ungars

Bonjour en ayant branché mon PC du boulot sur la BOX, je vois dans l'explorateur de fichiers un truc intitulé "LaBox53C" avec comme adresse IP révélée par les propriétés 192.168.0.12:9000 ! Je m'y connecte et j'obtiens ce qui est dans la pièce jointe. Il parait que ce serait une sorte de serveur multimédia...N'ayant jamais initialisé le disque dur de ma Box, bof...Je vais dans l'utilitaire de réseau et fait un scan de ports, et j'obtiens : tcp4 0 0 192.168.0.16.49513 192.168.0.12.cslistener TIME_WAIT tcp4 0 0 192.168.0.16.49514 192.168.0.12.cslistener TIME_WAIT tcp4 0 0 192.168.0.16.49509 192.168.0.12.cslistener TIME_WAIT tcp4 0 0 192.168.0.16.49511 192.168.0.12.cslistener TIME_WAIT tcp4 0 0 192.168.0.16.49510 192.168.0.12.cslistener TIME_WAIT tcp4 0 0 192.168.0.16.49508 192.168.0.12.cslistener TIME_WAIT tcp4 0 0 192.168.0.16.49507 192.168.0.12.etlservicemgr TIME_WAIT Bref, on trouve des truc bizarres quand on passe par Windows : les répertoires où sont stockées les photos et vidéos, les seuls en accès "libres" et c'est tordu du bulbe...

Hélas, cela n'a rien changé. Il semble que pour les anciens iPhone (3GS) cela ne soit pas prévu : le mot de passe est bel et bien perdu...

Bonjourje viens de voir que j'ai oublié mon pot de passe des sauvegardes chiffrées dans iTunes 12.7.3.46...Il serait stocké ailleurs que dans le Trousseau ??? Celui du compte Apple ne passe pas...Merci de votre aide. PS : après recherche, ce mot de passe serait stocké sur l'iPhone. C'est un mobile que ma fille m'a refilé. Elle me dit avoir suivi la procédure officielle : https://support.apple.com/fr-fr/HT201351

Bonjour quelqu'un a-t'il déjà utilisé Python avec Visual Studio Code ? Comment utiliser celle de python déjà installée ? il y a des extensions, mais quel est l'impact sur un système déjà équipé ? Il s'agit d'éviter de rendre le système complètement instable...Sachant qu'il y a la version 2.7.10 déjà installée, et que la nouvelle est la 3... Merci de vos avis.

Ah ben ! L'ancien ne fonctionnait plus trop en effet !

Bonjour j'ai constaté ceci dans les logs : Process: com.piriform.ccleaner.CCleanerAgent [2865] Path: /Library/PrivilegedHelperTools/com.piriform.ccleaner.CCleanerAgent Identifier: com.piriform.ccleaner.CCleanerAgent Version: 1.17 Code Type: X86-64 (Native) Parent Process: launchd [1] Responsible: com.piriform.ccleaner.CCleanerAgent [2865] User ID: 0 Date/Time: 2020-03-06 19:04:56.719 +0100 OS Version: Mac OS X 10.13.4 (17E199) Report Version: 12 Anonymous UUID: <deleted> Time Awake Since Boot: 1900 seconds System Integrity Protection: enabled Crashed Thread: 0 Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: DYLD, [0x1] Library missing Application Specific Information: dyld: launch, loading dependent libraries Dyld Error Message: Library not loaded: @executable_path/../Frameworks/CCleanerLib.framework/Versions/A/CCleanerLib Referenced from: /Library/PrivilegedHelperTools/com.piriform.ccleaner.CCleanerAgent Reason: image not found Binary Images: 0x109ad5000 - 0x109ae1ff7 +com.piriform.ccleaner.CCleanerAgent (1.17) <5A7C3412-A73E-3E78-BB1C-C41D1967D8A1> /Library/PrivilegedHelperTools/com.piriform.ccleaner.CCleanerAgent 0x10d9c5000 - 0x10da0f9df dyld (551.3) <AFAB4EFA-7020-34B1-BBEF-0F26C6D3CA36> /usr/lib/dyld J'ai donc supprimé CCleaner (version gratuite) y compris "com.piriform.ccleaner.CCleanerAgent", car il y a un message chaque seconde dans la log malgré le fait que tout soit bien là où on l'attend !!! Juste un détail : l'application est dans un sous-répertoire de "/Applications". Une idée ? Merci d'avance.

Bonjour si vos connexions internet sont un peu chaotiques, est il utile de taper cette commande dans le terminal : sudo killall -HUP mDNSResponder ? Avec quels risques... A+

https://macbidouille.com/news/2019/12/09/une-faille-permet-de-detourner-des-connexions-vpn https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14899

Bonjour un article intéressant sur un aspect peu connu de MAC OS : Detection Of Backdating The System Clock In MacOS https://articles.forensicfocus.com/2018/01/31/detection-of-backdating-the-system-clock-in-macos/ Posted by Scar de Courcier⋅ January 31, 2018⋅Leave a comment Filed Under backdating, computer forensics, Digital Forensics, timestampsby Oleg Skulkin & Igor Mikhaylov Recently we received a good question from one of our DFIR mates: “How can one detect backdating of the system clock forensicating macOS?”. This is a really good question, at least for us, so we decided to research it. If we are talking about Windows system clock backdating there are a lot of information to help, for example, this SANS white paper by Xiaoxi Fan, but there is nothing about macOS.

Bonjour, présenté comme un service qui permet de faire du copier / coller entre 2 devices d'un utilisateur,Keyboardservicesd réalise aussi une connexion à un serveur APPLE sur le port 443. https://twitter.com/hashtag/keyboardservicesd?lang=frhttp://www.macinside.info/process.php?id=12415#https://forums.macrumors.com/threads/what-is-this-process-for.1979964/https://forums.developer.apple.com/thread/50426https://twitter.com/peter_tonoli/status/782452290938478593?lang=fr

Voilà une excellente interjection !

Faut pas pousser quand même. Ça devient indécent et franchement c** à ce niveau chez Apple.

J'ai ceci par l'Utilitaire Réseaux, onglet Netstat /var/run/vpncontrol.sock Je n'ai aucun VPN d'actif. Que faut-il alors en penser ? Vos avis ?

Active Internet connections (including servers)[/size] Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 192.168.0.10.49194 17.57.146.4.5223 ESTABLISHED tcp4 0 0 192.168.0.10.49152 17.242.177.95.5223 ESTABLISHED % IANA WHOIS server % for more information on IANA, visit http://www.iana.org % This query returned 1 object refer: whois.arin.net inetnum: 17.0.0.0 - 17.255.255.255 organisation: Apple Computer Inc. status: LEGACY whois: whois.arin.net changed: 1992-07 source: IANA # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/resources/registry/whois/tou/ # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ # # Copyright 1997-2019, American Registry for Internet Numbers, Ltd. # # # Query terms are ambiguous. The query is assumed to be: # "n + 17.242.177.95" # # Use "?" to get help. # NetRange: 17.0.0.0 - 17.255.255.255 CIDR: 17.0.0.0/8 NetName: APPLE-WWNET NetHandle: NET-17-0-0-0-1 Parent: () NetType: Direct Assignment OriginAS: Organization: Apple Inc. (APPLEC-1-Z) RegDate: 1990-04-15 Updated: 2017-07-08 Ref: https://rdap.arin.net/registry/ip/17.0.0.0 OrgName: Apple Inc. OrgId: APPLEC-1-Z Address: 20400 Stevens Creek Blvd., City Center Bldg 3 City: Cupertino StateProv: CA PostalCode: 95014 Country: US RegDate: 2009-12-14 Updated: 2017-07-08 Ref: https://rdap.arin.net/registry/entity/APPLEC-1-Z OrgAbuseHandle: APPLE11-ARIN OrgAbuseName: Apple Abuse OrgAbusePhone: +1-408-974-7777 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/APPLE11-ARIN OrgTechHandle: ZA42-ARIN OrgTechName: Apple Computer Inc OrgTechPhone: +1-408-974-7777 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ZA42-ARIN OrgTechHandle: RAUSC15-ARIN OrgTechName: Rauschenberg, David OrgTechPhone: +1-408-974-8678 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RAUSC15-ARIN RTechHandle: ZA42-ARIN RTechName: Apple Computer Inc RTechPhone: +1-408-974-7777 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/ZA42-ARIN RTechHandle: RAUSC15-ARIN RTechName: Rauschenberg, David RTechPhone: +1-408-974-8678 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/RAUSC15-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/resources/registry/whois/tou/ # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ # # Copyright 1997-2019, American Registry for Internet Numbers, Ltd. # % IANA WHOIS server % for more information on IANA, visit http://www.iana.org % This query returned 1 object refer: whois.arin.net inetnum: 17.0.0.0 - 17.255.255.255 organisation: Apple Computer Inc. status: LEGACY whois: whois.arin.net changed: 1992-07 source: IANA # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/resources/registry/whois/tou/ # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ # # Copyright 1997-2019, American Registry for Internet Numbers, Ltd. # # # Query terms are ambiguous. The query is assumed to be: # "n + 17.57.146.4" # # Use "?" to get help. # NetRange: 17.0.0.0 - 17.255.255.255 CIDR: 17.0.0.0/8 NetName: APPLE-WWNET NetHandle: NET-17-0-0-0-1 Parent: () NetType: Direct Assignment OriginAS: Organization: Apple Inc. (APPLEC-1-Z) RegDate: 1990-04-15 Updated: 2017-07-08 Ref: https://rdap.arin.net/registry/ip/17.0.0.0 OrgName: Apple Inc. OrgId: APPLEC-1-Z Address: 20400 Stevens Creek Blvd., City Center Bldg 3 City: Cupertino StateProv: CA PostalCode: 95014 Country: US RegDate: 2009-12-14 Updated: 2017-07-08 Ref: https://rdap.arin.net/registry/entity/APPLEC-1-Z OrgTechHandle: ZA42-ARIN OrgTechName: Apple Computer Inc OrgTechPhone: +1-408-974-7777 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ZA42-ARIN OrgAbuseHandle: APPLE11-ARIN OrgAbuseName: Apple Abuse OrgAbusePhone: +1-408-974-7777 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/APPLE11-ARIN OrgTechHandle: RAUSC15-ARIN OrgTechName: Rauschenberg, David OrgTechPhone: +1-408-974-8678 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RAUSC15-ARIN RTechHandle: ZA42-ARIN RTechName: Apple Computer Inc RTechPhone: +1-408-974-7777 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/ZA42-ARIN RTechHandle: RAUSC15-ARIN RTechName: Rauschenberg, David RTechPhone: +1-408-974-8678 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/RAUSC15-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/resources/registry/whois/tou/ # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ # # Copyright 1997-2019, American Registry for Internet Numbers, Ltd. # Donc 2 sites APPLE. 17.57.146.4, port 443, testée ainsi https://www.immuniweb.com/ssl/?id=zrCm3wbl et on apprend des choses pas clean sur la sécurité de ce site : The server's certificate is untrusted. Non-compliant with PCI DSS requirementsThe server has TLS 1.0 enabled. Since the 30th of June 2018 it is non-compliant with PCI DSS.Non-compliant with PCI DSS requirementsThe TLS engine does not support a TLS version newer than TLSv1.0 and is outdated.Non-compliant with HIPAA and NIST courier.sandbox.push.apple.com Quel est l'usage de ce site ??? Une connexion en HTTPS donne : Une erreur est survenue pendant une connexion à courier.sandbox.push.apple.com. Le pair SSL n’a pas réussi à négocier un jeu de paramètres de sécurité acceptable. Code d’erreur : SSL_ERROR_HANDSHAKE_FAILURE_ALERT 17.242.177.95, port 443, testée ainsi https://www.immuniweb.com/ssl/?id=A5kzaXvW courier.push.apple.com Mêmes constats... Vos avis ?

https://wikileaks.org/vault7/#Dark%20Matter 23 March, 2017 Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware. Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter. "DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants. Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStarke" are also included in this release. While the DerStarke1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0. Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008. While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise. https://wikileaks.org/vault7/document/#darkmatter Bonne lecture !