Tejeddine Mouelhi
  • Home
  • My blog
  • My publications
  • About my research
  • Java programs
  • Pictures
  • pagex

Privacy in the age of COVID-19 Pandemic

4/1/2020

0 Comments

 
Very interesting and thoughtful blog post by Bruce Schneier. In the age of COVID-19 nobody cares anymore about privacy. 
It is indeed a sad true that goverments worldwide are taking more and more intrusive measures to enforce containement like the ones done in South Korea. The key point to be understood here is that these measures should be enforced only for limited and "necessary and proportionate" cases instead of doing mass tracking of the whole population. 
​
0 Comments

Creating a Honeypot with a Raspberry PI

8/10/2018

0 Comments

 
Here is an interesting presentation from Rémi Chipaux a former colleague from itrust consulting.
He is talking about his research work on setting up some honey pots for collecting malware samples. The idea is quiet simple, buy a Raspberry PI (it costs around 20-30 euros). Install in it a honeypot tool like Cowrie. Then, just wait for getting impacted by malwares spreading in the wild. It is pretty amazing indeed to see as he explains that it takes few minutes to get a malware uploaded to your host.
Here is his talk:

0 Comments

The future of testing

6/29/2016

1 Comment

 
This is a really interesting talk from Prof. James Whittaker on the future of testing. He is talking about how testing changing and how it will be in the future and he is really right in this prediction done in 2008. As predicted, crowd testing companies (like utest.com) are becoming very successful nowadays.
​
"The best way to predict the future is to invent it". Whittaker is definitely among those inventing the future of testing.

1 Comment

Interesting talk on Web application testing

7/19/2015

1 Comment

 
This is an interesting talk given by a notorious researcher in software testing, Prof. Jeff Offutt. It was given on 2010. However, it is still very insightful and really nice to watch:
He is really a brilliant researcher. He is demonstrating in this talk in a very nice way how useful and practical academic research can and should be. 




1 Comment

PRISM and privacy

7/3/2013

0 Comments

 
The US surveillance program PRISM is just something that have been known for years, as the french say a secret de polichinelle (open secret). You will find on the internet more information, comments, blog posts on this, like here, or here or here. 
My view on this subject is that with the popularity of social networks, the cloud service, all private information that was few years ago almost impossible to get is freely available on the social networks websites or on cloud providers data centers. Take for instance, the location based services (for users of twitter, facebook, android, ios, windows phone)  is really a gold mine for secret services, a dream come true. They are able to know location of millions of people around the work. As smartphones, social networks get more adopted by the world population (there is already one billion smartphone users and this stat is from last year!) , secret services will be able to monitor all these people on daily basis. 
A program like PRISM is in my opinion already outdated because there is much more to get easily from all the data available thanks to social networks and smartphones. The big issue is no more how to get this data but is how to sort it, how to find and locate the most relevant pieces among this huge amount of data.
Finally, we have to admit that privacy is almost dead and it is getting difficult to protect your privacy.




0 Comments

Apple maps or the perfect example of the worst way to test an application

10/4/2012

1 Comment

 
It made the news in almost all around the world. Apple maps is really badly tested, contains a lot of inaccurate maps/pictures. Many websites are making jokes and having fun showing a list of apple maps mistakes/bugs.
It is obvious this software was not tested right. It is really surprising because it seems that the basic concepts/methods of the software testing were not followed.
The basic testing approach would be to get some end-user tester perform system testing. At least, trying and running the application, trying it with famous and known locations.
This apple maps, I think will remain for a long time and the perfect example ever of what you should not do when testing an application.
1 Comment

Funny paper review

3/9/2012

1 Comment

 
I came across this website. It is citing some real examples of funny, hilarious paper reviews. This is always done during scientific conferences peer-review process. Other researchers in the same research field are invited to review and evaluate the quality of papers submitted to conferences. They choose to accept or reject the publication of the paper. 
In this website, there is a list of funny comments on submitted papers, read and judge by yourself:
  • There is no experimental demonstration of your theorem.
  • My name only appears in the Acknowledgements section where I could have signed this paper.
  • You shoudl let a native english speaker reads the paper to checking the ortographe and gramar of the paper.
  • Your contribution is so trivial that somebody must have published this somewhere already.
  • I may have accepted your paper, but I had better things to do so I didn't read it.
  • I had a headache just by looking at the data structures of your linear-time optimal algorithm. No doubt an exhaustive algorithm would be more efficient in practice.
  • Reject: Figure 3 is unclear.
  • Your research agenda is so outdated that your results are on a Wikipedia page already.
  • Being 37% better than a complete moron does not make you a genius.
  • This article does not deserve the paper and ink used to print it.
  • In the future, don't waste your time writing articles manually. Use a generator such as http://pdos.csail.mit.edu/scigen/ to ensure they are gramatically correct, if not instructive.
  • I can't believe the authors took the time to present, analyze and prove an algorithm for this middle-school problem.
  • Honnestly, I really wonder whether this article is a joke or not. Anyway, I can assure you it gave me a good laugh and put me in a good mood for the rest of the day.
  • The used notations are unclear and confusing. Since clear writing leads to clear thinking, I doubt that the authors really understood their own article.
  • The only merit of this paper is to demonstrate all what you have to not do when writing an article.
  • The practical effectiveness of the algorithm may be somewhat overstated since the experimental results prove its inability to fulfill its goals.
  • Strengths: What are the major reasons to accept the paper? [Be brief.] I did not find strengths; I stopped reading the paper on page 12, so I may have missed something.
  • This paper is original, well written and fully matches the topic, but its subject is so boring that I strongly recommend its rejection.
  • Some Monthy Python sketches are far more logical than this paper.
  • This paper needs a major rewrite to fix the English, make it more concise, explain clearly what exactly is the performance evaluation methodology, and how it is different from the obvious. (this one was seen for real as I was PC member...)

1 Comment

Duqu the new threat

11/7/2011

2 Comments

 
A new malware is spreading right now. It is an important threat since this malware is very similar to the famous Stuxnet malware (an interesting talk about analysing stuxnet). It installs a keylogger that records all the keystrokes and the system configuration, then encrypt all this data and stores then in an image.
To detect and remove this threat, you can use this tool.
2 Comments

Google chrome attack

5/18/2011

0 Comments

 
A security company VUPEN claims that they were able to successfully perform an attack on Google chrome. According to them v11.0.696.68 and v12.0.742.30. Their attack bypasses the sandbox security mechanisms, and works on Windows 7, 64 bits which has the data execution prevention (DEP) and address space layout randomisation (ASLR) security features.
VUPEN does not give any details on the exploits. They did not even share it with google, which is very unusual. and surprising. They say that they are sharing the exploits with their goverment customers. This is not clear whetther they meant that they are sharing the exploit or the vulnerability and the way to protect from.
This means that there is out there a 0dayvunerability that allows to hack into your system just by visiting a malicious website.
0 Comments

Anonymous the hacktivist

4/6/2011

0 Comments

 
The anonymous group succeeded to attack several targets among them visa, paypall and mastercard (they did this to support wikileaks). 
These attacks used DDOS, quite simple, however they were able to attack the HBGary an important security company. This time it was a more sophisticated attack, they were able to find an sql injection vulnerability in the HBGary website, they used it, then they managed to get most of the company emails to make them public (torrent)  and with social engineering they had access to the famous rootkit.com server.
Lesson to learn from this attack, it is amazing to see that a security company like HBGary can become victim of this kind of attack (how difficult it is to protect against targeted attack from skilled hackers). 
The second lesson is on how important it is to secure the company emails. The information inside them can be very harmful if leaked.
 
0 Comments
<<Previous

    Author

    Dr. Tejeddine Mouelhi
    Expert in IT security & security/software testing

    View my profile on LinkedIn

    Archives

    April 2020
    August 2018
    June 2016
    July 2015
    July 2013
    October 2012
    March 2012
    November 2011
    May 2011
    April 2011
    July 2010
    April 2010
    January 2010
    November 2009
    September 2009
    August 2009
    May 2009
    March 2009
    February 2009

    Categories

    All
    All
    Application Security
    Funny
    Research
    Security Blog
    Worth Reading

    RSS Feed

Powered by Create your own unique website with customizable templates.
  • Home
  • My blog
  • My publications
  • About my research
  • Java programs
  • Pictures
  • pagex