For months, a debate exists in Belgium about the (non)existence of a national coordination for IT security. A good example is the existence of a CERT in Belgium. In September, the ISACA Belux Chapter published a press release (still available on their website). Today, the “BISI” project is on its
Time to Patch your Old OpenSSH! (4.7p1)
The SANS ISC diary just reported that a quite old version of OpenSSH (4.7p1 to be precise) suffers of a plaintext recovery attack vulnerability. It’s time to upgrade your old OpenSSH! (Current release of 5.1)
The Story of a Hack – Part 3
The next part (part 3) is now online! Read it here: http://synjunkie.blogspot.com/2008/11/story-of-hack-part-3-kung-fu-shopping.html.
ISSA/OWASP Belgian Chapter Meeting
Back from Brussels, where I attended a ISSA/OWASP local chapter meeting tonight. As usual, it was very interesting! Thanks to the organizers! There was two presentations on the planning. Didier Stevens explained why PDF files became so risky today! He started with a brief introduction about the PDF file format
WEP – Less and Less Unsafe
Recently a buzz started on the Internet: WPA (Wi-Fi Protected Access“) was cracked! But a lot of companies still use WEP (“Wired Equivalent Privacy“) to protect their Wi-Fi networks. Unfortunately, WEP is still less secure now! According to a paper from Erik Tews and Martin Beck, only 24000 captured packets
The Story of a Hack – Part 2
In a recent post, I talked about SynJunkie who described a nice pentest scenario against a fictive company. The second part is now online! Read it here: http://synjunkie.blogspot.com/2008/11/story-of-hack-part-2-breaking-in.html.
SANS Reading Room: EVTX and Windows Event Logging
A new document available in the SANS Reading Room: “This paper will explore Microsoft’s EVTX log format and Windows Event Logging framework. The EVTX data stream and structure will be defined as a basis for the Windows Event Logging framework and log subscription components that can be used to collect
The Brute Force Calculator
A brute force attack is a common way to discover user passwords or keys. The goal is very simple: try all possibilities until a successful authentication is accepted by the server. Simple and easy, with the power of recent CPU’s, easy to launch! The number of probes is directly related
The Story of a Hack
Here is an interesting series of posts from SynJunkie. He’ll show us how to conduct a pentest against a fictive company called “HackMe Ltd.“. “The goal of this series of posts is to demonstrate how simple it is to penetrate a network, steal some data, and then erase the evidence
AVG Antivirus Breaks Your Windows!
It has been reported that an AVG upgrade caused the anti-virus to recommend to delete a critical file on the Windows operating system: user32.dll! A new signature was quickly published to correct this problem but a lot of AVG users were forced to restore the delete file using the Windows