Cette formation conçue par Le Goût du Libre, pour le Réseau Alternatives est publiée sous licence CC-BY-SA. Elle s'adresse à toute personne voulant améliorer la sécurité de ses systèmes et processus informatiques (courriel, web, etc.) en utilisant des logiciels libres.

Parmi les sujest abordés:

• Évaluation de risques et modèles de menaces (“threat model”)
• Révision et présentation des définitions d'un glossaire en sécurité
• Bien choisir et gérer ses mots de passe
• Protection de poste personnel (laptop ou bureau)
• Protection d'appareils mobiles (téléphone ou tablette) (1h)

privacytools.io provides knowledge and tools to protect your privacy against global mass surveillance.

During Jacob Applebaum's talk at DebConf15, he noted that Debian should TLS-enable all services, especially the mirrors.

His reasoning was that when a high-value target downloads a security update for package foo, an adversary knows that they are still using a vulnerable version of foo and try to attack before the security update has been installed.

In this specific case, TLS is not of much use though. If the target downloads 4.7 MiB right after a security update with 4.7 MiB has been released, or downloads from security.debian.org, it's still obvious what's happening. Even padding won't help much as the 5 MiB download will also be suspicious. The mere act of downloading anything from the mirrors after an update has been released is reason enough to try an attack.

The solution, is, of course, Tor.