In April 2014, the Internet shivered when we faced the “heartbleed” bug in the OpenSSL library. It makes lot of noise across the security community and was even covered by regular media. Such issue could never happen again, right? Never say never! Last week, a new storm in the Internet with “shellsock”
Category: Uncategorized
2nd European Information Security Blogger Awards Announced
Today, Brian Honan announced on his blog the second European edition of the Security Bloggers Awards. In a few weeks, many infosec guys will join London to attend BSidesLondon and/or InfoSecurity Europe. This is the perfect time to organize a meet-up on Wednesday 30rd April. Security bloggers are welcome to have
Tracking Processes/Malwares Using OSSEC
For a while, malwares are in front of the security stage and the situation is unlikely to change in the coming months. When I give presentations about malwares, I always like to report two interesting statistics in my slides. They come from the 2012 Verizon DBIR: In 66% of investigated incidents,
KISS… Your Logs Too!
If there is a gold principle in IT, that’s the one called “KISS“: “Keep It Simple and Stupid“. It says that systems will work best if they are kept simple rather than complex. Simplicity must be a key goal during the design phase. This sounds logical: Keep in mind that
OS X: How to Avoid the VPN “Grey Zone”?
Today, the second edition of “Security Friday” was held in Brussels. As mentioned on the website, the goal is “a gathering of people in the IT security field. Getting together for a drink on the last Friday of the month in a bar near you we talk amongst peers about
CIPS: EU Sponsorship to Protect Against Terrorism & Security Risks
Today I read an interesting document which landed into my mailbox. It’s about a call for proposals initiated by the European Commission “Home Affairs” DG. The document was a CFP (“Call For Participation“) part of the programme called “Prevention, Preparedness and Consequence Management of  Terrorism and other Security related Risks
Mine is Bigger Than Yours!
Everybody already faced the same situation: Children like to compare with each others! Put kids in the same room and let them play. Comparisons will start soon: “My dad has a bigger car than yours“, “My plane flies better than yours“, “I can run faster than you“, etc. Sometimes, I’m
Are You Using “NAC” like “No Access Control”?
An interesting reflexion about a situation I faced while performing a pentest for a customer. The scope was the internal network or “show me what an attacker could access from a rogue device“. A very wide scope indeed… The customer is using a NAC (“Network Access Control“) solution to allow
Bring Your Own Rogue [Router|DHCP|Access Point]
In the series of gadgets that we must bring with us, let me present the “NI-707537” of ICUDU. I’m always traveling with a big backpack containing plenty of useful stuff. Working often at customer premises, I don’t have a fixed place in my company offices. I’m always carrying all my
Ranking People Like Domains or IP Addresses?
Real time events or network traffic analysis is interesting to track suspicious behaviors. And, if you add some external sources of information, you could increase even more the capability of detecting real events. Such ranking sources applies usually to IP addresses and domain names. They are plenty of online resources