When talking about security to small companies – the “SME market” as the business says – their reaction is often: “Me? Why should I care? I’m so small and my business is not relevant for cyber-criminals…“. This is a big fail! As a proof, I like to ask them for
Tag: Security
KISS… Your Logs Too!
If there is a gold principle in IT, that’s the one called “KISS“: “Keep It Simple and Stupid“. It says that systems will work best if they are kept simple rather than complex. Simplicity must be a key goal during the design phase. This sounds logical: Keep in mind that
DNS Hijacking With Just One Mail
This is not new but it still happens in 2014… Hijacking a website with just a small e-mail. Here are the facts. For a while, I’m hosting a friend’s website. His website is quite old and it already moved from servers to servers depending on my deployed infrastructure. A few
Twitter Used As Security Awareness Media: “FiveWordSecurityHorrors”
Yesterday a new trend started on Twitter with the hashtag “FiveWordTechHorrorsâ€. I don’t know exactly who started it and why but it became quickly relayed and populated by many people working in IT. Everybody started to report some horror stories of ideas in all IT domains (security, development, hardware, software,
Why the Belgian Cyber Security Guide Must Be Extended? Example with MySQL!
A few days ago, I attended an event organized by the Chamber of Commerce in Belgium (ICC Belgium) and the Federation of Enterprises (FEB) to announce with great ceremony the release of the first Belgian Cyber Security Guide. Honestly, this is a great initiative! In the audience, many many infosec professionals were
BotConf 2013 Wrap-Up Day #2
I’m back in Belgium after driving a few hours back to Belgium and it’s time to give you my wrap-up of the second day. After a short night, we were back at the Chamber of Commerce in Nantes. The venue was located closed to the “Maillé-Brézé“, an old French military
BotConf 2013 Wrap-Up Day #1
I’m in Nantes (France) for two days to attend a new conference: Botconf. As the name says, this event is dedicated to botnets and malwares. The goal is to present talks about those malicious network of computers, how to detect them, how to fight them and, finally, eradicate them. I
OWASP Benelux Day 2013 Wrap-Up
I’m just back from Amsterdam where was organized the 5th edition of the OWASP Benelux Day. This was already my third visit to this event and I finished my Benelux Tour: Luxembourg in 2011, Belgium in 2012 and the Netherlands this year. The location was very nice, the Amsterdam RAI
Controlling the “In”? Don’t forget the “Out”!
Do you remember the good old times? When I put my hands on my first firewall (somewhere around 1997-1998 – wow, time flies!), it was to kick out all the bad guys playing on the Internet. And, at this epoch, not all firewalls had a default last-resort rule like “Any
Tracking your Github Security Events
A few days ago, I wrote a blog post about a Python script that I use with the new Amazon CloudTrail feature to grab logs from my Amazon cloud services. Because we use more and more cloud services in our digital life, the same principle should apply to all our