The job of security professional is definitively not an easy one! You have to be dedicated to your job and, once your business hours completed, there are all the remaining tasks which help us to keep your expertise level at the highest level. Hopefully, we do this with passion (otherwise,
Category: Security
Accessing (Safely?) Nagios on iPhone
I was looking for a Nagios application to install on my iPhone for tests purpose and I was surprised to find more hits than expected. It’s true that Nagios is one of the best (if not THE best) open-source monitoring solutions. There is a huge community of developers and contributors
Integrate Blacklisting in your Own DNS Server
When you are connected to a network (Internet or private), your TCP/IP stack must know which DNS server(s) use to resolve host names into IP addresses. For a while, publicly alternative DNS servers – like OpenDNS or Google DNS – implemented a blacklist protection mechanism. If a domain is suspected
Demystify the URL Shorteners
URL shortener on-line services are very helpful. You probably already use them every day. With mobile Internet and micro-blogging services like Twitter , it’s much more convenient to use short URLs. But the downside is, once again, the bad guys who quickly understood the opportunity of new type of attacks.
SCADA or Medical Devices, Insecure by Default?
SCADA systems are in front of the security scene for a few days since the disclosure of the Siemens default password story. SCADA stands for “Supervisory Control And Data Acquisition“. It’s a set of tools and protocols used in industrial environments. I wrote an article about security & SCADA a
SOURCE Barcelona – A Great Cocktail!
The next SOURCE Conference will be held in Barcelona in September (21 & 22). If you plan to travel across Europe in September, have a look at the current schedule and stop in Spain. Immediately you will notice that talks are split in two categories: “Security & Technology” and “Security
Attacking by Obscurity
Everybody agrees to consider “security by obscurity” a false sense of security. By using this principle, the security of an information system in (falsely) increased by hiding sensitive details. Such information can be removed like: by altering the application welcome banner (in Apache, sendmail, etc), by changing the default port
How to Prevent the Windows Screensaver Autolock Feature?
A quick and dirty tip if you need to keep a Windows workstation or server console unlocked. This can be required for several purposes, good or bad. In my case, I’m working on a workstation to access network resources. I don’t have a login and cannot know the local password.
InfoSec Professionals: Come Down Off Your Pedestal!
I faced a strange feeling a few days ago… I received a notification from a colleague about a scheduled upgrade of the SSL VPN solution deployed by my company. As I’m a mobile user, I use this SSL VPN daily (and often more than 8 hours a day!). The upgrade
Censorship Does Not Increase Security!
ENISA published in September 2009 a press release about the huge increase in ATM fraud. The title spoke by itself: “Annual cash machine looses in Europe approach EUR 500 million: ENISA provides advice for consumers.“ The last talk scheduled during HiTB Amsterdam last week was canceled and replaced in last