I’m back from the last OWASP (organized together with ISSA) Belgium Chapter meeting. As usual, good times with friends from the Belgium Security landscape ;-). Two topics were covered today. First GreenSQL, a database firewall, then an overview of the mobile malwares by Mikko Hypponen. Almost one year to the
Data Protection Day 2010
The 2010 edition of the Data Privacy Day will be held on the January, 28th. This initiative has a dedicated website: dataprivacyday2010.org. The goal is to create more awareness about your online privacy: “Data Privacy Day is an international celebration of the dignity of the individual expressed through personal information.
ISSA Belgium Chapter Meeting: Introduction to OSSEC
Back from the first ISSA Belgium Chapter Meeting of 2010. Today’s topic was “Introduction to OSSEC : Log Analysis and Host Intrusion Detection“. A very interesting topic for me. First because I’m involved in lot of SIEM projects. But especially because Wim Remes, the speaker, is a friend of mine.
Yellow? Green? Red? The Security Rainbow Sky…
There was an interesting post on the diary page of isc.sans.org yesterday: Some readers asked why ISC did not switch the InfoCon status to yellow due to the recent IE 0-day exploit. The on-duty ISC handler explained the situation and why they decided to stay “Green”. The following question popped
Adding Data Leakage Protection into Apache
Data leakage is a major risk for many organizations today. As more and more data are used in a digital format, it’s easy to copy them or send them outside the security perimeter. Leaked data can have a major impact on the business (loss of revenue, loss of confidentiality or
Some Strong Passwords are not so Strong
Passwords are weak! It’s a not a breaking news. But it’s impossible to get rid of passwords today. There are tips to make them stronger. Classic recommendations are: Use a mix of letters and numbers, Use a mix of uppercase and lowercase characters, Use punctuation (special) characters, Do not use
Does the US Government Need a More Powerful SIEM?
The White House published a review regarding the last Christmas attempted terrorist attack. I briefly read the document and noticed some interesting facts: “The thorough analysis of large volumes of information has enabled a variety of departments and agencies to take action to prevent attacks.“ “Yet, as the amount of
Web Scanning Comes to the Cloud…
iiScan is a new on-line vulnerability scanner for websites. It is developed by a Chinese company called NOSEC Technologies [Note: I found the name funny for a company which develops a security solution]. What’s new with iiScan? It is based on a cloud-computing! The service is free but you have
Avoid the “Any” Rule Like the Plague!
Even if next generation firewalls are at our door (filtering at applications level – layer 7), most firewalls are still working with source and destination ports. I often see firewall change requests submitted by customers to add rules like: “Allow traffic between X and Y” without further details. And when
There is no smoke without fire!
One more time, companies asked the help of the Justice to fight against Google. This time, the Google Suggest tool is the target. This service is quite simple and you probably use it on a daily basis. When you type your search terms in the search engine, Google offers keyword