Easy to implement, cost effective, the security by obscurity is always a good temptation: running an application on a non-standard port is a good example (Apache binded on port 8080 instead of 80). But a simple nmap scan will immediately reveal the “hidden” server. Fail! But, security by obscurity can
Free Microsoft e-book: Writing Secure Code for Windows Vista
Microsoft offers a free e-book “Writing Secure Code for Windows Vista”. Check out here. Dear developers, don’t forget that security aspects must be taken into account at the early stage of software development!
Nothing happened in Belgium?
I read today that the Belgian crisis center decided to raise the alert level due to the Isreali-Palestinian conflict. This alert level is managed by the Ministry of Internal Affairs. I decided to visit their website for more information. Maybe more details will be provided online: what’s the current status?
IETF Draft: Security Assessment of the Internet Protocol version 4
First post of 2009, not too late to wish you all the best for this year! Even if IPv6 is at our doors, the version 4 of the Internet Protocol will still be present for a (very) long time. IP is an old protocol and lot of vulnerabilities were already
Zero Wine Malware Analysis Tool
Seen on Full Disclosure, Zero Wine is a brand new project to help in malware analyzis. Based on QEMU and Wine, it provides a safe environment to launch suspicious Windows executable and analyze their behavior. Using the Wine debugging features, all the APIs calls are logged for further reporting. Project
Strong Authentication
I’m just back from the cinema with the children. We watched Madagascar 2. Before the movie, and between (too much) ads, the trailer of a coming movie called “Monsters Vs. Aliens” was presented. The trailer was very funny and started with an example of what could be called “very strong
You Asked the Webmaster? Hold the Line Please…
A few days ago, I accidentally discovered a security flaw in a public forum dedicated to a well-known security software solution. No “high-level” attack but something really dumb. During the registration process, I pasted a wrong string in the registration page. My clipboard still contained some basic HTML tags. All
JanusVA: Hardware Privacy Adapter
According to their website, JanusVM is … “a software that allows you to surf the Internet without oppression or censorship, while protecting your privacy, security, and identity. It has advanced filtering capabilities for modifying web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet
X-mas Topology
I generated some traffic to wish you a Merry Christmas! Source: http://www.ende-der-vernunft.org/.
dns.be: More Anycasting
dns.be is responsible of the .be (Belgium) TLD. In a few words, this organization manages the administrative tasks to register domains in the .be zone and also maintains a set of .be-root servers which forward requests to the right name servers to resolve .be domains. At the moment, nine servers