Overblog Suivre ce blog
Editer l'article Administration Créer mon blog
8 novembre 2016 2 08 /11 /novembre /2016 19:33
==============================================================================================================================================

Cette semaine, il y a des sujets plus qu'intéressants.
- Un article qui démontre l'insensibilité à la sécurité de certains de nos "jeunes". Les "vieux" seraient au final mieux armés pour détecter les mails frauduleux. C'est probablement le fait que les "vieux" ont de l'expérience et sont plus méfiants vis-a-vis de la technologie.
- Un autre article traite de solutions simples et pas chères pour contourner un système de reconnaissance faciale
- Un sujet intéressant sur l'utilisation dans les devs de vieux SDK qui appellent des ressources sur des noms de domaines abandonnés. Mais le hic, c'est quand ces noms de domaines sont repris par des personnes aux intentions malveillantes.
- L'intelligence artificielle qui continue à  faire peur, à juste titre à  mon avis.
Et plein d'autres informations

Bonne lecture
Tristan

==============================================================================================================================================


A LIRE SECURITE
---------------

Five Ways That Good Guys Share More Than Bad Guys
https://taosecurity.blogspot.fr/2016/10/five-ways-that-good-guys-share-more.html

Kids today are so stupid they fall for security scams more often than greybeards
https://news.hitb.org/content/kids-today-are-so-stupid-they-fall-security-scams-more-often-greybeards
http://www.theregister.co.uk/2016/10/20/millennials_easier_bait_for_tech_support_scams_than_baby_boomers/

Facial recognition still can’t beat a 22 cent pair of sunglasses
https://news.hitb.org/content/facial-recognition-still-can’t-beat-22-cent-pair-sunglasses
http://thenextweb.com/artificial-intelligence/2016/11/02/facial-recognition-still-cant-beat-a-22-cent-pair-of-sunglasses/

Pourquoi les attaques DDoS prennent une ampleur inégalée
http://www.01net.com/actualites/pourquoi-les-attaques-ddos-prennent-une-ampleur-inegalee-1044130.html

Expired domains present an opportunity for malicious activity [On n'y pense pas toujours aux vieux SDK qui pointent vers des domaines abandonnés réutilisés par des personnes malveillantes]
https://news.hitb.org/content/expired-domains-present-opportunity-malicious-activity
http://searchsecurity.techtarget.com/news/450400703/Expired-domains-present-an-opportunity-for-malicious-activity

Ransomware Raises The Bar Again
https://news.hitb.org/content/ransomware-raises-bar-again
http://www.darkreading.com/attacks-breaches/ransomware-raises-the-bar-again-/d/d-id/1327138?_mc=RSS_DR_EDT

Le ransomware a bonne santé
https://www.lexsi.com/securityhub/ransomware-a-bonne-sante/

Identifying hackers is harder than you think
https://news.hitb.org/content/identifying-hackers-harder-you-think
http://betanews.com/2016/10/10/hackers-deception/
https://securelist.com/analysis/publications/76273/wave-your-false-flags/
https://securelist.com/files/2016/10/Bartholomew-GuerreroSaade-VB2016.pdf

Pour une révision du protocole SAML
http://www.orange-business.com/fr/blogs/securite/securite-applicative/pour-une-revision-du-protocole-saml

BYPASSING ASLR IN 60 MILLISECONDS
https://threatpost.com/bypassing-aslr-in-60-milliseconds/121412/

Researchers build undetectable rootkit for programmable logic controllers
https://news.hitb.org/content/researchers-build-undetectable-rootkit-programmable-logic-controllers
http://www.networkworld.com/article/3137420/security/researchers-build-undetectable-rootkit-for-programmable-logic-controllers.html#tk.rss_all

DOSSIERS
--------

Yahoo’s CISO resigned in 2015 over secret e-mail search tool ordered by feds
http://news.hitb.org/content/yahoo’s-ciso-resigned-2015-over-secret-e-mail-search-tool-ordered-feds
http://arstechnica.com/tech-policy/2016/10/report-fbi-andor-nsa-ordered-yahoo-to-build-secret-e-mail-search-tool/
=> Neither the NSA nor the FBI have responded to Ars' request for comment.

NSA Director Not Opposed To Splitting Cyber Command From Agency
https://news.hitb.org/content/nsa-director-not-opposed-splitting-cyber-command-agency
http://www.darkreading.com/threat-intelligence/nsa-director-not-opposed-to-splitting-cyber-command-from-agency/d/d-id/1327120?_mc=RSS_DR_EDT

NSA spy details how to tap into webcam on Mac without user noticing
https://news.hitb.org/content/nsa-spy-details-how-tap-webcam-mac-without-user-noticing
http://www.pcauthority.com.au/News/439082,nsa-spy-details-how-to-tap-into-webcam-on-mac-without-user-noticing.aspx

GOOGLE HANDLES RECORD NUMBER OF GOVERNMENT REQUESTS FOR DATA
https://threatpost.com/google-handles-record-number-of-government-requests-for-data/121284/

Shadow Brokers Releases Second Trove of Spying Tools
https://news.hitb.org/content/shadow-brokers-releases-second-trove-spying-tools
http://www.pcmag.com/news/349227/shadow-brokers-releases-second-trove-of-spying-tools

INSOLITE
--------

Nantes: Une journée pour inventer des services stupides et inutiles
http://www.20minutes.fr/nantes/1950947-20161028-nantes-journee-inventer-services-stupides-inutiles

INTELLIGENCE ARTIFICIELLE
-------------------------

Cinq géants de la high tech s’allient pour définir et encadrer l’intelligence artificielle
http://www.01net.com/actualites/cinq-geants-de-la-high-tech-s-allient-pour-definir-et-encadrer-l-intelligence-artificielle-1042482.html

UN PETIT GESTE POUR LA PLANETE
------------------------------

Delete unused Android apps now, or risk a security nightmare
https://news.hitb.org/content/delete-unused-android-apps-now-or-risk-security-nightmare
http://www.techrepublic.com/article/delete-unused-android-apps-now-or-risk-a-security-nightmare/

Linux Foundation appoints two more women to its board of directors
https://news.hitb.org/content/linux-foundation-appoints-two-more-women-its-board-directors
http://www.zdnet.com/article/linux-foundation-appoints-two-more-women-to-its-board-of-directors/

FACEBOOK AND SOCIAL NETWORKS
----------------------------

FACEBOOK BUG BOUNTY PROGRAM PAYS OUT $5 MILLION IN FIVE YEARS
https://threatpost.com/facebook-bug-bounty-program-pays-out-5-million-in-five-years/121278/

Twitter seeks a sale decision by October 27th
https://news.hitb.org/content/twitter-seeks-sale-decision-october-27th
https://www.engadget.com/2016/10/05/twitter-seeks-sale-decision-by-october-27th/

A BOOKMARKER
------------


SALONS / CONFERENCES / EVENEMENTS
---------------------------------

Retour sur les Assises de la sécurité 2016 : la réponse de l'ANSSI aux enjeux nationaux
http://www.orange-business.com/fr/blogs/securite/actualites/retour-sur-les-assises-de-la-securite-2016-la-reponse-de-l-anssi-aux-enjeux-nationaux

PRODUITS
--------

Orosound, le casque intra-auriculaire qui vous fera oublier l'enfer de l'open space
http://www.01net.com/actualites/orosound-le-casque-intra-auriculaire-qui-vous-fera-oublier-l-enfer-de-l-open-space-1049261.html

Ce moniteur portable 24 pouces à emporter partout s’ouvre comme un parapluie
http://www.01net.com/actualites/ce-moniteur-portable-24-pouces-a-emporter-partout-s-ouvre-comme-un-parapluie-1055239.html

BON A SAVOIR
------------

FREE SSL PROVIDERS SPARK UNPRECEDENTED GROWTH IN ENCRYPTED TRAFFIC
https://threatpost.com/free-ssl-providers-spark-unprecedented-growth-in-encrypted-traffic/121336/

Une carte interactive pour savoir où sont les antennes mobiles près de chez vous
http://www.01net.com/actualites/une-carte-interactive-pour-savoir-ou-sont-les-antennes-mobiles-pres-de-chez-vous-1044092.html
http://www.anfr.fr/gestion-des-frequences-sites/lobservatoire-en-carte/

La France à la traîne de l’Europe en matière de débit
http://www.01net.com/actualites/la-france-a-la-traine-de-l-europe-en-matiere-de-debit-1042883.html
https://www.akamai.com/fr/fr/our-thinking/state-of-the-internet-report/global-state-of-the-internet-connectivity-reports.jsp

Six nouveaux services alternatifs pour «dégoogliser» Internet
http://www.01net.com/actualites/six-nouveaux-services-alternatifs-pour-degoogliser-internet-1044239.html

Google, première marque de système d'exploitation ?
http://www.les-infostrateges.com/actu/16092252/google-premiere-marque-de-systeme-d-exploitation

Samsung Galaxy Note 7 : et si les batteries n’avaient rien à voir avec tout ça ?
http://www.01net.com/actualites/samsung-galaxy-note-7-et-si-les-batteries-n-avaient-rien-a-voir-avec-tout-ca-1047098.html

Exclu : Samsung France annonce aux clients la désactivation à distance des Galaxy Note 7 [Info ou Intox ? Ca fait 2 fois que je vois la nouvelle]
http://www.01net.com/actualites/exclu-samsung-france-annonce-aux-clients-la-desactivation-a-distance-des-galaxy-note-7-1049815.html

MITRE will give you $50,000 to 'fingerprint' rogue, dangerous IoT devices
https://news.hitb.org/content/mitre-will-give-you-50000-fingerprint-rogue-dangerous-iot-devices

Netflix reminds password re-users to run a reset
https://news.hitb.org/content/netflix-reminds-password-re-users-run-reset

SCIENCES
--------

HIV researchers edge closer to a cure
http://news.hitb.org/content/hiv-researchers-edge-closer-cure
https://www.engadget.com/2016/10/02/hiv-cure-testing/

Infiniment petit : le plus petit transistor du monde mesure 1 milliardième de mètre !
http://www.01net.com/actualites/infiniment-petit-le-plus-petit-transistor-du-monde-mesure-1-milliardieme-de-metre-1046720.html

CONSOMMATION
------------



RACHAT / UNION
--------------

Samsung buys AI startup created by Siri co-cofounders
https://news.hitb.org/content/samsung-buys-ai-startup-created-siri-co-cofounders

DROIT
-----

AFCDP : 11ème université des Cil le 25 janvier prochain
http://www.les-infostrateges.com/actu/16102269/afcdp-11eme-universite-des-cil-le-25-janvier-prochain

La loi pour une République numérique adoptée définitivement
http://www.les-infostrateges.com/actu/16092254/la-loi-pour-une-republique-numerique-adoptee-definitivement

Commerce, commerce électronique et Cnil : mise à jour de la norme simplifiée n°48
http://www.les-infostrateges.com/actu/16102255/commerce-commerce-electronique-et-cnil-mise-a-jour-de-la-norme-simplifiee-n48

Géolocalisation des véhicules et cybersuveillance abusive des salariés
http://www.les-infostrateges.com/actu/16112271/geolocalisation-des-vehicules-et-cybersuveillance-abusive-des-salaries

MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------

CARRIERE
--------

Experts en cybersécurité : comment trouver la perle ?
http://www.orange-business.com/fr/blogs/securite/actualites/experts-en-cybersecurite-comment-trouver-la-perle-

5 applications pour trouver un job sur iPhone et Android
http://www.01net.com/astuces/5-applications-pour-trouver-un-job-sur-iphone-et-android-1055321.html

MICROSOFT
---------

Windows Server 2016 could rattle the competition
http://news.hitb.org/content/windows-server-2016-could-rattle-competition
http://arstechnica.com/information-technology/2016/10/hands-on-with-windows-server-2016-the-os-with-its-foot-in-everything/

Windows 10, on pourra bientôt enfin désinstaller les applications inutiles de Microsoft
http://www.01net.com/actualites/windows-10-on-pourra-bientot-enfin-desinstaller-les-applications-inutiles-de-microsoft-1045435.html

Get to know the security features in the Edge browser
https://news.hitb.org/content/get-know-security-features-edge-browser
https://www.cnet.com/uk/how-to/get-to-know-the-security-features-in-edge/

It came from Redmond: Windows Server 2016 could rattle the competition
http://arstechnica.com/information-technology/2016/10/hands-on-with-windows-server-2016-the-os-with-its-foot-in-everything/

GOOGLE
------

En décembre, Chrome consommera moins de mémoire
http://www.01net.com/actualites/en-decembre-chrome-consommera-moins-de-memoire-1046434.html

GOOGLE TO MAKE CERTIFICATE TRANSPARENCY MANDATORY BY 2017
https://threatpost.com/google-to-make-certificate-transparency-mandatory-by-2017/121651/

GOOGLE TO DISTRUST WOSIGN, STARTCOM CERTS IN 2017
https://threatpost.com/google-to-distrust-wosign-startcom-certs-in-2017/121709/

APPLE / IPHONE
--------------

PALM / PRE
----------

FREE
----

GEEK POWER
----------

LIBRE / OPEN SOURCE
-------------------

Firefox : découvrez ses trois nouvelles fonctions expérimentales à essayer d’urgence…
http://www.01net.com/actualites/firefox-propose-trois-nouvelles-fonctions-experimentales-a-essayer-d-urgence-1048537.html

Vers une version de Firefox encore plus puissante en 2017
http://www.01net.com/actualites/bientot-un-moteur-de-rendu-de-nouvelle-generation-dans-firefox-1053359.html

Microsoft open-sources P language for IoT
https://news.hitb.org/content/microsoft-open-sources-p-language-iot

ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------

Nuke plant has been hacked, says Atomic Energy Agency director
https://news.hitb.org/content/nuke-plant-has-been-hacked-says-atomic-energy-agency-director
http://www.theregister.co.uk/2016/10/11/nuke_plant_has_been_hacked_says_atomic_energy_agency_director/

Piratage informatique chez IKEA : fuite possible ?
http://www.zataz.com/piratage-informatique-fuite-donnees/#ixzz4MQWYY7kJ

Amazon reset user passwords to protect accounts
https://news.hitb.org/content/amazon-reset-user-passwords-protect-accounts
http://tamebay.com/2016/10/amazon-reset-user-passwords-to-protect-accounts.html

VENDETTA BROTHERS CYBER CROOKS ADOPT REAL WORLD TACTICS
https://threatpost.com/vendetta-brothers-cyber-crooks-adopt-real-world-tactics/120955/

DYN DDOS WORK OF SCRIPT KIDDIES, NOT POLITICALLY MOTIVATED HACKERS
https://threatpost.com/dyn-ddos-work-of-script-kiddies-not-politically-motivated-hackers/121537/

Icarus, le hacker qui permet de pirater un drone
http://www.zataz.com/icarus-drone-hacker/#MK4R2wbs1wmMXPrB.99

SUNDOWN EXPLOIT KIT ‘LARGER THREAT THAN PEOPLE REALIZE’
https://threatpost.com/sundown-exploit-kit-larger-threat-than-people-realize/121718/

Three hospitals in England cancel operations over computer virus
https://news.hitb.org/content/three-hospitals-england-cancel-operations-over-computer-virus
http://www.reuters.com/article/britain-cyber-hospitals-idUSL8N1D268W?rpc=401

FAILLES
-------

ADOBE FIXES 81 VULNERABILITIES IN ACROBAT, READER, FLASH
https://threatpost.com/adobe-fixes-81-vulnerabilities-in-acrobat-reader-flash/121206/

GOOGLE PLUGS 21 SECURITY HOLES IN CHROME
https://threatpost.com/google-plugs-21-security-holes-in-chrome/121289/

JPEG 2000 – Researchers find security hole in image codec
http://news.hitb.org/content/jpeg-2000-–-researchers-find-security-hole-image-codec
http://www.theregister.co.uk/2016/10/04/jpeg_2000_security_hole/

Recevoir une image JPEG suffit parfois pour se faire pirater
http://www.01net.com/actualites/recevoir-une-image-jpeg-suffit-parfois-pour-se-faire-pirater-1045102.html

VULNERABILITIES IN INSULIN PUMPS CAN LEAD TO OVERDOSE
https://threatpost.com/vulnerabilities-in-insulin-pumps-can-lead-to-overdose/121064/

CISCO WARNS OF CRITICAL FLAWS IN NEXUS SWITCHES
https://threatpost.com/cisco-warns-of-critical-flaws-in-nexus-switches/121164/

PowerShell's admin-lite scheme is an open door
https://news.hitb.org/content/powershells-admin-lite-scheme-open-door
http://www.theregister.co.uk/2016/10/10/security_bod_to_microsoft_your_powershell_jea_feature_isnt_a_barrier_its_an_open_door/

Android : une vieille faille Linux permet de rooter tous les smartphones
http://www.01net.com/actualites/android-une-vieille-faille-linux-permet-de-rooter-tous-les-smartphones-1051930.html

Cisco patches critical authentication flaw in conferencing servers
https://news.hitb.org/content/cisco-patches-critical-authentication-flaw-conferencing-servers

Comment le Wi-Fi des opérateurs mobiles permet de pister les abonnés
http://www.01net.com/actualites/comment-le-wi-fi-des-operateurs-mobiles-permet-de-pister-les-abonnes-1055430.html

OUTLOOK WEB ACCESS TWO-FACTOR AUTHENTICATION BYPASS EXISTS
https://threatpost.com/outlook-web-access-two-factor-authentication-bypass-exists/121777/

OUTILS
------

Beat the bad guys at their own game with SafeBreach’s simulated cyberattacks
https://news.hitb.org/content/beat-bad-guys-their-own-game-safebreach’s-simulated-cyberattacks
http://www.networkworld.com/article/3135724/security/beat-the-bad-guys-at-their-own-game-with-safebreach-s-simulated-cyberattacks.html#tk.rss_all
https://safebreach.com

La messagerie Caramail revient en force avec des emails chiffrés de bout en bout
http://www.01net.com/actualites/la-messagerie-caramail-revient-en-force-avec-des-emails-chiffres-de-bout-en-bout-1044279.html

Five EFF Tools to Help You Protect Yourself Online
http://news.hitb.org/content/five-eff-tools-help-you-protect-yourself-online
https://www.eff.org/deeplinks/2016/09/five-eff-tools-help-you-protect-yourself-online

FACEBOOK DEBUTS OPEN SOURCE DETECTION TOOL FOR WINDOWS
https://threatpost.com/facebook-debuts-open-source-detection-tool-for-windows/120897/
https://osquery.io

FREE TOOL PROTECTS MAC USERS FROM WEBCAM SURVEILLANCE
https://threatpost.com/free-tool-protects-mac-users-from-webcam-surveillance/121154/
https://objective-see.com/products/oversight.html

Meet Apache Spot, a new open source project for cybersecurity
https://news.hitb.org/content/meet-apache-spot-new-open-source-project-cybersecurity

DISAPPEARING MESSAGES ADDED TO SIGNAL APP
https://threatpost.com/disappearing-messages-added-to-signal-app/121237/

NEW GOOGLE TOOLS HELP DEVS IMPROVE CONTENT SECURITY POLICY PROTECTION
https://threatpost.com/new-google-tools-help-devs-improve-content-security-policy-protection/120894/

Mooltipass Mini, le gestionnaire de mots de passe qui tient dans la poche
http://www.01net.com/actualites/mooltipass-mini-le-gestionnaire-de-mots-de-passe-qui-tient-dans-la-poche-1052939.html

LastPass Becomes Free On Mobile, Eliminates Last Excuse For Not Using A Password Manager
https://news.hitb.org/content/lastpass-becomes-free-mobile-eliminates-last-excuse-not-using-password-manager

Microsoft’s IFTTT-like Flow is now out of beta
https://news.hitb.org/content/microsoft’s-ifttt-flow-now-out-beta
http://arstechnica.com/information-technology/2016/11/microsofts-ifttt-like-flow-is-now-out-of-beta/
https://flow.microsoft.com/en-us/

------------

01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml

Partager cet article

Repost 0
Published by pseudonyme
commenter cet article

commentaires

Présentation

  • : Veille
  • Veille
  • : Un petit blog sans prétention (enfin j'espère) sur ce qui retient mon attention en matière de sécurité informatique....mais pas que.
  • Contact

Recherche

Liens