PROJET AUTOBLOG


shaarli-Links

Site original : shaarli-Links

⇐ retour index

Proxima | [DIRECT] Thomas Pesquet : décollage le 17 novembre

jeudi 17 novembre 2016 à 18:33
Décollage à 21h20 (heure de Paris) !
Début du directe à 20h30.
Autres liens :
https://www.ecirtam.net/links/?YaeLMw
(Permalink)

guide_tls_v1.1.pdf

jeudi 17 novembre 2016 à 17:44
via https://foualier.gregory-thibault.com/?1qk5oA
(Permalink)

En plein cœur de Manhattan se cache un bunker secret de la NSA | Slate.fr

jeudi 17 novembre 2016 à 12:31
Étant donné que nos communications France -> État-Unis passent par New York, je ne suis pas étonné qu'il y ai cet énorme centre d'écoute.
(Permalink)

Google Traduction fait un important bond en avant grâce à l'IA - Tech - Numerama

jeudi 17 novembre 2016 à 12:25
Intéressant
(Permalink)

PoGo's Chill - Vol 30 (Autumnal) by PoGo | Mixcloud

mardi 8 novembre 2016 à 13:59
Cool un nouveau mix :-p
https://www.pogo-chill.com/
via http://ws.rofl.lan:8094/links/pogo/?z2QU3A
(Permalink)

PoCs · dirtycow/dirtycow.github.io Wiki · GitHub

lundi 7 novembre 2016 à 18:32
PoCs pour dirtycow.
(Permalink)

La Sociale - film 2016 - AlloCiné

lundi 7 novembre 2016 à 14:49
Il y a le film La Sociale qui sort mercredi.
Si jamais il passe près de chez vous, allez le voir !

http://www.lasociale.fr/
https://www.ecirtam.net/links/?BIfPsg
(Permalink)

Aux Utopiales de Nantes, à la recherche des machines de science-fiction

lundi 7 novembre 2016 à 09:10
Comme chaque années, j'étais aux Utopiales.
De mémoire, c'est seulement la 2ème fois qu'un film remporte le prix du jury ET du public.
Realive (http://www.imdb.com/title/tt4074928/) est vraiment un très bon film. Malheureusement pour ceux qui ne l'on pas vu, ce film n'a pas trouvé de distributeur en France -_-
Jeeg robot (http://www.imdb.com/title/tt3775086/) était pas mal aussi :-)
via https://links.nekoblog.org/?eRSsSw
(Permalink)

D’inquiétantes failles de sécurité dans les accès fibre optique FTTH en France ? - ZDNet

dimanche 6 novembre 2016 à 13:33
:-/
(Permalink)

Wi-Fi can be turned into IMSI Catcher to Track Cell Phone Users Everywhere

vendredi 4 novembre 2016 à 23:07
https://www.blackhat.com/docs/eu-16/materials/eu-16-OHanlon-WiFi-IMSI-Catcher.pdf
(Permalink)

GitHub - RIPE-Atlas-Community/ripe-atlas-community-contrib: Contributions by the community of the RIPE Atlas visualizations, tools for analysing measurements data

vendredi 4 novembre 2016 à 16:07
https://www.bortzmeyer.org/ripe-atlas-api.html
https://www.bortzmeyer.org/search?pattern=atlas

Si vous voulez contribuer au réseau :
http://www.zdnet.fr/actualites/et-si-vous-installiez-une-sonde-ripe-atlas-pour-contribuer-a-mesurer-la-qualite-de-service-d-internet-39801231.htm
(Permalink)

WOT Services - Wikipedia

vendredi 4 novembre 2016 à 12:37
«
Privacy issues

In November 2016, an investigation by journalists from the German TV channel NDR showed that WOT collects, records, analyzes and sells user-related data to third-parties, allowing third-parties to identify individual users, despite WOT's claims they would anonymize the data.[18][19][20] The data obtained was traceable to WOT and could be assigned to specific individuals.[21][22] The investigation was based on freely available sample data, and revealed that sensitive private information of more than 50 users could be retrieved.[19] This information included the visited web-sites, account names, mail addresses and other data potentially enabling the tracking of browser surfing activity, travel plans, illnesses, sexual preferences, drug consumption, and reconstruction of confidential company revenue data of a media house as well as details regarding ongoing police investigations.[18] WOT chose not to comment on the findings when prompted by German media with the results of the investigation prior to the publication of the report.[18][19]
»
Fuck

via http://sebsauvage.net/links/?wn8OPQ
https://news.ycombinator.com/item?id=12870953
(Permalink)

[infokiosques.net] - Face à la police / Face à la justice

jeudi 27 octobre 2016 à 23:24
Face à la police / Face à la justice
Guide d’autodéfense juridique

Élie Escondida et Dante Timélos , Collectif CADECOL
ISBN 978-2-84950-482-6

via https://shaarli.guiguishow.info/?zyHNNw
(Permalink)

DNS resolvers [Do-It-Yourself Internet Service Providers] - GuiGui's Show

jeudi 27 octobre 2016 à 22:19
Hop quelques serveurs DNS en plus :
89.234.141.66 | 2a00:5881:8100:1000::3 | recursif.arn-fai.net
89.234.186.18 | 2a00:5884:8218::1         | log.bzh
80.67.188.188 | 2001:913::8                   | ns0.ldn-fai.net
(Permalink)

Full Disclosure: [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)

jeudi 27 octobre 2016 à 19:21
«

Here is a number of practical attack scenarios:

- Attack the user by replacing important files, such as
 .ssh/authorized_keys, .bashrc, .bash_logout, .profile,
 .subversion or .anyconnect, when they extract an tar archive.
  For example:

 user@host:~$ dpkg --fsys-tarfile evil.deb | tar -xf - \
 --wildcards 'blurf*'
 tar: Removing leading `blurf/../' from member names
 user@host:~$ cat .ssh/authorized_keys
 ssh-rsa AAAAB3...nU= mrrobot@fsociety
 user@host:~$


- Attack automation that extracts tar originating from a web
 application or similar sources. Such operation might be performed by
 a setuid root component of the application. The command executed
 could be for example:

 #tar -C / -zxf /tmp/tmp.tgz etc/application var/chroot/application/etc

 The attacker can overwrite /var/spool/cron/crontabs/root to gain code
 execution as root. It is also possible to replace binaries commonly
 executed by root with a backdoored ones, or to drop setuid root
 binaries that will enable the attacker to gain root privileges at
 will. Common attack would be to replace some network facing daemon
 with backdoored one, enabling covert code execution on demand.

 This type of scenario has been successfully exploited in the real
 world to gain a remote code execution as root in different
 environments.

- Attack commands that try to replace single files/dirs as root:

 The victim would like to replace `/etc/motd' file in the system by
 extracting it from an archive obtained from an untrusted source:

 # tar -C / -xvf archive.tar etc/motd
 tar: Removing leading `etc/motd/../' from member names
 etc/motd/../etc/shadow
 #

 The attacker can also bypass --exclude rule, if it is being used
 with --anchored switch. For example: The victim would like to extract
 all files but `/etc/shadow' from an archive:

 # tar -C / -xvf archive.tar --anchored --exclude etc/shadow
 tar: Removing leading `etc/motd/../' from member names
 etc/motd/../etc/shadow
 #

 In both cases, the attacker has now successfully replaced /etc/shadow
 file with arbitrary content.


Exploiting the vulnerability works best if the attacker has some prior knowledge of the specifics of the tar command line that gets executed. The path prefix before the `..' sequence will need to (at least partially) match the target path (or not match in case of the exclude rule) in order for the bypass attack to work. Guessing which paths the victim might extract could work too, but the success rate is likely lower.



Vulnerable versions
-------------------

- GNU tar 1.14 to 1.29 (inclusive)
»
(Permalink)

NoScript is harmful and promotes Malware! - liltinkerer - GuiGui's Show

jeudi 27 octobre 2016 à 16:51
Ce problème date de 2009. Voir https://fr.wikipedia.org/wiki/NoScript#Accueil
Le code source est sous Licence GNU GPL (https://noscript.net/faq#qa1_14) mais je ne l'ai pas trouvé. *
Pour ma part j'ai bloquer le nom de domaine noscript.net

* Edit : https://stackoverflow.com/questions/17664157/where-to-find-source-code-of-mozilla-noscript-extension
(Permalink)

/bin/bash based SSL/TLS tester: testssl.sh

jeudi 27 octobre 2016 à 16:35
via http://bahadour.fr/link/?9Y961A
(Permalink)

Blog Stéphane Bortzmeyer: Google détourné par Orange vers la place Beauvau - GuiGui's Show

jeudi 27 octobre 2016 à 14:00
Intéressant
Donc pour la liste CSV de sites bloqués, il ne faut pas la divulguer tel quel mais :
- si possible la comparer entre opérateurs
- tester le blocage de chacun des sites depuis chaque opérateur
- créer un nouveau fichier.

Est-ce que les FAI associatifs ont accès à cette liste ?
(Permalink)

Une IA fouillera discrètement les usagers des aéroports - Tech - Numerama

jeudi 27 octobre 2016 à 13:16
(Permalink)

suspicious obfuscated code | nopaste | share your clipboard - OpenNews

jeudi 27 octobre 2016 à 12:37
Le contenu du eval ligne 22 de http://nopaste.nl/jvnEwEpL5a donne ça :
/*

(function(){function h(e){try{cookieArray=[];for(var b=/^\s?incap_ses_/,d=document.cookie.split("\x3b"),c=0;c<d.length;c++)key=d[c].substr(0,d[c].indexOf("\x3d")),value=d[c].substr(d[c].indexOf("\x3d")+1,d[c].length),b.test(key)&&(cookieArray[cookieArray.length]=value);cookies=cookieArray;digests=Array(cookies.length);for(b=0;b<cookies.length;b++){for(var g=e+cookies[b],c=d=0;c<g.length;c++)d+=g.charCodeAt(c);digests[b]=d}res=e+"\x2c\x64\x69\x67\x65\x73\x74\x3d"+digests.join()}catch(k){res=e+"\x2c\x64\x69\x67\x65\x73\x74\x3d"+encodeURIComponent(k.toString())}e=
res;g=new Date;g.setTime(g.getTime()+2E4);document.cookie="\x5f\x5f\x5f\x75\x74\x6d\x76\x63\x3d"+e+("\x3b\x20\x65\x78\x70\x69\x72\x65\x73\x3d"+g.toGMTString())+"\x3b\x20\x70\x61\x74\x68\x3d\x2f"}function l(e){for(var b=[],d=0;d<e.length;d++){var c=e[d][0];switch(e[d][1]){case "\x65\x78\x69\x73\x74\x73\x5f\x62\x6f\x6f\x6c\x65\x61\x6e":try{"\x75\x6e\x64\x65\x66\x69\x6e\x65\x64"!=typeof eval(c)?b[b.length]=encodeURIComponent(c+"\x3d\x74\x72\x75\x65"):b[b.length]=encodeURIComponent(c+"\x3d\x66\x61\x6c\x73\x65")}catch(g){b[b.length]=encodeURIComponent(c+"\x3d\x66\x61\x6c\x73\x65")}break;case "\x65\x78\x69\x73\x74\x73":try{b[b.length]=encodeURIComponent(c+"\x3d"+typeof eval(c))}catch(k){b[b.length]=encodeURIComponent(c+
"\x3d"+k)}break;case "\x76\x61\x6c\x75\x65":try{b[b.length]=encodeURIComponent(c+"\x3d"+eval(c).toString())}catch(h){b[b.length]=encodeURIComponent(c+"\x3d"+h)}break;case "\x70\x6c\x75\x67\x69\x6e\x73":try{p=navigator.plugins;pres="";for(a in p)pres+=(p[a].description+"\x20").substring(0,20);b[b.length]=encodeURIComponent("\x70\x6c\x75\x67\x69\x6e\x73\x3d"+pres)}catch(l){b[b.length]=encodeURIComponent("\x70\x6c\x75\x67\x69\x6e\x73\x3d"+l)}break;case "\x70\x6c\x75\x67\x69\x6e":try{for(i in a=navigator.plugins,a)if(f=a[i].filename.split("\x2e"),2==f.length){b[b.length]=encodeURIComponent("\x70\x6c\x75\x67\x69\x6e\x3d"+f[1]);break}}catch(m){b[b.length]=
encodeURIComponent("\x70\x6c\x75\x67\x69\x6e\x3d"+m)}}}return b=b.join()}var m=[["\x6e\x61\x76\x69\x67\x61\x74\x6f\x72","\x65\x78\x69\x73\x74\x73\x5f\x62\x6f\x6f\x6c\x65\x61\x6e"],["\x6e\x61\x76\x69\x67\x61\x74\x6f\x72\x2e\x76\x65\x6e\x64\x6f\x72","\x76\x61\x6c\x75\x65"],["\x6f\x70\x65\x72\x61","\x65\x78\x69\x73\x74\x73\x5f\x62\x6f\x6f\x6c\x65\x61\x6e"],["\x41\x63\x74\x69\x76\x65\x58\x4f\x62\x6a\x65\x63\x74","\x65\x78\x69\x73\x74\x73\x5f\x62\x6f\x6f\x6c\x65\x61\x6e"],["\x6e\x61\x76\x69\x67\x61\x74\x6f\x72\x2e\x61\x70\x70\x4e\x61\x6d\x65","\x76\x61\x6c\x75\x65"],["\x70\x6c\x61\x74\x66\x6f\x72\x6d","\x70\x6c\x75\x67\x69\x6e"],["\x77\x65\x62\x6b\x69\x74\x55\x52\x4c","\x65\x78\x69\x73\x74\x73\x5f\x62\x6f\x6f\x6c\x65\x61\x6e"],["\x6e\x61\x76\x69\x67\x61\x74\x6f\x72\x2e\x70\x6c\x75\x67\x69\x6e\x73\x2e\x6c\x65\x6e\x67\x74\x68\x3d\x3d\x30","\x76\x61\x6c\x75\x65"],["\x5f\x70\x68\x61\x6e\x74\x6f\x6d","\x65\x78\x69\x73\x74\x73\x5f\x62\x6f\x6f\x6c\x65\x61\x6e"]];try{h(l(m)),document.createElement("\x69\x6d\x67").src="\x2f\x5f\x49\x6e\x63\x61\x70\x73\x75\x6c\x61\x5f\x52\x65\x73\x6f\x75\x72\x63\x65\x3f\x53\x57\x4b\x4d\x54\x46\x53\x52\x3d\x31\x26\x65\x3d"+Math.random()}catch(n){img=document.createElement("\x69\x6d\x67"),img.src="\x2f\x5f\x49\x6e\x63\x61\x70\x73\x75\x6c\x61\x5f\x52\x65\x73\x6f\x75\x72\x63\x65\x3f\x53\x57\x4b\x4d\x54\x46\x53\x52\x3d\x31\x26\x65\x3d"+
n}})();

*/
Je n'ai pas le temps plus déoffusquer mais en tout cas, il y a du traitement de cookie et la création d'une images.
(Permalink)