Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 02/22/16 in all areas

  1. QuoVadis
    Niste rapoarte (4 la numar) excelente intocmite de BMI referitoare la piata IT din Romania pe fiecare quarter din 2015. Acestea includ SWOT analysis, industry forecast pe 5 ani, economic analysis si multe alte informatii utile. De recomandat in special celor ce vor sa porneasca o afacere in domeniul IT in Romania - pentru a intelege mai bine contextul, trenduri, etc. Cei de la BMI Research apartin de Fitch Group si produc research de calitate, credibil. Download: aHR0cDovL3dlLnRsL0phWGZJS3JSalo= (Link disponibil 7 zile. Pentru re-upload pm me)
    4 points
  2. romanul
    Sa fie mai mic sau e ok ?
    4 points
  3. BIOHAZARD
    In primul rand trebuie sa-ti dai seama tu ca persoana ce anume iti place sa faci, adica sa faci un lucru si atunci cand il faci, sa te simti la fel ca si cand ai fi cu cei mai buni prieteni ai tai la o bere, daca intelegi ce vreau sa spun. Sa zicem ca iti place programarea ... acum trebuie sa te gandesti: "Ce anume imi place mie din segmentul de programare ? Sa creez aplicatii web, sa fac aplicatii software etc. ". Sa zicem ipotetic ca iti dai seama ca iti place web development-ul foarte mult si stii ca el implica limbaje precum HTML, CSS, JavaScript si PHP etc. Aici, trebuie sa o iei in ordine si sa incepi sa inveti mai intai HTML, dupa care CSS, apoi JavaScript si PHP (PHP si JavaScript), depinde de ce vrei sa faci mai intai. De ce aceasta ordine ? Pai mai intai trebuie sa inveti fluxul documentului HTML sa vezi cum sunt reprezentate elementele HTML (tag-urile) in pagina si sa stii denumirile elementelor si atributele si cum se pun si ce fac fiecare in documentul HTML (majoritatea oamenilor clacheaza crezand ca nu pot acumula atat de multa informatie - eu contrazic pe oricine acest lucru, si sunt de parere ca orice om care isi doreste cu adevarat sa faca un lucru, il poate face cu foarte multa usurinta - ai nevoie doar de organizare a timpului de lucru ); sa zicem ca au trecut 1-2 luni ca sa acumulezi notiunile de baza si sa stii cam cu ce se mananca HTML-ul; te apuci apoi frumos de CSS (limbaj de stilizare a elementelor HTML din documentul HTML) - aici deja incepe magia, o sa vezi cum poti sa dai viata elementelor patrate din pagina si cum le poti pozitiona si stiliza dupa bunul plac; dar parca te lovesti totusi de anumite neajunsuri; bine ... stiu sa fac deja acum dupa 3-4 luni o pagina web, sa o stilizez, o animez (cu multe limitari), dar parca totusi as vrea sa am mai multa flexibilitate in cod; te apuci si de JavaScript, unde incepi sa te familiarizezi cu primul limbaj de programare (incepi sa inveti ce sunt operatorii, ce sunt ramificarile si structurile conditionale, buclele, sirurile, evenimentele, DOM-ul, BOM-ul ) si de-abia acum cand aprofundezi tehnicile de OOP - ce sunt gandite sa reprezinte elementele din pagina ca pe niste obiecte, o sa incepi sa iti dai seama cam ce poti face cu toate aceste limbaje in stransa-legatura); nu esti multumit si vrei sa vezi ce poti face si pe parte de server, pentru ca desigur ca iti doresti sa devii un profesionist in ceea ce faci si vrei sa stii un limbaj si pe parte de server; te apuci de PHP si vei avea surpriza ca aici sa intalnesti notiuni despre care deja ai invatat in JavaScript sau invers si mici diferente). Daca in schimb tu te apuci sa inveti si dupa 5 minute in care nu intelegi ceva abandonezi, nu vei ajunge niciodata sa inveti ceva si o sa stai lenes mereu. Ti-as recomanda sa te uiti peste cateva citate precum cel al lui Mark Twain care spunea ceva de genul ca cele mai importante doua momente din viata unui om sunt cel in care se naste si cel in care acea persoana isi da seama pentru ce s-a nascut - adica scopul lui in viata - ce ii place sa faca, ce il reprezinta. Nu te hazarda sa te apuci de ceva ce nu-ti place pentru ca poate chiar daca vei excela totusi prin perseverenta, te vei simti un om neimplinit si nu vei avea satisfactie la finele zilei. Concluzionez cu urmatoarele: fa-ti un orar scolar (poate ti se pare amuzant) si incearca sa il respecti - ai 10 ore de munca si 4 ore timp liber - invata in 2 ore si intr-o ora pune in practica si apoi relaxeaza-te 1 ora - foloseste timpul in favoarea ta si nu in defavoarea ta ca pana acum. Apuca-te si invata si citeste frate .... daca ai nevoie de carti cu siguranta te vom ajuta o gramada si cu cat stim fiecare ... dar mai intai trebuie sa te lovesti tu de chestiile astea ca sa le intelegi pentru ca daca noi iti dam mura in gura totul nu o sa intelegi logica intregului limbaj ci doar logica matematica poate sau poate nimic. Deci totul depinde numai de cat timp iti dedici si sa iti doresti cu adevarat acest lucru, restul ESTE DOAR O CHESTIUNE DE TIMP (asa trebuie sa gandesti, sa nu faci greseala sa te pui pe invatat si sa zici ca ba sa invat cat mai mult in 2 ore ca e ceea mai mare tampenie). Citeste mai intai o carte despre managementul timpului si una pentru metode de invatare eficienta. Eu personal tot ce citesc, imi traduc/scriu pe pc/hartie, dupa care citesc 1-2-3 ori si incep sa-mi pun intrebari, ba chiar uneori pun pe cineva sa ma asculte ca la scoala ( si nu e vorba ca le tocesc, e vorba ca unele notiuni atunci cand le citesti, poate chiar le intelegi prea usor si nu ti se fixeaza pe memoria de lunga durata si le vei pierde nelucrand la inceput cu ele). Succes si multa bafta si spor in ceea ce vrei sa faci !
    2 points
  4. j1ll2013
    eu am 1 singur sfat. 1. nu consuma niciodata mai mult decat produci ! orice ai face nu te indatora si incearca mai mult sa economisesti. 2. faptul ca numarul banilor reprezinta fericirea e o mare minciuna. asta e cea mai mare manipulare la nivel global. faptul ca banii multi aduc fericirea. asta e filozofia mea de viata si a multora sper eu.
    2 points
  5. SilenTx0
    Pwnthecode este o platform? educa?ional? care are ca scop dezvoltarea, responsabilizarea ?i antrenarea pasiona?ilor de securitate. Scopul definit al platformei este s? demonstreze cât de periculoase sunt vulnerabilit??ile web dar ?i s? înve?e utilizatorul despre anumite bre?e de securitate pe care acesta, ulterior, va înv??a s? le repare în vederea îmbun?t??irii securit??ii pe pia?a IT. Platforma se adreseaz? în special celor mai pu?in specializa?i în domeniul IT ?i celor care de?in un website sau care activeaz? în domeniul web. Link: Pwnthecode | Proiect despre Securitatea Web Momentan platforma este la la versiunea BETA, urmând ca în scurt timp s? ad?ugam atât un numar mare de tutoriale pentru vulnerabilit??ile existente (în cadrul platformei) cât ?i câteva tipuri de vulnerabilit??i noi. De asemenea, vom mai ad?uga/modifica examene. User control panelul este în dezvoltare deci este posibil s? întâmpina?i unele probleme. Orice fel de problem? v? rog s? mi-o trimite?i prin PM mie sau lui @danyweb09. Cei care dorest s? sus?in? proiectul pot face o dona?ie (g?si?i pe site mai multe detalii). Dac? cineva doreste s? doneze prin alt? metod? decât PayPal, s? imi trimit? PM. Orice sugestie este bine-venit?!
    1 point
  6. Nytro
    Intro to ARP spoofing with bettercap I recently discovered a fairly new man-in-the-middle tool called bettercap, which I will test in this video. I will explain the concept of ARP spoofing, install bettercap, and see how one can use it to sniff passwords on a network. Here it is: If you liked it, checkout my other trainings: http://hackademy.aetherlab.net Sursa: http://aetherlab.net/2016/02/intro-to-arp-spoofing-with-bettercap/
    1 point
  7. Byte-ul
    Daca tot dai copy-paste, formateaza si tu topicul frumos. Thanks.
    1 point
  8. tjt
    Ma asteptam sa fie niste prezentari de 20 pagini maxim, dar e material de studiu in documentele respective. Mersi pentru share, e foarte interesant ce scrie acolo.
    1 point
  9. Webz
    Aduc acum băieții să-l suie pe FTP 10 inși !
    1 point
  10. S.L.C
    Fara suparare dar 90% din persoanele care intreaba unde sa invete sa programeze si care au nevoie de cineva sa le explice tot, nu vor ajunge programatori nicioadata. De ce spun asta? Pentru ca nu au initiativa. Dar stai linistit. Este doar o faza care va trece curand. Chiar si intr-o scoala dedicata. Crezi ca profesorul sta sa iti explice tie "ce face asta?", "si asta ce face?", "da asta ce face?". Daca are 10-20 de elevi ca tine atunci ala sta 24 din 24 sa repete acelasi lucru care se gaseste in documentatie. Si hai sa presupunem ca termini scoala. Te angajezi la o firma. Acolo cine sta de tine? Cine sta la curu tau sa iti explice tie ce face XYZ. Atunci cand chiar vrei sa inveti ceva. Te apuci frate si lucrezi singur cum poti. Downloadezi Wamp/XAMPP etc. Pornesti serverul si rulezi un script in PHP care spune doare "hello world!". Si de acolo incepi sa extinzi si sa practici zi de zi pana incepi sa vezi imaginea de ansamblu. Sti vorba: "Pofta vine mancand." Problema ta este ca ai ales un domeniu care a devenit atat de vast in ultimul timp. Incat si o persoana cu experienta anterioara in programare va avea dificultati. Pentru ca nu este doar PHP. Ai nevoie si de HTML, CSS, JavaScript, SQL. Si pe deasupra mai sunt si o duzina de framework-uri si diferente intre browsere (pentru ca orice dictionar contine cuvantul "standard" insa nimeni nu stie ce scop are). Sper sa nu ma intelegi gresit. Pentru nu am nici un motiv sa te mint. Si este plin internetul de de intrebari de genul. Asta daca vrei dovada.
    1 point
  11. aelius
    second hand linux distribution
    1 point
  12. gafi
    Iti recomand cu caldura aparatele QIWI, comisioanele la bitcoin sunt mici, mai ales la 7USD.
    1 point
  13. kznamst
    "to be a work of some script kiddies" - atunci e mai mare rusinea. Daca niste "script kiddies" au facut asta, atunci altii mai buni inseamna ca pot face ce vor cu site-ul lor. "Also, even after the hack was initially discovered, the hackers re-compromised the site, which again shows the hackers' lack of experience." - NU arata "the hackers' lack of experience." ci arata cat de incapabili sunt cei ce se ocupa cu securitatea pe site-ul lor.
    1 point
  14. Meteosensibilul
    @Rolls Desigur, acesta este un soft care face bruteforcing prin niste metode noi, si astfel vei reusi sa spargi parola respectivului. Singura problema este ca dureaza putin, dar functioneaza. Uite tutorialul pentru soft, are si link de download in descriere: http://www.youtube.com/watch?v=hiRacdl02w4
    1 point
  15. albertynos
    @kznmast done
    1 point
  16. tjt
    Strange 50 de Euro, invata, si da examenul LPIC-101 (http://www.lpic.ro/wiki/info/examene). Urmatoarea sesiune de testare e pe 13 iunie. Chiar daca nu ai o facultate/studii de profil ,certificatul respectiv te va ajuta sa intri pe piata muncii in IT, macar pentru un internship daca nu pentru un loc de munca. Daca esti din Bucuresti poti sa te duci si la cursurile lor, dar platesti inca 500 RON (persoana fizica) sau 350 RON (student). O sa te ajute mult cunostintele dobandite, iar hartia pe care o obtii de la ei iti va "face intrarea" la resurse umane. Si eu o sa-l dau pe 13 iunie desi am facultate de profil . Certificatele dau bine intr-un CV + ca inveti multe lucruri. Cea mai buna investitie pe care poti sa o faci e in tine. Incearca sa participi la tot felul de evenimente legate de IT, incearca sa obtii certificari: CISCO, ORACLE (java, db, etc), Microsoft (C#), etc. Ai de unde alege. Daca te-ai saturat sa stai degeaba, pune mana pe o carte si invata ca sa obtii o certificare.
    1 point
  17. PureGold
    De parca tu meriti ceva din ce ai. Cu ce esti mai bun decat niste copii africani care muncesc 12/24 7/7 pt 1 dolar pe zi? Si totusi ai mai mult decat ei. Nu poti sa spui ca meriti pe drept ce ai. Totul depinde de vreme si de imprejurari. Daca te nasteai si tu odata cu el in aceleasi conditii, acum tu erai cel care trebuia tinut de mana. Ce vina are el pentru conjunctura in care a crescut? Ai cam uitat pe ce lume traiesti. Cu 15 milioane ai in romania pentru o luna un acoperis deasupra capului, caldura, apa, mancare, imbracaminte, acces la servicii medicale si poate iti mai raman si pt divertisment. In conceptia ta 5 miliarde de oameni traiesc intr-o societate anormala. PS: daca ai un salariu de 1k euro /luna esti mai bogat decat 80% din populatia pamantului. @WIK Ai mai sus niste idei bune din care poti sa te inspiri. Daca dedici o ora pe zi unui proiect s-ar putea ca in cateva luni sa scoti niste bani si incet incet ar putea sa fie o sursa buna de venit.
    1 point
  18. devilox
    gata ti-am reactivat si resetat passkey atat tie cat si prietenului tau. va rog de acum incolo sa nu va mai postiti contul ati reusit performanta de a downloada acelasi torrent pe acelasi pc cu 2 conturi diferite :slap:
    1 point
  19. devilox
    nume cont?
    1 point
  20. call911
    Sau http://livejasmin.com + webcam + niste chiloti tanga
    1 point
  21. spider
    trimite-i un mesaj lui @devilox, el este admin pe czt.
    1 point
  22. Nytro
    REcon 2015 Link:
    1 point
  23. aelius
    Daca gasiti un tigan injunghiat in spate, sa stiti de la mine ca e vorba doar de un alt caz de sinucidere! :)))))
    1 point
  24. albertynos
    Fac mai bine ca la job, insa nu sunt gata sa renunt, iti dai seama ca maine poate sa nu imi mai mearga sau se distribuitorii mei sa nu aiba marfa etc... iar jobul meu tot imi ofera undeva la 900 de euro ceea ce e acceptabil in RO. Intai strang imi creez o baza, capat cunostinte si apoi o sa las si jobul.
    1 point
  25. Nytro
    Critical Vulnerabilities in 3G/4G Modems or how to build Big Brother This report is the continuation of "#root via SMS", a research made by the SCADA Strangelove team in 2014. It was devoted to telecommunications equipment vulnerabilities with modem flaws only partially covered. This document describes vulnerabilities found and exploited in eight popular 3G and 4G modems available in Russia and worldwide. The findings include Remote Code Execution (RCE) in web scripts, integrity attacks, Cross-Site Request Forgery (CSRF), and Cross-Site Scripting (XSS). The research covers a full range of attacks against carrier customers using these types of modems — device identification, code injection, PC infection, SIM card cloning, data interception, determining subscriber location, getting access to user accounts on the operator's website, and APT attacks. Equipment We analyzed eight modems of the following vendors: Huawei (two different modems and a router) Gemtek (a modem and a router) Quanta (two modems) ZTE (one modem) Not all the modems had vulnerabilities in their factory settings; some of them appeared after the firmware was customized by the service provider. For convenience, let's call all the network equipment — both modems and routers — collectively, "modems". Statistics on Vulnerable Modems The data was gathered passively from SecurityLab.ru between 01/29/2015 and 02/05/2015 (one week). Our statistics lacks information about Huawei modems, but it can be easily found at shodan.io: Vulnerabilities Detected All the modem models investigated had critical vulnerabilities leading to complete system compromise. Virtually all the vulnerabilities could be exploited remotely (see the "Modems" table). Description of the detected vulnerabilities ranked by severity: 1. RCE (five devices) All the modem web servers are based on simple CGI scripts that are not properly filtrated (except for Huawei modems, and even then only after a few security updates since the vulnerabilities have been disclosed). All the modems work with the file system — they need to send AT commands, read and write SMS messages, configure firewall rules, etc. Almost no devices had CSRF protection, which allowed remote code execution by power of social engineering and remote requests through a malicious website. Some modems were also vulnerable to XSS attacks. Combined, these three factors produce a disappointing result — more than 60% of the modems are vulnerable to Remote Code Execution. You could get an updated firmware without all found vulns for only Huawei modems (there's a public description of the vulnerabilities). The other vulnerabilities are still considered to be zero-day. 2. Integrity Attacks (six devices) Only three modems were protected against arbitrary firmware modifications. Two of them had the same integrity check algorithms (asymmetrically encrypted SHA1 with RSA digital signature), and the third one used the RC4 stream cipher for firmware encryption. All the cryptographic algorithms proved to be vulnerable to attacks violating integrity and confidentiality. In the former case, we can modify the firmware by injecting an arbitrary code. In the latter case, given the weak implementation of the algorithm, we managed to extract the encryption key and determine the encryption algorithm, which also allows firmware modification. The other three modems had no protection from integrity attacks, but a local access to COM interfaces was required to update the firmware. The remaining two modems could be updated only though the carrier's network via Firmware Over-The-Air (FOTA) technology. 3. CSRF (five devices) CSRF attacks can be used for various purposes, but the primary ones are remote upload of modified firmware and successful arbitrary code injection. Using unique tokens for each request is an efficient protection against this type of attacks. 4. XSS (four devices) The scope of this attack is quite wide — from host infection to SMS interception. However, our research focuses mainly on its prime target — modified firmware upload bypassing AntiCSRF checks and the Same-Origin Policy. Attack Vectors 1. Identification First, you need to identify a modem for a successful attack. You can send all kinds of requests to exploit RCE or try to upload various updates via all the possible addresses, but it seems to be inefficient and too signally for a target user. The time of infection — from user detection to code injection, modification of modem settings, etc. — is also quite important in the real (not simulated) conditions. For this very reason, you need to identify the target device properly. To do that, you must use a simple set of picture addresses, which can tell you the model of the modem. This method helped us to identify all the investigated modems 100%. An example of the code: 2. Code Injection This stage is described in the previous section, points 1 and 2. The code can be injected either though RCE in web scripts, or though uploading infected firmware. The first method allowed us to penetrate five modems, it isn't that complicated. Let's describe the vectors of the second method in detail. Two modems used the same algorithm to protect firmware integrity: the digital signature of SHA1 hash sum by an asymmetric RSA key was carried out via an OpenSSL library. The verification was incorrect: after uploading the firmware (an archive), the web server extracted two main files from it — the one specifying the size of the verified data and the one with the signed hash sum. Next, the verification script obtained a public key from the file system and sent a request to OpenSSL functions to decrypt signature and compare hashsum. If hashsums were the same, the update was installed. The firmware compression algorithm had a feature — you could add additional files with the same names to the archive, but its first bytes wouldn't change. In addition, when we extracted the firmware, the later files overrode the earlier files. This allows changing the firmware without affecting data integrity checks. The firmware of the third modem was encrypted by the RC4 algorithm with a constant keystream. As there were three different firmware versions on the Internet, you could get several bytes of plain text where there were bytes 0x00 in a file of the unencrypted firmware. Then, we extracted the ISO image of the modem's virtual CDROM, which allowed us to decipher the first several kilobytes of the each firmware image. They contained the encryption algorithm and address of the encryption key. By XORing the two pieces of firmware, we obtained the plain text of the key itself. Dmitry Sklyarov, an experienced cryptanalyst and reverse engineer from Positive Technologies, helped us a lot to conduct attacks against cryptographic protocols. You can use CSRF for remote upload and HTML5 functions for transferring multipart/form-data, or XSS if an application is protected against CSRF (Huawei modem). Only three Huawei modems had this kind of protection, which could be bypassed via XSS, though. In all other cases, an attacker could use the HTML5 code located on a special web page (you can download an example fromhttp://blog.kotowicz.net/2011/04/how-to-upload-arbitrary-file-contents.html). Gemtek modems required a special utility for firmware updates installed on PC. In this case, firmware was uploaded though host internet connection via HTTP. After that, the firmware integrity was verified by checksums uploaded from the server. We failed to test this scenario. However, it’s no use hoping that a vendor that doesn't properly check firmware integrity during upload protects it well enough. 3. Data Interception Now we can execute an arbitrary code on the modem. You need to do three things: determine the modem’s location (later you will understand why) plus be able to intercept SMS messages and HTTP/HTTPS traffic. The easiest way to determine location is to find the base station identifier (CellID). Then, with the operator’s MCC and MNC at hand, you can determine the victim’s exact location by means of some public bases, such as opencellid.org. Another method is to use the modem’s Wi-Fi card to scan nearby networks and determine the victim’s location area more accurately, given that one base station may have quite a broad coverage. We managed to obtain the CellID of six modems; Wi-Fi was available in two devices. We had to recompile and upload new network card drivers for one of the modems. Its previous driver allowed only the Ad Hoc mode, which prevents scanning nearby APs. We studied two types of modems: with and without SMS support. The first type also didn’t allow SMS reading though AT commands. The second type allowed SMS reading via XSS. The messages are usually stored in the file system, and it’s not so difficult to get access to them for reading or sending SMS messages and USSD requests. Traffic interception is more interesting. There are several ways to do that: by changing the modem’s DNS server settings, or replacing the modem’s gateway with the Wi-Fi interface and connecting to an hacker’s access point (that’s why you should know the victim’s location). The first method is simpler: changing the settings is a piece of cake, as they are also stored in the file system. We managed to do that for all but one modem. We studied the second method only in theory — switching the network card mode from ad hoc to active, connecting to an access point, and changing modem routing. Not only HTTP traffic can be intercepted. By injecting and executing a VBS code on an HTML page, you can add your certificate to the Trusted Root Certification Authorities and successfully conduct MITM attacks: 4. SIM Card Cloning and 2G Traffic Interception The attacks against SIM card applications were described in detail by Karsten Nohl and in the “#root via SMS” research. We still have to send binary SMS messages to SIM cards, as we failed to make modems send commands to SIM card applications via APDU. It’s not that bad, though — by injecting an arbitrary code to a modem, you can extend the attack scope by means of binary SMS messages. Firstly, you can now send these messages “to yourself” from the target SIM card via the AT interface by switching the modem to the test mode and working with the COM port. You can do that in the background —the web interface will be available to the victim, who will hardly notice mode changeover. Secondly, you need to exchange data with the COM port via injecting a VBS code to the modem page and executing it with user rights with the help of social engineering. Switching the modem to the test mode The PowerShell script for sending a binary SMS message Using FakeBTS is the next attack vector, and you also need to know the victim’s location for it. Having the victim’s exact location and IMSI at hand, we can use a fake base station nearby and wait until the subscriber connects to us, or we can force a base station (it is possible for five devices). If the operation is successful, we will be able to send binary SMS messages to the target SIM card without any restrictions from the operator. 5. PC Infection If we penetrate a modem, we have very few attack vectors. However, infecting a PC connected to the modem provides us with many ways to steal and intercept the PC user's data. You may have already heard of the main infection vector — bad USB. There are also some other methods involving social engineering: Virtual CDROM. Almost all the modems have a virtual drive image that is enabled for driver installation. You need to replace the image and force its mounting. VBS, drive-by-download. Code injection to an HTML page, or forced upload of executable files as updates or “diag utilities”. Browser 0-days. As an example, we used Adobe Flash 0-day found in the archives of Hacking Team. Vulnerable client software. One of the operators delivered vulnerable diagnostic software together with its modems, which allowed executing an arbitrary code on Windows and OS X PCs. Reference: we'd like to give a special thanks to Mikhail Firstov from Headlight Security for detecting this vulnerability. Random Code Execution in the client software of a modem 6. APT Attacks After infecting the modem and host, you need to stay in the systems somehow — save changes in the modem's even after it is switched off and prevent further firmware updates. It would be useful to detect and infect other vulnerable modems as soon as they will be connected to the PC. Most of the devices can be infected right at the phone store during "checking before buying". There was another attack we failed to conduct — accessing the modem from the operator's network. Most vulnerable web servers listen at *:80, i.e. there's a chance that the modem's web server will be available from the operator's network. Only a few modems restrict connections incoming from the telecom's network or specify the address for listen 192.168.0.1:80. 7. Additional Information We also studied getting access to a personal account by sending a USSD request and resetting password via an SMS message. This vector was demonstrated during the "#root via SMS" presentation. The vulnerability was exploited through an XSS attack that could be conducted by sending an SMS message. However, an attacker can also do that in modems that allow SMS reading via RCE. XSS exploitation results Summary All in all, we have a full infection cycle of devices and related PCs. Using the infected devices, we can determine location, intercept and send SMS messages and USSD requests, read HTTP and HTTPS traffic (by replacing SSL certificates), attack SIM cards via binary SMS messages, and intercept 2G traffic. Further infection can continue through the operator's networks, popular websites or equipment infected by worms (when connecting a new device). What can we recommend to those clients who constantly work with such devices? Huawei modems with the latest firmware updates are the most protected. It is the only company that delivers firmware (the operators are only allowed to add some visual elements and enable/disable certain functions) and fixes vulnerabilities detected in its software. ? Modems Information Disclosure Although 90 days had left since the service providers were informed of the vulnerabilities, many flaws remained unfixed. Credits: Alexey Osipov, Dmitry Sklyarov, Kirill Nesterov, Mikhail Firstov, and the SCADA Strangelove team (http://scadasl.org) Author: Positive Research ?? 6:10 AM Sursa: http://blog.ptsecurity.com/2015/12/critical-vulnerabilities-in-3g4g-modems.html
    1 point
  26. QuoVadis
    Daca vrei sa te scapi rapid de ei de ce nu-i bagi pe localbitcoins.com ? Se foloseste escrow, useri cu tranzactii multa si reputatie buna, iti baga direct in contul bancar. Spre exemplu - https://localbitcoins.com/ad/75937/cash-out-your-bitcoins-bank-transfer-romania
    1 point
  27. Whai_Nooa
    Ma bucur ca exista oameni ca voi, respect!
    1 point
  28. Duras
    Gagici
    -1 points
  29. Meteosensibilul
    Cei care spun ca nu trebuie sa faci studii sunt cel putin idioti pentru ca fara studii nu ai acces la anumite lucruri. In ziua de azi conteaza si studiile alea, pe langa acea pagina din CV adaugata pe care ti-o cere aproape oricine daca aspiri la o functie mai inalta, un mediu d-asta de invatare organizat te modeleaza si ca individ si ca inteligenta, si daca esti lenes e un bonus, ca te impinge de la spate sa inveti anumite lucruri. Da, inveti numai bazele in mare parte, dar facultatea presupune si studiu individual, nu sa iti dea chiar absolut totul mur in gura, iar daca nimeresti la o facultate buna, profesorii care chiar au chef te ajuta sa iti deschizi mintea, ochii, te lumineaza cu privire la anumite chestii. Sfatul meu pentru toti tinerii este sa faca o facultate cu ajutorul caruia sa faca ceva, nu se se duca la stomatologie si sa se faca patinatori, sau mai stiu eu, o facultate dauneaza in momentul in care o faci degeaba, ca sunt ani din viata pierduti. // Cine a dat dislike inseamna ca e o maimuta inculta/cu sanse mari de a fi inculta. Stati in caverna voastra si nu invatati decat 1 singur lucru, nu cumva sa va suprasolicitati neuronul (1).
    -1 points
  30. thehat
    Reflecting on Recent iOS and Android Security Updates By zLabs Friday, Feb 12 2016 at 04:00 By: Zuk Avraham, Joshua Drake, Nikias Bassen from ZimperiumzLabs The last thirty days proven to be yet another exciting time for the mobile security ecosystem. Apple and Google released updates for their respective mobile operating systems that fix several critical issues — including some in the kernel that may be exploited remotely. Last Monday, Google released its monthly Nexus security bulletin. We are thrilled to see that the tradition that started after Stagefright’s discovery is a monthly routine now and other vendors are following suit (including Samsung). Blackberry indicated that they are very serious about security issues as well. We welcome Android vendors to reply to the ZHA thread to update the carriers on their plans to release an update addressing the February fixes by Google. We’ll take a closer look at the bulletin and some of the issues fixed later in this post. iOS 9.2.1 In the recent iOS update (9.2.1 – published on January 19th), Apple patched what we initially classified as 7 critical, 3 high, and 2 moderate severity vulnerabilities. These include at least five remotely exploitable vulnerabilities (CVE-2016-1723 through CVE-2016-1727) and at least one critical local kernel vulnerability triggerable from userland with low privileges (CVE-2016-1719). CVE-2015-7995 also appears to be exposed remotely, but determining exploitability will require further investigation. The following graph and table summarize the mentioned issues. CVE Component Impact Severity CVE-2016-1717 DiskImage Kernel Code Execution High CVE-2016-1719 IOHIDFamily Kernel Code Execution Critical CVE-2016-1720 IOKit Kernel Code Execution High CVE-2016-1721 Kernel Kernel Code Execution High CVE-2015-7995 libxslt Remote Code Execution Critical CVE-2016-1722 syslogd Code Execution w/EOP High CVE-2016-1723, CVE-2016-1724, CVE-2016-1725, CVE-2016-1726, CVE-2016-1727 WebKit Remote Code Execution Critical CVE-2016-1728 WebKit CSS Privacy Leak Moderate CVE-2016-1730 WebSheet Privacy Leak Moderate Android The February Nexus Security Bulletin encompasses 10 security issues including 5 critical, 4 high, and 1 moderate severity vulnerabilities. This includes 2 remotely exploitable kernel code execution vulnerabilities (CVE-2016-0801, CVE-2016-0802) and 2 remotely exploitable vulnerabilities exposed through Android’s mediaserver (CVE-2016-0803 in Stagefright, CVE-2016-0804). You can see the bulletin in its entirety here, but the following graph and table summarize the disclosed issues. CVE Component Impact Severity CVE-2016-0801 CVE-2016-0802 Broadcom Wi-Fi Driver Remote Code Execution Critical CVE-2016-0803 CVE-2016-0804 Mediaserver Remote Code Execution Critical CVE-2016-0805 Qualcomm Performance Module Elevation of Privilege Critical CVE-2016-0806 Qualcomm Wi-Fi Driver Elevation of Privilege Critical CVE-2016-0807 Debugger Daemon Elevation of Privilege Critical CVE-2016-0808 Minikin Denial of Service High CVE-2016-0809 Wi-Fi Elevation of Privilege High CVE-2016-0810 Mediaserver Elevation of Privilege High CVE-2016-0811 libmediaplayerservice Information Disclosure High CVE-2016-0812 CVE-2016-0813 Setup Wizard Elevation of Privilege Moderate While privilege escalation issues can be used by local apps or by remote exploits, attackers still need to gain initial code execution on the device to exploit those. With SELinux being enforced more strictly, kernel vulnerabilities are becoming more important (see our 2016 predictions []). Fortunately for the attackers (and unfortunately for us), we suspect that several additional security bugs lurk within Android device specific drivers and kernels. Further, the value of information disclosure vulnerabilities should not be underestimated. For example, CVE-2016-0811 may help attackers defeat security mitigations such as ASLR by leaking address space layout details. Combining several less severe issues together in a chain allows attackers to accomplish full compromise reliably. We expect this practice to remain a trend for the foreseeable future. As promised, Google updated the advisory within 48 hours with links to the AOSP commits that fixed the issues. It’s Interesting that several issues correspond to commits first released to the public in January. Unfortunately, this form of partial disclosure tends to give attackers that monitor code pushes a head start — especially when targeting 3rd party Android devices. On the bright side, that means up-to-date Nexus users were protected for an extra month before the official public disclosure. Let’s take a closer look at the relevant code changes for each issue. Analyzing the bugs The Broadcom Wi-Fi Driver remote kernel code execution vulnerabilities are the most interesting bugs disclosed this month. Although Google did not link to any commits for these two vulnerabilities, the Linux kernel is released under the GNU Public License which requires that source code be made available publicly. Shortly after the release, Security Researcher Ralf Philipp-Weinmann what we believe to be the related commits. The changes most relevant to CVE-2016-0801 and CVE-2016-0802 follow. We performed a cursory analysis of CVE-2016-0802 (full diffhere) and determined that several new validations were added checking packet lengths. However, we were unable to confirm that any ill effects would result from using nefarious values for the now-validated parameters. CVE-2016-0801 tells a different — and quite scary — story. See the following commit details. As you can see, the committer himself declared these issuesexploitable buffer overflows straight away. Looking at the code sheds additional light on the subject. drivers/net/wireless/bcmdhd/wl_cfg80211.c [diff]: In both cases, validation is added to prevent copying more data than the size of the destination buffer. Further, both destination buffers are located on the kernel stack. Because the stack contains crucial items such as the return address and — in the case of the kernel — the thread_info structure, exploiting such overflows is thought to be much easier. The next logical question is if and how these areas of code can be reached by an attacker. The bulletin states, “These vulnerabilities can be triggered when the attacker and the victim are associated with the same network.” However, our quick analysis of the code suggests (unconfirmed) that it may be possible to trigger these vulnerabilities without being associated at all. The following code is responsible for initializing a table of handlers that is used when various events occur. ==== 9765 static void wl_init_event_handler(struct bcm_cfg80211 *cfg) … 9781 cfg->evt_handler[WLC_E_ACTION_FRAME_RX] = wl_notify_rx_mgmt_frame; 9782 cfg->evt_handler[WLC_E_PROBREQ_MSG] = wl_notify_rx_mgmt_frame; 9783 cfg->evt_handler[WLC_E_P2P_PROBREQ_MSG] = wl_notify_rx_mgmt_frame; … 9790 cfg->evt_handler[WLC_E_PFN_NET_FOUND] = wl_notify_pfn_status; ==== The first three presented entries correspond with the first change in the diff. The wl_notify_rx_mgmt_frame function callswl_validate_wps_ie, which contains the buffer overflow. (and also has other callers that have not been investigated). The event IDs (the part in brackets) include probe requests and action frames. This is quite interesting because probe requests are one of the very first packets sent during association. If an Android device enabled the portable hotspot feature, this vulnerability could potentially be exposed to everyone within range of the Wi-Fi radio. The final presented event handler entry deals with scheduled scans. The wl_notify_pfn_status function callswl_notify_sched_scan_results, which contains the buffer overflow. Although we are still investigating, this functionality also sounds a lot like it could expose the vulnerability to any attacker within Wi-Fi range of a vulnerable device. After the Broadcom Wi-Fi driver, the next most interesting vulnerabilities in the bulletin relate to a subject near and dear to our hearts — Android’s media processing. CVE-2016-0803 fixes two integer overflows in libstagefright that were classified as critical RCE. The bugs existed within the SOFTMPEG4Encoder and functions. In both cases, the issue is an integer overflow occurring when dealing with multiplication involving the mWidth and mHeight parameters. This overflow was patched with two commits [] [2] that add a sanitization check prior to allocating 1.5 x mWidth x mHeight bytes in the process’ heap. The relevant changes follow. CVE-2016-0803 affect devices running: Android 4.4.4, 5.0, 5.1.1, 6.0 and 6.0.1 This issue is not without caveats, however. Since it exists within a codec, the victim would need to play back a malicious media file for an attacker trigger the vulnerability. While not all possible ways of accessing media have been investigated, Google Chrome on Android blocks automatic playback of HTML5 video by default (see here). As with most things Android, your mileage may vary depending on the specific device or application dealing with rich media. We encourage developers (especially those working on devices and browsers) to investigate and reconsider the decision to enable auto-play functionality. Another quirk with this vulnerability is that it appears to live within encoder functionality. It’s not presently clear how an attacker would exercise an encoder remotely, but we can’t rule it out either. The other critical RCE, vulnerability in mediaserver that is not related to libstagefright is CVE-2016-0804. It affects devices running Android 5.0, 5.1.1, 6.0 and 6.0.1. It was fixed by re-initializing the mDrmManagerClient member variable to NULL when cleaning up withinNuPlayer::GenericSource::notifyPreparedAndCleanup as shown below. frameworks/av / media/libmediaplayerservice/nuplayer/GenericSource.cpp Fixes of this nature often prevent using stale data later in the lifetime of the process. One of the security researchers on the team of people that reported the issue that this issue was a use-after-free problem triggered when processing a DRM-protected media file. Presumably the attack vector here is media within the browser. It’s not clear if playback is required here, but given the name of the vulnerable function it’s probably not. Conclusions To summarize, both iOS and Android are improving their security from month to month but both OSes still expose users to remotely exploitable bugs. It wouldn’t come as a surprise if more such vulnerabilities were discovered already or in the future. From a preliminary analysis of the bugs, the security of most available devices not running the latest version is alarming. Determined attackers such as professional malware authors and nation states couldn’t be happier with smartphones’ lack of updates and the amount of remotely exploitable vulnerabilities. Sursa: https://blog.zimperium.com/reflecting-on-recent-ios-and-android-security-updates/
    -1 points
  31. OneMax
    Am nevoie de un shell (Extensiones: "jpeg", "jpg", "png", "gif", "swf") daca are cineva unu sa mil dea sau site de unde sal iau multumesc mult vreu sa il sui intrun site web prin panel control sa iau acess la ftp mersi mult
    -1 points
×
×
  • Create New...