Jump to content

MrGrj

Active Members
  • Posts

    1416
  • Joined

  • Last visited

  • Days Won

    44

Everything posted by MrGrj

  1. Google on Tuesday launched a Security testing tool "Firing Range", which aimed at improving the efficiency of automated Web application security scanners by evaluating them with a wide range of cross-site scripting (XSS) and a few other web vulnerabilities seen in the wild. Firing Range basically provides a synthetic testing environment mostly for cross-site scripting (XSS) vulnerabilities that are seen most frequently in web apps. According to Google security engineer Claudio Criscione, 70 percent of the bugs in Google’s Vulnerability Reward Program are cross-site scripting flaws. In addition to XSS vulnerabilities, the new web app scanner also scans for other types of vulnerabilities including reverse clickjacking, Flash injection, mixed content, and cross-origin resource sharing vulnerabilities. Firing Range was developed by Google with the help of security researchers at Politecnico di Milano in an effort to build a test ground for automated scanners. The company has used Firing Range itself "both as a continuous testing aid and as a driver for our development, defining as many bug types as possible, including some that we cannot detect (yet!)." What makes it different from other vulnerable test applications available is its ability to use automation, which makes it more productive. Instead of focusing on creating realistic-looking testbeds for human testers, Firing Range relies on automation based on a collection of unique bug patterns drawn from in-the-wild vulnerabilities observed by Google. Firing Range is a Java application that has been built on Google App Engine. It includes patterns for the scanner to focus on DOM-based, redirected, reflected, tag-based, escaped and remote inclusion bugs. At the Google Testing Automation Conference (GTAC) last year, Criscione said that detecting XSS vulnerabilities by hand “at Google scale” is like drinking the ocean. Going through the information manually is both exhausting and counter-productive for the researcher, so here Firing Range comes into play that would essentially exploit the bug and detect the results of that exploitation. "Our testbed doesn't try to emulate a real application, nor exercise the crawling capabilities of a scanner: it’s a collection of unique bug patterns drawn from vulnerabilities that we have seen in the wild, aimed at verifying the detection capabilities of security tools," Criscione explained on the Google Online Security Blog. Firing Range tool has been developed by the search engine giant while working on "Inquisition", an internal web application security scanning tool built entirely on Google Chrome and Cloud Platform technologies, with support for the latest HTML5 features and has a low false positive rate. A deployed version of Firing Range is available on Google App Engine and since the tool is open source you can also find and check out the Source code on GitHub. Users are encouraged to contribute to the tool with any feedback. Source
  2. Bun... Trecand si eu acum nu mult timp prin asta, (pe vremea in care nu stiam sa fac diferenta intre un IDE si 3 litere random din alfabet) m-am gandit sa ofer un mic ajutor celor care intampina dificultati in rezolvarea aplicatiilor / problemelor in C sau C++. Ajutorul il ofer gratuit oricui are nevoie de indrumare, cu o singura conditie: - un gram de seriozitate + initiativa din partea doritorului. Nu accept PM-uri de genu': Vreau sa vad putin interes si determinare din partea voastra. Poate, cine stie..ajunge sa va placa
  3. Online ad fraud costs advertisers more than $7 million every month, as they pay for digital ads that were never actually seen by humans. Much of this online ad fraud is created by botnets: armies of PCs infected with malware that generates thousands of fake clicks on ads. The botnet controllers tend to be unethical web publishers that want to ramp up the prices of advertising on their sites by inflating the amount of clicks on their sites. Ad fraud has a number of drastic consequences. For users, it can significantly slow down their machine. For advertisers, it means they have to pay more to actually generate meaningful results from their online advertising. And for ethical publishers and advertising technology companies, it diminishes trust in the digital advertising industry, which could lead to less spending. But while the consequences for all those involved are dire, it can be difficult to really understand how ad fraud works in practice. That’s why fraud detection company Forensiq has created a video to highlight just how quickly a computer infected with malware can start racking up thousands of false ad impressions.
  4. Cred ca s-a inteles gresit thread-ul. Mai sus, nu sunt specificate cele mai folosite / uzuale limbaje de programare ci cele care se platesc cel mai bine.
  5. Stai sa vezi ce sus va ajunge Javascript-ul in urmatorii ani
  6. Computer programming has quickly become one of the most lucrative industries in the US. The average salary for a computer programmer just hit an all-time high as it approaches $100,000. But there are some languages and skill sets that are more valuable than others, and Quartz has compiled some data to break down these differences. Quartz's Max Nisen pulled out some figures on the most valuable programming languages based on a larger study from the Brookings Institution that was published in July. Based on that data, here are programming languages listed next to their average annual salary from lowest to highest: 12. PERL - $82,513 11. SQL - $85,511 10. Visual Basic - $85,962 9. C# - $89,074 8. R- $90,055 7. C - $90,134 6. JavaScript - $91,461 5. C++ - $93,502 4. JAVA - $94,908 3. Python - $100,717 2. Objective C - $108,225 1. Ruby on Rails - $109,460 While some of these coding languages can help you earn $100,000, train to become a Salesforce architect if you want one of the highest-paying jobs in tech. According to data from IT recruiting firm Mondo that was published in March, Salesforce Architects can earn between $180,000 and $200,000. Source
  7. E un site sexi, cu o interfata misto. ON: Pune intrebarile cu cap, nu in scarba. Ca site de freelancing, e ok - dar mai greu la inceput pana strangi ceva rating si joburi facute. Conteaza foarte mult felul in care iti vinzi serviciile (proposalul). Recomandare: Ia proiecte mici pe putini bani (la inceput) , dupa care, treptat treci la sume / proiecte mai mari
  8. Done si eu. Verificat + Testat: #include <stdio.h> #include <string.h> #define LUNGIME 81 void main(void){ char s1[LUNGIME],s2[LUNGIME],s3[LUNGIME],rezultat[LUNGIME]; char *s1ptr=s1,*s2pos, *rezptr=rezultat; puts("Sirul initial:"); gets(s1); puts("Spatiu:"); gets(s2); puts("Cuvantul cu care inlocuim:"); gets(s3); while(s2pos=strstr(s1ptr,s2)){ while(s1ptr<s2pos)*rezptr++=*s1ptr++; strcpy(rezptr,s3); rezptr+=strlen(s3); s1ptr+=strlen(s2); } strcpy(rezptr,s1ptr); puts("Sirul final:"); puts(rezultat); }
  9. Credeam ca nu am voie cu nici un fel de strcpy / strncpy
  10. Nu ai voie sa copiezi -> strncpy + ca nu o sa iti afiseze tot stringul. O sa iti afiseze doar primul cuvant
  11. #include <stdio.h> #include <string.h> #include <stdlib.h> char *rep_str(const char *s, const char *old, const char *new1) { char *ret; int i, count = 0; int newlen = strlen(new1); int oldlen = strlen(old); for (i = 0; s[i] != '\0'; i++) { if (strstr(&s[i], old) == &s[i]) { count++; i += oldlen - 1; } } ret = (char *)malloc(i + count * (newlen - oldlen)); if (ret == NULL) exit(EXIT_FAILURE); i = 0; while (*s) { if (strstr(s, old) == s) //compar substringul cu noul string { strcpy(&ret[i], new1); i += newlen; s += oldlen; } else ret[i++] = *s++; } ret[i] = '\0'; return ret; } int main(void) { char mystr[100], c[10], d[10]; printf("Introdu un string:\n"); gets(mystr); printf("Caracterul care trebuie inlocuit:\n"); scanf(" %s",c); printf("Caracterul cu care vrem sa inlocuim:\n"); scanf(" %s",d); char *newstr = NULL; puts(mystr); newstr = rep_str(mystr, c,d); printf("%s\n", newstr); free(newstr); return 0; } //nu e compilat ca nu am avut timp. Daca e ceva wrong anunta-ma si revin cu alta solutie //em: nu mai edita postul, f? altul
  12. Wait, what ? Ce am inteles eu: Salutare am si eu .... bla bla...linii random de cod.....bla bla...niste bataie de joc...bla bla. Ajutor. Care e enuntul problemei ? Vrei sa salvezi un fisier cu numele a doua variabile ? time() ce vrea sa fie ? Data la care s-a salvat fisierul ? .txt ce vrea sa fie ? Extensia ? In ce limbaj vrei asta ? //LE: Ai aici functia de preluare a datii. ! Extensia .txt se poate adauga in functia strftime(). #include <time.h" #include <string> #define MAX_DATE 12 std::string get_date(void) { time_t now; char the_date[MAX_DATE]; the_date[0] = '\0'; now = time(NULL); if (now != -1) { strftime(the_date, MAX_DATE, "%d_%m_%Y", gmtime(&now)); } return std::string(the_date); }
  13. @Ganav - corect //challenge closed.
  14. Nu e 8 raspunsul.
  15. Wow.Perceptia mea privind logica si informatica s-a schimbat total. Total gresit. Mai gandeste-te
  16. Fara a rula urmatorul cod si fara a cauta pe internet, ce va afisa aceasta linie de cod ? Argumentati raspunsul dat. <?php echo (int) ( (0.1 + 0.7) * 10); ?> Solver: - Ganav. Raspuns complet (adaugat la ce a zis Ganav): "IEEE 754 cannot be used for 0.1 as well as 0.7 ... so the float point addition becomes 0.799(9...) x 10 = 7.99(9...) and int typecast truncates the digits after decimal => 7 " Raspuns dat:
  17. Metodele HTTP "Metoda POST a fost create ..." "Pentru ca metoda POST este create... " "TRACE a fost creat pentru a scopuri de identificare..."
  18. In momentul in care te loghezi, ati putea pune mesajele: "Acest username exista deja" sau "Verifica-ti mailul pentru a-ti activa contul!" sau "Dac? mailul de activare intr? în SPAM, v? rug?m s? îl marca?i ca "NOT SPAM" sub title-ul: "Devino un membru..." Poate lumea nu mai da scroll si nu citeste ceea ce scrie sub form-ul de inregistrare.
  19. Am ramas fara aer la cat de lunga a fost fraza asta Asteptam partea a 2-a.
  20. Facem in felul urmator: - tu scrii aici in pseudo-cod cum gandesti (sau chiar in C++) si noi iti indreptam greselile. Ce zici ?
  21. After the world’s biggest data breach ‘Heartbleed,’ a different vulnerabilty has been discovered that could have allowed hackers to attack on your personal data and steal that. A security flaw in the OAuth and OpenID online login protocols could be used to steal data and redirect users to malicious websites, CNET reports. This Flaw dubbed “Covert Redirect,” which actually affecting users as a login pop-up based on affected site’s domain, and today, in most cases we are using login pop-up like if we want to log-in into a website through facebook so usually a pop-up opens for Authentication ‘OAUTH.’ Most Important: This Flaw is not similar like phishing in which you can watch out your URL carefully, actually in this “Instead of using a Fake domain name, Covert Redirect flaw uses the real site address for authentication.” Authorising the app will transfer your data to the attacker instead of reaching a legitimate site like Facebook or Google. Thus, personal data including email addresses, birth dates, contact lists and even control of the account could be given to hackers. How to protect yourself? You must close any of the suspicious-looking tabs that pop up demanding login credentials for Facebook, Google, Twitter, or any other Internet Services that use these open-source protocols. The Covert Redirect exploit has been discovered by Wang Jing, a Ph.D student at the Nanyang Technological University in Singapore who already contacted Facebook about it. However, Facebook told him that while it “understood the risks associated with OAuth 2.0,” but fixing the bug is “something that can’t be accomplished in the short-term.” “Short of forcing every single application on the platform to use a whitelist,” a simple fix isn’t available. Wang also contacted other popular sites like Google, Microsoft and LinkedIn, and each one giving him different answers. Google: The matter was being tracked. LinkedIn: it would publicly address it in a blog post. Microsoft: We completed an investigation into the matter, and the security flaw has been discovered on a third-party site, not on one of its own. WhiteHat Security founder and interim CEO Jeremiah Grossman agreed with Wang’s findings, but also with what Internet companies told him. “While I can’t be 100 percent certain, I could have sworn I’ve seen a report of a very similar if not identical vulnerability in OAuth. It would appear this issue is essentially a known WONTFIX,” Grossman said. “This is to say, it’s not easy to fix, and any effective remedies would negatively impact the user experience. Just another example that Web security is fundamentally broken and the powers that be have little incentive to address the inherent flaws.” Sursa
      • 1
      • Upvote
  22. Se poate inchide. Vad ca exista si free. Eu nu am stat sa caut.
  23. Eu nu am stat sa caut sa vad daca o gasesc gratuit sau nu. Problema fiecaruia ce si cum ofera / cumpara.
  24. Tema e luata de pe ThemesForest - Regular License. Features: HTML5+CSS3 Bootstrap 3.3 Fully responsive 60+ Template Pages 50+ Plugins Exclusive Plugins and Features Interactive Charts Unlimited Color options +Skin Generator PM cine doreste. Pret: 5$ - Doar Paypal
  25. Era la un moment dat un topic legat de subiectul asta. Din pura curiozitate, imi puteti da careva un link catre acel thread ? Mi se pare ok sistemul actual de reputatie. No need for any changes
×
×
  • Create New...