December 2011
1 post
8 tags
Twitter's Free iPad 2 Scam (with a twist)
Someone, something going by the handle @mahanarfmhul3 (a.k.a Mahana Cox) sent me the following message on Twitter:
As of this writing, @mahanarfmhul3 began emitting tweets about two hours ago with a frequency of 1 tweet every 3~5 minutes. The account totals 26 tweets. 19 of them are of the same kind I received:
While the remaining 7 look harmless ; most probably to thwart...
November 2011
1 post
9 tags
Thoughts on Security Practices and the...
Tim Rains, Director of Trustworthy Computing Communications at Microsoft, has published an interesting post on TechNet pertaining to the IT consumerization wave that is hitting enterprises at full force and the difficulties these companies face to deal with it.
Tim refers the 14th annual Global Information Security survey from E&Y.
The following excerpt, cited by Tim, is a telltale sign of...
October 2011
2 posts
6 tags
Unsung HEROes
IT departments all over the World have a reason to mourn. They have been urged by Forrester Research to support Macs.
What Forrester Research purports as a new era of computing has been here for years but they were blinded by their strong Microsoft/PC inclinations.
They seem to take notice. At last. But in their haste to make this old movement look new, they invented yet another term for what...
6 tags
September 2011
1 post
8 tags
Reading The New York Times, The 2.0 Way
I enjoy reading The New York Times on the iPad much more than on any other device or browser. The NYT iPad application is very well designed and offer the much-touted ‘immersive’ experience many iPad users talk about.
‘Immersive’ applications are nothing new. This is what we may call full-screen apps without resorting to Gartner-like buzzwords. And full-screen...
July 2011
1 post
5 tags
June 2011
2 posts
10 tags
Cert-IST 2011 Annual Forum
I had the opportunity to attend the Cert-IST 2011 Annual Forum held on June 7, 2011 in Paris, France.
Cert-IST is a French CERT dedicated to the Industrial, Services and Tertiary sectors. They organize a yearly annual forum. Last year’s edition was mildly interesting. The most interesting presentation IMHO was given by a security professional working for Sanofi-Aventis about how they...
8 tags
“We’ve seen several dozens of malware targeting Android over the last year....”
– Mikko H. Hypponnen, Chief Research Officer, F-Secure
May 2011
1 post
6 tags
A short definition of APT (Advanced Persistent...
There have been a lot of discussions involving APT (Advanced Persistent Threat) attacks. Many abuse this term to define any sufficiently advanced attack, no matter the motives of the attacker and as long as the attacked party is a high profile company or any organization that can get the information security community’s attention.
Please note that depending on whom you ask, sufficiently...
April 2011
1 post
9 tags
Light: On The Sound Side
A few days ago, I’ve received a wonderful record from The Numero Group, one of my favorite labels. It’s called Light: On The South Side and it features a 2 LP gatefold vinyl and a 132 page hard back book.
The 2 LPs are a compilation of 17 tracks of the kind of funky Chicago blues that was played in Chicago’s South Side clubs in 1975-77 and the hard back book features some...
March 2011
3 posts
2 tags
“Root cause of attacks isn’t vulnerabilities, its economics. The data is...”
– Adam J. O’Donnell
4 tags
On The Usefuless of Light Meters In Photography
Last year, Sascha Welter convinced me to trash my digital Nikon D90 camera and get a ‘real’ camera instead, a Mamiya C330 Professional (yeah, that “Professional” tag on the front of the camera makes you feel good but won’t improve your photography skills in any sensible way).
This venerable, sturdy camera was produced from 1969 to 1974 and it makes square (6x6)...
February 2011
2 posts
3 tags
Disco Stones →
ligertigerlove:
ligersntigers:
Another song from Some Girls
The Stones get a little disco.
3 tags
“One of the things about design that makes it such a joy is that it requires...”
– http://feedproxy.google.com/~r/37signals/beMH/~3/swSXGIWSKrA/2766-one-of-the-things-about-design-that-makes
January 2011
1 post
4 tags
“Show me one CISO who can deinstall — and write-off — a fully deployed enterprise...”
– Digital Affluence Is Making Us Less Secure, Dan Geer, CISO, In-Q-Tel
December 2010
1 post
6 tags
Nessus 4.2 Provides Improved Exploit Availability...
Back in September, I’ve blogged about a relatively new feature added to Nessus that provides information about the availability of an exploit for vulnerabilities identified during the scan. I wrote then:
This is an incredibly valuable information that will allow you to prioritize your remediation actions. For instance, you could elect to plug critical vulnerabilities for which there is a...
September 2010
3 posts
6 tags
Checking the Availability of Public Exploits with...
On September 22, 2010, Renaud Deraison announced on the Tenable Network Security discussion forums the availability of new versions of the Nessus 4.2 Flash interface and Web server. This is yet another reminder that you need to check those discussion forums on a regular basis if you are serious about using Nessus.
With these new versions, Nessus 4.2 adds a new field to the scan report which...
5 tags
HTML 5 Security: Good, Bad, or Both?
In a recent and excellent post, Paul Roberts from ThreatPost explored the security of HTML 5, the upcoming version of the markup language that fuels the Web.
The post provides an overview of the major security features of the new specification. It also conveys the concerns security experts have with what will probably be the vector of a new Web revolution.
Quoting Adam Barth of the University...
2 tags
“Would it be monstrous to refer to the 40,000-plus domestic highway deaths we...”
– Questioning Terrorism Policy (via Instapaper)
June 2010
1 post
5 tags
Secure development: why security awareness is a...
I have finished reading a nice article from Dark Reading about secure development or, said otherwise, taking security into account when developing software.
Two major problems are brought forward:
your average developer doesn’t have the right mindset for understanding security which doesn’t play well with his artistic skills.
security awareness and training programs are a...
April 2010
6 posts
9 tags
8 tags
10 tags
7 tags
8 tags
8 tags
March 2010
8 posts
6 tags
6 tags
Visual Pollution on Pont des Arts
A few days ago, I was taking a nice walk after lunch on Pont des Arts when I came across a rather huge number of padlocks hanging from the bridge’s sides. At first, I was puzzled. Who would hang so many padlocks to such a nice bridge and mess with the visual harmony of the scenery? Closing-up, I started noticing names written/engraved on most of them. Was it some sort of happening or some...
5 tags
6 tags
Nessus 4.2: Displaying Scan Differences Using...
On Tenable Network Security’s Nessus Discussions Forum, user Steve Chan asks whether it is possible to use the XMLRPC interface of Nessus 4.2 to display the differences between a scan report and another one, used as a comparison baseline.
This is one of the new features offered by Nessus 4.2 and one that I haven’t felt the need to fiddle with since I do all my comparisons using...
5 tags
“[…] when researchers extract a single food from a diet of proven value, it...”
– Pollan, Michael. In Defense of Food: An Eater’s Manifesto, Paperback edition, page 178. Penguin Books.
9 tags
Nessus 4.2: .nessus v2 file format for the masses
Since the release of Nessus 4.2, a new report file format -dubbed v2 or .nessus v2- has been pushed forward. Quoting Tenable Network Security:
‘An updated .nessus file format (.nessus v2) is now available, which allows for easier parsing of report data Descriptions can now be split into different labels such as CVSS base scores, risk factors and more. A “HostProperties” section contains...
5 tags
Protect Your Tumblr Private Email Address. Dearly.
It’s been a few days that I decided to host my blog on Tumblr. The feature set, UI and companion applications offered by this popular blogging platform suits my needs and give me a lot of flexibility with regard to my posting patterns.
One of the features it offers is the possibility to publish posts by sending emails to a private email address. This is particularly nice if you are on the...
6 tags
“Is a steak from a feedlot steer that consumed a diet of corn, various industrial...”
– Pollan, Michael. In Defense of Food: An Eater’s Manifesto, Paperback edition, page 143. Penguin Books.
February 2010
17 posts
8 tags
“Diabetes is well on its way to becoming normalized in the West -recognized as a...”
– Pollan, Michael. In Defense of Food: An Eater’s Manifesto, Paperback edition, page 136. Penguin Books.
7 tags
“Much more so than the human body, capitalism is marvelously adaptive, able to...”
– Pollan, Michael. In Defense of Food: An Eater’s Manifesto, Paperback edition, pages 135-136. Penguin Books.
FireFox: Taskfox and Ubiquity →
Call me a caveman but I knew nothing about these two Mozilla projects until a few minutes while catching up with OSNews. You can spare reading the text on that page and get a look at the two videos at the bottom.
6 tags
6 tags
Nessus 4.2 and login tokens
As I wrote in Automating scans on Nessus 4.2, scan automation on Nessus 4.2 is done over HTTPS using the XMLRPC interface introduced by this new major release of the popular vulnerability scanner. You do this by submitting POST requests to the scanner.
The first step toward automation is to obtain a login token (think cookie). There are many ways to do so. You can use wget for instance:
wget...
7 tags
Keimpx, nifty tool for testing SMB credentials →
Full description and usage, by Bernardo Damele A. G. the tool author. Thanks to Richard Bejtlich for the link.
7 tags
“So here, then, is the first momentous change in the Western diet that may...”
– Pollan, Michael. In Defense of Food: An Eater’s Manifesto, Paperback edition, page 114. Penguin Books.
4 tags
Sample Nessus 4.2 login script (in Ruby)
As a follow-up to Automating Scans on Nessus 4.2, I’ve posted a sample Nessus login Ruby script that connects to the scanner using an HTTP POST request containing the username and password you supply as constants in the script and display a login token. You can then use this token in other scripts to do other, more useful things such as executing a scan, downloading a report etc.
Of...
8 tags
“Welcome to Dogbert’s Anger Management Seminar. My goal is to transform you...”
– Adams, Scott (through the voice of Dogbert). Dilbert, September 11, 2005
5 tags
“Just because it’s in the news doesn’t mean it’s serious.”
– Schneier, Bruce. Virus and Protocol Scares Happen Every Day — But Don’t Let Them Worry You, The Guardian. Wed December 9, 2009.
6 tags
“The human animal is adapted to, and apparently can thrive on, an extraordinary...”
– Pollan, Michael. In Defense of Food: An Eater’s Manifesto, Paperback edition, page 100. Penguin Books.
9 tags
dnscat, tunneling data over DNS made easy →
This tool is a netcat/ncat-like utility that allows you to create tunnels over DNS and it leverages DNS recursiveness to do so… likely to bypass firewalls
11 tags
Automating scans on Nessus 4.2
With the release of Nessus 4.2, the nessus command-line client has been deprecated. Even if it still distributed with the new release, there is no new functionality introduced to it. Moreover, it is only able to generate Nessus v1 format reports and not the new Nessus v2 reports that are far easier to parse and better organized.
Automating scans with Nessus 4.2 can be performed by leveraging the...
9 tags
“Most nutritional science involves studying one nutrient at a time, a seemingly...”
– Pollan, Michael. In Defense of Food: An Eater’s Manifesto, Paperbook edition, page 62. Penguin Books.
9 tags
“The Mediterranean diet is widely believed to be one of the most healthful...”
– Pollan, Michael. In Defense of Food: An Eater’s Manifesto, Paperback edition, page 70. Penguin Books.