Have you ever encountered a moment when you see your colleague using some simple Linux commands for tasks that took you several keystrokes? And when you saw that you were like, “Wow! I didn’t know it could have been done that easily”.

It's been a while since we last wrote about Layer 3/4 DDoS attacks on this blog. This is a good news - we've been quietly handling the daily onslaught of DDoS attacks. Since our last write-up, a handful of interesting L3/4 attacks have happened. Let's review them.

Emulate ssh -D behavior even if AllowTcpForwarding is disabled by administrator in sshd_config. This tool creates the tunnel sending serialized data through STDIN to a remote process (which is running a Socks5 Server) and receiving the response trought STDOUT on a normal SSH session channel.

L’économie des plateformes ne se contente pas de brasser des données. Elle les véhicule, les oriente et les redirige dans la jungle des contenus en ligne grâce à ces recommandations nommées algorithmes. Face à la surabondance des flux, l’évidence semble s’imposer : le besoin de se repérer crée l’organe qui facilite le choix. Pourtant, loin de se limiter à l’accompagnement d’une décision, le règne des algorithmes n’est pas sans conséquence sur la diversité culturelle et la construction des goûts.

This article explains a strange bug in the way Gmail organizes its folders/filters based on falsifying the From field in an attacker’s email. Any email so forged automatically enters the recipients “Sent” folder — giving the false impression to the unwitting user it was an email they themselves sent.

Dans la partie précédente, nous avons réalisé la configuration d’un serveur Hyper-V standalone. Dans cette configuration, vous avez pu constater que l’on fait passer plusieurs réseaux, de plusieurs machines virtuelles, et des flux plus ou moins important (backup dans l’exemple) par une seule carte réseau.

Qu'est-ce que l'open source ? Qui en sont les principaux acteurs ? Quel intérêt pour les développeurs, les administrations, les entreprises, les citoyens ? Comment ce mouvement influence-t-il la recherche en informatique ?

Sometimes you want to issue a curl command against a server, but you don’t really want curl to resolve the host name in the given URL and use that, you want to tell it to go elsewhere. To the “wrong” host, which in this case of course happens to be the right host. Because you know better.

Et si finalement, les citoyens, fatigués de réalités parallèles inconnues ou complexes, submergés par les images et les sons, saturés de mauvaises nouvelles, tournaient le dos à une information perçue comme lointaine, partiale, et jugée de moins en moins pertinente ? Au pire moment, en plus : celui où les mouvements extrémistes font l’agenda, celui où les démocraties sont hackées par la désinformation.

Usually, the default software center in Ubuntu and other Linux handle the update of the firmware of your system. But if you encounter errors with it, you can use fwupd command line tool for updating the firmware of your system.

IP Geolocation databases are widely used in online services to mapend user IP addresses to their geographical locations. However, theyuse proprietary geolocation methods and in some cases they havepoor accuracy. We propose a systematic approach to use publiclyaccessible reverse DNS hostnames for geolocating IP addresses

On November 12th, 2018, between 1:00 PM and 2:23 PM PST, ThousandEyes noticed issues connecting to G Suite, a critical application for our organization. Reviewing ThousandEyes Endpoint Agent stats, we noticed this was impacting all users at the ThousandEyes office. The outage not only affected G Suite, but also Google Search as well as Google Analytics.

Google is investigating an unorthodox routing of internet traffic that on Monday sent traffic bound for its cloud services instead to internet service providers in Nigeria, Russia and China.

Here’s why Mozilla Firefox should be your choice in the effort to protect your privacy and in keeping the internet healthy and an open place.

We use our web browsers to communicate, shop, get directions, research, and ask questions we are too embarrassed to ask a person. It’s no wonder that “How do I protect my web browsing?” is one of the most common questions people ask when they start learning about digital security. The various methods for protecting your browser security can be confusing, and can work together in counterintuitive ways.

Emmanuel Macron doit lancer ce lundi à l’Unesco un appel sur la sécurité du cyberespace. Une initiative qui survient alors que de plus en plus d’Etats ont intégré ce domaine à leur doctrine militaire.

The protocol that’s been called HTTP-over-QUIC for quite some time has now changed name and will officially become HTTP/3. This was triggered by this original suggestion by Mark Nottingham.

Cette affiche prend le parti de la lisibilité plutôt que de l’exhaustivité. Y figurent des médias d’information qui « font l’opinion » et qui dépendent d’intérêts industriels ou financiers, de groupes de presse ou de l’État.

Assume the following scenario: your {Open,Free}BSD pf-enabled (yes, I know what’s missing and it’s a pity, I am well aware of it) gateway connects to an OpenVPN server. This server pushes a couple of routes to your gateway that you’d like to be able to reach from within your own private network.

As you might have realized already, I am not really a big fan of systemd.

After switching from Debian to Devuan not long after the first fork was announced, I have now been a Devuan GNU/Linux user for several years, and am really happy with the overall experience and stability of this systemd-free Linux distribution.