-
Posts
4999 -
Joined
-
Last visited
-
Days Won
388
Everything posted by aelius
-
NFTables IPTables-Replacement Queued For Linux 3.13
aelius replied to Nytro's topic in Stiri securitate
Ai targetul 'TOS', dar nu se compara. E ceva low end. In plus sunt doar 5 optiuni sinistre. Atentie, vorbim de netfilter nu de tc din pachetul iproute2 Functioneaza foarte empiric prioridizant pachetele, atata tot. -
The Military Units that rely on very small aperture terminals (VSATs) for satellite communications in remote areas are vulnerable to cyber attack. Researchers from cyber intelligence company IntelCrawler recently identified nearly 3 million VSATs, many of them in the United States, and found that about 10,000 of them could be easily accessed because of configuration weaknesses. Researchers have warned that terminals having data transmission rate 4kbps to 16 Mbps used in narrow and broadband data transmission are vulnerable to cyber attack. VSATs are most commonly used to transmit narrowband data such as credit card, polling or RFID data or broadband data for VoIP or video using the Satellites in geosynchronous orbit generally used for Television & Radio broadcast, direct broadcast, military communication. Its name originated from the relatively small dish antenna with a diameter no longer than 10 feet (3 meters). IntelCrawler claimed that VSAT can be easily hacked because of poor password policy & default settings. Vulnerable terminals can be used for a planned cyber-attack, to be more precise on distributed network and infrastructure. Dan Clements, IntelCrawler's President said: "There's a lot of information that could be used in a nefarious way," Clements said. "Certainly you could put together a plan to go after certain grids or dams or power plants and have access to the centralized network at some point. According to the report, there are more than 313 open UHP VSAT, 9045 open terminals (HUGHES) and 1,142 terminals (SatLink), that can be easily hacked by malicious attackers. HUGHES is one of the largest manufacturers of VSATs which are mostly used in offline ATMs by several national central banks. Physical locations of a number of VSATs can be easily searched on Google maps and Google Earth, which could allow attackers to plan more sophisticated physical attacks. IntelCrawler also found network ranges of government and classified communications, e.g. Ministry of Civil Affairs of China infrastructure in ranges belongs to Shanghai VSAT Network Systems Co. LTD, and Ministry of Foreign Affairs of Turkey in Turksat VSAT Services, that poses critical threat to National Security. Source: Small satellite terminals (VSAT) are vulnerable to Cyber attack
-
Salut, Cred ca este vorba de 'session.gc_maxlifetime', vorbim imediat cu stimabilii sysadmini sa mareasca valoarea. Este curios faptul ca m-a delogat foarte rar. Cel mai probabil ai apucat cateva momente cand s-a facut cleaning la sesiuni
-
A fost distractie mare. 666BLODAS666 bantuia pe acolo pe chat si ne-am gandit sa-i facem un prank. Askwrite a dat pe chat un link cu o poza (aparent), era defapt un php ce facea header location pe logout-ul de la chat. Am profitat de ocazie si i-am pus un avatar frumos si o semnatura potrivita. El le-a schimbat repede. Le-am schimbat si eu inca odata. El intreba pe chat disperat, credea ca askwrite i-a luat cookie-urile. I-am spus ca ala i-a dat un trojan, un malware ceva si l-am sfatuit sa formateze hdd-ul. Cred ca nu mai avea mult oricum. Bineinteles, a urmat o ploaie de injuraturi catre askwrite, sa nu-i mai umble prin cont. (00:21:41) askwrite: ahahahahahahahahhahahahahahahaha?hahahaha (00:21:48) 666BLODAS666: cine pula mea imi tot schimba avatarul si toate si isi bate pula de contul meu? (00:21:53) askwrite: eu (00:55:49) 666BLODAS666: mi-ai furat cookieurile (00:55:50) 666BLODAS666: atat
-
Yahoo Enables HTTPS Encryption by Default for Yahoo Mail
aelius replied to aelius's topic in Stiri securitate
Mai bine lasa-l asa. E mai rapida asta. Fuck web 2.0; Nu ai nevoie de desene animate, doar de o interfata de email decenta. Cred ca am folosit pine (client email de CLI) cativa ani. Just plain text. -
Sunt unele aplicatii care determina daca sistemul are swap sau nu. Nu functioneaza fara el. Daca ai SSD (sau orice alt storage rapid) si suficienta memorie, recomand un sysctl -w vm.swappiness=0 si sa pui 'vm.swappiness=0' in '/etc/sysctl.conf' Deci, poti pune un 512 MB swap (just in case). Daca ruleaza deja sistemul si nu vrei sa umblii la partitionare, poti face swap cu dd (imagine)
-
As promised in an October 2013 announcement, consumer Internet giant Yahoo! has enhanced the privacy and security for its users by enabling HTTPS connections by default for all Yahoo Mail users. “Anytime you use Yahoo Mail - whether it’s on the web, mobile web, mobile apps, or via IMAP, POP or SMTP- it is 100% encrypted by default and protected with 2,048 bit certificates,” Jeff Bonforte, SVP of Communication Products at Yahoo! wrote in a blog post Tuesday. The HTTPS encryption will secure emails, attachments, contacts, as well as Calendar and Messenger in Mail, Yahoo said, protecting data and messages as they move between users' browsers and Yahoo’s servers. Yahoo Mail users have had the choice to enable HTTPS for some time, but now all users will benefit from the secure connections by default. The move to the secure browser sessions by default follows similar moves by Facebook, which enabled HTTPS by default in July 2013, and Google, which set the HTTPS default in early 2010, but has had the option for users to do so since 2008. Using HTTPS is increasingly beneficial when accessing Internet services from public networks such as Wi-Fi hotspots, and helps protect browser sessions from being snooped on by others. Nota personala: S-au facut magarii in Franta inclusiv cu certificatele ssl pentru google. Deci, nu o sa-i impiedice nimic sa obtina ce vor. Zilele trecute raspandeau malware prin intermediul site-ului, acum fac si ei 'by default' SSL. Praf in ochi pentru utilizatori. Source: Yahoo Enables HTTPS Encryption by Default for Yahoo Mail | SecurityWeek.Com
-
PARIS - France's data protection watchdog on Wednesday fined Google 150,000 euros ($205,000) -- the maximum possible -- for failing to comply with its privacy guidelines for personal data. The watchdog, the CNIL, also ordered the US Internet giant to publish a statement relating to its decision on its French homepage for at least 48 hours within the next eight days. Google was informed of the decision on January 3, the CNIL said in a statement. France's move follows Google's introduction in 2012 of a new privacy policy which enables it to track user activity across its search engine, Gmail, the Google+ social networking platform and other services it owns, which include YouTube. The changes make it easier for Google to collect and process data that could be used by advertisers to target individuals with tailored offers, thereby increasing the company's revenue potential. The CNIL had asked Google to inform web users in France on how it processes their personal data and to define exactly how long they can store the information. It had also requested that the US giant obtain user permission before storing cookies on their computers, referring to files that track web surfers and allow companies to target them with tailored commercials. Google has always maintained that its treatment of data gathered from users is in line with European law and has previously refused to get into an argument about the specific French requirements. The issue of data protection has gathered steam worldwide following revelations by Edward Snowden, a former contractor with the National Security Agency, that the US had a vast, secret program called PRISM to monitor Internet users. Google has defended the changes it made last year on the ground that they simplify and standardize its approach across its various services. But critics argue that the policy, which offers no ability to opt out aside from refraining from signing into Google services, gives the operator of the world's largest search engine unprecedented ability to monitor its users' tastes and purchasing patterns. Source: France Fines Google Maximum Penalty in Data Privacy Row | SecurityWeek.Com
-
- cookies
- data-privacy
- (and 4 more)
-
Iti recomand blog-ul lui Valentin Bosioc
-
Valim, respectul nu se castiga 'bagand' flood la site-uri fara un motiv anume. Nu castigi nimic si iti faci si dusmani. Crezi ca forumul tau nu pica la DDoS ? Orice pica. Inclusiv GOOGLE, AKAMAI, YAHOO. Infestezi 200.000 servere si trimiti din ele pachete ca pe conducta. Nu e nimic constructiv.
-
Daca vreti sa descarcati toate cartile de acolo si sa aveti si timp liber de cafea: marian@pluto:~$ mkdir books marian@pluto:~$ cd books/ marian@pluto:~/books$ marian@pluto:~/books$ wget -r -A "pdf" http://n-pn.info/repo/HackBBS/HackBBS/Docs_HackAngel/ marian@pluto:~/books$ mv n-pn.info/repo/HackBBS/HackBBS/Docs_HackAngel/* . marian@pluto:~/books$ rm -rf n-pn.info/
-
Pai ai codul la indemana, poti implementa singur absolut tot ce iti trebuie. E si 'how to' acolo. https://rstforums.com/forum/79735-emergency-self-destruction-luks-kali.rst http://thehackernews.com/2014/01/Kali-linux-Self-Destruct-nuke-password.html
-
Si aici, pe forum, avem/am avut masoni. Unu era vai de steaua lui, agramat, dadea cu Haviji si aposostroful in site-uri si dupa un an a devenit expert in securitate, inginer in cibernetica, mecatronica, fizica cuantica si General Manager la o firma de securitate. 'De care este.' Oare tot 'pro/re gresul' asta s-o datora masoneriei si stiintelor oculte ?! )
-
Pai si ... nu stiu cum sa te intreb. Vrei sa-l ajuti ? O fi crezut omul ca esti poponete si s-a simtit lezat. Nu vad asta un abuz de putere. "Nu e nicidecum o insult? adus? unui moderator" - Si Becali zicea: "El m-a facut incult, eu l-am facut oligofren si hahalera, nu l-am jignit!"
-
https://www.youtube.com/watch?v=aeaPanpU-iw
-
Raspunsuri sunt, trebuie doar sa pui intrebarea potrivita. "Nu ma pot conecta la internet. Cum sa fac asta?!" nu este o intrebare buna. Citeste pe aici cate ceva, o sa ai nevoie. Deci, ce fel de conectivitate ai la internet ? - Este PPPOE ? (Cu user si parola) - Ai un router "in fata" pc-ului ? - Ai un modem 3G sau dialup ? - Ce furnizor de internet ai? - Cum ai incercat sa te conectezi si nu ti-a reusit ? Si scoate emoticonurile alea cand intrebi ceva serios.
-
To protect and infect - The militarization of the internet
aelius replied to aelius's topic in Stiri securitate
Da, chiar nu e o solutie asta. Dar e recomandat sa iti schimbi periodic parolele. -
Kali Linux Full Disk Encryption As penetration testers, we often need to travel with sensitive data stored on our laptops. Of course, we use full disk encryption wherever possible, including our Kali Linux machines, which tend to contain the most sensitive materials. Setting up full disk encryption with Kali is a simple process. The Kali installer includes a straightforward process for setting up encrypted partitions with LVM and LUKS. Once encrypted, the Kali operating system requires a password at boot time to allow the OS to boot and decrypt your drive, thus protecting this data in case your laptop is stolen. Managing decryption keys and partitions is done using the cryptsetup utility. Nuking our Kali Linux FDE Installation A couple of days ago, one of us had the idea of adding a “nuke” option to our Kali install. In other words, having a boot password that would destroy, rather than decrypt, the data on our drive. A few Google searches later, we found an old cryptsetup patch by Juergen Pabel which does just that, adding a “nuke” password to cryptsetup, which when used, deletes all keyslots and makes the data on the drive inaccessible. We ported this patch for a recent version of cryptsetup and posted it on Github. Read more: Emergency self-destruction of LUKS in Kali | Kali Linux
-
(12:18:32) Oust: )) (12:18:38) Oust: Tre' sa merg sa ma pensez. (12:19:02) aelius: iti dai si cu creme ? (12:19:08) aelius: pai ce ma, esti muiere (12:19:08) Oust: Nu. (12:19:10) aelius: )))) (12:19:11) aelius: hahahaha (12:19:13) Oust: Imi e frica. (12:19:18) Oust: M-am mai dus odata sa ma penseze. (12:19:21) Oust: Ba imi era frica... (12:19:23) Oust: Serios va spun. (12:19:27) nedo: e doar un pic de frica (12:19:32) nedo: un pic de durere* (12:19:33) Oust: Imi era asa o frica ca ma face muiere. (12:19:35) nedo: mare branza (12:19:37) aelius: te penseaza si la Fofoloanca ? (12:19:37) Oust: Nu e durere. (12:19:39) Oust: Nu de durere ma. (12:19:42) nedo: ) (12:19:42) Oust: Pis pe ea de durere. (12:19:45) aelius: ))))))))))))))))))))))) (12:19:49) Oust: Mie imi era frica ca imi fute sprancenele. (12:19:55) Oust: Si o sa arat ca smigle. (12:20:02) Oust: Ca AZIS. (12:20:04) Oust: (12:20:08) aelius: ))) (12:20:15) Oust: Ma duc doar sa le tunda si sa ia din parti putin. (12:20:17) ENCODED: eu nu`mi pensez sprancenele (12:20:18) Oust: Nu sa le contureze. (12:20:20) ENCODED: sunt perfecte (12:20:21) ENCODED: ) (12:20:22) aelius: sa-ti proptim spranceana pe maciuca ma (12:20:24) Oust: Foarte bine. (12:20:26) aelius: )))))))))))))))))))))))))))) (12:20:27) ENCODED: la tine se unesc ? (12:20:32) Oust: Nu. (12:20:37) aelius: da-ne-ai cu spranceana-n burta (12:20:39) aelius: ahahahaha (12:20:39) Oust: Ca nu le las. (12:20:49) Oust: Eu sunt paros ba, am par si pe piept. (12:20:56) Oust: Sunt barbat, nu muiere. (12:21:09) aelius: http://wow7.ro/wp-content/upload?s/2013/08/tanar-haios-infiorator-?cu-sprancene-unite-01.jpg (12:21:10) Oust: Am dat 200 ron pe un bodygroom. (12:21:11) aelius: HAHAHAHHAHAHAHA (12:21:16) aelius: ete ma, ai pus poza pe net (12:21:21) Oust: Hahahaha (12:21:25) Oust: Nu ma nu le am asa. (12:21:25) aelius: ce pula mea e aia, spranceana sau COZOROC de sapca (12:21:28) aelius: )))}HAHAHAHHAHAHAHAHA (12:21:30) aelius: HAHAHAHHAHAHAHHAHA (12:21:33) Oust: HHHAHAHAHAHAHAHAHA (12:21:36) Oust: )) (12:21:56) ENCODED: ala e Oust ? (12:21:57) ENCODED: Oare e Oust ? http://wow7.ro/wp-content/upload?s/2013/08/tanar-haios-infiorator-?cu-sprancene-unite-01.jpg
-
Acele aplicatii malware sunt destinate Windows-ului. Pe linux oricum ai control mai mare: Rulezi aplicatiile sub un user cu privilegii restranse, poti vedea foarte usor procesele ce ruleaza si ai o gramada de scule pentru monitorizare si debugging. (tcpdump, iptraf, ps, pstree, lsof). Daca esti paranoic, poti face "daily md5sum" pe binare pentru a te asigura ca este totul ok. (poti instala chiar si un IDS sa monitorizeze fisiere, etc ..) (acum depinde si de experienta)
-
Suntem de parere ca esti un mare labagiu si ca te folosesti de munca altuia, fara a acorda credit. This photo set was shared via Share.Pho.to Cand copiezi o idee de la un om, pui link catre el, nu iti atribui tu munca lui. Eject. (ban)
-
After Snapchat hack, this can be another worst data breach of the new year. A Pakistani hacker 'H4x0r HuSsY' has successfully compromised the official Forum of 'openSUSE', a Linux distro developed, sponsored & supported by SUSE. The hacker managed to deface the Forum and uploaded its custom message page as shown and account information of 79,500 registered users' may have been compromised. The popular website MacRumors's Forum was compromised in last November using an alleged zero day exploit, which is based on vBulletin, a famous forum software. The openSUSE Forum is also based upon vBulletin. Another interesting fact is that openSUSE is still using vBulletin 4.2.1, which is vulnerable to inject rogue administrator accounts flaw. Whereas, the latest patched vBulletin 5.0.5 is available. Possibly, Hacker exploits same or another known vBulletin version 4.2.1 vulnerability to access the website's administrative panel. Read more: Exclusive - openSUSE Forum Hacked; 79500 Users' Data Compromised Nota personala: Mie imi pare o cacanarie sa se intample asta cu un soft comercial. Costul nu este deloc mic si pe langa costul lui, trebuie sa platesti pentru suport. Suport la ce ? La o saracie low-end cu gauri de securitate?! Se pare ca vBulletin devine un fel de mambo. Cine e vechi pe net stie ce nebunie era inainte la mambo / joomla. Observ din imaginile de acolo ca au folosit inclusiv un phpshell. Cat de retard sa fie un admin incat sa nu stie sa dezactiveze niste functii php si sa instaleze ceva module de protectie (just in case).
-
To protect and infect - The militarization of the internet
aelius replied to aelius's topic in Stiri securitate
Nu am observat ca a mai fost postat -
American companies respond to new NSA hacking claims
aelius replied to aelius's topic in Stiri securitate
Am folosit cisco din seria 7600 si unele mai mici dupa ele, insa restrictionate la net din acl-uri (pentru evitarea atacurilor in general). Ca routere, prefer Force 10. Publicase un polonez o chestie foarte interesanta referitoare la BIOS-uri si interceptari/operatii remote. (sa vad daca-l gasesc) -
Several American tech companies have responded to a report published in Germany’s Der Spiegel magazine detailing how National Security Agency officials exploit vulnerabilities in their hardware and software. The report, released in tandem with an address by security expert Jacob Appelbaum at Germany’s 30C3 conference, was based on classified NSA documents that were among those presumably disclosed to journalists by former government contractor Edward Snowden. Among the documents released over the weekend was a “catalog” of spy hardware and software developed by “ANT,” a previously unknown unit at the NSA. The group is tasked with developing spy gadgets for use by agents at the NSA and elsewhere. The gadgets developed by ANT take advantage of previously-unknown vulnerabilities in computer hardware and software manufactured by at least nine American companies: Dell, Hewlett-Packard, Cisco, Juniper, Apple, Microsoft, Western Digital, Seagate/Maxtor and Oracle. At the 30C3 Conference, Appelbaum questioned whether or not the American companies named in the documents were complicit in “leaving us vulnerable,” but said it was ultimately important to name the companies because “some of them are victims. “It’s important to note that we don’t yet understand which is which,” Appelbaum said, “so it’s important to name them so that they have to on record, and so that they can say where they are.” Read more: American companies respond to new NSA hacking claims | The Desk