Leaderboard

Windows 10 RTM (10240) Close/Preview apps without autentification Windows 10 is a personal computer operating system being developed by Microsoft as part of the Windows NT family of operating systems. A new update to this OS is the three finger swipe up gesture, that opens the multiple screen mode and shows all the active apps, to allow them to be sorted/opened/closed/minimized. This feature also works without the user being logged in, potentially allowing an attackers to examine the running programs or close them. By allowing an attacker to maximize random apps could lead to running unwanted code on locked machines. Preliminary tests show that on maximize events do trigger on maximize events (WM_SIZE message with the value SIZE_MAXIMIZED in wParam). This may allow an attacker to activate a previously installed backdoor on a user machine, and run it only on maximize if the screen is locked (thus, allowing him to run arbitrary code without logging in if he has physical access to the machine). POC of this exploit: In the first picture we can observe a Wordpad Document opened and a Google Chrome minimized Lock the screen. Note: I have a password that is required for unlocking Screen is locked Execute the 3 fingers swipe up gesture with the touchpad I can see all the running apps with a GUI that are minimized. Moreover, I can see a preview of them, maximize them, or close them. Note that I can see the text "Sensitive information without logging in" I clicked chrome. After that I clicked space to open the login screen. I am logging in with my password Chrome is maximized. I've managed to preview an app (see sensitive text) and maximize another app without entering my login password. Source: em @ Romanian Security Team.

Defapt este !==0 I-am contactat prin email si le-am spus de ce hosteaza un site care se ocupa cu spalare de bani? Au spus ca nu au auzit de PerfectMoney si m-au rugat sa le dau link-ul. Le-am dat link-ul, datele ip-urilor etc + informatii despre PM cum discuta lumea despre ei. @sleed mintea ta de Sysadmin de doi bani ramane limita in totalitate spre /dev/null.

A Collection of Examples of 64-bit Errors in Real Programs Example 1. Buffer overflow Example 2. Unnecessary type conversions Example 3. Incorrect #ifdef's Example 4. Confusion of int and int* Example 5. Using deprecated (obsolete) functions Example 6. Truncation of values at an implicit type conversion Example 7. Undefined functions in C Example 8. Remains of dinosaurs in large and old programs Example 9. Virtual functions Example 10. Magic constants as parameters Example 11. Magic constants denoting size Example 12. Stack overflow Example 13. A function with a variable number of arguments and buffer overflow Example 14. A function with a variable number of arguments and wrong format Example 15. Storing integer values in double Example 16. Address arithmetic. A + B != A - (- Example 17. Address arithmetic. Signed and unsigned types. Example 18. Address arithmetic. Overflows. Example 19. Changing an array's type Example 20. Wrapping a pointer in a 32-bit type Example 21. Memsize-types in unions Example 22. An infinity loop Example 23. Bit operations and NOT operation Example 24. Bit operations, offsets Example 25. Bit operations and sign extension Example 26. Serialization and data exchange Example 27. Changes in type alignment Example 28. Type alignments and why you mustn't write sizeof(x) + sizeof(y) Example 29. Overloaded functions Example 30. Errors in 32-bit units working in WoW64 Abstract This article is the most complete collection of examples of 64-bit errors in the C and C++ languages. The article is intended for Windows-application developers who use Visual C++, however, it will be useful for other programmers as well. Introduction Our company OOO "Program Verification Systems" develops a special static analyzer Viva64 that detects 64-bit errors in the code of C/C++ applications. During this development process we constantly enlarge our collection of examples of 64-bit defects, so we decided to gather the most interesting ones in this article. Here you will find examples both taken directly from the code of real applications and composed synthetically relying on real code since such errors are too "extended" throughout the native code. The article only demonstrates various types of 64-bit errors and does not describe methods of detecting and preventing them. If you want to know how to diagnose and fix defects in 64-bit programs, please see the following sources: Lessons on development of 64-bit C/C++ applications [1]; About size_t and ptrdiff_t [2]; 20 issues of porting C++ code on the 64-bit platform [3]; PVS-Studio Tutorial [4]; A 64-bit horse that can count [5]. You may also try the demo version of the PVS-Studio tool that includes the Viva64 static code analyzer which detects almost all the errors described in this article. The demo version of the tool can be downloaded here. Article as PDF By NO-MERCY : File: A Collection of Examples of 64-bit Errors in Real Programs.pdf CRC-32: 83a44d07 MD4: fce9ce801355066291dbb909122303b5 MD5: a4860ed0e570d9b1f18223f57dbef54a SHA-1: ee39016950c6ecc5a09542a40b141f641b036e73 Pages : 40 size : 1.88 MB Download : http://www.4shared.com/office/ZlJBYgdxba/A_Collection_of_Examples_of_64.html Regards Source : http://www.viva64.com/en/a/0065/ 29.06.2010 by : Andrey Karpov