Warning: Use of undefined constant wp_cumulus_widget - assumed 'wp_cumulus_widget' (this will throw an Error in a future version of PHP) in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/wp-cumulus/wp-cumulus.php on line 375
hacking | The Geek Bar

SSL n’est plus sur : risque majeur pour les sites sécurisés


Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match_all(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 700

Warning: Invalid argument supplied for foreach() in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 707

Warning: preg_match_all(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 700

Warning: Invalid argument supplied for foreach() in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 707

Lu cet après-midi dans l’excellent Presse-Citron, une faille vient d’être découverte dans le chiffrement SSL qui permet son exploitation pour decrypter les échanges sécurisés, et donc potentiellement récupérer les informations chiffrées en clair.

Je vous laisse lire l’article, clair et parfaitement écrit, pour découvrir les détails techniques, et pour les plus anglophiles d’entre vous, creuser encore plus avec les échanges des chercheurs qui ont mis à jour cette faille.

Bien utilisée, cette technique permet de casser un échange crypté en 10 minutes, et de récupérer par exemple les informations d’un compte PayPal.

De quoi avoir des frissons dans le dos ! Surtout quand on découvre que plusieurs millions de sites sont vulnérables (et les mises à jour des versions du protocole de chiffrement (TLS pour Transport Layer Security) sont complexes, longues et coûteuses, et ne sont pas compatibles avec tous les navigateurs).

Il y’a donc fort à parier que cette faille persiste un moment. La solution viendra des navigateurs (Chrome à déjà réagit et proposé un correctif), qui peuvent boucher la faille en bloquant certaines fonctions javascript, l’exploit en question, délicatement nomém BEAST (Browser Eploit Against SSL/TLS), s’appuyant sur un code javascript travaillant en relais avec un sniffer réseau.

Affaire à suivre donc, et navigateurs à patcher au plus vite …

FacebookTwitterGoogle+EmailPinterestTumblrEvernote

2011, l’année du DDoS ?


Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 1384

Warning: preg_match_all(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 700

Warning: Invalid argument supplied for foreach() in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 707

Warning: preg_match_all(): Compilation failed: invalid range in character class at offset 4 in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 700

Warning: Invalid argument supplied for foreach() in /homepages/23/d76901987/htdocs/geek/wp-content/plugins/lightbox-plus/classes/shd.class.php on line 707

dDoS

Après le buzz autour de l’attaque de wikileaks en DDoS (Distributed Denial of Service Attack -ou- Attaque par Déni de Service), c’est au tour de wordpress.com de subir des cyber-assaults violents (vraisemblablement en provenance de la Chine) – Certes ces sites, et notamment wordpress.com, sont régulièrement victimes d’attaques de ce type, mais les records sont tombés hier lors de l’attaque la plus virulente que le site ait jamais enregistré, et qui s’est étalée sur plusieurs jours (Plusieurs GigaBits/seconde et des 10aines de millions de paquets/seconde).

D’autres sites communautaires (moins connus) tels que BlogSpirit, en France par exemple, ont eux aussi connus ces dernières semaines des attaques de ce type.

Il semble donc que la mode soit revenue d’attaquer massivement un fournisseur de services ou de contenus pour bloquer un ou deux sites hébergés, au détriment de l’ensemble des utilisateurs et internautes, allant même jusqu’à provoquer des effets de bords en pénalisant les sites et réseaux qui exploitent ou utilisent ces fournisseurs de services (CNN, CBS et AoL TechCrunch par exemple, qui utilisent les services de wordpress.com). Lire plus

FacebookTwitterGoogle+EmailPinterestTumblrEvernote