Here is my quick wrap up of my visit to hack.lu 2011. For those who do not know me, I’m a BruCON volunteer, busy with the network stuff. This year was very special, due to unforeseen circumstances, both conferences overlapped! BruCON (the talks) were scheduled Monday and Tuesday and Hack.lu
Last minute contest: 2 x free ticket to attend #BruCON
We are so close to the next edition of BruCON! The volunteers are doing their best and keep the pressure to make this event awesome! It’s not too late to register and I’ve a gift for my blog readers: 2 free tickets! (*). As a sponsor, my employer received tickets
From Logs to Hell!
I have hesitated a while before choosing the right image to illustrate this article. I read again a press-release about a new log-management product which pretends to provide “out-of-the-box security and compliance for business of all sizes“. Dear v€ndor, are you living in a care bears world or are you
23:10… Still Working? No, I’m a volunteer!
Monday 23:10… Back from holidays, it was my first day back at work. My day job is over but I’m still online in my dark room with only the noise of some fans, the light of my laptops / monitors and the typical keyboard “clicks”… My wife comes in: “Hey,
Your Car Knows a Lot About You!
I got a new company car. W00t! After the basic welcome-tour of the different options, I went deeper and reviewed the on-board computer configuration options. Today, modern cars integrate multimedia interfaces to manage information from several sources: GPS coordinates (past as well as present) Phone books synchronized from phones over
Implementing Security Controls via Nagios
In my last post, I gave some inputs about the implementation of basic security. It can be increased by following simple rules and procedures. This was purely theoretical. So, I decided to continue on this topic and show you how basic security checks can be implemented without spending too much
“LulzSec vs The Sun”, a Case Study?
Lot of media (and not even those related to info security) reported this story today: LulzSec is back! Their last victim was the well-known English newspaper: the Sun. They redirected the site to a fake page which announced the death of Rupert Murdoch. When reading this kind of news, our
Feeding DShield with OSSEC Logs
The primary goal of a log management solution is to receive events from multiple sources, to parse and to make them available for multiple purposes: searching, alerting and reporting. But why not send some interesting events to another log management system or application? Usually, some inputs are added in the
Suspicious WordPress Plugins Scan
Here is an interesting example I would like to share with you. It proves how log management is important. If you read my blog, you already know that I’m addicted to logs. They can be very useful to trace incidents or suspicious activities. Today I received several alerts from my
Dropbox? gpgdir to the Rescue!
During the last months, Dropbox, the well-known synchronization tool, was hit by bad stories. First, they changed their EULA (“End User License Agreement“) which clearly stated that Dropbox employees could access your files in case of very specific cases like law enforcement procedures. I always blogged about this. Then, researchers