versions 1.5: http://www.joomla.fr/versions-15x
http://aide.joomla.fr/telechargements/anciennes-versions/anciennes-versions-joomla-1-5
http://docs.joomla.org/J1.5:Upgrading_1.5_from_an_existing_1.5x_version
toutes version joomla en download http://joomlacode.org/gf/project/joomla/frs/?action=index
Le plugin imgmanager fait partie de JCE, Joomla Content Editor
JCE and your site's security https://www.joomlacontenteditor.net/news/item/jce-and-your-sites-security
Download pour Joomla 1.5 https://www.joomlacontenteditor.net/downloads/editor/joomla15x
Install or Update the JCE Editor: https://www.joomlacontenteditor.net/support/installation/editor/item/install-editor-joomla15-jce2
(faut supprimer la 1.5.7.5 et language packs, avant de mettre la dernière 2.4.3)
Et pour générer/récuperer le language pack: https://www.joomlacontenteditor.net/downloads/languages
voir pour imgmanager http://forum.joomla.fr/showthread.php?185766-SOS-!!!!-Img-manager-plug-in
seul 1.5 vulnérable? https://www.joomlacontenteditor.net/support/forum/security-exploit-jce-imgmanager-is-uploading-trojans
upgrade? http://forum.joomla.org/viewtopic.php?f=432&t=740054 (des exemples de .htaccess)
CAPTCHA
Un piratage de site et conseils pour les formulaires et captcha http://forum.joomla.org/viewtopic.php?f=335&t=315639
Des modules captcha qui semblent fonctionner avec joomla 1.5
http://extensions.joomla.org/extensions/access-a-security/site-security/captcha/13876
http://extensions.joomla.org/extensions/access-a-security/site-security/captcha/11521
http://extensions.joomla.org/extensions/access-a-security/site-security/captcha/4887
utile? jHackGuard - Joomla Security Plugin https://www.siteground.com/joomla-hosting/joomla-extensions/ver1.5/jhack.htm
https://github.com/google/nogotofail
Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more
configs à faire sur https://subscribe.free.fr/login/
puis rebouter (ou aller sur la TV menu Param et faire reboot depuis l'interface )
Sur la V6 il y a aussi un accès Web...
https://mafreebox.freebox.fr
Je pense que le default c'est 192.168.0.0 avec GW 0.1
http://www.theregister.co.uk/2014/10/14/nasty_ssl_30_vulnerability_to_drop_tomorrow/
http://www.theregister.co.uk/2014/10/14/google_drops_ssl_30_poodle_vulnerability/
https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html
test: https://www.poodletest.com/
better test: https://dev.ssllabs.com
http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
https://wiki.mozilla.org/Talk:Security/Server_Side_TLS
sur blog de Joe Schreiber (alienvault)
et http://www.adam27.org/spip.php?article160
trèèès complet http://www.wfg.woodwind.org/flute/index.html
ex, la quatrième octave http://www.wfg.woodwind.org/flute/fl_alt_4.html (
see also discussion at https://bugzilla.redhat.com/show_bug.cgi?id=1141597
there is a fix and a fix to the fix, two CVE:
CVE-2014-6271 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271 https://security-tracker.debian.org/tracker/CVE-2014-6271
CVE-2014-7169 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 https://security-tracker.debian.org/tracker/CVE-2014-7169
Journal linuxfr http://linuxfr.org/users/tankey/journaux/mets-a-jour-ton-bash-maintenant
suivre sur touitteure: https://twitter.com/hashtag/shellshock
(MS) http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
scanner http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html
shellshock pour les nuls http://blog.ippon.fr/2014/09/26/shell-shock-un-obus-dans-les-dents-de-bash/
more bash bugs http://lcamtuf.blogspot.fr/2014/09/bash-bug-apply-unofficial-patch-now.html
Shellshocker - Repository of "Shellshock" Proof of Concept Code - https://github.com/mubix/shellshocker-pocs
X-force http://securityintelligence.com/how-bash-shellshock-bug-couldve-been-avoided-7-years-ago/
Etats-Unis - France-Diplomatie - Ministère des Affaires étrangères et du Développement international
Kristin Paget - Shmoocon 2012: Credit Card Fraud: The Contactless Generation
https://www.shmoocon.org/2012/presentations/Paget_shmoocon2012-credit-cards.pdf
la vidéo https://www.youtube.com/watch?v=HRXb-FZ6WFM
NFCproxy http://blackwinghq.com/assets/labs/presentations/EddieLeeDefcon20.pdf
l'original, https://code.google.com/p/readnfccc/
Open source tool developped and showed for Hackito Ergo Sum 2012 - "Hacking the NFC credit cards for fun and debit ;)"
et la vidéo http://www.ustream.tv/recorded/21805507
idem via korben http://korben.info/les-cartes-bancaires-sans-contact-nfc-ne-sont-pas-securisees.html
SRX Series: Configure Chassis Cluster SRX 650 - Juniper KBTV http://www.youtube.com/watch?v=j6xfrXW_GiA
(text version http://kb.juniper.net/kb15503 see links at the bottom)
SRX HA Configuration Generator: http://www.juniper.net/support/tools/srxha/
https://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-swconfig-security/id-11293.html
et
http://www.tunnelsup.com/configuring-ha-on-juniper-srx-through-junos
http://forums.networkinfrastructure.info/juniper-srx-appliances/nsrp-activepassive-versus-activeactive-setup/
Asciidoctor is a fast text processor and publishing toolchain for converting AsciiDoc content to HTML5, DocBook 5 (or 4.5) and other formats.
(écrit en ruby)
Asciidoc: http://www.methods.co.nz/asciidoc/
Trouvé dans cette intéressante dépêche, à propos de C: http://linuxfr.org/users/dcp/journaux/int-foo-int-float
Great guidance from IEEE's Center for Secure Design