Yesterday, I posted an article about a Nmap script to detect potentially vulnerable Microsoft IIS FTP servers. I updated the script which now allows an alternative FTP user and password pair to be passed via the command line (thanks to Chris for the comment). If no arguments are provided, an
Category: Security
Detecting Vulnerable IIS-FTP Hosts Using Nmap
A new 0-day exploit for the FTP server included within the Microsoft IIS suite has been released today. Check the post on the Full Disclosure mailing list for more details. Based on an existing Nmap script, I quickly wrote a new one which performs the following actions: Check if anonymous
Security Events Calendar
The number of scheduled security events is gigantic! There are the “big ones” like DefCON, BlackHat or RSA. They are outsider but which promise to be very interesting (like BruCON, no advertisement to read here ;-)). There are also lot of local events like all the chapter of international organization
Security Awareness Book for our Children
It is never too early to give some security recommendations! My first daughter became a fan of a book series called “Max & Lili”. Those comics books (only available in French if I’m not wrong) are written by Serge Bloch and Dominique de Saint-Mars. Each volume focuses on a specific
And What About the Human Factor?
A few days ago, an article was posted on the (ISC)2 blog about the idea of a new CBK to cover “human factors” in security? (ISC)2 means (take a deep breath) “International Information Systems Security Certification Consortium“. This is a not-for-profit organization which maintains, amongst others, the CISSP certification.The current
Newton was not Security Aware
Isaac Newton was for sure a great physicianphysicist but he was not security aware! In his third law, he said “For every action, there is an equal and opposite reaction.” (also known as the “action – reaction” principle). This law of physic does not apply to security and more precisely
This Message Will Self-destroy in 30″!
“Cloud computing”! This is a hot topic in IT security for a while. I won’t explain why security is so importing within the cloud. To have a good overview, I recommend to follow Craig Balding’s blog. For sure, you already have personal data stored on the web. You use webmail
Incident Management: Don’t Forget Communication
I just read a new bad story about a company which lost cards information in the wild. All organizations must have a plan for incident management. Never forget the Murphy’s law: “If anything can go wrong, it will“. It is vital to include communication in your incident management plan. in
The Event Lifecycle
My second training week in London is done. This was a bootcamp organized by a well-known company active in log management solutions. Of course, the training focuses mainly on their own products but some reviewed principles are totally independent of any software or hardware solution and be can applied to
Virtual Money with Real Risks?
The financial group ING announced a partnership with NetLog, the Belgian social network website. On a marketing point of view, this is a good action to attract young potential customers. ING (one of the top-3 bank in Belgium) will catch them on Netlog hoping that, later, they will switch to