The newly elected coalition government of the German state of Badem-Württemberg wants to use open source software wherever appropriate, according to its coalition agreement.

The search giant is massive in size, and there is a good chance you tap into Googleverse in some way:

Global market penetration for Android is 61-81%.
Google has a 78.8% market share for online search.
The company generates $67.4 billion in annual ad revenue.
Google processes two trillion searches annually.
30-50 million websites use Google Analytics to for tracking.
There are 700,000 apps available in the Google Play store.
82% of videos watched online come from YouTube.
In total, Google has at least 79 products and services.

According to Google’s documentation, it uses these services to pull out information on the “things you do”, “things you create”, and the things that make you unique.

Au terme de sept ans d’enquête, l’Union européenne a condamné Google, mardi 27 juin, à une amende record de 2,42 milliards d’euros pour abus de position dominante.

Si la question de la fiscalité est vivement débattue sur la scène internationale, ces débats n’en freinent pas pour autant les pratiques d’optimisation fiscales des géants du Web, dont Google dont le niveau d’imposition hors des US n’a été que de 2,6% en 2012. Le moteur tente de se défendre...

Les internautes français sont loin d’avoir renoncé à protéger leur vie privée en ligne, selon une étude.

Ces données, disponibles sur le Web sans protection, comportaient à la fois des données publiques, comme le nom et l’adresse de tous les inscrits sur les listes électorales de chaque Etat américain, mais également des données plus sensibles.

L'Europe sévèrement touchée

Mexico’s most prominent human rights lawyers, journalists and anti-corruption activists have been targeted by advanced spyware sold to the Mexican government on the condition that it be used only to investigate criminals and terrorists.

The targets include lawyers looking into the mass disappearance of 43 students, a highly respected academic who helped write anti-corruption legislation, two of Mexico’s most influential journalists and an American representing victims of sexual abuse by the police. The spying even swept up family members, including a teenage boy.

Since 2011, at least three Mexican federal agencies have purchased about $80 million worth of spyware created by an Israeli cyberarms manufacturer. The software, known as Pegasus, infiltrates smartphones to monitor every detail of a person’s cellular life — calls, texts, email, contacts and calendars. It can even use the microphone and camera on phones for surveillance, turning a target’s smartphone into a personal bug.

Le fabricant néerlandais Fairphone lance Fairphone Open, une version ouverte d’Android 6 Marshmallow. Il indique que cette version d'Android, avec un code source ouvert, est livrée sans les services mobiles de Google (Google Mobile Services, GMS) alors que le système d'exploitation standard de Fairphone est livré avec ces options.

Qwant annoncé sur le Fairphone 2

Examples abound of leading tech companies that have adopted open source strategy and contribute actively to open source tools and communities.

Latest Vault7 release exposes network-spying operation CIA kept secret since 2007.

Microsoft says it is releasing updates for Windows XP, Windows Vista, and all other more recent unsupported and supported versions of Windows due to an “elevated risk” of attacks that are similar to the WannaCry malware.

Google’s ad blocker, far from a benign offering, is another step toward dominating the internet itself.

Another round of crappy journalism. It's not obscure, it's not a CPU feature but a platform feature, and there are plenty of out-of-band communication channels out there, this isn't the only one. On top of that, this was already published two DEF CONs ago.

You can exfil data and even do practival bi-directional communication over: SOL, IPMI, ASF, MT's ARC CPU via injected firmware and then via TCP/IP. Any of them will work. Add vendor-specific firmware addons on top of that (i.e. Broadcom tends to have exploitable firmware in their NIC controllers)

Most of them are in a vulnerable state by default because the technology was supposed to be 'easy' and 'user friendly', but 'users' don't even know what they are, and most deployments are done by the WinTel horde that doesn't actually know anything outside the Microsoft framework. (and thus leave the defaults as-is)

I probably posted something similar on https://news.ycombinator.com/item?id=11913379

Is it bad? Yes. Is it new? No. Is it ever reported on correctly? Also no.

Après la fin de la présidentielle et l’ouverture de la campagne pour les législa­tives, les analystes politiques s’accordent à dire que l’utilisation des données numériques a été une composante essentielle de la victoire d’Emmanuel Macron. Cependant, cet usage du big data n’est pas sans contrepartie légale, surtout si elle vise les données personnelles des citoyens à des fins politiques.

La politique s’est adaptée à la transition numérique. La tendance est à la prospection ciblée, en face-à-face, et non plus en ligne (« du virtuel au réel »). Cette prospection en « porte-à-porte » a été la base de la campagne victorieuse de notre nouveau président. Le logiciel électoral Cinquante plus un, développé par MM. Liegey, Muller et Pons, les trois fondateurs de la start-up qui porte leurs initiales, LMP, peut s’attribuer une part de la victoire de M. Macron. Ce logiciel, à partir des données personnelles et démographiques recueillies, découpe la France en 67 000 zones correspondant aux bureaux de vote, et détermine le comportement électoral de la population.

Selon le livre de référence en marketing politique, Get Out the Vote ! (Donald P. Green et Alan S. Gerber, professeurs de science politique à Yale), un parti politique peut faire changer l’avis d’un électeur sur quatorze par le biais du porte-à-porte, contre un sur trente-huit au téléphone. Le logiciel établit à partir de ces données trois catégories d’électeurs potentiels : les « indécis », les « à persuader » et les « abstentionnistes ». Mais il permet aussi d’établir leur ­proportion dans chacune des circonscriptions françaises, ainsi que le pourcentage de chances de chaque électeur de voter pour tel ou tel candidat.

Anxiety, depression, sleep deprivation, and body-images issues are among the perverse effects of social media, a new report states.

Des chercheurs ont mis à jour un malware intégré à une quarantaine d'applications du Play Store et qui pourrait avoir touché jusqu'à 36,5 millions d'utilisateurs. Des applications malveillantes spécialisées dans la fraude au clic publicitaire qui, depuis, ont été supprimées par Google.

The autonomous region of Galicia (Spain) will this year migrate at least one-thousand government workstations to exclusively use the LibreOffice open source suite of office solutions, it announced on 30 April. The government also said it would start raising awareness among the region's public administrations about the advantages of sharing, and promoting the reuse of ICT solutions. The government has reserved a 147,000 euro budget for this year's free software actions.

In Kiev, the capital of Ukraine, A.T.M.s stopped working. About 80 miles away, workers were forced to manually monitor radiation at the old Chernobyl nuclear plant when their computers failed. And tech managers at companies around the world — from Maersk, the Danish shipping conglomerate, to Merck, the drug giant in the United States — were scrambling to respond. Even an Australian factory for the chocolate giant Cadbury was affected.

It was unclear who was behind this cyberattack, and the extent of its impact was still hard to gauge Tuesday. It started as an attack on Ukrainian government and business computer systems — an assault that appeared to have been intended to hit the day before a holiday marking the adoption in 1996 of Ukraine’s first Constitution after its break from the Soviet Union. The attack spread from there, causing collateral damage around the world.

De gros efforts à fournir sur la réparabilité

Un virus informatique de type « ransomware », qui chiffre le contenu d’un ordinateur pour le rendre inutilisable jusqu’au paiement d’une rançon, paralyse le fonctionnement de très nombreuses entreprises dans le monde, mardi 27 juin.

D’une part, Gmail va continuer à afficher de la publicité ciblée. Parce que c’est leur modèle commercial (88% de leurs revenus, quand même). Et ça risque de durer, même s’ils essayent de les diversifier.

D’autre part, Google va continuer à lire votre courrier, à vous et au 1,2 milliard d’utilisateurs. Pour en savoir toujours plus sur vous, vos centres d’intérêts, les personnes avec qui vous échangez et de quoi vous parler. Seulement, ils en savent déjà suffisamment par ailleurs pour cible leur publicité à partir d’autres sources comme vos recherches Google Search, votre position GPS via Google Maps, votre téléphone Android, vos clics sur les publicités, votre historique de navigation Chrome, etc.

Enfin, il va bien falloir croire Google sur parole, parce que leur code source est propriétaire et qu’il tourne sur leurs serveurs.

Summary I’ve discovered 4 important security vulnerabilities in OpenVPN. Interestingly, these were not found by the two recently completed audits of OpenVPN code. Below you’ll find most…

Are algorithms as neutral as we often believe? Learn more about Mathwashing, explained in one simple page.

In what is the largest known data exposure of its kind, UpGuard’s Cyber Risk Team can now confirm that a misconfigured database containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump. The data, which was stored in a publicly accessible cloud server owned by Republican data firm Deep Root Analytics, included 1.1 terabytes of entirely unsecured personal information compiled by DRA and at least two other Republican contractors, TargetPoint Consulting, Inc. and Data Trust. In total, the personal information of potentially near all of America’s 200 million registered voters was exposed, including names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as “modeled” voter ethnicities and religions.

This disclosure dwarfs previous breaches of electoral data in Mexico (also discovered by Vickery) and the Philippines by well over 100 million more affected individuals, exposing the personal information of over sixty-one percent of the entire US population.

Ces guides d'accompagnement présentent les considérations et principes permettant de créer un document bureautique accessible, assortis de conseils et procédures non normatifs pour les mettre en œuvre.

While stuck in I-66 traffic one morning, a colleague and I had a vigorous debate on the merits of open-source versus proprietary (commercial) software. I was left with the realization of how much misinformation still persists about this particular subject.

The app, which has become popular with terrorists, was once run in part from a Buffalo, N.Y., office.

The KeePass audit went through all 84622 lines of code and found no critical or high-risk issues in the code. It did find five medium rated, three low rated, and six information only rated issues however.

A fake social network might be the only thing your smartphone needs.

The Financial Times reports big internet companies are paying Adblock Plus "30% of additional revenues" they would make from ads being unblocked.

Backdoor tied to espionage campaign that has targeted governments in 45 countries.

Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool.

Because of the way the Intel AMT SOL technology works, SOL traffic bypasses the local computer's networking stack, so local firewalls or security products won't be able to detect or block the malware while it's exfiltrating data from infected hosts.

In March, the government of the Slovak Republic officially approved its 2014 guideline on ICT standards. The guide provides detailed instructions for public sector organisations, including mandating making future desktop software solutions platform independent, and making new browser plug-ins and client applications available as open source.

The Open Source Survey is an open data project by GitHub and collaborators from academia, industry, and the broader open source community.

The majority of your payload will not come from the operating system, or desktop but from the applications. Web browsers and sites are heavy these days and Chrome or Firefox will easily consume more RAM than your operating system and desktop altogether.

In the shot below we have Chrome running with 3 tabs, LibreOffice Writer with an empty document and GIMP without any image file opened. Combined they are already taking about 400 megs and the number will grow a lot once you get going with your work, whatever it is. So if you want to save some RAM, you need to choose lighter weight applications, but they are rarely full-featured.

Of all the archives we've surveyed, none has seemed vaster than Europeana Collections, a portal of

OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data.

We know of victims who don’t use M.E.Doc and have no obvious connections to Ukraine. Yet they were infected during Tuesday’s outbreak. This mystery is one of the factors that have kept us from jumping on the conspiracy train. And we still don’t have answers here.

Plusieurs grands groupes français ont dû faire face au virus qui s’est diffusé très rapidement mardi.

A major ransomware attack has brought businesses to a close throughout Europe, in an infection reminiscent of last month’s WannaCry attack. The most severe damage is being reported by Ukrainian businesses, with systems compromised at Ukraine’s central bank, state telecom, municipal metro, and Kiev’s Boryspil Airport. Systems were also compromised at Ukraine’s Ukrenego electricity supplier, although a spokesperson said the power supply was unaffected by the attack.

The attack has even affected operations at the Chernobyl nuclear power plant, which has switched to manual radiation monitoring as a result of the attack. Infections have also been reported in more isolated devices like point-of-sale terminals and ATMs.

The virus has also spread internationally. The Danish shipping company Maersk has also reported systems down across multiple sites, including the company’s Russian logistics arm Damco. The virus also reached servers for the Russian oil company Rosneft, although it’s unclear how much damage was incurred. There have also been several recorded cases in the United States, including the pharmaceutical company Merck, a Pittsburgh-area hospital, and the US offices of law firm DLA Piper.

Un ancien ingénieur d’un fournisseur de compteurs intelligents a piraté des stations de base bloquant ainsi la collecte de données. Il vient d’être condamné.

Pour la publicité ciblée comme pour les campagnes électorales, les informations concernant notre activité en ligne sont très prisées sur le marché des données personnelles. Pour beaucoup, la sécurité de l’information et la protection des données sur internet semblent certes être des sujets importants mais souvent trop techniques voire ennuyeux. Mais devons-nous nous résilier à laisser nos données personnelles à la portée de n’importe qui sur la toile ? Informaticien français basé à Prague, Jerôme Poisson apporte une réponse : selon lui, la perte de la vie privée n’est pas inévitable.

Google renonce à lire les e-mails de ses utilisateurs pour afficher des publicités ciblées. Vendredi 23 juin, le géant du Web a annoncé qu’il allait abandonner, au cours des prochains mois, cette pratique très controversée. Cela ne signifie pas pour autant que les publicités vont disparaître de Gmail, son service de courriers électroniques. Mais simplement que leur ciblage s’effectuera grâce aux données personnelles récoltées sur d’autres services maison, comme son moteur de recherche et YouTube.

Social Cooling describes how big data and a lack of privacy is greatly increasing pressure to conform.

Les pires craintes se transforment parfois en réalité. Un malware d'un nouveau genre, qui cible les infrastructures d'apprivisionnement électrique, a été détecté par deux entreprises spécialisées : ESET et Dragos Security. S'il n'a été utilisé qu'à petite échelle jusqu'à présent, il a été conçu de manière à pouvoir infiltrer et saboter presque n'importe quel réseau électrique en Europe. Et ce, de manière quasi-automatique. Un scénario catastrophe qui semble malheureusement de plus en plus plausible.

Pas d'établissement stable dans le pays

In today's open source roundup: A redditor wants to know why open source software is more secure. Plus: Mozilla releases Firefox 41. And Fedora 23 beta released.

This could be a huge deal as Amazon seeks to buy Whole Foods.

Pavel Durov, the Russian founder of the popular secure messaging app Telegram has revealed in a series of tweets that U.

There are a few other niche computer vendors that sell computers that come with Linux pre-loaded, including ZaReason, System76, and ThinkPenguin. But Dell is one of the only major PC companies to offer Ubuntu versions of high-end laptops that it also sells with Windows.

A weblog about Signals Intelligence, Communications Security and top level telecommunications equipment

Les employés de Yahoo! n'étaient, eux, pas pressés que les choses avancent. En effet, 2 000 postes vont être supprimés au sein de la structure une fois le rachat bouclé. Cela représentera environ 15 % des effectifs de Yahoo!. Ce qu'il restera alors de Yahoo! sera renommé Altaba. Son activité sera celle d'une holding, dont les deux principaux actifs seront les 35,5 % de parts détenues dans Yahoo! Japan et une participation dans l'énorme groupe chinois Alibaba.

“Pour ce qui est des perquisitions administratives, c’est là encore un copié collé de l’état d’urgence. Ainsi l’exploitation des données numériques, des ordinateurs et autres téléphones portables saisis sera soumise à l’autorisation du seul juge administratif, et non d’un juge judiciaire.” Rendez-vous compte un instant, il serait permis à la police, sous aucune autre autorité que celle du Ministère de l’Intérieur, d’avoir accès à l’entièreté de la vie numérique d’une personne suspecte (réfléchissez un instant à tout ce que contiennent comme informations vos téléphones et ordinateurs). Pour des suspects de terrorisme, me direz-vous ? Oui, sauf que sous l’état d’urgence, des perquisitions administratives abusives ont été relevées en nombre.

SeaGlass is a system designed by security researchers at the University of Washington to measure IMSI-catcher use across a city.   Cellular sensors are built from off-the-shelf parts and installed into volunteers’ vehicles Sensor data is continuously uploaded from vehicles and aggregated into a city-wide view Algorithms find anomalies in the cellular network that indicate IMSI-catchers

Vingt-six gigaoctets de documents d’un sous-traitant des agences de renseignement étaient stockés sur un serveur Amazon public.

official CardBook repository (addon for Thunderbird)

Dave Winer won’t link to Facebook posts from his blog. I don’t either.

In a crime case, investigators don't have access to "the truth"—the data, if you will. All they have are clues which can be put together to make as perfect a guess as possible as to what the nature

We show that the MEMS gyroscopes found on modern smart phones are sufficiently sensitive to measure acoustic signals in the vicinity of the phone. The resulting signals contain only very low-frequency information (< 200 Hz). Nevertheless we show, using signal processing and machine learning, that this information is sufficient to identify speaker information and even parse speech. Since iOS and Android require no special permissions to access the gyro, our results show that apps and active web content that cannot access the microphone can nevertheless eavesdrop on speech in the vicinity of the phone.