-
![thumbnail]()
-
![thumbnail]()
-
![thumbnail]()
-
![thumbnail]()
-
![thumbnail]()
At least 10 million Android users imperiled by popular AirDroid app | Ars Technica
December 3, 2016 03:23:45 PM GMT+01:00 * - permalink -\o/ ah bon ? un truc qui permet de faire de la prise en main à distance représente un risque sur les devices sur lesquels il tourne ?!
- http://arstechnica.com/security/2016/12/at-least-10-million-android-users-imperiled-by-popular-airdroid-app/
-
![thumbnail]()
pci dss - Our security auditor is an idiot. How do I give him the information he wants? - Server Fault
September 6, 2016 10:44:58 AM GMT+02:00 * - permalink -ce post est juste magique
- https://serverfault.com/questions/293217/our-security-auditor-is-an-idiot-how-do-i-give-him-the-information-he-wants
-
![thumbnail]()
-
Penetration Testing Tools Cheat Sheet
June 27, 2016 09:55:59 AM GMT+02:00 * - permalink -via quelqu'un sur shaarli.fr, pas mal la petite cheatsheet
- https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
-
Secure tunnels to localhost: ngrok
June 26, 2016 04:01:04 PM GMT+02:00 * - permalink -Un tool intéressant pour hoster derrière du nat ou réseau controlé
- https://n0where.net/secure-tunnels-to-localhost-ngrok/
-
![thumbnail]()
Flashback: Declassified 1970 DOD cybersecurity document still relevant | Ars Technica
June 26, 2016 03:17:56 PM GMT+02:00 * - permalink -The Ware Report's outline of what it takes to create a secure system also remains relevant:
The system should be flexible; that is, there should be convenient mechanisms and procedures for maintaining it …The system should be responsive to changing operational conditions, particularly in time of emergency. The system should be auditable…The system should be reliable from a security point of view. It ought to be fail-safe in the sense that if the system cannot fulfill its security controls, cannot make the proper decisions to grant access, or cannot pass its internal self-checks, it will withhold information from those users about which it is uncertain, but ideally will continue to provide service to verified users. The system should be manageable from the point of view of security control. The records, audit controls, visual displays, manual inputs, etc., used to monitor the system should be supplemented by the capability to make appropriate modifications in the operational status of the system in the event of catastrophic system failure, degradation of performance, change in workload, or conditions of crisis, etc. The system should be adaptable so that security controls can be adjusted to reflect changes in the classification and sensitivity of the files, operations, and the needs of the local installation. The system must be dependable; it must not deny service to users…'The system must automatically assure configuration integrity. It must self-test, violate its own safeguards deliberately, attempt illegal operations, monitor communication continuity, monitor user action, etc., on a short time basis.
- http://arstechnica.com/security/2016/04/flashback-declassified-1970-dod-cybersecurity-document-still-relevant/
-
Overriding User's Clipboards: Pastejacking
June 26, 2016 11:34:04 AM GMT+02:00 * - permalink -ce genre de truc devrait être disablé browser side, c'est étonnant qu'on ait pas plus de hacks basés là dessus
- https://n0where.net/overriding-users-clipboards-pastejacking/
-
git-secret
May 16, 2016 09:59:03 AM GMT+02:00 * - permalink -Un tool pas mal pour store des trucs dans git en chiffré :
https://github.com/sobolevn/git-secret- https://sobolevn.github.io/git-secret/#usage
-
![thumbnail]()
