Leaderboard

Hackers who apparently attacked Sony's PlayStation Network (PSN) and Microsoft's Xbox Live on Christmas Day have taken aim at anonymous network Tor. Lizard Squad, which claimed responsibility for the outage , on Friday tweeted, "To clarify, we are no longer attacking PSN or Xbox. We are testing our new Tor 0day." While at least one site that maps the Tor network showed numerous routers with the name "LizardNSA," the extent of any attack was unclear. Tor directs user traffic through thousands of relays to ensure anonymity. In a Dec. 19 blog post, Tor managers warned of a possible attack, saying, "There may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities." Sony engineers, meanwhile, continued to struggle to get PSN back online Friday following the suspected denial-of-service (DDoS) attacks on Thursday. Sony's Twitter account for PSN asked frustrated gamers to be patient as staff worked to get the service back up and running, saying it did not know when PSN would be back online. "We are aware that some users are experiencing difficulty logging into the PSN," Sony said on its PlayStation support page, where the network was listed as offline. In a Twitter post showing a chat with the alleged hackers, MegaUpload founder Kim Dotcom suggested he had convinced Lizard Squad to stop the attacks in return for lifetime memberships on his file-transfer site Mega. Lizard Squad had taken credit for an apparent attack against PSN earlier this month, as well as an attack in August. The incident came at the same time that a U.S. flight carrying Sony Online Entertainment President John Smedley was diverted for security reasons. Xbox Live was back again Friday following disruptions, with core services up and running. Yesterday, some users were unable to sign in to Xbox Live," a Microsoft spokesman said in a statement sent via email. "Our teams worked throughout the holiday to resolve the issue, and Xbox Live core services have now been restored." The company did not elaborate on the cause of the disruption. - Source

Salut, sunt nou in photoshop(3 luni) si am nevoie de un portofoliu si am postat aici daca aveti nevoie de avatare/semnaturi/bannere/logo si alte chestii ce tin de photoshop, apelati la mine !

For the past two years, we at*FedTech*have scoured the web to assemble our annual list of*50 Must-Read IT Blogs. This year’s list covers IT from all angles, including cybersecurity, cloud and Big Data. Some of our top picks were featured in the*2013 edition of the Must-Read IT Blogs, but most of the honorees below are new to the list. You’ll find blogs produced by trade publications, professionals who understand the nuances of federal IT and government agencies. You don’t have to be technical to appreciate the content featured in these blogs, because there is something for everyone: citizens, IT professionals, contractors and federal employees who want to know how they are affected by the government’s roughly $80 billion IT budget. We hope you enjoy the*2014 Must-Read Federal IT Blogs*below. If your blog made this year’s list,*grab a badge and share the news with your followers. For future reference, be sure to bookmark this page, share it with a friend and follow our top bloggers on social media. The Hill (Technology) The Hill, a five-day-a-week newspaper “for and about the U.S. Congress,” is a must-read for anyone who tracks politics and technology. If you’re looking for breaking news and analysis about hot topics in government — such as cybersecurity, net neutrality and privacy issues — you’ll want to follow its online edition as well. The site offers news stories, videos and updates on technology-related regulations and legislation. Follow:*@thehill*| Read the blog:*thehill.com/policy/technology *18F 18F is the gold standard when it comes to delivering digital services to citizens. The group comprises public and private sector innovators and serves as an in-house digital-delivery team for government. On the 18F blog, you’ll find tips for using application programming interfaces, agile development and other IT advice. Follow:*@18F*| Read the blog:*18f.gsa.gov *Office of Science and Technology Policy Blog The Office of Science and Technology Policy has played a key role in advancing the government’s Big Data investments, open-data efforts and the science, technology, engineering and math (STEM) workforce. The blog is an extension of that work and helps to inform the public about new science and tech policies and R&D coming from the White House and other executive agencies. Follow:*@whitehouseostp*| Read the blog:*whitehouse.gov/administration/eop/ostp/blog * FierceGovernmentIT The FierceMarkets family of publications covers a range of issues, including health IT, mobility and homeland security. FierceGovernmentIT gives you a sampling of these topics and offers the latest news affecting defense and civilian agencies. Its e-newsletter program reaches some 23,500 decision-makers and IT executives. Follow:*@FierceGov*| Read the blog:*fiercegovernmentit.com *Ask the CIO Want to hear directly from federal CIOs about their challenges, successes and implementation of IT directives? Tune in to Federal News Radio’s weekly segment Ask the CIO. You can listen to the full interviews online and register for free online chats with those executives. Executive editor Jason Miller conducts the interviews. Follow:*@FedNewsRadio*| Read the blog:*federalnewsradio.com/?nid=251/ *Federal Times IT Blog Federal Times has long been a reputable news source in the federal community. Over the past 18 months, it has expanded its coverage of government IT and now has an entire blog dedicated to the topic. Featured content comes from current and former government executives as well as industry experts who work alongside agencies. Follow:*@FederalTimes*| Read the blog:*federaltimes.com/section/blg01 **DHS Science and Technology Blog Research and development is key to advancing cybersecurity, border security and public safety. Tucked within the Department of Homeland Security is an organization charged with carrying out those tasks: the Science and Technology Directorate. The S&T blog offers a behind-the-scenes look at current projects and how they impact the community. For more in-depth stories, check out*S&T Snapshots, the directorate’s e-newsletter. Follow:*@dhsscitech*| Read the blog:*dhs.gov/science-and-technology/blog *USAID Impact Blog The recent Ebola outbreak shone a spotlight on the important work underway at the U.S. Agency for International Development. But the agency’s work doesn’t start or stop there. USAID is using technology and data to end global poverty and improve the quality of life for people around the world. USAID’s blog shares the successes, failures and adjustments made to achieve those goals. Follow:*@USAID*| Read the blog:*blog.usaid.gov/tag/technology/ *CIO Council Blog You don’t have to wonder what federal CIOs are working on because their stories are all in one place. The CIO Council Blog features posts from CIOs, IT executives and White House executives who influence the government’s IT agenda. You’ll find stories on cloud computing, shared services and much more. Follow:*@ciodotgov*| Read the blog:*cio.gov/cioc-blog/ *FCW Insider If you ask federal IT professionals what blogs they read, FCW Insider will likely be one of them. The blog provides shorter pieces that complement more in-depth coverage provided on the main FCW website. FCW Insider is a great source for keeping tabs on the comings and goings of CIOs and other IT executives. Follow:*@FCWnow*| Read the blog:*fcw.com/blogs/fcw-insider/list/blog-list.aspx *InformationWeek Government InformationWeek Government is a community of seasoned reporters and subject matter experts who understand the nuances of IT. Writers provide analysis on hot topics, such as cybersecurity, cloud computing and Big Data, that often spark reader comments and further discussion. Follow:*@InformationWeek*| Read the blog:*informationweek.com/government.asp *GovLoop Blog GovLoop is a vibrant online community where members share resources and best practices for making government work better. The site offers something for everyone: CIOs, program managers and anyone interested in federal management issues. Follow:*@GovLoop*| Read the blog:*govloop.com/community/blog/ FirstResponder.gov Blog FirstResponder.gov has a clear mission: to support first responders through science and technology. The Department of Homeland Security blog explores the use of social media, geospatial intelligence and communications to enhance emergency responses. Follow:*@dhsscitech*| Read the blog:*firstresponder.gov *It All Starts with Science If you prefer stories that mesh environmental issues and research, then this blog is for you. As the agency charged with protecting human health and the environment, the Environmental Protection Agency uses this blog to share the stories of scientists, engineers and EPA partners who carry out its mission. If you can’t make it to the blog daily, there’s a week’s worth of coverage provided in each “This Week in EPA Science” post. Follow:*@EPA*| Read the blog:*blog.epa.gov/science/ *EMC Public Sector Blog EMC has become an established name in the federal IT community, so it’s no surprise that EMC’s senior officials have plenty to say about the use of cloud, data storage and Big Data analytics in government and how EMC solutions can help agencies improve IT outcomes. Follow:*@EMCPublicSector*| Read the blog:*publicsectorblog.emc.com/ *HHS IDEA Lab Blog Some would argue that “innovation” is one of the most overused words in government and thus has lost its meaning. But at the Health and Human Services Department, innovation is alive and well. At HHS, there’s an entire organization with senior-level support to test, measure and potentially scale employee-generated ideas. Read how in the HHS IDEA Lab Blog. Follow:*@HHSIDEALab*| Read the blog:*hhs.gov/idealab/blog/ *Government Health IT Blog Government Health IT is the go-to source for all things related to government, technology and healthcare. You don’t have to be a health IT wonk to appreciate the rich content shared by editors and health IT experts. Whether it’s telehealth or interoperability, this blog has engaging stories for patients and healthcare providers alike. Follow:*@GovHIT*| Read the blog:*govhealthit.com/blog *The Big Data and Analytics Hub How can agencies use Big Data? What's keeping data science from playing a more central role in public policy? These are the kinds of questions IBM executives ask and answer on the tech giant’s Big Data blog. IBM’s Big Data and computing work extend far beyond government and have even debuted on Jeopardy, in the form of its cognitive computing system,*Watson. Follow:*@IBMbigdata*| Read the blog:*ibmbigdatahub.com/tag/451 *Tech@FTC Did you know that the Federal Trade Commission has a*new chief technologist? Ashkan Soltani returned to the agency in November, following a stint as an FTC staff technologist between 2010 and 2011. Shortly after coming on board, Soltani outlined his priorities, which include data security for consumers and attracting more tech talent to the FTC. Read this blog to hear more from him in the future. Follow:*@TechFTC*| Read the blog:*ftc.gov/news-events/blogs/techftc *Security Is Sexy It depends on whom you ask, but freelance writer Darlene Storm’s tell-it-like-it-is blogging style may have you agreeing with her. Storm injects a blend of government and consumer security news into her Computerworld blog. According to her, “Most security news is about insecurity, hacking, cybersecurity and even privacy threats, bordering on scary. But when security is done right, it's a beautiful thing ... sexy even. Security is sexy.” Follow:*@SecurityIsSexy*| Read the blog:*computerworld.com/blog/security-is-sexy *GovernmentCIOMagazine.com Every month, employees at consulting firm GovernmentCIO delve into issues that matter most to those in the C-suite: project management, IT infrastructure and human capital, among others. The site includes features from current and former federal IT executives as well as interviews with big-name feds such as Dan Tangherlini, administrator of the General Services Administration. Follow:*@GovernmentCIO*| Read the blog:*governmentciomagazine.com/ *CIO Insight Federal and private-sector executives alike are grappling with similar challenges related to cloud computing, supporting a mobile workforce and IT management. CIO Insight prides itself on being the voice for that community of professionals and a trusted source for CIOs and aspiring executives. Follow:*@CIOInsight*| Read the blog:*cioinsight.com/ *Anil John These days, everyone could use a digital security coach, someone who can explain the nuances of information security and identity assurance. That’s what Anil John does best. John manages the*government’s identity framework*for enabling secure online service delivery and writes related stories on this topic weekly. “If you are a technical leader or entrepreneur tackling this tough but very interesting challenge, this blog is for you,” John says. Follow:*@aniltj*| Read the blog:*cblog.aniljohn.com *Government Matters Technology, security and management are the pillars of Government Matters, which airs as a weekly TV newscast worldwide on the American Forces Network. Episodes are available online and feature one-on-one interviews with the biggest names in government, including federal CIOs. Follow:*@GovMattersTV*| Read the blog:*wjla.com/news/government-matters/ *FedBiz Contracting is a huge part of federal business, with agencies spending more than $500 billion on goods and services annually. Of that, about $80 billion is spent on information technology. This blog, published by the Washington Business Journal, blog tracks federal business, with an emphasis on the contracting community. Follow:*@WBJonline*| Read the blog:*bizjournals.com/washington/blog/fedbiz_daily/ *On I.T. This Washington Post blog showcases IT news from the walls of government agencies to private companies and startups. While you won’t find breaking news here, stories highlight initiatives at the intersection of business and technology. Follow:*@washingtonpost*| Read the blog:*washingtonpost.com/business/on-it/ *Politico Morning Cybersecurit Your morning isn’t complete unless you’ve skimmed through Politico’s Morning Cybersecurity report. The daily rundown is full of the latest and most relevant news on cybersecurity and politics. These short and informative briefs often include links to longer, more in-depth stories. If you haven’t already, subscribe now. Follow:*@politico*| Read the blog:*politico.com/morningcybersecurity/ *White House Open Government Blog The calls for open and transparent governing are getting louder, and federal agencies are listening. This White House blog tracks agencies’ open-government initiatives and the administration’s efforts to involve the public in those plans. Open-government enthusiasts should keep an eye on this blog and join the online conversation. Follow:*@OpenGov*| Read the blog:*whitehouse.gov/open/blog *Decoding the Insider Threat The 2010 WikiLeaks breach ushered in new standards and policies for agencies as they defend against insider threats. As the threats evolve, so must the government’s approach to thwarting them. Oliver Brdiczka’s Computerworld blog brings an interesting perspective to the conversation. Brdiczka is a data scientist focused on building machine learning models to mitigate insider threats. Follow:*@oliverbrdiczka*| Read the blog:*computerworld.com/blog/decoding-the-insider-threat *USDA Blog (Technology and Broadband) The Agriculture Department administers a number of programs, including programs to assist rural communities and boost food and nutrition. Technology plays a huge role in those efforts, and there is an entire blog dedicated to telling those stories. Whether it’s funding for*rural broadband*or managing logistics for massive food operations, the USDA tech blog covers it all. Follow:*@USDA*| Read the blog:*blogs.usda.gov/category/technology *The Public Eye Cybersecurity has gone mainstream, and so has the public’s concern about privacy in the digital world. The Public Eye is all about tracking government efforts to protect citizens’ privacy through investments in cybersecurity and legislative actions to boost security. Eric Chabrow, executive editor of GovInfoSecurity, writes the blog. Follow:*@govinfosecurity*| Read the blog:*govinfosecurity.com/blogs/public-eye-b-13 *Armed with Science Forget what you think you know about science blogs. This Defense Department blog chronicles cutting-edge projects led by DOD and its partner organizations. From stories about*wearable tech suits*to*virus-zapping robots, there’s plenty to keep readers engaged and coming back for more. Follow:*@ArmedwScience*| Read the blog:*science.dodlive.mil *Center for a New American Security (Technology and National Security) The Center for a New American Security was co-founded by Michèle Flournoy, former undersecretary of defense for policy, and Kurt Campbell, former assistant secretary of state for East Asian and Pacific affairs. Coverage of technology and national security — one of the nonprofit’s top research areas — includes in-house reports and analysis on pressing issues that affect defense technology. CNAS reports are a must-read for defense IT enthusiasts. Follow:*@CNASdc*| Read the blog:*cnas.org/research/technology-and-national-security *FedScoop FedScoop is the epitome of a well-oiled, multimedia platform. In addition to the latest federal IT news, FedScoop offers audio interviews via FedScoop Radio and on-camera interviews with CIOs, chief technology officers and other executives. Subscribe to the DailyScoop and get stories delivered to your inbox. Follow:*@FedScoop*| Read the blog:*fedscoop.com/*The SIGNAL Blog The SIGNAL staff boasts a rich background of technology coverage in the defense and government space that spans nearly a century. The editorial team includes former war correspondents and award-winning writers. The print publication, SIGNAL magazine, is the official publication of AFCEA, the international nonprofit Armed Forces Communications and Electronics Association. Follow:*@?signalmag?*| Read the blog:*afcea.org/content/?q=blog *What’s Brewin’ Defense IT coverage is Bob Brewin’s bread and butter. His Nextgov blog sheds light on DOD contracts, policies and cross-agency work with the Veterans Affairs Department on electronic health records. Brewin brings more than 20 years of experience to the beat. Follow:*@Nextgov*| Read the blog:*nextgov.com/defense/whats-brewin/ *Around the Corner The General Services Administration often serves as a test bed for IT innovation. CIO Sonny Hashmi took over the blog from his predecessor Casey Coleman and uses it to explain GSA’s IT initiatives and outreach to other agencies. GSA is the government’s procurement arm, so expect a healthy dose of IT acquisition stories. Follow:*@usgsa*| Read the blog:*gsablogs.gsa.gov/innovation/ *Government Sales Insider Analysts at immixGroup do a thorough job of explaining the what and why of federal IT policies and priorities. The site is a helpful resource for contractors and those who follow the government’s technology investments. Follow:*@immixGroup_Inc*| Read the blog:*blog.immixgroup.com *IDC Smart Government You don’t have to look far for news stories with stats from IDC Government Insights or input from its analysts. Experts from the marketing research firm delve into issues that matter most to the federal IT community. Research director Shawn McCarthy does an especially good job of going beyond the news and explaining the implications. Follow:*@IDCInsights*| Read the blog:*idc-community.com/government/smart_government *E Pluribus Unum Alexander Howard is a true advocate for open government and has a knack for explaining the intricate details of legislation and policies. Howard not only exposes important stories sometimes overlooked by mainstream media, but he also uses social media to hold lawmakers and public officials accountable. Readers can count on him to see a story through until the end and regularly update his posts. Follow:*@EPluribusUnum*| Read the blog:*e-pluribusunum.com *Adobe & Public Sector Calling all government communicators: Adobe’s pubic-sector blog is all about the topics that matter most to you. What’s next in digital communications for government? What keeps government communicators up at night? Find answers to these questions and more from Adobe’s bloggers. Follow:*@Adobe*| Read the blog:*blogs.adobe.com/adobeingovernment *Microsoft on Government Blog Microsoft is one of the few companies with proven cloud solutions that meet the government’s rigorous security standards. Some posts on its blog focus on the company’s expanding cloud offerings, as well as Microsoft’s role in using technology to improve government operations worldwide. Follow:*@Microsoft_Gov*| Read the blog:*microsoft.com/en-us/government/blogs/default *Energy.gov CIO Blog What makes this blog special is the fact that there aren’t many like it in government. Executives from the Office of the CIO write stories pertinent to government IT at the Energy Department. Topics include app development, cybersecurity and IT modernization. Follow:*@ENERGY*| Read the blog:*energy.gov/cio/blog-and-news-highlights *Anton Chuvakin (Gartner Blog Network) Everything is being delivered as a service nowadays, and managed security service is a topic Anton Chuvakin knows well. His Gartner blog is full of tips for initiating relationships with managed security service providers, working effectively with them and establishing service-level agreements. Follow:*@anton_chuvakin*| Read the blog:*blogs.gartner.com/anton-chuvakin/ *FCC Blog The net neutrality debate is heating up, and all eyes are on the Federal Communications Commission. Follow this blog to keep tabs on FCC decision-making and to hear from the commissioner directly. Follow:*@FCC*| Read the blog:*fcc.gov/blog *Federal Technology Insider Doing more with less is the mantra for many agencies as they work to provide more services with less funding. You’ll find these stories and much more on immixGroup’s Federal Technology Insider. The blog’s federal news roundup is a great resource for staying current on federal IT news across the web. Follow:*@FedTechInsider*| Read the blog:*federaltechnologyinsider.com *Realize the Value (and Advance the Mission) Some talk about being agile. Others are doing agile development and succeeding. The Agilex blog offers a fresh perspective on the benefits of incremental development and other top-of-mind issues for federal technologists. Follow:*@AgilexTech*| Read the blog:*agilex.com/realize-the-value *The Business of Government Blog For the second year in a row, we’ve featured the Business of Government Blog on our must-read list. Stories cover major management issues at all levels of government, including technology, social media and human capital. On the blog, the IBM Center for The Business of Government also highlights timeless reports on management best practices for innovation, budget planning and much more. Follow:*@BusOfGovernment*| Read the blog:*businessofgovernment.org/blogs/the-business-of-government *Data Center Knowledge No one covers the data center industry like the reporters and editors at Data Center Knowledge. With the 2010 launch of the Federal Data Center Consolidation initiative, efficient computing continues to be a hot topic in the federal government and for DCK readers. Data Center Knowledge is a one-stop shop for news on federal and commercial data centers. Follow:*@datacenter*| Read the blog:*datacenterknowledge.com *Health IT Buzz The transition from paper to electronic records has huge implications for the nation’s healthcare system. That’s why the Health and Human Services’ Office of the National Coordinator for Health Information Technology wants to set the record straight where health IT is concerned. The blog was created to serve as a forum where readers can engage with ONC officials and get their questions answered. Follow:*@ONC_HealthIT*| Read the blog:*healthit.gov/buzz-blog/ http://www.fedtechmagazine.com/article/2014/12/50-must-read-federal-it-blogs-2014

jucativa cu Jasmin.. aveti tot acolo incepad de la admini si asa mai departe al am de mult timp tineam de el ca e bun.. Zippyshare.com - Filetruth.ComLivejasmine.com(2).zip si aveti mai multe acolo...

Attackers can infect MacBook computers with highly persistent boot rootkits by connecting malicious devices to them over the Thunderbolt interface. The attack, dubbed Thunderstrike, installs malicious code in a MacBook's boot ROM (read-only memory), which is stored in a chip on the motherboard. It was devised by a security researcher named Trammell Hudson based on a two-year old vulnerability and will be demonstrated next week at the 31st Chaos Communication Congress in Hamburg. "It is possible to use a Thunderbolt Option ROM to circumvent the cryptographic signature checks in Apple's EFI firmware update routines," Hudson said in the description of his upcoming presentation. "This allows an attacker with physical access to the machine to write untrusted code to the SPI flash ROM on the motherboard and creates a new class of firmware bootkits for the MacBook systems." Malicious code installed in the MacBook boot ROM will be executed before the OS is loaded, meaning it can patch the OS kernel and have complete control over the system. It also means that reinstalling Mac OS X will not remove the bootkit and neither will replacing the hard disk drive, because the malicious code is not stored on it. The bootkit can even replace Apple's cryptographic key stored in the ROM with one generated by the attacker, preventing any future legitimate firmware updates from Apple, the researcher said in a blog post. Firmware updates are supposed to be signed, but the vulnerability exploited by this attack allows that mechanism to be bypassed. "Additionally, other Thunderbolt devices' Option ROMs are writable from code that runs during the early boot and the bootkit could write copies of itself to new Thunderbolt devices," the researcher said. "The devices remain functional, which would allow a stealthy bootkit to spread across air-gap security perimeters through shared Thunderbolt devices." This worm-like spreading capability is similar to that of BadUSB, a stealthy malware attack demonstrated earlier this year at the Black Hat security conference that can infect the firmware of USB devices and then use them to compromise other computers. Security researchers have also previously demonstrated methods to bypass Secure Boot, a security mechanism of the Unified Extensible Firmware Interface (UEFI) -- the BIOS replacement in modern computers -- in order to install bootkits. Source

It’s up to each of us to be proactive about security and privacy; it’s risky to trust a company to manage your privacy in a manner that benefits you the most and not them. If you could have a browser that offered security, privacy and speed for free, then why not try it? WhiteHat Security originally developed Aviator as the company’s in-house browser, but eventually released Aviator web browser in two flavors, OS X and Windows. It is billed as “the web’s most secure and private browser.” Users simply install the browser and it’s setup to maximize privacy and security safeguards by default. Unlike Chrome or Firefox, you don’t need to get add-ons or extensions to configure privacy and security. Those protections are built into Aviator, but since the browser uses open-source Chromium code, it does support “tens of thousands of extensions.” Unlike Google with Chrome, Microsoft with Internet Explorer and even Mozilla with Firefox, which profit from online advertising, WhiteHat has no advertising partners and does not sell your data. You are not a product being sold in exchange for free software. Aviator comes configured with the Disconnect extension, meaning bye-bye “privacy-destroying tracking.” Aviator’s search engine choices also come with Disconnect, meaning you are using a “privacy-enhanced default search engine.” It also comes with the User-Agent Switcher extension; websites identify browsers by user agents, but this extension allows you to appear as if you are browsing via Chrome, IE, iOS, Android, Windows Phone, Firefox, Opera or Safari. When you surf to a page that contains cookies, you will see cookies with a red X on it, which indicates “This page was prevented from setting cookies.” Plugin has a similar red X, blocked on the page by default, but you have options to always allow the plug-in, run plug-in this time, and manage plug-ins. The security and privacy benefits are why I like Aviator. The browser launches in “protected” (private) mode, protecting your privacy by default by not logging your history, cookies, or browser cache. Ads and other hidden online trackers are blocked; this also protects you from malvertising (malicious advertising). Third-party cookies are also not allowed and Aviator automatically cleans locally stored data when you exit the browser. In WhiteHat’s words, “There is no need to constantly make it your mission to keep from being invisibly tracked and spied on.” Why are Ghostery, Adblock Plus or Privacy Badger not also default extensions? Robert Hansen, aka @RSnake, Vice President of WhiteHat Security’s WhiteHat Labs was kind enough to answer my questions. Robert Hansen: Ghostery and Privacy Badger are mostly redundant, and Adblock Plus allows ads from companies like Google, which totally defeats the purpose of the software. But if you want a feature from one of those plugins or feel that Disconnect is missing something, yes, of course you can install any plugin you like. Are there any plans for Aviator to be offered as a mobile browser for iOS or Android? Robert Hansen: It's unlikely in the near term. Though, that is always an option. The major hurdle is actually the manufacturers who don't like mobile browsers. Might you offer a security/privacy-minded suggestion for a mobile browser? Robert Hansen: Disconnect offers similar functionality to their browser extension on mobile - that is probably the best option available, though not as feature rich from a privacy/security standpoint as Aviator is which combines their technology with a number of our own techniques. You can find more about Disconnect here; the free mobile app for iOS can be downloaded from iTunes and from Google Play for Android where it is lovely to see “Disconnect Search does not require any special permissions.” (There is also a Disconnect Secure Wireless app.) If you are curious how Aviator stacks up against other browsers in a simple HTML5 test, then Aviator scored 492 out of 555 points, compared to 475 using Firefox 34, 512 using Chrome 39, 376 using IE 11 and 429 using Safari 8. Source

salut

Deoarece nu este corect ca doar utilizatorii de Windows sa se bucure de notificari cand apar posturi noi pe RST am dezvoltat o varianta in PHP pentru Linux (testata doar pe Ubuntu) a https://rstforums.com/forum/74731-rst-post-hunter.rst Acest program face parte din categoria FOSS(Free Open Source Software). Sunteti liberi sa modificati si sa distribuiti in orice fel si sub orice nume acest program. Advertisment! Se recomanda a folosii acest program cand nu aveti ce face, cand stati sa va uitati la filme pe youtube si vreti ca in acelasi timp sa fiti la curent cu ce e nou pe RST, cu toate acestea NU se recomanda a folosii programul in timp ce lucrati. -Cerinte Trebuie sa aveti PHP 5.4 instalat.(sudo apt-get install php5) -Instalare si Rulare cu ajutorul github Executati in terminal urmatoarele doua linii: git clone https://github.com/Ionut-Bajescu/rst-linux-post-hunter.git cd rst-linux-post-hunter && php rst.php -Pornire Deschideti terminalul, navigati pana in directorul unde ati dezarhivat fisierele(cu cd /bla/bla). Pentru a pornii executati in terminal php rst.php -Mod Pornire Avansat Folositi argumentul -s sau --sleep pentru a seta numarul de secunde intre doua verificari pentru sesiunea curenta. Exemplu: php rst.php -s 10 Folositi argumentul -c sau --categorii pentru a seta categoriile care va intereseaza pentru sesiunea curenta. Categoriile sunt separate prin caracterul |. Exemplu: php rst.php -c "Programare|Web Development|" Folositi argumentul -i sau --ignore_users pentru a seta userii blocati pentru sesiunea curenta. Userii sunt separti prin caracterul |. Exemplu: php rst.php -i "eusimplu|spide112|Reckon" Folositi argumentul -a sau --auto_open_cats pentru a seta categoriile de unde topicurile se vor deschide automat in browser pentru sesiunea curenta. Categoriile sunt despartite prin |. Exemplu: php rst.php -a "RST Power" Se pot folosii mai multe argumente impreuna, sau, dupa caz, nici unul. Exemplu: php rst.php -i "eusimplu|spide112|Reckon" -c "Programare|Web Development|" -Comportament Programul creeaza un fisier .txt unde salveaza ultimele postari preluate. -Configurare Atentie! Trebuie sa intelegeti la nivel minim ce este programarea in PHP. Blocarea unui utilizator Pentru a bloca un utilizator adaugati un element in array-ul $ignore_users cu numele lui. Daca de exemplu doriti sa ma blocati pe mine din $ignore_users = []; veti face $ignore_users = [‘eusimplu’]; Vedeti doar categoriile care va intereaza. Categoriile acceptate se gasesc in array-ul $categorii_permise , in caz ca doriti sa stergeti o categorie pur si simplu stergeti elementul cu numele ei. Deschide automat in browser topicurile unor categorii In caz ca doriti sa nu mai setati la fiecare sesiune cu -a categoriile pentru auto-open trebuie sa adaugati elemente cu numele categoriilor in array-ul $auto_open_cats DOWNLOAD: rst-linux-post-hunter Screenshots: Programul este Open-Source, il poti modifica dupa preferintele tale, cu toate acestea se accepta sugestii. Pentru o analizare mai amanuntita se recomanda a studia fisierul rst.php din arhiva. Sa nu aud pe cineva ca vrea interfata grafica. Daca vrea, isi poate creea si singur. Are ideea, conceptul si algoritmul deci se poate orienta singur cum doreste. Programul a fost dezvoltat si testat pe Ubuntu 13.04 Ideea unui "Post Hunter" ii apartine lui spide112. Eu doar am dezvoltat programul. Urmatoarele persoane au ajutat cu idei la dezvoltarea acestui program: spide112/ - Post Hunter Reckon - AutoOpen

Salut , sunt nou pe acest forum. La prima vedere pare super forumul, la "a doua vedere" este amazing , gasesti multe lucruri utile adunate la un singur loc . Super tare, tineti-o tot asa!

@em a fost de fata).

tu esti prea prost dar lumea nu stie ! daca este ceva gratis care nu-ti trebe asta nu inseamna ca nu vor si altii !

Rekall started life as a fork from the Volatility project. Volatility uses profiles to control the parsing of memory. For example, in Volatility one must specify the profile before analysis begins: $ vol.py -f myimage.dd --profile Win7SP1x86 pslist What is a profile? So what is this profile? A profile provides the application with specialized support for precisely the operating system version which is running inside the image. Why do we need specialized support? In order to make sense of the memory image. Lets take a step back and examine how memory is used by a running computer. The physical memory itself is simply a series of zeros and ones, without any semantic context at all. The processor is free to read/write from arbitrary locations (sans alignment restrictions). However, computer programs need to organize this memory so they can store meaningful data. For example, in the C programming language one can define a struct which specifies how variables are laid out in memory (For all the details see this workshop): typedef unsigned char uchar; enum { OPT1, OPT2 } options; struct foobar { enum options flags; short int bar; uchar *foo; } Using this information, the compiler can devise a layout of how to store each variable in memory. Since Rekall only receives the memory as a contiguous block of ones and zeros, we need to know where each parameter is laid out in memory. This problem is actually common to a debugger. The debugger needs to also retrieve the struct members so it can display them to the user. It turns out that to make debugging easier, compilers generate exact layout information for every data type they have. This way the debugger can see where in memory (relative to the struct offset) is each parameter. Rekall (and Volatility) use this debugging information to know how to extract each struct member from memory. We construct a python data structure which specifies exactly how to extract each field by parsing the debugging symbols. For example, the above struct foo might by described by: vtypes = { 'foobar': [12, { 'flags': [0, ['Enumeration', dict( target="unsigned int", choices={ 1: "OPT1", 2: "OPT2", }, )]], 'bar: [4, ['unsigned short int']], 'foo: [8, ['Pointer', dict(target="unsigned char")]], } Note that: The description is purely data. It consists of field names, offsets and type names. The precise offset of each field is provided explicitly. This is different from many other parsing libraries (e.g. Construct) which require all fields to be specified (or padding fields to be inserted). This special feature allows: To write sparse struct definitions - i.e. definitions where not all the fields are known. Alias fields (e.g. implement a union) where different types are all located in the same memory address. A profile is actually a collection of such vtype definitions (among other things) which provides the rest of the code with the specific memory layout of the struct members. You can think of it as a template which is overlayed on top of the memory to select the individual field members. Typically to analyze an operating system, the profile is generated from debugging symbols for the kernel binary itself. How do we deal with versions? As operating systems evolve over time, the source code changes in very subtle ways. For example, assume the above struct definition is altered to add an additional field: struct foobar { unsigned int new_field; enum options flags; short int bar; uchar *foo; } Now to make space for the new field, all subsequent fields are pushed up by 4 bytes. This means the vtype definition we have above is wrong, since the offsets for all the fields have changed. If we tried to use the old template on the memory image from the new operating system, we will think that the new_field is actually flags, the flags field is actually bar etc. So generally a profile must match the exact version of the operating system kernel we are analyzing. Slight version mismatches might still work but not reliably (Struct definitions which have not changed between versions will continue to work, but if some of the types were slightly modified our analysis will break). So how does Volatility solve this problem? Volatility has many windows profiles embedded into its source code. For example there is a profile for Windows XP Service Pack 3, one for Windows Vista Service Pack 2 etc. Also included are profiles for the different architectures (x86 and x64). For OSX, one has to download the profile pack from the Volatility site. These are Zip files containing the textual output of dwarfdump (the dump of debugging symbols). When running on an OSX image, Volatility opens the zip file, parses the output of dwarfdump into an in memory python data structure before proceeding with the analysis. Each OSX profile is approximately 1mb, making the entire profile pack around 50mb big. For Linux there are so many versions, that users must build their own by compiling a kernel module in debug mode, and dumping the output of dwarfdump. Again the profile is a zip file containing the output of the linux dwarfdump (which is actually slightly different from the OSX one). Again this must be parsed by the program before any analysis can begin. There are a number of problems with this approach: Windows profiles are included in the code base, which means that all windows profiles are always loaded into memory all the time (even when analyzing a different version of windows). There are about 20-30 different windows profiles. In practice there are hundreds of released builds of the windows kernel. So the profiles that are included in Volatility are only representative to the precise version. As discussed above, one need to have the exact profile version for reliable memory analysis. Hence there is bound to be some variability between the profile version provided by Volatility and the one needed for the actual image. This is simply not scalable - there is a limit of how many profiles one can include with the code. For OSX the profiles must be downloaded separately, and for linux they must be built. You cant really use it as a library included into a third party with such a huge memory footprint. It is also very slow. Due to the plugin model in Volatility, profiles are placed inside one of the plugins directory. When Volatility starts up it tries to load all files inside its plugin directory. This means you cant just point Volatility into your profiles directory because it will always try to open every single profile you have in there. The profile format is not consistent between operating systems. The OSX profiles are parsed using OSX specific parsers, Linux is parsed using a textual based dwarf parser, while windows profiles must be inserted into the code manually. The profiles are very slow to parse. The dwarfparsers used for Linux and OSX profiles are actually parsing the textual output of the dwarfdump program - this is quite slow and not really needed. Since it is important to the Rekall project to minimize memory footprint (so it can be used as a library) and also to improve performance, we had to redesign how profiles work: We observed that the profile contains the vtype definitions for the specific operating system involved. The vtype definitions are just a static data structure consisting of lists, dicts, strings and numbers. This means we can store the profile in a data file, instead of embed it as python code. In python, textual parsing is pretty expensive. Especially parsing the output of dwarfdump is pretty slow. We observed that profiles are written only once (when dumping the output of dwarfdump) but are read every single time the tool runs. It therefore makes sense to write the profile in a format which is optimized for loading very fast with minimal parsing. Since the vtype definition is just a data structure, we know that in Python, JSON is the fastest serialization for simple data structures there is. (Maybe cPickle is faster but we wanted to stay away from pickles to enable the safe interchange of profiles). Finally we observed that for Linux and OSX (and actually for windows too, as explained in a future blog post), the zip file contains a number of different types of data. The Zip file contains the vtype description of all the structs using in the kernel, but also it contains the offsets of global symbols (e.g the kernel system map). For analysing these we need both symbols and constants to represent the kernel version. In Rekall, the profile is a simple data structure (using strings, dict, lists and numbers) which represents a specific version of the kernel. Rather than separate the different types of information (e.g. vtypes and constants) into different members of a zip file, we combine them all into a single dict. Here is an example of a Linux Ubuntu 3.8.0-27 kernel: { "$CONSTANTS": { ".brk.dmi_alloc": 18446744071598981120, ".brk.m2p_overrides": 18446744071598964736, ".brk.p2m_identity": 18446744071594827776, ".brk.p2m_mid": 18446744071594831872, ".brk.p2m_mid_identity": 18446744071598927872, ".brk.p2m_mid_mfn": 18446744071596879872, ".brk.p2m_mid_missing": 18446744071594807296, ".brk.p2m_mid_missing_mfn": 18446744071594811392, ".brk.p2m_missing": 18446744071594803200, ".brk.p2m_populated": 18446744071598952448, .... "$METADATA": { "ProfileClass": "Linux64", "Type": "Profile" }, "$STRUCTS": { "__raw_tickets": [4, { "head": [0, ["short unsigned int"]], "tail": [2, ["short unsigned int"]] }], .... We can see that the top level object is a dict, with keys like "$CONSTANTS", "$METADATA", "$STRUCTS". These are called profile sections. For example, the most common sections are: $CONSTANTS: A dict of constants and their offsets in memory. $STRUCTS: The vtype description of all structs in this kernel version. $METADATA: This describes the kernel, it contains the name of the python class that implements this profile, the kernel’s build version, architecture etc. The whole data structure is serialized using JSON into a file and is loaded at once using pythons json.load() function (This function is actually implemented in C and is extremely fast). An interesting optimization is the realization that if dictionaries are sorted in the json file, then gzip will work much more effectively (since the data will naturally contain a lot of repeated common prefixes - especially with the very large system map). This makes the JSON files much smaller on disk than the Volatility profiles. For example, the Volatility profile for OSX Lion_10.7_AMD.zip is about 1.2mb while the Rekall profile for the same version is 336kb. Both profiles contain the same information and are both compressed. The Rekall profile format is standard across all supported operating systems. Even though generating the profiles uses different mechanism for different operating systems (i.e. parsing PDB files for windows, parsing dwarf files for Linux, parsing debug kernels for OSX), the final output is exactly the same. This makes the profile loading code in Rekall much simpler. It is possible to convert existing Volatility profiles into the Rekall format by using the convert_profile plugin (This might be useful when migrating old profiles from Volatility to Rekall): $ rekall convert_profile ./profiles/Volatility/SnowLeopard_10.6.6_AMD.zip ./OSX_10.6.6_AMD.json $ rekall -f OSX_image.dd --profile ./OSX_10.6.6_AMD.json In a future post we discuss how Rekall profiles are organized into a public profile repository. Source