Leaderboard

Vectorul se execut? automat, f?r? s? fie nevoie de interac?iunea userului. Voi posta ?i video mai incolo.

It seems that there is no end to the Windows zero-days, as recently Microsoft patched three zero-day vulnerabilities in Windows which were actively exploited in the wild by hackers, and now a new Zero-day vulnerability has been disclosed affecting all supported releases of Windows operating system, excluding Windows Server 2003. Microsoft has issued a temporary security fix for the flaw and also confirmed that the zero-day flaw is being actively exploited by the hackers through limited, targeted attacks using malicious Microsoft PowerPoint documents sent as email attachments. According to the Microsoft Security Advisory published on Tuesday, the zero-day resides within the operating system’s code that handles OLE (object linking and embedding) objects. OLE technology is most commonly used by Microsoft Office for embedding data from, for example, an Excel spreadsheet in a Word document. The vulnerability (designated as CVE-2014-6352) is triggered when a user is forced to open a PowerPoint files containing a malicious Object Linking and Embedding (OLE) object. For now on, only PowerPoint files are used by hackers to carry out attacks, but all Office file types can also be used to carry out same attack. By gaining same rights as a logged-in user, an attacker could infect victim’s computer by installing other malicious programs on it. According to the software giant, some attacks that compromise accounts without administrator rights may pose less of a risk. Microsoft has released a Fix it "OLE packager Shim Workaround" which will stop the known PowerPoint attacks. But it is not capable to stop other attacks that might be built to exploit this vulnerability. Also, the Fix it is not available for 64-bit editions of PowerPoint on x64-based editions of Windows 8 and Windows 8.1. Meanwhile, Microsoft also urged Windows users to pay attention to the User Account Control (UAC) prompt, a pop-up alerts that require authorization before the OS is allowed to perform various tasks, which would warn a user once the exploit starts to trigger – asking permission to execute. But, users many times see it as an inconvenience and many habitually click through without a second thought. Furthermore, Redmond didn't mention an out-of-band patch for the Zero-Day vulnerability, nor did it mention if a patch would be ready by November Security Patch update. Earlier this month, Microsoft released eight security bulletins, as part of its monthly patch update, fixing three zero-day flaws at the same time. One of which (CVE-2014-4114) was discovered by iSight partners in all supported versions of Microsoft Windows and Windows Server 2008 and 2012 that was being exploited in the "Sandworm" cyberattack to penetrate major corporations' networks. Surs?: Microsoft PowerPoint Vulnerable to Zero-Day Attack

Spor la citit. Content: [LIST] [*]Introduction [LIST] [*]Goals and Focus [*]Syllabus layout [/LIST] [*]Contributions [LIST] [*]How we’ll organize work [*]How to contribute [*]Rewards for contributions [*]Ops School Videos [*]How to write sections [*]Overwriting existing content [*]Credits [/LIST] [*]Guidelines [*]Careers in Operations [LIST] [*]Deciding a career path [*]Generalized career paths [*]Specialized career paths [*]How to become an operations engineer [/LIST] [*]Sysadmin 101 [LIST] [*]What is Systems Administration? [*]What is Development? [*]Contrasting Development and Operations [*]History of Development and Operations [*]What System Administration Isn’t [/LIST] [*]Unix fundamentals 101 [LIST] [*]File systems [*]Shells [*]Package management [*]The Boot Process [*]Useful shell tools [*]Crontab [/LIST] [*]Unix fundamentals 201 [LIST] [*]Kernel tuning [*]Signals [*]Syscalls [*]Booting over the network [*]/bin/init and its descendants [*]Looking at system metrics [/LIST] [*]MS Windows fundamentals 101 [*]Text Editing 101 [LIST] [*]A little history [*]vi basics [/LIST] [*]Text Editing 201 [LIST] [*]Vim [*]Emacs [/LIST] [*]Tools for productivity [LIST] [*]Terminal emulators [*]SSH [*]SSH Use Cases [*]Multiplexers [*]Shell customisations [*]Mosh [*]Ticketing systems [*]Note-taking [/LIST] [*]Security 101 [LIST] [*]Authentication in unix [*]Adding and deleting users and groups [*]Standard unix filesystem permissions [*]PAM [*]Chroot, jails and containers [*]Sudo (or, “Why you should not log in as root”) [*]History and Lore [/LIST] [*]Security 201 [LIST] [*]Centralised accounts [*]Firewalls and packet filters [*]Public Key Cryptography [*]Two factor authentication [*]Building systems to be auditable [*]Network Intrusion Detection [*]Host Intrusion Detection [*]Defense practices [*]Risk and risk management [*]Compliance: The bare minimum [*]Dealing with security incidents [*]ACLs and extended attributes (xattrs) [*]SELinux [*]Data placement [*]Additional reading [/LIST] [*]Troubleshooting [LIST] [*]Methodologies [*]Working effectively during a crisis [/LIST] [*]Networking 101 [LIST] [*]The RFC Documents [*]OSI 7-layer model (OSI Reference Model) [*]TCP/IP (ARPA) 4-layer model [*]IP Addressing [*]TCP vs UDP [*]Subnetting, netmasks and CIDR [*]Private address space (RFC 1918) [*]Static routing [*]NAT [*]Networking cable [/LIST] [*]Networking 201 [LIST] [*]VLANs, 802.1q tagging [*]Spanning Tree [*]Static Routing [*]Dynamic routing protocols (RIP, OSPF, BGP) [*]ACLs [*]Network Bonding (802.3ad / LACP link aggregation) [*]IOS switch configuration [*]GRE and other tunnels [*]Multi-homed hosts [*]Similarities and differences between IPv4 and IPv6 networking [*]Implications of dual-stack firewalls (especially under Linux) [*]Multicast uses and limitations [*]Latency vs. Bandwidth [*]VPNs [/LIST] [*]Common services [LIST] [*]System daemons 101 [*]DNS 101 [*]DNS 201 [*]DHCP [*]HTTP 101 (Core protocol) [*]HTTP 201 (Application Servers & Frameworks) [*]SMTP 101 [*]SMTP 201 [/LIST] [*]Identity Management 101 [LIST] [*]LDAP [*]NIS [/LIST] [*]Active Directory 101 [LIST] [*]What is Active Directory? [*]What is Active Directory used for? [*]You mention “separate components”; what is Active Directory composed of? [*]What specific services does Active Directory provide? [*]Best Practices for managing an Active Directory installation [/LIST] [*]Active Directory 201 [LIST] [*]Detailed Breakdown of Active Directory Components/Services [*]Advanced Active Directory Maintenance [/LIST] [*]Remote Filesystems 101 [LIST] [*]NFSv3 [*]iSCSI [*]SAMBA/CIFS [/LIST] [*]Remote Filesystems 201 [LIST] [*]GlusterFS [*]NFSv4 [*]Netatalk / AFP [*]S3 [/LIST] [*]Programming 101 [LIST] [*]Shell scripting basics [*]Regular Expressions [*]Sed & awk [*]GIGO [/LIST] [*]Programming 201 [LIST] [*]Common elements in scripting, and what they do [*]C (A very basic overview) [*]Ruby [*]Python [*]Version Control [*]API design fundamentals [*]Continuous Integration [/LIST] [*]Hardware 101 [LIST] [*]Hardware Types [*]Basic server architecture [*]Disk management [*]Performance/Redundancy [*]Troubleshooting [/LIST] [*]Datacenters 101 [LIST] [*]Power budgets [*]Cooling budgets [*]You will be judged by the tidiness of your rack [*]Machine and cable labeling [*]Traditional naming conventions [/LIST] [*]Datacenters 201 [LIST] [*]Networking many racks [*]Power [*]Cooling [*]Physical security and common security standards compliance requirements [*]Suggested practices [/LIST] [*]Datacenters 301 [LIST] [*]Power [*]Increasing cooling efficiency [*]Design Options [/LIST] [*]Virtualization 101 [LIST] [*]Intro to virtualization technologies [*]The Cloud [/LIST] [*]Virtualization 201 [LIST] [*]Managing virtualized infrastructures (Private clouds) [*]Leveraging virtualization for development [*]Leveraging virtualization for production [*]Security implications of virtualization [/LIST] [*]Logs 101 [LIST] [*]Common system logs & formats [*]Standard Error [*]Log files [*]Syslog [*]Log rotation, append, truncate [*]Retention and archival [/LIST] [*]Logs 201 [LIST] [*]Centralized logging [*]Log parsing [*]Search & Correlation [/LIST] [*]Databases 101 (Relational Databases) [LIST] [*]What is a Database? [*]What is a Relational Database? [*]Why We Use Databases? [*]What is SQL? [*]SQL shell [*]Creating databases [*]Creating users [*]Create Tables [*]Alter Table [*]Drop Table [*]Data Type [*]Granting privileges [*]Removing Privileges [*]Basic normalized schema design [*]Select, Insert, Update and Delete [*]Pro Tips [/LIST] [*]Databases 201 [LIST] [*]Database Theory [*]Document Databases [*]Key-value Stores [*]Graph Databases [/LIST] [*]Application Components 201 [LIST] [*]Message Brokers [*]Memory Caches [*]Specialized Caches [/LIST] [*]Load Balancing [LIST] [*]Why do we use load balancers? [*]Application implications [*]Non-HTTP use cases [*]Software [*]Hardware [*]Multi-dc [/LIST] [*]Monitoring, Notifications, and Metrics 101 [LIST] [*]History: How we used to monitor, and how we got better (monitors as tests) [*]Perspective (end-to-end) vs Introspective monitoring [*]Metrics: what to collect, what to do with them [*]Common tools [/LIST] [*]Monitoring, Notifications, and Metrics 201 [LIST] [*]Dataviz & Graphing [*]Graphite, StatsD [*]Dashboard: Info for ops and info for the business [*]Third-party tools [/LIST] [*]Business Continuity Planning [LIST] [*]Backups [*]Outages [*]Postmortems [*]Disaster Recovery [/LIST] [*]Architecture 101 [LIST] [*]How to make good architecture decisions [*]Patterns and anti-patterns [*]Introduction to availability [*]Introduction to scalability [/LIST] [*]Architecture 201 [LIST] [*]Service Oriented Architectures [*]Fault tolerance, fault protection, masking, dependability fundamentals [*]Caching Concerns [*]Crash only [*]Synchronous vs. Asynchronous [*]Business continuity vs. Disaster Recovery [*]Designing for Scalability: Horizontal, Vertical [*]Simplicity [*]Performance [*]Tiered architectures [*]MTTR > MTBF [/LIST] [*]Configuration Management 101 [LIST] [*]A Brief History of Configuration Management [*]Idempotence [*]Convergent and Congruent systems [*]Direct and Indirect systems: ansible, capistrano [*]Chef [/LIST] [*]Configuration Management 201 [LIST] [*]Ansible [*]Puppet [*]Cfengine 3 [*]SaltStack [/LIST] [*]Capacity Planning [LIST] [*]Fundamentals of capacity planning [*]Forecasting [*]Diagonal scaling [/LIST] [*]Statistics For Engineers [LIST] [*]Normal distributions [*]Percentiles, histograms, averages, mean, medians [/LIST] [*]Software Deployment 101 [LIST] [*]Software deployment vs configuration management [*]Running services [*]Package management [/LIST] [*]Software Deployment 201 [LIST] [*]Running services [/LIST] [*]Soft Skills 101 [LIST] [*]Communication basics [*]Communication Modes [*]Special cases for operations [*]Time Management [*]Project Management [*]The Tao of DevOps [*]The importance of Documentation [*]Working with other teams [/LIST] [*]Soft Skills 201 [LIST] [*]Business Acumen in Operations [*]Understanding the role of operations [*]Thinking broadly [*]Promoting Change [*]Building basic business skills [*]Specific Examples [/LIST] [*]Labs exercises [LIST] [*]Bare-Metal Provisioning 101 [*]Bare-Metal Provisioning 201 [*]Cloud Provisioning 101 [*]Cloud Provisioning 201 [*]Database 101 [*]Database 201 [*]Database 301 [*]Automation 101 [*]Automation - Chef 201 [*]Automation - Chef 301 [*]Automation - Chef 302 [*]Automation - Puppet 201 [*]Automation - Puppet 301 [*]Package Management 101 [*]Package Management 201 [*]Build automation fleets [*]Version Control with Git 101 [*]DNS 101 [*]HTTP 101 [/LIST] [*]Learning and the Community [LIST] [*]Learning and strategies for improvement [*]Things to keep in mind as you learn how to be an engineer [*]Golden rules for careers in ops [*]Where to look for help in the community [/LIST] [*]See also [*]Contributions [LIST] [*]How we’ll organize work [*]How to contribute [*]Rewards for contributions [*]Ops School Videos [*]How to write sections [*]Overwriting existing content [*]Credits [/LIST] [*]Conventions [LIST] [*]Style Guide [*]Sample Network [/LIST] [*]Style Guide [LIST] [*]Editing [/LIST] [*]Glossary [/LIST] Link: http://www.opsschool.org/en/latest/index.html

ce are fata asta iti vine sa .... nu stiu freak mode numai cei cu varsta de 18 pot vedea acest clip link sfat : sa te uiti intoteauna la intalnire la gatu ei din spate , nu se stie niciodata.