Overblog
Suivre ce blog
Administration Créer mon blog
8 novembre 2016 2 08 /11 /novembre /2016 19:33
==============================================================================================================================================

Cette semaine, il y a des sujets plus qu'intéressants.
- Un article qui démontre l'insensibilité à la sécurité de certains de nos "jeunes". Les "vieux" seraient au final mieux armés pour détecter les mails frauduleux. C'est probablement le fait que les "vieux" ont de l'expérience et sont plus méfiants vis-a-vis de la technologie.
- Un autre article traite de solutions simples et pas chères pour contourner un système de reconnaissance faciale
- Un sujet intéressant sur l'utilisation dans les devs de vieux SDK qui appellent des ressources sur des noms de domaines abandonnés. Mais le hic, c'est quand ces noms de domaines sont repris par des personnes aux intentions malveillantes.
- L'intelligence artificielle qui continue à  faire peur, à juste titre à  mon avis.
Et plein d'autres informations

Bonne lecture
Tristan

==============================================================================================================================================


A LIRE SECURITE
---------------

Five Ways That Good Guys Share More Than Bad Guys
https://taosecurity.blogspot.fr/2016/10/five-ways-that-good-guys-share-more.html

Kids today are so stupid they fall for security scams more often than greybeards
https://news.hitb.org/content/kids-today-are-so-stupid-they-fall-security-scams-more-often-greybeards
http://www.theregister.co.uk/2016/10/20/millennials_easier_bait_for_tech_support_scams_than_baby_boomers/

Facial recognition still can’t beat a 22 cent pair of sunglasses
https://news.hitb.org/content/facial-recognition-still-can’t-beat-22-cent-pair-sunglasses
http://thenextweb.com/artificial-intelligence/2016/11/02/facial-recognition-still-cant-beat-a-22-cent-pair-of-sunglasses/

Pourquoi les attaques DDoS prennent une ampleur inégalée
http://www.01net.com/actualites/pourquoi-les-attaques-ddos-prennent-une-ampleur-inegalee-1044130.html

Expired domains present an opportunity for malicious activity [On n'y pense pas toujours aux vieux SDK qui pointent vers des domaines abandonnés réutilisés par des personnes malveillantes]
https://news.hitb.org/content/expired-domains-present-opportunity-malicious-activity
http://searchsecurity.techtarget.com/news/450400703/Expired-domains-present-an-opportunity-for-malicious-activity

Ransomware Raises The Bar Again
https://news.hitb.org/content/ransomware-raises-bar-again
http://www.darkreading.com/attacks-breaches/ransomware-raises-the-bar-again-/d/d-id/1327138?_mc=RSS_DR_EDT

Le ransomware a bonne santé
https://www.lexsi.com/securityhub/ransomware-a-bonne-sante/

Identifying hackers is harder than you think
https://news.hitb.org/content/identifying-hackers-harder-you-think
http://betanews.com/2016/10/10/hackers-deception/
https://securelist.com/analysis/publications/76273/wave-your-false-flags/
https://securelist.com/files/2016/10/Bartholomew-GuerreroSaade-VB2016.pdf

Pour une révision du protocole SAML
http://www.orange-business.com/fr/blogs/securite/securite-applicative/pour-une-revision-du-protocole-saml

BYPASSING ASLR IN 60 MILLISECONDS
https://threatpost.com/bypassing-aslr-in-60-milliseconds/121412/

Researchers build undetectable rootkit for programmable logic controllers
https://news.hitb.org/content/researchers-build-undetectable-rootkit-programmable-logic-controllers
http://www.networkworld.com/article/3137420/security/researchers-build-undetectable-rootkit-for-programmable-logic-controllers.html#tk.rss_all

DOSSIERS
--------

Yahoo’s CISO resigned in 2015 over secret e-mail search tool ordered by feds
http://news.hitb.org/content/yahoo’s-ciso-resigned-2015-over-secret-e-mail-search-tool-ordered-feds
http://arstechnica.com/tech-policy/2016/10/report-fbi-andor-nsa-ordered-yahoo-to-build-secret-e-mail-search-tool/
=> Neither the NSA nor the FBI have responded to Ars' request for comment.

NSA Director Not Opposed To Splitting Cyber Command From Agency
https://news.hitb.org/content/nsa-director-not-opposed-splitting-cyber-command-agency
http://www.darkreading.com/threat-intelligence/nsa-director-not-opposed-to-splitting-cyber-command-from-agency/d/d-id/1327120?_mc=RSS_DR_EDT

NSA spy details how to tap into webcam on Mac without user noticing
https://news.hitb.org/content/nsa-spy-details-how-tap-webcam-mac-without-user-noticing
http://www.pcauthority.com.au/News/439082,nsa-spy-details-how-to-tap-into-webcam-on-mac-without-user-noticing.aspx

GOOGLE HANDLES RECORD NUMBER OF GOVERNMENT REQUESTS FOR DATA
https://threatpost.com/google-handles-record-number-of-government-requests-for-data/121284/

Shadow Brokers Releases Second Trove of Spying Tools
https://news.hitb.org/content/shadow-brokers-releases-second-trove-spying-tools
http://www.pcmag.com/news/349227/shadow-brokers-releases-second-trove-of-spying-tools

INSOLITE
--------

Nantes: Une journée pour inventer des services stupides et inutiles
http://www.20minutes.fr/nantes/1950947-20161028-nantes-journee-inventer-services-stupides-inutiles

INTELLIGENCE ARTIFICIELLE
-------------------------

Cinq géants de la high tech s’allient pour définir et encadrer l’intelligence artificielle
http://www.01net.com/actualites/cinq-geants-de-la-high-tech-s-allient-pour-definir-et-encadrer-l-intelligence-artificielle-1042482.html

UN PETIT GESTE POUR LA PLANETE
------------------------------

Delete unused Android apps now, or risk a security nightmare
https://news.hitb.org/content/delete-unused-android-apps-now-or-risk-security-nightmare
http://www.techrepublic.com/article/delete-unused-android-apps-now-or-risk-a-security-nightmare/

Linux Foundation appoints two more women to its board of directors
https://news.hitb.org/content/linux-foundation-appoints-two-more-women-its-board-directors
http://www.zdnet.com/article/linux-foundation-appoints-two-more-women-to-its-board-of-directors/

FACEBOOK AND SOCIAL NETWORKS
----------------------------

FACEBOOK BUG BOUNTY PROGRAM PAYS OUT $5 MILLION IN FIVE YEARS
https://threatpost.com/facebook-bug-bounty-program-pays-out-5-million-in-five-years/121278/

Twitter seeks a sale decision by October 27th
https://news.hitb.org/content/twitter-seeks-sale-decision-october-27th
https://www.engadget.com/2016/10/05/twitter-seeks-sale-decision-by-october-27th/

A BOOKMARKER
------------


SALONS / CONFERENCES / EVENEMENTS
---------------------------------

Retour sur les Assises de la sécurité 2016 : la réponse de l'ANSSI aux enjeux nationaux
http://www.orange-business.com/fr/blogs/securite/actualites/retour-sur-les-assises-de-la-securite-2016-la-reponse-de-l-anssi-aux-enjeux-nationaux

PRODUITS
--------

Orosound, le casque intra-auriculaire qui vous fera oublier l'enfer de l'open space
http://www.01net.com/actualites/orosound-le-casque-intra-auriculaire-qui-vous-fera-oublier-l-enfer-de-l-open-space-1049261.html

Ce moniteur portable 24 pouces à emporter partout s’ouvre comme un parapluie
http://www.01net.com/actualites/ce-moniteur-portable-24-pouces-a-emporter-partout-s-ouvre-comme-un-parapluie-1055239.html

BON A SAVOIR
------------

FREE SSL PROVIDERS SPARK UNPRECEDENTED GROWTH IN ENCRYPTED TRAFFIC
https://threatpost.com/free-ssl-providers-spark-unprecedented-growth-in-encrypted-traffic/121336/

Une carte interactive pour savoir où sont les antennes mobiles près de chez vous
http://www.01net.com/actualites/une-carte-interactive-pour-savoir-ou-sont-les-antennes-mobiles-pres-de-chez-vous-1044092.html
http://www.anfr.fr/gestion-des-frequences-sites/lobservatoire-en-carte/

La France à la traîne de l’Europe en matière de débit
http://www.01net.com/actualites/la-france-a-la-traine-de-l-europe-en-matiere-de-debit-1042883.html
https://www.akamai.com/fr/fr/our-thinking/state-of-the-internet-report/global-state-of-the-internet-connectivity-reports.jsp

Six nouveaux services alternatifs pour «dégoogliser» Internet
http://www.01net.com/actualites/six-nouveaux-services-alternatifs-pour-degoogliser-internet-1044239.html

Google, première marque de système d'exploitation ?
http://www.les-infostrateges.com/actu/16092252/google-premiere-marque-de-systeme-d-exploitation

Samsung Galaxy Note 7 : et si les batteries n’avaient rien à voir avec tout ça ?
http://www.01net.com/actualites/samsung-galaxy-note-7-et-si-les-batteries-n-avaient-rien-a-voir-avec-tout-ca-1047098.html

Exclu : Samsung France annonce aux clients la désactivation à distance des Galaxy Note 7 [Info ou Intox ? Ca fait 2 fois que je vois la nouvelle]
http://www.01net.com/actualites/exclu-samsung-france-annonce-aux-clients-la-desactivation-a-distance-des-galaxy-note-7-1049815.html

MITRE will give you $50,000 to 'fingerprint' rogue, dangerous IoT devices
https://news.hitb.org/content/mitre-will-give-you-50000-fingerprint-rogue-dangerous-iot-devices

Netflix reminds password re-users to run a reset
https://news.hitb.org/content/netflix-reminds-password-re-users-run-reset

SCIENCES
--------

HIV researchers edge closer to a cure
http://news.hitb.org/content/hiv-researchers-edge-closer-cure
https://www.engadget.com/2016/10/02/hiv-cure-testing/

Infiniment petit : le plus petit transistor du monde mesure 1 milliardième de mètre !
http://www.01net.com/actualites/infiniment-petit-le-plus-petit-transistor-du-monde-mesure-1-milliardieme-de-metre-1046720.html

CONSOMMATION
------------



RACHAT / UNION
--------------

Samsung buys AI startup created by Siri co-cofounders
https://news.hitb.org/content/samsung-buys-ai-startup-created-siri-co-cofounders

DROIT
-----

AFCDP : 11ème université des Cil le 25 janvier prochain
http://www.les-infostrateges.com/actu/16102269/afcdp-11eme-universite-des-cil-le-25-janvier-prochain

La loi pour une République numérique adoptée définitivement
http://www.les-infostrateges.com/actu/16092254/la-loi-pour-une-republique-numerique-adoptee-definitivement

Commerce, commerce électronique et Cnil : mise à jour de la norme simplifiée n°48
http://www.les-infostrateges.com/actu/16102255/commerce-commerce-electronique-et-cnil-mise-a-jour-de-la-norme-simplifiee-n48

Géolocalisation des véhicules et cybersuveillance abusive des salariés
http://www.les-infostrateges.com/actu/16112271/geolocalisation-des-vehicules-et-cybersuveillance-abusive-des-salaries

MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------

CARRIERE
--------

Experts en cybersécurité : comment trouver la perle ?
http://www.orange-business.com/fr/blogs/securite/actualites/experts-en-cybersecurite-comment-trouver-la-perle-

5 applications pour trouver un job sur iPhone et Android
http://www.01net.com/astuces/5-applications-pour-trouver-un-job-sur-iphone-et-android-1055321.html

MICROSOFT
---------

Windows Server 2016 could rattle the competition
http://news.hitb.org/content/windows-server-2016-could-rattle-competition
http://arstechnica.com/information-technology/2016/10/hands-on-with-windows-server-2016-the-os-with-its-foot-in-everything/

Windows 10, on pourra bientôt enfin désinstaller les applications inutiles de Microsoft
http://www.01net.com/actualites/windows-10-on-pourra-bientot-enfin-desinstaller-les-applications-inutiles-de-microsoft-1045435.html

Get to know the security features in the Edge browser
https://news.hitb.org/content/get-know-security-features-edge-browser
https://www.cnet.com/uk/how-to/get-to-know-the-security-features-in-edge/

It came from Redmond: Windows Server 2016 could rattle the competition
http://arstechnica.com/information-technology/2016/10/hands-on-with-windows-server-2016-the-os-with-its-foot-in-everything/

GOOGLE
------

En décembre, Chrome consommera moins de mémoire
http://www.01net.com/actualites/en-decembre-chrome-consommera-moins-de-memoire-1046434.html

GOOGLE TO MAKE CERTIFICATE TRANSPARENCY MANDATORY BY 2017
https://threatpost.com/google-to-make-certificate-transparency-mandatory-by-2017/121651/

GOOGLE TO DISTRUST WOSIGN, STARTCOM CERTS IN 2017
https://threatpost.com/google-to-distrust-wosign-startcom-certs-in-2017/121709/

APPLE / IPHONE
--------------

PALM / PRE
----------

FREE
----

GEEK POWER
----------

LIBRE / OPEN SOURCE
-------------------

Firefox : découvrez ses trois nouvelles fonctions expérimentales à essayer d’urgence…
http://www.01net.com/actualites/firefox-propose-trois-nouvelles-fonctions-experimentales-a-essayer-d-urgence-1048537.html

Vers une version de Firefox encore plus puissante en 2017
http://www.01net.com/actualites/bientot-un-moteur-de-rendu-de-nouvelle-generation-dans-firefox-1053359.html

Microsoft open-sources P language for IoT
https://news.hitb.org/content/microsoft-open-sources-p-language-iot

ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------

Nuke plant has been hacked, says Atomic Energy Agency director
https://news.hitb.org/content/nuke-plant-has-been-hacked-says-atomic-energy-agency-director
http://www.theregister.co.uk/2016/10/11/nuke_plant_has_been_hacked_says_atomic_energy_agency_director/

Piratage informatique chez IKEA : fuite possible ?
http://www.zataz.com/piratage-informatique-fuite-donnees/#ixzz4MQWYY7kJ

Amazon reset user passwords to protect accounts
https://news.hitb.org/content/amazon-reset-user-passwords-protect-accounts
http://tamebay.com/2016/10/amazon-reset-user-passwords-to-protect-accounts.html

VENDETTA BROTHERS CYBER CROOKS ADOPT REAL WORLD TACTICS
https://threatpost.com/vendetta-brothers-cyber-crooks-adopt-real-world-tactics/120955/

DYN DDOS WORK OF SCRIPT KIDDIES, NOT POLITICALLY MOTIVATED HACKERS
https://threatpost.com/dyn-ddos-work-of-script-kiddies-not-politically-motivated-hackers/121537/

Icarus, le hacker qui permet de pirater un drone
http://www.zataz.com/icarus-drone-hacker/#MK4R2wbs1wmMXPrB.99

SUNDOWN EXPLOIT KIT ‘LARGER THREAT THAN PEOPLE REALIZE’
https://threatpost.com/sundown-exploit-kit-larger-threat-than-people-realize/121718/

Three hospitals in England cancel operations over computer virus
https://news.hitb.org/content/three-hospitals-england-cancel-operations-over-computer-virus
http://www.reuters.com/article/britain-cyber-hospitals-idUSL8N1D268W?rpc=401

FAILLES
-------

ADOBE FIXES 81 VULNERABILITIES IN ACROBAT, READER, FLASH
https://threatpost.com/adobe-fixes-81-vulnerabilities-in-acrobat-reader-flash/121206/

GOOGLE PLUGS 21 SECURITY HOLES IN CHROME
https://threatpost.com/google-plugs-21-security-holes-in-chrome/121289/

JPEG 2000 – Researchers find security hole in image codec
http://news.hitb.org/content/jpeg-2000-–-researchers-find-security-hole-image-codec
http://www.theregister.co.uk/2016/10/04/jpeg_2000_security_hole/

Recevoir une image JPEG suffit parfois pour se faire pirater
http://www.01net.com/actualites/recevoir-une-image-jpeg-suffit-parfois-pour-se-faire-pirater-1045102.html

VULNERABILITIES IN INSULIN PUMPS CAN LEAD TO OVERDOSE
https://threatpost.com/vulnerabilities-in-insulin-pumps-can-lead-to-overdose/121064/

CISCO WARNS OF CRITICAL FLAWS IN NEXUS SWITCHES
https://threatpost.com/cisco-warns-of-critical-flaws-in-nexus-switches/121164/

PowerShell's admin-lite scheme is an open door
https://news.hitb.org/content/powershells-admin-lite-scheme-open-door
http://www.theregister.co.uk/2016/10/10/security_bod_to_microsoft_your_powershell_jea_feature_isnt_a_barrier_its_an_open_door/

Android : une vieille faille Linux permet de rooter tous les smartphones
http://www.01net.com/actualites/android-une-vieille-faille-linux-permet-de-rooter-tous-les-smartphones-1051930.html

Cisco patches critical authentication flaw in conferencing servers
https://news.hitb.org/content/cisco-patches-critical-authentication-flaw-conferencing-servers

Comment le Wi-Fi des opérateurs mobiles permet de pister les abonnés
http://www.01net.com/actualites/comment-le-wi-fi-des-operateurs-mobiles-permet-de-pister-les-abonnes-1055430.html

OUTLOOK WEB ACCESS TWO-FACTOR AUTHENTICATION BYPASS EXISTS
https://threatpost.com/outlook-web-access-two-factor-authentication-bypass-exists/121777/

OUTILS
------

Beat the bad guys at their own game with SafeBreach’s simulated cyberattacks
https://news.hitb.org/content/beat-bad-guys-their-own-game-safebreach’s-simulated-cyberattacks
http://www.networkworld.com/article/3135724/security/beat-the-bad-guys-at-their-own-game-with-safebreach-s-simulated-cyberattacks.html#tk.rss_all
https://safebreach.com

La messagerie Caramail revient en force avec des emails chiffrés de bout en bout
http://www.01net.com/actualites/la-messagerie-caramail-revient-en-force-avec-des-emails-chiffres-de-bout-en-bout-1044279.html

Five EFF Tools to Help You Protect Yourself Online
http://news.hitb.org/content/five-eff-tools-help-you-protect-yourself-online
https://www.eff.org/deeplinks/2016/09/five-eff-tools-help-you-protect-yourself-online

FACEBOOK DEBUTS OPEN SOURCE DETECTION TOOL FOR WINDOWS
https://threatpost.com/facebook-debuts-open-source-detection-tool-for-windows/120897/
https://osquery.io

FREE TOOL PROTECTS MAC USERS FROM WEBCAM SURVEILLANCE
https://threatpost.com/free-tool-protects-mac-users-from-webcam-surveillance/121154/
https://objective-see.com/products/oversight.html

Meet Apache Spot, a new open source project for cybersecurity
https://news.hitb.org/content/meet-apache-spot-new-open-source-project-cybersecurity

DISAPPEARING MESSAGES ADDED TO SIGNAL APP
https://threatpost.com/disappearing-messages-added-to-signal-app/121237/

NEW GOOGLE TOOLS HELP DEVS IMPROVE CONTENT SECURITY POLICY PROTECTION
https://threatpost.com/new-google-tools-help-devs-improve-content-security-policy-protection/120894/

Mooltipass Mini, le gestionnaire de mots de passe qui tient dans la poche
http://www.01net.com/actualites/mooltipass-mini-le-gestionnaire-de-mots-de-passe-qui-tient-dans-la-poche-1052939.html

LastPass Becomes Free On Mobile, Eliminates Last Excuse For Not Using A Password Manager
https://news.hitb.org/content/lastpass-becomes-free-mobile-eliminates-last-excuse-not-using-password-manager

Microsoft’s IFTTT-like Flow is now out of beta
https://news.hitb.org/content/microsoft’s-ifttt-flow-now-out-beta
http://arstechnica.com/information-technology/2016/11/microsofts-ifttt-like-flow-is-now-out-of-beta/
https://flow.microsoft.com/en-us/

------------

01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml
Published by pseudonyme
commenter cet article
3 octobre 2016 1 03 /10 /octobre /2016 21:39

==============================================================================================================================================

Toujours pas de commentaires, pas le temps.....

Bonne lecture
Tristan

==============================================================================================================================================


A LIRE SECURITE
---------------

The power of protocol analyzers [Un petit Tuto Wireshark, toujours intéressant à avoir sous la main]
http://news.hitb.org/content/power-protocol-analyzers
http://arstechnica.com/information-technology/2016/09/the-power-of-protocol-analyzers/

Data hoarding site LeakedSource could make hacking easier [Pour ou contre le full disclosure ?? ;-)) Ca rappelle des souvenirs, mais ici l'analyse est assez bien faite]
http://news.hitb.org/content/data-hoarding-site-leakedsource-could-make-hacking-easier
http://www.computerworld.com/article/3122394/security/data-hoarding-site-leakedsource-could-make-hacking-easier.html

RESEARCHER PROVES VIABILITY OF NAND MIRRORING TO BYPASS IPHONE PASSCODE RESTRICTIONS
https://threatpost.com/researcher-proves-viability-of-nand-mirroring-to-bypass-iphone-passcode-restrictions/120648/

Building a Security Culture
http://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/building-a-security-culture/

Why do we ignore up to 90% of computer security alerts? Because we’re terrible at multi-tasking…
http://www.tripwire.com/state-of-security/featured/security-alerts-multitasking/

UNSECURED DNSSEC EASILY WEAPONIZED, RESEARCHERS WARN
https://threatpost.com/unsecured-dnssec-easily-weaponized-researchers-warn/119969/

MICROSOFT MISTAKENLY LEAKS SECURE BOOT KEY
https://threatpost.com/microsoft-mistakenly-leaks-secure-boot-key/119828/

Le chiffrement quantique, nouvel eldorado de la sécurité
http://www.01net.com/actualites/le-chiffrement-quantique-nouvel-eldorado-de-la-securite-1027383.html

Security Think Tank: Malware infection is inevitable, so be prepared
http://news.hitb.org/content/security-think-tank-malware-infection-inevitable-so-be-prepared
http://www.computerweekly.com/opinion/Security-Think-Tank-Malware-infection-is-inevitable-so-be-prepared

Hackers can steal data from 3D printers using just a smartphone
http://news.hitb.org/content/hackers-can-steal-data-3d-printers-using-just-smartphone
http://www.digitaltrends.com/cool-tech/3d-printer-hack-smartphone/

GENERIC OS X MALWARE DETECTION METHOD EXPLAINED
https://threatpost.com/generic-os-x-malware-detection-method-explained/120503/

DHS ANNOUNCES INTENT TO DRAFT IOT SECURITY FRAMEWORK
https://threatpost.com/dhs-announces-intent-to-draft-iot-security-framework/120799/

UK online financial crime up 53% in 2016
http://news.hitb.org/content/uk-online-financial-crime-53-2016
http://tamebay.com/2016/09/uk-online-financial-crime-up-53-in-2015.html

That’s why the Take Five campaign is asking consumers to help protect themselves from financial fraud by remembering some simple advice:
1) Never disclose security details, such as your PIN or full password – it’s never right to reveal these details
2) Don’t assume an email request or caller is genuine – people aren’t always who they say they are
3) Don’t be rushed – a bank or genuine organisation won’t mind waiting to give you time to stop and think
4) Listen to your instincts – if something feels wrong then it is usually right to pause and question it
5) Stay in control – have the confidence to refuse unusual requests for information

DOSSIERS
--------

Le hack de la NSA met l'Internet en danger
http://www.01net.com/actualites/le-hack-de-la-nsa-met-l-internet-en-danger-1027339.html
http://hightech.bfmtv.com/securite/pourquoi-le-piratage-de-la-nsa-met-tous-les-internautes-en-danger-1027250.html

La NSA a pu déchiffrer les données secrètes d'entreprises pendant des années
http://www.01net.com/actualites/la-nsa-a-pu-dechiffrer-les-donnees-secretes-d-entreprises-pendant-des-annees-1027725.html

NSA zero days and encryption backdoors need clear disclosure policies
http://news.hitb.org/content/nsa-zero-days-and-encryption-backdoors-need-clear-disclosure-policies
http://www.networkworld.com/article/3109137/security/nsa-zero-days-and-encryption-backdoors-need-clear-disclosure-policies.html#tk.rss_security

Experts have two theories for how top secret NSA data was stolen — and both are equally disturbing
http://news.hitb.org/content/experts-have-two-theories-how-top-secret-nsa-data-was-stolen-—-and-both-are-equally
http://www.businessinsider.my/nsa-hacking-theories-2016-8/?r=US&IR=T#8gqwCV5lBq0R88tf.97


INSOLITE
--------

Woman brilliantly fools a phone scammer
http://www.cnet.com/news/woman-brilliantly-fools-a-phone-scammer/

UN PETIT GESTE POUR LA PLANETE
------------------------------

Microsoft's researchers want to 'solve' cancer within 10 years
http://news.hitb.org/content/microsofts-researchers-want-solve-cancer-within-10-years
http://www.neowin.net/news/microsofts-researchers-want-to-solve-cancer-within-10-years

FACEBOOK AND SOCIAL NETWORKS
----------------------------


A BOOKMARKER
------------

BANQUES
-------

HSBC uses facial recognition so customers can open new bank accounts with a selfie
http://news.hitb.org/content/hsbc-uses-facial-recognition-so-customers-can-open-new-bank-accounts-selfie
http://betanews.com/2016/09/05/hsbc-selfie-facial-recognition/

SALONS / CONFERENCES / EVENEMENTS
---------------------------------


PRODUITS
--------

HP lance les premiers PC portables avec écran "anti-regards", je veux ça, c'est avec activation à la demande
http://www.01net.com/actualites/hp-lance-les-premiers-pc-portables-avec-ecran-anti-regards-1029548.html

Ce boitier transforme n'importe quelle télé en système de visioconférence
http://www.01net.com/actualites/ce-boitier-transforme-n-importe-quelle-tele-en-systeme-de-visioconference-1034089.html

BON A SAVOIR
------------

Americans want passwords, not biometrics, survey finds
http://news.hitb.org/content/americans-want-passwords-not-biometrics-survey-finds
http://www.networkworld.com/article/3109245/security/americans-want-passwords-not-biometrics-survey-finds.html#tk.rss_security

Interestingly, new advice from some experts now suggests that changing passwords frequently might not be such a good idea: The more you change a password, the more likely you are to be lazy about it and choose something easy to crack, researchers from the Carleton University in Ottawa, Canada, say in their paper (PDF). http://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf

Applis sur smartphones et données personnelles
http://www.les-infostrateges.com/actu/16082233/applis-sur-smartphones-et-donnees-personnelles

En harmonisant les points d'accès Wi-Fi, on peut faire tripler le débit
http://www.01net.com/actualites/en-harmonisant-les-points-d-acces-wi-fi-on-peut-faire-tripler-le-debit-1029576.html

Comment surveiller et analyser l’e-réputation de ses marques : quelques bonnes pratiques
http://www.les-infostrateges.com/actu/16092242/comment-surveiller-et-analyser-le-reputation-de-ses-marques-quelques-bonnes-pratiques
http://digimind.com/blog/fr/social-marketing-fr/surveiller-analyser-reputation-de-vos-marques-20-bonnes-pratiques-part-1/

Employees download new malware every four seconds
http://news.hitb.org/content/employees-download-new-malware-every-four-seconds
http://www.itproportal.com/news/employees-download-new-malware-every-four-seconds/
https://www.checkpoint.com/downloads/resources/2016-security-report.pdf

Cisco Talos: Spam at levels not seen since 2010
http://news.hitb.org/content/cisco-talos-spam-levels-not-seen-2010
http://www.networkworld.com/article/3123065/security/cisco-talos-spam-at-levels-not-seen-since-2010.html#tk.rss_all
http://blog.talosintel.com/2016/09/the-rising-tides-of-spam.html

IPv4 apocalypse means we just can't measure the internet any more
http://news.hitb.org/content/ipv4-apocalypse-means-we-just-cant-measure-internet-any-more
http://www.theregister.co.uk/2016/09/19/ipv4_hampering_net_metrics/
http://arxiv.org/abs/1606.00360

Une étude révèle les usages vidéos des 6-14 ans
http://www.les-infostrateges.com/actu/16092247/une-etude-revele-les-usages-videos-des-6-14-ans

SCIENCES
--------



CONSOMMATION
------------



RACHAT / UNION
--------------

Cisco ContainerX buy a step toward readying ACI for the cloud
http://searchnetworking.techtarget.com/news/450303604/Cisco-ContainerX-buy-a-step-toward-readying-ACI-for-the-cloud

DROIT
-----

Le Safe Harbor est mort, vive le Privacy Shield !
https://www.lexsi.com/securityhub/safe-harbor-mort-vive-privacy-shield/

Nouvelle application judiciaire du délit d'usurpation d'identité
http://www.les-infostrateges.com/actu/16092240/nouvelle-application-judiciaire-du-delit-d-usurpation-d-identite

Information juridique : les fiches de synthèse de l'Assemblée nationale
http://www.les-infostrateges.com/actu/16092244/information-juridique-les-fiches-de-synthese-de-l-assemblee-nationale
http://www2.assemblee-nationale.fr/decouvrir-l-assemblee/role-et-pouvoirs-de-l-assemblee-nationale#node_2361

Information juridique : l'Assemblée nationale en 8 leçons
http://www.les-infostrateges.com/actu/16092246/information-juridique-l-assemblee-nationale-en-8-lecons

MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------

CARRIERE
--------


MICROSOFT
---------

Windows 10 : le contrôle parental va bloquer automatiquement Chrome et Firefox
http://www.01net.com/actualites/windows-10-le-controle-parental-va-bloquer-automatiquement-chrome-et-firefox-1033795.html

NEW WINDOWS PATCH POLICY AT ODDS WITH ACCEPTABLE RISK
https://threatpost.com/new-windows-patch-policy-at-odds-with-acceptable-risk/120491/

GOOGLE
------

Lancement du nouveau système d'exploitation Android 7.0 Nougat
http://www.les-infostrateges.com/actu/16082237/lancement-du-nouveau-ysteme-d-exploitation-android-70-nougat

APPLE / IPHONE
--------------

macOS 10.12 Sierra: The Ars Technica review
http://news.hitb.org/content/macos-1012-sierra-ars-technica-review
http://arstechnica.com/apple/2016/09/macos-10-12-sierra-the-ars-technica-review/

PALM / PRE
----------

FREE
----

GEEK POWER
----------

LG dévoile des vidéoprojecteurs de poche vraiment malins
http://www.01net.com/actualites/lg-devoile-des-videoprojecteurs-de-poche-vraiment-malins-1027352.html

LIBRE / OPEN SOURCE
-------------------

Linux a 25 ans : la folle histoire d'un logiciel qui a changé le monde
http://www.01net.com/actualites/linux-a-25-ans-la-folle-histoire-d-un-logiciel-qui-a-change-le-monde-1029586.html

Le Firefox multi-processus serait jusqu'à 700 % plus rapide
http://www.01net.com/actualites/le-firefox-multi-processus-serait-jusqu-a-700-percent-plus-rapide-1033680.html

Firefox 49 est là, voici ses principales améliorations
http://www.01net.com/actualites/firefox-49-est-la-voici-ses-principales-ameliorations-1039404.html

ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------

NEW BRAZILIAN BANKING TROJAN USES WINDOWS POWERSHELL UTILITY
https://threatpost.com/new-brazilian-banking-trojan-uses-windows-powershell-utility/120016/

Researcher uses Apple’s ‘Live Photos’ feature to hack into two mobile banking apps
http://news.hitb.org/content/researcher-uses-apple’s-‘live-photos’-feature-hack-two-mobile-banking-apps
http://bgr.com/2016/08/18/ios-live-photos-hack-facial-recognition/

MAMBA RANSOMWARE ENCRYPTS HARD DRIVES RATHER THAN FILES
https://threatpost.com/mamba-ransomware-encrypts-hard-drives-rather-than-files/120730/

Ce hacker aurait pu pirater (presque) n'importe quel compte Facebook
http://www.01net.com/actualites/ce-hacker-aurait-pu-pirater-presque-n-importe-quel-compte-facebook-1031146.html

Thousands of Australian computer log-ins up for sale on dark web
http://news.hitb.org/content/thousands-australian-computer-log-ins-sale-dark-web

Freemium phishing service makes stealing passwords dead simple
http://news.hitb.org/content/freemium-phishing-service-makes-stealing-passwords-dead-simple
http://thenextweb.com/security/2016/09/06/russian-phishing-service-makes-stealing-passwords-easy-sharing-link/
https://blog.fortinet.com/2016/08/31/fake-game-the-emergence-of-a-phishing-as-a-service-platform
=> hxxp://fakeg.ru/admin/

Une clé USB pirate suffit à voler vos identifiants Windows ou macOS
http://www.01net.com/actualites/une-cle-usb-pirate-suffit-a-voler-vos-identifiants-windows-ou-macos-1034836.html

ATTACK LEVERAGES WINDOWS SAFE MODE
https://threatpost.com/attack-leverages-windows-safe-mode/120622/

FBI ENCOURAGING RANSOMWARE VICTIMS TO REPORT INFECTIONS
https://threatpost.com/fbi-encouraging-ransomware-victims-to-report-infections/120656/

Dark Web drug sales dominated by organised crime
http://news.hitb.org/content/dark-web-drug-sales-dominated-organised-crime
http://www.cbronline.com/news/cybersecurity/business/dark-web-drug-sales-dominated-by-organised-crime-5009316

Malicious Android Apps Due To Increase By 400 Percent In 2016
http://news.hitb.org/content/malicious-android-apps-due-increase-400-percent-2016
http://www.techweekeurope.co.uk/security/malicious-android-apps-increase-by-400-percent-198004
https://www.webroot.com/us/en/business/resources/threat-trends/sept-2016
https://webroot-cms-cdn.s3.amazonaws.com/3714/7388/4216/September-2016_Webroot_Quarterly_Threat_Trends_us.pdf

Some Cisco Customers Are Being Hacked With NSA's Exploit Tools
http://news.hitb.org/content/some-cisco-customers-are-being-hacked-nsas-exploit-tools


FAILLES
-------

Xiaomi, le fabricant chinois, a installé une énorme backdoor dans vos smartphones
http://www.01net.com/actualites/xiaomi-le-fabricant-chinois-a-installe-une-enorme-backdoor-dans-vos-smartphones-1037750.html

ORACLE PATCHES RECORD 276 VULNERABILITIES WITH JULY CRITICAL PATCH UPDATE
https://threatpost.com/oracle-patches-record-276-vulnerabilities-with-july-critical-patch-update/119373/

Le nombre de correctifs dépasse le précédent chiffre le plus haut, 248 patches qui avait eu lieu en Janvier 2016. Il représente également plus du double de vulnérabilités que celles remontées lors du dernier et marques plus que doubler le montant des vulnérabilités traitées par la société dans son dernier Critical Patch Update en Avril. 159 au total, peuvent être exploitées à distance sans authentification. Oracle Fusion Middleware est le logiciel le plus touché avec 35 vulnérabilités sur 40 exploitables à distance affectant le logiciel.
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

DRUPAL PATCHES THREE VULNERABILITIES IN CORE ENGINE
https://threatpost.com/drupal-patches-three-vulnerabilities-in-core-engine/120816/

Une faille dans Tor et Firefox met en danger l'anonymat de l'utilisateur
http://www.01net.com/actualites/une-faille-dans-tor-et-firefox-met-en-danger-l-anonymat-de-l-utilisateur-1038623.html

OUTILS
------

Le navigateur Opera et son VPN gratuit sont enfin accessibles à tous
http://www.01net.com/actualites/le-navigateur-opera-et-son-vpn-gratuit-sont-enfin-accessibles-a-tous-1038979.html


------------

01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml

Published by pseudonyme
commenter cet article
23 septembre 2016 5 23 /09 /septembre /2016 20:07

De manière générale, j'aime assez le côté direct et percutant des slogans anglais.

Ce site n'échappe pas à règle. Direct, Efficace, la classe

https://takefive-stopfraud.org.uk

Tristan

Published by pseudonyme
commenter cet article
8 août 2016 1 08 /08 /août /2016 21:28

==============================================================================================================================================

Le principe de la veille hebdomadaire c'est qu'elle parait toutes les semaines. Bon là, je dois l'avouer, on est plus sur une veille mensuelle voir bimestrielle....Mais j'ai quelques activités qui m'occupent un peu.

Bon alors je publie pour août et je vous souhaite une bonne lecture.

Tristan
==============================================================================================================================================


A LIRE SECURITE
---------------

PROJECTSAURON APT ON PAR WITH EQUATION, FLAME, DUQU
https://threatpost.com/projectsauron-apt-on-par-with-equation-flame-duqu/119725/
https://cdn.securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf

Intel embarque-t-il une porte dérobée dans toutes ses puces ?
http://www.01net.com/actualites/intel-embarque-t-il-une-porte-derobee-dans-ses-puces-985396.html

Fake Boarding Pass App Gets Hacker Into Fancy Airline Lounges
https://www.wired.com/2016/08/fake-boarding-pass-app-gets-hacker-fancy-airline-lounges/
https://www.youtube.com/watch?time_continue=95&v=7829-HtV3uo

Intel x86s hide another CPU that can take over your machine (you can't audit it)
http://boingboing.net/2016/06/15/intel-x86-processors-ship-with.html

How to really fix the latest Adobe Flash security hole
http://news.hitb.org/content/how-really-fix-latest-adobe-flash-security-hole
http://www.zdnet.com/article/the-real-adobe-flash-fix-is-in/ [Un bon Tips and Tricks pour utilisateur]

So, Just Why Is 18atcskd2w Such a Popular Password? [La présence des bots....]
http://www.tripwire.com/state-of-security/featured/so-just-why-is-18atcskd2w-such-a-popular-password/

The curious tale of Ethereum: How a hacker stole $53m in digital currency and could legally keep it
http://news.hitb.org/content/curious-tale-ethereum-how-hacker-stole-53m-digital-currency-and-could-legally-keep-it
http://www.ibtimes.co.uk/curious-tale-ethereum-how-hacker-stole-53m-digital-currency-could-legally-keep-it-1566524

EMAIL SERVERS FOR MORE THAN HALF OF WORLD’S TOP SITES CAN BE SPOOFED
https://threatpost.com/email-servers-for-more-than-half-of-worlds-top-sites-can-be-spoofed/118840/
https://blog.detectify.com/2016/06/20/misconfigured-email-servers-open-the-door-to-spoofed-emails-from-top-domains/

VIDEO: Exploit Kits: Hunting The Hunters
http://news.hitb.org/content/video-exploit-kits-hunting-hunters

A starter guide for biometrics in security
http://news.hitb.org/content/starter-guide-biometrics-security
http://www.computerweekly.com/opinion/Security-Think-Tank-A-starter-guide-for-biometrics-in-security

The future of Node.js: Stable, secure, everywhere
http://news.hitb.org/content/future-nodejs-stable-secure-everywhere
http://www.javaworld.com/article/3103520/javascript/the-future-of-nodejs-stable-secure-everywhere.html#tk.rss_all

DOSSIERS
--------

The FBI Says Its Malware Isn’t Malware Because the FBI Is Good
http://news.hitb.org/content/fbi-says-its-malware-isn’t-malware-because-fbi-good

BANQUES
-------

Singapore banks adopt voice biometrics for user authentication
http://news.hitb.org/content/singapore-banks-adopt-voice-biometrics-user-authentication

Hackers hit central banks in Indonesia and South Korea
http://news.hitb.org/content/?hackers-hit-central-banks-indonesia-and-south-korea
http://www.zdnet.com/article/hackers-hit-central-banks-in-indonesia-and-south-korea/#ftag=RSSbaffb68

INSOLITE
--------

UN PETIT GESTE POUR LA PLANETE
------------------------------

PUBLIC, PRIVATE SECTOR TEAM TO FIGHT RANSOMWARE
https://threatpost.com/public-private-sector-team-to-fight-ransomware/119484/

FACEBOOK AND SOCIAL NETWORKS
----------------------------


A BOOKMARKER
------------


SALONS / CONFERENCES / EVENEMENTS
---------------------------------

DARPA's Cyber Grand Challenge Aims To Beat Viruses for Good
http://news.hitb.org/content/darpas-cyber-grand-challenge-aims-beat-viruses-good

PRODUITS
--------

Avast Nitro, le nouvel antivirus qui dynamite les malwares grâce au cloud
http://www.01net.com/actualites/avast-nitro-dynamite-les-malwares-grace-au-cloud-991054.html

BON A SAVOIR
------------

How Your Smartwatch or Fitness Tracker Could Reveal Your ATM PIN
http://www.tripwire.com/state-of-security/featured/smartwatch-fitness-tracker-atm-pin/

New Internet Security Domains Debut
http://news.hitb.org/content/new-internet-security-domains-debut
http://www.darkreading.com/cloud/new-internet-security-domains-debut-/d/d-id/1326526?_mc=RSS_DR_EDT
=> .security and .protection

Four US firms rule the world's cloud infrastructure
http://news.hitb.org/content/four-us-firms-rule-worlds-cloud-infrastructure
http://www.infoworld.com/article/3102885/cloud-computing/four-us-firms-rule-the-worlds-cloud-infrastructure.html
https://www.srgresearch.com/articles/amazon-leads-microsoft-ibm-google-chase-others-trail

KASPERSKY LAB LAUNCHES BUG BOUNTY PROGRAM
https://threatpost.com/kaspersky-lab-launches-bug-bounty-program/119586/

La Cnil lance une consultation publique sur le règlement européen sur la protection des données
http://www.les-infostrateges.com/actu/16062205/la-cnil-lance-une-consultation-publique-sur-le-reglement-europeen-sur-la-protection-des-donnees

Apple Pay arrive en France : 20 questions pour tout savoir sur le service de paiement
http://www.01net.com/actualites/apple-pay-arrive-en-france-20-questions-pour-tout-savoir-sur-le-service-de-paiement-sans-contact-984903.html

Ex-Google engineer launches blockchain-based system for banks
http://news.hitb.org/content/ex-google-engineer-launches-blockchain-based-system-banks
http://www.reuters.com/article/us-tech-banks-blockchain-idUSKCN0ZT1S3

Social engineering: 3 golden rules to thwart hackers
http://news.hitb.org/content/social-engineering-3-golden-rules-thwart-hackers
http://www.information-age.com/technology/security/123461687/social-engineering-3-golden-rules-thwart-hackers

5 Steps Towards a Long-lasting Relationship With Your Security Data Scientist
http://www.tripwire.com/state-of-security/featured/5-steps-towards-a-long-lasting-relationship-with-your-security-data-scientist/

SCIENCES
--------

Des chercheurs allemands donnent un aperçu des disques durs du futur
http://www.01net.com/actualites/des-chercheurs-allemands-donnent-un-apercu-des-disques-durs-du-futur-990668.html

Two catalysts efficiently turn plastic trash into diesel
http://news.hitb.org/content/two-catalysts-efficiently-turn-plastic-trash-diesel
http://arstechnica.com/science/2016/06/turning-plastic-into-diesel-fuel-instead-of-trash/

Ce processeur fait battre 1000 cœurs de façon indépendante
http://www.01net.com/actualites/ce-processeur-fait-battre-1000-coeurs-de-facon-independante-990195.html

Le supercalculateur le plus puissant du monde est chinois, jusque dans ses processeurs
http://www.01net.com/actualites/le-supercalculateur-le-plus-du-monde-est-chinois-jusque-dans-ses-processeurs-990865.html

How archaeologists found the lost medieval megacity of Angkor
http://news.hitb.org/content/how-archaeologists-found-lost-medieval-megacity-angkor

Swarm, la puce du MIT qui pourrait rendre nos PC et smartphones 75 fois plus rapides
http://www.01net.com/actualites/swarm-la-puce-du-mit-qui-pourrait-rendre-nos-pc-et-smartphones-75-fois-plus-rapides-1001543.html


CONSOMMATION
------------



RACHAT / UNION
--------------



DROIT
-----

Firm pays $950,000 penalty for using Wi-Fi signals to secretly track phone users
http://news.hitb.org/content/firm-pays-950000-penalty-using-wi-fi-signals-secretly-track-phone-users

Dépôt du nom de domaine d'un client et abus de confiance
http://www.les-infostrateges.com/actu/16072217/depot-du-nom-de-domaine-d-un-client-et-abus-de-confiance

GDPR is Coming – Penalty Primer
http://www.tripwire.com/state-of-security/featured/gdpr-is-coming-penalty-primer/

Décryptage du nouveau règlement européen sur la protection des données personnelles
http://www.orange-business.com/fr/blogs/securite/lois-reglementations-standards-et-certifications/decryptage-du-nouveau-reglement-europeen-sur-la-protection-des-donnees-personnelles


MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------

CARRIERE
--------


MICROSOFT
---------



GOOGLE
------

Google's security princess talks cybersecurity
http://news.hitb.org/content/googles-security-princess-talks-cybersecurity
https://opensource.com/life/16/6/interview-parisa-tabriz-google

Google lance un groupe de recherche en Europe
http://www.les-infostrateges.com/actu/16062206/google-lance-un-groupe-de-recherche-en-europe

Google simplifie et sécurise l'accès à votre compte
http://www.01net.com/actualites/google-simplifie-la-double-authentification-d-acces-a-un-compte-990984.html

Google joue au docteur et vous aide à vous autodiagnostiquer
http://www.01net.com/actualites/google-joue-au-docteur-990943.html

Google notifies users of 4,000 state-sponsored cyber attacks per month: executive
http://news.hitb.org/content/google-notifies-users-4000-state-sponsored-cyber-attacks-month-executive

Google va blinder Chrome contre les attaques quantiques
http://www.01net.com/actualites/google-commence-a-proteger-ses-utilisateurs-contre-les-attaques-quantiques-1003041.html

Project Bloks, les petites briques Google qui vont apprendre la programmation aux enfants
http://www.01net.com/actualites/google-presente-project-bloks-les-petites-briques-qui-vont-apprendre-la-programmation-aux-enfants-997345.html
https://projectbloks.withgoogle.com

APPLE / IPHONE
--------------

PALM / PRE
----------

FREE
----

GEEK POWER
----------

LIBRE / OPEN SOURCE
-------------------

Git 2.9 Source Code Management System Is a Major Release with Many New Features
http://news.hitb.org/content/git-29-source-code-management-system-major-release-many-new-features
http://news.softpedia.com/news/git-2-9-source-code-management-system-is-a-major-release-with-many-new-features-505210.shtml

Firefox teste un système d’identités multiples pour protéger votre surf
http://www.01net.com/actualites/firefox-teste-un-systeme-d-identites-multiples-pour-surfer-sur-le-web-985318.html

New 'Hardened' Tor Browser Protects Users From FBI Hacking
http://news.hitb.org/content/new-hardened-tor-browser-protects-users-fbi-hacking
http://motherboard.vice.com/read/tor-is-teaming-up-with-researchers-to-protect-users-from-fbi-hacking
https://www.ics.uci.edu/~perl/pets16_selfrando.pdf

Interview : Opera prépare un navigateur dopé à l'intelligence artificielle
http://www.01net.com/actualites/krystian-kolondra-opera-nous-allons-lancer-un-nouveau-navigateur-pour-pc-983801.html

ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------

Your monitor can be hacked, used to spy on you
http://news.hitb.org/content/your-monitor-can-be-hacked-used-spy-you
http://www.techspot.com/news/65878-monitor-can-hacked-used-spy-you.html
Avec le code de PoC : https://github.com/redballoonshenanigans/monitordarkly
Et la présentation : http://www.redballoonsecurity.com/presentation/Recon_0xA_A_Monitor_Darkly.pdf

Necurs botnet is back online after mysterious 3-week hiatus
http://news.hitb.org/content/necurs-botnet-back-online-after-mysterious-3-week-hiatus
http://www.ibtimes.co.uk/necurs-botnet-back-online-after-mysterious-3-week-hiatus-1566873

XDEDIC SCOPE MAY BE LARGER THAN ORIGINALLY THOUGHT
https://threatpost.com/xdedic-scope-may-be-larger-than-originally-thought/118771/

AGGRESSIVE TRIADA, HORDE VARIANTS UP MOBILE MALWARE THREAT
https://threatpost.com/aggressive-triada-horde-variants-up-mobile-malware-threat/118767/

New Android malware can secretly root your phone and install programs
http://news.hitb.org/content/new-android-malware-can-secretly-root-your-phone-and-install-programs
http://www.computerworld.com/article/3087003/security/new-android-malware-can-secretly-root-your-phone-and-install-programs.html
"Some apps are clean but have a corresponding malicious version that shares the same developer certificate. The danger there is that users install the clean app but are then upgraded to the malicious version without them knowing."

ACER ECOMMERCE SITE SPILLS CREDIT CARD INFORMATION OF THOUSANDS
https://threatpost.com/acer-ecommerce-site-spills-credit-card-information-of-thousands/118760/

RAA RANSOMWARE COMPOSED ENTIRELY OF JAVASCRIPT
https://threatpost.com/raa-ransomware-composed-entirely-of-javascript/118641/

RAA Ransomware Written Entirely in JScript
http://www.tripwire.com/state-of-security/latest-security-news/raa-ransomware-written-entirely-in-jscript/

NUCLEAR, ANGLER EXPLOIT KIT ACTIVITY HAS DISAPPEARED
https://threatpost.com/nuclear-angler-exploit-kit-activity-has-disappeared/118842/

SCARCRUFT APT GROUP USED LATEST FLASH ZERO DAY IN TWO DOZEN ATTACKS
https://threatpost.com/scarcruft-apt-group-used-latest-flash-zero-day-in-two-dozen-attacks/118642/

GOTOMYPC SUFFERS MAJOR PASSWORD REUSE ATTACK
https://threatpost.com/gotomypc-suffers-major-password-reuse-attack/118781/

LOCK PICKING
------------

Hacker Unlocks ‘High Security’ Electronic Safes Without a Trace
http://news.hitb.org/content/hacker-unlocks-‘high-security’-electronic-safes-without-trace
https://www.wired.com/2016/08/hacker-unlocks-high-security-electronic-safes-without-trace/


FAILLES
-------

VERT Threat Alert: June 2016 Patch Tuesday Analysis
http://www.tripwire.com/state-of-security/featured/vert-june-2016-patch-tuesday/

ORACLE PATCHES RECORD 276 VULNERABILITIES WITH JULY CRITICAL PATCH UPDATE
https://threatpost.com/oracle-patches-record-276-vulnerabilities-with-july-critical-patch-update/119373/

GOOGLE FIXES 48 BUGS, SANDBOX ESCAPE, IN CHROME
https://threatpost.com/google-fixes-sandbox-escape-in-chrome-again/119428/

Bitdefender finds eavesdropping vulnerability in public cloud [Pas tout compris, mériterait une démo]
http://news.hitb.org/content/?bitdefender-finds-eavesdropping-vulnerability-public-cloud
http://www.zdnet.com/article/bitdefender-finds-eavesdropping-vulnerability-in-public-cloud/#ftag=RSSbaffb68

Drupal Lets Remote Authenticated Users Gain Elevated Privileges and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1036130

Comment votre Freebox peut être piratée à distance via... sa télécommande
http://www.01net.com/actualites/comment-pirater-a-distance-la-freebox-de-son-voisin-par-le-reseau-zigbee-1000111.html

OUTILS
------

MIT ANONYMITY NETWORK RIFFLE PROMISES EFFICIENCY, SECURITY
https://threatpost.com/mit-anonymity-network-riffle-promises-efficiency-security/119254/

Now it’s easy to see if leaked passwords work on other sites
http://news.hitb.org/content/now-it’s-easy-see-if-leaked-passwords-work-other-sites
http://arstechnica.com/security/2016/07/password-reuse-tool-makes-it-easy-to-id-vulnerable-accounts-on-other-sites/
https://github.com/philwantsfish/shard
------------

01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml

Published by pseudonyme
commenter cet article
18 juin 2016 6 18 /06 /juin /2016 20:23

==============================================================================================================================================

Ce mois-ci pas de commentaires. Promis, je vais me rattraper sur les mois à venir...ou pas...

Tristan

==============================================================================================================================================


A LIRE SECURITE
---------------

Ransomware protection is futile, but all hope is not lost
http://searchwindowsserver.techtarget.com/feature/Ransomware-protection-is-futile-but-all-hope-is-not-lost

WEKBY APT GANG USING DNS TUNNELING FOR COMMAND AND CONTROL
https://threatpost.com/wekby-apt-gang-using-dns-tunneling-for-command-and-control/118303/
http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/

Malicious macro using a sneaky new trick [Assez joli, bon à savoir]
https://blogs.technet.microsoft.com/mmpc/2016/05/17/malicious-macro-using-a-sneaky-new-trick/

Understanding Prioritization – Patches and Vulnerabilities
http://www.tripwire.com/state-of-security/featured/understanding-prioritization/

Accéder directement au port USB via un site web
ZATAZ http://www.zataz.com/acceder-directement-port-usb-via-site-web/#ixzz480Tsjtyb
https://wicg.github.io/webusb/

IBM’S WATSON SUPERCOMPUTER TAKES ON SECURITY
https://threatpost.com/ibms-watson-supercomputer-takes-on-security/117999/

Les trackers publicitaires nous espionnent avec de plus en plus d’ingéniosité
http://www.01net.com/actualites/les-trackers-publicitaires-nous-espionnent-avec-plus-en-plus-d-ingeniosite-975647.html
https://webtransparency.cs.princeton.edu/webcensus/index.html
http://randomwalker.info/publications/OpenWPM_1_million_site_tracking_measurement.pdf

Financial Services: A Positive Shift in Cyber Security Posture
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/financial-services-a-positive-shift-in-cyber-security-posture/

Programmer sans coder ? Tout le monde peut le faire en entreprise [Ca va remuer les DSI et les RSSI et tout le monde en fait]
http://www.larevuedudigital.com/2016/05/12/programmer-sans-coder-tout-le-monde-peut-le-faire-en-entreprise/

DOSSIERS
--------

BANQUES
-------

SWIFT WARNS OF SECOND BANK ATTACK VIA PDF MALWARE
https://threatpost.com/swift-warns-of-second-bank-attack-via-pdf-malware/118078/
https://www.swift.com/insights/press-releases/swift-customer-communication_customer-security-issues

INSOLITE
--------

Software Update Destroys $286 Million Japanese Satellite
http://news.hitb.org/content/software-update-destroys-286-million-japanese-satellite

UN PETIT GESTE POUR LA PLANETE
------------------------------

MASTER DECRYPTION KEY RELEASED FOR TESLACRYPT RANSOMWARE
https://threatpost.com/master-decryption-key-released-for-teslacrypt-ransomware/118179/

Tor Browser passe en version 6.0 et privilégie le moteur de recherche DuckDuckGo
http://www.01net.com/actualites/tor-browser-passe-en-version-6-0-tout-en-honnissant-microsoft-bing-979048.html

FACEBOOK AND SOCIAL NETWORKS
----------------------------


A BOOKMARKER
------------

Open data : Liste de portails d'accès à la réutilisation des informations publiques dans le monde
http://www.les-infostrateges.com/actu/16052184/open-data-liste-de-portails-d-acces-a-la-reutilisation-des-informations-publiques-dans-le-monde
http://www.precisement.org/blog/Des-listes-de-portails-open-data.html


SALONS / CONFERENCES / EVENEMENTS
---------------------------------

Innorobo : le plus gros évènement robotique européen débarque à Paris
http://www.01net.com/actualites/innorobo-le-plus-gros-evenement-robotique-europeen-debarque-a-paris-976493.html

Innorobo : nos quatre coups de coeur du salon 2016
http://www.01net.com/actualites/innorobo-les-4-solutions-les-plus-innovantes-du-salon-977186.html

PRODUITS
--------


Going deeper with Project Infinite
https://blogs.dropbox.com/tech/2016/05/going-deeper-with-project-infinite/

Knocki transforme n’importe quelle surface en commande à distance
http://www.01net.com/actualites/knocki-transforme-n-importe-quelle-surface-en-commande-a-distance-975148.html


BON A SAVOIR
------------

Bitcoin : Craig Wright, le faux Satoshi Nakamoto, vous dit adieu
http://www.01net.com/actualites/bitcoin-craig-wright-le-faux-satoshi-nakamoto-vous-dit-adieu-972125.html

Une cartographie des initiatives et outils pour la vie privée sur internet
http://www.les-infostrateges.com/actu/16062196/une-cartographie-des-initiatives-et-outils-pour-la-vie-privee-sur-internet
http://linc.cnil.fr/design-de-la-privacy-une-cartographie-de-veille-enrichir

NASA releases dozens of patents into the public domain
http://news.hitb.org/content/nasa-releases-dozens-patents-public-domain

Les cyber attaques ont un impact sur la confiance des consommateurs envers les grandes marques
http://www.les-infostrateges.com/actu/16052186/les-cyber-attaques-ont-un-impact-sur-la-confiance-des-consommateurs-envers-les-grandes-marques

* Plus de la moitié des consommateurs interrogés (53%) déclarent prendre la sécurité de leurs données personnelles en considération lorsqu’ils achètent des produits et services ;
* 71% des consommateurs interrogés divulgueront dans l’avenir moins de données personnelles aux organisations qui leur fournissent des produits et des services, en conséquence des cyber attaques majeures qui ont eu lieu l’année dernière ;
* Près de la moitié (42%) des consommateurs seraient prêts à payer plus un fournisseur de service garantissant une meilleure sécurité des données ;
* 54% des consommateurs déclarent qu’ils engageraient des poursuites judiciaires contre leurs fournisseurs de produits et services si leurs données personnelles étaient volées ou utilisées à des fins criminelles à la suite d’une cyber attaque.
* 13% des personnes interrogées déclarent que la sécurité de leurs données personnelles est désormais leur principale préoccupation lorsqu’elles achètent des produits et services.

SCIENCES
--------

LG’s new fingerprint sensor can neither be felt nor seen
http://news.hitb.org/content/lg’s-new-fingerprint-sensor-can-neither-be-felt-nor-seen
http://www.androidauthority.com/screen-lgs-new-fingerprint-sensor-neither-felt-seen-690272/

ACADEMICS MAKE THEORETICAL BREAKTHROUGH IN RANDOM NUMBER GENERATION
https://threatpost.com/academics-make-theoretical-breakthrough-in-random-number-generation/118150/

Et si le futur de nos PC dépendait d’une technologie vieille de plus de cent ans ?
http://www.01net.com/actualites/le-futur-de-nos-pc-depend-peut-etre-d-une-technologie-vieille-de-plus-de-cent-ans-981423.html


CONSOMMATION
------------



RACHAT / UNION
--------------

Equinix cède huit de ses datacenters européens à Digital Realty
http://www.lemagit.fr/actualites/450296510/Equinix-cede-huit-de-ses-datacenters-europeens-a-Digital-Realty

Magic Leap Acquires Israeli Cyber Security Company NorthBit
http://news.hitb.org/content/magic-leap-acquires-israeli-cyber-security-company-northbit
http://www.bloomberg.com/news/articles/2016-04-18/magic-leap-acquires-israeli-cyber-security-company-northbit

DROIT
-----


MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------

CARRIERE
--------

Twitter : un réseau social de plus en plus prisé pour la recherche d'emploi
http://www.les-infostrateges.com/actu/16052188/twitter-un-reseau-social-de-plus-en-plus-prise-pour-la-recherche-d-emploi
http://fr.slideshare.net/PagePersonnel/infographie-twitter-lemploi-et-vous/1

MICROSOFT
---------

MICROSOFT SHA-1 DEPRECATION FINAL COUNTDOWN BEGINS
https://threatpost.com/microsoft-sha-1-deprecation-final-countdown-begins/117783/


GOOGLE
------

Google a-t-il enfin trouvé la solution pour nous débarrasser des mots de passe ?
http://www.01net.com/actualites/android-un-score-de-confiance-remplacera-vos-mots-de-passe-d-ici-la-fin-d-annee-976742.html

Google va vous autoriser à partager vos applications Android payantes
http://www.01net.com/actualites/google-autorise-les-familles-a-partager-leurs-applications-payantes-975456.html

Google lance Spaces, une application de partage en petit comité
http://www.01net.com/actualites/google-lance-spaces-une-application-de-partage-en-petit-groupe-974827.html

APPLE / IPHONE
--------------

PALM / PRE
----------

FREE
----

GEEK POWER
----------

LIBRE / OPEN SOURCE
-------------------


ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------

Utility Company Infected with Ransomware, Shuts Down Network, Email and Phone Lines
http://www.tripwire.com/state-of-security/latest-security-news/utility-company-infected-with-ransomware-shuts-down-network-email-and-phone-lines/

FBI Warns of a Rise in Ransomware Attacks
http://www.tripwire.com/state-of-security/latest-security-news/fbi-warns-of-a-rise-in-ransomware-attacks/

Hackers can break into your company using $700 worth of parts from Amazon and eBay
http://news.hitb.org/content/hackers-can-break-your-company-using-700-worth-parts-amazon-and-ebay
http://bgr.com/2016/05/02/hackers-rfid-badge-security/
http://www.amazon.com/RFID-Blocking-Sleeve-Protect-Yourself/dp/B00QXZLER4?tag=b0c55-20

Whaling: Tracing the Evolution of Phishing Attacks
http://www.tripwire.com/state-of-security/security-awareness/whaling-attacks-tracing-the-evolution-of-phishing-attacks/

CEO swindle – 43 personnes arrêtées dans un vaste réseau de piratage
http://www.zataz.com/ceo-swindle-arrestation-pirate-scam/#wIgrJyUCLbqbCWC2.99

BUCBI RANSOMWARE GETS A BIG MAKEOVER
https://threatpost.com/bucbi-ransomware-gets-a-big-makeover/117938/

CERBER RANSOMWARE ON THE RISE, FUELED BY DRIDEX BOTNETS
https://threatpost.com/cerber-ransomware-on-the-rise-fueled-by-dridex-botnets/118090/
“In the HTTP Request Headers, it sets the value of Range Header to: “bytes=11193-“. This indicates to the web server to return only the content starting at offset 11,193 of the JPG file,” FireEye wrote.

SWIFT WARNS OF SECOND BANK ATTACK VIA PDF MALWARE
https://threatpost.com/swift-warns-of-second-bank-attack-via-pdf-malware/118078/
https://www.swift.com/insights/press-releases/swift-customer-communication_customer-security-issues

LATEST PETYA RANSOMWARE STRAIN COMES WITH A FAILSAFE: MISCHA
https://threatpost.com/latest-petya-ransomware-strain-comes-with-a-failsafe-mischa/118072/

LINKEDIN IS LATEST CONTRIBUTOR TO BREACH FATIGUE
https://threatpost.com/linkedin-is-latest-contributor-to-breach-fatigue/118272/

Des hackers ont trouvé l'arme absolue pour pirater vos cartes bancaires
http://www.01net.com/actualites/des-pirates-ont-trouve-l-arme-absolue-pour-pirater-vos-cartes-bancaires-976389.html

Plus de 100 millions de mots de passe LinkedIn en vente sur le DarkWeb
http://www.01net.com/actualites/plus-de-100-millions-de-mots-de-passe-linkedin-en-vente-sur-le-darkweb-975506.html

UBIQUITI NETWORKS GEAR TARGETED BY WORM
https://threatpost.com/ubiquiti-networks-gear-targeted-by-worm/118185/

APT GROUPS FINDING SUCCESS WITH PATCHED MICROSOFT FLAW
https://threatpost.com/apt-groups-finding-success-with-patched-microsoft-flaw/118298/

Attraper un malware par un simple copier-coller, c'est possible!
http://www.01net.com/actualites/attraper-un-malware-par-un-simple-copier-coller-de-texte-c-est-possible-977920.html

CRYPTXXX RANSOMWARE JUMPS FROM ANGLER TO NEUTRINO EXPLOIT KIT
https://threatpost.com/cryptxxx-ransomware-jumps-from-angler-to-neutrino-exploit-kit/118570/

Neutrino EK and CryptXXX
https://isc.sans.edu/forums/diary/Neutrino+EK+and+CryptXXX/21141/

FAILLES
-------

OPENSSL PATCHES TWO HIGH-SEVERITY VULNERABILITIES
https://threatpost.com/openssl-patches-two-high-severity-vulnerabilities/117792/

VERT Threat Alert: May 2016 Patch Tuesday Analysis
http://www.tripwire.com/state-of-security/featured/vert-threat-alert-may-2016-patch-tuesday-analysis/

Android : une faille vieille de 5 ans permet de lancer des attaques furtives
http://www.01net.com/actualites/android-une-faille-vieille-de-5-ans-permet-de-lancer-des-attaques-furtives-972897.html

OUTILS
------



------------

01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml

Published by pseudonyme
commenter cet article
18 mai 2016 3 18 /05 /mai /2016 05:37

Très bon article de l'équipe TALOS de Cisco sur les ransomwares : l'historique, le présent et quelques spéculations loin d'être fantaisistes à mon avis. C'est bien écrit, clair et plutôt bien vu.

Ransomware: Past, Present, and Future
http://blog.talosintel.com/2016/04/ransomware.html

Très bonne lecture

Tristan

Published by pseudonyme
commenter cet article
17 mai 2016 2 17 /05 /mai /2016 20:01

Pornhub offering hackers $25,000 to penetrate its security
http://news.hitb.org/content/pornhub-offering-hackers-25000-penetrate-its-security

.... et l'excuse qui va avec : "Je t'assure, c'est pour le boulot, je n'y prends aucun plaisir ;-))"

Published by pseudonyme
commenter cet article
3 mai 2016 2 03 /05 /mai /2016 06:53

==============================================================================================================================================

Cette semaine, ça fait un bail que je n'ai pas écrit et certains me l'ont fait remarqué à juste titre.
Donc allez hop, je me lance. Je livre ce que j'ai pu collecter. Il y a du lourd et du moins lourd. Dans le lourd, vous trouverez :
- la mise au point d'une intelligence artificielle pour lutter contre les cyberattaques. Derrière ces mots pompeux, il semble y avoir pas mal de boulot (MIT) et une petite dose de publicité (société PatternX). Ceci dit, c'est quand même une belle avancée même si nous n'en sommes qu'au début.
- les informations sur la stratégie "BeyondCorp" (pas Beyoncé hein attention !) de Google sur la défense non périmétrique. A mon avis, c'est une bonne piste à suivre car Google considère que tout doit être analysé dans la mesure où on ne peut plus avoir confiance dans la sécurité périmétrique. De ce fait, cela remonte le niveau de contrôle et apporte une vue sécurité plus complète.
- Chez Airbus, on parle sans tabou de ce qui se passe avec une phrase que j'aime entendre : ces pirates-là « existent, et ils entrent » en parlant des attaquants liés à un État. Ça change un peu des discours irréalistes et surtout, quand on lit les autres exemples cités, on voit bien que malgré l'avancée technologique certaine d'Airbus, ils sont aussi touchés par des codes malveillants ......comme tout le monde. Ça donnerait presque envie de bosser là-bas
- un très bon post sur le problème lié à un changement forcé et trop régulier de mot de passe (ça change aussi des discours toujours identiques)
- la section SCIENCES également contient des inventions et des recherches vraiment novatrices.
- la section DROIT pointe sur un vrai bon site pour comprendre de manière pratique le nouveau règlement européen sur la protection des données à caractère personnel.

Pour le moins lourd, il y a tout le reste.

Ah oui aussi !!! Pensez à patcher vos navigateurs. Entre Firefox et Chrome, ça peut valoir le coup.

ATTENTION SPOILER : Je ne suis pas l'inventeur du Bitcoin !!! D'autres essaient de se vendre comme tel. Info ou Intox ? A suivre

Bonne lecture
Tristan
==============================================================================================================================================


A LIRE SECURITE
---------------

Comment le MIT a entraîné une intelligence artificielle à détecter les cyberattaques
http://www.01net.com/actualites/detecter-les-cyberattaques-grace-a-l-intelligence-artificielle-967988.html
http://news.hitb.org/content/mit-builds-ai-bot-spots-85-cent-hacker-invasions
http://www.theregister.co.uk/2016/04/18/ai_bot_spots_hacking_attacks/
https://people.csail.mit.edu/kalyan/AI2_Paper.pdf
http://www.presse-citron.net/lintelligence-artificielle-et-les-humains-vont-travailler-ensemble-contre-les-cyberattaques/ (remonté par Yann Ga. merci)

BeyondCorp : Google détaille son approche de la sécurité sans périmètre
http://www.lemagit.fr/etude/BeyondCorp-Google-detaille-son-approche-de-la-securite-sans-perimetre
https://static.googleusercontent.com/media/research.google.com/fr//pubs/archive/44860.pdf [Le dernier en date, correction du lie, MAG IT]
http://static.googleusercontent.com/media/research.google.com/fr//pubs/archive/43231.pdf [date de 2014]

Google found 760,935 compromised web sites in a year
http://www.theregister.co.uk/2016/04/19/google_80000_sites_breached/?mt=1461091431022
https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/44924.pdf

The problems with forcing regular password expiry
https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry

Neutrino Exploit Kit Analysis and Threat Indicators
https://www.sans.org/reading-room/whitepapers/malicious/neutrino-exploit-kit-analysis-threat-indicators-368924

Creating a Malware/Ransomware Defendable Network [Pas vraiment spécifique aux ransomwares, mais une bonne checklist]
http://www.tripwire.com/state-of-security/incident-detection/creating-a-malwarerasomware-defendable-network/

Airbus : cible alléchante pour pirates talentueux
http://www.lemagit.fr/actualites/450281229/Airbus-cible-allechante-pour-pirates-talentueux

Comptes à hauts privilèges : 6 raisons de s'en préoccuper
http://www.orange-business.com/fr/blogs/securite/bonnes-pratiques/comptes-hauts-privileges-6-raisons-de-s-en-preoccuper

How attackers are quietly creeping inside your perimeter
http://news.hitb.org/content/how-attackers-are-quietly-creeping-inside-your-perimeter
http://www.information-age.com/technology/security/123461309/how-attackers-are-quietly-creeping-inside-your-perimeter-using-covert-attack-communications

Detecting and dealing with the stealthiest cyberattacks
http://news.hitb.org/content/detecting-and-dealing-stealthiest-cyberattacks
http://www.itproportal.com/2016/04/25/detecting-and-dealing-with-the-stealthiest-cyberattacks/

DOSSIERS
--------

Details about Juniper's Firewall Backdoor
https://www.schneier.com/blog/archives/2016/04/details_about_j.html

L’armée américaine veut créer une messagerie ultrasécurisée inspirée du Bitcoin
http://www.01net.com/actualites/l-armee-americaine-veut-creer-une-messagerie-ultrasecurisee-inspiree-du-bitcoin-969528.html

BANQUES
-------

FOLLOW THE MONEY: DISSECTING THE OPERATIONS OF THE CYBER CRIME GROUP FIN6
https://www.fireeye.com/blog/threat-research/2016/04/follow_the_money.html
https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf

POS ATTACKS NET CROOKS 20 MILLION STOLEN BANK CARDS
https://threatpost.com/pos-attacks-net-crooks-20-million-stolen-bank-cards/117595/

BANGLADESH BANK HACKERS ACCESSED SWIFT SYSTEM TO STEAL, COVER TRACKS
https://threatpost.com/bangladesh-bank-hackers-accessed-swift-system-to-steal-cover-tracks/117637/

ATTACKERS BEHIND GOZNYM TROJAN SET SIGHTS ON EUROPE
https://threatpost.com/attackers-behind-goznym-trojan-set-sights-on-europe/117647/

Qatar National Bank claims customer data released by hackers is authentic
http://news.hitb.org/content/qatar-national-bank-claims-customer-data-released-hackers-authentic

How To Bolster Banking Technology Infrastructure and Address Cyber Risks
http://www.tripwire.com/state-of-security/featured/banking-tech-infrastructure-cyber-risks/

Les banques travaillent leur présence sur les réseaux sociaux
http://www.les-infostrateges.com/actu/16042179/les-banques-travaillent-leur-presence-sur-les-reseaux-sociaux

Banking and Cybersecurity: Can They Help Prevent the Next Terrorist Attack? [A mon avis pas si simple, mais la question est intéressante]
http://www.tripwire.com/state-of-security/featured/integrated-approach-ahead-criminal/

Marcher banking malware hitting Android phones in Australia
http://news.hitb.org/content/marcher-banking-malware-hitting-android-phones-australia
http://www.pcauthority.com.au/News/418933,marcher-banking-malware-hitting-android-phones-in-australia.aspx

Hacker who stole from banks ordered to pay $7 million [Arghhh le crime ne paie plus]
http://news.hitb.org/content/hacker-who-stole-banks-ordered-pay-7-million

BIG DATA
--------

Un guide pratique consacré à la révolution data
http://www.les-infostrateges.com/actu/16042174/un-guide-pratique-consacre-a-la-revolution-data
https://fr.calameo.com/read/004059613efc709cb5836 |Preview]

POPULISME ET CYBERSECURITE
--------------------------

Le flot montant de la cybercriminalité polonaise [Au delà du titre raccoleur, quelque informations pertinentes]
https://www.lexsi.com/securityhub/le-flot-montant-de-la-cybercriminalite-polonaise/

INSOLITE
--------

Il a hacké Facebook et découvert la présence… d’un autre hacker
http://www.01net.com/actualites/il-a-hacke-facebook-et-decouvert-la-presence-d-un-autre-hacker-969617.html

Researcher Compromises Facebook System, Finds Someone’s Already Been There
http://www.tripwire.com/state-of-security/latest-security-news/researcher-compromises-facebook-system-finds-someones-already-been-there/

UN PETIT GESTE POUR LA PLANETE
------------------------------

Eurocops get new cyber powers to hunt down terrorists, criminals
http://news.hitb.org/content/eurocops-get-new-cyber-powers-hunt-down-terrorists-criminals

FACEBOOK AND SOCIAL NETWORKS
----------------------------


A BOOKMARKER
------------


SALONS / CONFERENCES / EVENEMENTS
---------------------------------

Retail Cyber Intelligence Summit: A Forum for Community and Security
http://www.tripwire.com/state-of-security/featured/retail-cyber-intelligence-summit-a-forum-for-community-and-security/
http://summit.r-cisc.org

Top Resources for Infosec Professionals – Retail Industry
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/top-resources-for-infosec-professionals-retail-industry/

Hacking Competition Challenged UK Cyber Security Students
http://www.tripwire.com/state-of-security/latest-security-news/hacking-competition-challenged-uk-information-security-students/

PRODUITS
--------



BON A SAVOIR
------------

Bientôt l’authentification des périphériques USB-C
http://www.lemagit.fr/actualites/450281278/Bientot-lauthentification-des-peripheriques-USB-C

SHORT URLS A BIG PROBLEM FOR CLOUD COLLABORATION, STORED DATA
https://threatpost.com/short-urls-a-big-problem-for-cloud-collaboration-stored-data/117447/

Australia says it can hack enemies as it invests $230 million in cyber security
http://news.hitb.org/content/australia-says-it-can-hack-enemies-it-invests-230-million-cyber-security

Cloud : de la découverte du Shadow IT à celle du Shadow Data
http://www.orange-business.com/fr/blogs/securite/securite-applicative/cloud-de-la-decouverte-du-shadow-it-celle-du-shadow-data

« Satoshi est mort », le prétendu inventeur du Bitcoin sort de l'ombre
http://www.01net.com/actualites/satoshi-est-mort-le-pretendu-inventeur-du-bitcoin-sort-de-l-ombre-971378.html

Craig Wright 'proves' he is Bitcoin creator Satoshi Nakamoto
http://news.hitb.org/content/craig-wright-proves-he-bitcoin-creator-satoshi-nakamoto
http://phys.org/news/2016-05-australian-entrepreneur-reveals-bitcoin-creator.html

SCIENCES
--------

Your brain’s reaction to celeb pics may create the most secure form of ID
http://news.hitb.org/content/your-brain’s-reaction-celeb-pics-may-create-most-secure-form-id
http://arstechnica.com/science/2016/04/your-brains-reaction-to-celeb-pics-may-create-the-most-secure-form-of-id/
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7435286

Des chercheurs créent par accident une batterie quasi increvable
http://www.01net.com/actualites/des-chercheurs-creent-par-accident-une-batterie-qui-tient-200-000-cycles-969632.html

Wisp, un ordinateur miniature alimenté seulement par des ondes électromagnétiques
http://www.01net.com/actualites/wisp-un-ordinateur-miniature-alimente-seulement-par-des-ondes-electromagnetiques-970366.html

Intelligence artificielle: après le jeu de Go, les chercheurs se penchent sur Doom
http://www.01net.com/actualites/intelligence-artificielle-apres-le-jeu-de-go-les-chercheurs-se-penchent-sur-doom-969918.html

CONSOMMATION
------------



RACHAT / UNION
--------------



DROIT
-----

Un site pour tout comprendre sur le nouveau Règlement général sur la protection des données de l'UE
http://www.les-infostrateges.com/actu/16042175/un-site-pour-tout-comprendre-sur-le-nouveau-reglement-general-sur-la-protection-des-donnees-de-l-ue
http://www.gdpr-expert.eu/

Android dans le viseur de la Commission européenne
http://www.01net.com/actualites/android-dans-le-collimateur-de-la-commission-europeenne-968357.html

EIDAS et la protection des données personnelles
http://www.orange-business.com/fr/blogs/securite/lois-reglementations-standards-et-certifications/eidas-et-la-protection-des-donnees-personnelles

MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------

CARRIERE
--------

Why it’s easier to fix a broken product than a broken team
http://news.hitb.org/content/why-it’s-easier-fix-broken-product-broken-team
http://venturebeat.com/2016/04/27/hiring-to-win-why-its-easier-to-fix-a-broken-product-than-a-broken-team/

MICROSOFT
---------

Skype, désormais accessible sur le web et sans plug-in
http://www.01net.com/actualites/skype-desormais-accessible-sur-le-web-et-sans-plug-in-967698.html

Microsoft lance Flow, son service d’automatisation des tâches numériques
http://www.01net.com/actualites/microsoft-lance-flow-son-service-d-automatisation-des-taches-numeriques-970818.html

GOOGLE
------


APPLE / IPHONE
--------------

PALM / PRE
----------

FREE
----

GEEK POWER
----------

LIBRE / OPEN SOURCE
-------------------


ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------

Kovter Ad Fraud Trojan Evolves Into Ransomware
http://www.securityweek.com/kovter-ad-fraud-trojan-evolves-ransomware

How hackers eavesdropped on a US Congressman using only his phone number
http://news.hitb.org/content/how-hackers-eavesdropped-us-congressman-using-only-his-phone-number
http://arstechnica.com/security/2016/04/how-hackers-eavesdropped-on-a-us-congressman-using-only-his-phone-number/

New JavaScript attack infects your phone and changes your router's DNS settings
http://news.hitb.org/content/new-javascript-attack-infects-your-phone-and-changes-your-routers-dns-settings
http://www.digitaltrends.com/web/javascript-malware-mobile/

A look at Locky ransomware
https://www.zscaler.com/blogs/research/look-locky-ransomware

Hardware-Based Keyloggers Found in the Library of a Canadian University
http://news.hitb.org/content/hardware-based-keyloggers-found-library-canadian-university

Malware authors quickly adopt SHA-2 through stolen code-signing certificates
http://news.hitb.org/content/malware-authors-quickly-adopt-sha-2-through-stolen-code-signing-certificates

Stolen usernames and passwords still cause almost a quarter of all data breaches
http://news.hitb.org/content/stolen-usernames-and-passwords-still-cause-almost-quarter-all-data-breaches

Hacking Team : comment pirater une entreprise en 6 étapes
http://www.01net.com/actualites/hacking-team-comment-pirater-une-entreprise-en-6-etapes-968431.html

This Hacker's Account of How He Infiltrated Hacking Team Says a Lot About Digital Security
http://news.hitb.org/content/hackers-account-how-he-infiltrated-hacking-team-says-lot-about-digital-security
http://gizmodo.com/this-hackers-account-of-how-he-infiltrated-hacking-team-1771504896
http://pastebin.com/raw/0SNSvyjJ

PLATINUM APT GROUP ABUSES WINDOWS HOTPATCHING
https://threatpost.com/platinum-apt-group-abuses-windows-hotpatching/117692/

FAILLES
-------

ORACLE FIXES 136 VULNERABILITIES WITH APRIL CRITICAL PATCH UPDATE
https://threatpost.com/oracle-fixes-136-vulnerabilities-with-april-critical-patch-update/117548/

Windows 10 flaw lets hackers secretly run any app on your PC
http://news.hitb.org/content/windows-10-flaw-lets-hackers-secretly-run-any-app-your-pc
http://bgr.com/2016/04/25/windows-10-applocker-security-issue/
https://gist.github.com/subTee/24c7d8e1ff0f5602092f58cbb3f7d302

FIREFOX 46 PATCHES CRITICAL MEMORY VULNERABILITIES
https://threatpost.com/firefox-46-patches-critical-memory-vulnerabilities/117698/

GOOGLE PATCHES 9 SECURITY FLAWS IN NEW CHROME BROWSER BUILD
https://threatpost.com/google-patches-9-security-flaws-in-new-chrome-browser-build/117747/

OUTILS
------

Le navigateur Opera propose un VPN gratuit et sans limite de débit
http://www.01net.com/actualites/le-navigateur-opera-propose-un-vpn-gratuit-et-sans-limite-de-debit-968657.html

Opera browser gets a free VPN – but you’ll need more than this to stay safe online
http://www.tripwire.com/state-of-security/featured/opera-vpn/

DDoS Protection With iptables: The Ultimate Guide
https://javapipe.com/iptables-ddos-protection

New MIT Scanner Finds Web App Flaws in a Minute [Presentation à venir]
https://threatpost.com/new-mit-scanner-finds-web-app-flaws-in-a-minute/117482/

5 Best Linux Distros for Installation on a USB Stick
http://news.hitb.org/content/5-best-linux-distros-installation-usb-stick
http://www.makeuseof.com/tag/5-best-linux-distros-installation-usb-stick/

Decryption Tool Released for CryptXXX Ransomware
http://www.tripwire.com/state-of-security/latest-security-news/decryption-tool-released-for-cryptxxx-ransomware/

OnionScan, le traqueur de connexions non anonymisées
http://www.zataz.com/onionscan-tor/#1wth7wvkF70BuQbw.99

------------

01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml

Published by pseudonyme
commenter cet article
19 avril 2016 2 19 /04 /avril /2016 19:26

==============================================================================================================================================

Un des effets pervers du droit à l'oubli et se son application partielle soyons honnête est la différence de résultats de recherches sur Google si vous êtes en France ou aux Etats-Unis. En bref, même si l'intention de départ est louable, cela provoque une recherche avec oeillère en Europe et une recherche pleine ailleurs. Et là ça me pose un vrai problème de qualité, pertinence de la recherche. Parce que cela démontre que Google peut vous ramener les informations qu'"on" lui a bien autorisé à remonter. Donc si "on" décide de ne pas autoriser un contenu légitime mais qui le dérange, Google est en capacité de le faire. Mais Google ne le fera pas bien sûr. Don't be evil.....

L'article sur le choix d'une app dans un store vaut le détour car elle part d'un cas concret et déroule une démarche raisonnée de choix d'application au regard de ses droits. A mon avis, bon exemple pour de la sensibilisation.

Sinon pas de commentaires en plus, je vais essayer d'être plus régulier dans mes publications. J'ai eu des critiques de la part d'un lecteur (et oui il en reste).
Pour ceux qui se perdent encore sur mon site allez aussi sur twitter, j'y suis un peu plus actif normalement : https://twitter.com/pseudonyme_ovb.

Bonne lecture
Tristan
==============================================================================================================================================


A LIRE SECURITE
---------------

Tor Users Can Be Tracked Based on Their Mouse Movements
http://news.hitb.org/content/tor-users-can-be-tracked-based-their-mouse-movements
http://news.softpedia.com/news/tor-users-can-be-tracked-based-on-their-mouse-movements-501602.shtml
http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html

LinkedIn: The Phone Book for Social Engineers
http://www.tripwire.com/state-of-security/security-awareness/linkedin-the-phone-book-for-social-engineers/

Hackers Breach DDoS Protection Firm Staminus, Leak Sensitive Data Online
http://www.tripwire.com/state-of-security/latest-security-news/hackers-breach-ddos-protection-firm-staminus-leak-sensitive-data-online/

Shining a Light on Mobile App Permissions
http://www.tripwire.com/state-of-security/security-awareness/shining-a-light-on-mobile-app-permissions/

CVE System Sees Huge Backlog, Researchers Propose Alternative
http://news.hitb.org/content/cve-system-sees-huge-backlog-researchers-propose-alternative
http://news.softpedia.com/news/cve-system-sees-huge-backlog-researchers-propose-alternative-501665.shtml

The ‘Human Firewall’ Is Dead – Long Live the People
http://www.tripwire.com/state-of-security/security-data-protection/the-human-firewall-is-dead-long-live-the-people/

Attaque par ransomware : remerciements à Alcino Pereira, RSSI de l’AFP
http://www.larevuedudigital.com/2016/03/22/attaque-par-ransomware-remerciements-a-alcino-pereira-rssi-de-lafp/
http://blogs.afp.com/makingof/?post/le-diable-se-cache-dans-la-piece-jointe

A Renewed Exigency for Cyber Essentials
http://www.tripwire.com/state-of-security/security-data-protection/a-renewed-exigency-for-cyber-essentials/

Hackers going corporate with new attack attitudes, research shows
http://news.hitb.org/content/hackers-going-corporate-new-attack-attitudes-research-shows
http://www.zdnet.com/article/hackers-going-corporate-with-new-attack-attitudes-research-shows/

Attention, les URL les plus courtes ne sont pas les meilleures
http://www.zdnet.fr/actualites/attention-les-url-les-plus-courtes-ne-sont-pas-les-meilleures-39835710.htm

BUG BOUNTY
----------

Hack the Pentagon
http://www.zataz.com/hack-the-pentagone/#axzz42frFk4K9

DOSSIERS
--------

A Government Error Just Revealed Snowden Was the Target in the Lavabit Case
http://news.hitb.org/content/government-error-just-revealed-snowden-was-target-lavabit-case

Google says 1 million Gmail accounts might have been targeted by government hackers
http://news.hitb.org/content/google-says-1-million-gmail-accounts-might-have-been-targeted-government-hackers
http://bgr.com/2016/03/25/gmail-warning-government-hackers/

INSOLITE
--------

UN PETIT GESTE POUR LA PLANETE
------------------------------




FACEBOOK AND SOCIAL NETWORKS
----------------------------

Facebook se paye l’application Masquerade
http://www.01net.com/actualites/facebook-se-paye-l-application-masquerade-958049.html

En 2098, il y aura plus de morts que de vivants sur Facebook
http://www.01net.com/mediaplayer/video/en-2098-il-y-aura-plus-de-morts-que-de-vivants-sur-facebook-773425.html

A BOOKMARKER
------------


SALONS / CONFERENCES / EVENEMENTS
---------------------------------

Exercice DEFNET 2016 : la cyberdéfense en action
http://www.ssi.gouv.fr/actualite/exercice-defnet-2016-la-cyberdefense-en-action/
http://www.zataz.com/lutte-contre-menaces-cybernetiques/#axzz43x2BBmJL

BANQUES
-------

Android banking trojan uses Flash to pinch your money
http://news.hitb.org/content/android-banking-trojan-uses-flash-pinch-your-money
http://www.theinquirer.net/inquirer/news/2450434/android-banking-trojan-uses-flash-to-pinch-your-money

Sophisticated Android Malware Targeting Australian Banking Apps
http://www.tripwire.com/state-of-security/latest-security-news/researchers-warn-of-sophisticated-android-malware-targeting-australian-banking-apps/
The Trojan first spreads onto Android devices by imitating the Adobe Flash Player application, often required by websites to play streaming video.
“While 20 banking apps have been targeted so far, there’s a high possibility the e-criminals involved will further develop this malware to attack more banking apps in the future,” he warned.

POS MALWARE TOOL ‘TREASUREHUNT’ TARGETS SMALL US-BASED BANKS, RETAILERS
https://threatpost.com/pos-malware-tool-treasurehunt-targets-small-us-based-banks-retailers/117014/
https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.html
"FireEye estimates the vulnerability has been quietly in use since 2014, noting that attackers have tweaked it over the past several months, particularly in the way the malware stores encoded POS configuration data in the NTFS alternate data streams (ADS) of the file %USERPROFILE%\ntuser.ini."



IdiOTie
-------

Le loup dans les contrats de maintenance à l’heure de l’IoT : la propriété des données
http://www.larevuedudigital.com/2016/03/11/le-loup-dans-les-contrats-de-maintenance-a-lheure-de-liot-la-propriete-des-donnees/


PRODUITS
--------



BON A SAVOIR
------------

Dropbox gears up for new EU data protection rules
http://www.computerweekly.com/news/450280565/Dropbox-gears-up-for-new-EU-data-protection-rules

Découvrez la mappemonde des sites Internet
http://www.01net.com/actualites/decouvrez-la-mappemonde-des-sites-internet-958501.html
http://www.nominet.uk/mapping-the-online-world/

Former VW employee says he was fired after questioning deletion of documents
http://news.hitb.org/content/former-vw-employee-says-he-was-fired-after-questioning-deletion-documents

Le Ministère de la Défense américain migre 4 millions de PC sur Windows 10 [Chapeau]
http://www.larevuedudigital.com/2016/02/22/le-ministere-de-la-defense-americain-migre-4-millions-de-pc-sur-windows-10/

What To Do with That Found USB Stick
http://www.tripwire.com/state-of-security/security-awareness/what-to-do-with-that-found-usb-stick/

Les drones relèvent les données dans les carrières d’Eurovia
http://www.larevuedudigital.com/2016/04/04/les-drones-relevent-les-donnees-dans-les-carrieres-deurovia/

SCIENCES
--------

Des chercheurs ont créé un support de stockage… éternel
http://www.01net.com/actualites/des-chercheurs-creent-un-support-de-stockage-eternel-952089.html

Bientôt des disques durs de 100 To ?
http://www.01net.com/actualites/bientot-des-disques-durs-de-100-to-961392-1.html

Mathematicians shocked to find pattern in “random” prime numbers
http://news.hitb.org/content/mathematicians-shocked-find-pattern-“random”-prime-numbers
https://www.newscientist.com/article/2080613-mathematicians-shocked-to-find-pattern-in-random-prime-numbers/
http://arxiv.org/abs/1603.03720

Researchers close the final loophole in device encryption with the power of nanotubes
http://news.hitb.org/content/researchers-close-final-loophole-device-encryption-power-nanotubes

New molecular scissors cut out lingering HIV—maybe once and for all
http://news.hitb.org/content/new-molecular-scissors-cut-out-lingering-hiv—maybe-once-and-all

Scientists Search for Signatures of Alien Life Hidden in Gas
http://news.hitb.org/content/scientists-search-signatures-alien-life-hidden-gas
http://www.wired.com/2016/03/scientists-search-signatures-alien-life-hidden-gas/

CONSOMMATION
------------



RACHAT / UNION
--------------

Facebook se paye l’application Masquerade
http://www.01net.com/actualites/facebook-se-paye-l-application-masquerade-958049.html

DROIT
-----

Cybersurveillance : la Cour de cassation précise les contours messages professionnels / privés
http://www.les-infostrateges.com/actu/16022138/cybersurveillance-la-cour-de-cassation-precise-les-contours-messages-professionnels-prives
http://www.legifrance.gouv.fr/affichJuriJudi.do?&idTexte=JURITEXT000031949915

Loi sur le renseignement : chaque pays met en place son big brother
http://www.zataz.com/loi-renseignement-uk/#ULJOVRiOfO8S7lpd.99

Lex.be, un moteur de recherche pour le droit belge
http://www.les-infostrateges.com/actu/16032158/lexbe-un-moteur-de-recherche-pour-le-droit-belge

Cnil : record de plaintes reçues en 2015
http://www.les-infostrateges.com/actu/16042169/cnil-record-de-plaintes-recues-en-2015

MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------

CARRIERE
--------

Getting a Foot in the Door of the Security Industry - See more at: http://blog.isc2.org/isc2_blog/2016/02/associate-security.html#sthash.75dhXVxE.dpuf
http://blog.isc2.org/isc2_blog/2016/02/associate-security.html

How to keep your highly skilled and paid security team happy and engaged
http://news.hitb.org/content/how-keep-your-highly-skilled-and-paid-security-team-happy-and-engaged

Sécurité : chaises musicales entre Deloitte, Devoteam et Ernst & Young
http://www.lemagit.fr/actualites/450281035/Securite-chaises-musicales-entre-Deloitte-Devoteam-et-Ernst-Young

MICROSOFT
---------

Microsoft va intégrer un bloqueur de pubs à son navigateur Edge
http://www.01net.com/actualites/microsoft-va-integrer-un-bloqueur-de-pubs-a-son-navigateur-edge-963328.html

Linux dans Windows 10, comment ça marche ?
http://www.tomshardware.fr/articles/linux-ubuntu-windows10,1-59163.html

GOOGLE
------

In Europe, You’ll Need a VPN to See Real Google Search Results
http://news.hitb.org/content/europe-you’ll-need-vpn-see-real-google-search-results
http://www.wired.com/2016/03/europe-youll-need-vpn-see-real-google-search-results/

Google has doubled its bounty for a Chromebook hack to US$100,000
http://news.hitb.org/content/google-has-doubled-its-bounty-chromebook-hack-us100000

Google Security Expert Criticizes Meaningless Antivirus Excellence Awards
http://news.hitb.org/content/google-security-expert-criticizes-meaningless-antivirus-excellence-awards


APPLE / IPHONE
--------------

PALM / PRE
----------

FREE
----

GEEK POWER
----------

eero: A Mesh WiFi Router Built for Security
http://news.hitb.org/content/eero-mesh-wifi-router-built-security
http://krebsonsecurity.com/2016/03/eero-a-mesh-wifi-router-built-for-security/

How I Stopped Studying to Make This Toy
http://www.tripwire.com/state-of-security/security-awareness/how-i-stopped-studying-to-make-this-toy/

Potato-Powered Security Device Is Unique
http://news.hitb.org/content/potato-powered-security-device-unique
http://www.ubergizmo.com/2016/04/potato-powered-security-device-is-unique/

LIBRE / OPEN SOURCE
-------------------

Opera propose un navigateur anti-pub pour Windows, Mac et Linux
http://www.01net.com/actualites/opera-propose-un-navigateur-anti-pub-pour-windows-mac-et-linux-958174.html

Mozilla campaign encourages people to understand encryption
http://news.hitb.org/content/mozilla-campaign-encourages-people-understand-encryption

Microsoft extends open source push with developer productivity tools
http://news.hitb.org/content/microsoft-extends-open-source-push-developer-productivity-tools

ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------

Dridex Botnet Spreading Locky Ransomware Via JavaScript Attachments
http://news.hitb.org/content/dridex-botnet-spreading-locky-ransomware-javascript-attachments
http://www.securityweek.com/dridex-botnet-spreading-locky-ransomware-javascript-attachments

Poseidon APT Group Identified As First Portuguese-Speaking Campaign
https://threatpost.com/10-year-poseidon-apt-group-identified-as-first-portuguese-speaking-campaign/116177/#sthash.bOgTzwVJ.dpuf

Marcher Trojan Morphs, Now Targets Porn Sites
https://threatpost.com/marcher-trojan-morphs-now-targets-porn-sites/116743/

MASSIVE MALVERTISING CAMPAIGN LANDS ON TOP WEBSITES
https://threatpost.com/massive-malvertising-campaign-lands-on-top-websites/116806/

Report: DDoS Attacks Grew in Number, Size, and Sophistication in Q4 2015
http://www.tripwire.com/state-of-security/risk-based-security-for-executives/risk-management/report-ddos-attacks-grew-in-number-size-and-sophistication-in-q4-2015/
L'infographie pour les plus pressés https://www.verisign.com/assets/infographic-ddos-trends-Q42015.pdf
A télécharger pour les plus courageux : https://www.verisign.com/en_US/security-services/ddos-protection/ddos-report/index.xhtml
Allez je vous donne le lien : https://www.verisign.com/assets/report-ddos-trends-Q42015.pdf

Lights, Camera, Disaster: DDoS Attack Scripts Are a Threat You Need to Know
http://www.tripwire.com/state-of-security/security-data-protection/lights-camera-disaster-ddos-attack-scripts-are-a-threat-you-need-to-know/

Docs With Malicious Macros Deliver Fileless Malware
http://news.hitb.org/content/docs-malicious-macros-deliver-fileless-malware
http://www.csoonline.com/article/3043571/security/documents-with-malicious-macros-deliver-fileless-malware-to-financial-transaction-systems.html
http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/

The emails contained the recipients' names as well as specific information about the companies they worked for, which is not typical of widespread spam campaigns. This attention to detail lent more credibility to spam messages and made it more likely that victims would open the attached documents, the researchers said.

Storing malicious code in the system registry, abusing the Windows PowerShell and adding malicious macros to documents are not new techniques. However, their combination can make for very potent and hard-to-detect attacks.

Big-name sites hit by rash of malicious ads spreading crypto ransomware
http://news.hitb.org/content/big-name-sites-hit-rash-malicious-ads-spreading-crypto-ransomware

Ransomware Propagation Tied to TeamViewer Account (UPDATED)
http://www.tripwire.com/state-of-security/latest-security-news/ransomware-propagation-tied-to-teamviewer-account/

TeslaCrypt 4.0: Bigger, Badder and Unbreakable
http://news.hitb.org/content/teslacrypt-40-bigger-badder-and-unbreakable

FILELESS POWERWARE RANSOMWARE FOUND ON HEALTHCARE NETWORK
https://threatpost.com/fileless-powerware-ransomware-found-on-healthcare-network/116998/

ESPIONAGE MALWARE, WATERING HOLE ATTACKS TARGET DIPLOMATS
https://threatpost.com/espionage-malware-watering-hole-attacks-target-diplomats/116600/

Former Employee Is Behind Devastating Ofcom Data Breach
http://news.hitb.org/content/former-employee-behind-devastating-ofcom-data-breach

Fraude au virement – Tentatives de détournement de 21 millions d’euros
http://www.zataz.com/tentatives-de-detournement-de-21-millions-deuros/#kcKzD5HB1RjcffPV.99

Augmentation significative du nombre de domaines malveillants
http://www.zataz.com/augmentation-significative-nombre-de-domaines-malveillants/#85p4Kis60sP7dSYm.99

Ransomware Hackers Are Coming For Your Health Records
http://europe.newsweek.com/ransomware-hackers-coming-your-health-records-445285

Ransomware: Locky, TeslaCrypt, Other Malware Families Use New Tool To Evade Detection
http://researchcenter.paloaltonetworks.com/2016/04/unit42-ransomware-locky-teslacrypt-other-malware-families-use-new-tool-to-evade-detection/

Jigsaw Ransomware Threatens to Delete Your Files, Free Decrypter Available
http://news.softpedia.com/news/jigsaw-ransomware-threatens-to-delete-your-files-free-decrypter-available-502824.shtml

Rokku Ransomware shows possible link with Chimera
https://blog.malwarebytes.org/threat-analysis/2016/04/rokku-ransomware/

Keygen alert: free password generator released for PETYA ransomware
http://betanews.com/2016/04/10/free-petya-password-generator/
http://download.bleepingcomputer.com/fabian-wosar/PetyaExtractor.zip
https://petya-pay-no-ransom.herokuapp.com/

ROOT SERVERS WERE NOT TARGETS OF 2015 DDOS ATTACK
https://threatpost.com/root-servers-were-not-targets-of-2015-ddos-attack/117082/

FAILLES
-------

Two-year-old Java flaw re-emerges due to broken patch
http://news.hitb.org/content/two-year-old-java-flaw-re-emerges-due-broken-patch
http://www.infoworld.com/article/3043064/security/two-year-old-java-flaw-re-emerges-due-to-broken-patch.html

D'innombrables extensions Firefox vulnérables à un nouveau type d’attaque
http://www.01net.com/actualites/un-grand-nombre-d-extensions-firefox-vulnerable-a-un-nouveau-type-d-attaque-964205.html
http://www.buyukkayhan.com/publications/ndss2016crossfire.pdf

iPhone : Apple corrige la faille de Siri qui permettait d’accéder à vos photos sans code
http://www.01net.com/actualites/siri-une-faille-permet-d-acceder-aux-contacts-et-aux-photos-d-un-iphone-sans-saisir-de-code-964433.html

DATA LEAKAGE
------------

1.5M Verizon Enterprise Customer Records Found For Sale on Dark Web
http://www.tripwire.com/state-of-security/latest-security-news/1-5m-verizon-enterprise-customer-records-found-for-sale-on-dark-web/

OUTILS
------

Has your network been compromised? Use RITA to find out
http://news.hitb.org/content/has-your-network-been-compromised-use-rita-find-out
https://www.helpnetsecurity.com/2016/03/11/network-compromised-use-rita/

CheckMyHTTPS, l’anti interception Man in the Middle SSL/TLS
http://www.zataz.com/checkmyhttps-lanti-interception-ssltls/#v8Pb7Kyqb6yiIKGO.99
https://checkmyhttps.net

GitHarvester: Finding Data on GitHub
http://www.tripwire.com/state-of-security/security-awareness/githarvester-finding-data-on-github/

YAHOO DEPLOYS PASSWORDLESS ACCOUNT KEY TOOL
https://threatpost.com/yahoo-deploys-passwordless-account-key-tool/116892/

Google rend gratuite une formidable suite d’outils pour la photographie
http://www.01net.com/actualites/google-offre-gratuitement-une-formidable-suite-d-outils-pour-la-photographie-962062.html

Comment créer un vaccin contre le ransomware Locky
https://www.lexsi.com/securityhub/comment-creer-un-vaccin-contre-le-ransomware-locky/

Surf anonyme et sécurisé pour votre smartphone et tablette
http://www.zataz.com/vpn-smartphone-tablette/#5euv2IrefPW6chAO.99

BinDiff Now Free, To Delight of Security Researchers
http://news.hitb.org/content/bindiff-now-free-delight-security-researchers
https://threatpost.com/bindiff-now-free-to-delight-of-security-researchers/116912/

Qubes OS 3.1 has been released
http://news.hitb.org/content/qubes-os-31-has-been-released
https://www.qubes-os.org/news/2016/03/09/qubes-os-3-1-has-been-released/

Vivaldi 1.0 : le nouveau navigateur pensé pour les internautes exigeants
http://www.01net.com/actualites/vivaldi-1-0-un-navigateur-pour-internautes-exigeants-965063.html

------------

01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml

Published by pseudonyme
commenter cet article
13 mars 2016 7 13 /03 /mars /2016 23:16
Veille - La faille Microsoft avec une explication "Ouate de Phoque"....

Je n'avais vu le contexte exact, mais avais eu l'info. Je confirme, c'est quand même très "Ouate de Phoque comme explication.

Published by pseudonyme
commenter cet article

Présentation

  • : Veille
  • Veille
  • : Un petit blog sans prétention (enfin j'espère) sur ce qui retient mon attention en matière de sécurité informatique....mais pas que.
  • Contact

Recherche

Liens