Content curation / Veille informationnelle


Le blog de MISC 100% sécurité informatique

  • Des attaques en boîte grise pour casser des implémentations cryptographiques en boîte blanche
    par redaction le 16 janvier 2019 à 8 h 30 min

      Les techniques d’attaques en boîte grise sur du matériel peuvent être transposées avec succès à un domaine bien plus immatériel, la cryptographie en boîte blanche. Nous verrons ainsi comment adapter les attaques par DPA et par DFA aux implémentations logicielles en boîte blanche. Au sommaire de l’article 1 Quelques nuances de gris 2 Qu’est-ce […]

  • Vérifier un code PIN
    par redaction le 9 janvier 2019 à 8 h 30 min

      Entrer son code PIN pour utiliser sa carte bancaire ou déverrouiller son téléphone portable est devenu un geste quotidien. L’objet doit vérifier que le code proposé est correct. Comment implémenter cette vérification ? Cela semble être une simple comparaison de deux tableaux de données. Détrompez-vous ! Les attaques physiques vont nous mener la vie dure. Au […]

  • Fini le bac à sable. Avec le CVE-2017-3272, devenez un grand !
    par redaction le 2 janvier 2019 à 8 h 30 min

      Pour continuer dans la lignée des vulnérabilités Java, nous allons présenter ici une preuve de concept pour un exploit basé sur la vulnérabilité du CVE-2017-3272 qui atomise la sandbox Java. Heureusement, cette vulnérabilité n’affecte « que » 5 versions publiques de Java 8. Au sommaire de l’article 1 Introduction 2 Contexte 2.1 Sécurité de la JVM […]



    Hacking Articles Raj Chandel's Blog

    • Koadic – COM Command & Control Framework
      par Raj Chandel le 16 janvier 2019 à 15 h 32 min

      Hello friends!! In this article we are introducing another most interesting tool “KOADIC – COM Command & Control” tool which is quite similar to Metasploit and Powershell Empire. So let’s began with its tutorial and check its functionality. Table of Content Introduction to Koadic Installation of Koadic Usage of Koaidc Koadic Stagers Privilege Escalation with... Continue reading → The post Koadic – COM Command & Control Framework appeared first on Hacking Articles. […]

    • Windows Applocker Policy – A Beginner’s Guide
      par Raj Chandel le 13 janvier 2019 à 15 h 59 min

      Hello Friends!! This article is based on “Microsoft Windows – Applocker Policy” and this topic for System Administrator, defines the AppLocker rules for your application control policies and how to work with them. Table of Content Introduction to Applocker What is applocker Policy? Who Should Use AppLocker? What can your rules be based upon? Configure... Continue reading → The post Windows Applocker Policy – A Beginner’s Guide appeared first on Hacking Articles. […]

    • SMB Penetration Testing (Port 445)
      par Raj Chandel le 10 janvier 2019 à 16 h 12 min

      In this article, we will learn how to gain control over our victim’s PC through SMB Port. There are various ways to do it and let take time and learn all those, because different circumstances call for different measure. Table of Content Introduction to SMB Protocol Working of SMB Versions of Windows SMB SMB Protocol... Continue reading → The post SMB Penetration Testing (Port 445) appeared first on Hacking Articles. […]


    RSS - Actualité CNIL.fr Fil RSS des actualités de la Commission Nationale de L'Informatique et des Libertés (CNIL)


    Internet Society Working for an Internet that is open, globally connected, and secure.

    • Update on Latin America and Caribbean Workshop for Chapter Leaders
      par Nancy Quiros le 15 janvier 2019 à 14 h 00 min

      In July 2018, the Internet Society’s Latin America and Caribbean Bureau held another edition of the Workshop for Chapter Leaders. Besides discussing the challenges and opportunities of participation in their respective chapters, the 34 attendees began the implementation of several projects related to our 4 key issues of 2018. Starting 2019, I am glad to share […] The post Update on Latin America and Caribbean Workshop for Chapter Leaders appeared first on Internet Society. […]

    • The Week in Internet News: Connected Hot Tub Lands in Hot Water
      par Grant Gross le 14 janvier 2019 à 15 h 00 min

      Hot tub vulnerabilities: New connections to the Internet of Things for hot tubs – allowing users to do things like adjust water temperature using their smartphones – also may make the products vulnerable to attacks, Naked Security writes. At least one connected hot tub would be easy to attack by a nearby hacker, according to […] The post The Week in Internet News: Connected Hot Tub Lands in Hot Water appeared first on Internet Society. […]

    • Get IoT Smart: Homework for Many Indonesians
      par Bhredipta Socarana le 11 janvier 2019 à 15 h 16 min

      Today’s guest post is from Bhredipta Socarana, an Intellectual Property lawyer based in Indonesia and a Youth@IGF Fellow. As one of the most populated countries, Indonesia has grown as one of the biggest markets for technology development. From the import of various over-the-top platforms to the implementation of Artificial Intelligence, technology has changed the Indonesian livelihood, including my […] The post Get IoT Smart: Homework for Many Indonesians appeared first on Internet Society. […]


    Security.NL maakt Nederland veilig Security.NL maakt Nederland veilig


    Naked Security Computer Security News, Advice and Research


    Security Weekly Security Market Validation

    • Tesla, Hacking Cranes, & Flash – Hack Naked News #203
      par Security Weekly Productions le 15 janvier 2019 à 21 h 21 min

          US Government Shutdown leaves dozens of .Gov sites vulnerable, Firefox 69 to disable Adobe Flash, an Unpatched vCard flaw could leave your PCs open to attackers, Tesla’s contest Pwn2Own could win you a Model 3, and how building site cranes are easier to hack than garage door openers! Jason Wood from Paladin Security […] The post Tesla, Hacking Cranes, & Flash – Hack Naked News #203 appeared first on Security Weekly. […]

    • CRLF, NASA, & GitHub – Application Security Weekly #46
      par Security Weekly Productions le 15 janvier 2019 à 16 h 16 min

          Another server security lapse at NASA exposed staff and project data, CRLF Injection Into PHP’s cURL Options, System Down: A systemd-journald exploit, GitHub now gives free users unlimited private repositories, Twitter is Broken, Government shutdown: TLS certificates not renewed, many websites are down, and much more! Full Show NotesFollow us on Twitter: https://www.twitter.com/securityweekly […] The post CRLF, NASA, & GitHub – Application Security Weekly #46 appeared first on Security Weekly. […]

    • Rey Bango, Microsoft – Application Security Weekly #46
      par Security Weekly Productions le 14 janvier 2019 à 21 h 54 min

            Rey is a security advocate at Microsoft focused on helping the community build secure systems & being a voice for researchers within MS. After a long career in software development, he developed a strong interest in cybersecurity 2 years ago & worked feverishly to transition into this new community. Full Show NotesFollow […] The post Rey Bango, Microsoft – Application Security Weekly #46 appeared first on Security Weekly. […]


    Liquidmatrix Security Digest Bringing Fire To The Village: Your Source For Computer, Network & Information Security News

    • Having The Security Rug Pulled Out From Under You
      par Larry Cashdollar le 18 octobre 2018 à 19 h 24 min

      Apache .htaccess changes led to arbitrary file upload vulnerabilities in jQuery project I attended the Messaging, Malware and Mobile Anti-Abuse Working Group (m3aawg.org) meeting in Brooklyn, NY.   I expected better weather to wander around the city while enjoying the conference and the neighborhood’s wide selection of food. I had been so confident of clear skies […] The post Having The Security Rug Pulled Out From Under You appeared first on Liquidmatrix Security Digest. […]

    • Long Term Security Attitudes and Practices Study
      par Ben Sapiro le 29 septembre 2018 à 23 h 27 min

      What makes security practitioners tick? That’s a simple question with a lot of drivers underneath it. We want to find out; please help us by signing up for our study. The Ask We’re launching a long term study of security practitioners to understand how they approach security, please sign up for our Long Term Security Attitudes […] The post Long Term Security Attitudes and Practices Study appeared first on Liquidmatrix Security Digest. […]

    • Fortnite: When Dollars and Cents Trumps Security!
      par Thomas Fischer le 16 août 2018 à 14 h 47 min

      When Epic Games recently announced and subsequently released Fortnite for Android, it took the decision to bypass the Play Store and ask users to side-load the app. After I read that Epic Games’ brilliant idea was to ask Android users to essentially downgrade the security on their devices, there was a lot of head-on-desk action. […] The post Fortnite: When Dollars and Cents Trumps Security! appeared first on Liquidmatrix Security Digest. […]


    IT Security Guru The Site for our Community

    • Pulse Secure Launches New vADC Community Edition To Help Developers Build Smarter Applications For Container And Cloud Platforms.
      par The Gurus le 16 janvier 2019 à 16 h 40 min

      Pulse Secure, the leading provider of Secure Access solutions to both enterprises and service providers, today announced the launch of a new Community Edition of its powerful software-based virtual Application Delivery Controller (vADC) to help application developers create innovative application solutions with dramatically lower costs and time to market. Pulse vADC Community Edition integrates easily […] The post Pulse Secure Launches New vADC Community Edition To Help Developers Build Smarter Applications For Container And Cloud Platforms. appeared first on IT Security Guru. […]

    • Politicised Cyber-Attacks, Mobile Roaming And Software Security: Brexit Predictions From Tech Leaders.
      par The Gurus le 16 janvier 2019 à 16 h 40 min

      Following events in Westminster yesterday, senior leaders from global businesses NETSCOUT, BICS and Sonatype share their thoughts on how Brexit will impact technology, from cyber-attacks and software security challenges, to the return of mobile roaming fees. Could Roaming Return? “Following the rejection of the Government’s Brexit bill, and in the event of a ‘no deal’ […] The post Politicised Cyber-Attacks, Mobile Roaming And Software Security: Brexit Predictions From Tech Leaders. appeared first on IT Security Guru. […]

    • Is AI The Antidote To The Cybersecurity Minefield?
      par The Gurus le 16 janvier 2019 à 16 h 40 min

      Artificial Intelligence (AI) isn’t going anywhere anytime soon. With 20% of the C-suite already using machine learning and 41% of consumers believing that AI will improve their lives, wide scale adoption is imminent across every industry – and cybersecurity is no exception. A lot has changed in the cyber landscape over the past few years […] The post Is AI The Antidote To The Cybersecurity Minefield? appeared first on IT Security Guru. […]





          CERT-FR Centre gouvernemental de veille, d'alerte et de réponse aux attaques informatiques