I’m currently attending the Hashdays security conference in Lucerne (Switzerland). Yesterday I attended a first round of talks (the management session). Amongst all the interesting presentations, Alexander Kornbrust got my attention with his topic: “Self-Defending Databases“. Alexander explained how databases can be configured to detect suspicious queries and prevent attacks. Great
Tag: Software
Kicking Out Bots with ModSecurity
If you are the administrator of an online forum, a wiki or any website which accepts user data, you problably also know this feeling: Bots are a pain and fighting them looks like an endless loop! Your websites are constantly scanned by bots which try to create fake accounts then
Cuckoo: Increasing the Power of Malware Behavior Reporting With Signatures
The new version (0.4) of Cuckoo, the open source  malware analysis system has been released this week. That’s a great news! The list of changes and new features is very impressive. So big that an upgrade is not recommended. In my case, I just installed a brand new Cuckoo instance.
Attackers Geolocation in OSSEC
If you follow my blog on a regularly basis, you probably already know that I’m a big fan of OSSEC. I’m using it to monitor all my personal systems (servers, labs, websites, etc). Being a day-to-day user, I have always new ideas to extend the product , by using 3rd
Pastemon.pl Upgrade
Just a quick blog post to announce that I just committed a new version of my pastemon.pl tool on github.com. I’ll present it (and the associated website leakedin.com) this Thursday at HITB Amsterdam during a SIGINT session. What’s new with this version? First some bug fixes! (yes, I’m writing buggy
What Are You Sharing with Dropbox?
Dropbox is a well-known online service which allows you to share files between computers. If, in the past few months, new outsiders came on the same market, Dropbox remains the number one. If files are synchronized between Dropbox software clients, they also provide features to share files with third-party who
Are you Making the Most of your Security Tools?
After some wrap-ups, let’s come back with a more practical blog post. I like to keep a good balance between hands-on and wrap-ups or theoretical articles. Today, it’s almost impossible to implement a good security without buying some commercial tools. At least, you have a corporate firewall provided by a
More Granularity in Your Apache Logs
The Apache Foundation released the new version of their very popular Apache web server. Lot of interesting changes have been introduced in this release. From my point of view (and because it’s one of my favorite topics), a very interesting change is the way Apache handles now its logs. Your
Back to the “Corner Shop”?
This is just a small reflexion about the last Notepad++ story. Notepad++ is a powerful and free alternative to the original Notepad application delivered with all Windows operating systems. The Notepad++ developer reported that his application was found on a download portal wrapped with a new installer which also installed
Get The Most of Your Monitoring/Security Tools!
The idea of this article popped in my mind after a colleague of mine asked me to investigate a security incident. Nothing brand new, a customer’s server not properly patched and secured was pwned. I found that the server was hit by the JBoss worm which started to spread in