Leaderboard

Salutare! De curand am facut un bot de discord ce v-ar putea ajuta in cazul in care lucrati cu baze de date mysql. Botul de discord poate sa execute comenzi SQL pe diferite servere mysql direct de pe discord.Puteti sa imi lasati sugestii aici. Daca e cineva interesat de acest bot poate sa il obtina de aici: https://github.com/FoxBlood72/DisRemSQL

E de citit despre Soros si Central European University sau cee trust: https://web.archive.org/web/20180726002933/http://www.ceetrust.org/grants-database/in-country-grants/romania.html Este un om destul de inteligent care stie ce vrea. Astfel de imbecili (Antena 3) duc in derizoriu implementarile Open Society Foundation din Europa de Est. Este un fenomen interesant de studiat despre externalizarea elitei si ruperea ei de ce e national. Cat despre covid-19, tot ce vad reprezinta stangaciile unui sistem corupt si incapabil in a lua decizii in favoarea propriilor cetateni. Gluma-gluma, insa o gramada de fonduri se scurg pe nu stiu ce tampenii, vor sa plateasca zeci de milioane de euro sa cumpere masti pentru saraci. Sunt lucruri foarte grave care se petrec si noi ne cuibarim confortabil la adapostul unor glumite cu capra vecinului.

Hai man. Email sau telefon de suport nu au? Nu mutati suportul de acolo aici pe forum. I s-a permis sa-si faca aici thread cu serviciile lui, mascat de un titlu care nu are nicio treaba, dar suport nu vrem sa oferim aici pentru ce ofera el. E totusi un serviciu comercial, iar aici suntem doar o mana de oameni care nu profitam cu nimic de pe urma forumului.

Hacker politist* In cel mai rau caz...

Industry binning old aircraft is an opportunity for aviation infosec DEF CON Boeing 747-400s still use floppy disks for loading critical navigation databases, Pen Test Partners has revealed to the infosec community after poking about one of the recently abandoned aircraft. The eye-catching factoid emerged during a DEF CON video interview of PTP's Alex Lomas, where the man himself gave a walkthrough of a 747-400, its avionics bay and the flight deck. Although airliners are not normally available to curious infosec researchers, a certain UK-based Big Airline's decision to scrap its B747 fleet gave Pen Test Partners a unique opportunity to get aboard one and have a poke about before the scrap merchants set about their grim task. While giving a tour of the aircraft on video (full embed below), Lomas pointed out the navigation database loader. To readers of a certain vintage it'll look very familiar indeed. Navigation data aboard Boeing 747-436 airliners is updated via a 3.5" floppy drive. The aircraft were built in the late 1990s A quick tour of the avionics bay, buried beneath the floor of the lower passenger deck, revealed a server-room-esque array of line replaceable units and cabling, prompting Lomas to bust lots of Hollywood-grade dreams by saying: "You can't just clip into a pair of wires into the back of the aircraft and gain access to all of these." In a subsequent Q&A for DEF CON's virtual attendees (this year's hacking conference was done remotely thanks to COVID-19), Pen Test Partners chief Ken Munro asked Lomas about points of interest to aviation infosec researchers. The latter then described various aviation-specific ARINC equipment and connectivity standards, including ARINC 664 ("...Ethernet with some extra quality-of-service layers on top to make sure flight-critical things can talk to each other") as used in the Boeing 787 and the latest generation of airliners, ARINC 629 ("really only used in the [Boeing] 777"), and other potential areas of research interest including VxWorks' real-time OS, which is used in a number of airliners' internal networks. The key question everyone wants to know the answer to, though, is whether you can hack an airliner from the cheap seats, using the in-flight entertainment (IFE) as an attack vector. Lomas observed: That hasn't stopped some people from trying, most notably an infosec researcher from a Scottish university who deployed a well-known pentesting technique against IFE equipment at the start of a nine-hour transatlantic flight. Mercifully he only managed to KO his own screen. There is a long and storied history of otherwise obsolete technologies being retained in use because they're built into something bigger and yet work well, not least aboard Royal Navy survey ship HMS Enterprise. Last seen in these hallowed pages a couple of years ago when the Navy invited your correspondent aboard the warship during a NATO exercise in Norway, Enterprise's hotchpotch of Windows ME-based survey software is now helping port authorities in Beirut assess the damage caused by the disastrous ammonium nitrate explosion earlier this month. ® Bootnote Of potential interest to researchers who don't have access to a spare 747 for a spot of pentesting is the new Microsoft Flight Simulator. Due for release in just over a week, the latest version of the classic sim franchise will include and support the use of ARINC 429-compatible navigation datasets, of the exact same type loaded into the 747 on a 3.5" floppy. While the fidelity of the simulator software reading and executing that data may not be comparable with the real thing, inexpensive access to a real dataset can offer insights into further research areas – though the tale of the Boeing 787 and Warsaw's BIMPA 4U arrival is unlikely to be repeatable. Via theregister.com

Domain fronting, the technique of circumventing internet censorship and monitoring by obfuscating the domain of an HTTPS connection was killed by major cloud providers in April of 2018. However, with the arrival of TLS 1.3, new technologies enable a new kind of domain fronting. This time, network monitoring and internet censorship tools are able to be fooled on multiple levels. This talk will give an overview of what domain fronting is, how it used to work, how TLS 1.3 enables a new form of domain fronting, and what it looks like to network monitoring. You can circumvent censorship and monitoring today without modifying your tools using an open source TCP and UDP pluggable transport tool that will be released alongside this talk. Source

Ba mie mi-au inchis ticketu la un server care era in cap de cateva luni ce-i drept l-au inchis in vreo 2 zile dar l-au si rezolvat. Acum serios, la ce te astepti de la Alex Host? Eu zic sa zica mersi cei care vor sa ruleze sau sa testeze chestii. E prost dar e moca

The block was put in place at the end of July and is enforced via China's Great Firewall. The Chinese government has deployed an update to its national censorship tool, known as the Great Firewall (GFW), to block encrypted HTTPS connections that are being set up using modern, interception-proof protocols and technologies. The ban has been in place for at least a week, since the end of July, according to a joint report published this week by three organizations tracking Chinese censorship -- iYouPort, the University of Maryland, and the Great Firewall Report. CHINA NOW BLOCKING HTTPS+TLS1.3+ESNI Through the new GFW update, Chinese officials are only targeting HTTPS traffic that is being set up with new technologies like TLS 1.3 and ESNI (Encrypted Server Name Indication). Other HTTPS traffic is still allowed through the Great Firewall, if it uses older versions of the same protocols -- such as TLS 1.1 or 1.2, or SNI (Server Name Indication). For HTTPS connections set up via these older protocols, Chinese censors can infer to what domain a user is trying to connect. This is done by looking at the (plaintext) SNI field in the early stages of an HTTPS connections. In HTTPS connections set up via the newer TLS 1.3, the SNI field can be hidden via ESNI, the encrypted version of the old SNI. As TLS 1.3 usage continues to grow around the web, HTTPS traffic where TLS 1.3 and ESNI is used is now giving Chinese sensors headaches, as they're now finding it harder to filter HTTPS traffic and control what content the Chinese population can access. Image: Qualys SSL Labs (via SixGen) Per the findings of the joint report, the Chinese government is currently dropping all HTTPS traffic where TLS 1.3 and ESNI are used, and temporarily banning the IP addresses involved in the connection, for small intervals of time that can vary between two and three minutes. SOME CIRCUMVENTION METHODS EXIST... FOR NOW For now, iYouPort, the University of Maryland, and the Great Firewall Report said they were able to find six circumvention techniques that can be applied client-side (inside apps and software) and four that can be applied server-side (on servers and app backends) to bypass the GFW's current block. ZDNet also confirmed the report's findings with two additional sources -- namely members of a US telecommunications provider and an internet exchange point (IXP) -- using instructions provided in this mailing list Via zdnet.com.

Explozia din Beirut (Liban) NU EXISTA! Ati vazut-o voi? Stiti pe cineva care a murit acolo? Nu e mai grava ca explozia unei petarde! E o minciuna prin care televiziunile vor sa ne sperie si sa ne controleze! Sunt interese mari la mijloc!

Microsoft has patented a cryptocurrency mining system that leverages human activities, including brain waves and body heat, when performing online tasks such as using search engines, chatbots, and reading ads. “A user can solve the computationally difficult problem unconsciously,” the patent reads. Crypto System Leveraging Body Activity Data Microsoft Technology Licensing, the licensing arm of Microsoft Corp., has been granted an international patent for a “cryptocurrency system using body activity data.” The patent was published by the World Intellectual Property Organization (WIPO) on March 26. The application was filed on June 20 last year. “Human body activity associated with a task provided to a user may be used in a mining process of a cryptocurrency system,” the patent reads, adding as an example: Microsoft has patented a “cryptocurrency system using body activity data” with the World Intellectual Property Organization (WIPO), the agency of the United Nations responsible for treaties involving copyright, patent, and trademark laws. Noting that the method described may “reduce computational energy for the mining process as well as make the mining process faster,” the patent details: Patent Suggests Alternative Way to Mine Cryptocurrencies The patent describes a system where a device can verify whether “the body activity data satisfies one or more conditions set by the cryptocurrency system, and award cryptocurrency to the user whose body activity data is verified.” Microsoft patents a cryptocurrency system leveraging different types of sensors to “measure or sense body activity or scan human body,” such as heart rate monitors, thermal sensors, and optical sensors. Different types of sensors can be used to “measure or sense body activity or scan human body,” the patent explains. They include “functional magnetic resonance imaging (fMRI) scanners or sensors, electroencephalography (EEG) sensors, near infrared spectroscopy (NIRS) sensors, heart rate monitors, thermal sensors, optical sensors, radio frequency (RF) sensors, ultrasonic sensors, cameras, or any other sensor or scanner” that will do the same job. The system may reward cryptocurrency to an owner or a task operator “for providing services, such as, search engines, chatbots, applications or websites, offering users access for free to paid contents (e.g. video and audio streaming or electric books), or sharing information or data with users,” the patent details. The idea of mining cryptocurrencies using human body heat has previously been explored by other organizations. For example, Manuel Beltrán, founder of the Dutch Institute of Human Obsolescence, set up an experiment in 2018 to mine cryptocurrencies with a special bodysuit that harvested the human body heat into a sustainable energy source. The electricity generated was then fed to a computer to mine cryptocurrencies. What do you think of Microsoft’s new cryptocurrency mining system? Let us know in the comments section below. Via news.bitcoin.com

de unde ai informatia asta? Eu ce am inteles ca e vorba de BIOS boot password. https://www.howtogeek.com/186235/how-to-secure-your-computer-with-a-bios-or-uefi-password/ https://searchenterprisedesktop.techtarget.com/definition/BIOS-password Adica daca iti moare bateria sau intra in restart, BIOSul o sa-ti refuze sa initializeze componentele. PS: Am vazut ca speculeaza unii ca in service exista niste parole master pentru recovery. Poate daca ii suni la garantie/service sau gastesti un tool online, iti gasesti un master-key. PS2: Iaute ce-am gasit pe reddit: Ar trebui sa ai un buton de reset intr-o gaurica. Il poti apasa cu un ac mai gros. Nu stiu exact ce face butonul! Informeaza-te daca reseteaza parola sau doar setarile.

Dupa cum am spus, cumperi astfel de VPS-uri sa testezi chestii, mai ales chestii neortodoxe, daca vrei sa testezi, dar in nici un caz nu le cumperi pentru productie.

Poti sa ii adaugi o comanda de autentificare inainte sa executi sql sau sau iti faci un mecanism cu token si timeout.

Daca combinam Covid cu security... https://nypost.com/2020/08/11/john-mcafee-apparently-arrested-for-wearing-thong-instead-of-face-mask/

Un pacient bolnav de Covid-19 in spital. Bani decontati (de catre Soros si Bill Gates, desigur! Asa au zis la Antena3). Cam asa se proceda pentru a obtine sumele acelea oferite pentru "falsi infectati" (inainte sau dupa deces).

Facebook has announced the availability of Pysa (Python Static Analyzer), an open-source tool designed for the static analysis of Python code. The security-focused tool relies on Pyre, Facebook’s type checker for Python, and allows for the analysis of how data flows through code. It can be used to identify issues related to the protection of user data, as well as flaws such as XSS and SQL injection. In addition to making Pysa available in open source, Facebook released many of the definitions that it leverages when looking for security bugs, making it readily available for others to start analyzing their own Python code. The tool also leverages open source Python server frameworks, including Django and Tornado, and this makes it usable for code analysis right from the start. Furthermore, only few lines of code are needed to use Pysa for additional frameworks, Facebook says. Pysa allows users to define sources of origin for important data and places where that data should not reach, which are called sinks. The tool then identifies functions that return data from a source and those that reach a sink and, if it discovers a connection between a source and a sink, it reports the issue. The tool was designed in such a manner that it avoids false negatives, thus supposedly identifying as many security issues as possible. This, however, results in more false positives, and, to remove these as well, Facebook’s engineers added sanitizers and features into the tool. The social media platform admits that Pysa has its limitations “based on its choice to address security issues related to data flow, together with design decisions that trade off performance for precision and accuracy.” Furthermore, Pysa was designed only for the discovery of data flow–related security issues, meaning that it won’t identify security or privacy issues that cannot be modeled as flows of data. Although nearly half of the results returned in the timeframe were false positives, Facebook was able to tune Pysa up, and says that it eventually returned “100 percent valid issues.” Via securityweek.com

Here's another iteration on the Zero Terminal projects I've been working on for a few years. For those of you who haven't seen them, I've been trying to design the most usable all in one Pi Zero computer out there. This version departs a little from the previous ones, as it is more focused on modularity, and forgoes a keyboard as standard, though it is possible to add one, as I'll show you in a bit. The goal here was to create something very versatile, allowing for all sorts of use cases to unlock the Zero's potential. Anyways, let's take a look at it. DESIGN The first thing you'll notice is that the device looks a little like a fat smartphone. That's because the entire thing is basically designed around the Waveshare AMOLED 5.5" 1080p touchscreen (https://www.waveshare.com/5.5inch-HDMI-AMOLED.htm). This thing was originally designed for the Raspberry Pi's 3 and 4, but I created a bunch of custom adaptors that let you hook up a Pi Zero instead. More on that in a minute. Around the outside, you'll see various ports and buttons, including a full size USB 2.0 port, micro SD socket for the operating system, micro USB for charging and a power switch. On the side there is a headphone jack, and 3 programmable buttons hooked up to the Zeros GPIO pins. You could set up all sorts of functions for these, like rotating the screen, volume up and down, or launching other custom scripts and applications with a single press. On the top end is another button which turns the display off and on, helping stretch out the 1200mAh lipo battery life, and also a grill hiding a little speaker behind it. The back of the device is where all the potential lies. This includes 2 40pin sockets which connect to both the GPIO pins, video out, camera connector, 2x USB ports, power indicators and more. The idea is to allow people to create and add custom backpacks to change the functionality, depending on their needs. INTERNALS In order to connect the Zero to the display in the smallest possible space, I created a main PCB, and a few smaller adaptor PCBs. The Zero itself is screwed onto the board and soldered directly to it via the GPIO pins. This main board contains a USB hub, power circuit, audio amp, speaker, buttons, headphone jack, and even a vibration motor for custom notifications. There's a micro SD card board plugged into the Zero which extends the card socket, and also doubles as a frame for the other ports at the bottom of the device. The Waveshare display already has some mounting screws, so securing the main board is easy. There's a little header section to connect the display to the main board, and you simply screw everything together. I included 6 threaded inserts onto this board to make attaching different cases simple too. The Zero only has 1 USB port as standard, so I designed a little USB hub circuit on the main board, using the simple FE1.1S chip. This splits the USB port into 4 separate streams, and is good enough for lower consumption stuff like mice and keyboards, as well as the displays touchscreen capability. You'd probably need to hook up external 5v lines for more power hungry peripherals. I'm particularly pleased with the HDMI adaptor, which connects the full size HDMI port on the display to the mini HDMI port of the Zero. I was wracking my brains for a long time on how to connect these in the smallest possible way, and it turns out using two thin PCBs sandwiched together allows this, since you can solder to both the HDMI-A plug component which takes a 1.6mm PCB, and the smaller Mini HDMI plug, which only takes up to 1mm boards. The power section is something I had trouble with. It's based on the Powerboost 1000c design, and was supposed to fit directly onto the main board, but a couple of the small ICs where too fiddly for me to hand solder and I damaged them before making this video. I would have just included the Powerboost board itself, but unfortunately there's not enough room. Instead I used a cheap generic charge boost board, which is fine for this prototype, but doesn't have all the extra features such as low battery indicators, and a better power switch circuit. That'll be for the next iteration. The Zero doesn't come with audio as standard, but thankfully the Waveshare display does have a built in headphone jack for audio through HDMI. So I wondered if I added an audio amp circuit to the pins on the headphone jack, whether I could power a small speaker, and yes it works. Unfortunately, not very well though, but it's good enough for stuff like bleeps and bloops for notification sounds. Audio through the headphones sounds great though, and I added my own jack in there so it's accessible from the outside of the case. This particular jack has a mechanical switch which defaults to the speakers, and automatically switches to headphones whenever the 3.5mm plug is inserted. ADD-ONS As I previously mentioned, I think the backpack feature of this is where you really see the potential of the device. I can imagine all sorts of different backpacks that could transform the functionality of this. Things like radio transceivers, extra network interfaces, games controllers, TV tuners, solar panels, and simple stands are all easily doable. The cool thing is that since it's modular you can swap these on the fly to change the functionality, so say you could change between a keyboard & radio transceiver combo for a packet radio messenger, then replace that with a different operating system on the micro SD card, and add a game controller to turn it into a portable emulator. The first prototype backpack I have created is a slide-out keyboard. When you combine that with i3 window manager, you have quite the productive handheld Linux machine. Even though the Zero isn't the most powerful computer, you can still get a lot done through the terminal since it uses up a fraction of the resources that a GUI does. The design is based on the great mini (Pi)QWERTY keyboard by Bobricius on Hackaday (hackaday.io/project/158454), and uses a SAMD21 chip to turn it into a USB input device. It's made using 3 PCB layers. Firstly, the bottom, which contains the electronic components and keys, then a cover PCB which displays the key labels, then another board that connects all that to the terminal. The slide mechanism is made up of 3D printed supports and tiny screws, and while it does slide, it needs extra work to make it more robust. The bottom layer connects to the top using little spring loaded pins. I've also added a couple of LEDs you can toggle on and off when you're in low light. The final thing is surprisingly thin, at only a few millimetres deep. Although I think it looks good, I haven't gotten it working properly yet. I've talked to Bob about the design, and I think it's solid. The problem appears to be with the chip programmer I'm using to get the firmware onto it. It's one of the cheap ones, and seems to be giving me false verification messages. Anyways, you get the idea of how it could make the Zero Terminal a pretty handy little device. I also created another custom mini keyboard stand, this time using a salvaged Psion 5MX keyboard, which is still probably one of the best small keyboards ever designed. I used a premade PSION keyboard to USB adaptor that you can find on Tindie, and the thing is open source so you can make you're own too. It wouldn't be much of a stretch to go even further to develop a full adaptor case which would turn it into a Palmtop computer, with working hinge, and maybe a bigger secondary battery and USB hub. NEXT STEPS I have registered ZeroTerminal.org, which is currently redirecting to this page. Over the next year, as I update the design, I want to make a website to help build up the platform, showing people exactly how to make these, and showcasing all the backpacks and custom apps other users create. In the meantime I want to redo the main PCB, change up some components like the rubbish speaker, redesign the power circuit etc, maybe even experiment with using the Raspberry Pi Compute Module instead. Long term it'd be amazing to design a custom display board, then the entire device could be shrunken further, closer to smartphone size. Anyways, I hope you found this interesting. I know I have a lot to learn about all this kind of stuff, so any advice from experts is welcome. Please share this video around if you think others will like it. Thanks and I'll see you in the next video. -- This project first appeared in NODE Vol 02, our new indepedent 180 page zine, packed with all sorts of open hardware and decentralized software projects. Pick up a hard copy, or download for free from the zine page. https://N-O-D-E.net/zine/ Source

TLS 1.3 cu ESNI. Cred ca toate detaliile sunt aici: https://blog.cloudflare.com/esni/

Aici nu vorba de trafic slab ci de faptul ca ceea ce blocheaza acum nu poate fi monitorizat. In pachetele TLS in general se poate vedea serverul destinatie (e.g. rstforums.com). Ei bine, cu acest nou feature, nu se mai vede si ei nu au cum sa stie pe ce site-uri intra oamenii...

Salutare, as vrea sa gasesc pe cineva care se pricepe la Javascript si Python sa preia de la mine 2 proiecte. Beneficiarul plateste 30 euro / ora pentru programare si 10 euro / ora pentru restul (convorbiri, documentatie, etc). Proiectele sunt functionale dar necesita mentenanta si imbunatatiri, plus ca beneficiarul nu se pricepe la linux. Deci totul trebuie explicat cu rabdare. Multam mihk

Cei din Moldova?

Multumesc! Intr-adevar,in timp ce le rezolv descopar multe lucruri noi,desi pot zice ca e destul de "haotic" cum o fac😅.

Salut, ar trebui sa incepi cu domeniul in care te descurci cel mai bine, de exemplu web security. Trebuie sa tii cont de un lucru: multe nu sunt chiar "real-life". Adica desi sunt "usoare" probabil va trebui in continuare sa iti dai seama la ce s-a gandit autorul cand a facut acel exercitiu. E normal ca la inceput sa nu rezolvi prea multe. Dar incercand sa rezolvi, vei invata foarte multe lucruri. De fapt rezolvarea in sine nu te ajuta cu nimic, ci drumul pe care il parcurgi ca sa ajungi la flag.

recomand. e serios si lucreaza repede.

Daca inca e emailul tau atasat contului, sau numarul de telefon, te duci pe pagina 'recuperare parola' (password recovery). Introduci emailul sau numarul de telefon, iti vor trimite un link pe email sau un SMS un cod de confirmare pe telefon care-ti permite sa-ti setezi o noua parola. Apesi pe link sau introduci codul din SMS, introduci parola noua si aia e. Facebook: https://www.facebook.com/recover/initiate/ Instagram: https://www.instagram.com/accounts/password/reset/ Daca e vorba de alt site, ajungi la link-ul respectiv prin pagina de login. Apare pe undeva pe langa butonul de login.

ti-am lasat pm sau ma poti contacta pe skype alezu.alex

Nu e nicio teapa, se numeste HYIP si colcaie internetul de ele. Pe scurt, HYIP = high yield investment program, un fel de ponzi scheme; se face o bursa in care toata lumea baga bani si-i poate cere inapoi oricand, cu un profit care creste liniar in functie de data la care ai investit. Catch-ul e ca in orice moment, site-ul poate decide sa se inchida si sa plece cu banii stransi. Daca ai noroc sa-ti scoti banii inainte sa decida ala sa inchida, ai castigat un profit, de obicei mic, ca tre' sa-i scoti repede, daca nu vrei a ajungi in situatii ca asta. Rareori site-urile/schemele de genul asta asteapta si perioade lungi de timp si lumea chiar apuca sa castige ca lumea (caritas, anybody?), dar in general, astia de le fac prefera sa faca 1000 in paralel si sa stranga sume mici in intervale scurte decat sa se complice cu doua-trei site-uri de lunga durata. Ce ti s-a intamplat se numeste ignoranta. Puteai afla toate astea relativ rapid, chiar si nestiind de concept, cautand despre crypto investments. Get over it. Nu-ti da nimeni crypto inapoi.

Si-a pus leo ca e zodia leu 😄😄😄😄 Si cyber ca e in saibar speis. Cred.

Empatic :))))))))))) Nu stiu man emailul, uite-te pe pagina lor de Support.

Up, foarte bun baiatu

vezi sa nu faci bataturi la mana de la atata lucru ... manual

Numele tau adevarat "Nox3"? Zii sa mori tu Mergi nene si tepuieste kinderi in alta parte. Oricum, am vorbit cu respectivul in privat si defapt nu el a fost "tepuit" ci o cunostinta si defapt e vina cunostintei ca nu a citit T&Cs cum trebuie si nu a ascultat sfatul altora. Daca ar fi fost fraudat cu ceva respectivii actioneaza ca si entitate juridica, au detaliile publice si s-ar fi invartit de parnaie. Mai are ceva cai de rezolvare care ii le-am recomandat. Nu se rezolva totul cu ghiorlania... mai e nevoie si de nitel creier!

Machine Learning involves 1. Fraud Detection 2. Traffic Alerts on Google Maps 3. Google Translate 4. Automatic Spam Filtering