Finally! After weeks of “yellow status” reported by PSI (Personal Software Inspector from Secunia), my profesional notebook finally went “green”! I’m using PSI for a while on my notebook which has plenty of installed applications: productivity, connectivity, security, reporting tools and much more. Since the beginning, I was never able
Category: Software
OpenSSH 5.1 is Out
A few days ago, I wrote about the SSH Fingerprint ASCII Visualization. OpenSSH 5.1 is out and proposes this new feature right now! And of course, a lot of fixes and improvements. Check the full list here.
Check Your DNS Resolver
Since the announce of the major DNS vulnerability (multi-vendors), it’s patching time for all admins around the world. Did you already perform your homework? The people at OARC have crafted a special DNS name and server that you can query to check whether or not your resolver is using random
Groundwork and Wiki Integration
Next article regarding Groundwork, a very good monitoring and reporting environment. I already integrated WeatherMap with Groundwork (the community edition), or added a Security Dashboard. Now, let see how to integrate a Wiki into Groundwork. A Wiki is an online collaborative tool where everybody can update the pages content directly
Infocus: Blocking Traffic by Country on Production Networks
Interesting article about traffic filtering based on countries: http://www.securityfocus.com/infocus/1900/4. (It’s based on Microsoft ISA server but can be easily extended to other platforms)
Four Minutes!
Four Minutes! This is the actual survival time on the Internet for an unpatched system (sources: ISC and the Survival Time Graph). Good practice: Always perform a full patch before connecting a new server on the Internet (even under pressure). A good deployment procedure must be in place.
The Pirate Bay Proposes “IPETEE”
The Pirate Bay wants to encrypt the whole Internet! As you probably read recently, more and more countries and Europe via the Intellectual Property Rights Enforcement Directive (IPRED2). In the ISO model, encryption is usually performed at the presentation or application levels. The Pirate Bay would like to encrypt all
TrueCrypt 6.0 is out!
A new release of TrueCrypt is available. What’s new? This feature sounds really interesting: Provides two levels of plausible deniability, in case an adversary forces you to reveal the password: 1) Hidden volume (steganography) and hidden operating system. 2) No TrueCrypt volume can be identified (volumes cannot be distinguished from
Metasploit on an iPhone
An other good reason to get an iPhone (still not announced in Belgium, btw): Metasploit is available on the iPhone. See Muts’ Blog.
Let’s Play in Sandboxes!
Children like to play in a sandbox. Computer users should also play in sandboxes… to increase their security! A sandbox is a mechanism (a software) used to execute untrusted applications. A sandbox can be seen as a light-virtualization system. True virtualization (performed with products like VMware, VirtualBox or Virtual PC)