A few months ago, I posted an article about how to add extra logging facilities to the Bash shell. For specific users, it can be useful to have a complete history of their activity on your server (for audit purposes). The first release candidate of Bash 4.1 is available for
Category: Software
Hello Karmic Koala!
Finally, I did it! I just upgraded my corporate laptop with the latest release of Ubuntu (9.10) aka “Karmic Koala”. Available for a few weeks, I preferred to wait for some holidays before the upgrade. First, because without laptop, I can’t work! In case of big issue, my off-days would
Protect your Infrastructure with IRON!
Question: Do you remember the Amiga computer? I was an early fan is this wonderful machine and operating system. Starting with AmigaOS 2.0, a macro language called ARexx (with a letter “A” like “Amiga) was added. This language, derived from REXX (“REstructured eXtended eXecutor“) developed initialy by IBM. The power
InfoSec + Physical Security = Security Convergence
Today, all organizations must take care of security. Not all of them have the same amount of data to protect nor the same level of confidentiality but they have to implement a security policy. If it’s rather easy to implement a security perimeter to protect against the Evil Internet, internal
What’s Behind Microsoft COFEE?
It was announced a few days ago: Microsoft COFEE has been leaked on the wild Internet! Microsoft COFEE stands for “Computer Online Forensic Evidence Extractor“. This “forensic swiss army knife” is available for free to police forces around the world to conduct official forensics investigations. Note: It’s reportedly illegal for
Looking for Monitoring Tools? Check out monitoringforge.org
A new website opened yesterday: monitoringforge.org. The purpose is to centralize in one place a lot of open source monitoring tools, going from full monitoring suite to simple scripts ready to use in your daily job. I found this a very good initiative. Why? When we speak about “security”, we
Updated: IIS-FTP Nmap Script
Yesterday, I posted an article about a Nmap script to detect potentially vulnerable Microsoft IIS FTP servers. I updated the script which now allows an alternative FTP user and password pair to be passed via the command line (thanks to Chris for the comment). If no arguments are provided, an
Detecting Vulnerable IIS-FTP Hosts Using Nmap
A new 0-day exploit for the FTP server included within the Microsoft IIS suite has been released today. Check the post on the Full Disclosure mailing list for more details. Based on an existing Nmap script, I quickly wrote a new one which performs the following actions: Check if anonymous
This Message Will Self-destroy in 30″!
“Cloud computing”! This is a hot topic in IT security for a while. I won’t explain why security is so importing within the cloud. To have a good overview, I recommend to follow Craig Balding’s blog. For sure, you already have personal data stored on the web. You use webmail
PGP Inside your Browser? Possible!
For years, I’m using Pine linked with GnuPG to sign and/or encrypt my e-mails (if you are interested in exchanging secure content with me, my PGP key is available here). I’m using SSH to connect to my server where I start Pine and manage my mailboxes. This is a secure