In big organizations with lot of employees, not all people have the right attitude or knowledge to use information assets in a good safe way. This is not a complain, just a fact. To educate these people, a security awareness program must be implemented to make them aware of the
Tunisia Tracks Users with JavaScript Injection?
Disclaimer: The information reported below has been translated from French to English with the approval of a friend who also released the information on his blog. His server was hit by a DoS attack. Feel free to relay the information! When you try to access big websites like Facebook, Google
Use your Logs to Detect Fraud
I was invited by the ISSA Belgium chapter to talk last night about log management & SIEM (“Security Information and Event Management“). This is a very interesting topic but almost everything has been said (good as bad) on SIEM. I decided to innovate and to use some articles posted in
Auditing MySQL DB Integrity with OSSEC
Databases are a core component in lot of applications and websites. Almost everything is stored in databases. Let’s take a standard e-commerce website, we can find in databases a lot of business critical information: about customers (PII), articles, prices, stocks, payment (PCI), orders, logs, sessions, etc. Like any component of
Security: DIY or Plug’n’Play?
Appliance or not appliance? That is the question! A computer appliance is a dedicated hardware which runs software components to offer one of more specific services. Information security has always been and is, still today, a common place where to deploy appliances: firewalls, proxies, mail relays, authentication servers, log management,
Send Events Safely to the Loggly Cloud
I received my Loggly beta account (thanks to them!) a few days ago and started to test this cloud service more intensively. I won’t explain again what is Loggly, I already posted an article on this service. For me, services like Loggly are the perfect cloud examples with all the
Zen Attitude!
The coming days will bring a special atmosphere. Christmas and the New Year days are a good occasion to relax and… to take good resolutions! For people involved in information security, a good one could be to adopt the “zen attitude” and try to establish more diplomatic relations with the
My Wish List for 2011
2010 is almost over and 2011 is already at our door! In a few days, a lot of us will (try to) detach from the regular business and go back to family and friends to spend good times. It’s time to make some planning, reserve enough off-days and setup my
Iptables Logs Mapping on GoogleMaps
My Linux servers are all protected by a local iptables firewall. This is an excellent firewall which implements all the core features that we are expecting from a decent firewall system. Except… logging and reporting! By default, iptables send its logs using the kernel logging facilities. Those can be intercepted
Abuse Info Gathering Made Easy
If there is a boring task when you are investigating a security incident, it’s the process of gathering all information related to the involved IP addresses: What are the IP addresses used, routing information (AS), geo-localisation and abuse information gathering. Alexandre Dulaunoy wrote a cool piece of Perl code to