C&SAR 2009 (“Computer & Electronics Security Applications Rendez-vous“) was organized in France a few days ago. The topic of the 2009 edition was “wireless security”, covered during three day by a large program of talks. One of the speakers was Gildas Avoine from the University of Louvain-La-Neuve. He spoke about
Google Goes to DNS Resolving
Once again, Google hit hard! They announced yesterday a new service via their blog: Google Public DNS. The new Google baby is a public DNS resolver open to everyone. Just reconfigure your TCP/IP stack to use the following DNS server and you’re done! 8.8.8.8 8.8.4.4 Google’s arguments are in direct
Compliance: a Marketing Argument?
I received yesterday a mail spam about a commercial SSH solution. The mail presented their product like this: “Find out how SSH can ease the burden of PCI DSS, SOX and other mandates and IT audits with a robust data security solution used by millions worldwide! <deleted name> delivers unparalleled
OWASP Benelux Day 2009
This afternoon, the OWASP Belgian Chapter organized its annual Benelux Day in Leuven. The event started round 12:30 with a great initiative: a workshop based on WebGoat. This is an OWASP project which maintains an insecure web application (based on Tomcat) used to teach web security. The proposed lessons cover
InfoSec + Physical Security = Security Convergence
Today, all organizations must take care of security. Not all of them have the same amount of data to protect nor the same level of confidentiality but they have to implement a security policy. If it’s rather easy to implement a security perimeter to protect against the Evil Internet, internal
SHODAN, The Computer Search Engine
Search engines are well-known on-line tools. But not only websites can be indexed. They are plenty of search engines to find multimedia content, news and more. A new one is born: SHODAN. From the quick guide: “SHODAN lets you find servers/ routers/ etc. by using the simple search bar up
Will Belgium Build a new Botnet?
The title is a bit catchy but you will quickly understand why. Today started a new commercial offer promoted by the Belgian authorities: Start2surf@home. To help to reduce the technology gap between the Belgian citizens, a package is now available at a very attractive price: a laptop, a pack of
Fuzzing a Car Multimedia System?
Fuzzing is a new way to test the security of a system or an application by sending garbage or badly formated data. This attack may crash the target system or, in worst cases, produce unexpected results. In my new car, I’ve a complete multimedia system (GPS, radio, GSP, MP3, onboard
You’ve a SIEM? And Now?
“Log Management”, “SIEM”, “Correlation”, “Incident Management”, more and more organizations have a SIEM project in the pipe. SIEM means “Security Incident & Event Management“. Just to remind you, a SIEM is a set of tools which helps to collect and analyze logs from several sources on a corporate network. Basic
What’s Behind Microsoft COFEE?
It was announced a few days ago: Microsoft COFEE has been leaked on the wild Internet! Microsoft COFEE stands for “Computer Online Forensic Evidence Extractor“. This “forensic swiss army knife” is available for free to police forces around the world to conduct official forensics investigations. Note: It’s reportedly illegal for