Category Archives: Defense

Acquisitions among SIEM actors

The SIEM planet has recently gone crazy. Following the acquisition of the leader, Arcsight, by HP last year, IBM just acquired Q1 Labs… and Mc Afee, Nitrosecurity ! With RSA and Norton having their own solutions, we know have 5 big players in the arena (see Gartner 2011). This is a good proof that the [...]

EMET, pretty weak ALSR

Didier Stevens “benchmarked” the efficiency of ALSR as implemented by the EMET tool. The conclusion is that it is pretty weak, whereas I thought it was on pair with true ALSR (as advertised). Very instructive.

Security Mind Map

I recently attended to the 2011 edition of the SSTIC conference (a major security conference in France), where I had a good time and where the slides of Joanna Rutkowska somehow inspired me. I shamelessly decided to reuse and extend her mind-map style diagram from a system security centric view into something more generic and [...]

Network virtualization and the DMZ paradigm

The virtualization buzz I have recently worked on network virtualization. Many people, especially the network guys, have been recently excited with the VMware Vswitch or Cisco Nexus stuff.  It is something that I understand because virtualization is cool. It brings many convenient features that truly make the life easier. But what about the security? Convenience [...]

How do you manage your passwords?

We all know that passwords sucks, that they are the nightmare of all administrators and security guys. So many hacks have been eased because the victims reused the same password everywhere : email account, forum, bank, critical systems… Sadly, so far, there is even not the beginning of a replacement solution. Passwords will be there [...]

Microsoft’s Zozzle, Javascript malware detector

In an effort to detect malicious Javascript code, Microsoft is developing a tool named Zozzle, aimed to be embedded into the Javascript engine of a browser. The authors claim that it is both fast and efficient with a very low rate of false positive. Here is the report for more details.

ESFS, new perspectives for stenography ?

Tomas Touceda advertised a new project on Full Disclosure. The idea sounds good, so I will keep an eye on this very interesting project. Though I would like to know more about the methods that were used for encryption and stenography. Code and explanations are on the ESFS project homepage. Beyond the pratical usage, I [...]

Mitigating Slow HTTP DoS Attacks

Interesting article on the latest Apache and ModSecurity techniques to prevent DoS HTTP attacks. The attacks are well explained. I personally knew about Slowloris but didn’t about RUDY and post attacks.