119 results for tags
Security x
-
Les VPNs et leur mésusage
Mon Dec 7 15:08:23 2020 - permalink -- https://wonderfall.space/vpn-mesusage/
-
Researchers Can Duplicate Keys from the Sounds They Make in Locks
Thu Aug 27 07:17:24 2020 - permalink -- https://kottke.org/20/08/researchers-can-duplicate-keys-from-the-sounds-they-make-in-locks?mc_cid=ac542d3dec&mc_eid=c15c92a706
-
How useful/necessary is the browser extension "NoScript?"
Read in the comments :Tue Jun 16 15:44:36 2020 - permalink -
"I find that it's more hassle than it's worth."- https://www.reddit.com/r/firefox/comments/46jobd/how_usefulnecessary_is_the_browser_extension/
-
KeePassXC Password Manager
KeePass Cross-Platform Community EditionMon Apr 6 14:32:37 2020 - permalink -
For those wondering about the differences from Keepass2 : https://keepassxc.org/docs/#faq-keepassx- https://keepassxc.org/
-
SSH Key Management & SSH Key managers
TL;DR : you can :Thu Apr 2 10:06:52 2020 - permalink -
- create your own CA to generate user and host certificates
- upon login, user and host present certificates to each other. Provided both trust the same CA, the login is accepted
- no more need to deploy keys
It's also possible to embed extra settings in certificates (like forbidding port forwarding, ...)
Details : https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sec-using_openssh_certificate_authentication#sec-Introduction_to_SSH_Certificates- https://gravitational.com/blog/ssh-key-management/
-
[openssh-unix-announce] Announce: OpenSSH 8.2 released
Fri Feb 14 12:33:16 2020 - permalink -- https://lists.mindrot.org/pipermail/openssh-unix-announce/2020-February/000138.html
-
Attaque sur l'authentification WPS
Tue Jan 7 07:41:37 2020 - permalink -- https://net-security.fr/security/attaque-sur-l-authentification-wps/
-
Everything you should know about certificates and PKI but are too afraid to ask
Fri Nov 22 07:55:55 2019 - permalink -- https://smallstep.com/blog/everything-pki/
-
Pourquoi la sécurité numérique ne peut pas être la même pour tous les journalistes
Ne pas changer les méthodes de travail pour favoriser l’adoptionWed Aug 28 09:49:23 2019 - permalink -
Transformer son smartphone en coffre-fort peut être contre productif
==> les coups et la torture viennent toujours à bout des mots de passe- https://gijn.org/2019/07/16/pourquoi-la-securite-numerique-ne-peut-etre-la-meme-pour-tous-les-journalistes/
-
Le piratage de TV5 Monde vu de l’intérieur
Mon Jun 17 06:51:48 2019 - permalink -- https://www.lemonde.fr/pixels/article/2017/06/10/le-piratage-de-tv5-monde-vu-de-l-interieur_5142046_4408996.html
-
Dans la tête d’un hacker chinois… – IneatConseil
Très intéressant.Fri Jun 7 15:07:54 2019 - permalink -
Astuce en fin d'article qui peut sauver des vies :
Beaucoup de malwares utilisent pastebin.com pour délivrer leurs charges utiles. Dans le cas où l’utilisation de ce site n’est pas prévue de manière nominale pour le serveur, il peut être conseillé de bloquer tout le trafic depuis et vers ce site. C’est facilement réalisable avec cette commande sous Linux :
echo -e "\n0.0.0.0 pastebin.com " >> /etc/hosts- https://blog.ineat-conseil.fr/2019/06/dans-la-tete-dun-hacker-chinois/
-
Les attaques par collision SHA-1 ne sont plus de la simple théorie
Thu May 23 09:32:22 2019 - permalink -- https://www.zdnet.fr/actualites/les-attaques-par-collision-sha-1-ne-sont-plus-de-la-simple-theorie-39884537.htm
-
IPSET & filtrages des attaques sur les serveurs
IPSET (http://ipset.netfilter.org/) est un outil Linux disponible depuis bien longtemps mais hélas peu utilisé. Il permet de définir des tables d’adresses IP ou IP+Port ou préfixe d’IP.Tue Apr 9 07:00:49 2019 - permalink -- https://www.octopuce.fr/ipset-filtrages-des-attaques-sur-les-serveurs/
-
Call for testing: OpenSSH 8.0
The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead.Fri Mar 29 15:12:22 2019 - permalink -- https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-March/037672.html
-
40 Linux Server Hardening Security Tips [2019 edition]
Very good and up-to-date advice !Wed Mar 27 08:59:19 2019 - permalink -- https://www.cyberciti.biz/tips/linux-security.html
-
ARP Spoofing in 2018: are you protected?
TL;DR: don't be so sure, and check your network ;-)Tue Mar 5 13:32:18 2019 - permalink -
NB: the article says it can be defeated by DHCP snooping : https://en.wikipedia.org/wiki/DHCP_snooping
Some ARP tools : https://en.wikipedia.org/wiki/ARP_spoofing- https://isc.sans.edu/forums/diary/ARP+Spoofing+in+2018+are+you+protected/23533/
-
Security Isn't Enough. Silicon Valley Needs 'Abusability' Testing
(...) tech companies need to work to predict the next form of sociological harm their products might inflict before it happens, not after the fact.Mon Feb 18 07:51:15 2019 - permalink -
That sort of prediction can be immensely complex, and Soltani suggests tech firms consult those who make it their job to foresee the unintended consequence of technology: academics, futurists, and even science fiction authors. "We can use art to think about the potential dystopias we want to avoid," Soltani says. "I think Black Mirror has done more to inform people on the potential pitfalls of AI than any White House policy paper."- https://www.wired.com/story/abusability-testing-ashkan-soltani/?mc_cid=be3fe7e4a4&mc_eid=c15c92a706
-
Vulnerable Machines
Interesting details about privileges escalationMon Dec 3 14:21:07 2018 - permalink -- https://bitvijays.github.io/LFC-VulnerableMachines.html#linux-privilege-escalation
-
Advanced web security topics
Some interesting web hacks explained.Thu Nov 22 13:32:16 2018 - permalink -- https://blog.georgovassilis.com/2016/04/16/advanced-web-security-topics/
-
Entropy and Security
Some facts / definitions about entropy.Tue Nov 6 07:52:57 2018 - permalink -- https://danielmiessler.com/blog/entropy-and-security/?mc_cid=8b11aeb08d&mc_eid=c15c92a706