Contribuez à SecuObs en envoyant des bitcoins ou des dogecoins.
Nouveaux articles (fr): 1pwnthhW21zdnQ5WucjmnF3pk9puT5fDF
Amélioration du site: 1hckU85orcGCm8A9hk67391LCy4ECGJca

Contribute to SecuObs by sending bitcoins or dogecoins.

Chercher :
Newsletter :  


Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- Secuobs





Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- USBsploit
- Commentaires


Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top bi-hebdo:
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs


Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS/XML :
- Articles
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter


RSS SecuObs :
- sécurité
- exploit
- windows
- attaque
- outil
- microsoft


RSS Revue :
- security
- microsoft
- windows
- hacker
- attack
- network


RSS Videos :
- curit
- security
- biomet
- metasploit
- biometric
- cking


RSS Twitter :
- security
- linux
- botnet
- attack
- metasploit
- cisco


RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS OPML :
- Français
- International











Revue de presse francophone :
- Appaloosa AppDome nouent un partenariat pour accompagner les entreprises dans le déploiement et la protection des applications mobiles
- D-Link offre une avec un routeur VPN sans fil AC
- 19 mai Paris Petit-Déjeuner Coreye Développer son business à l'abri des cyberattaques
- POYNTING PRESENTE LA NOUVELLE ANTENNE OMNI-291, SPECIALE MILIEU MARITIME, CÔTIER ET MILIEU HUMIDE
- Flexera Software Les utilisateurs français de PC progressent dans l'application de correctifs logiciels, mais des défis de tailles subsistent
- Riverbed lance SD-WAN basé sur le cloud
- Fujitsu multi-récompensé VMware lui décerne plusieurs Partner Innovation Awards à l'occasion du Partner Leadership Summit
- Zscaler Private Access sécuriser l'accès à distance en supprimant les risques inhérents aux réseaux privés virtuels
- QNAP annonce la sortie de QTS 4.2.1
- Une enquête réalisée par la société de cyber sécurité F-Secure a décelé des milliers de vulnérabilités graves, potentiellement utilisables par des cyber criminels pour infiltrer l'infrastru
- Trouver le juste équilibre entre une infrastructure dédiée et cloud le dilemme de la distribution numérique
- 3 juin - Fleurance - Cybersécurité Territoires
- Cyber-assurances Seules 40 pourcents des entreprises françaises sont couvertes contre les violations de sécurité et les pertes de données
- Des étudiants de l'ESIEA inventent CheckMyHTTPS un logiciel qui vérifie que vos connexions WEB sécurisées ne sont pas interceptées
- Les produits OmniSwitch d'Alcatel-Lucent Enterprise ALE gagnent en sécurité pour lutter contre les cyber-attaques modernes

Dernier articles de SecuObs :
- DIP, solution de partage d'informations automatisée
- Sqreen, protection applicative intelligente de nouvelle génération
- Renaud Bidou (Deny All): "L'innovation dans le domaine des WAFs s'oriente vers plus de bon sens et d'intelligence, plus de flexibilité et plus d'ergonomie"
- Mises à jour en perspective pour le système Vigik
- Les russes ont-ils pwn le système AEGIS ?
- Le ministère de l'intérieur censure une conférence au Canada
- Saut d'air gap, audit de firmware et (in)sécurité mobile au programme de Cansecwest 2014
- GCHQ: Le JTRIG torpille Anonymous qui torpille le JTRIG (ou pas)
- #FIC2014: Entrée en territoire inconnu
- Le Sénat investit dans les monnaies virtuelles

Revue de presse internationale :
- VEHICLE CYBERSECURITY DOT and Industry Have Efforts Under Way, but DOT Needs to Define Its Role in Responding to a Real-world Attack
- Demand letter served on poll body over disastrous Comeleak breach
- The Minimin Aims To Be The Simplest Theremin
- Hacking group PLATINUM used Windows own patching system against it
- Hacker With Victims in 100 Nations Gets 7 Years in Prison
- HPR2018 How to make Komboucha Tea
- Circuit Bender Artist bends Fresnel Lens for Art
- FBI Director Suggests iPhone Hacking Method May Remain Secret
- 2016 Hack Miami Conference May 13-15, 2016
- 8-bit Video Wall Made From 160 Gaming Keyboards
- In An Era Of Decline, News Sites Can t Afford Poor Web Performance
- BeautifulPeople.com experiences data breach 1m affected
- Swedish Air Space Infringed, Aircraft Not Required
- Why cybercriminals attack healthcare more than any other industry
- Setting the Benchmark in the Network Security Forensics Industry

Annuaire des videos
- FUZZING ON LINE PART THREE
- Official Maltego tutorial 5 Writing your own transforms
- Official Maltego tutorial 6 Integrating with SQL DBs
- Official Maltego tutorial 3 Importing CSVs spreadsheets
- install zeus botnet
- Eloy Magalhaes
- Official Maltego tutorial 1 Google s websites
- Official Maltego tutorial 4 Social Networks
- Blind String SQL Injection
- backdoor linux root from r57 php shell VPS khg crew redc00de
- How To Attaque Pc With Back Track 5 In Arabique
- RSA Todd Schomburg talks about Roundup Ready lines available in 2013
- Nessus Diagnostics Troubleshooting
- Panda Security Vidcast Panda GateDefender Performa Parte 2 de 2
- MultiPyInjector Shellcode Injection

Revue Twitter
- RT @fpalumbo: Cisco consistently leading the way ? buys vCider to boost its distributed cloud vision #CiscoONE
- @mckeay Looks odd... not much to go on (prob some slideshow/vid app under Linux)
- [SuggestedReading] Using the HTML5 Fullscreen API for Phishing Attacks
- RT @BrianHonan: Our problems are not technical but cultural. OWASP top 10 has not changed over the years @joshcorman #RSAC
- RT @mikko: Wow. Apple kernels actually have a function called PE_i_can_has_debugger:
- [Blog Spam] Metasploit and PowerShell payloads
- PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box: For the second time thi...
- @mikko @fslabs y'all wldn't happen to have lat/long data sets for other botnets, wld you? Doing some research (free/open info rls when done)
- RT @nickhacks: Want to crash a remote host running Snow Leopard? Just use: nmap -P0 -6 --script=targets-ipv6-multicast-mld #wishiwaskidding
- An inexpensive proxy service called is actually a front for #malware distribution -

Mini-Tagwall
Revue de presse : security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone

+ de mots clés pour la revue de presse

Annuaires des videos : curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit

+ de mots clés pour les videos

Revue Twitter : security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall

+ de mots clés pour la revue Twitter

Top bi-hebdo des articles de SecuObs
- [Ettercap – Partie 2] Ettercap par l'exemple - Man In the Middle et SSL sniffing
- [Infratech - release] version 0.6 de Bluetooth Stack Smasher
- [IDS Snort Windows – Partie 2] Installation et configuration
- [Infratech - vulnérabilité] Nouvelle version 0.8 de Bluetooth Stack Smasher
- Mises à jour en perspective pour le système Vigik
- USBDumper 2 nouvelle version nouvelles fonctions !
- EFIPW récupère automatiquement le mot de passe BIOS EFI des Macbook Pro avec processeurs Intel
- La sécurité des clés USB mise à mal par USBDUMPER
- Une faille critique de Firefox expose les utilisateurs de Tor Browser Bundle
- Installation sécurisée d'Apache Openssl, Php4, Mysql, Mod_ssl, Mod_rewrite, Mod_perl , Mod_security

Top bi-hebdo de la revue de presse
- StackScrambler and the Tale of a Packet Parsing Bug

Top bi-hebdo de l'annuaire des videos
- DC++ Botnet. How To DDos A Hub With Fake IPs.
- Comment creer un server botnet!!!!(Réseau de pc zombies)
- Defcon 14 Hard Drive Recovery Part 3

Top bi-hebdo de la revue Twitter
- RT @secureideas: I believe that all the XSS flaws announced are fixed in CVS. Will test again tomorrow if so, release 1.4.3. #BASESnort
- Currently, we do not support 100% of the advanced PDF features found in Adobe Reader... At least that's a good idea.
- VPN (google): German Foreign Office Selects Orange Business for Terrestrial Wide: Full
- @DisK0nn3cT Not really, mostly permission issues/info leak...they've had a couple of XSS vulns but nothing direct.
- Swatting phreaker swatted and heading to jail: A 19-year-old American has been sentenced to eleven years in pris..
- RT @fjserna You are not a true hacker if the calc.exe payload is not the scientific one... infosuck.org/0x0035.png

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Webshag, un outil d'audit de serveur web
- Les navigateurs internet, des mini-systèmes d’exploitation hors de contrôle ?
- Yellowsn0w un utilitaire de déblocage SIM pour le firmware 2.2 des Iphone 3G
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission
- Nessus 4.0 placé sous le signe de la performance, de l'unification et de la personnalisation
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- [IDS Snort Windows – Partie 1] Introduction aux IDS et à SNORT
- Origami pour forger, analyser et manipuler des fichiers PDF malicieux

Upcoming revelations speculations

Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

S'abonner au fil RSS global de la revue de presse



Upcoming revelations speculations

Par Errata Security
Le [2013-06-12] à 22:56:56



Présentation : Greenwald Snowden claim even more explosive revelations are coming. I thought I'd write some guesses of what those revelations might be. Factoring 1024 bit keys I don't think the NSA can crack any RSA key through the use of quantum computers. If they could, only 10 people would know, and it wouldn't filter down to people like Snowden. Moreover, Snowden tried to get Greenwald to use PGP -- which he wouldn't have done if the NSA could crack it. But, the NSA has the ability to brute-force short RSA keys using arrays of custom silicon chips ASICs or FPGAs . What we don't know how far they've gotten, what the largest key is that they can crack. I think one of the revelations will be the size of keys the NSA is currently cracking. Since most websites default to 1024 bit keys, that the NSA can routinely crack keys of that size would be an explosive revelation. Just as important would be revelation about specific cases where it might've used its vast cracking power, such as whether it successfully has decrypted somebody's SSL connections using this technique. If the NSA is routinely cracking RSA in the SSL traffic it eavesdrops on throughout the world, that'd be huge. Update A 768-bit RSA key was factored in 2010. They estimate cracking a 1024-bit key would be 1000 times harder, taking 1.5 million desktop computers to accomplish the feat. This is within the NSA's budget. Thus, it factoring these keys wouldn't be surprising -- but proof they regularly do it would cause everyone to update their SSL certificates. TOR eavesdropping I assume the NSA operates TOR The Onion Router entry exit nodes purely on the principle that they'd be a fool not to. By default, TOR creates a new circuit every 15 minutes. Thus, a single high-speed exit node will eventually get a sample of everyone who uses TOR. An interesting revelation would be the extent to which the NSA is monitoring TOR. With enough exit, entry, and internal nodes, the NSA would be able to successfully unmask a person. It would be an enormous investment, though. My recollections are hazy, but I think most Tor nodes use 1024 bit RSA keys. Thus, the above discussion on RSA factoring can be extended to cover Tor traffic. That ability would be an explosive revelation. BitCoin mining Anybody with more than 50pourcents of the computation power of the BitCoin network can destroy it. The NSA has long been a huge customer of custom designed ASICs and FPGAs, and is something they could easily do -- if they wanted to. A separate issue is anonymity As everyone knows, BitCoin is pseudonymous. Every transaction is logged in a public legger open to everyone, including the NSA. It's just that these transactions are pure metadata. We don't know the physical person behind the BitCoin addresses. However, the NSA can sync this up with other metadata, such as it's tracking of all financial transactions, phone numbers, and IP addresses. That they'd successfully unmasked major BitCoin targets would be explosive. Also, there is the rumor that Satoshi Nakamura the pseudonym of BitCoin's creator is an NSA employee. Stuxnet and 0day market We all believe the NSA created Stuxnet, so any confirmation of this won't surprise us. But it's unlikely that NSA created it alone. Instead, they probably used contractors and purchased the 0days on the open market. It's like that the sellers of some of those 0days are well known to us in the cybersec community, being people that we personally know. Likewise, there might be explosive revelations about the extent of the 0day market in general, how many the NSA has been buying, how often they've been used, and who they've targeted. Backdoors Decades ago, the NSA was caught bribing a Swiss company to put a backdoor in their crypto products. The rumor that the NSA continues to do so as persisted ever since. For example, when people found the NSAKEY in Windows a decade ago, the tin foil hat crowd assumed it was an NSA backdoor it wasn't . Modern backdoors are beyond crypto. For example, we might find that anti-virus companies routinely ignore malware at the request of the NSA. Or, conversely, the NSA might have a program for tricking anti-virus companies, such as by creating two copies of software that have the same MD5 SHA1 hash, then successfully getting anti-virus companies to whitelist the good version. Another example is the iMessage issue. In theory, Apple promises some sort of end-to-end encryption such that even they cannot decrypt your messages. In practice, everyone believes there is a backdoor for law enforcement. The exact details of this might be revealed. In other countries, there is a high degree of mistrust of American products, like Internet routers and telcom equipment. These might be revealed to have backdoors. Even though most computer hardware and chips are designed in the United States, they usually manufactured in China. There has been constant rumors about the Chinese backdooring hardware during the manufacturing process. What we might find is that the NSA has been backdooring hardware during the design process. Skype Microsoft bought Skype for 8 billion dollars. It doesn't seem to make sense. Now that we see Skype and Microsoft prominently mentioned in the PRISM documents, we may find out that this entire thing was a plot by the NSA. The way it would work is this. In exchange for being the public face owning Skype, the NSA might guarantee 500-million a year of purchases of software licenses . This could be a win-win for Microsoft, as it could use these fictitious licenses to hide from Wall Street how much their Windows market share is tanking in the mobile market. Undersea Cables Why the heck was Edward Snowden working in Hawaii The assumption that many people have is because that's where undersea cable taps lead. As everyone knows, the NSA has its own private nuclear powered submarine. Everyone assumes this is for settling on the deep ocean floor to install its taps. What we may find is the true scope of this program. There's more to it than just cable taps. Through manipulation of BGP routing, it's easy to cause targeted traffic that would normally be wholly within a country to leak out through an undersea cable, and then go back into the country. Revelations of this sort of thing would be pretty explosive. More monitoring of Americans As the NSA repeatedly says, they don't monitor Americans themselves -- they just outsource it to the FBI. There might be more revelations about how the NSA hoovers up various law enforcement data from around the country into fusions centers that combine and correlate it. For example, local police departments are increasingly scanning license plates automatically, recording the GPS location and time when the license plates were seen. This includes cameras on the side of the road, cameras mounted on top of police cars, and or manual action by police officers typing in plates into the computer. Imagine if all that data was sent to the NSA, to be combined with other metadata, such as the cell location from your phone. I think this would get a lot of people upset. Booz-Allen itself The Booz-Allen company itself as well as other military industrial complex companies are up to their eyeballs in intelligence stuff. It also has a weird history it was purchased by the private equity company The Carlyle Group, then a minority stake was spun out as a public company, with the Carlyle Group holding onto some business units for itself. A company doesn't have the same restrictions as the NSA. It may be able to do certain things that the NSA can't. All this means that we may be getting some interesting revelations about what the company is up to quite appart from the NSA. I'm not sure I'd want to hold stock in this company though I probably am through a mutual fund or something . They finally come for me These guesses are just the product of my paranoid fantasies, but there's a chance that some might be correct. I might get two FBI agents showing up at my door or be whisked away in the night for questioning. For the record, I have not yet received an NSL National Security Letter . Crypto guy Matt Blaze irregularly points this out on twitter as a neat trick. An NSL forbids a person from disclosing that they received the NSL. Thus, while you can't confirm you've received one, you can simply stop posting that you haven't.

Les mots clés de la revue de presse pour cet article : upcoming



AddThis Social Bookmark Widget



Les derniers articles du site "Errata Security" :

- I'm hacking your website
- Unwanted access
- SilentCircle and technical debt
- NSA hacking Chinese it's self defense
- A Glass FAQ
- I survived Google's re-education camp
- Even Microsoft has to pay for it
- Upcoming revelations speculations
- NSA poll You are reading the numbers wrong
- Oaths, conscience, and honor




S'abonner au fil RSS global de la revue de presse

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]



Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail




SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :