Chercher :
Newsletter :  
Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- Secuobs




Sponsors :

Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- Commentaires

Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top bi-hebdo:
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs

Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques

Secumail :
- Secunia
- Full Disclosure
- Bugtraq
- DailyDave
- Vulnwatch
- Vulndiscuss
- FunSec
- Focus-IDS
- WebAppSec
- Security-Basis

RSS/XML :
- Articles
- Brèves
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter
- Secunia
- Full Disclosure
- Bugtraq
- DailyDave
- Vulnwatch
- Vulndiscuss
- FunSec
- Focus-IDS
- WebAppSec
- Security-Basis

RSS SecuObs :
- sécurité
- exploit
- windows
- microsoft
- réseau
- attaque

RSS Revue :
- security
- microsoft
- windows
- hacker
- attack
- network

RSS Videos :
- vmware
- security
- virus
- biometric
- windows
- lockpicking

RSS Twitter :
- security
- linux
- botnet
- attack
- metasploit
- cisco

RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques

RSS OPML :
- Français
- International



Revue de presse francophone :
- Vendetta, le pirate de Belgacom, interpellé - lesoir.be
- Synology lance DiskStation DS410
- Websense, Triton la plateforme unifiée pour protéger contre les attaques du Web 2.0
- Everial dématérialise plus de 770 000 pages pour Merial en moins de 6 semaines
- McAfee Labs nouveau scam ciblant tous les utilisateurs de Facebook
- Florian Carrière, SoluCom Pour pérenniser votre PCA, développez sa valeur
- Equinix inaugure un second DataCentre à Genève
- Acronis lance un programme de formation et de certification
- Intego lance Washing Machine 2
- Enterasys améliore sa solution HiPath Wireless
- BitDefender met en garde contre un Trojan ciblant les utilisateurs de Facebook
- Orange Business Services classé dans le Leaders Quadrant par trois rapports Magic Quadrant
- Kroll Ontrack présente les dernières tendances en matière de récupération de données
- Sopra Group récompensé lors des E-DOC Awards 2010 pour sa Solution De Facto
- Trophées 2010 des Paiements Innovants Keynectis récompensée dans la catégorie Authentification forte pour sa solution K.Access

Dernier articles de SecuObs :
- VASTO une extension Metasploit dédiée à l'exploitation des infrastructures virtuelles
- Hogger automatise la création des tables d'attributs Snort à partir des scans Nmap
- Edenwall obtient une subvention de la DGA
- Imposter 0.9 une plateforme de phishing ciblant les navigateurs Web
- Une faille dans l’implémentation RSA de OpenSSL
- Flint un scanner pour simuler, vérifier et nettoyer les règles de filtrage
- SET 0.4.1 - Social Engineering Toolkit - une plateforme de Social Engineering
- 100 000 dollars pour le Pwn2own 2010
- Un botnet qui rapporte gros
- Webraider offre un reverse shell contre une simple injection SQL

Revue de presse internationale :
- Viacom Makes Its Case Against Yesterday's YouTube
- Time table of A V logs ordered by detect method colored by malware over time.
- Energizer site still plagued by data-stealing trojan
- HotCloud 10 Submission Deadline Approaching
- Obama Administration Withholds FoIA Requests More Often Than Bush's
- Googleo.exe, lsass.exe
- instructions.exe, ntos.exe
- Bifrost virus no-ip.exe
- wnr1.exe, 1.exe, 2.exe, launcher.exe
- PointWay, ControlPointWay.exe
- P2P Puts Medical Data At Risk
- Weak states leave EU open to cyberattack
- Hacking fun for British teens
- To Battle Computer Hackers, the Pentagon Trains Its Own
- Secunia Weekly Summary - Issue 2010-11

Annuaire des videos
- CAPeD Calm Audio controlled Personalized Display
- Business Logic Automatons Friend or Foe Amichai Shulman
- Shmoocon 2010 Cyborg Information Security Defense Against the Dark Arts 2 5
- Shmooncon 2010 Detection of rogue access points using clock skews does it really
- RSA Conference USA 2010 Defeating the Enemy The Road to Confidence 2
- Shmoocon 2010 Infrastructural Weaknesses in Distributed Wireless Communication Services 2 6
- Iron Geek Challenge at South by Southwest
- Shmooncon 2010 Detection of rogue access points using clock skews does it really
- Shmoocon 2010 The Splendiferous Story of Archive Team and the Disappearing Digital Heritage 5
- Living Guru Poison part 8 of 9 wmv
- Shane Lawson The Kwikset Smart Key Decoder
- Shmoocon 2010 An Existential Threat To Security As We Know It 2
- Surviving the Zombie Apocalypse Notacon 7 Preview
- Vision x19 for Hak5
- Hak5 CES 2009 Day 1 Pow wow

Revue Twitter
- @HolzmanTweed @joshcorman I fully understand that, but PCI fails SMB's when too much of their budget to PCI and not other business risks
- RT @SecurityTube: SecurityTube Questions Launched! http://questions.securitytube.net/faq a QA site for Infosec and Hacking! Please RT!
- Python in the browser: Shared by Dave Aitel awesome!Comments http://bit.ly/cHGO45
- Kismet and Netstumbler are great but what else do you like for wardriving?
- @franksquared looks killer, time to get python 2.5 on the test vm and start poking around
- @sfoak Is this kosher (from a PCI standpoint)? securitymetrics.com/sitecertinfo.adp
- New Weblog Post -- Finding Malware on your network via cached DNS entries http://bit.ly/ajpcmU
- RT @MakeUseOf: How To Easily Create Clouds In Photoshop http://bit.ly/bZ4CEp by John -- cloud computing?? :-)
- Mark Bagget will give tech segment tonight on PaulDotCom titled Nessus Scanning Through a Metasploit Meterpreter Session
- RT @mckt_: SSL isn't the backbone of web security, it's the skin. Easy to poke holes, but it keeps the guts in. http://bit.ly/af0X0d

Mini-Tagwall
Revue de presse : security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone

+ de mots clés pour la revue de presse
Annuaires des videos : vmware, security, virus, biometric, windows, lockpicking, password, botnet, metasploit, tutorial, attack, crypt, linux

+ de mots clés pour les videos
Revue Twitter : security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall

+ de mots clés pour la revue Twitter



Top bi-hebdo des articles de SecuObs
- Apprendre à parler Skype pour mieux le faire taire !
- Une faille dans l’implémentation RSA de OpenSSL
- Imposter 0.9 une plateforme de phishing ciblant les navigateurs Web
- VASTO une extension Metasploit dédiée à l'exploitation des infrastructures virtuelles
- Flint un scanner pour simuler, vérifier et nettoyer les règles de filtrage
- Keimpx un outil d'audit pour les réseaux Microsoft Windows
- SET 0.4.1 - Social Engineering Toolkit - une plateforme de Social Engineering
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Webraider offre un reverse shell contre une simple injection SQL
- Edenwall obtient une subvention de la DGA

Top bi-hebdo de la revue de presse
- Sun Ray interception de données des DTU
- How to Jailbreak iPhone 3.1.3 IPSW with PwnageTool 3.1.5
- Dev Team Confirms iPhone 3.1.3 IPSW Jailbreak
- Rozlyn Papa sex tape rumours lead to malware
- FREE Kaspersky Internet Security 2010 Activation Code Valid for 6 Months
- installer backtrack 4 [tuto]
- Nouveau dictionnaire WPA Livebox
- IIS 6 may stop responding after you install Microsoft update KB 973917
- La Face cachée de Facebook
- Téléchargements Ados de mal en pis

Top bi-hebdo de l'annuaire des videos
- Comment creer un server botnet!!!!(Réseau de pc zombies)
- vSphere 4 0 update 1 VMware Update Manager and EMC PowerPath VE
- Ettercap Tutorial Man In The Middle Arp Attack
- install MacOSX Snow Leopard in Windows PC using Vmware Workstation as virtual machine
- Blaze botnet in action www opensc ws
- Windows XP Pro SP3 in VMWare off iSCSI Target using gPXE over 802.11n
- Running Wireshark on Mac OS X 10 6 Snow Leopard
- Shmoocon 2010 Firetalks SHODAN for Penetration Testers 1 2
- Avast Internet Security 5 0 396 Final Free Full Download Licensed with Serial Key
- BackTrack 4 on Windows XP with VMware Workstation Tutorial by Puridee HD

Top bi-hebdo de la revue Twitter
- How to secure a Cisco router http://ping.fm/FkG7O
- RT @manicode: Very interesting Java ESAPI-like library coming out of Apache : http://bit.ly/9poefg
- Wirshark + SSH = Wireshark Remote Capturing - http://www.howtoforge.com/wireshark-remote-capturing (via @welias)
- Nux Keylogger 0.0.1 http://packetstormsecurity.org/filedesc/nuxkeylogger0.0.1.c.html
- Nessus Scan through a Meterpreter Session (demo) http://vimeo.com/10203481 #PaulDotCom #nessus #meterpreter
- Collection of security checks for Linux http://bit.ly/a7IH7m
- RT @FrikiFeeds: The newbie's guide to hacking the Linux kernel | TuxRadar Linux http://dlvr.it/6sQp
- Exploit for Apache mod_isapi = 2.2.14 Dangling Pointer (CVE2010-0425) vulnerability ported to Metasploit http://bit.ly/ctDQjk
- Discoverer: Automatic Protocol Reverse Engineering from Network Traces #pdf http://ow.ly/1gHd1
- RT @DidierStevens: cmd.dll reverse shell in memory payload used with PDF exploit: http://bit.ly/96thpF

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Webshag, un outil d'audit de serveur web
- Les navigateurs internet, des mini-systèmes d’exploitation hors de contrôle ?
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- Yellowsn0w un utilitaire de déblocage SIM pour le firmware 2.2 des Iphone 3G
- Microsoft Gazelle, mini-OS virtuel basé sur MashupOS pour une navigation Web sécurisée par isolation
- Nessus 4.0 placé sous le signe de la performance, de l'unification et de la personnalisation
- GreenSQL un proxy MySQL pour filtrer les requêtes SQL et contrer les injections

Les derniers commentaires publiés sur SecuObs (1-5):
- ESRT @opexxx @synopsi - Remote stack overflows
- ESRT @postmodern_mod3 @tmm1 - memprof now displays stack frames and threads
- ESRT @_MDL_ @gollmann - Locking botnet agents to specific victim systems in o
- CsFire 0.4.1 autonomously protects against dangerous or malicious cross-domai
- Seccubus v1.4.1 - Nessus 4.2 compatibility release
[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA31074] Apple iPhone / iPod touch Multiple Vulnerabilities
Want a new job? link://[click] link://[click] International Partner Manager - Project Sales in the IT-Security Industry: link://[click]

TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA31074

VERIFY ADVISORY: link://[click]

CRITICAL: Highly critical

IMPACT: Security Bypass, Cross Site Scripting, Spoofing, DoS, System access

WHERE: From remote

OPERATING SYSTEM: Apple iPhone link://[click] Apple iPod touch link://[click]

DESCRIPTION: Some vulnerabilities have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, cause a DoS (Denial of Service), bypass certain security restrictions, or compromise a user's system.

1) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server.

2) A vulnerability in the handling of packets with an IPComp header can be exploited to cause a DoS.

For more information: SA29130 3) An error within Safari in the handling of Unicode ideographic spaces can be exploited to spoof the URL of a trusted web site in the address bar.

4) An error exists in Safari within the handling of self-signed or invalid certificates. If a user clicks on the menu button while being prompted to accept or reject such a certificate, Safari automatically accepts the certificate on the next visit.

5) A signedness error in Safari when handling Javascript array indices can be exploited to trigger an out-of-bounds memory access and may allow execution of arbitrary code.

6) A vulnerability due to Safari ignoring Unicode Byte-order-Mark (BOM) sequences when parsing web pages can be exploited to bypass certain HTML and Javascript filtering mechanisms.

This is related to vulnerability #8 in: SA20376 7) A vulnerability Safari can be exploited by malicious people to compromise a vulnerable system.

For more information see vulnerability #3 in: SA30775 8) An unspecified error exists in WebKit in the processing of style-sheet elements. This can be exploited to cause a memory corruption and may allow execution of arbitrary code when a user visits a specially crafted web page.

9) An error in Safari when handling xml documents can be exploited by malicious people to cause a DoS (Denial of Service).

For more information: SA28444 10) An error in Safari when processing xml documents can potentially be exploited by malicious people to compromise a user's system.

For more information: SA30315 11) An unspecified error exists in JavaScriptCore's handling of runtime garbage collection. This can be exploited to cause a memory corruption and may allow execution of arbitrary code when a user visits a specially crafted web page.

12) Some vulnerabilities in Safari can be exploited by malicious people to conduct cross-site scripting attacks or potentially to compromise a user's system.

For more information: SA29846 The vulnerabilities are reported in iPhone version 1.0 through 1.1.4, and iPod touch version 1.1 through 1.1.4.

SOLUTION: Upgrade to version 2.0 (downloadable and installable via iTunes).

PROVIDED AND/OR DISCOVERED BY: The vendor credits: 4) Hiromitsu Takagi 5) SkyLined, Google 6) Chris Weber, Casaba Security, LLC 7) James Urquhart 8) Peter Vreudegnhil, working with the TippingPoint Zero Day Initiative 10) Anthony de Almeida Lopes of Outpost24 AB, and Chris Evans of Google Security Team 11) Itzik Kotler and Jonathan Rom of Radware 12) Robert Swiecki of the Google Security Team, David Bloom, and Charlie Miller of Independent Security Evaluators

ORIGINAL ADVISORY: Apple: link://[click] JVN: link://[click] Chris Evans: link://[click] OTHER REFERENCES: SA20376: link://[click] SA28444: link://[click] SA29130: link://[click] SA29846: link://[click] SA30315: link://[click] SA30775: link://[click]

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: link://[click]

Definitions: (Criticality, Where etc.) link://[click]

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch






Les derniers commentaires publiés sur SecuObs (6-25):
- ESRT @JGamblin @threatpost - Hackers say they will definitely break into an A
- ESRT @hdmoore @iagox86 - Weaponizing dnscat - first version of dnscat shellco
- iWep PRO 1.1.3 Released
- FireCAT v1.6.2 updated with Framework Detector
- ESRT @opexxx - FireCAT v1.6.2 updated with BackendInfo
- sipwitch 0.7.4
- Oracle XDB FTP service UNLOCK buffer overflow exploit that spawns a reverse s
- XSSploit XSS scanner multiplatfom v0.5 available
- Network forensics in IRB xtractr Ruby gem
- GreenPois0n Possible Jailbreak Software for iPad OS 32
- Blazing fast password recovery with new ATI cards
- ESRT @wireheadlance - How to secure a Cisco router
- Device Fingerprinting to Fight Real-time Transaction Fraud
- Penetrating Intranets through Adobe Flex Applications
- Updated the OWASP Fuzzing Code Database
- ESRT @jcran - how to convert a NASL check to a NeXpose check
- The New Disclosure Debate and the Evil Mr. Moore
- Charlie Miller Will Expose 20 Hackable Apple Security Flaws
- Digital Forensics Framework v0.5 released
- OSSIM v2.2 Multiple Vulnerabilities


SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Archives Failles Secunia :
- SA38969 OSSIM Multiple Vulnerabilities
- SA38861 TR-069 Remote Management SQL Injection Vulnerability
- SA38955 MaxDB Handshake Packet Buffer Overflow Vulnerability
- SA38922 Ubuntu update for linux and linux-source-2.6.15
- SA38967 PhpKobo Real Estate Contact Form LANG_CODE Local File Inclusion

Archives Mailing Full Disclosure :
- Full-disclosure Claude Mercier/CLSC-CHSLD BVLV/Reg03/SSSS est absent(e).
- Re: Full-disclosure Fingerprinting Paper with Laser
- Re: Full-disclosure Fingerprinting Paper with Laser
- Full-disclosure AboCMS SQL injection (abocms.ru)
- Full-disclosure SECURITY DSA-2018-1 New php5 packages fix null pointer dereference

Archives Mailing Bugtraq :
- Sahana 0.6.2.2 Authentication Bypass
- Secunia Research: Quicksilver Forums Cross-Site Request Forgery Vulnerability
- Secunia Research: Quicksilver Forums Backup Information Disclosure
- Secunia Research: Quicksilver Forums mysqldump Password Disclosure
- Miranda IM silent TLS failure
- Vulnerabilities in VXDate for Joomla

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :