The idea of this article popped in my mind after a colleague of mine asked me to investigate a security incident. Nothing brand new, a customer’s server not properly patched and secured was pwned. I found that the server was hit by the JBoss worm which started to spread in
Category: Software
Monitoring pastebin.com within your SIEM
For those who (still) don’t know pastebin.com, it’s a website mainly for developers. Its purpose is very simple: You can “paste” text on the website to share it with other developers, friends, etc. You paste it, optionally define an expiration date, if it’s public or private data and your are
Vulnerability Management: OSSEC & Secunia PSI
“Vulnerability Management“… This is an important topic for your corporate security. One of the steps in this process is the monitoring of your applications and operating systems. With hundreds (thousands?) of devices connected to your network, how to keep an eye on the applications and patches installed on all of
Data Integrity: MD5/SHA1 are Your Best Friends!
Yesterday, I faced a very strange story that I would like to tell you to prove the importance of “integrity” in information security. Wikipedia defines data integrity as following: “Data Integrity in its broadest meaning refers to the trustworthiness of system resources over their entire life cycle.“ The “entire life
Detecting Defaced Websites with OSSEC
In the scope of the OSSEC Week, here is a quick contribution which can greatly help you to monitor suspicious changes on a website. Today, your corporate website is the very first contact you have with your customers, partners, press, etc. It’s your window to the world. Nobody can pretend
Mapping OSSEC Alerts with AfterGlow
This week is the third annual OSSEC week! A good initiative to promote this open source log management solution. This post is my first contribution to the OSSEC community, I hope to publish more posts if I’ve enough time. OSSEC is a excellent tool to collect and analyze the events
Implementing Security Controls via Nagios
In my last post, I gave some inputs about the implementation of basic security. It can be increased by following simple rules and procedures. This was purely theoretical. So, I decided to continue on this topic and show you how basic security checks can be implemented without spending too much
Feeding DShield with OSSEC Logs
The primary goal of a log management solution is to receive events from multiple sources, to parse and to make them available for multiple purposes: searching, alerting and reporting. But why not send some interesting events to another log management system or application? Usually, some inputs are added in the
Suspicious WordPress Plugins Scan
Here is an interesting example I would like to share with you. It proves how log management is important. If you read my blog, you already know that I’m addicted to logs. They can be very useful to trace incidents or suspicious activities. Today I received several alerts from my
Dropbox? gpgdir to the Rescue!
During the last months, Dropbox, the well-known synchronization tool, was hit by bad stories. First, they changed their EULA (“End User License Agreement“) which clearly stated that Dropbox employees could access your files in case of very specific cases like law enforcement procedures. I always blogged about this. Then, researchers