PUBLIC MARKS from sbrothier with tag security

In November 2015, a video was released to the public showing 17-year-old Laquan McDonald— a black kid who went to school in Chicago’s South Side—being shot 16 times in less than 15 seconds by Jason Van Dyke, a white officer with the Chicago Police Department. Protests erupted around the country, and to this day, protests continue in Chicago. Not only was this an example of an officer brazenly ignoring protocol and killing another human being with wanton disregard for the law, it was also evidence of an apparent cover-up: McDonald was killed in October 2014, and it took at least one lawsuit and 13 months for the city to hand over the video—seemingly an inherently public record—to journalists and lawyers working the case.

Voici ma solution du challenge caché dans le logo de l'ANSSI. Cet article a été publié dans le magazine MISC n°73 de mai/juin 2014 et il est désormais disponible sous licence Creative Commons BY-NC-ND. Puisse-t-il vous divertir !

We’re now using the Internet for a wide range of everyday activities, including online banking, stock trading, online shopping, bill paying, socializing, gaming, entertainment and online research. In the last few years there’s been a massive growth in the number of social networking sites such as Facebook, Linkedin, Twitter, Craigslist, Instagram, Tumblr. We share all kinds of personal details on these sites as well as music, pictures and videos, most of which we would certainly prefer to protect, safeguard and keep private. Unfortunately, all of these sites have been “cracked” by hackers who exposed passwords and other personal information from thousands of users. If you haven’t had your password hijacked, it’s really just a matter of time.

Reusing weaker passwords in some cases can improve security, researchers say.

The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using "cookies" and location data to pinpoint targets for government hacking and to bolster surveillance.

Over the last year, through the revelations of Ed Snowden and independent reporting by others, we've learned more and more about the National Security Agency's spying programs. Indeed, there have now been so many revelations that it can be hard to keep them straight. So here's a handy guide to the most significant ways the NSA spies on people in the United States and around the world.

My book, Dragnet Nation: A Quest for Privacy, Security and Freedom in a World of Relentless Surveillance is now available on Amazon.com, Barnes & Noble and IndieBound. Here’s the description and some review

Ever wanted to be a hacker? Hack your way into the heart of a mysterious organization to uncover their secrets..

Fingerprint scanners like those on the latest iPhones could soon give way to another biometric identifier: The geometry of the veins in your hands. + Hackers in the Chaos Computer Club last year fooled the Apple TouchID, which unlocks the iPhone 5S when presented with a familiar finger, by creating a copy of fingerprint residue. Fingerprints, the hackers wrote in a blog post, are a terrible way to secure your information: You leave them everywhere when you touch things, and it’s (relatively) easy to create fakes that fool the current scanner technology.

This reader mocked Heartbleed, posted his passwords online. Guess what happened next.

I have 268 passwords on 268 different websites. At least that’s what my password manager says. I actually stopped saving new passwords a while back, so the real number of passwords I should change now that Heartbleed has been revealed is even higher than that. How many of those passwords do you think I’m going to change? It took me 10 minutes just to find the change password form for my bank! What about the average computer user who uses the same password for every website and doesn’t understand the details of the exploit? How many passwords will they change?

An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.

The bug first appeared in OpenSSL code that was released in March, 2012—so the vulnerability has been open to exploitation for more than two years. The Internet-security firm Netcraft reported that up to five hundred thousand sites thought to be secure were, in fact, vulnerable—including Twitter, Yahoo, Tumblr, and Dropbox.

It’s been fascinating to watch news of heartbleed, the massive OpenSSL exploit, spread on the web. After years of quietly putting us at risk, the general web user became aware of the exploit only a few days ago, and probably via heartbleed.com.

On-going project to collect and organize envelope security patterns from around the world.

Ce blogueur expliquait comment, en créant un module Netvibes, il a réussi à s'introduire dans l'arrière boutique du site et a avoir accès aux identifiants des utilisateurs.

Short & Invisible Real Url! Protect your links from stealers!

Des chercheurs de l'université de Princeton ont fait la démonstration qu'il est possible de pirater une machine de vote électronique Diebold et truquer le résultat, avec un logiciel indétectable et qui peut se répandre comme un virus informatique. La vidéo suivante (en anglais) montre le mode opératoire, et la facilité avec laquelle il est possible de pénétrer dans le système (en moins d'une minute et sans clé), c'est édifiant !

Relakks offers you not only to surf anonymously, but also to use clients and applications anonymously on the internet

Le logiciel Pretty Good Privacy (ou PGP) est un logiciel de communication électronique sécurisée utilisant la cryptographie asymétrique mais également la cryptographie symétrique. Il fait donc partie des logiciels de cryptographie hybride.

An OpenID identity is just a URL. You can have multiple identities in the same way you can have multiple URLs. All OpenID does is provide a way to prove that you own a URL (identity). And it does this without passing around your password, your email address, or anything you don't want it to. There's no profile exchange component at all: your profiile is your identity URL, but recipients of your identity can then learn more about you from any public, semantically interesting documents linked thereunder (FOAF, RSS, Atom, vCARD, etc.).

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

Hijackthis est un programme qui aide à détecter toute sorte de spywares et autre malwares qui ont pu s’incruster dans votre système. Le registre et le disque dur sont scannés et toutes les informations intéressantes pour l’analyse sont affichées par le programme. Après avoir scanné votre système, vous avez la possibilité de sauvegarder cette liste sous forme de fichier texte. Ce log ainsi créé n’est utile que si l’utilisateur est capable de distinguer les inscriptions incorrectes/dangereuses de celles qui sont normales et même vitales pour le système, car Hijackthis n’offre pas de description des inscriptions analysées. Jusqu’à maintenant, le seul moyen d’obtenir une analyse compétente était de présenter le log dans un forum et de demander l’aide d’un utilisateur plus expérimenté. Le script qui vous est présenté sur cette page permet une évaluation de l’analyse crée par Hijackthis, ce qui permet à chacun d’analyser son log de par soi-même, sans dépendre de l’aide de quelqu’un d’autre. Pour cela, il suffit simplement de copier le contenu de votre log ci-dessous. Hijackthis ne nécessite aucune installation et peut être téléchargé gratuitement ici: A cause de quelques malentendus, je précise que je développe seulement cette analyse en ligne et non l'utilitaire HijackThis.