At the recent BlackHat Washington conference, a nice presentation was given about new man-in-the-middle techniques for SSL
The presentation starts with a good intro-primer on how SSL certificate validation works, continues with explaining how the old MITMs worked (including the trick with the intermediate CA which is used by most SSL inspection devices) and goes on [...]

Quick Post. I just read that laptops were stolen from one of our Belgian ministries. According to the ministry, the data was safe because it was backed up to a central server. That server was not comprimised and all sensitive data was stored there. I sure hope they also thought about encrypting the laptop hard [...]

First of all: No I am not dead and yes I will continue to blog here. I just took a bit of a ‘blogging sabbatical’ the last couple of months.
That said,  I  (and many others so it seems) downloaded Chrome, Google’s vision of a web browser this week and played around with it for a while. [...]

An article in Datanews (dutch only) today reports on the police arresting four ex-CCC members on two facts:

They were linked to a terrorist organization in Italy
They had ‘encoding’ software on their PC’s to securely wipe hard drives. (most likely the reporter meant wiping instead of encoding.)

On the first fact, I can certainly agree but with [...]

I blogged about it before but every now and then someone finds a new physical ‘hack’ into windows. Here is an example of a recent hack using backtrack to gain access.
This just illustrates one of Microsoft’s 10 Immutable Laws of Security:
Law #3: If a bad guy has unrestricted physical access to your computer, it’s not [...]

This week, I got my invite for Google App Engine in the mailbox. If you have not heard of it, Google App Engine is a beta product from Google where you can publish your web apps to Google’s massive infrastructure. Currently only Python is supported as a language but Google intends to add other languages [...]

It is interesting to see how we perceive our privacy on the Internet. When we see a third party publish personal information about us on the Internet without our permission, we tend to feel violated in our privacy. However, when we publish the same information on our LinkedIn, Facebook, Twitter, … profiles ourselves, we seem [...]

I got interviewed for Vacature Magazine a few weeks ago. They wanted to know more about the IT Security profession. The article was published last weekend. You can read it by clicking on the thumbnail above. (Dutch only, not too technical)

I re-read Marcus Ranum six dumbest ideas in computer security. I had already read it in the past but a colleague referred to it and so I re-read the page.
While the cynical ideas of Marcus Ranum certainly have a core of hard truth embedded in them, I don’t agree with all of them. One of [...]

As you may know, firewire devices can have access to the main memory of a PC thanks to DMA.
Because of this, firewire can be used as an attack vector against a running PC. This not news. Adam Boileau presented this technique back in 2006 but because of recent news, I decided to give it a [...]