“Cloud computing”… A buzz word for a while now! It’s a fact that security professionals will face, one day or another, a situation where the company applications and data will be hosted “in the cloud” and whatever your activity is! (auditor, system admin, investigator, etc). This evening, the ISACA Belgium
Wiping & Protecting Data from SSD/Flash Drives
I received a comment from a reader of this blog (hi Ziyad!) about an very old article posted in 2008 (!) about tools to wipe files from drives. I reviewed a list of tools available on Linux (or other UNIX flavors) to safely delete files. As you probably already know,
Detecting Rogue Gateways on a LAN
There was an interesting thread on the pentest@securityfocus.com mailing list a few days ago. A member asked how to detect illegal or “rogue” gateways in a big international organization. Rogue devices can be seen from different point of views. For the network administrators or the security auditors, it’s really a
Security Training Again and Again!
If you are working in the “IT security” field, you must keep your knowledge up to the highest level. It’s a matter of “live or death” and continuous training is mandatory. That’s why big names in the certification world like ISC² or ISACA impose their members to collect a minimum
Grabbing Devices Configuration Using Expect
Just a small post about an Expect script I quickly wrote to solve a backup issue. I already blogged about the “Expect” tool one year ago. I won’t explain again the basics of Expect, just read my previous post. This time, Expect is used to perform an automatic backup of
ISSA-Be Chapter Wrap Up: Cybercrime
I’m back from the last ISSA-Be meeting held in the Verizon offices in Leuven. Today’s topic was “Cybercrime: The actors, their actions, and what they’re after“. The speaker was Matthijs van der Wel, EMEA, manager of Verizon Business’ Forensics practice, who contributed to the Data Breach Investigation Report. The talk
Strong Passwords for Dummies?
User authentication… If there is a long and never ending story, it is definitively this one! All of us have plenty of passwords to write on post-its keep in mind. They are several ways to increase the user authentication safety. By forcing very difficult passwords and learn them, by using
Belnet Security Conference Wrap up
I’m back from the second edition of the Belnet Security Conference organized today in Brussels. Belnet is the “Belgian National Research Network“. In other words, this is the federal organization which connects universities, governments infrastructures, schools to the Internet using high-speed pipes. Since the beginning of 2010, they also extended
JavaScript Password Trainer
I won’t come back on password policies. Everything has already been covered multiple times on this topic! Regular password changes might be forced in your organization. When you use the same password multiple times a day, you finally don’t think about it and type it “blindly”. When my passwords need
Keep an Eye on your Data using OpenDLP
A new tool has been released (version 0.1) today on code.google.com: OpenDLP. “DLP”, “Data Loss Protection” or “Data Leak Protection”, a buzz-word! Even if the problem is real and critical for some organizations, my opinion is the following: Instead of spending money in expensive solutions (and DLP solutions ARE expensive!),