Dragos

Faci doua coloane in tabel: blocat (INT) si motiv (TEXT). La blocat poti avea ceva de genul 0 (neblocat) si 1 (blocat). Cand utilizatorul acceseaza pagina respectiva, se face un query in db. Exemplu: $sql = mysql_query ("SELECT * FROM utilizatori WHERE utilizator='$utilizator'"); $fetch = mysql_fetch_array ($sql); if ($fetch['blocat']==1) { die ("Acces interzis. <br />Motiv: " . $fetch['motiv']); }

Pentru ce ai mai postat linkul de la dinosaur?

M-am convins si de 7n cat de cacat este. Daca aveti site pe 7n, aveti grija ce date va bagati. M-au ras de un cont VIP pe un site in seara asta.

La seriale, la un cont normal, se face acelasi request la dinosaur.do, doar ca daca utilizatorul a trecut de 30 de minute afiseaza linkul. Ma gandesc ca la VIP ar fi un parametru sau ceva in plus.

Cu acest script poti descarca videoclipuri de pe VPlay. Scriptul este simplu, fara interfata. L-am facut cu ajutorul lui SlicK. Nu merge inca pentru seriale. In loc de IDFILM pui id-ul filmului de pe VPlay. De exemplu, pentru asta, id-ul filmului este gy3drjmj. <?php //mod de folosire : pagina.php?k=IDFILM $k = $_GET['k']; $x = curl_init("http://www.vplay.ro/play/dinosaur.do"); curl_setopt($x, CURLOPT_POST, 1); curl_setopt($x, CURLOPT_POSTFIELDS, 'onLoad=%5Btype%20Function%5D&external=0&key='.$k); curl_setopt($x, CURLOPT_FOLLOWLOCATION, 0); curl_setopt($x, CURLOPT_RETURNTRANSFER, 1); $data = curl_exec($x); $q = get_string_between ($data, '=','&'); header("Cache-Control: public"); header("Content-Description: File Transfer"); header('Content-Disposition: attachment; filename="video.flv"'); header("Content-Type: application/flv"); header("Content-Transfer-Encoding: binary"); readfile($q); curl_close($x); function get_string_between($string, $start, $end){ $string = " ".$string; $ini = strpos($string,$start); if ($ini == 0) return ""; $ini += strlen($start); $len = strpos($string,$end,$ini) - $ini; return substr($string,$ini,$len); } ?>

Am vazut si eu filmul la ray william johnson. Femeia avea un aparat auditiv. O sa se faca mult tam-tam cu asta in urmatoarele saptamani.

Incearca si ai sa vezi.

Prost sa fi sa pici intr-un scam page ca asta. Foloseste si un serviciu public pentru a trimite datele din formular. Trist ca are si mail-ul in sursa. Si nu mai fa posturi inutile.

Am discutat cu multi utilizatori de pe RST pe treaba asta si, ca sa nu mai stau sa le raspund la fiecare in parte, am scris tutorialul asta.

Security researchers from Microsoft's Malware Protection Center (MMPC) warn of an unprecedented rise in exploitation attempts targeting Java vulnerabilities, especially during the third quarter. "[…] By the beginning of this year, the number of Java exploits [...] had well surpassed the total number of Adobe-related exploits we monitored," Holly Stewart, senior program manager at Microsoft, writes on the MMPC blog. However, according to Microsoft's data, the real surge in Java exploitation attempts began during the middle of the second quarter. The numbers started from 500,000 and peaked at well over 6,000,000 during Q3. This sudden spike can be attributed to mainly three vulnerabilities, which are relatvely old. The most targeted one (3.5 million attacks) was CVE-2008-5353, which was fixed in December 2008. The second one was CVE-2009-3867 (2,6 million attacks), patched in November 2009 and the third, CVE-2010-0094 (213,000 attacks), addressed back in April. Stewart says the reason why Java exploits have not been as discussed as PDF or Flash ones, is because intrusion prevention systems (IPS) have a hard time detecting them. The explanation is that parsing malicious Java code requires a Java interpreter, and Java interpreters are notoriously slow, leading to performance issues. But, while Microsoft talks about an all-time high number of Java exploitation attempts, the more important aspect is how many of these attacks are actually successful. Yesterday we reported that while analyzing a live attack using the Zombie Infection Kit, researchers from M86 Security discovered that over 60% of successful exploits targeted two Java vulnerabilities. Reputed security blogger Brian Krebs, has also wrote about the success of Java exploits in drive-by download toolkits recently. The main issue here is that users fail to keep Java installations up to date, either because they don't even know that they have it installed or because the Java updater is ineffective. Security experts advise removing Java if it's not needed or making an effort to keep it updated. Free programs like Secunia's Personal Software Inspector can help with that. The latest Java Runtime Environment (JRE) version can be downloaded here. Microsoft Warns of Spike in Java Exploitation Attempts - Softpedia

Adobe has fleshed out its plans to offer sandboxing as a mechanism to limit the impact of attacks against its ubiquitous Adobe Reader PDF reader application. Available from November, Adobe Reader X will incorporate virtual sandboxing technology that will place controls on the application's ability to modify the registry or execute unwanted content. Adobe Reader X Protected Mode is listed as one of six key improvements due in Adobe PDF application suite. Other enhancements include the ability for users to "view and interact with PDF files that contain an even wider variety of content types, including drawings, email messages, spreadsheets, videos, and other multimedia elements". The revamp also includes a new version of Acrobat, as explained in a blog post by Adobe here. Adobe applications have become a hacker favourite over recent years and frequently feature in malware attacks. The addition of sandboxing technology is welcome even though it's certainly no panacea against exploits. Oracle's Java Runtime Environment has long incorporated sandboxing. Despite this Java is more often successfully exploited to compromise PCs through drive-by download web exploits than Adobe Reader, according to new research from Microsoft. Holly Stewart, a Microsoft security analyst, blames a huge upsurge in Java-based attacks recorded since Q3 2009 on attacks on three vulnerabilities, all of which have been patched. The upswing in attacks on Java has been going on for months, without much comment apart from the honourable exception of a blog post by Brian Krebs last week, possibly because IPS systems are not especially converse with Java, according to a theory suggested by Stewart. Clearly this is an area that needs more research. Patrik Runald, senior manager for security research at Websense, said more surfers ought to consider whether they actually needed Java. "Uninstall Java if you don't need it, it's the most attacked software by drive-by kits by far," he said. Adobe preps sandboxing tech to fight exploits ? The Register

Multi dintre voi folosesc site-uri precum imvisible.info, pulso.ro etc. pentru a afla statusul unui amic din lista. Ei bine, va puteti folosi de site-ul acela pentru a va crea propriul vostru scanner. Cum? Simplu. In primul rand ne trebuie Firefox cu pluginul Tamper Data. Intram pe un site de invisible scanner (luam ca exemplu narubian.com). Intram, bagam id-ul pentru scanat. Deschidem tamper data (tools > tamper data) si dam Start Tamper. Apasam pe logoul de Yahoo! din narubian pentru a scana id-ul. Vom vedea un tamper request cu linkul http://www.narubian.com/check.php?id=ID. Intram pe acel link si vom vedea statusul sub forma ID###STATUS. Am scris mai jos un exemplu de script pentru a prelua informatiile din narubian. <form action="" method="post"> <input type="text" value="" name="id"><input type="submit" value="scaneaza"> </form><br /><br /> <?php $id = $_POST['id']; $pag = file_get_contents("http://www.narubian.com/check.php?id=" . $id); $explode = explode ("###", $pag); if ($id <> "") { if ($explode[1]=="online"){ echo $explode[0] . " este online."; }elseif ($explode[1]=="offline"){ echo $explode[0] . " este offline."; }elseif ($explode[1]=="invisible"){ echo $explode[0] . " este invizibil."; }else{ echo "Nu s-a putut scana id-ul " . $explode[0]; } } ?>

Varianta 3 nu a fost facuta publica.

@extremcs2: Poza aceea e veche. A mai fost postata pe forum. E ca si topicul acela cu hackerita (ce a fost postat de minim 3 ori).

Security researchers warn that a new Facebook scam is tricking users by promising them an application that allows viewing who visited their profile. The spam messages promoting this read: "See who viewed your profilee original version 2.0: now you can see who viewed your facebook profile [link]" A thumbnail of the Facebook sidebar menu, which appears to have a new option called "Who's Viewed me," is also accompanying the message. Following the advertised link takes users to part of a multi-step scam, that asks users to like, share and promote the page before being given access to the intriguing application. Thumbnail of fake Facebook Enlarge picture Despite its well designed aspects, this type of attack is rudimentary compared to others, that propagate through rogue applications or clickjacking. Nevertheless, a lot of users continue to be fouled by the promise of being able to view their profile visitors, a functionality that doesn't exist on Facebook and will probably never will, due to privacy issues. In fact, the social network is pretty clear about this and its FAQ states that: "Facebook does not provide a functionality that enables you to track who is viewing your profile, or parts of your profile, such as your photos. "Third party applications also cannot provide this functionality. Applications that claim to give you this ability will be removed from Facebook for violating policy." During the past year or so, we've seen various scams employing this trick, but one promoting an application called "Profile Spy" resurfaces again and again. The purpose of these attacks is to get users to participate in surveys that try to silently sign them up to a premium SMS services, billed on their mobile phone. "Scams like this don't need to exploit security vulnerabilities in Facebook's code - all they need to do is socially engineer users into making poor decisions," warns Graham Cluley, senior technology consultant at Sophos, who spotted the latest attack. View Profile Visitors Trick Makes a Comeback on Facebook - Softpedia

The French national police force – la Gendarmerie – yesterday stood accused of operating a secret and illegal database of Roma and other travelling minorities. The existence of this database was reported in great detail in yesterday's Le Monde. It came to light by chance, when a 48-page powerpoint presentation, prepared by a Commandant in the Central Bureau for prevention of Traveller Crime (OCLDI), and presented to a meeting of Transport Businesses in November 2004, turned up on the internet. If confirmed, this database represents the logical conclusion to an ever-more-intrusive surveillance of travellers and ethnic minorities by the police – and is likely to prove doubly embarrassing to French President Nikolas Sarkozy. Firstly, because the very first article of the French Constitution asserts that the Republic "guarantees the equality before the law of all citizens, irrespective of racial origin or religion". Secondly, because M. Sarkozy was the focus for serious international criticism this summer when he stepped up the deportations of Roma from France to their native Romania and Bulgaria. EU Justice Commissioner Viviane Reding compared France's actions to persecutions in Nazi-occupied France, an accusation met with fury by M Sarkozy, who said that the comparison was "unacceptable". The Gendarmerie, clearly embarrassed, have denied allegations that they are tracking the Roma population with a dataset. They claim that while there may have been mention in the Powerpoint presentation of Roma and MENS (an acronym for a system understood to stand for "ethnic minorities without permanent abode"), this was before the formation of the OCLDI. Sadly, this will not wash, as the OCLDI was created in June 2004, some five months before the date of the presentation. According to the Gendarmerie: "The only database used by the OCLDI is an administrative database, logging the regional distribution of individuals without permanent abode – with no reference at all to race or ethnic origin". They are adamant: MENS does not exist. There are problems also with this version of events. A further presentation to gendarmes, this time of Forbidden Zone, the house magazine of the OCLDI in May 2008 led one commenter to remark: "Uh oh! There are going to be questions asked about MENS – and there are going to be all sorts of recriminations and "jeremiads" from the representatives of these "poor victims" going on about 'police persecution'." Human Rights lawyers William Bourdon and Francoise Cotta, acting on behalf of a coalition that includes La Voix des Rroms (Roma Voice) , the French Union of Gipsy Associations (UFAT), the National Federation for support of Gipsies and Travellers la fédération (Fnasat), and the Catholic Travellers Association (ANGVC) are up in arms. According to M. Bourdon: "These files can only put various communities, in France and abroad, in mind of some very bad memories indeed. They appear to be symptomatic of a pathological security mindset that has carried on continuously for the last two and a half years". Mme Cotta added: "This is not 1940. We are looking for a swift public response confirming an end to this very rapidly. It is at the heart of government that the most serious threat to social order is to be found". In a separate development today, Liberal Democrat European justice and human rights spokeswoman and London MEP Sarah Ludford intervened, speaking out against allegations that the French authorities have also been taking DNA samples from Roma people without proper authorisation. The Baroness is a long time campaigner on Roma rights, and in 2008, she led a campaign to stop the Italian government fingerprinting Roma people. She told El Reg: "What further evidence does the European Commission need to start questioning France on whether its anti-Roma policy breaks EU rules against race discrimination? Fundamental rights European Commissioner Viviane Reding must now demand proof of compliance, and threaten infringement proceedings, on race discrimination as well as free movement." She added: "I urge the Commission to also consider this targeted fingerprinting and DNA sample collection when investigating the case against France. This is discriminatory and must be stopped." French cops claimed to hold secret, illegal gypsy database ? The Register

Microsoft plans to push out a bumper crop of 16 bulletins - four critical - as part of the October edition of Patch Tuesday next week. The updates represent Microsoft's largest ever Patch Tuesday. The patches will collectively grapple with 49 vulnerabilities. The four critical bulletins impact all supported versions of Windows including Windows 7 and 2008R2. One of the bulletins will offer a critical update for Internet Explorer, and needs to be applied to versions 6, 7 and 8. Two less serious updates cover Microsoft Office updates. "Each vulnerability is rated with a severity of 'Important', which is Microsoft's standard rating for file format vulnerabilities, as they require user interaction to be triggered," notes patch management and security scanning services firm Qualys. "For the first time the new Microsoft Word 2010 is included in an advisory." Microsoft's pre-alert advisory can be found here. Microsoft plans biggest ever Patch Tuesday ? The Register

Pagina oficiala a Pre?edintelui Republicii Moldova

Legea privind prelucrarea datelor cu caracter personal si protectia vietii private in sectorul comunicatiilor electronice: Legi internet

Era parca un chat Romanian Security Team - [ Security Research ] v.2.0 Alpha - Codename: Scafandru Sfant

FileShare Download limbajul-de-programare-c-tutorial-.rar

15-20 cifre, litere si caractere speciale

Despre spam pe Yahoo! Autor: Synthesis Data: 10/10/2010 Site: www.rstcenter.com Disclaimer: Acest articol este pur educativ. Continut 1. Ce inseamna spam? 2. Cum se poate face spam? 3. Spamul pe Yahoo! 3.1 Trecerea de filtrele de securitate 4. Metoda snowflake 1. Ce inseamna spam? Spamming (sau spam) este procesul de expediere a mesajelor electronice nesolicitate, de cele mai multe ori cu caracter comercial, de publicitate pentru produse si servicii dubioase, practicata in industria e-marketingului si de proprietarii de site-uri pornografice. Spam-ul se distinge prin caracterul agresiv, repetat si prin privarea dreptului la optiune. Un mesaj care vine in urma consimtamantului exprimat in prealabil de destinatar nu este spam. Detalii legale referitoare la spam sunt prevazute in ”Legea 506 din 17 noiembrie 2004 privind prelucrarea datelor cu caracter personal si protectia vietii private in sectorul comunicatiilor electronice” (Art. 12). Sursa: Wikipedia 2. Cum se poate face spam? La ora actuala exista foarte multe metode de a face spam pe mail, printre care utilizarea unui server SMTP si a comenzii mail din PHP. In acest articol vom discuta despre ultima metoda. Aceasta este simpla si poate fi folosita de pe orice server ce are comanda activata. Sa luam spre exemplu urmatorul cod PHP (ce l-am folosit si in programul Mail Tools). <?php $to = "destinatar@domeniu.ro"; $subject = "Salut"; $body = "Salut,\n\nCe faci?"; $headers = "From: expeditor@domeniu.ro\r\n" . "X-Mailer: php"; if (mail($to, $subject, $body, $headers)) { echo("Mesajul a fost trimis!"); } else { echo("Mesajul nu a putut fi trimis."); } ?> Acest cod de mai jos ii va trimite utilizatorului destinatar@domeniu.ro un mail cu continutul urmator: Partea interesanta este aceea ca mail-ul provine de la expeditor@domeniu.ro. Astfel, putem pune orice mail vrem (ex: sefultau@nasa.gov). 3. Spamul pe Yahoo! Majoritatea dintre noi am primit cel putin o data pe mail un spam. Unii l-au ignorat, altii l-au luat in serios. In fine, cele mai multe mail-uri (90%) se folosesc de inginerie sociala, zicand ca ai castigat nu stiu cati bani la nu stiu ce loterie din nu stiu ce tara uitata de lume. Majoritatea mesajelor au fost luate ca Spam si mutate in folderul cu acelasi nume. Va voi prezenta mai jos o metoda de a trece de filtrele de securitate. 3.1 Trecerea de filtrele de securitate Mail-urile care vin in casuta ta de Yahoo! contin niste headere. Pe baza acestor headere si a continutului mesajului, mail-ul este catalogat. Urmatorul script foloseste cateva headere pentru a trece de filtrele de spam. <? $destinatar = "destinatar@domeniu.ro"; $titlu = "Salut"; $continut = "Ai castigat 1,000 euro"; $header .= "Reply-To: Expeditor <expeditor@domeniu.ro>\r\n"; $header .= "Return-Path: Expeditor <expeditor@domeniu.ro>\r\n"; $header .= "From: Expeditor <expeditor@domeniu.ro>\r\n"; $header .= "Organization: Google LTD\r\n"; $header .= "Content-Type: text/plain\r\n"; mail($destinatar, $titlu, $continut, $header); ?> Acestea sunt doar cateva headere. Se pot adauga si altele, totul tine de tine. 4 Metoda snowflake Metoda snowflake (metoda fulgului de nea) este una dintre cele mai bune metode de spam la ora actuala. Aceasta consta in crearea de mesaje unice pentru fiecare destinatar (exact cum fiecare fulg de nea este unic). Pentru acest lucru, vom avea nevoie de o baza de date cu sinonime. Un exemplu de mesaj ar fi urmatorul : <?php echo $salut . " " . $nume . "! Ai " . $primit . " " . $suma . " de " . $moneda . " de la " . $locatie . "."; ?> Exemple pentru acest cod :

Sunt eu anti-Boc, dar asta nu inseamna ca ma duc sa-l ucid. EDIT: Nicadorii l-au ucis pe Duca in Sinaia, nu pe Nicolae Iorga. In fine, hai sa terminam discutia asta. Restul, continuati..

Am tot observat ca membrii si simpatizantii ND folosesc proverbe sau citate ca sa-si sustina ideea. Deci, va zic si eu voua: Fapta, nu vorba- Fa, nu vorbi ! (Corneliu Zelea Codreanu) @hozarares: Ideea legionarismului in Romania este deja "fumata". Daca membrii Legiunii spuneau "Lupt, rezist, sunt anticomunist" (in anii '30), normal ca si Noua Dreapta zice asta. E ca si cum as zice ca sunt anti regimului lui Vlad Tepes. La faza asta chiar te-ai facut de cacao Rarese. Este ca si cum as zice ca am facut un script si m-as pisa pe tine ca tu nu stii sa-l faci. Daca un om se naste sub o anumita religie, asta e. Trebuie sa-l respecti. Daca tu te-ai fi nascut musulman, ce-ai fi facut? Te-ai fi luat in gura cu crestinii pentru Allah? Hai sa definim extremismul. EXTREMÍSM s. n. Atitudine, doctrin? a unor curente politice care, pe baza unor opinii, idei, p?reri exagerate, unilaterale, extreme, urm?resc prin m?suri violente sau radicale s? impun? programul lor. – Din fr. extrémisme. (sursa) Vrei exemplu de extremism? Am facut acum ceva timp un filmulet in movie maker despre .