Microsoft (via the Solutions Acceleratos team) published an interesting document about NAP: “ Selecting the Right NAP Architecture“.
Category: Websites
(IN)SECURE Magazine #17
(IN)SECURE Magazine issue 17 (July 2008) is out! Open redirect vulnerabilities: definition and prevention The future of security is information-centric Securing the enterprise data flow against advanced attacks Bypassing and enhancing live behavioral protection Security flaws identification and technical risk analysis through threat modeling Migration from e-mail to web borne
Fired Due to a Malware!
The following story has been relayed by several blogs and newspapers. An employee was fired for violation of its company computer usage policy: Child porn was found on his laptop. The first human reaction facing such evidences is not always the best one: “Guilty!”. A computer forensics analyst spent one
Will Finally IPv6 Arise?
The Organization for Economic Co-operation and Development (OECD) published a document to warn goverments and business about the near-future IPv4 addresses shortage. Actually 85% of the IPv4 address space of already assigned (total space is 2^32 == 4,294,967,296) and should be fully assigned by 2011! Of course, a lot of
Google Safe Browsing
Google is never miserly in innovations. Their labs is full of nice tools for all of us. Google Safe Browsing is a tool which helps you to identify potential unsafe websites. Queries are in format: http://google.com/safebrowsing/diagnostic?site=<your url> Example: http://google.com/safebrowsing/diagnostic?site=blog.rootshell.be.
A Chronology of Data Breaches
After the Bank of Ireland, the Ulster Bank also loose notebooks with customers information. Data breach becomes more and more an issue today: As all our personal data are stored in electronic form, it’s easy for employers to take data away to work at home or attend external meetings with
nsa.gov Offline During a Few Hours
The name servers hosting the National Security Agency (aka nsa.gov) were reported unavailable during a few hours around May the 15th. How is this possible? Let start some investigations using dig. When you query a root-server and ask for the name servers (NS records) of the nsa.gov zone, you receive
CAPTCHA Me if You Can!
“CAPTCHA” ? What’s this? Everybody already used CAPTCHA (or “Completely Automated Turing Test To Tell Computers and Humans Apart“). You know those pictures made of deformed letters that you need to understand and type in a specific field to perform some operations like creating some accounts, authenticating, etc. Almost all
Microsoft Helps Big Brother
In a previous post, I talked about US authorities who have rights to read your hard drives. Today, Microsoft announced a new toy USB stick called COFEE: Computer Online Forensic Evidence Extractor. “The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which
OpenID – SSO for the Mass
User authentication is a key component of security practices. To allow certain operations in your websites, you first need to authenticate the user. To achieve this, there are plenty of methods. The most common is the login / password pair. Not the most secure but quite easy to deploy. One