==============================================================================================================================================
Cette semaine, pas de commentaires du tout, j'ai une motivation de yack fatigué.
Et puis il y a des PDF à lire (attention d'ailleurs.....;-)
Anoter tout de même la sortie du patch pour Duqu, pensez-y.
Bonne lecture.
Tristan
==============================================================================================================================================
A LIRE SECURITE
---------------
(IN)SECURE Magazine Issue 32 released
http://www.net-security.org/insecuremag.php http://www.net-security.org/dl/insecure/INSECURE-Mag-32.pdf Proactive Detection of Network Security Incidents: a new report from ENISA
http://www.infosecurity-magazine.com/view/22519/proactive-detection-of-network-security-incidents-a-new-report-from-enisa/ http://www.enisa.europa.eu/act/cert/support/proactive-detection/proactive-detection-report/at_download/fullReport Authentification
----------------
Choosing a strong password
http://itsecurityguide.co.uk/blog/53-choosing-a-strong-password.html Comment: Two-factor Authentication – World of the Token Necklace
http://www.infosecurity-magazine.com/view/22473/comment-twofactor-authentication-world-of-the-token-necklace/ Statistiques
------------
2012 Threat Predictions: An Industry Roundup
http://www.infosecurity-magazine.com/view/22567/2012-threat-predictions-an-industry-roundup/ With Mobile Devices, Users Are the Product, Not the Buyer
http://threatpost.com/en_us/blogs/mobile-devices-users-are-product-not-buyer-120711 Majority of privileged users get access to more than they should
http://www.infosecurity-magazine.com/view/22602/majority-of-privileged-users-get-access-to-more-than-they-should/ Missing authentication token leads to security breach for a quarter of firms
http://www.infosecurity-magazine.com/view/22593/missing-authentication-token-leads-to-security-breach-for-a-quarter-of-firms/ More than 8 in 10 software applications fail security test, says Veracode
http://www.infosecurity-magazine.com/view/22518/more-than-8-in-10-software-applications-fail-security-test-says-veracode/ Free mobile apps are not 'free' of malware, warns IEEE experts
http://www.infosecurity-magazine.com/view/22517/free-mobile-apps-are-not-free-of-malware-warns-ieee-experts/ Mobilité et sécurité
--------------------
Companies deploy desktop virtualization to improve mobile security
http://www.infosecurity-magazine.com/view/22549/companies-deploy-desktop-virtualization-to-improve-mobile-security/ Le commerce sur mobile s'annonce en forte croissance
http://www.reseaux-telecoms.net/actualites/lire-le-commerce-sur-mobile-s-annonce-en-forte-croissance-23599.html [Fr] Orange Business Sécurité » dossiers » slurps sécurité - kick #2 - Dropbox
http://blogs.orange-business.com/securite/2011/12/slurps-securite-dropbox-utilisation-profesionnelle.html Orange lance le partage mobile de contenus
http://www.reseaux-telecoms.net/actualites/lire-orange-lance-le-partage-mobile-de-contenus-23600.html Sécurité Réseau
---------------
[Fr] Orange Business Sécurité » bonnes pratiques » les boucles : j'en remet une couche !
http://blogs.orange-business.com/securite/2011/12/les-boucles-tempetes-stormcontrol.html Formations
----------
ISO adds information security to management system audit standards
http://www.infosecurity-magazine.com/view/22504/iso-adds-information-security-to-management-system-audit-standards/ DOSSIERS
--------
INSOLITE
--------
Da Vinci Code inspires secure USB drive
http://news.hitb.org/content/da-vinci-code-inspires-secure-usb-drive http://news.hitb.org/sites/default/files/styles/large/public/field/image/147823556_2123126908_z.jpg Workaholics will check office emails on Christmas Day
http://www.infosecurity-magazine.com/view/22522/workaholics-will-check-office-emails-on-christmas-day/ La guerre dans le désert de Libye... comme si j'y étais [Déjà abordé il me semble mais effrayant]
http://www.lemonde.fr/culture/article/2011/12/07/la-guerre-dans-le-desert-de-libye-comme-si-j-y-etais_1614339_3246.html#xtor=AL-32280270 UN PETIT GESTE POUR LA PLANETE
------------------------------
FACEBOOK
--------
Zuckerberg victime d’un bug de Facebook
http://geeko.lesoir.be/2011/12/07/12688/ A BOOKMARKER
------------
SALONS / CONFERENCES / EVENEMENTS
---------------------------------
GCHQ’s cryptanalysis code challenge cracked
The deadline on the apparent GCHQ code challenge, due to expire last night, has been extended by 24 hours.
http://www.infosecurity-magazine.com/view/22587/gchqs-cryptanalysis-code-challenge-cracked/ PRODUITS
--------
BON A SAVOIR
------------
Removing CarrierIQ Is A Really Bad Idea For Most Mobile Phone Users
http://threatpost.com/en_us/blogs/removing-carrieriq-really-bad-idea-most-mobile-phone-users-120711 Data.gouv.fr : le gouvernement ouvre sa plateforme des données publiques Open Data
http://www.presse-citron.net/data-gouv-fr-le-gouvernement-ouvre-sa-plateforme-des-donnees-publiques-open-data Trade secrets top list of IP (Intellectual Property) stolen by malicious insiders
http://www.infosecurity-magazine.com/view/22556/trade-secrets-top-list-of-ip-stolen-by-malicious-insiders/ SCIENCES
--------
Utiliser les techniques antispam pour lutter contre le HIV : un pari de Microsoft
http://www.presse-citron.net/utiliser-les-techniques-antispam-pour-lutter-contre-le-hiv-un-pari-de-microsoft Combination of Eyes and Algorithms Wins $50K Prize In DARPA's Shredder Challenge
http://threatpost.com/en_us/blogs/darpa-shredder-challenge-solved-120811 CONSOMMATION
------------
RACHAT / UNION
--------------
DROIT
-----
Droit d'auteur : à qui appartient un site Internet ?
http://www.les-infostrateges.com/actu/11121330/droit-d-auteur-a-qui-appartient-un-site-internet MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------
Kaspersky quits Business Software Alliance
http://news.hitb.org/content/kaspersky-quits-business-software-alliance OSTP Announces New Cybersecurity R&D Plan
http://threatpost.com/en_us/blogs/ostp-announces-new-cybersecurity-rd-plan-120711 http://www.whitehouse.gov/sites/default/files/microsites/ostp/fed_cybersecurity_rd_strategic_plan_2011.pdf De la pénurie de compétences...
http://sid.rstack.org/blog/index.php/519-de-la-penurie-de-competences CARRIERE
--------
Blue Coat se vend à un fonds d'investissement
http://www.reseaux-telecoms.net/actualites/lire-blue-coat-se-vend-a-un-fonds-d-investissement-23603.html MICROSOFT
---------
Microsoft: We Can Remotely Delete Windows 8 Apps
http://news.hitb.org/content/microsoft-we-can-remotely-delete-windows-8-apps Microsoft Previews Massive December Security Updates: 14 Patches, Including Fixes for Duqu, BEAST
http://threatpost.com/en_us/blogs/microsoft-previews-massive-december-security-updates-14-patches-including-fixes-duqu-beast-120 GOOGLE
------
Google Chrome plays well in sandbox, is most secure browser, says Accuvant
http://www.infosecurity-magazine.com/view/22600/google-chrome-plays-well-in-sandbox-is-most-secure-browser-says-accuvant/ APPLE / IPHONE
--------------
TouchFire: The Screen-Top Keyboard for iPad
http://www.kickstarter.com/projects/740785012/touchfire-the-screen-top-keyboard-for-ipad PALM / PRE
----------
FREE
----
Free Mobile : tarif préférentiel mais provisoire
http://www.maxisciences.com/free/free-mobile-tarif-preferentiel-mais-provisoire_art19486.html GEEK POWER
----------
LIBRE / OPEN SOURCE
-------------------
ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------
New mass SQL injection attack could be forming
http://news.hitb.org/content/new-mass-sql-injection-attack-could-be-forming $45k stolen in phone porting scam
http://www.scmagazine.com.au/News/282310,45k-stolen-in-phone-porting-scam.aspx/0 Adobe Zero-Day Targets Lockheed Martin
http://threatpost.com/en_us/blogs/adobe-zero-day-targets-lockheed-martin-120711 It's ba-ack. Exploit revives slain browser history bug
http://news.hitb.org/content/its-ba-ack-exploit-revives-slain-browser-history-bug http://www.theregister.co.uk/2011/12/05/browser_history_attack_revived/ Browser History Sniffing Is Back
http://it.slashdot.org/story/11/12/04/2231234/browser-history-sniffing-is-back Hackers hit Dutch certificate authority Gemnet
http://news.hitb.org/content/hackers-hit-dutch-certificate-authority-gemnet FAILLES
-------
Intel annonce une faille majeure dans le système de sécurité TXT de ses processeurs
http://www.macbidouille.com/news/2011/12/06/intel-annonce-une-faille-majeure-dans-le-systeme-de-securite-txt-de-ses-processeurs Hackers exploiting Reader flaw in Windows
http://news.hitb.org/content/hackers-exploiting-reader-flaw-windows Reports Emerge of New Flash Vulnerabilities
http://threatpost.com/en_us/blogs/reports-emerge-new-flash-vulnerabilities-120911 Serious security flaws discovered in Android phones, Samsung and HTC ignore issue
http://news.hitb.org/content/serious-security-flaws-discovered-android-phones-samsung-and-htc-ignore-issue http://www.appleinsider.com/articles/11/12/05/serious_security_flaws_discovered_in_android_phones_samsung_and_htc_ignore_issue.html Skype security flaw leaves user locations vulnerable
http://news.hitb.org/content/skype-security-flaw-leaves-user-locations-vulnerable Homeland Security Warns SCADA Operators Of Internet-Facing Systems
http://threatpost.com/en_us/blogs/homeland-security-warns-scada-operators-internet-facing-systems-121211 OUTILS
------
New DNSCrypt Tool Encrypts DNS Traffic
http://threatpost.com/en_us/blogs/new-tool-dnscrypt-encrypts-dns-traffic-120611 https://www.opendns.com/technology/dnscrypt/ Quatre modules Metasploit disponibles pour de la post-exploitation sans fil
http://www.secuobs.com/news/06122011-metasploit_post_exploitation_wlan.shtml Popular network tool Nmap in CNET security brouhaha
http://news.hitb.org/content/popular-network-tool-nmap-cnet-security-brouhaha http://nakedsecurity.sophos.com/2011/12/06/popular-security-tool-nmap-at-the-middle-of-a-security-brouhaha/ Cnet Apologizes for Nmap Adware Bundling
http://threatpost.com/en_us/blogs/cnet-apologizes-nmap-adware-bundling-120811 Microsoft Unveils New Windows Defender Offline Tool
http://threatpost.com/en_us/blogs/microsoft-unveils-new-windows-defender-offline-tool-120911 ------------
01net. Actualités ||
http://feediz.01net.com/synd/2203.xml 01net. Les actualites Entreprise ||
http://feediz.01net.com/synd/2205.xml A Day in the Life of an Information Security Investigator ||
http://rss.ittoolbox.com/rss/security-investigator.xml Actualités intrusion/hacking ||
http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss Actualités Open Source ||
http://feeds.feedburner.com/idg_fr/rt2/open-source/rss Actualités satellite ||
http://feeds.feedburner.com/idg_fr/rt2/satellite/rss Black Hat Announcements ||
https://www.blackhat.com/BlackHatRSS.xml Ciscomag ||
http://feeds.feedburner.com/ciscomag Finjan MCRC Blog: Posts ||
http://www.finjan.com/MCRCblog_RSS_feed.aspx Hack In The Box ||
http://www.hackinthebox.org/backend.php Infosecurity Magazine ||
http://www.infosecurity-magazine.com/RSS/LiveFeed.xml Latest Security Advisories ||
http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory Le blog des experts ||
http://expert.01net.com/expert/feed/rss2 Ma petite parcelle d'Internet... ||
http://sid.rstack.org/blog/rss.php McAfee Avert Labs ||
http://feeds.feedburner.com/McafeeAvertLabsBlog Microsoft Security Bulletins ||
http://www.microsoft.com/technet/security/bulletin/secrss.aspx OSVDB Most Recent Stable Entries ||
http://osvdb.org/backend/rss.php Seb's guide ||
http://www.smtechnologie.com/backend.php SecuriTeam.com ||
http://www.securiteam.com/securiteam.rss SecurityFocus News ||
http://www.securityfocus.com/rss/news.xml SecurityFocus Vulnerabilities ||
http://www.securityfocus.com/rss/vulnerabilities.xml SecurityTracker Vulnerability Headlines ||
http://news.securitytracker.com/server/affiliate?61D319BD39309004 silicon.com : ||
http://feeds.silicon.com/0,39025093,40000024,00.htm TaoSecurity ||
http://taosecurity.blogspot.com/atom.xml TechNet Magazine RSS Feed ||
http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true Toute l'actualité sécurité informatique ||
http://feeds.vulnerabilite.com/vuln-actu Toutes les actualités ||
http://www.reseaux-telecoms.net/rss/rss.xml ZATAZ News ||
http://feeds.feedburner.com/ZatazNews (ISC)2 Blog ||
http://feeds.feedburner.com/isc2Blog Following The white Rabbit Blog ||
http://feeds.feedburner.com/RafalLos Sécurité des réseaux et des Si - Orange Business Services ||
http://blogs.orange-business.com/securite/atom.xml Les-infostrateges.com : flux général ||
http://www.les-infostrateges.com/rss/cat/?num=1 moxie's blog |
http://blog.thoughtcrime.org/rss.xml