Lot of Belgian newspapers and sites reported today (Example of  article – in French) that a project of law will be discussed soon (deriving from the EU Data Retention Directive) to request providers of telecommunications (Internet – Mobile services) to keep a trace of electronic communications. Wait, the article should say
CIPS: EU Sponsorship to Protect Against Terrorism & Security Risks
Today I read an interesting document which landed into my mailbox. It’s about a call for proposals initiated by the European Commission “Home Affairs” DG. The document was a CFP (“Call For Participation“) part of the programme called “Prevention, Preparedness and Consequence Management of  Terrorism and other Security related Risks
Playing The “Pass The Bomb” Game?
Do you remember the “Pass The Bomb” game? All kids played this game at least once. The principle is simple and funny. There is bomb which is programmed to explode after a random time. Players must pass the bomb from hand to hand and say a new word which must contain
“Out of the Box” SIEM? Never…
A reflexion about the multiple SIEM (“Security Information and Event Management“) products available on the market… I’m currently working with a customer on a big SIEM implementation in an environment that must be PCI compliant and integrates a multitude of devices coming from non-heterogenous security vendors (big-players). Security visualization being
La Nuit du Hack 2013 Wrap-Up
My clock tower is completed! I left home yesterday at 6AM to Disneyland Ressort Paris and I’m just back at 6AM. It’s too late to go to bed so I finished to write my Nuit du Hack wrap-up. This was the first time I attended this event. During the last
Proud of My First Targeted Attack… or Not!
Connecting a server to the Intertubes is like connecting it to the wild. There are plenty of bots (thousands? millions?) scanning IP addresses for vulnerable services. Once a service is enabled on an IP address, you don’t have to wait a long time before detecting incoming traffic! One of the
Crime Convergence
Convergence isn’t a new fact in information security. For a while, we’re speaking about “security convergence” while two, at the beginning, distinct principles or functions are mixed to tend toward or achieve union or a common conclusion or result (as defined by Wikipedia). A good example is the combination of
File Integrity Monitoring for the Poor
For most organizations, security has a huge impact on budgets… except if you’re called the NSA and must deploy a massive surveillance program! Every time you need money, you have to fight with your boss or finance guys to get some bucks after explaining why a new piece of software,
June 2013 OWASP Belgium Chapter Meeting Wrap-Up
I’m back from the last OWASP Belgium chapter meeting. Here is a quick wrap-up. Classic scenario, the event started with Seba who gave some updates about the OWASP foundation. Today’s event was part of a bigger one called the OWASP European Tour. During a few weeks, all European chapters organise
Logs: For Better or For Worse?
Last week, a vulnerability regarding Apache was disclosed. More precisely, the issue was located on the mod_rewrite module. This module rewrites (now, you understand its name) URLs on the fly. This is very useful during web page migrations, attacks migitations etc. The security flaw does not affect the core feature