After a cool dinner with other Belgian infosec people, the second day started with a discussion panel about the “Economics of vulnerabilities“. The panelists were: Lucas Adamski (Mozilla), Steve Adegbite (Adobe), Aaron Portnoy (Tipping Point),Adrian Stone (Blackberry / RIM), Chris Evans (Google),Katie Moussouris (Microsoft), Dhillon Kannabhiran (HITB – moderator). Almost
HITB2011Ams Wrap-up Day #1
Welcome back in Amsterdam! This is the second edition of the Hack In The Box (HITB) security conference in Europe. Let’s go for a quick wrap-up! I woke up too early (04:00AM) to drive to Amsterdam and arrived without any traffic jams (rare in Amsterdam)! Enough time to perform the
IPv6 Backdoor for the Best and Worst!
I’d like to come back to an issue I faced yesterday with one my servers. I think that this story could be a good example as part of an IPv6 awareness program… One of my servers in my home lab runs several virtual machines. This server is reachable from outside
HITB Amsterdam 2011 Coverage
In exactly one week, the 2nd edition of HITB Amsterdam (“Hack In The Box“) will be already over. As you see their logo on the left, I’ll attend the event and perform a coverage via Twitter and my Blog (Thanks against to the organization for the invitation!). I’ll be in
OSSEC Speaks “ArcSight”
Log management… A hot topic! There are plenty of solutions to manage your logs. Like in all IT domains, there are two major categories: free and commercial tools. Both have pro and cons. No big debate here, contrariwise I’ll show you a good example of a mix between both worlds.
ISSA Belgium Chapter Review of the Verizon DBIR
I’m just back from the last ISSA Belgium event organized tonight at Verizon premises. Wade Baker, director of risk intelligence for Verizon and creator, author and primary analyst for Verizon’s DBIR series, presented the analysis, findings and recommendations of the 2011 version of Verizon’s DBIR. If you are an infosec
/bin/bash Phone Home
I found UNIX a wonderful OS, whatever the flavors! I use it for 17 years and almost every week, I learn new stuffs. One of the particularities of UNIX is the way it communicate with devices. Except some specific devices, most of them are managed and visible as files or
Log Management: Don’t be an Ostrich!
I would like to tell you about the situation I experienced this afternoon. The goal of a log management solution is to collect and store events from several devices and applications in a central and safe place. By using search and reporting tools, useful information can be extracted from those
Junkie the Network Sniffer
I always try to keep my blog independent of all commercial products. I don’t like “v€ndor$” trying to sell you the “most-powerful-solution-ever-seen-on-earth”. For me, information security must be based on a deep analyze of the problems, then chose the best solution to match the requirements (features, budgets, ease-of-use, etc). This
Should Dropbox & Co be Killed?
I’m a big fan of the Dropbox application for a while. Dropbox helps you to synchronize your files within a personal deposit located in the cloud. If you have multiple Dropbox clients configured, your files will be instantly synchronized between all your devices when they come online. I use it