Rechercher dans ce blog

Chargement...

Articles les plus consultés

L'OPINION DU WEB - Région : avez-vous adopté le nom Occitanie ? - Midi Libre


Midi Libre

L'OPINION DU WEB - Région : avez-vous adopté le nom Occitanie ?
Midi Libre
L'OPINION DU WEB - Région : avez-vous adopté le nom Occitanie ? Ce jeudi 29 septembre, le nom Occitanie a été officiellement entériné par le Conseil d'Etat. MIDI LIBRE. Twitter. C e jeudi 29 septembre, le nom Occitanie a été officiellement entériné par ...

et plus encore »

Sarkozy : sa semaine compliquée fait réagir le web - Franceinfo


Franceinfo

Sarkozy : sa semaine compliquée fait réagir le web
Franceinfo
Les révélations de Patrick Buisson, les carnets secrets relançant la piste d'un financement libyen, des sondages en berne, la barque est chargée pour Nicolas Sarkozy. Sur les réseaux sociaux, partisans et opposants à l'ancien président se déchaînent ce ...

et plus encore »

Emploi : une plateforme web révolutionnaire lancée pour les ... - RTL.fr


RTL.fr

Emploi : une plateforme web révolutionnaire lancée pour les ...
RTL.fr
RTL vous l'a révélé jeudi 29 septembre : mi-novembre, sera lancée pour les chômeurs une plateforme web totalement novatrice. La plateforme, soutenue par Pôle Emploi, devrait (sauf changement de dernière minute) s'appeler "Parcoursemploi.fr". Il suffira ...

Squabbling drug peddlers drag .pharmacy into brand bunfight

DomainIncite DomainIncite: The .pharmacy new gTLD has been dragged into the ongoing trademark dispute between two pharmaceuticals giants called Merck. Germany-based Merck KGaA has accused the .pharmacy registry of operating an unfair and “secretive” process to resolve competing sunrise period applications. The domain merck.pharmacy was awarded to US rival Merck & Co, which was spun off from […]

Related posts:NABP discloses premium .pharmacy pricing
Centuries-old companies both fail community gTLD test
No, .kids isn’t a community either

The post Squabbling drug peddlers drag .pharmacy into brand bunfight appeared first on iGoldRush Domain News and Resources.

Décision Syreli FR-2016-01196 cecileduflot.fr

Semaine du parrainage : des ateliers sur les métiers du web - Ouest-France


Semaine du parrainage : des ateliers sur les métiers du web
Ouest-France
Quels sont les métiers du web et comment y accéder ? Pour sa 8e semaine du parrainage, l'association Un parrain Un emploi explore les opportunités professionnelles offertes par le numérique. Des ateliers, conférences et visites d'entreprises, gratuits ...

La belle histoire du jour : quand le web sauve un vendeur de ... - LCI


LCI

La belle histoire du jour : quand le web sauve un vendeur de ...
LCI
MOBILISATION – En Malaisie, un vendeur de peluches Pokémon s'est retrouvé avec 250 de ces jouets sur les bras, commandés par un homme qui ne les a finalement jamais achetés. Tout juste remis d'un cancer, ce vendeur de rues s'est retrouvé dans une ...

Les soirées Pop Corner brouillent les frontières entre web et cinéma - 20minutes.fr


20minutes.fr

Les soirées Pop Corner brouillent les frontières entre web et cinéma
20minutes.fr
Ces trois jeunes youtubeurs, membre de l'agence Cougar, vont présenter et animer cette première soirée Pop Corner qu'ils organisent. Leur objectif, « montrer qu'avec ce qu'on a appris sur le web, on peut commencer à toucher à quelque chose de plus ...

et plus encore »

Les stars les plus dangereuses du web - dh.be


dh.be

Les stars les plus dangereuses du web
dh.be
VIP Justin Bieber, Will Smith ou Rihanna sont utilisés comme appât pour attirer les internautes vers des sites indésirables. Chaque année, la société de sécurité internet McAfee - recherche publiée via Intel Security - dévoile sa liste des noms de ...

et plus encore »

Le Bigh Daddy Show, la web série animée qui caricature Daech - Le Figaro


VSD

Le Bigh Daddy Show, la web série animée qui caricature Daech
Le Figaro
VIDÉOS - Des activistes arabes ont choisi l'humour comme arme pour combattre la propagande de l'État islamique. Morceaux choisis.
Vidéo « Bigh Daddy Show » la web-série qui met en scène des ...VSD

4 autres articles »

Insolite : il essaye de manger... un cactus enflammé ! Le Zapping du ... - Télé Loisirs.fr


Télé Loisirs.fr

Insolite : il essaye de manger... un cactus enflammé ! Le Zapping du ...
Télé Loisirs.fr
Le web prouve chaque jour à quel point les humains peuvent être fous. Ou bêtes, selon le point de vue. Prenons un exemple : cet homme habillé d'une chemise hawaïenne s'est lancé un défi improbable. Complètement fou. Voire, complètement stupide.

et plus encore »

Fafaroots : la nouvelle radio-web du Fenua - Polynésie 1ère


Polynésie 1ère

Fafaroots : la nouvelle radio-web du Fenua
Polynésie 1ère
POLYNÉSIE 1ÈRE. Fafaroots, c'est la toute nouvelle radio du Fenua, uniquement diffusée sur internet. Avec son petit logo, un poisson formé d'ondes qui s'éloignent de l'île de Tahiti, cette radio se veut différente par ses choix musicaux, moderne mais ...

Donuts Offers Better Protection For Trademark Owners Across All Its gTLDs ‘Cheaply’

DomainPulse.com DomainPulse.com: Donuts is rolling out an expanded service allowing trademark owners to protect their trademarks and related terms across all of Donuts’ new generic top level domains (gTLDs) at a fraction...

The post Donuts Offers Better Protection For Trademark Owners Across All Its gTLDs ‘Cheaply’ appeared first on iGoldRush Domain News and Resources.

Chrome sur Android : la sauvegarde des pages web arrive - Les Numériques


Les Numériques

Chrome sur Android : la sauvegarde des pages web arrive
Les Numériques
Dans la continuité de ses efforts visant à adapter Chrome aux conditions de connectivité réduite, Google vient d'annoncer l'évolution de son mode Data Saver ...

et plus encore »

La belle histoire du jour : quand le web sauve un vendeur de ... - LCI


LCI

La belle histoire du jour : quand le web sauve un vendeur de ...
LCI
MOBILISATION – En Malaisie, un vendeur de peluches Pokémon s'est retrouvé avec 250 de ces jouets sur les bras, commandés par un homme qui ne les a finalement jamais achetés. Tout juste remis d'un cancer, ce vendeur de rues s'est retrouvé dans une ...

Exploiting the Firewall Beachhead: A History of Backdoors Into Critical Infrastructure

CircleID CircleID: Sitting at the edge of the network and rarely configured or monitored for active compromise, the firewall today is a vulnerable target for persistent and targeted attacks.

There is no network security technology more ubiquitous than the firewall. With nearly three decades of deployment history and a growing myriad of corporate and industrial compliance policies mandating its use, no matter how irrelevant you may think a firewall is in preventing today's spectrum of cyber threats, any breached corporation found without the technology can expect to be hung, drawn, and quartered by both shareholders and industry experts alike.

With the majority of north-south network traffic crossing ports associated with HTTP and SSL, corporate firewalls are typically relegated to noise suppression — filtering or dropping network services and protocols that are not useful or required for business operations.

From a hacker's perspective, with most targeted systems providing HTTP or HTTPS services, firewalls have rarely been a hindrance to breaching a network and siphoning data.

What many people fail to realize is that the firewall is itself a target of particular interest — especially to sophisticated adversaries. Sitting at the very edge of the network and rarely configured or monitored for active compromise, the firewall represents a safe and valuable beachhead for persistent and targeted attacks.

The prospect of gaining a persistent backdoor to a device through which all network traffic passes is of insurmountable value to an adversary — especially to foreign intelligence agencies. Just as all World War I combatant sides sent intelligence teams into the trenches to find enemy telegraph lines and splice-in eavesdropping equipment, or the tunnels that were constructed under the Berlin Wall in the early 1950s to enable U.K. and U.S. spy agencies to physically tap East German phone lines, today's communications traverse the Internet, making the firewall a critical junction for interception and eavesdropping.

The physical firewall has long been a target for compromise, particularly for embedded backdoors. Two decades ago, the U.S. Army sent a memo warning of backdoors uncovered in the Checkpoint firewall product by the NSA with advice to remove it from all DoD networks. In 2012, a backdoor was placed in the Fortinet firewalls and products running their FortiOS operating system. That same year, the Chinese network appliance vendor Huawei was banned from all U.S. critical infrastructure by the federal government after numerous backdoors were uncovered. And most recently, Juniper alerted customers to the presence of unauthorized code and backdoors in some of its firewall products — dating back to 2012.

State-sponsored adversaries, when unable to backdoor a vendor's firewall through the front-door, are unfortunately associated with paying for weaknesses and flaws to be introduced — making it easier to exploit at a later date. For example, it is largely reported that the U.S. government paid OpenBSD developers to backdoor their IPsec networking stack in 2001, and in 2004, $10 million was reportedly paid to RSA by the NSA to ensure that the flawed Dual_EC_DRBG pseudo-random number-generating algorithm be the default for its BSAFE cryptographic toolkit.

If those vectors were not enough, as has been shown through the Snowden revelations in 2013 and the Shadow Brokers data drop of 2016, government agencies have a continuous history of exploiting vulnerabilities and developing backdoor toolkits that specifically target firewall products from the major international infrastructure vendors. For example, the 2008 NSA Tailored Access Operations (TAO) catalogue provides details of the available tools for taking control of Cisco PIX and ASA firewalls, Juniper NetScreen or SSG 500 series firewalls, and Huawei Eudemon firewalls.

Last but not least, we should not forget the inclusion of backdoors designed to aid law enforcement — such as "lawful intercept" functions — which, unfortunately, may be controlled by an attacker, as was the case in the Greek wire-tapping case of 2004-2005 that saw a national carrier's interception capabilities taken over by an unauthorized technical adversary.

As you can see, there is a long history of backdoors and threats that specifically target the firewall technologies the world deploys as the first-pass for security to all corporate networks. So is it any surprise that as our defense-in-depth strategy gets stronger, and newer technologies maintain a closer eye on the threats that operate within all corporate networks, that the firewall becomes an even more valuable and softer target for compromise?

Firewalls are notoriously difficult to protect. We hope that they blunt the attacks from all attackers with the (obviously false) expectation that they themselves are not vulnerable to compromise. Now, as we increasingly move into the cloud, we are arguably more exposed than ever to backdoors and exploitation of vulnerable firewall technologies.

Whether tasked with protecting the perimeter or operations within the cloud, organizations need increased vigilance when monitoring their firewalls for compromise and backdoors. As a security professional, you should ensure you have a defensible answer for "How would you detect the operation of a backdoor within your firewall?"
Written by Gunter Ollmann, Chief Security Officer at VectraFollow CircleID on TwitterMore under: Cyberattack, Security

The post Exploiting the Firewall Beachhead: A History of Backdoors Into Critical Infrastructure appeared first on iGoldRush Domain News and Resources.

Domain Name Insurance

Robbie Ferguson Robbie Ferguson: Today:   Contacting end-users email, How NOT to get flagged as spam / What do you do when an end-user doesn’t respond? / Is it better to use a .com or a .org for a charity...

The post Domain Name Insurance appeared first on iGoldRush Domain News and Resources.

Les 3 sex* : un nouveau magazine web sur le sexe, la sexualité et la ... - ICI.Radio-Canada.ca


ICI.Radio-Canada.ca

Les 3 sex* : un nouveau magazine web sur le sexe, la sexualité et la ...
ICI.Radio-Canada.ca
Cette revue web sexologique a été lancée la semaine dernière par trois étudiantes en sexologie, Marion Bertrand-Huot, Sophie Morin et Paméla Plourde. La publication, dont l'astérisque dans le nom réfère aux recherches bibliographiques en sexologie, ...

Météo : Dark Sky dispo sur le web à défaut d'être dans l'App Store ... - iGeneration


iGeneration

Météo : Dark Sky dispo sur le web à défaut d'être dans l'App Store ...
iGeneration
Cette web app — qui est en fait une évolution de Forecast.io avec une nouvelle marque — a été lancée pour faire connaître plus largement Dark Sky, a indiqué son cofondateur Adam Grossman à Mashable. C'est aussi un moyen de profiter sur grand écran ...

Two-Letter .Com Changes Hands for $650,000 to Take Top Spot on This Week’s Sales Chart

DNJournal DNJournal: When a two-letter com changes hands you can count on the deal coming with a high price tag. The latest example of that is a $650,000 transaction that sent another one of those prime assets to a buyer in China. Four of the year's eight biggest sales ...

The post Two-Letter .Com Changes Hands for $650,000 to Take Top Spot on This Week’s Sales Chart appeared first on iGoldRush Domain News and Resources.

Intelligence artificielle : les géants du Web lancent un partenariat sur ... - Le Monde


Le Monde

Intelligence artificielle : les géants du Web lancent un partenariat sur ...
Le Monde
Les questions éthiques se font de plus en plus pressantes à mesure que l'intelligence artificielle progresse. Manon Louvard / « Le Monde ». A l'heure où les technologies d'intelligence artificielle (IA) progressent à grands pas, soulevant quelques ...

et plus encore »

Romain Ughetto : nous avons (déjà) vu sa web série ! - aficia


Romain Ughetto : nous avons (déjà) vu sa web série !
aficia
En effet, le jeune chanteur annonce une web série et c'est (déjà) à découvrir sur aficia. Romain Ughetto, c'est le jeune auteur, compositeur et interprète, qui avait fait ses armes dans le groupe de rock californien Teddy's Noisy, puis dans le groupe ...

AUCTION RECAP OF SEPTEMBER 27, 2016

Domain Shane Domain Shane: A comprehensive look at the final auction prices, closeouts and more from the auction list posted on September 27, 2016. 
If you would like to submit names to be considered for inclusion in the upcoming October DSAD Namejet auction you can list them here or use the white button at the top right of the page.  The commission is the standard Namejet 15%, and we will be marketing the names at no additional cost to you.
If there is an asterisk (*) next to a price, it means that the name was at auction from a private seller (rather than an expiring name) and may have had a reserve.  I’m only showing where the price was when the auction ended, but the name may not have sold if a reserve was in place.
Save Money With Daddy Bulk Domain Registration

FLIPPA and SEDO

OnlineClothes.com
Ended unsold at $100
MrHelp.com
Ended unsold
MrBrand.com
Ended unsold at $250

Namejet

I rarely have final prices for the Namejet names on the list, because they usually do not end the same day as they are posted to the list.  For now, instead of posting the list with no prices, I’ll post the top 10 Namejet sales for yesterday as listed on Namebio.
xsxx.com $7,755
budgethotel.com $5,766
ibcm.com $3,750
kbkk.com $3,312
fanco.com $3,012
bydw.com $2,983
nyzz.com $2,766
unisun.com $2,150
ataraxia.com $2,110
bkln.com $2,100
The post AUCTION RECAP OF SEPTEMBER 27, 2016 appeared first on Domain Shane and Accidental Domainer.

The post AUCTION RECAP OF SEPTEMBER 27, 2016 appeared first on iGoldRush Domain News and Resources.

ClintonKaine.com VS TrumpPence.com

NameTalent NameTalent: The winner….. Donald Trump, because he owns both of them. ClintonKaine.com and TrumpPence.com represent the combination of last names for both Democrat and Republican presidential candidates and their respective VP nominees. The Trump campaign did not hand register either of these domains, they were both purchased this year.  So, what is premium presidential domain name […]

The post ClintonKaine.com VS TrumpPence.com appeared first on iGoldRush Domain News and Resources.

These end users just bought domain names

Domain Name Wire Domain Name Wire: A flooring company, insurance provider and payments business bought domain names. I don’t have many end user sales to report at Sedo from the past week. This isn’t due to a lack of sales; a higher-than-usual number are still in escrow. Next week I’ll go back and recheck the domains to add them to the […]
The post These end users just bought domain names appeared first on Domain Name Wire | Domain Name News & Views.

The post These end users just bought domain names appeared first on iGoldRush Domain News and Resources.

Web.com Tour Championship : Grégory Bourdy se tourne vers d ... - Fédération Française de Golf


Fédération Française de Golf

Web.com Tour Championship : Grégory Bourdy se tourne vers d ...
Fédération Française de Golf
Préférant se consacrer pleinement au circuit européen, Grégory Bourdy ne participera pas la semaine prochaine au Web.com Tour Championship, la finale de ...
Le Figaro Golf - Flash - Web.com : Bourdy jette l'épongeLe Figaro

2 autres articles »

Increasing the Strength of the Zone Signing Key for the Root Zone, Part 2

CircleID CircleID: A few months ago I published a blog post about Verisign's plans to increase the strength of the Zone Signing Key (ZSK) for the root zone. I'm pleased to provide this update that we have started the process to pre-publish a 2048-bit ZSK in the root zone for the first time on Sept. 20. Following that, we will publish root zones with the larger key on Oct. 1, 2016.

To help understand how we arrived at this point, let's take a look back.

Beginning in 2009, Verisign, the Internet Corporation for Assigned Names and Numbers (ICANN), the U.S. Department of Commerce, and the U.S. National Institute of Standards and Technology (NIST) came together and designed the processes and plans for adding Domain Name System Security Extensions (DNSSEC) to the root zone. One of the important design choices discussed at the time was the choice of a cryptographic algorithm and key sizes. Initially, the design team planned on using RSA-SHA1 (algorithm 5). However, somewhat late in the process, RSA-SHA256 (algorithm 8) was selected because that algorithm had recently been standardized, and because it would encourage DNSSEC adopters to run the most recent name server software versions.

One of the big unknowns at the time revolved around the size of Domain Name System (DNS) responses. Until DNSSEC came along, the majority of DNS responses were relatively small in size and could easily fit in the 512-byte size limit imposed by the early standards documents (in order to accommodate some legacy internet infrastructure packet size constraints). With DNSSEC, however, some responses would exceed this limit. DNS operators at the time were certainly aware that some recursive name servers had difficulty receiving large responses, either because of middleboxes (e.g., firewalls) and gateways that (incorrectly) enforced the 512-byte limit, blocked IP fragments or blocked DNS over Transmission Control Protocol (TCP). This uncertainty around legacy system support for large packets is one of the reasons that the design team chose to use a 1024-bit ZSK for the root zone, and also why NIST's Special Publication 800-57 Part 3 recommended using 1024-bit ZSKs through October 2015.

A number of things have changed since that initial design. 1024-bit RSA keys have fallen out of favor: The CA/Browser forum, for example, deprecated the use of 1024-bit keys for SSL as of 2013. This event caused many in the community to begin the transition away from 1024-bit keys.

Additionally, operational experience over the years has shown that the DNS ecosystem, and perhaps more importantly, the underlying IP network infrastructure, can handle larger responses due to longer key sizes. Furthermore, there is increased awareness that when DNSSEC signature validation is enabled, a recursive name server might need to rely on either fragmentation of large packets, or the transport of DNS messages over TCP.

Today, more than 1,300 top-level domains (TLDs) are signed with DNSSEC. Of these, 97 are already using 2048-bit RSA keys for zone signing. Furthermore, more than 200 TLDs have recently published zones whose DNSKEY response size exceeds 1500 bytes.

For these reasons, now is an appropriate time to strengthen the DNS by increasing the root zone's ZSK to 2048-bits. Our colleagues at ICANN agree. According to David Conrad, ICANN's CTO, "ICANN applauds Verisign's proactive steps in increasing the length of the ZSK, thereby removing any realistic concern of root zone data vulnerability. We see this, along with ICANN's updating of the Key Signing Key scheduled next year, as critical steps in ensuring the continued trust by the internet community in the root of the DNS."

To raise awareness among the network and DNS operations communities of this improvement to the security of the internet's DNS, we presented our plans at the DNS-OARC, NANOG, IETF, RIPE and ICANN meetings; and will continue to post updates on the NANOG, dns-operations, and dnssec-deployment mailing lists, and share updates through the Verisign blog.

Verify Your Network's Capabilities

It is important to ensure that internet users are able to receive larger responses when they are seen, including signatures from 2048-bit ZSKs. To that end, Verisign has developed a web-based utility that can be used to verify your network and name server's ability to receive larger, signed responses.

If you'd like to ensure your systems are ready for this security upgrade, visit keysizetest.verisignlabs.com to perform the verification. The page will load a small image file in the background from a number of subdomains, each signed with different ZSK and KSK parameters. The results are displayed on a table, and a successful test should look like this:

Click to Enlarge

If you see different results, you should investigate as described on the web page. If you are unable to solve problems related to resolution of domains signed with large DNSSEC keys, send an email to Verisign at info@verisign-grs.com.

Deployment Schedule

Both Verisign and ICANN have already spent a significant amount of time on development and testing of their systems to support 2048-bit ZSKs. Signatures over the sets of keys have already been generated at two signing ceremonies this year. The next steps are:

Sept. 20: The first 2048-bit ZSK will be pre-published in the root zone. This follows the normal process for quarterly ZSK rollovers whereby incoming ZSKs are pre-published for a period of approximately 10 days. Should any unforeseen problems arise during this time, Verisign has the ability to "unpublish" the new ZSK and continue using the old (smaller) one.
Oct. 1: Verisign will publish the first root zone signed with a 2048-bit ZSK. The outgoing 1024-bit ZSK will remain in a post-publish state for approximately 30 days. Similarly, should any unforeseen problems arise during this time, Verisign has the ability to revert to signing with the previous 1024-bit ZSK.
Click to Enlarge

Please take a few moments and verify that your systems are properly provisioned by visiting keysizetest.verisignlabs.com. If you have any concerns that you'd like to make Verisign aware of, please contact us at info@verisign-grs.com.
Written by Duane Wessels, Principal Research Scientist at VerisignFollow CircleID on TwitterMore under: DNS, DNS Security, Security

The post Increasing the Strength of the Zone Signing Key for the Root Zone, Part 2 appeared first on iGoldRush Domain News and Resources.

Live Streaming !