mundy.

Tu crezi ca is prost sa deschid un exe ?

Mai ofer si eu inca 3 invitatii, n-am nici-o conditie.

Chiar era nevoie de o alta tema, multumesc, chiar mi se misca mai bine pe telefon acum.

Preluând date dintr-un articol de la WhoIsHostingThis.com, Playtech.ro men?ioneaz? câ?iva pa?i simpli prin care pute?i ob?ine o parol? mai eficient? ?i mai sigur?. Num?rul de caractere din parol?, de pild?, este foarte important. La fel de important este s? nu utiliza?i cuvinte prezente în dic?ionar, adrese de email, nume si informa?ii pe care le-a?i comunicat în conturile sociale etc. Conform studiilor citate, spargerea unei parole de 10 caractere dureaz? în medie o s?pt?mân?, în timp ce spargerea unei parole de 15 caractere ar putea dura secole. Mai multe detalii pute?i afla parcurgând articolul Playtech aici. (link catre Parola perfect?. Cum s?-?i protejezi datele mai bine ). Sursa: securitateit.ro

Ar fi buna o asemenea categorie, ajuti si tu cu 1-2 euro sau mai mult ca forumul sa se mentina asa cum e acum.

Mai astept si alte sugestii, daca nu , acela de pe emag ramane.

Mai astept si alte sugestii, daca nu , acela de pe emag ramane.

Bun tutorial, multumesc frumos.

Although a recent study found that nearly 80 percent of anonymous network Tor's traffic was to child abuse sites containing pedophilia material, one of the network's original designers and various experts have spoken out to say that the staggering stat cannot be taken at face value. After six months of running 40 “relay” computers in the Tor network, Gareth Owen, computer science researcher at the University of Portsmouth, and his team categorized the sites anonymous users visited through the group's machines. A majority of Tor hidden service traffic came from botnet computers that were looking for instructions from a command-and-control (C&C) server running Tor. But with this automated traffic taken out of the count, Owen's team found that 83 percent of remaining visits were to child abuse sites. However, the team, as well as Nick Matthewson, chief architect, researcher and director of Tor, also noted that the majority of the network's hidden services pertain to drug-related sites. Only about 2 percent of hidden services are considered child abuse sites. The discrepancy between the findings and reality of hidden services could have to do with the surfing habits of users visiting the pedophilic sites. Matthewson explained in a Tuesday blog post that the research group might have observed a disproportionate number of hidden service directory requests. “Basically, a Tor client makes a hidden service directory request the first time it visits a hidden service that it has not been to in a while,” Matthewson wrote. “If you spend hours at one hidden service, you make about one hidden service directory request. But if you spend one second each at 100 hidden services, you make about 100 requests. Therefore, obsessive users who visit many sites in a session account for many more of the requests that this study measures than users who visit a smaller number of sites with equal frequency.” He went on to say that the data the researchers collected could tell more about the surfing habits of a particular group of Tor users, as opposed to the reality of the network's traffic. Adam Kujawa, head of malware intelligence at Malwarebytes Labs, wrote in a Wednesday comment to SCMagazine.com that Matthewson's response reminds that, “while the results sound scary, it's likely that they can be misinterpreted, skewed, and the original data might contain lots of outliers. The fact is unless Tor decided that they were going to have monitoring software installed on every single node available, as a requirement, then we will never be able to identify the exact user activity, as a whole, on the network; we can only look at bits and pieces of a puzzle with no solution.” The data could also have been skewed by law enforcement and anti-abuse groups who monitor pedophilia dark web sites, which could have counted as visits. Additionally, distributed denial-of-service (DDoS) attacks could have created traffic, Tor's creators told Wired. The findings were presented at the Chaos Computer Congress in Germany on Tuesday.

Data breaches, dangerous vulnerabilities and more dominated the headlines this year in cybersecurity. Taking a look back, the year produced a number of juicy stories for those keeping an eye on the threat landscape. Here's a few of the security stories and topics that dominated headlines and discussions during the year. In no particular order: 1) Point-of-sale (PoS) security: The security of PoS systems was spotlighted after a spate of data breaches prompted the U.S. Secret Service and US-CERT to issue warnings about the now-notorious Backoff malware. The Secret Service linked the malware to the compromise of more than 1,000 businesses in the United States. As the year went on, hackers would use various malware not only to target retailers, but in some cases the PoS vendors themselves. The emphasis on these systems caused security experts to talk more about securing these devices. 2) Heartbleed Vulnerability: The Heartbleed vulnerability was disclosed in April, and resided in vulnerable versions of the OpenSSL cryptographic library. The vulnerability is a buffer over-read that results from improper input validation in the implementation of the TLS heartbeat extension. After news of the issue spread, the vulnerability was linked to attacks against various organizations, including the Canada Revenue Agency and Community Health Systems. Part of this was likely due to the multiple steps involved in actually closing the security hole, which involved not only patching the vulnerability but also revoking and reissuing any potentially compromised SSL/TLS certificates. 3) Shellshock: Shellshock was the name given to a family of security bugs affected the Unix Bash shell. Many Internet-facing services use Bash to process certain requests, which in turn meant that an attacker could execute arbitrary commands and gain unauthorized access to a system. The first of these bugs (CVE-2014-6271) was disclosed in September, and causes Bash to unintentionally execute commands when the commands are concatenated to the end of function definitions stored in the values of environment variables. Within days of this issue becoming public, a host of related vulnerabilities were found: CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187. 4) Target Breach Fallout: First announced in December 2013, the fallout from the Target breach extended well into 2014. During the year, both company CEO Gregg Steinhafel and CIO Beth Jacob stepped down and were replaced. In the end, data belonging to tens of millions of people is believed to have been affected. In response to the situation, the retail giant said that beginning in early 2015, its entire REDcard portfolio, including all Target-branded credit and debit cards, would be enabled with MasterCard’s chip-and-PIN solution. Eventually, all of Target’s REDcard products will be chip-and-PIN secured, the company stated. 5) Sony: Due to the international implications of the attack, the Sony Pictures data breach makes the list. In addition to the theft of mountains of corporate data - some of which included emails with controversial remarks about celebrities and the president of the United States - the attackers also used malware to wipe Sony's hard drives and disrupt day-to-day operation. Earlier this month, the FBI pointed the finger at North Korea, and President Barack Obama promised that there would be a proportional response to the attack. Following this, North Korea experienced Internet outages its government has subsequently blamed the United States for. Meanwhile, researchers at Norse have cast doubt that North Korea was involved in the attacks at all. In 2015, opined Rapid7 Global Security Strategist Trey Ford, companies should: 1) institute strong password policies; 2) use two-factor authentication for all external access; 3) frequently inventory, assess, and test controls to raise confidence that policies are enforced across the network; and 4) deploy account behavior monitoring and intruder detection to catch attackers that slip through. "The technology needed to improve controls, and to better protect and monitor the use of user and administrative accounts exists today," he said. "Given the lower barrier to entry for, and the strong economic forces and diverse motivations behind cyber-attacks, we expect attacks against organizations of all sizes and industries to increase in 2015."

For identifying and responsibly disclosing vulnerabilities in Google App Engine for Java, researchers at Poland-based research company Security Explorations have been rewarded by Google with a total of $50,000. Earlier this month, Security Explorations reported uncovering more than 30 potential flaws affecting Google App Engine, a platform-as-a-service (PaaS) offering that allows developers to host, manage and run their apps on the search giant's infrastructure. The researchers submitted proof-of-concept (PoC) code for 20 issues, some of which could have been exploited for a complete sandbox escape. Following some more aggressive tests conducted by the experts at the beginning of December, Google suspended their Google App Engine account before they could complete their research. However, Google later agreed to allow Security Explorations to continue its analysis. Security Explorations announced today that Google rewarded its efforts with $50,000, the largest reward paid out by Google so far as part of its Vulnerability Reward Program (VRP). The security firm says it will use the reward for its non-commercial research projects. "We have filed a total of 30 issues to the company. We received a status report from Google on 24 Dec 2014 informing us that 23 weaknesses have been accepted and 4 are work as intended (WAI) issues (not a bug)," Adam Gowdiak, founder and CEO of Security Explorations, told SecurityWeek. "Google also informed us that Issues 1-4, 13 have been fixed. On 25 Dec 2014 Google provided additional information to its status report. The company informed that it filled 16 bugs (3 marked as won't fix), 5 bugs are actively worked on and the rest are fixed, although not all pushed to production," Gowdiak added. Oracle has also reached out to Security Explorations to find out if the any of the bugs affect Oracle products. The security research firm says most of the flaws are specific to the Google environment, but there is one minor issue that Oracle is currently investigating. Security Explorations reported vulnerabilities to Oracle on several occasions in the past years. In June, researchers announced uncovering a total of 22 flaws in the custom JVM implementation used in Oracle Database. Oracle fixed the issues in October with the Critical Patch Update (CPU).

The official website of the Internet Systems Consortium (ISC) was hacked just before Christmas and set up to serve malware to visitors, researchers at security firm Cyphort reported. ISC.org has been shut down after the organization was notified about the attack and the website has been down for maintenance ever since. Cyphort said it alerted ISC on December 22 and the site was cleaned up by the next day. ISC's website and blog are powered by WordPress. The attackers modified the homepage of isc.org so that its visitors were redirected to a server hosting the Angler exploit kit, researcher said. The exploit kit was set up to leverage vulnerabilities in Internet Explorer, Flash and Microsoft Silverlight to push malware onto visitors' systems. In this particular attack, Angler injected the malicious code directly into the victim machine's memory. This variant of the exploit kit was first spotted this summer by the French malware researcher know as "Kafeine." Attacks targeting ISC can have serious consequences because the organization is responsible for the development of BIND, the most widely used Domain Name System (DNS) software. ISC also operates one of the 13 Internet root name servers. However, the organization says damage appears to be limited to its website; other resources are not affected. "Our website runs on a separate machine, isolated from the rest of our infrastructure, and no critical information was lost or other systems compromised. The web site virus had no impact on our ftp server, our source code archives, our f-root server, our internal network, or any other ISC infrastructure or systems," ISC representatives told SecurityWeek. The organization says targeted attacks against its systems are not uncommon, but this doesn't appear to be the case. "Like many small businesses, we operate a small website using WordPress. Our WordPress installation was compromised and became infected. Our current theory is that we were using a compromised WordPress plug-in that installed a backdoor, but we do not know for sure how the backdoor was installed. Our theory is mostly based on the information that Sucuri.net has published about a WordPress vulnerability called 'soaksoak'," ISC explained. ISC is advising users who visited the site recently to scan their computers for malware. "We have not had any reports of any client machines that have been infected from our website. If you believe you have caught a virus from our web site, please let us know, by email to security-officer@isc.org," ISC said on its website. Until the website is restored, BIND and ISC DHCP can be downloaded from the organization's FTP server. ISC has also provided users with information on how to check the integrity of downloaded files. "Our site will be back up this week. We are rebuilding the website from scratch. We did a fresh install of WordPress, with tighter security settings. An engineer is manually inspecting all our content for anything that should not be there. This is quite a time-consuming process, but we think it is the only way to ensure that there are no backdoors or malicious files," ISC representatives said. Earlier this month, ISC released updates to address several remotely exploitable vulnerabilities in BIND. One of the security bugs, which affected multiple DNS resolvers, was discovered by Florian Maury of the French government information security agency ANSSI, and it could have been exploited to cause the software to crash. ISC is not the only high-profile Internet organization hacked this month. The Internet Corporation for Assigned Names and Numbers (ICANN) suffered a data breach after its employees fell victim to a spear phishing attack. *Updated with clarifications from ISC

Foarte frumoase temele, in curand imi voi face si eu un blog pe wordpress, si sigur voi folosi una dintre aceste teme

Multumim, dar rapidgator nu mai este functional, din cate observ.

Ce configuratie pentru un PC imi puteti recomanda? Nu il vreau pentru jocuri, ci pentru fb / yt / filme(buget: 1000 ron)

Ai toate felicitarile mele pentru acest proiect, putin ii duc mintea sa faca un lucru atat de util. Inca odata, felicitarile mele.

Hackers behind Christmas Day attacks on the online gaming networks for Sony’s PlayStation and Microsoft’s Xbox systems are offering their wares up for sale to the public. The group calling itself Lizard Squad on Tuesday launched a website claiming to offer the tools to overwhelm a target’s servers and force it offline. The relatively common way to take down a website is known as a distributed denial of service (DDOS) attack and can be automatically launched by for-hire Internet programs known as booters or stressers. “This booter is famous for taking down some of the world's largest gaming networks such as XBOX Live, PlayStation Network, Jagex, BattleNet, League of Legends and many more!” the group says in an introduction to its new online market. “With this stresser, you wield the power to launch some of the world's largest denial of service attacks,” it added. The lowest-priced hack costs $5.99 per month for a 100 second attack, and goes up to $129.99 per month for an attack lasting 30,000 seconds — or more than eight hours. In addition to the Christmas attack, which was largely resolved after a few days, the Lizard Squad group has also taken credit for a series of attacks on the PlayStation Network stretching back to 2011, as well as attacks on other gaming networks. The organization also might have ties to hackers responsible for the massive attack at Sony Pictures, which crippled the studio in recent weeks. Many security experts remain skeptical of the FBI's conclusion that North Korea carried out the attack in retribution for the production of “The Interview” — a comedy about a fictional assassination attempt on leader Kim Jong Un — and Lizard Squad members have publicly said that they played a role in the attack.

Multumesc, raman dator.

The prevailing narrative for the recent devastating cyber-attack against entertainment giant Sony sounds like a script: a small country angry about a movie about to be released sends a group of elite hackers to stop the film release. But some experts don't believe that's what happened. Was the attack the work of a disgruntled ex-employee at Sony? Or were the attackers actually from a completely different country? Another plausible explanation is much more economic: attackers demanded a ransom; Sony refused to pay and suffered the consequences. This attack was most likely a “sophisticated ransom threat made for monetary gain,” Jeff Schilling, the CSO of Firehost and a retired U.S. Army colonel, told SecurityWeek. Ransom attacks, where attackers unleash denial of service attacks or similar threats if the victim doesn't pay, are on the rise, Schilling said. Ransomware, malware capable of locking up computers and destroying the data if the victim does not pay, is also gaining popularity. When considered against the case of Sony, the ransom was likely significant since the potential damage—to the network and the brand—would be in the “millions of dollars, if not billions,” he said. When Sony refused to pay—because they didn't believe the threat or underestimated the extent of the damage—the attackers dumped the documents. The leaked document and the resulting fallout also has a ripple effect that goes beyond Sony, warned Schilling. The next time a major corporation receives a ransom threat, it is more likely to comply with the demand in order to avoid Sony's fate. It's difficult to attribute an attack just by looking at the tools used because clever attackers outsource different steps of the cyber-kill-chain and reuse tools from other sources, Schilling said. Understanding the motives help identify what the attackers were after, and in this case, an economic motive seems more likely than a political one. “The information released so far doesn't make the case” for attributing the attack to North Korea, Schilling said. It's possible the FBI is holding back the evidence, which points a definitive finger at the country as part of its ongoing investigation since it's unlikely the U.S. government would make such a statement without proof. However, based on the information currently released and available, Schilling remains skeptical. “There is not enough evidence to say it [the attackers] is North Korean,” Schilling said. The Case For "Not North Korea" Attribution is always a challenge in these cyber-attacks, because much of the evidence—such as the language of the source code and IP addresses used—wind up being circumstantial. Anyone can use IP addresses in other countries, and any cyber-adversary with a modicum of skill knows how to bounce around various IP addresses and to rent compromised servers in other countries to obscure their location. The same goes for time zones. The language of the source code or compiler is also not very definitive because the malware code could have been purchased or shared among multiple groups. It's pretty well-documented that cyber-adversaries collaborate and sell tricks and exploits among themselves. “Bad guys share code and are notoriously lazy. They will use whatever it takes to get the job done. As such, code is borrowed from other attackers, purchased in underground markets, etc.,” wrote Andrew Hay, the senior security research lead and evangelist at OpenDNS. In fact, a sophisticated enough actor can plant these pieces to lead investigators down this path of conjecture to obfuscate who they really are, Schilling said. It's also worth noting that the attackers didn't seem to understand what kind of data they had obtained, and there is evidence they had access to the network long before the movie, Seth Rogen's The Interview, was even discussed, Schilling said. “Remember, the hackers didn't start talking about The Interview until the press did,” Bruce Schneier, CTO of Co3 Systems, wrote on his blog. Schenier also speculated it was possible the attack was the work of North Korean individuals acting on their own and not under orders, but Schilling thought that was unlikely, due to the rigid control the dictatorship has over its citizenry. Another proof that the attack against Sony was the work the North Koreans was the fact that the message used to deface Sony's website was similar to the messages used against South Korean victims (which was also blamed on North Korea). Robert Graham of Errata Security argues the exact opposite, that the similarities are proof the North Korean government was not involved. “North Korean hackers are trained as professional, nation state hackers,” and are unlikely to be part of the underground community of attackers sharing tools, techniques, and processes, Graham wrote in a blog post. “North Korean may certainly recruit foreign hackers into their teams, or contract out tasks to foreign groups, but it's unlikely their own cyber-soldiers would behave in this way,” he said. In the end, it boils down to the fact that the attackers did not act the way North Korean actors have acted in the past, Schilling said. “At the end of the day, you don't change your strategy on how you behave during attacks,” he said.

A researcher has found a way to upload potentially malicious code to Facebook's servers by hiding it inside a harmless-looking Microsoft Word document file. In July, Egypt-based security researcher Mohamed Ramadan discovered what he called a blind XML External Entity (XXE) out-of-band (OOB) vulnerability on Facebook's facebook.com/careers website. On this site, users who want to apply for a job with Facebook can upload their résumé in .pdf or .docx format. This normally prevents the uploading of malicious files. However, .docx (Office Open XML) is a zipped, XML-based file format, which allowed the researcher to extract its contents using a file archiving application. By altering the extracted files and placing them inside a .docx file, the expert managed to upload arbitrary code to Facebook's server. The test code developed by the researcher was simply designed to contact an HTTP server running on his computer. It took roughly 15 minutes for the file uploaded to Facebook to contact Ramadan's server, but the attack method had worked. According to the researcher, the security hole could have been leveraged for a wide range of malicious tasks, including denial-of-service (DoS) attacks, TCP scans, and access to XML files. In certain circumstances, an attacker could have also gained access to sensitive information and launch DDoS attacks, the expert believes. Facebook initially failed to reproduce the attack, but after further investigations the social media giant admitted it was a security issue and fixed it. In August, the company rewarded Ramadan with $6,300 for his findings. In a blog post published over the weekend, the researcher said Facebook paid out the reward after he identified similar vulnerabilities on other websites. This isn't the first time Ramadan is rewarded by Facebook for reporting security bugs. In December 2012, he identified a flaw in the Facebook Camera app for iOS which could have been exploited to hijack user accounts through man-in-the-middle (MitM) attacks. In October 2013, the expert reported discovering a way to hijack Facebook accounts by leveraging a vulnerability in the social media network's Android application. In January, Facebook announced rewarding Brazilian computer engineer Reginaldo Silva with $33,500 for reporting a critical vulnerability. Silva found a way to remotely execute arbitrary code by leveraging an XXE issue.

Researchers at Trend Micro say attackers are actively exploiting a vulnerability in Android's WebView browser in order to compromise Facebook accounts. The flaw allows the attackers to bypass Android's Same Origin Policy (SOP), and impacts devices running versions of the operating system prior to 4.4. The vulnerability, CVE-2014-6041, was first disclosed in September by an independent researcher. But months later, the vulnerability continues to be exploited in the wild. "The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser," according to the National Vulnerability Database. According to Trend Micro Mobile Security Engineer Simon Huang, the attack targets Facebook users via a link in a particular Facebook page that leads to a malicious site. The page contains obfuscated JavaScript code that includes an attempt to load a Facebook URL in an inner frame. The user will only see a blank page as the page’s HTML has been set not to display anything via its div tag while the inner frame has a size of one pixel, he added. "While these routines are being carried out, the SOP bypass is being performed," he blogged, adding that a remote JavaScript file is loaded from a legitimate cloud storage provider. The file, he noted, contains the malicious code of the attack and enables the attackers to perform the following activities on Facebook: Add friends Like and follow Facebook pages Modify subscriptions Authorize a Facebook app to access the user’s public profile, friends list, birthday information, likes and friends’ likes Steal the victim’s access tokens and upload them to their server at http://{BLOCKED}martforchristmas.website/walmart/j/index.php?cid=544fba6ac6988&access_token= $token; Collect analytics data (such as victims’ location, HTTP referrer, etc.) using the legitimate service at https://whos.{BLOCKED}ung.us/pingjs/ "In addition to the code at the above site, we found a similar attack at http://www.{BLOCKED}php.com/x/toplu.php," Huang explained. "We believe both of them are created by the same author because they share several function names, as well as the client_id of the Facebook app." "The client_id involved in this malware was “2254487659”," he added. "This is an official BlackBerry App maintained by BlackBerry. We confirmed with BlackBerry and clarified that this malware is trying to take advantage of the trusted BlackBerry brand name and steal user’s access-tokens, which can be used to make requests to Facebook APIs and read user’s information or to publish content to Facebook on behalf of a person." Blackberry is working with Facebook and Trend Micro to address the issue. Google has already issued a fix for the vulnerability for Android users.

Poti lasa un link? Postul a fost modificat, si link-ul scos totodata.

Multumesc.

Windows XP SP3

Misto ideea, mersi fain