home-DTAP    IAF    Mindset    Glossary    DTAP    Security    (Ir)responsible    Project
IT tech    Hacked 4us    Outsourced    licensing     history famous       top  bottom

IT irresponsible

protection leak At some time all the forgotten ignored bad things are coming up. Is is waiting for a disaster to happen.

At the Security chapter the IT high level regualtions with references to other personal pages are made.

Some chapters like "hardening sas" are handling the very technical details result of regulations.

working on this I´m working mostly on other pages at this moment (aug 2012).
Found this was subject to do as dedicated subject. Links and parapgraph´s will be moved to here.

For the most time this page will be a mesh-up. As soon I see the hit-ratio will grow I will do a clean-up.

IT technical & design - exploit



IT approaches

No Silver Bullet — Essence and Accidents of Software Engineering" is a widely discussed paper on software engineering written by Fred Brooks in 1986. Brooks argues that "there is no single development, in either technology or management technique, which by itself promises even one order of magnitude [tenfold] improvement within a decade in productivity, in reliability, in simplicity. " He also states that "we cannot expect ever to see two-fold gains every two years" in software development, like there is in hardware development.


SF ethics and social messages

Phrases from The Hitchhiker's Guide to the Galaxy (1978) — Answer to the Ultimate Question of Life, The Universe, and Everything from the supercomputer - 42

Paswword hacks


Paswword hacks news

Are getting more and more into news.
Password hacks
Bank data of 20 million customers leaked in South Korea (zdnet)
450k-yahoo (techrepublic)
Hacker Takes Millions of SC Citizens' Personal Info (wltx)
Kids 'using coding skills to hack' friends on games, expert says (bbc) Using C#, Visual Basic used by children.

weakest link
exploits PHP, cgibin
PHP has a basic unsecure way of executing code with a generic key. An other problem is shell scripting :
Note that the shell-script is inherently insecure because it does shell expansion, the correct way to pass on arguments would be "$@" 2012/05/php-cgi (securi.net) , 2012/05/php-cgi (eindbazen.net) , 41412/Hackers jagen (nl) (security.nl) phpcgi.shtml (javascriptkit.com)

Even left the exploits as to be solved. The php manual is containing a warning for executing code this way as it does no separation, it is just trying to encapsulate fucntionality. CERT advisory: CA-96.11 recommends against placing any interpreters into cgi-bin. See: manual/en/security (php.net) CA-1996-11 (cert)

weakest link
exploits JAVA

weakest link

IT tech    Hacked 4us    Outsourced    licensing     history famous       top  bottom

Virus, hoax scareware - Hacked

http://www.reuters.com/article/2013/12/25/us-target-databreach-idUSBRE9BN0L220131225 http://www.bbc.co.uk/news/technology-25398408 http://www.nu.nl/internet/2880097/ruim-20-instellingen-getroffen-virus-sasfis.html Ruim 20 instellingen getroffen door virus Sasfis http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Troj%2FSasfis-O&showall=False&CBF=True&sortby=relevance&sortdir=desc&size=10&page=3 http://www.elsevier.nl/web/Nieuws/Internet-Gadgets/346282/Gevaarlijk-computervirus-verspreidt-zich-razendsnel.htm Citadel hangt al maanden rond en nu pas ontdekken organisaties dat ze besmet zijn https://www.security.nl/posting/366433/Laptop+met+gegevens+40_000+Ziggo-klanten+gestolen http://www.infoworld.com/d/data-center/murder-in-the-amazon-cloud-244705 (code spaces ) http://www.nu.nl/internet/2880357/dertien-universiteiten-getroffen-beveiligingslek.html http://www.ad.nl/ad/nl/5595/Digitaal/article/detail/3300018/2012/08/12/Bankgegevens-van-bijna-600-Nederlanders-gestolen.dhtml


Many documents about preventing data leaking can be found.

White papers content - subject
pcisecuritystandards The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
database 039434 (oracle) WHITE PAPER: Effective Data Leak Prevention Programs: Start by Protecting Data at the Source — Your Databases

govermental information
. Consumers support
http://info.profitinsight.com/blog/bid/213422/There-s-a-New-Sheriff-in-Town http://info.profitinsight.com/blog/bid/213057/Customer-Service-Strategies-for-the-Retail-Banking-Industry http://www.consumerfinance.gov/

Cybercrime scareware.
Payment Processor for Scareware Cybercrime Ring Sentenced to 48 Months in Prison

Privacy    IT tech    Hacked 4us    Outsourced    licensing     history famous       top  bottom


weakest link

Outage cloudproviders:

AWS (amazon)
With a big number of datacenters some will fail. Relocating (DR) is optional within SLA.
http://www.rackspace.com/cloud/ http://aws.amazon.com/ Yes there have been significant breaches My favorite breach so far was McAfee's hosted anti-malware service, SaaS for Total Protection http://www.techsecuritytoday.com/index.php/our-contributors/dan-neel/entry/mcafee-security-breech-sheds-light-on-cloud-security-dangers Let's not forget Nasdaq Directors Desk http://www.informationweek.com/news/security/attac ks/231901580 There was also Epsilon cloud based email http://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Highlights-Cloud-Computing-Security-Concerns-637161/ Of course Dropbox got pwnd http://www.forbes.com/sites/karstenstrauss/2012/07 /19/dropbox-security-breach-security-in-the-cloud/ Linkedin was breached http://www.eweek.com/c/a/Security/LinkedIn-Password-Theft-Underscores-Cloud-Security-Dangers-571992/ Cloudflare was interesting in the way it was done by exploiting google http://techcrunch.com/2012/06/04/cloudflare-security-breach-the-result-of-smart-social-engineering-flaw-in-googles-account-recovery-system/ SpringCM is a platform we use; here is their DR http://www.springcm.com/products/security/data-protection-and-disaster-recovery Here is eVaut's DR service http://www.evault.com/export/sites/www/assets/pdf/ spec-sheets/evault-remote- disaster-recovery-service_ss_en_w.pdf Here is Paul Kirvan's DR SLAs in a common agreement template http://searchdisasterrecovery.techtarget.com/Free-service-level-agreement-te mplate-for-disaster-recovery-programs " SpringCM looks like a real DR plan. Unfortunately I saw this 24/7/365 online data center redundancy currently in implementation stages " The eVault link is an advert for their DR service. It is not the cloud providers own DR plan " The SLA templates are interesting. So, what we have so far is a link to 1 could providers not yet implemented DR plan. Reply from DACREE on Aug 2 at 1:42 PM (william acree) The same role as on any network. Honestly, I don't understand these cloud questions lately. It's as if people seem to think that if you use the word 'cloud' then everything works differently. if you run a network and provide remote services such as email, hosting, application servers, etc then you are someones 'cloud'. It's just a marketing term - not a new technology. I suppose the best thing about the cloud is that it's now easier to explain to executives who lack tech savvy where your email server is located or who hosts your database. For example, Rackspace has been a hosting provider for years now. When marketing people started crowing about this wonderful new cloud thing, Rackspace responded by simply adding the word cloud to everything. No new services, no new features, they just a word. ---------------Original Message--------------- From: Katie Bapple Sent: Thursday, August 02, 2012 12:59 PM Subject: The Cloud and Perimeter Security? What is the role of perimeter security in the cloud? This question was asked by participants in the Cloud Computing 201 webcast, hosted on July 24 by Ben Kepes and Justin Pirie. Reply from mikewarren on Aug 2 at 12:32 PM The concept of sharing space on a public cloud to me is, in a word, bizarre. Why would you want to be somewhere that has the same problems as the place you were just before? The internet is a party line of over 2 billion people, if you move those people up into a public cloud the same problems we have now will exist, just with an added layer of protocols. At Jumpto we believe that a cloud is a private place of solitude where a user can be at peace and security. When a user creates a Jumpto account they are also creating their own private, secure and anonymous cloud. From this cloud they can peek back to the rest of the great unwashed or connect with other clouds to really break open the power of this new structure: control. Control over who you connect with and more importantly, who connects with you. To further explore,some light reading: - http://www.jumpto.com/Blog/General/Zen-and-the-Art-of-VCN - http://www.jumpto.com/Blog/General/Send-In-The-Clouds - http://www.jumpto.com/Blog/General/The-Need-for-Internet-Security-Here39s-Proof ---------------Original Message--------------- From: Katie Bapple Sent: Wednesday, August 01, 2012 8:04 PM Subject: Higher Risk When Sharing Cloud with High Profile Targets? If you are on the same cloud as a high profile government agency or private company, are you putting your data at risk since they are high profile targets? ** This question was asked by participants in the Cloud Computing 201 webcast, hosted on July 24 by Ben Kepes and Justin Pirie. Reply from DACREE on Jul 27 at 10:46 AM Many states require disclosure to be sure. Of course, there can't be any prosecution without prior disclosure. So, unless the state law has real teeth, it's probably just ignored. Imagine for a moment if the IBM cloud was breached. IBM could tell everyone and loose a ton of business, or they can fix the problem and keep it quiet. Even if the breach is later uncovered by an outside party, IBM would likely loose less money through fines than they would through lost business and trust by disclosing. Menwhile they could simply deny it ever happened. Furthermore, it would be up to the prosecutor to PROVE that a breach took place. IBM would shut up and clamp down. Proving it took place would be almost impossible. Yes this is an overblown unlikely scenario. Right? http://www.informationweek.com/news/security/attac ks/231900943 http://www.infosecurity-magazine.com/view/15091/statistics-canada-mum-on-data-breaches-involving-canadian-citizens/ http://www.reuters.com/article/2012/02/02/us-hacking-disclosures-idUSTRE8110YW20120202 http://www.pcworld.com/article/226478/sony_sued_over_psn_data_breach_failure_to_disclose.html http://www.haynesboone.com/es/newsroom/pubdetail.aspx?pub=3544 http://www.theregister.co.uk/2012/02/15/nortel_breach/ ---------------Original Message--------------- From: David Linthicum Sent: Wednesday, July 25, 2012 7:21 AM Subject: Any public cloud computing security breaches yet? Seems to me that everyone is waiting for the sky to fall around the use of cloud computing, specifically public clouds. However, with huge growth considering players such as AWS we've not yet seen a major security breach, such as compromised data, or the ability to create a cross-domain attack. Is cloud computing living up to security requirements? Or, are we just not hearing about these issues? Reply from Mzoorikh on Jul 27 at 10:30 AM Hi all, As we know, the main goal of CSB(Cloud Service Brokerage), which are third party companies is to convert the cloud service, to a service more specific for companies. In other words they want to add additional layer of value to the cloud services offered by cloud service providers. They are between cloud providers and cloud customers. Some companies want to consume several and variant cloud services offered by several and variant cloud providers. This means multiple contracts, and so multiple payments, and more other issues(e.g. multiple passwords, multiple data streams) is required. That is where the cloud service brokers comes into account. These companies has more experience to working with several cloud providers, and also has more experience across cloud service consumer scenario. Instead of spending some time and some money to address these problems internally(I mean in the cloud consumer company which needs to use cloud services), consumers can use services offered by cloud service brokers, and then, they can more focus on the other important business needs, instead of spending some times and cost to solve these problems. Example of other sensible service which provided by cloud service brokers is when some problem occured in your cloud service, but the cloud provider say that "The problem occured is somewhere other than with ours". But service brokers can solve the problem and can make the consumers free of these issues, and isolating the consumer company from these kind of problems. Thats the goal of cloud service brokers. ("Cloud service brokerage for dummies" is a good reference) Cloud service brokers can be internal(a department in the company) or can be externally(Other third party company). In the case of when its defined as external in your company, several important considerations can taken into account, to selecting the best CSB for your company which I address them in the following. Working with cloud service brokers is all about trust. Trust is an important element. The most important security questions must be answered first can be: " How will data be protected?: Policies are differ from companies to companies. Its essencial to knowing it before signing the agrement. " Is the SLA comprehensive?: Some service level aggrement between consumers and cloud providers don't really offered much of garanteed. Knowing about the bottom line for the cloud services broker you're considering. " How well does this broker really know you? The data protection requirements of each companies are much difference. So different approach must be used which need more familarity. " Where will your data be stored?: A very good service cloud providers, will be very clear about the physical location of your information. " How easy will it to be moved?: A data portability is very important. Your cloud broker should be prepared for migrations at any time. " etc... ---------------Original Message--------------- From: Bsophia Sent: Thursday, July 26, 2012 8:35 AM Subject: Choosing Cloud Service Broker What should be considered in identifying a Cloud Service Broker? Which are the main players? Reply to this email to post your response. __.____._ Manage Settings | Unsubscribe | Create FAQ | Send Feedback Copyright © 2012 Toolbox.com and message author. Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251 http://www.zdnet.com/salesforce-com-suffers-worldwide-disruption-after-power-outage-7000000581/ http://www.datacenterdynamics.com/focus/archive/2012/08/wikipedia-outage-caused-data-center-cable-cut ,,,,,,,,,,,,,,,, Reply from DACREE on Aug 13 at 10:06 AM I don't doubt that you may develop an excellent product. Just be aware of the odd nature of IT professionals. f we start seeing internal support requests for unapproved software generated by a product targeting the end user, that product usually gets a bad rep. When IT then later goes shopping for a provider, the services that are focused towards IT professionals and Enterprise business lines are going to be the ones in the running. The products IT has encountered as problem end user software are not even going to be considered. Bad karma certainly exists in the IT universe. ---------------Original Message--------------- From: David Linthicum Sent: Friday, August 10, 2012 9:06 AM Subject: Should 'shadow IT' be Allowed to Drive Enterprise Cloud? Should "shadow IT" be allowed to drive enterprise cloud? PricewaterhouseCoopers study finds as much as 30 percent of IT spending being done by business units outside official IT budget. In many respects, cloud computing is growing by selling those that are not in IT, or get approval from IT. Is this a good practice? Should this be allowed? Dave .......................... Reply from Jumpto on Aug 15 at 9:58 AM As I have said many times, public cloud, not a good idea. As for Optimization at Jumpto we care very much about the user experience with our software and that includes Optimization. We have metrics on the servers that will alert us when the amount of users is starting to compromise user performance and at that point we add another server to balance the load and restore performance. As we grow this position will be occupied by a dedicated senior member of the IT team. ---------------Original Message--------------- From: David Linthicum Sent: Wednesday, August 15, 2012 8:43 AM Subject: Do Cloud Providers Have a Conflict of Interest When It Comes to Optimization? So, say you're system is on a public cloud, and it's not optimized for that cloud. Thus, you get a larger bill and poor performance, and the cloud provider has no incentive to help you. Do cloud providers have a conflict of interest when it comes to optimization? http://allthingsd.com/20130222/physically-together-heres-the-internal-yahoo-no-work-from-home-memo-which-extends-beyond-remote-workers/ http://www.businessinsider.com/marissa-mayer-defends-her-work-from-home-ban-2013-4 http://venturebeat.com/2013/04/19/marissa-mayer-wfh/

IT tech    Hacked 4us    Outsourced    licensing     history famous       top  bottom

Licensing - copyright

Selling of free software, not allowed.
German jurisprudence:
openjur.de 432081 3342010 ( justiz.hamburg)
Sie haben Leistungen kostenpflichtig angeboten, die andernorts kostenfrei zu erhalten waren.

Own ways
German local state is bypassing country agreements:
NRW kauft trotz geplantem Abkommen Steuer-CD aus der Schweiz , Der Haftbefehl aus der Schweiz gegen drei deutsche Finanzbeamte sorgt in Deutschland für Empörung
Es gleicht einer Torpedierung des geplanten Steuerabkommens zwischen Deutschland und der Schweiz: Nordrhein-Westfalen hat erneut eine CD mit Daten von Steuersündern gekauft. Das Material aus der Schweiz sei erstklassig, heißt es in Behördenkreisen.

lagarde-list-of-swiss-bank-accounts-leaked-2012-10 Scans of the magazine pages on which the full list of names is published can be viewed at zougla.gr.
NRW kauft trotz geplantem Abkommen Steuer-CD aus der Schweiz (nu.nl) De zogeheten 'Lagarde-lijst' is een elektronisch bestand met de namen van zo'n 2000 Grieken met Zwitserse bankrekeningen. De lijst is in 2010 door de toenmalige Franse minister van Financiën Christine Lagarde aan Griekenland overhandigd.

Printers and others Infected

malware-260653 (networkworld)

Test or not

Top Five (Wrong) Reasons You Don't Have Testers3 (joel Spolsky)


license Contents

Mistakes or not foreseen consequences can have high impacts.
SAP Indirect access contract



Research to get risks clear
drone-hackedwith-1000-spoofer (nakedsecurity.sophos) Researchers at the University of Texas at Austin hacked and hijacked a drone in front of the dismayed Department of Homeland Security officials who had dared them $1,000 to do it.

Stuxnet flame
weakest link Stuxnet (wiki 2011) While it is not the first time that hackers have targeted industrial systems,[1] it is the first discovered malware that spies on and subverts industrial systems,[2] and the first to include a programmable logic controller (PLC) rootkit.
flame (the register, may 2012) A new super-cyberweapon targeting countries like Iran and Israel that has been knocking around in computers for two years has been discovered by researchers. flame related to stux (reuters)
chips-oy-spies (wired, june 2011) In 2010, the U.S. military had a problem. It had bought over 59,000 microchips destined for installation in everything from missile defense systems to gadgets that tell friend from foe. The chips turned out to be counterfeits from China, but it could have been even worse. (-)

Seizing out of cloud: servers /desktop

archive F.B.I. Seizes Web Servers, Knocking Sites Offline (bits nytimes, june 2011)
weakest link
weakest link
Cloud - patriot act

weakest link
bekendheid datalek
managersonline Eén op de vijf financiële instellingen ’weet niet’ of er datalekken zijn geweest
weakest link
hack op sites - klantgegevens
'wachtwoorden-van-philips-gestolen' (nu.nl etc 2- aug 2012)
'Mailgegevens KPN-klanten kwamen uit Baby Dump-database' (tweakers.net) 11 feb 2012 KPN heeft zaterdagavond de mailaccounts van klanten weer toegankelijk gemaakt. De inschakeling liet op zich wachten omdat de systemen nog niet stabiel genoeg waren om de verwachte toestroom van klanten aan te kunnen.

Website Frans Bauer open deur voor hackers (camilleri.nl) juli 2012. Door een fout in de website van Frans Bauer zijn gegevens van telecomprovider Simpel.nl gestolen. De fout maakte het mogelijk 158 databases in te zien op een server van ASpider.
Gegevens 800.000 Nederlanders gestolen door hacker (nu.nl) juli 2012.

weakest link
50 gemeentesites nauwelijks beveiligd (tweakers.net) oktober 2011 De Vereniging Nederlandse Gemeenten heeft naar aanleiding van het probleem besloten dat de getroffen sites direct offline moeten worden gehaald.
Overheid faalt met invoering webrichtlijnen bij gemeentesites (tweakers.net) juni 2011

Hacker hackt hacker
" target="_blank"> Hackertoolkit_hackt_black_hat_hackers (security.nl)

Patenttrol verslagen
Kaspersky_verslaat_patenttrol_voor_rechtbank (security.nl)

... poetst kritiek uit Wikipedia-lemma
--poetst-kritiek-uit-wikipedia-lemma (webwereld.nl)
contracten zeer eenzijdi, risico alleen bij afnemer
Nieuwe voorwaarden Nederland ICT 'zeer eenzijdig' (computerworld.nl)
... privacy inbreuk en openheida
Justitie weigert opnieuw om cijfers over politievorderingen bij sociale media te openbaren. (webwereld.nl)

Privacy    IT tech    Hacked 4us    Outsourced    licensing     history famous       top  bottom

IT disaster

disaster (it)

generic collections

weakest link Why Software Is Eating The World (online.wsj.com) 
weakest link

Unsecure certificates (SSL)

The SSL encryption is dependent off Certificate_Authority . When comprimised all SSL trafic is comprimised.

root kit

Sony scandal
copy_protection_rootkit_scandal (wiki) This software was automatically installed on Windows desktop computers when customers tried to play the CDs. The software interferes with the normal way in which the Microsoft Windows operating system plays CDs by installing a rootkit which creates vulnerabilities for other malware to exploit. This was discovered and publicly revealed by Mark Russinovich on the Sysinternals blog.

weakest link Forced to use passwords thinking it is secure. Many database are leaking. Cracking passwords evolving. Jhon runs with cuda (video gpu speed on)   openwall.com/john

Password and hijacked email dataset for you to test your data science skills (datasciencecentral.com)
Here's a http://datashaping.com/passwords.txt password data set (20 MB) with 2 million entries, from dazzlepond.com . I discovered this Malaysian website when investigating new subscriber email addresses on Analyticbridge (to decide whether they were associated with spam or other malicious activity). This Malaysian website also claims to have the full list of 450,000 Yahoo email accounts that were recently hijacked - you can indeed download all these email addresses from their website (and possibly check whether hijacked email addresses share patterns that make them vulnerable).

Anyway, the reason for sharing the password data set with you is for you to test your data science skills: try to answer the following questions:
1.What are the most common patterns found in passwords?
2.Based on these patterns, how to build robust yet easy-to-remember passwords?
3.Does this password data set look OK, or do you think it is somewhat inaccurate or not representative of the password universe? If not, can we still draw valid conclusions from this data set, and how?
Other data set of interest: Official salary of 30,000 University of Washington employees
http://money.cnn.com/2012/08/07/technology/mat-honan-hacked/index.htm http://www.nu.nl/internet/2887589/tienduizenden-modems-kpn-slecht-beveiligd-.html http://www.nu.nl/tech/3531942/ontwikkelaarssite-apple-gehackt.html http://allthingsd.com/20130726/after-hacking-attack-apples-dev-center-site-is-up-and-running-again/ http://www.automatiseringgids.nl/nieuws/2012/38/certified-secure-wint-prijs-pwn2own-met-hack-iphone-4s http://www.nu.nl/internet/3533136/zeer-grote-webhost-ovh-gehackt.html


Blackout cloud
Energy is strictly regulated. ferc
the-10-worst-cloud-outages (infoworld june 2011) AWS cloud service statement: Sending your IT business to the cloud comes with risk, as those affected by these 10 colossal cloud outages can attest. storageioblog 2012 july AWS cloud service statement: What I mean by that is that protecting data and access to it in cloud environments is a shared responsibility including discussing what went wrong, how to fix and prevent it, as well as communicating best practices. 2011/04/3

regulations    public data    data leak    IT disasters    Statistic abuse     working museum     history famous     links & blogs     top  bottom

Statistics Abuse

data fantays

IT tech    Hacked 4us    Outsourced    licensing     history famous       top  bottom

Working museum



dbase clipper dif

DBase (wiki)
db7_file_fmt (dbase)
Data_Interchange_Format (wiki)
Outdated dbf/dif by xml. It rises again as it is simplicity in exchanging data.

Privacy    IT tech    Hacked 4us    Outsourced    licensing     history famous       top  bottom

Links & blogs

link in air Many sites about security it etc exist.
Just a personal selection:

link It sites
wired magazine
computerweekly magazine
networkworld magazine
infoworld magazine
nakedsecurity (sophos research)
Computer Security News/Newsletters (sans)
Internet Storm Center (isc)
link related generic
google_bomb (wiki)
http://www.telegraaf.nl/digitaal/21481098/___Cyberaanvallen_op_banken_zijn_overmacht___.html http://www.nu.nl/tech/3475113/overheid-gaat-investeren-ddos-aanvallen-gaan.html http://www.delta.tudelft.nl/artikel/waar-blijft-de-internet-ingenieur/26680 (jaap van till 2013) http://www.telegraaf.nl/overgeld/consument/21573739/__ING_favoriet_bij_fraudeurs__.html 2013 http://tweakers.net/nieuws/73354/fraudeurs-omzeilen-beveiliging-ing-via-paypal.html 2011 http://www.telegraaf.nl/binnenland/21576641/__Banken_vormen_front__.html http://gcn.com/Articles/2013/04/29/12-steps-help-agencies-overcome-DDOS-attacks.aspx?Page=4 http://gcn.com/articles/2013/05/10/social-media-analysis-predictive-coding-enlisted-to-fight-fraud.aspx http://www.nu.nl/gadgets/2894668/ns-wijzigt-beleid-tik-vingers-cbp.html http://www.nu.nl/geldzaken/3544059/belastingdienst-informeert-verhuurders-vrije-sector.html http://www.telegraaf.nl/digitaal/13140020/__13.656_bedrijven_zo_te_hacken__.html http://www.telegraaf.nl/digitaal/21549331/__Gevaren_internet_ontkend__.html http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol http://www.standaard.be/cnt/dmf20130722_00666551 (hack telefoon via verborgen SMS) http://www.telegraaf.nl/digitaal/21752797/__Gegevens_Ubuntu-gebruikers_gestolen__.html http://www.telegraaf.nl/digitaal/21222970/__Verzekeraars_mogen_de__cloud__in__.html http://www.telegraaf.nl/digitaal/21752624/__Melden_ICT-lek_verplicht__.html
link Dutch security sites
beveiligingslek tags webwereld.nl
brenno de winter , bigwobber journalist
Bart Jacobs prof. Software Security and Correctness
radboud (knipselkrant - news)
C. (Chris) Verhoef prof.dr.
vua (knipselkrant - news)
http://www.nature.com/nature/journal/v467/n7317/pdf/467775a.pdf (data scientists no programmers) https://www.security.nl/artikel/46207/1/%27Geef_IT-bedrijven_geen_hackbevoegdheid%27.html http://www.telegraaf.nl/digitaal/21789910/__Hack_laat_sites_verwijzen_naar_malware__.html https://www.security.nl/posting/359506/NCSC%3A+duizenden+domeinen+dupe+DNS-kaping http://www.nu.nl/internet/3378521/rijk-wil-snijden-in-softwarekosten-oracle-sap-en-microsoft.html http://www.telegraaf.nl/overgeld/zorgverzekering/12717059/__Veel_tips_dure_medicijnen__.html http://www.artsennet.nl/Nieuws/Nieuws-uit-de-media/Artikel/118868/Stop-vergoeding-medicijn-schendt-mensenrechten.htm http://www.telegraaf.nl/overgeld/zorgverzekering/12431465/___Stop_vrije_tandartstarieven___.html http://www.telegraaf.nl/digitaal/21704815/__Telecombedrijven_de_fout_in_met_bewaren_data__.html http://www.consumentenbond.nl/campagnes/betaalbare-zorg/fraude-en-verspilling-inzorg/ http://www.nubijlage.nl/binnenland/2880023/11000-euro-zorg-en-pensioen.html http://mens-en-samenleving.infonu.nl/sociaal/64575-mantelzorg-hoe-houd-je-dat-vol.html http://www.zorgvisie.nl/Financien/11032/Duitse-ouderenzorg-is-goedkoper.htm http://www.telegraaf.nl/binnenland/13044498/__Gegevens_open_en_bloot__.html http://www.leefwijzer.nl/nieuws/read/12592/basisverzekering-5x-duurder-als-ziekenfonds/ http://www.nu.nl/economie/3369989/banken-doen-weinig-cybercrime.html http://www.telegraph.co.uk/health/healthnews/9852897/Mid-Staffs-NHS-trust-Why-is-nobody-being-punished-for-this-disaster.html http://www.nu.nl/binnenland/3480047/politieacademie-zit-met-falend-ict-project.html http://www.artsennet.nl/Nieuws/Nieuws-onderzoeken/Nieuwsartikel/119104/Klink-zorgverspilling-tegengaan-bespaart-8-miljard-euro.htm http://www.telegraaf.nl/overgeld/zorgverzekering/12726562/___Zorg_kan_miljarden_goedkoper___.html http://www.ad.nl/ad/nl/1012/Nederland/article/detail/3379775/2013/01/19/Geld-voor-ouderenzorg-gaat-naar-managers.dhtml http://www.cbs.nl/en-GB/menu/themas/macro-economie/publicaties/artikelen/archief/2010/2010-3175-wm.htm http://arsimaprojects.wordpress.com/2012/09/23/hello1984/?goback=%2Egde_4520336_member_172068753 http://www.linkedin.com/groups?viewMemberFeed=&gid=4520336&memberID=9523130 http://nl.wikipedia.org/wiki/Erik_Staal http://www.euclaim.nl/persberichten/123/euclaim-en-consumentenbond-publiceren-probleemvluchten http://www.nubijlage.nl/deloitteoverdata/2849342/slimme-analyses-financiele-criminaliteit.html http://www.nu.nl/economie/3077434/nederlandse-multinationals-stallen-vermogen-in-belgie.html http://www.telegraaf.nl/overgeld/hypotheken/21212437/__NMa_beboet_65_malafide_huizenhandelaren__.html http://panopticondefilm.nl/ http://www.nu.nl/wetenschap/3133902/grote-handtekening-kenmerk-van-narcist.html http://www.automatiseringgids.nl/nieuws/2013/21/equens-ziet-af-van-verkoop-pingegevens http://www.nu.nl/internet/3097396/beveiligingsexperts-eisen-cbp-onderzoek-gehackte-kliniek.html http://www.nu.nl/tech/3518712/computerchaos-bij-erasmus-medisch-centrum.html http://www.nu.nl/tech/3523407/websites-huisarts-en-apotheek-vaak-onveilig.html http://www.korton.nl/synergy/docs/index.asp?category=producten http://www.nu.nl/tech/3542872/deel-anoniem-tor-netwerk-offline-kinderporno-inval.html http://allestoringen.nl/ http://www.wired.com/wiredenterprise/2013/08/memsql-and-amazon/ Why Some Startups Say the Cloud Is a Waste of Money http://techcrunch.com/2013/10/29/hosting-service-mongohq-suffers-major-security-breach-that-explains-buffers-hack-over-the-weekend/ https://www.security.nl/posting/368601/SAP-applicaties+in+vizier+van+nieuwe+malware http://www.behindthefirewalls.com/2013/04/hacking-sap-remote-command-execution.html http://balakrushnagajula.blogspot.nl/2012/05/hacking-sap.html http://www.enterpriseappstoday.com/erp/sap-hacked-at-black-hat-again-security.html http://data-informed.com/eu-officials-privacy-law-will-force-business-embed-data-protection/

Privacy    IT tech    Hacked 4us    Outsourced    licensing     history famous       top  bottom

History famous

famous history


living community

White - Black background
blog White or back bacground (2013 perceptualedge )
Why light text on dark background is a bad idea (tatham.oddie 2008)

IT tech    Hacked 4us    Outsourced    licensing     history famous       top  bottom
home-DTAP    IAF    Mindset    Glossary    DTAP    Security    (Ir)responsible    Project

© 2012 J.A.Karman