begood

May 13, 2010

de la 15 mil, la 11 mil. iar indemnizatia de 85% din salar a proaspetelor mamici am inteles ca se taie la ceva infim astia-s normali ? semnati aici !

daca'r fi loki, i-ar plange sotia de mila.

hertz iti pare tie activ ? nici nytro nu-i, oare cine e... ? dilema mare

tu crezi ca profesorii stau acasa si belesc pula in alea 3 luni ? ai habar de sistemul de invatamant ? daca nu, you get the point.

o idee : doar profesorii de matematica / romana fac bani cu care se pot mandri, din particular, restul, un profesor de sport sau unul de religie din ce credeti ca mai poate face bani ?

plm, o sa fie probleme cu bacu daca continua. Desi totul e de fatada, trebuie si ei sa reactioneze cumva, si o fac, iaca, asa.

acelasi server de bitfrost. ban permanent.

BackDoor.Bifrost.8 macar daca i-ai fi pus iconita originala, nu batea la ochi in halu asta. Virustotal. MD5: 19366349a3e653ebd2ef0f018a77ac5d Backdoor.Trojan Gen:Trojan.Heur.In3@fPFf8@O a variant of Win32/TrojanDropper.VB.NNX warn pentru incompetenta.

(PhysOrg.com) -- Two University of Pennsylvania mathematicians have found solutions to a 140-year-old, 7-dimensional equation that were not known to exist for more than a century despite its widespread use in modeling the behavior of gases. The study, part historical journey but mostly mathematical proof, was conducted by Philip T. Gressman and Robert M. Strain of Penn’s Department of Mathematics. The solution of the Boltzmann equation problem was published in the Proceedings of the National Academy of Sciences. Solutions of this equation, beyond current computational capabilities, describe the location of gas molecules probabilistically and predict the likelihood that a molecule will reside at any particular location and have a particular momentum at any given time in the future. During the late 1860s and 1870s, physicists James Clerk Maxwell and Ludwig Boltzmann developed this equation to predict how gaseous material distributes itself in space and how it responds to changes in things like temperature, pressure or velocity. The equation maintains a significant place in history because it modeled gaseous behavior well, and the predictions it led to were backed up by experimentation. Despite its notable leap of faith -- the assumption that gases are made of molecules, a theory yet to achieve public acceptance at the time — it was fully adopted. It provided important predictions, the most fundamental and intuitively natural of which was that gasses naturally settle to an equilibrium state when they are not subject to any sort of external influence. One of the most important physical insights of the equation is that even when a gas appears to be macroscopically at rest, there is a frenzy of molecular activity in the form of collisions. While these collisions cannot be observed, they account for gas temperature. Gressman and Strain were intrigued by this mysterious equation that illustrated the behavior of the physical world, yet for which its discoverers could only find solutions for gasses in perfect equilibrium. Using modern mathematical techniques from the fields of partial differential equations and harmonic analysis — many of which were developed during the last five to 50 years, and thus relatively new to mathematics — the Penn mathematicians proved the global existence of classical solutions and rapid time decay to equilibrium for the Boltzmann equation with long-range interactions. Global existence and rapid decay imply that the equation correctly predicts that the solutions will continue to fit the system’s behavior and not undergo any mathematical catastrophes such as a breakdown of the equation’s integrity caused by a minor change within the equation. Rapid decay to equilibrium means that the effect of an initial small disturbance in the gas is short-lived and quickly becomes unnoticeable. “Even if one assumes that the equation has solutions, it is possible that the solutions lead to a catastrophe, like how it’s theoretically possible to balance a needle on its tip, but in practice even infinitesimal imperfections cause it to fall over,” Gressman said. The study also provides a new understanding of the effects due to grazing collisions, when neighboring molecules just glance off one another rather than collide head on. These glancing collisions turn out to be dominant type of collision for the full Boltzmann equation with long-range interactions. “We consider it remarkable that this equation, derived by Boltzmann and Maxwell in 1867 and 1872, grants a fundamental example where a range of geometric fractional derivatives occur in a physical model of the natural world,” Strain said. “The mathematical techniques needed to study such phenomena were only developed in the modern era.” Provided by University of Pennsylvania (news : web) Mathematicians Solve 140-Year-Old Boltzmann Equation

@sosetutza ban. )))

spoileeeeeeeeeer fmm loki, trebuia sa specifici in titlu !

@sec_hacker_ret esti pe langa. @pyth0n3 multumim pentru avertizari si explicatii.

Copies itself into P2P shared folders using the names of the top 100 software and top 100 games on the BitTorrent tracker site as file names. Security researchers at TrendLabs have recently spotted a new worm spreading through P2P applications similar to the threat that displays bogus copyright violation warnings. Unlike most known worms that use hard-coded file names in order to trick users by pretending to be cracks, key generators, or actual software, WORM_PITUPI.K regularly changes its name, using the names of the top 100 software titles and top 100 games on the Swedish BitTorrent tracker site The Pirate Bay as file names. The problem with using the hard-coded technique is that the malware becomes obsolete once the software becomes outdated. WORM_PITUPI.K goes about this by using the names of recently released software by connecting to The Pirate Bay every time the worm executes. It then drops copies of itself into P2P shared folders using the names of the top 100 software and top 100 games as file names. The file names for the dropped copies are the names of the Top 100 software and 100 games based on the following URLs: The Pirate Bay - The world's most resilient bittorrent site The Pirate Bay - The world's most resilient bittorrent site It’s capable of dropping as many as 200 copies into P2P with every execution., and at 254,604 bytes per copy, the worm can easily occupy a substantial portion of a user’s HDD over time. The worm is spread via removable drives and over the Ares, Bearshare, BitComet, eMule, FrostWire, Kazaa, Limewire, Lphant, and Shareaza P2P networks. Unfortunately, copies of the malware’s source code have also been found to be freely available in underground forums. As such, malicious programmers can enhance it to include other payloads such as downloading routines or even backdoor capabilities. You can find the solution to the worm here. P2P Worm Uses Pirate Bay Top 100 to Change Name

Jonathan Zdziarski, iPhone hacker and data forensics expert, demonstrates step-by-step how to bypass the iPhone passcode: This method is used by law enforcement agencies, but Zdizarski explains the bypass such a way that anyone can learn how to perform the process. iPhone hacker demonstrates how to bypass the iPhone passcode - iSmashPhone iPhone Blog

. .

Dubbed an "8.0 earthquake for Windows desktop security software" by its creators, the KHOBE (Kernel Hook Bypassing Engine) or the argument-switch attack has been recently presented as a technique that can bypass most - if not all! - security software. The following software is considered vulnerable: 3D EQSecure Professional Edition 4.2 avast! Internet Security 5.0.462 AVG Internet Security 9.0.791 Avira Premium Security Suite 10.0.0.536 BitDefender Total Security 2010 13.0.20.347 Blink Professional 4.6.1 CA Internet Security Suite Plus 2010 6.0.0.272 Comodo Internet Security Free 4.0.138377.779 DefenseWall Personal Firewall 3.00 Dr.Web Security Space Pro 6.0.0.03100 ESET Smart Security 4.2.35.3 F-Secure Internet Security 2010 10.00 build 246 G DATA TotalCare 2010 Kaspersky Internet Security 2010 9.0.0.736 KingSoft Personal Firewall 9 Plus 2009.05.07.70 Malware Defender 2.6.0 McAfee Total Protection 2010 10.0.580 Norman Security Suite PRO 8.0 Norton Internet Security 2010 17.5.0.127 Online Armor Premium 4.0.0.35 Online Solutions Security Suite 1.5.14905.0 Outpost Security Suite Pro 6.7.3.3063.452.0726 Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION Panda Internet Security 2010 15.01.00 PC Tools Firewall Plus 6.0.0.88 PrivateFirewall 7.0.20.37 Security Shield 2010 13.0.16.313 Sophos Endpoint Security and Control 9.0.5 ThreatFire 4.7.0.17 Trend Micro Internet Security Pro 2010 17.50.1647.0000 Vba32 Personal 3.12.12.4 VIPRE Antivirus Premium 4.0.3272 VirusBuster Internet Security Suite 3.2 Webroot Internet Security Essentials 6.1.0.145 ZoneAlarm Extreme Security 9.1.507.000 probably other versions of above mentioned software possibly many other software products that use kernel hooks to implement security features. As the researchers explain in their paper, the attack is so successful because the great majority of these solutions modify the user and kernel code and data structures. These modifications - colloquially dubbed hooks - are often poorly implemented and create holes in the system. The most common kernel hooks in modern-day security solutions are SSDT hooks, and those are precisely the ones that the researchers took advantage of execute the attacks. Basically, the software is fed with with values that will pass the checks, only to be interchanged with malicious code after they do. Also, the attack is supposedly even more likely to succeed when the system has multiple cores (and a lot of computers do), and can be executed even if the attacker has access only to a restricted user account. Some security security firms have published their view of the matter already. Not surprisingly, they dispute the effectiveness of the attack. Sophos' Paul Ducklin says that "Sophos's on-access anti-virus scanner doesn't uses SSDT hooks, so it's fair for us to say that this isn't a vulnerability for us at all." F-Secure researchers admit that Matousec's technical findings are correct, but that their solution has "several layers of sensors and generic detection engines. Matousec's discovery is able to bypass only a few of these sensors." According to The Register, the attack has its limitations: "It requires a large amount of code to be loaded onto the targeted machine, making it impractical for shellcode-based attacks or attacks that rely on speed and stealth. It can also be carried out only when an attacker already has the ability to run a binary on the targeted PC," so there is no need to panic. Even if the attack is possible, it doesn't mean it is likely. The KHOBE attack: Are all AV solutions vulnerable?

Think web application penetration testing and tools like Burp Suite, Fiddler and the likes. Now, you can also start thinking of WATOBO, the Web Application Toolbox! Why, you will come to know as you read this write-up! This tool was presented at the recently held OWASP-Stuttgart in April 2010! The Web Application Toolbox has been programmed in such a way so as to enable security professionals help perform highly efficient (semi-automated ) web application security audits. The author Mr. Andreas Schmidt, is convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities. The working of this tool is similar to WebScarab, Paros or Burp in a sense. It has a good GUI and also supports a command line input. Also, since it is semi-automated, it does not actually need to be adjusted for optimum results and correctly configured. Human intervention will obviously do good over a completely automated process. It can perform two types of checks – active and passive. Passive checks analyze data for normal browsing, including but not limited to cookie security related operations. Active checks generate questions that can be used for while say – SQL injection checks or other checks. Other than these, no additional requests are sent to the application! What really bought us in for this tool is session-management which any free tool lacks! Burp Professional has it, but it is not free. The same with NetSparker. Also, these tools often have only limited automated functions. Customizing paid tools is not easy either. Not this one. Another good thing about this tool is that it can be quickly adapted to new requirements. In short with this tool, you can enjoy benefits of both worlds manual and automatic tools combined! Functions of WATOBO: Supports session management. Detects logout and automatically takes a re-login. Supports filter functions Inline-Encoder/Decoder Includes vulnerability scanner Quick-scan for targeted scanning a URL Full-scan to scan a whole session Manual request editor with special functions Session information is updated Login can be done automatically Transcoder URL, Base64, MD5, SHA-1 Interceptor Fuzzer Free, Stable and Open source! Script code easy to understand Easy to extend / adapt In real-world scenarios tested and developed Speed / usability Active and Passive checks A sample screen shot of the tool: This tool has been programmed in FxRuby which some people might not be open to work with. It will support most Windows operating systems. *Nix compatibility has not been checked or verified by us. But, the language as such supports most *Nix flavours. Other than that, it is pretty much set to be one of the top free web assessment tool. Just look at the road map that the author has planned: Extension of check-modules – e.g. enumeration checks (directories, file extensions ,…) Integration of other open-source tools such as Nikto WebServices / SOAP support Expansion of the functions / GUI At less than 300 KB download for this tool, you sure can give it a try just like we did and were VERY impressed by this tool. Download it’s current version, which was released about 20 hours ago – watobo version 0.9.1-95 here. A set of videos that deal with the application installation, use and performing a full scan can be found here. WATOBO: The Web Application Toolbox! ? PenTestIT

While both Yahoo! Messenger and MSN Messenger have been massively exploited by IM worms, Skype users have been less exposed to this type of e-threat. It's true that hyperlink-sending worms are hardly news in the current malware landscape, and multiple variants affecting various IM services are in the wild, but most of them are extremely easy to remove and don’t come with an additional method of protection. Unlike average IM worms, Backdoor.Tofsee features an extensive set of tricks to deter detection and removal, as well as a wide assortment of ways to harm both the user and their computer. The worm relies on social engineering to lure the user into downloading and executing a copy of itself on the local machine. It looks for the system locale settings (country, language and currency) in order to determine which language to send its messages in. It can use English, Spanish, Italian, Dutch, German, and French to send itself to either Skype or Yahoo! Messenger contacts. The alleged conversations will always be different from the previous messages and will be constantly updated from a remote location. Plus, in order to avoid suspicion, the worm will only send the message during an on-going conversation, rather than randomly starting one-link monologues. As the unwary user clicks on the infected link, they will be redirected to a spoofed page impersonating Rapidshare. If the user continues the download process by clicking the alleged Rapidshare download link, they get a zipped archive called NewPhoto024.JPG.zip. Upon extraction, the archive reveals an executable file with a deceptive name: NewPhoto024.JPG_www.tinyfilehost.com. The file looks like a JPG, followed by an URL. However, trailing .com is actually the file format revealing an MS-DOS executable application. Once executed, the infected binary queries the Windows Registry to see if either Skype or Yahoo Messenger is installed. If neither application is to be found on the computer, the worm will exit without infecting the system. If they are, the worm ensures that it is not being analyzed in a virtual machine by checking the Performance Counter. Should the worm detect that it is running in a virtual machine or inside a debugger, it automatically terminates itself, else it creates create a suspended child process and subsequently inject the worm’s decrypted overlay in it. After the successful injection, the child process is resumed and the parent process kills itself. In order to hide itself from the operating system, the worm deploys its last line of defense: a rootkit driver that conceals files, monitors the global Internet activity originating from the infected machine and prevents access to the URLs associated with antivirus vendors, online scanners, tech support forums and, of course, Windows Update. As a novelty, the worm also denies access to a certain number of high-profile download portals that might host removal tools or antivirus utilities. After having successfully compromised the system, the worm adds itself to the Startup key in the Windows Registry; it also deactivates the Windows Firewall in order to breach the local security and to allow a remote attacker to connect to the worm’s backdoor component. To make things worse, the rootkit component also prevents the installation of any file known to be an antivirus product. Backdoor.Tofsee identifies these files by their filename, so renaming the blocked file should solve the issue. The worm’s spreading mechanism isn’t reduced to spamming itself via Skype and YIM; it also copies itself on any attached USB storage devices it finds by replicating its binary in a newly-created folder called ~secure and creating an autorun.inf file to point to it. A secondary folder, called Temp002 is also generated and a binary file infected with Trojan.Vaklik.AY is planted inside it. All the created files have the archive, hidden and system attributes set to 1 in order to conceal them from the Windows Explorer shell. Backdoor.Tofsee is a high-risk piece of malware that allows a remote attacker to take complete control over the infected machine and use it for various illegal purposes. In order to stay safe, you are advised to install and regularly update a complete antimalware solution with antispam, antiphishing, antivirus and firewall modules. Rootkit-based Skype worm opens backdoors

*begood modeleaza destinele*

Sarco-zi xD

multam, il are careva sa stea la seed ? astept de 3 ore deja. //am luat ambele versiuni, 2008 si 2009, acum le testez.

Bun venit.

What is it? origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents. Features Create PDF documents from scratch. Parse existing documents, modify them and recompile them. Explore documents at the object level, going deep into the document structure, uncompressing PDF object streams and desobfuscating names and strings. High-level operations, such as encryption/decryption, signature, file attachments... A GTK interface to quickly browse into the document contents. Quick look # Create a simple PDF document. contents = ContentStream.new contents.write 'I AM EMPTY', => 350, :y => 750, :rendering => PS::Text::Rendering::STROKE, :size => 15 PDF.new.append_page(Page.new.setContents(contents)).saveas('empty.pdf') # Read a PDF document and add an action. pdf = PDF.read("foo.pdf") pdf.onDocumentOpen Action::URI.new('http://google.com') pdf.saveas('bar.pdf') # Return an array of objects whose name begins with 'JS' pdf.ls(/^JS/) # Return an array of objects containing '/bin/sh' pdf.grep('/bin/sh') # Add a JS script to execute on first page. pdf.pages.first.onOpen Action::JavaScript.new('app.alert("Hello");') # Attach an embedded file to a document pdf.attach_file('other_doc.pdf') Full scripts We provide some scripts helping to perform common actions on PDF files. Feel free to send us your own scripts at origami(at)security-labs.org. detectjs.rb: search for all JavaScript objects. embed.rb: add an attachment to a PDF file. create-jspdf.rb: add a JavaScript to a PDF file, executed when the document is opened. moebius.rb: transform a PDF to a moebius strip. encrypt.rb: encrypt a PDF file. More to come on next releases... Origami in PDF

rad de 10 min ))))