—
Book Review: Penetration Testing – A Hands-On Introduction to Hacking
A few weeks ago I bought Georgia Weidman’s book about penetration testing: “A Hands-On Introduction to Hacking“. Being overloaded by many projects, I finally finished reading it and it’s now time to write a quick review. Georgia is an awesome person.
http://blog.rootshell.be/?p=26332
Cliché: open-source is secure
Some in cybersec keep claiming that open-source is inherently more secure or trustworthy than closed-source. This is demonstrably false. Firstly, there is the problem of usability. Unusable crypto isn’t a valid option for most users.
http://blog.erratasec.com/2014/07/cliche-open-source-is-secure.html
Dans les secrets d’un faux site de la CAF
Les filoutages, phishing, appelés aussi hameçonnages, sont légions sur la toile. Mission des pirates derrière ces escroqueries, mettre la main sur un maximum d’informations privées et sensibles appartenant aux internautes attirés par le filet des voleurs.
http://www.zataz.com/dans-les-secrets-dun-faux-site-de-la-caf/
Google corrige une importante faille de sécurité sur Android
La faille a été surnommé « Fake ID » (fausse pièce d’identité en français), parce que, comme l’explique le site spécialisé Ars Technica : « Elle permet un accès spécial aux ressources Android qui sont normalement hors-limites à des applications malveillantes.
http://www.lemonde.fr/vie-en-ligne/breve/2014/07/30/un-bug-android-expose-des-millions-de-telephones-et-tablettes-a-des-attaques_4464514_4409015.html
Les USA financent TOR, que la NSA cherche à casser
Voilà un comportement qui est pour le moins paradoxal, en apparence en tout cas.
http://www.numerama.com/magazine/30150-les-usa-financent-tor-que-la-nsa-cherche-a-casser.html
All Top German Leaders Getting New Encrypted Cell Phones to Protect From Eavesdroppers
Spying on the German government is getting more complicated for foreign intelligence services after Berlin has purchased a number of so-called crypto-phones. A government spokesman said 3,000 mobile phones with the encoding technology have been distributed to the federal administration.
http://www.matthewaid.com/post/93299317666/all-top-german-leaders-getting-new-encrypted-cell#_=_
La France facilite l’action de l’ANSSI
Le gouvernement a pris un décret permettant à la direction de l’ANSSI de signer des décisions à la place du premier ministre.
http://www.numerama.com/magazine/30154-la-france-facilite-l-action-de-l-anssi.html
IoT devices are filled with security flaws, researchers warn
We are living in an increasingly interconnected world, and the so-called Internet of Things is our (inescapable) future.
http://www.net-security.org/secworld.php
C-Level Execs Concerned About Cybersecurity, But Not Investing in It
Cybersecurity concerns C-level execs more than concerns over their companies’ reputations. However, many are unwilling to invest to assuage the worries; and many don’t realize that a data breach could be the most costly reputational issue that a company can face.
http://www.infosecurity-magazine.com/view/39492/clevel-execs-concerned-about-cybersecurity-but-not-investing-in-it/
Tor security advisory:
This advisory was posted on the tor-announce mailing list. On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services.
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
—
Vous pouvez également vous abonner à cette veille #Cybersécurité via un flux RSS dédié : https://www.cyber-securite.fr/category/veille-cyber/feed
