The OWASP Benelux Days is a two-days event organized by three OWASP chapters (Belgium, Netherlands and Luxembourg). The 2010 edition was organized in Eindhoven(NL). This year, it was organized in Luxembourg. After a safe trip, sharing my car with a friend, we arrived at the Luxembourg University. Nice venue with
Category: Security
Vulnerability Management: OSSEC & Secunia PSI
“Vulnerability Management“… This is an important topic for your corporate security. One of the steps in this process is the monitoring of your applications and operating systems. With hundreds (thousands?) of devices connected to your network, how to keep an eye on the applications and patches installed on all of
Data Integrity: MD5/SHA1 are Your Best Friends!
Yesterday, I faced a very strange story that I would like to tell you to prove the importance of “integrity” in information security. Wikipedia defines data integrity as following: “Data Integrity in its broadest meaning refers to the trustworthiness of system resources over their entire life cycle.“ The “entire life
Your Passwords: To Be Or Not To Be… Safe?
The idea of this post came after I read another blog post from Light Blue Touchpaper. Picking a good password is a never-ending story. You can find multiple recipes, tips & tricks. One of the way, also promoted by Google is to create passwords based on quotes or common sentences.
SOURCE Barcelona 2011 Wrap-Up
The conference SOURCE Barcelona 2011 is already over. Waiting for my flight back to Belgium, it’s time for my wrap-up! This year, an OSSEC training was initially scheduled with my friend Wim Remes but it was cancelled due to the lack of registrations. It looks that “defensive” security trainings do
Biology Rules Apply to Infosec?
In biology, it is proven that consanguinity between members belonging to the same group (example: people living in the same closed area or animals from the same breed) may affect their resistance to certain diseases or reduce certain physical characteristics. It’s important to keep some level of diversity. The latest
Show Me Your DNS Logs, I’ll Learn about You!
During the last BruCON edition (0x03), we operated our own DNS resolver. Instead of using public servers or the ones proposed by our ISP, pushing our own DNS resolver to network visitors can be really interesting. Of course, addicted to logs, I activated the “queries_log” feature of bind to log
Hit by the RSA Attackers == Potential Target for V€ndor$?
Just a small reflection about the list of potential victims of the RSA attackers published by Brian Krebs a few days ago… I won’t come back on this attack, almost everything has been said on this topic. Brian’s post reports a list of AS (“Autonomous Systems“) which exchanged some traffic
Book Review: BT5 Wireless Penetration Testing
Finally, I found some time to write my review of another book: “BackTrack 5 Wireless Penetration Testing“. The book was written by Vivek Ramachadran. Good coincidence? Vivek was present during the last edition of BruCON and gave a workshop called “Wi-Fi malware for fun and profit“. Being quite busy during
Detecting Defaced Websites with OSSEC
In the scope of the OSSEC Week, here is a quick contribution which can greatly help you to monitor suspicious changes on a website. Today, your corporate website is the very first contact you have with your customers, partners, press, etc. It’s your window to the world. Nobody can pretend