Overblog Suivre ce blog
Editer l'article Administration Créer mon blog
19 avril 2016 2 19 /04 /avril /2016 19:26

==============================================================================================================================================

Un des effets pervers du droit à l'oubli et se son application partielle soyons honnête est la différence de résultats de recherches sur Google si vous êtes en France ou aux Etats-Unis. En bref, même si l'intention de départ est louable, cela provoque une recherche avec oeillère en Europe et une recherche pleine ailleurs. Et là ça me pose un vrai problème de qualité, pertinence de la recherche. Parce que cela démontre que Google peut vous ramener les informations qu'"on" lui a bien autorisé à remonter. Donc si "on" décide de ne pas autoriser un contenu légitime mais qui le dérange, Google est en capacité de le faire. Mais Google ne le fera pas bien sûr. Don't be evil.....

L'article sur le choix d'une app dans un store vaut le détour car elle part d'un cas concret et déroule une démarche raisonnée de choix d'application au regard de ses droits. A mon avis, bon exemple pour de la sensibilisation.

Sinon pas de commentaires en plus, je vais essayer d'être plus régulier dans mes publications. J'ai eu des critiques de la part d'un lecteur (et oui il en reste).
Pour ceux qui se perdent encore sur mon site allez aussi sur twitter, j'y suis un peu plus actif normalement : https://twitter.com/pseudonyme_ovb.

Bonne lecture
Tristan
==============================================================================================================================================


A LIRE SECURITE
---------------

Tor Users Can Be Tracked Based on Their Mouse Movements
http://news.hitb.org/content/tor-users-can-be-tracked-based-their-mouse-movements
http://news.softpedia.com/news/tor-users-can-be-tracked-based-on-their-mouse-movements-501602.shtml
http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html

LinkedIn: The Phone Book for Social Engineers
http://www.tripwire.com/state-of-security/security-awareness/linkedin-the-phone-book-for-social-engineers/

Hackers Breach DDoS Protection Firm Staminus, Leak Sensitive Data Online
http://www.tripwire.com/state-of-security/latest-security-news/hackers-breach-ddos-protection-firm-staminus-leak-sensitive-data-online/

Shining a Light on Mobile App Permissions
http://www.tripwire.com/state-of-security/security-awareness/shining-a-light-on-mobile-app-permissions/

CVE System Sees Huge Backlog, Researchers Propose Alternative
http://news.hitb.org/content/cve-system-sees-huge-backlog-researchers-propose-alternative
http://news.softpedia.com/news/cve-system-sees-huge-backlog-researchers-propose-alternative-501665.shtml

The ‘Human Firewall’ Is Dead – Long Live the People
http://www.tripwire.com/state-of-security/security-data-protection/the-human-firewall-is-dead-long-live-the-people/

Attaque par ransomware : remerciements à Alcino Pereira, RSSI de l’AFP
http://www.larevuedudigital.com/2016/03/22/attaque-par-ransomware-remerciements-a-alcino-pereira-rssi-de-lafp/
http://blogs.afp.com/makingof/?post/le-diable-se-cache-dans-la-piece-jointe

A Renewed Exigency for Cyber Essentials
http://www.tripwire.com/state-of-security/security-data-protection/a-renewed-exigency-for-cyber-essentials/

Hackers going corporate with new attack attitudes, research shows
http://news.hitb.org/content/hackers-going-corporate-new-attack-attitudes-research-shows
http://www.zdnet.com/article/hackers-going-corporate-with-new-attack-attitudes-research-shows/

Attention, les URL les plus courtes ne sont pas les meilleures
http://www.zdnet.fr/actualites/attention-les-url-les-plus-courtes-ne-sont-pas-les-meilleures-39835710.htm

BUG BOUNTY
----------

Hack the Pentagon
http://www.zataz.com/hack-the-pentagone/#axzz42frFk4K9

DOSSIERS
--------

A Government Error Just Revealed Snowden Was the Target in the Lavabit Case
http://news.hitb.org/content/government-error-just-revealed-snowden-was-target-lavabit-case

Google says 1 million Gmail accounts might have been targeted by government hackers
http://news.hitb.org/content/google-says-1-million-gmail-accounts-might-have-been-targeted-government-hackers
http://bgr.com/2016/03/25/gmail-warning-government-hackers/

INSOLITE
--------

UN PETIT GESTE POUR LA PLANETE
------------------------------




FACEBOOK AND SOCIAL NETWORKS
----------------------------

Facebook se paye l’application Masquerade
http://www.01net.com/actualites/facebook-se-paye-l-application-masquerade-958049.html

En 2098, il y aura plus de morts que de vivants sur Facebook
http://www.01net.com/mediaplayer/video/en-2098-il-y-aura-plus-de-morts-que-de-vivants-sur-facebook-773425.html

A BOOKMARKER
------------


SALONS / CONFERENCES / EVENEMENTS
---------------------------------

Exercice DEFNET 2016 : la cyberdéfense en action
http://www.ssi.gouv.fr/actualite/exercice-defnet-2016-la-cyberdefense-en-action/
http://www.zataz.com/lutte-contre-menaces-cybernetiques/#axzz43x2BBmJL

BANQUES
-------

Android banking trojan uses Flash to pinch your money
http://news.hitb.org/content/android-banking-trojan-uses-flash-pinch-your-money
http://www.theinquirer.net/inquirer/news/2450434/android-banking-trojan-uses-flash-to-pinch-your-money

Sophisticated Android Malware Targeting Australian Banking Apps
http://www.tripwire.com/state-of-security/latest-security-news/researchers-warn-of-sophisticated-android-malware-targeting-australian-banking-apps/
The Trojan first spreads onto Android devices by imitating the Adobe Flash Player application, often required by websites to play streaming video.
“While 20 banking apps have been targeted so far, there’s a high possibility the e-criminals involved will further develop this malware to attack more banking apps in the future,” he warned.

POS MALWARE TOOL ‘TREASUREHUNT’ TARGETS SMALL US-BASED BANKS, RETAILERS
https://threatpost.com/pos-malware-tool-treasurehunt-targets-small-us-based-banks-retailers/117014/
https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.html
"FireEye estimates the vulnerability has been quietly in use since 2014, noting that attackers have tweaked it over the past several months, particularly in the way the malware stores encoded POS configuration data in the NTFS alternate data streams (ADS) of the file %USERPROFILE%\ntuser.ini."



IdiOTie
-------

Le loup dans les contrats de maintenance à l’heure de l’IoT : la propriété des données
http://www.larevuedudigital.com/2016/03/11/le-loup-dans-les-contrats-de-maintenance-a-lheure-de-liot-la-propriete-des-donnees/


PRODUITS
--------



BON A SAVOIR
------------

Dropbox gears up for new EU data protection rules
http://www.computerweekly.com/news/450280565/Dropbox-gears-up-for-new-EU-data-protection-rules

Découvrez la mappemonde des sites Internet
http://www.01net.com/actualites/decouvrez-la-mappemonde-des-sites-internet-958501.html
http://www.nominet.uk/mapping-the-online-world/

Former VW employee says he was fired after questioning deletion of documents
http://news.hitb.org/content/former-vw-employee-says-he-was-fired-after-questioning-deletion-documents

Le Ministère de la Défense américain migre 4 millions de PC sur Windows 10 [Chapeau]
http://www.larevuedudigital.com/2016/02/22/le-ministere-de-la-defense-americain-migre-4-millions-de-pc-sur-windows-10/

What To Do with That Found USB Stick
http://www.tripwire.com/state-of-security/security-awareness/what-to-do-with-that-found-usb-stick/

Les drones relèvent les données dans les carrières d’Eurovia
http://www.larevuedudigital.com/2016/04/04/les-drones-relevent-les-donnees-dans-les-carrieres-deurovia/

SCIENCES
--------

Des chercheurs ont créé un support de stockage… éternel
http://www.01net.com/actualites/des-chercheurs-creent-un-support-de-stockage-eternel-952089.html

Bientôt des disques durs de 100 To ?
http://www.01net.com/actualites/bientot-des-disques-durs-de-100-to-961392-1.html

Mathematicians shocked to find pattern in “random” prime numbers
http://news.hitb.org/content/mathematicians-shocked-find-pattern-“random”-prime-numbers
https://www.newscientist.com/article/2080613-mathematicians-shocked-to-find-pattern-in-random-prime-numbers/
http://arxiv.org/abs/1603.03720

Researchers close the final loophole in device encryption with the power of nanotubes
http://news.hitb.org/content/researchers-close-final-loophole-device-encryption-power-nanotubes

New molecular scissors cut out lingering HIV—maybe once and for all
http://news.hitb.org/content/new-molecular-scissors-cut-out-lingering-hiv—maybe-once-and-all

Scientists Search for Signatures of Alien Life Hidden in Gas
http://news.hitb.org/content/scientists-search-signatures-alien-life-hidden-gas
http://www.wired.com/2016/03/scientists-search-signatures-alien-life-hidden-gas/

CONSOMMATION
------------



RACHAT / UNION
--------------

Facebook se paye l’application Masquerade
http://www.01net.com/actualites/facebook-se-paye-l-application-masquerade-958049.html

DROIT
-----

Cybersurveillance : la Cour de cassation précise les contours messages professionnels / privés
http://www.les-infostrateges.com/actu/16022138/cybersurveillance-la-cour-de-cassation-precise-les-contours-messages-professionnels-prives
http://www.legifrance.gouv.fr/affichJuriJudi.do?&idTexte=JURITEXT000031949915

Loi sur le renseignement : chaque pays met en place son big brother
http://www.zataz.com/loi-renseignement-uk/#ULJOVRiOfO8S7lpd.99

Lex.be, un moteur de recherche pour le droit belge
http://www.les-infostrateges.com/actu/16032158/lexbe-un-moteur-de-recherche-pour-le-droit-belge

Cnil : record de plaintes reçues en 2015
http://www.les-infostrateges.com/actu/16042169/cnil-record-de-plaintes-recues-en-2015

MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------

CARRIERE
--------

Getting a Foot in the Door of the Security Industry - See more at: http://blog.isc2.org/isc2_blog/2016/02/associate-security.html#sthash.75dhXVxE.dpuf
http://blog.isc2.org/isc2_blog/2016/02/associate-security.html

How to keep your highly skilled and paid security team happy and engaged
http://news.hitb.org/content/how-keep-your-highly-skilled-and-paid-security-team-happy-and-engaged

Sécurité : chaises musicales entre Deloitte, Devoteam et Ernst & Young
http://www.lemagit.fr/actualites/450281035/Securite-chaises-musicales-entre-Deloitte-Devoteam-et-Ernst-Young

MICROSOFT
---------

Microsoft va intégrer un bloqueur de pubs à son navigateur Edge
http://www.01net.com/actualites/microsoft-va-integrer-un-bloqueur-de-pubs-a-son-navigateur-edge-963328.html

Linux dans Windows 10, comment ça marche ?
http://www.tomshardware.fr/articles/linux-ubuntu-windows10,1-59163.html

GOOGLE
------

In Europe, You’ll Need a VPN to See Real Google Search Results
http://news.hitb.org/content/europe-you’ll-need-vpn-see-real-google-search-results
http://www.wired.com/2016/03/europe-youll-need-vpn-see-real-google-search-results/

Google has doubled its bounty for a Chromebook hack to US$100,000
http://news.hitb.org/content/google-has-doubled-its-bounty-chromebook-hack-us100000

Google Security Expert Criticizes Meaningless Antivirus Excellence Awards
http://news.hitb.org/content/google-security-expert-criticizes-meaningless-antivirus-excellence-awards


APPLE / IPHONE
--------------

PALM / PRE
----------

FREE
----

GEEK POWER
----------

eero: A Mesh WiFi Router Built for Security
http://news.hitb.org/content/eero-mesh-wifi-router-built-security
http://krebsonsecurity.com/2016/03/eero-a-mesh-wifi-router-built-for-security/

How I Stopped Studying to Make This Toy
http://www.tripwire.com/state-of-security/security-awareness/how-i-stopped-studying-to-make-this-toy/

Potato-Powered Security Device Is Unique
http://news.hitb.org/content/potato-powered-security-device-unique
http://www.ubergizmo.com/2016/04/potato-powered-security-device-is-unique/

LIBRE / OPEN SOURCE
-------------------

Opera propose un navigateur anti-pub pour Windows, Mac et Linux
http://www.01net.com/actualites/opera-propose-un-navigateur-anti-pub-pour-windows-mac-et-linux-958174.html

Mozilla campaign encourages people to understand encryption
http://news.hitb.org/content/mozilla-campaign-encourages-people-understand-encryption

Microsoft extends open source push with developer productivity tools
http://news.hitb.org/content/microsoft-extends-open-source-push-developer-productivity-tools

ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------

Dridex Botnet Spreading Locky Ransomware Via JavaScript Attachments
http://news.hitb.org/content/dridex-botnet-spreading-locky-ransomware-javascript-attachments
http://www.securityweek.com/dridex-botnet-spreading-locky-ransomware-javascript-attachments

Poseidon APT Group Identified As First Portuguese-Speaking Campaign
https://threatpost.com/10-year-poseidon-apt-group-identified-as-first-portuguese-speaking-campaign/116177/#sthash.bOgTzwVJ.dpuf

Marcher Trojan Morphs, Now Targets Porn Sites
https://threatpost.com/marcher-trojan-morphs-now-targets-porn-sites/116743/

MASSIVE MALVERTISING CAMPAIGN LANDS ON TOP WEBSITES
https://threatpost.com/massive-malvertising-campaign-lands-on-top-websites/116806/

Report: DDoS Attacks Grew in Number, Size, and Sophistication in Q4 2015
http://www.tripwire.com/state-of-security/risk-based-security-for-executives/risk-management/report-ddos-attacks-grew-in-number-size-and-sophistication-in-q4-2015/
L'infographie pour les plus pressés https://www.verisign.com/assets/infographic-ddos-trends-Q42015.pdf
A télécharger pour les plus courageux : https://www.verisign.com/en_US/security-services/ddos-protection/ddos-report/index.xhtml
Allez je vous donne le lien : https://www.verisign.com/assets/report-ddos-trends-Q42015.pdf

Lights, Camera, Disaster: DDoS Attack Scripts Are a Threat You Need to Know
http://www.tripwire.com/state-of-security/security-data-protection/lights-camera-disaster-ddos-attack-scripts-are-a-threat-you-need-to-know/

Docs With Malicious Macros Deliver Fileless Malware
http://news.hitb.org/content/docs-malicious-macros-deliver-fileless-malware
http://www.csoonline.com/article/3043571/security/documents-with-malicious-macros-deliver-fileless-malware-to-financial-transaction-systems.html
http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/

The emails contained the recipients' names as well as specific information about the companies they worked for, which is not typical of widespread spam campaigns. This attention to detail lent more credibility to spam messages and made it more likely that victims would open the attached documents, the researchers said.

Storing malicious code in the system registry, abusing the Windows PowerShell and adding malicious macros to documents are not new techniques. However, their combination can make for very potent and hard-to-detect attacks.

Big-name sites hit by rash of malicious ads spreading crypto ransomware
http://news.hitb.org/content/big-name-sites-hit-rash-malicious-ads-spreading-crypto-ransomware

Ransomware Propagation Tied to TeamViewer Account (UPDATED)
http://www.tripwire.com/state-of-security/latest-security-news/ransomware-propagation-tied-to-teamviewer-account/

TeslaCrypt 4.0: Bigger, Badder and Unbreakable
http://news.hitb.org/content/teslacrypt-40-bigger-badder-and-unbreakable

FILELESS POWERWARE RANSOMWARE FOUND ON HEALTHCARE NETWORK
https://threatpost.com/fileless-powerware-ransomware-found-on-healthcare-network/116998/

ESPIONAGE MALWARE, WATERING HOLE ATTACKS TARGET DIPLOMATS
https://threatpost.com/espionage-malware-watering-hole-attacks-target-diplomats/116600/

Former Employee Is Behind Devastating Ofcom Data Breach
http://news.hitb.org/content/former-employee-behind-devastating-ofcom-data-breach

Fraude au virement – Tentatives de détournement de 21 millions d’euros
http://www.zataz.com/tentatives-de-detournement-de-21-millions-deuros/#kcKzD5HB1RjcffPV.99

Augmentation significative du nombre de domaines malveillants
http://www.zataz.com/augmentation-significative-nombre-de-domaines-malveillants/#85p4Kis60sP7dSYm.99

Ransomware Hackers Are Coming For Your Health Records
http://europe.newsweek.com/ransomware-hackers-coming-your-health-records-445285

Ransomware: Locky, TeslaCrypt, Other Malware Families Use New Tool To Evade Detection
http://researchcenter.paloaltonetworks.com/2016/04/unit42-ransomware-locky-teslacrypt-other-malware-families-use-new-tool-to-evade-detection/

Jigsaw Ransomware Threatens to Delete Your Files, Free Decrypter Available
http://news.softpedia.com/news/jigsaw-ransomware-threatens-to-delete-your-files-free-decrypter-available-502824.shtml

Rokku Ransomware shows possible link with Chimera
https://blog.malwarebytes.org/threat-analysis/2016/04/rokku-ransomware/

Keygen alert: free password generator released for PETYA ransomware
http://betanews.com/2016/04/10/free-petya-password-generator/
http://download.bleepingcomputer.com/fabian-wosar/PetyaExtractor.zip
https://petya-pay-no-ransom.herokuapp.com/

ROOT SERVERS WERE NOT TARGETS OF 2015 DDOS ATTACK
https://threatpost.com/root-servers-were-not-targets-of-2015-ddos-attack/117082/

FAILLES
-------

Two-year-old Java flaw re-emerges due to broken patch
http://news.hitb.org/content/two-year-old-java-flaw-re-emerges-due-broken-patch
http://www.infoworld.com/article/3043064/security/two-year-old-java-flaw-re-emerges-due-to-broken-patch.html

D'innombrables extensions Firefox vulnérables à un nouveau type d’attaque
http://www.01net.com/actualites/un-grand-nombre-d-extensions-firefox-vulnerable-a-un-nouveau-type-d-attaque-964205.html
http://www.buyukkayhan.com/publications/ndss2016crossfire.pdf

iPhone : Apple corrige la faille de Siri qui permettait d’accéder à vos photos sans code
http://www.01net.com/actualites/siri-une-faille-permet-d-acceder-aux-contacts-et-aux-photos-d-un-iphone-sans-saisir-de-code-964433.html

DATA LEAKAGE
------------

1.5M Verizon Enterprise Customer Records Found For Sale on Dark Web
http://www.tripwire.com/state-of-security/latest-security-news/1-5m-verizon-enterprise-customer-records-found-for-sale-on-dark-web/

OUTILS
------

Has your network been compromised? Use RITA to find out
http://news.hitb.org/content/has-your-network-been-compromised-use-rita-find-out
https://www.helpnetsecurity.com/2016/03/11/network-compromised-use-rita/

CheckMyHTTPS, l’anti interception Man in the Middle SSL/TLS
http://www.zataz.com/checkmyhttps-lanti-interception-ssltls/#v8Pb7Kyqb6yiIKGO.99
https://checkmyhttps.net

GitHarvester: Finding Data on GitHub
http://www.tripwire.com/state-of-security/security-awareness/githarvester-finding-data-on-github/

YAHOO DEPLOYS PASSWORDLESS ACCOUNT KEY TOOL
https://threatpost.com/yahoo-deploys-passwordless-account-key-tool/116892/

Google rend gratuite une formidable suite d’outils pour la photographie
http://www.01net.com/actualites/google-offre-gratuitement-une-formidable-suite-d-outils-pour-la-photographie-962062.html

Comment créer un vaccin contre le ransomware Locky
https://www.lexsi.com/securityhub/comment-creer-un-vaccin-contre-le-ransomware-locky/

Surf anonyme et sécurisé pour votre smartphone et tablette
http://www.zataz.com/vpn-smartphone-tablette/#5euv2IrefPW6chAO.99

BinDiff Now Free, To Delight of Security Researchers
http://news.hitb.org/content/bindiff-now-free-delight-security-researchers
https://threatpost.com/bindiff-now-free-to-delight-of-security-researchers/116912/

Qubes OS 3.1 has been released
http://news.hitb.org/content/qubes-os-31-has-been-released
https://www.qubes-os.org/news/2016/03/09/qubes-os-3-1-has-been-released/

Vivaldi 1.0 : le nouveau navigateur pensé pour les internautes exigeants
http://www.01net.com/actualites/vivaldi-1-0-un-navigateur-pour-internautes-exigeants-965063.html

------------

01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml

Partager cet article

Repost 0
Published by pseudonyme
commenter cet article

commentaires

Présentation

  • : Veille
  • Veille
  • : Un petit blog sans prétention (enfin j'espère) sur ce qui retient mon attention en matière de sécurité informatique....mais pas que.
  • Contact

Recherche

Liens