of different things to different people, including the media's insistent wish to use it to describe cybercriminals. (Hint: use a dictionary).
But this all leads to so many misunderstanding. Hardware hacker, blackhat hackers, whitehat hackers, greyhat hackers, software hackers, kernel hackers, lifehackers, script kiddies, etc etc.... there are so many different dimensions to the word hacker that it leaves the average outsider confused.

But I have to be honest, I sometimes catch even myself using the word hacker in the context of 'cybercriminal'. Even if I know better, it's a bad habit. I often try to correct myself and others but it's an uphill battle. Let's use more specific terms!

But a lot of the above variations have a common element: taking things apart and learning how they work and improve on them. It's this sharing and curiosity of how things work that is at the core of the original meaning of 'hacking' and involve non-computer related domains as well.

I'm a big supporter of the rise of the current flood of hackerspaces around the world and also in Belgium. As these spaces embody the original meaning of hacking and enables users to learn and share knowledge. Sometimes compared to Do-it-yourself labs or workplaces (

Frank Rieger, part of the Chaos Computer Club couldn't have said it better in this BBC article today:

For CCC member Frank Rieger, the word hacking - the process of reconfiguring or reprogramming a system to do things that its inventor never intended - needs to be reclaimed, and stripped of negative connotations.


"We are trying to show people the beauty of technology, and how exciting it can be to find out new stuff and then do good things with that," he says. (Source: BBC news)

Emphasis added by me. So is it time to educate the media and others to reclaim the word hacker for what it really means? It might be!

I have no special talent, I am only passionately curious -- Albert Einstein

Related posts: