1337

Users should be aware that Cyber criminals are finding new ways to install malicious software on devices. The latest threat to Android phone users, according to the FBI, is a “work-at-home opportunity that promises a profitable payday just for sending out email.” - The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user’s device. The malicious application steals contact details from the user’s address book and the infected device’s phone number. FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located. FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update. Last week, security experts at McAfee announced that more than 60% of Android malware uses fake premium SMS messages. In their post on this subject, McAfee said, “Malware authors appear to make lots of money with this type of fraud, so they are determined to continue improving their infrastructure, code, and techniques to try to avoid antivirus software. It’s an ongoing struggle, but we are constantly working to keep up with their advances.” Safety tips from FBI to protect your mobile device: When purchasing a Smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device. Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft. With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application. Review and understand the permissions you are giving when you download applications. Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity. Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware. Be aware of applications that enable Geo-location. The application will track the user’s location anywhere. This application can be used for marketing, but can be used by malicious actors raising concerns of assisting a possible stalker and/or burglaries. Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime a user, application or service runs in “unrestricted” or “system” level within an operation system, it allows any compromise to take full control of the device. Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server. If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device. Smartphones require updates to run applications and firmware. If users neglect this it increases the risk of having their device hacked or compromised. Avoid clicking on or otherwise downloading software or links from unknown sources. Use the same precautions on your mobile phone as you would on your computer when using the Internet. Sursa: FBI Warning : New Malware attacking Android smartphones | THN Security and Hacking News

Windows 8 is the first operating system from Microsoft to support alternative non-biometric authentication mechanisms such as Picture Password and PIN. A vulnerability discovered by a password security vendor - "Passcape" in Microsoft’s Windows 8 operating system that it saves a log on password in plain text and allows any user with admin rights to see the password details. In September, though, some drawbacks of the new authentication method were reported by Passcape Software. The picture password had seemed invulnerable, because whoever tries to guess it must know how and what parts of the image to choose, and in addition, the gesture sequence. However, security experts from Passcape discovered that such a unique password is based on a regular account. A user should first create a regular password-based account and then optionally switch to the picture password or PIN authentication. Notably, the original plain-text password to the account is still stored in the system encrypted with the AES algorithm, in a Vault storage at %SYSTEM_DIR%/config/systemprofile/AppData/Local/Microsoft/Vault/4BF4C442-9B8A-41A0-B380-DD4A704DDB28. "Briefly, Vault can be described as a protected storage for user's private data. Windows Vault emerged with the release of Windows 7 and could store various network passwords. In Windows 8, Vault has extended its functionality; it has become a more universal storage but at the same time lost its compatibility with the previous versions. Thus, the 'old' Vault implements a custom password protection. While in Windows 8, it seems, this feature is frozen and it uses DPAPI-based protection only. Windows Vault is used by other applications as well. For example, Internet Explorer 10 uses it to store passwords to websites." described by researchers. Any local user with Admin privileges can decrypt the text passwords of all users whose accounts were set to a PIN or picture password. In this regard, the picture/PIN login cannot be considered the sole reliable means of ensuring data security against cracking. Experts warned that users should not only rely on the security of the picture password. It is difficult to break, they agreed, but it is necessary to take additional measures to protect the original text password. Sursa : Windows 8 Security flaw : Logon Passwords Stores in Plain Text | THN Security and Hacking News

Mi se pare ciudat sa vina pestii la un circuit, unde mai e placerea pescuitului? Nu mai bine ii curentezi ii "pescuiesti"?

Ce zic clientii cand iti vad limbajul si calitatile lingvistice? Nu inspiri seriozitate.

CSRF-ul ala era fixat de mult timp, a fost facut un bypass la el , atata tot , au fost destule dati in care au venit useri pe chat si ne-au intrebat diverse lucruri, daca stiam le raspundeam totul ok, poate nu vrem sa ne dam id-uri-le de Yahoo, putem fi arsi din neatentie mai urat decat pe chat (CSRF). Era o modalitate utila de a ne intalni, asa pe Yahoo pana ne adunam una alta, dureaza ceva. Multumim ca ai pus chatul inapoi!

Voturile au fost fraudate.

Era o modalitate buna de a comunica, de a schimba ganduri si de a face caterinca. Vreti chatul inapoi? Votati! Daca nu se incadreaza la cosul de gunoi vreau mutarea lui la cele mai penale posturi, multumesc.

Low balling - tipic romanesc, informeaza-te si tu, cu cat sunt mai putine cifre cu atat creste pretul, alea din 2003 se dau cu multi bani chiar si cu 2-3 jocuri vai de mama lor pe ele. Vrea din 2003 pentru ca atunci s-a lansat primul client (12 septembrie), nu fiti fraieri sa-i dati asa ceva ca sa va faceti o parere despre pret a se vedea: Deci costul lor variaza de la 500-800 de dolari.

Merge ma, acum sunt in PC la ea.

Daca te cauta cineva la cancelarie maine, sa stii ca suntem noi. //LE: In pizda ma-tii ai uitat romana? //Opreste-ne. //Nu vin, venim, nu o sa iti dai seama ce te-a lovit.

Daca ai continutul in limba romana e ok ro, dar din cate am mai citit e cam tld-ul in sine, aici sigur te poate lamuri ElChief

Daca alegi domeniu .ro din start ti-ai stricat combinatia.

Am eu cu cinci cifre din 2005, cat dai? Are CS GO , CS 1.6 , Source, Modern Warfare 2 si inca cateva indie games.

In caz ca-si sterge toate conturile -> Vezi Profil: A l e x - Passat FORUM ... das Auto Telefon : 0768.009.548 - 0755.016.112 Interese None Really Driving Around, Clubbing, Smokeing Weed Dante's Inferno, Conspiracy of Fools Radio Killer

https://www.youtube.com/watch?v=8cYaQ93QkUo

Codul acesta este pentru S3 si parca S2.

Tu chiar nu intelegi? Rootkiturile nu pot fi detectate, costa mult si sunt la fel de puternice, nici antivirusul tau besinos nu le poate scoate, te depaseste.

Daca vreti sa vedeti care sunt valide faceti un script care sa caute toate adresele pe facebook -> daca are profil inseamna ca exista, stiu ca o sa ziceti "si daca nu are?" nu stiu inca persoane care n-au facebook. Sau alta idee, le bagati sa vedeti daca au avatar, alea care au avatar -> sunt valide, celelate nu.

Ai rootkit ring3 daca stii ce e ala, e persistent in sistem, poti sa stergi si 100 de troieni.

Inca mai ai RAT in PC, ba chiar avem si cookieurile tale. Try harder!

Ti-am simtit lipsa.

Este o "aplicatie" perfecta pe care o recomand tuturor celor care vor sa invete sqli. Daca dati cu SQLMap si Havij in ea, sunteti... degeaba!

sunt inca activ.

E mai usor ca metoda ta, deci te complici cu baietii astia.