Ever heard of Loggly? This is a new cloud service which presents itself as “Logs Made Easy“. I’ll not come back on the definition of cloud computing, its benefits and issues. If you are looking for interesting information about this topic, I suggest you to visit Craig Balding’s blog cloudsecurity.org.
Month: November 2010
Address the Security Threats at Source
Information security is a recurrent process. New threats arise and must be properly handled. In Augustus 2009, I already reported a story and came to the following conclusion: The principle of “action – reaction” as described by Newton is not applicable in information security! Here is another good example with
Easy Decryption of Facebook Passwords
All good pentesters have their own “survival kit” with a lot of tools and scripts grabbed here and there. Here is a new one released a few days ago: FacebookPasswordDecryptor. “FacebookPasswordDecryptor – small, simple, free, and yet truly reliable application that helps you recover stored Facebook account passwords, quickly and
Be the Conductor of Your Security!
I’m visiting organizations and companies for miscellaneous projects and I’m often scared by the lack of “visibility” they have on their infrastructure. For years now, new components have been deployed by pure requirements or (honestly) by the business “pressure”: Firewalls, IDS/IPS, (reverse)proxies, WiFi, SSL VPNs, etc. All those solutions, hardware
My Invitation to PaulDotCom Security Weekly
What a good surprise! I’ve been invited to participate to the episode #221 “Special Thanksgiving” of PaulDotCom Security Weekly podcast next Tuesday between 20:00 – 22:00 (CET). If you are available, feel free to join us live on pauldotcom.com/live/! This will be my second participation to a podcast (the first
Is BGP the Next Threat on Internet?
When Internet ARPAnet was invented in the seventies, its goal was to interconnect military resources using packets based networks and to be strong enough to resist to “attacks”. Loosing some devices in the network could not affect the communications. Later, the same technology was re-used to build the public network
Back(Up) to the Future
Ah, backups… What a nice boring topic! Everyone agrees on the fact that a strong backup procedure is mandatory for any computer (server, workstation, PDA or anything else which carry data). But lot of us also agree to say that backup are so boring to perform and, even more, maintain!
facebook.com Emails are Coming…
It has been announced by Facebook! E-mail addresses “@facebook.com” are coming! Scoop, I got some information leaked from a Facebook server: $ cd Ëœfacebookuser $ cat .procmailrc # All your emails are belong to us # — Mark Z. :0 * ^From.* { :0c ⎢/usr/local/bin/index.pl :0c ⎢/usr/local/bin/send_ads.pl :0c ^X-Privacy: yes
Searching for Sensitive Data Using URL Shorteners
URL Shorteners are online services which reduce the length of URL’s. Web applications are more and more complex and their URL’s can have multiple parameters like pages, sessionsID’s and much more. At the same time, we use services which limit the messages size (like Twitter) or devices (like SmartPhones) which
Bruteforcing SSH Known_Hosts Files
OpenSSH is a common tool for most of network and system administrators. It is used daily to open remote sessions on hosts to perform administrative tasks. But, it is also used to automate tasks between trusted hosts. Based on public/private key pairs, hosts can exchange data or execute commands via