The popular web conference platform Zoom has been in the storm for a few weeks. With the COVID19 pandemic, more and more people are working from home and the demand for web conference tools has been growing. Vulnerabilities have been discovered in the Zoom client and, based on the fact
Don’t (always) blame the user!
Often, as securityÂ professionals, we tend to blame our users. Not all people are security aware and take the rightÂ decision when facing a potential security issue. Yes, we know: they click, they open, they answer questions, they trust, …
Repression VS. Prevention
This morning, I retweeted a link to an articleÂ (in Dutch) published by a Belgian newspaper. It looks that Belgian municipalitiesÂ (small as well as largest) which do not properly secure their data could be fined in a near future! Public services Â manage a huge amount of private data about us. They
Why the Belgian Cyber Security Guide Must Be Extended? Example with MySQL!
A few days ago, I attended an event organized by theÂ Chamber of Commerce in Belgium (ICC Belgium) and the Federation of Enterprises (FEB) to announce with great ceremony the release of the first Belgian Cyber Security Guide. Honestly, this is a great initiative!Â In the audience, many many infosec professionals were
Do Organizations Take Care of Their Online Presence?
For a few months now, my toy leakedin.com is back online. When I brought the website up again, a question immediately popped up in my mind: “How to protect myself against angry users or organizations not happy to see potentially sensitive data disclosed?“. The website compiles interesting data like credit
Everything Can Be Outsourced But Not Your Responsibility!
Today almost all organizations outsource some of their IT projects to third party partners. Due to the ever changing landscape in information technology, it is virtually impossible for an organization to have internal knowledge in all domains of technology. The web presence is maybe one of the most domain where
Are You “NG” Ready?
“Next Generation” or “NG“… Two magic letters used by more and more vâ‚¬ndor$ to promote new versions of their products… Next Generation firewalls, Next Generation SIEM, Next Generation IDS. They are many examples. Google reports 34M of hits while searching for “next generation security“! In my humble opinion, “next generation”
The coming days will bring a special atmosphere. Christmas and the New Year days are a good occasion to relax and… to take good resolutions! For people involved in information security, a good one could be to adopt the “zen attitude” and try to establish more diplomatic relations with the
Address the Security Threats at Source
Information securityÂ is a recurrent process. New threats arise and must be properly handled. In Augustus 2009, I already reported a story and came to the following conclusion: The principle of “action – reaction” as described by Newton is not applicable in information security! Here is another good example with
Be the Conductor of Your Security!
I’m visiting organizations and companies for miscellaneous projects and I’m often scared by the lack of “visibility” they have on their infrastructure. For years now, new components have been deployed by pure requirements or (honestly) by the business “pressure”: Firewalls, IDS/IPS, (reverse)proxies, WiFi, SSL VPNs, etc. All those solutions, hardware