mercredi 26 août 2015

Mozilla changes security model to bolster extension protection - SC Magazine UK

via SC Magazine UK

How security flaws work: the buffer overflow

Starting with the 1988 Morris Worm, this flaw has bitten everyone from Linux to Windows.

via Ars Technica

lundi 24 août 2015

mercredi 19 août 2015

Docker Toolbox

One of the new features introduced in Docker 1.8 is Docker Toolbox. What is this toolbox? The Docker Toolbox is an installer to quickly and easily install and setup a Docker environment on your computer. Available for both Windows and Mac, the Toolbox installs Docker Client, Machine, Compose (Mac only), Kitematic and VirtualBox. Docker Toolbox ...

via Java Code Geeks

Microsoft Pushes Emergency Patch for IE

Microsoft today released an out-of-band software update to plug a critical security flaw in all supported versions of its Internet Explorer browser, from IE7 to IE 11 (this flaw does not appear to be present in Microsoft Edge, the new browser from Redmond and intended to replace IE).

via Security Bloggers Network

Hacking communities in the Deep Web - InfoSec Institute

Introduction The role of hackers has changed over the years, in the past these professionals were viewed as dangerous criminals that needed to be kept at a

via Advanced Threats,Intelligence Technology,CyberSecurity |

Comment activer les extensions que Firefox n’approuve pas ?

Quand mon Firefox beta s'est mis à jour vers la version 41, je n'ai pas tout de suite tilté qu'il me manquait quelques petites choses... En effet, sans vraiment prévenir, Firefox m'a bloqué de force certaines extensions (un bon paquet à vrai dire) car elles n'ont pas été "approuvées" par Firefox. Bon, pour être honnête > Lire la suite

Cet article merveilleux et sans aucun égal intitulé : Comment activer les extensions que Firefox n’approuve pas ? ; a été publié sur Korben, le seul site qui t'aime plus fort que tes parents.

via Korben

Was the Ashley Madison Database Leaked?

Many news sites and blogs are reporting that the data stolen last month from 37 million users of -- a site that facilitates cheating and extramarital affairs -- has finally been posted online for the world to see. In the past 48 hours, several huge dumps of data claiming to be the actual AshleyMadison database have turned up online. But there are precious few details in them that would allow one to verify these claims, and the company itself says it so far sees no indication that the files are legitimate.

via Krebs on Security

Cloud security controls series: Encrypting Data in Transit

Whether organizations store and process data on-premise, in the cloud, or use a combination of both, it is important that they protect that data when it is transmitted across networks to information workers, partners and customers. For example, when an administrator is using the Microsoft Azure Portal to manage the service for their organization. The data transmitted between the device the administrator is using and the Azure Portal needs to … Read more »

via Cyber Trust Blog » Cybersecurity

Say hello to the Enigma conference

via Google Research Blog

vendredi 14 août 2015

Google livre un 2ème correctif pour la faille Stagefright - Le Monde Informatique

via Google livre un 2ème correctif pour la faille Stagefright - Le Monde Informatique

ZDI@10: 10 fascinating facts about 10 years of bug hunting

zdi_10_year.pngOver the last ten years, HP’s Zero Day Initiative (ZDI) established itself as the world’s premier vendor-agnostic bug bounty program. During this time, the ZDI released over 2,000 advisories and counting. Let’s look at some of the more interesting facts gleaned from a decade of running the world’s largest vendor-agnostic bug bounty program.

via HP Security Research Blog articles

Appel à Communication : Conférence CLUSIF organisée le mercredi 14 octobre 2015 à 16h - Le RSSI : Quelle valeur ajoutée et quel rôle dans l'organisation

La prise de conscience puis l'appropriation de la problématique « sécurité de l'information » est aujourd'hui de plus en plus présente dans les entreprises. Celle-ci peut être apportée par différents biais : un besoin de conformité indispensable à l'obtention d'un marché, la conscience de la possession de données confidentielles, un besoin de disponibilité essentiel sur certaines ressources, une expérience vécue de vol de données, etc. Dans le même temps, il ne s'agit pas pour autant de ralentir l'évolution (...) - Événements

via Global Security Mag Online

Après la Jeep Cherokee, une Corvette contrôlée à distance

via Actualités securite

samedi 8 août 2015

Firefox exploit found in the wild

Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. … Continue reading

via Mozilla Security Blog

Black Hat 2015: Thunderstrike 2, le ver qui plombe les Mac de proche en proche

En combinant une série de failles sur Mac OS X, des chercheurs ont créé pour la première fois un ver capable d'infecter de proche en proche l'EFI Boot ROM des ordinateurs d'Apple. Heureusement, un patch récent neutralise en partie cette attaque. Pour l'instant...

via 01net. Actualités

mercredi 5 août 2015

Voiture connectée et cybersécurité : le secteur automobile prend-il la bonne route ?

via Actualités securite

Google ne veut pas appliquer le droit à l'oubli au niveau mondial

Sommé par la CNIL de déréférencer des contenus sur toutes les extensions de son moteur de recherche, la firme refuse et n'entend observer le droit à l'oubli que sur ses pages européennes.

via 01net. Actualités

Le Cloud a failli tuer ma petite entreprise

Un entrepreneur raconte sa descente aux enfers après avoir basculé toute son activité dans le Cloud. Une aventure plutôt terrifiante qui mérite d'être partagée.

via 01net. Actualités

dimanche 2 août 2015

Google defies French global 'right to be forgotten' ruling

Google is set to defy a French data authority ruling on the global removal of right to be forgotten links.

via Naked Security - Sophos

samedi 1 août 2015

"ASP.NET MVC: Data Validation Techniques"

Guest Editor: Today's post is from Taras Kholopkin. Taras is a Solutions Architect at SoftServe, Inc. In this post, Taras will take a look at the data validation features built into the ASP.NET MVC framework.Data validation is one of the most important aspects of web app development. Investing effort into data validation makes your applications more robust and significantly reduces potential loss of data integrity.Out of the box, the ASP.NET MVC framework provides full support of special components and mechanisms on both the client side and the server side.Client-Side ValidationEnabled Unobtrusive JavaScript validation allows ASP.NET MVC HTML helper extensions to generate special markup to perform validation on the client side, before sending data to the server. The feature is controlled by the "UnobtrusiveJavaScriptEnabled" Boolean setting in the section.Let's have a look at the Register page from the SecureWebApp ...

via AppSec Street Fighter - SANS Institute

"Cloud Encryption Options - Good for Compliance, Not Great for Security"

Guest Editor: Today's post is from David Hazar. David is a security engineer focusing on cloud security architecture, application security, and security training. In this post, David will take a look at the encryption options for applications hosted in the cloud.Over the last decade, due to new compliance requirements or contractual obligations, many, if not most, companies have been implementing encryption to better protect the sensitive data they are storing and to avoid having to report a breach if an employee loses a laptop or if backup media is lost in the mail. One of the more popular ways of adding this additional protection is to implement some form of volume-based, container-based, or whole-disk encryption. It would be difficult to argue that there is an easier, more cost-effective method to achieve compliance than to utilize this type of encryption. Also, although there are potential weaknesses to some implementations of the technology, it is pretty ...

via AppSec Street Fighter - SANS Institute
//Activation syntaxhilight