Bookmarks - wr0ng.name

Chiffrer.info – Parce que les mots sont importants

Tue Nov 28 13:30:03 2017

ON DIT CHIFFRER, ET PAS CRYPTER. :-)

Les conseils de la CNIL pour un bon mot de passe | CNIL

Tue Oct 17 13:34:15 2017

Pour accéder à nos comptes en ligne, nous utilisons souvent des mots de passe « faibles » ou le même mot de passe sur plusieurs comptes. Voici quelques astuces pour gérer ses mots de passe personnels en toute sécurité.

FIRST Best Practices Guide

Thu Sep 14 10:51:06 2017

It is a complicated, arduous, and time-consuming task for even experienced system administrators to know what a reasonable set of security settings is for any operating system. Thus, the FIRST Best Practice Guide Library intends to assist FIRST Team Members and public in general in configuring their systems securely by providing configuration templates and security guidelines.

Also, this initiative aims at recognizing FIRST members' work and promote it outside the FIRST community.

Keylength - BSI Cryptographic Key Length Report (2017)

Fri Jun 23 10:06:59 2017

In most cryptographic functions, the key length is an important security parameter. Both academic and private organizations provide recommendations and mathematical formulas to approximate the minimum key size requirement for security. Despite the availability of these publications, choosing an appropriate key size to protect your system from attacks remains a headache as you need to read and understand all these papers.
This web site implements mathematical formulas and summarizes reports from well-known organizations allowing you to quickly evaluate the minimum security requirements for your system. You can also easily compare all these techniques and find the appropriate key length for your desired level of protection. The lengths provided here are designed to resist mathematic attacks; they do not take algorithmic attacks, hardware flaws, etc. into account.

NSA OSS Technologies

Mon Jun 19 14:28:26 2017

THE TECHNOLOGIES LISTED BELOW were developed within the National Security Agency (NSA) and are now available to the public via Open Source Software (OSS). The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace. OSS invites cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community’s enhancements to the technology.

Spotting the Adversary with Windows Event Log Monitoring (v2)

Mon Jun 19 14:26:59 2017

This paper focuses on using the built-in tools already available in the Microsoft Windows operating system (OS). Central event log collection requires a Windows Server operating system version 2003 R2 or above. Many commercially available tools exist for central event log collection. Using a Windows Server 2008 R2 or above server version is recommended. There are no additional licensing costs for using the event log collection feature. The cost of using this feature is based on the amount of additional storage hardware needed to support the amount of log data collected. This factor is dependent on the number of workstations within the local log collection network.

Download Windows 10 and Windows Server 2016 security auditing and monitoring reference from Official Microsoft Download Center

Mon Jun 19 14:24:57 2017

You can record and store security audit events for Windows 10 and Windows Server 2016 to track key system and network activities, monitor potentially harmful behaviors, and mitigate risks. You control the amount of data you collect by controlling the categories of security events you audit, for example, changes to user account and resource permissions, failed attempts to access resources, and attempts to modify system files. The reference in this download can help you decide what to monitor and how to interpret the data you collect.

Symfony Best Practices (current)

Wed May 10 13:18:45 2017

Discover the best practices that fit the philosophy of the framework as envisioned by its original creator Fabien Potencier. Learn a new pragmatic vision for Symfony application development and boost your productivity.

La Méthode R.A.C.H.E - International Institute of La RACHE

Fri Apr 28 16:26:18 2017

Le but de l’IILaR est de promouvoir la méthodologie de La RACHE. La RACHE, solution globale de génie logiciel, est un ensemble de techniques, de méthodes et de bonnes pratiques décrivant - des spécifications à la maintenance - comment produire du logiciel dans des conditions à peu près satisfaisantes et approximativement optimales.

Top 10 Developer Crypto Mistakes

Wed Apr 26 20:08:22 2017

After doing hundreds of security code reviews for companies ranging from small start-ups to large banks and telcos, and after reading hundreds of stack overflow posts on security, I have composed a list of the top 10 crypto problems I have seen.

The Power of 10: Rules for Developing Safety- Critical Code

Wed Mar 15 12:31:52 2017

Adhering to a set of 10 verifiable coding rules can make the analysis of critical software components more reliable.

Gerard J. Holzmann
NASA/JPL Laboratory for Reliable Software

http://ieeexplore.ieee.org/abstract/document/1642624/

posters/accessibility at master · UKHomeOffice/posters · GitHub

Tue Dec 13 14:54:13 2016

Home Office Digital repository of posters covering different topics - research, access needs, accessibility, design.