security4all posted a comment about a potential disclosure of personal information when using Finjan. Thanks to him! Once installed the Finjan Firefox add-on does not require any registration nor authentication on the Finjan web site. The service is available “as is” and relies on the HTTP protocol. Here follow more
Category: People / Places
ISSA/OWASP Belgian Chapter Meeting
Back from Brussels, where I attended a ISSA/OWASP local chapter meeting tonight. As usual, it was very interesting! Thanks to the organizers! There was two presentations on the planning. Didier Stevens explained why PDF files became so risky today! He started with a brief introduction about the PDF file format
WEP – Less and Less Unsafe
Recently a buzz started on the Internet: WPA (Wi-Fi Protected Access“) was cracked! But a lot of companies still use WEP (“Wired Equivalent Privacy“) to protect their Wi-Fi networks. Unfortunately, WEP is still less secure now! According to a paper from Erik Tews and Martin Beck, only 24000 captured packets
The Story of a Hack – Part 2
In a recent post, I talked about SynJunkie who described a nice pentest scenario against a fictive company. The second part is now online! Read it here: http://synjunkie.blogspot.com/2008/11/story-of-hack-part-2-breaking-in.html.
The Story of a Hack
Here is an interesting series of posts from SynJunkie. He’ll show us how to conduct a pentest against a fictive company called “HackMe Ltd.“. “The goal of this series of posts is to demonstrate how simple it is to penetrate a network, steal some data, and then erase the evidence
Beginner’s guide to OpenID phishing
I already talked about OpenID (here or here). OpenID is a web based solution which provides single sign-on to other websites: once authenticated via a “provider“, you are able to use a lot of services (websites) via “consumers“. This system is very user-friendly but is also a good target for
When IT Disrupts Your Mind…
Today, I was busy to transfor money to a CBC bank account. The bank account number was 192-xxxxx (‘192’ prefix is officially assigned to CBC). Mechanically I typed 192-168… Help! 😉
“Fun At Work” Increases Costs and Reduce Security
No employee works at 100% of his full time! From time to time, we send a personal e-mail or surf the web to grab personal data. CNet News released an interesting article about the cost of “fun at work” for a company. Costs are not only due to employee no-rentability
hack.lu Part #10
Here we go! Last half-day which started with “Browser Rootkits” presented by Julien Lenoir and Christophe Devaux (both from Sogeti). As already said yesterday, browsers are now fully part of the users desktop and installed by default. They presented their rootkits developed for Internet Explorer and Firefox! First idea: “browser
hack.lu Part #9
Back from coffee break, let’s play with hardware now. Philippe Teuwen talked about smart cards and how they are protected. First attack is performed via the power line but recent smart cards are quite well protected. Flash attacks and electromagnetic attacks are other possibilities. Philippe’s slides were based on nice