Lot of media (and not even those related to info security) reported this story today: LulzSec is back! Their last victim was the well-known English newspaper: the Sun. They redirected the site to a fake page which announced the death of Rupert Murdoch. When reading this kind of news, our
Category: Security
Feeding DShield with OSSEC Logs
The primary goal of a log management solution is to receive events from multiple sources, to parse and to make them available for multiple purposes: searching, alerting and reporting. But why not send some interesting events to another log management system or application? Usually, some inputs are added in the
Suspicious WordPress Plugins Scan
Here is an interesting example I would like to share with you. It proves how log management is important. If you read my blog, you already know that I’m addicted to logs. They can be very useful to trace incidents or suspicious activities. Today I received several alerts from my
Dropbox? gpgdir to the Rescue!
During the last months, Dropbox, the well-known synchronization tool, was hit by bad stories. First, they changed their EULA (“End User License Agreement“) which clearly stated that Dropbox employees could access your files in case of very specific cases like law enforcement procedures. I always blogged about this. Then, researchers
Is Security Looping Permanently Like Fashion?
Just a small reflection about the current Lulzsec stories… They’re staying on top of news for a few weeks by successfully breaking in big organizations like Sony, the CIA, the US Senate and much more. They released thousands of stolen credentials… They posted a manifesto and admitted that, performing hacking
Hack in Paris 2011 Wrap-Up
Yesterday, I went to Disneyland Paris! Not for a family trip but to attend a security conference. Great place isn’t it? Everybody knows the Disney park but the nearby hotels propose facilities to organize events. That’s what did Sysdream, the organizer of Hack in Paris 2011. I left home very
Will Security Researchers Need a License to kill?
The European Commission is capable of the worst as best ideas! A few days ago, they announced the imminent setup of a CERT (“Computer Emergency Response Team”) to protect the institutions, agencies and bodies against cyber-attacks. Good idea! But, a few days ago, a press-release announced that Justice Ministers, who
Review: BT4: Assuring Security by Penetration Testing
If you are working in the “information security” field, you must know the BackTrack distribution (otherwise you must be an alien coming from a far away planet!). If you search for the word “backtrack” on Amazon, you will find lot of references but only one book is fully dedicated to
PH-Neutral, My First and Last One
I’m writing the final touch of my PH-Neutral wrap-up from the Berlin airport waiting for my flight back to Belgium. The 0x7DB edition was the first time for me but also the latest one as FX, the founder, decided to not organize the event next year. A page is over!
May 2011 OWASP/ISSA Belgium Meeting Wrap-up
Tonight was held a joined OWASP and ISSA Belgium Chapters meeting with three speakers. Very interesting content, here is a small wrap-up in “bullet-point” mode due to a lack of free time… First speaker, Tom Van Der Mussele from Verizon Business spoke about the “non-conventional attacks“. Tom explained that those