aelius

Content delivery network (CDN) specialist Akamai Technologies is acquiring Prolexic in a bid to extend its web optimization and security offerings. Prolexic is a natural extension for Akamai, as the hybrid CDN/security model has been on the rise. Akamai will acquire all of the outstanding equity of Prolexic in exchange for a net cash payment of approximately $370 million, after expected purchase price adjustments, plus the assumption of outstanding unvested options to purchase Prolexic stock. Prolexic gives Akamai (AKAM) further cloud-based security for protecting data centers and enterprise IP applications from distributed denial of service (DDoS) attacks. DDoS attacks can temporarily cripple a organization, preventing legitimate users from accessing a service. “Any company doing business on the Internet faces an evolving threat landscape of attacks aimed at disrupting operations, defacing the brand, or attempting to steal sensitive data and information,” said Tom Leighton, CEO of Akamai. “By joining forces with Prolexic, we intend to combine Akamai’s leading security and performance platform with Prolexic’s highly-regarded DDoS mitigation solutions for data center and enterprise applications protection. We believe that Prolexic’s solutions and team will help us achieve our goal of making the Internet fast, reliable, and secure.” Companies like CloudFlare that provide a hybrid of CDN and security services have captured a lot of the consumer market, and stand as a possible future threat to Akamai’s business. Akamai needs to evolve, and it is doing so here. Akamai is firmly rooted in the higher end of the market and will maintain its position by expanding its portfolio of security solutions, in addition to content delivery services. The acquisition means businesses can acquire performance and DDoS mitigation from a single vendor. “Today, business is defined by the availability, security and latency of Internet-facing applications, data and infrastructure,” said Scott Hammack, CEO at Prolexic, which has been a pioneer in DDoS defense. “Being able to rely on one provider for Internet performance and security greatly simplifies resolution of network availability issues and offers clients clear lines of accountability. We believe that, together, we will be able to deliver an unprecedented level of network visibility and protection.” Akamai intends to provide customers with a comprehensive portfolio of security solutions designed to defend an enterprise’s Web and IP infrastructure against application-layer, network-layer and data center attacks delivered via the Internet. Source: Akamai Acquires Prolexic to Protect Customers From DDoS Attacks | Data Center Knowledge

SIM cards are among the most widely-deployed computing platforms with over 7 billion cards in active use. Cracking SIM cards has long been the Holy Grail of hackers because the tiny devices are located in phones and allow operators to identify and authenticate subscribers as they use networks. A German cryptographer Karsten Nohl, the founder of Security Research Labs claims to have found encryption and software flaws that could affect millions of SIM cards, and allows hackers to remotely gain control of and also clone certain mobile SIM cards. This is the first hack of its kind in a decade. Nohl will be presenting his findings at the Black Hat security conference this year. He and his team tested close to 1,000 SIM cards for vulnerabilities, exploited by simply sending a hidden SMS. According to him, Hackers could use compromised SIMs to commit financial crimes or engage in espionage. Once a hacker copies a SIM, it can be used to make calls and send text messages impersonating the owner of the phone. The exploit only works on SIMs that use an old encryption technology known as DES. DES is used in around three billion mobile SIMs worldwide, of which Nohl estimates 750 million are vulnerable to the attack. GSMA, which represents nearly 800 mobile operators, will notify telecommunications regulators and other government agencies in nearly 200 countries about the potential threat and also reach out to hundreds of mobile companies, academics and other industry experts. Nohl believes that cyber criminals have already found the bug. Now the theoretical details of the vulnerability is out, he expects it would take them at least six months to crack it, by which time the wireless industry will have implemented available fixes. Sim Card Cloning Hack affect 750 millions users around the world - The Hacker News

In a recent cyber attack on a Forum site, thousands of outdated legitimate WordPress blogs were abused to perform DDOS attacks using previously known vulnerabilities. After analyzing the Log file from the victim's server, we have noticed many Wordpress CMS based educational (.EDU) and Government (.GOV) websites from where the attack was originated. In the past we have reported about many such cyber attacks, where attackers hacked into the Wordpress blogs using password brute-force attack or they used the PINGBACK vulnerability in older versions of Wordpress without compromising the server. WordPress has a built in functionality called Pingback, which allows anyone to initiate a request from WordPress to an arbitrary site and it can be used for a single machine to originate millions of requests from multiple locations. We have seen more than 100,000 IP addresses involved in the recent DDOS attack and the victim's Forum website received more than 40,000 requests in 7 minutes from different Wordpress blogs and IP addresses. In this recent attack, we have noticed more than 4000 .EDU and .GOV sites along with thousands of other abused sites, including following: These large servers can cause much more damage in DDoS attacks because the servers have the large network bandwidth and are capable of generating significant amounts of traffic. At this time it's not clear that either these Wordpress blogs are compromised or the Pingback vulnerability was used to perform the attack. But It’s always wise to learn from other’s mistake. If you still use 'admin' or common name as a user name on your blog, change it, use a strong password. There are also security plug-ins available, two-factor authentication options available for WordPress and of course make sure you are up-to-date on the latest version of WordPress. Source: DDoS Attacks originated from thousands of .EDU and .GOV WordPress Blogs - The Hacker News My opionion: looks like a lame http flood ;-)

Pacatosule, vine ajunul craciunului ))

Adica te referi la document root. Este calea completa catre site. In config.php in loc de: $config['basedir'] = '/home/username/public_html'; pui asa: $config['basedir'] = $_SERVER["DOCUMENT_ROOT"]; Pentru cealalalta problema: macbook upload$ grep Powered */* [U]themes/right.tpl[/U]: <b>Powered by 9GagCloneScript.com</b> macbook upload$ ps: Cam vechi threadul, nu mai scotociti prin gunoi frate ;-)

Au, muma ...

[B](02:12:42) shaggi: tex, si eu cu inca cativa eram sa ne ducem dracu rau... [/B](02:12:46) Oust: Sau poate e idiot. (02:12:53) shaggi: deci, era unu cu un tir (02:12:55) Bolovanus: oust zice asa ca poate si el a facut asa [B](02:13:00) shaggi: si noi cu o mazda[/B] (02:13:01) Oust: )) [B](02:13:02) shaggi: rx7[/B] (02:13:08) shaggi: sa-l depasim (02:13:23) Oust: Pai asa am facut si n-am vazut, dar era o masina si mi-a dat flash-uri, si m-am bagat din nou pe banda 2. (02:13:27) shaggi: si cand ajungem pe la jumatatea tirului, se apuca el sa depaseasca o bicicleta (02:13:30) shaggi: pe larg:| (02:13:32) Oust: Dar voiam sa ma bag pe b3. [B](02:13:35) Bolovanus: pai care cativa ca in masina aia intra doar 2 (02:13:51) LLegoLLaS: pwn[/B] (02:13:52) shaggi: cx7 (02:13:54) shaggi: scuze (02:14:00) tex: PWN (02:14:01) tex: ))) (02:14:06) tex: hihihihihhihihihihhihihihihhihih?ihihhihihihihhihihihih (02:14:19) shaggi: coaie, m-am incurcat (02:14:25) Oust: (02:14:26) Oust: Hahahah (02:14:28) shaggi: defapt uitasem cum era masina (02:14:29) Oust: Pai ba. (02:14:35) Bolovanus: )) (02:14:41) LLegoLLaS: seamana (02:14:41) shaggi: si am zis primul model de mazda ce mi-a venit in cap (02:14:42) tex: hahahaha (02:14:42) LLegoLLaS: (02:14:43) tex: mor ba (02:14:47) tex: MOR DE RAS (02:14:47) Oust: Voi erati de vina, nu el. (02:14:49) tex: )) (02:15:00) shaggi: Oust, de ce ma? (02:15:04) tex: pai da, ce cautati manca-ti-as 17 insi in masina cu doua locuri (02:15:09) tex: ))) ) ))))) (02:15:10) shaggi: daca ala nu a semnalizat? (02:15:11) Oust: )))))))))))))0 (02:15:14) LLegoLLaS: )))) (02:15:15) Oust: Hahahaha (02:15:22) tex: erati pakistanezi (02:15:24) tex: ce naiba (02:15:26) tex: )))))) (02:15:28) shaggi: coaie, am precizat, era cx7.. (02:15:31) Bolovanus: )))) (02:15:33) LLegoLLaS: shaggi parca esti tata: orice are 4 roti si motor = masina (02:15:33) tex: deci faza asta a fost super tare ba (02:15:34) LLegoLLaS: )) (02:15:37) tex: da, am inteles (02:15:39) shaggi: scuze pentru dezimformarea de mai sus (02:15:47) Oust: Chill ba. (02:15:47) tex: hahahahha (02:15:50) LLegoLLaS: dezinformarea* (02:15:50) Oust: Nu mai pune botul. (02:15:55) Oust: Glumim si noi. (02:15:59) Oust: Pai voi erati de vina. (02:16:01) LLegoLLaS: )

se pare ca nu se poate: "Facebook does not offer a way for you to see friend-requests that you previously rejected explicitly or deleted" (raspuns gasit cu google, nu ma pricep la facebook)

A fost discutia asta ieri: https://rstforums.com/forum/78384-remove-password-administrator-live-cd.rst Pune un Ubuntu sau Debian pe USB Stick (daca stie PC-ul sa booteze dupa USB) si instalezi chntpw Nu poti merge la un prieten sa descarci imaginea ?

Ba da #include <stdio.h> int main() { printf("User Adde has been banned permanently\n"); } Omul ti-a explicat frumos cum se face. Ca un rezumat pentru ce a spus: Securitatea nu consta intr-un soft instalat. Noroc bun.

Multumesc. - hacksoft - ban doua saptamani - thread mutat la gunoi.

@ANYK: Cine e Kronzy ? Cel ce a deschis threadul ?

Doua banuri la threadul asta. Sa va invatati minte si sa nu mai faceti mizerie peste threadurile oamenilor.

Ban doua saptamani. Pai va bateti joc de noi frate ? Ce e cu threadurile astea preacurvite ...

Categoria este cereri, nu oferte si este deja deschis un thread dedicat pentru asta. Va rog sa nu mai deschideti alte threaduri cu torente. Threadul se muta la cosul de gunoi si se inchide Merci.

Florine, daca vrei un simplu text pe poza, foloseste frate PAINT. Orice trompeta de windows are asta.

Inginerule care esti, postul tau nu are nicio legatura cu threadul asta. Si da, web serverul face log-uri. Thread closed, ca s-au intins aici precum babele la taifas.

Nu sunt unice. Se realoca numerele. O saracie de management a companiilor de telefonie.

Are you tired of yet more externally exploitable buffer overflows in C programs? Do you want to audit your source for common mistakes? If so, PScan is for you! What PScan does: Scans C source files for problematic uses of printf style functions. e.g.: sprintf(buffer, variable); Bad! Possible security breach! sprintf(buffer, "%s", variable); Ok All of these security problems can also occur with any printf-style function. It is simple to fall into the trap of misusing printf and friends, thus, the need for PScan. What PScan does not do: - Scan for traditional buffer over-flows. - You should use a bounds-checking compiler for that. - Scan for any other mis-use of function parameters. The functionality given by PScan is limited. Yet it may be useful. I'm not going to claim it's the be-all and end-all of security scanners, but it does one thing, and it does it simply, and reasonably well. Newer versions of GCC do a better job of scanning source files for problems, but they require the code to be compiled. Pscan is a lot faster, but not as good. As always, there are trade-offs in life. Analyzing and correcting the security breaches is up to the programmer. Let's run PScan over an old version of wu-ftpd. The text below is a sample of the output from PScan: [aland@www pscan]$ ./pscan -p wu-ftpd.pscan ../wu-ftpd-2.6.1/src/*.c ../wu-ftpd-2.6.1/src/ftpd.c:2575 FUNC reply ../wu-ftpd-2.6.1/src/ftpd.c:6277 FUNC syslog ../wu-ftpd-2.6.1/src/ftpd.c:6292 FUNC syslog ../wu-ftpd-2.6.1/src/ftpd.c:6438 FUNC reply [aland@www pscan]$ From the area around line 6277 of ftpd.c, with the problem line emphasized, the code is 6271: if (debug) { 6273: char *s = calloc(128 + strlen(remoteident), sizeof(char)); 6274: if (s) { 6275: int i = ntohs(pasv_addr.sin_port); 6276: sprintf(s, "PASV port %i assigned to %s", i, remoteident); 6277: syslog(LOG_DEBUG, s); 6278: free(s); 6279: } 6280: } So we can see that if the variable debug is set, and the variable remoteident can be set externally (say by an anonymous FTP user), then there may be an exploitable hole in the call to syslog. If we root around the source a little more, we discover in ftpd.c: 6037: else if (authenticated) 6038: sprintf(remoteident, "%s @ %s [%s]", 6039: authuser, remotehost, remoteaddr); 6040: else 6041: sprintf(remoteident, "%s [%s]", remotehost, remoteaddr); The remotehost variable holds the host name of the remote host which is currently connected. A malicious user may set the DNS hostname to a string which contains carefully constructed formatting codes recognized by the sprintf and syslog functions. This problem may allow him to cause the ftp daemon to core dump, or even for him to gain access to a root shell. The solution is to correct line 6277 in the source. The suggested replacement line is below, with the changes emphasized 6277: syslog(LOG_DEBUG, "%s", s); Trusting user input is a bad thing for any program to do. Download: http://deployingradius.com/pscan/pscan.tar.gz Source: PScan: A limited problem scanner for C source files

Avem a multumi pentru audienta Thread closed

99 % din produsele de genul sunt fabricate in china. Placi de baza, procesoare, componente, telefoane, laptopuri. Inclusiv produsele Apple. Una e sa dai 2500 / lunar la un angajat si alta e sa dai 200 de dolari.

Erau mai multi pe lista dar am dat sa vad posturile acestora pe forum si au foarte multe cereri. Imi plac asa ca persoane dar ca VIP ar trebui ceva skills. O sa propun pentru VIP pe redcoder si pe silvian0 ; Ceilalti, va puteti face remarcati prin publicarea de tutoriale si participarea activa la discutiile tehnice.

Ziua buna stimabililor. Si da, threadul era mai mult sa vedem ce fel de oameni avem pe aici, ce varsta au si cine aspira la titluri Cred ca totusi vreo 3 persoane de aici o sa primeasca VIP.

Si-au mai schimbat numele odata (din MCTI), chiar la 6 luni dupa ce "au platit" 35.000 de euro pe un portal facut in typo3 celor de la kondiment. E aceiasi institutie de rahat, aceiasi bosorogi care habar nu au ce inseamna reglementare in domeniul comunicatiilor, insa asta e alt subiect. E o tara de curve si escroci iar hotia pleaca de sus. Pentru serverul de timp de la MCTI au dat 230 miliarde lei vechi. Da ce cacat ma, e pe fisiune nucleara ?! Guess what? Nu mai e functional nici ala. Si-au luat masini, case, creme si s-au dus cu banii la curve.

Top level domain peste domeniile .RO a fost intotdeauna ICI (institutul de cercetare in informatica), nicidecum ANRCTI. S-au invartit multe balarii si fraude si la ei. Cine e vechi pe net, stie manaria cu DOM REG si ICI. Practic, cumparai un domeniu prin rotld si in loc sa apara ei ca registrar, aparea DOM REG, o firma capusa condusa de Staicut. Mie imi pare ok plata anuala, dar nu doua plati. Sunt domenii cumparate ilegal (cu carduri) inainte de 2002 prin register dot com in parteneriat cu rotld care si acum sunt abandonate. Erau folosite la firme de shell-uri si s-au furat intre ei (pana la urma, au pierdut accesul la email-uri) Asta e, daca se pune taxa anuala si avem nevoie de ele o sa platim. Nu e un capat de tara. Ce nu gasesc eu in regula: RoTLD au luat practic domeniile (si le-au insusit): com.ro, org.ro, tm.ro, info.ro, www.ro, store.ro, rec.ro si acum PRACTIC ei vand subdomenii pe acestea la acelasi pret cu domeniile. Eu asta o vad ca pe o nesimtire.