“Vulnerability Management“… This is an important topic for your corporate security. One of the steps in this process is the monitoring of your applications and operating systems. With hundreds (thousands?) of devices connected to your network, how to keep an eye on the applications and patches installed on all of
Tag: Security
Data Integrity: MD5/SHA1 are Your Best Friends!
Yesterday, I faced a very strange story that I would like to tell you to prove the importance of “integrity” in information security. Wikipedia defines data integrity as following: “Data Integrity in its broadest meaning refers to the trustworthiness of system resources over their entire life cycle.“ The “entire life
Your Passwords: To Be Or Not To Be… Safe?
The idea of this post came after I read another blog post from Light Blue Touchpaper. Picking a good password is a never-ending story. You can find multiple recipes, tips & tricks. One of the way, also promoted by Google is to create passwords based on quotes or common sentences.
SOURCE Barcelona 2011 Wrap-Up
The conference SOURCE Barcelona 2011 is already over. Waiting for my flight back to Belgium, it’s time for my wrap-up! This year, an OSSEC training was initially scheduled with my friend Wim Remes but it was cancelled due to the lack of registrations. It looks that “defensive” security trainings do
Biology Rules Apply to Infosec?
In biology, it is proven that consanguinity between members belonging to the same group (example: people living in the same closed area or animals from the same breed) may affect their resistance to certain diseases or reduce certain physical characteristics. It’s important to keep some level of diversity. The latest
Hit by the RSA Attackers == Potential Target for V€ndor$?
Just a small reflection about the list of potential victims of the RSA attackers published by Brian Krebs a few days ago… I won’t come back on this attack, almost everything has been said on this topic. Brian’s post reports a list of AS (“Autonomous Systems“) which exchanged some traffic
Detecting Defaced Websites with OSSEC
In the scope of the OSSEC Week, here is a quick contribution which can greatly help you to monitor suspicious changes on a website. Today, your corporate website is the very first contact you have with your customers, partners, press, etc. It’s your window to the world. Nobody can pretend
RSA Conference Europe 2011 Wrap-Up
This is my wrap-up of the last RSA Conference which occurred in London. As usual, it’s a mix of t-shirts and ties. But, vendors followed the rules of the game and came with less promotional material for their next-top-ultra-last-generation-solution-to-beat-all-hackers-from-outer-space. As usual, the first half-day was dedicated to keynotes with great
Hack.lu 2011 (Quick) Wrap Up
Here is my quick wrap up of my visit to hack.lu 2011. For those who do not know me, I’m a BruCON volunteer, busy with the network stuff. This year was very special, due to unforeseen circumstances, both conferences overlapped! BruCON (the talks) were scheduled Monday and Tuesday and Hack.lu
Your Car Knows a Lot About You!
I got a new company car. W00t! After the basic welcome-tour of the different options, I went deeper and reviewed the on-board computer configuration options. Today, modern cars integrate multimedia interfaces to manage information from several sources: GPS coordinates (past as well as present) Phone books synchronized from phones over