120 private links
sandboxie?
Blog - Naviguez tranquille avec Docker
http://geexxx.fr/2014/06/15/naviguez-tranquille-avec-docker/
Tutorial
http://www.docker.com/tryit/
What is Docker?
Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications. Consisting of Docker Engine, a portable, lightweight runtime and packaging tool, and Docker Hub, a cloud service for sharing applications and automating workflows, Docker enables apps to be quickly assembled from components and eliminates the friction between development, QA, and production environments. As a result, IT can ship faster and run the same app, unchanged, on laptops, data center VMs, and any cloud.
La vie privée est-elle un problème de vieux cons ? demandait Jean-Marc Manach dans un excellent ouvrage. Bien sûr que non, mais on aimerait tant nous le faire croire…
« Natifs numériques », « natifs du numérique », « génération numérique »… Ce genre d’expressions, rencontrées dans les grands médias désireux d’agiter le grelot du jeunisme, peut susciter quelque agacement. D’autant que cette catégorie soi-disant sociologique se transforme bien vite en cible marketing pour les appétits des mastodontes du Web qui ont tout intérêt à présenter la jeunesse connectée comme le parangon des usages du net.
Compton est une ville excentrée de la mégalopole de Los Angeles, en Californie, jeune, ouvrière, violente, connue pour être le berceau du groupe de rap N.W.A. et de ses deux membres les plus éminents, Dr Dre et Ice Cube. Sa police municipale vient de s'illustrer en révélant avoir testé en 2012 un système de surveillance d'un genre nouveau, qui consistait à filmer la totalité de la ville grâce à une caméra de haute définition suspendue à un petit avion civil. Les habitants n'ont pas été informés
Google pense que « si [nous faisons] quelque chose [que nous souhaitons] que personne ne sache, peut-être [devrions-nous] commencer par ne pas le faire » et que « la vie privée pourrait en réalité être une anomalie ». Pourtant nous utilisons tous plus ou moins ses services et ceux des entreprises qui développent le même mode de pensée sur Internet. Mais au fait, n’avons-nous vraiment rien à cacher ?
Update: The NSA has denied the Bloomberg report, briefly stating that the agency "was not aware of the recently identified Heartbleed vulnerability until it was made public." We'll continue to update as more information emerges.
The internet is still reeling from the discovery of the Heartbleed bug, and yesterday we wondered if the NSA knew about it and for how long. Today, Bloomberg is reporting that the agency did indeed know about Heartbleed for at least the past two years, and made regular use of it to obtain passwords and data.
While it's not news that the NSA hunts down and utilizes vulnerabilities like this, the extreme nature of Heartbleed is going to draw more scrutiny to the practice than ever before. As others have noted, failing to reveal the bug so it could be fixed is contrary to at least part of the agency's supposed mission:
After 2013, the world is a different place. The trust that we can place into “machines” has greatly decreased due to the efforts of the NSA and other governmental spy agencies. Not to mention advertisers who track all your online movements, but at least that’s only done to sell to us. There is plenty of information about this on this website, but to sum it up, it is almost certain that what you are doing is being tracked, and it being stored, wherever you are in the world.
This has increased interest in privacy tools a lot, especially VPNs which are able to secure and/or anonymise your internet connection. Even so, you are still trusting your data to the VPN company, as all data travels through them. Therefore, choosing a VPN is no easy task.
HTTPS may be good at securing financial transactions, but it isn't much use as a privacy tool: US researchers have found that a traffic analysis of ten HTTPS-secured Web sites yielded “personal data such as medical conditions, legal or financial affairs or sexual orientation”.
In I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis, (Arxiv, here), UC Berkeley researchers Brad Miller, AD Joseph and JD Tygar and Intel Labs' Ling Huang show that even encrypted Web traffic can leave enough breadcrumbs on the trail to be retraced.
Early last year, password security researcher Kevin Young was hitting a brick wall. Over the previous few weeks, he made steady progress decoding cryptographically protected password data leaked from the then-recent hack of intelligence firm Stratfor. But with about 60 percent of the more than 860,000 password hashes cracked, his attempts to decipher the remaining 40 percent were failing.
Almost immediately, a flood of once-stubborn passwords revealed themselves. They included: "Am i ever gonna see your face again?" (36 characters), "in the beginning was the word" (29 characters), "from genesis to revelations" (26), "I cant remember anything" (24), "thereisnofatebutwhatwemake" (26), "givemelibertyorgivemedeath" (26), and "eastofthesunwestofthemoon" (25).
The most important aspect of a user account system is how user passwords are protected. User account databases are hacked frequently, so you absolutely must do something to protect your users' passwords if your website is ever breached. The best way to protect passwords is to employ salted password hashing. This page will explain how to do it properly.
More than a year ago TorrentFreak took a look at a selection of the web’s VPN services to see which ones really take privacy seriously. During the months that followed we received dozens of emails begging us to carry out an update and today here it is. The first installment in our list of VPN services that due to their setup cannot link user activity to external IP addresses and activities.
Gaffe à vous si vous possédez un routeur de marque Linksys ou Netgear. D'après Eloi Vanderbeken qui a analysé le firmware de son Linksys WAG200G, il y aurait une porte dérobée (backdoor) présente sur le port TCP/32764 de certains de ces routeurs.
DroidSheep [Root] is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts.
DroidSheep Guard is another Android app for monitoring Androids ARP-table. It tries to detect ARP-Spoofing on the network, such as an attack by DroidSheep, FaceNiff and other software.
MyCryptoChat is a simple ASP.Net MVC encrypted chat rooms manager. Everything is encrypted on the client side, so noone can spy on what you say.
http://mycryptochatphp.azurewebsites.net/ <--- CHAT
"Webcam" is based on actual events and was shot entirely on a computer's webcam.
The filmmakers hope that it will make people think more about the technology that we use every day and the effects it can have on all of us.
Peerblock sort une version Android qui va vous permettre de bloquer les communications, que ce soit les réceptions d’infos ou les envois, sur votre smartphone.
La vie privée est importante. Internet est un outil formidable, mais il est aussi très facile d'être espionné par des amis curieux, des voisins ou des gouvernements.
Theoretically, GSM has been broken since 2003, but the limitations of hardware at the time meant cell phone calls and texts were secure from the prying ears of digital eavesdroppers and all but the most secret government agencies. Since then, the costs of hardware have gone down, two terabytes of rainbow tables have been published, and all the techniques and knowledge required to listen in on cell phone calls have been available. The only thing missing was the hardware. Now, with a super low-cost USB TV tuner come software defined radio, [domi] has put together a tutorial for cracking GSM with thirty dollars in hardware.
les Français de QuarksLab (Pod2G et GG) ont mis en ligne une vidéo où on les voit intercepter des messages échangés via iMessages à parti de 2 iPhones et les modifier...
Avant de mourir, le regretté Aaron Swartz travaillait sur un projet (En python) dont le but est de permettre aux lanceurs d'alertes (Whistleblowers) tels que Snowden, d'envoyer des documents un peu "chauds" aux médias sans mettre en péril leur sécurité. Et surtout sans se faire griller par les grandes oreilles de la NSA.
Aaron bossait sur ce code avec Kevin Poulsen (Wired) et après sa disparition, c'est la FPF (Free Press Foundation) qui a repris le flambeau avec l'aide de James Dolan, rebaptisant le projet initial Deaddrop en projet SecureDrop. (je pense pour éviter les jeux de mots foireux avec le terme "dead"... bref...)