- May 11, 2013
- 1,687
Hello Everyone, @Jack @BoraMurdar @Littlebits @exterminator20 @Malware1 @Umbra Polaris
First of all i am sorry to post this news in the news section as its not really global news.
Yet it is news that will affect many MT members and members from similar forums and communities.
Our policy of not holding visitor data on our website is going to change.
So please move it to any fitting section.
Currently our webpage does not storing details regarding your visits to our website other then basic statistic data and payment security data which is required by Dutch law.
However has been proven that there is a increasing amount of members who desperately want to see how our server and its data is configured.
I have 400 Megs worth of ip traffic logs directly linking members from MT, Wilders and some other sites that are directly identifiable based upon our security system and server side scripts.
Look i have never stored data from any member other then the usual basic data that i by law must collect (For example payment and visitor & security logs) However as of today ANY visitor will face the music as i am done with spending 4 hours a day just doing maintenance on my website and server just because some "visitors" would like to see which scripts i got running, how the webserver is configured, which security i have running, and more importantly if they can get access to credit card details and other vital data, not to mention the incredible amount of home made scripts, tools and bots that are being used to get to see the inside of our network.
(/rant on Lol you could apply for a job at our office then you can see the inside of the network every single day as much as you like and you can spend every single minute a day stopping people like you.
/rant off)
Little info:
Most admins, webmasters and server owners have been plagued by script kiddies, spambots, hackers,
Siterippers, Rogue search engines, Malicious proxies, Adware Proxies, Online Injectors and the so called remote security check websites that publish a report about how secure or insecure your website is.
Only to be followed up by a visitor trying his luck exploiting the reported errors.
This is clearly evident whenever you view your error logs and notice a really long list of errors pertaining to files or folders that do not reside on your web account. And it leaves you wondering, why are they trying to find that particular file or folder?
This form of site sniffing is due to someone or some program automatically running a script that looks for certain files or folders. What they are looking for are security holes in your web account for files that can be exploited. Although there is the ever present danger of exploits and the constant need for security; many of these exploits go unfixed or unnoticed until it is much too late for the account owner.
In some cases certain search engines and or robots will crawl your pages and more than often will not respect or obey the parameters set forth in the robots.txt file that you have created and or configured. Some of these spiders/bots will ignore the robots.txt and then traverse wherever they like about your web account folders. This in turn will list or collect everything in your web account regardless of what you have blocked or have not properly hidden.
And then i am not even talking about the youtube and google video posts i have found that people trying to copy our software into a version of their own. I am also not mentioning some community members who publicly showing how they hack into heuristic scanning abilities of other security programs listed here on MT. I am getting really annoyed by this, and my clients and bosses are also not amused.
Please do not ask me to show data as i will NOT unless @Jack asks me to as he is the only one that i would allow access to the logs. Yes for those who do not know, FMA Intel-Secure is working together (if there is a need for it) when it comes to combat rogue members and unwelcome people. And we are willing to work with other security "new" security brands here in this forum to make a fist against people who cannot appreciate hard work, innovative idea's and intellectual property rights.
I am sick of it, i really am.
Most people can only bitch about a brand and claim if this or that is not working, yet only a few understand the logistical and development issues a developer and researcher has.
Not everything is as easy as add a button call it click here to perform action A and be done with it.
Not everything is as logical as it supposed to be.
Not everything is being coded and worked on because you DEMAND it, but just because there is not other way.
The same goes for websites, networks and computers.
You can like my site or not, you love or hate my product, you can visit or ignore my website and you can support or rebel my software. You are 200% free to do so as thats your right.
There are always people that are PRO or against.
I am totally fine with your rights if you are also fine with the laws you must abide by.
Yes it goes hand in hand.
But since everyone seems to have a general kiss my ( )*( ) idea when it comes to local law and someones property i am going to be very less tolerant with people playing games on our networks and software.
We started talking with various governmental organisations (Police, Intelligence, Cyber security and major ISP bodies) that will help us any many other clients and companies to effective combat and log attacks and to log a document unruly visitors and other crime related internet requests.
Which means that if you choose or Websites, Networks, Servers, Computers, online services and software as your target then we will collect all the possible data about you and transmit that in real time to EU law officials and partners. And with the new internet laws started 2015 you will be brought to court. According to new laws: artikel 138ab, artikel 125i and the new Terughack wet (Backhack law)
While the last law has not yet been approved as a general law the concept has already been accepted by law enforcement and companies that signed a share info and data agreement.
Which means that depending case by case a partner company (Like ours) can ask official governmental organisations to obtain legal info regarding a person that attacked any of the mentioned data carriers and programs. And no a proxy is not going to help you anymore, while some proxies claim 100% anonymity and some search engines like duck duck and go claim that they keep no record which is 100% true they fail to mention that by law a third party is collecting the data in their name.
And this data can be accessed by anyone with a court order or charged with a investigation that requires that data. Ohh btw did you know that this investigation is being done and you are the one going to pay for it? It does not cost FMA Intel-Secure ANY money other then the effort to transmit the logs to the authorities.
And sure there are those who say: Sure the police could not catch a cyber criminal even if they are tripping over it..
Yes thats true specially in the US and EU there have been issues where proven criminals could not be arrested due to inconclusive evidence and unlawful obtained data.
Here in the EU and specially the Netherlands we changed that around, the moment your ip (Amongst other concrete data) is being linked to a malicious action against one of the partner systems that signed the cooperation and security agreement you automatically have given FULL approval to any action that might be required to obtain evidence. And if its being proven that your IP has done nothing wrong your IP and all connected data will be destroyed within 3 months and cannot be used anymore in future investigations.
While this is a monumental task for any law enforcement agencies to execute correctly most of the work is being done by automated programs and contracted security companies that do have the resources to check thousands of requests and crime events.
That being said our network and all other services will be directly linked to the EU network and database to facilitate the operations needed to detect, trace and prosecute malicious visitors and other crime related actions towards our: Websites, Services, Networks, Computers, Servers, Software, Scripts.
We will run various security scripts and automated tools to secure our online services and we will enhance software security with detection methods to counter people that like to steal, hack, break and snoop around.
These are drastic steps but i will let you in on a secret here, did you know that i did spend 4 days a week pure and alone in stopping cyber crime on our networks and that of our clients?
Did you know that for example: If a company has 10000 dollar ICT budget that something like 65% up to 75% is being used to stop criminals? You can imagine that my own company did spend a pretty penny in security yet this is only a fraction of what some of our partners spend.
In short someone is going to pay for that which means if you get caught and in most cases you will that you are going to be a public example?
Just saying things have changed and changed ALOT. Obviously i am just a small fish owning a modest starting company yet that does not mean i should sit back and just let it happen.
And thanks to our successful talks with various policy makers regarding this partner agreement i am feeling sorry in advance for that one person that is going to be stupid enough to try the system.
To give you a tiny comparison here, in 2014 a total of 3000 internet crime cases have been handled and at least 80% of them have been sentenced according to local law.
Since 01-01-2015 alone there have been around 1900 cases and 95% already has been sentenced by local law or in their own country. That only shows how effective big data can be if used properly.
Obviously we are not having a prism system or anything like that, so please do me a favor and do not bring up human rights and privacy laws as they are not being changed in anyway shape or form.
For you as harmless visitor nothing changes, and you will not notice or find any problems regarding the system.
However for you as hacker.... Sorry privacy and human rights go hand in hand with the law.
Which means that you just did accept the fact that you will lose that privacy, because anyone needed to get you into court will see your data and your data will be kept in storage for at least 10 years, next to the fact that you will be banned from ALL networks that are part of this partnership.
That does include your local webshop website if they are a partner, or your local bank which means no more internet banking for you. It also means that if found guilty that your ISP and all other ISP's are going to deny your request for a new internet connection, VOIP, Some television services and most online payment systems like paypal, moneybookers or ideal.
Obviously right now we have a huge number of companies (Most EU based) that did sign up and this number goes up by the day as more and more companies around the world are becoming a partner.
And for those, thinking sure i am going to be listed as internet criminal in the Netherlands, BIG deal who cares? Well you will care about it, as this is not a Dutch thingy.
This project started in 2000 and got into motion in 2013 and now in 2015 it has been finalized.
Which means that it does not matter if you are EU based, US based or even Asian based you will be listed as internet criminal in your own country next to all nations participating in this law.
And while you might enjoy the freedom of your own nation as there always will be nations with less solid laws and law making policies it will mean that across the net you will get into trouble.
Very long story short what is this going to change at our FMA network?
Well lots of things.
1: We will block and deny proxies that are listed as malicious or harmful.
2: Bad referrals will be blocked and denied.
3: Unwelcome requests are being denied.
4: Automated scripts, rippers and other third party tools that could be used to gather info will be blocked and the involving IP's are being blacklisted.
5: Individual requests that are listed as malicious or being flagged as such will in realtime be flagged and per case a security expert will review the data and if possible make a case.
6: Fraud and other internet crime against our networks will be investigated and if possible the law will have its run.
These are just 6 general points that i list here without to much detail, but rest assured those within the law will not be hindered in anyway. Those outside the law and those who think that their nigerian law or wukka dudda law in their host nation is going to protect them...i got to say one thing: Welcome in the real world.
Some of you might think hey Nico this is over the top and almost impossible.
Maybe, maybe not as statistics and almost 10 years of research and partnership negotiations proof otherwise.
I personally would be the first to combat illegal privacy gathering and such and my privacy statement is a testimonial to that yet i have ZERO tolerance for those who break the law.
And i offer any new company a option to be part of our own collective security database.
Because yes i personally will run a database of my own which will contain all the data about our malicious visitors. And we will share this info with our partners and take appropriate actions individual cases within our own reach.
And if our reach is found short then the partner network itself will pick up where we left off. No more f*cking around.
I am seriously done with people trying to play big well connected friend on a community like this.
I am done with people trying to hitch a ride on someone else his/her credit and hard work.
One of the biggest reasons my own software has not been delivered on time yet is because of all this crap.
It did cost me personally thousands of euro's last year and many many sleepless nights and its going to stop.
In the next few days CBAD will be online, a update PR-Guard will be released and a totally new overhauled webpage will be online. And i rather spend my time and resources on that then fighting little internet morons. And as such we will have very nifty little programs checking for malicious activity.
Thats all for now.
Please tell me honestly what you think about all this (Please no BS comments)
First of all i am sorry to post this news in the news section as its not really global news.
Yet it is news that will affect many MT members and members from similar forums and communities.
Our policy of not holding visitor data on our website is going to change.
So please move it to any fitting section.
Currently our webpage does not storing details regarding your visits to our website other then basic statistic data and payment security data which is required by Dutch law.
However has been proven that there is a increasing amount of members who desperately want to see how our server and its data is configured.
I have 400 Megs worth of ip traffic logs directly linking members from MT, Wilders and some other sites that are directly identifiable based upon our security system and server side scripts.
Look i have never stored data from any member other then the usual basic data that i by law must collect (For example payment and visitor & security logs) However as of today ANY visitor will face the music as i am done with spending 4 hours a day just doing maintenance on my website and server just because some "visitors" would like to see which scripts i got running, how the webserver is configured, which security i have running, and more importantly if they can get access to credit card details and other vital data, not to mention the incredible amount of home made scripts, tools and bots that are being used to get to see the inside of our network.
(/rant on Lol you could apply for a job at our office then you can see the inside of the network every single day as much as you like and you can spend every single minute a day stopping people like you.
/rant off)
Little info:
Most admins, webmasters and server owners have been plagued by script kiddies, spambots, hackers,
Siterippers, Rogue search engines, Malicious proxies, Adware Proxies, Online Injectors and the so called remote security check websites that publish a report about how secure or insecure your website is.
Only to be followed up by a visitor trying his luck exploiting the reported errors.
This is clearly evident whenever you view your error logs and notice a really long list of errors pertaining to files or folders that do not reside on your web account. And it leaves you wondering, why are they trying to find that particular file or folder?
This form of site sniffing is due to someone or some program automatically running a script that looks for certain files or folders. What they are looking for are security holes in your web account for files that can be exploited. Although there is the ever present danger of exploits and the constant need for security; many of these exploits go unfixed or unnoticed until it is much too late for the account owner.
In some cases certain search engines and or robots will crawl your pages and more than often will not respect or obey the parameters set forth in the robots.txt file that you have created and or configured. Some of these spiders/bots will ignore the robots.txt and then traverse wherever they like about your web account folders. This in turn will list or collect everything in your web account regardless of what you have blocked or have not properly hidden.
And then i am not even talking about the youtube and google video posts i have found that people trying to copy our software into a version of their own. I am also not mentioning some community members who publicly showing how they hack into heuristic scanning abilities of other security programs listed here on MT. I am getting really annoyed by this, and my clients and bosses are also not amused.
Please do not ask me to show data as i will NOT unless @Jack asks me to as he is the only one that i would allow access to the logs. Yes for those who do not know, FMA Intel-Secure is working together (if there is a need for it) when it comes to combat rogue members and unwelcome people. And we are willing to work with other security "new" security brands here in this forum to make a fist against people who cannot appreciate hard work, innovative idea's and intellectual property rights.
I am sick of it, i really am.
Most people can only bitch about a brand and claim if this or that is not working, yet only a few understand the logistical and development issues a developer and researcher has.
Not everything is as easy as add a button call it click here to perform action A and be done with it.
Not everything is as logical as it supposed to be.
Not everything is being coded and worked on because you DEMAND it, but just because there is not other way.
The same goes for websites, networks and computers.
You can like my site or not, you love or hate my product, you can visit or ignore my website and you can support or rebel my software. You are 200% free to do so as thats your right.
There are always people that are PRO or against.
I am totally fine with your rights if you are also fine with the laws you must abide by.
Yes it goes hand in hand.
But since everyone seems to have a general kiss my ( )*( ) idea when it comes to local law and someones property i am going to be very less tolerant with people playing games on our networks and software.
We started talking with various governmental organisations (Police, Intelligence, Cyber security and major ISP bodies) that will help us any many other clients and companies to effective combat and log attacks and to log a document unruly visitors and other crime related internet requests.
Which means that if you choose or Websites, Networks, Servers, Computers, online services and software as your target then we will collect all the possible data about you and transmit that in real time to EU law officials and partners. And with the new internet laws started 2015 you will be brought to court. According to new laws: artikel 138ab, artikel 125i and the new Terughack wet (Backhack law)
While the last law has not yet been approved as a general law the concept has already been accepted by law enforcement and companies that signed a share info and data agreement.
Which means that depending case by case a partner company (Like ours) can ask official governmental organisations to obtain legal info regarding a person that attacked any of the mentioned data carriers and programs. And no a proxy is not going to help you anymore, while some proxies claim 100% anonymity and some search engines like duck duck and go claim that they keep no record which is 100% true they fail to mention that by law a third party is collecting the data in their name.
And this data can be accessed by anyone with a court order or charged with a investigation that requires that data. Ohh btw did you know that this investigation is being done and you are the one going to pay for it? It does not cost FMA Intel-Secure ANY money other then the effort to transmit the logs to the authorities.
And sure there are those who say: Sure the police could not catch a cyber criminal even if they are tripping over it..
Yes thats true specially in the US and EU there have been issues where proven criminals could not be arrested due to inconclusive evidence and unlawful obtained data.
Here in the EU and specially the Netherlands we changed that around, the moment your ip (Amongst other concrete data) is being linked to a malicious action against one of the partner systems that signed the cooperation and security agreement you automatically have given FULL approval to any action that might be required to obtain evidence. And if its being proven that your IP has done nothing wrong your IP and all connected data will be destroyed within 3 months and cannot be used anymore in future investigations.
While this is a monumental task for any law enforcement agencies to execute correctly most of the work is being done by automated programs and contracted security companies that do have the resources to check thousands of requests and crime events.
That being said our network and all other services will be directly linked to the EU network and database to facilitate the operations needed to detect, trace and prosecute malicious visitors and other crime related actions towards our: Websites, Services, Networks, Computers, Servers, Software, Scripts.
We will run various security scripts and automated tools to secure our online services and we will enhance software security with detection methods to counter people that like to steal, hack, break and snoop around.
These are drastic steps but i will let you in on a secret here, did you know that i did spend 4 days a week pure and alone in stopping cyber crime on our networks and that of our clients?
Did you know that for example: If a company has 10000 dollar ICT budget that something like 65% up to 75% is being used to stop criminals? You can imagine that my own company did spend a pretty penny in security yet this is only a fraction of what some of our partners spend.
In short someone is going to pay for that which means if you get caught and in most cases you will that you are going to be a public example?
Just saying things have changed and changed ALOT. Obviously i am just a small fish owning a modest starting company yet that does not mean i should sit back and just let it happen.
And thanks to our successful talks with various policy makers regarding this partner agreement i am feeling sorry in advance for that one person that is going to be stupid enough to try the system.
To give you a tiny comparison here, in 2014 a total of 3000 internet crime cases have been handled and at least 80% of them have been sentenced according to local law.
Since 01-01-2015 alone there have been around 1900 cases and 95% already has been sentenced by local law or in their own country. That only shows how effective big data can be if used properly.
Obviously we are not having a prism system or anything like that, so please do me a favor and do not bring up human rights and privacy laws as they are not being changed in anyway shape or form.
For you as harmless visitor nothing changes, and you will not notice or find any problems regarding the system.
However for you as hacker.... Sorry privacy and human rights go hand in hand with the law.
Which means that you just did accept the fact that you will lose that privacy, because anyone needed to get you into court will see your data and your data will be kept in storage for at least 10 years, next to the fact that you will be banned from ALL networks that are part of this partnership.
That does include your local webshop website if they are a partner, or your local bank which means no more internet banking for you. It also means that if found guilty that your ISP and all other ISP's are going to deny your request for a new internet connection, VOIP, Some television services and most online payment systems like paypal, moneybookers or ideal.
Obviously right now we have a huge number of companies (Most EU based) that did sign up and this number goes up by the day as more and more companies around the world are becoming a partner.
And for those, thinking sure i am going to be listed as internet criminal in the Netherlands, BIG deal who cares? Well you will care about it, as this is not a Dutch thingy.
This project started in 2000 and got into motion in 2013 and now in 2015 it has been finalized.
Which means that it does not matter if you are EU based, US based or even Asian based you will be listed as internet criminal in your own country next to all nations participating in this law.
And while you might enjoy the freedom of your own nation as there always will be nations with less solid laws and law making policies it will mean that across the net you will get into trouble.
Very long story short what is this going to change at our FMA network?
Well lots of things.
1: We will block and deny proxies that are listed as malicious or harmful.
2: Bad referrals will be blocked and denied.
3: Unwelcome requests are being denied.
4: Automated scripts, rippers and other third party tools that could be used to gather info will be blocked and the involving IP's are being blacklisted.
5: Individual requests that are listed as malicious or being flagged as such will in realtime be flagged and per case a security expert will review the data and if possible make a case.
6: Fraud and other internet crime against our networks will be investigated and if possible the law will have its run.
These are just 6 general points that i list here without to much detail, but rest assured those within the law will not be hindered in anyway. Those outside the law and those who think that their nigerian law or wukka dudda law in their host nation is going to protect them...i got to say one thing: Welcome in the real world.
Some of you might think hey Nico this is over the top and almost impossible.
Maybe, maybe not as statistics and almost 10 years of research and partnership negotiations proof otherwise.
I personally would be the first to combat illegal privacy gathering and such and my privacy statement is a testimonial to that yet i have ZERO tolerance for those who break the law.
And i offer any new company a option to be part of our own collective security database.
Because yes i personally will run a database of my own which will contain all the data about our malicious visitors. And we will share this info with our partners and take appropriate actions individual cases within our own reach.
And if our reach is found short then the partner network itself will pick up where we left off. No more f*cking around.
I am seriously done with people trying to play big well connected friend on a community like this.
I am done with people trying to hitch a ride on someone else his/her credit and hard work.
One of the biggest reasons my own software has not been delivered on time yet is because of all this crap.
It did cost me personally thousands of euro's last year and many many sleepless nights and its going to stop.
In the next few days CBAD will be online, a update PR-Guard will be released and a totally new overhauled webpage will be online. And i rather spend my time and resources on that then fighting little internet morons. And as such we will have very nifty little programs checking for malicious activity.
Thats all for now.
Please tell me honestly what you think about all this (Please no BS comments)
Last edited:
