Microsoft annonce un partenariat avec Red Hat pour son offre Azure. Red Hat Linux will be supported on Microsoft's Azure cloud Microsoft has announced a partnership with Red Hat to support Red Hat Linux in the Azure cloud. "While today’s news does not mark our first collaboration with Microsoft, it is by far our deepest," says Red Hat's Paul Cormier, Products and Technologies president. There are four parts to the partnership. First, Microsoft Azure will be certified by Red Hat for Enterprise Linux deployments, and there will be pay-as-you-go Red Hat Linux images available. Second, Microsoft and Red Hat will have support teams "on the same premises" to enable integrated support.
Third, Red Hat's virtual machine and cloud management system, called CloudForms, will add support for Azure deployments. Finally, Red Hat is adding support for Microsoft's .NET Core technology, an open source fork of the .NET Framework which runs on Linux and Mac as well as Windows. This last agreement is notable. KeeFarce – Le tombeur de KeePass. A new tool has been developed that can decrypt and extract passwords from the password manager KeePass, which highlights how all password managers cannot be perfect. Using a password manager may be a convenient way to manage your online security but they aren’t much use if your computer is already compromised. The tool, KeeFarce, needs to run on a computer that a hacker or pentester already has access to or control of. When KeeFarce runs on this computer and the user has the KeePass database unlocked, the actor can decrypt the database and write the information onto a file that they can then access.
The key takeaway here is that the computer in question must already be compromised in order for KeePass to work. If the operating system has been compromised, it’s “game over,” said the creator of KeeFarce. Related: Avoid Google Chrome’s security flaw with these password manager apps KeePass itself has warned users about potential attacks or spyware like this. Microsoft renforce sa sécurité avec Secure Islands. Aucun chiffrement des mots de passe et données personnelles : la CNIL épingle Optical Center. La CNIL s'est ainsi récemment penchée sur la façon dont étaient traitées les données personnelles des utilisateurs des services en ligne d'Optical Center suite à la remontée d'une plainte d'une cliente fin 2014.
Cette dernière aurait ainsi attiré l'attention de la Commission après avoir été capable de récupérer le mot de passe de son compte Internet auprès d'un opérateur du SAV téléphonique d'Optical Center. Ce dernier lui aurait transmis oralement son mot de passe, ce qui laissait sous-entendre que ces derniers étaient accessibles en clair pour les employés du groupe, laissant ainsi chacun accéder aux données personnelles des clients, mais représentant également un risque potentiel en cas de piratage et de détournement des données.
Rapidement, la Commission nationale informatique et libertés enquête et constate l'absence de chiffrement des mots de passe, elle met alors Optical Center en demeure de se mettre en conformité avec la loi. Microsoft renforce sa sécurité avec Security Center. Microsoft on Tuesday unveiled tools that protect not only cloud-based workloads in the company's Azure IaaS public cloud, but those on customers’ premises and even in competing clouds, such as those from Amazon Web Services. Microsoft CEO Satya Nadella gave a keynote address at a Government Cloud Forum in Washington, D.C. this morning in which he talked about his company’s broad security efforts. Microsoft spends $1 billion annually in research and development to improve security across the company’s three major products: Windows 10, Office 365 and Azure.
“We don’t think of security as being a separate piece of technology,” Nadella said. “It has to be core to the operational systems that you use, where your data resides, where your most critical application usage is.” + MORE AT NETWORK WORLD: Cloud providers target baking security into the app design process | Top Tech Turkeys of 2015 + Une faille permet de récupérer les adresses IP des utilisateurs cachés derrière un VPN. Depuis la mise en place des blocages de sites proposant le téléchargement de contenu pirate, l'usage des VPN, ces serveurs permettant de masquer son adresse IP et d'agir de façon furtive sur la toile a véritablement explosé. Ce récent engouement pour ces services a attiré l'attention des chercheurs de Perfect Privacy, qui mettent aujourd'hui en garde les utilisateurs, avec la découverte d'une faille baptisée "Port Fail" qui serait présente dans une grande partie des services de VPN, gratuits ou payants.
D'après les ingénieurs de la société (qui propose son propre service VPN), la faille en question permettrait de dévoiler l'adresse IP réelle des utilisateurs. La faille se situe au niveau du "Port Forwarding" (réacheminement des ports) qui permettrait d'afficher l'adresse IP en clair des utilisateurs lorsqu'ils sont plusieurs à souhaiter accéder à certains services. Sur 9 services VPN concurrents de Perfect Privacy, 5 se sont révélés vulnérables. Huawei ne corrigera pas les failles de plusieurs routeurs WiMax. Huawei isn't planning on patching several flaws in seven models of WiMax routers that are not being supported anymore by the company, according to a security researcher. Pierre Kim published a list of the affected models, which are still used in countries including Ivory Coast, Iran, Iraq, Libya, the Philippines, Bahrain and Ukraine.
Kim notified Huawei of the problem on Oct. 28. He wrote that Huawei said the routers are no longer serviced by the company and would not be patched. The routers include the EchoLife BM626 WiMax CPE and associated models running the same firmware including the BM626e, BM635, BM632, BM631a, BM632w and the BM652. Router vulnerabilities that aren't patched pose continuing risks for users who still use them. Kim tested the last firmware version available for the routers, which was released in 2013. Kim said via email that it is difficult to estimate the number of vulnerable routers that are still in use. Huawei officials couldn't be immediately reached for comment.