The coming days will bring a special atmosphere. Christmas and the New Year days are a good occasion to relax and… to take good resolutions! For people involved in information security, a good one could be to adopt the “zen attitude” and try to establish more diplomatic relations with the
Tag: Security
My Wish List for 2011
2010 is almost over and 2011 is already at our door! In a few days, a lot of us will (try to) detach from the regular business and go back to family and friends to spend good times. It’s time to make some planning, reserve enough off-days and setup my
Abuse Info Gathering Made Easy
If there is a boring task when you are investigating a security incident, it’s the process of gathering all information related to the involved IP addresses: What are the IP addresses used, routing information (AS), geo-localisation and abuse information gathering. Alexandre Dulaunoy wrote a cool piece of Perl code to
Pirate-moi.com
An interesting initiative from a small team of French guys active in information security. They are organizing a online contest called “Pirate-Moi” (“Hack Me“). The purpose is pretty the same as a classical CTF (“Capture The Flag“) contest held during security conferences: To hack a system! In this case, the
OWASP BeNeLux Day 2010 Wrap Up
Yesterday, the three OWASP Benelux chapters organized together their annual OWASP BeNeLux day. This edition was held at the Fontys Hogeschool in Eindhoven (NL). First detail of this year, the weather conditions! After more than three hours of driving on snowy roads, I finally reached Eindhoven. Just in time for
Address the Security Threats at Source
Information security is a recurrent process. New threats arise and must be properly handled. In Augustus 2009, I already reported a story and came to the following conclusion: The principle of “action – reaction” as described by Newton is not applicable in information security! Here is another good example with
Be the Conductor of Your Security!
I’m visiting organizations and companies for miscellaneous projects and I’m often scared by the lack of “visibility” they have on their infrastructure. For years now, new components have been deployed by pure requirements or (honestly) by the business “pressure”: Firewalls, IDS/IPS, (reverse)proxies, WiFi, SSL VPNs, etc. All those solutions, hardware
My Invitation to PaulDotCom Security Weekly
What a good surprise! I’ve been invited to participate to the episode #221 “Special Thanksgiving” of PaulDotCom Security Weekly podcast next Tuesday between 20:00 – 22:00 (CET). If you are available, feel free to join us live on pauldotcom.com/live/! This will be my second participation to a podcast (the first
Bruteforcing SSH Known_Hosts Files
OpenSSH is a common tool for most of network and system administrators. It is used daily to open remote sessions on hosts to perform administrative tasks. But, it is also used to automate tasks between trusted hosts. Based on public/private key pairs, hosts can exchange data or execute commands via
Hack.lu Day #3 Wrap-up
The third day is just over, I just arrived at home in Belgium. Let’s write a quick review! The day started with Tom Keetch who demonstrated how to escape the protected mode of IE8. The feature is available with Internet Explorer 7 and requires at least Vista. Unfortunately, nothing is