begood

Alizée - Moi... Lolita

HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS. The plugin currently works for: Google Search Wikipedia Twitter Facebook The New York Times The Washington Post Paypal EFF Tor Ixquick. HTTPS Everywhere Firefox extension: Encrypt the Web

As unstructured summertime looms, kids and teens are likely to be spending more time on the Internet. Now, a free download is available to help them keep themselves safer both online and while using a cell phone. Own Your Space is an Internet security book that teaches youths and even their parents how to keep themselves "and their stuff" safer online. "With the rise of high-technology communications within the teen population, this is the obvious solution to an increasingly ubiquitous problem: how to deliver solid, easy-to-understand Internet security information into their hands? By putting it on the Internet and their hard drives, for free," said Linda McCarthy, former Senior Director of Internet Safety at Symantec. "In this age of unsafe-Internet and risky-texting practices that have led to the deaths and the jailing of minors, I'm thankful for everyone who works toward and sponsors our advocacy to keep more youth safe while online and on cell phones," McCarthy said.

Ever wanted to upload a folder full of photos to Picasa from a command prompt? We did, a lot, last summer. It made us want to say: $ google picasa create --title "My album" ~/Photos/vacation/*.jpg So we wrote a program to do that, and a whole lot more. GoogleCL is a command-line utility that provides access to various Google services. It streamlines tasks such as posting to a Blogger blog, adding events to Calendar, or editing documents on Google Docs. For example: $ google blogger post --blog "My blog" --tags "python, googlecl, development" my_post.html $ google calendar add "Lunch with Jason tomorrow at noon" $ google docs edit --title "Shopping list" --editor vim GoogleCL is a pure Python application that uses the Python gdata libraries to make Google Data API calls from the command line. Read more at the GoogleCL project page, or jump right to the examples. Along with a standard tarball, we have a .deb package ready for download, and hope to have it included in Debian and Ubuntu repositories in time for their next releases. We're adding features all the time, so check in frequently. Or better yet, contribute. GoogleCL brings cloud computing to your fingertips, literally! Introducing the Google Command Line Tool - Google Open Source Blog googlecl - Project Hosting on Google Code

^esti cam branza... begood = skinny geek

sper ca glumesti ))))))))))))))))))

De pe blog : 0 centi. planuri de viitor : de 10 ori mai mult. Blogul nu-l folosesc pentru a scoate bani.

Ala de pe demonoid are Frequency:44100 Hz sa-l faci de 48000 Hz sa se auda bine.

level 13 :> multam DLD. but i really need the setup files, asta e primul joc pe care l-am "crack-uit" o sa va si explic cum, doar sa fac rost de jocul original. le : http://www.dosgamesarchive.com/files/supaplex.zip

l-am jucat din 94 pana prin 2003... pe windows 95 cine il are ?

thx ! acum il iau @daat ma insulti, dar multam.

As vrea sa vad filmul Curly Sue (1991) cu iubita si nu reusesc sa-l gasesc nicaieri. Va uitati si voi pe un tracker extern ? ty.

Five days after it was disclosed in a highly controversial advisory, a critical vulnerability in Microsoft's Windows XP operating system is being exploited by criminal hackers, researchers from anti-virus provider Sophos said on Tuesday. The flaw in the Windows Help and Support Center was disclosed on Thursday by researcher Tavis Ormandy. His public advisory came just five days after he privately informed Microsoft of the defect, prompting fierce criticism from some circles that he hadn't given the software giant adequate time to fix the hole. That made it easier for attackers to target the bug, which allows attackers to take complete control of vulnerable machines when a user views a specially designed webpage, the critics howled. According to Sophos, researchers have seen the first case of a website using the vulnerability to install malicious software on victim machines. “This malware downloads and executes an additional malicious component (Troj/Drop-FS) on the victim’s computer, by exploiting this vulnerability,” they warned. Microsoft soon amended its own advisory on the vulnerability to say researchers are “aware of limited, targeted active attacks that use this exploit code.” Although the vulnerability also afflicts Windows Server 2003, Microsoft's advisory said that OS wasn't “currently at risk from these attacks.” Ormandy's advisory has reignited the age-old debate over full disclosure, in which researchers publish complete details of a vulnerability under the belief that it is the best way to ensure a company fixes it quickly. Ormandy has defended his decision to give Microsoft just five days of advanced warning saying in a recent tweet: “I'm getting pretty tired of all the '5 days' hate mail. Those five days were spent trying to negotiate a fix within 60 days.” Users of XP and Server 2003 should consider disabling features within Help Center that allow administrators to remotely log onto machines. For individual users, the easiest way to do this is to use the online “Fixit” application Microsoft has provided here. ® Critical and unpatched, Windows XP bug is under attack ? The Register

The attorney for search engine Isohunt urged a federal appeals court to block a lower court ruling that might lead to the collapse of the site. Isohunt, which has 30 million unique monthly visitors, asked the 9th U.S. Circuit Court of Appeals in San Francisco to block a March takedown order in what was the first U.S. ruling testing the legality of BitTorrent search engines, said Ira Rothken, the site’s attorney. Hollywood’s legal tactics shuttered TorrentSpy in the United States in 2008, but the merits of that BitTorrent search engine’s case were never decided. Isohunt, the Canadian-based site run by 27-year-old Gary Fung, is challenging U.S. District Judge Stephen Wilson’s injunction (.pdf) as being too broad, Rothken said. That judge ruled that Isohunt was an unlawful avenue to free, copyrighted movies and television shows. One issue concerns how Fung should remove searches from his three search engines: Isohunt, Torrentbox and Podtropolis. The Motion Picture Association of America, which brought the case, has sent keyword searches it wants removed, like the number 10, Alice in Wonderland and Dracula, Rothken said. “One person’s copyrighted Wizard of Oz is another person’s public domain work,” Rothken said in a brief telephone interview Tuesday. He said the movie studios should provide URLs or hashes, which would positively identify which search link should be removed. “The motion picture studios do not have a monopoly on names on things. That is where the injunction is violating the First Amendment,” he said. The MPAA, which won the March 23 injunction, declined comment. Even if the appeals court does not immediately intervene or stay the Los Angeles federal judge’s injunction, Rothken said Isohunt would not go under anytime soon, if at all. “Depending on what happens, there may or may not be proceedings to interpret the injunction in the trial court,” he said. The judge said “upwards of 95 percent of all dot-torrent files downloaded from Isohunt’s three websites returned infringing material or works that are “at least highly likely to be infringing.” Judge Wilson ruled Friday that he would not stay enforcement of the injunction unless by an order of the federal appeals court. The injunction gives Isohunt about two weeks to comply with Hollywood’s takedown notices. The judge attempted to clarify the injunction on Friday, saying the keyword searches “shall only apply to film and television works copyrighted by plaintiffs.” Read More http://www.wired.com/threatlevel/2010/06/isohunt-not-dead-yet/

da tu ce stii sa faci ?

TGP - "Thor's Godly Privacy" 06/13/10 v1.1.06 TGP is a small yet very powerful encryption utility. With all eyes on "the cloud," I decided to write an encryption application better suited to an environment where portability and security were, at the least, challenging. In cloud computing, not only is the use of file structures becoming more abstract, but the very concept of a "file server" is becoming more and more ubiquitous. As such, I designed TGP with "encryption for the cloud" in mind. That means that not only does TGP do everything your normal PGP-type applications do, but it does things a bit differently - differently in a way that can change the way you work with your encrypted data. At the simplest level, this is done by encrypting data into byte arrays, and then converting those byte arrays into Base64 encoded text wrapped inside XML tags. In this way, not only do you get your typical file-based encrypted representation of your data, but you also get data that you can copy and paste directly into any email, mailing list, blog-page, or social networking site. What I think is interesting about this is that if we choose to, we no longer have to be the custodians of our encrypted data - we don't have to worry about actually housing the files: we can just post them to the internet and let someone else assume the burden of storing the files for us. If I want to share encrypted files with someone or secure my own files, all I have to do is TGP encrypt the data I want, and post it to a mailing list somewhere. In the case of a list like Bugtraq or Full Disclosure, the data is actually automatically replicated out to any number of archive sites, thus distributing my data for me. I can literally be anywhere in the world and just do a quick search for my post to retrieve my data. And since the TGP public key files are also text representations of encrypted key data, I can do the same with my keys. Normally, you want to keep your private keys as safe as possible. This is still the case with TGP. However, it is trivial to build as many private keys as you wish to use for anything you want to use them for. TGP Private Key files are password protected and individually salted, so with a strong passphrase you have very reasonable assurance that no one is going to get to your key any time soon. So, you can create a private key with a strong password, post that, and then, say, encrypt a scan of your passport and post that. Then if you are ever in a pinch while travelling or something like that, you can simply use Google or Bing to access your data wherever you are. Of course, that's just an example, but I think it illustrates the power of encrypted file structures like this. You can literally use Facebook to post encrypted documents that you don't have to maintain. That's really the main different between TGP and an application like PGP. That and of course, TGP is free, and personally, I think PGP is tardware. It's bloated, it's far too expensive, it's hard to use, and if you don't watch your licensing, you can get screwed hard like I did when I didn't want to buy the extended support and one day my encrypted drives stopped working until I paid them. That doesn't fly. TGP also doesn't require that you are an admin to install. However, the .NET installer for the 4.0 client profile does - that's not my doing. Regardless, here are the file structures TGP uses: Things that still suck about TGP Currently TGP uses a memory stream for the destination of the AES cryptostream. This sucks because it makes the maximum file one can encrypt based on available memory. It's not a huge deal, but it does keep you from encrypting a gigabyte file. I'll be changing that soon. ..:.:.:: H O G ::.:.:.. ..:.:.:: H O G ::.:.:.. threadul l-am gasit pe fulldisclosure : Full Disclosure: Introducing TGP...

Mi-a povestit maica-mea ca a vazut un aparat cu 2 milioane. Ma duc, ma interesez si iti zic.

frate, e stealer nu botnet.

I've got good news and bad news for those of the misguided perception that Linux is somehow impervious to attack or compromise. The bad news is that it turns out a vast collection of Linux systems may, in fact, be pwned. The good news, at least for IT administrators and organizations that rely on Linux as a server or desktop operating system, is that the Trojan is in a game download so it should have no bearing on Linux in a business setting. Unreal IRCd Forums states "This is very embarrassing...We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it. This backdoor allows a person to execute ANY command with the privileges of he user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in)." The post goes on to say "It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now." Unreal is a popular first-person shooter game--similar to Doom or Quake. I don't have any numbers on the total downloads since November of 2009, but it seems safe to assume there are a lot of Linux systems out there compromised by a backdoor Trojan. However, none of those systems should be in a place of business, so the risk from a business perspective is not very high. IT administrators can learn, though, from the mea culpa at the end of the UnrealIRCd Forums post. "We simply did not notice, but should have. We did not check the files on all mirrors regularly, but should have. We did not sign releases through PGP/GPG, but should have done so." Basically, because of the false sense of security provided by Linux it simply never occurred to anyone to check if the software might be compromised. Combining that false sense of security with the security by obscurity factor that Linux makes up less than two percent of the overall OS market and isn't a target worth pursuing for attackers, means that many Linux owners have zero defenses in place. To be fair, Linux experts are aware that the operating system is not bulletproof. You can pick any flavor of Linux, and its accompanying tools and applications and find hundreds of vulnerabilities. The difference--according to the many lectures I have received in the comments of articles I have written on Windows security--is that the way the Linux OS is written makes it harder to exploit a vulnerability, and that because its open source vulnerabilities are fixed in hours rather than months. The lesson for IT Admins managing Linux is to be more vigilant. Linux is not impervious to attack. Hopefully the Linux systems in a business environment aren't running Unreal, but it's quite possible that Unreal is not the only compromised software available. Linux does not have the vast array of threats facing it that Windows systems do, but there are still threats. Even if those threats aren't exploited through a quickly-spreading worm, they are still there and represent a potential Achilles heel in your network security if not monitored and protected. Don't make the mistake of simply assuming Linux systems are safe because they're Linux systems. Implement similar security controls and policies for Linux as you have in place for Windows systems and you can prevent being pwned by a backdoor Trojan for months without even knowing about it. Linux Trojan Raises Malware Concerns - Yahoo! News

de acum in colo nu va voi mai scana programe care contin mai multe aplicatii / packuri. invatati sa faceti si singuri asta.

update : instalati update-urile de la Adobe Flash player !! Flash Player 10.1.53.64 (IE) Flash Player 10.1.53.64 (Non-IE)

gheata are densitate mai mica decat apa, mai exact 90% => se dilata. la 4 grade, apa are densitatea cea mai mare => ocupa cel mai mic spatiu.

4chan meme. parca kenny umbla pe acolo

presupun ca da, fiind vpn.

Researchers demonstrate attack that dupes victims in online chats French researchers have developed an automated social engineering tool that uses a man-in-the middle attack and strikes up online conversations with potential victims. The proof-of-concept HoneyBot poses convincingly as a real human in Internet Relay Chats (IRC) and instant messaging sessions. It lets an attacker glean personal and other valuable information from victims via these chats, or lure them into clicking on malicious links. And the researchers had plenty of success in their tests: They were able to get users to click onto malicious links sent via their chat messages 76 percent of the time. The researchers who created the PoC -- Tobias Lauinger, Veikko Pankakoski, Davide Balzarotti, and Engin Kirda, all of Institut EURECOM in France -- are also working on taking their creation a step further to automate social engineering attacks on social networks. "By automatically crawling and correlating the information users store in social networks, we are able to collect detailed personal information about each user, which we use for automated profiling," Kirda says. "Having access to such information would allow an attacker to launch sophisticated, targeted attacks or to improve the efficiency of spam campaigns." The researchers originally wrote their so-called HoneyBot PoC tool as a way to demonstrate large-scale automated social engineering attacks. While spammers typically send IM messages that attempt to lure users to click on their malicious links, these attacks are often fairly conspicuous and obvious to the would-be victim. "We wanted to see if it would be possible to automate social engineering and how effective they would be in practice. Our aim was to warn against a new threat posed by sophisticated [automated social engineering] bots and raise awareness about such attacks in practice," Kirda says. Such an attack could occur via an online shopping website or bank site that contains an embedded chat window, the researchers say. An attacker then could set up a phishing site and wage a man-in-the-middle attack on the chat window. "The attacker [then] can read all the data that is entered by the victims and modify it before it is sent to the authentic support," Lauinger says. It could also be used to distribute malware by setting up a malicious Web page that infects the user's machine, for example. The researchers demonstrated an attack that works like this: The bot registers as a regular user of a chat service and initiates an online conversation with a real user, "Alice." If Alice sends a message back to the bot, then the bot forwards her message to another legitimate user, "Bob," while eavesdropping and directing their conversation. "Instead of using artificial intelligence or some other form of logic to generate an answer, the bot just forwards Alice's message to a second human user, Bob," Lauinger says. Alice and Bob think they're talking to a real IRC user, but it's really the bot. "The messages sent to that nickname are ultimately answered by another human user. That other user isn't aware of the bot, either, because the attack works exactly in the same way for both human users that are involved in the attack." The Python-based HoneyBot tool can automatically connect and disconnect from IRC channels and execute multiple attacks. It also speaks English, French, and Italian. The tool was first revealed publicly in April at the Usenix LEET symposium, where Lauinger presented the team's paper (PDF) -- and the researchers plan to detail their social networking enhancements in September at the Recent Advances in Intrusion Detection (RAID) 2010 Symposium in Ottawa. The researchers also conducted a limited experiment with the tool on Facebook, mainly to prove it was possible. Lauinger says Facebook would be a more lucrative attack surface for a bad guy because of the large number of novice users and the wealth of private and sensitive data there. An attacker could build a phony profile and go from there: "If an attacker manages to clone two profiles and get on the friend list of the respective authentic user, it could forward messages between the fake and authentic profiles," he says. "If the real users chat with the fake profile instead of the real one, the attacker could spy on the messages that are exchanged and modify them, as in our social engineering attack." Meanwhile, the researchers say they were surprised by how long the bot was able to successfully engage users. "We had the feeling that a man-in-the-middle bot attack would work well in practice. However, we did not think that we would be able to sustain the conversation between some users for several hours," Balzarotti says. "Also, we were surprised that many users clicked on links, although some IRC channels explicitly warned them against clicking on links." Defending against an automated social engineering attack isn't easy: Social engineering, by nature, is all about human nature, and there's no patch for that. Heuristic detection can at least flag users of suspicious behavior, but slick attacker can find a way to evade it, the researchers say. http://darkreading.com/insiderthreat/security/privacy/showArticle.jhtml?articleID=225600304