I’m just back from the last ISACA Belgian Chapter meeting. Topic of today was about the UNIX OS security audit process. A very large topic! The speaker was Sanjay Vaid. For years now, Linux is deployed in business environment. Linux systems can take several forms: applications servers (print, files, web,
Tag: Security
Follow Several Security Threat Levels via Twitter
Twitter, the micro blogging platform, attracts a larger audience days after days. According to recent studies, lot of accounts stay un-updated for long periods of time. On the other side, there are more and more huge communities of active users who tweet on specific topics: The IT security is represented
Security Incidents Classification by TaoSecurity
Richard, the owner of TaoSecurity posted an interesting article about the classification of security incidents. The exercise was to translate security incidents into something easily rank-able like numbers and colors) to a security incident (read: oriented to management). (Link from picassa) Read the blog article here. Take time to read
Change Management Using CVS
All administrators already face the following nightmare: It’s 01:00am and you changed a parameter in an application. A few days later, due to instability, you need to rollback. What the hell did you change?”. Of course, changes “on the go” must be avoided like the plague but sometimes, they’re mandatory.
Security Fail
Remember: even the best bullet-proof security solution will not protect you if not included in a global security policy… Source: failblog.org.
Social Dictionary Generator
Fighting weak passwords is a pain for all security professionals. Security awareness trainings may help your users to increase the strength of their passwords. That’s the main problem: humans have difficulty to remember complex informations like strings of characters and numbers. That’s also why the DNS was invented: it’s much
Security Professionals, the Uptime is not Your Best Friend!
Today, I worked on a customer server running Fedora Core 5. You read correctly, five. The uptime was more than 851 days (~2.5 years)! System administrators will immediately think “Cool! That’s a very reliable server!” but what about the security aspects? I exchanged some very interesting tweets with @ChrisJohnRiley in
Secure Amsterdam Workshop 2009 Review
Back from a one-day trip to Amsterdam where I attended the “Secure Amsterdam Workshop 2009” meeting organized by ISC2. This year topic was forensics IT investigations. The first speaker was Matthijs van der Wel from Verizon Business who reviewed the 2009 Data Breach Investigations Report. It was interesting to have
DNS, Your Achilles’ Heel?
A few days ago, the site google.co.ma, the Moroccan version of the well-known search engine was reported as defaced (screenshot here). Only the URL ‘google.co.ma’ was defaced, the long version ‘www.google.co.ma’ was still working properly. What happened? In fact, Google was clearly not the target in this case but the
What Makes a Password Strong Enough?
Today I was working with a security product developed by a major player on the market. I had to change a default password by something “stronger” and the following dialog box popped up: Limiting a password to letters only in 2009? No comment!