What a coincidence! Yesterday I posted an article about protecting your brand in the web 2.0 jungle and today a nice story was reported on Slashdot. A very nice example of bad communication on the web 2.0. Robert Morgan, a Microsoft Research employee, wrote on his LinkedIn profile: “Working in
Tag: Security
National Cyber Security Awareness Month
For a few years now, several institutions in the United States (Department of Homeland Security (DHS), the National Cyber Security Alliance (NCSA), and many others) declared October as the month of cyber-security. I find this a really good idea. Unfortunately, all initiatives like “the day of…” or “the month of…”
Strike Can Affect Security
In these times of crisis, many companies have launched plans to optimize their costs. Unfortunately, the management decisions often directly affect the people: staff reduction, higher pressure, increase of production rates, etc. If no agreement is reached between the management and unions, strikes may affect some services. To strike is
Updated: IIS-FTP Nmap Script
Yesterday, I posted an article about a Nmap script to detect potentially vulnerable Microsoft IIS FTP servers. I updated the script which now allows an alternative FTP user and password pair to be passed via the command line (thanks to Chris for the comment). If no arguments are provided, an
Detecting Vulnerable IIS-FTP Hosts Using Nmap
A new 0-day exploit for the FTP server included within the Microsoft IIS suite has been released today. Check the post on the Full Disclosure mailing list for more details. Based on an existing Nmap script, I quickly wrote a new one which performs the following actions: Check if anonymous
Security Events Calendar
The number of scheduled security events is gigantic! There are the “big ones” like DefCON, BlackHat or RSA. They are outsider but which promise to be very interesting (like BruCON, no advertisement to read here ;-)). There are also lot of local events like all the chapter of international organization
Security Awareness Book for our Children
It is never too early to give some security recommendations! My first daughter became a fan of a book series called “Max & Lili”. Those comics books (only available in French if I’m not wrong) are written by Serge Bloch and Dominique de Saint-Mars. Each volume focuses on a specific
And What About the Human Factor?
A few days ago, an article was posted on the (ISC)2 blog about the idea of a new CBK to cover “human factors” in security? (ISC)2 means (take a deep breath) “International Information Systems Security Certification Consortium“. This is a not-for-profit organization which maintains, amongst others, the CISSP certification.The current
Newton was not Security Aware
Isaac Newton was for sure a great physicianphysicist but he was not security aware! In his third law, he said “For every action, there is an equal and opposite reaction.” (also known as the “action – reaction” principle). This law of physic does not apply to security and more precisely
Incident Management: Don’t Forget Communication
I just read a new bad story about a company which lost cards information in the wild. All organizations must have a plan for incident management. Never forget the Murphy’s law: “If anything can go wrong, it will“. It is vital to include communication in your incident management plan. in