Disclaimer: The information reported below has been translated from French to English with the approval of a friend who also released the information on his blog. His server was hit by a DoS attack. Feel free to relay the information! When you try to access big websites like Facebook, Google
Category: Security
Use your Logs to Detect Fraud
I was invited by the ISSA Belgium chapter to talk last night about log management & SIEM (“Security Information and Event Management“). This is a very interesting topic but almost everything has been said (good as bad) on SIEM. I decided to innovate and to use some articles posted in
Auditing MySQL DB Integrity with OSSEC
Databases are a core component in lot of applications and websites. Almost everything is stored in databases. Let’s take a standard e-commerce website, we can find in databases a lot of business critical information: about customers (PII), articles, prices, stocks, payment (PCI), orders, logs, sessions, etc. Like any component of
Security: DIY or Plug’n’Play?
Appliance or not appliance? That is the question! A computer appliance is a dedicated hardware which runs software components to offer one of more specific services. Information security has always been and is, still today, a common place where to deploy appliances: firewalls, proxies, mail relays, authentication servers, log management,
Send Events Safely to the Loggly Cloud
I received my Loggly beta account (thanks to them!) a few days ago and started to test this cloud service more intensively. I won’t explain again what is Loggly, I already posted an article on this service. For me, services like Loggly are the perfect cloud examples with all the
Zen Attitude!
The coming days will bring a special atmosphere. Christmas and the New Year days are a good occasion to relax and… to take good resolutions! For people involved in information security, a good one could be to adopt the “zen attitude” and try to establish more diplomatic relations with the
Iptables Logs Mapping on GoogleMaps
My Linux servers are all protected by a local iptables firewall. This is an excellent firewall which implements all the core features that we are expecting from a decent firewall system. Except… logging and reporting! By default, iptables send its logs using the kernel logging facilities. Those can be intercepted
Abuse Info Gathering Made Easy
If there is a boring task when you are investigating a security incident, it’s the process of gathering all information related to the involved IP addresses: What are the IP addresses used, routing information (AS), geo-localisation and abuse information gathering. Alexandre Dulaunoy wrote a cool piece of Perl code to
Pirate-moi.com
An interesting initiative from a small team of French guys active in information security. They are organizing a online contest called “Pirate-Moi” (“Hack Me“). The purpose is pretty the same as a classical CTF (“Capture The Flag“) contest held during security conferences: To hack a system! In this case, the
OWASP BeNeLux Day 2010 Wrap Up
Yesterday, the three OWASP Benelux chapters organized together their annual OWASP BeNeLux day. This edition was held at the Fontys Hogeschool in Eindhoven (NL). First detail of this year, the weather conditions! After more than three hours of driving on snowy roads, I finally reached Eindhoven. Just in time for