Andrei

Nu asa se construieste un auto-responder. Esti departe, dar e bine ca ai avut o idee. Keep going!

Am un client interesat de realizarea unui proiect care ii ofera posibilitatea sa adauge (spre exemplu) 10 conturi de Facebook, iar aplicatia sa ii faca o intersectie intre prietenii celor 10 conturi si sa-i afiseze lista de prieteni comuni. Proiectul va fi platit de acest client. Daca sunteti interesat de detalii, trimiteti-mi un PM. In cazul in care nu va cunosc sau nu am purtat pana acum o discutie, va sugerez sa imi oferiti si ceva detalii despre latura profesionala (cunostinte, proiecte/firme cu(la) care ati lucrat etc. Mersi!

Nu stii != nu iti place. Bafta! Sa ne spui si noua cum a decurs tot. )

Acum lucram la asta gyano. Atat prezentarile cat si inregistrarile video sunt pregatite chiar in timp ce vorbesc. Nu cred ca va mai dura foarte mult.

Imi place asta.

Reguli simple, de bun simt. Si schimba serviciul ala ca iti arde si serviciile tale si se misca si aiurea pentru noi. Ar fi dragut sa revenim la vechiul mirc.

When users hear of vulnerabilities, the first thing that pops into their mind is viruses, Trojans, worms and other elements that relate to malware or computer hacking. If Basic Input Output System (BIOS) flaws are involved, then everything seems even more dangerous, especially since, not long ago, we saw the malicious MEBROMI virus on a mission to take over computing devices. This weekend, at the first regional edition of DefCamp, that took place in Iasi, Romania, independent security researcher Willy Weiss showed that there could be a creative side to vulnerabilities, even in the ones found in BIOS. The researcher is currently working on a project that relies on BIOS flaws to help users interact with their computers remotely from a smartphone. After he held his speech I contacted him for an interview to find out more about his work. “Actually, in 2009 Pandora’s box was opened and the BIOS that was until then considered bulletproof, became vulnerable. I took that idea and made it into something productive, to demonstrate the features that could be obtained by productively exploiting vulnerabilities,” Weiss said. Flaws in BIOS were first taken advantage of in 1999, but only in 2009 researchers demonstrated that a malicious code could be inserted into its decompression routines with the purpose of taking over a PC even before the operating system could be booted. Now, Weiss relies on the same techniques and adds something extra to make sure that not only can the flaws be used for creative purposes, but also to make sure that cybercriminals can’t utilize them for malicious operations. While he claims that there are many practical applications, such as remotely controlling a computer from a smartphone, taking full advantage of the PC's computing resources, in his proof of concept he showed a simple application that could power up a computer by sending an SMS from a mobile phone. With the use of the Wake On LAN function, and by inserting a piece of code of his own that verifies the source of the SMS to prevent any unfortunate incidents or any malicious attempts, he managed to remotely turn on a PC. Even though remotely booting up a PC may not sound that great, this is only the first step in obtaining other applications that could be highly useful. “Think about having a smartphone and a remote management software installed on your home PC. You could use your mobile phone to perform a task, but you’d have the computing power of the PC,” he said. “For instance, by sending a message from the phone that says ‘Hey BIOS, start the PC, connect to IP x.x.x.x, using Y application,’ you are connected to your PC and you can enjoy all the computing resources offered by it.” Since the BIOS not only configures the other components, but also checks its own integrity, this goal is not easy to achieve, but Weiss states that he has everything figured out. By altering the original code and recoding it in his own method, he can fool the BIOS into thinking that everything is legitimate. “For now, I am taking everything one step at a time. I am currently focusing on making sure the connection to the mobile works perfectly, since there’s a lot of testing that still needs to be made.” “Six months ago I started doing the actual implementation and in the next year I hope to finalize it and make it available for public use,” he concluded. Via : Using BIOS Vulnerabilities for Creative Purposes (Exclusive) - Softpedia

E un principiu simplu : "Nu risti, nu castigi!" In situatia de fata tu ai castigat.

Cam asa ar trebui sa ne promovam noi in afara, nu "hacked by 1337s". PS: Thanks Nytro for re-sharing.

@black01 In urmatoarele zile public si inregistrarile video ale prezentarilor iar imediat cum gasesc prezentari le voi incarca pe canalul slideshare al conferintei. @tromfu Nice. @HellScream @tex Mersi baieti. Totusi, nu am fost singur, nu as fi putut face tot fara cei care au venit sa povesteasca din experientele lor si cei care au pus si au ajutat cu cate ceva pentru a pune cap la cap si sa iasa. PS: Da, am ceva mai putin de 22. LE : Primele fotografii : http://www.facebook.com/media/set/?set=a.176543712443419.34986.116250668472724. In urmatoarele zile vom adauga si alte fotografii si procesam cei 50gb de inregistrari apoi incercam sa le incarcam somehow.

Nu ai inteles nimic. Am facut update ca sa fie clar la cine m-am referit cu tot mesajul.

Ma scuzati. Atunci imi pastrez comentariul mai putin insulta.

Chill out. @eth0 Tu in ce grota traiesti? Cei pe care i-ai enumerat tu nu-s tot oameni? La blackhat, defcon si TOATE conferintele mari unii dintre ei chiar si prezinta, dar nu, ai venit tu, dupa ce ai auzit din desene animate de cateva organe care nici nu am auzit sa se ocupe toate de domeniul asta. La bran nu puteau veni aceiasi oameni? Iar daca ar veni asta ar insemna ca totusi sunt preocupati de asta ceea ce macar ar demonstra ca si Romania isi da seama de pericolele virtuale la care poate fi supusa pe termen lung. Te crezi chiar atat de bulletproof? LE: Cu cine totusi te certai?

Cum uneori cuvintele nu-s suficiente pentru a exprima un lucru, ne-am gandit sa abuzam de expresia "o imagine face cat 1000 de cuvinte" si de acolo sa transformam totul intr-un mini-spot. Enjoy! Spot – Ce reprezint? DefCamp? | DefCamp

Nu e nicio prostie, tehnologia care urmareste ochii si miscarile acestora exista; daca unii au reusit sa o calibreze, atunci tot ce e in articolul asta e realizabil.

@dansud2007 Dintre parerea ta si parerea Wikileaks, sunt sigur ca majoritatea vor da castig de cauza celei de-a doua. Xander a sesizat bine, nu-s irealizabile.

Schimba tema aia. Ma dor ochii. Nu respecta nici macar un aspect al esteticii. In rest, bafta, vei avea nevoie!

Vin cu noutati pentru curiosi! Mai aveti timp cateva zile in care va mai puteti inscrie! Subiectele ce vor fi tratate la Ia?i au ie?it din cuptorul DefCamp 2011 | DefCamp

@bognix Sunt mult mai multe mentionari in presa. Asta e doar una din ele. @Garryone Sunt mai multi si mai tehnici. @1337 Nu, trebuie doar sa fiti inscrisi pe site. Majoritatea sunt cel putin studenti. @albertynos Locatia e pe site scrisa alb pe negru, incepand cu orele 9:30. @all Maine publicam lista prezentarilor. Va fi un moment frumos. Veti vedea!

Cu doua dintre ele am avut contactul in urma cu ceva vreme (Cryptography - Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems si Firewall Policies And VPN Configurations (2006)). Ambele mi s-au parut foarte ok.

Wipe. Google it.

De ce nu stergeti articolul asta? Instiintati-l pe tip ca a avut probleme cu un omulet si incheiati un viitor flame.

Pot confirma si eu ca e foarte ok tutorialul. Daca ai putin timp liber si ceva banda de upload merita sa iti rotunjesti veniturile.

@HellScream Abia astept sa discutam. @bcman Daca te pornesti saptamana aceasta, ajungi pana la DefCamp perfect. )

Vino acasa. Sunt sarbatorile aproape. )