Matt

Asta cu numarul postului este o idee cretina care vine doar de la oameni cretini.(no offence) Nu numarul posturilor e important, ce e asa rau pentru unii ca fac altii posturi? E treaba lor unde posteaza , o data ce e sectiunea acolo inseamna ca nu e nimeni impotriva la a ura bine venit userilor.Nu iti place, nu intri.Simplu.Lasa ca e mai misto sa faci 100+ posturi la Fun Suff.

Cyber criminals are renting UK-based malware hosts for as little as $240 per 1,000 machines, according to security firm Webroot. Webroot researcher Dancho Danchev reported uncovering a cyber black market that rents access to location-specific compromised hosts in a public blog post. "The service is currently offering access to malware-infected hosts based in Russia ($200 for 1,000 hosts), United Kingdom ($240 for 1,000 hosts), United States ($180 for 1,000 hosts), France ($200 for 1,000 hosts), Canada ($270 for 1,000 hosts) and an international mix ($35 for 1,000 hosts), with a daily supply limit of 20,000 hosts, indicating an ongoing legitimate/hijacked-traffic-to-malware-infected hosts conversion," read the post. Webroot manager George Anderson, told V3 the news is troubling as the malware-hosting stations can be used for a variety of harmful purposes. "Compromised hosts are basically owned. They can be used by the cyber criminal for any activity that will make them money: as a spam relay, as spear-phishing of the host's friends, as a Command and Control point, or a relay to steal the host user's identity, their banking and financial access credentials. The list is pretty much inexhaustible," he said. "The reason why spam botnets are commonly used is because they can be easily hidden on the host and can equally easily use the host as a launch platform for further compromises or to build botnets. Botnets can then be used to launch distributed denial of service (DDoS) attacks, where seemingly legitimate traffic floods a website to make it inaccessible to others – which is a major business loss for any company operating online." He added that the location-based offering also means criminals renting the hosts can improve their schemes' profitability. "Criminals are pricing hosts by location because it's an indication of an ‘economic value' of the host. For instance a US citizen will generally be better off than a Russian citizen, therefore targeting that host or using that host to mine others in that region (for example grabbing the email addresses of a US person's compromised host to then compromise their friend's PCs too) will most likely lead to a specific financial gain," he said. Danchev said the location-based offering is likely designed to help differentiate the criminals' rental services from other similar black marketplaces. "Today's modern cybercrime ecosystem offers everything a novice cyber criminal would need to quickly catch up with fellow or sophisticated cyber criminals. Segmented and geolocated lists of harvested emails, managed services performing the actual spamming service, as well as DIY undetectable malware-generating tools, all result in a steady influx of new (underground) market entrants, whose activities directly contribute to the overall growth of the cybercrime ecosystem," wrote Danchev. Cyber black markets selling attack tools and services have been a growing problem for the security community. For years numerous vendors have reported seeing a growth in the number of illegal online marketplaces selling attack tools and web user account passwords. Webroot researchers also discovered thousands of Twitter and Skype user account details for sale on a Russian cyber black market in April. Source V3.CO.UK

Government agencies such as GCHQ and NSA are outsourcing their requirements to private security firms to boost their cyber capabilities, according to F-Secure. F-Secure chief research officer Mikko Hypponen (pictured left) reported uncovering evidence that the NSA's Tailored Access Operations (TAO) unit and GCHQ are outsourcing missions to third-party security companies. "One thing I've been doing for the past two years is finding where they get their expertise from. Do they recruit in house and train? Do they go to universities?" he said. "I found these job posts listing experience with ‘the Forte Meade customer' as a necessary skill. The Forte Meade customer is the NSA." Hypponen confirmed to V3 that he has seen similar job posts for roles with the UK GCHQ and several other government intelligence agencies. He added that the trend is unsurprising and is simply a sign that agencies are suffering the same effects of the ongoing cyber skills gap as private industry. "It's no wonder they're outsourcing, because they can't build or find the skills inside. If you want to have a good cyber offensive capability you need a new arsenal of exploits. You need a fresh supply of weaponised exploits, which builds a demand in the market," he said. A lack of skilled cyber security professionals is an ongoing concern within Europe. Within the UK the government has listed plugging the gap as a key goal of its ongoing Cyber Strategy. As part of the strategy, the government has launched several education-focused initiatives designed to increase the number of young people training to enter the information security industry. Initiatives have included the creation of new higher education centres, apprenticeship schemes and open challenges. Most recently the UK GCHQ has launched a Can You Find It challenge to help find and recruit the next generation of cyber security code experts. Hypponen said the outsourcing is troubling as it sheds further doubt on intelligence agencies' ethics, which have come into question since the PRISM scandal. The PRISM scandal broke when whistleblower Edward Snowden leaked confidential documents proving the NSA was gathering vast amounts of web user data from tech companies such as Google, Facebook, Microsoft and Apple. Since word of the scandal broke the NSA has attempted to downplay its significance and justify its PRISM operations, claiming its agents looked at just 0.00004 percent of global web traffic. Hypponen dismissed the NSA's arguments, claiming there is no justification for PRISM. "As the leaks came out they tried to explain ‘they're just monitoring the foreigners', which concerned me. I'm a foreigner. But then they said it's nothing to worry about as if it's not foreigners its part of the War on Terror. But then it emerged they'd targeted the EU. It's very difficult to list spying on an ally government department as being part of the War on Terror," he said. "The next justification was ‘everyone's doing it' and this is no different. But it is different, as no country has the visibility the US does. How many businesses use US-based companies' systems? There used to be some people using Nokia, but that's been sold to the US. Skype used to be trusted but its been sold to the States. All the world is using a US-based cloud system that the US government has a legal right to. It's not the same." The F-Secure chief added that the NSA's behaviour is doubly troubling as it has tarnished two of the most positive technology innovations of the age. "The two greatest tools of our time have been turned into government surveillance tools. I'm talking about the mobile phone and the internet. George Orwell was an optimist. This is what's happened." Hypponen is one of many security experts to slam the NSA over PRISM. Renowned cryptographer Bruce Schneier attacked the NSA in August over its treatment of former anonymous email service provider Lavabit, claiming the agency has "commandeered the internet". Lavabit was an anonymising mail tool used by Snowden. Lavabit owner Ladar Levison shut the service down earlier this year claiming unspecified requests from the NSA meant continuing the service would inevitably force him to commit crimes against the American people. Source V3.CO.UK

The failure of online services such as Facebook, Twitter and Dropbox, to adequately test their security before launching helped to ignite the current cybercrime boom, according to F-Secure. F-Secure web reputation service expert Christine Bejerasco claimed the rise of online services such as Facebook led to a renaissance in cyber criminals' malware development and distribution practices, during a briefing attended by V3. "The internet is becoming very dynamic. More than ten years ago it was mainly meant for consuming content. Malware during those times was pretty simple: they'd attack the website, load [malware] onto it so people would get infected. The problem during those times was that hosting was quite expensive, so there weren't a lot of malicious websites. Those days are gone," she said "The renaissance period came when blogging became normal, this really gained momentum when websites like Facebook and Dropbox arrived. it also helped when HTML5 came and made it so anyone could post anything, anytime they wanted." Bejerasco said the platforms drew criminals' interest, offering them new and easy ways to host and spread malware. "This was actually a pretty good thing, as it opened up the internet. This has made us enter the age of empowerment on the internet – any individual can use any interface at their disposal to post and consume information online," she said. "But lets say you're a newly minted bad guy and you want to start your career online. A simple search will show you what you need and lead you to these platforms. These guys are benefiting from this seemingly free way of posting information online." She said social media sites are particularly useful tools for criminals, as they offer a variety of benefits to attackers. "A lot of the bad guys like to play on social media sites," she said. "The audience is already there and these social platforms are powered by very powerful programme interfaces that allow the user to automate what they do. So for example, a bad guy doesn't even have to create a real profile anymore he can just go in and create a bot to do all his nasty tricks." Bejerasco said services including Dropbox are also useful to criminals as they offer a free way to store malware and make it easier for them to drop payloads into infected sites or machines. "File hosting Dropbox is one of those malware favourites. What a usual Trojan does when it gets into the system is just pull their payload from Dropbox into the system so they don't have to host their website." The F-Secure expert cited criminals' use of the free web services as proof that software and web service providers need to build their products with security in mind from the start. "There is a responsibility for these guys to get secure when they get this big. Facebook in particular has been getting better in recent months," she said. "But the problem now is the bad guys are always looking for the next hit. They [Facebook and Dropbox] started in garages and that is amazing, but now you have to know the moment you launch the bad guys are going to come into your playground." Bejerasco's comments follow widespread warnings from the security community to businesses that using free web services – such as Gmail, Facebook and Twitter – leaves them open to attack. AVG's SMB general manager Mike Foreman also told V3 that the use of the free services is leaving many small-to-medium-sized businesses one cyber attack away from bankruptcy. Source V3.CO.UK

After a botched software update over the weekend, Apple re-released version 6.0 of its Apple TV product last night, replete with the requisite bells and whistles but not without a slew of security updates and bug fixes. 57 bugs in total are addressed in 6.0; the third update the digital media receiver has gotten this year and the first since March. Most of the patches prevent unexpected application termination and arbitrary code execution that can result when viewing or opening malicious PDF files and movie files on the system. Two kernel issues discovered by Stefan Esser that could exploit an information disclosure issue and a memory corruption issue in Apple TV and lead to either privilege escalation or unexpected termination are also fixed by the update. Several flaws addressed in last week’s iOS 7 update also figure into the 6.0 update, including a denial of service bug discovered by Marc Heuse in 2011 involving specially crafted IPv6 ICMP packets and separate issues in the libxslt and libxml libraries. 24 of the 57 bugs were discovered by researchers with Google, 20 of those coming from researchers with the company’s Chrome Security Team. 37 of the 57 bugs deal with memory corruption issues in WebKit and were also discovered by noted Chrome researchers like Sergey Glazunov and miaubiz. The update was initially pushed to users on Saturday but pulled on Sunday after some users reported the update “bricked” their device and rendered them unusable. Multiple complaints on Apple’s support forums claimed the software update was slow to download and that when it was finally installed, triggered some users’ libraries to disappear. Users that ran Apple TV 5.3, the most recent build of the software, were reportedly unable to install 6.0 after Apple took the update down until last night. The update also includes a bunch of Apple-branded features like iCloud Photos and Videos and iTunes Radio and AirPlay from iCloud – software that gives users the functionality to stream previously purchased content from iTunes to other Apple TVs. Source Threatpost.Com

In case it wasn't clear before, a Google decision has shown the writing is on the wall for plug-ins such as Java and Silverlight that for years have been used to extend what browsers can do. Starting in January 2014, Google will ban all but the most widely used browser plug-ins in favor of programming methods that use standards built directly into the Web, Chrome security engineer Justin Schuh announced in a blog post Monday. And those plug-ins will be barred "over the coming year," he said. Most Chrome plug-ins (not to be confused with the lighter-weight add-on option called extensions) use a technology that predate Google's browser by years: the Netscape plug-in application programming interface, or NPAPI. Chrome, unique among browsers, has a second interface called Pepper (PPAPI) that isn't affected by the change -- and that's how Google connects Adobe Systems' Flash Player, by far the most widely used plug-in. "The Web has evolved. Today's browsers are speedier, safer, and more capable than their ancestors," Schuh said. "Meanwhile, NPAPI's '90s-era architecture has become a leading cause of hangs, crashes, security incidents, and code complexity. Because of this, Chrome will be phasing out NPAPI support over the coming year." The move is the newest step to move beyond an earlier era of browser development, when Internet Explorer 6 ruled the roost and much online innovation moved to plug-ins such as Flash Player. Microsoft already banned most plug-ins from Internet Explorer when running in Windows 8's newer touch-focused interface. The company said it will "temporarily whitelist" these popular plug-ins on Chrome to run through NPAPI starting in January 2014: Silverlight (which Google said was launched by 15 percent of Chrome users in the last month, though not necessarily used by them) Unity (launched by 9.1 percent) Google Earth (9.1 percent) Java (8.9 percent) Google Talk (8.7 percent) Facebook Video (6.0 percent) And of that list of most-popular NPAPI plug-ins, Java is already blocked by default for security reasons. Microsoft chose to enable Flash Player in Windows 8 through an exceptional procedure. Google also gets some special favors of its own, Google's PDF reader and Native Client plug-ins also use the Pepper API. Source CNET.COM

To reduce online piracy Google has implemented several changes to its search engine in recent years. Among other things, the search engine blacklisted dozens of piracy-related terms from appearing in its Autocomplete and Instant services. Both ‘BitTorrent’ and ‘uTorrent’ were included from the start, but TorrentFreak has learned that Google recently unbanned these keywords, resulting in a sharp increase in search traffic. For two years Google has been filtering “piracy-related” terms from its ‘Autocomplete‘ and ‘Instant‘ services. Google users searching for terms like “The Pirate Bay”, “RapidShare” and “isoHunt” will notice that no suggestions or search results appear before they type in the full word. While no webpages are removed from Google’s index, there is sharp decrease in searches for these terms. What triggers a keyword to be included in the blacklist is not clear. A Google spokesperson told TorrentFreak two months ago that they remove terms that are “closely associated with piracy” without providing further details. The full list of banned words also remains secret, but we do know that the search terms BitTorrent and uTorrent were included from the start. Both words are trademarks of San Francisco-based BitTorrent Inc. and the company was rather disappointed that Google labeled them as “piracy related.” Over the past several months BitTorrent Inc. has continuously emphasized that BitTorrent does not equal piracy, and a recent upgrade to Google’s search filter show that this effort has paid off. Both BitTorrent and uTorrent are now absent from Google’s piracy filter and as a result searches for both terms spiked, resulting in an increase in visitors to the respective sites. “This is almost certainly a result of that improving understanding helped by products like BitTorrent Bundle and BitTorrent Sync. They help those who are confused about BitTorrent understand that it is not a piracy website,” a BitTorrent Inc. spokesperson told TorrentFreak. Google searches for BitTorrent As far as we’re aware this is the first time that Google has removed terms from its search filter. Interestingly, Megaupload still remains blocked even though the site has been offline for nearly two years. Unfortunately the reasons to include or remove certain terms remains a mystery. Recently Google added the name of the popular music streaming service Grooveshark, which has had its fair share of legal troubles in recent years but is currently licensed by several of the major labels. While some people worry about possible over-blocking, the copyright holders have been arguing the opposite. Just last week the MPAA released a report claiming that Google and other search engines are major piracy facilitators, and that they should step up their anti-piracy efforts. It’s now up to Google to find a balance between these two forces, which may prove to be quite a challenge. Update : added a comment from BitTorrent Inc. BitTorrent returns to autocomplete Source Torrentfreak.Com

At CES this January, Jeff Ravencraft, the president and chief operating officer of the USB Implementers Forum USB-IF), told The Reg that the unfortunately named "SuperSpeed" USB 3.0 would double its throughput from 5Gb/sec to 10Gb/sec in its 3.1 incarnation. We recently sat down with him again and saw it in action. The demo was conducted using a Fresco Logic–developed, FPGA-based, USB 3.1 prototype controller board connected not to a storage device, but to DDR memory. Why not an SSD? "Because there are no solid-state drives that are at that level yet," Ravencraft explained. With this setup running the ATTO Disk Benchmark, USB 3.1 transmitted large packets at up to 900MB/sec – and this using a spec that was just released in July. "With USB 3.0 at five-gig," Ravencraft said, "you'd typically see, at the high end, around 450 megabytes. So here we are, eight weeks out, and we're already showing double that." According to Ravencraft, USB 3.1 will "easily deliver" up to 1.2GB/sec when it's fully tuned and productized, speed that will be capable of delivering uncompressed 4K video. "We think we'll see real products that you can buy in a retail store probably in the market for the holiday season next year," he told us. Speaking of "real products", Ravencraft proudly pointed to the fact that there are now over 1,000 certified USB 3.0 products in the market, and said that the analyst group MRG estimates 700 million individual SuperSpeed USB–enabled devices – certified and uncertified – will be shipped in 2013, and that shipments will grow to around 2.2 billion by 2016. MRG sees this as bad news for Intel's baby, Thunderbolt. "Thunderbolt suffers extensively from a pricing problem," they write. "The cost to add Thunderbolt to a notebook computer remains exorbitantly high when compared to the costs for adding USB 3.0 to the same notebook." The reason is simple. Intel's Thunderbolt controller chips currently cost around $10 apiece, and USB 3.0 has been integrated into all of Intel's consumer chipsets since 2012. "Another important factor to consider," MRG writes, "is that Thunderbolt cables, while having declined in price since launch, still retail for about $30 each. Essentially all of this means that when a consumer is faced with a choice between buying an external hard-drive with Thunderbolt or USB 3.0, the USB 3.0 device should have a significant price advantage." In addition to the USB 3.1 demo, Ravencraft also discussed the USB-IF's new Media Agnostic (MA) USB effort, which will allow wireless devices and docking stations to communicate using the USB 2.0, 3.0, and 3.1 protocols without a physical connection. MA-enabled devices could communicate over 60GHz WiGig, 2.4GHz and 5GHz Wi-Fi, and WiMedia ultra-wide band radios operating between 3.1GHz and 10.6GHz. In point of fact, being media agnostic, MA could operate on essentially any other applicable existing or future type of media – even a good ol' Ethernet cable, should that usage model make any sense for your application Source TheRegister.Co.Uk

The FBI's Internet Crime Complaint Centre (IC3) has warned businesses to be wary of new malware called Beta Bot capable of disabling antivirus programs. The IC3 issued the warning in a public blog post, confirming that it has seen the malware used to target a variety of organisations. "The FBI is aware of a new type of malware known as Beta Bot. Cyber criminals use Beta Bot to target financial institutions, e-commerce sites, online payment platforms, and social networking sites to steal sensitive data such as login credentials and financial information. Beta Bot blocks computer users' access to security websites and disables antivirus programs, leaving computers vulnerable to compromise," read the warning. The intelligence report added that the malware usually looks to trick users into downloading it by masquerading as a legitimate Microsoft Windows message, asking the user to allow the "Windows Command Processor" to modify the user's computer settings. The FBI's IC3 said it has also seen incidents of the malware spreading via USB sticks and Skype, and that it can steal a variety of data from the infected machine. "If the user complies with the request, the hackers are able to exfiltrate data from the computer. Beta Bot is also spread via USB thumb drives or online via Skype, where it redirects the user to compromised websites," read the post. On the upisde, the FBI security centre said there are steps victims of the Beta Bot malware can take. "Remediation strategies for Beta Bot infection include running a full system scan with up-to-date antivirus software on the infected computer," read the report. "If Beta Bot blocks access to security sites, download the latest antivirus updates or a whole new antivirus program onto an uninfected computer, save it to a USB drive and load and run it on the infected computer. It is advisable to subsequently reformat the USB drive to remove any traces of the malware." Since the IC3 report went live, many security firms have questioned whether the malware is new. Russian security firm Kaspersky reported that Beta Bot was actually discovered at the start of the year and is often thought of as a low-level threat, leaving it unclear why the agency is making such a fuss about it. "While the FBI refers to Beta Bot as new, the malware surfaced at the beginning of the year as an HTTP bot and later expanded its capabilities that spring," said Kaspersky's blog post. "Beta Bot was never thought to have been as sophisticated as Trojans designed specifically for bank fraud, so it's unclear if the FBI's warning coincides with a new rash of Beta Bot infections or a new set of technical capabilities for the malware." Banking-focused malware is an ever-present problem facing the security industry, with criminals creating increasingly sophisticated attacks. Earlier this month Trend Micro researchers detected evolved versions of the notorious Citadel banking Trojan targeting Japanese computer users. Source V3.CO.UK

Pregateste sapunul.

Te rog sa nu mai iesi din vagauna.

Ce de posturi - si eu care ma gandeam ca aici s-a postat vreun tutorial ceva.

Rosia montana, maidanezi, politica.Interesant.

AMUZANT dar nu prea, zau.

Salut Tinkode.

Prea tare !

Propun sa facem un poll cu subiectele Caini maidanezi gen d33nis si Rosia montana.Vedem ce iese si trimitem la parlament.

Asta ne da noua sfaturi de eutanasieri.

Trebuia sa apara un retardat sa devieze de la subiect si sa posteze cacat.

Nu te supara dar cateodata trebuie sa stim sa facem si business.

Citesc threadul si constat ca unii sunteti cu adevarat cretini. 1.Cainii vor fi castrati. - O foarte mare prostie.Daca ii castram asta inseamna ca nu ne mai musca ? Cineva spunea ca domne ii castram si in 10 ani dispar toti ca nu fac pui.Bine, asta ce inseamna ? Ca timp de 10 ani de la castrare nu ne mai musca? Sau trebuie sa fim muscati timp de 10 ani si apoi scapam de ei. 2.Adaposturi pentru caini. - Noi n-avem bani pentru salarii si vrem sa dam bani pentru adaposturi pentru caini.Bun, facem adaposturi ii punem pe toti, daca raman aia fara bani ce le mai dau cainilor sa manance? Copii ? 3.Adoptarea de caini - Vine o nebuna si vrea 10 caini sa ii ia acasa.De unde stiu eu ca dupa ce ii adopta nu le da drumul in fata blocului ? De unde stiu eu ca acea nebuna care vrea 10 caini e in stare sa aiba grija de acesti 10 caini? Stiu ca unii dintre voi sunteti frustrati ca v-ati pierdut 10 lei la salariu dar nu mai dati vina pe guvern pentru orice cacat.Sa iesiti in strada pentru legi de invatamant n-ati iesi, dar sa salvati niste caini da. A - si inca ceva, tot din cauza noastra am ajuns sa avem atatia caini pe strada.Romanu' prost de la tara ce zice, lasa ba ii duc la marginea orasului , se gaseste careva sa le dea de mancare.Usor,usor , unul azi , altul maine si se umple orasul.Nu am nimic cu animalele dar e singura solutie.

RSP who?

https://rstforums.com/forum/invitatii-trackere.rst

Nytro you're really bad boy.

Actualizarile abordeaza vulnerabilitati care ar putea permite atacatorilor sa compromita computerele Marti, Adobe a lansat actualizari de securitate pentru Flash Player, Adobe Reader si Shockware Player, pentru a remedia vulnerabilitati critice care ar putea permite atacatorilor sa preia controlul asupra sistemelor care ruleaza versiuni vulnerabile ale acestor programe. Actualizarea Flash Player abordeaza patru vulnerabilitati de corupere a memoriei, care ar putea conduce la executarea arbitrara a codurilor. Actualizarile sunt versiunile nr. 11.8.800.168 pentru Windows si Mac OS X, 11.2.202.310 pentru Linux, 11.1.115.81 pentru Android 4.x si 11.1.111.73 pentru Android 3.x si 2.x. Utilizatorii Google Chrome si ai Internet Explorer 10 pe Windows 8 vor primi in mod automat actualizarile pentru plug-in-ul Flash Player al acestor browsere, prin intermediul mecanismelor de actualizare respective. Aceleasi vulnerabilitati Flash Player au fost remediate in Adobe AIR, un runtime pentru aplicatii internet bogate care, de asemenea, incorporeaza Flash Player. Adobbe a lansat versiunea 3.8.0.1430 a AIR si AIR SDK (software development kit) pentru Windows, Mac OS X si Android. Noi versiuni ale Adobe Reader si Adobe Acrobat XI si X au fost lansate pentru a aborda opt vulnerabilitati de executare a codurilor arbitrare. Utilizatorii Adobe Reader sau Acrobat XI pentru Windows si Mac OS X sunt sfatuiti sa faca upgrade la Adobe Reader XI (11.0.04) si, respectiv, la Adobe Acrobat XI (11.0.04). Adobe Reader si Acrobat X pentru Windows si Mac au fost, de asemenea, actualizate la versiunea 10.8. Adobe Shockwave Player, o aplicatie necesara pentru afisarea continutului online creat cu software-ul Adobe Director, a fost actualizata la versiunea 12.0.4.144 pentru Windows si Mac, pentru a remedia doua vulnerabilitati de corupere a memoriei, care ar putea conduce la executarea arbitrara a codurilor. Desi nu atat de popular precum Flash Player, Shockwave Player este instalat pe 450 milioane de desktop-uri cu conexiune internet, potrivit statisticilor Adobe, ceea ce, probabil, face din aceasta aplicatie o tinta atractiva pentru atacatori. Source : Computerworld - IT news, features, blogs, tech reviews, career advice