8 novembre 2016
2
08
/11
/novembre
/2016
19:33
==============================================================================================================================================
Cette semaine, il y a des sujets plus qu'intéressants.
- Un article qui démontre l'insensibilité à la sécurité de certains de nos "jeunes". Les "vieux" seraient au final mieux armés pour détecter les mails frauduleux. C'est probablement le fait que les "vieux" ont de l'expérience et sont plus méfiants vis-a-vis de la technologie.
- Un autre article traite de solutions simples et pas chères pour contourner un système de reconnaissance faciale
- Un sujet intéressant sur l'utilisation dans les devs de vieux SDK qui appellent des ressources sur des noms de domaines abandonnés. Mais le hic, c'est quand ces noms de domaines sont repris par des personnes aux intentions malveillantes.
- L'intelligence artificielle qui continue à faire peur, à juste titre à mon avis.
Et plein d'autres informations
Bonne lecture
Tristan
==============================================================================================================================================
A LIRE SECURITE
---------------
Five Ways That Good Guys Share More Than Bad Guys
https://taosecurity.blogspot.fr/2016/10/five-ways-that-good-guys-share-more.html
Kids today are so stupid they fall for security scams more often than greybeards
https://news.hitb.org/content/kids-today-are-so-stupid-they-fall-security-scams-more-often-greybeards
http://www.theregister.co.uk/2016/10/20/millennials_easier_bait_for_tech_support_scams_than_baby_boomers/
Facial recognition still can’t beat a 22 cent pair of sunglasses
https://news.hitb.org/content/facial-recognition-still-can’t-beat-22-cent-pair-sunglasses
http://thenextweb.com/artificial-intelligence/2016/11/02/facial-recognition-still-cant-beat-a-22-cent-pair-of-sunglasses/
Pourquoi les attaques DDoS prennent une ampleur inégalée
http://www.01net.com/actualites/pourquoi-les-attaques-ddos-prennent-une-ampleur-inegalee-1044130.html
Expired domains present an opportunity for malicious activity [On n'y pense pas toujours aux vieux SDK qui pointent vers des domaines abandonnés réutilisés par des personnes malveillantes]
https://news.hitb.org/content/expired-domains-present-opportunity-malicious-activity
http://searchsecurity.techtarget.com/news/450400703/Expired-domains-present-an-opportunity-for-malicious-activity
Ransomware Raises The Bar Again
https://news.hitb.org/content/ransomware-raises-bar-again
http://www.darkreading.com/attacks-breaches/ransomware-raises-the-bar-again-/d/d-id/1327138?_mc=RSS_DR_EDT
Le ransomware a bonne santé
https://www.lexsi.com/securityhub/ransomware-a-bonne-sante/
Identifying hackers is harder than you think
https://news.hitb.org/content/identifying-hackers-harder-you-think
http://betanews.com/2016/10/10/hackers-deception/
https://securelist.com/analysis/publications/76273/wave-your-false-flags/
https://securelist.com/files/2016/10/Bartholomew-GuerreroSaade-VB2016.pdf
Pour une révision du protocole SAML
http://www.orange-business.com/fr/blogs/securite/securite-applicative/pour-une-revision-du-protocole-saml
BYPASSING ASLR IN 60 MILLISECONDS
https://threatpost.com/bypassing-aslr-in-60-milliseconds/121412/
Researchers build undetectable rootkit for programmable logic controllers
https://news.hitb.org/content/researchers-build-undetectable-rootkit-programmable-logic-controllers
http://www.networkworld.com/article/3137420/security/researchers-build-undetectable-rootkit-for-programmable-logic-controllers.html#tk.rss_all
DOSSIERS
--------
Yahoo’s CISO resigned in 2015 over secret e-mail search tool ordered by feds
http://news.hitb.org/content/yahoo’s-ciso-resigned-2015-over-secret-e-mail-search-tool-ordered-feds
http://arstechnica.com/tech-policy/2016/10/report-fbi-andor-nsa-ordered-yahoo-to-build-secret-e-mail-search-tool/
=> Neither the NSA nor the FBI have responded to Ars' request for comment.
NSA Director Not Opposed To Splitting Cyber Command From Agency
https://news.hitb.org/content/nsa-director-not-opposed-splitting-cyber-command-agency
http://www.darkreading.com/threat-intelligence/nsa-director-not-opposed-to-splitting-cyber-command-from-agency/d/d-id/1327120?_mc=RSS_DR_EDT
NSA spy details how to tap into webcam on Mac without user noticing
https://news.hitb.org/content/nsa-spy-details-how-tap-webcam-mac-without-user-noticing
http://www.pcauthority.com.au/News/439082,nsa-spy-details-how-to-tap-into-webcam-on-mac-without-user-noticing.aspx
GOOGLE HANDLES RECORD NUMBER OF GOVERNMENT REQUESTS FOR DATA
https://threatpost.com/google-handles-record-number-of-government-requests-for-data/121284/
Shadow Brokers Releases Second Trove of Spying Tools
https://news.hitb.org/content/shadow-brokers-releases-second-trove-spying-tools
http://www.pcmag.com/news/349227/shadow-brokers-releases-second-trove-of-spying-tools
INSOLITE
--------
Nantes: Une journée pour inventer des services stupides et inutiles
http://www.20minutes.fr/nantes/1950947-20161028-nantes-journee-inventer-services-stupides-inutiles
INTELLIGENCE ARTIFICIELLE
-------------------------
Cinq géants de la high tech s’allient pour définir et encadrer l’intelligence artificielle
http://www.01net.com/actualites/cinq-geants-de-la-high-tech-s-allient-pour-definir-et-encadrer-l-intelligence-artificielle-1042482.html
UN PETIT GESTE POUR LA PLANETE
------------------------------
Delete unused Android apps now, or risk a security nightmare
https://news.hitb.org/content/delete-unused-android-apps-now-or-risk-security-nightmare
http://www.techrepublic.com/article/delete-unused-android-apps-now-or-risk-a-security-nightmare/
Linux Foundation appoints two more women to its board of directors
https://news.hitb.org/content/linux-foundation-appoints-two-more-women-its-board-directors
http://www.zdnet.com/article/linux-foundation-appoints-two-more-women-to-its-board-of-directors/
FACEBOOK AND SOCIAL NETWORKS
----------------------------
FACEBOOK BUG BOUNTY PROGRAM PAYS OUT $5 MILLION IN FIVE YEARS
https://threatpost.com/facebook-bug-bounty-program-pays-out-5-million-in-five-years/121278/
Twitter seeks a sale decision by October 27th
https://news.hitb.org/content/twitter-seeks-sale-decision-october-27th
https://www.engadget.com/2016/10/05/twitter-seeks-sale-decision-by-october-27th/
A BOOKMARKER
------------
SALONS / CONFERENCES / EVENEMENTS
---------------------------------
Retour sur les Assises de la sécurité 2016 : la réponse de l'ANSSI aux enjeux nationaux
http://www.orange-business.com/fr/blogs/securite/actualites/retour-sur-les-assises-de-la-securite-2016-la-reponse-de-l-anssi-aux-enjeux-nationaux
PRODUITS
--------
Orosound, le casque intra-auriculaire qui vous fera oublier l'enfer de l'open space
http://www.01net.com/actualites/orosound-le-casque-intra-auriculaire-qui-vous-fera-oublier-l-enfer-de-l-open-space-1049261.html
Ce moniteur portable 24 pouces à emporter partout s’ouvre comme un parapluie
http://www.01net.com/actualites/ce-moniteur-portable-24-pouces-a-emporter-partout-s-ouvre-comme-un-parapluie-1055239.html
BON A SAVOIR
------------
FREE SSL PROVIDERS SPARK UNPRECEDENTED GROWTH IN ENCRYPTED TRAFFIC
https://threatpost.com/free-ssl-providers-spark-unprecedented-growth-in-encrypted-traffic/121336/
Une carte interactive pour savoir où sont les antennes mobiles près de chez vous
http://www.01net.com/actualites/une-carte-interactive-pour-savoir-ou-sont-les-antennes-mobiles-pres-de-chez-vous-1044092.html
http://www.anfr.fr/gestion-des-frequences-sites/lobservatoire-en-carte/
La France à la traîne de l’Europe en matière de débit
http://www.01net.com/actualites/la-france-a-la-traine-de-l-europe-en-matiere-de-debit-1042883.html
https://www.akamai.com/fr/fr/our-thinking/state-of-the-internet-report/global-state-of-the-internet-connectivity-reports.jsp
Six nouveaux services alternatifs pour «dégoogliser» Internet
http://www.01net.com/actualites/six-nouveaux-services-alternatifs-pour-degoogliser-internet-1044239.html
Google, première marque de système d'exploitation ?
http://www.les-infostrateges.com/actu/16092252/google-premiere-marque-de-systeme-d-exploitation
Samsung Galaxy Note 7 : et si les batteries n’avaient rien à voir avec tout ça ?
http://www.01net.com/actualites/samsung-galaxy-note-7-et-si-les-batteries-n-avaient-rien-a-voir-avec-tout-ca-1047098.html
Exclu : Samsung France annonce aux clients la désactivation à distance des Galaxy Note 7 [Info ou Intox ? Ca fait 2 fois que je vois la nouvelle]
http://www.01net.com/actualites/exclu-samsung-france-annonce-aux-clients-la-desactivation-a-distance-des-galaxy-note-7-1049815.html
MITRE will give you $50,000 to 'fingerprint' rogue, dangerous IoT devices
https://news.hitb.org/content/mitre-will-give-you-50000-fingerprint-rogue-dangerous-iot-devices
Netflix reminds password re-users to run a reset
https://news.hitb.org/content/netflix-reminds-password-re-users-run-reset
SCIENCES
--------
HIV researchers edge closer to a cure
http://news.hitb.org/content/hiv-researchers-edge-closer-cure
https://www.engadget.com/2016/10/02/hiv-cure-testing/
Infiniment petit : le plus petit transistor du monde mesure 1 milliardième de mètre !
http://www.01net.com/actualites/infiniment-petit-le-plus-petit-transistor-du-monde-mesure-1-milliardieme-de-metre-1046720.html
CONSOMMATION
------------
RACHAT / UNION
--------------
Samsung buys AI startup created by Siri co-cofounders
https://news.hitb.org/content/samsung-buys-ai-startup-created-siri-co-cofounders
DROIT
-----
AFCDP : 11ème université des Cil le 25 janvier prochain
http://www.les-infostrateges.com/actu/16102269/afcdp-11eme-universite-des-cil-le-25-janvier-prochain
La loi pour une République numérique adoptée définitivement
http://www.les-infostrateges.com/actu/16092254/la-loi-pour-une-republique-numerique-adoptee-definitivement
Commerce, commerce électronique et Cnil : mise à jour de la norme simplifiée n°48
http://www.les-infostrateges.com/actu/16102255/commerce-commerce-electronique-et-cnil-mise-a-jour-de-la-norme-simplifiee-n48
Géolocalisation des véhicules et cybersuveillance abusive des salariés
http://www.les-infostrateges.com/actu/16112271/geolocalisation-des-vehicules-et-cybersuveillance-abusive-des-salaries
MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------
CARRIERE
--------
Experts en cybersécurité : comment trouver la perle ?
http://www.orange-business.com/fr/blogs/securite/actualites/experts-en-cybersecurite-comment-trouver-la-perle-
5 applications pour trouver un job sur iPhone et Android
http://www.01net.com/astuces/5-applications-pour-trouver-un-job-sur-iphone-et-android-1055321.html
MICROSOFT
---------
Windows Server 2016 could rattle the competition
http://news.hitb.org/content/windows-server-2016-could-rattle-competition
http://arstechnica.com/information-technology/2016/10/hands-on-with-windows-server-2016-the-os-with-its-foot-in-everything/
Windows 10, on pourra bientôt enfin désinstaller les applications inutiles de Microsoft
http://www.01net.com/actualites/windows-10-on-pourra-bientot-enfin-desinstaller-les-applications-inutiles-de-microsoft-1045435.html
Get to know the security features in the Edge browser
https://news.hitb.org/content/get-know-security-features-edge-browser
https://www.cnet.com/uk/how-to/get-to-know-the-security-features-in-edge/
It came from Redmond: Windows Server 2016 could rattle the competition
http://arstechnica.com/information-technology/2016/10/hands-on-with-windows-server-2016-the-os-with-its-foot-in-everything/
GOOGLE
------
En décembre, Chrome consommera moins de mémoire
http://www.01net.com/actualites/en-decembre-chrome-consommera-moins-de-memoire-1046434.html
GOOGLE TO MAKE CERTIFICATE TRANSPARENCY MANDATORY BY 2017
https://threatpost.com/google-to-make-certificate-transparency-mandatory-by-2017/121651/
GOOGLE TO DISTRUST WOSIGN, STARTCOM CERTS IN 2017
https://threatpost.com/google-to-distrust-wosign-startcom-certs-in-2017/121709/
APPLE / IPHONE
--------------
PALM / PRE
----------
FREE
----
GEEK POWER
----------
LIBRE / OPEN SOURCE
-------------------
Firefox : découvrez ses trois nouvelles fonctions expérimentales à essayer d’urgence…
http://www.01net.com/actualites/firefox-propose-trois-nouvelles-fonctions-experimentales-a-essayer-d-urgence-1048537.html
Vers une version de Firefox encore plus puissante en 2017
http://www.01net.com/actualites/bientot-un-moteur-de-rendu-de-nouvelle-generation-dans-firefox-1053359.html
Microsoft open-sources P language for IoT
https://news.hitb.org/content/microsoft-open-sources-p-language-iot
ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------
Nuke plant has been hacked, says Atomic Energy Agency director
https://news.hitb.org/content/nuke-plant-has-been-hacked-says-atomic-energy-agency-director
http://www.theregister.co.uk/2016/10/11/nuke_plant_has_been_hacked_says_atomic_energy_agency_director/
Piratage informatique chez IKEA : fuite possible ?
http://www.zataz.com/piratage-informatique-fuite-donnees/#ixzz4MQWYY7kJ
Amazon reset user passwords to protect accounts
https://news.hitb.org/content/amazon-reset-user-passwords-protect-accounts
http://tamebay.com/2016/10/amazon-reset-user-passwords-to-protect-accounts.html
VENDETTA BROTHERS CYBER CROOKS ADOPT REAL WORLD TACTICS
https://threatpost.com/vendetta-brothers-cyber-crooks-adopt-real-world-tactics/120955/
DYN DDOS WORK OF SCRIPT KIDDIES, NOT POLITICALLY MOTIVATED HACKERS
https://threatpost.com/dyn-ddos-work-of-script-kiddies-not-politically-motivated-hackers/121537/
Icarus, le hacker qui permet de pirater un drone
http://www.zataz.com/icarus-drone-hacker/#MK4R2wbs1wmMXPrB.99
SUNDOWN EXPLOIT KIT ‘LARGER THREAT THAN PEOPLE REALIZE’
https://threatpost.com/sundown-exploit-kit-larger-threat-than-people-realize/121718/
Three hospitals in England cancel operations over computer virus
https://news.hitb.org/content/three-hospitals-england-cancel-operations-over-computer-virus
http://www.reuters.com/article/britain-cyber-hospitals-idUSL8N1D268W?rpc=401
FAILLES
-------
ADOBE FIXES 81 VULNERABILITIES IN ACROBAT, READER, FLASH
https://threatpost.com/adobe-fixes-81-vulnerabilities-in-acrobat-reader-flash/121206/
GOOGLE PLUGS 21 SECURITY HOLES IN CHROME
https://threatpost.com/google-plugs-21-security-holes-in-chrome/121289/
JPEG 2000 – Researchers find security hole in image codec
http://news.hitb.org/content/jpeg-2000-–-researchers-find-security-hole-image-codec
http://www.theregister.co.uk/2016/10/04/jpeg_2000_security_hole/
Recevoir une image JPEG suffit parfois pour se faire pirater
http://www.01net.com/actualites/recevoir-une-image-jpeg-suffit-parfois-pour-se-faire-pirater-1045102.html
VULNERABILITIES IN INSULIN PUMPS CAN LEAD TO OVERDOSE
https://threatpost.com/vulnerabilities-in-insulin-pumps-can-lead-to-overdose/121064/
CISCO WARNS OF CRITICAL FLAWS IN NEXUS SWITCHES
https://threatpost.com/cisco-warns-of-critical-flaws-in-nexus-switches/121164/
PowerShell's admin-lite scheme is an open door
https://news.hitb.org/content/powershells-admin-lite-scheme-open-door
http://www.theregister.co.uk/2016/10/10/security_bod_to_microsoft_your_powershell_jea_feature_isnt_a_barrier_its_an_open_door/
Android : une vieille faille Linux permet de rooter tous les smartphones
http://www.01net.com/actualites/android-une-vieille-faille-linux-permet-de-rooter-tous-les-smartphones-1051930.html
Cisco patches critical authentication flaw in conferencing servers
https://news.hitb.org/content/cisco-patches-critical-authentication-flaw-conferencing-servers
Comment le Wi-Fi des opérateurs mobiles permet de pister les abonnés
http://www.01net.com/actualites/comment-le-wi-fi-des-operateurs-mobiles-permet-de-pister-les-abonnes-1055430.html
OUTLOOK WEB ACCESS TWO-FACTOR AUTHENTICATION BYPASS EXISTS
https://threatpost.com/outlook-web-access-two-factor-authentication-bypass-exists/121777/
OUTILS
------
Beat the bad guys at their own game with SafeBreach’s simulated cyberattacks
https://news.hitb.org/content/beat-bad-guys-their-own-game-safebreach’s-simulated-cyberattacks
http://www.networkworld.com/article/3135724/security/beat-the-bad-guys-at-their-own-game-with-safebreach-s-simulated-cyberattacks.html#tk.rss_all
https://safebreach.com
La messagerie Caramail revient en force avec des emails chiffrés de bout en bout
http://www.01net.com/actualites/la-messagerie-caramail-revient-en-force-avec-des-emails-chiffres-de-bout-en-bout-1044279.html
Five EFF Tools to Help You Protect Yourself Online
http://news.hitb.org/content/five-eff-tools-help-you-protect-yourself-online
https://www.eff.org/deeplinks/2016/09/five-eff-tools-help-you-protect-yourself-online
FACEBOOK DEBUTS OPEN SOURCE DETECTION TOOL FOR WINDOWS
https://threatpost.com/facebook-debuts-open-source-detection-tool-for-windows/120897/
https://osquery.io
FREE TOOL PROTECTS MAC USERS FROM WEBCAM SURVEILLANCE
https://threatpost.com/free-tool-protects-mac-users-from-webcam-surveillance/121154/
https://objective-see.com/products/oversight.html
Meet Apache Spot, a new open source project for cybersecurity
https://news.hitb.org/content/meet-apache-spot-new-open-source-project-cybersecurity
DISAPPEARING MESSAGES ADDED TO SIGNAL APP
https://threatpost.com/disappearing-messages-added-to-signal-app/121237/
NEW GOOGLE TOOLS HELP DEVS IMPROVE CONTENT SECURITY POLICY PROTECTION
https://threatpost.com/new-google-tools-help-devs-improve-content-security-policy-protection/120894/
Mooltipass Mini, le gestionnaire de mots de passe qui tient dans la poche
http://www.01net.com/actualites/mooltipass-mini-le-gestionnaire-de-mots-de-passe-qui-tient-dans-la-poche-1052939.html
LastPass Becomes Free On Mobile, Eliminates Last Excuse For Not Using A Password Manager
https://news.hitb.org/content/lastpass-becomes-free-mobile-eliminates-last-excuse-not-using-password-manager
Microsoft’s IFTTT-like Flow is now out of beta
https://news.hitb.org/content/microsoft’s-ifttt-flow-now-out-beta
http://arstechnica.com/information-technology/2016/11/microsofts-ifttt-like-flow-is-now-out-of-beta/
https://flow.microsoft.com/en-us/
------------
01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml
Cette semaine, il y a des sujets plus qu'intéressants.
- Un article qui démontre l'insensibilité à la sécurité de certains de nos "jeunes". Les "vieux" seraient au final mieux armés pour détecter les mails frauduleux. C'est probablement le fait que les "vieux" ont de l'expérience et sont plus méfiants vis-a-vis de la technologie.
- Un autre article traite de solutions simples et pas chères pour contourner un système de reconnaissance faciale
- Un sujet intéressant sur l'utilisation dans les devs de vieux SDK qui appellent des ressources sur des noms de domaines abandonnés. Mais le hic, c'est quand ces noms de domaines sont repris par des personnes aux intentions malveillantes.
- L'intelligence artificielle qui continue à faire peur, à juste titre à mon avis.
Et plein d'autres informations
Bonne lecture
Tristan
==============================================================================================================================================
A LIRE SECURITE
---------------
Five Ways That Good Guys Share More Than Bad Guys
https://taosecurity.blogspot.fr/2016/10/five-ways-that-good-guys-share-more.html
Kids today are so stupid they fall for security scams more often than greybeards
https://news.hitb.org/content/kids-today-are-so-stupid-they-fall-security-scams-more-often-greybeards
http://www.theregister.co.uk/2016/10/20/millennials_easier_bait_for_tech_support_scams_than_baby_boomers/
Facial recognition still can’t beat a 22 cent pair of sunglasses
https://news.hitb.org/content/facial-recognition-still-can’t-beat-22-cent-pair-sunglasses
http://thenextweb.com/artificial-intelligence/2016/11/02/facial-recognition-still-cant-beat-a-22-cent-pair-of-sunglasses/
Pourquoi les attaques DDoS prennent une ampleur inégalée
http://www.01net.com/actualites/pourquoi-les-attaques-ddos-prennent-une-ampleur-inegalee-1044130.html
Expired domains present an opportunity for malicious activity [On n'y pense pas toujours aux vieux SDK qui pointent vers des domaines abandonnés réutilisés par des personnes malveillantes]
https://news.hitb.org/content/expired-domains-present-opportunity-malicious-activity
http://searchsecurity.techtarget.com/news/450400703/Expired-domains-present-an-opportunity-for-malicious-activity
Ransomware Raises The Bar Again
https://news.hitb.org/content/ransomware-raises-bar-again
http://www.darkreading.com/attacks-breaches/ransomware-raises-the-bar-again-/d/d-id/1327138?_mc=RSS_DR_EDT
Le ransomware a bonne santé
https://www.lexsi.com/securityhub/ransomware-a-bonne-sante/
Identifying hackers is harder than you think
https://news.hitb.org/content/identifying-hackers-harder-you-think
http://betanews.com/2016/10/10/hackers-deception/
https://securelist.com/analysis/publications/76273/wave-your-false-flags/
https://securelist.com/files/2016/10/Bartholomew-GuerreroSaade-VB2016.pdf
Pour une révision du protocole SAML
http://www.orange-business.com/fr/blogs/securite/securite-applicative/pour-une-revision-du-protocole-saml
BYPASSING ASLR IN 60 MILLISECONDS
https://threatpost.com/bypassing-aslr-in-60-milliseconds/121412/
Researchers build undetectable rootkit for programmable logic controllers
https://news.hitb.org/content/researchers-build-undetectable-rootkit-programmable-logic-controllers
http://www.networkworld.com/article/3137420/security/researchers-build-undetectable-rootkit-for-programmable-logic-controllers.html#tk.rss_all
DOSSIERS
--------
Yahoo’s CISO resigned in 2015 over secret e-mail search tool ordered by feds
http://news.hitb.org/content/yahoo’s-ciso-resigned-2015-over-secret-e-mail-search-tool-ordered-feds
http://arstechnica.com/tech-policy/2016/10/report-fbi-andor-nsa-ordered-yahoo-to-build-secret-e-mail-search-tool/
=> Neither the NSA nor the FBI have responded to Ars' request for comment.
NSA Director Not Opposed To Splitting Cyber Command From Agency
https://news.hitb.org/content/nsa-director-not-opposed-splitting-cyber-command-agency
http://www.darkreading.com/threat-intelligence/nsa-director-not-opposed-to-splitting-cyber-command-from-agency/d/d-id/1327120?_mc=RSS_DR_EDT
NSA spy details how to tap into webcam on Mac without user noticing
https://news.hitb.org/content/nsa-spy-details-how-tap-webcam-mac-without-user-noticing
http://www.pcauthority.com.au/News/439082,nsa-spy-details-how-to-tap-into-webcam-on-mac-without-user-noticing.aspx
GOOGLE HANDLES RECORD NUMBER OF GOVERNMENT REQUESTS FOR DATA
https://threatpost.com/google-handles-record-number-of-government-requests-for-data/121284/
Shadow Brokers Releases Second Trove of Spying Tools
https://news.hitb.org/content/shadow-brokers-releases-second-trove-spying-tools
http://www.pcmag.com/news/349227/shadow-brokers-releases-second-trove-of-spying-tools
INSOLITE
--------
Nantes: Une journée pour inventer des services stupides et inutiles
http://www.20minutes.fr/nantes/1950947-20161028-nantes-journee-inventer-services-stupides-inutiles
INTELLIGENCE ARTIFICIELLE
-------------------------
Cinq géants de la high tech s’allient pour définir et encadrer l’intelligence artificielle
http://www.01net.com/actualites/cinq-geants-de-la-high-tech-s-allient-pour-definir-et-encadrer-l-intelligence-artificielle-1042482.html
UN PETIT GESTE POUR LA PLANETE
------------------------------
Delete unused Android apps now, or risk a security nightmare
https://news.hitb.org/content/delete-unused-android-apps-now-or-risk-security-nightmare
http://www.techrepublic.com/article/delete-unused-android-apps-now-or-risk-a-security-nightmare/
Linux Foundation appoints two more women to its board of directors
https://news.hitb.org/content/linux-foundation-appoints-two-more-women-its-board-directors
http://www.zdnet.com/article/linux-foundation-appoints-two-more-women-to-its-board-of-directors/
FACEBOOK AND SOCIAL NETWORKS
----------------------------
FACEBOOK BUG BOUNTY PROGRAM PAYS OUT $5 MILLION IN FIVE YEARS
https://threatpost.com/facebook-bug-bounty-program-pays-out-5-million-in-five-years/121278/
Twitter seeks a sale decision by October 27th
https://news.hitb.org/content/twitter-seeks-sale-decision-october-27th
https://www.engadget.com/2016/10/05/twitter-seeks-sale-decision-by-october-27th/
A BOOKMARKER
------------
SALONS / CONFERENCES / EVENEMENTS
---------------------------------
Retour sur les Assises de la sécurité 2016 : la réponse de l'ANSSI aux enjeux nationaux
http://www.orange-business.com/fr/blogs/securite/actualites/retour-sur-les-assises-de-la-securite-2016-la-reponse-de-l-anssi-aux-enjeux-nationaux
PRODUITS
--------
Orosound, le casque intra-auriculaire qui vous fera oublier l'enfer de l'open space
http://www.01net.com/actualites/orosound-le-casque-intra-auriculaire-qui-vous-fera-oublier-l-enfer-de-l-open-space-1049261.html
Ce moniteur portable 24 pouces à emporter partout s’ouvre comme un parapluie
http://www.01net.com/actualites/ce-moniteur-portable-24-pouces-a-emporter-partout-s-ouvre-comme-un-parapluie-1055239.html
BON A SAVOIR
------------
FREE SSL PROVIDERS SPARK UNPRECEDENTED GROWTH IN ENCRYPTED TRAFFIC
https://threatpost.com/free-ssl-providers-spark-unprecedented-growth-in-encrypted-traffic/121336/
Une carte interactive pour savoir où sont les antennes mobiles près de chez vous
http://www.01net.com/actualites/une-carte-interactive-pour-savoir-ou-sont-les-antennes-mobiles-pres-de-chez-vous-1044092.html
http://www.anfr.fr/gestion-des-frequences-sites/lobservatoire-en-carte/
La France à la traîne de l’Europe en matière de débit
http://www.01net.com/actualites/la-france-a-la-traine-de-l-europe-en-matiere-de-debit-1042883.html
https://www.akamai.com/fr/fr/our-thinking/state-of-the-internet-report/global-state-of-the-internet-connectivity-reports.jsp
Six nouveaux services alternatifs pour «dégoogliser» Internet
http://www.01net.com/actualites/six-nouveaux-services-alternatifs-pour-degoogliser-internet-1044239.html
Google, première marque de système d'exploitation ?
http://www.les-infostrateges.com/actu/16092252/google-premiere-marque-de-systeme-d-exploitation
Samsung Galaxy Note 7 : et si les batteries n’avaient rien à voir avec tout ça ?
http://www.01net.com/actualites/samsung-galaxy-note-7-et-si-les-batteries-n-avaient-rien-a-voir-avec-tout-ca-1047098.html
Exclu : Samsung France annonce aux clients la désactivation à distance des Galaxy Note 7 [Info ou Intox ? Ca fait 2 fois que je vois la nouvelle]
http://www.01net.com/actualites/exclu-samsung-france-annonce-aux-clients-la-desactivation-a-distance-des-galaxy-note-7-1049815.html
MITRE will give you $50,000 to 'fingerprint' rogue, dangerous IoT devices
https://news.hitb.org/content/mitre-will-give-you-50000-fingerprint-rogue-dangerous-iot-devices
Netflix reminds password re-users to run a reset
https://news.hitb.org/content/netflix-reminds-password-re-users-run-reset
SCIENCES
--------
HIV researchers edge closer to a cure
http://news.hitb.org/content/hiv-researchers-edge-closer-cure
https://www.engadget.com/2016/10/02/hiv-cure-testing/
Infiniment petit : le plus petit transistor du monde mesure 1 milliardième de mètre !
http://www.01net.com/actualites/infiniment-petit-le-plus-petit-transistor-du-monde-mesure-1-milliardieme-de-metre-1046720.html
CONSOMMATION
------------
RACHAT / UNION
--------------
Samsung buys AI startup created by Siri co-cofounders
https://news.hitb.org/content/samsung-buys-ai-startup-created-siri-co-cofounders
DROIT
-----
AFCDP : 11ème université des Cil le 25 janvier prochain
http://www.les-infostrateges.com/actu/16102269/afcdp-11eme-universite-des-cil-le-25-janvier-prochain
La loi pour une République numérique adoptée définitivement
http://www.les-infostrateges.com/actu/16092254/la-loi-pour-une-republique-numerique-adoptee-definitivement
Commerce, commerce électronique et Cnil : mise à jour de la norme simplifiée n°48
http://www.les-infostrateges.com/actu/16102255/commerce-commerce-electronique-et-cnil-mise-a-jour-de-la-norme-simplifiee-n48
Géolocalisation des véhicules et cybersuveillance abusive des salariés
http://www.les-infostrateges.com/actu/16112271/geolocalisation-des-vehicules-et-cybersuveillance-abusive-des-salaries
MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------
CARRIERE
--------
Experts en cybersécurité : comment trouver la perle ?
http://www.orange-business.com/fr/blogs/securite/actualites/experts-en-cybersecurite-comment-trouver-la-perle-
5 applications pour trouver un job sur iPhone et Android
http://www.01net.com/astuces/5-applications-pour-trouver-un-job-sur-iphone-et-android-1055321.html
MICROSOFT
---------
Windows Server 2016 could rattle the competition
http://news.hitb.org/content/windows-server-2016-could-rattle-competition
http://arstechnica.com/information-technology/2016/10/hands-on-with-windows-server-2016-the-os-with-its-foot-in-everything/
Windows 10, on pourra bientôt enfin désinstaller les applications inutiles de Microsoft
http://www.01net.com/actualites/windows-10-on-pourra-bientot-enfin-desinstaller-les-applications-inutiles-de-microsoft-1045435.html
Get to know the security features in the Edge browser
https://news.hitb.org/content/get-know-security-features-edge-browser
https://www.cnet.com/uk/how-to/get-to-know-the-security-features-in-edge/
It came from Redmond: Windows Server 2016 could rattle the competition
http://arstechnica.com/information-technology/2016/10/hands-on-with-windows-server-2016-the-os-with-its-foot-in-everything/
------
En décembre, Chrome consommera moins de mémoire
http://www.01net.com/actualites/en-decembre-chrome-consommera-moins-de-memoire-1046434.html
GOOGLE TO MAKE CERTIFICATE TRANSPARENCY MANDATORY BY 2017
https://threatpost.com/google-to-make-certificate-transparency-mandatory-by-2017/121651/
GOOGLE TO DISTRUST WOSIGN, STARTCOM CERTS IN 2017
https://threatpost.com/google-to-distrust-wosign-startcom-certs-in-2017/121709/
APPLE / IPHONE
--------------
PALM / PRE
----------
FREE
----
GEEK POWER
----------
LIBRE / OPEN SOURCE
-------------------
Firefox : découvrez ses trois nouvelles fonctions expérimentales à essayer d’urgence…
http://www.01net.com/actualites/firefox-propose-trois-nouvelles-fonctions-experimentales-a-essayer-d-urgence-1048537.html
Vers une version de Firefox encore plus puissante en 2017
http://www.01net.com/actualites/bientot-un-moteur-de-rendu-de-nouvelle-generation-dans-firefox-1053359.html
Microsoft open-sources P language for IoT
https://news.hitb.org/content/microsoft-open-sources-p-language-iot
ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------
Nuke plant has been hacked, says Atomic Energy Agency director
https://news.hitb.org/content/nuke-plant-has-been-hacked-says-atomic-energy-agency-director
http://www.theregister.co.uk/2016/10/11/nuke_plant_has_been_hacked_says_atomic_energy_agency_director/
Piratage informatique chez IKEA : fuite possible ?
http://www.zataz.com/piratage-informatique-fuite-donnees/#ixzz4MQWYY7kJ
Amazon reset user passwords to protect accounts
https://news.hitb.org/content/amazon-reset-user-passwords-protect-accounts
http://tamebay.com/2016/10/amazon-reset-user-passwords-to-protect-accounts.html
VENDETTA BROTHERS CYBER CROOKS ADOPT REAL WORLD TACTICS
https://threatpost.com/vendetta-brothers-cyber-crooks-adopt-real-world-tactics/120955/
DYN DDOS WORK OF SCRIPT KIDDIES, NOT POLITICALLY MOTIVATED HACKERS
https://threatpost.com/dyn-ddos-work-of-script-kiddies-not-politically-motivated-hackers/121537/
Icarus, le hacker qui permet de pirater un drone
http://www.zataz.com/icarus-drone-hacker/#MK4R2wbs1wmMXPrB.99
SUNDOWN EXPLOIT KIT ‘LARGER THREAT THAN PEOPLE REALIZE’
https://threatpost.com/sundown-exploit-kit-larger-threat-than-people-realize/121718/
Three hospitals in England cancel operations over computer virus
https://news.hitb.org/content/three-hospitals-england-cancel-operations-over-computer-virus
http://www.reuters.com/article/britain-cyber-hospitals-idUSL8N1D268W?rpc=401
FAILLES
-------
ADOBE FIXES 81 VULNERABILITIES IN ACROBAT, READER, FLASH
https://threatpost.com/adobe-fixes-81-vulnerabilities-in-acrobat-reader-flash/121206/
GOOGLE PLUGS 21 SECURITY HOLES IN CHROME
https://threatpost.com/google-plugs-21-security-holes-in-chrome/121289/
JPEG 2000 – Researchers find security hole in image codec
http://news.hitb.org/content/jpeg-2000-–-researchers-find-security-hole-image-codec
http://www.theregister.co.uk/2016/10/04/jpeg_2000_security_hole/
Recevoir une image JPEG suffit parfois pour se faire pirater
http://www.01net.com/actualites/recevoir-une-image-jpeg-suffit-parfois-pour-se-faire-pirater-1045102.html
VULNERABILITIES IN INSULIN PUMPS CAN LEAD TO OVERDOSE
https://threatpost.com/vulnerabilities-in-insulin-pumps-can-lead-to-overdose/121064/
CISCO WARNS OF CRITICAL FLAWS IN NEXUS SWITCHES
https://threatpost.com/cisco-warns-of-critical-flaws-in-nexus-switches/121164/
PowerShell's admin-lite scheme is an open door
https://news.hitb.org/content/powershells-admin-lite-scheme-open-door
http://www.theregister.co.uk/2016/10/10/security_bod_to_microsoft_your_powershell_jea_feature_isnt_a_barrier_its_an_open_door/
Android : une vieille faille Linux permet de rooter tous les smartphones
http://www.01net.com/actualites/android-une-vieille-faille-linux-permet-de-rooter-tous-les-smartphones-1051930.html
Cisco patches critical authentication flaw in conferencing servers
https://news.hitb.org/content/cisco-patches-critical-authentication-flaw-conferencing-servers
Comment le Wi-Fi des opérateurs mobiles permet de pister les abonnés
http://www.01net.com/actualites/comment-le-wi-fi-des-operateurs-mobiles-permet-de-pister-les-abonnes-1055430.html
OUTLOOK WEB ACCESS TWO-FACTOR AUTHENTICATION BYPASS EXISTS
https://threatpost.com/outlook-web-access-two-factor-authentication-bypass-exists/121777/
OUTILS
------
Beat the bad guys at their own game with SafeBreach’s simulated cyberattacks
https://news.hitb.org/content/beat-bad-guys-their-own-game-safebreach’s-simulated-cyberattacks
http://www.networkworld.com/article/3135724/security/beat-the-bad-guys-at-their-own-game-with-safebreach-s-simulated-cyberattacks.html#tk.rss_all
https://safebreach.com
La messagerie Caramail revient en force avec des emails chiffrés de bout en bout
http://www.01net.com/actualites/la-messagerie-caramail-revient-en-force-avec-des-emails-chiffres-de-bout-en-bout-1044279.html
Five EFF Tools to Help You Protect Yourself Online
http://news.hitb.org/content/five-eff-tools-help-you-protect-yourself-online
https://www.eff.org/deeplinks/2016/09/five-eff-tools-help-you-protect-yourself-online
FACEBOOK DEBUTS OPEN SOURCE DETECTION TOOL FOR WINDOWS
https://threatpost.com/facebook-debuts-open-source-detection-tool-for-windows/120897/
https://osquery.io
FREE TOOL PROTECTS MAC USERS FROM WEBCAM SURVEILLANCE
https://threatpost.com/free-tool-protects-mac-users-from-webcam-surveillance/121154/
https://objective-see.com/products/oversight.html
Meet Apache Spot, a new open source project for cybersecurity
https://news.hitb.org/content/meet-apache-spot-new-open-source-project-cybersecurity
DISAPPEARING MESSAGES ADDED TO SIGNAL APP
https://threatpost.com/disappearing-messages-added-to-signal-app/121237/
NEW GOOGLE TOOLS HELP DEVS IMPROVE CONTENT SECURITY POLICY PROTECTION
https://threatpost.com/new-google-tools-help-devs-improve-content-security-policy-protection/120894/
Mooltipass Mini, le gestionnaire de mots de passe qui tient dans la poche
http://www.01net.com/actualites/mooltipass-mini-le-gestionnaire-de-mots-de-passe-qui-tient-dans-la-poche-1052939.html
LastPass Becomes Free On Mobile, Eliminates Last Excuse For Not Using A Password Manager
https://news.hitb.org/content/lastpass-becomes-free-mobile-eliminates-last-excuse-not-using-password-manager
Microsoft’s IFTTT-like Flow is now out of beta
https://news.hitb.org/content/microsoft’s-ifttt-flow-now-out-beta
http://arstechnica.com/information-technology/2016/11/microsofts-ifttt-like-flow-is-now-out-of-beta/
https://flow.microsoft.com/en-us/
------------
01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml
Partager cet article
/fdata%2F3623501%2Favatar-blog-1141323782-tmpphp3EdOiO.jpeg){kind=avatar}