URL shortener on-line services are very helpful. You probably already use them every day. With mobile Internet and micro-blogging services like Twitter , it’s much more convenient to use short URLs. But the downside is, once again, the bad guys who quickly understood the opportunity of new type of attacks.
Month: July 2010
SCADA or Medical Devices, Insecure by Default?
SCADA systems are in front of the security scene for a few days since the disclosure of the Siemens default password story. SCADA stands for “Supervisory Control And Data Acquisition“. It’s a set of tools and protocols used in industrial environments. I wrote an article about security & SCADA a
Packet Inspection Using Divert Sockets
For a long time ago, I did not write about OpenBSD which remains one of my favorite operating system. The last version (4.7) was released in May and introduced, as usual, a lot of interesting changes. OpenBSD comes of course with it’s own firewall called pf (“packet filter“). Plenty of
SOURCE Barcelona – A Great Cocktail!
The next SOURCE Conference will be held in Barcelona in September (21 & 22). If you plan to travel across Europe in September, have a look at the current schedule and stop in Spain. Immediately you will notice that talks are split in two categories: “Security & Technology” and “Security
Attacking by Obscurity
Everybody agrees to consider “security by obscurity” a false sense of security. By using this principle, the security of an information system in (falsely) increased by hiding sensitive details. Such information can be removed like: by altering the application welcome banner (in Apache, sendmail, etc), by changing the default port
How to Prevent the Windows Screensaver Autolock Feature?
A quick and dirty tip if you need to keep a Windows workstation or server console unlocked. This can be required for several purposes, good or bad. In my case, I’m working on a workstation to access network resources. I don’t have a login and cannot know the local password.
InfoSec Professionals: Come Down Off Your Pedestal!
I faced a strange feeling a few days ago… I received a notification from a colleague about a scheduled upgrade of the SSL VPN solution deployed by my company. As I’m a mobile user, I use this SSL VPN daily (and often more than 8 hours a day!). The upgrade
Censorship Does Not Increase Security!
ENISA published in September 2009 a press release about the huge increase in ATM fraud. The title spoke by itself: “Annual cash machine looses in Europe approach EUR 500 million: ENISA provides advice for consumers.“ The last talk scheduled during HiTB Amsterdam last week was canceled and replaced in last
Hack in the Box Day #2 Wrap Up
Second day is over! And with the same fun as yesterday. After a (too short) night, some coffee was welcome just before the keynote presented by Mark Curphey from Microsoft. Mark revealed 10 crazy ideas that might change the information security industry with a little cost in money but a
Hack in the Box Day #1 Wrap Up
The first day of the HiTB security conference is already over! HiTB (“Hack in the Box“) organizes conferences for a while in Dubaï and Kuala Lumpur but this is the first time that an event is held in Europe and not too far from Belgium. I left home very early