http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2009-05-31 16:41:56 - unexcogitate.org : Just a tiny update to check that everyone had a fantastic Christmas andNew Years break, and that everything is back to normal I’ve done alittle bit of housecleaning around here, changed to a new theme andremoved my delicious links from the side bar The truth is, since it’sbecome trivial to “Note http://www.secuobs.com/revue/news/103764.shtmlhttp://www.secuobs.com/revue/news/103764.shtml http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2015-07-03 05:23:03 - un excogitate.org : I ve taken a bit of time over the past week or so to contemplate my life and how it is I ve gotten to this point in my professional career This opportunity for reflection came about in the calm before the storm In a week or so, my small family and I are jumping on an Continue reading Mentors http://www.secuobs.com/revue/news/576091.shtmlhttp://www.secuobs.com/revue/news/576091.shtml Secuobs.com : 2015-06-12 06:16:16 - un excogitate.org - Sometime last year I pinged out on twitter what people thought were appropriate collective nouns for hackers There are a few that had done the rounds, the rest are collected here from various people I don t know why I didn t post this last year, but the conversation came up again on twitter thanks wireghoul so Continue reading Collective noun for hackers http://www.secuobs.com/revue/news/573794.shtmlhttp://www.secuobs.com/revue/news/573794.shtml Secuobs.com : 2014-01-09 12:18:58 - un excogitate.org - I awoke at the start of 2013 and life was spectacular I was a few months married bank accounts reset , had put together a rough plan for honeymooning around the US and even started executing the purchasing of flights etc bank accounts reset take two I had also recently had some really interesting discussions with http://www.secuobs.com/revue/news/490567.shtmlhttp://www.secuobs.com/revue/news/490567.shtml Secuobs.com : 2013-02-10 16:03:00 - un excogitate.org - Security Just some security things that I ve found interesting read they rocked 5 Minutes with the Packetloop Beta The Packetloop presentation at Ruxcon last year was one of the highlights for me, Michael Baker did a really good job of demonstrating even last Nov utilising compute clusters to analyse and give the security defender http://www.secuobs.com/revue/news/426814.shtmlhttp://www.secuobs.com/revue/news/426814.shtml Secuobs.com : 2013-02-05 13:44:31 - un excogitate.org - Security articles I flagged for fun or whatnot Are You Practicing Safe Coding Personally I have a love hate relationship with these style of infographics, this one in particular is almost like a flattened marketing slidedeck Eh Anyway, this image does hold a lot of stats in a single place, and does have a fairly http://www.secuobs.com/revue/news/425816.shtmlhttp://www.secuobs.com/revue/news/425816.shtml Secuobs.com : 2013-01-29 05:40:45 - un excogitate.org - Written to the sweet relaxing sounds of the new Villagers album, Awayland for those indie fans I know I m a bit late on my attempt to post every Friday post thing, but, Friday turned into a bit of a clusterfudge, so excuse the delay plus, Australia day over the weekend Security articles that http://www.secuobs.com/revue/news/424369.shtmlhttp://www.secuobs.com/revue/news/424369.shtml Secuobs.com : 2013-01-18 07:47:18 - un excogitate.org - First off the bat is a couple of posts that I ve had direct some would say intimate involvement BeEF QR Fun Summarising some of the salient points from my OWASP AppSecAPAC 2012 presentation Shake Hooves with BeEF , I finally pulled my finger out and posted for the BeEF blog Mainly focusing on custom mount http://www.secuobs.com/revue/news/422568.shtmlhttp://www.secuobs.com/revue/news/422568.shtml Secuobs.com : 2013-01-11 05:31:01 - un excogitate.org - Pretty hectic week, what, with Rails getting an absolute slam, Java oh-days and CES going on If you ve been bored on the Internet you ve been doing it wrong AWS Improvements so my IaaS-of-choice is primarily Amazon, and it s no surprise that they ve had some updates since the start of the year In fact, they http://www.secuobs.com/revue/news/421155.shtmlhttp://www.secuobs.com/revue/news/421155.shtml Secuobs.com : 2013-01-04 07:17:34 - un excogitate.org - Hope everyone has been getting into the 2013 swing of things I know with a few days of out of office I had a chance to catch up on a bunch of reading Some of these really filtered up to the top and I thought I would shoot off a really quick post on a http://www.secuobs.com/revue/news/419829.shtmlhttp://www.secuobs.com/revue/news/419829.shtml Secuobs.com : 2012-10-03 11:56:45 - un excogitate.org - I was pretty happy to have put together the first Perth CryptoParty last week The event was held at the Perth Artifactory, the local Hackerspace I d never visited the venue before but was pleasantly surprised at it s size, the members who were more than willing to help, and all the crazy contraptions that were to http://www.secuobs.com/revue/news/403263.shtmlhttp://www.secuobs.com/revue/news/403263.shtml Secuobs.com : 2012-05-17 16:46:59 - un excogitate.org - I ll apologise up front for the potentially non-security focus of this post, but I thought it was worthwhile to discuss a few things whilst I had WordPress in the forefront of my mind After almost five years of working as part of an internal security consulting team for a fairly large bank I decided to http://www.secuobs.com/revue/news/376137.shtmlhttp://www.secuobs.com/revue/news/376137.shtml Secuobs.com : 2011-08-07 11:28:58 - un excogitate.org - One of the biggest issues I had with BeEF when I started contributing to the project was the administrative interface Primarily this was due to being absolutely spoilt by Metasploit s msfconsole interface, it just felt so natural to run everything from the command line, it made it trivial to ssh into EC2 instances running MSF, http://www.secuobs.com/revue/news/321582.shtmlhttp://www.secuobs.com/revue/news/321582.shtml Secuobs.com : 2011-07-22 12:15:42 - un excogitate.org - or Leveraging the Cloud to Pwn your Mum Cheers to irldexter for the name idea I was fortunate to get a DM the other day from Kimono asking if I d want to do a lightening talk at the Perth CloudCamp today I immediately got excited about the opportunity to talk about something that I ve http://www.secuobs.com/revue/news/318682.shtmlhttp://www.secuobs.com/revue/news/318682.shtml Secuobs.com : 2011-06-07 17:18:40 - un excogitate.org - Phew , burpdot is now up to version 05 I can t really explain the relief I feel at getting this version out Ever since David planted the idea of visualising Burp log files showing how URLs refer to one another he was always going on about Hey, jQuery is easy right Sure You can build up http://www.secuobs.com/revue/news/309669.shtmlhttp://www.secuobs.com/revue/news/309669.shtml Secuobs.com : 2011-04-08 14:08:04 - un excogitate.org - Burpdot is now up to version 04, it s starting to shape up into something a little bigger than first imagined, which I guess is the way with these things But first lets cover the simple stuff, as of 04, burpdot now has a new mode to output into a SQLite database file At the moment, http://www.secuobs.com/revue/news/297107.shtmlhttp://www.secuobs.com/revue/news/297107.shtml Secuobs.com : 2011-03-29 16:10:03 - un excogitate.org - It wasn t until after I d pushed the 01 version of burpdot up to git when I remembered secvizorg If you haven t checked it out you certainly should, it s a great portal for people to share visualisations of log analysis mining, in particular those related to security I pinged Raffy, who maintains the site, on twitter, and http://www.secuobs.com/revue/news/294834.shtmlhttp://www.secuobs.com/revue/news/294834.shtml Secuobs.com : 2011-03-20 21:54:16 - un excogitate.org - The other day my colleague David says to me Burp s SiteMap is really useful, but I don t understand where all these extra sites were requested from I wish there was some way in which the referer information could be visualised Paraphrased of course Dave is normally dropping f-bombs here and there And of course, this http://www.secuobs.com/revue/news/292930.shtmlhttp://www.secuobs.com/revue/news/292930.shtml Secuobs.com : 2011-03-06 05:38:19 - un excogitate.org - One of my favourite features of the old PHP BeEF was the Keyboard Logger This feature simply passed on all DOM keypress events back to the framework for the security tester to review This was great for demonstrating the impact of XSS issues or as part of a penetration test tied with a social engineering http://www.secuobs.com/revue/news/289686.shtmlhttp://www.secuobs.com/revue/news/289686.shtml Secuobs.com : 2011-02-12 06:24:19 - un excogitate.org - Secure software is difficult Threats are evolving and expanding, compromises occur at all layers of the chain from OS Vulnerabilities to application vulnerabilities to transport vulnerabilities to end-point ownership and people hacking The efforts of so many different groups are proof that it s all gone awry OWASP, SANS MITRE and the Rugged Manifesto are a few http://www.secuobs.com/revue/news/284770.shtmlhttp://www.secuobs.com/revue/news/284770.shtml Secuobs.com : 2011-01-31 17:25:12 - un excogitate.org - Well, apparently it s a copy of your driver s licence, your fingerprint and a happy snap My first experience with what I consider to be a clear breach of my privacy occurred a few months ago whilst visiting a local live-music venue unfortunately, one of the few remaining here in Perth to see some friends play http://www.secuobs.com/revue/news/281894.shtmlhttp://www.secuobs.com/revue/news/281894.shtml Secuobs.com : 2011-01-28 16:49:16 - un excogitate.org - I love my job I love the team I m in I love those moments when I receive really great feedback and actually feel like I m making a difference You know those times, your colleagues I m using the term colleagues instead of business colleagues because I don t subscribe to the school of silos are faced with http://www.secuobs.com/revue/news/281420.shtmlhttp://www.secuobs.com/revue/news/281420.shtml Secuobs.com : 2010-12-06 16:19:34 - un excogitate.org - Last week I was fortunate to be able to attend ECU s SecAU Congress of 2010 As with most academic conferences it was mostly filled with research papers, or future project concept presentations, but there were a few outstanding talks that really stuck with me With 4 streams running over 3 days I certainly found myself http://www.secuobs.com/revue/news/269637.shtmlhttp://www.secuobs.com/revue/news/269637.shtml Secuobs.com : 2010-10-12 03:51:27 - un excogitate.org - So when Wade announced the release of BeEF 041-alpha, he also mentioned a new feature, The Requester The Requester s primary function is simple provide a method for the tester to submit arbitrary HTTP requests against the domain that had the XSS flaw that was injected with BeEF This could be used for discovering more content, http://www.secuobs.com/revue/news/256055.shtmlhttp://www.secuobs.com/revue/news/256055.shtml Secuobs.com : 2010-10-10 18:23:05 - un excogitate.org - Don t worry vegetarians, I m not talking about steak, I m talking about the Browser Exploitation Framework, in particular the just released alpha of the brand new, completely recoded Ruby BeEF 041-Alpha was targeted for a 10th of the 10th 2010 release and I was really happy to see Wade post the update on the mailing list http://www.secuobs.com/revue/news/255670.shtmlhttp://www.secuobs.com/revue/news/255670.shtml Secuobs.com : 2010-04-10 13:00:07 - un excogitate.org - I was talking with a friend of mine recently about how most of the AISA presentations, and even local OWASP meetings, that I ve been involved with or gone to are all good, except that it s mostly filled with security people who sort of already get security So he suggested I go to a more developer-type http://www.secuobs.com/revue/news/210777.shtmlhttp://www.secuobs.com/revue/news/210777.shtml Secuobs.com : 2010-04-04 05:42:07 - un excogitate.org - I m a massive fan of the OWASP OpenSAMM project since first reading about it Open Software Assurance Maturity Model SAMM is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization The resources provided by SAMM will aid in Evaluating an organization s existing http://www.secuobs.com/revue/news/208736.shtmlhttp://www.secuobs.com/revue/news/208736.shtml Secuobs.com : 2010-03-23 17:27:28 - un excogitate.org - I think there s something fundamentally wrong when you re biggest fear at the end of a risk assessment isn t so much that you ve got a critical finding, but it s that you don t know how to tell management It s an interesting phenomena and I believe most information security people run in to it all the time What http://www.secuobs.com/revue/news/204511.shtmlhttp://www.secuobs.com/revue/news/204511.shtml Secuobs.com : 2010-03-17 16:25:23 - un excogitate.org - Zeus has been kicking around for at least 3 years now, and due to its age I often find myself applying this sort of fuzzy, whitewash filter over news or other media reports discussing it I found it refreshing then when justin_foster shared this TrendMicro PDF on twitter this evening that goes through the malware s http://www.secuobs.com/revue/news/202603.shtmlhttp://www.secuobs.com/revue/news/202603.shtml Secuobs.com : 2010-03-14 07:15:42 - un excogitate.org - Lets state some facts Most of your appliances Firewalls, ID P Ses, Proxies, Email Gateways, Storage Devices, etc have web interfaces for management Most vendors recommend that these web interfaces should not be accessible to the public except those vendors that provide their interfaces over the Internet in some form of aaS All modern browsers provide a function to store http://www.secuobs.com/revue/news/201454.shtmlhttp://www.secuobs.com/revue/news/201454.shtml Secuobs.com : 2010-03-09 12:21:55 - un excogitate.org - if it s available via an unencrypted, unauthenticated portion of a public website I don t really think so Slashdot reports According to the New South Wales state government, the Sydney Morning Herald, a local newspaper, attacked the government s website firewall security for two days to research a recent story The affected government minister said that the website was http://www.secuobs.com/revue/news/199707.shtmlhttp://www.secuobs.com/revue/news/199707.shtml Secuobs.com : 2010-03-08 14:55:59 - un excogitate.org - Following on from my last post referring to KPMG s fraud report, PricewaterhouseCoopers also released some fraud survey results, summarised here 40pourcents of Australian organisations surveyed reported at least one incident of fraud compared to the global average of 24pourcents 37pourcents of the frauds reported by Australian organisations over the 12 month period cost in excess of AUD 1mil, http://www.secuobs.com/revue/news/199331.shtmlhttp://www.secuobs.com/revue/news/199331.shtml Secuobs.com : 2010-02-22 15:38:57 - un excogitate.org - I ve had the opportunity to digest a couple of good reads over the past week First up was Charles Leadbeater s Cloud Culture The Future of Global Cultural Relations, and if you re at all interested in emerging technology and the way it s impacting the global society then this is a must read I really liked the http://www.secuobs.com/revue/news/194165.shtmlhttp://www.secuobs.com/revue/news/194165.shtml Secuobs.com : 2010-02-04 12:02:12 - un excogitate.org - I was fortunate to spend a bit of time with Wade recently and we got talking about BeEF, as you do, because you know we like BeEF Since that time I m happy to see that there s been some movement in BeEF land I now know that there is a Google Code for the project, http://www.secuobs.com/revue/news/188518.shtmlhttp://www.secuobs.com/revue/news/188518.shtml Secuobs.com : 2010-01-30 12:22:43 - un excogitate.org - A good friend of mine, lets call him Mikey G, shared this article via Google Reader the other day and it s probably the first time I ve gotten interested in the work going on in the HTML spec, as far as security is concerned The feature in particular is the sandbox attribute for the tag The http://www.secuobs.com/revue/news/186948.shtmlhttp://www.secuobs.com/revue/news/186948.shtml Secuobs.com : 2010-01-23 08:46:33 - un excogitate.org - It s been one of those weeks You all know them, too much to do, not enough time What compounded the week was it kicked off at 42 C which left me with one hell of a headache So Alex and Mike have posted a couple of blog entries on certifications Starting with Alex on ISACA s CRISC posts http://www.secuobs.com/revue/news/184727.shtmlhttp://www.secuobs.com/revue/news/184727.shtml Secuobs.com : 2010-01-14 17:22:56 - un excogitate.org - I m surprised it took ISACA or ISC 2 or maybe FAIR this long to create an information risk certification The first question that we asked when we saw this was well what about all the other risk certifications, how is this different I immediately responded with how those other certifications or qualifications have been around for http://www.secuobs.com/revue/news/181591.shtmlhttp://www.secuobs.com/revue/news/181591.shtml Secuobs.com : 2010-01-06 15:45:30 - un excogitate.org - If the decision of whether or not to place your information in the cloud comes down to a simple matter of trust, trust in whether the cloud provider can deliver the availability they market, trust in the protection of your information in a multi-tenancy environment, trust in their staff including all the staff they outsource http://www.secuobs.com/revue/news/178775.shtmlhttp://www.secuobs.com/revue/news/178775.shtml Secuobs.com : 2010-01-02 10:23:46 - un excogitate.org - Well 10 has started off with a bang and already I m trying to clear my head and set a vision for what I d like to personally and professionally accomplish in the next 12 months Looking back over what I was hoping to achieve in 2009 I can safely say that in the past 12 months http://www.secuobs.com/revue/news/177521.shtmlhttp://www.secuobs.com/revue/news/177521.shtml Secuobs.com : 2009-11-18 16:54:03 - un excogitate.org - Today we announced our involvement with the Perth AISA Tech day Hi all, Christian and I will be presenting a workshop on behalf of OWASP at the Perth AISA tech day on Friday the 4th of December More information on the tech day including online registration can be found here http eventarccom view 95 inagrual-aisa-perth-technical-security-day OWASP members are able to attend our session and the other http://www.secuobs.com/revue/news/162557.shtmlhttp://www.secuobs.com/revue/news/162557.shtml Secuobs.com : 2009-10-22 04:48:26 - un excogitate.org - http://www.secuobs.com/revue/news/152817.shtmlhttp://www.secuobs.com/revue/news/152817.shtml Secuobs.com : 2009-09-26 13:33:25 - un excogitate.org - I read this article by Andrew over at ozrisk the other week and I ve been meaning to comment on it but have only gotten around to doing it today The main concept that Andrew focuses on is quite simple The more regulation you have in a market the more that regulation will favour the big suppliers http://www.secuobs.com/revue/news/144734.shtmlhttp://www.secuobs.com/revue/news/144734.shtml Secuobs.com : 2009-09-07 23:16:39 - un excogitate.org - Tonight was the Perth OWASP Chapter s second meeting the first being a joint effort back in February with AISA and I thought the evening turned out to be great The numbers weren t massive, primarily due to the late notice for the meeting, but it was probably because of this that there was a lot of http://www.secuobs.com/revue/news/138555.shtmlhttp://www.secuobs.com/revue/news/138555.shtml Secuobs.com : 2009-09-05 11:14:26 - un excogitate.org - Issue 22 of the IN SECURE magazine came out at the beginning of the month and as always it s packed full of juicy sec goodies In particular Alexie Lesnykh s Making Clouds Secure article As the title suggests it s taking a look cloud computing and some of the security issues around this technology paradigm If you follow Hoff s http://www.secuobs.com/revue/news/138157.shtmlhttp://www.secuobs.com/revue/news/138157.shtml Secuobs.com : 2009-07-27 18:58:26 - un excogitate.org - Firstly, I need to offer an apology My life has gone through a number of massive, personal changes over the past few months and unfortunately this blog has fallen a little bit by the way-side I m not going to go into it more than that, and instead will get on with the post The following http://www.secuobs.com/revue/news/125385.shtmlhttp://www.secuobs.com/revue/news/125385.shtml Secuobs.com : 2009-07-11 23:09:14 - un excogitate.org - There s been a lot of talk in the media recently about different ways in which companies can deal with the Global Financial Crisis GFC Redundancies, capping recruitment, capping pay, or perhaps promoting the four day week This last option has been getting quite a lot of press here in Australia and the rest of the world http://www.secuobs.com/revue/news/119626.shtmlhttp://www.secuobs.com/revue/news/119626.shtml Secuobs.com : 2009-07-11 23:09:14 - un excogitate.org - I have nothing to add to the great work that irldexter and wadeis have done here Read Drazen s post now http://www.secuobs.com/revue/news/119625.shtmlhttp://www.secuobs.com/revue/news/119625.shtml