When I talk to customers about monitoring, they often have a vague idea about the way to implement a solution. Monitoring must be part of your security policy. Your tools (whatever the product you choose – no name here) must help you to stick to the CIA principle: Confidentiality (to
What if… or Crisis Management
Back from the ISACA Belgian Chapter meeting. Today’s topic was “Crisis Management”. As usual, very interesting and lot of experiences shared between the participants. What first emerged from the meeting was the different types of definitions companies have of a “crisis”. For some of them, a crisis must be fixed
Fuzzing?
During the last FOSDEM (see a review here), I attended a presentation about fuzzing techniques with Fusil. It looked interesting to me and I started to grab more information about this attack method. Krakowlabs released a interesting paper about fuzzing. After a short introduction, they reviewed the different types of
France: IP Addresses are no Longer Considered as Private?
My last post was a little bit funny but the quote came from a French newspaper article about a judgment which can have an effect similar to an earthquake in France! It’s about the “privacy” aspect of IP addresses. A previous justice decision made by Court of Appel in Rennes
Find the Error!
Read here: “Chaque utilisateur de l’Internet est identifié, sur les réseaux, par un numéro à plusieurs chiffres, également appelé adresse IP (pour Internet Protocol). Par exemple : 128.263.36.45. Et seuls les fournisseurs d’accès (Orange, Free…) peuvent savoir qui est la personne derrière chaque adresse IP. Cette information était considérée comme
Search the Internet in a Safe Way
Most search engines are well-known to log your IP address when you perform a search request via their services. For each request, personal information are saved (IP address, timestamps, clicked results) and re-used later to build your “profile”. Why? First, to propose more accurate results when you use the search
Back from FOSDEM
Back from FOSDEM! A few days ago, I posted here my schedule and it didn’t changed. The first three presentations were in the same room and covered security topics. The FOSDEM is an event for open-source developers and not fully dedicated to security like BruCON but developers must be aware
Long Term Private Key Retention? Think of Paperkey!
Everybody is aware of the major problem with digital media: The retention time! The expected period can be critically reduced if the media (CD, hard-disk, tape, USB-key, flash, …) is not stored in safe environment (temperature, humidity, magnetic fields). Even if CD or DVD have a quite long retention time,
First OWASP Belgian Chapter Meeting of 2009
I’m back from the first OWASP Belgian Chapter meeting
Introduction to Nmap Scripting
All people working with networks know the wonderful tool called Nmap. Basically, Nmap is a network scanner. It allows you to detect hosts on a network and services running on them. Just type “nmap <hostname|ip>” to perform a simple port scan. But Nmap can do much more! Host discovery, multiple