Matt

Microsoft has gone public with a prototype HTTP/2.0 server. The server is designed to implement the version 4 HTTP/2.0 implementable draft published by the IETF earlier in July. The idea, according to IETF HTTPBIS chair Mark Nottingham, is that progressive implementations of HTTP/2.0 will feed back into the standard. “We're working on proposals in code as well as text … we're likely to have several such implementation drafts that progressively refine the approach we're taking”, Nottingham is quoted as saying. Redmond says there will be a wide range of HTTP/2.0 implementations from various working group participants, with interop testing planned in August. Redmond is using a C#-based open source Web stack called Katana server as the basis of its implementation. In the blog post announcing the implementation, MS Open Tech says the protptype supports header compression and stream multiplexing. The MS Open Tech implementation also supports the TLS-based ALPN (Application Layer Protocol Negotiation), the HTTP Upgrade mechanism negotiation mechanism, and direct HTTP/2.0 connections. Testers will be able to point their implementations at endpoints published at Microsoft's cloudapp.net service, although at the time of writing, the addresses identified (http://http2katanatest.cloudapp.net:8080/ and https://http2katanatest.cloudapp.net:8443) were not live. The idea of HTTP 2.0 is to slim-down the ubiquitous Web protocol to get performance improvements that you can't get merely by slinging more bandwidth at the problem: reducing the application layer latency by cutting amount of to-and-fro between client and server, and supporting request multiplexing. MS has the test code at github, here. ® Sursa TheRegister.co.uk

Back on 12 July, world media uncovered a minor sensation: Russia's Federal Protective Service (aka Federalnaya Sluzhba Okhrany, ??????????? ?????? ?????? or FSO in English) had issued a tender for typewriters to help keep its secrets, presumably since a typewriter can't be hacked. As the tender came to light not long after Edward Snowden started divulging secrets, dots were joined to suggest Russia's intelligence services were moving to a pre-PC world to enhance security. A little delving into the tender, however, suggests to The Register that typewriters never went away at the FSO. Here's one example of the story, from The Guardian, which put it this way : That story is still circulating, picking up various embellishments along the way, but something occurred to Vulture South: as far as we could tell, none of the stories in the Western media directly referenced any primary source. The story referenced by The Guardian is here at Izvestia, or if you don't read Russian, here. (Either the original or the translation carries a howler, by the way, setting the value of the contract at 486 million roubles, rather than 486 thousand roubles.) That, however, is merely a story about a tender that appeared on the government's official tender site. Finding the tender took more work, but thanks to a Russian-speaking friend of The Reg it eventually turned up here (Google translation). So what is The Register able to report, having found the original tender? We can confirm that the FSO tendered for typewriters. The tender asks for 20 of them, as reported. We can also confirm that the tender was issued after Ed Snowden's revelations. But the tender documents, so far as we can tell after relying on web-based translation services, don't mention typewriters as being acquired to enhance security. Reports suggesting this is the case only come from Izvestia, which says it has sources for the allegation. There is no such discussion in the tender documents, which do contain remarks saying the FSO won't accept electronic tenders. Might that have been conflated into the security angle? We also know the tender has been won, by one "Marina V Zaika, solo entrepreneur". Sshe's done very nicely out of it: at 486,000 roubles for the whole contract, she'll reap a cool 24,300 roubles for each machine. From our quick perusal of European office equipment sites, the Twain T180's street price is currently around 125 Euros apiece, or about 5,500 roubles. Perhaps the inflated price recognises that new Twain T180s might be hard to come by, a suggestion we make because the tender demands that they not have been manufactured prior to 2012. Consumable clues Another reason for the amount of cash on offer is that the tender also suggests, contrary to the widespread impression that the FSO is “reintroducing” typewriters, that they never completely went away. How can The Register say this with certainty? Because the tender also seeks ribbons and correcting tape for a completely different model of typewriter from another manufacturer. That model for which the ribbons are sought is the Olympia “Comfort”. Over at Olympia's site, the "Comfort" isn't mentioned as a product still on sale (but we are willing to concede the "Carera De Luxe might translate as "Comfort". Since the tender isn't trying to buy Olympia machines but does seek consumables, we conclude the Comfort is already used within the FSO. Perhaps the agency has used typewriters for years as a secure means of communications and, in a post-Snowden panic, has decided it needs more? Whatever the reason, the amount of consumables ordered isn't huge, and certainly not enough to see the FSO paying street price for the typewriters it wants. For now, all we have conclusive evidence for is that the FSO is willing to pay a premium for some new Triumphs. That seems, to The Register, to warrant investigation on grounds of wasteful procurement alone, but regrettably The Reg lacks a Moscow bureau … ® Sursa TheRegister.co.uk

Nato has called for military and private industry to recruit more ethical hackers, listing their skills as an essential weapon in its ongoing anti-black hat war. Nato deputy assistant secretary general Jamie Shea issued the statement in video review exploring the ethical hacking community. He said: "In order to have a defence you need to have a much wider group of people with a much broader set of skills working for you than as in the old days when we were talking about the man from the ministry with a set identity. That's not the case anymore." A Nato spokesman added in the video that the community is currently an under-tapped source that could help temporarily plug the global cyber skills gap. "Traditionally, ethical hackers, known as white hats, have disclosed security bugs for free and many continue to do so just for the prestige. But with industry and governments around the world looking to beef up their cyber defences, ethical hackers can now have the pick of jobs in a booming industry." The spokesman added that companies and governments must work to create an ethical disclosure culture making financially – as well as legally – advantageous for bug hunters to responsibly report vulnerabilities. The news was welcomed by private security expert Graham Cluley, who mirrored Nato's sentiment in a blog post. "The risk associated with a security exploit being sold to the highest bidder, of course, is that the average user doesn't necessarily get protected. Instead, details of the flaw may never be exposed to the software vendor, giving others an opportunity to abuse it for their own financial or intelligence gain," he wrote. "Clearly that is something the Nato video is concerned about, and it takes pains to interview hackers who believe in responsible disclosure of bugs to vendors, giving the manufacturer time to fix the problem before details of the bug are made public. With the stakes rising all the time, it's no wonder that more people are wondering whether a career in IT security might be a good choice for them – either as a defender, or as a bug hunter." Nato's statements follow numerous warnings that governments are failing to train the next generation of cyber security experts. Most recently the UK National Audit Office (NAO) issued a report warning that the skills gap would last 20 years, costing the UK £27bn a year. Despite the negative forecast the Nato spokesman highlighted the UK Cyber Strategy as a key positive addressing the gap. "There is a shortage of skilled IT security professionals around the world. The UK has recently launched a training and education initiative in schools and universities to address the skills gap." The Cyber Strategy was announced in 2011, when the UK government pledged to invest £650 to train the next generation of security experts. The initiative has had a heavy focus on education, setting up numerous higher education centres and apprenticeship schemes for young people looking to enter the security industry. In May the UK government pledged to invest £7.5m to create new cyber security research centres at Oxford University and Royal Holloway University London. Sursa V3.co.UK

Am inteles. Pai toata buba era ca lipsea getchar(); programul se executa dar disparea imediat.Acum am priceput.O sa trec mai departe.

Se pare ca tot eu incep cu intrebarile. Bun am urmatoarele nedumeriri. Am deschis visual studio iar dupa ce am citit inceputul cartii am scris codul de acolo cu Hello World in C++ . #include <stdio.h> main() { printf("hello, world\n"); } Problema este ca nu stiu ce trebuie facut mai departe. Apoi am deschis C# am adaugat un "Button" in Form1 - click dreapta pe el - redenumit in " Hello RST " . Dupa aceea am intrat in "Code" si am adaugat urmatorul cod : MessageBox.Show ("Hello M2G"); . Acum cand dau RUN si apast pe Hello RST se deschide un pop-up unde scrie Hello M2G. Asta cu C# seamana cat de cat cu Visual Basic cu care am mai cochetat foarte putin acum ceva ani. Problema mea este la C++ . Scriu codul insa nu este si partea grafica ? Sau cum ?

Microsoft is warning Brits who use its Bing search engine to hunt down child abuse content that they are attempting to view illegal material online. The company debuted the pop-up message on Bing in the UK following pressure from the Prime Minister David Cameron, who has been pressing internet firms to do more to help prevent access to nasty images. Microsoft said that the warning will appear when a search contains the phrases found on the Child Exploitation and Online Protection Centre's (CEOP) "blacklist". A Redmond spokesman told the BBC that the pop-up, which also provides a link to counselling service Stopitnow.org, was introduced in addition to its policy of quickly killing verified links that connect to illegal content online. "Microsoft has been, and remains, a strong proponent of proactive action in reasonable and scalable ways by the technology industry in the fight against technology-facilitated child exploitation. We have teams dedicated globally to abuse reporting on our services and the development of new innovations to combat child exploitation more broadly," he said. In a speech at a children's charity last week, Cameron attempted to capitalise on the fact that the country's big four internet service provider's will all begin filtering content at the network level from the end of this year. Smut and violence vs abuse images It hasn't helped that the two separate issues of filtering what some subscribers might deem to be inappropriate content - such as pornography and violence - and the very different problem of illegal child abuse images found online have, to an extent, been conflated by Number 10. Cameron couldn't resist talking about the "criminal challenge" (unlawful content) and the "cultural challenge" (for example: porn) of the two issues in the same speech. What in fact has happened is that the telcos - BT, Virgin Media, BSkyB - have followed in the footsteps of TalkTalk's Homesafe system, which - as The Register first reported way back in 2010 - was built by Chinese vendor Huawei. The reason for their decision to begin filtering content at the network level was a simple one: to avoid regulation. And the industry has argued that very little has changed - despite Cameron's strong-arming - since BSkyB, BT and Virgin Media agreed to make the switch over the course of the last few months. In parallel, the PM has been asking search engines to make it harder for perverts to track down disgusting and illegal content that displays child sex abuse. Yahoo! has already said that it too is considering a pop-up box like the one brought in by Microsoft. Google has no plans to add such a warning to its search engine. But it recently threw cash at the problem by donating more than £2m to the Internet Watch Foundation - an organisation that roots out sexual abuse images found online and then reports them to Ceop. Mountain View, Microsoft and other tech firms had previously donated tiny sums of money to the IWF, prior to political pressure being applied to internet players in the UK. Last week Cameron told the likes of Yahoo!, Microsoft and Google that they had a "moral duty" to help stamp out illegal content on the web. "If CEOP give you a blacklist of internet search terms, will you commit to stop offering up any returns on these searches?" he asked. "If the answer is yes, good. If the answer is no and the progress is slow or non-existent, I can tell you we’re already looking at legislative options so that we can force action in this area." Microsoft, at least, appears to be partially listening to the PM's warning, even if it's yet to outright block such material. ® Sursa TheRegister.co.uk

Symantec has plugged a series of critical flaws in its Web Gateway appliances which included a backdoor permitting remote code execution on targeted systems. The flaws, discovered during a short crash test by security researchers at Austrian firm SEC Consult, created a means to execute code with root privileges - or the ability to take over a vulnerable appliance. In an advisory note, SEC Consult Vulnerability Lab warns the flaws posed a huge spying risk to corporate users of Symantec's technology, which is designed to prevent malware and other threats from getting inside corporate networks. SEC Consult identified six vulnerabilities with the technology in total, including: cross-site scripting; OS command injection; security misconfiguration; SQL Injection; and cross-site request forgery flaws. Symantec was notified about the flaw on 22 February but only published a security bulletin last week, on 25 July. Sysadmins should update their technology to Symantec Web Gateway version 5.1.1. A vanilla statement from Symantec explained that the update was available to customers either directly or through its channel partners. Sursa TheRegister.co.uk

Dar cati vreti ma ? 10 milioane ? Omul va cere un amarat de logo la care iti ia 10 minute sa il faci.Ce pretentiosi sunteti unii , nu stiam ca se fac milioane de euro pe zi aici.

Frauda de 4,5 milioane dolari, comisa de un "Bernard Madoff" al monedei virtuale bitcoin Comisia americana pentru bursa si valori mobiliare (SEC) a dat in judecata un "Bernard Madoff" al monedei virtuale bitcoin, Trendon T. Shavers, pentru ca ar fi inselat 66 de investitori cu 4,5 milioane de dolari, intr-o schema piramidala. Investitorii provin din Connecticut, Hawai, Illinois, Louisiana, Massachusetts, Carolina de Nord si Pennsylvania, relateaza MarketWatch. Shavers, in varsta de 30 de ani, este originar din McKinney, Texas, si este supranumit "the Bitcoin Bernie Madoff". Potrivit SEC, Shavers a inselat investitorii cu monede bitcoin in valoare de 4,5 milioane de dolari, deturnand o parte din fondurile atrase in folosul propriu. El a vandut monedele virtuale pentru a-si plati chiria, cheltuielile cu masina, mesele, cumparaturile si distractiile la cazino. Moneda virtuala Bitcoin a fost lansata de Satoshi Nakamoto in 2009, pentru a fi folosita in plati electronice. Satoshi Nakamoto este un pseodonim pentru o persoana sau un grup de persoane, a caror identitate nu este publica, care a proiectat protocolul Bitcoin in 2008 si a lansat programul open-source in 2009. Valoarea unei monede bitcoin a fost anul trecut de sub 5 dolari, dar in luna aprilie a atins un maxim de 266 de dolari. In prezent, moneda bitcoin valoreaza circa 97 de dolari, iar unii analisti considera ca se indreapta spre nivelul zero. Shavers a promis oamenilor ca investitiile in bitcoin vor creste cu 7% pe saptamana, prin intermediul unor servicii de arbitraj pe care le oferea. Compania sa, Bitcoin Savings & Trust, s-a numit initial First Pirate Savings & Trust. Sursa Business24.Ro

Intai de toate trebuie sa recunosc ca titlul face tot articolul. ) Procuratura din statul american New Jersey a pus sub acuzare patru rusi si un ucrainean, care au spart retelele informatice ale unor mari retaileri, intre care Carrefour si 7-Eleven, in cea mai mare schema de hacking din istoria SUA. Procurorii din New York au inculpat intr-un caz separat pe unul dintre cei cinci, precum si pe un alt rus, pentru un alt atac informatic impotriva Nasdaq OMX Group si a 800.0000 de conturi bancare de la Citigroup si PNC Financial Services Group, relateaza Bloomberg. Barbatii au conspirat cu Albert Gonzalez, un hacker din Miami condamnat la 20 de ani de inchisoare. Inculpatii sunt Vladimir Drinkman, 32 de ani, din Moscova, Aleksandr Kalinin, 26 de ani, din St. Petersburg, Roman Kotov, 32 de ani, si Dmitri Smilianets, 29 de ani, din Moscova, si Mihail Ritikov, 26 de ani, din Odesa, Ucraina. Kalinin a fost inculpat si in cazul din New York, impreuna cu un alt rus, Nikolai Nasenkov. Cei cinci inculpati din New Jersey au conspirat "intr-o schema la nivel mondial, care a avut ca tinta retele corporatiste majore, au furat codurile a peste 160 de milioane de carduri de credit si au provocat astfel pierderi de mai multe sute de milioane de dolari", a declarat Paul Fishman, procuror sef in New Jersey. Gruparea a tintit companii care proceseaza date financiare si retaileri. "Cei cinci au operat o organizatie prolifica de hacking, care a penetrat retele IT protejate ale celor mai mari companii de procesare a platilor, de retail si institutii financiare la nivel mondial", potrivit documentelor de acuzare ale tribunalului federal din Newark, New Jersey. Ei sunt acuzati de furtul numelor si parolelor utilizatorilor, a informatiilor personale de identificare si a numerelor cardurilor de credit si de debit. In cazul din New York, procurorii afirma ca inculpatii, dupa ce au furat datele, le-au vandut unor persoane care le-au comercializat pe forumurile online sau catre niste persoane sau organizatii. Sursa Business24.Ro Si acum articolul si in engleza : Major Corporations Attacked in Historic Hacking Case | Fox Business Faceti voi diferenta.

Aplica?iile sunt la fel de invazive ?i de curioase indiferent dac? ruleaz? pe terminale cu Android sau pe cele cu iOS, iar concep?ia potrivit c?reia un sistem de operare ar fi mai sigur decât altul este gre?it?, relev? un studiu derulat de Bitdefender pe parcursul a mai bine de un an de cercetare, timp în care au fost analizate 314.474 aplica?ii de Android ?i 207.873 aplica?ii de iOS. Astfel, ecosistemul aplica?iilor gratuite pentru terminalele mobile este gratuit pentru utilizator, dar este monetizat intens de dezvoltator. Cu alte cuvinte, o aplica?ie, fie ea pentru Android sau pentru iOS, devine gratuit? doar dup? ce utilizatorul a pl?tit-o cu datele sale confiden?iale. Iar situa?ia devine ?i mai nepl?cut? atunci când plata respectivei aplica?ii nu opre?te fluxul de informa?ii extrase despre utilizator ?i nici nu ?terge informa?iile care au fost deja sustrase de pe terminal. Cu men?iunea c? indiciile din Android ?i iOS nu pot fi comparate, analiza Bitdefender se concentreaz? pe cele mai intruzive comportamente pe care dezvoltatorii de aplica?ii ar fi putut s? le includ? în produsele lor. Urm?rirea loca?iei utilizatorului este un aspect important în cazul ambelor platforme, întrucât loca?ia este adesea solicitat? de furnizorii de publicitate prin cadre ce urm?resc obiceiurile de consum ale utilizatorilor. Testul Clueful scoate la iveal? faptul c? 45,4% dintre aplica?iile de iOS au posibilitatea s? urm?reasc? loca?ia utilizatorilor, chiar dac? nu fac asta în mod explicit. Spre compara?ie, doar 34,5% dintre aplica?iile de Android analizate au aceast? capacitate. Lista de contacte a utilizatorului poate fi citit? de 7,6 dintre aplica?iile de Android, în timp ce aplica?iile iOS sunt ceva mai curioase, întrucât 18,9% dintre cele analizate sunt tehnic capabile s? fac? asta. Unele dintre cele mai importante informa?ii pentru o companie de publicitate sunt adresele de email ?i num?rul unic de identificare a terminalelor (IMEI). Aceste date pot fi distribuite unor ter?e p?r?i ?i pot fi folosite, de exemplu, pentru a trimite consumatorilor reclame adaptate în func?ie de comportamentul lor, potrivit unui raport recent al Federal Trade Commission . Aproximativ 14,5% dintre aplica?iile de Android pot transmite mai departe ID-ul dispozitivului ?i 5,7% dintre ele pot transmite emailul. Numerele de telefon sunt leg?tura dintre persoana fizic? ?i identitatea sa virtual? ?i permit corelarea informa?iilor despre comportamentul utilizatorului în cadrul aplica?iei ?i posibilitatea de a lega aceste informa?ii de persoana c?reia îi apar?in prin intermediul numelui ?i prenumelui. Aproximativ 8,8% dintre aplica?iile de Android analizate de Clueful pot transmite numerele de telefon ale utilizatorilor c?tre agen?ii de publicitate ter?e. ’’Un vechi proverb spune c? dac? nu pl?te?ti pentru un produs, atunci tu e?ti produsul vândut. Reclamele pe mobil se integreaz? în terminal, nu ruleaz? în browser izolate de alte aplica?ii. Pe mobil, sistemele de afi?are a reclamelor pot afla obiceiurile de comunicare ale utilizatorului, prietenii, contactele prietenilor, loca?ia ?i – mai frecvent – toate acestea în acela?i timp. Asta le transform? în echivalentul modern al programelor spion instalate în terminalul folosit pe tot parcursul zilei’’, a declarat C?t?lin Co?oi, Chief Security Strategist, Bitdefender. Aplica?ia Clueful, dezvoltat? de Bitdefender informeaz? utilizatorii asupra amenin??rilor legate de confiden?ialitatea datelor personale pe care ace?tia le expun la simpla instalare a unei aplica?ii. Sursa FaraVirusi.Com

Solutia de securitate pentru smartphone-urile cu sistemul de operare Android, Kaspersky Mobile Security, a castigat premiul AV-Test Certified in urma testelor independente care au avut loc in luna mai 2013. Pe parcursul testelor, specialistii AV-Test.org au evaluat eficienta cu care solutiile de securitate au identificat si blocat programele malware. Potrivit rezultatelor, solutia Kaspersky Mobile Security a blocat cu succes 99,29% din cele 2.545 de aplicatii malitioase folosite pentru in cadrul testelor. Media ratei de detectie in randul solutiilor testate a fost de 96%. In plus, solutia Kaspersky Lab nu a returnat niciun rezultat fals pozitiv. „Unele produse detecteaza numai 58% dintre fisierele malware pentru Android testate si nu au trecut de evaluare”, a declarat Andreas Marx, CEO AV-Test. „Insa, Kaspersky a obtinut cu usurinta certificarea AV-TEST, avand o rata de protectie de 99%”, a completat Andreas Marx. De asemenea, expertii au verificat impactul pe care l-au avut produsele de securitate asupra performantelor smartphone-ului. Solutia Kaspersky Lab a fost recunoscuta ca fiind economica in ceea ce priveste consumul de resurse CPU si utilizarea conexiunilor la internet. Astfel, solutia Kaspersky Mobile Security a primit punctajul maxim de 6 puncte pentru usurinta in utilizare. In cadrul testelor au fost evaluate, de asemenea, functiile suplimentare disponibile in fiecare solutie, precum protectia antifurt, protectia browser-ului, filtrele pentru mesaje si apeluri etc. Inca o data, solutia Kaspersky Mobile Security s-a numarat printre cele mai bune produse din totalul de 30 de solutii de securitate evaluate. „Infractorii cibernetici acorda o tot mai mare atentie dispozitivelor Android, 99% dintre toate fisierele malware pentru mobile fiind create pentru aceasta platforma”, a declarat Oleg Ishanov, Director of the Anti-Malware Research Unit in cadrul companiei Kaspersky Lab. „Noi depunem eforturi foarte mari pentru a mentine standardele inalte de securitate pentru utilizatorii produselor de securitate Kaspersky Lab pentru mobile. Insa, trebuie sa tinem cont de faptul ca solutia antivirus este doar una dintre numeroasele aplicatii folosite de utilizatorii de smartphone-uri. Aceasta trebuie sa asigure un nivel optim de securitate, actionand in acelasi timp foarte discret in ceea ce priveste CPU si a traficului de internet. Rezultatele acestei cercetarii AV-Test.org dovedeste eficienta solutiei Kaspersky Lab”, a completat Oleg Ishanov. Premiul AV-Test.org nu reprezinta prima ocazie cu care expertii independenti au recunoscut tehnologiile avansate de securitate ale Kaspersky Lab pentru dispozitive mobile. In luna septembrie, doua organizatii independente de testare – AV-Comparatives si PC Security Labs – au recunoscut eficienta solutiei Kaspersky Mobile Security, pozitionand-o in top in urma testelor antivirus. Pentru mai multe informatii cu privire la procedurile de testare si rezultate, vizitati AV-Test.org. Sursa FaraVirusi.Com

Here is a tale of two security research presentations, both looking at motor vehicle security in a world in which even the humblest shopping trolley now has more brainpower than a moonshot. Flavio Garcia, a University of Birmingham lecturer familiar with insecurity in car systems – here, for example, is a paper he co-authored with Roel Verdult and Josep Balasch for 2012 – has been blocked from presenting to Usenix 2013, thanks to a House of Lords injunction requested by Volkswagen. Volkswagen took exception to Garcia's intended presentation to the long-running and respected conference, entitled Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer. As The Telegraph in the UK reports, Justice Birss of the Lords decided that publication of the paper would mean “car crime will be facilitated”. Megamos is the family of RFID chips used by a number of vehicle makers. VW asked Garcia to publish a redacted version of the paper, which he declined to do. Garcia's treatment is in stark contrast to the laurels being heaped on America's Charlie Miller and Chris Valasek ahead of the upcoming Black Hat conference in Las Vegas. Their demonstration of how to interfere with on-board computers was accepted at the Vegas con after being turned down by DefCon. Miller and Valasek connect a laptop to the diagnostic ports of a Prius and a Ford Escape, and from there, show that the laptop can issue instructions to the vehicles' ECU (electronic control unit), including steering, acceleration, braking and the horn. As part of the leadup to Black Hat, snippets of their work are getting previewed left right and centre, without a lawsuit in sight. Even though the pair promise to release their source code after Black Hat, they have a key advantage over Garcia: America's First Amendment. The fact that their work was funded by DARPA doesn't hurt, especially since Miller told the BBC the work involved destroying a few cars. ® Sursa TheRegister.co.uk

Chinese PC giant Lenovo has been banned from supplying kit for the top secret networks of western intelligence agencies after security concerns emerged when backdoor vulnerabilities were detected, according to a new report. Unnamed intelligence and defence “sources” in the UK and Australia confirmed to the Australian Financial Review that a written ban was slapped on the firm almost a decade ago in the mid-2000s. The timeframe offered matches Lenovo's 2005 acquisition of IBM's PC business. Serious backdoor vulnerabilities in hardware and firmware were apparently discovered during the tests which could allow attackers to remotely access devices without the knowledge of the owner. The ban applies to various agencies in the Five Eyes alliance (UK, US, Canada, New Zealand and Australia) where such rules are normally implemented across the board given the interconnected nature of some of their classified networks, AFR said. GCHQ, MI5, MI6, the Australian Security Intelligence Organisation, the Australian Secret Intelligence Service, and the NSA were all named as participating in the Lenovo ban. However, it only applies to the most highly restricted networks and the Chinese firm remains a significant government IT provider to other government agencies in these countries. The revelations will be a concern for private businesses just as the US Congressional report on Huawei and ZTE last year which branded these Chinese firms a national security risk. It’s unclear whether the results of the government testing of Lenovo kit were ever shared with the private sector, although Lenovo’s position as the leader of the global PC market would seem to suggest not. While the company is a global publicly traded business with headquarters in North Carolina as well as Beijing, its biggest shareholder is Legend Holdings, a firm which itself is part-owned by government body the Chinese Academy of Sciences. There is also widespread suspicion in the West that even non-state owned businesses have close ties with Beijing through the ubiquitous Communist Party committees which operate within them. Lenovo's Hong Kong-based PR couldn't immediately be reached for comment, although a statement sent to AFR said it was unaware of the ban. It added : The news comes a week after former NSA and CIA chief Michael Hayden argued in an interview with the AFR that Huawei represents an “unambiguous national security threat to the US and Australia”. ® Sursa TheRegister.co.uk

Apple's developer portal came back to life over the weekend, eight days after it was allegedly taken down by a Turkish bloke. The high-fructose computer company delivered its usual non-deluge of information about just what caused it to pull the site down last week. It's being just as verbose with its news of how it was coaxed back into health and when full service will be restored. An update page , says the company is working "to bring our developer services back online” and thanks developers “for bearing with us while we bring these important systems back online. We will continue to update you with our progress.” Whatever the cause of the outage, it's sever enough to mean not all Developer services can be restored at once. Apple's Status page reports, at the time of writing, that only seven of fifteen services are live. That some of those listed as offline, such as “Technical Support”, can easily be explained by the fact this story is being written on Sunday night, Cupertino time. Not even fanboi developers want help at that time of week. That the service's forums are also down perhaps speaks of more serious problems. Also down Cupertino way, news has emerged that senior veep for technologies Bob Mansfield is headed for orchards new, and has stepped down from Apple's leadership team. Bloomberg carries a statement from an Apple operative saying he'll hang around to work on special projects. ® Sursa TheRegister.co.uk

Police are powerless to stop super-smart criminals from hacking the world's biggest companies, a top-ranking security bod has warned. Juniper Networks' security chief said there was simply no longer any point in calling the police when hackers and DDoSers came to call, because the cops can't do anything. He wants to see a world where big firms share information about potential targets and stop them before any damage can be done. Henrik Davidson, the firm's director of security, said: "The problem is too big for the authorities to handle, playing into the hands of the cyber criminals. Additionally there are complications with the global complexity that hacking presents. Who is responsible if a hacker based in Asia attacks a European company? We’ve simply reached a stage where the IT security industry needs to be able to protect itself." Davidson made the comments while telling El Reg about Juniper's new "next generation data centre security" system, which now incorporates anti-DDoS defence systems. We visited Juniper's Dutch testing lab, where they show off their latest data centre and networking technology. Amsterdam is, of course, famous for two things - and neither were on offer at Juniper Networks' Dutch outpost. Instead the big data shifting bods wanted to show off their sexy racks, although not in the way that most visitors to the city would understand. Money is not discussed in the Juniper Proof of Concept lab, where customers - and the nerdier type of journalist - come to coo over various bits of data centre gubbins. Which is just as well, because with prices stretching into the tens of thousands of euros, this is not a place for the casual shopper. Juniper told us their new data centre security system offers a four-pronged manner of repelling hackers and DDoS assaults. The system allows companies to collect the "fingerprints" of individual hackers, by building up a picture of the attacker based on 200 characteristics, including browser settings, time zone and even fonts. This allows for the blocking of individual devices, a more sophisticated form of defence than simple IP blocking. The newest part of this system is called DDoS Secure, which Juniper claims is capable not only of repelling traditional large-scale DDoS attacks, but also the newer “low and slow” attacks, which use slow, small-scale traffic to bypass security and bring down servers. DDoS Secure monitors incoming and outgoing traffic, learning which IP addresses and devices can be trusted. It can detect unusual activity from a user and then respond by blocking them. Whenever a threat at one port or other vulnerable point is identified, its details are immediately sent to other access points in order to make sure the attacker is repelled. Juniper claimed its "Active Defence" system not only worked by fending off attacks, but by identifying threats and stopping them. Davidson added: "Active Defence allows you to identify the bad guys before they attack. If you know who the bad guys are, and where they are coming from, you can make life difficult for your attackers if they try and break your defences. "Attackers can be identified by a deception point, of which there are thousands. This allows you to identify the characteristics of their device, what fonts they use, what patches they have installed and their IP address, among others. With that you can push a digital fingerprint to the cloud and share the details with partners and other vendors to ensure that more organisations do not face the same threat." According to a Juniper survey of 4,771 IT execs worldwide, 60 per cent said their systems had been attacked in the past 12 months. But the same percentage of execs were unhappy with their current defence systems, including next-generation firewalls and IP blocking. "For 40 anti-virus systems, there is only a 5% catch rate," Davidson continued. "According to William Fallon’s book The Cyber-readiness Reality Check the number of organisations under attack is close to 100%. More than a third of cyber security execs at companies with revenues greater than $100 million are unable to see an attack once it finds its way into the perimeter of their system. It’s like leaving your front door wide open when there is a burglar in the neighbourhood. "Traditional security methods just aren’t passing the test and companies don’t stand a chance as cyber-crime becomes increasingly sophisticated and more frequent." Juniper's bosses stepped down on Wednesday in happy circumstances, with the firm's profits and sales both up. ® Sursa TheRegister.co.uk

Sunt 5 forumuri de hacking in Romania? Care? Ma indoiesc.

Isi pastreaza proasta reputatie din cauza ultimelor teste.Pana sa fie publice testele de anul acesta era vazut ca un antivirus foarte bun.Oricum foarte ciudat..

Hundreds of millions stolen from biggest names in US Federal prosecutors in New Jersey say they've busted what could be the biggest credit card hacking fraud in US history, with companies such as NASDAQ, 7-Eleven, and Dow Jones falling prey to an Eastern European criminal gang. According to the indictment, the gang stole data on up to 160 million credit cards and then sold them on in underground forums so that they could be written onto blank cards and be used to withdraw funds. The losses for just three of the many companies they targeted came to over $300m, according to the authorities. "This type of crime is the cutting edge. Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security," said US Attorney Paul Fishman in a statement. "This case shows there is a real practical cost because these types of frauds increase the costs of doing business for every American consumer, every day. We cannot be too vigilant and we cannot be too careful." The five men – four Russians and a Ukrainian national – were charged with conspiracy to gain unauthorized access to computers and wire fraud, with additional charges that could see four of the five each facing an extra 120 years in prison. The government alleges that two of the Russians, Vladimir Drinkman, 32, and Alexandr Kalinin, 26, were the group's hacking team who carried out the penetration of target firms, usually exploiting SQL attacks and then installing trojan software to harvest credit card and personal information from corporate servers. The two are well known to prosecutors as former associates of cybercrime-kingpin-turned-US-Secret-Service-snitch-turned-recidivist-cyberblagger Albert Gonzalez and are thought to have been the duo behind the successful 2009 hacking of Heartland Payment Systems. Once the data had been slurped it was passed over to the team's Russian analyst Roman Kotov, 32, who identified the most valuable credit cards and the ancillary information needed to use the numbers for fraudulent traffic, the government claims. This was then passed on to Muscovite Dmitriy Smilianets, 29, for resale on undergrounds message boards, with the Ukrainian Mikhail Rytikov, 26, providing the anonymous ISP services to enable the sale. The gang sold US credit-card data ready to be slapped onto a blank card for around $10 per number, while Canadian cards went for $15, and European cards for $50 per user. The gang sold only to credentialed underground buyers, and offered volume discounts for larger buyers. Drinkman and Smilianets were arrested in the Netherlands in June 2012 after the Dutch police were tipped off by the US authorities and are currently being extradited to the US for trial. Kalinin, Kotov, and Rytikov are still at large. "As is evident by this indictment, the Secret Service will continue to apply innovative techniques to successfully investigate and arrest transnational cyber criminals," said Special Agent in Charge Mottola of the Newark, New Jersey, Field Office. "While the global nature of cyber-crime continues to have a profound impact on our financial institutions, this case demonstrates the global investigative steps that U.S. Secret Service Special Agents are taking to ensure that criminals will be pursued and prosecuted no matter where they reside." ® Sursa TheRegister.co.uk

The launch of Security Essentials sees Microsoft attempting to give Windows users an all-encompassing anti-virus, anti-spyware and anti-malware application, for free. The interface is clear and intuitive, with simple options to scan for viruses or back up and restore files. The health bar lets you know your security status and will guide you through the necessary steps when problems arise. Microsoft claims that 70 per cent of consumers do not have anti-virus software or do not keep it updated, so Essentials is specifically aimed at inexperienced users who may not have the technical know-how or time to manage a computer on a daily basis. This version Microsoft Security Essentials will only work in genuine versions of Windows. The latest Microsoft Security Essentials ships with a license that enables you to use it for free in your small business (up to ten licenses). Ideal for a home office, department or small team. Link Download : Aici

@Usr6 : Asta este posibil de foarte mult timp.Stirile de genul asta sunt doar de suprafata.Noi credem de fapt ca sunt anuntate cu rolul de a informa populatia insa nu este asa. Sunt anuntate intr-adevar de a informa dar nu pe noi ci pe cei care le sunt adversari in acest domeniu adica adversarilor americani. Tehnologia este mult mai avansata decat se spune si se anunta insa toata lumea tace si nu zice nimic.Suntem atat de mici in lumea asta.. dar asta nu inseamna ca si trebuie sa ramanem asa. Un serial de vizionat : Fringe. Foarte multe lucruri de acolo sunt valabile si in realitate, chiar foarte multe.

+ https://rstforums.com/forum/72989-rsta-1-1-intebari-raspunsuri.rst

In cadrul acestui proiect la care voi lua si eu parte pot oferi cateva licente de Microsoft Visual studio 2012 respectiv 2010. Intai de toate trebuie sa va descarcati urmatoarea aplicatie : Secure Download Manager Daca nu stiti ce este dati o cautare pe google. Acum licentele puse la dispozitie sunt pentru urmatoarele versiuni : Microsoft Visual Studio 2010 - Versiunea PRO / Premium / Ultimate : Data lui Rubaka . Microsoft Visual Studio 2012 - Versiunea PRO / Premium / : Data lui seboo00111 si xx - Aici sunt licente diferite pentru ambele variante. // PRO a fost data. Cerinte pentru a primi aceste licente : Nu prea as gasi vreuna.Eventual ma voi uita prin posturile celui care le cere si la vechimea lui.Doar atat va zic : nu va bateti joc de ele. Pentru cei ce nu prind licentele aveti mai jos cateva link-uri de unde puteti face rost de soft : Visual Studio Express 2012 : De aici puteti descarca aceasta versiune care este free. Visual Studio 2010 Professional : De aici puteti descarca aceasta versiune care este sub forma de torrent. Microsoft Visual Studio 2012 : Sub forma de torrent dar dupa un tracker romanesc. Visual Studio 2008 Express Editions : Sub forma de torrent dupa un tracker romanesc. Si acum mica recapitulare : Sunt 3 licente, care le doriti imi scrieti un mesaj privat si eu va dau ce sa descarcati apoi si licenta.Intai de toate instalati-va SDM ( Secure download Manager )

Dupa cum zice si titlul thread-ului .. "furi" si il bagi in traista.