This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T21:04:47+00:00 www.secnews.physaphae.fr ZD Net - Magazine Info 2017-10-12T13:00:16+00:00 http://www.zdnet.com/article/sap-vora-2-0-ushers-in-containers-kubernetes-tighter-hana-integration/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=417994 False None Uber None 01net. Actualites - Securite - Magazine Francais ]]> 2017-10-06T07:53:35+00:00 http://www.01net.com/actualites/uber-a-t-il-enregistre-en-douce-les-ecrans-de-nos-iphone-1272199.html www.secnews.physaphae.fr/article.php?IdArticle=416321 False None Uber 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-10-06T04:41:38+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/2wXS7REEcAA/uber-screen-record-iphone.html www.secnews.physaphae.fr/article.php?IdArticle=415980 False None Uber None ZD Net - Magazine Info 2017-10-05T20:11:00+00:00 http://www.zdnet.com/article/uber-app-can-silently-record-iphone-screens-researcher-finds/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=415631 False None Uber None Malwarebytes Labs - MalwarebytesLabs Read more...) ]]> 2017-09-29T15:00:11+00:00 https://blog.malwarebytes.com/cybercrime/2017/09/blueborne-bluetooths-airborne-influenza/ www.secnews.physaphae.fr/article.php?IdArticle=413787 False None Uber None Naked Security - Blog sophos ]]> 2017-09-08T17:50:15+00:00 https://nakedsecurity.sophos.com/2017/09/08/news-in-brief-uber-faces-fbi-probe-samsung-offers-bug-bounties-humpty-dumpty-hackers-jailed/ www.secnews.physaphae.fr/article.php?IdArticle=405961 False None Uber None Naked Security - Blog sophos ]]> 2017-08-29T18:06:54+00:00 https://nakedsecurity.sophos.com/2017/08/29/news-in-brief-turings-documents-found-uber-steps-back-on-tracking-feathered-threat-to-police/ www.secnews.physaphae.fr/article.php?IdArticle=401923 False None Uber None InformationSecurityBuzzNews - Site de News Securite Uber Agrees To 20 Years Of Privacy Audits After FTC Says It ‘Failed Consumers’]]> 2017-08-21T11:00:16+00:00 http://www.informationsecuritybuzz.com/expert-comments/uber-agrees-20-years-privacy-audits-ftc-says-failed-consumers/ www.secnews.physaphae.fr/article.php?IdArticle=398842 False None Uber None The Last Watchdog - Blog Sécurité de Byron V Acohido 2017-08-19T18:21:58+00:00 http://lastwatchdog.com/news-this-week-ukrainian-hacker-with-tied-to-dnc-hack-surrenders-uber-agrees-to-improve-privacy-scottish-paliament-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=398536 False None Uber None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-08-18T00:56:58+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/S7UIDS50Ez0/android-banking-trojan.html www.secnews.physaphae.fr/article.php?IdArticle=398023 False None Uber None Naked Security - Blog sophos ]]> 2017-08-17T13:29:41+00:00 https://nakedsecurity.sophos.com/2017/08/17/uber-faces-privacy-audits-every-two-years-until-2037-rules-ftc/ www.secnews.physaphae.fr/article.php?IdArticle=397816 False None Uber None SecurityWeek - Security News 2017-08-15T15:11:28+00:00 http://feedproxy.google.com/~r/Securityweek/~3/3vYNllwvigo/uber-settles-complaint-over-data-protection-riders-drivers www.secnews.physaphae.fr/article.php?IdArticle=396804 False None Uber None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/435373146/0/thesecurityledger -->»Related StoriesPetya-Bitten Subsidiary will materially impact FedExOSINT University: are Colleges and Universities protecting Student Data?OSINT University: are Colleges and Universities protecting Student Data? - Enclosure ]]> 2017-08-15T14:57:54+00:00 https://feeds.feedblitz.com/~/435373146/0/thesecurityledger~Ubers-Endless-Summer-FTC-Settlement-over-Bogus-Security-Privacy-Claims/ www.secnews.physaphae.fr/article.php?IdArticle=396936 False None Uber,FedEx None Bleeping Computer - Magazine Américain 2017-08-13T01:00:00+00:00 https://www.bleepingcomputer.com/news/security/godaddy-has-the-best-password-practices-netflix-spotify-uber-have-the-worst/ www.secnews.physaphae.fr/article.php?IdArticle=395955 False None Uber None Naked Security - Blog sophos ]]> 2017-08-10T18:32:03+00:00 https://nakedsecurity.sophos.com/2017/08/10/news-in-brief-vertus-go-cheap-uber-debuts-chat-ikea-gets-smart/ www.secnews.physaphae.fr/article.php?IdArticle=395210 False None Uber None SecurityWeek - Security News 2017 State of Digital Disruption study, the Global Center for Digital Business Transformation (DBT Center) says that in just two years digital disruption has gone from a peripheral concern to top-of-mind. ]]> 2017-08-10T14:22:31+00:00 http://feedproxy.google.com/~r/Securityweek/~3/d4NjYZDFHJ0/pragmatic-approach-your-digital-transformation-journey www.secnews.physaphae.fr/article.php?IdArticle=395249 False None Uber None Naked Security - Blog sophos ]]> 2017-08-04T11:26:23+00:00 https://nakedsecurity.sophos.com/2017/08/04/uber-drivers-game-the-system-force-up-fares/ www.secnews.physaphae.fr/article.php?IdArticle=392722 False None Uber None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/414456034/0/thesecurityledger -->»Related StoriesMaybe ignore that South Carolina Election Hacking StoryWill ‘Right to Repair’ imperil IoT Security?Dear SEC: More Companies Warn on Financial Impact from Petya Infection ]]> 2017-07-29T02:10:16+00:00 https://feeds.feedblitz.com/~/414456034/0/thesecurityledger~Jeep-Hackers-Miller-and-Valasek-Reunite-at-Autonomous-Driving-Startup-Cruise/ www.secnews.physaphae.fr/article.php?IdArticle=390503 False None Uber None SANS Institute - SANS est un acteur de defense et formation 2017-07-24T11:33:01+00:00 https://isc.sans.edu/diary/rss/22626 www.secnews.physaphae.fr/article.php?IdArticle=388241 False None Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC A license to hack The Singapore government may soon require hackers to get a license. As part of a draft bill that will make sweeping changes to Singapore’s national cybersecurity regime, already rated the world’s best by the International Telecommunication Union (ITU), hackers who conduct investigative work such as penetration testing—probing systems for holes in their security—will be required to obtain a license. The same goes for specialists conducting forensics work. Anyone caught hacking without a license could be facing 2 years jail time and a hefty fine. In theory it’s may be a good idea… actually I’m struggling to think as to any good reason why this is a good idea. The definition of hacking is very wooly at best. Changing a character in a URL could be perceived as parameter tampering, or it could be a genuine mistake. And would tools need to be licensed too? Of course, rules never hurt the bad guys, they will presumably still carry on doing what they’ve always been doing. Singapore is planning a new law to license hackers Draft Bill 5 Key proposals from Singapore’s new cyber security bill Visualising The Information Tracking Superhighway Remember when the internet was often referred to as the information superhighway? Well, it probably still is, except the real juicy information is heading in the opposite direction. But just how much information is being tracked? Whatever your guess is, you should probably double it. This visualisation does a great job of showing just how much tracking is going on, and the biggest culprits. The future of privacy looks pretty bleak. When Cyber crime hits the books What is the real cost of a cyber security attack? Many guesses and estimates have been thrown out. Some believe each breach costs companies multi-million dollars, while others believe it is almost negligible with no immediate impact on share price. But Reckit Benckiser Group in its last annual report ranked cyber security as eighth on the top 12 biggest specific risks it faces. That danger became real when the consumer goods giant was hit by the Petya attack last month. Reckitt said this will probably cost it 2pc of second-quarter sales, some of which will never be recovered. It's tempting to see this as an unlucky one-off. That would be too kind. At last, the true cost of cyber crime turns up on the books The Uber of Umbrellas I imagine that investors must be sick to their back teeth of pitches that start off with, “We’re like the Uber of x…” But why not, crowdsourcing and sharing seem to be fashionable at the moment. So it isn’t necessarily surprising to see all manner of companies looking to pursue this route. What is surprising is when a Chinese-based company was able ]]> 2017-07-14T13:00:00+00:00 http://feeds.feedblitz.com/~/397598328/0/alienvault-blogs~Week-in-Review-th-July www.secnews.physaphae.fr/article.php?IdArticle=385195 False None Uber None ZD Net - Magazine Info 2017-07-13T08:56:45+00:00 http://www.zdnet.com/article/uber-patches-security-flaw-leading-to-subdomain-takeover/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=384157 False None Uber None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-07-12T16:36:35+00:00 https://threatpost.com/uber-patches-authentication-bypass-vulnerability-on-custom-sso-solution/126791/ www.secnews.physaphae.fr/article.php?IdArticle=384128 False None Uber None IT Security Guru - Blog Sécurité 2017-06-28T09:54:54+00:00 http://www.itsecurityguru.org/2017/06/28/organizations-award-hackers-900000-year-bug-bounties/ www.secnews.physaphae.fr/article.php?IdArticle=379329 False None Uber 3.0000000000000000 Bleeping Computer - Magazine Américain 2017-06-26T13:12:25+00:00 https://www.bleepingcomputer.com/news/technology/chrome-beats-edge-in-independent-battery-life-test-despite-microsofts-claims/ www.secnews.physaphae.fr/article.php?IdArticle=378688 False None Uber None Naked Security - Blog sophos ]]> 2017-06-16T17:25:57+00:00 https://nakedsecurity.sophos.com/2017/06/16/uber-in-the-privacy-spotlight-again/ www.secnews.physaphae.fr/article.php?IdArticle=375522 False None Uber None SANS Institute - SANS est un acteur de defense et formation ]]> 2017-06-15T16:17:51+00:00 https://isc.sans.edu/diary/rss/22520 www.secnews.physaphae.fr/article.php?IdArticle=374999 False None Uber None UnderNews - Site de news "pirate" francais Harassés de se faire pigeonner sur le net par des annonces frauduleuses, Célina Maubert et Cédric Boisson, deux quadras domiciliés dans le sud de la France, inventent une formule innovante qui permettra de vérifier les biens avant tout achat.]]> 2017-06-14T08:17:43+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/CiWF97YzhxQ/comment-dejouer-efficacement-les-arnaques-sur-internet.html www.secnews.physaphae.fr/article.php?IdArticle=373826 False None Uber None BBC - BBC News - Technology 2017-06-05T12:11:13+00:00 http://www.bbc.co.uk/newsbeat/articles/40158459 www.secnews.physaphae.fr/article.php?IdArticle=371213 False None Uber None SANS Institute - SANS est un acteur de defense et formation Uberdisputes.com then requests the users Uber credentials to log in. Overall, the site uses the expected Uber layout. But more: The site uses a valid SSL certificate. Turns out that the site was hosted behind a Cloudflare proxy. Cloudflare does issue free SSL certificates, and just like most certificate authorities, it only requires proof of domain ownership to obtain this service. This does make it more difficult to distinguish a fake site from the real thing. Now by the time I started to investigate this, the original site was already taken down. But there was still some evidence left to see what happened. First of all, passive DNS databases did record the IP address of the site, which pointed to Cloudflare. Secondly, when searching certificate transparency logs, it was clear that a certificate for this site was issued to Cloudflare. Like for all Cloudflare certificates, the certificate was valid for a long list of hostnames hosted by Cloudflare. Sadly, it looks like whois history sites like Domaintools have no record of the site, so we do not know when it was exactly registered, but likely just before the domain started to get used. --- Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute STI|Twitter| (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]> 2017-05-22T20:53:02+00:00 https://isc.sans.edu/diary.html?storyid=22440&rss www.secnews.physaphae.fr/article.php?IdArticle=367646 False None Uber None Naked Security - Blog sophos ]]> 2017-05-22T17:54:54+00:00 https://nakedsecurity.sophos.com/2017/05/22/news-in-brief-bitcoin-price-bubbles-up-uber-uses-ai-to-boost-its-take-wannacry-hero-censures-tabloids/ www.secnews.physaphae.fr/article.php?IdArticle=367436 False None Uber,Wannacry None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC It’s about ethics in bug bounties I’m a big fan of bug bounty programmes and responsible disclosure. I think they work well as additional checks and balances that may slip through the initial security reviews. Bug bounty platforms are similar to a dating service. They pair up companies with researchers that will look for vulnerabilities within the defined scope and facilitate the payment of the bounty. But what happens when a company that sells morally dubious (but not necessarily illegal) software wants to run a bounty? It puts the bounty provider in a bit of a dilemma. On one hand it could remain completely impartial and simply act as a conduit to help create secure software. On the other hand, they are facilitating the betterment of software that could be used for malicious purposes. Such was the case when spyware company, FlexiSPY, showed interest in moving their bug bounty program to HackerOne. The resultant blog post illustrates some of the ups and downs in arriving at an answer. Casey Ellis, CEO of BugCrowd was far more direct in his approach and dismissal of FlexiSPY On the bright side of bug bounties It’s great to see researchers rewarded for finding bugs and vulnerabilities fixed. But for the rest of the security community, it’s always great to read a detailed writeup on how the researcher discovered the bug and validated it. It serves as a good learning experience for the rest of us. How my car insurance exposed my position Hacking my trash company Emergency Microsoft patch It feels like the topic of responsible disclosure is never-ending. I’m going to add responsible disclosure to the list of things I won’t talk about in social settings, joining politics, religion, and passwords. Last Friday, Google researcher Tavis Ormandy stated that he and fellow researcher Natalie Silvanovich had discovered “the worst Windows remote code exec in recent memory” While no further details were released, it left many security professionals hanging over a nail-biting weekend to learn about this vulnerability. Some disagreed with the approach and timing, stating that it was scaremongering, or an attempt to gain exposure. Either way, Microsoft turned it around very quickly, earning the praise of Ormandy and others, and pushed a critical out-of-band update for the Microsoft Malware Protection Engine to plug the vulnerability. MS plugs crazy bad bug with emergency pathc& Crazy bad bug in microsoft’s windows malware scanner can be used to install malware The Government's Role in Insecurity As much as I personally try to steer clear of politics, cyber security and politics are well and truly bed-fellows in this day and age. Whether it be hacking during elections, leaks, or spying. The Guardian ran a piece entitled Cyber-insecurity is a gift for hackers, but it’s our own gover]]> 2017-05-12T13:00:00+00:00 http://feeds.feedblitz.com/~/318027030/0/alienvault-blogs~AES-th-May-Keeping-an-Eye-on-IT-Security-So-You-Don%e2%80%99t-Have-To www.secnews.physaphae.fr/article.php?IdArticle=364829 False Guideline Uber None Errata Security - Errata Security Tonight (Friday May 5 2017) hackers dumped emails (and docs) related to French presidential candidate Emmanuel Macron. He's the anti-Putin candidate running against the pro-Putin Marin Le Pen. I thought I'd write up some notes.Are they Macron's emails?No. They are e-mails from members of his staff/supporters, namely Alain Tourret, Pierre Person, Cedric O??, Anne-Christine Lang, and Quentin Lafay.There are some documents labeled "Macron" which may have been taken from his computer, cloud drive -- his own, or an assistant.Who done it?Obviously, everyone assumes that Russian hackers did it, but there's nothing (so far) that points to anybody in particular.It appears to be the most basic of phishing attacks, which means anyone could've done it, including your neighbor's pimply faced teenager.Update: Several people [*] have pointed out Trend Micro reporting that Russian/APT28 hackers were targeting Macron back on April 24. Coincidentally, this is also the latest that emails appear in the dump.What's the hacker's evil plan?Everyone is proposing theories about the hacker's plan, but the most likely answer is they don't have one. Hacking is opportunistic. They likely targeted everyone in the campaign, and these were the only victims they could hack. It's probably not the outcome they were hoping for.But since they've gone through all the work, it'd be a shame to waste it. Thus, they are likely releasing the dump not because they believe it will do any good, but because it'll do them no harm. It's a shame to waste all the work they put into it.If there's any plan, it's probably a long range one, serving notice that any political candidate that goes against Putin will have to deal with Russian hackers dumping email.Why now? Why not leak bits over time like with Clinton?France has a campaign blackout starting tonight at midnight until the election on Sunday. Thus, it's the perfect time to leak the files. Anything salacious, or even rumors of something bad, will spread viraly through Facebook and Twitter, without the candidate or the media having a good chance to rebut the allegations.The last emails in the logs appear to be from April 24, the day after the first round vote (Sunday's vote is the second, runoff, round). Thus, the hackers could've leaked this dump any time in the last couple weeks. They chose now to do it.Are the emails verified?Yes and no.Yes, we have DKIM signatures between people's accounts, so we know for certain that hackers successfully breached these accounts. DKIM is an anti-spam method that cryptographically signs emails by the sending domain (e.g. @gmail.com), and thus, can also verify the email hasn't been altered or forged.But no, when a salacious email or document is found in the dump]]> 2017-05-06T04:15:35+00:00 http://blog.erratasec.com/2017/05/some-notes-on-macronleak.html www.secnews.physaphae.fr/article.php?IdArticle=362806 False None Uber,APT 28 None Naked Security - Blog sophos ]]> 2017-05-05T17:44:26+00:00 https://nakedsecurity.sophos.com/2017/05/05/news-in-brief-uber-faces-criminal-probe-cassini-dives-through-saturns-rings-police-fined-for-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=362582 False None Uber None SecureMac - Security focused on MAC Read more ]]> 2017-05-01T20:40:09+00:00 https://www.securemac.com/apple/uber-breaks-apple-rules-fingerprinting-iphones-deletion www.secnews.physaphae.fr/article.php?IdArticle=360588 False None Uber None Naked Security - Blog sophos ]]> 2017-04-25T16:52:36+00:00 https://nakedsecurity.sophos.com/2017/04/25/news-in-brief-uber-under-fire-in-hell-lawsuit-europe-could-be-hit-by-laptop-ban-fancy-bear-targeted-macron/ www.secnews.physaphae.fr/article.php?IdArticle=358806 False None Uber,APT 28 None Naked Security - Blog sophos ]]> 2017-04-25T09:46:02+00:00 https://nakedsecurity.sophos.com/2017/04/25/apple-threatened-to-oust-uber-from-app-store-for-fingerprinting-iphones/ www.secnews.physaphae.fr/article.php?IdArticle=358809 False None Uber None UnderNews - Site de news "pirate" francais D’après les révélations du New York Times, l’application Uber continuaient de pister ses utilisateurs même après que ces derniers aient désinstallé l’application de leur smartphone. Alerte espionnage ! Selon Will Strafach, le président de Sudo Security Group, un spécialiste de la sécurité informatique cité par TechCrunch, l’application Uber pistait les utilisateurs entre le moment où l’application […]]]> 2017-04-25T07:40:24+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/jOqptvhUMKs/uber-en-difficulte-apres-les-revelations-despionnage-des-utilisateurs.html www.secnews.physaphae.fr/article.php?IdArticle=359054 False None Uber None 01net. Actualites - Securite - Magazine Francais ]]> 2017-04-24T09:55:27+00:00 http://www.01net.com/actualites/uber-a-traque-les-utilisateurs-d-iphone-1149686.html www.secnews.physaphae.fr/article.php?IdArticle=359085 False None Uber 4.0000000000000000 Wired Threat Level - Security News In his Uber exit interview, top car hacker Charlie Miller warns of the dangers of insecure autonomous vehicles. The post Securing Driverless Cars From Hackers Is Hard. Ask the Ex-Uber Guy Who Protects Them]]> 2017-04-12T11:00:09+00:00 https://www.wired.com/2017/04/ubers-former-top-hacker-securing-autonomous-cars-really-hard-problem/ www.secnews.physaphae.fr/article.php?IdArticle=359292 False None Uber None The State of Security - Magazine Américain Read More ]]> 2017-04-12T03:00:53+00:00 https://www.tripwire.com/state-of-security/security-data-protection/insider-threats-main-security-threat-2017/ www.secnews.physaphae.fr/article.php?IdArticle=356182 False None Uber None TrendLabs Security - Editeur Antivirus implemented LSH in the infrastructure that handles much of its data to identify trips with overlapping routes and reduce inconsistencies in GPS data. Trend Micro has been actively researching and publishing reports in this field since 2009. In 2013, we open sourced an implementation of LSH suitable for security solutions: Trend Micro Locality Sensitive Hashing (TLSH). TLSH is an approach to LSH, a kind of fuzzy hashing that can be employed in machine learning extensions of whitelisting. TLSH can generate hash values which can then be analyzed for similarities. TLSH helps determine if the file is safe to be run on the system based on its similarity to known, legitimate files. Thousands of hashes of different versions of a single application, for instance, can be sorted through and streamlined for comparison and further analysis. Metadata, such as certificates, can then be utilized to confirm if the file is legitimate. Post from: Trendlabs Security Intelligence Blog - by Trend Micro Smart Whitelisting Using Locality Sensitive Hashing ]]> 2017-03-30T10:12:23+00:00 http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/lyi7gZXlQ6c/ www.secnews.physaphae.fr/article.php?IdArticle=349504 False None Uber None Naked Security - Blog sophos ]]> 2017-03-27T17:57:45+00:00 https://nakedsecurity.sophos.com/2017/03/27/news-in-brief-facebook-rolls-out-location-sharing-uber-pulls-tests-after-crash-nasa-thanks-schoolboy/ www.secnews.physaphae.fr/article.php?IdArticle=346800 False None Uber 3.0000000000000000 AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Keeping an eye on the latest in the world of information security week after week illustrates the variety of concerns, errors, and attacks that present themselves. It has been reported that a British bank ‘identifying trafficked sex workers by tracking contraceptive spending’. While the cause may be good, one must wonder how long before banks are sharing full-scale analysis of spending and profiling with big brother? Bug bounties and vulnerability disclosure co-ordination continue to be adopted. With Intel offering up to $30,000 for bugs in its hardware and the UK’s NCSC launching a vulnerability co-ordination pilot, it’s in the news. Self-driving cars have been the fantasy of most kids who grew up in the 80’s watching Knight Rider. There have been many exciting developments in this space, but it still looks like truly self-driving cars have little more than lane-discipline and variable cruise control as Uber’s autonomous cars drove 20,354 miles and had to be taken over at every mile, according to documents. An interesting and in-depth read, The New Handbook For Cyberwar Is Being Written By Russia. People will often complain about government agencies such as the NSA, or GCHQ being able to spy on individuals. However, it’s important not to overlook those who seek to gain access to your systems and data for nefarious activities that can directly impact you. As this article takes the creepiness level up to 11, it’s worth remembering that even simple security measures such as webcam covers (or a bit of tape) can help save harassment. Meet the men who spy on women through their webcams. How to Think About Likelihood, Probability and Frequency. More interesting stories: Hackers: We Will Remotely Wipe iPhones Unless Apple Pays Ransom Saks Fifth Avenue, Three U.K. Mistakenly Expose Customer Data Double Agent attack can turn antivirus into malware With a couple of comments from me, How to keep your laptop safe under the new airline ban. Russian man pleads guilty to over $500m malware s]]> 2017-03-24T13:00:00+00:00 http://feeds.feedblitz.com/~/284529508/0/alienvault-blogs~Alien-Eye-in-the-Sky-th-March www.secnews.physaphae.fr/article.php?IdArticle=345749 False Guideline Uber None Naked Security - Blog sophos ]]> 2017-03-17T18:33:02+00:00 https://nakedsecurity.sophos.com/2017/03/17/news-in-brief-gchq-hits-back-in-wiretap-row-uber-still-needs-humans-intel-call-to-bug-hunters/ www.secnews.physaphae.fr/article.php?IdArticle=340122 False None Uber 3.0000000000000000 AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC It was a busy week in the world of security with many people wondering if Twitter had been hacked when they saw many verified accounts posting spam. Luckily it turned out that Twitter was secure, and the compromise occurred at a third party. Serving as another reminder of the importance of third party and supply chain security. Other interesting news articles from the week included: What if your life depended on secure code Phishing exercises without the “ish” Robert Mercer: the big data billionaire waging war on mainstream media Oscar envelopes explained: how presenters get winning names Vice News YouTube video commenter set for retrial over 'menacing' posts Cop blocked: uber app thwarted arrests of its drivers by fooling police with “ghost cars” Attacking machine learning with adversarial examples The Dark web has shrunk by 85% Lets Encrypt are enabling the bad guys, and why they should. Tim Berners-Lee, who invented the World Wide Web, now wants to save it      ]]> 2017-03-17T13:00:00+00:00 http://feeds.feedblitz.com/~/282151436/0/alienvault-blogs~Did-Twitter-Get-Hacked-Alien-Eye-in-the-Sky-th-March www.secnews.physaphae.fr/article.php?IdArticle=340037 False None Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC My job was to receive incoming calls, type out the message, and send it to the relevant pager. On the whole it was a boring and repetitive job, with few breaks, and strict managers. On the plus side, the workforce consisted mainly of students like myself that were grateful for an easy job that paid £4 an hour. Mixing youthful exuberance with decent pay created a certain buzz around the office. Particularly on warm summer days when the sun would pour in through the windows, and just over 350 operators would be busy on calls, spinning on chairs, throwing Maltesers at each other - trying desperately not to laugh while typing out a message informing Dr. Jones she was needed in ward number 3. It created a vibrant atmosphere that resembled a mixture of a daytime club with a scene out of Wall Street. But nothing lasts forever, and a few short years later the office was abandoned and the company had folded. Mobiles phones were the reason. Lower prices had made them accessible to the masses - and once text messaging services took off, the humble pager became obsolete. Usually a new technology will cannibalise one industry, like how CD’s impacted vinyl records. Mobile phones, on the other hand, were not satisfied with just impacting the pager industry. As functionality and capabilities of handsets grew, so did its targets. Mobiles became the de-facto camera, music player, email client, and internet browser. With the explosion of ‘apps’ the capabilities have only increased. The term ‘disruptive’ is thrown around a lot regarding technology. Perhaps mobile devices deserve the term more than any other - forcing many industries to change, or wiping them out altogether. Standard point-and-shoot camera capabilities have been outpaced by mobiles, forcing camera manufacturers to focus more on the ’prosumer’ market, catering to consumers that don’t necessarily need professional equipment, but need something that packs more of a punch than the standard phone camera. Similarly, toy manufacturers are seeing children move away from physical toys to software-based entertainment. Everything from publishing, taxis, shopping, or even banking and payments has been disrupted as consumers want maximum functionality crammed into their handheld device. The “other” disruptor - Tales from Three Former Colleagues * Based on his work experience, I guess “Tim” to be in his mid-forties. His heavy set and weary face tell the story of someone that has lost far too many hours on support calls over the years. He started work in IT and then moved into IT Security, working his way up the ranks to middle-management in charge of a team of 11 at a fortune 500 company. We are in a coffee shop tucked away in one of the many small lanes behind Aldgate East. The melting pot of where London’s financial hub bleeds into the East-End, Jack the Ripper territory of Brick Lane. Tim lets out a deep sigh when I ask about disruptive technologies and mobile phones. He runs his index finger along the brim of his coffee cup, before flashing the briefest of smiles. “Mobiles, tablets and this whole bring your own whatever nonsense has changed stuff for sure. But cloud is where the real change has hap]]> 2017-03-15T13:00:00+00:00 http://feeds.feedblitz.com/~/281253079/0/alienvault-blogs~Change-is-Automatic-Progress-is-Not www.secnews.physaphae.fr/article.php?IdArticle=337846 False None Uber None SecurityWeek - Security News 2017-03-07T15:07:18+00:00 http://feedproxy.google.com/~r/Securityweek/~3/DmeDnv8b4TQ/bug-allowed-free-uber-rides www.secnews.physaphae.fr/article.php?IdArticle=330323 False None Uber None Naked Security - Blog sophos ]]> 2017-03-06T16:18:31+00:00 https://nakedsecurity.sophos.com/2017/03/06/uber-under-fire-for-greyball-program-used-to-dodge-enforcement-officials/ www.secnews.physaphae.fr/article.php?IdArticle=328858 False None Uber None ZD Net - Magazine Info 2017-03-06T10:13:00+00:00 http://www.zdnet.com/article/how-to-book-an-uber-ride-for-free/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=328493 False None Uber None Naked Security - Blog sophos ]]> 2017-03-03T18:20:51+00:00 https://nakedsecurity.sophos.com/2017/03/03/news-in-brief-virginia-greenlights-delivery-bots-line-to-launch-ai-assistant-uber-seeks-licence/ www.secnews.physaphae.fr/article.php?IdArticle=327846 False None Uber None UnderNews - Site de news "pirate" francais Uber, Airbnb, Blablacar… la très grande majorité des plateformes collaboratives reposent aujourd'hui sur des modèles basés sur la commission à la prestation. Or, des chauffeurs VTC mécontents des politiques de prix, aux utilisateurs cherchant à passer outre les plateformes, de nombreux exemples tendent à prouver que ce type de tarification n'est pas forcément un modèle idéal au sein de l'économie collaborative qui se veut davantage centrée sur l'utilisateur. D'autant plus lorsqu'il s'agit de services récurrents.]]> 2017-03-01T14:35:03+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/e17UhrJShlE/serait-ce-la-fin-des-business-models-bases-sur-la-commission-pour-les-plateformes-collaboratives.html www.secnews.physaphae.fr/article.php?IdArticle=325711 False None Uber None Network World - Magazine Info 2017-02-23T10:33:00+00:00 http://www.networkworld.com/video/74438/breaking-and-protecting-devops-tool-chains#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=321643 False None Uber None Naked Security - Blog sophos ]]> 2017-02-22T18:30:43+00:00 https://nakedsecurity.sophos.com/2017/02/22/news-in-brief-pushback-on-pirate-bay-ban-course-in-fake-news-autonomous-ubers-get-passengers/ www.secnews.physaphae.fr/article.php?IdArticle=320735 False None Uber None Naked Security - Blog sophos ]]> 2017-02-15T15:18:27+00:00 https://nakedsecurity.sophos.com/2017/02/15/man-sues-uber-after-privacy-flaws-led-to-his-divorce/ www.secnews.physaphae.fr/article.php?IdArticle=315412 False None Uber None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-02-13T14:00:16+00:00 https://threatpost.com/threatpost-news-wrap-february-13-2017/123683/ www.secnews.physaphae.fr/article.php?IdArticle=312471 False None Uber None Bleeping Computer - Magazine Américain 2017-02-13T01:00:00+00:00 https://www.bleepingcomputer.com/news/legal/man-sues-uber-after-ios-app-bug-exposes-his-affair/ www.secnews.physaphae.fr/article.php?IdArticle=311857 False None Uber None The State of Security - Magazine Américain 2017-02-09T13:09:38+00:00 https://www.tripwire.com/state-of-security/featured/french-man-sues-uber-after-privacy-bug-led-wife-to-suspect-adultery/ www.secnews.physaphae.fr/article.php?IdArticle=310136 False Guideline Uber None Naked Security - Blog sophos ]]> 2017-02-08T18:09:31+00:00 https://nakedsecurity.sophos.com/2017/02/08/news-in-brief-us-might-require-social-media-passwords-bbm-opens-to-developers-uber-rapped/ www.secnews.physaphae.fr/article.php?IdArticle=309053 False None Uber None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-02-08T15:30:56+00:00 https://threatpost.com/uber-debuts-ssh-key-authentication-module/123633/ www.secnews.physaphae.fr/article.php?IdArticle=309914 False None Uber None Korben - Bloger francais > Lire la suite Cet article merveilleux et sans aucun égal intitulé : LibreTaxi – Ou comment Uber est en train de se faire retirer de l’équation ; a été publié sur Korben, le seul site qui t'aime plus fort que tes parents. ]]> 2017-02-01T09:38:59+00:00 http://feedproxy.google.com/~r/KorbensBlog-UpgradeYourMind/~3/j4u-l8McbHE/libretaxi-uber-train-de-se-faire-retirer-de-lequation.html www.secnews.physaphae.fr/article.php?IdArticle=303755 False None Uber None Errata Security - Errata Security Surge PricingUber's "Surge Pricing" isn't price gouging, as many assume. Instead, the additional money goes directly to the drivers, to encourage them come to the area surging and pick up riders. Uber isn't a taxi company. It can't direct drivers to go anywhere. All it can do is provide incentives. "Surge Pricing" for customers means "Surge Income" for the drivers, giving them an incentive. Drivers have a map showing which areas of the city are surging, so they can drive there.Another way of thinking about it is "Demand Pricing". It's simply the economic Law of Supply and Demand. If demand increases, then prices increase, and then supply increases chasing the higher profits. It's why famously you can't get a taxi cab on New Years Eve, but you can get an Uber driver. Taxi drivers can't charge more when demand is surging, so there's no more taxis available on that date than on any other. But Uber drivers can/do charge more, so there's more Uber drivers.Supply and Demand is every much a law as Gravity. If the supply of taxi drivers is less than the demand, then not everyone is going to get a ride. That's basic math. If there's only 20 drivers right now, and 100 people wanting a ride, then 80 riders are going to be disappointed. The only solution is more drivers. Paying drivers more money gets more drivers. The part time drivers, the drivers planning on partying instead of working, will decide to work New Years chasing the surge wages.Uber's announcementUber made the following announcement:Surge pricing has been turned off at #JFK Airport. This may result in longer wait times. Please be patient.- Uber NYC (@Uber_NYC) January 29, 2017Without turning off Surge Pricing, Uber's computers would notice the spike in demand, as would-be taxi customers switch to Uber. The computers would then institute surge pricing around JFK automatically. This would notify the drivers in the area, who would then flock to JFK, chasing the higher income. This would be bad for the strike.By turning off surge pricing, there would be no increase in supply. It would mean the only drivers going to JFK are those dropping off passengers. It would mean that Uber wouldn't be servicing any more riders than on a normal day, making no difference to the taxi strike, one way or the other.Why wouldn't Uber stop pickups at JFK altogether, joining the strike? Because it'd be a tough decision for them. They have a different relationship with their drivers. Both taxis and Uber are required to take passengers to the airport if asked, but taxis are much better at weaseling out of it [*]. That means screwing drivers, forcing them to go way out to JFK with no return fare. In contrast, taxis were warned enough ahead of time to avoid the trip.The timingThe above section assumes a carefully considered Uber policy. In reality, they didn't have the time.The taxi union didn't announce their decision until 5pm, with the strike set for only one hour, between 6pm and 7pm.BREAKING: NYTWA dr]]> 2017-01-30T01:08:47+00:00 http://blog.erratasec.com/2017/01/uber-was-right-to-disable-surge-pricing.html www.secnews.physaphae.fr/article.php?IdArticle=301892 False None Uber None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-01-26T16:16:02+00:00 https://threatpost.com/uber-com-backup-bug-nets-researcher-9k/123370/ www.secnews.physaphae.fr/article.php?IdArticle=301044 False None Uber None Naked Security - Blog sophos ]]> 2017-01-10T13:59:46+00:00 https://nakedsecurity.sophos.com/2017/01/10/uber-offers-an-olive-branch-to-city-planners-with-new-tool/ www.secnews.physaphae.fr/article.php?IdArticle=288860 False None Uber None Naked Security - Blog sophos ]]> 2017-01-06T17:21:47+00:00 https://nakedsecurity.sophos.com/2017/01/06/news-in-brief-thai-cybersecurity-move-verizon-wobbles-on-yahoo-swiss-rap-uber/ www.secnews.physaphae.fr/article.php?IdArticle=287096 False None Uber,Yahoo None Naked Security - Blog sophos ]]> 2017-01-03T12:45:57+00:00 https://nakedsecurity.sophos.com/2017/01/03/weekly-review-the-hot-13-stories-of-the-week/ www.secnews.physaphae.fr/article.php?IdArticle=283913 False None Uber None Naked Security - Blog sophos ]]> 2016-12-30T16:50:16+00:00 https://nakedsecurity.sophos.com/2016/12/30/uber-apple-maps-and-location-tracking-whats-really-going-on/ www.secnews.physaphae.fr/article.php?IdArticle=283109 False None Uber None Hacker Republic - Site de news Hack fr Mot de passeNavigationAdwareMalwareSauvegardeVPN*Cet article a été écrit avec la participation de Keltounet* L'année 2016 a été émaillée de quelques incidents de sécurité de grande ampleur. Histoire de ne pas être le dindon de la farce, voici quelques conseils pour que l'informatique ne soit plus votre pire cauchemar. Des mots de passe complexes et différents pour chaque service On ne le répétera jamais assez : chaque service que vous utilisez doit avoir un mot de passe différent et chaque mot de passe doit être composé au minimum de huit caractères, avec des majuscules, des minuscules, des chiffres et des caractères spéciaux. On n'utilise pas le même mot de passe pour sa boîte mail que pour se connecter à Twitter ou Facebook ou à ses applicatifs métiers. Problème : comment s'en souvenir ? N'hésitez pas à utiliser un gestionnaire de mots de passe comme KeePass. Il va gérer les mots de passe à votre place, ne vous restera qu'à définir un seul mot de passe, fort évidemment. Côté sites Web, certains services proposent des authentifications à double facteur, ce qui limite les soucis de vols de mots de passe. Des bloqueurs sur des navigateurs Les sites couverts de publicités et de traqueurs en tout genre sont encore malheureusement légion. Résultats : des informations concernant votre navigation et vos habitudes de vie sont stockées, vendues, revendues, sans que vous n'ayez votre mot à dire, ni même que vous soyez au courant. On aura donc recours à un bon bloqueur de publicités, uBlock Origin, par exemple et à Privacy Badger. Il ne faut pas non plus oublier que les publicités peuvent être aussi un vecteur important de malwares. Des extensions/modules/applications vérifiées ]]> 2016-12-26T13:30:46+00:00 https://www.hackersrepublic.org/outils/reco-securite-debutants www.secnews.physaphae.fr/article.php?IdArticle=282806 False None Uber,APT 15 None Naked Security - Blog sophos ]]> 2016-12-23T17:11:11+00:00 https://nakedsecurity.sophos.com/2016/12/23/news-in-brief-snowden-denies-allegations-uber-moves-to-arizona-wikipedia-reveals-most-edited-page/ www.secnews.physaphae.fr/article.php?IdArticle=279424 False None Uber None Naked Security - Blog sophos ]]> 2016-12-20T18:49:02+00:00 https://nakedsecurity.sophos.com/2016/12/20/news-in-brief-inflight-systems-can-be-hacked-la-seeks-extradition-of-cyberattacker-uber-safety-fears-grow/ www.secnews.physaphae.fr/article.php?IdArticle=277314 False None Uber None Naked Security - Blog sophos ]]> 2016-12-14T18:34:41+00:00 https://nakedsecurity.sophos.com/2016/12/14/news-in-brief-uber-goes-driverless-in-sfo-skype-on-macos-2016s-breaches-tallied-encryption-call-for-cameras/ www.secnews.physaphae.fr/article.php?IdArticle=273004 False None Uber None Graham Cluley - Blog Security Whistleblower claims Uber taxi firm made it too easy for staff to spy on customers' movements. ]]> 2016-12-14T10:44:05+00:00 https://www.grahamcluley.com/uber-god-view-allowed-staff-spy-high-profile-politicians-ex-partners-even-beyonce-court-hears/ www.secnews.physaphae.fr/article.php?IdArticle=272827 False None Uber None UnderNews - Site de news "pirate" francais Déjà pointé du doigt pour laxisme, Uber se voit cette fois visé par une plainte provenant d'un ex-employé qui dénonce l'accès généralisé aux données privées sensibles des clients par "des milliers d'employés" au sein de l'entreprise, sans raison valable.]]> 2016-12-14T09:29:09+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/y5E0vRqLhZ4/plainte-contre-uber-pour-non-protection-des-donnees-clients.html www.secnews.physaphae.fr/article.php?IdArticle=272589 False None Uber None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2016-12-09T04:28:41+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/GBtgG82xn_c/uber-location-tracking.html www.secnews.physaphae.fr/article.php?IdArticle=269694 False None Uber None Network World - Magazine Info To read this article in full or to leave a comment, please click here]]> 2016-12-05T15:01:55+00:00 http://www.networkworld.com/article/3147294/security/obamas-cybersecurity-plan-faces-uncertainty-with-trump.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=266836 False None Uber None The State of Security - Magazine Américain Read More ]]> 2016-12-02T12:03:48+00:00 https://www.tripwire.com/state-of-security/latest-security-news/uber-now-tracks-users-location-data-trip-ends/ www.secnews.physaphae.fr/article.php?IdArticle=265722 False None Uber None Naked Security - Blog sophos ]]> 2016-12-01T12:36:08+00:00 https://nakedsecurity.sophos.com/2016/12/01/uber-now-collecting-location-data-even-after-you-leave-a-drivers-car/ www.secnews.physaphae.fr/article.php?IdArticle=264446 False None Uber None SecurityWeek - Security News 2016-11-25T17:48:07+00:00 http://feedproxy.google.com/~r/Securityweek/~3/ljClqR1vQDs/flaws-ubers-ubercentral-tool-exposed-user-data www.secnews.physaphae.fr/article.php?IdArticle=260884 False None Uber None Malwarebytes Labs - MalwarebytesLabs A video has been found to freeze (a.k.a. cause a denial of service attack) on various models of Apple mobile devices according to YouTuber, EverythingApplePro, and reported by Bleeping Computer.Categories: Cybercrime MobileTags: AndroidAppleHTML5ipadiPhonemalware(Read more...)]]> 2016-11-23T21:31:49+00:00 https://blog.malwarebytes.com/cybercrime/2016/11/video-found-freezing-apple-devices/ www.secnews.physaphae.fr/article.php?IdArticle=259466 False None Uber None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2016-11-23T15:00:16+00:00 https://threatpost.com/uber-portal-leaked-names-phone-numbers-email-addresses-unique-identifiers/122128/ www.secnews.physaphae.fr/article.php?IdArticle=259706 False None Uber None Palo Alto Network - Site Constructeur 2016-11-07T13:00:23+00:00 http://feedproxy.google.com/~r/PaloAltoNetworks/~3/Q2giEMrQAe8/ www.secnews.physaphae.fr/article.php?IdArticle=249131 False None Uber None Malwarebytes Labs - MalwarebytesLabs A new security alliance is created to address concerns surrounding third-party providers who are associated with some of the biggest brands users trust. They aim to increase their compliance to cybersecurity standards and lessen the risks they may pose on businesses.Categories: Business Security worldTags: airbnbAtlassianbusiness securityDropboxGoDaddysecuritysecurity allianceSquaretwitterUbervendor security allianceVSA(Read more...)]]> 2016-09-29T22:26:16+00:00 https://blog.malwarebytes.com/security-world/2016/09/vendor-security-alliance-formed-to-improve-cybersecurity-of-third-party-providers/ www.secnews.physaphae.fr/article.php?IdArticle=145570 False None Uber None SC Magazine - Magazine ]]> 2016-09-27T13:00:00+00:00 http://feedproxy.google.com/~r/SCMagazineHome/~3/--YWwELxQpI/ www.secnews.physaphae.fr/article.php?IdArticle=133633 False None Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC A roundup of the week’s news, commentary, and observations. This week has ended with news of what appears to yet again be the biggest hack ever. But you’re probably tired of reading about it everywhere, so I’ll keep quiet about it. A detailed account by Wired on how it made the move from plain old HTTP to the shiny HTTPS. I like real-life tech stories, and this is well-written, as you’d expect from Wired. Tied in with this weeks tweetchat on 3rd party and supply chain risks. Uber, Square, Airbnb, and others form cybersecurity coalition for vetting vendors. I like the idea in principle – to save duplication of effort and standardize on some aspects. Guest blogger Bob Covello asks, “did you really lock that door?” Do you need an InfoSec Reading List? Jayme Hancock has done a lot of the heavy lifting for you and presented a comprehensive list here. We revisit threat intelligence trends and adaptions in a report based on a survey we conducted at Blackhat 2016.      Related StoriesDid You Really Lock that Door?End of Summer InfoSec Reading List for 2016The Alien Eye in the Sky - Friday 16th September ]]> 2016-09-23T14:18:00+00:00 http://feeds.feedblitz.com/~/201625872/0/alienvault-blogs~Alien-Eye-in-the-Sky-Friday-rd-September www.secnews.physaphae.fr/article.php?IdArticle=116482 False None Uber None The State of Security - Magazine Américain Read More ]]> 2016-09-19T18:26:00+00:00 http://www.tripwire.com/state-of-security/latest-security-news/uber-twitter-other-major-tech-players-unite-to-improve-cybersecurity-standards/ www.secnews.physaphae.fr/article.php?IdArticle=94818 False Guideline Uber None SecurityWeek - Security News 2016-09-19T12:58:45+00:00 http://feedproxy.google.com/~r/Securityweek/~3/6CdaepN0Zv4/tech-giants-team-improve-internet-security www.secnews.physaphae.fr/article.php?IdArticle=93177 False None Uber None SC Magazine - Magazine ]]> 2016-09-16T18:18:22+00:00 http://feedproxy.google.com/~r/SCMagazineHome/~3/LgoQOuXhZJA/ www.secnews.physaphae.fr/article.php?IdArticle=77758 False None Uber None @DarkReading - Flux twitter 2016-09-16T18:16:37+00:00 https://twitter.com/DarkReading/status/776817073951481856 www.secnews.physaphae.fr/article.php?IdArticle=76962 False Guideline Uber None Dark Reading - Informationweek Branch 2016-09-16T11:30:00+00:00 http://www.darkreading.com/vulnerabilities---threats/vulnerability-management/uber-dropbox-other-tech-leaders-team-up-to-boost-vendor-security-/d/d-id/1326926?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=76406 False None Uber None Graham Cluley - Blog Security writes Lukasz Olejnik:The information provided by the Battery Status API is not always changing fast. In other words, they are static for a period of time; it may give rise to a short-lived identifier. At the same time, users sometimes clear standard web identifiers (such as cookies). But a web script could analyze identifiers provided by Battery Status API, which could then possibly even lead to recreation of other identifiers. A simple sketch follows.An example web script continuously monitors the status of identifiers and the information obtained from Battery API. At some point, the user clears (e.g.) all the identifying cookies. The monitoring web script suddenly sees a new user - with no cookie - so it sets new ones. But battery level analysis could provide hints that this new user is - in fact - not a new user, but the previously known one. The script's operator could then conclude and reason that those this is a single user, and resume with tracking. This is an example scenario of identifier recreation, also known as respawning.A recent study [PDF] reported that battery status is being monitored by some tracking scripts.It sounds like it would be a positive step if browsers stopped accessing such detailed information about our battery.Aside from tracking, there are other ways that battery information could be exploited.Uber, for instance, says that it knows customers are more likely to accept a much higher price to hire a cab when their battery is running low.]]> 2016-08-02T07:55:29+00:00 https://www.grahamcluley.com/2016/08/advertisers-tracking-battery-status/ www.secnews.physaphae.fr/article.php?IdArticle=5177 False Guideline Uber None Graham Cluley - Blog Security The MacKeeper utility suite, which claims to help Mac users stop security threats, find duplicate files, and help you uninstall unwanted apps, doesn't have the best reputation.And now they're making legal threats against a teenage video maker.]]> 2016-07-19T09:39:44+00:00 https://www.grahamcluley.com/2016/07/mackeeper-threatens-sue-14-year-old-youtuber/ www.secnews.physaphae.fr/article.php?IdArticle=4321 False None Uber None CodingSec - Ethical Hacking Team 2016-07-17T19:28:15+00:00 https://codingsec.net/2016/07/linus-linus-media-group-accepts-got-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=4199 False None Uber None The State of Security - Magazine Américain Read More]]> 2016-06-29T15:56:41+00:00 http://www.tripwire.com/state-of-security/latest-security-news/researchers-uncover-new-malware-disguised-as-whatsapp-uber-and-google-play/ www.secnews.physaphae.fr/article.php?IdArticle=3470 False None Uber None SC Magazine - Magazine ]]> 2016-06-23T15:30:00+00:00 http://feedproxy.google.com/~r/SCMagazineHome/~3/8a4iLT6iy7o/ www.secnews.physaphae.fr/article.php?IdArticle=3269 False None Uber None Errata Security - Errata Security direct democracy" would be the best system, where citizen's vote directly for laws, rather than voting for (corrupt) representatives/congressmen. This is nonsense. The best political system would be feudalism.There is no such thing as "direct democracy". Our representatives in congress are only the first layer on top of a bureaucracy. Most rules that restrict us are not "laws" voted by congress but "regulations" decided by some bureaucrat.Consider the BP Gulf Oil spill, as an example. It happened because oil companies got cozy with their regulators, the minerals Management Service (MMS), part of the Department of the Interior. The bureaucrats had a dual mandate: to protect the environment, and to promote economic activity. Oil companies lobbied them to risk the environment in favor of profits.Consider  Obamcare's controversial mandate that health insurers must pay for abortions. This was not part of the law pass by congress, but a decision by the bureaucrats in charge of all the little details in carrying out the law.Consider the Federal Communication Commission (FCC) regulation of the Internet. It bases its power to regulate the Internet on laws that essentially predate the Internet as we know it.No matter how ideal this "direct Democracy" of Musk's, you are still going to leave most decision making in the hands of a bureaucracy. This is especially true on space flight to Mars. If something's wrong with the air system, you want a technician making quick decisions to fix it. Otherwise, people would suffocate long before they had a chance to vote on the issue. Technicians must be trusted with important decisions, like jettisoning that one pod killing 10 people in order to save the remaining 100.No matter the political system, you are going to have the bureaucracy making tactical, day-to-day decisions. You are also going to have an upper tier, making long term strategic decisions. It's how all political systems work, from monarchies to "direct democracy". They largely just change the names of the bureaucrats, rather than being substantively different.The corruption in Democracies doesn't necessarily come from those in power, but from the voters themselves. Voters are idiots and vote like idiots. That's why you have candidates like those of the U.S's current election season -- populist demagogues preying on people's ignorance proposing solutions that educated people believe to be unworkable. The majority of voters have never taken an economics class, do not understand foreign policy, or have any other qualification to make the decisions they make.Instead of education, voters overwhelming decide what's best for themselves, not dispassionately what's best for society as a whole. College students vote for free college. Old people vote for social security and health care. Mothers vote for child leave and child care. Racists vote to keep unwanted types out of their community. And so on. That's corruption at it's core.As de Tocqueville is famous for noting, democracy only lasts up to the point that 51% of the population realizes they can vote to just take everything away from the other 49%. You call it corruption, but our current system allows a member of the 49% to lobby congress so that they don't get screwed by the 51%.  Indeed, that's what most lobbyists do -- they aren't asking for special favors from the government so much as trying to alleviate special punishments. It's a sort of corruption defending themselves from the voter's corruption.As the famous quote goes, "Democracy is the worst form of government -- except for all the others". It's a horrible system, it's just we h]]> 2016-06-08T00:13:36+00:00 http://blog.erratasec.com/2016/06/no-musky-feudalism-is-best-for-mars.html www.secnews.physaphae.fr/article.php?IdArticle=7840 False None Uber None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2016-06-07T16:48:31+00:00 https://threatpost.com/uber-pays-researcher-10k-for-login-bypass-exploit/118516/ www.secnews.physaphae.fr/article.php?IdArticle=2509 False None Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Según Víctor, los atacantes son oportunistas y toman ventaja de errores simples que seres humanos tienden a cometer. Los ataques de Watering Hole son interesantes en el hecho de que pueden ser muy sigilosos por naturaleza y se pueden desarrollar en un periodo de tiempo largo. Implican comprometer un sitio de confianza existente o crear un sitio que parece legítimo, hasta una falta de ortografía para atrapar a algunos usuarios confiados puede ser el mecanismo utilizado en estos ataques- por ejemplo amricanexpress.com. Luego esperan a que una víctima entre al sitio, respondiendo a un correo electrónico de “phishing” o escribir mal una dirección URL válida como el ejemplo anterior.Pregunta: ¿Cómo se crean los atacantes de Watering Hole?Respuesta: Esta es una diapositiva que usamos para explicar el proceso:Pregunta: ¿Me puede dar un escenario de cómo podría funcionar esto?Respuesta: Por supuesto. Para empezar, estos ataques pueden ser muy difíciles de detectar debido al hecho de que podrían tener un aspecto parecido a una actividad legitima.En muchos casos, estos ataques tienen víctimas en ambos lados del ataque. La primera víctima es el que posee el sitio web comprometido utilizado para el ataque de Watering Hole. La segunda víctima es el real objetivo del atacante - en este caso, cualquier persona que tenga una necesidad legítima de acceder al sitio antes mencionado.Para ilustrar esto un poco mas, digamos que un atacante particular tiene en su mira a un fabricante de automóviles reconocido y está buscando formas de infiltrar esta organización. Entonces aquí viene Bob. Bob tiene una pequeña empresa de fabricación que produce pernos y tuercas para la industria automotriz. Se ha creado un sitio web para sus clientes donde ellos pueden obtener información sobre el estado de la producción y los detalles sobre las piezas que Bob fabrica.Este pequeño negocio ha tomado a la atención del atacante, debido al nivel de interacción que su víctima (el fabricante de automóviles) tiene con el sitio. Además, como muchas pequeñas empresas, Bob puede que no tenga una práctica fuerte de seguridad y / o la experiencia interna para implementar controles de seguridad adecuados. Bob podría decir: "Sólo estoy haciendo tuercas y tornillos" y no a priorizado la seguridad de su ambiente. Para el atacante comprometer un sitio de este tipo puede ser una tarea sencilla y el pobre Bob ni se dará cuenta de lo que esta sucediendo.El atacante encuentra una manera de inyectar un script de Java en el sitio web de Bob que redirigirá a sus víctimas a otro sitio que se ve muy simila]]> 2016-05-24T13:00:00+00:00 http://feeds.feedblitz.com/~/155564811/0/alienvault-blogs~Ataques-de-%e2%80%9cWatering-Hole%e2%80%9d-o-%e2%80%9cAguaderos%e2%80%9d-Detectando-usuarios-infectados-antes-de-que-sea-muy-tarde www.secnews.physaphae.fr/article.php?IdArticle=1980 False None Uber None Silicon - Site de News Francais 2016-04-20T09:29:01+00:00 http://www.silicon.fr/microsoft-generalise-lacces-a-azure-container-service-145354.html www.secnews.physaphae.fr/article.php?IdArticle=635 False None Uber None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2016-04-12T14:29:23+00:00 https://threatpost.com/inside-the-latest-apple-imessage-bug/117337/ www.secnews.physaphae.fr/article.php?IdArticle=246 False None Uber None Checkpoint - Fabricant Materiel Securite Mobile Security Weekly: Uber’s Literally Malware, WhatsApp Crashes Hard, iOS Jailbroken – Again]]> 2014-12-05T16:42:16+00:00 http://blog.checkpoint.com/2014/12/05/mobile-security-weekly-ubers-literally-malware-whatapp-crashes-hard-ios-jailbroken/ www.secnews.physaphae.fr/article.php?IdArticle=263918 True None Uber None