Facebook is in the news for a few days after the disclosure of the Cambridge Analytica scandal. A few days ago, another wave of rumours revealed that the Facebook app could collect your private data. Facebook denied and a ping-pong game started. Is it true or false? The fact is
[SANS ISC] Sharing Private Data with Webcast Invitations
I published the following diary on isc.sans.org: “Sharing Private Data with Webcast Invitations“. Last week, at a customer, we received a forwarded emailÂ in a shared mailbox. It was somebody from another department that shared an invitation for a webcast â€œthat could be interesting for you, guys!â€. This time, no phishing
[SANS ISC Diary] How was your stay at the Hotel La Playa?
I published the following diary on isc.sans.org: “How was your stay at the Hotel La Playa?“. I made the following demo for a customer in the scope of a security awarenessÂ event. When speaking to non-technical people, it’s always difficult to demonstrate how easily attackers can abuse of their devices and
Logs… Privacy Issues?
Logs… We will never get rid of them! It’s a pain to manage them from a technical point of view but collecting events and using them can also introduce more issues in companies… from a legal point of view!Â Tonight, an ISACA Belgium Chapter meeting was organised within the context of
No Customers Were Harmed In This Attack…
I don’t know if you already noticed but it looks to be a never-ending story: Companies got pwned and data leaked on the Internet pastebin.com. Then starts the game of press releases… Most companies try to reduce the impact of the breach they suffered and it looks like Holliwood movies
We Are Not Just Numbers!
“I’m not a number, I’m a free man” said Number 6 in the serie called “The Prisoner” (for the oldest amongst us). The serie was broadcasted in the Sixties but we have to admit that, still today, we are only numbers! And this will be worse in the coming years.
You Just Have Been Erased! Are You Sure?
This is a never-ending story! People will never realize that once data has been published online, it is a nightmare to try to remove it. Here is another example… In parallel to this blog, I’m playing with another website calledÂ leakedin.com. The purpose is to educate people about the huge amount
All Your Data Are Valuable!
A few weeks ago, a subsidiary of a major Belgian bank was hit by a blackmail attack. Attackers requested a big amount of money or they threatened to reveal sensitive stolen data. I don’t know how ended this story, did the bank pay? Did the attackers really steal a big
What Are You Sharing with Dropbox?
Dropbox is a well-known online service which allows you to share files between computers. If, in the past few months, new outsiders came on the same market, Dropbox remains the number one. If files are synchronized between Dropbox software clients, they also provide features to share files with third-party who
Ranking People Like Domains or IP Addresses?
Real time events or network traffic analysis is interesting to track suspicious behaviors. And, if you add some external sources of information, you could increase even more the capability of detecting real events. Such ranking sources applies usually to IP addresses and domain names. They are plenty of online resources