All administrators already face the following nightmare: It’s 01:00am and you changed a parameter in an application. A few days later, due to instability, you need to rollback. What the hell did you change?”. Of course, changes “on the go” must be avoided like the plague but sometimes, they’re mandatory.
Category: Security
Social Dictionary Generator
Fighting weak passwords is a pain for all security professionals. Security awareness trainings may help your users to increase the strength of their passwords. That’s the main problem: humans have difficulty to remember complex informations like strings of characters and numbers. That’s also why the DNS was invented: it’s much
Security Professionals, the Uptime is not Your Best Friend!
Today, I worked on a customer server running Fedora Core 5. You read correctly, five. The uptime was more than 851 days (~2.5 years)! System administrators will immediately think “Cool! That’s a very reliable server!” but what about the security aspects? I exchanged some very interesting tweets with @ChrisJohnRiley in
Secure Amsterdam Workshop 2009 Review
Back from a one-day trip to Amsterdam where I attended the “Secure Amsterdam Workshop 2009” meeting organized by ISC2. This year topic was forensics IT investigations. The first speaker was Matthijs van der Wel from Verizon Business who reviewed the 2009 Data Breach Investigations Report. It was interesting to have
DNS, Your Achilles’ Heel?
A few days ago, the site google.co.ma, the Moroccan version of the well-known search engine was reported as defaced (screenshot here). Only the URL ‘google.co.ma’ was defaced, the long version ‘www.google.co.ma’ was still working properly. What happened? In fact, Google was clearly not the target in this case but the
What Makes a Password Strong Enough?
Today I was working with a security product developed by a major player on the market. I had to change a default password by something “stronger” and the following dialog box popped up: Limiting a password to letters only in 2009? No comment!
Do We Need Safer (Encrypted) SMS?
Today no one doubts the usefulness of data encryption. It’s a fact: IP traffic and stored data must be encrypted using more and more powerful tools. Data can also be encrypted on mobile devices like PDAs. But what about SMS? Tapping of mobile communications is not easy for the common
Take Care of Rogue Free Software Mirrors
Yesterday, first of May, the new OpenBSD release was made available! Like major big open source projects, to be able to serve all the download requests, the source code is available through mirrors around the world. I read the following post on the security-announce mailing list today: “It has come
Use Google Mail as a Sandbox
Google announced via his Official Gmail Blog the support of TIFF and Powerpoint files in their Gmail application. PDF files were already supported for a while. For a few months, PDF files have been hit by several security issues and recently, a zero-day exploit targeted Powerpoint files. Why not use
Tell Me How You Work and I’ll Monitor You!
Today, I read an interesting story in Datanews, a Belgian IT newspapers. To briefly resume, “Company A”, the customer, complains about “Company B”, the telecom operator, which installed a telephone central at the first one premises. During a weekend, hackers took control of the system and used it perform calls