Secunia announced in its blog a new service: “One Stop Exploit Shop” To resume, they will propose exploits and security breaches PoC to security professional trough their website against some $$$. As stated in the announce, after approval by Secunia (at least!), vendors and companies will have access to the
Category: Security
iPod Auto-Erase Feature
The new firmware 2.1 is available for the iPod and introduced a new feature: You can configure your device to automatically erase all its data after ten unsuccessful password attempts! No idea if the same feature will be present in the iPhone version (which should be available today). Nice feature
Google Chrome Flagged As Dangerous in Germany
So much has already been written over the new Google browser (Chrome) that I did not write anything about it on this blog until now. The “BSI” (Federal Office for Information Security in Germany) warned users about the new Google toy. They recommend to not use the browser in professional
Global Security Week… Go go go!!
The Global Security Week announced by L-SEC starts today! Check out the press release for more details (fr or nl). It’s a good opportunity for all of us to promote security in our environments and ‘stick the knife in deeper’ with key facts: Use a strong password management (strong passwords,
Hacking Laptop Passwords
Interesting paper found via USB Hacks: Hacking Password Protected Laptops. That’s right: It’s easy to protect your laptop with a password (at BIOS or OS level). But if your laptop is stolen, your data are unsafe! It’s very easy to bypass or recover your passwords and access your data as
Tiny Password Generator
Found on Korben’s Blog, a nice way to generate a random password on UNIX: # < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c8 tOULPeOk Just create an alias for a more convenient day-to-day use: # alias gen_pw='< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c8' # gen_pw wbk0ewpn Note: this works
Promiscuous Colocation?
This blog moved to a new server located in France a few weeks ago but I’m still running the old server located in a data center in Zaventem(BE). For debugging purpose, I started a tcpdump on the box and was surprised to see a *lot* of traffic not mine! WTF!?
iPhone + Keepass = iKeepass
Happy owner of an iPhone and eavy user of Keepass, I was looking for some application which performs the same job: keep an encrypted container of passwords. If you check on iTunes App Store, there are several applications “keepass-alike” but it’s not convenient to maintain two databases (duplicate information). But…
OpenVAS… a fork of Nessus
OpenVAS (Open Vulnerability Assessment System) is a free alternative to the well-known Nessus vulnerability scanner. With the latest Nessus version, the licensing model changed and the latest plugins are only available to paying customers. Based on Nessus 2.2, OpenVAS is deployed in the same way: a server is installed to
Defcon 16 Archive
A copy of all the Defcon 16 material is available on a CDROM. Download the ISO file here.