Web blog d'un ingénieur en sécurité informatique. IT Security watcher's blog: news, threats analysis, AV issues, PoC, IT security, bugs... Contact: philippe.vialle@wanadoo.fr
Qui a dit que cela n'arrivait pas à tous les fournisseurs de service ? GMail ne fait pas exception à la règle. Bien que le Copyright sur la page date de 2008, le message lui, date bien de 2011 ! (je n'avais pas eu l'occasion de le poster). Attention donc...
A bit strange, isn't it, that alert from Certificate patrol? This came up while accessing Facebook with Firefox... Well, that would mean Facebook rolled back their HTTPS certificate, to re-use a former one, issued on November 2010... Why so? no real clue......
I would believe we are back to Win 9x systems fashion, when adwares used to be legion (at least, in proportion compared to global threats trends at this time). But this case seems to concern any Android OS from 1.6 to 2.x, much more modern systems......
First I thouht this was like regular spam, and something close to Viagra (and others...). But, in the end, no... The contact told me his "mail account" had been stolen, whereas I do believe his computer has been compromised (and then, the bad guys used...
Autre équipe Turque , autres motivations, autre victime...? A première vue, rien à voir avec une publication satyrique sur une icône religieuse (cf. cas Charlie Hebdo : http://www.itespresso.fr/piratage-la-galere-de-charlie-hebdo-sur-internet-47804.html...
I just found out that one of my NIPS' reports seems pretty clear regarding the daily top alerts: For those who forgot to secure a lil bit their (open)SSH server, time's running... What about that IP address 65.98.36.50? Well, it is the reverse DNS pointer...
Yes, a bit surprising, but yeah, even Google...! I'm talking about the classical GMail interface, which is still regular (the new one has not yet been put as a standard...) While trying to reply to an email, or even write a new one, here is the warning...
L'échantillon parle de lui-même : L'utilisation d'un compte GMail , comme point de contact pour une promo "Orange" , semble loufoque. Au pire, un Wanadoo aurait déjà pu semer le trouble pour les "nouveaux internautes"... Et le comble, c'est que le message...
Si certains pensaient (comme moi) pouvoir utiliser la Freebox v6 comme espace de sauvegarde réseau, je leur recommande de lire ce qui va suivre. Le contexte est : - des postes, notamment Whistler (XP) et Vienna (Win7) - une solution de sauvegarde automatisée...
This malware did succeed to install itself on the following configuration: - Win7 64 bits, fully-patched - KAV 2011 - user account not administrator (account switch using UAC) - Opera 11.52 up-to-date I was just surfing... Therefore I do believe it is...
Suivant régulièrement les évolutions des suites bureautiques "volatiles", leur système de mise à jour centralisé et realtivement réactif reste à mon avis une référence. Cependant, ce soir, un message surprise est apparu pour la Liberkey : Un certificat...
To those who believe russian web tends to be safer, please first read Kaspersky's threat report Q2 2011. (cf. https://www.securelist.com/en/analysis/204792186/IT_Threat_Evolution_Q2_2011 ) Then, have a look at the following. Here is the mail I received...
En navigant sur le web, j'ai eu la surprise de voir KAV 2011 alerter lors de l'accès à un site (trojanedbinaries.com). Voici le message complet : Analysons donc le sens du message , via le nom de la détection : - HEUR pour Heuristique, certainement. -...
I wanted to benchmark a little bit the level of protection that Trusteer offers for real. Trusteer is said to be a leader in Internet content security filtering. See (in French): http://lesbanquesenligne.fr/articles-banques-en-ligne/boursorama-lutte-contre-la-fraude-bancaire-avec-%C2%ABtrusteer%C2%BB/...
While trying o get the official "uptime" tool from MS's website (http://support.microsoft.com/kb/232243 ) I had a surprise. The file got detected by the automatic AV scan which is shipped with IE9 (ie: Windows Defender). And the VirusTotal's results are...
I felt that Kaspersky antivirus was taking a lot or resources, generating lots of HDD requests. So I tried to monitor what was going on, and used SysInternals Procmon. BTW, hi and congrats Mark :) I set up a filter targeting avp.exe (one of the main exefiles...
Je milite depuis pas mal de temps déjà pour que les sites de banque (au moins) engagent des actions afin de vérifier la sécurité des postes de leurs clients qui s'y connectent. En effet, il est peu utile de "blinder" un serveur Web si le poste client...
While surfing on Twitter you may find such a profile... that may look interesting for a few guys :) As you can see, several posts dealing with men/women... and "being single"... But what I find more interesting is the link, that is quite visible, just...
That trick was really about to get me... The bot would realy make you believe it is your Facebook contact talking to you, but it is not... I sent the URL to VirusTotal, here are the results: nothing to worry about... URL Analysis tool Result Avira Clean...
As some people and I said earlier, a few Firefox extensions could be really useful regarding the Diginotar situation. Here is what says Certificate Patrol after a few weeks of sleep (meaning not being used; until tonight): There is a clear warning about...
NB: for non English speaking people, use a translator such as translate.google.com Once I had (last!) received my invitation to Google+ , I started to play around with it. I will not describe here my feeling about the concept by itself, but will go straight...
Cette fois-ci, j'ai préféré ne pas évaluer l'efficience de solutions de sécurité à l'instant T où la menace atteignait le poste, mais quelques temps après... Voici le courriel , assez bien fait d'ailleurs : Thunderbird 64 (Miramar) avait alerté sur un...
Here is a screenshot of the message spreading: The real URL is being displayed in the status bar. I personaly used DynDNS some time ago... anyway. This malware did trigger an alert from: - Kaspersky - IE 9 Smart screen filter But the thing is, Kaspersky...
Courriel reçu le 01/07/2011 03:48 : Objet : Video intimo de Deborah Secco com jogador Roger cai na internet! Assista com exclusividade o video que pode retirar a atriz da novela Insensato Coracao Texte : http://noticias.terra.com.br/mundo/noticias/0-OI5211810-EI8141-00-Video-intimo-de-Debora-Secco-e-Seu-Marido-Roger-Flores-e-Divulgado-na-Net.html-0.11290...
En fait, le lien pointe sur: http://199.16.130. 102/~vlallala/vbv2012/authentification/VerifierVisa/ NB : le lien ne semble plus marcher actuellement... Bilan du filtrage par les navigateurs : - Firefox 5: alerte "page contrefaite" - IE9, avec module...