What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-03-06 10:13:00 | How to book an Uber ride for free (lien direct) | A security hole in the ride-hailing service's app allowed users to book rides without ever paying anything. | Uber | ||
 |
2017-03-03 18:20:51 | News in brief: Virginia greenlights delivery bots; Line to launch AI assistant; Uber seeks licence (lien direct) | Your daily round-up of some of the other stories in the news |
Uber | ||
 |
2017-03-01 14:35:03 | Serait-ce la fin des business models basés sur la commission pour les plateformes collaboratives ? (lien direct) |  Uber, Airbnb, Blablacar… la très grande majorité des plateformes collaboratives reposent aujourd'hui sur des modèles basés sur la commission à la prestation. Or, des chauffeurs VTC mécontents des politiques de prix, aux utilisateurs cherchant à passer outre les plateformes, de nombreux exemples tendent à prouver que ce type de tarification n'est pas forcément un modèle idéal au sein de l'économie collaborative qui se veut davantage centrée sur l'utilisateur. D'autant plus lorsqu'il s'agit de services récurrents. |
Uber | ||
 |
2017-02-23 10:33:00 | Breaking and protecting devops tool chains (lien direct) | Ken Johnson, CTO of nVisium, and Chris Gates, Senior Security Engineer at Uber talk to CSO Online's Steve Ragan about working with devops tool chains. | Uber | ||
|
2017-02-22 18:30:43 | News in brief: pushback on Pirate Bay ban; course in fake news; autonomous Ubers get passengers (lien direct) | Your daily round-up of some of the other stories in the news |
Uber | ||
|
2017-02-15 15:18:27 | Man sues Uber after privacy flaws \'led to his divorce\' (lien direct) | French plaintiff alleges that a flaw meant his wife was alerted to trips pointing to his affair despite him signing out of his account on a shared smartphone |
Uber | ||
 |
2017-02-13 14:00:16 | Threatpost News Wrap, February 13, 2017 (lien direct) | RSA 2017 is previewed and last week's report on iOS apps being vulnerable to interception attacks, macro malware coming to MacOS, and new Uber open source module are discussed. | Uber | ||
 |
2017-02-13 01:00:00 | Man Sues Uber After iOS App Bug Exposes His Affair (lien direct) | A French man is suing ride-sharing service Uber for €45 million after a bug in the company's iOS app sent notifications to his wife's phone, which exposed his affair and led to the couple's divorce. [...] | Uber | ||
 |
2017-02-09 13:09:38 | French man sues Uber after privacy bug led wife to suspect adultery (lien direct) | Modern technology has probably done more than its fair share to ignite illicit relationships, but it can also lead to a romantic affair's unravelling. | Guideline | Uber | |
|
2017-02-08 18:09:31 | News in brief: US might require social media passwords; BBM opens to developers; Uber rapped (lien direct) | Your daily round-up of some of the other stories in the news |
Uber | ||
|
2017-02-08 15:30:56 | Uber Debuts SSH Key Authentication Module (lien direct) | Developers at Uber have unveiled a new module to help users enable the continuous re-authentication of SSH keys. | Uber | ||
 |
2017-02-01 09:38:59 | LibreTaxi – Ou comment Uber est en train de se faire retirer de l\'équation (lien direct) | La résistance s'organise... Roman Pushkin, un développeur localisé à San Francisco a créé un bot Telegram baptisé LibreTaxi qui permet de réserver une voiture tout comme le propose Uber ou d'autres services de VTC. L'idée est bonne car elle permet de libérer encore plus le secteur du transport en retirant de l'équation le fameux tiers (par > Lire la suite Cet article merveilleux et sans aucun égal intitulé : LibreTaxi – Ou comment Uber est en train de se faire retirer de l’équation ; a été publié sur Korben, le seul site qui t'aime plus fort que tes parents. | Uber | ||
 |
2017-01-30 01:08:47 | Uber was right to disable surge pricing at JFK (lien direct) | Yesterday, the NYC taxi union had a one-hour strike protesting Trump's "Muslim Ban", refusing to pick up passengers at the JFK airport. Uber responded by disabling surge pricing at the airport. This has widely been interpreted as a bad thing, so the hashtag "#DeleteUber" has been trending, encouraging people to delete their Uber accounts/app.These people are wrong, obviously so.Surge PricingUber's "Surge Pricing" isn't price gouging, as many assume. Instead, the additional money goes directly to the drivers, to encourage them come to the area surging and pick up riders. Uber isn't a taxi company. It can't direct drivers to go anywhere. All it can do is provide incentives. "Surge Pricing" for customers means "Surge Income" for the drivers, giving them an incentive. Drivers have a map showing which areas of the city are surging, so they can drive there.Another way of thinking about it is "Demand Pricing". It's simply the economic Law of Supply and Demand. If demand increases, then prices increase, and then supply increases chasing the higher profits. It's why famously you can't get a taxi cab on New Years Eve, but you can get an Uber driver. Taxi drivers can't charge more when demand is surging, so there's no more taxis available on that date than on any other. But Uber drivers can/do charge more, so there's more Uber drivers.Supply and Demand is every much a law as Gravity. If the supply of taxi drivers is less than the demand, then not everyone is going to get a ride. That's basic math. If there's only 20 drivers right now, and 100 people wanting a ride, then 80 riders are going to be disappointed. The only solution is more drivers. Paying drivers more money gets more drivers. The part time drivers, the drivers planning on partying instead of working, will decide to work New Years chasing the surge wages.Uber's announcementUber made the following announcement:Surge pricing has been turned off at #JFK Airport. This may result in longer wait times. Please be patient.- Uber NYC (@Uber_NYC) January 29, 2017Without turning off Surge Pricing, Uber's computers would notice the spike in demand, as would-be taxi customers switch to Uber. The computers would then institute surge pricing around JFK automatically. This would notify the drivers in the area, who would then flock to JFK, chasing the higher income. This would be bad for the strike.By turning off surge pricing, there would be no increase in supply. It would mean the only drivers going to JFK are those dropping off passengers. It would mean that Uber wouldn't be servicing any more riders than on a normal day, making no difference to the taxi strike, one way or the other.Why wouldn't Uber stop pickups at JFK altogether, joining the strike? Because it'd be a tough decision for them. They have a different relationship with their drivers. Both taxis and Uber are required to take passengers to the airport if asked, but taxis are much better at weaseling out of it [*]. That means screwing drivers, forcing them to go way out to JFK with no return fare. In contrast, taxis were warned enough ahead of time to avoid the trip.The timingThe above section assumes a carefully considered Uber policy. In reality, they didn't have the time.The taxi union didn't announce their decision until 5pm, with the strike set for only one hour, between 6pm and 7pm.BREAKING: NYTWA dr | Uber | ||
|
2017-01-26 16:16:02 | Uber.com Backup Bug Nets Researcher $9K (lien direct) | A researcher earned $9K for identifying a XXE vulnerability in third party backup software used by Uber. | Uber | ||
|
2017-01-10 13:59:46 | Uber offers an olive branch to city planners with new tool (lien direct) | Uber, not renowned in the past for taking the best care of customer data, pushes back against planners with new data tool |
Uber | ||
|
2017-01-06 17:21:47 | News in brief: Thai cybersecurity move; Verizon wobbles on Yahoo; Swiss rap Uber (lien direct) | Your daily round-up of some of the other stories in the news  |
Yahoo Uber | ||
|
2017-01-03 12:45:57 | Weekly review – the hot 13 stories of the week (lien direct) | From what GDPR means for you and Uber and Apple Maps location tracking to the international cybersecurity agreement 'meltdown', and more! |
Uber | ||
|
2016-12-30 16:50:16 | Uber, Apple Maps and location tracking: what\'s really going on? (lien direct) | Uber sparked privacy fears with its always-on tracking of iPhone users' location - but it's got an explanation |
Uber | ||
 |
2016-12-26 13:30:46 | Les bonnes résolutions 2017 pour votre sécurité (lien direct) | Tags: Mot de passeNavigationAdwareMalwareSauvegardeVPN*Cet article a été écrit avec la participation de Keltounet* L'année 2016 a été émaillée de quelques incidents de sécurité de grande ampleur. Histoire de ne pas être le dindon de la farce, voici quelques conseils pour que l'informatique ne soit plus votre pire cauchemar. Des mots de passe complexes et différents pour chaque service On ne le répétera jamais assez : chaque service que vous utilisez doit avoir un mot de passe différent et chaque mot de passe doit être composé au minimum de huit caractères, avec des majuscules, des minuscules, des chiffres et des caractères spéciaux. On n'utilise pas le même mot de passe pour sa boîte mail que pour se connecter à Twitter ou Facebook ou à ses applicatifs métiers. Problème : comment s'en souvenir ? N'hésitez pas à utiliser un gestionnaire de mots de passe comme KeePass. Il va gérer les mots de passe à votre place, ne vous restera qu'à définir un seul mot de passe, fort évidemment. Côté sites Web, certains services proposent des authentifications à double facteur, ce qui limite les soucis de vols de mots de passe. Des bloqueurs sur des navigateurs Les sites couverts de publicités et de traqueurs en tout genre sont encore malheureusement légion. Résultats : des informations concernant votre navigation et vos habitudes de vie sont stockées, vendues, revendues, sans que vous n'ayez votre mot à dire, ni même que vous soyez au courant. On aura donc recours à un bon bloqueur de publicités, uBlock Origin, par exemple et à Privacy Badger. Il ne faut pas non plus oublier que les publicités peuvent être aussi un vecteur important de malwares. Des extensions/modules/applications vérifiées | Uber APT 15 | ||
|
2016-12-23 17:11:11 | News in brief: Snowden denies allegations; Uber moves to Arizona; Wikipedia reveals most edited page (lien direct) | Your daily round-up of some of the other security stories in the news |
Uber | ||
|
2016-12-20 18:49:02 | News in brief: inflight systems \'can be hacked\'; LA seeks extradition of \'cyberattacker\'; Uber safety fears grow (lien direct) | Your daily round-up of some of the other security stories in the news |
Uber | ||
|
2016-12-14 18:34:41 | News in brief: Uber goes driverless in SFO; Skype on macOS; 2016\'s breaches tallied; encryption call for cameras (lien direct) | Your daily round-up of some of the other security stories in the news |
Uber | ||
 |
2016-12-14 10:44:05 | Uber \'God View\' allowed staff to spy on high-profile politicians, ex-partners and Beyoncé, court hears (lien direct) |  Whistleblower claims Uber taxi firm made it too easy for staff to spy on customers' movements.
|
Uber | ||
|
2016-12-14 09:29:09 | Plainte contre Uber pour non protection des données clients (lien direct) |  Déjà pointé du doigt pour laxisme, Uber se voit cette fois visé par une plainte provenant d'un ex-employé qui dénonce l'accès généralisé aux données privées sensibles des clients par "des milliers d'employés" au sein de l'entreprise, sans raison valable. |
Uber | ||
 |
2016-12-09 04:28:41 | Uber Now Tracks Your Location Even After Your Ride (lien direct) | Uber was in controversies at the mid of this year for monitoring the battery life of its users, as the company believed that its users were more likely to pay a much higher price to hire a cab when their phone's battery is close to dying.
Uber is now tracking you even when your ride is over, and, according to the ride-hailing company, the surveillance will improve its service.
Uber recently
|
Uber | ||
|
2016-12-05 15:01:55 | Obama\'s cybersecurity plan faces uncertainty with Trump (lien direct) | U.S. consumers could one day see cybersecurity ratings on technology products, much like today's EnergyStar ratings, if the findings of a government-sponsored cybersecurity commission are heeded. Although like much in Washington right now, a lot depends on  incoming U.S. President Donald Trump and his views on cybersecurity are far from clear.The report, published on Friday by the Commission on Enhancing National Cybersecurity, also suggests usernames and passwords are replaced with something more secure and wants 150,000 cybersecurity experts trained over the next four years to help the U.S. defend against hacking threats.  The commission has the support of President Obama and began its work in February this year, with executives at Microsoft, IBM, Uber and former U.S. government officials. However, in releasing its findings, Obama acknowledged it'll be up to the next president and U.S. Congress to more fully implement what the commission has recommended.  To read this article in full or to leave a comment, please click here | Uber | ||
|
2016-12-02 12:03:48 | Uber Now Tracks Users\' Location Data After a Trip Ends (lien direct) | Uber has issued an update allowing the online transportation network company to track passengers’ data after a trip ends. Hoping to improve passengers’ experience using the service, Uber released the update as a means of broadening its ability to collect “trip-related data.” The company clarifies that point on its website: “Uber collects your location data […]… Read More | Uber | ||
|
2016-12-01 12:36:08 | Uber now collecting location data even after you leave a driver\'s car (lien direct) | ...it's also slurping your location data in the background when you're not even using the app. As in, "always." Here's how to opt out.  |
Uber | ||
 |
2016-11-25 17:48:07 | Flaws in Uber\'s UberCENTRAL Tool Exposed User Data (lien direct) | Several vulnerabilities have been identified in Uber's recently launched UberCENTRAL service. The ride-sharing company patched the flaws and rewarded the expert who found them. | Uber | ||
 |
2016-11-23 21:31:49 | Video found freezing Apple devices (lien direct) |  A video has been found to freeze (a.k.a. cause a denial of service attack) on various models of Apple mobile devices according to YouTuber, EverythingApplePro, and reported by Bleeping Computer.Categories:
Cybercrime
MobileTags: AndroidAppleHTML5ipadiPhonemalware(Read more...) |
Uber | ||
|
2016-11-23 15:00:16 | Uber Portal Leaked Names, Phone Numbers, Email Addresses, Unique Identifiers (lien direct) | Vulnerabilities in UberCENTRAL, a portal used by businesses to facilitate rides, could have leaked the names, phone numbers, email addresses, and unique IDs. | Uber | ||
 |
2016-11-07 13:00:23 | How Palo Alto Networks Is Building Next-Generation Security Innovators (lien direct) | The rate of change driven by today's technology is unlike anything we have ever experienced. New business models and ways of doing business are being created every day. Industries that have been stagnant for years are being disrupted. Look at what Uber did to transportation, what Airbnb has done to hospitality and what Palo Alto Networks is doing together with its channel partners in cybersecurity. Protecting a company's assets and brand remains a foundational component of the cybersecurity market, but today's customers want to empower their employees to innovate. They … | Uber | ||
|
2016-09-29 22:26:16 | Vendor Security Alliance formed to improve cybersecurity of third-party providers (lien direct) |  A new security alliance is created to address concerns surrounding third-party providers who are associated with some of the biggest brands users trust. They aim to increase their compliance to cybersecurity standards and lessen the risks they may pose on businesses.Categories:
Business
Security worldTags: airbnbAtlassianbusiness securityDropboxGoDaddysecuritysecurity allianceSquaretwitterUbervendor security allianceVSA(Read more...) |
Uber | ||
 |
2016-09-27 13:00:00 | Uber prevents fraud and protects driver accounts with selfies (lien direct) | Uber will now require drivers to take selfies to prevent fraud and protect their accounts from compromise. |
Uber | ||
 |
2016-09-23 14:18:00 | Alien Eye in the Sky, Friday 23rd September (lien direct) |
A roundup of the week’s news, commentary, and observations.
This week has ended with news of what appears to yet again be the biggest hack ever. But you’re probably tired of reading about it everywhere, so I’ll keep quiet about it.
A detailed account by Wired on how it made the move from plain old HTTP to the shiny HTTPS. I like real-life tech stories, and this is well-written, as you’d expect from Wired.
Tied in with this weeks tweetchat on 3rd party and supply chain risks. Uber, Square, Airbnb, and others form cybersecurity coalition for vetting vendors. I like the idea in principle – to save duplication of effort and standardize on some aspects.
Guest blogger Bob Covello asks, “did you really lock that door?”
Do you need an InfoSec Reading List? Jayme Hancock has done a lot of the heavy lifting for you and presented a comprehensive list here.
We revisit threat intelligence trends and adaptions in a report based on a survey we conducted at Blackhat 2016.
      Related StoriesDid You Really Lock that Door?End of Summer InfoSec Reading List for 2016The Alien Eye in the Sky - Friday 16th September |
Uber | ||
|
2016-09-19 18:26:00 | Uber, Twitter, Other Major Tech Players Unite to Improve Cybersecurity Standards (lien direct) | Leading tech companies, including Uber, Twitter, Dropbox and Square, recently announced their collaboration to form the Vendor Security Alliance – a new coalition committed to improving Internet security. The VSA aims to establish cybersecurity standards that businesses can use to assess the security of potential third-party providers. The alliance will be releasing a yearly security […]… Read More | Guideline | Uber | |
|
2016-09-19 12:58:45 | Tech Giants Team Up to Improve Internet Security (lien direct) | Twitter, Dropbox, Uber and several other major tech companies have joined forces and launched the Vendor Security Alliance (VSA), a coalition whose goal is to improve Internet security. | Uber | ||
|
2016-09-16 18:18:22 | Uber, Airbnb, Dropbox, and others form coalition to evaluate vendor cyber risks (lien direct) | VSA coalition forms with the goal of streamlining the vetting process that businesses use for evaluating vendors' cybersecurity risks. |
Uber | ||
 |
2016-09-16 18:16:37 | DarkReading: Uber, Dropbox, Other Tech Leaders Team Up To Boost Vendor Securityhttp://ubm.io/2ceZ1Ly (lien direct) | DarkReading: Uber, Dropbox, Other Tech Leaders Team Up To Boost Vendor Securityhttp://ubm.io/2ceZ1Ly | Guideline | Uber | |
|
2016-09-16 11:30:00 | Uber, Dropbox, Other Tech Leaders Team Up To Boost Vendor Security (lien direct) | Tech companies - including Uber, Dropbox, Twitter, and Docker - have joined forces to create the Vendor Security Alliance, which aims to vet vendor security practices. | Uber | ||
|
2016-08-02 07:55:29 | Advertisers could be tracking you via your battery status (lien direct) | A legitimate reason to poll your battery's status is to stop intensive operations from executing if you're running low on juice.But it's also open to exploitation by those who want to track your online activity, writes Lukasz Olejnik:The information provided by the Battery Status API is not always changing fast. In other words, they are static for a period of time; it may give rise to a short-lived identifier. At the same time, users sometimes clear standard web identifiers (such as cookies). But a web script could analyze identifiers provided by Battery Status API, which could then possibly even lead to recreation of other identifiers. A simple sketch follows.An example web script continuously monitors the status of identifiers and the information obtained from Battery API. At some point, the user clears (e.g.) all the identifying cookies. The monitoring web script suddenly sees a new user - with no cookie - so it sets new ones. But battery level analysis could provide hints that this new user is - in fact - not a new user, but the previously known one. The script's operator could then conclude and reason that those this is a single user, and resume with tracking. This is an example scenario of identifier recreation, also known as respawning.A recent study [PDF] reported that battery status is being monitored by some tracking scripts.It sounds like it would be a positive step if browsers stopped accessing such detailed information about our battery.Aside from tracking, there are other ways that battery information could be exploited.Uber, for instance, says that it knows customers are more likely to accept a much higher price to hire a cab when their battery is running low. | Guideline | Uber | |
|
2016-07-19 09:39:44 | MacKeeper threatens to sue 14-year-old YouTuber (lien direct) |  The MacKeeper utility suite, which claims to help Mac users stop security threats, find duplicate files, and help you uninstall unwanted apps, doesn't have the best reputation.And now they're making legal threats against a teenage video maker. |
Uber | ||
 |
2016-07-17 19:28:15 | Linus From Linus Media Group Accepts that He Got Hacked (lien direct) | Famous Youtuber and the founder of Linus Media Group, Linus Sebastian accepted that they are hacked. There were various rumors in the industry that LMG got hacked and they used a very easy password which anyone could guess and other rumor says the database of LMG was out for just $5. After all these, Linus came out to put a stop to those rumors. In the latest video of his recent series of videos called Honest Answers, Linus explained what actually happened. he named the episode as’ WTF is Happening’. Going into the details, Linus clearly stated that weak passwords are | Uber | ||
|
2016-06-29 15:56:41 | Researchers Uncover New Malware Disguised As WhatsApp, Uber and Google Play (lien direct) | Security researchers recently discovered a new malware that masquerades itself as a number of popular apps, including WhatsApp, Uber and Google Play, to try and trick unsuspecting users to provide their credit card data. According to the researchers at security firm FireEye, the malware has been spreading via an SMS (short message service) phishing campaign […]… Read More | Uber | ||
|
2016-06-23 15:30:00 | Pen testers discover mega vulnerabilities in Uber (lien direct) | Portuguese pen testing team discover 14 flaws in Uber apps which would have enabled them to get free rides and disclose details of passengers' and drivers' journeys. |
Uber | ||
|
2016-06-08 00:13:36 | No, Musky, Feudalism is best for Mars (lien direct) | Recently, the press fawned all over Elon Musk's comments at a conference. Among them was Musk's claim that "direct democracy" would be the best system, where citizen's vote directly for laws, rather than voting for (corrupt) representatives/congressmen. This is nonsense. The best political system would be feudalism.There is no such thing as "direct democracy". Our representatives in congress are only the first layer on top of a bureaucracy. Most rules that restrict us are not "laws" voted by congress but "regulations" decided by some bureaucrat.Consider the BP Gulf Oil spill, as an example. It happened because oil companies got cozy with their regulators, the minerals Management Service (MMS), part of the Department of the Interior. The bureaucrats had a dual mandate: to protect the environment, and to promote economic activity. Oil companies lobbied them to risk the environment in favor of profits.Consider Obamcare's controversial mandate that health insurers must pay for abortions. This was not part of the law pass by congress, but a decision by the bureaucrats in charge of all the little details in carrying out the law.Consider the Federal Communication Commission (FCC) regulation of the Internet. It bases its power to regulate the Internet on laws that essentially predate the Internet as we know it.No matter how ideal this "direct Democracy" of Musk's, you are still going to leave most decision making in the hands of a bureaucracy. This is especially true on space flight to Mars. If something's wrong with the air system, you want a technician making quick decisions to fix it. Otherwise, people would suffocate long before they had a chance to vote on the issue. Technicians must be trusted with important decisions, like jettisoning that one pod killing 10 people in order to save the remaining 100.No matter the political system, you are going to have the bureaucracy making tactical, day-to-day decisions. You are also going to have an upper tier, making long term strategic decisions. It's how all political systems work, from monarchies to "direct democracy". They largely just change the names of the bureaucrats, rather than being substantively different.The corruption in Democracies doesn't necessarily come from those in power, but from the voters themselves. Voters are idiots and vote like idiots. That's why you have candidates like those of the U.S's current election season -- populist demagogues preying on people's ignorance proposing solutions that educated people believe to be unworkable. The majority of voters have never taken an economics class, do not understand foreign policy, or have any other qualification to make the decisions they make.Instead of education, voters overwhelming decide what's best for themselves, not dispassionately what's best for society as a whole. College students vote for free college. Old people vote for social security and health care. Mothers vote for child leave and child care. Racists vote to keep unwanted types out of their community. And so on. That's corruption at it's core.As de Tocqueville is famous for noting, democracy only lasts up to the point that 51% of the population realizes they can vote to just take everything away from the other 49%. You call it corruption, but our current system allows a member of the 49% to lobby congress so that they don't get screwed by the 51%. Indeed, that's what most lobbyists do -- they aren't asking for special favors from the government so much as trying to alleviate special punishments. It's a sort of corruption defending themselves from the voter's corruption.As the famous quote goes, "Democracy is the worst form of government -- except for all the others". It's a horrible system, it's just we h | Uber | ||
|
2016-06-07 16:48:31 | Uber Pays Researcher $10K for Login Bypass Exploit (lien direct) | Uber patched a bug in its site recently that could have allowed an attacker to log into some of its sites without a password and further compromise its internal network. | Uber | ||
|
2016-05-24 13:00:00 | Ataques de “Watering Hole” o “Aguaderos”: Detectando usuarios infectados antes de que sea muy tarde (lien direct) | Los ataques de “Watering Hole” - o el secuestro de sitios web legítimos para empujar malware - están aumentando drásticamente. Estos ataques son como descargas drive-by tradicionales, con una diferencia importante: son muy específicos en su naturaleza y la detección de estos ataques es notoriamente difícil.En los ataques de Watering Hole, los atacantes se pueden enfocar en una sola compañía o agencia gubernamental o en comunidades más grandes de interés - como una industria o grupos empresariales.En una entrevista sobre este tema con Víctor Obando. Sr. SE de AlienVault. Hemos discutido como los equipos de TI pueden detectar ataques de Watering Hole y los mejore métodos para mitigar el impacto en una organización afectada.Este es Víctor: Según Víctor, los atacantes son oportunistas y toman ventaja de errores simples que seres humanos tienden a cometer. Los ataques de Watering Hole son interesantes en el hecho de que pueden ser muy sigilosos por naturaleza y se pueden desarrollar en un periodo de tiempo largo. Implican comprometer un sitio de confianza existente o crear un sitio que parece legítimo, hasta una falta de ortografía para atrapar a algunos usuarios confiados puede ser el mecanismo utilizado en estos ataques- por ejemplo amricanexpress.com. Luego esperan a que una víctima entre al sitio, respondiendo a un correo electrónico de “phishing” o escribir mal una dirección URL válida como el ejemplo anterior.Pregunta: ¿Cómo se crean los atacantes de Watering Hole?Respuesta: Esta es una diapositiva que usamos para explicar el proceso: Pregunta: ¿Me puede dar un escenario de cómo podría funcionar esto?Respuesta: Por supuesto. Para empezar, estos ataques pueden ser muy difíciles de detectar debido al hecho de que podrían tener un aspecto parecido a una actividad legitima.En muchos casos, estos ataques tienen víctimas en ambos lados del ataque. La primera víctima es el que posee el sitio web comprometido utilizado para el ataque de Watering Hole. La segunda víctima es el real objetivo del atacante - en este caso, cualquier persona que tenga una necesidad legítima de acceder al sitio antes mencionado.Para ilustrar esto un poco mas, digamos que un atacante particular tiene en su mira a un fabricante de automóviles reconocido y está buscando formas de infiltrar esta organización. Entonces aquí viene Bob. Bob tiene una pequeña empresa de fabricación que produce pernos y tuercas para la industria automotriz. Se ha creado un sitio web para sus clientes donde ellos pueden obtener información sobre el estado de la producción y los detalles sobre las piezas que Bob fabrica.Este pequeño negocio ha tomado a la atención del atacante, debido al nivel de interacción que su víctima (el fabricante de automóviles) tiene con el sitio. Además, como muchas pequeñas empresas, Bob puede que no tenga una práctica fuerte de seguridad y / o la experiencia interna para implementar controles de seguridad adecuados. Bob podría decir: "Sólo estoy haciendo tuercas y tornillos" y no a priorizado la seguridad de su ambiente. Para el atacante comprometer un sitio de este tipo puede ser una tarea sencilla y el pobre Bob ni se dará cuenta de lo que esta sucediendo.El atacante encuentra una manera de inyectar un script de Java en el sitio web de Bob que redirigirá a sus víctimas a otro sitio que se ve muy simila |
Uber | ||
 |
2016-04-20 09:29:01 | Microsoft veut démocratiser l’orchestration de conteneurs avec Azure Container Service (lien direct) | Proposée en beta jusqu'alors, l'offre service d'orchestration de conteneurs sur Azure est aujourd'hui disponible à tous. Avec Docker Swarm et Mesosphere DC/OS mais sans Google Kubernetes. | Uber | ||
|
2016-04-12 14:29:23 | Inside the Latest Apple iMessage Bug (lien direct) | Researchers from Bishop Fox and Uber found a frighteningly simple way to spread trouble through Apple iMessage. | Uber |
To see everything:
Our RSS (filtrered)
