I’m back from the last ISSA-Be meeting held in the Verizon offices in Leuven. Today’s topic was “Cybercrime: The actors, their actions, and what they’re after“. The speaker was Matthijs van der Wel, EMEA, manager of Verizon Business’ Forensics practice, who contributed to the Data Breach Investigation Report. The talk
Category: Security
Strong Passwords for Dummies?
User authentication… If there is a long and never ending story, it is definitively this one! All of us have plenty of passwords to write on post-its keep in mind. They are several ways to increase the user authentication safety. By forcing very difficult passwords and learn them, by using
Belnet Security Conference Wrap up
I’m back from the second edition of the Belnet Security Conference organized today in Brussels. Belnet is the “Belgian National Research Network“. In other words, this is the federal organization which connects universities, governments infrastructures, schools to the Internet using high-speed pipes. Since the beginning of 2010, they also extended
Keep an Eye on your Data using OpenDLP
A new tool has been released (version 0.1) today on code.google.com: OpenDLP. “DLP”, “Data Loss Protection” or “Data Leak Protection”, a buzz-word! Even if the problem is real and critical for some organizations, my opinion is the following: Instead of spending money in expensive solutions (and DLP solutions ARE expensive!),
Remote Nmap Scanning with Zenmap
I’m not going to insult you by describing the tool Nmap. This is probably the best scanner available on the Internet. Not because it is often used in movies, but just because it does an excellent job! Nmap has plenty of options. So much that reading the Nmap book is
A “Google Analytics” for Government Requests?
Google released interesting statistics about the number of requests they received from Governments Agencies around the world. If you offer free services on the Internet, they are (mis)chances that people will try to abuse of them. Google is certainly not the exception with all the services they provide: webmail, web
Message to Web Developers: OWASP Top10 2010 is Out!
If you are not aware of this news, OWASP released yesterday its annual Top-10 Web Application Vulnerability Risks. I won’t list them again here, lot of security bloggers already did it in the next hours following the official press release. Instead, I checked if the news was also relayed by
Attending Security Conferences from a Social Point of View
BlackHat Europe 2010 is already over! I spend good times (who don’t!) and the huge number of canceled flights (due to the ash cloud coming from Island) did not changed my point of view. I successfully escaped from Barcelona with @corelanc0d3r and we were back in Belgium after a mix
BlackHat Briefings Day #2
Second briefings day always in Barcelona. For the first talks of the day, I decided in last minute to change my wishlist. I attended the presentation of Thai Duong and Juliano Rizzo called “Practical crypto attacks against web applications“. Their started from a common error in security: “encryption is not
BlackHat Briefings Day #1
After two days of intensive training with SensePost (“Hacking by Numbers”), the briefings started today. Jeff Moss opened the keynote session with fresh information about the conference. First, the number of registrations increased (+100) compared to the last year. This is a good news! The crisis did not affect the