begood

TrueCrypt is a free open source disk encryption software that works on both Windows and Linux platforms. Data stored on an encrypted volume cannot be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. We have covered TrueCrypt in a previous video. In this video, the Cycops team shows us a demo of how to use TrueCrypt and encrypt sensitive data. You can read their blog post for more details. Thanks go out to the Cycops team for referring this video to us. You can visit their site here.

If you are like me and spend half of your life defending your organization's network and the other half commuting... You have little time to spend on keeping up with the latest developments in the ever changing field of IT Security. Listen to a few podcasts in your down time and you might learn something useful. If you are a CISSP, remember to keep a log of the podcasts you listen to so you can earn a few CPEs! Podcasts for Cyber Security Professionals

Gata cearta. Vi-a ajuns.

+1 prin casa cu begooda

Apropos, domnilor, ce credeti despre folosirea vulnerabilitatilor XSS pentru a 'sparge' o parola criptata? la ce te referi ? mai bine o furi cu xss si un javascript keylogger

Researchers have devised a way to monitor BitTorrent users over long stretches of time, a feat that allows them to map the internet addresses of individuals and track the content they are sending and receiving. In a paper presented earlier this week at the Usenix Workshop on Large-Scale Exploits and Emergent Threats, the researchers demonstrated how they used the technique to continuously spy on BitTorrent users for 103 days. They collected 148 million IP addresses and identified 2 billion copies of downloads, many of them copyrighted. The researchers, from the French National Institute for Research in Computer Science and Control, also identified the IP addresses where much of the content originated. They discovered the the vast majority of the material on BitTorrent started with a relatively small number of individuals. "We do not claim that it is easy to stop those content providers from injecting content into BitTorrent," they wrote. "However, it is striking that such a small number of content providers triggers billions of downloads. Therefore, it is surprising that the anti-piracy groups try to stop millions of downloaders instead of a handful of content providers." The researchers said the information leak is built in to the very core of most BitTorrent systems, including those used by ThePirateBay and IsoHunt. They support commands such as "scrape-all" and "announce started/stopped," which when used repeatedly can be used to identify the IP addresses where content originates or is being distributed once it has proliferated. By collecting more than 1.4 million unique .torrent files, they were able to identify specific pieces of content being distributed by particular IP addresses. The results are about 70 percent accurate. "At any moment in time for 103 days, we were spying on the distribution of between 500 and 750K contents," they wrote. "In total, we collected 148M IP addresses distributing 1.2M contents, which represents 2 billion copies of content." The insecurities baked into BitTorrent allowed the researchers to discover IP addresses even when they were hidden behind the Tor anonymity service. It should be pointed out that this isn't the fault of Tor, which has long urged people to refrain from using BitTorrent over the virtual privacy tunnels. In light of the new research, project managers renewed that admonition on Thursday. "The BitTorrent protocol is vulnerable to tampering by malicious parties," Jacob Appelbaum, a full-time developer for Tor volunteer wrote in an email to El Reg. "This is not so different than when you're using Tor or on any other internet connection. If someone wants to tamper, there's nothing in the protocol to stop the tampering." A PDF of the paper is here. Researchers spy on BitTorrent users in real-time ? The Register

Help I think I've been hacked So you've carefully installed WordPress, you've made it look exactly how you like with a decent theme, you've maybe installed some fancy plugins and you've crafted some fine posts and Pages. In short, you've put a lot of time and effort into your site. Then, one day, you load up your site in your browser, and find that it's not there, or it redirects to a porn site, or your site is full of adverts for performance-enhancing drugs. What do you do? Some steps to take Stay Calm You have to stay calm to be able to deal with this situation. The first step before you respond to any security incident is to calm yourself down to make sure you do not commit any mistakes. We are serious about it. Scan your local machine. Sometimes the malware was introduced through a compromised desktop system. Make sure you run a full anti-virus/malware scan on your local machine. Some viruses are good at detecting AV software and hiding from them. So maybe try a different one. This advice generally only applies to Windows systems. Check with your hosting provider. The hack may have affected more than just your site, especially if you are using shared hosting. It is worth checking with your hosting provider in case they are taking steps or need to. Your hosting provider might also be able to confirm if a hack is an actual hack or a loss of service, for example. Change your passwords. Change passwords for the blog users, your FTP and MySQL users. Change your secret keys. If they stole your password and are logged in to your blog, even if you change your password they will remain logged in. How? because their cookies are still valid. To disable them, you have to create a new set of secret keys. Visit the WordPress key generator to obtain a new random set of keys, then overwrite the values in your wp-config.php file with the new ones. Take a backup of what you have left. If your files and database are still there, consider backing them up so that you can investigate them later at leisure, or restore to them if your cleaning attempt fails. Be sure to label them as the hacked site backup, though... Read Donncha O Caoimh's guide on what to do. Donncha wrote a good article on what to do if you suspect a hack, it is well worth reading through and acting on, as it goes into more depth than this page. Read How to clean your hacked install and Removing malware from a Wordpress blog which explain in details some steps you might need to take. Check your .htaccess file for hacks. Hackers can use your .htaccess to redirect to malicious sites from your URL. Consider deleting everything. A sure way to remove hacks that currently exist, is to delete all the files from your web space, and clear out your WordPress database. Of course, if you do this, you would need backups to restore to, so ... Consider restoring a backup If you restore known, clean, backup of your WordPress Database, and refresh your WordPress, plugin and theme files through FTP, that will ensure all those bits are clean of malicious code. At the very least ... Replace the core WordPress files with ones from a freshly downloaded zip. Replacing all your core files will ensure nothing is left behind in them in a hacked state. Remember to replace plugins and theme files, too. Upgrade! Once you are clean, you should upgrade your WordPress installation to the latest software. Older versions are more prone to hacks than newer versions. Change the passwords again! Remember, you need to change the passwords for your site after making sure your site is clean. So if you only changed them when you discovered the hack, change them again now. Do a post-mortem. Once your site is recovered, check your site logs to see if you can discover how the hack took place. Open source tools like OSSEC can analyze your logs and point you where/how the attack happened. http://codex.wordpress.org/FAQ_My_site_was_hacked

Ce tool-uri sunt indispensabile pentru protectia voastra personala pe internet ? Exemplu : Addon-uri mozilla firefox : Noscript, KeyScrambler Antivirus : Kaspersky Firewall : Kaspersky IM Encryption : simp lite y! Secure p2p IM : TrilogyEC Mail encryption : PGP VPN : - Quick http proxy : hidemyass SOCKS5 proxy : Tor FULL HDD encryption : TrueCrypt (hidden OS) USB/CD/DVD stick encryption : steganos Emergency full HDD wipe : DBAN Remove sensitive data from your hard drive : Eraser Pentru a stoca fisiere criptat (AES-256) 'pe net' puteti folosi wuala. (limita de stocare nelimitata, vedeti descrierea pe site). Atentie aveti nevoie de un procesor "bun" si memorie >1 GB pentru a merge bine sistemul. other : nologins, secure socks5 proxies, hushmail (secure e-mail), virtual machines (for cracks and keygens and other shit), freenet pentru mail extrem de secure, discutii private etc. Nu iau filme prin bittorrent sau alt protocol de sharing, in Ro fiind urmatoarea lege : daca esti prins ca distribui fisiere cu licenta copyright (upload) poti sa fi dat in judecata, daca descarci sau detii (CD/dvd/hdd etc) NU ai probleme cu legea. Asa ca folositi ftp sau site-uri one-click hosting (rapidshare/megaupload/etc) pentru a descarca sau vizionati online filme/etc.(orice alta metoda ce nu implica upload-ul e ok) Cateva sugestii : nu stocati parolele de la site-uri in opera sau chrome, ele fiind foarte usor de spart. In mozilla firefox le puteti stoca dar doar cu o parola (master-password) compusa din A-Z,a-z,0-9 (si simboluri de vreti) care sa aiba lungime >=9. LE1: Cateva setari de securitate la gmail : recovery e-mail, https, parola schimbata cat mai des, nu folositi parola la alte conturi. Final note. Always have a backup somewhere secure.

si ala de la alt prieten si tot asa...trashed&closed, m-am saturat sa vad rahaturi de jocuri de genul, gasiti alt forum 2 spam.

ban 2 ani. motiv : n-am chef sa citesc idioteniile tale.

back from heaven so soon ?

spam cu outlook ? )))))))))))))))))))))))

@yceman_yceman ignora-l, e un analfabet. Ce om in toata firea ar compune un mesaj de genul ? @tinkode hell yeah ! bagati pe toate blogurile voastre !

Propun sa se introduca https (SSL) macar pentru acele sub-forumuri. Fie si cu certificate semnate de server.

Kate's party HAPPY BIRTHDAY KATE!!! We <3 U. SEE YOU TOMORROW ON NORTH ST. IN ADELAIDE AT 8:00PM!!! Kate's Party - Encyclopedia Dramatica

WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders. WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system. WarVOX requires no telephony hardware and is massively scalable by leveraging Internet-based VoIP providers. A single instance of WarVOX on a residential broadband connection, with a typical VoIP account, can scan over 1,000 numbers per hour. The speed of WarVOX is limited only by downstream bandwidth and the limitations of the VoIP service. Using two providers with over 40 concurrent lines we have been able to scan entire 10,000 number prefixes within 3 hours. The resulting call audio can be used to extract a list of modems that can be fed into a standard modem-based wardialing application for fingerprinting and banner collection. One of the great things about the WarVOX model is that once the data has been gathered, it is archived and available for re-analysis as new signatures, plugins, and tools are developed. The current release of WarVOX (1.0.0) is able to automatically detect modems, faxes, silence, voice mail boxes, dial tones, and voices. http://www.warvox.org/index.html

The Internet is full of wide open CITRIX gateways. This is madness! The other day I was performing some CITRIX poking, so I had a lot of fun with breaking GUIs, which, as most of you probably know, are trivial to break into. I did play around with .ICA files as well, just to make sure that the client is not affected by some obvious client-side vulnerabilities. This exercise led me to reevaluate many things about ICA (Independent Computing Architecture). For example, when querying Google and Yahoo for public .ICA files, I was presented with tones of wide open services, some of which were located on .gov and .mil domains. This is madness! No, this is the Web. Through, I wasn’t expecting what I have found. Hacking like in the movies? You bet! Google: ext:ica, Yahoo: originurlextension:ica I did not poke any of the services I found, although it is obvious what is insecure and what is not when it comes to citrix. It is enough to look into the ICA file. I am not planning to go into details here but let’s say for now that ICA gives you hints about the server, the underlaying transport mechanism and of course the remote application that will be opened. With a few lines in bash combined with my Google python script, I was able to dump all the ICA files that Google knows about and do some interesting grepping on them. What I discovered was unbelievable. Shall we start with the Global Logistics systems or the US Government Federal Funding Citrix portals – all of them wide open and susceptible to attacks. Again, no poking on my side, just simple observation exercises on the information provided by Google. Breaking into Citrix When performing a Citrix tests, my goal is very simple: "try to open a command shell". Sometimes, cmd.exe and command.com are blocked, but I can still execute commands by saving them in .bat or .cmd files. If you care to read the command output, just pause the window with pause. It is simple. Let’s not forget about Windows Scripting Host (WSH) which is usually not blocked at all. But to get to the command line, you have to escape the GUI first and when it comes to Windows GUIs, escaping them is like a walk in the park. As soon as you open explorer with File Open/Save/Save as/Print or Help features, you can execute commands. Just for demonstration purposes, I composed a video that shows how it is done: http://www.youtube.com/watch?v=1-cXrZIVlTU&feature=player_embedded Here is more. The following example shows an ICA file which just opens cmd.exe right in front of your eyes: [WFClient] Version=2 TcpBrowserAddress=some address [ApplicationServers] PlanVue 03 Tri-City= [PlanVue 03 Tri-City] Address=some address InitialProgram=cmd.exe ClientAudio=On Username=some user Domain=some domain Password= AudioBandwidthLimit=2 Compress=On TWIMode=On ScreenPercent=80 DesiredColor=8 TransportDriver=TCP/IP WinStationDriver=ICA 3.0 EncryptionLevelSession=EncRC5-128 [EncRC5-128] DriverNameWin32=PDC128N.DLL DriverNameWin16=PDC128W.DLL [Compress] DriverName=PDCOMP.DLL DriverNameWin16=PDCOMPW.DLL DriverNameWin32=PDCOMPN.DLL It is unbelievable but it works. Among the ICAs I found, there were a few which do require authentication. For dedicated attackers, this is definitely not the end of the world. Now you probably think that it is time to take out all the bruteforcers and dictionary files and start some heavy drilling. "Hold on! Let’s try the backdoors first." After you connect to Citrix you will land most likely on the Desktop which is protected by the Windows/Netware logon. However, keep in mind that there might be some applications underneath that does not require authentication, just like those we discussed earlier. So how do we find them? Ian Viteks coded a perl script to do exactly that: http://www.gnucitizen.org/static/blog/2007/10/enum.pl I was intrigued by Ian’s script, so I decided to write my own. However, I wasn’t very keen on re-reversing citrix so I through I would go the easy way – reusable components. A few minutes on the Citrix’ website were enough to get me started. I ended up with the following script. Keep in mind that you need to have a copy of the Citrix client in order to get it going: var client = WScript.CreateObject('Citrix.ICAClient'); if (WScript.Arguments.length < 2) { WScript.Echo('usage: ' + WScript.ScriptName + ' <type> key=value key=value key=value ...'); WScript.Echo(' ' + WScript.ScriptName + ' apps TCPBrowserAddress=172.16.3.191'); WScript.Echo(' ' + WScript.ScriptName + ' servers HTTPBrowserAddress=172.16.3.191'); WScript.Echo(''); WScript.Echo('types:'); WScript.Echo('\tapps'); WScript.Echo('\tfarms'); WScript.Echo('\tservers'); WScript.Echo(''); WScript.Echo('CITRIX Application Enumeration Utility'); WScript.Echo('by Petko D. Petkov (pdp) GNUCITIZEN (http://www.gnucitizen.org)'); WScript.Quit(1); } else { for (var i = 1; i < WScript.Arguments.length; i++) { var arg = WScript.Arguments(i); var tkn = arg.split('='); try { var name = tkn[0].replace(/^\s+|\s+$/g, ''); var value = tkn[1].replace(/^\s+|\s+$/g, ''); client.SetProp(name, value); } catch (e) { WScript.Echo("option '" + arg + "' not recognized"); WScript.Quit(1); } } } try { var type = WScript.Arguments(0); switch(type) { case 'apps': var handler = client.EnumerateApplications(); break; case 'farms': var handler = client.EnumerateFarms(); break; case 'servers': var handler = client.EnumerateServers(); break; } var count = client.GetEnumNameCount(handler); for (var i = 0; i < count; i++) { WScript.Echo(client.GetEnumNameByIndex(handler, i)); } client.CloseEnumHandle(handler); } catch (e) { WScript.Echo(e); } I don’t know which script is better. Ian’s implementation seams to be cross-platformed and quite transparent for the user but it works only for UDP, while my approach works only on Windows and it requires a bit of understanding the architecture but it supports all possible ways Citrix can establish connections, and it can enumerate the Citrix servers and farms as well. Here is a demonstration of how you can use it: Conclusion Ok, it is lame but with pretty much the same success, attackers can hack into quite sensitive services. It is unbelievable to me to find out that pretty much anyone can tap into huge organization with a few dirty Citrix tricks. And here are some stats: Just by looking into Google, I was able to find 114 wide open CITRIX instances: 10 .gov, 4 .mil, 20 .edu, 27 .com, etc… The research was conducted offline, therefore there might be some false positives. Among the services discovered, there were several critical applications which looked so interesting that I didn’t even dare look at them. With a similar success, attackers can perform just simple port scans for service port 1494. The steps described above apply. http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/

lol... man, am facut windows live cd (da un search pe forum) sunt zeci de livecd-uri ce le poti folosi sa dezinfectezi offline un computer, nu era nevoie de formatare.. un ni?el regmon...si rezolvi.

omule, nu-s alea singurele nume ce le foloseste. are o lista, din care extrage aleatoriu, erau si net1.exe si net1.exe, sincer nici n-am avut timp sa-l analizez trebuie vmware box instalat...

deja am curatat 17 computere, ma dor degetele ce plm au http://www.faravirusi.com/cgi-sys/suspendedpage.cgi ? ) care i-a raportat ca malware distributors ? ))))))))) http://easycaptures.com/fs/uploaded/320/1995035700.jpg

sandboxie ftw ^^

Facebook applications are fairly complex creatures. They interact with your account information and user page to do pretty much anything. They can modify the DOM, query information about the user's account, and do other things. Most interestingly, however, [colo=green]Facebook allows you to do this by executing your code on *.facebook.com. What this means is your code has privileges to do whatever any of Facebook's code can do -- if you can make it happen. Interactivity occurs through FBJS, a JavaScript-alike language created by Facebook, which is sanitized to prevent your app from doing anything "bad". Is the sanitization sufficient to prevent exploits? If you're familiar with JavaScript, it's actually better than you might initially expect. However, it has had holes in the past, and it presumably still has holes. This class will examine the FBJS security model, holes it's had in the past and how they could have been exploited, and current and in-development JavaScript sandboxing mechanisms. slides: http://stuff.mit.edu/iap/facebook/slides/ http://stuff.mit.edu/iap/facebook/slides2/ site : http://stuff.mit.edu/iap/facebook/

chill !

KFSensor is a Windows based honeypot Intrusion Detection System (IDS). It acts as a honeypot to attract and detect hackers and worms by simulating vulnerable system services and trojans. By acting as a decoy server it can divert attacks from critical systems and provide a higher level of information than can be achieved by using firewalls and NIDS alone. KFSensor is designed for use in a Windows based corporate environment and contains many innovative and unique features such as remote management, a Snort compatible signature engine and emulations of Windows networking protocols. With its GUI based management console, extensive documentation and low maintenance, KFSensor provides a cost effective way of improving an organization's network security. Screenshots http://www.keyfocus.net/kfsensor/screenshots/ Download http://www.keyfocus.net/kfsensor/