Massaro

Salut, cred ca a mai intrebat cineva: sunt sanse sa se salveze prezentarile? Sunt la munca pana la 17:00, iar unele prezentari sunt appealing.

Lucrez la o firma micuta, dar in dezvoltare, vindem lucruri fizice, nu suntem cu software sau ceva, eu ma ocup de tot ce tine de partea de IT, iar recent am cumparat un server pe care rulam Windows Server. Momentan tot ce folosim e AD, DHCP, VPN, un DNS si am pus si un server de SAGA pe el. La vara sunt sponsorizat din partea firmei cu un curs in care sa-mi dezvolt cunostintele. Sa ajung sa pot securiza serverul cat de cat si sa cam stiu cu ce se mananca in parte. Ce cursuri, tips and tricks pentru un incepator imi recomandati?

Am lucrat la ceva de genul care functiona pe atunci. Cam acum 2 ani: faceai o mizerie de server unde le puneai binduri playerilor pe toate tastele (bind "k" "connect slo.boz" ca si exemplu), nu puneai direct connect cand intrau pe server. Sunt curios daca au blocat cum au facut-o, au bagat-o la comanda de slowhacking? Mergea pe atunci, cum am mai spus. Redirecte pe zi, nu stiu, erau peste 1000 oricum. Se merita. Era lejera toata treaba, facut si web.

Earlier this year, Citizen Lab managed to capture an NSO iMessage-based zero-click exploit being used to target a Saudi activist. In this two-part blog post series we will describe for the first time how an in-the-wild zero-click iMessage exploit works. Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we've ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states. E mult de citit. Sursa aici.

CVE Trends - crowdsourced CVE intel "Hi, my name's Simon, and I wanted a way to monitor trending CVEs on Twitter. So I built CVE Trends; it collates real-time information about tweeted CVEs. CVE Trends gathers crowdsourced intel about CVEs from Twitter's filtered stream API and combines it with data from NIST's NVD and GitHub APIs. If you have any questions, suggestions, or feedback then please reach out to me on Twiter @SimonByte or via my website: SJBell.com."

Researchers have unearthed a new remote access trojan (RAT) for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day. Dubbed CronRAT, the sneaky malware "enables server-side Magecart data theft which bypasses browser-based security solutions," Sansec Threat Research said. The Dutch cybersecurity firm said it found samples of the RAT on several online stores, including an unnamed country's largest outlet. CronRAT's standout feature is its ability to leverage the cron job-scheduler utility for Unix to hide malicious payloads using task names programmed to execute on February 31st. Not only does this allow the malware to evade detection from security software, but it also enables it to launch an array of attack commands that could put Linux eCommerce servers at risk. "The CronRAT adds a number of tasks to crontab with a curious date specification: 52 23 31 2 3," the researchers explained. "These lines are syntactically valid, but would generate a run time error when executed. However, this will never happen as they are scheduled to run on February 31st." The RAT — a "sophisticated Bash program" — also uses many levels of obfuscation to make analysis difficult, such as placing code behind encoding and compression barriers, and implementing a custom binary protocol with random checksums to slip past firewalls and packet inspectors, before establishing communications with a remote control server to await further instructions. Armed with this backdoor access, the attackers associated with CronRAT can run any code on the compromised system, the researchers noted. "Digital skimming is moving from the browser to the server and this is yet another example," Sansec's Director of Threat Research, Willem de Groot, said. "Most online stores have only implemented browser-based defenses, and criminals capitalize on the unprotected back-end. Security professionals should really consider the full attack surface." CronRAT: A New Linux Malware That's Scheduled to Run on February 31st (thehackernews.com)

Web hosting giant GoDaddy on Monday disclosed a data breach that resulted in the unauthorized access of data belonging to a total of 1.2 million active and inactive customers, making it the third security incident to come to light since 2018. In a filing with the U.S. Securities and Exchange Commission (SEC), the world's largest domain registrar said that a malicious third-party managed to gain access to its Managed WordPress hosting environment on September 6 with the help of a compromised password, using it to obtain sensitive information pertaining to its customers. It's not immediately clear if the compromised password was secured with two-factor authentication. The Arizona-based company claims over 20 million customers, with more than 82 million domain names registered using its services. GoDaddy revealed it discovered the break-in on November 17. An investigation into the incident is ongoing and the company said it's "contacting all impacted customers directly with specific details." The following information is believed to have been accessed by the intruder — Email addresses and customer numbers of up to 1.2 million active and inactive Managed WordPress customers Original WordPress Admin password that was set at the time of provisioning was exposed sFTP and database usernames and passwords associated with its active customers, and SSL private keys for a subset of active customers GoDaddy said it's in the process of issuing and installing new certificates for the impacted customers. As a precautionary measure, the company also stated it has reset the affected passwords and it's bolstering its provisioning system with added security protections. According to Wordfence CEO Mark Maunder, "GoDaddy stored sFTP passwords in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords, or providing public key authentication, which are both industry best practices." While data breaches are no longer a sporadic occurrence, the exposure of email addresses and passwords presents risk of phishing attacks, not to mention enable the attackers to breach the vulnerable WordPress sites to upload malware and access other personally identifiable information stored in them. "On sites where the SSL private key was exposed, it could be possible for an attacker to decrypt traffic using the stolen SSL private key, provided they could successfully perform a man-in-the-middle (MITM) attack that intercepts encrypted traffic between a site visitor and an affected site," Maunder said. sursa: GoDaddy Data Breach Exposes Over 1 Million WordPress Customers' Data (thehackernews.com)

Polonic mai e prezenta?

@infinite thanks for sharing! @Gecko o sa revin cu un edit!

E cineva into this? Stiu ca avea @Gecko un topic despre filosofie sau stoicism acum cativa ani, asta daca mai tin bine minte. Still into this? Stoicism doesn’t concern itself with complicated theories about the world, but with helping us overcome destructive emotions and act on what can be acted upon. It’s built for action, not endless debate. Niste citate: — "No one is anyone, one single immortal man is all men. I am god, I am hero, I am philosopher, I am demon and I am world, which is a tedious way of saying that I do not exist." — "If it's in your control, why do you do it? If it's in someone else's, then who are you blaming? Atoms? The gods? Stupid either way. Blame no one. Set people straight, if you can. If not, just repair the damage. And suppose you can't do that either. Then where does blaming people get you? No pointless actions." — "Why are we still lazy, indifferent and dull? Why do we look for excuses to avoid training and exercising our powers of reason?" — "Every action you take is a vote for the type of person you wish to become. No single instance will transform your beliefs, but as the votes build up, so does the evidence of your new identity." — "I have often wondered how it is that every man loves himself more than all the rest of men, but yet sets less value on his own opinion of himself than on the opinion of others."

Poate sunt offtopic, dar: Am jucat la pariuri o singura data in viata. 10 lei. Si aia c-am vrut eu, asa, "ca n-aveam ce face" cum zice romanul pe langa ca il acompaniam pe un amic care, suprinzator, paria. Ma lovesc din ce in ce mai mult de persoane care pariaza zilnic si, surprinzator, majoritatea discutiilor lor implica subiectul asta. Si nu vorbesc doar de saraci, sunt si oameni cu bani care joaca. Am I missing something sau asa functioneaza dependenta? Sau sa-mi schimb eu prietenii si persoanele de care ma lovesc in societate? No hate/flame.

O sa ne inchida iar prin Noiembrie zic eu pentru ca in Decembrie are loc The Great Awakening si marile puteri nu vor sa se intample asta. If you know you know.

GameGuard?

Vazusem o stire cum ca Twitter dezactiveaza toate conturile alora care-i doresc moartea lui Trump de cand cu stirea c-are COVID. "president dying of a virus during a pandemic a month before a massive election would prob be craziest US political event since lincoln’s assassination crazier than JFK death for sure bc that was a random one off event and most JFK’s notoriety was in retrospect because of the brutality of his death, trump is already one of the most controversial presidents ever"

Nu pot citi acum; ce ti-ai dori sa stiu?

@Nytro, info-ul pt. wrong password la Sign In pe tema neagra nu se vede.

https://www.epson.ro/products/printers/laser-printers/colour/epson-aculaser-c900#downloads

ă, î, ş, ţ, â LE: credeam ca s-a stricat ceva

:)))))))))))))))))))))))))))

Got it. Thanks.

De ce neaparat mail si nu mesaj privat aici? Mi se pare ca aduni mailuri pentru cine stie ce. No hate.

E din 2017 topicul.

contravenție sf [At: CARAGIALE, ap. DA / V: (înv) ~iune / Pl: ~ii / E: fr contravention] (Jur) Încălcare a legii penale, care, având un grad redus de pericol social, este pedepsită cu o amendă sau închisoare pe termen scurt. Baga la cap definitia, ce a scris Nytro e perfect. E logic daca stai si te gandesti. Oricum n-au cum sa-ti vina doar contraventii incat sa cazi din cauza lor. Make sure you ace the rest and you're good to go.

La cartela am zambit, la raspberry pi-ul ala sau ce e m-a bufnit rasul hahahah :)))))