An interesting initiative from a small team of French guys active in information security. They are organizing a online contest called “Pirate-Moi” (“Hack Me“). The purpose is pretty the same as a classical CTF (“Capture The Flag“) contest held during security conferences: To hack a system! In this case, the
OWASP BeNeLux Day 2010 Wrap Up
Yesterday, the three OWASP Benelux chapters organized together their annual OWASP BeNeLux day. This edition was held at the Fontys Hogeschool in Eindhoven (NL). First detail of this year, the weather conditions! After more than three hours of driving on snowy roads, I finally reached Eindhoven. Just in time for
All Your Logs are Belong to the Cloud…
Ever heard of Loggly? This is a new cloud service which presents itself as “Logs Made Easy“. I’ll not come back on the definition of cloud computing, its benefits and issues. If you are looking for interesting information about this topic, I suggest you to visit Craig Balding’s blog cloudsecurity.org.
Address the Security Threats at Source
Information security is a recurrent process. New threats arise and must be properly handled. In Augustus 2009, I already reported a story and came to the following conclusion: The principle of “action – reaction” as described by Newton is not applicable in information security! Here is another good example with
Easy Decryption of Facebook Passwords
All good pentesters have their own “survival kit” with a lot of tools and scripts grabbed here and there. Here is a new one released a few days ago: FacebookPasswordDecryptor. “FacebookPasswordDecryptor – small, simple, free, and yet truly reliable application that helps you recover stored Facebook account passwords, quickly and
Be the Conductor of Your Security!
I’m visiting organizations and companies for miscellaneous projects and I’m often scared by the lack of “visibility” they have on their infrastructure. For years now, new components have been deployed by pure requirements or (honestly) by the business “pressure”: Firewalls, IDS/IPS, (reverse)proxies, WiFi, SSL VPNs, etc. All those solutions, hardware
My Invitation to PaulDotCom Security Weekly
What a good surprise! I’ve been invited to participate to the episode #221 “Special Thanksgiving” of PaulDotCom Security Weekly podcast next Tuesday between 20:00 – 22:00 (CET). If you are available, feel free to join us live on pauldotcom.com/live/! This will be my second participation to a podcast (the first
Is BGP the Next Threat on Internet?
When Internet ARPAnet was invented in the seventies, its goal was to interconnect military resources using packets based networks and to be strong enough to resist to “attacks”. Loosing some devices in the network could not affect the communications. Later, the same technology was re-used to build the public network
Back(Up) to the Future
Ah, backups… What a nice boring topic! Everyone agrees on the fact that a strong backup procedure is mandatory for any computer (server, workstation, PDA or anything else which carry data). But lot of us also agree to say that backup are so boring to perform and, even more, maintain!
facebook.com Emails are Coming…
It has been announced by Facebook! E-mail addresses “@facebook.com” are coming! Scoop, I got some information leaked from a Facebook server: $ cd Ëœfacebookuser $ cat .procmailrc # All your emails are belong to us # — Mark Z. :0 * ^From.* { :0c ⎢/usr/local/bin/index.pl :0c ⎢/usr/local/bin/send_ads.pl :0c ^X-Privacy: yes