aelius

Activitatea ta pe RST se termina la prezentare. Ban permanent. Thread closed.

doar dedicate - dar am vazut ca te ocupi cu scanul si nu prezinti incredere // edit: Asta ?

Cum s-ar spune, 'bashed'! (23:06:03) Oust: -bash: cd: /dev/sda4/: Not a directory (23:06:10) Oust: Plm, nu pot sa intr-un sda4. (23:06:11) Oust: E criptat.

post hunter, ban 24 de ore -> http://photobase.ro/di-78X1.png Va multumim pentru audienta.

Cumparati fratilor daca vreti. E 3 euro, ce rahat mai cautati seriale si nenorociri. E mai putin decat un pachet de tigari.

Baaaa, terminatilor, daca tot nu sunteti in stare sa va faceti un scanner bun, de ce saracia va apucati de rahaturi. Folositi toti synscan facut de Baganontu (DrBios) acum 14 ani in urma. L-au luat toti labagii gata facut si au pus un bash preacurvit international pe langa el cu "Powered by }{ Gica Hackeru, ilustrul geniu al lumii contemporane }{ cu pupici si floricele la nickname" sa vada lumea ca sunt ei priceputi. Mai stricati si cutiile oamenilor de pomana cu mizeriile astea. Ce sfantul excremente faceti cu ele ? Va faceti boti/emech/psybnc-uri pentru nemurirea sufletului ? Threadul asta aici nu e deschis de pomana. Si nu mai dezgropati threadurile astea adormite de mai bine de un an. Thread closed, da-l in sfantul si minunatul corahoz.

E URI prea lung, mai taie din el N-are rost sa dau pm.

Nu imi plac distributiile ce folosesc pachete/manager rpm. //offtopic shaggi, ce crocobaur zici acolo frate ? Doamne, cum suna, CrunchBang. De ce as utiliza o distributie bazata pe o alta distributie care la randul ei este debian based ? )

Asta denota ca statul comite orice ilegalitate pentru interesele sale. Practic accesezi example dot com pe https, certificatul este valid, domeniul example este cunoscut si te autentifici. Nu ai de unde stii ca o organizatie de stat redirecteaza traficul printr-un server local si mapeaza pe domeniu un alt certificat ssl pentru interceptarea de date. (sau ma rog, un certificat intermediar intre cel ce se afla in radacina browserelor si cel al domeniului)

Salutari, Au mai fost discutii de genul (chiar foarte multe) si nu s-a concretizat nimic pentru ca s-a cazut de comun acord ca sunt idei proaste. Aici nu sunt numai Romani iar comunitatea este deschisa pentru oricine este interesat si nu calca pe bec intr-un fel sau altul. Testele de genul ar descuraja inregistrarea in mod sigur. Da, am face o selectie probabil, dar nu cred ca e cazul sa ajungem la captcha de genul de mai jos pentru inregistrare. Cred ca e simplu, in orice moment este cel putin un moderator sau un admin online iar retarzii o sa isi ia ban in maxim un minut daca posteaza ceva aiurea.

“ar fi” sau “ar fii”? | diacritica Si nu va mai intindeti la offtopic ca va luati ban pe coaja. @euintreb: Vorbeste frumos, las-o pe ma-sa in pace

Se supara cineva daca inchid threadul asta? E o discutie interminabila, fara sens. Completati de pomana petitii online si discutati la fel. Si nu mai credeti tot ce se scrie in presa. Sunt doar ziaristi halitori de rahat si sunt in stare sa faca orice pentru audienta.

Vad ca ai "11 point(s) total" - Nu stiu dupa ce criterii vBulletin calculeaza reputatia. Pare in regula, nu este vorba de un abuz. In cel mai rau caz, de o eroare (insa nu este cazul). Eu am 262 puncte si imi afisaza rep power 10. Serios, chiar nu sta nimeni sa "manareasca" rep power-ul userilor.

In yet another washup from the Snowden revelations, the developers of FreeBSD have decided to take several steps backwards in their crypto work, to stop using hardware random number generators (RNGs). The two hardware RNGs singled out by the FreeBSD developers in this post are Intel's RDRAND (in Ivy Bridge processors), and VIA's Padlock. The decision was made at the FreeBSD Developer Summit, held in Malta in September, but the decision to pull the hardware RNGs didn't attract any attention at the time. “For [FreeBSD] 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random. It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more”, the post states. One solution on offer from Polish developer Pawel Jakub Dawidek, the post states, is to use the time it takes to attach devices at boot time, and feed these numbers into /dev/random: “it turns out that one can get about 4 good bits of entropy from each device”. Among the many things Edward Snowden's documents have suggested is that the NIST's crypto standardisation efforts were nobbled by the NSA. This confirmed long-standing knowledge that the Dual Elliptic Curve Deterministic Random Bit Generator is weak, leading to RSA abandoning it in September. Not everybody believes that RDRAND falls into the same category. Linus Torvalds, for example, dismissed concerns about the instruction, telling the author of an online petition to yank the command from Linux “we actually know what we're doing. You don't”. In that debate, Torvalds pointed out that RDRAND isn't the only source of entropy for values streamed into /dev/random in a Linux implementation. Source: FreeBSD abandoning hardware randomness • The Register Personal note: You can use EGD instead of standard '/dev/random'. Also, you can use it for apache (httpd) in https configurations.

The latest release of the Firefox web browser, version 26, now blocks Java software on all websites by default unless the user specifically authorizes the Java plugin to run. The change has been a long time coming. The Mozilla Foundation had originally planned to make click-to-run the default for all versions of the Java plugin beginning with Firefox 24, but decided to delay the change after dismayed users raised a stink. Beginning with the version of Firefox that shipped on Tuesday, whenever the browser encounters a Java applet or a Java Web Start launcher, it first displays a dialog box asking for authorization before allowing the plugin to launch. Users can also opt to click "Allow and Remember," which adds the current webpage to an internal whitelist so that Java code on it will run automatically in the future, without further human intervention. Mozilla's move comes after a series of exploits made the Java plugin one of the most popular vectors for web-based malware attacks over the past few years. So many zero-day exploits targeting the plugin have been discovered, in fact, that the Firefox devs have opted to give all versions of Java the cold shoulder, including the most recent one. Generally speaking, Mozilla plans to activate click-to-run for all plugins by default, although the Adobe Flash Player plugin has been given a pass so far, owing to the prevalence of Flash content on the web. In addition to the change to the default Java plugin behavior, Firefox 26 includes a number of security patches, bug fixes, and minor new features. The official release notes are available here and a full list of changes in the release can be found here. As usual, current Firefox installations can be upgraded to version 26 using the internal update mechanism, and installers for the latest release are available from the Firefox homepage. Source: http://www.theregister.co.uk/2013/12/10/firefox_26_blocks_java/

Se refera la faptul ca utilizatorul ce a deschis threadul (adica tu) nu este de incredere iar aplicatia postata este un stealer. Tie nu iti pare ilogic sa ai username clitoris pe un forum IT ?

Am remarcat ca in ultima vreme am fost invadati de tot felul de indivizi, marea majoritate venind de pe irc (dupa vocabular). Ar fi de preferat ca cei care intra aici si doresc sa vanda ceva pe RST Market, sa aduca si un beneficiu acestei comunitati: un tutorial, o stire de securitate, un mic ajutor celorlalti utilizatori. Serios, aici nu e mercador. De asemenea, cand doresc sa vanda servere, sa spuna ce anume vand mai exact: server linux, distributie, model cpu, memorie. S-a umplut forumul de "vand root uid0 eth0". Ce saracia e asta fratilor? Eu o vad ca pe o bataie de joc si o sa incep sa dau warn-uri unde vad asa ceva. Invatati ce inseamna termenii pe care-i folositi! - root: Nu, nu este un server de scan. Este un utilizator cu drepturi depline intr-un sistem *nix - eth0: Reprezinta primul device de retea intr-un sistem linux. Va incomodeaza daca se numeste rl0, fxp0, em0, bge0? - uid0: Pai daca ati spus ca vindeti ROOT, poate el avea alt USER ID decat 0 ? E ca si cum ati spune ca vindeti masina cu volan si claxon.

Haideti sa vedem impreuna starea vremii: http://www.vremeainpulamea.ro/?oras=Brasov Si un oras inexistent: http://www.vremeainpulamea.ro/?oras=wegrbsfngn

Microsoft has released 11 Security Patch this Tuesday, including one for CVE-2013-5065 zero-day vulnerability, recently discovered Local privilege escalation vulnerability that could allow a hacker to launch an attack using corrupted TIFF images to take over victims' computers. FireEye researchers said they found the exploit in the wild being used alongside a PDF-based exploit against a patched Adobe Reader vulnerability. December's Patch Tuesday update bundle brings five bulletins ranked critical, including a patch for a vulnerability that could allow remote code execution in Internet Explorer and another remote code execution vulnerability in Office and Microsoft Server is also addressed. Other patches addressing remote code execution vulnerabilities in Lync, all versions of Office and Microsoft Exchange. All supported versions of Windows, from XP to RT and 8.1, are affected by at least one of the critical vulnerabilities. The Six Security bulletins rated important deal with local elevation of privilege vulnerabilities in Windows and Microsoft Developer Tools. Users are recommended to upgrade to Windows 7/above or Linux Distributions, and make sure that you have installed the latest versions of Adobe Reader. Microsoft has also released an updated version (1.163.1657.0) of the Windows Malicious Software Removal Tool. Source: Microsoft released Security Patch for CVE-2013-5065 TIFF Zero-Day vulnerability About CVE-2013-5065: CVE - CVE-2013-5065 and the confirmation from Microsoft: http://technet.microsoft.com/en-us/security/advisory/2914486

Google announced that it detected a French government agency using unauthorized digital certificates for several Google domains to perform man-in-the-middle attacks on a private network. Google security engineer Adam Langley described the incident as a "Serious Security breach", discovered in early December. These bogus certificates were fraudulently signed by the certificate authority of DG Trésor, the French Treasury and Cyber Defense agency known as ANSSI. Google has immediately updated Chrome’s certificate revocation list to block all dodgy certificates issued by the French authority. ANSSI said that the intermediate CA certificate was used to inspect encrypted traffic with the user's knowledge on a private network with a commercial device i.e. Snooping on its own users’ Internet usage. Last year, a Turkish certificate authority called 'Turktrust' was revealed to have issued two subordinate certificates for the domain gmail.com, and that these certificates had been used to intercept Gmail users’ traffic. NSA is also alleged to have used man-in-the-middle attacks through unauthorized certificates against Google in the past. Google said, "We're now working to bring this extra protection to more users who are not signed in." Source: Fake Google SSL Certificates, Made in France

LinkedIn's iOS application is prone to a vulnerability that may permit remote attackers to execute arbitrary code. Security Researcher Zouheir Abdallah has disclosed HTML parsing vulnerability in LinkedIn iOS an app, that can be used to phish for credentials or be escalated into a full blown attack. LinkedIn's vulnerability occurs when the messaging feature of LinkedIn's mobile app parses invalid HTML and an attacker can exploit this vulnerability remotely from his/her account, which could have serious impact on LinkedIn's users. He created Proof of concept of the flaw and submitted it to the LinkedIn Security team in September 2013. Later in October 2013, the vulnerable application was patched. One of the possible attack vector is that, using this vulnerability attacker can easily phish LinkedIn user on iOS app. As shown in the screenshot, POC message says: The iOS app will display the url without the hyperlink embedded in the HTML a href , and the receiver of the message will not even know that he is being redirected to a malicious site. The phishing site can be a replica of LinkedIn and tricks the victim into giving out his username and password. This attack can also be used against LinkedIn users by claiming that, they have to re-authenticate to view some article on LinkedIn. The Same attack could also work on different devices such as Android and Blackberry, but he couldn’t test as he didn’t have other handsets at hand. LinkedIn doesn't have a Bug Bounty program neither a Hall of Fame, nevertheless he received a symbolic token of a Shirt, Mug, and a thank you note from LinkedIn's security team. Zouheir is known for reporting a serious vulnerability in DropBox's 2 Factor Authentication back in July 2013. Source: LinkedIn iOS app HTML Message Parsing Vulnerability

Merci pentru raspuns. Discutiile o sa fie publice, asa se face intr-o comunitate.

Salut Rares, In ce fel de sisteme ai cunostinte de securitate ? As fi interesat sa discutam despre o solutie de securitate pe layer 7. -

Ca o nota la acest thread: Nu alegeti tot timpul calea usoara. De asemenea, e o idee buna sa incercati LFS. Eu m-am jucat prima oara cu linux pe la sfarsitul lui 1996 (red hat colgate). Daca totul merge cu managerul de pachete, nu inveti nimic. E ca la windows (click, click, next). Cautati sa va compilati singuri pachetele, sa instalati dependinte si sa vedeti cum lucreaza fiecare in parte. Slackware era respins de multi pentru ca era mai 'hard' spre diferenta de debian (cele mai vechi distributii de linux)

Asta e "maxima" chestia. Eu as fi optat totusi si pentru un sicriu