Un petit blog sans prétention (enfin j'espère) sur ce qui retient mon attention en matière de sécurité informatique....mais pas que.
==============================================================================================================================================
Le principe de la veille hebdomadaire c'est qu'elle parait toutes les semaines. Bon là, je dois l'avouer, on est plus sur une veille mensuelle voir bimestrielle....Mais j'ai quelques activités qui m'occupent un peu.
Bon alors je publie pour août et je vous souhaite une bonne lecture.
Tristan
==============================================================================================================================================
A LIRE SECURITE
---------------
PROJECTSAURON APT ON PAR WITH EQUATION, FLAME, DUQU
https://threatpost.com/projectsauron-apt-on-par-with-equation-flame-duqu/119725/
https://cdn.securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf
Intel embarque-t-il une porte dérobée dans toutes ses puces ?
http://www.01net.com/actualites/intel-embarque-t-il-une-porte-derobee-dans-ses-puces-985396.html
Fake Boarding Pass App Gets Hacker Into Fancy Airline Lounges
https://www.wired.com/2016/08/fake-boarding-pass-app-gets-hacker-fancy-airline-lounges/
https://www.youtube.com/watch?time_continue=95&v=7829-HtV3uo
Intel x86s hide another CPU that can take over your machine (you can't audit it)
http://boingboing.net/2016/06/15/intel-x86-processors-ship-with.html
How to really fix the latest Adobe Flash security hole
http://news.hitb.org/content/how-really-fix-latest-adobe-flash-security-hole
http://www.zdnet.com/article/the-real-adobe-flash-fix-is-in/ [Un bon Tips and Tricks pour utilisateur]
So, Just Why Is 18atcskd2w Such a Popular Password? [La présence des bots....]
http://www.tripwire.com/state-of-security/featured/so-just-why-is-18atcskd2w-such-a-popular-password/
The curious tale of Ethereum: How a hacker stole $53m in digital currency and could legally keep it
http://news.hitb.org/content/curious-tale-ethereum-how-hacker-stole-53m-digital-currency-and-could-legally-keep-it
http://www.ibtimes.co.uk/curious-tale-ethereum-how-hacker-stole-53m-digital-currency-could-legally-keep-it-1566524
EMAIL SERVERS FOR MORE THAN HALF OF WORLD’S TOP SITES CAN BE SPOOFED
https://threatpost.com/email-servers-for-more-than-half-of-worlds-top-sites-can-be-spoofed/118840/
https://blog.detectify.com/2016/06/20/misconfigured-email-servers-open-the-door-to-spoofed-emails-from-top-domains/
VIDEO: Exploit Kits: Hunting The Hunters
http://news.hitb.org/content/video-exploit-kits-hunting-hunters
A starter guide for biometrics in security
http://news.hitb.org/content/starter-guide-biometrics-security
http://www.computerweekly.com/opinion/Security-Think-Tank-A-starter-guide-for-biometrics-in-security
The future of Node.js: Stable, secure, everywhere
http://news.hitb.org/content/future-nodejs-stable-secure-everywhere
http://www.javaworld.com/article/3103520/javascript/the-future-of-nodejs-stable-secure-everywhere.html#tk.rss_all
DOSSIERS
--------
The FBI Says Its Malware Isn’t Malware Because the FBI Is Good
http://news.hitb.org/content/fbi-says-its-malware-isn’t-malware-because-fbi-good
BANQUES
-------
Singapore banks adopt voice biometrics for user authentication
http://news.hitb.org/content/singapore-banks-adopt-voice-biometrics-user-authentication
Hackers hit central banks in Indonesia and South Korea
http://news.hitb.org/content/?hackers-hit-central-banks-indonesia-and-south-korea
http://www.zdnet.com/article/hackers-hit-central-banks-in-indonesia-and-south-korea/#ftag=RSSbaffb68
INSOLITE
--------
UN PETIT GESTE POUR LA PLANETE
------------------------------
PUBLIC, PRIVATE SECTOR TEAM TO FIGHT RANSOMWARE
https://threatpost.com/public-private-sector-team-to-fight-ransomware/119484/
FACEBOOK AND SOCIAL NETWORKS
----------------------------
A BOOKMARKER
------------
SALONS / CONFERENCES / EVENEMENTS
---------------------------------
DARPA's Cyber Grand Challenge Aims To Beat Viruses for Good
http://news.hitb.org/content/darpas-cyber-grand-challenge-aims-beat-viruses-good
PRODUITS
--------
Avast Nitro, le nouvel antivirus qui dynamite les malwares grâce au cloud
http://www.01net.com/actualites/avast-nitro-dynamite-les-malwares-grace-au-cloud-991054.html
BON A SAVOIR
------------
How Your Smartwatch or Fitness Tracker Could Reveal Your ATM PIN
http://www.tripwire.com/state-of-security/featured/smartwatch-fitness-tracker-atm-pin/
New Internet Security Domains Debut
http://news.hitb.org/content/new-internet-security-domains-debut
http://www.darkreading.com/cloud/new-internet-security-domains-debut-/d/d-id/1326526?_mc=RSS_DR_EDT
=> .security and .protection
Four US firms rule the world's cloud infrastructure
http://news.hitb.org/content/four-us-firms-rule-worlds-cloud-infrastructure
http://www.infoworld.com/article/3102885/cloud-computing/four-us-firms-rule-the-worlds-cloud-infrastructure.html
https://www.srgresearch.com/articles/amazon-leads-microsoft-ibm-google-chase-others-trail
KASPERSKY LAB LAUNCHES BUG BOUNTY PROGRAM
https://threatpost.com/kaspersky-lab-launches-bug-bounty-program/119586/
La Cnil lance une consultation publique sur le règlement européen sur la protection des données
http://www.les-infostrateges.com/actu/16062205/la-cnil-lance-une-consultation-publique-sur-le-reglement-europeen-sur-la-protection-des-donnees
Apple Pay arrive en France : 20 questions pour tout savoir sur le service de paiement
http://www.01net.com/actualites/apple-pay-arrive-en-france-20-questions-pour-tout-savoir-sur-le-service-de-paiement-sans-contact-984903.html
Ex-Google engineer launches blockchain-based system for banks
http://news.hitb.org/content/ex-google-engineer-launches-blockchain-based-system-banks
http://www.reuters.com/article/us-tech-banks-blockchain-idUSKCN0ZT1S3
Social engineering: 3 golden rules to thwart hackers
http://news.hitb.org/content/social-engineering-3-golden-rules-thwart-hackers
http://www.information-age.com/technology/security/123461687/social-engineering-3-golden-rules-thwart-hackers
5 Steps Towards a Long-lasting Relationship With Your Security Data Scientist
http://www.tripwire.com/state-of-security/featured/5-steps-towards-a-long-lasting-relationship-with-your-security-data-scientist/
SCIENCES
--------
Des chercheurs allemands donnent un aperçu des disques durs du futur
http://www.01net.com/actualites/des-chercheurs-allemands-donnent-un-apercu-des-disques-durs-du-futur-990668.html
Two catalysts efficiently turn plastic trash into diesel
http://news.hitb.org/content/two-catalysts-efficiently-turn-plastic-trash-diesel
http://arstechnica.com/science/2016/06/turning-plastic-into-diesel-fuel-instead-of-trash/
Ce processeur fait battre 1000 cœurs de façon indépendante
http://www.01net.com/actualites/ce-processeur-fait-battre-1000-coeurs-de-facon-independante-990195.html
Le supercalculateur le plus puissant du monde est chinois, jusque dans ses processeurs
http://www.01net.com/actualites/le-supercalculateur-le-plus-du-monde-est-chinois-jusque-dans-ses-processeurs-990865.html
How archaeologists found the lost medieval megacity of Angkor
http://news.hitb.org/content/how-archaeologists-found-lost-medieval-megacity-angkor
Swarm, la puce du MIT qui pourrait rendre nos PC et smartphones 75 fois plus rapides
http://www.01net.com/actualites/swarm-la-puce-du-mit-qui-pourrait-rendre-nos-pc-et-smartphones-75-fois-plus-rapides-1001543.html
CONSOMMATION
------------
RACHAT / UNION
--------------
DROIT
-----
Firm pays $950,000 penalty for using Wi-Fi signals to secretly track phone users
http://news.hitb.org/content/firm-pays-950000-penalty-using-wi-fi-signals-secretly-track-phone-users
Dépôt du nom de domaine d'un client et abus de confiance
http://www.les-infostrateges.com/actu/16072217/depot-du-nom-de-domaine-d-un-client-et-abus-de-confiance
GDPR is Coming – Penalty Primer
http://www.tripwire.com/state-of-security/featured/gdpr-is-coming-penalty-primer/
Décryptage du nouveau règlement européen sur la protection des données personnelles
http://www.orange-business.com/fr/blogs/securite/lois-reglementations-standards-et-certifications/decryptage-du-nouveau-reglement-europeen-sur-la-protection-des-donnees-personnelles
MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------
CARRIERE
--------
MICROSOFT
---------
GOOGLE
------
Google's security princess talks cybersecurity
http://news.hitb.org/content/googles-security-princess-talks-cybersecurity
https://opensource.com/life/16/6/interview-parisa-tabriz-google
Google lance un groupe de recherche en Europe
http://www.les-infostrateges.com/actu/16062206/google-lance-un-groupe-de-recherche-en-europe
Google simplifie et sécurise l'accès à votre compte
http://www.01net.com/actualites/google-simplifie-la-double-authentification-d-acces-a-un-compte-990984.html
Google joue au docteur et vous aide à vous autodiagnostiquer
http://www.01net.com/actualites/google-joue-au-docteur-990943.html
Google notifies users of 4,000 state-sponsored cyber attacks per month: executive
http://news.hitb.org/content/google-notifies-users-4000-state-sponsored-cyber-attacks-month-executive
Google va blinder Chrome contre les attaques quantiques
http://www.01net.com/actualites/google-commence-a-proteger-ses-utilisateurs-contre-les-attaques-quantiques-1003041.html
Project Bloks, les petites briques Google qui vont apprendre la programmation aux enfants
http://www.01net.com/actualites/google-presente-project-bloks-les-petites-briques-qui-vont-apprendre-la-programmation-aux-enfants-997345.html
https://projectbloks.withgoogle.com
APPLE / IPHONE
--------------
PALM / PRE
----------
FREE
----
GEEK POWER
----------
LIBRE / OPEN SOURCE
-------------------
Git 2.9 Source Code Management System Is a Major Release with Many New Features
http://news.hitb.org/content/git-29-source-code-management-system-major-release-many-new-features
http://news.softpedia.com/news/git-2-9-source-code-management-system-is-a-major-release-with-many-new-features-505210.shtml
Firefox teste un système d’identités multiples pour protéger votre surf
http://www.01net.com/actualites/firefox-teste-un-systeme-d-identites-multiples-pour-surfer-sur-le-web-985318.html
New 'Hardened' Tor Browser Protects Users From FBI Hacking
http://news.hitb.org/content/new-hardened-tor-browser-protects-users-fbi-hacking
http://motherboard.vice.com/read/tor-is-teaming-up-with-researchers-to-protect-users-from-fbi-hacking
https://www.ics.uci.edu/~perl/pets16_selfrando.pdf
Interview : Opera prépare un navigateur dopé à l'intelligence artificielle
http://www.01net.com/actualites/krystian-kolondra-opera-nous-allons-lancer-un-nouveau-navigateur-pour-pc-983801.html
ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------
Your monitor can be hacked, used to spy on you
http://news.hitb.org/content/your-monitor-can-be-hacked-used-spy-you
http://www.techspot.com/news/65878-monitor-can-hacked-used-spy-you.html
Avec le code de PoC : https://github.com/redballoonshenanigans/monitordarkly
Et la présentation : http://www.redballoonsecurity.com/presentation/Recon_0xA_A_Monitor_Darkly.pdf
Necurs botnet is back online after mysterious 3-week hiatus
http://news.hitb.org/content/necurs-botnet-back-online-after-mysterious-3-week-hiatus
http://www.ibtimes.co.uk/necurs-botnet-back-online-after-mysterious-3-week-hiatus-1566873
XDEDIC SCOPE MAY BE LARGER THAN ORIGINALLY THOUGHT
https://threatpost.com/xdedic-scope-may-be-larger-than-originally-thought/118771/
AGGRESSIVE TRIADA, HORDE VARIANTS UP MOBILE MALWARE THREAT
https://threatpost.com/aggressive-triada-horde-variants-up-mobile-malware-threat/118767/
New Android malware can secretly root your phone and install programs
http://news.hitb.org/content/new-android-malware-can-secretly-root-your-phone-and-install-programs
http://www.computerworld.com/article/3087003/security/new-android-malware-can-secretly-root-your-phone-and-install-programs.html
"Some apps are clean but have a corresponding malicious version that shares the same developer certificate. The danger there is that users install the clean app but are then upgraded to the malicious version without them knowing."
ACER ECOMMERCE SITE SPILLS CREDIT CARD INFORMATION OF THOUSANDS
https://threatpost.com/acer-ecommerce-site-spills-credit-card-information-of-thousands/118760/
RAA RANSOMWARE COMPOSED ENTIRELY OF JAVASCRIPT
https://threatpost.com/raa-ransomware-composed-entirely-of-javascript/118641/
RAA Ransomware Written Entirely in JScript
http://www.tripwire.com/state-of-security/latest-security-news/raa-ransomware-written-entirely-in-jscript/
NUCLEAR, ANGLER EXPLOIT KIT ACTIVITY HAS DISAPPEARED
https://threatpost.com/nuclear-angler-exploit-kit-activity-has-disappeared/118842/
SCARCRUFT APT GROUP USED LATEST FLASH ZERO DAY IN TWO DOZEN ATTACKS
https://threatpost.com/scarcruft-apt-group-used-latest-flash-zero-day-in-two-dozen-attacks/118642/
GOTOMYPC SUFFERS MAJOR PASSWORD REUSE ATTACK
https://threatpost.com/gotomypc-suffers-major-password-reuse-attack/118781/
LOCK PICKING
------------
Hacker Unlocks ‘High Security’ Electronic Safes Without a Trace
http://news.hitb.org/content/hacker-unlocks-‘high-security’-electronic-safes-without-trace
https://www.wired.com/2016/08/hacker-unlocks-high-security-electronic-safes-without-trace/
FAILLES
-------
VERT Threat Alert: June 2016 Patch Tuesday Analysis
http://www.tripwire.com/state-of-security/featured/vert-june-2016-patch-tuesday/
ORACLE PATCHES RECORD 276 VULNERABILITIES WITH JULY CRITICAL PATCH UPDATE
https://threatpost.com/oracle-patches-record-276-vulnerabilities-with-july-critical-patch-update/119373/
GOOGLE FIXES 48 BUGS, SANDBOX ESCAPE, IN CHROME
https://threatpost.com/google-fixes-sandbox-escape-in-chrome-again/119428/
Bitdefender finds eavesdropping vulnerability in public cloud [Pas tout compris, mériterait une démo]
http://news.hitb.org/content/?bitdefender-finds-eavesdropping-vulnerability-public-cloud
http://www.zdnet.com/article/bitdefender-finds-eavesdropping-vulnerability-in-public-cloud/#ftag=RSSbaffb68
Drupal Lets Remote Authenticated Users Gain Elevated Privileges and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1036130
Comment votre Freebox peut être piratée à distance via... sa télécommande
http://www.01net.com/actualites/comment-pirater-a-distance-la-freebox-de-son-voisin-par-le-reseau-zigbee-1000111.html
OUTILS
------
MIT ANONYMITY NETWORK RIFFLE PROMISES EFFICIENCY, SECURITY
https://threatpost.com/mit-anonymity-network-riffle-promises-efficiency-security/119254/
Now it’s easy to see if leaked passwords work on other sites
http://news.hitb.org/content/now-it’s-easy-see-if-leaked-passwords-work-other-sites
http://arstechnica.com/security/2016/07/password-reuse-tool-makes-it-easy-to-id-vulnerable-accounts-on-other-sites/
https://github.com/philwantsfish/shard
------------
01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml
/https%3A%2F%2Fassets.over-blog.com%2Ft%2Fcedistic%2Fcamera.png)
/image%2F0999431%2F20171231%2Fob_01a7bc_dsys3jsueaawem3.jpg)
/image%2F0999431%2F20170101%2Fob_6af365_c1affncxaaa9biq.jpg)