begood

CEH is now formally integrated into the certification requirements for U.S. DoD IA Workforce FOR IMMEDIATE RELEASE PR Log (Press Release) – Mar 01, 2010 – The U.S. Department of Defense (DoD) announces the official approval of the EC-Council Certified Ethical Hacker (CEH) certification program as a new baseline skills requirement for U.S.cyber defenders. Specifically, the new Certified Ethical Hacker program is required for the DoD's computer network defenders (CND's), a specialized personnel classification within the DoD's information assurance workforce. The Certified Ethical Hacker requirement falls under the auspices of DoD Directive 8570 Information Assurance Workforce Improvement Program. The current version (incorporating Change 2) was signed by Assistant Secretary of Defense, John G. Grimes and was officially instated on February 25, 2010. Directive 8570 provides clear guidance to information assurance training, certification and workforce management across all components of the DoD. The CND groups protect, monitor, analyze, detect, and respond to unauthorized activity within DoD information systems and computer networks. With this directive, military service, contractors, and foreign employees across all job descriptions must show 100-percent compliance with the new Certified Ethical Hacker training requirement by 2011. This shows the DoD's focus on better training and preparation of the U.S. military workforce in this area. The Certified Ethical Hacker qualification tests the certification holder's knowledge in the mindset, tools and techniques of a hacker, fortifying it's certification tag line: "To beat a hacker, you must think like one." "CEH has been selected due to the immense technical and tactical nature of the certification," said Jay Bavisi, co-founder and president of EC-Council. "It is one of the most technically advanced certifications on the directive for CND professionals. In fact, it is the only certification approved across four out of the five categories to prepare the CND teams. While other policy-based programs add value, CEH prepares the U.S. CNDs to combat hackers in real time, defending U.S. interests globally." Bavisi added: "We have been researching this space for quite some time and with this mandate from the DoD, there has never been a better time for us to beat the hackers at their own game. We are racing to research complex hacker techniques and in the next release of our CEH program, we hope to showcase in over 150 modules, detailed and extremely complex attack and countermeasures that will help raise the level of knowledge of the CND teams." KEY FACTS: · CEH is now formally integrated into the certification requirements for U.S. DoD IA Workforce · CEH is now required for CND Analyst, CND Infrastructure Support, CND Incident Responder, and CND Auditor as defined by Directive 8570 · Newly revised DoD 8570 is available at http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf · More information about EC-Council and Directive 8570 can be found at https://www.eccouncil.org/about_us/dod_8570.aspx # # # The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker course, Computer Hacking Forensics Investigator program, License Penetration Tester program and various other programs offered in over 60 countries around the globe. These certifications are recognized worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, and the US Government National Security Agency (NSA) and the Committee on National Security Systems (CNSS). For more information about EC-Council, please visit the website: Certified Ethical Hacker, EC Council, CEH, Information Security, Computer Security, Network Security, Internet Security, Security Courses, Hacking http://www.prlog.org/10553483-united-states-department-of-defense-embraces-hacker-certification-to-protect-us-interests.html

xss in /inregistrare.html csrf in /recuperare_parola.html ai pm nytro.

Automated Web Application Security Testing tools are in the core of modern penetrating testing practices. You cannot rely 100% on the results they produce, without considering seriously their limitations. However, because these tools are so good at picking the low-hanging fruit by employing force and repetition, they still have a place in our arsenal of penetrating testing equipment. These tools are not unfamiliar to modern day penetration testers. In fact, there are plenty of them to choose from, ranging from low-grade command line utilities to high-end frameworks. There are plenty of commercial tools as well some of which are a lot better, in terms of features and false-positives rate, when compared to open source alternatives. People often choose what they are more familiar with. I prefer to use tools that are right for the job without discriminating a particular operating system, platform, and style. Without further ado, I would like to introduce you yet another tool to compete in the market of automated web application security scanners (not only), released as part of our own Websecurify initiative. The tools is called Websecurify (big surprise) and it is written on the top of common web technologies, which provide significant benefit over other technologies used in open source and commercial alternative products. Here are some of the key features of Websecurify: 1. It is 100% open source, GPL, CC product, ready to benefit the open source movement 2. The engine employs technologies, such as Web Workers, from the latest HTML5 specs 3. Most of the code is written in JavaScript but many parts can be rewritten or extended with Python, Java and C 4. The core engine can be taken out from the binary bundles and used as part of self-defending web applications. I will talk about this soon. 5. The testing and reporting mechanisms are asynchronous. This means that the report is cooking while the test is performed. It also means that decisions are taken immediately, i.e. they are not scheduled. 6. The tool is cross-platformed thanks to xulrunner 7. Everything is written with extensibility in mind 8. It can be extended in pretty much the same way you can extend Firefox and Thunderbird There are many other features, which I am going to talk about soon. At the moment the tool is only available as a MacOS DMG package and source code. The Windows and Linux versions will be released soon. In the future we are planning release all platform specific packages at the same time. Now is just an exception as we are mostly interested to get an early feedback. I am sure that that there will be a lot of bugs to fix and features to add/improve before we reach version 1.0. Version 0.2 can be downloaded from Webecurify | Web and Web2.0 Security or our source code repository. http://www.gnucitizen.org/blog/free-web-application-security-testing-tool/

Just when you thought "hacking" web apps could not get any easier ... First, there was RSnake's "XSS Cheat Sheet" which set the bar at giving you endless possibilities of XSS attack right there so you didn't have to think about it, and now a new tool has been released that makes the whole process even more brainless. This tool even saves you the time and clicks of copy/paste! I'm talking about "NoMore AND 1=1". This tool comes in 2 flavors, stand-alone and attached to the OWASP WebScarab web proxy tool... and it sets the bar even lower for those wishing to poke and prod at web sites without actually being good at hacking. The stand-alone version can be found here, while the WebScarab attached version is here. I highly recommend you install the Java JRE 1.6+ ... OK, so what's so cool about NoMore AND 1=1? Aside from the fact that it's a cheat-sheet which auto-copies to your clipboard, it has a cornucopia of attack vectors for everything from databases [ MS SQL, Oracle, MySQL, DB2, to Sybase, to Postgre-SQL] to LDAP, to XSS, to X-Path, CSRF, and on and on and on... all you have to do is select an attack vector, click it and it's copied to your clipboard. Then just paste it into an input field and voila! You're a hacker! (not really...) Adding to the cool factor is the way that Dani does updates to this tool. Rather than including the signatures inside the code somewhere, they're maintained in a separate .csv file which can be regularly (or when genius strikes) downloaded and updated. The WebScarab version is even more awesome. Once you've got the intercept proxy working OK, you just wait for a request, and then highlight the parameter you want to tamper with, right-click, select "NO MORE AND 1=1" and pick an attack vector and BANG! You're haX0ring... (again, sort of). Now, being the ever-curious person I am, I tested this out (just to see how simple it was!) against a site that I spend a lot of time on, Digitally Imported. I really love my Trance music so I'm on that site a lot, and needed to make sure for myself, since I already had a tool fired up and handy that they were taking my web security at least semi-seriously. I was, pleasantly surprised when the response to a rather complicated XSS attack was this: "incorrect fields, stop messing around. you've been logged (IP_ADDR)" Nice job, DI.FM coders Anyway, NoMore AND 1=1 is a really neat little toy you can add to your arsenal of simple web application hacking tools, and I highly recommend it if you're ever in need of a "quick and simple way" to test the basic web app security of where-ever your browser takes you. Good hacking! http://preachsecurity.blogspot.com/2010/02/web-hacking-gets-even-easier.html Download

yup . am observat ca in ultimul timp din ce in ce mai multe companii se folosesc de metoda asta pentru a insela clientela.

hai mars . tu chiar ne iei de tampiti ?

pai....ce stii ?

daca exista o astfel de metoda, cine ar fi atat DE TAMPIT incat s-o faca publica,ba chiar sa-i faca si publicitate ?

1. Keep your Wordpress install and plugins up to date. Probably the most important task you can perform is to upgrade your Wordpress installation to the latest version. Wordpress will inform you when a new version is available and these days you can perform one click automatic upgrades. The same goes for plugins too. 2. Use a different admin username. Wordpress has an “admin” account by default, so what you will need to do is create a new user with administrative privileges, log in as that user and then delete the old “admin” account. You can transfer all posts to the new account. 3. Create a “posting user” that has no adminstrative privileges. In addition to protecting your blog from unscrupulous hackers, you’ll be protecting it from you! 4. Use captcha where you can. This means for comments and logins. 5. Change your Wordpress table prefix. When installing for the first time, you can specify your prefix as part of the install. If you are changing an existing installation, change Wordpress table prefix will help you. There is a plugin here that will perform the change. 6. Limit access to the wp-admin directory. There are two ways that you can do this: you can limit access to the wp-admin directory by IP (this is no good if you have a dynamic IP or access your installation fro different locations like home and work) and you can password protect the wp-admin directory. Both methods require some jiggery pokery of the .htaccess file. 1. Protect wp-admin directory by IP address: 1. Create a file called “.htaccess” in your wp-admin directory, if there isn’t one already there. 2. Append the following contents where XXX.XXX.XXX.XXX = your outside IP address. Add multiple “Allow from” lines for multiple IPs:Order Deny,AllowDeny from allAllow from XXX.XXX.XXX.XXX 2. Password protect the wp-admin directory: 1. Create a file in your wp-admin directory called “.htaccess” if there isn’t already one. 2. Create a file above your public_html directory named “.htpasswd”. Make sure you put this outside the web accessible directory or someone could read easily your password! Usually this is where you go when you first login to your FTP. 3. Append the following contents to the “.htpasswd” file where xxxx = your username and yyyy = your password: xxxx:yyyy 4. Append the following to your “.htaccess” file inside your wp-admin directory. Make sure you use the absolute path to the “.htaccess” file. If you don’t know, ask your ISP. xxxx = the username that you entered in your “.htpasswd” directory:AuthUserFile /home/username/.htpasswdAuthGroupFile /dev/nullAuthName EnterPassword AuthType Basic require user xxxx 7. Restrict access to your wp-config.php. There have been cases on web servers where the PHP install gets broken and all PHP files become readable. This is a Bad Thing because your wp-config.php file contains your database username and password. 1. Create a file within your Wordpress root install directory called “.htaccess” if there isn’t already one. 2. Append the following to your “.htaccess” file inside of your wp-admin directory:Order Deny,AllowDeny from All 8. Restrict access to the wp-content and wp-includes directories: 1. Create a file within your wp-content and wp-includes directory named “.htaccess” if there isn’t already one. 2. Append the following to the “.htaccess” file. NOTE: you may have trouble with some plugins with this method:Order Allow,DenyDeny from allAllow from all 9. Use the wordpress online security scanner. This plugin in conjunction with a CGI script available at Blog Security will perform version checks, XSS checks on your Wordpress template and will inspect your plugins for vulnerabilities. 10. Implement Mod Security:Append the following to the “.htaccess” file within the root of your Wordpress install. These are general rules to prevent some malicious attacks on your site as a whole and are not specific to Wordpress (you might have to do some reformatting because of word-wrap). See BlogSecurity Wordpress Modsecurity White Paper (PDF) http://www.hackosis.com/10-ways-to-secure-your-wordpress-install/

This method has not been tested with Vista, though it is known to work with 2000/XP/2003 Server. The following steps will allow you to turn almost any .exe file into a service. Please note that some .exe files will need command line parameters passed to run with functionality. Log in with administrative privileges and then check that both INSTSRV.EXE and SRVANY.EXE are stored in a directory within the search path. Take care where you put SRVANY.EXE because it must stay there for the service to run. 1. Open up an MS-DOS command prompt and navigate to where you saved the files. 2. Type the following command: INSTSRV [service name] SRVANY.EXE where [service name] is the name of the service you are setting up. The service name can be anything you like, but you should make the name descriptive. 3. Remove service example: INSTSRV [service name] REMOVE where [service name] is the service name. 4. Open up the Registry Editor (Click on the Start Button > Run, and type REGEDIT). Locate the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[service name] * From the Edit menu, click New > select Key, and name the new key Parameters * Highlight the Parameters key * From the Edit menu, select New > String Value, and name the new value Application * From the Edit menu, select Modify, and type in the full path name and application name, including the drive letter and file extension * Example: C:\Program Files\Network Monitor\netmon.exe 5. Close the Registry Editor. 6. You can now start the service from services.msc. http://www.hackosis.com/turn-any-exe-file-into-a-service/

The LCD screen is quite fragile compared to its more robust (and ancient) couterpart: the CRT (cathode ray tube). You’d be surprised at how little effort it takes to scratch an LCD screen (yes, this is what I do on those cold lonely nights). Fortunately, there is some treatment you can administer to your poor wounded monitor. Described below are two methods that I’ve found effective: a temporary fix that will need readdressing at a later point in time, and a more permanent solution that requires more work. The Lazy Person’s Guide To Fixing An LCD Screen Scratch 1. Dilute some isopropyl alcohol with water (about 50/50). Use a cloth to clean the LCD screen with this solution. If you wear glasses, you’ll know that cleaning with toilet paper or paper towels is a definite no-no. These abrasive surfaces will scratch your glasses, so you can imagine the effect they would have on your delicate LCD screen. 2. Fill cracks with vaseline. 3. Gently wipe off the surplus vaseline around the crack. The James Bond Approach To Fixing An LCD Screen Scratch 1. Dilute some isopropyl alcohol with water (about 50/50). Use a cloth to clean the LCD screen with this solution. If you wear glasses, you’ll know that cleaning with toilet paper or paper towels is a definite no-no. These abrasive surfaces will scratch your glasses, so you can imagine the effect they would have on your delicate LCD screen. 2. Apply some auto rubbing compound to the scratch. 3. Polish the affected area with soft felt until flat. Doing this actually removes the anti-glare coating in the affected area. 4. Clean the area. 5. Take a piece of paper and cut a 5,, hole in the centre. 6. Using the paper as a stencil, spray clear lacquer through the hole and onto the affected area. 7. If the scratch is long, move the paper to cover its entire length. 8. Allow to dry, following the lacquer’s instructions. 9. Enjoy your vodka martini (responsibly). Both these methods have worked for me in the past, but friends of mine have also recommended using Mr Clean Magic Eraser. Fixing An LCD Screen Scratch

te-ai obosit macar sa citesti prima lor pagina ? doneaza ! This is the free online version of the course. If you enjoy it and find it useful, we ask that you make a donation to the HFC (Hackers For Charity), $4.00 will feed a child for a month, so any contribution is welcome. We hope you enjoy this course as much as we enjoyed making it.

in clipa asta am verificat, merge.

Io vreu asa : 2 pizde pe care sa le fut din ceas in ora, o prietena (foarte buna) pe care s-o fut dupa o cina romantica (am deja), la care chiar sa-i placa sexu fara inhibitii si obligatii si o sotie care sa accepte toate astea, ba chiar sa participe activ. @neme doar blowjob ?

asta nu o murit inca ? )) e legenda vie Hotfile.com: One click file hosting Am uitat sa precizez ca eXcEsuck a avut parte de niste zile fripte pe rst si isr, iar din aceasta cauza a trecut printr-o metamorfoza care l-a ajutat sa evolueze din vierme in ceva mult mai frumos. AndreiCJ sa nu-i pierd cuvintele "Hahaha"

nasol ma, s-a inventat si cuvantul curva pentru barbati iesi ma de sub fusta ei si incearca sa vezi dincolo de raza de actiune a capusorului.

Wch

AAA,AAB,AAC,...,AAZ,........ZZZ. ce sugestii misto ? RST

http://rstcenter.com/forum/20130-securitychallenge.rst ROTARACT - Security Challenge - Because hacking is not a crime

Poets of the Fall – Carnival - Anonymous - 6vTP1BtP - Pastebin.com My "loved" tracks. evident nu sunt chiar loved, ci sunt melodii ce le ascult cu "mai multa placere" decat altele. Care imi sorteaza lista ? raman dator.

http://i45.tinypic.com/2qv5rvp.jpg ce-i cu asta ?

A so-called Chuck Norris botnet is hijacking poorly-configured routers and DSL modems. According to ComputerWorld, the botnet spreads by malware that installs itself on routers and modems by guessing the default administrative password and seizing control due to many devices being configured to allow remote access. Masaryk University's Institute of Computer Science in Brno, Czech Republic named the malware and its botnet after the American tough-guy actor and internet meme because of a comment in its source code that reads: "in nome di Chuck Norris." For those who don't parlate Italiano, that means "in the name of Chuck Norris." Norris is best known for his martial arts prowess and round-house-kicking acumen in films like "The Way of the Dragon." He is also cited as the reason that Wally is hiding and noted for playing Russian Roulette with a full-loaded pistol and winning. The Chuck Norris malware takes control of MIPS-based devices running the Linux operating system by launching a password-guessing dictionary and can change the DNS settings in a router. Once a router has fallen victim to Norris, the device will redirect a user to a malicious webpage that attempts to install a virus. Once installed, the malware blocks remote communication ports and scans the network for other vulnerable systems. The malware also exploits a known vulnerability in D-Link devices, ComputerWorld reports. D-Link Systems did not return our requests for comment Jan Vykopal, head of the network security department with Masaryk Univerity's Institute of Computer Science, told ComputerWorld that although he doesn't know how widespread the Norris infection is, he claims to have evidence of hacked machines "spread around the world: from South America through Europe to Asia." Because it installs on a router's RAM, Chuck Norris can be removed by restarting the device. Or perhaps that's just what he wants you to think. Chuck Norris botnet doesn't infect routers... ? The Register

hai ma ca ai creier nu gluma !

Metasploit combo attack on Vimeo