Jump to content

QuoVadis

Active Members
  • Content Count

    2562
  • Joined

  • Last visited

  • Days Won

    173

Everything posted by QuoVadis

  1. Tex incepe sa rada si Nytro e prea finut. Sa-i umple frigiderul la Gecko
  2. Daca ati fi sa pariati... (eu am facut-o deja 😎), pe cine ati miza sa intre in turul 2 si apoi sa castige? Doar de curiozitate...
  3. Daca ai fi oferit si cate o invitatie filelist celor care participa adunai inca 50 oameni 😂
  4. Sursa Financial Times. La revedere cryptografie asa cum o stim? ...
  5. What the actual fuck... intru rar, ca nu am vreme, dar cand vad topic-uri de genul parca imi vine sa intru si mai rar.
  6. https://nakedsecurity.sophos.com/2019/09/19/air-force-to-offer-up-a-satellite-to-hackers-at-defcon-2020/
  7. Project Zero’s mission is to make 0-day hard. We often work with other companies to find and report security vulnerabilities, with the ultimate goal of advocating for structural security improvements in popular systems to help protect people everywhere. Earlier this year Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day. There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week. TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years. I’ll investigate what I assess to be the root causes of the vulnerabilities and discuss some insights we can gain into Apple's software development lifecycle. The root causes I highlight here are not novel and are often overlooked: we'll see cases of code which seems to have never worked, code that likely skipped QA or likely had little testing or review before being shipped to users. Working with TAG, we discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes. Initial analysis indicated that at least one of the privilege escalation chains was still 0-day and unpatched at the time of discovery (CVE-2019-7287 & CVE-2019-7286). We reported these issues to Apple with a 7-day deadline on 1 Feb 2019, which resulted in the out-of-band release of iOS 12.1.4 on 7 Feb 2019. We also shared the complete details with Apple, which were disclosed publicly on 7 Feb 2019. Now, after several months of careful analysis of almost every byte of every one of the exploit chains, I’m ready to share these insights into the real-world workings of a campaign exploiting iPhones en masse. This post will include: detailed write-ups of all five privilege escalation exploit chains; a teardown of the implant used, including a demo of the implant running on my own devices, talking to a reverse-engineered command and control server and demonstrating the capabilities of the implant to steal private data like iMessages, photos and GPS location in real-time, and analysis by fellow team member Samuel Groß on the browser exploits used as initial entry points. Let’s also keep in mind that this was a failure case for the attacker: for this one campaign that we’ve seen, there are almost certainly others that are yet to be seen. Real users make risk decisions based on the public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you're being targeted. To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group. All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them. I hope to guide the general discussion around exploitation away from a focus on the the million dollar dissident and towards discussion of the marginal cost for monitoring the n+1'th potential future dissident. I shan't get into a discussion of whether these exploits cost $1 million, $2 million, or $20 million. I will instead suggest that all of those price tags seem low for the capability to target and monitor the private activities of entire populations in real time. I recommend that these posts are read in the following order: iOS Exploit Chain #1 iOS Exploit Chain #2 iOS Exploit Chain #3 iOS Exploit Chain #4 iOS Exploit Chain #5 JSC Exploits Implant Teardown https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
  8. Day rates - se aplica la contracte fixe, temporare Full time - contractele full time, de obicei permanente sau de minim 2-3 ani PDF download: https://we.tl/t-6Kp5kwZhtY Sursa: hays.co.uk Acestea sunt ciferele brute, din care se trage impozitul pe venit si national insurance. Se poate calcula aici net-ul: https://www.gov.uk/estimate-income-tax Pe langa salarii multe companii ofera pachete destul de consistente gen: - contributia angajatorului egala cu cea a angajatului la pensie pana la un anumit procent (ex: daca angajatul contribuie 12% din salar la pensie, angajatorul contribuie si el 12% din salar la pensie) - car/travel allowance/season ticket loan - tax-free loan pentru bicicleta (pana la £1k) - reduceri/gratuitati gym, entertainment, produse electronice, etc. - lucru flexibil de acasa - contributii financiare la dezvoltare profesionala - orice altceva negociati sau ofera deja angajatilor firma respectiva
  9. Daca ai mai facut asa ceva sau te pricepi, trimite-mi un PM: am un GUI local facut in Ms Access VBA ce este cuplat la un SQL server local. Voi muta DB-ul in AWS dar am nevoie de cineva sa rescrie front-endul (in Python de preferinta dar deschis si la altele).
  10. https://www.bbc.co.uk/programmes/articles/mXtpBVzfVHYswmRFN7gtKb/is-there-a-spy-in-your-pocket
  11. Ca tot mai erau dispute pe aici... https://www.bbc.co.uk/news/uk-england-manchester-48595271 Nu stiu daca adevarul e de o parte sau de alta ori la mijloc insa morala e: "In God we trust, all others must pay cash" sau "contract or gtfo"
  12. QuoVadis

    Cumpar Avios

    Valabil again ↑
  13. @Gecko da-mi si mie numarul dealer-ului tau de iarba in PM. Thx
  14. Muie nu doresti?
  15. Pyongyang, May 13 (KCNA) -- Songs in praise of Supreme Leader Kim Jong Un can be heard everywhere in the Democratic People's Republic of Korea. Among them are "Ardent Desire", "Voice of My Heart", "Opening My Heart" and "Yearning", which show how deeply the Korean people revere and trust their Supreme Leader. Those songs reflect the people's ardent wish for good health to the Supreme Leader as well as their faith and will to strive for the country's prosperity under his guidance. They are an eruption of strong feelings of the people fascinated by the great idea, leadership and personality of the Supreme Leader who is demonstrating to the world the dignity and might of socialist Korea and regarding the people as his God. When interviewed by KCNA, Han Chol, a worker of the Pukchang Thermal Power Complex, said: I am fond of the song "Yearning" as it reflects my inward thoughts. Singing this song, I over-fulfilled my daily quota by 200 percent when the respected Supreme Leader was on a foreign tour. The song will encourage me to make continued innovations in the future, too.
  16. A vulnerability in the messaging app WhatsApp has allowed attackers to inject commercial Israeli spyware on to phones, the company and a spyware technology dealer said. WhatsApp, which is used by 1.5bn people worldwide, discovered in early May that attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s phone call function. The malicious code, developed by the secretive Israeli company NSO Group, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs, said the spyware dealer, who was recently briefed on the WhatsApp hack. WhatsApp is too early into its own investigations of the vulnerability to estimate how many phones were targeted using this method, a person familiar with the issue said. As late as Sunday, as WhatsApp engineers raced to close the loophole, a UK-based human rights lawyer’s phone was targeted using the same method. Researchers at the University of Toronto’s Citizen Lab said they believed that the spyware attack on Sunday was linked to the same vulnerability that WhatsApp was trying to patch. NSO’s flagship product is Pegasus, a program that can turn on a phone’s microphone and camera, trawl through emails and messages and collect location data. NSO advertises its products to Middle Eastern and Western intelligence agencies, and says Pegasus is intended for governments to fight terrorism and crime. NSO was recently valued at $1bn in a leveraged buyout that involved the UK private equity fund Novalpina Capital In the past, human rights campaigners in the Middle East have received text messages over WhatsApp that contained links that would download Pegasus to their phones. WhatsApp said that teams of engineers had worked around the clock in San Francisco and London to close the vulnerability. It began rolling out a fix to its servers on Friday last week, WhatsApp said, and issued a patch for customers on Monday. “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” the company said. “We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.” WhatsApp disclosed the issue to the US Department of Justice last week, according to a person familiar with the matter. A justice department spokesman declined to comment. NSO said it had carefully vetted customers and investigated any abuse. Asked about the WhatsApp attacks, NSO said it was investigating the issue. “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” the company said. “NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual [the UK lawyer].” The UK lawyer, who declined to be identified, has helped a group of Mexican journalists and government critics and a Saudi dissident living in Canada, sue NSO in Israel, alleging that the company shares liability for any abuse of its software by clients. John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, said the attack had failed. “We had a strong suspicion that the person’s phone was being targeted, so we observed the suspected attack, and confirmed that it did not result in infection,” said Mr Scott-Railton. “We believe that the measures that WhatsApp put in place in the last several days prevented the attacks from being successful.” Other lawyers working on the cases have been approached by people pretending to be potential clients or donors, who then try and obtain information about the ongoing lawsuits, the Associated Press reported in February. “It's upsetting but not surprising that my team has been targeted with the very technology that we are raising concerns about in our lawsuits,” said Alaa Mahajne, a Jerusalem-based lawyer who is handling lawsuits from the Mexican and Saudi citizens. “This desperate reaction to hamper our work and silence us, itself shows how urgent the lawsuits are, as we can see that the abuses are continuing.” On Tuesday, NSO will also face a legal challenge to its ability to export its software, which is regulated by the Israeli ministry of defence. Amnesty International, which identified an attempt to hack into the phone of one its researchers, is backing a group of Israeli citizens and civil rights group in a filing in Tel Aviv asking the ministry of defence to cancel NSO’s export licence. “NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics. The attack on Amnesty International was the final straw,” said Danna Ingleton, deputy director of Amnesty Tech. “The Israeli ministry of defence has ignored mounting evidence linking NSO Group to attacks on human rights defenders. As long as products like Pegasus are marketed without proper control and oversight, the rights and safety of Amnesty International’s staff and that of other activists, journalists and dissidents around the world is at risk.” Sursa: https://www.ft.com/content/4da1117e-756c-11e9-be7d-6d846537acab
  17. QuoVadis

    CUDA ?

    ON: Am folosit un Nvidia Tesla P100 gratuit timp de cateva ore prin Google Cloud. - facut cont de trial pentru $300 - adaugat card ca si metoda de billing (nu mi-au tras nici un ban) - creat VM cu slectia de P100 - trimis ticket la Google Compute Engine Quota Support sa dea enable la global attribute | GPUS_ALL_REGIONS pentru proiectul meu (in mai putin 24 ore mi-au aprobat, am bagat motiv credibil la request) - facut treaba ce am avut nevoie - dat cancel la billing, delete la vm, anulat tot. OFF: tot cu retelele neuronale ai ramas...
  18. Daca esti nou in "toate astea" uita-te mai intai la data threadului
  19. When she's ignoring you she's thinking of @aelius and his big dick. He knows how to eat her pussy every time they're together, like an Auschwitz prisoner finding a McDonalds hamburger. Let it go...
  20. Hai bre, muie! Deja devii penibil cu incercarile astea de troll
×
×
  • Create New...