aelius

A BBC FTP server ftp.bbc.co.uk was compromised by a Russian hacker and access to it touted online, say computer security researchers. The miscreant behind the attack on the internet-facing file store tried to sell access to the infiltrated system to other crims on Christmas Day, we're told. Hold Security – which this year has helped break news of data heists at Adobe and a top-flight limo company – spotted someone trying to sell access to ftp.bbc.co.uk, according to Reuters. FTP is a 1970s vintage protocol for transferring information in bulk over the internet; its use is discouraged because usernames and passwords to log into accounts are sent over the network unencrypted, although there are ways to establish secure connections. The hacked service was used by reporters to file material from the field, and by advertisers to upload video to BBC Worldwide channels. The invaded computer was cleaned up over the weekend. Right now the system appears to be running ProFTPD 1.3.3g on Solaris, but there's nothing to indicate that was the vulnerable software. However, versions of ProFTPD prior to 1.3.3g suffer from a use-after-free bug (CVE-2011-4130) that allows an attacker to execute code remotely on the machine hosting the server; a flaw that's been known about since 2011. "The only other information that I can offer is that the hacker was offering a screenshot proving that he had administrative access to the BBC server," Alex Holden, chief information security officer at Hold Security, told BBC News. It is not clear how deep the hacker managed to penetrate Auntie: specifically, whether the miscreant obtained just an FTP admin account login, gained control of the user account running the FTP daemon, or gained full control of the machine running the file-transfer server. Don't forget, a compromised computer could have acted as a stepping stone to other systems within the Beeb's network. Source: Yes, the BBC still uses FTP. And yes, a Russian crook hacked the server • The Register CVE-2011-4130 Overview: Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer. Note personale: - Este doar un an decand a fost un alt '0day' in proftpd. (Pe platforma x86). - "Right now the system appears to be running ProFTPD 1.3.3g on Solaris" - Oare unde au vazut ei ca ruleaza pe Solaris?! Poate au un glob fermecat.

Ba, Nytro pune de o ora tutoriale si voi va scarpinati dubios la maciuca cu threadurile de rahat. Thread closed. Chiar nu vedeti nimic interesant aici decat rahaturile astea ?

Il inchidem pana nu va luati banuri in ordine alfabetica.

closed & ban.

Ja right.

Thread mutat in categoria 'Cosul de gunoi'. Daca mai vad biohazarduri deastea de tutoriale, si furate, iti dau ban. Pai ce faci frate, iti bati joc de noi?

// offtopic: Byte-ul: Matt are o reputatie destul de ok aici. // ontopic: Thread closed. Flood pentru jocuri ... Mare ti-e gradina.

Mirc nu are CONT. Este doar o aplicatie de rahat facuta pentru a te conecta la servere IRC ce ruleaza pe windows. Si nu, aici chiar nu oferim suport pentru asta.

Aha, loguri paypal. Ban permanent. Cand mai vedeti posturi de genul, va rugam sa dati report. Avem a multumi ;-) Thread closed.

Following the recent disclosure of a massive data breach that affected nearly 40 million customers, retail giant Target has now confirmed that encrypted PIN data from card transactions was accessed by hackers. Target, which on Dec. 23 confirmed it was working with the United States Secret Service and the Department of Justice to investigate to investigate the incident, has reversed earlier statements that PIN numbers had not been compromised in the breach. “While we previously shared that encrypted data was obtained, this morning through additional forensics work we were able to confirm that strongly encrypted PIN data was removed,” a Target spokesperson told SecurityWeek on Friday in an emailed statement. While encrypted PIN numbers may have been accessed by attackers, Target is confident that because the information was fully encrypted, customers should not panic. “We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems,” the statement continued. According to the retail giant, when a customer uses a debit card in a Target store and enters a PIN, the PIN is encrypted at the keypad using the popular Triple DES encryption standard. Target said it does store the encryption key in its system, and that it does not have access to the encryption key used to store PIN data. “The PIN information is encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor,” the company explained. “What this means is that the ‘key’ necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident.” According to Target, debit card accounts have not been compromised due to the encrypted PIN numbers being taken. Source: Target Confirms Encrypted PIN Data Was Stolen in Security Breach | SecurityWeek.Com Related article: Experts Debate How Hackers Stole 40 Million Card Numbers from Target | SecurityWeek.Com

NEW YORK - A US judge ruled Friday that the National Security Agency's mass surveillance of telephone calls is lawful, fanning a legal conflict likely to be decided ultimately by the Supreme Court. Federal judge William Pauley in New York threw out a petition from the American Civil Liberties Union and said the program was vital in preventing an Al-Qaeda terror attack on American soil. Ten days earlier, however, another federal judge in Washington had deemed that NSA surveillance is probably unconstitutional, laying the groundwork for a protracted series of legal challenges. "The question for this court is whether the government's bulk telephony metadata program is lawful. This court finds it is," said the 54-page ruling published in New York on Friday. The scale by which NSA indiscriminately gathers data on millions of private calls was exposed by intelligence whistleblower Edward Snowden, sparking an international and domestic outcry. Protected by judicial checks and executive and congressional oversight, Pauley said the program does not violate the US Constitution's fourth amendment right against unreasonable searches and seizures. "There is no evidence that the government has used any of the bulk telephony metadata it collected for any purpose other than investigating and disrupting terrorist attacks," he wrote. The judge sided with US spy chiefs who say that by connecting the dots between archived calls and terrorist suspects, US officials can keep the country safe. The NSA hoovers up information about virtually every telephone call to, from and within the United States, and says it is the only way to discern patterns left behind by foreign terror groups. The judge quoted the 2004 report by the 9/11 Commission -- the panel which investigated the 2001 Al-Qaeda attack on the United States -- as saying it was a false choice between liberty and security, as "nothing is more apt to imperil civil liberties than the success of a terrorist attack on American soil." "As the September 11th attacks demonstrate, the cost of missing such a thread can be horrific. Technology allowed Al-Qaeda to operate decentralized and plot international terrorist attacks remotely," he wrote. "The bulk telephony metadata collection program represents the government's counter-punch: connecting fragmented and fleeting communications to reconstruct and eliminate Al-Qaeda's terror network." The judge quoted examples in which NSA phone monitoring in 2009 exposed an Al-Qaeda plot to bomb the New York subway, and cite a plot by convicted Pakistani-American terrorist David Headley to bomb a Danish newspaper office. "Unintentional violations of guidelines," Pauley said, appeared to have stemmed from "human error" and "incredibly complex computer programs" and had been rectified where discovered. This month, an official panel handed President Barack Obama a review of the NSA's surveillance program along with more than 40 recommendations to install safeguards and limit its scope. But the administration is not expected to significantly curtail the mission, and Snowden remains a fugitive from US justice who has been granted temporary asylum in Russia. Source: New York Judge Rules NSA Phone Surveillance Lawful | SecurityWeek.Com

Researchers have reportedly found a vulnerability in a security system embedded in Samsung's Galaxy S4 smartphone that could allow an attacker to steal data. Security researchers at Ben-Gurion University of the Negev in Israel uncovered vulnerabilities in Samsung's KNOX security solution. The findings were first reported by the Wall Street Journal, which noted that KNOX is currently being reviewed by the U.S. Department of Defense and other government agencies for potential use. Aimed at Google Android devices, KNOX includes the ability to enforce the separation of information through containerization as well as a secure boot and kernel monitoring capabilities. According to researchers at BGU's Cyber Security Labs, the issue makes interception of data communications between the secure container and the external world – including file transfers and emails – relatively easy. "To us, Knox symbolizes state-of-the-art in terms of secure mobile architectures and I was surprised to find that such a big 'hole' exists and was left untouched," Ph.D. student Mordechai Guri said in a statement. "The Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands. We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately." Guri, who is part of a team of BGU researchers that focus on mobile security and other cyber-issues, uncovered the vulnerability while performing an unrelated research task. According to BGU, KNOX's secure container is supposed to ensure that all data and communications that take place within the secure container are protected. Even a malicious application should attack an area outside the secure container all the protected data should be inaccessible under all circumstances. However, researchers found that that is not the case. "To solve this weakness, Samsung may need to recall their devices or at least publish an over the air software fix immediately," said Dudu Mimran, chief technology officer of the BGU labs, in the statement. "The weakness found may require Samsung to re-think a few aspects of their secure architecture in future models." Samsung did not respond to a request for comment from SecurityWeek. However, the company told the Wall Street Journal that it was investigating the matter, and that preliminary investigation has found that the researchers' work seems to be based on a device that was not equipped with features that a corporate client would use alongside Knox. "Rest assured, the core Knox architecture cannot be compromised or infiltrated by such malware," the Samsung spokesperson told the Wall Street Journal. Source: Samsung KNOX Security Software Embedded in Galaxy S4 Vulnerable, Researchers Say | SecurityWeek.Com

Statul roman te vrea prost. Iti spun din proprie experienta, am fost intrebat inclusiv de ce am invatat linux. Asa e la noi, e infractiune si daca iti place sa citesti.

Cred ca ati ratat o chestie. Ati vazut ce echipamente au cei de la NSA ? In plus, chiar stack-ul tcp/ip este vulnerabil. Puteti vedea aici si la ce practici se recurge cand se doreste ceva: https://rstforums.com/forum/78552-fake-google-ssl-certificates-made-france.rst Va rog sa ramaneti on topic. Multumesc

Te invata taica wget --user-agent="Mozilla/5.0" -O eric.tgz "http://ge.tt/api/1/files/5CZc0bB1/0/blob?download" tar zxvf eric.tgz

In afara de faptul ca orice venit trebuie impozitat, nu este nimic ilegal. Si cum statul nu iti ofera nimic si nici nu poate sti cati clienti ai sau cati bani scoti, eu te sfatuiesc sa faci. Un mare dezavantaj pe care il ai din start daca nu ai firma: Nu vei avea clienti decat persoane fizice. Daca ai clienti, fa-ti o firma pe afara, nu plati impozit la Statul Roman.

S-a rezolvat problema. Inchidem acest thread.

Clot: da-mi PM cu ce adresa de email setata la acel account.

Muie. Ne pisam pe unixcod, pe tine, pe scannere si pe root. Ban permanent si thread closed. https://rstforums.com/forum/78558-threaduri-de-prost-gust.rst

Cifre: Pare ok gluma, dar nu facuta la infinit.

Pai ai 5 posturi, si la celalalt Show Off spui ca este prima ta postare. Ai probleme cu memoria ? Uite alt post al tau: Daca tu crezi ca hacking inseamna sa dai cu apostroful in site-uri sau sa dai deface, te inseli. Sfatul meu este sa lasi rahaturile astea si sa te apuci de ceva util, cum ar fi invatarea unui limbaj de programare. E un sfat prietenesc de la un nene mai mai batran. Irosesti timpul de pomana cautand site-uri aiurea si incercand variabile inexplicabile.

Ma nene, aia e o eroare php in joomla. - Unde vezi tu SQLi ? - Vezi ca e "Reported" nu "Raported" Tot ce vezi acolo e o simpla eroare php si un path disclosure.

What the fuck is IST ? Pot sa copieze de 1000 de ori ce e aici. O comunitate nu se formeaza cu un soft instalat.

Observ foarte multi lautari pe aici si cu ocazia asta, propun o noua categorie "Coltul Lautarilor" cu partituri si toate cele ) // edit: Already done. Acum spui ?!

/* Check the cookie and redirect if they have it set. */ sWhere = 'http://www.hackforums.net/showthread.php?tid=3943184'; // replace this with where you want them to be sent when they can't view page. E si greu rau .. Seteaza cookie si iti face redirect daca ai mai luat un cod macbook ~$ for i in {1..20} ; do curl -s http://skypecodes.ga/ |grep this.select |awk -F "'" '{print $2}' ; done SKYPE-8XVWG-J346H-6T3D9-HX9PV SKYPE-CHPJH-7E4PX-9AFX7-RY3VC SKYPE-M8JPD-EXRTV-3UE8X-YFMCJ SKYPE-HUGGN-AXYKM-4KVKR-4UPUK SKYPE-JNJHP-HKCPD-FG7EW-CX8U6 SKYPE-DNWBC-T8AH3-MTGTV-9MX4E SKYPE-GEF3U-Y3EGM-AJW4E-KVKCT SKYPE-VP4J6-9CF8E-ADJJ4-7JN8W SKYPE-XPG4W-JHHCA-TGDUF-TWUPP SKYPE-V73F3-4TPFH-GXBAE-H9JVU SKYPE-FAKU3-HFCKR-PVU7X-UU46B SKYPE-AEAUD-KPEVA-F7KGE-U8EWB SKYPE-E66BF-FRY9M-YR8AX-G7DKF SKYPE-YJCVD-X3XCM-7CG8D-AVY9J SKYPE-KKH8U-3AAR6-6AA4C-4URDH SKYPE-P383G-BHUJM-FVCYJ-FYTUG SKYPE-4W3YU-AKWWK-KETKH-MKM3F SKYPE-K4A3E-9EUMV-ECCKW-8RNAJ SKYPE-FGMRN-WE3VA-8HBFC-JW9TE SKYPE-G6P9U-XYK6T-F9G7H-EN9HF SKYPE-JECWT-C3WP8-8K4VJ-NCDNA SKYPE-XGWA8-3UAHV-9PWT8-FP6DM SKYPE-XRUYP-8HGE8-WN8HX-WBGDB SKYPE-9P6VP-7YPAX-38RKV-UNDDX SKYPE-PTKGF-E4FC4-NP9YH-8EFXK SKYPE-G63E3-DFBPU-DDTFU-WJM4M SKYPE-JBNHN-BCY7H-HKU6V-FM43W SKYPE-XG4GU-THT36-C3NFC-WVVKV SKYPE-XYJE9-UFF4F-D9MFX-EMPVA SKYPE-MKK8T-7B7FU-7UBVB-E3N99 SKYPE-RB67K-9AHAF-AWCPH-YKGYK SKYPE-MDMTR-UCNJ7-F37EV-WXEAP SKYPE-GHCU3-HTU9N-38J3J-H4MAE SKYPE-RRUY3-N7FEA-GPXER-6UU9K SKYPE-47E9A-BT88D-N9FTT-4DDGX SKYPE-A98TH-WBNWE-PA3JK-FCJFM SKYPE-G97VF-PP6UK-NY9DE-CEX6N SKYPE-4F6K7-FMJ9F-WF7MJ-BNJVU SKYPE-F33BA-RP97D-BKH3T-R8G8F SKYPE-WPMGX-WX99R-XFYNF-8VJ4B macbook ~$