Archives de catégorie : IT Security

Sécurité SI

In 2020, having an IDN still isn’t easy

As you know, I own the éé.net domain since April 2011. This domain name has accents, and as such is considered an IDN, an Internationalized Domain Name. Since around 2003, it is officially possible to register a domain name with … Continuer la lecture

Publié dans IT Security | Laisser un commentaire

Les schémas URI

Lorsque j’ai créé mon fichier security.txt, je me suis demandé si il était possible de mentionner dans le champ « Contact » autre chose qu’une adresse de courriel. En effet, je laisse ouvert mes messages directs sur Twitter afin d’être contacté rapidement, … Continuer la lecture

Publié dans IT Security | Laisser un commentaire

Le fichier security.txt

Les années passent, et les procédures de sécurité également. Depuis que je me suis remis à la SSI, je découvre que certaines méthodes que j’utilisais sont devenues obsolètes, telles que le Certficate-Pinning, déprécié au profit de l’entête HTTP Expect-CT (Je … Continuer la lecture

Publié dans IT Security | Un commentaire

Burned

Depuis 2009, je suis membre d’ASIS International, et reçois la revue mensuelle Security Management. Elle s’adresse particulièrement aux directeurs sécurité américains, mais certains articles sont intéressants. Le numéro de février mettait en exergue le syndrome d’épuisement professionnel, également appelé Burnout. … Continuer la lecture

Publié dans IT Security | Laisser un commentaire

CISOs, Techies and Board execs. The unsolvable issue?

I have been participating in NG Security European summit lately, where there were lots of nice presentations about how CISOs are perceived by Board and Business Leaders. And the resuts are frightening. As IT needed decades to get at the … Continuer la lecture

Publié dans IT Security | 2 commentaires

Layered security on my laptop, in 10 (not so easy) steps !

Some of my friends tell my I’m kind of paranoid, but I can’t help keeping my laptop very secure (at least as much I believe). When Windows 10 was released, I had the following options: either keep Windows 8 on … Continuer la lecture

Publié dans IT Security | 15 commentaires

My own Spam Tracker

Since nearly 10 years, I use dedicated email addresses/passwords for every single website or company I register online. That may seem cumbersome to many, as I need to log into a custom platform to create a new email address during … Continuer la lecture

Publié dans IT Security | 6 commentaires

CISOs, are corporate Policies obsolete? And are you already dead?

I’ve always wondered about this dilemna : Even if, as a CISO, you define the best Infosec policy ever, and forbid your users all use of Cloud or unknown services such as Gmail, Dropbox, LogMeIn, TeamViewer to prevent Data Leakage, … Continuer la lecture

Publié dans IT Security | 2 commentaires

New malware received : Dossier_1848785.exe

I’ve just received a new malware in one of my spam mailboxes. The embedded file is a Zip archive, containing a fake PDF (the icon is a PDF, but it’s really a .exe file).

Publié dans IT Security | Laisser un commentaire

So. I’ve erased all my Tweets – Bref. j’ai effacé mes Tweets !

Amongst the good resolutions I’ve taken for 2014, I’ve decided to reset my Twitter account ! You may have noticed that I didn’t tweet anything after december 30th, 2013. The reason for this is that I wanted to archive all … Continuer la lecture

Publié dans Blog's life, General, IT Security | 6 commentaires