Jump to content

QuoVadis

Active Members
  • Posts

    2713
  • Joined

  • Days Won

    192

Everything posted by QuoVadis

  1. Tocmai asta mi s-a parut amuzant.. ca ei vor sa le aiba datele la fiecare.. e un fel de "inlistare/racolare" de fraieri dar mascata in mod destept
  2. Washington (AFP) - Ever wanted to hack Uncle Sam? Provided you're American and can pass a background check, go right ahead, the Pentagon said Wednesday. The US Department of Defense is inviting vetted hackers to test its cybersecurity under a pilot program that is the first of its kind in the federal government. Called "Hack the Pentagon," the so-called bug bounty program will give cash awards and other recognition to participants who can spot weaknesses on the Pentagon's public web pages. "I am always challenging our people to think outside the five-sided box that is the Pentagon," Defense Secretary Ashton Carter said. This "initiative will strengthen our digital defenses and ultimately enhance our national security." The pilot program is modeled after similar competitions conducted by major firms to improve network and product security. A defense official said the project would be a cost-effective way of recruiting non-malicious "white hat" hackers to probe Pentagon vulnerabilities. "We want to bring in great talent, we want to take advantage of people who have the ability to help the Department of Defense and the country," the official said. He noted that if successful, the program could be more broadly expanded across the federal government. The Pentagon did not announce how much money would be paid out, but suggested that the bigger the vulnerability a hacker finds, the bigger the reward. The Pentagon announced the initiative while Carter visited Silicon Valley in California on Wednesday. It is his third trip to the world's tech heartland and he has repeatedly stressed the need for the Pentagon to innovate and work with tech partners. Carter also announced plans to establish a "Defense Innovation Advisory Board" that will be chaired by Eric Schmidt, executive chairman of Alphabet, Google's parent company. The board will give Pentagon leaders independent advice on ways to address "future organizational and cultural challenges, including the use of technology alternatives," Pentagon press secretary Peter Cook said in a statement. SOURCE
  3. @playfun - localbitcoins.com, este serviciu de escrow. Schimbi mai intai ce ai tu in btc si de acolo in ce vrei tu. De ce iti inchipui ca un administrator ar fi la cheremul vostru pe post de secretara personala pentru toate nimicurile. Pentru tranzactii mari si comisioane pe masura poate ca ar fi cineva interesati insa nu cred ca isi pierde vremea careva pentru nimicurile voastre @RoEx - Un certificat SSL nu are legatura cu asta, pot sa fie tot felul de mizerii si sa aiba https
  4. Pentru "Drone fanatics"... De vanzare 3 bucati Navio2 noi, sigiliate si cu factura. £160 x 3 in bitcoin only. P&P gratuit. Info: http://www.emlid.com/introducing-navio2/ / https://shop.pimoroni.com/products/navio2-linux-autopilot-on-raspberry-pi
  5. Un search pe Google la "windows server 2016 vs 2012" si apoi dai o geana la https://technet.microsoft.com/en-us/library/mt126143.aspx , vei gasi destule informatii.
  6. Scuze de intarziere @gogusan, tot pe drumuri sunt. Daca este vreunul faulty si e returnat in 30 zile il schimbam.
  7. Scuze de intarziere. @hapy.end vezi aici: http://x.co/gmailhack
  8. Nu e nici un catch. Am spus ca sunt noi, sigilate si cu factura deci nu au fost in nici un cluster. Nu te priveste pe tine de ce nu le folosesc eu
  9. Vand 50 bucati Raspberry Pi 2 + 50 carcase Pibow (culori la alegere, PM pentru gama) - toate noi, sigilate si cu factura. Pret normal retail Raspberry Pi B - Model V2: 203 RON Pret normal retail carcasa Pibow - 164 RON Pret normal retail total - 367 RON Pret de vanzare in bulk total / buc - 235 RON (reducere 132 RON / buc). La 50 bucati se aduna o suma buna... Din pacate nu pot sta sa le dau pe bucati, doar toate odata (50 + 50).
  10. Asa ceva nu te intereseaza? https://shop.pimoroni.com/products/pi-zero-project-kits Kit-urile au Pi Zero inclus
  11. Bine ai venit. Un sfat: scapa-te rapid de avatar si locatie (treaba cu Anonymous), daca vrei sa nu fii luat la pula mai de toata lumea.. "Succesuri" !
  12. https://localbitcoins.com/buy-bitcoins-online/usd/paypal/
  13. https://www.linkedin.com/in/mehernaz-morawala-05516312 Felicitari @Nytro pentru deschiderea unei filiale in Mumbai. Ar fi ideal daca poti face un transfer de puradei inapoi catre ei http://rstforum.net/ :P
  14. Merge. Nice one, thanks!
  15. Cei de la Zerodium nu de mult au platit 1 mil usd pentru un exploit iOS, postasem aici la stiri. Nu e vorba ca "e mai important Apple decat Linux" ci faptul ca pot fi valorificate mult mai bine si mai repede si afecteaza cat mai multi "home" useri (printre care persoane importante, celebritati, etc.)
  16. Adaugat si 2014 pentru comparatie Download: aHR0cDovL3dlLnRsL21seTRaNlIwQ3I= Romania - "The highest rate of per capita technology workers in Europe with more than 64,000 certified IT professionals."
  17. Eh.. macar a stat cam 24 ore in stoc de am apucat sa-mi iau unul Insa oricum ai avea nevoie de adaptor, una-alta... deci se merita, daca nu le ai deja, si restul pachetelor care sunt inca pe stoc.
  18. UPDATE: Cei de la Pimoroni vand doar cate 1 bucata / client. Am incercat sa plasez comanda pentru 50 bucati dar mi-au dat jet si refund Daca dati comanda direct de pe site-ul lor, un Pi Zero costa £4.25 iar transportul lor pana in Romania e £4 deci cam dubleaza pretul si va ajunge pe undeva la 48 RON. Insa daca mai aveti rabdare pana produc mai multe, se va injumatati pretul daca se comanda in bulk.
  19. Niste rapoarte (4 la numar) excelente intocmite de BMI referitoare la piata IT din Romania pe fiecare quarter din 2015. Acestea includ SWOT analysis, industry forecast pe 5 ani, economic analysis si multe alte informatii utile. De recomandat in special celor ce vor sa porneasca o afacere in domeniul IT in Romania - pentru a intelege mai bine contextul, trenduri, etc. Cei de la BMI Research apartin de Fitch Group si produc research de calitate, credibil. Download: aHR0cDovL3dlLnRsL0phWGZJS3JSalo= (Link disponibil 7 zile. Pentru re-upload pm me)
  20. http://x.co/gmailhack
  21. Lectie de trolling 101
  22. Cred ca guvernul US ii sufla de praf, totul ramane la decizia Apple cum vor proceda mai departe. Au resursele necesare sa se mute in alta parte si orice tara ii va primi cu bratele deschise, chiar vor incheia un agreement profitabil pentru ambele parti. Daca vor sa se lupte prin tribunale au resursele sa o faca. Influenta au destula in toate partile. US are doar de pierdut. Recent Apple au raportat ca au rezerve in cash de 216 miliarde de dolari din care 201 sunt in afara tarii. Adica putin peste echivalentul GDP al Romaniei pe un an de zile ca sa pui in perspectiva. Asta doar in cash, netinand cont de restul asset-urilor, etc. Ei sunt un gigant cu care US nu isi permit sa se lupte. Totul depinde de cata coloana vertebrala au Tim Cook & Co si cata aroganta au.
  23. Source: https://heimdalsecurity.com/blog/security-alert-mazar-bot-active-attacks-android-malware/ Felicitari lui Andra Zaharia! Our team at Heimdal Security has recently analyzed a text message sent to random mobile numbers. The Geographical extent is so far unknown, so please exercise caution. The SMS / MMS in question arrives with the following contents (sanitized by Heimdal Security): You have received a multimedia message from +[country code] [sender number] Follow the link http: //www.mmsforyou [.] Net / mms.apk to view the message. If the APK (which is a program file for Android) is run on an Android-powered smartphone, then it will gain administrator rights on the victim’s device. This will allow the attackers to: SEND_SMS RECEIVE_BOOT_COMPLETED INTERNET SYSTEM_ALERT_WINDOW WRITE_SMS ACCESS_NETWORK_STATE WAKE_LOCK GET_TASKS CALL_PHONE RECEIVE_SMS READ_PHONE_STATE READ_SMS ERASE_PHONE Our team has identified the malicious APK to be the Mazar Android BOT, a threat also that Recorded Future spotted in November 2015. The malicious packet (APK) retrieves TOR and installs it on the victim’s phone via the following harmless URLs: https: //f-droid.org/repository/browse/?fdid=org.torproject.android https: //play.google.com/store/apps/details?id=org.torproject.android In the next phase of the attack, the infection will unpack and run the TOR application, which will then be used to connect to the following server: http: // pc35hiptpcwqezgs [.] Onion. After that, an automated SMS will be sent to the number 9876543210 (+98 is the country code for Iran) with the text message: “Thank you”. The catch is that this SMS also includes the device’s location data. This specific mobile malware opens the doors to all kinds of malicious consequences for the victim. Attackers can: Open a backdoor into Android smartphones, to monitor and control them as they please; Send SMS messages to premium channel numbers, seriously increasing the victim’s phone bill; Read SMS messages, which means they can also read authentication codes sent as part of two-factor authentication mechanisms, used also by online banking apps and ecommerce websites; Use their full access to Android phones to basically manipulate the device to do whatever they want. And it gets worse. The attackers behind Mazar BOT also implemented the “Polipo proxy“, which gives them additional access to even more Android functionalities. Polipoid brings the Polipo HTTP proxy to Android. Polipo lets you do useful things such as cache web pages for offline access and should generally speed up browsing a little. Source: Github Through this proxy, cyber criminals can change the traffic and interpose themselves between the victim’s phone and a web-based service. This effectively becomes a Man-in-the-Middle attack. Here’s how it happens: Data is copied to your phone as mp3 files: 122.933 polipo.mp3 1,885,100 tor.mp3 Then, the proxy is configured as you can see below: 174.398 debiancacerts.bks 574 torpolipo.conf 879 torpolipo_old.conf 212 torrc 276 torrc_old For those technically inclined, the configuration of the TOR proxy will seem quite straightforward: proxy address = “127.0.0.1” proxy port = 8118 allowedClients = 127.0.0.1 allowedPorts = 1-65535 proxy name = “127.0.0.1” cacheIsShared = false socksParentProxy = “127.0.0.1:9050” socksProxyType = socks5 diskCacheRoot = “” localDocumentRoot = “” disableLocalInterface = true disableConfiguration = true dnsUseGethostbyname = yes disableVia = true from, accept-language, x-pad link censor referer = maybe maxConnectionAge = 5m maxConnectionRequests = 120 serverMaxSlots = 8 server slots = 2 tunnelAllowedPorts = 1-65535 chunkHighMark = 11000000 object high mark = 128 As if it weren’t enough that it can stop calls and launch other aggressive commands on the victim’s phone, Mazar BOT is also capable of injecting itself into Chrome. And there are several other settings and commands that Mazar BOT can trigger, as showcased below. These include: Controlling the phone’s keys Enabling the sleep mode Save actions in the phone’s settings, etc. Our team was not surprised to observe that the malware cannot be installed on smartphones running Android with the Russian language option. Mazar BOT will check the phone to identify the victim’s country and this will stop the malicious APK if the targeted phone turns out to be owned by a Russian user: locale.getCountry () equalsIgnoreCase ( “RU”)) Process.killProcess (Process.myPid ()); Until now, Mazar BOT has been advertised for sale on several websites on the Dark Web, but this is the first time we’ve seen this code be abused in active attacks. Attackers may be testing this new type of Android malware to see how they can improve their tactics and reach their final goals, which probably is making more money (as always). We can expect this malware to expand its reach, also because of its ability to remain covert by using TOR to hide its communication. As you may have anticipated, antivirus detection of the malicious APK is very low: 3/54 on VirusTotal. There are a few things you can do to keep your phone safe from Mazar BOT, and we recommend you take a moment now to verify and adjust these settings. 1. First of all, NEVER click on links in SMS or MMS messages on your phone. Android phones are notoriously vulnerable and current security product dedicated to this OS are not nearly as effective as they are on computers. 2. Go to Settings > Security and make sure this option is turned OFF: „Unknown Sources – Allow installation of apps from sources other than the playstore.” 3. Install a top antivirus for Android. It may not be enough to protect your phone, but it’s certainly good to have. You can find top-rated options in this article. 4. Do not connect to unknown and unsecured Wi-Fi hotspots. There are plenty of dangers lurking out there, and following some common-sense steps to keep yourself safe from them is the best thing to do. Also, keep your Wi-Fi turned OFF when you don’t use it. 5. Install a VPN on your smartphone and use constantly. It’s good for both your privacy and your security. 6. Maintain a cautious attitude at all times. Android security has not kept up with the high adoption rate of smartphones running the OS, and users may have to wait a long time until better security solutions appear. Until then, a careful evaluation of what happens on your phone is a very good safeguard.
  24. Ne lasi bre cu rahaturile astea? bine ca pui semnatura cu font cat scula calului pentru un link de ref. Sa postezi ceva acatarea nu te duce mintea.
  25. Cu dedicatie pentru @Gecko
×
×
  • Create New...