Il y a le film La Sociale qui sort mercredi.
Si jamais il passe près de chez vous, allez le voir !

http://www.lasociale.fr/
https://www.ecirtam.net/links/?BIfPsg
(Permalink)

Comme chaque années, j'étais aux Utopiales.
De mémoire, c'est seulement la 2ème fois qu'un film remporte le prix du jury ET du public.
Realive (http://www.imdb.com/title/tt4074928/) est vraiment un très bon film. Malheureusement pour ceux qui ne l'on pas vu, ce film n'a pas trouvé de distributeur en France -_-
Jeeg robot (http://www.imdb.com/title/tt3775086/) était pas mal aussi :-)
via https://links.nekoblog.org/?eRSsSw
(Permalink)

:-/
(Permalink)

https://www.blackhat.com/docs/eu-16/materials/eu-16-OHanlon-WiFi-IMSI-Catcher.pdf
(Permalink)

https://www.bortzmeyer.org/ripe-atlas-api.html
https://www.bortzmeyer.org/search?pattern=atlas

Si vous voulez contribuer au réseau :
http://www.zdnet.fr/actualites/et-si-vous-installiez-une-sonde-ripe-atlas-pour-contribuer-a-mesurer-la-qualite-de-service-d-internet-39801231.htm
(Permalink)

«
Privacy issues

In November 2016, an investigation by journalists from the German TV channel NDR showed that WOT collects, records, analyzes and sells user-related data to third-parties, allowing third-parties to identify individual users, despite WOT's claims they would anonymize the data.[18][19][20] The data obtained was traceable to WOT and could be assigned to specific individuals.[21][22] The investigation was based on freely available sample data, and revealed that sensitive private information of more than 50 users could be retrieved.[19] This information included the visited web-sites, account names, mail addresses and other data potentially enabling the tracking of browser surfing activity, travel plans, illnesses, sexual preferences, drug consumption, and reconstruction of confidential company revenue data of a media house as well as details regarding ongoing police investigations.[18] WOT chose not to comment on the findings when prompted by German media with the results of the investigation prior to the publication of the report.[18][19]
»
Fuck

via http://sebsauvage.net/links/?wn8OPQ
https://news.ycombinator.com/item?id=12870953
(Permalink)

Face à la police / Face à la justice
Guide d’autodéfense juridique

Élie Escondida et Dante Timélos , Collectif CADECOL
ISBN 978-2-84950-482-6

via https://shaarli.guiguishow.info/?zyHNNw
(Permalink)

Hop quelques serveurs DNS en plus :
89.234.141.66 | 2a00:5881:8100:1000::3 | recursif.arn-fai.net
89.234.186.18 | 2a00:5884:8218::1         | log.bzh
80.67.188.188 | 2001:913::8                   | ns0.ldn-fai.net
(Permalink)

«

Here is a number of practical attack scenarios:

- Attack the user by replacing important files, such as
 .ssh/authorized_keys, .bashrc, .bash_logout, .profile,
 .subversion or .anyconnect, when they extract an tar archive.
  For example:

 user@host:~$ dpkg --fsys-tarfile evil.deb | tar -xf - \
 --wildcards 'blurf*'
 tar: Removing leading `blurf/../' from member names
 user@host:~$ cat .ssh/authorized_keys
 ssh-rsa AAAAB3...nU= mrrobot@fsociety
 user@host:~$


- Attack automation that extracts tar originating from a web
 application or similar sources. Such operation might be performed by
 a setuid root component of the application. The command executed
 could be for example:

 #tar -C / -zxf /tmp/tmp.tgz etc/application var/chroot/application/etc

 The attacker can overwrite /var/spool/cron/crontabs/root to gain code
 execution as root. It is also possible to replace binaries commonly
 executed by root with a backdoored ones, or to drop setuid root
 binaries that will enable the attacker to gain root privileges at
 will. Common attack would be to replace some network facing daemon
 with backdoored one, enabling covert code execution on demand.

 This type of scenario has been successfully exploited in the real
 world to gain a remote code execution as root in different
 environments.

- Attack commands that try to replace single files/dirs as root:

 The victim would like to replace `/etc/motd' file in the system by
 extracting it from an archive obtained from an untrusted source:

 # tar -C / -xvf archive.tar etc/motd
 tar: Removing leading `etc/motd/../' from member names
 etc/motd/../etc/shadow
 #

 The attacker can also bypass --exclude rule, if it is being used
 with --anchored switch. For example: The victim would like to extract
 all files but `/etc/shadow' from an archive:

 # tar -C / -xvf archive.tar --anchored --exclude etc/shadow
 tar: Removing leading `etc/motd/../' from member names
 etc/motd/../etc/shadow
 #

 In both cases, the attacker has now successfully replaced /etc/shadow
 file with arbitrary content.


Exploiting the vulnerability works best if the attacker has some prior knowledge of the specifics of the tar command line that gets executed. The path prefix before the `..' sequence will need to (at least partially) match the target path (or not match in case of the exclude rule) in order for the bypass attack to work. Guessing which paths the victim might extract could work too, but the success rate is likely lower.



Vulnerable versions
-------------------

- GNU tar 1.14 to 1.29 (inclusive)
»
(Permalink)

Ce problème date de 2009. Voir https://fr.wikipedia.org/wiki/NoScript#Accueil
Le code source est sous Licence GNU GPL (https://noscript.net/faq#qa1_14) mais je ne l'ai pas trouvé. *
Pour ma part j'ai bloquer le nom de domaine noscript.net

* Edit : https://stackoverflow.com/questions/17664157/where-to-find-source-code-of-mozilla-noscript-extension
(Permalink)

via http://bahadour.fr/link/?9Y961A
(Permalink)

Intéressant
Donc pour la liste CSV de sites bloqués, il ne faut pas la divulguer tel quel mais :
- si possible la comparer entre opérateurs
- tester le blocage de chacun des sites depuis chaque opérateur
- créer un nouveau fichier.

Est-ce que les FAI associatifs ont accès à cette liste ?
(Permalink)

(Permalink)

Le contenu du eval ligne 22 de http://nopaste.nl/jvnEwEpL5a donne ça :
/*

(function(){function h(e){try{cookieArray=[];for(var b=/^\s?incap_ses_/,d=document.cookie.split("\x3b"),c=0;c<d.length;c++)key=d[c].substr(0,d[c].indexOf("\x3d")),value=d[c].substr(d[c].indexOf("\x3d")+1,d[c].length),b.test(key)&&(cookieArray[cookieArray.length]=value);cookies=cookieArray;digests=Array(cookies.length);for(b=0;b<cookies.length;b++){for(var g=e+cookies[b],c=d=0;c<g.length;c++)d+=g.charCodeAt(c);digests[b]=d}res=e+"\x2c\x64\x69\x67\x65\x73\x74\x3d"+digests.join()}catch(k){res=e+"\x2c\x64\x69\x67\x65\x73\x74\x3d"+encodeURIComponent(k.toString())}e=
res;g=new Date;g.setTime(g.getTime()+2E4);document.cookie="\x5f\x5f\x5f\x75\x74\x6d\x76\x63\x3d"+e+("\x3b\x20\x65\x78\x70\x69\x72\x65\x73\x3d"+g.toGMTString())+"\x3b\x20\x70\x61\x74\x68\x3d\x2f"}function l(e){for(var b=[],d=0;d<e.length;d++){var c=e[d][0];switch(e[d][1]){case "\x65\x78\x69\x73\x74\x73\x5f\x62\x6f\x6f\x6c\x65\x61\x6e":try{"\x75\x6e\x64\x65\x66\x69\x6e\x65\x64"!=typeof eval(c)?b[b.length]=encodeURIComponent(c+"\x3d\x74\x72\x75\x65"):b[b.length]=encodeURIComponent(c+"\x3d\x66\x61\x6c\x73\x65")}catch(g){b[b.length]=encodeURIComponent(c+"\x3d\x66\x61\x6c\x73\x65")}break;case "\x65\x78\x69\x73\x74\x73":try{b[b.length]=encodeURIComponent(c+"\x3d"+typeof eval(c))}catch(k){b[b.length]=encodeURIComponent(c+
"\x3d"+k)}break;case "\x76\x61\x6c\x75\x65":try{b[b.length]=encodeURIComponent(c+"\x3d"+eval(c).toString())}catch(h){b[b.length]=encodeURIComponent(c+"\x3d"+h)}break;case "\x70\x6c\x75\x67\x69\x6e\x73":try{p=navigator.plugins;pres="";for(a in p)pres+=(p[a].description+"\x20").substring(0,20);b[b.length]=encodeURIComponent("\x70\x6c\x75\x67\x69\x6e\x73\x3d"+pres)}catch(l){b[b.length]=encodeURIComponent("\x70\x6c\x75\x67\x69\x6e\x73\x3d"+l)}break;case "\x70\x6c\x75\x67\x69\x6e":try{for(i in a=navigator.plugins,a)if(f=a[i].filename.split("\x2e"),2==f.length){b[b.length]=encodeURIComponent("\x70\x6c\x75\x67\x69\x6e\x3d"+f[1]);break}}catch(m){b[b.length]=
encodeURIComponent("\x70\x6c\x75\x67\x69\x6e\x3d"+m)}}}return b=b.join()}var m=[["\x6e\x61\x76\x69\x67\x61\x74\x6f\x72","\x65\x78\x69\x73\x74\x73\x5f\x62\x6f\x6f\x6c\x65\x61\x6e"],["\x6e\x61\x76\x69\x67\x61\x74\x6f\x72\x2e\x76\x65\x6e\x64\x6f\x72","\x76\x61\x6c\x75\x65"],["\x6f\x70\x65\x72\x61","\x65\x78\x69\x73\x74\x73\x5f\x62\x6f\x6f\x6c\x65\x61\x6e"],["\x41\x63\x74\x69\x76\x65\x58\x4f\x62\x6a\x65\x63\x74","\x65\x78\x69\x73\x74\x73\x5f\x62\x6f\x6f\x6c\x65\x61\x6e"],["\x6e\x61\x76\x69\x67\x61\x74\x6f\x72\x2e\x61\x70\x70\x4e\x61\x6d\x65","\x76\x61\x6c\x75\x65"],["\x70\x6c\x61\x74\x66\x6f\x72\x6d","\x70\x6c\x75\x67\x69\x6e"],["\x77\x65\x62\x6b\x69\x74\x55\x52\x4c","\x65\x78\x69\x73\x74\x73\x5f\x62\x6f\x6f\x6c\x65\x61\x6e"],["\x6e\x61\x76\x69\x67\x61\x74\x6f\x72\x2e\x70\x6c\x75\x67\x69\x6e\x73\x2e\x6c\x65\x6e\x67\x74\x68\x3d\x3d\x30","\x76\x61\x6c\x75\x65"],["\x5f\x70\x68\x61\x6e\x74\x6f\x6d","\x65\x78\x69\x73\x74\x73\x5f\x62\x6f\x6f\x6c\x65\x61\x6e"]];try{h(l(m)),document.createElement("\x69\x6d\x67").src="\x2f\x5f\x49\x6e\x63\x61\x70\x73\x75\x6c\x61\x5f\x52\x65\x73\x6f\x75\x72\x63\x65\x3f\x53\x57\x4b\x4d\x54\x46\x53\x52\x3d\x31\x26\x65\x3d"+Math.random()}catch(n){img=document.createElement("\x69\x6d\x67"),img.src="\x2f\x5f\x49\x6e\x63\x61\x70\x73\x75\x6c\x61\x5f\x52\x65\x73\x6f\x75\x72\x63\x65\x3f\x53\x57\x4b\x4d\x54\x46\x53\x52\x3d\x31\x26\x65\x3d"+
n}})();

*/
Je n'ai pas le temps plus déoffusquer mais en tout cas, il y a du traitement de cookie et la création d'une images.
(Permalink)

via https://chabotsi.fr/links/?JwptZA
(Permalink)

Toujours aussi intéressant :-)
thinkerview : http://www.youtube.com/channel/UCQgWpmt02UtJkyO32HGUASQ
(Permalink)

Pas mal.
Un programme qui colorise les images qui sont en noir et blanc.
via IxeYgrek
(Permalink)

XD

via http://bookmarks.ecyseo.net/?_jswCw
(Permalink)

Si t'as un clé USB avec un linux dessus et que les disques ne sont pas correctement chiffrés, et bien qu'importe l'OS de la machine, tu peux tout récupérer.
(Permalink)

Ahah pas mal ce générateur ^_^
http://www.jesuischarliegenerator.com/je-suis-charlie-generator-GHpJ-653x435.jpg

via http://nicolas-delsaux.hd.free.fr/Shaarli/?_HHaxw
(Permalink)