==============================================================================================================================================
Toujours pas de commentaires, pas le temps.....
Bonne lecture
Tristan
==============================================================================================================================================
A LIRE SECURITE
---------------
The power of protocol analyzers [Un petit Tuto Wireshark, toujours intéressant à avoir sous la main]
http://news.hitb.org/content/power-protocol-analyzers
http://arstechnica.com/information-technology/2016/09/the-power-of-protocol-analyzers/
Data hoarding site LeakedSource could make hacking easier [Pour ou contre le full disclosure ?? ;-)) Ca rappelle des souvenirs, mais ici l'analyse est assez bien faite]
http://news.hitb.org/content/data-hoarding-site-leakedsource-could-make-hacking-easier
http://www.computerworld.com/article/3122394/security/data-hoarding-site-leakedsource-could-make-hacking-easier.html
RESEARCHER PROVES VIABILITY OF NAND MIRRORING TO BYPASS IPHONE PASSCODE RESTRICTIONS
https://threatpost.com/researcher-proves-viability-of-nand-mirroring-to-bypass-iphone-passcode-restrictions/120648/
Building a Security Culture
http://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/building-a-security-culture/
Why do we ignore up to 90% of computer security alerts? Because we’re terrible at multi-tasking…
http://www.tripwire.com/state-of-security/featured/security-alerts-multitasking/
UNSECURED DNSSEC EASILY WEAPONIZED, RESEARCHERS WARN
https://threatpost.com/unsecured-dnssec-easily-weaponized-researchers-warn/119969/
MICROSOFT MISTAKENLY LEAKS SECURE BOOT KEY
https://threatpost.com/microsoft-mistakenly-leaks-secure-boot-key/119828/
Le chiffrement quantique, nouvel eldorado de la sécurité
http://www.01net.com/actualites/le-chiffrement-quantique-nouvel-eldorado-de-la-securite-1027383.html
Security Think Tank: Malware infection is inevitable, so be prepared
http://news.hitb.org/content/security-think-tank-malware-infection-inevitable-so-be-prepared
http://www.computerweekly.com/opinion/Security-Think-Tank-Malware-infection-is-inevitable-so-be-prepared
Hackers can steal data from 3D printers using just a smartphone
http://news.hitb.org/content/hackers-can-steal-data-3d-printers-using-just-smartphone
http://www.digitaltrends.com/cool-tech/3d-printer-hack-smartphone/
GENERIC OS X MALWARE DETECTION METHOD EXPLAINED
https://threatpost.com/generic-os-x-malware-detection-method-explained/120503/
DHS ANNOUNCES INTENT TO DRAFT IOT SECURITY FRAMEWORK
https://threatpost.com/dhs-announces-intent-to-draft-iot-security-framework/120799/
UK online financial crime up 53% in 2016
http://news.hitb.org/content/uk-online-financial-crime-53-2016
http://tamebay.com/2016/09/uk-online-financial-crime-up-53-in-2015.html
That’s why the Take Five campaign is asking consumers to help protect themselves from financial fraud by remembering some simple advice:
1) Never disclose security details, such as your PIN or full password – it’s never right to reveal these details
2) Don’t assume an email request or caller is genuine – people aren’t always who they say they are
3) Don’t be rushed – a bank or genuine organisation won’t mind waiting to give you time to stop and think
4) Listen to your instincts – if something feels wrong then it is usually right to pause and question it
5) Stay in control – have the confidence to refuse unusual requests for information
DOSSIERS
--------
Le hack de la NSA met l'Internet en danger
http://www.01net.com/actualites/le-hack-de-la-nsa-met-l-internet-en-danger-1027339.html
http://hightech.bfmtv.com/securite/pourquoi-le-piratage-de-la-nsa-met-tous-les-internautes-en-danger-1027250.html
La NSA a pu déchiffrer les données secrètes d'entreprises pendant des années
http://www.01net.com/actualites/la-nsa-a-pu-dechiffrer-les-donnees-secretes-d-entreprises-pendant-des-annees-1027725.html
NSA zero days and encryption backdoors need clear disclosure policies
http://news.hitb.org/content/nsa-zero-days-and-encryption-backdoors-need-clear-disclosure-policies
http://www.networkworld.com/article/3109137/security/nsa-zero-days-and-encryption-backdoors-need-clear-disclosure-policies.html#tk.rss_security
Experts have two theories for how top secret NSA data was stolen — and both are equally disturbing
http://news.hitb.org/content/experts-have-two-theories-how-top-secret-nsa-data-was-stolen-—-and-both-are-equally
http://www.businessinsider.my/nsa-hacking-theories-2016-8/?r=US&IR=T#8gqwCV5lBq0R88tf.97
INSOLITE
--------
Woman brilliantly fools a phone scammer
http://www.cnet.com/news/woman-brilliantly-fools-a-phone-scammer/
UN PETIT GESTE POUR LA PLANETE
------------------------------
Microsoft's researchers want to 'solve' cancer within 10 years
http://news.hitb.org/content/microsofts-researchers-want-solve-cancer-within-10-years
http://www.neowin.net/news/microsofts-researchers-want-to-solve-cancer-within-10-years
FACEBOOK AND SOCIAL NETWORKS
----------------------------
A BOOKMARKER
------------
BANQUES
-------
HSBC uses facial recognition so customers can open new bank accounts with a selfie
http://news.hitb.org/content/hsbc-uses-facial-recognition-so-customers-can-open-new-bank-accounts-selfie
http://betanews.com/2016/09/05/hsbc-selfie-facial-recognition/
SALONS / CONFERENCES / EVENEMENTS
---------------------------------
PRODUITS
--------
HP lance les premiers PC portables avec écran "anti-regards", je veux ça, c'est avec activation à la demande
http://www.01net.com/actualites/hp-lance-les-premiers-pc-portables-avec-ecran-anti-regards-1029548.html
Ce boitier transforme n'importe quelle télé en système de visioconférence
http://www.01net.com/actualites/ce-boitier-transforme-n-importe-quelle-tele-en-systeme-de-visioconference-1034089.html
BON A SAVOIR
------------
Americans want passwords, not biometrics, survey finds
http://news.hitb.org/content/americans-want-passwords-not-biometrics-survey-finds
http://www.networkworld.com/article/3109245/security/americans-want-passwords-not-biometrics-survey-finds.html#tk.rss_security
Interestingly, new advice from some experts now suggests that changing passwords frequently might not be such a good idea: The more you change a password, the more likely you are to be lazy about it and choose something easy to crack, researchers from the Carleton University in Ottawa, Canada, say in their paper (PDF). http://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf
Applis sur smartphones et données personnelles
http://www.les-infostrateges.com/actu/16082233/applis-sur-smartphones-et-donnees-personnelles
En harmonisant les points d'accès Wi-Fi, on peut faire tripler le débit
http://www.01net.com/actualites/en-harmonisant-les-points-d-acces-wi-fi-on-peut-faire-tripler-le-debit-1029576.html
Comment surveiller et analyser l’e-réputation de ses marques : quelques bonnes pratiques
http://www.les-infostrateges.com/actu/16092242/comment-surveiller-et-analyser-le-reputation-de-ses-marques-quelques-bonnes-pratiques
http://digimind.com/blog/fr/social-marketing-fr/surveiller-analyser-reputation-de-vos-marques-20-bonnes-pratiques-part-1/
Employees download new malware every four seconds
http://news.hitb.org/content/employees-download-new-malware-every-four-seconds
http://www.itproportal.com/news/employees-download-new-malware-every-four-seconds/
https://www.checkpoint.com/downloads/resources/2016-security-report.pdf
Cisco Talos: Spam at levels not seen since 2010
http://news.hitb.org/content/cisco-talos-spam-levels-not-seen-2010
http://www.networkworld.com/article/3123065/security/cisco-talos-spam-at-levels-not-seen-since-2010.html#tk.rss_all
http://blog.talosintel.com/2016/09/the-rising-tides-of-spam.html
IPv4 apocalypse means we just can't measure the internet any more
http://news.hitb.org/content/ipv4-apocalypse-means-we-just-cant-measure-internet-any-more
http://www.theregister.co.uk/2016/09/19/ipv4_hampering_net_metrics/
http://arxiv.org/abs/1606.00360
Une étude révèle les usages vidéos des 6-14 ans
http://www.les-infostrateges.com/actu/16092247/une-etude-revele-les-usages-videos-des-6-14-ans
SCIENCES
--------
CONSOMMATION
------------
RACHAT / UNION
--------------
Cisco ContainerX buy a step toward readying ACI for the cloud
http://searchnetworking.techtarget.com/news/450303604/Cisco-ContainerX-buy-a-step-toward-readying-ACI-for-the-cloud
DROIT
-----
Le Safe Harbor est mort, vive le Privacy Shield !
https://www.lexsi.com/securityhub/safe-harbor-mort-vive-privacy-shield/
Nouvelle application judiciaire du délit d'usurpation d'identité
http://www.les-infostrateges.com/actu/16092240/nouvelle-application-judiciaire-du-delit-d-usurpation-d-identite
Information juridique : les fiches de synthèse de l'Assemblée nationale
http://www.les-infostrateges.com/actu/16092244/information-juridique-les-fiches-de-synthese-de-l-assemblee-nationale
http://www2.assemblee-nationale.fr/decouvrir-l-assemblee/role-et-pouvoirs-de-l-assemblee-nationale#node_2361
Information juridique : l'Assemblée nationale en 8 leçons
http://www.les-infostrateges.com/actu/16092246/information-juridique-l-assemblee-nationale-en-8-lecons
MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------
CARRIERE
--------
MICROSOFT
---------
Windows 10 : le contrôle parental va bloquer automatiquement Chrome et Firefox
http://www.01net.com/actualites/windows-10-le-controle-parental-va-bloquer-automatiquement-chrome-et-firefox-1033795.html
NEW WINDOWS PATCH POLICY AT ODDS WITH ACCEPTABLE RISK
https://threatpost.com/new-windows-patch-policy-at-odds-with-acceptable-risk/120491/
GOOGLE
------
Lancement du nouveau système d'exploitation Android 7.0 Nougat
http://www.les-infostrateges.com/actu/16082237/lancement-du-nouveau-ysteme-d-exploitation-android-70-nougat
APPLE / IPHONE
--------------
macOS 10.12 Sierra: The Ars Technica review
http://news.hitb.org/content/macos-1012-sierra-ars-technica-review
http://arstechnica.com/apple/2016/09/macos-10-12-sierra-the-ars-technica-review/
PALM / PRE
----------
FREE
----
GEEK POWER
----------
LG dévoile des vidéoprojecteurs de poche vraiment malins
http://www.01net.com/actualites/lg-devoile-des-videoprojecteurs-de-poche-vraiment-malins-1027352.html
LIBRE / OPEN SOURCE
-------------------
Linux a 25 ans : la folle histoire d'un logiciel qui a changé le monde
http://www.01net.com/actualites/linux-a-25-ans-la-folle-histoire-d-un-logiciel-qui-a-change-le-monde-1029586.html
Le Firefox multi-processus serait jusqu'à 700 % plus rapide
http://www.01net.com/actualites/le-firefox-multi-processus-serait-jusqu-a-700-percent-plus-rapide-1033680.html
Firefox 49 est là, voici ses principales améliorations
http://www.01net.com/actualites/firefox-49-est-la-voici-ses-principales-ameliorations-1039404.html
ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------
NEW BRAZILIAN BANKING TROJAN USES WINDOWS POWERSHELL UTILITY
https://threatpost.com/new-brazilian-banking-trojan-uses-windows-powershell-utility/120016/
Researcher uses Apple’s ‘Live Photos’ feature to hack into two mobile banking apps
http://news.hitb.org/content/researcher-uses-apple’s-‘live-photos’-feature-hack-two-mobile-banking-apps
http://bgr.com/2016/08/18/ios-live-photos-hack-facial-recognition/
MAMBA RANSOMWARE ENCRYPTS HARD DRIVES RATHER THAN FILES
https://threatpost.com/mamba-ransomware-encrypts-hard-drives-rather-than-files/120730/
Ce hacker aurait pu pirater (presque) n'importe quel compte Facebook
http://www.01net.com/actualites/ce-hacker-aurait-pu-pirater-presque-n-importe-quel-compte-facebook-1031146.html
Thousands of Australian computer log-ins up for sale on dark web
http://news.hitb.org/content/thousands-australian-computer-log-ins-sale-dark-web
Freemium phishing service makes stealing passwords dead simple
http://news.hitb.org/content/freemium-phishing-service-makes-stealing-passwords-dead-simple
http://thenextweb.com/security/2016/09/06/russian-phishing-service-makes-stealing-passwords-easy-sharing-link/
https://blog.fortinet.com/2016/08/31/fake-game-the-emergence-of-a-phishing-as-a-service-platform
=> hxxp://fakeg.ru/admin/
Une clé USB pirate suffit à voler vos identifiants Windows ou macOS
http://www.01net.com/actualites/une-cle-usb-pirate-suffit-a-voler-vos-identifiants-windows-ou-macos-1034836.html
ATTACK LEVERAGES WINDOWS SAFE MODE
https://threatpost.com/attack-leverages-windows-safe-mode/120622/
FBI ENCOURAGING RANSOMWARE VICTIMS TO REPORT INFECTIONS
https://threatpost.com/fbi-encouraging-ransomware-victims-to-report-infections/120656/
Dark Web drug sales dominated by organised crime
http://news.hitb.org/content/dark-web-drug-sales-dominated-organised-crime
http://www.cbronline.com/news/cybersecurity/business/dark-web-drug-sales-dominated-by-organised-crime-5009316
Malicious Android Apps Due To Increase By 400 Percent In 2016
http://news.hitb.org/content/malicious-android-apps-due-increase-400-percent-2016
http://www.techweekeurope.co.uk/security/malicious-android-apps-increase-by-400-percent-198004
https://www.webroot.com/us/en/business/resources/threat-trends/sept-2016
https://webroot-cms-cdn.s3.amazonaws.com/3714/7388/4216/September-2016_Webroot_Quarterly_Threat_Trends_us.pdf
Some Cisco Customers Are Being Hacked With NSA's Exploit Tools
http://news.hitb.org/content/some-cisco-customers-are-being-hacked-nsas-exploit-tools
FAILLES
-------
Xiaomi, le fabricant chinois, a installé une énorme backdoor dans vos smartphones
http://www.01net.com/actualites/xiaomi-le-fabricant-chinois-a-installe-une-enorme-backdoor-dans-vos-smartphones-1037750.html
ORACLE PATCHES RECORD 276 VULNERABILITIES WITH JULY CRITICAL PATCH UPDATE
https://threatpost.com/oracle-patches-record-276-vulnerabilities-with-july-critical-patch-update/119373/
Le nombre de correctifs dépasse le précédent chiffre le plus haut, 248 patches qui avait eu lieu en Janvier 2016. Il représente également plus du double de vulnérabilités que celles remontées lors du dernier et marques plus que doubler le montant des vulnérabilités traitées par la société dans son dernier Critical Patch Update en Avril. 159 au total, peuvent être exploitées à distance sans authentification. Oracle Fusion Middleware est le logiciel le plus touché avec 35 vulnérabilités sur 40 exploitables à distance affectant le logiciel.
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
DRUPAL PATCHES THREE VULNERABILITIES IN CORE ENGINE
https://threatpost.com/drupal-patches-three-vulnerabilities-in-core-engine/120816/
Une faille dans Tor et Firefox met en danger l'anonymat de l'utilisateur
http://www.01net.com/actualites/une-faille-dans-tor-et-firefox-met-en-danger-l-anonymat-de-l-utilisateur-1038623.html
OUTILS
------
Le navigateur Opera et son VPN gratuit sont enfin accessibles à tous
http://www.01net.com/actualites/le-navigateur-opera-et-son-vpn-gratuit-sont-enfin-accessibles-a-tous-1038979.html
------------
01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml