Leaderboard

Practical JSONP Injection January 18, 2017 Petre Popescu JSONP injection is a lesser known but quite widespread and dangerous vulnerability and it surfaced in the last years due to the high rate of adoption of JSON, web APIs and the urging need for cross-domain communications. What is JSONP? Assuming everybody knows what JSON is, let’s talk a little about JSONP. JSONP comes from JSON with Padding and it was created in order to bypass common restrictions such as Same-origin Policy which is enforced for XMLHttpRequest (AJAX requests). Let’s take an example. Our online banking application, http://verysecurebank.ro, has implemented an API call that returns the current user’s transactions. An HTTP request to the http://verysecurebank.ro/getAccountTransactions endpoint presents us with the transactions, JSON formatted: If our reports application, accessible at http://reports.verysecurebank.ro wants to get the transaction details, an AJAX call to the page won’t be possible, due to Same-origin Policy being in effect (different host). To get around this problem, JSONP came into play. Since Cross-domain script inclusion (mostly used to externally load JavaScript libraries such as jQuery, AngularJS etc.) is allowed, but not recommended, a smart trick apparently solved the entire equation: prepending the response with a callback. Note: even if it might be obvious, it’s worth mentioning that when including a script cross-domain, it will run in the context of the including application, not in the source’s context. Adding a callback to the API response, wrapped around the JSON formatted data, allows us to load the API response between script tags and get its content by defining our own callback function to handle it. Articol: https://securitycafe.ro/2017/01/18/practical-jsonp-injection/

Vad ca tara asta scoate pe banda rulanta numai panselute care sunt stresate de deadline-uri si de invatat lucruri noi. Te astepti sa citesti un tutorial si sa lucrezi 4 ore pe zi cu pauze de masaj si piscina pentru mii de euro pe luna? E un mediu competitiv, dar creierul uman e facut sa invete. Te plafonezi, freci menta, poti sa mergi la spart seminte in fata blocului si e lejer. Si nu poti compara stresul de programator cu cel de neurochirurg. Nu e mare branza daca aprozarul tau online sau jocul tau de spart baloane e cu bug-uri sau apare o luna mai tarziu. Iti trebuie mult mai multe decat o mana ferma. Trebuie si rezistenta la stres, sa iei decizii rapide in situatii critice, concentrare timp de ore intregi, fara pauze de cafea sau tigara. Toate astea in timp ce ai viata unui om in mainile tale. O scapare si il paralizezi sau omori. Si nu te poti juca asa cu vietile oamenilor ca vine altul la rand, nu e chiar asa: malpraxis, puscarie, constiinta. In plus, exista cercetari continue si in domeniul neurochirurgiei: tehnici, studii, instrumente. Creierul nu e acelasi, difera de la om la om: probleme genetice, schimbari datorita stilului de viata, mediului. Deci ar fi destul de studiat. Si astea ca sa poata salva viata programatorului stresat caruia ii explodeaza un vas de sange la cap pentru ca bea 2 bidoane de cola pe zi si mananca numai shaorma cu cartofi prajiti pentru ca e stresat si nu are timp de nimic altceva. Poti fi programator si fara sa iti pierzi noptile sau sa fii virgin la 30 de ani. Totul depinde de prioritati si echilibru.

De aici isi da seama oricine ca esti retardat si se opreste din citit. " Orice neurochirurg cu experienta are mii de morti "

danke @wHoIS

https://www.cia.gov/library/readingroom/collection/crest-25-year-program-archive The records include intelligence briefings, research papers, UFO sightings and psychic experiments. The full archive is made up of almost 800,000 files.

In sfarsit ceva nou.

Cred ca se elucideaza totul printr-o analogie simpla: In IT poti sa faci reverse engineering la orice, o iei de la un software backwards si treci prin ASM, kernel, tranzistori, curent electric. Poti cu cunostintele actuale sa intelegi fiecare celula din care e compus un PC si sa rezolvi in timp finit orice problema, "mister", sa tratezi orice "virus", pentru ca e dezvoltat de om :). On the other hand, in ceea ce priveste corpul uman suntem departe rau de a avea acelasi knowledge (vezi ADN, boli fara tratament, etc.). La un om nu prea ai cum sa faci teste de integrare in timpul operatiei, inainte sa-i dai deploy in productie. ---------------------------------------------------------------------------------------------------- Cred ca problemele mentale si stresul in IT apar cu preponderenta nu din cauza naturii dinamice a IT-ului ci din prisma faptului ca majoritatea incearca sa stie (pretind ca stiu) pe cat se poate de multe tehnologii, tool-uri, etc. si ajungi in punctul in care ti se cer chestii care imbina multe dintre ele pe care tu te-ai vandut "bun cunoscator" (si ai fost angajat rapid pentru ca inflatia e mare in IT si cererea de lucru nu se acopera nicidoata) si clachezi (stres, deadlineuri "imposibile"), tu fiind jack of all trades, master of none. IT-ul ar trebui tratat precum trateaza nemtii orice meserie, iti alegi o substructura a lui si te specializezi pe aceea si acolo profesezi (nu evolueaza niciodata limbajele si tehnologiile atat de rapid astfel incat, daca te axezi pe 1, 2, sa nu poti tine pasul lejer). Nu stiu in alte tari cum sta treaba cu raportul stres/ITist, dar cred ca romanii sunt fruntasi ca romanu-i bun la toate.

Salut, Am migrat catre un server nou, ceea ce inseamna ca pot sa apara diferite probleme. Postati aici ce fel de probleme intalniti si le vom repara cat putem de repede. Thanks, // Nytro

I want to believe that all of you know about ImageMagick and its Tragick. This issue was found in the end of the April, 2016 and due to many processing plugins depends on the ImageMagick library this issue has a huge impact. Since there were evidences that information about this issue was available not only for researchers, who discovered it and ImageMagick’s development team, but also for others, on the 3rd of May, 2016 the information (without PoC) was disclosed. Many of researchers got this low-hanging fruit while discovering applications which were not updated in time. But for some unknowable reason i was not among them. But this was in May:) Read more...

buna, sunt foarte obosit si o de-abia astept sa ma pun dracu' la somn. ma cheama george, sunt agent sri sub acoperire, ok i am joking nu sunt sub acoperire. am 18 ani, liceean, plm de astea. in general imi place sa programez, orice limbaj, am logica asta a programarii si ma adaptez rapid la orice, dar imi place mai mult web. programez de cand eram mic, aveam cred ca 10 ani cand am intrat prima data intr-un limbaj (dar de-abia de la 14 ani mintea mea s-a "maturizat" suficient cat sa poata inteleaga programarea logic) bac 2017 incoming, n-am timp sa lucru, n-aveti idee ce dor imi este sa incep ceva sa lucru, doamne. dar ideea e ca dupa ce intru la o facultate vreau sa vad care e treaba cu noul Angular si cu typescript-ul si cu php 7 ma tenteaza sa invat reverse engineering, dar eu mereu vreau lucruri marete din prima si mna.. in rest, imi place design-ul, dar imi pare rau ca n-am o latura artistica, uneori cand am o idee si intru in ilustrator sau photoshop chiar ies lucruri faine. ma tenteaza din nou sa fac un film in 3ds max probabil cand o sa am 4 procesoare intel i7. nu am tangete cu lumea asta a cracking-ului, am invatat doar sa-mi securizez proiectele. ma duc sa fac limite, v-am pupat, in special pe @QuoVadis

De parca intereseaza pe cineva daca un programator e mai stresat decat un neurochirurg. Stirea era ca exista riscul ca IT-isti sa fie impozitati. By the way uite cine face legi, tot felul de secretare http://revistapresei.hotnews.ro/stiri-subiectele_zilei-21541691-cursdeguvernare-ordonanta-gratierii-lucrata-computer-cancelaria-lui-liviu-dragnea.htm Parca ne intorceam la inceputul anilor 2000.

E hacker, culege date, social engineering Am auzit ca tinta lui este sa puna shemale pe index

Eu as combina toate headerele "Accept" intr-unul singur. Nu cred ca va fi vreo problema daca faci asta, chiar din contra, asta in caz ca nu ai testat deja. Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5, application/javascript, */*;q=0.8, text/html, application/xhtml+xml, */*, application/json, text/javascript, */*; q=0.01 Desi, ca sa fiu sincer, as incerca si asta doar: Accept: */* Esti sigur ca fiecare redirect verifica headerele setate de cel de dinainte? Par destul de generice si nu au nimic iesti din comun prin ele. Poate de fapt fiecare pagina salveaza ceva in sesiune pe server, iar la final verifica daca ai trecut prin toate paginile.

Ba tu esti dus cu capul :)))))) Ce importanta are ?

legea e asa: Suma electro motoarelor = suma tensiunilor la ce ti-am dat eu e modelul simplul, Legile lui Ohm sunt facute dupa Kirckoff. Trebuie sa-ti alegi pe intreg circuitul un sens, (cercul ala), daca sensul trece prin borna mica prima oara se ia cu +, daca o ia prin borna mare e cu -. la fel si la intensitate, daca intensitatea merge in sensul care l-ai ales, se ia cu plus, daca e in sens contrar se ia cu minus asa se face la o schema electrica cu kir.

Salut, Ce server? Specificatii, configuratie. Edit: A picat mai devreme. Multumesc.

IT un mediu stresant? cine te-a pus puiule sa faci ce nu-ti place? eu fac aproape 8 ani de programare si nu m-am plans niciodata de stres in conditiile in care imi place ce fac.

nu stiu de ce toata lumea recomanda la inceput C la inceput, de parca C-ul ar fii miezul. da, e un limbaj de programare bun, dar nu pentru incepatori. tu fiind incepator trebuie sa inveti ce sunt functiile, variabile, cum se folosesc, cum faci un sistem, nu sa inveti ce e ala un pointer ca o sa-ti pierzi imediat interesul. nu mai zic ca in c rezultatele nu prea se vad, in comparatie cu programarea web rezultatele se vad imediat, faci ceva.. merge, si ai ambitia sa continui. eu iti recomand programarea web, n-ai nevoie sa instalezi prea multe (xampp), ai doua variante front-end (ce se vede) si back-end(ce nu se vede) dar eu zic sa te bagi pe front-end, pentru ca o sa vezi ca e frumos si o sa-ti placa. e o prostie sa te bagi in c++ si sa citesti sincer, o sa te plictisesti imediat si o sa renunti cu ideea ca programarea nu e de tine. si eu cand eram mic am avut tentativa sa invat c++, descarcasem o carte, dar imediat m-a plictisit. dupa ce inveti programarea la nivel general, incerci si alte limbaje.

In principiu ai nevoie de C/C++ si Python. Daca mergi pe ruta C: Ca sa te lamuresti singur daca asta e ceea ce vrei si sa vezi daca iti place asta iti recomand sa iti comanzi un kit de pe aliexpress. Ceva gen asta: https://www.aliexpress.com/item/The-Best-RFID-Starter-Kits-For-Arduino-Uno-R3-With-Tutorial-Power-Supply-Learning-Kit-US/32623852199.html Ai in pachet si un CD cu tutoriale cum sa folosesti tot de acolo si in plus ai si exemple de cod in IDE-ul de la Arduino. Daca mergi pe varianta Python: Aici recomand sa iti iei un raspbery pi si un set de senzori: https://www.robofun.ro/raspberry-pi-v3?search=raspberry&sub_category=true https://www.robofun.ro/raspberry-pi-si-componente/Kit-RASPBERRY-PI-B-pentru-incepatori Senzori gasesti mult mai ieftin pe Aliexpress doar ca dureaza cam o luna sau si mai mult sa ajunga in tara din China prin posta Sunt destul de multe diferente intre un arduino si un rasbperry in ceea ce priveste modul in care le programezi dar in principiu poti sa folosesti aceiasi senzori pentru ambele. Daca mergi pe varianta C + arduino, avantajul este ca gasesti foarte multe tutoriale si exemple pe net desii implementarea o sa ti se para mai grea. Daca mergi pe varianta Python + raspberry, avantajul este ca e mai usor de programat, gasesti si aici multe exemple dar e mai scump de achizitionat. Daca mergi pe varianta raspberry, poti sa programezi de asemenea in C si sa inveti si Linux. Pentru un incepator mi s-ar parea mai util sa invete C + arduino doar pentru ca sunt mai putine tehnologii de care sa te bati si ai totul intr-un ecosistem destul de liniar care nu iti permite asa multa flexibilitate dar asta este un avantaj pentru un incepator pentru ca ai mai putin spatiu sa faci greseli. Ar mai fi multe de discutat dar nu mai am timp acum sa scriu. Daca mai ai intrebari, scrie aici si o sa-ti raspund cand o sa am mai mult timp. Pentru acest domeniu, nu recomand alte limbaje decat cele mentionate mai sus.

C/C++ Edit: si foarte curand Go

Proiectul este in mare parte finalizat. @SilenTx0 lucreaza la ceva tutoriale care necesita timp. Motivul pentru care platforma nu este momentan live este ca tutorialele nu sunt gata. Daca un user isi face cont acum, iar noi vom adauga tutoriale apoi, va trebui sa facem downgrade acelui user. Va fi un sistem de badge-uri, rank, experience etc. Ca tot ai adus vorba de volutari, am avea nevoie de: - developeri care sa realizeze aplicatii reale, dar vulnerabile intr-un fel sau altul (nu conteaza limbajul) Ca si deadline, estimam ca la sfarsitul lui aprilie sa aiba loc releasul de Beta version. PS: Aveti in vedere faptul ca facem asta free, iar unii dintre noi au joburi, faculta, copii, plm. Aveti rabdare

https://codecombat.com/

Am fost abuzat direct proportional de un administrator de pe acest forum, cer dreptate! @bysnis Eu ti-am dat ban din cauza reclamatiilor din mediul astral adresate tie.

Cracking 12 Character & Above Passwords Combo & Hybrid Password Attacks January 8, 2017 · Hash Crack,Password Cracking,Cyber Security Cracking The 12+ Character Password Barrier, Literally 12 Characters? Are you serious?! What do I mean by cracking 12 characters passwords and above? I'm simply stating that with modern hardware, like the "budget" cracking rig, we can almost exhaustively search the highest probability keyspace for candidate passwords, against fast hashes like MD5, NTLM, SHA1, etc..., in a reasonable amount of time. Normally anything above 8 characters isn’t practical and/or feasible to brute force against standard fast hashing algorithms. When factoring in language and human peculiarities, like the average English word is only 4.79 characters long and people preferring multiple common words when creating 10 characters or longer passwords, you are within cracking distance of these passwords. For a quick reference guide to the various cracking tools and their usage check out Hash Crack on Amazon. Why are 12+ character passwords vulnerable? Practically speaking, people that manually create passwords above 10 characters, for the most part, use common words or phrases. Why do they do this? Because remembering the password "horsebattery123" is way easier than "GFj27ef8%k$39". It's just simple human behavior exhibiting path of least resistance that will always exist and, until auto-generating password managers gain mass adoption, this vulnerability will always be around. I agree that XKCD's password strength cartoon of four random words is sound but only for non-fast hashing algorithms like bcrypt. In this article we will demonstrate Combo and Hybrid Attacks using Hashcat that will expand your cracking knowledge toolkit. These examples will show how an attacker can efficiently attack this larger keyspace, with modern hardware, and make these so called strong passwords succumb to his cracking methodology. Combo & Hybrid Attack Background First a quick background of these attack methods: Combo Attack: all words in two dictionaries are appended to each other. EXAMPLE dictionary1.txt dictionary2.txt pass => password, passpass, passlion word => wordpass, wordword, wordlion lion => lionpass, lionword, lionlion Hybrid Attack: a dictionary attack but with the ability to append/prepend a brute-force mask. EXAMPLE dictionary.txt ?u?l?l pass => passAbc, passBcd, passCde word => wordAbc, wordBcd, wordCde lion => lionAbc, lionBcd, lionCde *password candidate generation order not completely accurate but you get the idea **further explanation can be found at the Hashcat website Combo Attack Let's look at how the Combo attack can help us with passwords that are English words appended to each other, and the best dictionary to get the job accomplished is Google's 10,000 most common words list. This is a list of the 10,000 most common English words in order of frequency, as determined by n-gram frequency analysis of the Google's Trillion Word Corpus. Now lets use an example of two randomly selected english words combined to form a 16 character password like shippingnovember. Here's how we would combo attack this password with Hashcat if it was hashed as an Md5: Example hashcat -a 1 -m 0 hash.txt google-10000.txt google-10000.txt By having Hashcat combine every word in this list to each other the password falls in less than 1 second using modern hardware. Not too shabby and this attack will still work reasonably well against some of the medium to slower hash types as well. Before the critics say, "Well you could just capitalize the words or add a digit or special character and you would be fine to form a new password like ShippingNovember. Well let us test that theory real quick. Let's combine that google-10000 dictionary into one single dictionary using Hashcat utils "combinator.bin". This allows us to manipulate the combined words with rules. Example combinator.bin google-10000.txt google-10000.txt > google-10000-combined.txt Now that we have our newly combined dictionary we can just run a rules based attack against the new modified password ShippingNovember using Hashcat like below: Example hashcat -a 0 -m 0 hash.txt google-10000-combined.txt -r best64.rule This one falls in 28 seconds, so much for that theory. And we could create rules to account for added special characters, non-traditional placement, 133t speek, etc... you get the point. 3 Words Now using the combined dictionary we just created let's go after a three word random phrase password like "securityobjectivesbulletin"...looks pretty strong right? But since we just created the new "google-10000-combined.txt" dictionary we can use the combo attack again like the following with double-words in the first dictionary and single words in the second dictionary: Example hashcat -a 1 -m 0 hash.txt google-10000-combined.txt google-10000.txt This one could have been a little more difficult if some character variation was added but as you can see the straight random english words fall in 2 seconds. Are you seeing a trend here yet? 4 Words Let's go big and attack the XKCD password instructions of four random english words to create a new password "sourceinterfacesgatheredartists". This addition of one more word just drastically increased our keyspace to 10,000,000,000,000,000 candidates, but just like the previous attacks it will fall, mostly because of us using MD5 as the hashing function. Again we will use our newly created "combined" dictionary twice and tell Hashcat to perform a combo attack: Example hashcat -a 1 -m 0 hash.txt google-10000-combined.txt google-10000-combined.txt This cracking attempt could have taken 4 days to complete, using modern hardware, but luckily we found the candidate just 5hrs 35mins into the cracking session. Simple modifications to this password like numbers or special characters in the middle would have made this password beyond our reach but again random common words is no match. Hybrid Attack Hybrid Attacks take a little more creativity to find interesting attack plans but it's so much fun when you find that perfect pattern. It's like gold mining for passwords, when you hit that rich vein of patterns and the passwords begin to scroll by in real-time in your terminal, you could almost levitate out of your seat. Google-10000 + Mask For the first example we will use our previous work from the Combo Attack demonstration and incorporate the google-10000.txt list to form the base words of our candidate generation. Then we are going to break out PACK (Password Analysis and Cracking Kit) and focus on the hashesorg251015.txt dictionary from weakpass.com. I picked the hashesorg dictionary because of its efficiency rating of 65.9 and its relatively small size. What we will do is analyze the hashesorg dataset and create masks based on the most popular password patterns constrained to a certain character length. These masks will be appended/prepended to our base words from google-10000.txt to form an efficient Hybrid Attack. PACK Example Generate initial mask statistics studying passwords of length 5-6 characters and output to a masks file. (Be aware this may take some time to generate) python statsgen.py hashesorg251015.txt --minlength=5 --maxlength=6 --hiderare -o hashesorg_5or6.masks Now let's output the masks into Hashcat format into a .hcmasks files so we can use them seamlessly within a Hashcat Hybrid Attack; PACK Example python maskgen.py hashesorg_5or6.masks --optindex -o hashesorg_5or6.hcmask We can now begin the Hybrid Attack using attack mode 6 in Hashcat to append the newly created hashesorg masks file. This will launch a sequential attack beginning with the first mask and working its way down the list. Some attacks will go very quickly and others could take a little more time. For testing purposes we will use a random password 'environmentsqaz472" we know will hit eventually during the attack. Example hashcat -a 6 -m 0 hash.txt google-1000.txt hashesorg_5or6.hcmask This attack took nearly 20 minutes before it eventually cracked reaching the mask ?l?l?l?d?d?d and then it hit with 14 seconds of starting that attack. Rockyou + Rockyou-1-60.hcmask Now let's use Hashcat's built-in mask derived from the Rockyou password dataset. The rockyou masks in Hashcat have been broken into smaller chunks that grow in size based on the numbering, which what I assume accounts for the percentage of passwords that fall within that category of masks. We are going to use the smallest .hcmask file rockyou-1-60 because it contains the higher probability masks and it works well with a Hybrid attack. We are also going to pair this with the actual Rockyou passwords which can be retrieved <HERE> at Skullsecurity. Be carefully when pairing with a dictionary to ensure the dictionary is not too large, otherwise your attacks will take a VERY long time. I like to keep my Hybrid dictionary size below 500MB and even smaller based on the masks I plan to append/prepend. Let's draw at random from the Rockyou dictionary the password "sophia**!" and we will add an arbitrary date just like a user would to the front of "1996". This leaves us with the password 1996sophia**! to test against. Again this attack is going to run through the lists of mask sequentially contained in the rockyou-1-60 dataset and append to them to every password contained in the Rockyou dictionary. Example hashcat -a 7 -m 0 hash.txt rockyou-1-60.hcmask rockyou.txt This attack hits on a mask of ?d?d?d?d after only a few minutes. Again this is for demonstration purposes but shows the process and power of generating Hybrid Attacks. The rockyou-1-60.hcmask contains 836 different masks representing the top occurrences in the rockyou.txt dictionary, and if that variation isn't enough for you Hashcat includes ALL the masks for the rockyou dataset. Cut First 5 Chars + Mask Let's get creative and create our own dictionary and masks to pair with a Hybrid Attack and since we learned that the average English word is 4.79 characters long we will make our dictionary contain words only up to 5 characters long. We will again use the rockyou.txt dictionary for this example. Here is an how we can chop the first 5 characters from the dictionary and sort it uniquely into our new first5_dict.txt dictionary. Depending on your hardware this may take some time to complete. You will also notice this new dictionary comes out to 18MB's in size which is a little on the small side for an attack against MD5 but would be perfect for a slower hash. Example cut -c 1-5 rockyou.txt | sort -u > first5_dict.txt Let's pair this new first5_dict.txt dictionary again with the rockyou-1-60 masks built into Hashcat. Now I know some candidates generated will be below 12 characters but you can always sort out the masks that are below 7 chars and create a new .hcmask file. Now again let's create a random password from the list we will chose Alty5 from the first5_dict.txt and random digits 9402847 to combine them into Alty59402847 Example hashcat -a 6 -m 0 hash.txt first5_dict.txt rockyou-1-60.hcmask This attack is especially effective against users who love using the same base words or digits for their passwords but append or prepend "randomness" to the passwords based on the account. This password falls within a total of 30mins. Straight Mask Attack 12 Chars + I know this isn't a Hybrid attack but it's worth mentioning that 12 character mask attacks are still reasonable, especially if you formulate them using the PACK tool. A 1 day attack (86400 seconds) can be formulated using the speed of your rig against a certain hash type, which can be measured by performing a hashcat -b -m #type from the terminal. Let's quickly show how to follow these steps to create a mask attack for passwords from 12 - 15 characters in length using PACK. Let's again use the rockyou.txt dictionary as an example to generate these masks, but let's first estimate the speed of our cracking rig against md5 hashes. Example (md5) hashcat -b -m 0 Now that we know our rigs cracking speed is 76 billion (76,000,000,000 c/s) let's create the new masks using PACK from the rockyou.txt dictionary. Example python statsgen.py rockyou.txt -o rockyou.masks We can now create our Hashcat hcmask file tailored to a 1 day (86400 seconds) cracking speed attack which covers character lengths of 12-15. Example pythong maskgen.py rockyou,masks --optindex --minlength=12 --maxlength=15 --targettime=86400 --pps=76000000000 -o rockyou_12-15.hcmask Now we can run a series of masks attacks using rockyou_12-15.hcmask against md5 hashes we know will complete within 1 days time. Pretty awesome right?! Example hashcat -a 3 -m 0 hash.txt rockyou_12-15.hcmask Conclusion So as you can see 12 character passwords are not that inconceivable to crack. It just takes a little finessing and a little creativity to formulate the correct strategy. Also don't always assume that since your password is above 11 characters that the online service you trusted with this password is going to hash it properly, thanks $4.8billion company Yahoo. I hope I've demonstrated that you need unique words, digits and not just four random common words all lowercased, and if you need more convincing check out my friend Troy Hunt's write-up <HERE>. If you are really smart you will begin using a password manager like 1Password or Keepass to generate and database your passwords across devices. I'd like to plug Dumpmon's twitter feed as a good place to find hashes to practice on for research purposes. You can follow me on Twitter @netmux, and lastly for a good pocket reference guide on cracking tool usage and syntax check out Hash Crack. "The cyber general who wins the battle makes many calculations in the terminal before hacking begins." - Cyber Sun Tzu Sursa: http://www.netmux.com/blog/cracking-12-character-above-passwords

Nu doar date personale: http://www.kryptowire.com/adups_security_analysis.html Informatia este aur si poate fi valorificata in mai multe feluri. In unele cazuri vei simti o diferenta (negativa) in altele nu. Dar de ce sa le faci viata usoara si sa te expui unui risc? Nu imi fac iluzii, totul este colectat si ascultat de servicii anyway dar macar este local si mai poti iesi in strada, mai futi niste picioare in cap, mai iei niste pulane in mecla, mai cu circ

binecuvantata fie pulimea

Unde e forta F? Deseneaza corpul pe plan, pune toate fortele si vezi ce se intampla. Daca nu iti dai seama, posteaza desenul aici. Asa se calculeaza Gx si Gy

Dar de ce ai ales capitolul mecanica? Era mai usor termodinamica + electricitate aveai doar 2 pagini cu formule pe care le retineai daca faceai cateva probleme.

In IT poti face reverse engineering la orice pt ca sunt specialisti:bietii programatori.Se cunoaste absolut orice.Capul bietului programator trebuie sa aiba 2 kilograme de stiinta.In neurochirurgie sunt amatori.Nu se cunoaste nici 10% din functiile creierului.Orice neurochirurg cu experienta are mii de morti.Credeti ca sta cineva sa-i planga pe pacienti?Ati vazut prea multe filme.El a incercat sa-l faca bine,sa-i scoata umflatura sau cheagul din creier,la fel cum scoate de zeci de ani de la mii de pacienti.Ce e asa extraordinar sa scoti bubite din creier?Te uiti la altul cum scoate bubite(specializarile in afara) si scoti si tu.Citesti o carte cu noile tehnici de scos bubite si aia e.Cazurile de malpraxis sunt musamalizate intre doctori.Doar daca nu bagi o bila de biliard in loc de creier sau stiu eu ce.Sau sa faci experiente pe pacienti.Si nici atunci.Risc zero. Nu sunteti stresati de deadline-uri si de invatat lucruri noi pentru ca sunteti tineri.Si in general,programarea e o stiinta noua.Dar o sa vedeti cum umplu spitalele de nebuni bietii programatori dupa ce ies la pensie. Ar trebui ca guvernul sa introduca grupa 1 de munca pentru programatori.Nu sa stai 4-5 ore in picioare e greu,ci 20 de ore pe scaun nemiscat cu ochii in monitor.Se aduna toate astea. De ce sa-i pui impozit pe venit unei categorii in care statul nu investeste nimic?Tot ce face programatorul face cu mintea,nu-i trebuie echipamente,infrastructura.Nu e medic sau profesor.