Leaderboard

'Do I really need to give this website so much about me?' That's exactly what I usually think after filling but before submitting a web form online asking for my personal details to continue. I am sure most of you would either close the whole tab or would edit already typed details (or filled up by browser's auto-fill feature) before clicking 'Submit' — Isn't it? But closing the tab or editing your information hardly makes any difference because as soon as you have typed or auto-filled anything into the online form, the website captures it automatically in the background using JavaScript, even if you haven't clicked the Submit button. During an investigation, Gizmodo has discovered that code from NaviStone used by hundreds of websites, invisibly grabs each piece of information as you fill it out in a web form before you could hit 'Send' or 'Submit.' NaviStone is an Ohio-based startup that advertises itself as a service to unmask anonymous website visitors and find out their home addresses. There are at least 100 websites that are using NaviStone's code, according to BuiltWith, a service that tells you what tech sites employ. Gizmodo tested dozens of those websites and found that majority of sites captured visitors' email addresses only, but some websites also captured their personal information, like home addresses and other typed or auto-filled information. How Websites Collect 'Data' Before Submitting Web Forms Using JavaScript, the websites in question were sending user's typed or auto-filled information of an online form to a server at "murdoog.com," which is owned by NaviStone, leaving no option for people who immediately change their minds and close the page. When the publication asked NaviStone that how it unmasks anonymous website visitors, the company denied revealing anything, saying that "its technology is proprietary and awaiting a patent." However, when asked whether email addresses are gathered in order to identify the person and their home addresses, the company's chief operating officer Allen Abbott said NaviStone does not "use email addresses in any way to link with postal addresses or any other form of PII [Personal Identifiable Information]." Some websites using NaviStone's code are collecting information on visitors who are not even their customers and do not share any relationship with the companies. After the story had gone live, NaviStone agreed to no longer collect email addresses from visitors this way, as Abbott said, "While we believe our technology has been appropriately used, we have decided to change the system operation such that email addresses are not captured until the visitor hits the 'submit' button." Disable Auto-Fill; It’s Leaking Your Information! In order to protect yourself from such websites collecting your data without your consent, you should consider disabling auto-fill form feature, which is turned on by default, in your browser, password manager or extension settings. At the beginning this year, we also warned you about the Auto-fill feature, which automatically fills out web form based on data you have previously entered in similar fields but can be misused by attackers hiding fields (out of sight) in the web form and stealing your personal information without your knowledge. Here's how to turn this feature off in Chrome: Go to Settings → Show Advanced Settings at the bottom, and under the Passwords and Forms section uncheck Enable Autofill box to fill out web forms with a single click. In Opera, go to Settings → Autofill and turn it off. In Safari, go to Preferences and click on AutoFill to turn it off. Also, think twice before filling your details into any web form, before it gets too late. Via thehackernews.com

MySQL-G0ld This program issues brute force attacks against a MySQL Server, supply a CRLF wordlist. MySQL daemon should not have Remote MySQL enabled nor be exposed to the public internet. Think LAN, Privilege escalation, shared hosting attacks etc. Attack modes: Password spray / Basic File Hash: d3e11a2d0234cab7c9244c26d61004cc Language: C Credits: John Page aka hyp3rlinx apparitionsec@gmail.com hyp3rlinx.altervista.org https://www.virustotal.com/en/file/83f52d719bbd8cae5187c862531888ead03c7e5da7eb1ba1f50ad095b8cfef54/analysis/1498037868/ Download MySQL-G0ld.zip (85.7 KB)

Combinat cu https://github.com/anttiviljami/browser-autofill-phishing se poate face ceva interesant.

Pai ce faci ma nene ma? De aici

Hidviz Hidviz is a GUI application for in-depth analysis of USB HID class devices. The 2 main usecases of this aplication are reverse-engineering existing devices and developing new USB HID devices. USB HID class consists of many possible devices, e.g. mice, keyboards, joysticks and gamepads. But that's not all! There are more exotic HID devices, e.g. weather stations, medical equipment (thermometers, blood pressure monitors) or even simulation devices (think of flight sticks!). 1) Building Hidviz can be built on various platforms where following prerequisities can be obtained. Currently only Fedora, Ubuntu and MSYS2/Windows are supported and build guide is available for them. 1.1) Prerequisities C++ compiler with C++14 support libusb 1.0 (can be called libusbx in you distro) protobuf (v2 is enough) Qt5 base CMake (>=3.2) 1.1.1) Installing prerequisities on Fedora sudo dnf install gcc-c++ gcc qt5-qtbase-devel protobuf-devel libusbx-devel 1.1.2) Installing prerequisities on Ubuntu sudo apt-get install build-essential qtbase5-dev libprotobuf-dev protobuf-compiler libusb-1.0-0-dev Note that Ubuntu 14.04 LTS has old gcc unable to build hidviz, you need to install at least gcc 5. 1.1.3) Installing prerequisities on MSYS2/Windows Please note hidviz is primarily developed on Linux and we currently don't have Windows CI therefore Windows build can be broken at any time. If you find so, please create an issue. If you do not have MSYS2 installed, firstly follow this guide to install MSYS2. pacman -S git mingw-w64-x86_64-cmake mingw-w64-x86_64-qt5 mingw-w64-x86_64-libusb \ mingw-w64-x86_64-protobuf mingw-w64-x86_64-protobuf-c mingw-w64-x86_64-toolchain \ make 1.2) Clone and prepare out of source build Firstly you need to obtain sources from git and prepare directory for out of source build: git clone --recursive https://github.com/ondrejbudai/hidviz.git mkdir hidviz/build cd hidviz/build Please note you have to do recursive clone. 1.3) Configuring 1.2.1) Configuring on Fedora/Ubuntu (Linux) cmake .. 1.2.2) Configuring on MSYS2/Windows cmake -G "Unix Makefiles" .. 1.4) Build make -j$(nproc) If you are doing MSYS2 build, check before build you are using MinGW32/64 shell, otherwise the build process won't work. More information can be found here. 2) Running To run this project you need build/hidviz as you current directory for hidviz to work properly! After successful build you need to run cd hidviz ./hidviz 2) Running on Windows 3) Installing Not yet available 4) License Hidviz is license under GPLv3+. For more information see LICENSE file. Sursa: https://github.com/ondrejbudai/hidviz/

Stiu cazuri reale de salarii de minim 1000 de euro lunar, in cluj. Multe. Oameni care abia au inceput facultatea. Eu am avut salariul asta pe clasa a 12 a E simplu. 1. Freelancing, pana reusesti sa ai minim 200 de ore lucrate pe $15-20 / ora . Pe oDesk, Elance sau Freelancer. Sau te angajezi pe salariul de incepator pana faci experienta, doar ca daca vrei sa cresti acelerat, freelancing. 2. Profil de github, cu proiecte cu cod in ele. Majoritatea firmelor mari se uita la detaliile astea. 3. Profil de linkdin complet. 4. MVC / OOP ar trebui sa fie lucruri atat de normale, incat le-ai cataloga direct programare, PHP 4 ar trebui sa fie un banc pentru tine. 5. Eu am lucrat luni intregi "moca" la proiecte personale sa invat lucruri noi, ar fi ok sa fie macar un hobby lucrul la proiectele personale, pentru ca alea te fac sa plutesti si sa "fii la zi" 6. Minim 3 - 4 bloguri / newsletters pe care sa le urmaresti sa fii la zi cu technologiile. Acum, hai sa incep sa va explic ceva. Legat de firmele mari. Calculele urmatoarea is facute la Senior Developer level, in Romania. O firma mare factureaza in jur de 15 - 25 de euro pe ora. ( Realistic vorbind, si asta se intampla in general ) Asta inseamna ca tu daca lucrezi la ei 160 de ore ( 40 * 4 ), le aduci un venit in jur de 2400 - 4000 euro. Realistic vorbind, acum ei isi permit sa te platesca cu 1 - 2000 de euro, si hai sa-ti explic de ce. - Bug Fixing, clar apare, si clientul deobicei NU e facturat pentru asa ceva, in caz ca ai fost "prala", obosit, sau pur si simplu nu ti-ai dat seama de bug, trebuie sa lucrezi probabil cateva ore sa le repari. - Poate nu ai proiect pentru 1 saptamana, chiar daca stai la birou si joci Minecraft / Pirate Kings / Facebook / 9GAG, tot iti iei salariul, siguranta asta trebuie sa vina de undeva. - Poate sunt mai multe proiecte deschise care sunt aproape gata si e ziua salariului, si firma cum e seriosa te plateste la timp. - Spatiul - Curent - Internet. Acum, o firma te plateste in functie de cat esti de important, daca ai pretentii mai mari decat salariul care ti-l ofera cineva, simplu, ti-l faci singur si gata. Partea proasta e, ca ce scriu aici se aplica la foarte putini oameni, pentru ca "povestile" sunt frumoase, dar ca sa ajungi sa ai experienta si faci bani aia, trebuie sa iesi din zona de comfort ( cel putin, daca vrei sa ii faci cand esti ~ 20 ani ). P.S : Am mai vrut sa postez lucrul asta de N ori, dar m-am abtinut, deja m-am saturat de discutiile astea. Orice e posibil + toate lumea are salariul pentru care e dispus sa munceasca. E simplu.

Thanks for sharing combo io.kent

Up, sa nu se piarda.