Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 05/27/17 in all areas

  1. Web Development Limbaje WEB: PHP, Javascript Design: Bootstrap Template engine: Smarty Editare/Fixare/Optimizare: Wordpress Framework pentru scrapere: Simple HTML Dom Informatii -Accept proiecte de lunga durata cat si cele de scurta durata. -La orice proiect or sa se stabileasca toate detaliile la inceput cu clientul, nu se pot aduce new features pe durata proiectului.(Decat mici modificari) -Support-ul este FREE in totalitate. Prin support ma refer: instalare, fixare buguri, fixare MySQL, etc. -Preturile or sa fie stabilite in functie de timpul necesar proiectului si complexitatea sa. -Accept si job-uri unde primesc salariu lunar. -Accept si job-uri in care sunt platit pe ora. Portofoliu: -Ofer live preview la proiecte in privat sau prin TeamViewer(Nu am voie sa las link-ul companiilor dar pot arata poze.) Plata -BitCoin/Etherum -PayPal -Transfer Bancar -Paysafe Contact -ICQ: MOMENTANT NEDISPONIBIL -Telegram: @adicode -Skype: adicode32@outlook.com -Jabber: adicode@404.city **Nu lasa-ti mesaje gen "ti-am dat add", "cat m-ar costa?", "poti face asta?" in topic, va rog frumos. Astept orice intrebare in PM sau pe una din retelele de mai sus. Multumesc.
    2 points
  2. Researchers warned that subtitles can be hacked and made malicious, allowing attackers to take complete control of devices running vulnerable versions of Kodi, Popcorn Time and VLC. Do you use Kodi, Popcorn Time, VLC or Stremio? Do you use subtitles while you watch? If so, then you need to update the platform as Check Point researchers revealed that not all subtitles are benign text files and hackers can remotely take control of any device running vulnerable software via malicious subtitles. The attack is not in the wild, since Check Point developed the proof of concept attack vector; however, with news of the attack vector and an estimated 200 million video players and streaming apps running vulnerable software, attackers might jump on the malicious subtitle wagon to gain remote access to victims’ systems. Check Point pointed out that Kodi has nearly 40 million visitors per month, VLC has over 170 million downloads and Popcorn Time likely also has millions of viewers. With all being vulnerable, researchers called the malicious subtitle attack “one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.” Subtitles are often treated as a trusted source, automatically downloading from third-party repositories. There are dozens of subtitle formats and numerous shared online repositories like OpenSubtitles.org. The repositories can be gamed, allowing attackers “to take complete control over the entire subtitle supply chain.” After an attacker manipulates subtitle rankings, a subtitle with malicious code would have the highest rank and automatically be downloaded without any user interaction required or even a man-in-the-middle attack. In different attack scenarios, instead of a video player or streamer automatically downloading the malicious subtitle file, a user can be tricked to visit a site using one of the vulnerable players or opting to download a tainted subtitle file to use with a video. You can see Check Point’s proof of concept attack in the video below. Do you use Kodi, Popcorn Time, VLC or Stremio? Do you use subtitles while you watch? If so, then you need to update the platform as Check Point researchers revealed that not all subtitles are benign text files and hackers can remotely take control of any device running vulnerable software via malicious subtitles. The attack is not in the wild, since Check Point developed the proof of concept attack vector; however, with news of the attack vector and an estimated 200 million video players and streaming apps running vulnerable software, attackers might jump on the malicious subtitle wagon to gain remote access to victims’ systems. Check Point pointed out that Kodi has nearly 40 million visitors per month, VLC has over 170 million downloads and Popcorn Time likely also has millions of viewers. With all being vulnerable, researchers called the malicious subtitle attack “one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.” Subtitles are often treated as a trusted source, automatically downloading from third-party repositories. There are dozens of subtitle formats and numerous shared online repositories like OpenSubtitles.org. The repositories can be gamed, allowing attackers “to take complete control over the entire subtitle supply chain.” After an attacker manipulates subtitle rankings, a subtitle with malicious code would have the highest rank and automatically be downloaded without any user interaction required or even a man-in-the-middle attack. In different attack scenarios, instead of a video player or streamer automatically downloading the malicious subtitle file, a user can be tricked to visit a site using one of the vulnerable players or opting to download a tainted subtitle file to use with a video. You can see Check Point’s proof of concept attack in the video below. Check Point summarized the damage as: The attack vector “relies heavily on the poor state of security in the way various media players process subtitle files and the large number of subtitle formats.” The researchers added, “Media players often need to parse together multiple subtitle formats to ensure coverage and provide a better user experience, with each media player using a different method. Like other, similar situations which involve fragmented software, this results in numerous distinct vulnerabilities.” Check Point isn’t giving out too many technical details on how to pull off the attack, since the company believes there are similar flaws in other media players. However, Kodi, VLC, Popcorn Time and Stremio were all contacted and have issued fixes for the vulnerability. After Kodi rolled out a fix, XBMC Foundation’s Project lead Martijn Kaijser urged Kodi users to install the newest version as “any previous Kodi version will not get any security patch.” Via networkworld.com
    2 points
  3. Pentru prima data chiar vor fi "horny mature women in your area"
    2 points
  4. The team details what they call “cloak and dagger” exploits which can take over the UI of most versions of Android (including 7.1.2). Given it’s nature, it is difficult to fix and also difficult to detect. Cloak and Dagger is an exploit that takes advantage of two permissions in order to take control the UI without giving the user a chance to notice the malicious activity. The attack uses two permissions: SYSTEM_ALERT_WINDOW (“draw on top“) and BIND_ACCESSIBILITY_SERVICE (“a11y“) that are very commonly used in Android apps. We have outlined this in the past, but what makes this vulnerability so acute is the fact that applications requesting SYSTEM_ALERT_WINDOW are automatically granted this permission when installed via the Google Play Store. As for enabling an Accessibility Service, a malicious application is able to quite easily socially engineer a user into granting it. The malicious application could even be set up to use an Accessibility Service for a semi-legitimate purpose, such as monitoring when certain applications are open to change certain settings. Once these two permissions have been granted, the number of attacks that could occur are numerous. Stealing of PINs, two-factor authentication tokens, passwords, or even denial-of-service attacks are all possible. This is thanks to the combination of overlays to trick the user into thinking they are interacting with a legitimate app and the Accessibility Service being used to intercept text and touch input (or relay its own input). We theorized such a vulnerability a few months back, wherein we would create a proof-of-concept application that uses SYSTEM_ALERT_WINDOW and BIND_ACCESSIBILITY_SERVICE in order to draw an overlay over the password entry screen in the XDA Labs app and intercept key input to swipe passwords. This application we envisioned would be an auto-rotation managing application which would use an overlay for the purposes of drawing an invisible box on screen to control rotation (rather than request WRITE_SETTINGS which would raise flags) and an Accessibility service to allow the user to control auto-rotate profiles on a per-app basis. In theory, this would be one example of an application using “cloak-and-dagger.” However, none among our team were willing to risk their developer accounts by challenging Google’s automated app scanning systems to see if our proof-of-concept exploit would be allowed on the Play Store. In any case, these researchers did the work and submitted test applications to prove that the use of these two permissions can indeed be a major security issue: As you can see, the attacks are invisible to users and allow full control over the device. Currently all versions of Android starting from Android 5.1.1 to Android 7.1.2 are vulnerable to this exploit, given the fact that it takes advantage of two permissions otherwise used for completely legitimate purposes. Don’t expect a true fix for this issue to come to your device anytime soon, though it should be noted that the changes made to SYSTEM_ALERT_WINDOW in Android O will partially address this flaw by disallowing malicious apps from completely drawing over the entire screen. Furthermore, Android O now alerts with via notification if an application is actively drawing an overlay. With these two changes, it’s less likely that a malicious application can get away with the exploit if the user is attentive. How do you protect yourself on versions before Android O? As always, install only apps that you trust from sources that you trust. Make sure the permissions they request line up with what you expect. As for the hundreds of millions of regular users out there, according to a Google spokesperson Play Store Protect will also provide necessary fixes to prevent the cloak and dagger attacks. How exactly it will accomplish this is unclear, but hopefully it involves some way of detecting when these two permissions are being used maliciously. I doubt that it would be able to detect all such cases, though, so in any case it’s best for you to monitor what permissions are being granted to each application you install. SOURCE: https://www.xda-developers.com/cloak-and-dagger-exploit-uses-overlays-and-accessibility-services-to-hijack-the-system/
    1 point
  5. Mie mi s-a intamplat problema asta odata anul trecut prin august, si a doua oara acum o luna. Chiar daca aveam un cont personal, verificat cu proof of address si ID, mi-au cerut diverse date despre dovezile de livrare a bunurilor, fiind un raspuns automat al PayPal din pricina numarului mare de tranzactii pe o perioada scurta de timp (aparent de la 200 de tranzactii pe luna in sus esti considerat business si trebuie sa oferi documentele si dovezile de livrare a bunurilor) . Cu cazul de anul trecut mi-am batut capul, am vorbit si am ajuns la inchiderea contului si blocarea banilor timp de jumatate de an, ce i-am putut recupera in primavara asta. Daca nu esti din US si esti persoana fizica, aici gasesti singurul document pe care poti sa-l dai: https://www.irs.gov/pub/irs-pdf/fw8ben.pdf Part I, fill out all fields. Line 5 and 7 can often be left blank, if applicable. Part 2 - Skip Part 3 - Sign and date the form. la 6 Foreign tax identifying number (see instructions) este CNP-ul tau .
    1 point
  6. [*] Hack instagram accounts with bruteforce [*] for more proxy - go to https://www.torvpn.com/en/proxy-list Download instahack-master.zip Source
    1 point
  7. Thank You for Taking our Survey!
    1 point
  8. Thank You for Taking our Survey!
    1 point
  9. La ce facultate esti ? Intreb pentru ca, chestionarul nu e facut cum trebuie, ti l-a corectat vreun profesor ? Nu stiu ce rapoarte iti ofera site-ul ala, dar stiu ca era ceva cu isurvey care iti dadea niste rapoarte in excel pe care trebuia doar sa le dai copy-paste in spss, asta in cazul in care ai nevoie.
    1 point
  10. O sa vedem oferta de la Telekom "Come to us, we offer free access to your favourite video-girl"
    1 point
  11. De ce nu mai ai studiou si acum ? Nu mai merge ? Ce s-a intamplat ? E ilegal la noi in Romania ca mai vedeam pe la TV ca ii luau mascatii pe astia cu videochaturile lor ? Offshore nu se poate ?
    1 point
  12. Bai Florine, sa imi bag pula in bafta ta ca tot feed-ul l-ai umplut cu rahatul asta.
    1 point
  13. Introduction This repository contains a library that allows native Linux programs to load and call functions from a Windows DLL. As a demonstration, I've ported Windows Defender to Linux. $ ./mpclient eicar.com main(): Scanning eicar.com... EngineScanCallback(): Scanning input EngineScanCallback(): Threat Virus:DOS/EICAR_Test_File identified. What works? The intention is to allow scalable and efficient fuzzing of self-contained Windows libraries on Linux. Good candidates might be video codecs, decompression libraries, virus scanners, image decoders, and so on. C++ exception dispatch and unwinding. Loading additional symbols from IDA. Debugging with gdb (including symbols), breakpoints, stack traces, etc. Runtime hooking and patching. Support for ASAN and Valgrind to detect subtle memory corruption bugs. If you need to add support for any external imports, writing stubs is usually quick and easy. Why? Distributed, scalable fuzzing on Windows can be challenging and inefficient. This is especially true for endpoint security products, which use complex interconnected components that span across kernel and user space. This often requires spinning up an entire virtualized Windows environment to fuzz them or collect coverage data. This is less of a problem on Linux, and I've found that porting components of Windows Antivirus products to Linux is often possible. This allows me to run the code I’m testing in minimal containers with very little overhead, and easily scale up testing. This is just personal opinion, but I also think Linux has better tools. ¯\_(ツ)_/¯ Windows Defender MsMpEng is the Malware Protection service that is enabled by default on Windows 8, 8.1, 10, Windows Server 2016, and so on. Additionally, Microsoft Security Essentials, System Centre Endpoint Protection and various other Microsoft security products share the same core engine. The core component of MsMpEng responsible for scanning and analysis is called mpengine. Mpengine is a vast and complex attack surface, comprising of handlers for dozens of esoteric archive formats, executable packers, full system emulators for various architectures and interpreters for various languages. All of this code is accessible to remote attackers. Source: https://github.com/taviso/loadlibrary
    1 point
  14. https://en.m.wikipedia.org/wiki/DLL_Hell
    1 point
  15. Facebook 200 share-uri - 5€ (share-urile vor fi facute in pagini, profile si grupuri) in general se obtin intre 10 k-100 K impresii pentru postare. Acest lucru variaza in functie de calitatea postarii si potentialul acesteia de a primi share-uri naturale. 1 K like-uri Romania- 10€ acestea se obtin din pop-uri pe site-uri, invitatii si promovarea postarilor prin share-uri deci sunt 100% utilizatori reali si activi 1 K like-uri International- 12 € (NU se poate trageta doar pe anumite tari) Facebook - Post / Photo Likes - 5 50 recenzii - 5 € (se adauga si mesaje personalizate nu doar 5 stele) 5 k membri grup/invitatii eveniment - 10 € contra taxei suplimentare de 2 €/mie se pot targeta femei/barbati cu o rata de succes de 90% Youtube High Retention Views - 1 €/mie Video Likes 8 €/mie Subscribers (+90% romania) 10€/mie preturile sunt usor negociabile pentru comenzile ce depasesc 50€. primii 3 membri cu vechime si min 100 postari utile beneficiaza de reducere 30%. skype: sttoshiba@hotmail.com
    1 point
×
×
  • Create New...