Wow. Just wow. The attacker gave Amazon my fake details from a whois query, and got my real address and phone number in exchange. Now they had enough to bounce around a few services, even convincing my bank to issue them a new copy of my Credit Card.

Voilà pourquoi il est important de ne laisser aucune information comme son adresse postale ou son numéro de téléphone. Ces informations peuvent servir à en obtenir d'autres, ou à effectuer des actions à votre insu. Pensez par exemple à protéger votre Whois, ou à virer des informations sensibles présentes dans votre CV.

Visiblement, c'était une plaisanterie.

"""
No doubt, the response by the FBI, and especially by United Airlines, is an overreaction, but Roberts also overstepped a line when he joked about hacking a specific plane as it was in mid flight. All three parties would do well to stand down, apologize, and move on now that it's clear to everyone there's no credible threat.
"""
ou pas. Allez savoir ;)

source: http://arstechnica.com/security/2015/04/researcher-who-joked-about-hacking-a-jet-plane-barred-from-united-flight/

"""
China blocks the offending websites, but it cannot easily block the GitHub mirrors. Its choices are either to block or allow everything on GitHub. Since GitHub is key infrastructure for open-source, blocking GitHub is not really a viable option.

Therefore, China chose another option, to flood those specific GitHub URLs with traffic in order to pressure GitHub into removing those pages. This is a stupid policy decision, of course, since Americans are quite touchy on the subject and are unlikely to comply with such pressure. It's likely GitHub itself can resolve the issue, as there are a zillion ways to respond. If not, other companies (like CloudFlare) would leap to their defense.

The big question is attribution. Is this attack authorized by the Chinese government? Or is it the work of rogue hackers?
"""

"""
By looking at the IP addresses in the traceroute, we can conclusive prove that the man-in-the-middle device is located on the backbone of China Unicom, a major service provider in China.
"""
Plus de détails: http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub
Notez que c'est encore plus simple de faire une attaque MITM vu que baidu ne force pas le https.

"""
(...)
Or fail2ban passe par des règles iptables de blocage ( iptables ... -j REJECT ), conséquence de cela, ce type de filtrage est adapté à un faible nombre d’IP source à bloquer.

Si l’on a des milliers (ou plus) d’adresses à bloquer, il faut utiliser une autre technique. Nous avons donc récemment mis en place un système de blocage basé sur ipset.
(...)
"""

bel article
bien écrit et détaillé.

angry bird..

putain ça peut être bien hargneux une pie.
y'a même un site qui permet de recenser les attaques en Australie et qui montre comment on peut s'en protéger (spoiler: en mettant des pics sur son casque de vélo ^^")
edit: pardon j'avais oublié le lien du site en question, voilà: http://www.magpiealert.com/