Jump to content

Kalashnikov.

Active Members
  • Posts

    456
  • Joined

  • Last visited

Everything posted by Kalashnikov.

  1. @aelius , nu boss, stam si radem de spectacol )
  2. Vezi ca faci pleonasm e RST nu RST Team (romanian security team team). Bun venit . le: cauta sa inveti programare, dupa or sa vina si bani. le2: incearca sa eviti xerox-urile.
  3. 2015555555555555555555555555555555555555
  4. Stii sa citesti ? "Aratati-va aici hack-urile si atacurile voastre! Fake hackers gona be warned" . + de ce ai pune la showoff ceva care are legatura cu metin?
  5. Invata sa scrii in romana Fii om ( nu am copiii stai linistit ) vrei sa spui Fi om! Vreau sa pun si eu un pm, de fapt eu am trimis si am primit unul amuzant inapoi. Pacat ca nu mai am logurile in care mi s-a spus ca am facut romana cu femeia de servici de la accelasi tip.
  6. Un hacker bun, e ala care hackereste alti hackeri.
  7. Copy-writere uita-te daca a mai fost postat inainte https://rstforums.com/forum/93541-smartwatch-hacked-data-exchange-smartphone-not-so-secure.rst . p.s: felictari, eu in 2-3 ani fac posturile tale, tu in 2 saptamani ai ajuns la o competenta mare.
  8. We are living in an era of smart devices that we sync with our smartphones and make our lives very simple and easy, but these smart devices that inter-operates with our phones could leave our important and personal data wide open to hackers and cybercriminals. Security researchers have demonstrated that the data sent between a Smartwatch and an Android smartphone is not too secure and could be a subject to brute force hacks by attackers to intercept and decode users' data, including everything from text messages to Google Hangout chats and Facebook conversations. Well this happens because the bluetooth communication between most Smartwatches and Android devices rely on a six-digit PIN code in order to transfer information between them in a secure manner. Six-digit Pin means approx one million possible keys, which can be easily brute-forced by attackers into exposing entire conversations in plain text. Researchers from the Romania-based security firm Bitdefender carried out a proof-of-concept hack against a Samsung Gear Live smartwatch and a paired Google Nexus 4 handset running Android L Preview. Only by using sniffing tools available at that moment, the researchers found that the PIN obfuscating the Bluetooth connection between both devices was easily brute forced by them. Brute force attack is where a nearby hacker attempts every possible combination until finding the correct one. Once found the right match, they were able to monitor the information transferring between the smartwatch and the smartphone. poc: he researchers explained that their findings were "pretty consistent with [their] expectations" and without a great deal of effort, an encrypted communications between wearable technology and smartphones could be cracked and left open to prying eyes. This new discovery is important particularly for those who are concerned about their personal data, and considering the increase in the market of smartwatches and wearable devices at the moment, the discovery will definitely made you to think before using one. HOW TO PROTECT YOURSELF FROM SUCH ATTACKS To protect yourself to be a victim of such attacks, use Near Field Communication (NFC) to safely transmit a PIN code to compatible smartwatches during pairing, but that would likely increase the cost and complexity of the devices. In addition, "using passphrases is also tedious as it would involve manually typing a possibly randomly generated string onto the wearable smartwatch," the report said. Another option is to use original equipment manufacturers (OEMs) by Google as an alternative to make data transfers between either device more secure. "Or we could supersede the entire Bluetooth encryption between Android device and smartwatch and use a secondary layer of encryption at the application level," the report offered. There are almost certainly other potential fixes available. source: http://thehackernews.com/2014/12/Android-Smartwatch-Hacked.html
  9. The massive hacking attack against Sony Pictures Entertainment has reached a more scarier phase following another huge leak of sensitive, confidential documents revealing celebrity contact details and upcoming film scripts. The so-called Guardians of Peace (GoP) group taking responsibility for the massive hack attack against Sony Pictures Entertainment claimed to have released a new trove of more confidential data including private information of its employees, celebrity phone numbers and their travel aliases, film budgets, upcoming film scripts and many more. By the end of past two weeks before Sony Pictures Entertainment faced cyber attacks that shut down the company's computer system, the group revealed nearly 40 GB of data which contained confidential information of Sony employees such as salaries, addresses, and the US Social Security Numbers. Also, high-quality versions of five newest films distributed by Sony Pictures were also leaked online. On Monday, several hundred gigabytes of new data were made available by the group, which could be very painful for and highly damaging to Sony's reputation and bottom line. Some media sources speculate that this could be part of an elaborate publicity stunt for The Interview, but it seems highly unlikely. The recent trove of data includes: Movies' Financial Data - a large file detailed financial data which includes revenues and budget costs, for all of Sony's recent films. Unreleased Movie Scripts - unreleased scripts for upcoming movies, including The Wedding Ringer with Kevin Hart (2015), Paul Blart Mall Cop 2 (2015), the animated film Pixels (2015) and the animated film Sausage Party with Seth Rogen and Kristen Wiig, have also been released. Celebrities' Personal Data - a huge dump of information related to celebrities' personal data, including aliases formerly used by famous actors has also been released which is really embarrassing for the company. Brad Pitt's phone number is also listed, which could be of his assistant. Seth Rogen and Emma Stone's personal email addresses, as well as Jesse Eisenberg's home address have also been leaked among a lot of emails and phone numbers for lesser-known celebrities. Release Schedules - a number of files detailed confidential movie release schedules, both for Sony Pictures and Sony-owned Columbia Pictures. Invoices - a folder contains hundreds of invoices related to various movie projects, including Skyfall, Captain Phillips and Smurfs 2. Bank Accounts - there are files which contain dozens of bank accounts, both personal and belonging to Sony corporation. Sony's Promotional Activities - a bill detailed Sony Pictures expenditure when promoting movies, which includes Tom Hanks, Naomie Harris' hair styling bill, the Skyfall London premiere in 2012, along with bills that Sony spend in distributing gifts. Many are linking the GoP group to North Korea, who denounced Sony's upcoming Seth Rogen and James Franco comedy "The Interview" all the way back in June. The movie is about two journalists who are recruited by the CIA to assassinate North Korean leader Kim Jong Un. While the state has denied any involvement with the hack. Some days before when GoP group send a threatening email to Sony executives, they didn’t even ask the company to cancel the release of The Interview movie, in fact they asked for money. So, linking the film to this massive hack attack on Sony may just be a misdirection. This information leaked by the group may or may not be useful for others, but Sony Pictures' competitors will surely be tempted to scour through every last detail of the company's business practices. And till now, they have known how Sony does business in general.
  10. Security researchers have discovered a number of critical vulnerabilities in the Java environment of the Google App Engine (GAE) that enables attackers to bypass critical security sandbox defenses. Google App Engine is Google’s PaaS (Platform as a Service) Cloud computing Platform for developing and hosting web applications in Google-managed data centers. GAE offers to run custom-built programs using a wide variety of popular languages and frameworks, out of which many are built on the Java environment. The vulnerabilities was reported by Security Explorations, the same security research company that carried out multiple researches related to Java in past. The discovery was announced on the Full Disclosure ( Full Disclosure: [sE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google) ) security mailing list by Adam Gowdiak, founder and CEO of Security Explorations. According to the security firm, the flaws can be exploited by attackers to achieve a complete Java VM security sandbox escape, as well as to execute an arbitrary code. The researchers estimate that the number of issues is "30+ in total." By exploiting the vulnerabilities, security researchers were able to bypass Google App Engine whitelisting of JRE Classes and gain access to full JRE (Java Runtime Environment). They discovered 22 full Java VM security sandbox escape issues and were able to exploit 17 of them successfully. Moreover, the researchers were able to execute native code, specifically to issue arbitrary library/system calls and to gain access to the files (binary/classes) comprising the JRE sandbox. They even siphoned off DWARF information from binary files, PROTOBUF definitions from Java classes and PROTOBUF definition from binary files among others. However, the researchers have been unable to finish their research because Google suspended their test Google App Engine account. As Google has generally been supportive and helpful to the security research community, Researchers at the security firm believes that Google will allow them to complete their research and re-enable their Google App Engine account. sursa: http://thehackernews.com/2014/12/google-app-engine-hosting-security.html
  11. 0. encriptie pe ea (nu base64, nu toti pustani or sa reuseasca sa decripteze, iar daca afla si schimba parola, solutia mai jos). 1. bbcode cu view doar daca ai posturi necesare. 2. o trimiti iokent prin pm la membrii, fiecarui alt cont sa vezi cine schimba.
  12. Kevin Mitnick care are mitnicksecurity.com adica https://rstforums.com/forum/71937-xss-mitnicksecurity-com.rst ))))))))))) cine a facut lista asta ba?
  13. poti face o arhiva ? iti trebuie cont premium sa le descarci toate..
  14. Three of the seven bulletins are rated 'critical' and have to do with vulnerabilities in Windows, Internet Explorer and Microsoft Office. "With the balance of next week’s bulletins impacting Windows, December will be a month for IT to focus on the desktop," noted Russ Ernst, director of product management at Lumension. "This isn’t to say servers can be ignored however - it looks like Microsoft will also release the Exchange update originally planned for the November – and this fact is especially true if you’re still using Windows Server 2003. Earlier this month we saw alerts issued by The Department of Homeland Security urging businesses to migrate before the July 14, 2015 end of life." Ross Barrett, senior manager of security engineering at Rapid7, noted that in addition to IE, the critical issues affect all supported versions of Microsoft Office and SharePoint, as well as all supported versions of Windows prior to Windows 8 and Windows Server 2012. "We also see an Important Elevation of Privilege patch for MS Exchange, presumably this is MS14-075 which was held back from the November updates for quality issues," he said, adding there are also bulletins ranked 'Important' affecting Windows and Office. "The Windows issue is an Information Disclosure vulnerability affecting all support OS versions," Barrett said. "The others are Remote Code Execution issues in Office which fall below the Critical risk level, probably as they are deemed to be less exploitable." Patch Tuesday will be Dec. 9.
  15. ps4
  16. in 2 ore lanseaza rachetuta
  17. Si daca folosesc acunetix si havij pentru site-ul meu? (pentru al securiza) plm, e chiar absurd motivul pentru care a fost perchezitionat.
  18. The eBay owned popular digital payment and money transfer service, PayPal has been found to be vulnerable to a critical web application vulnerability that could allow an attacker to take control over users' PayPal account with just a click, affecting more than 156 millions PayPal users. An Egyptian security researcher, Yasser H. Ali has discovered three critical vulnerabilities in PayPal website including CSRF, Auth token bypass and Resetting the security question, which could be used by cybercriminals in the targeted attacks. Cross-Site Request Forgery (CSRF or XSRF) is a method of attacking a website in which an attacker need to convince the victim to click on a specially crafted HTML exploit page that will make a request to the vulnerable website on their behalf. Mr.Yasser demonstrated the vulnerability step-by-step in the Proof-of-Concept (PoC) video using a single exploit that combines all the three vulnerabilities. According to the demo, using Paypal CSRF exploit an attacker is able to secretly associate a new secondary email ID (attacker's email) to the victim's account, and also reset the answers of the security questions from target account. PayPal uses security Auth tokens for detecting the legitimate requests from the account holder, but Mr. Yasser successfully bypassed it to generate exploit code for targeted attacks, as shown in the video. Once executed, the exploit will add attacker's email id to victim's account, which could be used to reset the account password using "Forgot Password" option from the Paypal website. But the attacker can not change the victim's password without answering the security questions configured by user while signing up. https://www.youtube.com/watch?v=KoFFayw58ZQ Yasser found that another bug in PayPal allows him to reset the security questions and their answers of his choice, hence this facilitates him to bypass the PayPal security feature completely in order to reset the new password for the victim's account. sursa: Hacking PayPal Account with Just a Click
  19. A computer virus is a malware program Malware, short for malicious software,
  20. https://rstforums.com/#tab-2
  21. Bravo pentru fapta ta Tu si asa nu ai nevoie sa vi ca esti un balot de cunostinte.
  22. incearca archlinux
×
×
  • Create New...