Tadaaaaaa! BruCON is alive! A security conference was really missing in Belgium. That’s fixed now. The first edition of BruCON will be held in Brussels, 18-19 September. I’ll be present for sure. Check out the website for details.
Category: Security
DNS queries for “.”
As described by the Internet Storm Center in the last Sunday diary, my name server was also hit by this attack today. 380000 queries for “.” where sent to bind. For those who’re not experienced with the DNS protocol, querying for a dot (“.”), ask the name server to answer
ISACA Belgian Chapter: Introduction to the SCOR Framework
Today, I attended the first ISACA Belgian Chapter meeting of 2009 about the SCOR framework. SCOR means “Supply Chain Operations Reference” (more information here). It’s a framework and best practices (not an audit methodology) to help enterprise to increase performance and reduce risks of their supply chain. Basically, there are
Databases Protection with GreenSQL
Today, the majority of websites offer dynamic content to visitors. All information is stored in back-end databases and processed live. A classic infrastructure is based on LAMP (Linux, Apache, MySQL, PHP). Unfortunately, “database” means also a broaden surface attack. And risks are multiple: SQL injections, data leak, data alteration or
STIB: Security by Obscurity
A lot of blog posts already covered the security issue which affected the STIB (The public transportation company in Brussels). I”ll not rewrite the facts here. The Belgian French television made a story [in French] about this problem. The journalist interviewed the STIB spokeman. During the interview, he said: “Il
Security by Obscurity
Easy to implement, cost effective, the security by obscurity is always a good temptation: running an application on a non-standard port is a good example (Apache binded on port 8080 instead of 80). But a simple nmap scan will immediately reveal the “hidden” server. Fail! But, security by obscurity can
Free Microsoft e-book: Writing Secure Code for Windows Vista
Microsoft offers a free e-book “Writing Secure Code for Windows Vista”. Check out here. Dear developers, don’t forget that security aspects must be taken into account at the early stage of software development!
Zero Wine Malware Analysis Tool
Seen on Full Disclosure, Zero Wine is a brand new project to help in malware analyzis. Based on QEMU and Wine, it provides a safe environment to launch suspicious Windows executable and analyze their behavior. Using the Wine debugging features, all the APIs calls are logged for further reporting. Project
You Asked the Webmaster? Hold the Line Please…
A few days ago, I accidentally discovered a security flaw in a public forum dedicated to a well-known security software solution. No “high-level” attack but something really dumb. During the registration process, I pasted a wrong string in the registration page. My clipboard still contained some basic HTML tags. All
JanusVA: Hardware Privacy Adapter
According to their website, JanusVM is … “a software that allows you to surf the Internet without oppression or censorship, while protecting your privacy, security, and identity. It has advanced filtering capabilities for modifying web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet