Skip to content
Archive of posts filed under the Security category.
« Older Entries

OpenID rants

23 July 2010, 5:44 am

After I tried to set this blog as my own OpenID provider using the OpenID WordPress plugin, I got a weired error message: “This is an OpenID Server, Nothing to See Here… Move Along” I could not find what as wrong, as all prerequisites were fulfilled, until I find this nice post. The patch there [...]

Filed under News, Security, Web, Web. Tagged , , , ,
Comment

Books review

16 May 2010, 6:16 pm

I just finished reading two electronic books I bought from O’reilly. Here is a short review on them. Hacking: the next generation The purpose of this book is to give to the readers an overview of the most common attacks nowadays. It covers all fields : social engineering, web attacks, networking, etc. It was easy [...]

Filed under Defense, Hacking, Privacy, Security, Web. Tagged , , ,
Comment

Beware of source code (even from your favorite portal/forum/…)

24 April 2010, 2:14 pm

The other day I stumbed upon a weired piece of software on howtoforge.com : dns-add (code on sourceforge.net). Actually, the purpose of dns-add was very intriguing : update your DNS in one command ! The output should look like this: …::: ISP-fW DNS add v1.0 :::… http://isp-fw.sourceforge.net/ –== copyleft 2005-2006 ==– | Free memory: 864 [...]

Filed under Admin, Cryptography, Linux, Malware forensics, Security, openSUSE. Tagged , , , , , , , ,
3 Comments

Updates on OpenSSL CVE-2009-3555 (client renegociation)

5 April 2010, 10:40 am

So there are some news from the front of OpenSSL CVE-2009-3555 (see this and this for the history). Now the latest version of Apache mod_ssl (2.2) embeds an option to reactivate old way client renegociation : SSLInsecureRenegotiation on Check the official doc for more details. With this option activated, you can now safely upgrade openSSL [...]

Filed under Admin, Cryptography, Linux, Security, System, Web, openSUSE. Tagged , , , , ,
2 Comments

Possible use of SSL rogue certificates for spying purposes

4 April 2010, 10:48 pm

Recent work of security researchers on SSL MiTM attacks have shown how fragile the whole Internet security design could be. But whereas some of these attacks concerns CA with insufficient security policies (md5 collisions) or some level of social engineering against the user (sslsniff), this paper alerts us on a more serious and stealth threat. [...]

Filed under Cryptography, Security, Web. Tagged , , ,
Comment

Deleteyouraccount.com to easily get rid off social networking

4 April 2010, 7:31 pm

Deleteyouraccount.com is a very convenient website if you consider deleting your account from one of these social networking sites that are everywhere now. Of course, they all do their best to make it difficult, trying to hide it and discourage you. Here Deleteyouraccount comes to help. I will still take a few days of thoughts, [...]

Filed under Privacy, Web, openSUSE. Tagged 
2 Comments

SecurityFocus changing

12 March 2010, 10:19 pm

A big change on Security Focus is going to happen. Except the vulnerability database, most of its content and resources are going to move to Symantec. RIP.

Filed under Security, Web. Tagged 
Comment

Simulated massive cyber attack filmed by CNN

18 February 2010, 8:32 am

This video, while “amusing”, is quite interesting : Though not many details are given, I am quite skeptical about the possibility of such a massive attack. However, it shows well that security is not just a technical matter. It has many implications in law, politics, economics, and a whole information system must be prepared to [...]

Filed under Defense, Hacking, Security. Tagged ,
Comment
« Older Entries