Latest articles in ‘Industry’

  1. What is web users tracking and why (and how) you should care

    Published: Mon 21 May 2018 in Cookbook.

    For a lot of people, web users tracking remains something quite abstract, vaguely related to the ads displayed on websites, ads seemingly necessary to help the websites authors to make the website survive. They often also know that these ads often revolve around their centers of interests, like a seller in a shop where you have your habits and advising you on the products most suited to your tastes.

    But all this is just the tip of the iceberg of a poorly legislated and controlled multi-billion dollars industry, in which advertisement is not the goal anymore but just a mean among others to make money.

    The product is not what the ads try to sell you anymore, the product is you.

    In this article, I try to uncover an industry crafted around the question how to extract as much information as possible from people’s lives and make profit out …

  2. Why making good software is deemed not profitable

    Published: Thu 23 November 2017 in Opinions.
    You thought that large companies have the means to produce high quality software? The situation is a bit more complex, let me explain you why.

    Another company got caught his hand in the cookie jar, and this time we are not talking of the firmware of some cheap home router:

    CVE-2017-10151, CVSS 3.0 Base Score 10.0:

    Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are, and

    Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager.

    While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products.

    Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager.

    The issue is pretty simple: Oracle added a default account with administrative privileges and hardcoded credentials to their product to alleviate development work. This what is commonly called a backdoor.

    While there is obviously no statistics available about such practices …

  3. Mr. Robot (TV show by Sam Esmail, 2015)

    Published: Wed 22 November 2017 in Library.
    A review on 'Mr. Robot' TV series, which started with a very engaging first season but sadly seems to wither away.

    Mr. Robot is an interesting project trying to create a television series featuring accurate “hacking” techniques and real-life events, as opposed to most “hacker” movies and series which just project the general public phantasms on the screen.

    I used to redirect people asking me for some “hacking trick” to this series, and several websites and blogs use it as a illustration to provide fundamental knowledge in IT security and help people take conscience of various risks.

    As I write this post, we have now reached the middle of the third season, and while I was and still am very enthusiastic regarding the first season my feeling are now more than mitigated about its sequel.


    For those who haven’t seen this series yet, I won’t get into any storyline details here, except a bit when listing some season 3 issues. Most of this post should be spoiler-free, however …

  4. NSA and Microsoft, toward a tighter “collaborative teamwork”?

    Published: Tue 16 May 2017 in Opinions.
    An history of forced love and denial between the National "Security" Agency and large corporations.

    This article is somewhat a sequel of my thoughts about the Wannacry case.

    The NSA relies on a large database of undisclosed and unfixed software vulnerabilities database to allow them to hack their way into any system either deemed hostile or useful for their intelligence gathering. As explained by explained by the former NSA director Michael Hayden:

    If the agency thinks that no one else will be able to exploit a vulnerability, it leaves the problem unfixed to aid in its own spying efforts.

    It is only if the NSA estimates that the exploit may be known to someone else, and therefore represents a potential risk to the US safety, that they will inform the vendor for the vulnerability to get fixed.

    It may happen that sometime this process gets a hiccup, with a vendor interfering with NSA activity like it most probably happened to Microsoft with the MS08-067 …

Popular tags see all