Aller au contenu
Fini la pub... bienvenue à la cagnotte ! ×
AIR-DEFENSE.NET

Cyberwarfare


wielingen1991

Messages recommandés

  • 3 weeks later...

Le cadeau de Noël du gouvernement aux internautes : la surveillance

 

26/12/2014 à 17:45 Le 24 décembre, Matignon a publié un décret sur une mesure très contestée permettant aux agents de l'État de surveiller le Net français. Habile.

 

http://www.lepoint.fr/chroniqueurs-du-point/guerric-poncet/le-cadeau-de-noel-du-gouvernement-aux-internautes-la-surveillance-26-12-2014-1892495_506.php

Modifié par zx
Lien vers le commentaire
Partager sur d’autres sites

Habile ? Il serait intéressant d'étudier la compatibilité de ce décret par rapport à la CEDH voir même à la Constitution française et les droits et libertés qu'elle garantit. Après si "habile" se réfère à l'idée de passer des décisions controversées le 24 décembre, ou le 31 du même mois ou le 14 août à 23h30 sous un décret claire ou une "loi portant sur des dispositions diverses" servant de fourre tout ce n'est pas nouveau.

  • Upvote (+1) 1
Lien vers le commentaire
Partager sur d’autres sites

cela fait plus de 10-15 ans que les USA maitrise les ordinateurs quantique, les processeurs et ces technologies sont créées 

par IBM, comme toujours, c'est le leader mondial en R&D dans le domaine, depuis plus de 10 ans, c'était réservé au domaine militaire, NSA,etc.. 

big brother is watching you.

 

maintenant, on commence à voir l'acquisition d'ordinateur quantique pour la NASA et google. ce qui indique que cela commence à se démocratiser, cela veut dire aussi qu'ils ont quelque chose de nettement supérieur.

 

les calculateurs quantiques sont développées par D Wave system

 

http://www.robot-n-tech.com/lordinateur-quantique-d-wave-two-google-nasa

 

http://www.futura-sciences.com/magazines/high-tech/infos/actu/d/informatique-revolution-ordinateurs-quantiques-elle-imminente-47030/

 

http://www.pcworld.com/article/2094380/ibm-questions-the-performance-of-dwaves-quantum-computer.html

 

Intel n'a qu'une présence .commerciale pour le grand public et le milieu industriel, il n'a pas la capacité de créer cette techno, on parle aussi que les IA seront des calculateurs quantique, dans quelques années ils pourront s'appuyer sur une version dédié au public et les entreprises. je pense que cela fera parti de la révolution numérique qui arrive et qui aura d'important impacts sociaux dans les 20 prochaines années. il faudra négocier bientôt avec son frigo, son ordi, sa voiture et sa télé . :P i, robot

 

le problème qui va se poser maintenant est de passer des technologies de laboratoire à des processus industriels qui intègrent la rentabilité

Modifié par zx
Lien vers le commentaire
Partager sur d’autres sites

On n'a toujours pas pu vérifier le fonctionnement réel des D-Wave il me semble, ce qui laisse des doutes si ce n'est pas une arnaque très osée. Pour les ordinateurs quantiques "démontrés", je crois qu'on en est à quelques q-bits. Il y a quelques années on s'était félicité d'avoir réussi à factoriser le nombre 15 par méthode quantique.

 

Pour la NSA, le sujet était abordé dans certains documents Snowden et l'état des lieux était le même que dans le public. ll va falloir s'y faire : dans les années 50 la NSA créait le progrès de l'informatique, depuis les années 70 elle suit la recherche et les compagnies commerciales qui vont aussi vite.

Lien vers le commentaire
Partager sur d’autres sites

Le cadeau de Noël du gouvernement aux internautes : la surveillance

 

26/12/2014 à 17:45 Le 24 décembre, Matignon a publié un décret sur une mesure très contestée permettant aux agents de l'État de surveiller le Net français. Habile.

 

http://www.lepoint.fr/chroniqueurs-du-point/guerric-poncet/le-cadeau-de-noel-du-gouvernement-aux-internautes-la-surveillance-26-12-2014-1892495_506.php

C'est collector ce décret: les demandes de l'Etat et les justifications les accompagnant sont stockées 3 ans et détruites après. L'Etat est pour le droit à l'oubli, mais juste pour ce qui le concerne.

Quand on sait que la Commission de contrôle des interceptions est sous-staffée, que 10% des demandes qu'elle examine sont abusives et que la commission du renseignement ne veut surtout pas contrôler les opérations de renseignement en cours, on peut se dire qu'on a un contrôle démocratique fantastique sur ces activités.

Lien vers le commentaire
Partager sur d’autres sites

http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html




When Christmas approaches, the spies of the Five Eyes intelligence services can look forward to a break from the arduous daily work of spying. In addition to their usual job -- attempting to crack encryption all around the world -- they play a game called the "Kryptos Kristmas Kwiz," which involves solving challenging numerical and alphabetical puzzles. The proud winners of the competition are awarded "Kryptos" mugs.

Encryption -- the use of mathematics to protect communications from spying -- is used for electronic transactions of all types, by governments, firms and private users alike. But a look into the archive of whistleblower Edward Snowden shows that not all encryption technologies live up to what they promise.

One example is the encryption featured in Skype, a program used by some 300 million users to conduct Internet video chat that is touted as secure. It isn't really. "Sustained Skype collection began in Feb 2011," reads a National Security Agency (NSA) training document from the archive of whistleblower Edward Snowden. Less than half a year later, in the fall, the code crackers declared their mission accomplished. Since then, data from Skype has been accessible to the NSA's snoops. Software giant Microsoft, which acquired Skype in 2011, said in a statement: "We will not provide governments with direct or unfettered access to customer data or encryption keys." The NSA had been monitoring Skype even before that, but since February 2011, the service has been under order from the secret US Foreign Intelligence Surveillance Court (FISC), to not only supply information to the NSA but also to make itself accessible as a source of data for the agency.

The "sustained Skype collection" is a further step taken by the authority in the arms race between intelligence agencies seeking to deny users of their privacy and those wanting to ensure they are protected. There have also been some victories for privacy, with certain encryption systems proving to be so robust they have been tried and true standards for more than 20 years.

For the NSA, encrypted communication -- or what all other Internet users would call secure communication -- is "a threat". In one internal training document viewed by SPIEGEL, an NSA employee asks: "Did you know that ubiquitous encryption on the Internet is a major threat to NSA's ability to prosecute digital-network intelligence (DNI) traffic or defeat adversary malware?"

Snipped from NSA document: Encryption considered a "threat" Zoom

Snipped from NSA document: Encryption considered a "threat"
The Snowden documents reveal the encryption programs the NSA has succeeded in cracking, but, importantly, also the ones that are still likely to be secure. Although the documents are around two years old, experts consider it unlikely the agency's digital spies have made much progress in cracking these technologies. "Properly implemented strong crypto systems are one of the few things that you can rely on," Snowden said in June 2013, after fleeing to Hong Kong.

The digitization of society in the past several decades has been accompanied by the broad deployment of cryptography, which is no longer the exclusive realm of secret agents. Whether a person is conducting online banking, Internet shopping or making a phone call, almost every Internet connection today is encrypted in some way. The entire realm of cloud computing -- that is of outsourcing computing tasks to data centers somewhere else, possibly even on the other side of the globe -- relies heavily on cryptographic security systems. Internet activists even hold crypto parties where they teach people who are interested in communicating securely and privately how to encrypt their data.

German officials suggest "consistent encryption"

In Germany, concern about the need for strong encryption goes right up to the highest levels of the government. Chancellor Angela Merkel and her cabinet now communicate using phones incorporating strong encryption. The government has also encouraged members of the German public to take steps to protect their own communication. Michael Hange, the president of the Federal Office for Information Security, has stated: "We suggest cryptography -- that is, consistent encryption."

It's a suggestion unlikely to please some intelligence agencies. After all, the Five Eyes alliance -- the secret services of Britain, Canada, Australia, New Zealand and the United States -- pursue a clear goal: removing the encryption of others on the Internet wherever possible. In 2013, the NSA had a budget of more than $10 billion. According to the US intelligence budget for 2013, the money allocated for the NSA department called Cryptanalysis and Exploitation Services (CES) alone was $34.3 million.

Last year, the Guardian, New York Times and ProPublica reported on the contents of a 2010 presentation on the NSA's BULLRUN decryption program, but left out many specific vulnerabilities. The presentation states that, "for the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies," and "vast amounts of encrypted Internet data which have up till now been discarded are now exploitable." Decryption, it turns out, works retroactively - once a system is broken, the agencies can look back in time in their databases and read stuff they could not read before.

The number of Internet users concerned about privacy online has risen dramatically since the first Snowden revelations. But people who consciously use strong end-to-end encryption to protect their data still represent a minority of the Internet-using population. There are a number of reasons for this: Some believe encryption is too complicated to use. Or they think the intelligence agency experts are already so many steps ahead of them that they can crack any encryption program.

Still Safe from the NSA

This isn't true. As one document from the Snowden archive shows, the NSA had been unsuccessful in attempts to decrypt several communications protocols, at least as of 2012. An NSA presentation for a conference that took place that year lists the encryption programs the
Attacks against Crypto

Guide for Analysts on how to use the PRISM Skype Collection
GCHQ Briefing on the BULLRUN Program
GCHQ Presentation on the BULLRUN Programs Decryption Capabilities
NSA LONGHAUL program for end-to-end attack orchestration and key recovery service
BLUESNORT program on "Net Defense" from Encrypted Communications
Presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can be attacked and which not
NSA program SCARLETFEVER explaining how attacks on encrypted connections are orchestrated
Description of VOIP Telephony Encryption methods and cryptanalytic and other ways to attack

Americans failed to crack. In the process, the NSA cryptologists divided their targets into five levels corresponding to the degree of the difficulty of the attack and the outcome, ranging from "trivial" to "catastrophic."

Monitoring a document's path through the Internet is classified as "trivial." Recording Facebook chats is considered a "minor" task, while the level of difficulty involved in decrypting emails sent through Moscow-based Internet service provider "mail.ru" is considered "moderate." Still, all three of those classifications don't appear to pose any significant problems for the NSA.

Things first become troublesome at the fourth level. The presentation states that the NSA encounters "major" problems in its attempts to decrypt messages sent through heavily encrypted email service providers like Zoho or in monitoring users of the Tor network*, which was developed for surfing the web anonymously. Tor, otherwise known as The Onion Router, is free and open source software that allows users to surf the web through a network of more than 6,000 linked volunteer computers. The software automatically encrypts data in a way that ensures that no single computer in the network has all of a user's information. For surveillance experts, it becomes very difficult to trace the whereabouts of a person who visits a particular website or to attack a specific person while they are using Tor to surf the Web.

Cryptanalytics

General Description how NSA handles encrypted traffic
Intercept with PGP encrypted message
Classification Guide for Cryptanalysis
Procedural GCHQ Document on how analysts are to handle encrypted traffic
NSA / GCHQ Crypt Discovery Joint Collaboration Activity
NSA Cryptographic Modernization (CryptoMod) Classification Guide
"National Information Assurance Research Laboratory (NIARL)": Newsletter, Keyword TUNDRA
What Your Mother Never Told You About the development of Signal Intelligence
Intercept with OTR encrypted chat

The NSA also has "major" problems with Truecrypt, a program for encrypting files on computers. Truecrypt's developers stopped their work on the program last May, prompting speculation about pressures from government agencies. A protocol called Off-the-Record (OTR) for encrypting instant messaging in an end-to-end encryption process also seems to cause the NSA major problems. Both are programs whose source code can be viewed, modified, shared and used by anyone. Experts agree it is far more difficult for intelligence agencies to manipulate open source software programs than many of the closed systems developed by companies like Apple and Microsoft. Since anyone can view free and open source software, it becomes difficult to insert secret back doors without it being noticed. Transcripts of intercepted chats using OTR encryption handed over to the intelligence agency by a partner in Prism -- an NSA program that accesses data from at least nine American internet companies such as Google, Facebook and Apple -- show that the NSA's efforts appear to have been thwarted in these cases: "No decrypt available for this OTR message." This shows that OTR at least sometimes makes communications impossible to read for the NSA.

Zoom
Things become "catastrophic" for the NSA at level five - when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a "near-total loss/lack of insight to target communications, presence," the NSA document states.

ZRTP, which is used to securely encrypt conversations and text chats on mobile phones, is used in free and open source programs like RedPhone and Signal. "It's satisfying to know that the NSA considers encrypted communication from our apps to be truly opaque," says RedPhone developer Moxie Marlinspike.

Too Robust for Fort Meade

Also, the "Z" in ZRTP stands for one of its developers, Phil Zimmermann, the same man who created Pretty Good Privacy, which is still the most common encryption program for emails and documents in use today. PGP is more than 20 years old, but apparently it remains too robust for the NSA spies to crack. "No decrypt available for this PGP encrypted message," a further document viewed by SPIEGEL states of emails the NSA obtained from Yahoo.

Phil Zimmermann wrote PGP in 1991. The American nuclear weapons freeze activist wanted to create an encryption program that would enable him to securely exchange information with other like-minded individuals. His system quickly became very popular among dissidents around the world. Given its use outside the United States, the US government launched an investigation into Zimmermann during the 1990s for allegedly violating the Arms Export Control Act. Prosecutors argued that making encryption software of such complexity available abroad was illegal. Zimmermann responded by publishing the source code as a book, an act that was constitutionally protected as free speech.

PGP continues to be developed and various versions are available today. The most widely used is GNU Privacy Guard (GnuPG), a program developed by German programmer Werner Koch. One document shows that the Five Eyes intelligence services sometimes use PGP themselves. The fact is that hackers obsessed with privacy and the US authorities have a lot more in common than one might initially believe. The Tor Project*, was originally developed with the support of the US Naval Research Laboratory.

Deanonymizing

Explanation of a potential technique to deanonymise users of the TOR network
Analytics on security of TOR hidden services
Overview on Internet Anonymization Services on how they work
TOR deanonymisation research
TOR Overview of Existing Techniques
A potential technique to deanonymise users of the TOR network

Today, NSA spies and their allies do their best to subvert the system their own military helped conceive, as a number of documents show. Tor deanonymization is obviously high on the list of NSA priorities, but the success achieved here seems limited. One GCHQ document from 2011 even mentions trying to decrypt the agencies' own use of Tor -- as a test case.

To a certain extent, the Snowden documents should provide some level of relief to people who thought nothing could stop the NSA in its unquenchable thirst to collect data. It appears secure channels still exist for communication. Nevertheless, the documents also underscore just how far the intelligence agencies already go in their digital surveillance activities.

Internet security comes at various levels -- and the NSA and its allies obviously are able to "exploit" -- i.e. crack -- several of the most widely used ones on a scale that was previously unimaginable.

VPN Security only Virtual

One example is virtual private networks (VPN), which are often used by companies and institutions operating from multiple offices and locations. A VPN theoretically creates a secure tunnel between two points on the Internet. All data is channeled through that tunnel, protected by cryptography. When it comes to the level of privacy offered here, virtual is the right word, too. This is because the NSA operates a large-scale VPN exploitation project to crack large numbers of connections, allowing it to intercept the data exchanged inside the VPN -- including, for example, the Greek government's use of VPNs. The team responsible for the exploitation of those Greek VPN communications consisted of 12 people, according to an NSA document SPIEGEL has seen.

Attacks on VPN

NSA High Level Description on TURMOIL / APEX Programs on Attacking VPN
Explanation of the GALLANTWAVE that decrypts VPN Traffic within LONGHAUL
Intro to the VPN Exploitation Process mentioning the protocols attacked - PPTP, IPSEC, SSL, SSH)
Analytic Challenges from Active-Passive Integration when NSA attacks IPSEC VPNs
Overview of the capabilities of the VALIANTSURF program
MALIBU Architecture Overview to exploit VPN Communication
POISENNUT Virtual Private Network Attack Orchestrator (VAO)
NSA Presentation on the development of Attacks on VPN
NSA Presentation on the Analysis and Contextualisation of data from VPN
Description of existing projects on VPN decryption
Explanation of the Transform Engine Emulator when attacking VPN
Explanation of the POISENNUT Product and its role when attacking VPN
Explanation of the TURMOIL GALLANTWAVE Program and its role when attacking VPN
Processing of data from exploited VPN in the TURMOIL program
Decryption of VPN Connections within the VALIANTSURF program
Description on the processing of VPN data packets within the TURMOIL program
Explanation on the SPIN9 program on end-to-end attacks on VPN

The NSA also targeted SecurityKiss, a VPN service in Ireland. The following fingerprint for Xkeyscore, the agency's powerful spying tool, was reported to be tested and working against the service:

fingerprint('encryption/securitykiss/x509') = $pkcs and ( ($tcp and from_port(443)) or ($udp and (from_port(123) or from_por (5000) or from_port(5353)) ) ) and (not (ip_subnet('10.0.0.0/8' or '172.16.0.0/12' or '192.168.0.0/16' )) ) and 'RSA Generated Server Certificate'c and 'Dublin1'c and 'GL CA'c;

According to an NSA document dating from late 2009, the agency was processing 1,000 requests an hour to decrypt VPN connections. This number was expected to increase to 100,000 per hour by the end of 2011. The aim was for the system to be able to completely process "at least 20 percent" of these requests, meaning the data traffic would have to be decrypted and reinjected. In other words, by the end of 2011, the NSA's plans called for simultaneously surveilling 20,000 supposedly secure VPN communications per hour.

VPN connections can be based on a number of different protocols. The most widely used ones are called Point-to-Point Tunneling Protocol (PPTP) and Internet Protocol Security (Ipsec). Both seem to pose few problems for the NSA spies if they really want to crack a connection. Experts have considered PPTP insecure for some time now, but it is still in use in many commercial systems. The authors of one NSA presentation boast of a project called FOURSCORE that stores information including decrypted PPTP VPN metadata.

Using a number of different programs, they claim to have succeeded in penetrating numerous networks. Among those surveilled were the Russian carrier Transaero Airlines, Royal Jordanian Airlines as well as Moscow-based telecommunications firm Mir Telematiki. Another success touted is the NSA's surveillance of the internal communications of diplomats and government officials from Afghanistan, Pakistan and Turkey.

Ipsec as a protocol seems to create slightly more trouble for the spies. But the NSA has the resources to actively attack routers involved in the communication process to get to the keys to unlock the encryption rather than trying to break it, courtesy of the unit called Tailored Access Operations: "TAO got on the router through which banking traffic of interest flows," it says in one presentation.

Anything But Secure

Even more vulnerable than VPN systems are the supposedly secure connections ordinary Internet users must rely on all the time for Web applications like financial services, e-commerce or accessing webmail accounts. A lay user can recognize these allegedly secure connections by looking at the address bar in his or her Web browser: With these connections, the first letters of the address there are not just http -- for Hypertext Transfer Protocol -- but https. The "s" stands for "secure". The problem is that there isn't really anything secure about them.

Attacks on SSL/TLS

NSA Experiment for massive SSL/TLS Decryption
Canadian Document from CES on TLS Trends
Details on how NSA uses the SCARLETFEVER program to attack Scure Sockets Layer (SSL)/Transport Layer Scurity (TLS)
Analysis from SSL/TLS Connections through GCHQ in the flying pig database

The NSA and its allies routinely intercept such connections -- by the millions. According to an NSA document, the agency intended to crack 10 million intercepted https connections a day by late 2012. The intelligence services are particularly interested in the moment when a user types his or her password. By the end of 2012, the system was supposed to be able to "detect the presence of at least 100 password based encryption applications" in each instance some 20,000 times a month.

For its part, Britain's GCHQ collects information about encryption using the TLS and SSL protocols -- the protocols https connections are encrypted with -- in a database called "FLYING PIG." The British spies produce weekly "trends reports" to catalog which services use the most SSL connections and save details about those connections. Sites like Facebook, Twitter, Hotmail, Yahoo and Apple's iCloud service top the charts, and the number of catalogued SSL connections for one week is in the many billions -- for the top 40 sites alone.

Hockey sites monitored

Canada's Communications Security Establishment (CSEC) even monitors sites devoted to the country's national pastime: "We have noticed a large increase in chat activity on the hockeytalk sites. This is likely due to the beginning of playoff season," it says in one presentation.

The NSA also has a program with which it claims it can sometimes decrypt the Secure Shell protocol (SSH). This is typically used by systems administrators to log into employees' computers remotely, largely for use in the infrastructure of businesses, core Internet routers and other similarly important systems. The NSA combines the data collected in this manner with other information to leverage access to important systems of interest.

Weakening Cryptographic Standards

But how do the Five-Eyes agencies manage to break all these encryption standards and systems? The short answer is: They use every means available.

One method is consciously weakening the cryptographic standards that are used to implement the respective systems. Documents seen by SPIEGEL show that NSA agents travel to the meetings of the Internet Engineering Task Force (IETF), an organization that develops such standards, to gather information but presumably also to influence the discussions there. "New session policy extensions may improve our ability to passively target two sided communications," says a brief write-up of an IETF meeting in San Diego on an NSA-internal Wiki.

This process of weakening encryption standards has been going on for some time. A classification guide, a document that explains how to classify certain types of secret information, labels "the fact that NSA/CSS makes cryptographic modifications to commercial or indigenous cryptographic information security devices or systems in order to make them exploitable" as Top Secret.

NSA classification guide: "Cryptographic modifications" Zoom

NSA classification guide: "Cryptographic modifications"
Cryptographic systems actively weakened this way or faulty to begin with are then exploited using supercomputers. The NSA maintains a system called Longhaul, an "end-to-end attack orchestration and key recovery service for Data Network Cipher and Data Network Session Cipher traffic." Basically, Longhaul is the place where the NSA looks for ways to break encryption. According to an NSA document, it uses facilities at the Tordella Supercomputer Building at Fort Meade, Maryland, and Oak Ridge Data Center in Oak Ridge, Tennessee. It can pass decrypted data to systems such as Turmoil -- a part of the secret network the NSA operates throughout the world, used to siphon off data. The cover term for the development of these capabilities is Valientsurf. A similar program called Gallantwave is meant to "break tunnel and session ciphers."

In other cases, the spies use their infrastructure to steal cryptographic keys from the configuration files found on Internet routers. A repository called Discoroute contains "router configuration data from passive and active collection" one document states. Active here means hacking or otherwise infiltrating computers, passive refers to collecting data flowing through the Internet with secret NSA-operated computers.

An important part of the Five Eyes' efforts to break encryption on the Internet is the gathering of vast amounts of data. For example, they collect so-called SSL handshakes -- that is, the first exchanges between two computers beginning an SSL connection. A combination of metadata about the connections and metadata from the encryption protocols then help to break the keys which in turn allow reading or recording the now decrypted traffic.

If all else fails, the NSA and its allies resort to brute force: They hack their target's computers or Internet routers to get to the secret encryption -- or they intercept computers on the way to their targets, open them and insert spy gear before they even reach their destination, a process they call interdiction.

A Grave Threat to Security

For the NSA, the breaking of encryption methods represents a constant conflict of interest. The agency and its allies do have their own secret encryption methods for internal use. But the NSA is also tasked with providing the US National Institute of Standards and Technology (NIST) with "technical guidelines in trusted technology" that may be "used in cost-effective systems for protecting sensitive computer data." In other words: Checking cryptographic systems for their value is part of the NSA's job. One encryption standard the NIST explicitly recommends is the Advanced Encryption Standard (AES). The standard is used for a large variety of tasks, from encrypting the PIN numbers of banking cards to hard disk encryption for computers.

One NSA document shows that the agency is actively looking for ways to break the very standard it recommends - this section is marked as "Top Secret" (TS): "Electronic codebooks, such as the Advanced Encryption Standard, are both widely used and difficult to attack cryptanalytically. The NSA has only a handful of in-house techniques. The TUNDRA project investigated a potentially new technique -- the Tau statistic -- to determine its usefulness in codebook analysis."

Zoom
The fact that large amounts of the cryptographic systems that underpin the entire Internet have been intentionally weakened or broken by the NSA and its allies poses a grave threat to the security of everyone who relies on the Internet -- from individuals looking for privacy to institutions and companies relying on cloud computing. Many of these weaknesses can be exploited by anyone who knows about them -- not just the NSA.

Inside the intelligence community, this danger is widely known: According to a 2011 document, 832 individuals at GCHQ alone were briefed into the BULLRUN project, whose goal is a large-scale assault on Internet security.

By Jacob Appelbaum, Aaron Gibson, Christian Grothoff, Andy Müller-Maguhn, Laura Poitras, Michael Sontheimer and Christian Stöcker

* Two co-authors of this article, Jacob Appelbaum and Aaron Gibson, work on the Tor-Project. Appelbaum also works on the OTR project, as well as contributing to other encryption programs.

  • Upvote (+1) 1
Lien vers le commentaire
Partager sur d’autres sites

Yes, les "légistes" informatiques disent que les premiers ordis infectés ont été les PC de cinq compagnies qui avaient un rapport avec la centrale nucléaire cible. A partir de là, il n'y avait plus qu'à attendre que quelqu'un y travaillant fasse la gaffe de connecter une clé USB à un PC du réseau interne...

 

http://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/?utm_content=buffer1cf78&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

 

Dans les documents de la NSA, on appelle ces techniques "jumping the air gap".

Lien vers le commentaire
Partager sur d’autres sites

A partir de là, il n'y avait plus qu'à attendre que quelqu'un y travaillant fasse la gaffe de connecter une clé USB à un PC du réseau interne.

Ce qui est étonnant c'est que dans un truc aussi sécurisé les ports soit a la fois physiquement accessible et non désactivé.

  • Upvote (+1) 1
Lien vers le commentaire
Partager sur d’autres sites

  • 3 weeks later...

a première vue, on est en cyberguerre, je promets un avenir radieux pour les sociétés spécialisés en sécurité internet et en audit.
 
La France face à une vague sans précédent de cyberattaques
 
 
http://www.lefigaro.fr/secteur/high-tech/2015/01/15/01007-20150115ARTFIG00333-la-france-face-a-une-vague-sans-precedent-de-cyberattaques.php

Modifié par zx
Lien vers le commentaire
Partager sur d’autres sites

C'est juste du cyberhooliganisme.

 

Et ce n'est pas si mal : ca va obliger pas mal d'organisations connectées à apprendre le b.a.-ba de la sécurité informatique sans être victime de piratages cherchant à voler des données. ITSec 101 gratuit !

Lien vers le commentaire
Partager sur d’autres sites

Oh, tant que j'y pense, c'est la ouat millième fois que je lis l'expression "qui a révélé l'ampleur" de gnagna de la NSA.

 

Quelqu'un peut-il me dire ce que signifie cette putain de phrase, alors qu'aucun média n'a été foutu de dire clairement quelle était cette "ampleur", et qu'ils sont partis comme des cons moutons sur le principe du "la NSA écoute absolument tout" auquel on avait déjà eu droit il y a plus de 15 ans lors de la controverse "Echelon". 

 

(Et si j'ai une réponse à côté de la plaque, je balance publiquement la date de l'article le plus ancien comparant la NSA à Big Brother.)

Lien vers le commentaire
Partager sur d’autres sites

  • 2 weeks later...
  • 2 weeks later...

qu'elles soient virtuelles ou pas, ca marche à tous les coups et ca ne pardonne pas.

 

Sur Internet, les rebelles syriens piégés par des photos de femmes

 

http://www.lefigaro.fr/secteur/high-tech/2015/02/02/01007-20150202ARTFIG00305-pour-espionner-les-rebelles-syriens-des-hackers-se-font-passer-pour-des-femmes.php

Modifié par zx
Lien vers le commentaire
Partager sur d’autres sites

Créer un compte ou se connecter pour commenter

Vous devez être membre afin de pouvoir déposer un commentaire

Créer un compte

Créez un compte sur notre communauté. C’est facile !

Créer un nouveau compte

Se connecter

Vous avez déjà un compte ? Connectez-vous ici.

Connectez-vous maintenant
  • Statistiques des membres

    6 003
    Total des membres
    1 749
    Maximum en ligne
    pandateau
    Membre le plus récent
    pandateau
    Inscription
  • Statistiques des forums

    21,6k
    Total des sujets
    1,7m
    Total des messages
  • Statistiques des blogs

    4
    Total des blogs
    3
    Total des billets
×
×
  • Créer...