SEAT – Search Engine Assessment Tool – is a tool dedicated to security professionals and/or pentesters . Using popular search engines, it search for interesting information stored in their caches. It also uses other types of public resources (see later). Popular search engines like Google or Yahoo! (non-exhaustive list) use
Tag: Software
Dynamic Signature Verification
Authentication is a key point in security. How to be sure that the user behind the keyboard is really the one he pretend to be? A hand-written signature can by used as an authentication factor (but combined with another one – remember – strong authentication requires multiple factors). Basic signature
Bye-bye Acrobat Reader!
It’s decided! I get rid of all my Acrobat Readers! My primary environment is Linux but I also use Windows operating systems (virtualized or running on separated hardware). And today, you can’t life without a PDF reader! I looked for an alternative. My PDF reader is now Foxit. To make
Safe Syslog Data Storage
Logs are important in your security policy. Each devices in your infrastructure generate events and write them to log files. Log files are stored locally and can be reviewed via the tool provided by the device manufacturer. However, it quickly becomes a pain to manage if you’ve hundreds or thousands
Google Toolbar Breaks Juniper Network Connect on Linux?
I was fighting with my corporate SSL VPN setup (based on Juniper) for a while and finally found the cause of the problem: the Google toolbar! Juniper proposes a “network connect” mode: “Network Connect is a software package from Juniper Networks that interfaces with its Secure Access hardware and provides
Crypto KMS vs KPMI
Sun Microsystems (via the opensolaris.org project) released its encryption key management technology as open source. The offered toolkit allows developers and manufacturers of storage devices to write applications which will work together with the Sun Microsystems Crypto KMS (KMS stands for “Key Management System“). The Crypto KMS is an appliance
Monitoring Solutions Matrix
The choice of a monitoring solution is not easy! Free or commercial, required features, agentless or agent based, security aspects, etc… There are so many requirements that it’s difficult to find the best solution. I found a page on Wikipedia with a comparison of well-know monitoring solutions. It’s not complete,
Keep an Eye on SSH Forwarding!
OpenSSH is a wonderful tool box. The main purpose is to establish encrypted connections (SSH means Secure SHell) on a remote UNIX machine and, once authenticated, to spawn a shell to perform remote administration. Running on port 22 (default), the client (ssh) and the server (sshd) exchange encrypted information (what
Bash: History to Syslog
For those who still ignore, Bash 4 is out for a few days! Bash is the most used shell on UNIX hosts. Bash has a built-in mechanism to save a log of all commands executed by the user (default in $HOME/.bash_history) but this file belongs to the user itself and
Strange Firefox Behavior? (back, homepage, bookmarks disabled)
I faced a strange behavior with a Firefox running on an Ubuntu notebook today: No access to the homepage, bookmarks not manageable anymore, no back nor forward buttons (all greyed). Last release of Firefox on top of an up-to-date Ubuntu. After a few hours of investigations, the machine could be