Follow:

Latest articles in ‘Library’


  1. Mr. Robot (TV show by Sam Esmail, 2015)

    Published: Wed 22 November 2017 in Library.
    A review on 'Mr. Robot' TV series, which started with a very engaging first season but sadly seems to wither away.

    Mr. Robot is an interesting project trying to create a television series featuring accurate “hacking” techniques and real-life events, as opposed to most “hacker” movies and series which just project the general public phantasms on the screen.

    I used to redirect people asking me for some “hacking trick” to this series, and several websites and blogs use it as a illustration to provide fundamental knowledge in IT security and help people take conscience of various risks.

    As I write this post, we have now reached the middle of the third season, and while I was and still am very enthusiastic regarding the first season my feeling are now more than mitigated about its sequel.

    Note

    For those who haven’t seen this series yet, I won’t get into any storyline details here, except a bit when listing some season 3 issues. Most of this post should be spoiler-free, however …


  2. Introduction to z/OS and IBM mainframes world and security

    Published: Sun 01 October 2017 in Library.
    They run our economy and critical infrastructures all over the world, yet remain mostly unknown.

    Mainframes are often designated as “legacy platforms”. This triggers the mental image of those old 80’s era enormous bulky computers which can be found in any good computers museum and vintage videos, and leaves a mixed feeling about the place of such machines in todays computing world.

    However, nothing could be such wrong:

    1. A lot of the technologies which made today’s computing what it is actually owe to the mainframe world.

      Things like non-executable memory, process isolation, virtualization and symmetric multiprocessing to name just a few are all technologies that were first developed for mainframes environments, and only then ported onto other architectures.

    2. Today’s mainframes hardware has nothing in common with antique computers, they evolved as the rest of the computer world did.

      They are bulky but not as much as one may imagine, the size of a large fridge to give a rough idea. They remains …


  3. SELinux System Administration & SELinux Cookbook (Sven Vermeulen)

    Published: Wed 06 September 2017 in Library.
    The best book to discover SELinux and learn how to take the most out of it.

    Sven Vermeulen, the author of these two books, is deeply involved in the Gentoo community.

    Quoting his biography from the book introduction:

    In 2003, he joined the ranks of the Gentoo Linux project as a documentation developer and has since worked in several roles, including Gentoo Foundation trustee, council member, project lead for various documentation initiatives, and (his current role) project lead for Gentoo Hardened SELinux integration and the system integrity project.

    He is both knowledgeable technically, pedagogically and in SELinux. In these books, he uses his talent to spread the light on a domain which is often conceived as obscure and daunting, explaining in a clear and effective way how and why the things are the way they are so everything finally takes its place into our minds.

    Don’t let the affiliation with the Gentoo project let you think that these books are only about Gentoo. These books …


  4. Professional Penetration Testing (Thomas Wilhelm)

    Published: Sat 19 August 2017 in Library.
    Penetration testing not seen as a technical operation but as a business activity: what changes when a hobby becomes a real job?

    This book does not teach you penetration testing technically, it teaches you penetration testing professionally. Here, the pentest is not a technical exercise anymore, it becomes a paid service delivered to a customer to satisfy a business need. This requires more than throwing a bunch of tools and lines of code toward a target. This requires things like planning, methodology, quality and risks management, and communication. This is what this book is about.

    This book target mainly three kind of audiences:

    • People who are already familiar with the technical side of pentesting and are wondering if making it a career would be interesting for them (doing something as a hobby and as a job is not the same) and, if so, how to proceed and what to expect.

    • Pentesters already in the field but who would-like to have a broader view of their current job.

    • Project managers who are already …


  5. Why I teach people how to hack (Ýmir Vigfússon)

    Published: Thu 17 August 2017 in Library.
    Why learning to hack is a good thing, explained to the grown-up, serious people :).

    In this short TEDx talk, Ýmir Vigfússon tells us what it means to be a hacker, from the curious teenage who does not really have a “moral compass” (yet!) to the senior professional sharing his knowledge.

    He tells us what leads people in this direction, but above us he tells us how all these people, from the teenage to professional, do all benefit to the society as a whole.

    For those who may not know this text, this video has a strong feeling of the Hacker’s Manifesto, but now explained by a well-respected professional and assistant professor instead of a 11 years old teenager.

    Watch on YouTube


  6. Hacker’s Manifesto (The Mentor)

    Published: Sat 12 August 2017 in Library.
    A heart-moving foundational document on the hacker culture, written 1986 but still current.

    Teenagers interested in computer hacking in the broad sense of the term, where hacking focuses on the technical aspects of computer science and security is just a part of it, often face the same roadblock.

    As this practice is generally not understood and the subject of a lot fantasies and misconceptions, they are often facing the same criticisms: they spend all their time playing on their computer, are anti-social, do not respect authority. In a few words, they are ruining their life.

    However, the most difficult in such situations are not the criticisms by themselves, it is the sense of isolation that they produce. Forty years ago, one of such teenager raised up against this feeling and wrote, under the pen name The Mentor what now counts as one of the most heart-moving and inspirational text about the hacking culture: the Hacker’s Manifesto, also known as The Conscience of …


  7. Carbanak APT, the great bank robbery

    Published: Mon 31 July 2017 in Library.
    The 3rd millennium version of the postal train robbery, readable as a good detective novel.

    In 2015, several surveillance cameras filmed people presenting themselves in front of an ATM, and while no interaction occurred between them and the machine the ATM suddenly started to dispense cash.

    Strange enough, this was actually only the tip of iceberg as the investigation unveils an operation ongoing for around two years, infecting and stealthily altering bank operations from the inside, to achieve what may be one of the biggest bank robbery estimated up to one billion dollars.

    Kaspersky report tells this investigation. While this document provides technical details for interested people, they are not necessary to understand it and can be easily skipped. In fact, this report is quite well written and can be read as a good detective novel and provides a good description on how a high-end attack may look-like nowadays

    Actually, this report looks so much like a detective novel that Wikipedia notices there was some …


  8. 23, Karl Koch and Cliff Stoll

    Published: Sun 23 July 2017 in Library.
    The best depiction of the hacking world in the early days of the Chaos Computer Club.

    23 - Nichts ist so wie es scheint (1998)

    The best depiction I’ve seen so far of the state of the hackers’ world in western Germany in the 80’s. You name it: this the place and time which gave birth to the Chaos Computer Club.

    This film is an independent production (by Hans-Christian Schmid), and due to this is not very widely known which I think is a real shame. This film follows Karl Koch, a German hacker stealing information from US military systems to sell them to the KGB. But, IMHO, this is merely an excuse to provide us an overview of the hackers’ world of that time, both at the cultural and technical level, where idealism faces conspiracy theories, the desire to free the access to information meets individual and national craving for power, and Usenet groups were creating new kinds of links between people.

    Screenshot of "23 - Nichts ist so wie es scheint"

    Some people …

Popular tags see all

Website

Author

Follow