Leaderboard

jammer A Bash script to automate the continuous circular deauthentication of all the wifi networks in your reach I am not responsible for any misuses of the script Keep in mind that it is generally illegal to use the script at your neihborhood It is designed for pen-testing purposes It has only been tested on my two machines, so there may still be bugs that can even cause data loss That's why I suggest you take a good look at the code before you execute it There will be updates as soon as I fix something or make a nice improvement Not that anyone will see this Jammer v0.3 Usage: jammer [OPTION] ... Jam Wifi Networks That Your Wireless Card Can Reach. -d, --deauths: Set the number of deauthentications for each station. Default is 10 -y, --yes: Make 'Yes' the answer for everything the script asks -s, --endless: When reaching the end of the list, start again -f, --whitelist: A file with ESSID's to ignore during the attack -k, --keep: Keep the scan files after the script ends -n, --name: Choose the names the scan files are saved as -e, --ethernet: Set the name for the ethernet interface. Default is 'eth0' -w, --wireless: Set the name for the wireless interface. Default is 'wlan0' -h, --help: Show this help message Looking at this help message a suggested way to call the script is $ sudo ./jammer -y -s -d 20 -f whitelist.txt Sursa: https://github.com/billpcs/jammer

Sursa este aici: https://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html Vad ca doar pe kernel 4.x exista problema. Nu stiu de ce se grabesc pseudo distributiile astea sa puna ultimele versiuni asa repede, fara a fi testate. De exemplu, la Debian ai kernel 3.16.x pe stable. La Ubuntu ai kernel 4.x si deja a ajuns la ubuntu 16, desi este din 2004 spre diferenta de debian care e din 1994. Ma rog, eu vad asta ca pe o idiotenie. Faci un fix minor in ceva si schimbi versiunea deja. Ontopic: grsec facand restrictie pe /proc nu mai poti citi adresele acelea si rezolva 99% din problemele de genul. Linux ar trebui sa se inspire eventual din FreeBSD unde ai mai multa libertate si posibilitati mai multe de a face un sistem mai sigur. Eventual sa folosesca restrictiile default din posix si cap root/pivot_root din kernel. Linus Torvalds e prea mandru de el sa accepte faptul ca e un software engineer si nu un security guru.

Avand in vedere lipsa de activitate la aceasta sectiune, am decis sa deschid acest thread, care probabil va fi urmat de altele daca este primit cu bine Scopul este sa invatati ceva din discutiile ce vor urma si din writeup-urile postate, nu sa concurati intre voi. Link: http://hackvent.hacking-lab.com/index.php Day 01: Detours Santa receives an email with links to three pictures, but every picture is the same. He talks with some of his elves and one says, that there is some weird stuff happening when loading these pictures. Can you identify it? Link 1: http://ow.ly/unCT306N19f Link 2: http://ow.ly/xW3h306N18f Link 3: http://ow.ly/3wfc306N10K Day 02: Free Giveaway Today, Santa has a free giveaway for you: DK16[OEdo[''lu[;"Nl[R"D4[2Qmi Day 03: Manufactory Today's gift is ready to be manufactured, but Santa's afraid that his factory won't manage to do a production run before christmas. But perhaps you can create it yourself? Link: http://hackvent.hacking-lab.com/instructions Day 04: Language Of Us You all should know this language, but this one is not that consequent as it should be. Link: http://hackvent.hacking-lab.com/the-text.txt Day 05: Boolean Fun Santa found a paper with some strange logical stuff on it. On the back of it there is the hint: "use 32 bit". He has no clue what this means - can you show him, what "???" should be? Image: http://hackvent.hacking-lab.com/everyBitIsImportant.png Link (needed for the 'flag'): http://hackvent.hacking-lab.com/challenge.php?day=5 Day 06: Back 2 Work Greetings from Thumper, he has an order for you: 1. unzip: the password is confidential 2. find the flag 3. look at my holiday pictures Comment: Be aware, the pictures are only supplement. Link: http://hackvent.hacking-lab.com/holiday.zip Day 07: TrivialKRYPTO 1.42 Today's present is encrypted. Luckily Santa did not use Kryptochef's KRYPTO 2.0 so there might be a slight chance of recovering it? Link: http://hackvent.hacking-lab.com/trivialcrypt.html Day 08: Lost In Encoding Santa and his elves do not know good encryption, all they have heard about are some basic encodings. Unfortunately they all are bungling and forgotten the recipe. It's now on you, who has to get it up. Link: http://hackvent.hacking-lab.com/l0st_1n_7ranslation.fun Day 09: Illegal Prime Number I've heard something about illegal prime numbers... Maybe this number contains the flag: 4315891123054519227800425234439024406406805990983946954154956695012431283551657417585179574642755601169096280017484467053951914982126613234225200384245049037787654523558017678649278076716108200271927575791497929092184238813619846729315518237924881623603111094979071286017407153529043066655388316378457694291590703681341752561492723137474482263373673210248633961843479034160811982934510083276506238457901538373531195688165166964398815874378480986164601388393975141268984935852959700100872597068350527482364309 Day 10: I want to play a Game Reversing Day 1: we'll start with an easy one. Link: http://hackvent.hacking-lab.com/ReGame_Part1.zip Rezolvari (+ writeups): Discutati, rezolvati, postati ceea ce gasiti, etc. Va rog sa folositi spoilere in toate discutiile referitoare la rezolvarea unui challenge.

Linus a spus de mai multe ori ca pe el il intereseaza mai mult ca Linux sa fie stabil, nu sigur. Cu alte cuvinte, e de preferat sa nu iei PANIC in locul a mai putine LOCAL privilege escalation.

SEC Consult has found a backdoor in Sony IPELA Engine IP Cameras, mainly used professionally by enterprises and authorities. This backdoor allows an attacker to run arbitrary code on the affected IP cameras. An attacker can use cameras to take a foothold in a network and launch further attacks, disrupt camera functionality, send manipulated images/video, add cameras into a Mirai-like botnet or to just simply spy on you. This vulnerability affects 80 different Sony camera models. Sony was informed by SEC Consult about the vulnerability and has since released updated firmware for the affected models. Further information about the backdoor, disclosure timeline, affected devices and updated firmware can be found in our advisory. This blog post has some highlights from the vulnerability analysis. This advisory is the result of research that started by uploading a recent firmware update file from a Sony camera into our cloud based firmware analysis system IoT Inspector. After a few minutes the analysis results were available. One result immediately caught our attention: Excerpt from IoT Inspector results So here we have two password hashes, one is for the user admin and was cracked immediately. The password is admin. This is no surprise as the default login credentials are admin:admin. The second password hash is much more interesting, it’s for the user root and it was found in two different files: /etc/init.d/SXX_directory and /usr/local/lib/libg5_usermanage.so.0.0.0 We can use the file system browser of IoT Inspector to have a look at the SXX_directory. Excerpt from IoT Inspector filesystem browser It looks like this startup script (called by /sbin/init/rcS during boot) is responsible for creating and populating the file /tmp/etc/passwd (/etc/passwd is a symlink to this file). A line for the user including a password hash is added, the shell is /bin/sh. Not good! So, what can we do if we can crack the hash? At this point we can assume that it's very likely we can login using UART pins on the PCB. This of course requires us to have physical access and to disassemble the device. The other locations where we could possibly use the password are Telnet and SSH, but both services are not available on the device … or are they? A quick string search in the firmware's filesystem for “telnet” shows that a CGI binary called prima-factory.cgi contains this string a few times. IDA Pro to the rescue! It seems this CGI has the power to do something with Telnet: The code in g5::cgifactory::factorySetTelnet() (in decompiled form below) is pretty straight forward. Based on input, the inetd daemon is killed or started: The inetd daemon gets its configuration from /etc/inetd.conf and inetd.conf is set up to launch Telnet So how can we reach this CGI functionality? The answer lies in the lighttpd binary. Lighttpd is an open source web server that was modified by Sony. Some custom code for HTTP request handling and authentication was added. Below is an excerpt from a data structure that maps the URI /command/prima-factory.cgi to the CGI in the file system. The authentication function is HandleFactory. HandleFactory decodes the HTTP Basic Authentication header and compares it to the username/password primana:primana. Now we have all ingredients to craft an attack that looks like this: Send HTTP requests to /command/prima-factory.cgi containing the “secret” request values cPoq2fi4cFk and zKw2hEr9and use primana:primana for HTTP authentication. This starts the Telnet service on the device. Login using the cracked root credentials via Telnet. Note: We have not cracked the root password, but it's only a matter of time until someone will. The user primana has access to other functionality intended for device testing or factory calibration(?). There is another user named debug with the password popeyeConnection that has access to other CGI functionality we didn't analyze further. We believe that this backdoor was introduced by Sony developers on purpose (maybe as a way to debug the device during development or factory functional testing) and not an "unauthorized third party" like in other cases (e.g. the Juniper ScreenOS Backdoor, CVE-2015-7755). We have asked Sony some questions regarding the nature of the backdoor, intended purpose, when it was introduced and how it was fixed, but they did not answer. For further information regarding affected devices and patched firmware, see our advisory. IoT Inspector now comes with a plugin that detects this vulnerability. For further information regarding affected devices and patched firmware, see our advisory. IoT Inspector now comes with a plugin that detects this vulnerability. Source

"We believe that this backdoor was introduced by Sony developers on purpose (maybe as a way to debug the device during development or factory functional testing)" "We have asked Sony some questions regarding the nature of the backdoor, intended purpose, when it was introduced and how it was fixed, but they did not answer." How about mass-fucking-surveillance?? Let's not forget: https://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa and https://www.theguardian.com/uk/2013/jun/21/gchq-mastering-the-internet ---- "last year (2012) GCHQ was handling 600m "telephone events" each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 of them at a time." "Each of the cables carries data at a rate of 10 gigabits per second, so the tapped cables had the capacity, in theory, to deliver more than 21 petabytes a day" "The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America." "This was done under secret agreements with commercial companies, described in one document as "intercept partners" "The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. " "The source with knowledge of intelligence said on Friday the companies were obliged to co-operate in this operation. They are forbidden from revealing the existence of warrants compelling them to allow GCHQ access to the cables."

Invata mai bine cu ce se mananca linux. Arhitecturi, kernel modules, kernel sysinternals, securitate, daemoni, structura si pe cat posibil instaleaza-ti aplicatiile din surse la inceput. Cel putin, orienteaza-te sa faci lucruri la inceput. Nu iti pierde timpul cu stricatul.

si despre Ciolos.

Exotic HTTP Headers Exploration of HTTP security and other non-typical headers Last updated on December 9, 2016 Table of Contents X-XSS-Protection No header X-XSS-Protection: 0 X-XSS-Protection: 1 X-XSS-Protection: 1; mode=block X-XSS-Protection: 1; report=http://localhost:1234/report X-Frame-Options No header X-Frame-Options: deny X-Frame-Options: sameorigin X-Frame-Options: allow-from http://localhost:4321 X-Content-Type-Options No header X-Content-Type-Options: nosniff Content-Security-Policy No header Content-Security-Policy: default-src 'none' Content-Security-Policy: default-src 'self' Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' Other Strict-Transport-Security Public-Key-Pins Content-Encoding: br Timing-Allow-Origin Alt-Svc P3P X-XSS-Protection Cross-Site Scripting (XSS) is an attack in which malicious scripts can be injected on a page. For example: <h1>Hello, <script>alert('hacked')</script></h1> This is a pretty obvious attack and something that browsers can block: if you find a part of the request in the source code, it might be an attack. The X-XSS-Protection controls this behavior. Values: 0 Filter disabled. 1 Filter enabled. If a cross-site scripting attack is detected, in order to stop the attack, the browser will sanitize the page. 1; mode=block Filter enabled. Rather than sanitize the page, when a XSS attack is detected, the browser will prevent rendering of the page. 1; report=http://domain/url Filter enabled. The browser will sanitize the page and report the violation. This is a Chromium function utilizing CSP violation reports to send details to a URI of your choice. Let's create a simple web server with node.js to play with this. var express = require('express') var app = express() app.use((req, res) => { if (req.query.xss) res.setHeader('X-XSS-Protection', req.query.xss) res.send(`<h1>Hello, ${req.query.user || 'anonymous'}</h1>`) }) app.listen(1234) I am using Google Chrome 55. No header http://localhost:1234/?user= Nothing happens. The browser successfully prevented this attack. This is the default behavior in Chrome if no header is set, as you can see in the error message in the Console. It even helpfully highlights it in the source. X-XSS-Protection: 0 http://localhost:1234/?user= &xss=0 Oh no! X-XSS-Protection: 1 http://localhost:1234/?user= &xss=1 The attack was successfully blocked by sanitizing the page because of our explicit header. X-XSS-Protection: 1; mode=block http://localhost:1234/?user= &xss=1; mode=block The attack is blocked by simply not rendering the page. X-XSS-Protection: 1; report=http://localhost:1234/report http://localhost:1234/?user= &xss=1; report=http://localhost:1234/report The attack is blocked and also reported to an address of our choice. X-Frame-Options This header allows you to prevent clickjack attacks. Imagine that an attacker has a YouTube channel and he needs subscribers. He can create a website with a button that says "Do not click" which means that everyone will definitely click on it. But there's a completely transparent iframe on top of the button. When you click the button, you actually click on the Subscribe button on YouTube. If you were logged into YouTube, you will now be subscribed to the attacker. Let's illustrate this. First, install the Ignore X-Frame headers extension. Create this HTML file. <style> button { background: red; color: white; padding: 10px 20px; border: none; cursor: pointer; } iframe { opacity: 0.8; z-index: 1; position: absolute; top: -570px; left: -80px; width: 500px; height: 650px; } </style> <button>Do not click his button!</button> <iframe src="https://youtu.be/dQw4w9WgXcQ?t=3m33s"></iframe> As you can see, I have cleverly positioned the viewport of the iframe to the Subscribe button. The iframe is on top of the button (z-index: 1) so when you try to click the button you click on the iframe instead. In this example, the iframe is not completely hidden but I could do that with opacity: 0. In practice, this does not work because you are not logged into YouTube, but you get the idea. You can prevent your website from being embedded as an iframe with the X-Frame-Options header. Values deny No rendering within a frame. sameorigin No rendering if origin mismatch. allow-from: DOMAIN Allows rendering if framed by frame loaded from DOMAIN. We are going to use this webserver for experiments. var express = require('express') for (let port of [1234, 4321]) { var app = express() app.use('/iframe', (req, res) => res.send(`<h1>iframe</h1><iframe src="//localhost:1234?h=${req.query.h || ''}"></iframe>`)) app.use((req, res) => { if (req.query.h) res.setHeader('X-Frame-Options', req.query.h) res.send('<h1>Website</h1>') }) app.listen(port) } No header Everyone can embed our website at localhost:1234 in an iframe. http://localhost:1234/iframe http://localhost:4321/iframe X-Frame-Options: deny No one can embed our website at localhost:1234 in an iframe. http://localhost:1234/iframe?h=deny http://localhost:4321/iframe?h=deny X-Frame-Options: sameorigin Only we can embed our website at localhost:1234 in an iframe on our website. An origin is defined as a combination of URI scheme, hostname, and port number. http://localhost:1234/iframe?h=sameorigin http://localhost:4321/iframe?h=sameorigin X-Frame-Options: allow-from http://localhost:4321 It looks like Google Chrome ignores this directive because you can use Content Security Policy (see below). Invalid 'X-Frame-Options' header encountered when loading 'http://localhost:1234/?h=allow-from%20http://localhost:4321': 'allow-from http://localhost:4321' is not a recognized directive. The header will be ignored. It also had no effect in Microsoft Edge. Here's Mozilla Firefox. http://localhost:1234/iframe?h=allow-from http://localhost:4321 http://localhost:4321/iframe?h=allow-from http://localhost:4321 X-Content-Type-Options This header prevents MIME confusion attacks (<script src="script.txt">) and unauthorized hotlinking (<script src="https://raw.githubusercontent.com/user/repo/branch/file.js">). var express = require('express') var app = express() app.use('/script.txt', (req, res) => { if (req.query.h) res.header('X-Content-Type-Options', req.query.h) res.header('content-type', 'text/plain') res.send('alert("hacked")') }) app.use((req, res) => { res.send(`<h1>Website</h1><script src="/script.txt?h=${req.query.h || ''}"></script>`) }) app.listen(1234) No header http://localhost:1234/ Even though script.txt is a text file with the content type of text/plain it was still executed as if it was a piece of JavaScript. X-Content-Type-Options: nosniff http://localhost:1234/?h=nosniff This time the content types do not match and the file was not executed. Content-Security-Policy The new Content-Security-Policy (CSP) HTTP response header helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header. You can ask the browser to ignore inline JavaScript and load JavaScript files only from your domain, for example. Inline JavaScript can be not only <script>...</script> but also <h1 onclick="...">. Let's see how it works. var request = require('request') var express = require('express') for (let port of [1234, 4321]) { var app = express() app.use('/script.js', (req, res) => { res.send(`document.querySelector('#${req.query.id}').innerHTML = 'changed by ${req.query.id} script'`) }) app.use((req, res) => { var csp = req.query.csp if (csp) res.header('Content-Security-Policy', csp) res.send(` <html> <body> <h1>Hello, ${req.query.user || 'anonymous'}</h1> <p id="inline">is this going to be changed by inline script?</p> <p id="origin">is this going to be changed by origin script?</p> <p id="remote">is this going to be changed by remote script?</p> <script>document.querySelector('#inline').innerHTML = 'changed by inline script'</script> <script src="/script.js?id=origin"></script> <script src="//localhost:1234/script.js?id=remote"></script> </body> </html> `) }) app.listen(port) } No header http://localhost:4321 It works like you would normally expect it to. Content-Security-Policy: default-src 'none' http://localhost:4321/?csp=default-src 'none'&user= default-src applies to all resources (images, scripts, frames, etc.) and the value of 'none' doesn't allow anything. We can see it in action here, along with very helpful error messages. Chrome refused to load or execute any of the scripts. It also tried to load favicon.ico even though it's also prohibited. Content-Security-Policy: default-src 'self' http://localhost:4321/?csp=default-src 'self'&user= Now we can load scripts from our origin, but still no remote or inline scripts. Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' http://localhost:4321/?csp=default-src 'self'; script-src 'self' 'unsafe-inline'&user= This time we also allow inline scripts to run. Note that our XSS attack was also prevented. But not when you allow unsafe-inline and set X-XSS-Protection: 0 at the same time. Other content-security-policy.com has nicely formatted examples. default-src 'self' allows everything but only from the same origin script-src 'self' www.google-analytics.com ajax.googleapis.com allows Google Analytics, Google AJAX CDN and Same Origin default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; allows images, scripts, AJAX, and CSS from the same origin, and does not allow any other resources to load (eg object, frame, media, etc). It is a good starting point for many sites. I have not tested this but I think that frame-ancestors 'none' should be equivalent to X-Frame-Options: deny frame-ancestors 'self' should be equivalent to X-Frame-Options: sameorigin frame-ancestors localhost:4321 should be equivalent to X-Frame-Options: allow-from http://localhost:4321 script-src 'self' i.e. without 'unsafe-inline' should be equivalent to X-XSS-Protection: 1 If you take a look at facebook.com and twitter.com headers, they use CSP a lot. Strict-Transport-Security HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks. Let's say that you want to go to facebook.com. Unless you type https://, the default protocol is HTTP and the default port for HTTP is 80. So the request will be made to http://facebook.com. $ curl -I facebook.com HTTP/1.1 301 Moved Permanently Location: https://facebook.com/ And then you are redirected to the secure version of Facebook. If you were connected to a public WiFi that an attacker is running, they could hijack this request and serve their own webpage that looks identical to facebook.com and collect your password. What you can do to prevent this is to use this header to tell that the next time the user wants to go to facebook.com, they should be taken to the https version instead. $ curl -I https://www.facebook.com/ HTTP/1.1 200 OK Strict-Transport-Security: max-age=15552000; preload If you logged into Facebook at home and then went to facebook.com on the insecure WiFi, you'd be safe because the browser remembers this header. But what if you used Facebook on the insecure network for the first time ever? Then you are not protected. To fix this, browsers ship with a hard-coded list of domains known as the HSTS preload list that includes the most popular domain names that are HTTPS only. If you want to, you could try to submit your own here. It's also a handy website for testing if your site is using this header correctly. Yeah, I know, mine doesn't. Values, combination of, separated by ; max-age=15552000 The time, in seconds, that the browser should remember that this site is only to be accessed using HTTPS. includeSubDomains If this optional parameter is specified, this rule applies to all of the site's subdomains as well. preload If the site owner would like their domain to be included in the HSTS preload list maintained by Chrome (and used by Firefox and Safari). What if you need to switch back to HTTP before max-age or if you had preload? You are out of luck. This header is very strictly enforced. You'd need to ask all of your users to clear their browsing history and settings. Public-Key-Pins HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Values pin-sha256="<sha256>" The quoted string is the Base64 encoded Subject Public Key Information (SPKI) fingerprint. It is possible to specify multiple pins for different public keys. Some browsers might allow other hashing algorithms than SHA-256 in the future. max-age=<seconds> The time, in seconds, that the browser should remember that this site is only to be accessed using one of the pinned keys. includeSubDomains If this optional parameter is specified, this rule applies to all of the site's subdomains as well. report-uri="<URL>" If this optional parameter is specified, pin validation failures are reported to the given URL. Instead of using a Public-Key-Pins header you can also use a Public-Key-Pins-Report-Only header. This header only sends reports to the report-uri specified in the header and does still allow browsers to connect to the webserver even if the pinning is violated. That is what Facebook is doing: $ curl -I https://www.facebook.com/ HTTP/1.1 200 OK ... Public-Key-Pins-Report-Only: max-age=500; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ="; report-uri="http://reports.fb.com/hpkp/" Why do we need this? Isn't trusting Certificate Authorities enough? An attacker could create their own certificate for www.facebook.com and trick me into adding it to my trust root certificate store. Or it could be an administrator in your organization. Let's create a certificate for www.facebook.com. sudo mkdir /etc/certs echo -e 'US\nCA\nSF\nFB\nXX\nwww.facebook.com\nno@spam.org' | \ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/certs/facebook.key \ -out /etc/certs/facebook.crt And make it trusted on our computer. # curl sudo cp /etc/certs/*.crt /usr/local/share/ca-certificates/ sudo update-ca-certificates # Google Chrome sudo apt install libnss3-tools -y certutil -A -t "C,," -n "FB" -d sql:$HOME/.pki/nssdb -i /etc/certs/facebook.crt # Mozilla Firefox #certutil -A -t "CP,," -n "FB" -d sql:`ls -1d $HOME/.mozilla/firefox/*.default | head -n 1` -i /etc/certs/facebook.crt Let's create our own web server that uses this certificate. var fs = require('fs') var https = require('https') var express = require('express') var options = { key: fs.readFileSync(`/etc/certs/${process.argv[2]}.key`), cert: fs.readFileSync(`/etc/certs/${process.argv[2]}.crt`) } var app = express() app.use((req, res) => res.send(`<h1>hacked</h1>`)) https.createServer(options, app).listen(443) Switch to our server. echo 127.0.0.1 www.facebook.com | sudo tee -a /etc/hosts sudo node server.js facebook Does it work? $ curl https://www.facebook.com <h1>hacked</h1> Good. curl validates certificates. Because I've visited Facebook before and Google Chrome has seen the header, it should report the attack but still allow it, right? Nope. Public-key pinning was bypassed by a local root certificate. Interesting. Alright, what about www.google.com? echo -e 'US\nCA\nSF\nGoogle\nXX\nwww.google.com\nno@spam.org' | \ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/certs/google.key \ -out /etc/certs/google.crt sudo cp /etc/certs/*.crt /usr/local/share/ca-certificates/ sudo update-ca-certificates certutil -A -t "C,," -n "Google" -d sql:$HOME/.pki/nssdb -i /etc/certs/google.crt echo 127.0.0.1 www.google.com | sudo tee -a /etc/hosts sudo node server.js google Same. I guess this is a feature. Anyway, if you don't add these certificates to your store, you won't be able to visit these sites because the option to add an exception in Firefox or Proceed unsafely in Chrome are not available. Content-Encoding: br The content is compressed with Brotli. It promises better compression density and comparable decompression speed to gzip. It is supported by Google Chrome. Naturally, there is a node.js module for it. var shrinkRay = require('shrink-ray') var request = require('request') var express = require('express') request('https://www.gutenberg.org/files/1342/1342-0.txt', (err, res, text) => { if (err) throw new Error(err) var app = express() app.use(shrinkRay()) app.use((req, res) => res.header('content-type', 'text/plain').send(text)) app.listen(1234) }) Uncompressed: 700 KB Brotli: 204 KB Gzip: 241 KB Timing-Allow-Origin The Resource Timing API allows you to measure how long it takes to fetch resources on your page. Because timing information can be used to determine whether or not a user has previously visited a URL (based on whether the content or DNS resolution are cached), the standard deemed it a privacy risk to expose timing information to arbitrary hosts. <script> setTimeout(function() { console.log(window.performance.getEntriesByType('resource')) }, 1000) </script> <img src="http://placehold.it/350x150"> <img src="/local.gif"> It looks like you can get detailed timing information (domain lookup time, for example) only for resources that are on your origin unless the Timing-Allow-Origin is set. Here's how you can use it. Timing-Allow-Origin: * Timing-Allow-Origin: http://foo.com http://bar.com Alt-Svc Alternative Services allow an origin's resources to be authoritatively available at a separate network location, possibly accessed with a different protocol configuration. This one is used by Google: alt-svc: quic=":443"; ma=2592000; v="36,35,34" It means that the browser can use, if it wants to, the QUIC (Quick UDP Internet Connections) or HTTP over UDP protocol on port 443 for the next 30 days (max age is 2592000 seconds or 720 hours or 30 days). No idea what v stands for. Version? https://www.mnot.net/blog/2016/03/09/alt-svc https://ma.ttias.be/googles-quic-protocol-moving-web-tcp-udp/ P3P Here's a couple of P3P headers I've seen: P3P: CP="This is not a P3P policy! See https://support.google.com/accounts/answer/151657?hl=en for more info." P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p" Some browsers require third party cookies to use the P3P protocol to state their privacy practices. The organization that established P3P, the World Wide Web Consortium, suspended its work on this standard several years ago because most modern web browsers don't fully support P3P. As a result, the P3P standard is now out of date and doesn't reflect technologies that are currently in use on the web, so most websites currently don't have P3P policies. I did not do much research on this but it looks like this is needed for IE8 to accept 3rd party cookies. This is accepted by Internet Explorer. For example, IE's "high" privacy setting blocks all cookies from websites that do not have a compact privacy policy, but cookies accompanied by P3P non-policies like those above are not blocked. Sursa: https://peteris.rocks/blog/exotic-http-headers/

Quick headers settings In Nginx, you can use more_set_headers and add_header (this is built by default) Examples: # example with more_set_headers more_set_headers "X-XSS-Protection: 1; mode=block"; more_set_headers "X-Frame-Options: sameorigin"; more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "X-Secure-Connection: true"; more_set_headers "Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'self' 'unsafe-eval' www.google-analytics.com ajax.google apis.com; img-src 'self' data: blob: filesystem: www.google-analytics.com;"; # examples with add_header add_header Strict-Transport-Security max-age=315360000; With "headers" module, in apache. You can activate headers module with a2enmod # in htaccess, global configuration, virtualhost configuration and per Directory. Header set X-Content-Type-Options: "nosniff" Header set X-XSS-Protection: "1; mode=block" Header set X-Frame-Options: "sameorigin" Also, you can use headers for security through obscurity # examples more_set_headers "Server: Apache Tomcat"; more_set_headers "X-Powered-By: JSP/2.3"; More resources: - https://www.html5rocks.com/en/tutorials/security/content-security-policy/ - https://www.w3.org/TR/CSP/#framework - http://www.dotnetnoob.com/2012/09/security-through-http-response-headers.html

Bun venit! ai grija

uite o chestie interesanta pe care poti sa o faci cu lista de email

Si eu sunt mandru ca sunt roman, o sa va spun si de ce. Dupa ce am facut o facultate in Romania si gramada de cursuri si specializari diverse, am constatat ca nu imi pot gasi un loc de munca decent care sa-mi aduca satisfactie, asa ca mi-am deschis o firma care dupa mai putin de 2 ani am inchis-o pentru ca mi-am dat seama ca statul imi ia practic 70-80% din venituri iar eu raman cu MULT prea putin din munca mea. Am plecat prin Franta, am lucrat o scurta perioada de timp si apoi m-am mutat in Germania. Am deschis acolo o firma pe care am ridicat-o la un venit de peste 350.000 euro/anual (de la 0). Facusem in jur de +3000 clienti si ma gandeam sa ma extind, asa ca am mai deschis o firma in UK (filiala a celei din Germania) si am venit in Romania dupa aproape 5 ani cu gandul sa deschid si aici, sa angajez 2-3 studenti, sa inchiriez un spatiu frumos si sa facem o treaba. Plateam la furnizori de internet / servicii diverse din Romania in jur de 15.000 de euro (practic, era o investitie a unei firme Germane in Romania). Dupa exact 10 luni in care pregatisem toate cele, m-au arestat, au confiscat in mod abuziv toate echipamentele companiei Germane (cu datele clientilor) si s-au pisat pe mine. Deci, vreo 5 ani de munca pierduti, peste 3000 de clienti ramasi cu ochii in soare si inchis cu niste talhari, violatori, spargatori de apartamente si un pedofil. Great Chiar sunt mandru ca sunt roman. Mi-a oferit prea multe Romania sa nu fiu mandru. Am o socoteala de incheiat cu statul Roman apoi o sa pun degetul pe harta sa vad unde pot merge. Chiar si cetatenie de UNGUR daca imi iau, tot o sa fiu multumit ca nu o sa mai am acte in care sa scrie "CETATEAN ROMAN". Va doresc mult noroc, voua, celor iubitori de patrie.

Ma indoiesc ca tiganii vor mai fi in minoritate pentru mult timp in Romania, va fi exact ca si in Kosovo, unde Albanezii (tot neam de tigani) fac 2-3-4 copii in timp ce sarbii fac 1 maxim 2 (si asta daca au cu sa ii hraneasca). Este tara noastra vestita pentru munca depusa de un tigan? Nu Au contribuit cu ceva tiganii la imaginea tarii? Nu, chiar in defavoarea ei. Platesc taxe? Nu. Au venituri ilegale din furt, talharii, amenzi si taxe de protectie, inselatorii si deduceri ilegale de tva. Eu ii stiu prea bine pe tigani, cat timp le dai o singura sansa, cat timp nu esti o secunda atent vor incerca sa fure si vor argumenta mereu ca tu incerci sa ii furi pe ei si vor fi cu gura mare. Cine sustine tiganii reprezinta un pericol pentru siguranta nationala si este o javra, un trantor, un inutil, o jigodie. Daca tot este democratie iar majoritatea nu ii vrea, de ce mama dracu ne sunt bagati pe gat? Iliescu este un criminal si o cioara infecta ca si prietenul lui Petre Roman, ca si Antena3 si "domnul cu barba" ca si restul celor ce sustin cuvantul "ROM". Tiganii nu sunt romi, sunt CIORI, SUNT TIGANII, SUNT PLEBEA SOCIETATII!

Auzi, nenea, mamaia ta e tigan ? )))) - Cati Romani cu palate vezi ? - Cum poti admite ca o cioara fara ocupatie si fara meserie, fost sclav la origine pe plantatiile de bumbac are PALAT si e plin de aur? E nevoie sa iti deseneze oamenii ca veniturile lui sunt ilicite? - Cati tigani lautari contribuie la stat cu taxe si impozite ? Te-ai intrebat vreodata ca in urma neplatii impozitelor are de suferit un popor intreg ? (citeste despre inflatie si cauzele ei) - Cati c?cati de tigani care nu stiu sa scrie sau sa citeasca au permis de conducere in Tara Româneasca ? Oare cum o fi luat proba de legislatie ? - Cati tigani ai vazut sa se trezeasca la ora 6, sa bea o cafea infecta si slaba precum un ceai de sireturi si sa plece la serviciu pentru 130 de euro/lunar (600 roni) ? - Cate corturi cu Români ai vazut in Franta, Belgia, Olanda, Germania, Danemarca ... ? Sau cati cersetori Români ? - Nu te doare inima cand treci cu bicicleta pe langa o cioara semi-analfabeta care este la volanul unui Mercedes, timp in care tu ai stat 5 ani la facultate, cate 10-12 ore pe zi? (de multe ori nemancat si fara un leu nenorocit in buzunar) - Arata-mi si mie o bâhnita de cioara cu masterat; Eu stiu Români care mergeau la facultate si nu aveau bani nici macar sa-si cumpere un covrig comunist. Oare ei de ce nu s-au apucat de furturi, talharii ? Iti spun eu: Ciorile au genetic asta si ar trebui deportate in Siberia sau batute in cuie pe gard si pârjonite de vii cu arzatorul. - Unde sloboz sunt tiganii discriminati in Romania ? Nu cumva sunt discriminati Românii? Prima lege care s-a dat in România de catre Ion Iliescu, a fost "sa se dea aurul inapoi tiganilor". Cum inapoi ? De unde il aveau daca ei au fost sclavi pana in 1956?! Au spus ca aurul a fost mostenire; mostenire de la cine ? Tiganii erau Sclavi in Tara Româneasca inca din 1240! "Elementele neromanesti sa-si dea seama ca aici nu este o tara oarecare, ci este mosia unui neam" - Nicolae Iorga. Daca vrei, iti si desenez. Cel mai cinstit tigan, e tiganul mort. (ala cu toporul infipt in cap)

Malwarebytes Premium 3.0.4.1269 Multilingual + License Key FiLE SiZE: 71.26 MB INFORMATION Malwarebytes Premium 3 - Makes antivirus obsolete! Four layers of malware-crushing tech. Smarter detection. Specialized ransomware protection. It's the security youâ™ve been looking for. Real-time protection Detects malware automatically, before it can infect. Anti-exploit Shields vulnerable systems and software from exploit attacks. Anti-ransomware Stops ransomware attacks before your data is held hostage. Malicious website protection Prevents access to and from known malicious webpages. Anti-malware/Anti-spyware Detects and removes malware and advanced threats. Anti-rootkit Removes rootkits and repairs the files they damage. What it does for you: Protects you from advanced threats Detects and removes malware in real-time with advanced anti-malware, anti-spyware, and anti-rootkit technology. Scans for the newest and most dangerous threats automatically, so youâ™re protected without having to even think about it. Protects your files from being locked and held for ransom Stops unknown and known ransomware with proprietary next-gen technology that works proactively to shield your files. This is a powerful, comprehensive defense that blocks ransomware, and not a simple decryption tool. So youâ™re protected from tomorrowâ™s "Ransomware Attack!" headlines today. Prevents your programs from being used against you Wraps your browser and software programs in four layers of defense, stopping attacks that use vulnerabilities in those programs to infect your computer. Protects you from fake and infected websites Detects and prevents contact with fake websites and malicious links. You are proactively protected from downloading malware, hacking attempts, and infected advertising. Worried about wandering into a "bad" Internet neighborhood? Now you donâ™t have to be. Scans faster, scans smarter Lightning-fast Hyper Scan mode targets only the threats that are currently active. Faster analysis. Still gets results. Run a scan in the background while you boot up your favorite game. It's done by the time you're ready to play. What's New ? Software Requirements: • Windows 10 (32/64-bit) • Windows 8.1 (32/64-bit) • Windows 8 (32/64-bit) • Windows 7 (32/64-bit) • Windows Vista (Service Pack 1 or later, 32/64-bit)* • Windows XP (Service Pack 3 or later, 32-bit only)* • Active Internet connection SCREENSHOTS 1 LiNKS | Part 1 GB | NO CRC | NO PASS http://rapidgator.net/file/a7a410989fd32e7f09025c96ce14ba13/Malwarebytes_Premium_3_0_4_1269_Multilingual_License_Key.rar.html If you like my post, don't forget to say Thanks and help keep the thread alive. Thanks You!