I found a nice tool today: ike-scan via another blog. “ike-scan is a command-line tool for discovering, fingerprinting and testing IPsec VPN systems. It constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.” The documentation give also a nice introduction of the
Category: Security
SANS Reading Room: Data Carving Concepts
A new document available in the SANS Reading Room: “Data carving is the process of extracting a collection of data from a larger data set. Data carving techniques frequently occur during a digital investigation when the unallocated file system space is analyzed to extract files. The files are “carved” from
USB Key Remote Destruction
Ironkey is known to distribute very secure USB flash drives. Physically protected by a rugged metal case, they are water-proof and tamper resistant. Data protection is based on a builtin crypto chip (via AES). They announced a few days ago a new service: “IRONKEY INTRODUCES SILVER BULLET SERVICE TO ENABLE
MetaSploit FrameWork 3.2 Released
MetaSploit 3.2 has been released! “Austin, Texas, November 19th, 2008 — The Metasploit Project announced today the free, world-wide availability of version 3.2 of their exploit development and attack framework. The latest version is provided under a true open source software license (BSD) and is backed by a community-based development
Belgian Security Landscape is Changing!
For months, a debate exists in Belgium about the (non)existence of a national coordination for IT security. A good example is the existence of a CERT in Belgium. In September, the ISACA Belux Chapter published a press release (still available on their website). Today, the “BISI” project is on its
Time to Patch your Old OpenSSH! (4.7p1)
The SANS ISC diary just reported that a quite old version of OpenSSH (4.7p1 to be precise) suffers of a plaintext recovery attack vulnerability. It’s time to upgrade your old OpenSSH! (Current release of 5.1)
The Story of a Hack – Part 3
The next part (part 3) is now online! Read it here: http://synjunkie.blogspot.com/2008/11/story-of-hack-part-3-kung-fu-shopping.html.
ISSA/OWASP Belgian Chapter Meeting
Back from Brussels, where I attended a ISSA/OWASP local chapter meeting tonight. As usual, it was very interesting! Thanks to the organizers! There was two presentations on the planning. Didier Stevens explained why PDF files became so risky today! He started with a brief introduction about the PDF file format
WEP – Less and Less Unsafe
Recently a buzz started on the Internet: WPA (Wi-Fi Protected Access“) was cracked! But a lot of companies still use WEP (“Wired Equivalent Privacy“) to protect their Wi-Fi networks. Unfortunately, WEP is still less secure now! According to a paper from Erik Tews and Martin Beck, only 24000 captured packets
The Story of a Hack – Part 2
In a recent post, I talked about SynJunkie who described a nice pentest scenario against a fictive company. The second part is now online! Read it here: http://synjunkie.blogspot.com/2008/11/story-of-hack-part-2-breaking-in.html.