Security policies are mandatory in all organizations. Your users must known what they can or can’t do, when and how. They must describe how security incidents are handled. Security policies can also be used in case of litigation and must avoid all ambiguity! I found a nice white-paper about this
Category: Security
Total USB Security
Regarding my previous post about USB security, here is the best solution for system administrators to solve this problem: Seen on www.usbglue.com 😉
Take care of untrusted USB keys!
In terms of security, companies accomplished a lot of work to protect them against external attacks. Good! Now, it’s time to have a look at the internal security. Do you have a strong security policy regarding mobile devices? Do you allow external hardware to be used? A good example is
Massive stolen eBay accounts?
Last Thursday, I created an eBay auction to sell my old PDA. Friday, the object was sold! Yepppie! But the buyer had an evaluation level of -1! It was also specified in the auction details that the delivery was only for Europe. The buyer was in the United States?!? I
WIC = grsecurity made in Vista?
Microsoft tried to increase security within its latest OS Vista but on the other side, they continue to leave open flaws due to design errors! With Vista, Microsoft provides a new security mechanism called WIC (Windows Integrity Control). The purpose of WIC is to protect objects (files, directories, printers, devices)
dns2tcp: How to bypass firewalls or captive portals?
Imagine, you are in your hotel room in a foreign country, your laptop detects a wireless access. You open your browser and get a nice login screen asking you a credit card number (a captive portal). What’s next? Make your choice: fill the form with the magic numbers or try
Phising attack against a Belgian bank!
Today, I received the following mail: Date: Thu, 15 Mar 2007 12:30:04 +0100 (CET) From: “notice@citibank.be” To: xxxxxxx Subject: Important Notice for Citibank Customers This mail has been sent from Germany and the page is hosted in Dallas,Texas (still available @ 13:15 CET). I mailed the admins over there to
New security thread
The best firewall ever will never stop terrorists! 🙁 SCOTLAND YARD has uncovered evidence that Al-Qaeda has been plotting to bring down the internet in Britain, causing chaos to business and the London Stock Exchange. The suspects, who were arrested, had targeted the headquarters of Telehouse Europe, which houses Europe’s
SpamAssassin upgrade
A vulnerability in SpamAssassin has been reported by Secunia (Ref 24197). SpamAssassin has been upgraded on rootshell.be!
securitybullshit!
Every day, thousands of new blogs come to light and the same amount dies! From time to time, there are very nice initiatives like this one: securitybullshit!, like the well known Dilbert or User Friendly, offers small cartoons about security. All aspects of security is covered: virus, computers, risk assessment,