Leaderboard

During a black-box penetration test we encountered a Java web application which presented us with a login screen. Even though we managed to bypass the authentication mechanism, there was not much we could do. The attack surface was still pretty small, there were only a few things we could tamper with. 1. Identifying the entry point In the login page I noticed a hidden POST parameter that was being sent for every login request: <input type="hidden" name="com.ibm.faces.PARAM" value="rO0..." /> The famous Base64 rO0 (ac ed in HEX) confirmed us that we were dealing with a Base64 encoded Java serialized object. The Java object was actually an unencrypted JSF ViewState. Since deserialization vulnerabilities are notorious for their trickiness, I started messing with it. Full Article: https://securitycafe.ro/2017/11/03/tricking-java-serialization-for-a-treat/

l'd like to take his... his Face ID... off Video Apple's facial-recognition login system in its rather expensive iPhone X can be, it is claimed, fooled by a 3D printed mask, a couple of photos, and a blob of silicone. Bkav Corporation, an tech security biz with offices in the US and Singapore, specializes in bypassing facial-recognition systems, and set out to do the same with Face ID when it got hold of a $999 iPhone X earlier this month. The team took less than a week to apparently crack Cupertino's vaunted new security mechanism, demonstrating that miscreants can potentially unlock a phone with a mask of the owner's face. "Everything went much more easily than you expect. You can try it out with your own iPhone X, the phone shall recognize you even when you cover a half of your face," the biz said in an advisory last updated on Saturday. "It means the recognition mechanism is not as strict as you think, Apple seems to rely too much on Face ID's AI. We just need a half face to create the mask. It was even simpler than we ourselves had thought." After registering a person's face on the phone – and the handset should only unlock when it sees this face – the team built a 3D printed mask of the test subject using an off-the-shelf 3D printer. They then put 2D printouts of the user's eyes, upper cheekbones and lips over the mask and added a silicone nose for realism. The creation wasn't able to defeat Face ID at first, as other folks with the same idea have found. But by sculpting and shading the false nose on one side to imitate shadow – plus a few other tweaks – the team managed to use the mask to fool the iPhone X into unlocking, it is claimed. The hack was cheap – Bkav estimates the total cost in materials for a face to hoodwink Face ID was around $150. It acknowledged that the hack isn’t for everyone to try out. It requires an in-depth knowledge of how Apple's face-scanning software works and what the weak points in the system are. "With Face ID's being beaten by our mask, FBI, CIA, country leaders, leaders of major corporations, etc are the ones that need to know about the issue, because their devices are worth illegal unlock attempts," it said. "Exploitation is difficult for normal users, but simple for professional ones." The team is still researching how to crack the system more easily and refining their methods. In the meantime the biz advises sticking to fingerprints for biometric security. ® Via theregister.co.uk

(Fuck me, unde stateau gramada expertii in politica interna si administrativa. ) Doar pentru ca nu e in interesul lor sa-l opreasca/reduca la valori nesemnificative (deocamdata) nu inseamna ca nu o pot face prin diverse metode.

http://www59.zippyshare.com/v/p16jEWb8/file.html http://dropmefiles.com/1qxEp https://userscloud.com/lx8i9doqslf1

Posted August 6, 2013 iar userul a fost banat... ai dovleacu' ala pe post de cap doar sa nu-ti ploua-n gat...

YallaJS makes it easy to create HtmlTemplate and render it to DOM efficiently. import {Context,render} from 'yallajs'; // we pull html Tagged Template literals from the Context object. let {html} = new Context(); // create template function that produce HtmlTemplate "<div>Hello xxx </div>" let hello = (param) => html`<div>Hello ${name}</div>`; // render <div>Hello world</div> to document.body. render(hello('world'),document.body); // render <div>Hello yallajs</div> to document.body. render(hello('yallajs'),document.body); yallajs has 3 main API render : Render is a function that renders an HtmlTemplate or HtmlTemplateCollection into node. html : html is contextual Tagged Template Literal that generates HtmlTemplate object from Html strings htmlCollection : htmlCollection is contextual Tagged Template Literals that generates HtmlTemplateCollection for rendering arrays of object. Context : Context is an object that stores local information such as HtmlTemplate cache (in most cases you dont have to do anything with this object). Motivation yallajs has following main goals : Highly efficient in DOM creation, updates and deletion. Easy to use and very simple to understand Using web standards instead of creating new ones Very small size and no dependency. Support ES 5 browsers suchas IE 9, IOS 6 and Android 5. How it works html Tagged Template Literals html tag expression processed Template Literal, and generate HtmlTemplate object out of it. Template literals are string literals allowing embedded expressions. You can use multi-line strings and string interpolation features with them. Template literals are enclosed by the back-tick (` `) character instead of double or single quotes. Template literals can contain place holders. These are indicated by the Dollar sign and curly braces (${expression}). The expressions in the place holders and the text between them get passed to a html Tagged Template Literals. render HtmlTemplate rendering render() takes a HtmlTemplate, HtmlTemplateCollection, Text or Promise, and renders it to a DOM Container. The process of rendering is describe in following orders : yallajs take the static strings in HtmlTemplate and join the strings with <!--outlet--> to mark the position of dynamic parts. yallajs passes joined strings to innerHTML to create DOMTemplate. It walks through the DOMTemplate and identify the comment tag outlet. On initial rendering yallajs update the outlet with actual values. After that yallajs store the updated DOMTemplate into Context object. Lastly yallajs clone the DOMTemplate to create HtmlTemplateInstance and append it to DOM Container. By keeping the template DOM in the cache, next DOM creation will be done in two steps only : look the template DOM, and update the outlet with next value, clone the template DOM and append it to DOM Container. In this way we can also perform the DOM update process very efficiently because we already know the location of the placeholder. So if there is a new value that changes, we simply update the placeholder without having to touch other DOM Performance The Benchmark result of yallajs 2.0 beta version is very promising. With very early stage of performance tuning, yallajs wins against angular, react and vue, both on rendering and memory allocation. Following benchmark result using Stefan Krause performance benchmark. Memory On the other hand, yallajs memory usage is showing very promising result. You can find the details here, and the code that we use in this benchmark here. Features Yalla uses ES 2015 String literal for html templating, yallajs API is very simple, making yalla js almost invisible in your code. This makes your application smells good and no boilerplate. Overview Events function buttonListener(){ alert('hello'); } render(html`<input type="button" onclick="${e => buttonListener()}">`,document.body); Attribute render(html`<div style="color : ${dynamicColor}; font-size : ${fontSize};" >This is a Node</div>`,document.body); HtmlTemplate in HtmlTemplate render(html`<div>This is Parent Node ${html`<div>This is Child Node</div>`} </div>`,document.body); htmlCollection HtmlTemplateCollection HtmlTemplateCollection is high performance Object that map array of items to HtmlTemplate Array. HtmlTemplateCollection requires key of the item to update the collection effectively. htmlCollection(arrayItems,keyFunction,templateFunction); Example let marshalArtArtist = [ {id:1,name:'Yip Man'}, {id:2,name:'Bruce Lee'}, {id:3,label:'Jackie Chan'}] render(html` <table> <tbody> ${htmlCollection(marshalArtArtist,(data) => data.id, (data,index) => html` <tr><td>${data.name}</td></tr> `)} <tbody> </table> `,document.body); Sample Project TodoMVC : a simple todomvc application Benchmark : benchmark tools for measuring performance, fork of Stefan Krause github project Codepen sample Hello world : Basic hello world application Simple Calculator : Simple calculator with yallajs Color Picker : Simple color picker Async : Example using Promise for async Html Collection : Using HtmlCollection to render arrays Hero Editor : Hero Editor tutorial from Angular JS rewritten in Yallajs Download: yalla-master.zip or git clone https://github.com/yallajs/yalla.git Source: https://github.com/yallajs/yalla

Salut, referitor la ceea ce scrie în acest articol, sa spunem că Facebook chiar ascultă telefonul fiecărei persoane care are instalată aplicația pe telefon. Ceea ce scrie în articol e bine definit și anume că, ca și cantitate de informații ce ar trebui procesate, e imposibil ca să asculte direct și sa preia fiecare bit de informație din inputul audio de la fiecare telefon din lume și să il trimită la un server care mai departe să il proceseze, etc.. Dar mi s-a mai întamplat și mie acest lucru, să vorbesc(doar să vorbesc/menționez de mai multe ori niște cuvinte fără să fi accesat siteuri related) și după o perioadă să primesc ad-uri pe facebook vizate pe acele keywords să zicem. Dacă ar fi posibil, cum s-ar putea face/ce algoritm ar putea fi folosit pentru a extrage dintr-un sample audio(chiar și live) niște keywords-uri, având în vedere și semantica lor în context? Sau dacă știți alte întamplări similare sau posibilități de a obține anumite date/informații făcând cât mai puține procesări posibil.

Esti nebun de legat... cum plm ai gasit forumul asta? sper sa-ti ramana o gutuie-n gat

http://constantdullaart.com/TOS/ si http://therevolvinginternet.com/

aici, insa am auzit ca si italienii ar fi obtinut rezultate...

aparent off topic, The US Wants to Regulate Surveillance Software Like Weapons , caci Privacy is Becoming a Crime – Why Intel Chips May Present a Whole New Risk fiindca "Active Management Technology": The obscure remote control in some Intel hardware ridicind serioase dubii ca NSA could have planted Permanent Backdoors in Intel And AMD Chips ... incit preventiv Cisco posts kit to empty houses to dodge NSA chop shops ... iar acum, "Earlier this month, Deputy Attorney General Rod Rosenstein gave a speech warning that a world with encryption is a world without law -- or something like that. The EFF's Kurt Opsahl takes it apart pretty thoroughly. Last week, FBI Director Christopher Wray said much the same thing. This is an idea that will not die." scrie Bruce Schneier legat de FBI Increases Its Anti-Encryption Rhetoric. insa, exista o solutie de compromis , A reasonably secure operating system care "brings to your personal computer the security of the Xen hypervisor, the same software relied on by many major hosting providers to isolate websites and services from each other".

s-a dat adunarea cadrelor in platou, impingem porthartul digital pe sold, spre spate si cu chipiul virtual indesat pe sprincene exercitam pas alergator ca sa combatem plini de furie sustenabila si concomitent, corect politica ordinul de zi pe unitate?

This has set a precedent for future interactions with the US DOJ, and they will go through the Swiss court system as required by law. https://protonmail.com/blog/transparency-report/ etc. http://lmgtfy.com/?q=deanoymise+tor https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-evans-grothoff.pdf https://arstechnica.com/security/2015/07/new-attack-on-tor-can-deanonymize-hidden-services-with-surprising-accuracy/ http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf https://www.cs.princeton.edu/~annee/pdf/usenixsec15.pdf https://www.youtube.com/watch?v=-oTEoLB-ses&feature=youtu.be&t=1998 . http://www.robgjansen.com/publications/sniper-ndss2014.pdf https://www.infoworld.com/article/2609583/encryption/how-secure-was-lavabit-s--secure--email--not-very--says-researcher.html

Salut, mai ai contul steam?

Un pronostic: tot mai multa lume de aici va intelege faptul ca intelectul tau inca nu a evoluat de la stadiul de reptilian. Astfel incat va trece ceva vreme pana sa ajunga la mamifer si foarte multa vreme pana la homo; homo sapiens trecand astfel spre taramul fictiunii.

.... am sters postul caci cind l-am scris, eram excesiv de berulit, deh ... friday afternoon fever

sa nu uitam ca "dansul" nostru, a inceput de la o imagine postata de tine, cu adolescenti ce mimau felatia la un bal al bobocilor. incercai sa politizezi aceasta intimplare grotesca... psd era de vina... evident, la cluj... apoi, ai fost deranjat de citeva postari care credeai ca aduc atingere dna si/sau sri. ai simtit nevoia sa ma injuri intr-un mesaj privat... "Ce pizda ma-tii imi dai - la postari ? suferi ? " atita ai putut. atita ai si facut. in cascada au venit reactii de la inca 3 useri care pe parcursul activitatii lor, impreuna cu tine, au ca si scop unic, upvote-ul intre voi, down voteul in haita, impotriva celor ce va deranjeaza. intimplator, toti aveti aceleasi marote. acum, recunosc, doza mea de nebunie la betie, mi-o asum si o savurez in fiecare clipa, intrebarea e, tu ce faci cu ticalosia ta? iti stimuleaza secretia de dopamina? daca da, felicitari, bun venit in rindul psihopatilor! iti explica stefan cel mare cum e cu dopamina, ca el e pe inhibitori