Microsoft published a nice tool named EMET (Enhanced Mitigation Experience Toolkit) whose purpose is to check and enforce the memory security policies such as ALSR and DEP. It shows and allows to configure the global settings, but also, and this is the most interesting part, indicated for each process running if it supports those security [...]
I just finished reading two electronic books I bought from O’reilly. Here is a short review on them. Hacking: the next generation The purpose of this book is to give to the readers an overview of the most common attacks nowadays. It covers all fields : social engineering, web attacks, networking, etc. It was easy [...]
This video, while “amusing”, is quite interesting : Though not many details are given, I am quite skeptical about the possibility of such a massive attack. However, it shows well that security is not just a technical matter. It has many implications in law, politics, economics, and a whole information system must be prepared to [...]
Netios 0.73 fixes some bugs and Complete changelog : 2010-02-10 (0.73) Jean-Christophe Baptiste <jc@phocean.net> * remove useless options * fix various bugs Check there (tools page) for more details and a download link.
Netios 0.72 fixes some bugs with the show_run mode and large config files. I also found some issues concerning the prompt detection, so it should be fixed now. Complete changelog : 2010-01-14 (0.72) Jean-Christophe Baptiste <jc@phocean.net> * ciscoclass.py : forgot to remove a debug print * ciscoclass.py : finish and fix a bunch of bugs [...]
I release a new version of Netios : 0.71. There are a lot of changes, starting with cosmetics, but the biggest one is the support of multiprocessing. It is now able to process several routers at the same time, so using it on a large list of machines results in a big speed up. A [...]
I finished reading the ModSecurity 2.5 book, written by Magnus Mischell and published by Packt Publishing. I found a lot of interest reading it as I was already using ModSecurity – and I think anyone exposing an Apache web server should. I was actually using it partially. It is not trivial to secure a web [...]
There will be a new book about mod-security coming out : ModSecurity 2.5. ModSecurity is essential when it comes to secure any web site. It will make the work of the attacker much harder and it may save you even if your favorite dynamic pages have a security hole. However, it must be configured wisely [...]
