shaarli-Links

Note: Note: Mise sous écoute d'un windows 10 Partie 6. Confidentialité

jeudi 4 octobre 2018 à 11:19

Suite de https://ecirtam.net/links/?RSVxiA

Quelques références de documentations permettant de renforcer la confidentialité sous Windows 10 :
https://www.ssi.gouv.fr/entreprise/guide/restreindre-la-collecte-de-donnees-sous-windows-10/
https://www.ssi.gouv.fr/uploads/2017/01/np_securisation_windows10_collecte_de_donnees_v1.2.pdf

https://www.ssi.gouv.fr/particulier/guide/partir-en-mission-avec-son-telephone-sa-tablette-ou-son-ordinateur-portable/
https://www.ssi.gouv.fr/uploads/IMG/pdf/passeport_voyageurs_anssi.pdf

https://tuxicoman.jesuislibre.net/2018/03/etude-de-la-telemetrie-de-windows-10.html
https://tuxicoman.jesuislibre.net/blog/wp-content/uploads/Windows10_Telemetrie_1709.pdf (par la Direction Interrégionale de la Police Judiciaire de Bordeaux)
https://www.leblogduhacker.fr/le-guide-pour-securiser-votre-pc-apres-une-fraiche-installation-de-windows/

De ça, j'ai créé le script batch suivant (fichier windows10_config.bat) :
```
:: 2018-09-04
:: Script pour Windows 10
:: Ce script désactive :
:: - cortana
:: - la télémétrie
:: - la géolocalisation
:: - l'envoit de rapport d'erreur à Microsoft
:: - limite les pubs
:: - renforce la vie privée
:: Pour plus d'informations, voir les documents de référence :
:: https://tuxicoman.jesuislibre.net/blog/wp-content/uploads/Windows10_Telemetrie_1709.pdf
:: https://www.ssi.gouv.fr/entreprise/guide/restreindre-la-collecte-de-donnees-sous-windows-10/
::
reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Experience\AllowCortana" /v "value" /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "CortanaEnabled" /t REG_DWORD /d 0 /f
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "CortanaEnabled" /t REG_DWORD /d 0 /f
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "CanCortanaBeEnabled" /t REG_DWORD /d 0 /f
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "DeviceHistoryEnabled" /t REG_DWORD /d 0 /f
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "HistoryViewEnabled" /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Microsoft\Speech_OneCore\Preferences" /v "VoiceActivationEnableAboveLockscreen" /t REG_DWORD /d "0" /f
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d "0" /f
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "BingSearchEnabled" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SOFTWARE\Microsoft\Speech_OneCore\Preferences" /v "ModelDownloadAllowed" /t REG_DWORD /d "0" /f
REG ADD "HKLM\Software\Policies\Microsoft\Windows\Windows Search" /v "AllowSearchToUseLocation" /t REG_DWORD /d "0" /f
REG ADD "HKLM\Software\Policies\Microsoft\Windows\Windows Search" /v "DisableWebSearch" /t REG_DWORD /d "1" /f
REG ADD "HKLM\Software\Policies\Microsoft\Windows\Windows Search" /v "ConnectedSearchUseWeb" /t REG_DWORD /d "0" /f
REG ADD "HKLM\Software\Policies\Microsoft\Windows\Windows Search" /v "ConnectedSearchUseWebOverMeteredConnections" /t REG_DWORD /d "0" /f
REG ADD "HKLM\Software\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d "0" /f
REG ADD "HKLM\Software\Policies\Microsoft\Windows\Windows Search" /v "ConnectedSearchPrivacy" /t REG_DWORD /d "3" /f
REG ADD "HKLM\Software\Policies\Microsoft\Windows\Windows Search" /v "ConnectedSearchSafeSearch" /t REG_DWORD /d "3" /f
REG ADD "HKLM\Software\Policies\Microsoft\Windows\Windows Search\CurrentPolicies" /v "AllowIndexingEncryptedStoresOrItems" /t REG_DWORD /d "0" /f
REG ADD "HKLM\Software\Policies\Microsoft\Windows\Windows Search" /v "AllowCortanaAboveLock" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules" /v {0417540B-8102-4F07-89FE-9EF163186848} /t REG_SZ /d "v2.26|Action=Block|Active=TRUE|Dir=Out| Protocol=6|App=%Windir%\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe| Name=Configuration Pare-feu Cortana|" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" /v "AutoApproveOSDumps" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" /v "DontSendAdditionalData" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting" /v "DoReport" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UnattendSettings\Windows Error Reporting" /v "DisableWER" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR" /v "Disable" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent" /v "DefaultConsent" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" /v "Status" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /v "SensorPermissionState" /t REG_DWORD /d "0" /f
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /v "Value" /t REG_SZ /d "Deny" /f
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E6AD100E-5F4E-44CD-BE0F-2265D88D14F5}" /v "Value" /t REG_SZ /d "Deny" /f
REG ADD "HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Permissions\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /v "SensorPermissionState" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessLocation" /t REG_DWORD /d "2" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessLocation_UserInControlOfTheseApps" /t REG_MULTI_SZ /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessLocation_ForceAllowTheseApps" /t REG_MULTI_SZ /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessLocation_ForceDenyTheseApps" /t REG_MULTI_SZ /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocation" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableWindowsLocationProvider" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocationScripting" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableSensors" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SYSTEM\ControlSet001\Services\lfsvc" /v "Start" /t REG_DWORD /d "4" /f
REG ADD "HKLM\SYSTEM\ControlSet001\Services\lfsvc\Service\Configuration" /v "Status" /t REG_DWORD /d "0" /f
REG ADD "HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" /v "NoCloudApplicationNotification" /t REG_DWORD /d "1" /f
REG ADD "HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" /v "NoTileApplicationNotification" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d 0 /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "AITEnable" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "EnableConfigFlighting" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\TabletPC" /v "PreventHandwritingDataSharing" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports" /v "PreventHandwritingErrorReports" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "DisableInventory" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "NoLockScreenCamera" /t REG_DWORD /d "1" /f
REG ADD "HKCU\SOFTWARE\Microsoft\PolicyManager\current\device\Bluetooth" /v "AllowAdvertising" /t REG_DWORD /d "0" /f REG DELETE "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /v "ID" /f
REG ADD "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\System" /v "AllowExperimentation" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UnattendSettings\SQMClient" /v "CEIPEnable" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnabled" /t REG_DWORD /d "0" /f
REG ADD "HKCU\SOFTWARE\Microsoft\Input\TIPC" /v "Enabled" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Biometrics" /v "Enabled" /t REG_DWORD /d "0" /f
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f
REG ADD "HKCU\software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d "0" /f
REG ADD "HKCU\SOFTWARE\Microsoft\Assistance\Client\1.0\Settings" /v "ImplicitFeedback" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Settings" /v "DisableSendGenericDriverNotFoundToWER" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SYSTEM\DriverDatabase\Policies\Settings" /v "DisableSendGenericDriverNotFoundToWER" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\PCHealth\HelpSvc" /v "Headlines" /t REG_DWORD /d "0" /f
```

Ce script reprend les points les plus basiques décrit dans ce document : https://tuxicoman.jesuislibre.net/blog/wp-content/uploads/Windows10_Telemetrie_1709.pdf
On pourrait en ajouter pleins d'autres.
— Permalink

Security Onion

mercredi 3 octobre 2018 à 15:41

«Linux distro for intrusion detection, enterprise security monitoring, and log management »
https://github.com/Security-Onion-Solutions/security-onion
via https://shaar.libox.fr/?b9e4Hw
— Permalink

Note: Mise sous écoute d'un windows 10 Partie 5. Carte

mercredi 3 octobre 2018 à 15:30

Suite de https://ecirtam.net/links/?YgWg9Q et https://ecirtam.net/links/?1wRTPw

Carte des emplacements des serveurs au quel se connecte Windows 10.
La liste des domaines qui sont positionnés est dispo ici : https://ecirtam.net/links/?1wRTPw

Note : il y a un point en Suisse. C'est un serveur qui est quelque part en Europe mais dont l'on a pas les coordonnées GPS. Du coup, GeoIP me l'a positionné en Suisse.

Suite : https://ecirtam.net/links/?biwg9Q
— Permalink

Note: Mise sous écoute d'un windows 10 Partie 4

mardi 2 octobre 2018 à 17:57

Suite de https://ecirtam.net/links/?nTNSTw

Quelques paquets bien bavard. Ils apparaissent assez souvent.

```
https://storeedgefd.dsx.mp.microsoft.com/v8.0/products/9WZDNCRD2G0J?
appversion=11712.1001.0.0
&idType=ProductId
&market=FR
&locale=en-US
&deviceType=
&deviceFamily=Windows.Desktop
&catalogLocales=en-US%2Cfr-FR
&hardware=arm0%2Carm640%2Cble0%2Ccmb0%2Ccmf0%2Ccmr0%2Cdcb1%2Cdcc1%2Cdx91%2Cdxa1%2Cdxb1%2Cgyr0%2Chce0%2Chdc0%2Chov0%2Chsa0%2Chss1%2Ckbd1%2Cm041%2Cm060%2Cm080%2Cm120%2Cm160%2Cm200%2Cm301%2Cm751%2CmA01%2Cmct0%2Cmgn0%2Cmic0%2Cmrc0%2Cmse1%2CmT01%2Cnfc0%2Crs10%2Crs20%2Crs30%2Crs40%2Crs50%2Crs60%2Ctch0%2Ctel0%2Cv010%2Cv020%2Cv040%2Cx641%2Cx860%2Cx86a640%2Cxbd0%2Cxbo0%2Cxbs0%2Cxbx0%2Cxgp0
&packageHardware=dcb%2Cdcc%2Cdx9%2Cdxa%2Cdxb%2Cm30%2Cm75%2CmA0%2CmT0
&deviceFamilyVersion=2815750935277839
&preciseDeviceFamilyVersion=2814750991000385
&architecture=x64
```

```
https://arc.msn.com/v3/Delivery/Placement?
pubid=da76df93-3dbc-42ab-a525-b34988683ac7
&pid=356481
&adm=2
&w=1
&h=1
&wpx=1
&hpx=1
&fmt=json
&cltp=app
&dim=le
&rafb=0
&nct=1
&pm=1
&cfmt=text,image,poly
&sft=jpeg,png,gif
&topt=0
&auid=547864bf7a5d727d6d78cda7f88cfce2
&poptin=1
&localid=w:8CA61C5C-685A-8431-C29F-E8EAD3C93E71
&ctry=FR
&time=20181002T135651Z
&lc=en-US
&pl=en-US,fr-FR
&idtp=mid
&uid=505bb224-4f5b-461c-b4cf-0ade15573bc2
&aid=00000000-0000-0000-0000-000000000000
&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29
&asid=20192b9a73874553bf127674f0276fb4
&ctmode=MultiSession
&arch=x64
&cdm=1
&cdmver=10.0.17134.1
&devfam=Windows.Desktop
&devform=Unknown
&devosver=10.0.17134.1
&disphorzres=800
&dispsize=10.4
&dispvertres=600
&isu=1
&lo=232284
&metered=false
&nettype=ethernet
&npid=sc-356481
&oemName=innotek%20GmbH
&oemid=innotek%20GmbH
&ossku=EnterpriseEval
&smBiosDm=VirtualBox
&tl=4
&tsu=230264
&waasBldFlt=1
&waasCfgExp=1
&waasCfgSet=1
&waasRetail=1
&waasRing=
```

Suite https://ecirtam.net/links/?RSVxiA
— Permalink

Note: Mise sous écoute d'un windows 10 Partie 2

mardi 2 octobre 2018 à 17:42

Suite de https://ecirtam.net/links/?U23nFA

Liste un peut plus complète des sites appelés par Windows 10.
Note mitn.lan est le nom du réseau local.

```
_ldap._tcp.dc._msdcs.mitn.lan
a-ring-fallback.msedge.net
a-ring.msedge.net
a3698060313.cdn.optimizely.com
activation-v2.sls.microsoft.com
ad.sxp.smartclip.net
adl.windows.com
ajax.aspnetcdn.com
appexmapsappupdate.blob.core.windows.net
arc.msn.com
auth.gfx.ms
az416426.vo.msecnd.net
az725175.vo.msecnd.net
b-ring.msedge.net
bailfjjeqfhhl.mitn.lan
c.bing.com
c.urs.microsoft.com
canonicalizer.ucsuri.tcs
casual-solitaire.cloudapp.net
cdn.onenote.net
cdn.optimizely.com
cdnjs.cloudflare.com
client-office365-tas.msedge.net
client.wns.windows.com
cloudfront-vs-afd.azurefd.net
cm.g.doubleclick.net
code.jquery.com
compass-ssl.microsoft.com
config.edge.skype.com
connect.facebook.net
contentstorage.osi.office.net
crl.verisign.com
ctldl.windowsupdate.com
d1l0kcze0h5pmt.cloudfront.net
definitionupdates.microsoft.com
dev.virtualearth.net
dis.criteo.com
displaycatalog.mp.microsoft.com
dmd.metaservices.microsoft.com
dns.msftncsi.com
download-ssl.msgamestudios.com
ecn.dev.virtualearth.net
edgewelcomecdn.microsoft.com
endpoint-quwfbp3teyq4e.azureedge.net
europe.smartscreen-prod.microsoft.com
exo-ring.msedge.net
fp-afd.azureedge.net
fp-vp.azureedge.net
fp-vs.azureedge.net
fp.msedge.net
fs.microsoft.com
g.live.com
go.microsoft.com
ib.adnxs.com
iecvlist.microsoft.com
img-prod-cms-rt-microsoft-com.akamaized.net
inference.location.live.net
insights.notes.microsoft.com
l-ring.msedge.net
livetileedge.dsx.mp.microsoft.com
login.live.com
logx.optimizely.com
m.adnxs.com
markets.books.microsoft.com
match.adsrvr.org
microsoftcasualgames.com
microsoftedgewelcome.microsoft.com
mitn.lan
nav.smartscreen.microsoft.com
nexusrules.officeapps.live.com
o-ring.msedge.net
ocos-office365-s2s.msedge.net
ocsp.digicert.com
ocsp.verisign.com
officeclient.microsoft.com
oneclient.sfx.ms
onecs-live.azureedge.net
outlookmobile-office365-tas.msedge.net
ow1.res.office365.com
pixeltrack.eyeviewads.com
privacy.microsoft.com
q-ring-fallback.msedge.net
q-ring.msedge.net
qbiaovisdlh.mitn.lan
query.prod.cms.rt.microsoft.com
ris.api.iris.microsoft.com
rum8.perf.linkedin.com
s-ring.msedge.net
s1.symcb.com
s2.symcb.com
sb.scorecardresearch.com
segments-s.msedge.net
settings-win.data.microsoft.com
settings.data.microsoft.com
sf.symcb.com
sf.symcd.com
site-cdn.onenote.net
sls.update.microsoft.com
sls.update.microsoft.com
soavqlqthzdqx.mitn.lan
spo-ring.msedge.net
store-images.microsoft.com
store-images.s-microsoft.com
storeedgefd.dsx.mp.microsoft.com
sv.symcb.com
sv.symcd.com
sync.outbrain.com
sync.search.spotxchange.com
t-ring.msedge.net
t0.ssl.ak.dynamic.tiles.virtualearth.net
t0.ssl.ak.tiles.virtualearth.net
t1.ssl.ak.tiles.virtualearth.net
t2.ssl.ak.tiles.virtualearth.net
tile-service.weather.microsoft.com
track.eyeviewads.com
trc.taboola.com
v10.events.data.microsoft.com
v10.events.data.microsoft.com
validation-v2.sls.microsoft.com
watson.telemetry.microsoft.com
wdcp.microsoft.com
wdcpalt.microsoft.com
web.vortex.data.microsoft.com
wpad.mitn.lan
www.bing.com
www.facebook.com
www.googleapis.com
www.microsoft.com
www.msftconnecttest.com
www.msn.com
www.windowssearch.com
www.xboxab.com
www2.bing.com
xqmamtfwmp.mitn.lan
```

Emplacement des serveurs : https://ecirtam.net/links/?RSVxiA

Suite : https://ecirtam.net/links/?nTNSTw
— Permalink

PROJET AUTOBLOG

shaarli-Links

IDF: les transports gratuits coûteraient "500 euros" par foyer dit Pécresse - Le Point

The Big Hack : la micropuce espionne venue de Chine, un fantasme ? - Politique - Numerama

Windows 10 : Microsoft suspend le déploiement de la mise à jour d'octobre à cause d'un bug - Tech - Numerama

GitHub - amanusk/s-tui: Terminal based CPU stress and monitoring utility

Banksy : sa toile s'autodétruit en pleine vente aux enchères

Grimoire-Command.es

Tempête de boulettes géantes | Tûtie’s blog

Unblocked - Access your favourite blocked sites

Une partie de Tetris par télépathie ? Trois joueurs ont réussi à collaborer sans parler ni se voir - Sciences - Numerama

[Infographie] Pourquoi votre smartphone sait tout de vous et comment elle s’en sert - Le Hollandais Volant

Je n'ai rien à cacher.

Note: Note: Mise sous écoute d'un windows 10 Partie 6. Confidentialité

Lettre de la mort GDPR · GitHub

Security Onion

Note: Mise sous écoute d'un windows 10 Partie 5. Carte

Le désenchantement du logiciel

Note: Mise sous écoute d'un windows 10 Partie 1 - Oros links - Liandri's Links.

Note: Mise sous écoute d'un windows 10 Partie 4

Note: Mise sous écoute d'un windows 10 Partie 3. Rien à cacher ?

Note: Mise sous écoute d'un windows 10 Partie 2