As I wrote in a previous blog post, I went to the FIC2010 conference last week. One of the talks I attended was about the “2centre” initiative. 2centre (“2c” for “cc”) means “Cybercrime Centers of Excellence Network for Training, research and Education“. Those centers of excellence focus on law enforcement.
Recovering VM Disk Images from Physical Bad Blocks
Shit happens! Still today, hard disks are the Achille’s heel of modern computers. My corporate laptop hard disk started to give some bad signs of tiredness a few days ago. After a brief analyze, only one file was affected by two bad sector! But it was a VirtualBox disk image
My First Visit @ FIC2010
I’m back from Lille (France) where was organized the 4th edition of “FIC” – “Forum International sur la Cybercriminalité” – during two days. This was my first edition and I was pleasantly surprised: I was a bit afraid to attend an event organized in France for French speaking people about
Detecting Fraud with OSSEC
For a while, it looks that “Fraud detection” is a hot-topic for many SIEM vendors (“Security Information and Event Management“). Recent presentations or webcasts I attended had always some time dedicated to “fraud”! The vendors can’t be blamed to find new opportunities to sell their products. Today they are solutions
Close the Security Holes in your Firewalls!
Who is not protected by a firewall today? Nobody! Our Internet (as well as local) traffic is inspected by multiple firewall layers. They are present everywhere: on Internet gateways, in front of data-centers, between departments, even your workstation is running a firewall. For a few years, a new type of
InfoSecurity, (ISC)2, ISACA, My Security Marathon
This week is a real security marathon. I was in London yesterday but came back to Belgium too late to attend the ISSA Belgian Chapter meeting. The invited speaker was a great one: Chris Hoff. According to friends, it was great! Today was also the first day of the InfoSecurity.be
Security Policies Must Be Enforced!
Last week, I had a very interesting meeting with the Belgian FCCU (“Federal Computer Crime Unit“) about the security of “public” networks. The FCCU is the Federal Police division involved in all kind of computer forensics investigations. By the way, they also have their own Linux live-CD called “Lnx6N4” which
HADOPI in Belgium, a new Don Quichotte Story?
After an HADOPI law voted in France, other countries follow the same example. A politician is trying to introduce the same system in Belgium as an attempt to fight the exchange of illegal material on the Internet (via peer-to-peer networks). For those who aren’t aware of the HADOPI law, it
Detecting USB Storage Usage with OSSEC
Next step in my investigations with OSSEC. The possibilities of OSSEC are awesome and could clearly, in some case, replace a commercial log management solution! After collecting the Secunia vulnerabilities into OSSEC, I switched to the “dark side”: the Microsoft Windows agent. The USB sticks are very popular at users
OpenSSH New Feature: “Netcat mode”
The new version (5.4) of OpenSSH has been released early this morning. OpenSSH is THE free implementation of the SSH protocol available on common devices and operating systems. The primary goal of OpenSSH is to allow remote access to hosts for management purpose. But many other features make OpenSSH a