Leaderboard

Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities From: Vulnerability Lab <research () vulnerability-lab com> Date: Mon, 7 Mar 2016 09:52:02 +0100 Document Title: =============== Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link) References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1778 Video: http://www.vulnerability-lab.com/get_content.php?id=1779 Release Date: ============= 2016-03-07 Vulnerability Laboratory ID (VL-ID): ==================================== 1778 Common Vulnerability Scoring System: ==================================== 6.4 Product & Service Introduction: =============================== iOS (previously iPhone OS) is a mobile operating system developed and distributed by Apple Inc. Originally released in 2007 for the iPhone and iPod Touch, it has been extended to support other Apple devices such as the iPad and Apple TV. Unlike Microsoft`s Windows Phone (Windows CE) and Google`s Android, Apple does not license iOS for installation on non-Apple hardware. As of September 12, 2012, Apple`s App Store contained more than 700,000 iOS applications, which have collectively been downloaded more than 30 billion times. It had a 14.9% share of the smartphone mobile operating system units shipped in the third quarter of 2012, behind only Google`s Android. In June 2012, it accounted for 65% of mobile web data consumption (including use on both the iPod Touch and the iPad). At the half of 2012, there were 410 million devices activated. According to the special media event held by Apple on September 12, 2012, 400 million devices have beensold through June 2012. ( Copy of the Homepage: http://en.wikipedia.org/wiki/IOS ) Apple Inc. is an American multinational technology company headquartered in Cupertino, California, that designs, develops, and sells consumer electronics, computer software, and online services. Its hardware products include the iPhone smartphone, the iPad tablet computer, the Mac personal computer, the iPod portable media player, and the Apple Watch smartwatch. Apple's consumer software includes the OS X and iOS operating systems, the iTunes media player, the Safari web browser, and the iLife and iWork creativity and productivity suites. Its online services include the iTunes Store, the iOS App Store and Mac App Store, and iCloud. (Copy of the Homepage: https://en.wikipedia.org/wiki/Apple_Inc. ) Abstract Advisory Information: ============================== The vulnerability laboratory research team discovered multiple connected passcode protection bypass vulnerabilities in the iOS v9.0, v9.1, v9.2.1 for Apple iPhone (5,5s,6 & 6s) and the iPad (mini,1 & 2). Vulnerability Disclosure Timeline: ================================== 2016-01-03: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH) 2016-01-04: Vendor Notification (Apple Product Security Team) 2016-**-**: Vendor Response/Feedback (Apple Product Security Team) 2016-**-**: Vendor Fix/Patch (Apple Developer Team) 2016-**-**: Security Acknowledgements (Apple Product Security Team) 2016-03-07: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Apple Product: iOS - (Mobile Operating System) 9.1, 9.2 & 9.2.1 Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ An auth passcode bypass vulnerability has been discovered in the iOS v9.0, v9.1, v9.2.1 for Apple iPhone (5,5s,6 & 6s) and the iPad (mini,1 & 2). The vulnerability typ allows an local attacker with physical device access to bypass the passcode protection mechanism of the Apple mobile iOS devices. The vulnerabilities are located in the 'Appstore', 'Buy more Tones' or 'Weather Channel' links of the Clock, Event Calender & Siri User Interface. Local attackers can use siri, the event calender or the available clock module for an internal browser link request to the appstore that is able to bypass the customers passcode or fingerprint protection mechanism. The attacker can exploit the issue on several ways with siri, the events calender or the clock app of the control panel on default settings to gain unauthorized access to the affected Apple mobile iOS devices. 1.1 In the first scenario the attacker requests for example via siri an non existing app, after that siri answers with an appstore link to search for it. Then the attacker opens the link and a restricted browser window is opened and listing some apps. At that point it is possible to unauthorized switch back to the internal home screen by interaction with the home button or with siri again. The link to bypass the controls is visible in the siri interface only and is called "open App Store". The vulnerability is exploitable in the Apple iPhone 5 & 6(s) with iOS v9.0, v9.1 & v9.2.1 1.2 In the second scenario the attacker is using the control panel to gain access to the non restricted clock app. The local attacker opens the app via siri or via panel and opens then the timer to the end timer or Radar module. The developers of the app grant apple customers to buy more sounds for alerts and implemented a link. By pushing the link a restricted appstore browser window opens. At that point it is possible to unauthorized switch back to the internal home screen by interaction with the home button or with siri again. The link to bypass the controls becomes visible in the Alert - Tone (Wecker - Ton) & Timer (End/Radar) and is called "Buy more Tones". The vulnerability is exploitable in the Apple iPhone 5 & 6(s) with iOS v9.0, v9.1 & v9.2.1. 1.3 In the third scenario the attacker opens via panel or by a siri request the clock app. After that he opens the internal world clock module. In the buttom right is a link to the weather channel that redirects to the store as far as its deactivated. By pushing the link a restricted appstore browser window opens. At that point it is possible to unauthorized switch back to the internal home screen by interaction with the home button or with siri again. The link to bypass the controls becomes visible in the World Clock (Weather Channel) and is an image as link. Thus special case is limited to the iPad because only in that models use to display the web world map. In the iPhone version the bug does not exist because the map is not displayed because of using a limited template. The vulnerability is exploitable in the Apple iPad2 with iOS v9.0, v9.1 & v9.2.1. 1.4 In the fourth scenario the attacker opens via siri the 'App & Event Calender' panel. After that the attacker opens under the Tomorrow task the 'Information of Weather' (Informationen zum Wetter - Weather Channel LLC) link on the left bottom. As far as the weather app is deactivated on the Apple iOS device, a new browser window opens to the appstore. At that point it is possible to unauthorized switch back to the internal home screen by interaction with the home button or with siri again. The link to bypass the controls becomes visible in the App & Events Calender panel. The vulnerability is exploitable in the Apple Pad2 with iOS v9.0, v9.1 & v9.2.1. The security risk of the passcode bypass vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.4. Exploitation of the passcode protection mechanism bypass vulnerability requires no privileged ios device user account or low user interaction. Physical apple device access is required for successful exploitation. Successful exploitation of the vulnerability results in unauthorized device access, mobile apple device compromise and leak of sensitive device data like the address-book, photos, sms, mms, emails, phone app, mailbox, phone settings or access to other default/installed mobile apps. Vulnerable Module(s): [+] PassCode (Protection Mechanism) Affected Device(s): [+] iPhone (Models: 5, 5s, 6 & 6s) [+] iPad (Models: mini, 1 & 2) Affected OS Version(s): [+] iOS v9.0, v9.1 & v9.2.1 Proof of Concept (PoC): ======================= The passcode protection mechanism bypass vulnerabilities can be exploited by local attackers with physical device access and without privileged or restricted device user account. For Security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. 1.1 Manual steps to reproduce the vulnerability ... (Siri Interface - App Store Link) iPhone (Models: 5, 5s, 6 & 6s) 1. Take the iOS device and lock the passcode to the front 2. Open Siri by activation via Home button (push 2 seconds) 3. Ask Siri to open a non existing App Note: "Open App Digital (Öffne App Digital) 4. Siri responds to the non existing app and asks to search in the appstore 5. Now, and "open App store" button becomes visible to push (do it!) 6. A new restricted browser window opens with the appstore buttom menu links 7. Click to updates and open the last app or push twice the home button to let the task slide preview appear 8. Now choose the active front screen task 9. Successful reproduce of the passcode protection bypass vulnerability! 1.2 Manual steps to reproduce the vulnerability ... (Clock & Timer - Buy more Tones Link) iPhone (Models: 5, 5s, 6 & 6s) 1. Take the iOS device and lock the passcode to the front 2. Open Siri by activation via Home button (push 2 seconds) Note: "Open World Clock" (Öffne App Weltuhr) 3. Push the 'Timer' module button on the buttom 4. Now, push the Radius or End Timer Button in the middle of the screen Note: A listing opens with the sounds collection and on top is a web link commercial 5. Push the button and a new restricted browser window opens with the appstore buttom menu links 6. Click to updates and open the last app or push twice the home button to let the task slide preview appear 7. Now choose the active front screen task 8. Successful reproduce of the passcode protection bypass vulnerability! Note: The vulnerability can also be exploited by pushing the same link in the Alerts Timer (Wecker) next to adding a new one. 1.3 Manual steps to reproduce the vulnerability ... (Clock World - Weather Channel Image Link) iPad (Models: 1 & 2) 1. Take the iOS device and lock the passcode to the front 2. Open Siri by activation via Home button (push 2 seconds) Note: "Open App Clock" (Öffne App Uhr) 3. Switch in the buttom module menu to world clock Note: on the buttom right is an image of the weather channel llc network 4. Push the image of the weather channel llc company in the world map picture Note: Weather app needs to be deactivated by default 5. After pushing the button and a new restricted browser window opens with the appstore buttom menu links 6. Click to updates and open the last app or push twice the home button to let the task slide preview appear 7. Now choose the active front screen task 8. Successful reproduce of the passcode protection bypass vulnerability! Note: The issue is limited to the iPad 1 & 2 because of the extended map template! 1.4 Manual steps to reproduce the vulnerability ... (Events Calender App - Weather Channel LLC Link) iPad (Models: 1 & 2) & iPhone (Models: 5, 5s, 6 & 6s) 1. Take the iOS device and lock the passcode to the front 2. Open Siri by activation via Home button (push 2 seconds) Note: "Open Events/Calender App" (Öffne Events/Kalender App) 3.Now push on the buttom of the screen next to the Tomorrow(Morgen) module the 'Information of Weather Channel' link Note: Weather app needs to be deactivated by default 4.After pushing the button and a new restricted browser window opens with the appstore buttom menu links 5. Click to updates and open the last app or push twice the home button to let the task slide preview appear 6. Now choose the active front screen task 7. Successful reproduce of the passcode protection bypass vulnerability! Video Demonstration: In the attached video demonstration we show how to bypass the passcode of the iphone 6s via the siri App Store- & timer Buy more Tones link. In the video we activated the passcode and setup to activate the control center by default to the locked mobile front screen. Siri was activated as well by default. Solution - Fix & Patch: ======================= The vulnerabilities can be temporarily patched by the end user by hardening of the device settings. Deactivate in the Settings menu the Siri module permanently. Deactivate also the Events Calender without passcode to disable the push function of the Weather Channel LLC link. Deactivate in the next step the public control panel with the timer and world clock to disarm exploitation. Aktivate the weather app settings to prevent the redirect when the module is disabled by default in the events calender. Finally apple needs to issue a patch as workaround for the issue but since this happens a temp solution has bin published as well. Security Risk: ============== The security risk of the passcode protection mechanism bypass vulnerabilities in the apple ipad and iphone mobile devices are estimated as high. (CVSS 6.4) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (research () vulnerability-lab com) [http://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin () vulnerability-lab com - research () vulnerability-lab com - admin () evolution-sec com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register.php Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@ or research () vulnerability-lab com) to get a ask permission. Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research () vulnerability-lab com Sursa: http://seclists.org/fulldisclosure/2016/Mar/15

Ce s-a mai intamplat: A terminat cele 25 de sedinte de radioterapie. Acum trebuie sa faca pauza o luna de zile de la citostatice, deoarece a continuat sa le ia si dupa radioterapie, atunci cand trebuia sa se opreasca si incepuse sa-i fie rau. Daca nu le mai ia, momentan se simte foarte bine. Nu-i mai e rau si este vioi. Luna asta doar fructe, sa mai scape de toxicitatea creata de radioterapie si chimio. Acum trebuie sa faca iar tomografie, insa problema a fost sa-i gasesc un spital unde sa o faca pe asigurare. Am dat zeci de telefoane si mi se spunea ca s-au epuizat fondurile si ca sa fie pus pe lista de asteptare sau sa plateasca. De platit nu se pune problema, mai ales ca trebuie sa faca in patru locuri (cap, plamani, abdomen, pelvis) si ar fi costat prea mult. Pana la urma, i-am gasit pe undeva pe la Baneasa, pe asigurare. Miercuri trebuie sa mergem. Sper sa iasa bine, sa nu se mai fi intins cancerul pe undeva. Va tin la curent cu rezultatul tomografiei. PS: chiar daca s-a retras de pe forum, spiritul lui AGSQ inca este pe aici si ii multumesc pentru ajutor.

O multime de membrii au pus intrebari pe forum despre cum sa iti hosteze siteul / blogul pe un vps cumparat de la o firma anume sau acasa pe un pc amarat care il au si sta degeaba. Ei bine a fost un moment cand am trecut si eu prin toate acestea, si am gasit o multime de tutoriale dar se cam bateau cap in cap sau nu erau destul de explicite. La un moment dat am gasit unul si acesta s-a dovedit a fi bun pentru ca m-am jucat cu el de mai multe ori pe mai multe VPS-uri. Voi explica in cele ce urmeaza pas cu pas cum sa iti hostezi site-ul pe un VPS, a se intelege ca acest tutorial ar trebuii sa functioneze si pe pc-ul vostru de acasa. De ce sa hostam site-ul pe un VPS ? Viteza pentru site-ul tau IP Dedicat Full Control Aproape acelasi pret ca si la shared hosting Ca sa va faceti o idee, eu hostez 2 websiteuri ale mele la ovh pe un vps cumparat de la ei la pret de 3 $ / luna care imi da urmatoarele facilitati : 1 vCore 2.4 GHz 2 GB RAM 10 GB SSD Pro si Con-uri sunt sigur ca mai exista insa nu ma pot gandi la tot acum Instalare Sistemului de operare : Presupun ca pana in momentul de fata va-ti achizitionat deja un VPS, daca nu, sunt o multime de site-uri de unde o puteti face, o lista ar fi aici : CompareVPS unde puteti face si anumite comparatii intre planurile ce se ofera, sau puteti lua legatura cu baietii de pe forum, vezi MarketPlace. Recomand ca VPS-ul sa aibe macar 750 Mb Ram ca totul sa functioneze usor si repede, 1 GB ar fi perfect. Pentru cele ce urmeaza asigurate ca ai la indemana : - IP-ul VPS-ului tau - acesta iti este dat dupa ce achizitionezi un VPS - Parola De obicei dupa ce te loghezi pe site-ul de unde ti-ai achizitionat VPS-ul o sa te intrebe ce sistem de operare vrei instalat, fii sigur ca alegi CentOS 6 x86 ca totul sa mearga perfect dupa acest tutorial, pentru alte OS-uri sau versiuni nu promit ca o sa fie la fel. Conectare la VPS Mai exact ne trebuie un client SSH, cel mai cunoscut si utilizat este Putty pe care il vom folosi si noi, poate fi downloadat de aici : http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Dupa download il vom deschide si ne vom conecta la VPS. La Host Name sau IP Adress vom scrie adresa serverului nostru VPS si vom apasa OPEN. Acum ar trebuii sa vezi o fereastra CLI sau un terminal mai pe romaneste cu textul login as unde va trebuii sa scrii "root" fara ghilimele, apesi ENTER si apoi parola, daca este autogenerata de server, o poti copia, iar paste se face dand click dreapta in terminal. PS: cand tastezi parola nu va arata nimic in terminal, este ceva normal. Instalarea Control Panelului pentru Hosting Stiu ca majoritatea cunoasteti sau ati vazut doar vestitul CPanel insa sunt alternative gratuite care arata exact la fel. Noi ne vom folosi de Sentora (Zpanel) care este gratuit si arata exact la fel ca CPanel. In cele ce urmeaza puteti copia fiecare comanda dand paste in terminal chiar daca nu stiti ce inseamna. Vom incepe intai cu un update al CentOS-ului. yum update Apasati ENTER, dupa cateva secunde va trebuii sa validati comanda si va va cere sa apasati y sau n, intodeauna apasati y daca va cere. yum erase httpd httpd-tools apr apr-util Apasati Enter si din nou validati cu Y cand va cere, exact ca in imaginea de mai sus. yum remove bind Enter si Y cand va cere bash <(curl -L -Ss http://sentora.org/install) La fel, Enter si Y cand va cere. OnScreen Steps Nu e doar de copy/ paste si enter, acum trebuie sa urmati comenzile de pe ecran, adica sa cititi ! Prima data va va pune sa selectati un continent si/sau un ocean Apasati cifra corespunzatoare locatiei voastre si apasati Enter. Dupa acest pas va va intreba care este tara voastra, procedati ca la pasul anterior, selectati cifra dorita si apasati Enter. Apoi va va intreba care este subdomeniul care sa fie instalat in CP : Aici o sa trebuiasca sa treci numele domeniului sau subdomeniului pe care planuiesti sa-l hostezi pe acest VPS, de exemplu subdomeniu.siteulmeu.com si apasati din nou Enter. Apoi va va intreba de IP, aici apasati doar enter pentru ca il va detecta singur sistemul. O sa va atentioneze cum ca nu ati scris nici un IP care sa pointeze catre domeniu, apasati "y" si enter. Dupa toti acesti pasi, asteptam ca totul sa se instaleze si sa se configureze ! Dupa ce se termina de instalat, copiati log-ul (informatiile) si salvati-le intr-un fisier text inainte de a da restart, exact ca in imaginea urmatoare : Daca le-ati copiat, apasati Y pentru restart. Dupa restart daca puneti ip-ul vps-ului vostru in browser, ar trebuii sa va arate interfata de administrare, unde va logati cu datele copiate anterior. Felicitari, tocmai ati instalat un Cpanel. Ridicare Limita Upload php.ini Logati-va pe VPS-ul vostru cu ajutorul lui Putty cum am facut la inceputul acestui tutorial, dupa care trebuie sa va instalati un editor text in linux, va recomand Nano, acest lucru il puteti face cu ajutorul comenzii : yum install nano Apasati ENTER si mai apoi cand va intreaba daca continuati, apasati "Y". Ok, acum poate deveni putin mai complicat, trebuie sa editam fisierul php.ini, executam urmatoare comanda in continuare : nano /etc/php.ini Apasati Enter, apoi tastati CTRL+W acestea le apasati din tastatura, nu le scrieti, unde o sa va apara "Search" si voi o sa scrieti : ”upload_max_filesize” fara ghilimele si dati Enter. In continuare schimbati upload_max_filesize = 2mb in cat doriti, puteti pune 1000mb, desi recomand sa lasati 100, nu cred ca o sa aveti fisiere mai mari de 100 de mb. Cand terminati de editat, apasati CTRL + O si ENTER, apoi CTRL +X si ENTER ca sa esiti. Instalarea unui Manager de Fisiere si a Platformelor (Wordpress, Joomla etc) Logativa din nou in Putty ca si turele precedente si urmati fiecare comanda, apasati enter si "Y" cand vi se cere : zppy repo add zppy-repo.mach-hosting.com zppy update zppy install Monsta_FileManager Acum sa instalam modulele : zppy repo add zppy-repo.mach-hosting.com zppy update zppy install sentastico Acum sa ne logam sa activam modulele, ne logam ca si mai devreme, pe baza ip-ului in browser cu datele copiate mai devreme. Dupa ce va logati, pe dreapta sus, o sa aveti categoria Admin -> Module Admin Aici cautam Monsta File Manager si bifam "Administrators" Tot in aceasta lista cautati si "SENTASTICO" si la fel bifati "Administrators" apoi va duceti jos si dati SAVE CHANGES!Daca ai terminat, hai sa ne ocupam de un client FTP.Din pagina principala a CPanelului (adica apasam butonul HOME din meniul de sus), mergem pe FTP Accounts (e mai jos, pe stanga). Aici o sa trebuiasca sa creem un user si o parola. Salvati-le si intr-un fisier text dupa ce le completati, pentru orice eventualitate. ! La acces type selectati FULL ACCES, iar la Home Directory, trebuie sa bifati Set Mater Home Directory. Asta e tot, avem instalat tot ce ne trebuie pentru a ne apuca de hostat site-uri. Cum hostam un Website Pentru acest lucru aveti nevoie bineinteles de UN DOMENIU ! Daca il aveti deja, mergem din Cpanel in categoria Domain Management -> Domains, scrieti numele domeniului vostru cu tot cu extensie (ex: .com, .ro) si apasati CREATE ! Acum va trebuii sa ne ocupam de DNS-uri. Din meniul principal mergem la Management> DNS management, aici iti selectezi domeniul creat anterior si apasam EDIT. In meniul urmator ce ne va aparea vom apasa singura optiune disponibila si anume CREATE RECORDS. In urmatoarea fereastra, ne ducem pe NS-uri, exact ca in imagine : Default, nameserverele vor fi NS1.domeniu.com si NS2.domeniu.com, acestea va trebuii sa le schimbati manual. Adica mergeti pe siteul de unde va-ti achizitionat domeniul si in categoria NameServers va editati acelea in functie de ip-ul dvs. faceti la fel pentru ns1 cat si pentru NS2. Dupa ce le schimbati pe site le schimbati si in categoria NS din Cpanel. Propagarea poate dura pana la 48 de ore. Dupa ce schimbati acestea, sunteti gata, mergeti in Cpanel si din meniul principal, intram in Sentastico sa ne instalam ce ne trebuie : Felicitari !!! Puteti hosta site-uri cat va duce hardware-ul. Scuzati eventualele greseli. Numai Bine.

M-am gandit sa va fac un 'know how' in ceea ce priveste industria de hosting, servere dedicate si colocare. Daca activati in aceasta industrie sau aveti de gand sa incepeti un business de genul, incluzand serviciile VPN si VPS, cred ca este recomandat sa urmati aceste sfaturi. - Nu va faceti business in Romania (firma). Statul ar trebui sa va protejeze pentru ca sunteti contribuabili. In realitate nu se intampla deloc asa. De ce trebuie sa stati luni de zile sa recuperati un amarat de TVA si sa faceti cerere pentru el cand banii sunt ai firmei si ar putea fi investiti in infrastructura ? In toate tarile civilizate, TVA-ul este restituit imediat pe contul bancar, fara nicio cerere. Serios, nu cred ca vreti sa va impovarati clientii (persoane fizice) sa plateasca inutil 24% in plus fara sa beneficieze de ceva extra. Priviti statul ca pe o companie mare sustinuta de noi, actionarii (contribuabilii). Sunt de acord sa platesc taxe dar chiar as dori sa stiu in ce fel sunt folositi banii. Nu ar fi corect asa? - Nu tineti echipamente pe teritoriul Romaniei. Va puteti trezi cu usile sparte, echipamentele luate la gramada pentru orice report de abuz. NU, nu o sa va ia doar un echipament, o sa ia tot, incluzand routere, switch-uri cu management, storage-uri si o sa traga capcaunii de fibrele optice precum de furtunul utilizat pentru udat gradina. Traim intr-o tara de capcauni fara carte care au ajuns sa faca legi si practici comuniste si subcivilizate. Nu conteaza ca PLATITI bani la stat si ca ati oferit "n" locuri de munca. Pur si simplu, te vei trezi cu business-ul distrus si nu vei avea ce face. In plus, latimea de banda este mica, ofertele sunt cu multe stelute si se cer sute de euro pe o conexiune de internet de cativa mbps externi si 100-1Gbps nationala. - Cititi cu atentie foarte mare contractele cu furnizorii inainte de a le face. Nu va grabiti si insistati sa lase sa cititi tot. Chiar daca are 50 de pagini. Va puteti trezi cu surprize. - Evitati afacerile cu oameni dubiosi care fac spam, spreading (distributie malware), scan si alte activitati. Din cauza unui idiot va puteti alege cu dosar penal pentru ca l-ati sprijinit, desi, poate nu ati avut nicio legatura cu el si nu ati intrat niciodata pe serverul lui dupa ce s-a facut provizionarea. Legile pentru noi au caracter obligatoriu iar pentru ei facultativ. Se incalca legi la tot pasul si nu-i intereseaza de nimic. - Raspundeti clientilor imediat cand sunteti apelati sau cand primiti un email. Chiar daca nu va functioneaza ceva, un raspuns in maxim 10 minute face mult. Omul are dreptul sa stie ce se intampla. Sa stie ca cineva lucreaza pentru remedierea problemei. - Raspundeti la toate reporturile primite pe abuse@ si asigurati-va ca problemele se rezolva cu profesionalism. - Faceti-va account-uri pe senderbase, senderscore, Clean MX, RBL-uri, SBL-uri (sau scripturi automate de interogare IP) si verificati zilnic daca sunt probleme, daca adresele ip din prefixele voastre au fost reportate ca spam sau servesc malware. - Configurati bine echipamente sau soft-uri specializate pentru a face periodic sample la flow-uri (pt. identificarea traficului malitios). - In mediile shared, puneti limite pe trimiterea email-urilor. Configurati obligatoriu SPF, DKIM. Dezactivati functiile php pe care le considerati cu grad mare de risc. Izolati fiecare site in parte in chroot, jail sau alt environment sigur. Configurati triggere/alerte pentru incercari de hacking si trimitere de pachete tcp/ip cu o anumita rata. -- O sa fac update-uri in acest thread. Daca aveti intrebari referitoare la astea, le putem dezbate aici.

Erau nu de mult unii pe aici care cereau idei de facut bani online. Navigand pe unele TOR markets, am vazut ca se cauta DeadDrops (DD), care necesita munca online si offline - se imbina plimbarile in aer liber/natura cu online-ul Pentru cei carora nu au alte solutii de munca sau ii intereseaza domeniul, m-am gandit sa dau un copy-paste (de pe un market numit Outlaw insa sunt si altele asemanatoare) la ceea ce presupune. Daca va surade ideea... "succesuri"! http://pastebin.com/PVSny8Cr http://pastebin.com/nvUFET8R

Din categoria "Lost in Google Translate" / "Nu te baza pe Google Translate"

Chiar nu ai ce face cu viata ta si cu timpul tau decat sa te plangi ca o curva care nu a primit banii, pentru un chat? Tot urmaresc cum te tavalesti ca micii pe gratar de doua zile. Mie mi-ar fi rusine. Daca vezi ca nu esti dorit, tu vrei sa intrii precum mascatii peste tigani. Tu si cu bozgorii. Fa ceva util si o sa te caute lumea sa-ti dea unban pe chat sa ii inveti si pe ei ce stii tu. Categoria Reguli, alineat 7: " 7. Un moderator/administrator are dreptul sa zboare pe oricine doreste de pe forum, cu atat mai mult daca consider? ca acea persoan? este inutila pentru forum. "

Sorry, dar

Platesti taxele pentru LTD sau o sa te salte britanici pentru evanziune?

Malta si Luxemburg pentru multi-nationale,insa tu nu cunosti limba materna.

Felicitari e mult mai ok asa

Matthew: http://goo.gl/FS2iXJ [...] SQRT.: http://goo.gl/FS2iXJ cine-i ăsta? Matthew: tu [...] SQRT.: Matthew ești prost? Matthew: de ce mortii tai ma faci prost? e interzis sa iti pun profilul aici? SQRT.: Ziceam că nu sunt eu acela. Matthew: haha bashed, explic in topic SQRT.: Ce topic? Haha. Am zis sa fac si eu prank rapid cu shorten url-uri catre link-uri dubioase cum se mai dau pe chat. Am pus link-ul de autoredirect catre profilul logat pe facebook si l-am trecut prin goo.gl. Tipul a muscat-o si dupa sarea pe chat cu intrebari ca "cine-i asta?", "nu sunt eu acela". Mi s-a parut foarte amuzant. LE bonus (si-a dat si facebook-ul): SQRT.: matthew adică ce vrei să zici? [...] Matthew: SQRT, ca e profilul tau ala SQRT.: ce te face să crezi asta? Alex TK și nu văd nicio poză.

Foarte bine, m-ai convins. O s?-?i trimit ?i eu ceva zilele astea. Cazul personal pe care-l cunosc cu cancer la colon în metastaze e acum tare ca mun?ii, deci se poate rezolva. Fi?i tari!

you have sent $50.00 USD to Tanase Adrian Alexandru. Cu putin de la mai multi poate aduni o parte din costuri. Multa sanatate lui taicatu, sa isi revina cat de curand .

you have sent €50.00 EUR to Tanase Adrian Alexandru. Sunt putin cam strans cu usa dar iti mai pot trimite luna viitoare ceva mai mult.

Carausi online, ce metoda noua de business. Poate ar merge daca ai lucra cu un homeless fara buletin in schimbul unei mese bune dar in practica nustiu cat de multe 'comenzi' ar fi.

stie cineva de unde pot cumpara nologine in afara de ipsocks.pro?