Leaderboard

Dă-o dracului! Lași beta legată de prod și nu impui limite la tentativele eșuate. Rezultatul: 15 mii dintr-un foc. http://thehackernews.com/2016/03/hack-facebook-account.html

Descarcati: https://github.com/nishad/udemy-dl-windows/releases Creati un cont nou pe udemy, nu conteaza ce email folositi pentru ca nu trebuie verificat Deschideti cursul dorit si apasati pe Start Free Preview (apare sub Take This Course) Rulati programul astfel: udemy-dl.exe -u email -p pass <link catre curs> Screenshots pentru cei batuti in cap: Spor la invatat

How to pass a programming interview by Ammon Bartram This post started as the preparation material we send to our candidates, but we decided to post it publicly. Being a good programmer has a surprisingly small role in passing programming interviews. To be a productive programmer, you need to be able to solve large, sprawling problems over weeks and months. Each question in an interview, in contrast, lasts less than one hour. To do well in an interview, then, you need to be able to solve small problems quickly, under duress, while explaining your thoughts clearly. This is a different skill [1]. On top of this, interviewers are often poorly trained and inattentive (they would rather be programming), and ask questions far removed from actual work. They bring bias, pattern matching, and a lack of standardization. Running Triplebyte, I see this clearly. We interview engineers without looking at resumes, and fast-track them to on-sites at YC companies. We’ve interviewed over 1000 programmers in the last nine months. We focus heavily on practical programming, and let candidates pick one of several ways to be evaluated. This means we work with many (very talented) programmers without formal CS training. Many of these people do poorly on interviews. They eat large sprawling problems for breakfast, but they balk at 45-min algorithm challenges. The good news is that interviewing is a skill that can be learned. We’ve had success teaching candidates to do better on interviews. Indeed, the quality that most correlates with a Triplebyte candidate passing interviews at YC companies is not raw talent, but rather diligence. I fundamentally do not believe that good programmers should have to learn special interviewing skills to do well on interviews. But the status quo is what it is. We’re working at Triplebyte to change this. If you’re interested in what we’re doing, we’d love you to check out our process. In the meantime, if you do want to get better at interviewing, this blog post describes how we think you can most effectively do so. 1. Be enthusiastic Enthusiasm has a huge impact on interview results. About 50% of the Triplebyte candidates who fail interviews at companies fail for non-technical reasons. This is usually described by the company as a “poor culture fit”. Nine times out of ten, however, culture fit just means enthusiasm for what a company does. Companies want candidates who are excited about their mission. This carries as much weight at many companies as technical skill. This makes sense. Excited employees will be happier and work harder. The problem is that this can be faked. Some candidates manage to convince every company they talk to that it’s their dream job, while others (who are genuinely excited) fail to convince anyone. We’ve seen this again and again. The solution is for everyone to get better at showing their enthusiasm. This is not permission to lie. But interviewing is like dating. No one wants to be told on a first date that they are one option among many, even though this is usually the case. Similarly, most programmers just want a good job with a good paycheck. But stating this in an interview is a mistake. The best approach is to prepare notes before an interview about what you find exciting about the company, and bring this up with each interviewer when they ask if you have any questions. A good source of ideas is to read the company’s recent blog posts and press releases and note the ones you find exciting. This idea seems facile. I imagine you are nodding along as you read this. But (as anyone who has ever interviewed can tell you) a surprisingly small percentage of applicants do this. Carefully preparing notes on why you find a company exciting really will increase your pass rate. You can even reference the notes during the interview. Bringing prepared notes shows preparation. 2. Study common interview concepts A large percentage of interview questions feature data structures and algorithms. For better or worse, this is the truth. We gather question details from our candidates who interview at YC companies (we’ll be doing a in-depth analysis of this data in a future article), and algorithm questions make up over 70% of the questions that are asked. You do not need to be an expert, but knowing the following list of algorithms and data structures will help at most companies. Hash tables Linked lists Breadth-first search, depth-first search Quicksort, merge sort Binary search 2D arrays Dynamic arrays Binary search trees Dynamic programming Big-O analysis Depending on your background, this list may look trivial, or may look totally intimidating. That’s exactly the point. These are concepts that are far more common in interviews than they are in production web programming. If you’re self-taught or years out of school and these concepts are not familiar to you, you will do better in interviews if you study them. Even if you do know these things, refreshing your knowledge will help. A startlingly high percentage of interview questions reduce to breadth-first search or the use of a hash table to count uniques. You need to be able to write a BFS cold, and you need to understand how a hash table is implemented. Learning these things is not as hard as many of the people we talk to fear. Algorithms are usually described in academic language, and this can be off-putting. But at its core, nothing on this list is more complicated than the architecture of a modern web app. If you can build a web app (well), you can learn these things. The resource that I recommend is the book The Algorithm Design Manual by Steven Skiena. Chapters 3 through 5 do a great job of going over this material, in a straightforward way. It does use C and some math syntax, but it explains the material well. Coursera also has several good algorithms courses. This one, in particular, focuses on the concepts that are important in interviews. Studying algorithms and data structures helps not only because the material comes up in interviews, but also because the approach to problems taken in an algorithm course is the same approach that works best in interviews. Studying algorithms will get you in an interview mindset. 3. Get help from your interviewer Interviewers help candidates. They give hints, they respond to ideas, and they generally guide the process. But they don’t help all candidates equally. Some programmers are able to extract significant help, without the interviewer holding it against them. Others are judged harshly for any hints they are given. You want to be helped. This comes down to process and communication. If the interviewer likes your process and you communicate well with them, they will not mind helping. You can make this more likely by following a careful process. The steps I recommend are: Ask questions Talk through a brute-force solution Talk through an optimized solution Write code After you are asked an interview question, start by clarifying what was asked. This is the time to be pedantic. Clarify every ambiguity you can think of. Ask about edge cases. Bring up specific examples of input, and make sure you are correct about the expected output. Ask questions even if you’re almost sure you know the answers. This is useful because it gives you a chance to come up with edge cases and fully spec the problem (seeing how you handle edge-cases is one of the main things that interviewers look for when evaluating an interview), and also because it gives you a minute to collect your thoughts before you need to start solving the problem. Next, you should talk through the simplest brute-force solution to the problem that you can think of. You should talk, rather than jump right into coding, because you can move faster when talking, and it’s more engaging for the interviewer. If the interviewer is engaged, they will step in and offer pointers. If you retreat into writing code, however, you'll miss this opportunity. Candidates often skip the brute-force step, assuming that the brute-force solution to the problem is too obvious, or wrong. This is a mistake. Make sure that you always give a solution to the problem you’ve been asked (even if it takes exponential time, or an NSA super computer). When you’ve described a brute-force solution, ask the interviewer if they would like you to implement it, or come up with more efficient solution. Normally they will tell you to come up with a more efficient solution. The process for the more efficient solution is the same as for the brute force. Again talk, don’t write code, and bounce ideas off of the interviewer. Hopefully, the question will be similar to something you’ve seen, and you’ll know the answer. If that is not the case, it’s useful to think of what problems you’ve seen that are most similar, and bring these up with the interviewer. Most interview questions are slightly-obscured applications of classic CS algorithms. The interviewer will often guide you to this algorithm, but only if you begin the process. Finally, after both you and your interviewer agree that you have a good solution, you should write your code. Depending on the company, this may be on a computer or a whiteboard. But because you’ve already come up with the solution, this should be fairly straightforward. For extra points, ask your interviewer if they would like you to write tests. 4. Talk about trade-offs Programming interviews are primarily made up of programming questions, and that is what I have talked about so far. However, you may also encounter system design questions. Companies seem to like these especially for more experienced candidates. In a system design question, the candidate is asked how he or she would design a complex real-world system. Examples include designing Google maps, designing a social network, or designing an API for a bank. The first observation is that answering system design questions requires some specific knowledge. Obviously no one actually expects you to design Google maps (that took a lot of people a long time). But they do expect you to have some insight into aspects of such a design. The good news is that these questions usually focus on web backends, so you can make a lot of progress by reading about this area. An incomplete list of things to understand is: HTTP (at the protocol level) Databases (indexes, query planning) CDNs Caching (LRU cache, memcached, redis) Load balancers Distributed worker systems You need to understand these concepts. But more importantly, you need to understand how they fit together to form real systems. The best way to learn this is to read about how other engineers have used the concepts. The blog High Scalability is a great resource for this. It publishes detailed write-ups of the back-end architecture at real companies. You can read about how every concept on the list above is used in real systems. Once you’ve done this reading, answering system design questions is a matter of process. Start at the highest level, and move downward. At each level, ask your interviewer for specifications (should you suggest a simple starting point, or talk about what a mature system might look like?) and talk about several options (applying the ideas from your reading). Discussing tradeoffs in your design is key. Your interviewer cares less about whether your design is good in itself, and more about whether you are able to talk about the trade-offs (positives and negatives) of your decisions. Practice this. 5. Highlight results The third type of question you may encounter is the experience question. This is where the interviewer asks you to talk about a programming project that you completed in the past. The mistake that many engineers make on this question is to talk about a technically interesting side-project. Many programmers choose to talk about implementing a neural network classifier, or writing a Twitter grammar bot. These are bad choices because it’s very hard for the interviewer to judge their scope. Many candidates exaggerate simple side projects (sometimes that never actually worked), and the interviewer has no way to tell if you are doing this. The solution is to choose a project that produced results, and highlight the results. This often involves picking a less technically interesting project, but it’s worth it. Think (ahead of time) of the programming you’ve done that had the largest real-world impact. If you’ve written a iOS game, and 50k people have downloaded it, the download number makes it a good option. If you’ve written an admin interface during an internship that was deployed to the entire admin staff, the deployment makes it a good thing to talk about. Selecting a practical project will also communicate to the company that you focus on actual work. Programmer too focused on interesting tech is an anti-pattern that companies screen against (these programmers are sometimes not productive). 6. Use a dynamic language, but mention C I recommend that you use a dynamic language like Python, Ruby or JavaScript during interviews. Of course, you should use whatever language you know best. But we find that many people try interviewing in C , C++ or Java, under the impression these are the “real’ programming languages. Several classic books on interviewing recommend that programmers choose Java or C++. At startups at least, we’ve found that this is bad advice. Candidates do better when using dynamic languages. This is true, I think, because of dynamic languages’ compact syntax, flexible typing, and list and hash literals. They are permissive languages. This can be a liability when writing complex systems (a highly debatable point), but it’s great when trying to cram binary search onto a whiteboard. No matter what language you use, it’s helpful to mention work in other languages. An anti-pattern that companies screen against is people who only know one language. If you do only know one language, you have to rely on your strength in that language. But if you’ve done work or side-projects in multiple languages, be sure to bring this up when talking to your interviewers. If you have worked in lower-level languages like C, C++, Go, or Rust, talking about this will particularly help. Java, C# and PHP are a problematic case. As we described in our last blog post, we’ve uncovered bias against these languages in startups. We have data showing that programmers using these languages in the interview pass at a lower rate. This is not fair, but it is the truth. If you have other options, I recommend against using these languages in interviews with startups. 7. Practice, practice, practice You can get much better at interviewing by practicing answering questions. This is true because interviews are stressful, but stress harms performance. The solution is practice. Interviewing becomes less stressful with exposure. This happens naturally with experience. Even within a single job search, we find that candidates often fail their initial interviews, and then pass more as their confidence builds. If stress is something you struggle with, I recommend that you jumpstart this process by practicing interview stress. Get a list of interview questions (the book Cracking the Coding Interview is one good source) and solve them. Set a 20-minute timer on each question, and race to answer. Practice writing the answers on a whiteboard (not all companies require this, but it’s the worst case, so you should practice it). A pen on paper is a pretty good simulation of a whiteboard. If you have friends who can help you prepare, taking turns interviewing each other is great. Reading a lot of interview questions has the added benefit of providing you ideas to use when in actual interviews. A surprising number of questions are re-used (in full or in part). Even experienced (and stress-free) candidates will benefit from this. Interviewing is a fundamentally different skill from working as a programmer, and it can atrophy. But experienced programers often (reasonably) feel that they should not have to prepare for interviews. They study less. This is why junior candidates often actually do better on interview questions than experienced candidates. Companies know this, and, paradoxically, some tell us they set lower bars on the programming questions for experienced candidates. 8. Mention credentials Credentials bias interviewers. Triplebyte candidates who have worked at a top company or studied at a top school go on to pass interviews at a 30% higher rate than programmers who don’t have these credentials (for a given level of performance on our credential-blind screen). I don’t like this. It’s not meritocratic and it sucks, but if you have these credentials, it’s in your interest to make sure that your interviewers know this. You can’t trust that they’ll read your resume. 9. Line up offers If you’ve ever read fund-raising advice for founders, you’ll know that getting the 1st VC to make an investment offer is the hardest part. Once you have one offer, more come pouring in. The same is true of job offers. If you already have an offer, be sure to mention this in interviews. Mentioning other offers in an interview heavily biases the interviewer in your favor. This brings up the strategy of making a list of the companies you’re interested in, and setting up interviews inreverse order of interest. Doing well earlier in the process will increase your probability of getting an offer from you number one choice. You should do this. Conclusion Passing interviews is a skill. Being a great programmer helps, but it’s only part of the picture. Everyone fails some of their interviews, and preparing properly can help everyone pass more. Enthusiasm is paramount, and research helps with this. As many programmers fail for lacking enthusiasm as fail for technical reasons. Interviewers help candidates during interviews, and if you follow a good process and communicate clearly, they will help you. Practice always helps. Reading lots of interview questions and inuring yourself to interview stress will lead to more offers. This situation is not ideal. Preparing for interviews is work, and forcing programmers to learn skills other than building great software wastes everyone’s time. Companies should improve their interview processes to be less biased by academic CS, memorized facts, and rehearsed interview processes. This is what we’re doing at Triplebyte. We help programmers get jobs without looking at resumes. We let programmers pick one of several areas in which to be evaluated, and we study and improve our process over time. We’d love to help you get a job at a startup, without jumping through these hoops. You can get started here. But the status quo is what it is. Until this changes, programmers should know how to prepare. Thanks to Jared Friedman, Emmett Shear, Garry Tan, Alexis Ohanian and Daniel Gackle for reading drafts of this. Sursa: http://blog.triplebyte.com/how-to-pass-a-programming-interview

Announcing SQL Server on Linux Posted March 7, 2016 By Scott Guthrie - Executive Vice President, Cloud and Enterprise Group, Microsoft It’s been an incredible year for the data business at Microsoft and an incredible year for data across the industry. This Thursday at our Data Driven event in New York, we will kick off a wave of launch activities for SQL Server 2016 with general availability later this year. This is the most significant release of SQL Server that we have ever done, and brings with it some fantastic new capabilities. SQL Server 2016 delivers: Groundbreaking security encryption capabilities that enable data to always be encrypted at rest, in motion and in-memory to deliver maximum security protection In-memory database support for every workload with performance increases up to 30-100x Incredible Data Warehousing performance with the #1, #2 and #3 TPC-H 10 Terabyte benchmarks for non-clustered performance, and the #1 SAP SD Two-Tier performance benchmark on windows Business Intelligence for every employee on every device – including new mobile BI support for iOS, Android and Windows Phone devices Advanced analytics using our new R support that enables customers to do real-time predictive analytics on both operational and analytic data Unique cloud capabilities that enable customers to deploy hybrid architectures that partition data workloads across on-premises and cloud based systems to save costs and increase agility These improvements, and many more, are all built into SQL Server and bring you not just a new database but a complete platform for data management, business analytics and intelligent apps – one that can be used in a consistent way across both on-premises and the cloud. In fact, over the last year we’ve been using the SQL Server 2016 code-base to run in production more than 1.4 million SQL Databases in the cloud using our Azure SQL Database as a Service offering, and this real-world experience has made SQL Server 2016 an incredibly robust and battle-hardened data platform. Gartner recently named Microsoft as leading the industry in their Magic Quadrant for Operational Database Management Systems in both execution and vision. We’re also a leader in Gartner’s Magic Quadrant for Data Warehouse and Data Management Solutions for Analytics, and Magic Quadrant for Business Intelligence and Analytics Platforms, as well as leading in vision in the Magic Quadrant for Advanced Analytics Platforms. Extending SQL Server to Also Now Run on Linux Today I’m excited to announce our plans to bring SQL Server to Linux as well. This will enable SQL Server to deliver a consistent data platform across Windows Server and Linux, as well as on-premises and cloud. We are bringing the core relational database capabilities to preview today, and are targeting availability in mid-2017. SQL Server on Linux will provide customers with even more flexibility in their data solution. One with mission-critical performance, industry-leading TCO, best-in-class security, and hybrid cloud innovations – like Stretch Database which lets customers access their data on-premises and in the cloud whenever they want at low cost – all built in. “This is an enormously important decision for Microsoft, allowing it to offer its well-known and trusted database to an expanded set of customers”, said Al Gillen, group vice president, enterprise infrastructure, at IDC. “By taking this key product to Linux Microsoft is proving its commitment to being a cross platform solution provider. This gives customers choice and reduces the concerns for lock-in. We would expect this will also accelerate the overall adoption of SQL Server.” “SQL Server’s proven enterprise experience and capabilities offer a valuable asset to enterprise Linux customers around the world,” said Paul Cormier, President, Products and Technologies, Red Hat. “We believe our customers will welcome this news and are happy to see Microsoft further increasing its investment in Linux. As we build upon our deep hybrid cloud partnership, spanning not only Linux, but also middleware, and PaaS, we’re excited to now extend that collaboration to SQL Server on Red Hat Enterprise Linux, bringing enterprise customers increased database choice.” “We are delighted to be working with Microsoft as it brings SQL Server to Linux,” said Mark Shuttleworth, founder of Canonical. “Customers are already taking advantage of Azure Data Lake services on Ubuntu, and now developers will be able to build modern applications that utilize SQL Server’s enterprise capabilities.” Bringing SQL Server to Linux is another way we are making our products and new innovations more accessible to a broader set of users and meeting them where they are. Just last week, we announced our agreement to acquire Xamarin. Recently, we alsoannounced Microsoft R Server , our technologies based on our acquisition of Revolution Analytics, with support for Hadoop and Teradata. The private preview of SQL Server on Linux is available starting today and we look forward to working with the community, our customers and our partners to bring it to market. Please join me Satya Nadella, Joseph Sirosh and Judson Althoff at our Data Driven event on Thursday to hear more about this news and how Microsoft is helping customers transform their business using data. Thanks, Scott Sursa: https://blogs.microsoft.com/blog/2016/03/07/announcing-sql-server-on-linux/

Tot sunt sterse de pe hosturi. Ia luati de pe DropBox : https://www.dropbox.com/sh/arq4a7fuqsl4cck/AABw8VnT05wEWKTDZgdU3jK0a?dl=0 @gipsy @VladX

The Art of Assembly Language The Art of Assembly Language ................................................................. 1 Volume One: .............................................................................................. 1 Data Representation ................................................................................... 1 Chapter One Foreward ................................................................................ 3 Chapter Two Hello, World of Assembly Language ................................... 11 Chapter Three Data Representation ............................................................ 43 Chapter Four More Data Representation .................................................... 77 Chapter Five ............................................................................................... 109 Chapter Five Questions, Projects, and Lab Exercises ................................. 109 Volume Two: ............................................................................................. 129 Machine Architecture ................................................................................. 129 Chapter One System Organization .............................................................. 131 Chapter Two Memory Access and Organization ........................................ 151 Chapter Three Introduction to Digital Design ............................................ 195 Chapter Four CPU Architecture .................................................................. 225 Chapter Five Instruction Set Architecture .................................................. 261 Chapter Six Memory Architecture .............................................................. 293 Chapter Seven The I/O Subsystem ............................................................. 315 Chapter Eight Questions, Projects, and Labs .............................................. 341 Volume Three: ........................................................................................... 375 Basic Assembly Language ......................................................................... 375 Chapter One Constants, Variables, and Data Types .................................. 377 Chapter Two Introduction to Character Strings .......................................... 401 Chapter Three Characters and Character Sets ............................................ 421 Chapter Four Arrays ................................................................................... 445 Chapter Five Records, Unions, and Name Spaces ...................................... 465 Chapter Six Dates and Times ...................................................................... 481 Chapter Seven Files .................................................................................... 497 Chapter Eight Introduction to Procedures ................................................... 521 Chapter Nine Managing Large Programs ................................................... 549 Chapter Ten Integer Arithmetic .................................................................. 567 Chapter Eleven Real Arithmetic ................................................................. 591 Chapter Twelve Calculation Via Table Lookups ........................................ 625 Chapter Thirteen Questions, Projects, and Labs ......................................... 641 Volume Four: ............................................................................................. 703 Intermediate Assembly Language .............................................................. 703 Chapter One Advanced High Level Control Structures ............................. 705 Chapter Two Low-Level Control Structures .............................................. 729 Chapter Three Intermediate Procedures ...................................................... 781 Chapter Four Advanced Arithmetic ............................................................ 827 Chapter Five Bit Manipulation ................................................................... 881 Chapter Six The String Instructions ........................................................... 907 Chapter Seven The HLA Compile-Time Language ................................... 921 Chapter Eight Macros ................................................................................. 941 Chapter Nine Domain Specific Embedded Languages ............................... 975 Chapter Ten Classes and Objects ................................................................ 1029 Chapter Eleven The MMX Instruction Set ................................................. 1083 Chapter Twelve Mixed Language Programming ........................................ 1119 Chapter Thirteen Questions, Projects, and Labs ......................................... 1163 Section Five ............................................................................................... 1245 Section Five Advanced Assembly Language Programming ...................... 1245 Chapter One Thunks ................................................................................... 1247 Chapter Two Iterators ................................................................................. 1271 Chapter Three Coroutines and Generators .................................................. 1293 Chapter Four Low-level Parameter Implementation .................................. 1305 Chapter Five Lexical Nesting ..................................................................... 1337 Chapter Six Questions, Projects, and Labs ................................................. 1359 Appendix A Answers to Selected Exercises ............................................... 1365 Appendix B Console Graphic Characters ................................................... 1367 Appendix D The 80x86 Instruction Set ...................................................... 1409 Appendix E The HLA Language Reference ............................................... 1437 Appendix F The HLA Standard Library Reference .................................... 1439 Appendix G HLA Exceptions ..................................................................... 1441 Appendix H HLA Compile-Time Functions .............................................. 1447 Appendix I Installing HLA on Your System .............................................. 1477 Appendix J Debugging HLA Programs ...................................................... 1501 Appendix K Comparing HLA and MASM ................................................. 1505 Appendix L HLA Code Generation for HLL Statements ........................... 1507 Download: http://portal.aauj.edu/portal_resources/downloads/programming/assembly_language32bit_edition.pdf

Password Hashing: Why and How posted March 7, 2016 by "No Bugs" Hare, translated by Sergey Ignatchenko,originally published in Overload #129 in October 2015 Author: “No Bugs” Hare [[About Vol.2 of the upcoming “Development and Deployment of MMOG” book. There is no need to worry, I just need some time to prepare for publishing of Vol.1. “beta” chapters of Vol.2 are planned to start appearing in 3 weeks from now. Stay tuned!]] Password hashing is a non-trivial topic, which has recently become quite popular. While it is certainly not the only thing which you need to do make your network app secure, it is one of those security measures every security-conscious developer should implement. In this article, we’ll discuss what it is all about, why hash functions need to be slow, and how password hashing needs to be implemented in your applications. What is it all about? “For password hashing, the answer is very unpleasant: we’re trying to mitigate the consequences arising from stealing the whole of your site’s password database.Whenever we’re speaking about security, there is always the question: what exactly is the threat we’re trying to protect ourselves from? For password hashing, the answer is very unpleasant: we’re trying to mitigate the consequences arising from stealing the whole of your site’s password database. This is usually accompanied by the potential for stealing pretty much any other data in your database, and represents the Ultimate Nightmare of any real-world security person. Some (including myself) will argue that such mitigation is akin to locking the stable door after the horse has bolted, and that security efforts should be directed towards preventing the database-stealing from happening in the first place. While I certainly agree with this line of argument, on the other hand implementing password hashing is so simple and takes so little time (that is, if you designed for it from the very beginning) that it is simply imprudent not to implement it. Not to mention that if you’re not doing password hashing, everybody (your boss and any code reviewers/auditors included) will say, “Oh, you don’t do password hashing, which is The Second Most Important Security Feature In The Universe (after encryption, of course).” The most important thing, however, is not to forget about a dozen other security-related features which also need to be implemented (such as TLS encryption, not allowing passwords which are listed in well-known password dictionaries, limits on login rate, etc. etc. – see ‘Bottom Line’ section below for some of these) Articol complet: http://ithare.com/password-hashing-why-and-how/

get easy jail time for 80 bucs ,I'm in

CVE 2015-7547 glibc getaddrinfo() DNS Vulnerability Posted by jstester007 on March 7th, 2016 Hello w0rld! JUMPSEC researchers have spent some time on the glibc DNS vulnerability indexed as CVE 2015-7547 (It hasn’t got a cool name like GHOST unfortunately…). It appears to be a highly critical vulnerability and covers a large number of systems. It allows remote code execution by a stack-based overflow in the client side DNS resolver. In this post we would like to present our analysis. Google POC overview Google POC Network Exploitation Timeline Google POC Exploit Code Analysis First response Code snippet Packet capture snippet The dw() function calls a “struct” module from python library. According to the documentation, it performs conversion between python values and C structs represented as python strings. In this case, it interprets python integer and pack it into little-endian short type binary data. This is a valid response sent by the “malicious” DNS server when it receives any initial queries. This response packet is constructed intentionally in large size (with 2500 bytes of null), it forces the client to retry over TCP and allocate additional memory buffer for the next response. This also triggers the dual DNS query from getaddrinfo() on the client side, which is a single request containing A and AAAA queries concatnated. Second Response Code snippet Packet capture snippet This is the second response sent by the malicious DNS server. It is a malformed packet sending large numbers of “fake records” (184 Answer RRs) back to the client. According to google, this forces __libc_res_nsend to retry the query. Third response Code snippet Packet capture snippet This is the third response sent by the “malicious” DNS server. It is another malformed packet which is carrying the payload. JUMPSEC researcher has modified the Google POC code to identify the the number of bytes to cause a segmentation fault (possibly overwriting the RET address) of the buffer. It is found that the RET address is being overwritten on the 2079thbyte. With the addition of return_to_libc technique, an attacker can bypass OS protection such as NX bit or ASLR and perform remote code execution. Google POC debugging and crash analysis JUMPSEC has run it through the trusty gdb. It crashes with a SEGMENTATION FAULT which verifies that the DNS response has smashed the stack of the vulnerable client application when running getaddrinfo(). The vulnerable buffer is operated in gaih_getanswer. The entry address has been overwritten with 0x4443424144434241 (ABCDABCD). The state of the register also showing the overflowed bytes. SEGFAULT from vulnerable client. RET address is overwritten with “ABCDABCD” Backtrack Registers JUMPSEC has also tested it on a few other applications. It was found that the getaddrinfo() function in glibc is commonly used… Iceweasel crashing Conclusion The best way to mitigate this issue is to enforce proper patching management. Make sure to update all your systems with the latest version of glibc . If you have any systems exposed on the internet and you want to make sure that this vulnerability is not triggered then the following Wireshark filter could be useful: (DNS.length>2048 to see malformed packets). A DNS response has a maximum of 512 bytes (typically), note that the DNS reply is truncated. Even if the client does not accept large response, smaller responses can be combine into a large one which can also trigger the vulnerability. A possible filter is to monitor the size of the entire conversation as a distinct amount of bytes in total is require to trigger specific responses from vulnerable client and all of them requires more than 2048 bytes. The above vulnerability can be fixed by patching. If you are running RedHat or CentOS a simple yum -y update glibc will update the libc and resolve the issue. Reference links https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547 http://pubs.opengroup.org/onlinepubs/9699919799/functions/freeaddrinfo.html https://googleonlinesecurity.blogspot.co.uk/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html Sursa: https://labs.jumpsec.com/2016/03/07/cve-2015-7547-glibc-getaddrinfo-dns-vulnerability/

Climber Automated auditing tool to check UNIX/Linux systems misconfigurations which may allow local privilege escalation. Dependencies python >= 2.7 python-crypto python-mako python-paramiko Note Climber needs Exscript, a Python module and a template processor for automating network connections over protocols such as Telnet or SSH. https://github.com/knipknap/exscript This module is already included in Climber sources. License This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Sursa: https://github.com/raffaele-forte/climber

Romanian ATM hacker exploits vulnerability in FENCE, escapes jail Robber clobbered but catching carder is harder 8 Mar 2016 at 05:56, Darren Pauli A Romanian carder arrested for using malware to plunder US$217,000 (£152,164, A$290,888) from ATMs has cut their way out of a Bucharest prison and escaped custody. Renato Marius Tulli, 34, escaped Police Precinct 19 with Grosy Gostel, 38, held for robbery charges, sparking a city-wide hunt, local media report. Gostel has been caught while malware man Tulli remains on the run. The carder and the robber cut a hole in the mesh fence and jumped an outer fence at the police station. Tulli and his gang raided ATMs maintained by NCR across Romania, Hungary, Spain, Russia, and the Czech Republic. They used the Tyupkin malware loading it onto ATMs using a CD slotted into the back of the machines. That malware has been upgraded in recent months and is now known as GreenDispenser and is being used to target ATMs across Mexico. There is little preventing the self-deleting malware from being used in other countries, experts say. ® Sursa: http://www.theregister.co.uk/2016/03/08/romanian_atm_hacker_exploits_vulnerability_in_fence_escapes_jail/

,,,o alta antena MiMo 2,6 GHz(4G)...

Fiecare tara care au primit refugiati au problemele lor, saracii lor, batranii lor.. mai ales Iordanul, Turcii si altii. Vai de noi, ce ne facem ca vin cativa si in Romania.. Dar cand am primit fonduri nerambursabile de la UE a fost bine? Imprumuturile de la UE, FMI si restul au fost bune si ele? Si asa mai departe, lista poate continua... (ca s-au furat si nu s-au folosit cum trebuie asta e alta mancare de peste). Daca ar fi o catastrofa naturala in Ro am vrea sa fim ajutati din exterior, nu-i asa? De exemplu daca da un cutremur decent in Bucuresti, unde jumatate de cladiri pica la o flegma mai puternica, imi pariez mana dreapta ca vor fi morti si raniti de ordinul sutelor si miilor. Atunci vom vrea orice ajutor ni se va da, nu-i asa? Nu le iau apararea Sirienilor, pe de o parte au incurajat astfel de lucruri, sunt de condamnat ca nu stau sa lupte pentru tara lor, unii din ei se comporta mai rau ca animalele pe unde ajung, fac si mofturi, etc. etc. Ce vreau sa spun cu toate astea? Faptul ca acordarea de ajutor umanitar nu este problema esentiala si ceea ce trebuie criticat/dezbatut ci ceea ce se intampla in Siria si zonele adiacente. Din pacate Rromanika e un pion foarte mic pe o tabla de sah enorma si nu are nici un cuvant de zis referitor la nimic. Mai pe scurtatura, Romania trebuie sa urmeze un sfat ce a aparut acum 2 saptamani in serialul The Walking Dead:

Pentru cei interesati de niste training, inafara de Udemy si alte site-uri. Why does RouteHub exist? To make affordable, practical network training available to all network engineers How does RouteHub do this? The founder of RouteHub identified a need for practical training for network engineers. Prior to the inception of RouteHub, the only network training that was readily available focused on certifications. This type of training has value and its place, but he saw a need for training that would help network engineers quickly get a solution in place in real-life situations. He decided that the quickest way to provide this training to the most number of people possible would be to create training documents and videos, and distribute them over the internet. What is available? RouteHub provides practical training in areas such as: Core Network Services (Routing, Switching, IPv6, Multicast, QoS) Voice and Unified Communications Security (Firewall, VPN, UTM) Wireless Data Center (Virtualization, Tunneling) Small Business Starting Out Network Design Why RouteHub instead of other online Training Videos? Our training videos provide practical, real-world training, to help you devise and deploy solid networking solutions. We’re not here to help you answer a multiple-choice test. We’re here tell you what you need to do to get a network up and running, how to configure different technologies, and to help you really understand how it works. Who works at RouteHub? RouteHub was founded by Michel Thomatis, a network engineer with 15 years of experience. He has worked for several companies over the years, developing network solutions to meet the needs of the businesses. Over the years, Michel found that he really enjoyed teaching people interesting in networking how it all works, and decided to do that full time. He is committed to providing you the training you need to be a successful network engineer. http://routehub.net/training/ Spor la invatat!

https://www.linkedin.com/in/mehernaz-morawala-05516312 Felicitari @Nytro pentru deschiderea unei filiale in Mumbai. Ar fi ideal daca poti face un transfer de puradei inapoi catre ei http://rstforum.net/ :P

Oldie but goldie..

GirlShare - Download Directory Power Submitter + 9,000 Directory List.rar un programel care adauga site-ul tau pe directoare web ai 9000 si ceva directoare in fisierul .txt , ca sa adaugi altelea pui la fel cum este si in acel document setari: - nume - mail - site - titlu - descriere - categorie . aveti posibilitatea sa alegeti 4 categorii dintr-o lista , fiindca nu toate directoarele web au aceleasi categorii - captcha manual - no-captcha : sare peste cele care au captcha . EDIT: am pus arhiva gresita prima oara , acum e completa