/article

  • DNSSEC as DDoS amplification attack vector

    Here is a report that explains how DNSSEC can be subverted as an amplifier in DDoS attacks.

    • Average DNSSEC amplification factor : 28.9 x
    • Average response to a 80 byte “ANY” query : 2313 bytes
    • Largest amplification response : 17377 bytes

    https://ns-cdn.neustar.biz/creative_services/biz/neustar/www/resources/whitepapers/it-security/dns/neustar-dnssec-report.pdf

    We ran DNS queries from four separate and independent open recursive servers to look for DNSSEC name servers that responded to queries using the DNS command “ANY,” which is a favorite malicious query used by hackers.

    [...]

    Of the 1,349 domains that we examined, 1,084 were signed with DNSSEC and responded to the “ANY” query.
    Which means: 80% of the domains in this one community could be repurposed as a DDoS amplifier and
    used maliciously.

    [...]

    For organizations that use and rely on DNSSEC, Neustar
    recommends ensuring that your DNS provider does not
    respond to the “ANY” queries or has some mechanism in
    place to identify and stop misuse.

    #DDoS #DNSSEC

  • Leaseweb veut nous expliquer comment sauvegarder nos données dans l’ère de la cyber-guerre et des fausses promesses du genre save-harbor.

    Hosting-Gipfel in Berlin - Diplomatic Council
    http://www.diplomatic-council.org/de/portal/hosting-gipfel-in-berlin

    Das Diplomatic Council lädt zum Hosting-Gipfel nach Berlin. Ausrichter der Tagesveranstaltung am 17. Februar im renommierten SOHO House ist das DC Corporate Member LeaseWeb, eines der weltweit größten Hosting-Netzwerke.

    Keynotesprecher sind RA Ralf Schulten, Chairman des Global Small and Medium-sized Enterprises Forum („Mittelstandsforum“) im Diplomatic Council, und Beststellerautor („Schwarmdumm“) Prof. Dr. Gunter Dueck, Fellow des amerikanischen Ingenieursverbandes IEEE und Mitglied der IBM Academy of Technology.

    DC Chairman RA Ralf Schulten informiert über ein Thema, das derzeit vielen vor allem mittelständischen Firmen in Deutschland auf den Nägeln brennt: Was bedeutet die Einigung zwischen der EU und den USA über neue Regeln zum Datenaustausch und Datenschutz, kurz „EU-US Privacy Shield“, genannt? Die Nationale Initiative für Internet-Sicherheit (NIFIS) nennt den „EU-US Privacy Shield“ bereits eine „Mogelpackung“. Auf dem Hosting-Gipfel gibt DC Chairman RA Ralf Schulten Auskunft, welche Regeln Unternehmen in dieser rechtsunsicheren Situation für das Hosting ihrer Daten beachten sollten, um sich vor Ungemach zu schützen. Das Thema hat unter anderem deshalb so hohe Brisanz, weil bei Nichtbeachtung des Datenschutzes eine unmittelbare Haftung durch Vorstand oder Geschäftsführung eintreten kann.

    Venez nombreux pour une fois qu’il y a un repas gratuit dans le Soho House, club autrement cher et exclusif ;-) (Il faut s’inscrire à l’URL plus haut en indiquant les coordonnés de son entreprise.)

    About Leaseweb
    https://www.leaseweb.com/about

    The LeaseWeb platform resides on one of the largest, most reliable networks in the world, boasting 5.0 Tbps bandwidth capacity and 99.9999% core uptime. Thanks also to state-of-the-art data centers, and a broad choice of technologies, we are able to deliver an industry-leading portfolio of solutions – from bare metal to public and private clouds.

    With such ingredients to hand, we can help you find the perfect combination of IaaS options to maximize the performance of every workload – in the most efficient way for your business now – and as your requirements change.

    All LeaseWeb solutions are easy to configure and manage too. Our intuitive customer portal and API allows you to set up your infrastructure exactly as you want it, deploy new services on-demand and keep on top of your costs.

    #sécurité #internet #business #Berlin #cloud #hosting #safe_harbor #privacy_shield

    • The Business Implications of the EU-U.S. “Privacy Shield”
      https://hbr.org/2016/02/the-business-implications-of-the-eu-u-s-privacy-shield

      the Court of Justice’s rejection of the old Safe Harbor was based entirely on potential U.S. government practices, for which there is little indication of changed policy or procedure.

      Final approval for the Privacy Shield deal, reflecting the complex bureaucracy that plagues the EU, will include review by a dizzying array of governmental and quasi-governmental privacy bodies, the Commission itself, and its member states. Further legal challenges are all but guaranteed. Uncertainty will cloud internet-based companies doing business abroad for months, if not years, to come.

      Meanwhile, the Privacy Shield, even if it survives its trial by fire, will likely do nothing to add even a modicum of new protection to the personal information of European citizens.
      ...
      To the extent that the privacy concerns in Europe are genuine, they are a reflection of a profoundly different approach to privacy in two giant economies. U.S. privacy law, inspired by our revolutionary founding, focuses more on restrictions, such as the Fourth Amendment, that protect citizens from information collection and use by government rather than private actors. In fact, private actors are often protected from such restrictions by the First Amendment.

      But in Europe, scarred by catastrophic abuses of personal information that include the Inquisition, centuries of religious wars, the Holocaust, and the surveillance states of the former Soviet bloc countries, citizens enjoy broad privacy protections from companies and each other. In Europe, the government is seen as the principal protector of personal information from abuse by non-governmental institutions — the opposite of the U.S. model.

      L’article ne dit pas grand chose à propos du sujet évoqué par son titre, mais il constate quelques idées des base citées ici.

    • EU-US Privacy Shield offers flimsy protection | InfoWorld
      http://www.infoworld.com/article/3029969/privacy/eu-us-privacy-shield-offers-flimsy-protection.html

      While U.S. companies — especially tech giants like Google, Microsoft, and Facebook, which rely heavily on the easy flow of data — are primarily concerned with reestablishing a legal framework for data transfers, the real issue for Europeans is mass surveillance by government.
      ...
      Several privacy groups have called on the United States to improve its privacy laws to match those in Europe. “The problem is that the U.S. remains unchanged,” said Marc Rotenberg, president of the Electronic Privacy Information Center.
      ...
      Ultimately, EU-US Privacy Shield is what Computerworld calls a win-win in diplomatic terms: “The EU gets a solemn promise of privacy protections, which its voters want. And the U.S. gets no delays in data transfers, which U.S. companies want.”

    • Commission européenne - Communiqué de presse
      http://europa.eu/rapid/press-release_IP-16-216_fr.htm

      La Commission européenne et les États-Unis s’accordent sur un nouveau cadre pour les transferts transatlantiques de données, le « bouclier vie privée UE-États-Unis »

      Strasbourg, le 2 février 2016

      La Commission européenne et les États-Unis se sont accordés sur un nouveau cadre pour les transferts transatlantiques de données, le « bouclier vie privée UE-États-Unis »

      Le collège des commissaires a approuvé aujourd’hui l’accord politique et a chargé M. Andrus Ansip, vice-président de la Commission, et la commissaire européenne, Mme Věra Jourová, de préparer les étapes nécessaires à la mise en place du nouveau dispositif. Ce nouveau cadre vise à protéger les droits fondamentaux des citoyens de l’Union lorsque leurs données sont transférées vers les États-Unis et à apporter une sécurité juridique aux entreprises.

      Le « bouclier vie privée UE-États-Unis » (EU-US Privacy Shield) tient compte des exigences énoncées par la Cour de justice de l’Union européenne dans son arrêt du 6 octobre 2015, qui a déclaré invalide l’ancien régime de la sphère de sécurité (Safe Harbour). Le nouveau dispositif oblige les entreprises américaines à mieux protéger les données à caractère personnel des citoyens européens et prévoit un renforcement du contrôle exercé par le ministère américain du commerce et la Federal Trade Commission (FTC), notamment par une coopération accrue avec les autorités européennes chargées de la protection des données. Dans le cadre de ce nouveau dispositif, les États-Unis s’engagent à ce qu’en vertu du droit américain, l’accès des autorités publiques aux données à caractère personnel transmises soit subordonné à des conditions, des limites et une supervision bien définies, empêchant un accès généralisé. Les Européens auront la possibilité d’adresser des demandes d’information à un médiateur spécialement désigné à cette fin et de lui soumettre des plaintes.

      M. Andrus Ansip, vice-président de la Commission européenne, a déclaré : « Nous nous sommes accordés sur un nouveau cadre solide pour les flux de données vers les États-Unis. Nos concitoyens peuvent avoir la certitude que leurs données à caractère personnel seront bien protégées. Nos entreprises, notamment les plus petites, bénéficieront de la sécurité juridique dont elles ont besoin pour développer leurs activités de l’autre côté de l’Atlantique. Nous avons le devoir de nous assurer du bon fonctionnement du nouveau dispositif et de veiller à ce qu’il tienne ses promesses sur la durée. La décision prise aujourd’hui nous aidera à créer un marché unique du numérique dans l’Union, un environnement en ligne fiable et dynamique ; elle renforce encore notre partenariat privilégié avec les États-Unis. Nous allons maintenant œuvrer pour mettre ce cadre en place dès que possible. »

      La commissaire Věra Jourová a déclaré : « Le nouveau dispositif protégera les droits fondamentaux des citoyens européens lorsque leurs données à caractère personnel seront transférées vers des entreprises américaines. Pour la toute première fois, les États-Unis ont formellement garanti à l’Union que l’accès des autorités publiques à des fins de sécurité nationale sera subordonné à des conditions, des garanties et des mécanismes de supervision bien définis. Pour la première fois également, les citoyens de l’Union disposeront de voies de recours dans ce domaine.Dans le contexte des négociations sur cet accord, les États-Unis ont donné l’assurance qu’ils ne se livraient à aucune surveillance de masse à l’égard des Européens. Enfin, l’accord prévoit un réexamen annuel conjoint afin de suivre de près la mise en œuvre de ces engagements ».

      Le nouveau dispositif comportera les éléments suivants :

      des obligations strictes pour les entreprises qui traitent des données à caractère personnel européennes, et un contrôle rigoureux : les entreprises américaines qui souhaitent importer des données à caractère personnel provenant d’Europe devront s’engager à respecter des conditions strictes quant au traitement de ces données et garantir les droits des individus. Le ministère américain du commerce veillera à ce que les entreprises publient leurs engagements, ce qui les rendra opposables au regard de la loi américaine et permettra à la FTC de contraindre les entreprises à les respecter. Par ailleurs, toute entreprise traitant des données provenant d’Europe relatives aux ressources humaines devra s’engager à se conformer aux décisions des autorités européennes chargées de la protection des données ;

      un accès par les autorités américaines étroitement encadré et transparent : pour la première fois, les États-Unis ont garanti par écrit à l’Union européenne que l’accès par les autorités publiques américaines à des fins d’ordre public et de sécurité nationale sera soumis à une supervision, des limites et des garanties bien définies. De telles exceptions devront être appliquées de manière proportionnée, et uniquement dans la mesure où elles sont nécessaires. Les États-Unis ont exclu qu’une surveillance de masse soit exercée sur les données à caractère personnel transférées vers les États-Unis dans le cadre du nouveau dispositif. Pour contrôler régulièrement le fonctionnement de l’accord, un réexamen conjoint aura lieu tous les ans, qui portera également sur la question de l’accès à des fins de sécurité nationale. Ce réexamen sera mené par la Commission européenne et le ministère américain du commerce, lesquels inviteront des experts nationaux du renseignement travaillant au sein des autorités américaines et européennes de protection des données à y participer ;

      une protection effective des droits des citoyens de l’Union et plusieurs voies de recours : tout citoyen qui estime que les données le concernant ont fait l’objet d’une utilisation abusive dans le cadre du nouveau dispositif aura plusieurs possibilités de recours. Les entreprises devront répondre aux plaintes dans des délais définis. Les autorités européennes chargées de la protection des données pourront transmettre des plaintes au ministère américain du commerce et à la FTC. Le recours aux mécanismes de règlement extrajudiciaire des litiges sera gratuit. Pour les plaintes concernant un éventuel accès par des services de renseignement nationaux, un nouveau médiateur sera institué.

      Prochaines étapes

      Le Collège a chargé M. Ansip et Mme Jourová d’élaborer un projet de « décision sur le caractère adéquat » dans les semaines à venir, que le Collège pourrait adopter après avoir obtenu l’avis du groupe de travail « Article 29 » et consulté un comité composé de représentants des États membres. Dans l’intervalle, les États-Unis prendront les dispositions nécessaires à la mise en place du nouveau cadre, des mécanismes de contrôle et du nouveau médiateur.

      Contexte

      Le 6 octobre dernier, la Cour de justice a déclaré, dans l’affaire Schrems, que la décision de la Commission relative à l’accord sur la sphère de sécurité n’était pas valide. L’arrêt a ainsi confirmé l’approche adoptée par la Commission depuis novembre 2013 en vue d’une révision de l’accord sur la sphère de sécurité, afin de garantir concrètement un niveau suffisant de protection des données, équivalent à celui exigé par le droit de l’Union.

      Le 15 octobre, M. Andrus Ansip, vice-président de la Commission européenne, et les commissaires européens Günther Oettinger et Věra Jourová ont rencontré des représentants d’entreprises et de secteurs concernés qui ont demandé une interprétation claire et uniforme de l’arrêt, ainsi que des précisions sur les instruments qu’ils ont le droit d’utiliser pour transmettre des données.

      Le 16 octobre, les 28 autorités nationales chargées de la protection des données (réunies au sein du groupe de travail « Article 29 ») ont publié une déclaration sur les conséquences de l’arrêt.

      Le 6 novembre, la Commission a publié des orientations à l’intention des entreprises sur les possibilités de transferts transatlantiques de données à la suite de l’arrêt, dans l’attente de la mise en place d’un nouveau cadre.

      Le 2 décembre, le collège des commissaires a examiné l’état d’avancement des négociations. Mme Věra Jourová a été chargée de poursuivre les négociations avec les États-Unis en vue de définir un cadre renouvelé et sûr pour les transferts de données à caractère personnel.

    • Europe And US Seal ‘Privacy Shield’ Data Transfer Deal To Replace Safe Harbor | TechCrunch
      http://techcrunch.com/2016/02/02/europe-and-us-seal-privacy-shield-data-transfer-deal-to-replace-safe-har

      Making an initial statement on the Privacy Shield deal, European privacy campaigner #Max_Schrems, whose legal action against Facebook ultimately brought down the original Safe Harbor, expressed scepticism the deal goes far enough to stand the test of another legal challenge at the ECJ.

      “The Court has explicitly held, that any generalized access to such data violates the fundamental rights of EU citizens. The Commissioner herself has said this form of surveillance continues to take place in the US yesterday. Today there should be some agreement, in whatever form, that ensures that EU data is not used anymore. This will be the sticking point for a new challenge before the Court in respect to national surveillance,” he noted.

  • 13 frameworks for mastering Machine Learning

    http://www.infoworld.com/article/3026262/data-science/13-frameworks-for-mastering-machine-learning.html

    Apache Spark MLlib, Apache Singa, Caffe, Microsoft Azure ML Studio, Microsoft Distributed Machine Learning Toolkit, , Microsoft Computational Network Toolkit, Amazon Machine Learning, Google TensorFlow, Veles, Brainstorm, mlpack 2, Marvin.

    #machine_learning
    #deep_learning
    #neural_networks

  • NSA shuts down massive phone surveillance

    The U.S. National Security Agency [will end] its daily vacuuming of millions of Americans’ phone records [Sunday 29/11/2015] and replace the practice with more tightly targeted surveillance methods, the Obama administration said on Friday.

    [...]

    It comes two and a half years after the controversial program was exposed by former NSA contractor Edward Snowden.

    [...]

    Under the Freedom Act, the NSA and law enforcement agencies can no longer collect telephone calling records in bulk in an effort to sniff out suspicious activity. Such records, known as “metadata,” reveal which numbers Americans are calling and what time they place those calls, but not the content of the conversations.

    #surveillance
    #NSA

  • How Cisco is trying to keep NSA spies out of its gear

    We know from the Snowden files that the NSA, through interdiction programmes intercepts transport of network equipment to secretly install spying software / hardware and then pack it all up again as if nothing happened. [1]

    The problem with Cisco is that

    http://www.infoworld.com/article/3006213/security/how-cisco-is-trying-to-keep-nsa-spies-out-of-its-gear.html

    Despite being one of largest sellers of routers and networking equipment, Cisco doesn’t have a single factory¨. Its products — at least the physical ones — are totally outsourced, and it has some 25,000 suppliers.

    This makes it complicated to control the whole supply chain in order to make sure its integrety remains intact.

    This is why they

    Early next year, Cisco plans to open a facility in the Research Triangle Park in North Carolina for the program, called the Technology Verification Service. Interested customers will have to pay for the service, which is also subject to U.S. export control regulations.

    http://www.cisco.com/web/about/doing_business/trust-center/technology-verification.html

    Cisco’s Technology Verification Service helps customers review and test Cisco technology, including hardware, software, and firmware. You can access, review, and test source code and other intellectual property within a dedicated, highly secure facility at a Cisco site.

    #espionage #espionnage

    ___
    [1] https://www.eff.org/files/2015/01/27/20150117-spiegel-supply-chain_interdiction_-_stealthy_techniques_can_crack_some

  • Mass Surveillance Isn’t the Answer to Fighting Terrorism

    http://www.nytimes.com/2015/11/18/opinion/mass-surveillance-isnt-the-answer-to-fighting-terrorism.html

    It happens after ever terrorist attack: authorities & intelligence agencies complain about surveillance and encrypted communication. But,

    indiscriminate bulk data sweeps have not been useful. In the more than two years since the N.S.A.’s data collection programs became known to the public, the intelligence community has failed to show that the phone program has thwarted a terrorist attack. Yet for years intelligence officials and members of Congress repeatedly misled the public by claiming that it was effective.

    Often, the problem is not lack of information but means to act upon that information:

    Most of the men who carried out the Paris attacks were already on the radar of intelligence officials in France and Belgium, where several of the attackers lived only hundreds of yards from the main police station, in a neighborhood known as a haven for extremists.

    What’s more:

    “Every time there is an attack, we discover that the perpetrators were known to the authorities,” said François Heisbourg[1], a [French] counterterrorism expert and former defense official. “What this shows is that our intelligence is actually pretty good, but our ability to act on it is limited by the sheer numbers.

    We all agree that

    There is no dispute that law enforcement agencies should have the necessary powers to detect and stop attacks before they happen. But that does not mean unquestioning acceptance of ineffective and very likely unconstitutional tactics that reduce civil liberties without making the public safer.

    #terrorism
    #surveillance #mass_surveillance
    _____
    [1] https://fr.wikipedia.org/wiki/Fran%C3%A7ois_Heisbourg

  • The Linux XOR botnet is launching crippling DDoS attacks in excess of 150 Gbps

    The XOR #DDoS #botnet can generate attacks more powerful than most businesses can withstand.

    http://www.pcworld.com/article/2987580/security/a-linux-botnet-is-launching-crippling-ddos-attacks-at-more-than-150gbps.htm

    Attackers install it on Linux systems, including embedded devices such as WiFi routers and network-attached storage (NAS) devices, by guessing SSH (Secure Shell) login credentials using brute-force attacks.

    [...]

    Old and unmaintained routers are especially vulnerable to such attacks, as several incidents have shown over the past two years.

    https://www.stateoftheinternet.com/resources-web-security-threat-advisories-2015-xor-ddos-attacks-l

    Akamai’s Security Intelligence Response Team (SIRT) is tracking XOR DDoS, a Trojan malware that DDoS attackers have used to hijack Linux machines to build a botnet for distributed denial of service (DDoS) attack campaigns with SYN and DNS floods.

    • The XOR DDoS botnet has produced DDoS attacks from a couple of Gbps to 150+ Gbps
    • The gaming sector has been the primary target, followed by educational institutions.
    • The botnet has attacked up to 20 targets per day, 90% of which were in Asia.
    • XOR DDoS is an example of attackers building botnets of Linux systems instead of Windows-based machines.
    • XOR DDoS appears to be of Asian origin
    • The malware spreads via Secure Shell (SSH) services susceptible to brute-force attacks due to weak passwords.
    • To hide its presence, the malware also uses common rootkit techniques.
    • Akamai’s SIRT expects XOR DDoS activity to continue as attackers refine and perfect their methods, including a more diverse selection of DDoS attack types.

    What you can find in the Technical information about XOR:

    • Indicators of binary infection
    • Characteristics of the botnet and C2 communications
    • Observed DDoS attack campaigns
    • DDoS payloads for DDoS mitigation
    • Snort rule to detect the initial registration of a bot with its C2
    • YARA rule to detect infection by XOR DDoS malware on your hosts
    4 steps to remove XOR DDoS malware from a Linux host

    https://www.stateoftheinternet.com/downloads/pdfs/2015-threat-advisory-xor-ddos-attacks-linux-botnet-malware-remov

    An argumentation (by a Linux fan) against blaming Linux about this botnet:
    (albeit somewhat "de mauvaise foi", and using as main defence argument that anything can fail against brute force attacks):

    http://www.infoworld.com/article/2990956/linux/dont-blame-linux-for-the-xor-botnet.html

    The real culprits are the irresponsible vendors behind cheap broadband routers and their clueless customers

    The existence of the XOR DDoS was already mentioned here in January 2015 by @stephane : http://seenthis.net/messages/327907

  • Why hackers are more & more interested in heath care data

    Health care records can be more valuable because they have a longer shelf life than financial data, which becomes worthless once the fraud is detected and the payment card is cancelled or blocked.
    With health care credentials you can get “free” health care as someone else is paying for the insurance. Unlike credit card numbers, healthcare information is non recoverable, and potentially lethal in the wrong hands.
    Learning a patient’s medications and diagnoses means that a hacker can order expensive drugs or equipment and resell them.

    http://www.infoworld.com/article/2983634/security/why-hackers-want-your-health-care-data-breaches-most-of-all.html

    Social Security numbers can’t easily be cancelled, and medical and prescription records are permanent. There’s also a large market for health insurance fraud and abuse, which may be more lucrative than simply selling the records outright in forums.

    [...]

    criminals monetize health care data in a different way than they cash in on financial data. Most forums selling health care data tend to be more specialized than the carding forums where payment card information is sold. Stolen health care data forums operate more like drug cartels, where health records are not sold outright, but rather used to buy and sell addictive prescriptions,

    [...]

    It makes sense that governments would be interested in getting their hands on this data because it can be useful for building dossiers that reflect a deeper understanding of the target population. Medical and insurance records provide insights about where people live, what medical treatments they had, who their family members are, and who they work for.

    http://www.bloomberg.com/news/articles/2015-06-05/u-s-government-data-breach-tied-to-theft-of-health-care-records

    The disclosure by U.S. officials that Chinese hackers stole records of as many as 4 million government workers is now being linked to the thefts of personal information from health-care companies.

    http://resources.infosecinstitute.com/hackers-selling-healthcare-data-in-the-black-market

    Many healthcare organizations do not perform encryption of records within the internal networks. They also do not use encryption of data at rest and transit. This interest the hackers since the attack surface area is very huge. Health insurance information can be used to purchase drugs or medical equipment, which are then resold illegally, or even to get medical care. The latter can have consequences that go far beyond the financial.

    And the Internet of Things with all the quantifying self data is not going to make it any better

    #health_care
    #hack
    #social_security
    #identity_theft
    #data_breach
    #security
    #dark_net #darknet #dark_web

    ( Athem, Excellus Blue Cross Blue Shield, CareFirst Blue Cross, LifeWise )

  • 12.5 Gbps RIPv1 DDoS

    Reflector type attack where the victim’s IP is spoofed as destination of a RIPv1 message that sends back routing table responses.

    Interesting thought is Akamai’s recommendation for mitigation: as it is impossible for manufacturers of all kinds of small & SOHO routers to begin updating all devices to disable RIPv1 by default (many devices are end of life and no longer supported), the recommendation is to have ISPs think about blocking that RIPv1 traffic. Obviously a touchy subject, but already today some ISPs block by default some ports for residential users as a security measure. If a user wants he can have the ports activated. (usually only expert users request this, who know what they are doing – or are more likely to know)

    It’s time to declare RIPv1 to Rest In Peace.

    http://www.infoworld.com/article/2942749/network-security/obsolete-internet-protocol-once-again-becomes-an-attack-vector.html

    #DDoS
    #routing
    #net_neutrality

  • Windows 7 users beware of the Windows 10 wolf

    Mircrosoft is preparing, behind your back, to upgrade everything to Windows 10. For Windows 8/8.1 I can understand.

    But users of Windows 7 who might not want that, and who have not been paying too much attention to the updates the last three months, probably have already installed updates that will nag you about updating to Windows 10...

    This article describes which updates you should NOT install, and if you have already, how to remove them.
    http://www.ghacks.net/2015/04/17/how-to-remove-windows-10-upgrade-updates-in-windows-7-and-8

    Some of these updates collect telemetry data on users...

    http://www.infoworld.com/article/2911609/operating-systems/kb-2952664-compatibility-update-for-win7-triggers-unexpected-daily-teleme

    The Microsoft Compatibility Appraiser task runs %windir%\system32\rundll32.exe appraiser.dll,DoScheduledTelemetryRun with the description “Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program.

    I found that the program runs* whether or not you’ve opted into* the Microsoft Customer Experience Improvement Program (CEIP). And even if you opt out, the program still runs.

    Can somebody tell me why Microsoft is performing a telemetry run on PCs that have opted out of the CEIP? This results from an “important” update in the Automatic Update chute, for heaven’s sake.

    #nagware

  • 9 programming languages and the women who created them

    http://www.infoworld.com/article/2920296/application-development/9-programming-languages-and-the-women-who-created-them.html

    – 1950 : ARC Assembly (Automatic Relay Calculator), Kathleen Booth
    – 1955 : Address, the first to support indirect addressing, for the MESM computer, Kateryna Yushchenko
    – 1959 : COBOL (Common Business-Oriented Language), Grace Hopper
    – 1962 : FORMAC (FORmula MAnipulation Compiler), an extension of FORTRAN that was able to perform algebraic manipulations, Jean Sammet
    – 1967 : Logo, for educational programming, Cynthia Solomon (et al.)
    – 1974 : CLU, first language to support data abstraction and a precursor of OO programming, Barbara Liskov, the first woman in the United States to be awarded a PhD in computer science.
    – 1980 : Smalltalk, a graphical programming environment introducing the concept of garbage collection, Adele Goldberg (et al.)
    – 1981 : BBC BASIC, a BASIC version for the Acorn BBC Micro, Sophie Wilson
    – 1991 : Coq, a new implementation based on the Calculus of Inductive Constructions, Christine Paulin-Mohring (et al.)

    #programming

  • 9 programming languages and the women who created them
    http://www.infoworld.com/article/2920296/application-development/9-programming-languages-and-the-women-who-created-them.html

    Software development has a well-known reputation for being a male-dominated world. But despite this, women have made many important and lasting contributions to programming throughout the decades. One area, in particular, where many women have left a mark is in the development of programming languages. Numerous pioneering women have designed and developed the languages programmers use to give computers instructions, starting in the days of mainframes and machine code, through assemblers and into higher level modern day languages. Use the arrows above to read the stories behind 9 programming languages that have had a significant impact over the years and the women who created them.

  • Hypertext Transfer Protocol version 2 #HTTP/2
    https://tools.ietf.org/html/draft-ietf-httpbis-http2

    Après 16 ans de HTTP/1.1, voici le HTTP/2 qui recevra le statut d’RFC IETF. Il devrait entre autre accélérer le chargement de pages HTML, ceci en multiplexant différents requêtes http vers un serveur web, ce qui devrait diminuer le nombre de connections actives par rapport à http/1.1
    L’encryption TLS sera également plus efficace, et il y aura du http header compression.

    HTTP/2 est largement basé sur le protocole #spdy développé par Google.

    A lire sur le blog du président du HTTP Working Group
    https://www.mnot.net/blog/2015/02/18/http2

  • En complément à http://seenthis.net/messages/320887
    Microsoft vs. DoJ: The battle for privacy in the cloud
    http://www.infoworld.com/article/2859897/internet-privacy/microsoft-vs-doj-the-battle-for-privacy-in-the-cloud.html

    What issue can unite the #EFF and #BSA? Fox News and The Guardian? Amazon and eBay? The ACLU and the Chamber of Commerce?

    The issue is the demand by the Department of Justice that #Microsoft deliver the email correspondence and address book data from one of their customers as demanded by a warrant, apparently related to a drugs case (although all the documents remain sealed). Microsoft won’t. The reason? The customer, the email, and the server it’s on are all in Ireland and operated by a local subsidiary.

    #surveillance

  • Oracle reveals BEA roadmap | InfoWorld | News | 2008-07-01 | By Paul Krill
    http://www.infoworld.com/article/08/07/01/Oracle-reveals-BEA-roadmap_1.html

    Oracle presented on Tuesday a comprehensive roadmap for its recently acquired BEA Systems middleware technologies, making BEA’s application server Oracle’s strategic Java container and pledging continued support for BEA customers.

    #Oracle #BEA #intégration #roadmap #AS #SOA #groupe:clever-age

  • Sun CEO spills Apple Leopard secret | InfoWorld | News | 2007-06-06 | By Gregg Keizer, Computerworld
    http://www.infoworld.com/article/07/06/06/sun-ceo-spills-apple-leopard-secret_1.html

    On stage Wednesday in Washington D.C., Sun Microsystems Inc. CEO Jonathan Schwartz revealed that his company’s open-source ZFS file system will replace Apple’s long-used HFS+ in Mac OS X 10.5, a.k.a. “Leopard”

    #sun #apple #zfs #fichier #système #osx #mac #groupe:clever-age