Pour vous inscrire ►https://www.afnic.fr/fr/ressources/newsletter-afnic-36.html
Afnic newsletter for January is out! Read it here ▻http://www.afnic-media.fr/newsletter/20160119-english.html
Subscribe directly here ▻https://www.afnic.fr/en/resources/afnic-newsletter-43.html
[Blog Afnic] IPv6 et DNSSEC ont 20 et 19 ans. Même combat et mêmes défis !? par Mohsen Souissi ▻https://www.afnic.fr/fr/ressources/blog/ipv6-et-dnssec-ont-20-et-19-ans-meme-combat-et-memes-defis.html
[Afnic blog] IPv6 and DNSSEC are respectively 20 and 19 years old. Same fight and challenges? by Mohsen Souissi ▻https://www.afnic.fr/en/resources/blog/ipv6-and-dnssec-are-respectively-20-and-19-years-old-same-fight-and-challenges
after 3.5 years: nmap 7 : new an improved
adds among other improvements:
• mature IPv6 support
• faster and better SSL/TLS-related scans
• 171 new scripts:
ajp-auth, ajp-brute, ajp-headers, ajp-methods, ajp-request, allseeingeye-info, bacnet-info, bjnp-discover, broadcast-ataoe-discover, broadcast-bjnp-discover, broadcast-eigrp-discovery, broadcast-igmp-discovery, broadcast-pim-discovery, broadcast-sonicwall-discover, broadcast-tellstick-discover, cassandra-brute, cassandra-info, cups-info, cups-queue-info, dict-info, distcc-cve2004-2687, dns-check-zone, dns-ip6-arpa-scan, dns-nsec3-enum, docker-version, enip-info, eppc-enum-processes, fcrdns, firewall-bypass, flume-master-info, freelancer-info, gkrellm-info, gpsd-info, hnap-info, hostmap-ip2hosts, hostmap-robtex, http-adobe-coldfusion-apsa1301, http-avaya-ipoffice-users, http-cisco-anyconnect, http-coldfusion-subzero, http-comments-displayer, http-cross-domain-policy, http-csrf, http-devframework, http-dlink-backdoor, http-dombased-xss, http-drupal-enum, http-drupal-enum-users, http-errors, http-exif-spider, http-feed, http-fetch, http-fileupload-exploiter, http-form-fuzzer, http-frontpage-login, http-git, http-gitweb-projects-enum, http-huawei-hg5xx-vuln, http-icloud-findmyiphone, http-icloud-sendmsg, http-iis-short-name-brute, http-ls, http-mobileversion-checker, http-ntlm-info, http-phpmyadmin-dir-traversal, http-phpself-xss, http-referer-checker, http-rfi-spider, http-robtex-shared-ns, http-server-header, http-shellshock, http-sitemap-generator, http-slowloris-check, http-slowloris, http-stored-xss, http-svn-enum, http-svn-info, http-tplink-dir-traversal, http-traceroute, http-useragent-tester, http-virustotal, http-vlcstreamer-ls, http-vuln-cve2006-3392, http-vuln-cve2010-0738, http-vuln-cve2013-0156, http-vuln-cve2013-7091, http-vuln-cve2014-2126, http-vuln-cve2014-2127, http-vuln-cve2014-2128, http-vuln-cve2014-2129, http-vuln-cve2014-8877, http-vuln-cve2015-1427, http-vuln-cve2015-1635, http-vuln-misfortune-cookie, http-vuln-wnr1000-creds, http-waf-fingerprint, http-webdav-scan, http-wordpress-users, http-xssed, icap-info, ike-version, ip-forwarding, ip-https-discover, ipv6-ra-flood, irc-sasl-brute, isns-info, jdwp-exec, jdwp-info, jdwp-inject, knx-gateway-discover, knx-gateway-info, llmnr-resolve, mcafee-epo-agent, metasploit-info, metasploit-msgrpc-brute, mikrotik-routeros-brute, mmouse-brute, mmouse-exec, mrinfo, msrpc-enum, ms-sql-dac, mtrace, murmur-version, mysql-dump-hashes, mysql-enum, mysql-query, mysql-vuln-cve2012-2122, nje-node-brute, omron-info, oracle-brute-stealth, pcanywhere-brute, qconn-exec, quake1-info, rdp-enum-encryption, rfc868-time, rmi-vuln-classloader, rpc-grind, s7-info, sip-call-spoof, sip-methods, smb-ls, smb-print-text, smb-vuln-conficker, smb-vuln-cve2009-3103, smb-vuln-ms06-025, smb-vuln-ms07-029, smb-vuln-ms08-067, smb-vuln-ms10-054, smb-vuln-ms10-061 [stuxnet], smb-vuln-regsvc-dos, snmp-hh3c-logins, snmp-info, ssl-ccs-injection, ssl-date, ssl-dh-params, ssl-heartbleed, ssl-poodle, sstp-discover, supermicro-ipmi-conf, targets-ipv6-map4to6, targets-ipv6-wordlist, targets-xml, teamspeak2-version, tls-nextprotoneg, tor-consensus-checker, traceroute-geolocation, unittest, ventrilo-info, weblogic-t3-info, whois-domain, xmlrpc-methods
"The massive proliferation of network-based middleware has resulted in an internet that has few remaining open apertures. Most of the time the packet you send is not precisely the packet I receive, and all too often if you deviate from a very narrowly set of technical constraints within this packet, then the packet you send is the packet I will never receive"
"the result is Africa becoming a dumping ground for all of that equipment (as the vendors scramble to off-load these toxic assets) — either as cheap equipment for the market or as “technical aid”. [...] I’ve seen this before — stores filled with ’donated’ networking equipment that the recipient was unable to use because the technology was old and worthless or never even existed in most African countries (think hubs and routers with ATM interfaces in Northern Cameroon or Nigeria)."
Apple OS X 10.11 and iOS 9 now prefer IPv6 for connections
Thanks to an improved Happy Eyeballs implementation (Erick Vyncke says 25 ms instead of the 300 ms specified in RFC 6555) that went from roughly 50/50 IPv4/IPv6 in iOS 8 and OS X 10.10 to about 99% IPv6 in iOS 9 and OS X 10.11.
This is good news, when you think that now ARIN also “ran out of IPv4 addresses”; i.e. was unable to meet a legitimate demand for IPv4 address space as from 1 July 2015. (This does not mean there are no more IPv4 addresses, it just means that for the first time ARIN could not satisfy a valid demand for address space).
Apple Will Require IPv6 Support For All iOS 9 Apps
“Because IPv6 support is so critical to ensuring your applications work across the world for every customer, we are making it an AppStore submission requirement, starting with iOS 9.
Well, it’s one more step in the right direction towards the tipping point
Most significantly, though, this step by Apple means that all the iOS apps that run on iOS 9 will work well over the IPv6-only networks that are starting to be deployed. Even in dual-stack (IPv6/IPv4) networks, this should mean that iOS 9 apps will work better in those environments when, for instance, IPv6 may be faster. (More needs to be understood here about the specifics of the IPv6 support.)
“#Telstra has revealed it has run out of #IPv4 internet addresses, prompting warnings that its use of network addressing translation could impact the carrier’s ability to accurately collect customer metadata for the Government”
Yes, of course, undermining the police state is the most important impact from running out of IPv4 addresses.
Oh well, let’s use the next batch of stupid pseudoantiterrorist legislation to mandate migration to #IPv6 - the moral dilemma will tear Internet geeks apart !
Emperor of the Internet — Shelly Palmer
“I am NoMan, Emperor of the Internet, Online Imperator and Lord of IPv6, Imperial ruler of the web, Grand King of the Ethernet, Keeper of the Royal Encryption Algorithms, Monarch of Virtual World. If I allow you to communicate with me, you will address me as, Your Majesty, the Heavenly Digital Sovereign.”
This had to be a hoax. The message continued...
“I am all powerful. No computer, no mobile phone, no device, nothing with an on/off switch is out of my reach...
When you are chosen, you will pay tribute to me in an amount equal to 2% of every online transaction, every online purchase, every online transfer of funds you make for the rest of your natural life. No transactions may be excluded. Ever.
In honor of your tribute, I grant you immunity from identity theft, cyber-attack, all cyber-weapons and protection against all other cyber-terrorists - for none are more powerful than I. If my conditions are met, I, as the beneficent Emperor that I am, will allow you to live a peaceful, tranquil, profitable digital life.
Should to choose to disobey me, I will give you three warnings. On the day of the third transgression, every aspect of your digital life will be destroyed. I will take 100 percent of your bank balance and leave you with no identity, no home, no transportation, no medical records, no financial records, no insurance, no data and no hope of ever recovering any of it. I will erase you from existence.
These are the rules. Do not test me. I am, NoMan. Pray that I favor you with my greatness.”
Pretty much everyone thought this was bit of technical magic performed by a disgruntled hacker with a sixth-grade sense of humor and delusions of grandeur. But after a few victims, it became clear that – not only was this not a hoax, it was the beginning of the end.
C’est comme ca qu’on vend son beurre quand on est conseiller de #sécurité. Pas mal.
% zonemaster-cli seenthis.net
Seconds Level Message
======= ========= =======
17.65 WARNING All nameservers IPv4 addresses are in the same AS (29169).
17.65 WARNING All nameservers IPv6 addresses are in the same AS (29169).
17.65 WARNING All nameservers are in the same AS (29169).
17.80 NOTICE 126.96.36.199 returned no DS records for seenthis.net.
18.09 NOTICE SOA 'refresh' value (10800) is less than the recommended one (14400).
Pas mal pour SeenThis
Bluetooth 4.2 increases privacy, adds speed and IPv6
Bluetooth beacons are now unable to engage with smartphones without permission from the user and making it harder for eavesdroppers to track a device via its Bluetooth connection.
the Internet Protocol Support Profile (IPSP) will allow Bluetooth Smart sensors to access the Internet directly via IPv6/6LoWPAN,”
Bluetooth 4.2 has clear advances over its predecessors, but Ars Technica reports that “some, but not all” of the new specification’s features will be available to those with older devices. Many Bluetooth adapters included in modern devices are configured to work with Bluetooth 4.0, and although a software update previously meant devices using such adapters could also use version 4.1, a Bluetooth SIG spokesperson said that to take advantage of the increased speed and packet size of version 4.2, a hardware update would be required.