Back from the last ISSA Belgium Chapter event about targeted attacks. The speaker was Swa Frantzen. This is really a great guy who’s also a SANS ISC handler. Last year, he already made a presentation for ISSA about one day @ ISC. Less than twenty people attended the meeting today,
Tag: Security
Dynamic Signature Verification
Authentication is a key point in security. How to be sure that the user behind the keyboard is really the one he pretend to be? A hand-written signature can by used as an authentication factor (but combined with another one – remember – strong authentication requires multiple factors). Basic signature
ActuSecu #22 is Out!
Release #22 of ActuSecu is out! Available here. Covered topics: Identity theft on the Internet, MD5 collisions and SSL certificates vulnerabilities, Conficker, FreeBSD telnet and Microsoft XML exploits and malicious RSS feeds.
Yubikey: One Time Password vs Static Password
I received my Yubikey a few days ago! Very good service from Yubico. Living in Belgium, the key was sent from Sweden (three business days to be delivered, tracking number, safely packed, etc). For those who never heard the word “Yubikey”, a small introduction. The Yubikey is a very simple
Safe Syslog Data Storage
Logs are important in your security policy. Each devices in your infrastructure generate events and write them to log files. Log files are stored locally and can be reviewed via the tool provided by the device manufacturer. However, it quickly becomes a pain to manage if you’ve hundreds or thousands
Garry McGraw @ OSWAP Belgian Chapter Meeting
Back from the second OWASP Belgian Chapter meeting! This event had only one speaker but which one: Gary McGraw himself. What a wonderful speaker! He knows his topics and is able to keep the audience aware with a typical sense of humor. I liked! Gary is the author of several
Crypto KMS vs KPMI
Sun Microsystems (via the opensolaris.org project) released its encryption key management technology as open source. The offered toolkit allows developers and manufacturers of storage devices to write applications which will work together with the Sun Microsystems Crypto KMS (KMS stands for “Key Management System“). The Crypto KMS is an appliance
Unsafe Customer Data!
I received the following e-mail yesterday. It came from a Belgian e-commerce website. It’s a company active in a very specific out-door activity (no name here, but if they are other customers reading my blog, they will for sure recognize the format). The customer base is restricted (but international). Sorry
Keep an Eye on SSH Forwarding!
OpenSSH is a wonderful tool box. The main purpose is to establish encrypted connections (SSH means Secure SHell) on a remote UNIX machine and, once authenticated, to spawn a shell to perform remote administration. Running on port 22 (default), the client (ssh) and the server (sshd) exchange encrypted information (what
Quick and Dirty Integrity Check Script
Here is a quick and dirty bash script which will take care of your files integrity. Integrity is a component of the CIA triad, I’ll not come back on this. For a personal project, I should be able to monitor any change in a specific file. I quickly wrote the