INDEX CONNECTING BUSINESS & T ECHNOLOGY

Transcription

1 Veille Technologique Sécurité INDEX 2010 CONNECTING BUSINESS & T ECHNOLOGY CERT-DEVOTEAM Pour tous renseignements: 1, rue GALVANI Offre de veille Massy Palaiseau Informations vts-info@cert-devoteam.com CERT-DEVOTEAM - Tous droits reserves

2 ACTUALITES SECURITE TITRE SOURCE MOIS P. 35IEME TOP 500 SC JUN 5 36IEME TOP 500 SC NOV 4 BITSHRED: FAST, SCALABLE CODE REUSE DETECTION IN BINARY CODE - AVR 4 CERTIFICATION CSPN DU LOGICIEL BRO V1.4 ANSSI FEV 17 CERTIFICATION CSPN DU LOGICIEL UCOPIA ANSSI MAR 13 CERT-IST - BILAN 2009 CERT-IST AVR 2 COMMENT LIRE UN BREVET EN 60 SECONDES - SEP 5 CONDAMNATION D UN CYBERSQUATTEUR - NOV 2 CRYPTOGRAPHIE - CHALLENGE RSA JAN 2 EFFACEMENT DES SUPPORTS DE STOCKAGE DE MASSE ANSSI JUN 2 GOOGLE - UN LABORATOIRE POUR COMPRENDRE LA SECURITE DES APPLICATIONS GOOGLE MAI 2 LAUREATS DES BOURSES ERC ERC DEC 2 LE TOP 25 DES ERREURS DE PROGRAMMATION MITRE FEV 2 LES ENJEUX DU DNSSEC AFNIC SEP 6 QUBES ITL AVR 5 RAPPEL SUR LA LEGISLATION EN MATIERE D OUTILS D ESPIONNAGE ANSSI JUN 3 RAPPORT ANNUEL D ACTIVITE ARCEP JUN 4 RAPPORT M-TRUST MANDIANT FEV 2 SECURE COMPUTING CORPORATION SCTC JUN 3 SUR LA BONNE CONFIGURATION DE SSL ET TLS G-SEC FEV 4 UN POSTER DE SENSIBILISATION - AOU 2 ARTICLES: 21 Veille Technologique Sécurité Index 2010 Page 2/9

3 ANALYSES ET COMMENTAIRES ETUDES TITRE SOURCE MOIS P. CRYPTOGRAPHIE QUANTIQUE - SEP 2 FUN WITH WXWORKS HD MOORE AOU 2 LA VULNÉRABILITÉ.LNK - JUL 3 OPENBTS SUR DROID C.PAGET AOU 3 PINDR0P, VERS UNE IDENTIFICATION DES APPELS VOIP CalTECH NOV 4 SCD, UN ESPION EMV UCAM NOV 5 SHADOWS IN THE CLOUD: INVESTIGATING CYBER ESPIONAGE AVR 3 SONDES SANS FILS AUTOALIMENTEES LINEAR TEC DEC 3 STUXNET DE NOUVEAUX INDICES - NOV 2 SUR L UTILISATION DE RDMA - JUL 2 SUR LA RESILIENCE DU DNS - JAN 2 UN RETOUR SUR STUXNET - SEP 3 UNE CARTE MENTALE DE LA CLASSIFICATION D UN INCIDENT VERIZON MAR 2 ARTICLES: 13 CONFERENCES TITRE CONF MOIS P. ALGEBRAIC SIDE-CHANNEL ANALYSIS IN THE PRESENCE OF ERRORS CHES OCT 2 ALGORITHM OF COMPUTING ENTROPY MAP AS A NEW METHOD OF MALWARE DETECTION IAWACS MAI 6 ALL YOUR BASEBAND ARE BELONG TO US HACK.LU NOV 11 ANALYZING INFORMATION FLOW IN JAVASCRIPT-BASED BROWSER EXTENSIONS ACSAC JAN 5 ANONYMITY, PRIVACY, AND CIRCUMVENTION: TOR IN THE REAL WORLD SOURCE MAI 5 BACK TO THE GLASS HOUSE SHMOOCON FEV 6 BALANCING THE PWN TRADE DEFICIT BLACKHAT AOU 6 BETTER CLOUD LIVING THROUGH STANDARDS SECCLOUD MAI 8 BLINDELEPHANT: WEBAPP FINGERPRINTING AND VULNERABILITY INFERENCING BLACKHAT AOU 7 BLITZABLEITER - THE RELEASE BLACKHAT AOU 11 BOSTON 2010 SOURCE MAI 4 BREACHING BLACKBERRY SECURITY: REVIEW AND EXPLOIT DEMONSTRATION HACK.LU NOV 11 CACHE ON DELIVERY HITB NOV 8 CAN YOU STILL TRUST YOUR NETWORK CARD? CANSECWEST AVR 9 CASE STUDY OF RECENT WINDOWS VULNERABILITIES FSE AVR 11 CHAPTERS FROM THE HISTORY OF IT SECURITY HACKTIVITY OCT 5 CLOUD COMPUTING IN JAPAN AT GOVERNMENT SECCLOUD MAI 12 CLOUD COMPUTING PARADIGM SECCLOUD MAI 10 CRYPTANALYSIS OF THE DECT STANDARD CIPHER FSE AVR 10 DECEPTION 2.0: GATHERING AND EXPLOITING INFORMATION FSE AVR 12 DECONSTRUCTING A SECURE PROCESSOR BLACKHAT FEV 11 DETECTING PS/2 HARDWARE KEYLOGGER HITB NOV 6 DETECTING SOFTWARE THEFT VIA SYSTEM CALL BASED BIRTHMARKS ACSAC JAN 7 DIGITAL AMNESIA HACKTIVITY OCT 6 DNSSEC DEPLOYMENT IN EUROPE ICANN MAR 8 DNSSEC DEPLOYMENT UPDATE ICANN MAR 7 DNSSEC FOR THE ROOT ZONE ICANN MAR 9 DNSSEC WORKSHOP ICANN MAR 7 ELECTRICITY FOR FREE? THE DIRTY UNDERBELLY OF SCADA AND SMART METERS BLACKHAT AOU 9 EXPLOITING LAWFUL INTERCEPT TO WIRETAP THE INTERNET BLACKHAT FEV 8 EXPOSING CRYPTO BUGS THROUGH REVERSE ENGINEERING CCC26 JAN 8 FAST SOFTWARE AES ENCRYPTION FSE AVR 10 FIFTH ANNUAL INFRASTRUCTURE SECURITY SURVEY NANOG MAR 6 FIREEYE'S OZDOK BOTNET TAKEDOWN IN SPAM BLOCKLISTS AND VOLUME NANOG MAR 5 FLASH MEMORY 'BUMPING' ATTACKS CHES OCT 4 GSM - SRSLY? CCC26 JAN 12 Veille Technologique Sécurité Index 2010 Page 3/9

4 HACKING IN SUIT: SMARTPHONE THE SWISS ARMY KNIFE OF HACKER HACKTIVITY OCT 6 HACKING PRINTERS FOR FUN AND PROFIT HACK.LU NOV 12 HACKING THE UNIVERSE : WHEN STRINGS ARE SUPER AND NOT MADE OF CHARACTERS CCC26 JAN 10 HACKTIVITY2010 HACKTIVITY OCT 5 HOW YOU CAN BUILD AN EAVESDROPPER FOR A QUANTUM CRYPTOSYSTEM CCC26 JAN 9 IPHONE PRIVACY BLACKHAT FEV 11 LIFE ON THE ADOBE PRODUCT SECURITY INCIDENT RESPONSE TEAM SOURCE MAI 5 MEMORY CORRUPTION ATTACKS: THE (ALMOST) COMPLETE HISTORY.. BLACKHAT AOU 8 MIGHT GOVERNMENTS CLEAN-UP MALWARE? WEIS JUN 8 MILKING A HORSE OR EXECUTING REMOTE CODE IN MODERN JAVA WEB FRAMEWORKS HITB NOV 9 MISPLACED CONFIDENCES:PRIVACY AND THE CONTROL PARADOX WEIS JUN 7 MOBILE CLOUD COMPUTING: ISSUES, RISKS FROM A SECURITY PRIVACY PERSPECTIVE SECCLOUD MAI 11 NETWORK SECURITY IN THE CLOUD SECCLOUD MAI 9 NETWORK TAPPING TECHNOLOGIES NANOG MAR 6 NEW THREAT GRAMMAR IAWACS MAI 7 ON THE SECURITY ECONOMICS OF ELECTRICITY METERING WEIS JUN 6 OPEN SESAME: EXAMINING ANDROID CODE WITH UNDX2 HITB AVR 11 OUR DARKNET AND ITS BRIGHT SPOTS CCC26 JAN 11 PLEASE CONTINUE TO HOLD: EMPIRICAL STUDY ON USER TOLERANCE OF SECURITY DELAYS WEIS JUN 7 POSSIBLE DIRECTION OF CLOUD SERVICE CERTIFICATION & ASSURANCE SECCLOUD MAI 9 PRACTICAL EXPLOITATION OF MODERN WIRELESS DEVICES CANSECWEST AVR 7 PRACTICAL RETURN-ORIENTED PROGRAMMING SOURCE MAI 4 PRIVACY, OPENNESS, TRUST AND TRANSPARENCY ON WIKIPEDIA CCC26 JAN 10 PROVABLY SECURE HIGHER-ORDER MASKING OF AES CHES OCT 2 RANDOM TALES FROM A MOBILE PHONE HACKER CANSECWEST AVR 8 REMOTE BINARY PLANTING AN OVERLOOKED VULNERABILITY AFFAIR HITB NOV 9 SAP PENETRATION TESTING WITH BIZPLOIT HITB AVR 11 SECURITY AND PRIVACY IN THE CLOUDS: ISSUES SECCLOUD MAI 9 SELF-REFERENCING: A SCALABLE SIDE-CHANNEL APPROACH CHES OCT 4 SOURCE BARCELONE 2010 SOURCE OCT 16 SYMMETRIC CRYPTOGRAPHY IN JAVASCRIPT ACSAC JAN 6 TEN YEARS OF VULNERABILITIES THROUGH THE CVE LENS SOURCE MAI 5 THE DESIGN OF A TRUSTWORTHY VOTING SYSTEM ACSAC JAN 5 THE HISTORY OF THE HUNGARIAN CRYPTOGRAPHY HACKTIVITY OCT 5 THE PASSWORD THICKET: TECHNICAL & MARKET FAILURES IN HUMAN AUTHENTICATION WEIS JUN 6 THE PERSEUS LIB: OPEN SOURCE LIBRARY FOR TRANSEC AND COMSEC SECURITY IAWACS MAI 7 THERE'S A PARTY AT RING0... CANSECWEST AVR 7 TRUSTGRAPH: TRUSTED GRAPHICS SUBSYSTEM FOR HIGH ASSURANCE SYSTEMS ACSAC JAN 4 TRUSTWAVE - GLOBAL SECURITY REPORT 2010 BLACKHAT FEV 9 VIRTUAL HOSTING ON FEDERATED CLOUDS SECCLOUD MAI 11 VOYAGE OF THE REVERSER: A VISUAL STUDY OF BINARY SPECIES BLACKHAT AOU 10 WHY BLACK HATS ALWAYS WIN BLACKHAT FEV 10 WINDOWS FILE PSEUDONYMS SHMOOCON FEV 5 WRITING YOUR OWN PASSWORD CRACKER TOOL HACKTIVITY OCT 6 ARTICLES: 80 CONFERENCE MOIS P. 26 CHAOS COMMUNICATION CONGRESS JAN 8 ACSAC JAN 4 ACSAC 2010 DEC 17 AVAR 2010 DEC 18 BLACKHAT DC FEV 8 BLACKHAT EUROPE MAI 18 BLACKHAT USA AOU 15 BRUCON SEP 23 CANSECWEST AVR 7 CHES SEP 2 CLUSIF EVOLUTIONS ET BONNES PRATIQUES DU CORRESPONDANT INFORMATIQUE ET LIBERTES NOV 17 CLUSIF - SECURITE DU CLOUD COMPUTING ET DE LA VIRTUALISATION AVR 19 CMU SOUPS JUL 18 COMPUTER SECURITY CONGRESS 2010 DEC 18 DEFCON 18 AOU 16 EKOPARTY 2010 DEC 20 FSE AVR 10 GOOGLE IPV6 IMPLEMENTORS CONFERENCE JUN 24 HACK.LU NOV 11 HACKITO ERGO SUM MAI 18 Veille Technologique Sécurité Index 2010 Page 4/9

5 HACKTIVITY SEP 5 HITB AMSTERDAM JUL 18 HITB DUBAÏ AVR 19 HITB KUALALUMPUR NOV 8 IAWACS MAI 6 IEEE SYMPOSIUM ON SECURITY & PRIVACY MAI 19 IETF 78TH MEETING SEP 23 IPTCOMM AOU 22 KIWICON 4 DEC 19 METRICON 5 AOU 22 MINI METRICON 4.5 MAR 21 NANOG 48 MAR 5 NANOG 49 JUN 26 NANOG 50 OCT 15 OWASP APPSEC 2010 DC USA DEC 16 OWASP APPSEC RESEARCH AOU 19 OWASP FROC AOU 19 RUXCON 2010 DEC 19 SEC-T NOV 26 SECURECLOUD MAR 21 SHMOOCON FEV 5 SOURCE BARCELONE OCT 16 SOURCE BOSTON MAI 4 SSTIC JUN 25 TERENA TNC JUN 22 USENIX JUL 17 USENIX COLLSEC AOU 22 USENIX CSET AOU 21 USENIX HOTCLOUD JUL 17 USENIX HOTSEC AOU 22 USENIX LEET MAI 21 USENIX SEC AOU 20 USENIX WOOT AOU 21 VB OCT 16 WEIS JUN 6 LOGICIELS TITRE MOIS P. BULLETSPASSVIEW DEC 4 FOCA MAI 13 G-SEC - SSL-AUDIT FEV 15 JOEDOC.ORG MAI 2 NETROUTEVIEW AVR 12 PATENTSCOPE JUN 10 PDF DISSECTOR JUN 9 SANDISK SD-WORM JUL 2 SKIPFISH V1.1 MAR 10 THOR - TGP V1.2.3 JUL 6 URLVOID JUN 10 WINMHR OCT 7 WINPREFETCHVIEW JAN 14 ARTICLES: 13 MAGAZINES TITRE MAGAZINE MOIS P. ADVANCED ATTACK DETECTION USING OSSIM HNS AVR 13 CNRS SECURITE DE L INFORMATION N 9 CNRS OCT 10 DATABASE PROTOCOL EXPLOITS EXPLAINED HNS NOV 13 HOW VIRTUALIZED BROWSING SHIELDS AGAINST WEB-BASED ATTACKS HNS FEV 14 INTEROPERABILITE ET PROTECTION ENISA JAN 17 ISMS ENISA JAN 17 Veille Technologique Sécurité Index 2010 Page 5/9

6 LEARNING FROM BRUTEFORCERS HNS SEP 8 MEASURING WEB APPLICATION SECURITY COVERAGE HNS NOV 15 PAYMENT CARD SECURITY: RISK AND CONTROL ASSESSMENTS HNS SEP 8 PREVENTING MALICIOUS DOCUMENTS FROM COMPROMISING WINDOWS MACHINES HNS FEV 12 RESILIENCE, NOTIFICATION D INCIDENT ET EXERCICES ENISA JAN 15 REVIEW: MXI M700 BIO HNS NOV 13 SENSIBILISATION ENISA JAN 16 THE WORLD OF CLAIMS-BASED SECURITY HNS AVR 13 WRITING A SECURE SOAP CLIENT WITH PHP: FIELD REPORT FROM A REAL-WORLD PROJECT HNS FEV 14 ARTICLES: 15 NUMERO EDITEUR MOIS P. (IN)SECURE MAG N 24 HNS FEV 12 (IN)SECURE MAG N 25 HNS AVR 13 (IN)SECURE MAG N 26 HNS JUN 31 (IN)SECURE MAG N 28 HNS NOV 30 (IN)SECURE MAG N 27 HNS SEP 8 QUARTERLY REVIEW N 1 ENISA JAN 15 QUARTERLY REVIEW N 2 ENISA JUL 7 QUARTERLY REVIEW N 3 ENISA OCT 9 PHRACK MAGAZINE N 67 PHRACK NOV 30 SECURITE DE L INFORMATION N 9 CNRS OCT 10 Veille Technologique Sécurité Index 2010 Page 6/9

7 METHODOLOGIE ET STANDARDS METHODES TITRE SOURCE MOIS P. ADAPTATION DE LA METHODOLOGIE SQUARE SEI AOU 12 ASSET IDENTIFICATION & ASSET REPORTING FORMAT NIST DEC 8 AWARENESS RAISING ENISA NOV 16 BEST PRACTICES FOR NATIONAL CYBER SECURITY SEI DEC 5 CONSENSUS METRICS V1.1.0 CIS SEP 17 EBIOS VERSION 2010 ANSSI FEV 16 EVOLUTION DU MODELE RMM - CERT RESILIENCE MANAGEMENT MODEL SEI NOV 19 GUIDE TO USING VULNERABILITY NAMING SCHEMES NIST DEC 6 INFORMATION SECURITY CONTINUOUS MONITORING FOR FIS AND ORGANIZATIONS NIST DEC 7 INTEGRATED ENTERPRISE-WIDE RISK MANAGEMENT NIST DEC 6 MAEC MALWARE ATTRIBUTE ENUMERATION AND CHARACTERIZATION MITRE JAN 19 MEHARI VERSION 2010 CLUSIF FEV 16 MODELE RMM SEI MAI 14 SECURITY RISK MANAGER EBIOS JUN 12 STRATEGIES DE PROTECTION AUSCERT MAI 16 ARTICLES: 15 RECOMMANDATIONS TITRE SOURCE MOIS P. AUTORISATION ET CONTROLE DE L USAGE GOUVERNEMENTAL DU CLOUD USGOV NOV 22 BONNES PRATIQUES DANS LE DEVELOPPEMENT D APPLICATIONS MOBILES W3 JUL 8 BONNES PRATIQUES POUR LA GESTION DES INCIDENTS ENISA DEC 13 CATALOGUE DES PRODUITS QUALIFIES - MISE A JOUR ANSSI JUN 18 CATALOGUE DES PRODUITS QUALIFIES - MISE A JOUR ANSSI SEP 15 CATALOGUE DES PRODUITS QUALIFIES MISE A JOUR ANSSI DEC 11 CERTIFICATION CSPN DU COFFRE-FORT ELECTRONIQUE D3S ANSSI DEC 10 CERTIFICATION CSPN DU DISPOSITIF DE TRANSFERT UNIDIRECTIONNEL DESIIR ANSSI JUN 17 CLOUD COMPUTING GUIDANCE DISA JUL 14 DOCUMENTS DE SENSIBILISATION DISPONIBLES EN FRANÇAIS ENISA MAR 2 EXTERNALISATION ET SECURITE DES SI: UN GUIDE POUR MAITRISER LES RISQUES ANSSI DEC 12 GOOD PRACTICES GUIDE FOR DEPLOYING DNSSEC ENISA MAR 16 GUIDE CONTRACTUEL SAAS SYNTEC JUL 9 GUIDE DE SECURISATION MACOS X 10.6 APPLE SEP 16 GUIDE FOR SECURITY CONFIGURATION MANAGEMENT OF INFORMATION SYSTEMS NIST MAR 15 GUIDE SUR LA SECURITE DES DONNEES PERSONNELLES CNIL OCT 12 GUIDE TO SECURITY FOR FULL VIRTUALIZATION TECHNOLOGIES NIST JUL 10 GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6 NIST MAR 13 IR7628 'SMART GRID CYBER SECURITY STRATEGY AND REQUIREMENTS' NIST SEP 10 LES RESEAUX SOCIAUX NSA FEV 18 MISE A JOUR DES FICHES PAYS ANSSI JUN 18 MOYENS DE COMMUNICATION VOIX : PRESENTATION ET ENJEUX DE SECURITE CLUSIF AVR 15 POLITIQUE DE RESTRICTION APPLICATIVE NSA JUL 13 PRACTICAL COMBINATORIAL TESTING NIST OCT 11 PROGRAMMATION CONCURRENTE SOUS JAVA SEI JUN 14 REC. FOR EXISTING APPLICATION-SPECIFIC KEY DERIVATION FUNCTIONS NIST SEP 14 REC. FOR PASSWORD-BASED KEY DERIVATION - STORAGE APPLICATIONS NIST JUL 11 REC. FOR THE TRANSITIONING OF CRYPTOGRAPHIC ALGORITHMS AND KEY SIZES NIST JAN 20 RECOMMANDATIONS PRELIMINAIRES 2009/2010 SUR LA TAILLE DES CLEFS ECRYPT JUN 16 SECURE DOMAIN NAME SYSTEM (DNS) DEPLOYMENT GUIDE 13 NIST AOU 13 SECURISATION DES DEVELOPPEMENTS AZURE MICROSOFT JUL 12 SPÉCIFICATION MANAGED STRINGS V2.0 SEI JUN 13 STIG MEDICAL DEVICES DISA SEP 20 SUPPORTS DE STOCKAGE AMOVIBLES DISA SEP 17 UTILISATION DE PGP NSA FEV 18 Veille Technologique Sécurité Index 2010 Page 7/9

8 ARTICLES: 35 STANDARDS TITRE N P. DRAFT / SUGGESTED VALUES FOR SMTP ENHANCED STATUS CODES FOR ANTI-SPAM POLICY MAR 19 ISO VOCABULAIRE OCT 13 RFC DNS BLACKLISTS AND WHITELISTS FEV 19 RFC GUIDELINES FOR USING THE PRIVACY MECHANISM FOR SIP MAR 18 RFC IAX: INTER-ASTERISK EXCHANGE VERSION 2 MAR 17 RFC SPECIAL USE IPV4 ADDRESSES JAN 21 RFC THE OAUTH 1.0 PROTOCOL AVR 16 RFC RENUMBERING STILL NEEDS WORK MAI 17 RFC5914 TRUSTED ANCHOR FORMAT JUN 19 RFC THE TCP AUTHENTICATION OPTION JUN 20 RFC ICMP ATTACKS AGAINST TCP JUL 15 RFC TEREDO SECURITY UPDATE SEP 21 RFC REAL-TIME INTER-NETWORK DEFENSE (RID) NOV 23 ARTICLES: 13 Veille Technologique Sécurité Index 2010 Page 8/9

9