Passwords are weak! It’s a not a breaking news. But it’s impossible to get rid of passwords today. There are tips to make them stronger. Classic recommendations are: Use a mix of letters and numbers, Use a mix of uppercase and lowercase characters, Use punctuation (special) characters, Do not use
Category: Security
Does the US Government Need a More Powerful SIEM?
The White House published a review regarding the last Christmas attempted terrorist attack. I briefly read the document and noticed some interesting facts: “The thorough analysis of large volumes of information has enabled a variety of departments and agencies to take action to prevent attacks.“ “Yet, as the amount of
Web Scanning Comes to the Cloud…
iiScan is a new on-line vulnerability scanner for websites. It is developed by a Chinese company called NOSEC Technologies [Note: I found the name funny for a company which develops a security solution]. What’s new with iiScan? It is based on a cloud-computing! The service is free but you have
Avoid the “Any” Rule Like the Plague!
Even if next generation firewalls are at our door (filtering at applications level – layer 7), most firewalls are still working with source and destination ports. I often see firewall change requests submitted by customers to add rules like: “Allow traffic between X and Y” without further details. And when
Bash Syslog History Could Lead to Data Leakage?
A few months ago, I posted an article about how to add extra logging facilities to the Bash shell. For specific users, it can be useful to have a complete history of their activity on your server (for audit purposes). The first release candidate of Bash 4.1 is available for
Full-Disclosure is now Illegal in France
The principle of full-disclosure is to publish all the details of a discovered security problem (a software vulnerability). By doing this, the security researchers try to fight against the other principle of “Security by Obscurity”. Once a vulnerability has been found, the “normal” way of working should be to contact
Use the Right Tool!
A well-known expression says “The right people at the right place!“. I would like to extend it to the security perimeter, saying “Use the right tool at the right place!” or “Use the right tool for the right purpose!“. Today’s security landscape is extremely large so complex! Lot of raptors
ISSA Belgian Chapter Meeting: DNS & Security
Back from an ISSA Belgian Chapter event about DNS & Security. As says Kris Buytaert on his blog: “Everything is a Freaking DNS problem!“. Today’s speaker was Marc Lampo who has a great DNS experience (a long time ago, he gained several years of experience as hostmaster while working for
Protect your Infrastructure with IRON!
Question: Do you remember the Amiga computer? I was an early fan is this wonderful machine and operating system. Starting with AmigaOS 2.0, a macro language called ARexx (with a letter “A” like “Amiga) was added. This language, derived from REXX (“REstructured eXtended eXecutor“) developed initialy by IBM. The power
Belgian Transport Company Spotted at C&SAR 2009
C&SAR 2009 (“Computer & Electronics Security Applications Rendez-vous“) was organized in France a few days ago. The topic of the 2009 edition was “wireless security”, covered during three day by a large program of talks. One of the speakers was Gildas Avoine from the University of Louvain-La-Neuve. He spoke about