HtmlToText
Pages News Digital Attack Map Incident responders 2016/03/30 Le carburant du codeur on Wednesday, March 30, 2016 No comments: Email This BlogThis! Share to Twitter Share to Facebook Share to Pinterest Labels : humor 2016/01/13 A coder sans péril, on commit sans gloire A coder sans péril, on commit sans gloire | CommitStrip on Wednesday, January 13, 2016 No comments: Email This BlogThis! Share to Twitter Share to Facebook Share to Pinterest 2016/01/05 Ma Grande Résolution 2016 Ma Grande Résolution 2016 | CommitStrip on Tuesday, January 05, 2016 No comments: Email This BlogThis! Share to Twitter Share to Facebook Share to Pinterest Labels : humor 2015/12/01 Millions of Internet Things are “secured” by the same “private” keys Millions of Internet Things are “secured” by the same “private” keys European security consultancy SEC Consult has spent time over the past few years looking at embedded devices on the internet. Embedded devices are what you might call the high end of the Internet of Things (IoT) – or, to use the cynic’s description: tiny computers, usually built down to a price, embedded in houselhold devices for which form, function and price come way ahead of security, if security is even considered at all . SEC Consult has examined thousands of devices such as internet gateways, routers , modems, IP cameras , VoIP phones, and more, from over 70 vendors. The researchers took two approaches: Analyse device firmware images for cryptographically-related content. (Many devices are Linux-based, so the firmware and its source code are supposed to be public.) Perform internet scans to examine devices that are connected to the internet. (This is not hacking, just looking for services that are already explicitly available from the public side of the network.) One of the things they looked for was cryptographic keys for the SSH and TLS protocols. SSH is typically used to secure remote logons or file copying; TLS is typically used to secure web traffic using HTTPS. Both these protocols use what’s called public-key cryptography, where the server generates a special keypair when it is installed or first starts up, consisting of: A public key , which you tell to everyone, used to lock transactions to and from the server. A private key , the only way to unlock data that was locked with the public key. The idea is simple: by having a two-key lock of this sort, you don’t have to share a secret key with the other end before you first communicate, and you don’t have to worry about sharing that secret key with someone who later turns out to be a crook. The vital part of this two-key system is the rather obvious requirement that you keep the private key private , thus the name private key . Generally speaking, your private key is for you to use on your server, to secure your (and your customers’) traffic. If you let anyone else get a copy of your private key, you’re in real trouble, because they could set up an imposter site, and use your private key to convince visitors that they were you. Or they could intercept traffic between you and your customers, and use your private key to unscramble it later on. Carelessness with a private key is like letting someone else borrow your signing seal. (These are still widely used in the East, though they have long died out in the West.) With your signet ring on his finger, a crook could sign a completely fake document in our name, or open up a sealed document you’d already sent and then re-seal it so the recipient would never know. You’d think, therefore, that private keys on embedded devices would be something any vendor would take seriously: one device, one key, generated uniquely and randomly, either on first use or securely in the factory. But SEC Consult found the following rather alarming facts : 3.2 million devices were using one of just 150 different TLS private keys. 0.9 million devices were using one of just 80 different SSH private keys. Remember, these were all keys that the researchers found uncontroversially by looking, without any hacking, whether white-hatted, grey-hatted or black-hatted. In other words, we should assume that every cybercrook worth his salt (yes, that’s a pun!) already has these 230 digital signet rings handy, ready to wield them whenever convenient. Worse still, as SEC Consult points out, it’s extremely unlikely that all of the millions of devices mentioned above were supposed to be accessible, whether by TLS or SSH, over the internet, especially since many of the TLS-protected web services, and most of the SSH ones, relate to administration and configuration of the device itself. On most networks, administration access is supposed to be limited to users on the internal network, if only to reduce the number of places from which a crook could try connecting. WHAT TO DO? If you create firmware for embedded devices: Don’t share or re-use private keys. If you generate firmware files for each device, customise the keys in each firmware image and use it once only. If you generate keys when the device first starts up, don’t rely on “random” data sources that are likely to be the same on every router at first boot (e.g how long since the power came on, or how much memory is installed). Don’t enable remote administration by default. Don’t let users activate a new device until they have set all necessary passwords. In other words, get rid of default passwords – every crook has a list of what they are. If you use embedded devices: Set proper passwords before taking the device online. Only turn on remote administration when genuinely necessary. Also, consider two-factor authentication for external users, to reduce the risk posed by stolen passwords. Verify your remote access settings. Consider using a network diagnostic tool such as nmap . You may as well scan your own network for security mistakes. The crooks will! Re-generate cryptographic keys , if you can, as part of installing the device. This is a way to get rid of any low-quality keys inherited by default. on Tuesday, December 01, 2015 No comments: Email This BlogThis! Share to Twitter Share to Facebook Share to Pinterest Labels : vuln 2015/08/31 La France, cible prioritaire des attaques DDoS en 2015 selon Kaspersky Lab La France, cible prioritaire des attaques DDoS en 2015 selon Kaspersky Lab | UnderNews Voila une information qui ne va pas rassurer les professionnels de l’Internet en France… Et pour cause, l’éditeur de solutions de sécurité russe Kaspersky Lab a publié une étude plaçant la France en première place du podium en termes d’attaques DDoS en Europe lors du second trimestre 2015. Les trois quarts des ressources attaquées au deuxième trimestre de 2015 par des botnets se situent dans 10 pays seulement, selon les statistiques du système Kaspersky DDoS Intelligence. En tête du classement, les Etats-Unis et de la Chine enregistrent un grand nombre d’attaques à cause du faible coût d’hébergement de ces pays. Cependant, les changements dans les autres positions du classement et le nombre croissant de pays affectés par ce type d’attaque prouvent qu’aucun territoire n’est sécurisé face aux attaques DDoS. Faits clés : Le nombre de pays où les ressources attaquées ont été localisés a augmenté de 76 à 79 au cours du deuxième trimestre de 2015 ; Dans le même temps, 72% des victimes se situaient dans seulement 10 pays ; Cependant, ce chiffre a diminué comparé à la période précédente, avec 9 victimes sur 10 présentes dans le top 10 au premier trimestre. Répartition des cibles uniques des attaques DDoS par pays, Q2 vs. Q1 2015 Le top 10 du deuxième trimestre incluait la Croatie, tandis que les Pays-Bas ont quitté le classement. La Chine et les Etats-Unis ont gardé leurs positions dominantes ; la Corée du Sud a fait descendre le Canada de sa troisième place. La cause en est une explosion des activités de botnets, la plupart ciblant la Corée du Sud. En outre, la proportion d’attaques localisées en Russie et au Canada a diminué comparé au trimestre précéd
Informations Whois
Whois est un protocole qui permet d'accéder aux informations d'enregistrement.Vous pouvez atteindre quand le site Web a été enregistré, quand il va expirer, quelles sont les coordonnées du site avec les informations suivantes. En un mot, il comprend ces informations;
%%
%% This is the AFNIC Whois server.
%%
%% complete date format : YYYY-MM-DDThh:mm:ssZ
%% short date format : DD/MM
%% version : FRNIC-2.5
%%
%% Rights restricted by copyright.
%% See https://www.afnic.fr/en/products-and-services/services/whois/whois-special-notice/
%%
%% Use '-h' option to obtain more information about this service.
%%
%% [2600:3c03:0000:0000:f03c:91ff:feae:779d REQUEST] >> giraud.fr
%%
%% RL Net [##########] - RL IP [#########.]
%%
domain: giraud.fr
status: ACTIVE
hold: NO
holder-c: ANO00-FRNIC
admin-c: ANO00-FRNIC
tech-c: GR283-FRNIC
zone-c: NFC1-FRNIC
nsl-id: NSL100265-FRNIC
registrar: GANDI
Expiry Date: 2022-04-22T11:33:14Z
created: 2010-11-09T13:49:49Z
last-update: 2021-03-22T09:42:41Z
source: FRNIC
ns-list: NSL100265-FRNIC
nserver: ns-205-a.gandi.net
nserver: ns-243-b.gandi.net
nserver: ns-55-c.gandi.net
source: FRNIC
registrar: GANDI
type: Isp Option 1
address: 63-65 boulevard Massena
address: 75013 PARIS
country: FR
phone: +33 1 70 37 76 61
fax-no: +33 1 43 73 18 51
e-mail: support@support.gandi.net
website: https://www.gandi.net/fr/tlds/fr/
anonymous: NO
registered: 2004-03-09T12:00:00Z
source: FRNIC
nic-hdl: ANO00-FRNIC
type: PERSON
contact: Ano Nymous
remarks: -------------- WARNING --------------
remarks: While the registrar knows him/her,
remarks: this person chose to restrict access
remarks: to his/her personal data. So PLEASE,
remarks: don't send emails to Ano Nymous. This
remarks: address is bogus and there is no hope
remarks: of a reply.
remarks: -------------- WARNING --------------
registrar: GANDI
changed: 2019-07-24T10:01:41Z anonymous@anonymous
anonymous: YES
obsoleted: NO
eligstatus: not identified
reachstatus: not identified
source: FRNIC
nic-hdl: ANO00-FRNIC
type: PERSON
contact: Ano Nymous
remarks: -------------- WARNING --------------
remarks: While the registrar knows him/her,
remarks: this person chose to restrict access
remarks: to his/her personal data. So PLEASE,
remarks: don't send emails to Ano Nymous. This
remarks: address is bogus and there is no hope
remarks: of a reply.
remarks: -------------- WARNING --------------
registrar: GANDI
changed: 2015-03-26T15:09:07Z anonymous@anonymous
anonymous: YES
obsoleted: NO
eligstatus: ok
eligdate: 2013-04-17T14:14:39Z
reachstatus: not identified
source: FRNIC
nic-hdl: GR283-FRNIC
type: ROLE
contact: GANDI ROLE
address: Gandi
address: 15, place de la Nation
address: 75011 Paris
country: FR
e-mail: noc@gandi.net
trouble: -------------------------------------------------
trouble: GANDI is an ICANN accredited registrar
trouble: for more information:
trouble: Web: http://www.gandi.net
trouble: -------------------------------------------------
trouble: - network troubles: noc@gandi.net
trouble: - SPAM: abuse@support.gandi.net
trouble: -------------------------------------------------
admin-c: NL346-FRNIC
tech-c: NL346-FRNIC
tech-c: TUF1-FRNIC
notify: noc@gandi.net
registrar: GANDI
changed: 2006-03-03T14:39:12Z noc@gandi.net
anonymous: NO
obsoleted: NO
eligstatus: not identified
reachstatus: not identified
source: FRNIC
REFERRER http://www.nic.fr
REGISTRAR AFNIC
SERVERS
SERVER fr.whois-servers.net
ARGS giraud.fr
PORT 43
TYPE domain
RegrInfo
DISCLAIMER
%
% This is the AFNIC Whois server.
%
% complete date format : YYYY-MM-DDThh:mm:ssZ
% short date format : DD/MM
% version : FRNIC-2.5
%
% Rights restricted by copyright.
% See https://www.afnic.fr/en/products-and-services/services/whois/whois-special-notice/
%
% Use '-h' option to obtain more information about this service.
%
% [2600:3c03:0000:0000:f03c:91ff:feae:779d REQUEST] >> giraud.fr
%
% RL Net [##########] - RL IP [#########.]
%
REGISTERED yes
ADMIN
HANDLE ANO00-FRNIC
TYPE PERSON
CONTACT Ano Nymous
REMARKS
-------------- WARNING --------------
While the registrar knows him/her,
this person chose to restrict access
to his/her personal data. So PLEASE,
don't send emails to Ano Nymous. This
address is bogus and there is no hope
of a reply.
-------------- WARNING --------------
SPONSOR GANDI
CHANGED 2015-03-26
ANONYMOUS YES
OBSOLETED NO
ELIGSTATUS ok
ELIGDATE 2013-04-17T14:14:39Z
REACHSTATUS not identified
SOURCE FRNIC
TECH
HANDLE GR283-FRNIC
TYPE ROLE
CONTACT GANDI ROLE
ADDRESS
Gandi
15, place de la Nation
75011 Paris
COUNTRY FR
EMAIL noc@gandi.net
TROUBLE
-------------------------------------------------
GANDI is an ICANN accredited registrar
for more information:
Web: http://www.gandi.net
-------------------------------------------------
- network troubles: noc@gandi.net
- SPAM: abuse@support.gandi.net
-------------------------------------------------
ADMIN-C NL346-FRNIC
TECH-C
NL346-FRNIC
TUF1-FRNIC
NOTIFY noc@gandi.net
SPONSOR GANDI
CHANGED 2006-03-03
ANONYMOUS NO
OBSOLETED NO
ELIGSTATUS not identified
REACHSTATUS not identified
SOURCE FRNIC
OWNER
HANDLE ANO00-FRNIC
TYPE PERSON
CONTACT Ano Nymous
REMARKS
-------------- WARNING --------------
While the registrar knows him/her,
this person chose to restrict access
to his/her personal data. So PLEASE,
don't send emails to Ano Nymous. This
address is bogus and there is no hope
of a reply.
-------------- WARNING --------------
SPONSOR GANDI
CHANGED 2015-03-26
ANONYMOUS YES
OBSOLETED NO
ELIGSTATUS ok
ELIGDATE 2013-04-17T14:14:39Z
REACHSTATUS not identified
SOURCE FRNIC
DOMAIN
STATUS ACTIVE
HOLD NO
SPONSOR GANDI
EXPIRY DATE 2022-04-22T11:33:14Z
CREATED 2010-11-09
CHANGED 2021-03-22
SOURCE FRNIC
HANDLE NSL100265-FRNIC
NSERVER
NS-205-A.GANDI.NET 173.246.100.206
NS-243-B.GANDI.NET 213.167.230.244
NS-55-C.GANDI.NET 217.70.187.56
NAME giraud.fr
Go to top