Contribuez à SecuObs en envoyant des bitcoins ou des dogecoins.
Nouveaux articles (fr): 1pwnthhW21zdnQ5WucjmnF3pk9puT5fDF
Amélioration du site: 1hckU85orcGCm8A9hk67391LCy4ECGJca

Contribute to SecuObs by sending bitcoins or dogecoins.

Chercher :
Newsletter :  


Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- Secuobs





Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- USBsploit
- Commentaires


Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top bi-hebdo:
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs


Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS/XML :
- Articles
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter


RSS SecuObs :
- sécurité
- exploit
- windows
- attaque
- outil
- microsoft


RSS Revue :
- security
- microsoft
- windows
- hacker
- attack
- network


RSS Videos :
- curit
- security
- biomet
- metasploit
- biometric
- cking


RSS Twitter :
- security
- linux
- botnet
- attack
- metasploit
- cisco


RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS OPML :
- Français
- International











Revue de presse francophone :
- Appaloosa AppDome nouent un partenariat pour accompagner les entreprises dans le déploiement et la protection des applications mobiles
- D-Link offre une avec un routeur VPN sans fil AC
- 19 mai Paris Petit-Déjeuner Coreye Développer son business à l'abri des cyberattaques
- POYNTING PRESENTE LA NOUVELLE ANTENNE OMNI-291, SPECIALE MILIEU MARITIME, CÔTIER ET MILIEU HUMIDE
- Flexera Software Les utilisateurs français de PC progressent dans l'application de correctifs logiciels, mais des défis de tailles subsistent
- Riverbed lance SD-WAN basé sur le cloud
- Fujitsu multi-récompensé VMware lui décerne plusieurs Partner Innovation Awards à l'occasion du Partner Leadership Summit
- Zscaler Private Access sécuriser l'accès à distance en supprimant les risques inhérents aux réseaux privés virtuels
- QNAP annonce la sortie de QTS 4.2.1
- Une enquête réalisée par la société de cyber sécurité F-Secure a décelé des milliers de vulnérabilités graves, potentiellement utilisables par des cyber criminels pour infiltrer l'infrastru
- Trouver le juste équilibre entre une infrastructure dédiée et cloud le dilemme de la distribution numérique
- 3 juin - Fleurance - Cybersécurité Territoires
- Cyber-assurances Seules 40 pourcents des entreprises françaises sont couvertes contre les violations de sécurité et les pertes de données
- Des étudiants de l'ESIEA inventent CheckMyHTTPS un logiciel qui vérifie que vos connexions WEB sécurisées ne sont pas interceptées
- Les produits OmniSwitch d'Alcatel-Lucent Enterprise ALE gagnent en sécurité pour lutter contre les cyber-attaques modernes

Dernier articles de SecuObs :
- DIP, solution de partage d'informations automatisée
- Sqreen, protection applicative intelligente de nouvelle génération
- Renaud Bidou (Deny All): "L'innovation dans le domaine des WAFs s'oriente vers plus de bon sens et d'intelligence, plus de flexibilité et plus d'ergonomie"
- Mises à jour en perspective pour le système Vigik
- Les russes ont-ils pwn le système AEGIS ?
- Le ministère de l'intérieur censure une conférence au Canada
- Saut d'air gap, audit de firmware et (in)sécurité mobile au programme de Cansecwest 2014
- GCHQ: Le JTRIG torpille Anonymous qui torpille le JTRIG (ou pas)
- #FIC2014: Entrée en territoire inconnu
- Le Sénat investit dans les monnaies virtuelles

Revue de presse internationale :
- VEHICLE CYBERSECURITY DOT and Industry Have Efforts Under Way, but DOT Needs to Define Its Role in Responding to a Real-world Attack
- Demand letter served on poll body over disastrous Comeleak breach
- The Minimin Aims To Be The Simplest Theremin
- Hacking group PLATINUM used Windows own patching system against it
- Hacker With Victims in 100 Nations Gets 7 Years in Prison
- HPR2018 How to make Komboucha Tea
- Circuit Bender Artist bends Fresnel Lens for Art
- FBI Director Suggests iPhone Hacking Method May Remain Secret
- 2016 Hack Miami Conference May 13-15, 2016
- 8-bit Video Wall Made From 160 Gaming Keyboards
- In An Era Of Decline, News Sites Can t Afford Poor Web Performance
- BeautifulPeople.com experiences data breach 1m affected
- Swedish Air Space Infringed, Aircraft Not Required
- Why cybercriminals attack healthcare more than any other industry
- Setting the Benchmark in the Network Security Forensics Industry

Annuaire des videos
- FUZZING ON LINE PART THREE
- Official Maltego tutorial 5 Writing your own transforms
- Official Maltego tutorial 6 Integrating with SQL DBs
- Official Maltego tutorial 3 Importing CSVs spreadsheets
- install zeus botnet
- Eloy Magalhaes
- Official Maltego tutorial 1 Google s websites
- Official Maltego tutorial 4 Social Networks
- Blind String SQL Injection
- backdoor linux root from r57 php shell VPS khg crew redc00de
- How To Attaque Pc With Back Track 5 In Arabique
- RSA Todd Schomburg talks about Roundup Ready lines available in 2013
- Nessus Diagnostics Troubleshooting
- Panda Security Vidcast Panda GateDefender Performa Parte 2 de 2
- MultiPyInjector Shellcode Injection

Revue Twitter
- RT @fpalumbo: Cisco consistently leading the way ? buys vCider to boost its distributed cloud vision #CiscoONE
- @mckeay Looks odd... not much to go on (prob some slideshow/vid app under Linux)
- [SuggestedReading] Using the HTML5 Fullscreen API for Phishing Attacks
- RT @BrianHonan: Our problems are not technical but cultural. OWASP top 10 has not changed over the years @joshcorman #RSAC
- RT @mikko: Wow. Apple kernels actually have a function called PE_i_can_has_debugger:
- [Blog Spam] Metasploit and PowerShell payloads
- PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box: For the second time thi...
- @mikko @fslabs y'all wldn't happen to have lat/long data sets for other botnets, wld you? Doing some research (free/open info rls when done)
- RT @nickhacks: Want to crash a remote host running Snow Leopard? Just use: nmap -P0 -6 --script=targets-ipv6-multicast-mld #wishiwaskidding
- An inexpensive proxy service called is actually a front for #malware distribution -

Mini-Tagwall
Revue de presse : security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone

+ de mots clés pour la revue de presse

Annuaires des videos : curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit

+ de mots clés pour les videos

Revue Twitter : security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall

+ de mots clés pour la revue Twitter

Top bi-hebdo des articles de SecuObs
- [Ettercap – Partie 2] Ettercap par l'exemple - Man In the Middle et SSL sniffing
- [Infratech - release] version 0.6 de Bluetooth Stack Smasher
- [IDS Snort Windows – Partie 2] Installation et configuration
- [Infratech - vulnérabilité] Nouvelle version 0.8 de Bluetooth Stack Smasher
- Mises à jour en perspective pour le système Vigik
- USBDumper 2 nouvelle version nouvelles fonctions !
- EFIPW récupère automatiquement le mot de passe BIOS EFI des Macbook Pro avec processeurs Intel
- La sécurité des clés USB mise à mal par USBDUMPER
- Une faille critique de Firefox expose les utilisateurs de Tor Browser Bundle
- Installation sécurisée d'Apache Openssl, Php4, Mysql, Mod_ssl, Mod_rewrite, Mod_perl , Mod_security

Top bi-hebdo de la revue de presse
- StackScrambler and the Tale of a Packet Parsing Bug

Top bi-hebdo de l'annuaire des videos
- DC++ Botnet. How To DDos A Hub With Fake IPs.
- Comment creer un server botnet!!!!(Réseau de pc zombies)
- Defcon 14 Hard Drive Recovery Part 3

Top bi-hebdo de la revue Twitter
- RT @secureideas: I believe that all the XSS flaws announced are fixed in CVS. Will test again tomorrow if so, release 1.4.3. #BASESnort
- Currently, we do not support 100% of the advanced PDF features found in Adobe Reader... At least that's a good idea.
- VPN (google): German Foreign Office Selects Orange Business for Terrestrial Wide: Full
- @DisK0nn3cT Not really, mostly permission issues/info leak...they've had a couple of XSS vulns but nothing direct.
- Swatting phreaker swatted and heading to jail: A 19-year-old American has been sentenced to eleven years in pris..
- RT @fjserna You are not a true hacker if the calc.exe payload is not the scientific one... infosuck.org/0x0035.png

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Webshag, un outil d'audit de serveur web
- Les navigateurs internet, des mini-systèmes d’exploitation hors de contrôle ?
- Yellowsn0w un utilitaire de déblocage SIM pour le firmware 2.2 des Iphone 3G
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission
- Nessus 4.0 placé sous le signe de la performance, de l'unification et de la personnalisation
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- [IDS Snort Windows – Partie 1] Introduction aux IDS et à SNORT
- Origami pour forger, analyser et manipuler des fichiers PDF malicieux

Safeconnect, Universities, P2P, Network Security and Risk The Tangled World of Policy Enforcement on Other People's Computers

Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

S'abonner au fil RSS global de la revue de presse



Safeconnect, Universities, P2P, Network Security and Risk The Tangled World of Policy Enforcement on Other People's Computers

Par EFF.org Updates
Le [2011-10-06] à 17:22:59



Présentation : By Cindy Cohn and Seth Schoen After months of work, and spurred by an initial report by Professor Ted Byfield of New School University's Parsons New School for Design, we re happy to report a security vulnerability fix in a product called Safe Connect. While the immediate story is good, the underlying context should raise real concerns about the dangers inherent in the ongoing obsession of Congress and the content industry with pressuring intermediaries, especially universities, to use their status as network operators to require individuals to install monitoring software like Safe Connect on their computers in order to appease the content industry. As Stewart Baker, then the Department of Homeland Security s policy czar warned during a similar incident involving the Sony Rootkit It s very important to remember that it s your intellectual property it s not your computer. And in the pursuit of protection of intellectual property, it s important not to defeat or undermine the security measures that people need to adopt in these days. Background Network administrators have been interested for years in software meant to enforce rules on other people's computers connected to a network a technology called Network Access Control NAC . NAC software runs as an agent on behalf of the network administrator, reporting back information about how the computer is configured, examining its security policies, and, in some cases, making changes. We might describe such software as spyware that network operators ask users to install on their computers, although the Safe Connect system does not appear to be configured to report back on the content a user stores on his or her computer. Why do network operators want this power There are many possible reasons, but, most often, it's aimed at making sure the network users have taken security precautions and applied software updates that the network operator considers necessary. Such enforcement software sometimes requires administrative privileges on the users' computer, and in any case its use raises serious questions about computer users' autonomy and right to control and make decisions about their own computers. In an academic environment, the use of this software on non-university-owned computers like the personal machines owned by students, teachers and campus visitors is sometimes controversial. Although it might be used largely in users' own interest, especially when it helps remind less-sophisticated users to apply software upgrades they might otherwise neglect, it can also introduce security and privacy threats of its own. At a minimum, schools should examine this type of software skeptically and should give sophisticated users a way to opt out of installing it. Unfortunately, one source of pressure overshadowing universities' decision-making in this area lately has been Congressional attention to copyright enforcement. While the RIAA has abandoned its ineffective litigation campaigns, it and the MPAA have increased their efforts to lobbying Congress, pressure intermediaries, and lobby Congress to pressure intermediaries to take every more draconian steps to try to stop copyright infringement. In particular, colleges and universities have always been popular targets for both Big Content and Congress. In addition to threatening letters, ill-advised lawsuits, and propaganda campaigns, anti-P2P zealots have embraced technological solutions such as Audible Magic s CopySense. EFF s technologists believe these technologies are fundamentally flawed they are expensive, easily circumvented, and ultimately ineffective. However, the drumbeat coming from Congress may be deterring some universities from looking critically at these technologies, instead encouraging them to adopt quick fixes. Safe Connect Security Vulnerability Enter Safe Connect, a product developed by Impulse Point, LLC. Safe Connect is one of a breed of NAC products, designed to keep private networks particularly college and university networks clean. Impulse Point markets Safe Connect as capable of enforcing compliance with security policies set by the school s network administrators. In addition to keeping student s, teachers and campus visitors anti-virus software updated and their operating systems patched security measures that users might be neglecting , the technology is marketed, and in some cases used by schools, to prevent those on campus from running certain peer-to-peer software over the school s network resources. In other cases, the technology warns those on campus that are running P2P software, making sure they know that Big Brother is watching. It was New School University s requirement that students and faculty install Safe Connect on their own computers that led Professor Byfield, a professor of Art, Media and Technology, to raise his initial concerns. Starting with Professor Byfield s work, and especially curious about Impulse Point s claimed ability to notify users about and block peer-to-peer systems, EFF and researchers at the University of Michigan started investigating. We obtained a copy of the Policy Key, the application from Safe Connect that universities require each student, faculty or visitor to install on her personal computer before she is allowed access to the Internet over the university network. After a bit of reverse engineering, the researchers found that an older but widely-distributed version of the Policy Key would accept purported updates from a local server with no authentication. So a knowledgeable attacker, even on a non-university network, could pretend to be this server and substitute malicious software of their choice, disguised as Policy Key updates. That means users who ran this version of the Policy Key on their systems could be vulnerable to attacks from strangers even after leaving the universities that originally asked them to install it. This goes to show that asking people to install software just to be allowed onto a network can come with its own set of security risks, since bugs in that software constitute new ways onto users' machines. The MacOS X Policy Key version also ran as root with improperly-set file permissions, which would let any other software on a MacOS system with the Policy Key installed gain administrative privileges and take over the system. Concerned about the thousands of students, faculty and campus visitors who whether in the name of network security or intellectual property protection were required to install and run vulnerable software, EFF and the researchers contacted Impulse Point. To their credit, the Safe Connect developers responded promptly. They pointed out that the vulnerabilities had already been fixed in newer versions for returning students and staff, and they then delivered the security patch to their university network and other customers for those with past versions of the software that were still on their university networks. Impulse Point is also committed to implementing a plan to address those such as graduating seniors, staff who have left and campus visitors who were not otherwise likely to get automatic updates. Bullet Dodged, But Underlying Problems Remain Overall, we were pleased with Impulse Point s openness, willingness to respond and speed with which they responded to us. It was a refreshing change from the hostility with which some technology companies respond to security vulnerabilities. We also have no reason to believe any of the identified vulnerabilities were ever exploited in the wild. But the underlying problem remains Big Content s relentless crusade against P2P technology has unintended consequences. Just as the RIAA s lawsuits embroiled a number of innocent people in expensive litigation and Congress DMCA takedown procedures often chill speech protected by fair use, these technological solutions can cause collateral damage. The pressure to require students, professors and campus visitors to install and run software on their computers as a way to protect the content industry is wrong, and can be dangerous. Even in the context of protecting network security, requiring everyone on campus to run programs that either run as root or can be adapted or manipulated from afar is troubling, but as a quixotic attempt to deter copyright infringement, it definitely goes too far.

Les mots clés de la revue de presse pour cet article : network security policy enforcement
Les videos sur SecuObs pour les mots clés : network security policy
Les mots clés pour les articles publiés sur SecuObs : security
Les éléments de la revue Twitter pour les mots clé : network security policy



AddThis Social Bookmark Widget



Les derniers articles du site "EFF.org Updates" :

- EFF Mourns the Loss of Steve Jobs
- EU Parliament Takes the First Step to Prevent Sales of Surveillance Equipment Used to Violate Human Rights
- Safeconnect, Universities, P2P, Network Security and Risk The Tangled World of Policy Enforcement on Other People's Computers
- Courts Call Out Copyright Trolls' Coercive Business Model, Threaten Sanctions
- Party Like It's 1986 - Demand Privacy Like It's 2011
- Human Rights and Digital Freedom Groups Call for Release of Blogger
- Publication of the FCC s Net Neutrality Rules Spawns a Flurry of Legal Challenges
- Freedom of Expression Under Attack in Mexico Social Network Users and Bloggers Face Violence, Political Backlash
- GPS Inventor Joins EFF in Fight Against Warrantless GPS Tracking
- California's Reader Privacy Act Signed into Law




S'abonner au fil RSS global de la revue de presse

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]



Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail




SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :