Ganav

Sunt de acord in linii mari cu ceea ce a scris @Nemessis dar trebuie luat in calcul faptul ca domeniul s-a dezvoltat foarte mult in ultimii zece ani. Ceea ce un pusti putea realiza in anii 2003, 2004 (un exploit pentru o aplicatie care rula pe un Windows XP SP 1) nu mai este posibil in prezent. Sunt echipe de cercetatori care lucreaza la metode euristice de fuzzing platiti generos de organizatii guvernamentale. Fireste ca un pusti care este liber in fiecare zi de la ora patru si incepe scoala a doua zi la opt nu are nici cea mai slaba sansa de a concura cu respectiva echipa care este formata din zeci de membrii care lucreaza full time, cu un buget nelimitat daca il raportam la cel al pustiului. Ca si o analogie in imagini putem compara urmatoarele avioane; acesta cu acesta: primul reprezentand realizarile proprii ale pustiului iar cel de-al doilea realizarile echipei respective.

Cumpara un ROG in loc. Eu am un asus g75 vw din 2012 si nu am avut probleme pana acum.

Depinde de mai multi factori in principal de momentul in care a avut loc schimbul cheii secrete asimetrice folosite pentru verificarea autenticitatii cheii publice ale server-ului la care vrem sa ne conectam, al unei autoritati de certificare(certificate authority(CA)). Daca a avut loc printr-un canal furnizat de un ISP care este presupus a fi sigur orice atac din partea furnizorilor de VPN devine detectabil; un atac care ar putea consta in modificarea tuplului <date_despre_server-ul_la_care_vrem_sa_ne_conectam, cheia_sa_publica, certificat> unde date_despre_server-ul_la_care_vrem_sa_ne_conectam ar putea consta din adresa IP, localizare geografica, adresa de abuzuri, cel putin un identificator unic, etc. cheia publica este, de regula, un numar prim mare de 128 de biti, uniform distribuiti (in cazul algoritmului RSA) iar certificatul este creat de autoritatea de certificare astfel, certificat = h(date_despre_server-ul_la_care_vrem_sa_ne_conectam || cheia_public_a_server-ului_la_care_vrem_sa_ne_conectam) ^ cheia_privata_a_autoritatii_de_certificare unde h este o functie unidirectionala (one-way) sigura din punct de vedere crptografic(un hash, de exemplu SHA256) iar operatorul || este unul de concatenare. Deci cum furnizorii serviciului de VPN nu au acces la tuplul de mai sus nu vor putea crea un certificat valid(daca schimbam fie si un bit in acel sir de valori concatenate, cel putin jumatate din bitii valorii rezultate vor diferi fata de cea originala), clientul va fi instiintat de atac(majoritatea browser-elor moderne pot detecta aceasta discrepanta). Desigur, ca exista si optiunea de a omite validitatea certificatului si de a continua ceea ce majoritatea utilizatorilor vor face. In acest un atac MITM devine posibil(furnizorii de VPN pot face un canal intermediar intre site-ul la care vrem sa ajungem securizat cu cheia lor publica ... ).

Snowden e un actor. Nimeni care se ocupa profesional de domeniul securitatii sistemelor de calcul nu il ia in serios. P.S. Sunt curios daca metoda de mai sus ar fi aplicabila acestor telefoane.

Nou? nicio sansa. La mana a doua poti face ceva asemanator: http://www.okazii.ro/cautare/carcasa+pc.html?autoc=write http://www.okazii.ro/componente-computere/placa-de-baza/placa-de-baza-intel-dq35joe-suporta-quad-c2d-4xddr2-8gb-max-video-3100--a173075566 http://www.okazii.ro/componente-computere/memorie-ram/2gb-ddr3-1066-pc3-8500-1066mhz-memorie-pc-desktop-ddr3-testata-cu-memtest86--a173887769 "]http://www.okazii.ro/componente-computere/hard-disk/hdd-160gb-sata-3-5-pentru-pc-testate-garantie-6-luni-bonus-cablu-date-sata-a172757320?icid=CS19.P.VZ.04.15&ibid=listing[172757320] http://www.okazii.ro/componente-computere/surse/sursa-tech-solo-650w-stp-650-20-4mb-6xsata-3xmolex-6-2-pci-ex-140mm-vent-a167402321 http://www.okazii.ro/componente-computere/carcasa/carcasa-pc-schneider-micro-atx-a173630330 http://www.okazii.ro/componente-computere/procesor/intel-core-i3-540-3-06ghz-socket-1156-4mb-cache-quad-core-model-slbtd-a175354743 "]http://www.okazii.ro/componente-computere/placa-video/placa-video-evga-nvidia-geforce-gtx-560-ti-2gb-256-bit-gddr5-pci-express-2-0-x16-a176170156?icid=CS27-2.P.VZ.09.2015&ibid=listing[176170156]

Ce afiseaza nslookup www.yahoo.com ? Daca da inseamna ca ai gresit numele domeniului.

Debian works out of the box as well. Archlinux categoric nu este pentru incepatori.

Slackware nu este prea recomandat utilizatorilor windows.

Debian. Renuntati la ubuntu. E o porcarie. Daca voi avea timp voi scrie un articol si de ce este.

Super lectura .

Uite unul si mai interesant(Uniunea Europeana in viitorul apropiat ~2020 -- 2022): Viitorul

Poza nu face parte din grupul Resources:

25 MB e foarte mult. Incearca sa-l compilezi ca si cod nativ nu msil: compilation - How to compile a .NET application to native code? - Stack Overflow Eu as folosi windows services sau un .dll injector en explorer.exe: https://msdn.microsoft.com/en-us/library/zt39148a%28v=vs.110%29.aspx O metoda care sa nu fie vizibila in registrii sau in task manager. Varianta ideala ar fi sa creezi un driver(care ruleaza la nivel de ring 0) insa nu am nivelul de cunostiinte necesar in momentul de fata. Nu am reusit sa gasesc vreo resursa temeinica care sa abordeze aceasta tema, cel putin pe versiunile recente de windows.

Ai putea folosi un hook pe API-ul AcceptEx din winsock in contextul procesului rdp.exe. Ar cam dauna la portabilitate...

De ce iti trebuiesc Sticky Keys? Pentru a lansa panoul pentru PIN, admin2.exe face logging la taste si la o anumita secventa il afiseaza? Sau ai facut un hook pe procesul rdp.exe? In ce este scris?

Thread-ul in sine, nu, dar link-urile din post-ul initial da (foloseste edit).

Post-eaza link-uri catre acestea.

Depinde ce intelegi prin personal. Ofera mai multe detalii te rog.

Sunt curios spre ce ne profilam fiecare daca nu aveam acces la calculator/internet? In cazul meu probabil ca ma axam pe matematica, fizica. Adica calculatorul in sine nu modifica protentialul unui om ci il poate cel mult, modela.

A few days ago, [ben Caudill] of Rhino Security was scheduled to give a talk at DEFCON. His project, ProxyHam, is designed for those seeking complete anonymity online. Because IP addresses can be tied to physical locations, any online activities can be tracked by oppressive regimes and three letter government agencies. Sometimes, this means doors are breached, and “seditious” journalists and activists are taken into custody. With the ProxyHam, the link between IP addresses and physical locations is severed. ProxyHam uses a 900MHz radio link to bridge a WiFi network over miles. By hiding a ProxyHam base station in a space with public WiFi, anyone can have complete anonymity online; if the government comes to take you down, they’ll first have to stop at the local library, Starbucks, or wherever else has free WiFi. [ben Caudill] will not be giving a talk at DEFCON.. It wasn’t the choice of DEFCON organizers to cancel the talk, and it wasn’t his employers – [ben] founded and is principal consultant at Rhino Security. The talk has been killed, and no one knows why. Speculation ranges from National Security Letters to government gag orders to a far more pedestrian explanations like, “it doesn’t work as well as intended.” Nevertheless, the details of why the ProxyHam talk was cancelled will never be known. That doesn’t mean this knowledge is lost – you can build a ProxyHam with equipment purchased from Amazon, Newegg, or any one of a number of online retailers. How To Build A ProxyHam In the Wired article trumpeting the ProxyHam to the world. [ben Caudill] is shown with a laptop wired to a small box with a rather large yagi antenna. This antenna is pointed well above the horizon, indicating the device is not being used, but that’s completely besides the point. The ProxyHam box contains something with an RJ45 connector on one end, and two RF connectors on the other. A quick perusal of Newegg lands on this, , a radio base station designed to bridge networks via 900MHz radio. You’ll need to buy two of those to replicate the ProxyHam. The Wired article describes the ProxyHam further: “…a Raspberry Pi computer connected to a Wi-Fi card and a small 900 megaherz antenna…” Newegg also stocks Raspberry Pis, antennas, WiFi adapters 900MHz router seen in the original promo image. You might want to pick up a few SD cards too. To set up the ‘throwaway’ part of the ProxyHam, you’ll need to first connect to the desired WiFi network, then bridge the WiFi and wired connections. Bridging networks with the Raspberry Pi is left as an exercise for the reader with sufficient Google-fu. Of course the 900MHz base station must also be configured, but according to the user guides on the Ubiquiti product page it’s not much harder than configuring a WiFi router. Set the radio to ‘bridge’ mode. From there, it’s a simple matter of connecting a large yagi antenna to the ‘mobile’ part of the ProxyHam. Here’s how you build one. Configure the base station, and plug an Ethernet cable into a laptop. Congratulations, you’ve just replicated a talk at DEFCON by buying stuff from Newegg. That’s how you build a ProxyHam. That’s also how to violate the FCC Part 97 prohibition against encryption – you can not use SSH or HTTPS over amateur radio. It’s also how you can be charged with the Computer Fraud & Abuse Act; connecting to a library’s WiFi from miles away is most certainly, “exceeding authorized access.” Do not attempt this build. It’s illegal, it’s dumb, and the 900MHz band is flooded anyway. Also, if your plan for anonymity online revolves around stealing WiFi from Starbucks, why not just steal Starbucks WiFi from the McDonald’s across the street? Let’s Speculate Why The ProxyHam Talk Was Cancelled It’s July. In a few weeks, the BlackHat security conference will commence in Las Vegas. A week after that, DEFCON will begin. This is the prime time for ‘security experts’ to sell themselves, tip off some tech reporters, exploit the Arab Spring, and make a name for themselves. It happens every single year. The idea the ProxyHam was cancelled because of a National Security Letter is beyond absurd. This build uses off the shelf components in the manner they were designed. It is a violation of the Computer Fraud & Abuse Act, and using encryption over radio violates FCC regulations. That’s illegal, it will get you a few federal charges, but so will blowing up a mailbox with some firecrackers. If you believe the FBI and other malevolent government forces are incompetent enough to take action against [ben Caudill] and the ProxyHam, you need not worry about government surveillance. What you’re seeing is just the annual network security circus and it’s nothing but a show. The ProxyHam is this year’s BlackHat and DEFCON pre-game. A marginally interesting security exploit is served up to the tech media and devoured. This becomes a bullet point on the researcher’s CV, and if the cards land right, they’re able to charge more per hour. There is an incentive for researchers to have the most newsworthy talk at DEFCON, which means some speakers aren’t playing the security game, they’re playing the PR game. In all likelihood, [ben Caudill] only figured out a way to guarantee he has the most talked-about researcher at DEFCON. All you need to do is cancel the talk and allow tech journos to speculate about National Security Letters and objections to the publication of ProxyHam from the highest echelons of government. If you think about it, it’s actually somewhat impressive. [ben Caudill] used some routers and a Raspberry Pi to hack the media. If that doesn’t deserve respect, nothing does. Sursa: http://hackaday.com/2015/07/14/how-to-build-a-proxyham-despite-a-cancelled-defcon-talk/

Se putea realiza mult, mult mai simplu in bash: export lungime_parola=20 export nr_parole=1 cat /dev/urandom | tr -dc 'a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?=' | fold -w "$lungime_parola" | head -n "$nr_parole" si vezi ca generatoarele random din bibliotecile implicite ale limbajelor de programare nu au o entropie buna; adica reproduc secvente de biti care pot fi prezise.

Informatii de ansamblu despre BGP poti gasi aici: CISCO BGP BGP case studies Pentru detalii poti arunca o privire prin rfc-uri: BGP-4 Confunzi mai multe lucruri. In primul rand o sesiune NU se stabileste intre doua ISP-uri ci router-ele externe, situate la nivelul superior al sistemului autonom(autonomous system(AS)) detinute de acestea. Nu este o sesiune propriu-zisa intrucat nu se mentine starea de la un route advertisement la altul si este reactualizat fie la intervale predefinite de timp, fie cand apar modificari in retea(unele AS-uri nu mai raspund, apar altele noi). Nu ai cum sa ai o clasa de IP-uri; acestea au fost epuizate prin anii '97 - 2000. Eventual un subnet. Urmatorii pasi ar fi urmarea unor cursuri cisco specializate pe produsele actuale aflate in comert precum si citirea articolelor si a rfc-ului de mai sus.

Nu, nu contin argumente stiintifice. Sunt exemple anecdotice care nu au tangente vizibile cu subiectul in cauza(vezi exemplul cu Papua Noua Guinee). Tu interpretezi observatiile concrete si obiective ca si rasism. Prin urmare nu poti aborda problema pe un plan critic, ci numai sentimental/subiectiv; cel care vorbeste despre vina si obligatiile imigrantilor este cel rau, rasistul. Nu stii concret de ce, doar din ce ai observat in mass media. Civilizatia este creata de trib. Acum 2000 de ani si indoeuropenii aveau un statut social similar membrilor tribului. Cat despre imigranti, esti sigur? Super, daca este o problema de cantitatea de melanina de ce s-a schimbat si structura osoasa, cea a craniului? De ce mai ai nevoie de resure daca esti suficient de evoluat sa nu ai grija zilei de maine? Revolutia industriala, conform teoriei evolutiei, NU era necesara deoarece s-a ajuns la un statut de viata suficient de ridicat pentru a suplini nevoile de baza hrana, haine si adapost. Tinand cont ca ai sub optsprezece ani, ideile tale sunt de inteles; si eu gandeam la fel la varsta ta. Se vor schimba radical o data ce vii in contact cu ei. Prin faptul ca stie mai multe ilustreaza ca este mai evoluat. De ce a evoluat daca pe vremea lui Voltaier era deja suficient de evoluat? Bafta la BAC, in avans. Daca ai nevoie de ajutor candva poti sa-mi lasi un p.m..

Ce experienta ai in domeniu? Ai putea pune, te rog, un CV(fara date personale, desigur, doar expertisa, copii de diplome, la fel, fara date personale) si doua trei cursuri de proba(sample lessons)?