Publications 2012 S14

=> Le Magazine de Developpez.com – N°38 de Février-Mars 201. 19/03/2012. «Vous retrouverez notamment la liste de tous les nouveaux articles (ainsi qu’une courte description, critiques de livres nouvellement publiés, débats en cours, etc.). Mais en plus, certains articles, critiques de livres et comptes rendus d’évènements sont publiés en intégralité. L’actualité des rubriques et de leurs pages principales (cours, codes sources, FAQ, livres, outils…) est aussi détaillée. Illustrations et morceaux de codes agrémentent ce magazine (…).»
Source : magazine.developpez.com/

=> Un cryptage exploite la forme des lettres. 19/03/2012. «Plus solide que les algorithmes mathématiques à clés secrètes, la méthode de chiffrement mise au point par des chercheurs indiens repose sur un principe vieux comme l’Antiquité (…).»
Source : pro.01net.com/editorial/561920/un-cryptage-revolutionnaire-exploite-la-forme-des-lettres/
Billets en relation :
06/11/2011. Experimenting with the novel approaches in text steganography [pdf] : arxiv.org/ftp/arxiv/papers/1203/1203.3644.pdf
16/03/2012. Experimenting with the Novel Approaches in Text Steganography : arxiv.org/abs/1203.3644

=> GDI Font Fuzzing in Windows Kernel For Fun. 19/03/2012. «GDI Font Fuzzing in Windows Kernel For Fun (…).»
Source : twitter.com/#!/j00ru/statuses/181697421582147584
Billets en relation :
19/03/2012. GDI Font Fuzzing in Windows Kernel For Fun [slides pdf] : media.blackhat.com/bh-eu-12/Lee/bh-eu-12-Lee-GDI_Font_Fuzzing-Slides.pdf
19/03/2012. GDI Font Fuzzing in Windows Kernel For Fun [pdf] : media.blackhat.com/bh-eu-12/Lee/bh-eu-12-Lee-GDI_Font_Fuzzing-WP.pdf

=> Spam report: February 2012. 20/03/2012. «In our spam report for January we wrote about spam dedicated to Valentine’s Day, a theme that was also discussed in a separate blog. Valentine’s spam peaked on 12 February, when 0.2% of all spam messages exploited the patron saint of love’s holiday (…).»
Source : www.securelist.com/en/analysis/204792224/Spam_report_February_2012
Billets en relation :
20/03/2012. Courrier indésirable en février 2012 : www.viruslist.com/fr/analysis?pubid=200676275

=> RFC 6561: Recommendations for the Remediation of Bots in ISP Networks. 20/03/2012. «Une des plus grosses menaces sur la sécurité de l’Internet réside dans les zombies, ces machines Windows contaminées par du logiciel malveillant et qui obéissent désormais à un maître qui leur ordonne, selon sa volonté, de lancer une dDoS, d’envoyer du spam, etc. Ce RFC documente le point de vue d’un gros FAI, Comcast, sur le problème. La partie que je trouve la plus riche est celle sur le difficile problème de la notification des utilisateurs. (…).»
Source : www.bortzmeyer.org/6561.html
Billets en relation :
20/03/2012. RFC 6561 [txt] : www.rfc-editor.org/rfc/rfc6561.txt

=> Unsafe Exposure Analysis of Mobile In-App Advertisements [pdf]. 20/03/2012. «In recent years, there has been explosive growth in smartphone sales, which is accompanied with the availability of a huge number of smartphone applications (or simply apps). End users or consumers are attracted by the many interesting features offered by these devices and the associated apps. The developers of these apps benefit financially, either by selling their apps directly or by embedding one of the many ad libraries available on smartphone platforms. In this paper, we focus on potential privacy and security risks posed by these embedded or in-app advertisement libraries (…).»
Source : www.csc.ncsu.edu/faculty/jiang/pubs/WISEC12_ADRISK.pdf

=> Mesure de la résilience de l’Internet en France : mon exposé à l’OARC. 21/03/2012. «À l’occasion de la réunion de l’OARC aujourd’hui à Teddington, j’ai présenté le futur rapport sur la résilience de l’Internet en France (…).»
Source : www.bortzmeyer.org/oarc-londres-resilience.html
Billets en relation :
21/03/2012. Measuring Internet resilience [pdf slides] : www.bortzmeyer.org/files/oarc-londres-resilience-SHOW.pdf

=> ROVER, un système alternatif pour sécuriser BGP. 22/03/2012. «Le protocole de routage BGP, sur lequel repose tout l’Internet, est connu pour son absence de sécurité. N’importe quel maladroit peut annoncer les routes d’un autre opérateur et détourner ou couper le trafic. Il existe une solution de sécurisation, normalisée et activement déployée, RPKI+ROA. Mais cette solution, plutôt complexe, ne fait pas que des heureux. Une alternative vient d’être annoncée, ROVER (ROute Origin VERification) (…).»
Source : www.bortzmeyer.org/rover-bgp.html
Billets en relation :
22/03/2012. Three Paper Thursday: BGP and its security : www.lightbluetouchpaper.org/2012/03/22/three-paper-thursday-bgp-and-its-security/
23/03/2012. Routage et Sécurité : ROVER ! : cidris-news.blogspot.fr/2012/03/routage-et-securite-rover.html

=> 2012 Verizon Data Breach Investigation’s Report Released. 22/03/2012. «T’s hard to believe, but it’s time again for another installment of Verizon’s annual Data Breach Investigations Report. This year’s report represents our largest dataset ever, with 855 confirmed security breaches accounting for a combined 174 million compromised records. As always, we analyze the data and attempt to explain what happened, who did it and who was affected. We are very pleased to announce that the 2012 DBIR again includes data provided by our valued collaborators, the U.S. Secret Service and the Dutch High Tech Crime Unit. We are even more pleased to announce that these agencies are joined this year by the Irish Reporting and Information Security Service, the Australian Federal Police, and the Police Central e-Crime Unit of the London Metropolitan Police. The inclusion of data provided by these agencies allows for the most geographically diverse DBIR to date (…).»
Source : securityblog.verizonbusiness.com/2012/03/22/2012-data-breach-investigations-report-released/
Billets en relation :
22/03/2012. Christopher Porter of Verizon explains some of the findings from the Verizon 2012 Data Breach Investigations Report [podcast] : itknowledgeexchange.techtarget.com/security-wire-weekly/verizon-dbir-2012-overview-attack-mitigation-strategies/
22/03/2012. The 2012 Data Breach Investigations Report (DBIR) [pdf] : www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
26/03/2012. Verizon lit dans les entrailles du piratage et les journalistes plongent : reflets.info/verizon-lit-dans-les-entrailles-du-piratage-et-les-journalistes-plongent
30/03/2012. Pas les Anonymous, les « négligents de l’intérieur » ! : www.cnis-mag.com/pas-les-anonymous-les-%C2%AB-negligents-de-l%E2%80%99interieur-%C2%BB.html
03/04/2012. Verizon publie son rapport annuel concernant l’analyse des incidents de sécurité : www.globalsecuritymag.fr/CERT-XMCO-Verizon-publie-son%2c20120403%2c29407.html

=> Key highlights in the IBM X-Force 2011 Trend & Risk Report. 22/03/2012. «Today we announced the IBM X-Force Trend & Risk report for the year end 2011. While some positive trends and improvements have emerged, attacker’s methods continue to adapt. This is the first report under the new IBM Security Systems division (…).»
Source : blogs.iss.net/archive/2011-XFTR-eoy.html

=> [Compte-rendu] Cyberdependance et autres croquemitaines. 24/03/2012. «« Cyberdépendance et autres croquemitaines » de Pascal Minotte est inspiré du rapport sur les usages problématiques de l’Internet et des jeux vidéo co-écrit avec Jean-Yves Donnay. Le livre s’ouvre sur une préface de Serge Tisseron, puis il met en question le terme de Cyberdépendance. Il propose d’utiliser plutôt l’expression « usage problématique » ou « passion obsessive » dont il donne quelques clés de compréhension. D’autres usages problématiques sont rapidement abordés avant de livrer une conclusion générale (…).»
Source : www.psyetgeek.com/cyberdpendance-et-autres-croquemitaines-2
Billets en relation :
24/03/2012. Cyberdependance et autres croquemitaines [pdf] : www.yapaka.be/files/publication/TA_cyberdependance_WEB.pd
25/03/2012. Psychologues rech. desesperement addiction internet et jeux video : www.psyetgeek.com/psychologues-rech-desesperement-addiction-internet-et-jeux-video

=> ROP and deROP. 24/03/2012. «I ve been writing a lot about ROP in my past posts ( Here for a collection) covering some of the principal anti ROP techniques used by modern operative systems. Today I ‘d like to suggest another great reading from Kanjie Lu et Al. From Peking University, Cina titled « deROP: removing return oriented programming from malware. » (…).»
Source : marcoramilli.blogspot.fr/2012/03/rop-and-derop.html
Billets en relation :
24/03/2012. DeROP: removing return oriented programming from malware [pdf] : www.acsac.org/2011/openconf/modules/request.php?module=oc_proceedings&action=view.php&a=Accept&id=57&type=2&OPENCONF=95413ea6ce8282c8a781ec58979283a5

=> Whitepaper “Lotus Domino: Penetration Through the Controller” from BlackHat Europe 2012. 26/03/2012. «On the BlackHat Europe conference held from March 14 to March 16, Alexey Sintsov, head of information security audit department in ERPScan Company, shared his experience in penetration testing and presented the results of a recently conducted research of Lotus Domino security (…).»
Source : erpscan.com/publications/whitepaper-lotus-domino-penetration-through-the-controller-from-blackhat-europe-2012/
Billets en relation :
16/03/2012. Whitepaper « Lotus Domino: Penetration Through the Controller », BlackHat Europe 2012 [pdf] : erpscan.com/wp-content/uploads/2012/03/bh-eu-12-Sintsov-Lotus_Domino-WP.pdf

=> Internet Watch Foundation report highlights new abuse of online technology. 26/03/2012. «Criminals intent on distributing images of children being sexually abused are finding new ways of exploiting legitimate online technology, according to the Internet Watch Foundation’s (IWF) 2011 Annual Report launched today (…).»
Source : www.iwf.org.uk/about-iwf/news/post/321-internet-watch-foundation-report-highlights-new-abuse-of-online-technology
Billets en relation :
26/03/2012. Paedophiles using new method to hide child abuse images online : nakedsecurity.sophos.com/2012/03/26/paedophiles-hide-child-abuse-images-online
26/03/2012. 2011 Annual Report [pdf] : www.iwf.org.uk/assets/media/annual-reports/annual%20med%20res.pdf

=> Tor – February 2012 Progress Report. 27/03/2012. «Our progress report for February 2012 is now available. It hightlights recent work with deep packet inspection and censorship circumvention in Iran and Kazakhstan. Also progress on a new tor status site based on new protocols, and general outreach and travels (…).»
Source : blog.torproject.org/blog/february-2012-progress-report

=> Maliciousness in Top-ranked Alexa Domains. 28/03/2012. «At Barracuda Labs, we use a variety of research technologies to identify and study maliciousness on the web. One of these tools is an automated system that forces a web browser inside a Windows virtual machine to visit a URL to see what happens to the browser, its plugins, and the operating system. The resulting network-level actions of the virtual machine help us determine, without prior knowledge of specific exploits served to the browser or its extensions, whether a URL serves malicious content (…).»
Source : www.barracudalabs.com/wordpress/index.php/2012/03/28/maliciousness-in-top-ranked-alexa-domains/
Billets en relation :
28/03/2012. Infographic (en) : www.barracudalabs.com/goodsitesbad/
02/04/2012. Over 10 Million People Exposed to Drive-by Exploits in February 2012 : www.barracudanetworks.com/ns/news_and_events/?nid=546
06/04/2012. Infographie (fr) : www.generation-nt.com/zoom-1239061,1565031-infographie-sites-confiance-menaces-barracuda-labs.html
06/04/2012. Des sites populaires distribuent du contenu malveillant : www.generation-nt.com/barracuda-labs-securite-etude-sites-populaires-malwares-actualite-1565031.html

=> Deep dive into OS internals with WinDB [pdf]. 28/03/2012. «An approach towards reversing malwares, shellcodes and other malicious codes to understand the ways in which they use the OS Internals for their functionality (…).»
Source : www.exploit-db.com/download_pdf/18576/
Billets en relation :
28/03/2012. Windows Malware: a reversing engineering document. : marcoramilli.blogspot.fr/2012/03/windows-malware-reversing-engineering.html

=> PWC publie un rapport sur la cybercriminalité dans le secteur privé. 28/03/2012. «PricewaterhouseCoopers a publié un rapport sur l’impact de la cybercriminalité sur le secteur des entreprises (…).»
Source : www.secuinsight.fr/2012/03/28/pwc-publie-un-rapport-sur-la-cybercriminalite-dans-le-secteur-prive/
Billets en relation :
28/03/2012. Fighting Economic Crime in the Financial Services sector [pdf] : www.pwc.com/en_GX/gx/economic-crime-survey/pdf/fighting-economic-crime-in-the-financial-services-sector.pd

=> Symantec – Trojan.ZeroAccess Infection Analysis [pdf]. 29/03/2012. «ZeroAccess, also known as “Smiscer” or “Max++ rootkit”, is a malicious Windows threat used to generate revenue primarily through pay-per-click fraud. ZeroAccess uses low-level rootkit functionality to remain persistent and stealth. (…).»
Source : www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/trojan_zeroaccess_infection_analysis.pdf

=> Exploring the Blackhole exploit kit. 29/03/2012. «In this paper I am going to describe an exploit kit known as Blackhole, which due to its prevalence over the past year has become the most notorious of all the exploit kits today. (…).»
Source : nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit-2/
Billets en relation :
29/03/2012. Exploring the Blackhole exploit kit [pdf] : sophosnews.files.wordpress.com/2012/03/blackhole_paper_mar2012.pdf

=> Virologie mobile, 5e partie. 30/03/2012. «Près d’un an s’est écoulé depuis la publication de la quatrième partie du rapport « Virologie mobile ». En guise de conclusion, nous avions formulé quelques pronostics sur le développement des menaces pour les plateformes mobiles en 2011. Voyons si ces pronostics se sont confirmés (…).»
Source : www.viruslist.com/fr/analysis?pubid=200676277

=> TrendMicro – Luckycat Redux [pdf]. 30/03/2012. «The number of targeted attacks has dramatically increased. Unlike largely indiscriminate attacks that focus on stealing credit card and banking information associated with cybercrime, targeted attacks noticeably differ and are better characterized as « cyber espionage. » Highly targeted attacks are computer intrusions threat actors stage to aggressively pursue and compromise specific targets, often leveraging social engineering, to maintain persistent presence within the victim’s network so they can move laterally and extract sensitive information (…).»
Source : us.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_luckycat_redux.pdf

=> Procure secure: ENISA’s new guide for monitoring cloud computing contracts . 02/04/2012. «Procurement of cloud computing services is an increasingly important task for governments and businesses across the EU – and information security is a key pain-point (…).»
Source : www.enisa.europa.eu/media/press-releases/procure-secure-enisa2019s-new-guide-for-monitoring-cloud-computing-contracts
Billets en relation :
02/04/2012. Acheter de façon sécurisée : le nouveau guide d’ENISA sur le contrôle des contrats des services de cloud computing [communiqué en fr] : www.enisa.europa.eu/media/press-releases/acheter-de-facon-securisee
02/04/2012. Procure Secure: A guide to monitoring of security service levels in cloud contracts [pdf] : www.enisa.europa.eu/activities/application-security/test/procure-secure-a-guide-to-monitoring-of-security-service-levels-in-cloud-contracts/at_download/fullReport

=> How Do They Attack? Analyzing the “New” Lulzsec Attacks . 02/04/2012. «Today, we released another HII report on RFI/LFI to reiterate exactly the same message: RFI/LFI is a favorite among hackers but is neglected by the security community (…).»
Source : blog.imperva.com/2012/04/how-do-they-attack-analyzing-the-new-lulzsec-attacks.html
Billets en relation :
02/04/2012. Imperva décortique les attaques LFI & RFI (Remote and Local File Inclusion) : www.globalsecuritymag.fr/Imperva-decortique-les-attaques%2c20120402%2c29378.html
02/04/2012. Remote and Local File Inclusion Vulnerabilities 101 [pdf] : www.imperva.com/docs/HII_Remote_and_Local_File_Inclusion_Vulnerabilities.pdf
03/04/2012. Anatomy of an RFI/LFI Attack : blog.imperva.com/2012/04/anatomy-of-an-rfilfi-attack.html
05/04/2012. Our RFI/LFI Attack Graphic : blog.imperva.com/2012/04/our-rfilfi-attack-graphic.html

=> Cartographie des Data Centers en France – Édition 2012 . 02/04/2012. «Nous vous proposons de télécharger la carte des Data Centers en France dont les opérateurs proposent des services de colocation. Cette carte a été mise à jour le 29 février 2012 (…).»
Source : www.globalsecuritymag.fr/Cartographie-des-Data-Centers-en%2c20120402%2c28951.html
Billets en relation :
02/04/2012. Cartographie des Data Centers en France – Édition 2012 [pdf] : www.globalsecuritymag.fr/IMG/pdf/CARTOGRAPHIE_DATA_CENTER_EN_FRANCE.pdf

=> ESET – Man, Myth, Malware and Multi-Scanning [pdf]. 02/04/2012. «Malware multi-scanning: everybody’s doing it. AV companies use batteries of competitor products for comparative analysis and other laboratory procedures. Blackhats are increasingly likely to use internal or third-party “black” laboratory resources for the testing of malware tweaked to increase resistance to anti-malware analysis and forensics, as the blackhat economy strengthens and parallels conventional business models. Public multi-scanner sites intended for the evaluation of the risk from individual files are also used and misused for many purposes (…).»
Source : go.eset.com/us/resources/white-papers/cfet2011_multiscanning_paper.pdf
Billets en relation :
02/04/2012. VirusTotal, Useful Engines, and Useful AV : blog.eset.com/2012/04/02/virustotal-really-useful-engines-and-why-theres-still-a-place-for-av

=> Sur les traces du smartphone perdu. 02/04/2012. «Que devient un smartphone, dénué de tout système de sécurité, oublié en pleine jungle urbaine ? Ce sont les questions auxquelles ont tenté de répondre les experts de Symantec au travers du projet « Smartphone Honey Stick ». (…).»
Source : blogs.orange-business.com/securite/2012/04/sur-les-traces-du-smartphone-perdu.html
Billets en relation :
09/03/2012. The Symantec Smartphone Honey Stick Project [pdf] : www.symantec.com/content/en/us/about/presskits/b-symantec-smartphone-honey-stick-project.en-us.pdf
09/03/2012. Introducing the Symantec Smartphone Honey Stick Project : www.symantec.com/connect/blogs/introducing-symantec-smartphone-honey-stick-project

=> Résultats de la 7ème étude annuelle WISR. 03/04/2012. «Cette tribune présente quelques résultats tirés de la 7ème étude annuelle WISR (Worldwide Internet Security Report) publiée par Arbor Networks. Cette étude a été réalisée grâce aux partenariats de longue date entretenus par Arbor avec les opérateurs du monde entier et aussi grâce à ses clients qui se sont prêtés au jeu. La période étudiée s’étend d’octobre 2010 à novembre 2011 (…).»
Source : www.lecercle.biz/Home/Publications/Dossier12_04/tabid/3048/language/en-US/Default.aspx
Billets en relation :
02/04/2012. Worldwide Infrastructure Security Report : www.arbornetworks.com/report

=> Exercice de cyber-crise – Publication du rapport EUROCYBEX. 04/04/2012. «EuroCybex est un projet européen dont l’enjeu principal est la réalisation d’un exercice de cyber-crise impliquant un certain nombre d’Etats membres de l’UE. L’objectif est de tester et d’améliorer les procédures de communication entre États membres. Le projet a démarré en Janvier 2011 et prend fin au milieu de l’année 2012. EuroCybex est mené par un consortium dirigé par CEIS, société de conseil en stratégie et en management des risques, spécialisée notamment sur les questions de sécurité et de défense et travaillant avec les institutions européennes, les gouvernements nationaux et le secteur privé (…).»
Source : www.secuinsight.fr/2012/04/04/1942/
Billets en relation :
04/04/2012. Rapport publique [pdf] : ceis.eu/en/system/files/pictures/eurocybex_-report_light-final.pdf

=> Three Paper Thursday: full disk encryption. 05/04/2012. «Information is often an important asset and today’s information is commonly stored as digital data (bytes). We store this data in our computers local hard disks and in our laptops disks. Many organisations wish to keep the data stored in their computers and laptops confidential. Therefore a natural desire is that a stolen disk or laptop should not be readable by an external person (an attacker in general terms). For this reason we use encryption (…).»
Source : www.lightbluetouchpaper.org/2012/04/05/three-paper-thursday-full-disk-encryption/

=> SecNiche Security Labs – Conferences Presentation Slides are Posted . 05/04/2012. «I have uploaded the PDF’s of my talks from last two years. You can download it (…).»
Source : secniche.blogspot.fr/2012/04/presentation-slides-up.html
Billets en relation :
05/04/2012. SecNiche Security Labs-presentation : secniche.org/events.html

=> Les limites et les dangers de la géolocalisation. 06/04/2012. «Aujourd’hui j’ai décidé de mettre à votre disposition la présentation de ma conférence ayant pour thème les limites et les dangers de la géolocalisation (…).» Des ‘slides’ de présentation et de sensiblilisation à consulter (en PDF ou en Flash).
Source : www.christophe-casalegno.com/2012/04/06/les-limites-et-les-dangers-de-la-geolocalisation/
Billets en relation :
23/03/2012. Sensibilisation : Les codes malveillants : www.christophe-casalegno.com/2012/03/23/sensibilisation-les-codes-malveillants/
23/03/2012. Social Engineering : l’art de l’influence et de la manipulation : www.christophe-casalegno.com/2012/03/23/social-engineering-lart-de-linfluence-et-de-la-manipulation/
25/03/2012. Sous le feu de la guerre de l’information : www.christophe-casalegno.com/2012/03/25/sous-le-feu-de-la-guerre-de-linformation/

=> McAfee Know Your Digital Enemy – Anatomy of a Gh0st RAT [pdf]. 06/04/2012. «The threat experts at McAfee have published an analysis describing in detail how the Gh0st RAT operates with tips on how to identify a host compromised by the RAT and how to defend against it. (…).»
Source : www.mcafee.com/us/resources/white-papers/foundstone/wp-know-your-digital-enemy.pdf

=> Anti-unpacker tricks [pdf]. 08/04/2012. «Abstract Unpackers are as old as the packers themselves, but anti-unpacking tricks are a more recent development. These anti-unpacking tricks have developed quickly in number and, in some cases, complexity. In this paper, we will describe some of the most common anti-unpacking tricks, along with some countermeasures (…).»
Source : pferrie.host22.com/papers/unpackers.pdf
Billets en relation :
08/04/2012. Source : twitter.com/#!/xanda/statuses/188892407910252544

=> CVE-2012-0769, the case of the perfect info leak [pdf]. 09/04/2012. «Flash is vulnerable to a reliable info leak that allows ASLR to be bypassed making exploitation of other vulnerabilities, on browsers, Acrobat Reader, MS Office and any process that can host Flash, trivial like in the old days where no security mitigations were available. Patch immediately. (…).» En date du 23/02 initialement.
Source : zhodiac.hispahack.com/my-stuff/security/Flash_ASLR_bypass.pdf

Billet précédent : «
Billet suivant : »