Log4j vulnerability [Laurent Steff]
jeudi 16 décembre 2021
« Log4j is almost installed and used everywhere Java is. It means a lot of places. Even where we do not imagine, as many vendors use it. So when it is hit by a major vulnerability, as Wired said: ‘The Internet Is on Fire’. This article describe how the exploit 'Log4Shell' works, and how to prevent it.  »
jeudi 1 juillet 2021
« With the announce of the latest stable Linux Kernel (5.13), it seems that support for Clang CFI is integrated (for arm64, I am not sure about x86_64). Anyway CFI is a nice security feature, and is integrated on Android Kernel since a while now. This article explains how it works.  »
jeudi 1 juillet 2021
« This short article explains how ransomware gangs are using this technique since 2020, and why security solutions needs to monitor unwanted virtual machine creation and deletion.  »
mercredi 16 juin 2021
« Bugfixes are out since the 3rd of June, once you have updated or ensured you are up to date, you could have look at this blog post explaining all of it, including how dbus and polkit work.  »
mercredi 10 février 2021
« L'administration fiscale sud-africaine a publié son propre navigateur web dans le seul but de réactiver le support d'Adobe Flash Player, plutôt que de porter les formulaires basé sur Flash de son site vers HTML.  »