Symantec raised the Threatcon Level to two. The reason? They detected in-the-wild exploit attempts targeting a GDI vulnerability patched by Microsoft on April 8, 2008. The malicious image appears to target the Microsoft Windows GDI Stack Overflow Vulnerability (MS08-021). More info about Symantec DeepSight Threat Management here.
Addicted to security, my preference goes to monitoring of infrastructures, reporting and incidents handling. Today, networks are a business critical element in companies whatever, their business and size. I like this citation: “There are three kinds of death in this world. There’s heart death, there’s brain death, and there’s being
User authentication or “who is behind the keyboard” is one member of the “triple-A” or “AAA” trilogy in security: Authentication : Who are you? Authorization : Are you allowed here? Accounting : From where, how and when did you come here? Regarding the authentication, there are a lot of methods/technologies
Today, I received a strange message from a friend on MSN. Just a link: http://xxxxx.0a8qmz.info where xxxxx was my friend’s name. Just the URL, nothing else. It was not a normal behaviour for him! For security (we never know what can happen), I started a new browser in a VM
Today, EdgeSecurity released a new tool: ProxyStrike. Like the WebScarab project supported by OWASP, its a web application proxy which will help you to find potential vulnerabilities in your web applications (don’t use it on third parties sites without the owner acknowledgement). Once started, it acts as a normal proxy:
Announced on TaoSecurity, Cisco acquired Sguil. Sguil is a monitoring tool for network security anaylists. It provides realtime traffic analysis and goes deeper up to the raw packet level. Why is Sguild a nice opportinity for Cisco? It’s developed in TCL and high-end Cisco routers and switches have TCL builtin!
All UNIX flavors have a command scheduler called cron. Each user can schedule repetitive tasks at regular interval. Example: files cleanup, backups, data synchronization or web sites checks. User space commands are provided for this purpose: crontab to easily schedule your tasks and at to schedule a one-shot command. A
Today, log files are everywhere! Each server or network component generates tons of log entries. All of them are interconnected to build complex infrastructures. Log files are often the first and only way to detect unusual events. The problem of security people is to be able the extract the right
The Belgian Authorities will soon start an information campaign about “safe surf on the Internet” . Prevention messages will be broadcasted on well known websites and radios. It is a nice initiative. Helas, security professionals know that the weakest element will always remain the end user. User education is important