/dev/random

The new version (5.4) of OpenSSH has been released early this morning. OpenSSH is THE free implementation of the SSH protocol available on common devices and operating systems.
The primary goal of OpenSSH is to allow remote access to hosts for management purpose. But many other features make OpenSSH a real Swiss-army knife for all network [...]

Recently, I read a RFP issued by a customer. The main topic focused on a perimeter security but a paragraph mentioned the protection of SCADA environments. I’ve no practical experience with SCADA and I tried to find relevant information about the deployment of security solutions in such environments. Here follows a compilation of information about [...]

In security, when you have to restrict access to “resources” (websites, files, IP addresses, ports, etc), you can deploy while or black lists. The term “white list” refers to a list of resources which are allowed or granted. At the opposite, a black list refers to resources which are denied or unrecognized.
Both methods have [...]

After a great first edition in 2009, BruCON will be back in 2010! Two days of trainings and two days of talks.
The Call for Papers (CFP) has been announced and will remain open until 30th of April 2010. Submit directly your propositions via the dedicated tool, here.

Secunia is a security company which, amongst other activities, maintains a huge database of vulnerabilities. On their website, they describes their business like this:
“Secunia collects, evaluates, verifies, and analyses security information. This security information is available through our databases and is distributed to our customers, segmented according to their specific business needs.“.
Their vulnerability database is [...]

To surf the web, you need a specific application: a browser. Today, this peace of software is delivered by default with all operating systems and becomes more and more used, even for non-related Internet stuff (Lot of applications or devices are manageable using a web interface). For some companies, the browser will even replace the [...]

I’m back from the last OWASP (organized together with ISSA) Belgium Chapter meeting. As usual, good times with friends from the Belgium Security landscape . Two topics were covered today. First GreenSQL, a database firewall, then an overview of the mobile malwares by Mikko Hypponen.
Almost one year to the day, I wrote a blog [...]

The 2010 edition of the Data Privacy Day will be held on the January, 28th. This initiative has a dedicated website: dataprivacyday2010.org. The goal is to create more awareness about your online privacy:
“Data Privacy Day is an international celebration of the dignity of the individual expressed through personal information. In this networked world, in [...]

Back from the first ISSA Belgium Chapter Meeting of 2010. Today’s topic was “Introduction to OSSEC : Log Analysis and Host Intrusion Detection“. A very interesting topic for me. First because I’m involved in lot of SIEM projects. But especially because Wim Remes, the speaker, is a friend of mine.
Wim is a fan of OSSEC. [...]

There was an interesting post on the diary page of isc.sans.org yesterday: Some readers asked why ISC did not switch the InfoCon status to yellow due to the recent IE 0-day exploit. The on-duty ISC handler explained the situation and why they decided to stay “Green”. The following question popped up out of my mind: [...]