Computrace - Le mouchard universel présent sur les PC, Mac et appareils Android Et si je vous disais qu'il y a dans votre ordinateur un mouchard que vous ne pouvez pas enlever, qui a été mis en place par le constructeur, qui est sur les listes blanches de la plupart des antivirus et dont vous n'avez jamais entendu parler ? La société Kaspersky, spécialisée dans la détection et l'élimination de malware a débusqué il y a quelques mois un logiciel installé sur plus de 2 millions d'ordinateurs de par le monde qui est commercialisé par la société Absolute et qui permet OFFICIELLEMENT : De sécuriser les données d'un parc de postes à distanceDe déployer toujours à distance des mises à jour, des licences ou de lancer des auditsDe géolocaliser des ordinateurs volésDe produire des rapports concernant les machinesDe récupérer des fichiersD'effacer à distance des documents ou tout le disque dur Et qui est OFFICIEUSEMENT un trou béant dans la sécurité de votre ordinateur, car il peut être utilisé par un attaquant pour faire ce qu'il veut sur votre PC. Angoisse ! Mais alors ?
The Heartbleed Hit List: The Passwords You Need to Change Right Now An encryption flaw called the Heartbleed bug is already being dubbed one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years. But it hasn't always been clear which sites have been affected. Mashable reached out to some of the most popular social, email, banking and commerce sites on the web. Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. Although changing your password regularly is always good practice, if a site or service hasn't yet patched the problem, your information will still be vulnerable. Also, if you reused the same password on multiple sites, and one of those sites was vulnerable, you'll need to change the password everywhere. Social Networks
RFC 6520 - Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension [Docs] [txt|pdf] [draft-ietf-tls-dt...] [Diff1] [Diff2] [IPR] PROPOSED STANDARD Internet Engineering Task Force (IETF) R. Seggelmann Request for Comments: 6520 M. Tuexen Category: Standards Track Muenster Univ. of Appl. Sciences ISSN: 2070-1721 M. RFC 6520 TLS/DTLS Heartbeat Extension February 2012 Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. 1. 1.1. This document describes the Heartbeat Extension for the Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) protocols, as defined in [RFC5246] and [RFC6347] and their adaptations to specific transport protocols described in [RFC3436], [RFC5238], and [RFC6083]. RFC 6520 TLS/DTLS Heartbeat Extension February 2012 TLS is based on reliable protocols, but there is not necessarily a feature available to keep the connection alive without continuous data transfer. 1.2. 2. The support of Heartbeats is indicated with Hello Extensions. 3. 4. 5. 5.1. 5.2. 6. 7. 8. 9. 9.1.
Free PC cleaner Test your server for Heartbleed (CVE-2014-0160) If there are problems, head to the FAQ Results are now cached globally for up to 6 hours. Enter a URL or a hostname to test the server for CVE-2014-0160. All good, seems fixed or unaffected! Uh-oh, something went wrong: Check what it means at the FAQ. It might mean that the server is safe, we just can't be 100% sure! Here is some data we pulled from the server memory: (we put YELLOW SUBMARINE there, and it should not have come back) Please take immediate action! You can specify a port like this example.com:4433. 443 by default. Go here for all your Heartbleed information needs. If you want to donate something, I've put a couple of buttons here.
A (relatively easy to understand) primer on elliptic curve cryptography Author Nick Sullivan worked for six years at Apple on many of its most important cryptography efforts before recently joining CloudFlare, where he is a systems engineer. He has a degree in mathematics from the University of Waterloo and a Masters in computer science with a concentration in cryptography from the University of Calgary. This post was originally written for the CloudFlare blog and has been lightly edited to appear on Ars. Readers are reminded that elliptic curve cryptography is a set of algorithms for encrypting and decrypting data and exchanging cryptographic keys. Dual_EC_DRBG, the cryptographic standard suspected of containing a backdoor engineered by the National Security Agency, is a function that uses elliptic curve mathematics to generate a series of random-looking numbers from a seed. This primer comes two months after internationally recognized cryptographers called on peers around the world to adopt ECC to avert a possible "cryptopocalypse." A toy RSA algorithm
Hacking et Sécurité Informatique Metasploit Sécurité & hacking Le guide du pentesteur Auteur : David Kennedy, Jim O’Gorman, Devon Kearns, Mati Aharoni Description de l’ouvrage Date de publication : 30 août 2013 Le framework Metasploit, qui permet de découvrir et d’exploiter les failles de sécurité, est l’un des outils les plus utilisés par les professionnels de la sécurité informatique. Grâce à cet ouvrage : Descriptions du produit Biographie de l’auteur David Kennedy est directeur de la sécurité de l’information à Diebold Incorporated, et le créateur de nombreux outils open source, dont Fast-Track. Jim O’Gorman est pentesteur professionnel pour CSC’s StrikeForce, formateur à Offensive-Security, et cofondateur de social-engineer.org. Devon Kearns est formateur à Offensive-Security. Mati Aharoni est le créateur de BackTrack et le fondateur d’Offensive-Security, centre de formation leader dans la formation à la sécurité informatique. HD Moore est le fondateur du projet Metasploit Détails sur le produit Table des matières
NSA Said to Exploit Heartbleed Bug for Intelligence for Years The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said. The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts. Heartbleed appears to be one of the biggest glitches in the Internet’s history, a flaw in the basic security of as many as two-thirds of the world’s websites. Its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing and computer companies including Cisco Systems Inc. to Juniper Networks Inc. to provide patches for their systems. Related: Controversial Practice Free Code Serious Flaws Flawed Protocol Ordinary Data SSL Protocol
Cyber security road map for businesses Criminal hacking is making headlines with depressing frequency these days, so the task of securing your business against cyber criminals can seem daunting, particularly if your business is of modest size, the kind of place that does not have a crack team of cyber security experts on staff. This blog post offers some basic advice on cyber security survival along with links to free resources that can be useful in your efforts to defend your business. There are also a couple of podcasts about this road map. You can listen to the first one here. Cyber Security A to F You can make the task of getting a handle on cyber security more manageable if you break it down into a series of steps. Assess your assets, risks, resourcesBuild your policyChoose your controlsDeploy the controlsEducate employees, execs, vendorsFurther assess, audit, test Bear in mind that defending your organization against cyber criminals is not a project, it is a process, one that should be ongoing. Determine risk