Jump to content

Usr6

Active Members
  • Posts

    1337
  • Joined

  • Last visited

  • Days Won

    89

Everything posted by Usr6

  1. from Crypto.PublicKey import RSA from Crypto import Random import sys print """ _|_|_| _|_|_| _|_|_|_|_| _| _| _| _| _|_|_| _|_| _| _| _| _| _| _| _| _|_|_| _| www.RSTforums.com """ if raw_input("This challenge can harm your brain, cause STRESS, nopti nedormite, abuz de cafea, etc. \n are you de acorrd?'DA / NU': ") == "YES": pass else: sys.exit("you... you... YOU just ai pierdut. goodbye") cheie_publica = """-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwwdzXD9RvYp+Oq2Ajf1F ix2IVypQg2Hu5Ebj7DShQyUKpH2FIOxfE0TIS4EzbYQp58Z2yDORnZGIoj3i3/tn 6N7g2JnIlX9yxH0f5n1aJRTuqxNWy5Zhl24FYXuI0ByVSY4voL+h47rkCBWzbq7q 7W7Q9444TOoni6iysDsw2wCLT+bpoBtLytRNRFMxRWhtuGCwmyofxltVzqDP8sV/ hztdibN8J1P3HbfkaIGshpCDusbvUosIztFp3vUN5Cy95UyogcUNbZGnoZqNyFmS usX8h0XvnFMRwxbwwRJXwUDiqlla5+ygQU1OxgnNPSW/Tm35IoxfWeUwhR79nrA6 cYGkr/YmKhBmTQ+r4iUONNMfu9Z6ykB93B4XAhbKIcjW9bX5J8wFT6mmYrBE7MaS ZSP+XH6P9hkx3u2aZNT5xUuf58h6JcGQ/9NCYx3rfgSN4sqsAaAi3r6pSCVOMXXF QIImdzuq0yo2z4drWb0BfCjvG5Sc04/w+q1e7pJ79EUH/9kwQ59ZgaSjVSinfeGE xbmaQtvKKiE1r2eAUieRkA6eYT4xdORqOF0K4W8yAiY2CbKaPQWsdLkL5qUCgaqf yn2Tbll8gRdfrURiV2AWHtzC2qq+6GhfroFq8o4zDIFtvWPHvIZ599cUIxJ52KmI i9urppmxxYsYoUtqW3O3bB8CAwEAAQ== -----END PUBLIC KEY-----""" the_cheie = RSA.importKey(cheie_publica) def criptare(mesaj): pachet = "" for i in mesaj: pachet += the_cheie.encrypt(i, 32)[0].encode("hex") return pachet mesaj_secret = "the secret message" with open("crack-me.txt", "w") as handle: handle.write(criptare(mesaj_secret)) handle.close() sys.exit() crack-me.txt: http://rgho.st/7ppYvrjd4 Au trecut bacu:
  2. An introduction to applied cryptography and information security suitable for programmers of all ages and skill levels.
  3. OPERATIUNEA OLYMPIC GAMES Programatorii de la Agenția Națională de Securitate și armata israeliană au creat o serie de virusi pentru a ataca computerele care controlează centrul de îmbogățire nucleară a Iranului la Natanz. Atacurile au fost repetate in mai mulți ani, și de fiecare dată programele au fost imbunatatite , pentru a le face dificil de detectat. Una dintre variante a scăpat din Natanz și a devenit publica. Un articol din New York Times aparut in iunie 2012 a prezentat in detaliu actiunile de atac cibernetic 2006 – odata cu reinceperea programului de imbogatire a uraniului in uzina de la Natanz, US incepe planificarea unor actiuni de atac cibernetic 2007 – se realizeaza in laboratoare o replica a instalatiilor iraniene si incepe colaborarea cu Israelul pentru dezvoltarea unui virus 2008 – in uzina incep sa se defecteze centrifugele , simuland defectiuni aleatoare pentrua a deruta specialistii iranieni 2009 – noua administratie Obama preia de la G. Bush programul si decide sa il continue. Obama il revizuieste si cere informari periodice a evolutiei planului de atac. 2010 – primavara – US impreuna cu unitatea israeliana 8200 ataca cibernetic cu o varianta noua de virus o zona de 1000 centrifuge folosite la imbogatirea uraniului 2010 – vara – virusul creat apare pe Internet replicandu-se masiv. In cateva saptamani apar in presa informatii despre virus care este denumit Suxtnet . Obama decide continuarea atacului si in final circa 1000 centrifuge eprezentand 20% din total – sunt scoase din uz 2010-2011 – US estimeaza ca programul iranian a fost intarziat cu circa un an si jumatate 2011-2012 USA si Israelul, continuand atacurile, cauta noi tinte pentru a incetini programul nuclear iranian. Specialistii in securitate cibernetica au gasit alte malware-ului care au fost legate de Stuxnet : Flame,Duqu, Gauss, MiniFlame. Stuxnet este singurul care face de fapt daune fizice. Controlează transmisia în interiorul instalației de îmbogățire nucleară de la Natanz, aruncand în aer centrifugele. Toți ceilalți virusi sunt ca sprijin de malware: ei adună aduna informații, care pot fi apoi folosite pentru a lansa apoi noi atacuri, cum ar fi cu Stuxnet. Operatiunea Nitro Zeus În primii ani ai administrației Obama, Statele Unite au dezvoltat un plan elaborat pentru un atac cibernetic asupra Iranului, în cazul în care efortul diplomatic de a limita programul său nuclear nu ar fi reușit și s- ar fi ajuns la un conflict militar. Planul, cu numele de cod Nitro Zeus, a fost conceput pentru a dezactiva apărare aeriană, sistemele de comunicații și părți esențiale ale sistemului energetic din Iran și a fost amânat, cel puțin pentru viitorul apropiat, după acordul nuclear incheiat între Iran și șase alte națiuni. Practic prin acest atac, infrastructura Iranului ar fi fost scoasa din functiune. Nitro Zeus a făcut parte dintr-un efort de a asigura președintelui Obama alternative, la un război pe scară largă. Planificarea pentru Nitro Zeus a implicat mii de specialisti in programare si informatii, inclusiv plasarea implanturilor electronice în rețele de calculatoare iraniene pentru a „pregăti câmpul de luptă”, în limbajul Pentagonului. Aceasta operatiune avea ca scop si impiedicarea Israelului de a bombarda instalatiile iraniene si declansarea unui conflict regional. In timp ce Pentagonul facea aceste pregătiri, agențiile de informații americane au dezvoltat un cyberplan separat, mult mai concentrat pentru a dezactiva site-ul de îmbogățire nucleară Fordo, construit adânc în interiorul unui munte lângă orașul Qum. Atacul ar fi fost o operațiune sub acoperire, pe care președintele o poate autoriza chiar și în absența unui conflict direct. Fordo a fost mult timp considerat una dintre cele mai dificile ținte din Iran, îngropat prea adânc chiar pentru cele mai puternice arme anti buncar din arsenalul american. In conformitate cu termenii acordului nuclear cu Iranul, două treimi din centrifugele din interiorul Fordo au fost eliminate în ultimele luni, împreună cu toate materialele nucleare. In facilitate este interzisa orice lucrare legata de domeniul nuclear și este convertita la alte utilizări, cel puțin pentru următorii 15 ani. Dezvoltarea celor două programe secrete sugerează modul în care administrația Obama a fost preocupata de faptul că negocierile cu Iranul ar putea eșua. În acest fel, războiul cibernetic a devenit un element standard al arsenalului pentru ceea ce se numesc acum conflictele „hibrid”. Existența Nitro Zeus a fost dezvaluita in mod spectaculos si inedit prin documentarul „Zero Days”, prezentat pentru prima dată in februarie 2016 la Festivalul de Film de la Berlin. Regizat de Alex Gibney, care este cunoscut pentru alte documentare, inclusiv premiat cu Oscar „Taxi on the Dark Side” cu privire la utilizarea torturii de către anchetatorii americani, și „We steal secrets: WikiLeaks story”. Este considerat cel mai bun documentarist in prezent. „Zero days” descrie conflictul între Iran și Occident, atacul cibernetic privind uzina de îmbogățire a uraniului de la Natanz si dezbaterile din interiorul Pentagonului asupra faptului dacă Statele Unite au o doctrină viabilă pentru utilizarea unei noi forme de armament ale căror efecte finale sunt doar vag înțelese. Dl. Gibney și echipa lui de investigație, condusă de Javier Botero, au intervievat foști si actuali participanți în programul Iran, care au dezvăluit detalii cu privire la efortul de a insera in rețelele de calculatoare ale Iranului „implanturi”, care ar putea fi folosite pentru a monitoriza activitățile țării și, dacă este comandat de dl Obama, să atace infrastructura. (În conformitate cu normele prevăzute în directivele prezidențiale, unele făcute publice în urmă cu trei ani de Edward J. Snowden, doar președintele poate autoriza un atac cibernetic ofensiv, la fel ca și utilizarea armelor nucleare.) Sunt multi critici care comenteaza despre modul cum astfel de subiecte „delicate” au ajuns publice. In mod cert SUA si-a aratat o parte din capabilitatile sale in razboiul cibernetic. E posibil ca aceste capabilitati de distrugere a infrastructurii sa fi fost folosite in negocierile de succes cu Iranul ? Nu cred ca putem evalua, eventual putem ghici. Cert este ca asistam la o evolutie asemanatoare inceputurilor folosirii armamentului nuclear ca arma de intimidare si dominatie. Poate in acest nou domeniu militar sa avem si noi un cuvant de spus !! Sursa: http://www.rumaniamilitary.ro/razboiul-cibernetic-contra-iranului Zero days online: topdocumentaryfilms . com/zero-days/
  4. Manufacturer: NRCPC Cores: 10,649,600 Linpack Performance (Rmax) 93,014.6 TFlop/s Theoretical Peak (Rpeak) 125,436 TFlop/s Nmax 12,288,000 Power: 15,371.00 kW Memory: 1,310,720 GB Processor: Sunway SW26010 260C 1.45GHz Interconnect: Sunway Operating System: Sunway RaiseOS 2.0.5 A Chinese supercomputer called Sunway TaihuLight now ranks as the world's fastest, nearly tripling the previous supercomputer speed record with a rating of 93 petaflops per second. That's 93 quadrillion floating point operations per second (or 93 million billion). Sunway TaihuLight surpassed another Chinese supercomputer, Tianhe-2, which had been the world's fastest for three consecutive years with speeds of 33.9 petaflop/s, according to the latest Top500.org ranking released today. Top500 rankings are based on the Linpack benchmark, which requires each cluster "to solve a dense system of linear equations." "Sunway TaihuLight, with 10,649,600 computing cores comprising 40,960 nodes, is twice as fast and three times as efficient as Tianhe-2," the Top500 announcement said. Sunway TaihuLight is one of the world's most efficient systems, with "peak power consumption under load (running the HPL benchmark)... at 15.37MW, or 6 Gflops/Watt." The system has memory of 1.3PB, or 32GB for each node. This is actually not much memory considering how many cores the system has; if it used "a more reasonable amount of memory for its size," Sunway TaihuLight would be a lot more power-hungry. Sunway has more than three times as many cores as Tianhe-2, but it uses less overall power—15.37MW vs 17.8MW. Tianhe-2 had been the world's fastest in six consecutive rankings, which are released twice a year. Tianhe-2 took the top spot for the first time in June 2013, beating the previous fastest supercomputer, which held the position just once. Developed by China's National Research Center of Parallel Computer Engineering & Technology, Sunway TaihuLight is installed at the National Supercomputing Center in Wuxi, China. While Tianhe-2 uses Intel processors, Sunway TaihuLight was built entirely with processors designed and manufactured in China. Sunway TaihuLight uses a custom interconnect based on PCIe 3.0 technology. Each node in Sunway TaihuLight has one SW26010 chip, a new version of the ShenWei processor that produces speeds of 3 teraflop/s with 260 cores. This is a 1.45GHz 64-bit RISC processor, but the Top500 announcement said "its underlying architecture is somewhat of a mystery." "At 3 teraflops, the new ShenWei silicon is on par with Intel’s 'Knights Landing' Xeon Phi, another many-core design, but one with a much more public history," Top500 said. "In a bit of related irony, it was the US embargo of high-end processors, such as the Xeon Phi, imposed on a number of Chinese supercomputing centers in April 2015, which precipitated a more concerted effort in that country to develop and manufacture such chips domestically. The embargo probably didn’t impact the TaihuLight timeline, since it was already set to get the new ShenWei parts. But it was widely thought that Tianhe-2 was in line to get an upgrade using Xeon Phi processors, which would have likely raised its performance into 100-petaflop territory well before the Wuxi system came online." While the US embargo is in place because of concern about nuclear research, Top500.org said Sunway TaihuLight is planned for use in research and engineering work in fields including climate, weather and Earth systems modeling, life science research, advanced manufacturing, and data analytics. Surse: http://www.top500.org/system/178764 http://arstechnica.com/information-technology/2016/06/10-million-core-supercomputer-hits-93-petaflops-tripling-speed-record/
  5. If you wanna look mai de aproape: http://rgho.st/7bcYZLH4J
  6. Usr6

    Colectie link-uri

    [RSS] Udemy coupons/free courses http://bestblackhatforum.com/syndication.php?fid=877&limit=15
  7. Elementary Military Cryptography https://www.nsa.gov/public_info/_files/friedmanDocuments/Publications/FOLDER_236/41760529079966.pdf Advanced Military Cryptography https://www.nsa.gov/public_info/_files/friedmanDocuments/Publications/FOLDER_239/41748809078800.pdf
  8. Part I: Monoalphabetic Substitution Systems https://www.nsa.gov/public_info/_files/military_cryptanalysis/mil_crypt_I.pdf PART II. SIMPLER VARIETIES OF. POLYALPHABETIC SUBSTITUTION SYSTEMS https://www.nsa.gov/public_info/_files/military_cryptanalysis/mil_crypt_II.pdf Part III. SIMPLER VARIETIES. OF APERIODIC SUBSTITUTION SYSTEMS https://www.nsa.gov/public_info/_files/military_cryptanalysis/mil_crypt_III.pdf Part IV. TRANSPOSITION AND FRACTIONATING SYSTEMS https://www.nsa.gov/public_info/_files/military_cryptanalysis/mil_crypt_IV.pdf
  9. ACBEDGFIHKJMLONQPSRUTWVYXZacbedgfihkjmlonqpsrutwvyxz MhndGmbgiolQCKLBFVvSIxwqTOeURrcHsNYyfAPWajXDkZpuzJtE YppXDuuuDracDXeUrUWAsNPrRyXu7j you will... Au rezolvat: 1. @zekstein 2. @Byte-ul 3.
  10. Crima sau sinucidere? Postati aici raspunsul + motivarea
  11. Usr6

    Udemy

    From 0 to 1: Data Structures & Algorithms in Java https://www.udemy.com/from-0-to-1-data-structures/?couponCode=ALGO_SAL
  12. vezi sa nu faci bataturi la mana de la atata lucru ... manual
  13. Usr6

    Udemy

    How Hackers Infiltrate Victim's Computers Using Trojans Free €230 100% off Discover the Step By Step Methods Hackers Use To Create, Install and Take Control of Victim's Computers https://www.udemy.com/hacking-tools/?couponCode=decfree
  14. Announcing the results of its experiment, Google says Quantum Computer is More than 100 Million times faster than a regular PC. Two years ago, Google and NASA (National Aeronautics and Space Administration) bought a D-Wave 2X quantum computer, which they have been experimenting at the U.S. space agency's Ames Research Center in Mountain View, California for the past two years. The goal is to create a better way to solve highly complex problems in seconds rather than years. Now, a Google's Quantum AI team appears to have announced the results of its latest test on D-Wave 2X quantum computer, demonstrating that quantum annealing can outperform simulated annealing by over 108 times – that is 100,000,000 times faster. What is Quantum Computers? Quantum computers can theoretically be so much faster because they take advantage of quantum mechanics. While traditional computers use the "bits" to represent information as a 0 or a 1, quantum computers use "qubits" to represent information as a 0, 1, or both at the same time. In turn, this allows Quantum computers to achieve a correct answer much faster and efficiently through parallel processing. Google's D-Wave 2X Quantum Computer Now, the Google Quantum Artificial Intelligence Lab has announced that its D-Wave machine is considerably much faster than simulated annealing – quantum computation simulation on a classical computer chip. "We found that for problem instances involving nearly 1000 binary variables, quantum annealing significantly outperforms its classical counterpart, simulated annealing. It is more than 108 times faster than simulated annealing running on a single core," said Hartmut Neven, Google's director of engineering. Google: Our Quantum Machine is 100 Million Times Faster Google has also published a paper [PDF] on the findings, claiming that the team was able to perform a calculation with the quantum computing technology that was significantly faster than a conventional computer with a single core processor. The researchers emphasized that their research on quantum computing is still in the early stages and has yet to be commercialized which could take decades. "While these results are intriguing and very encouraging, there is more work ahead to turn quantum enhanced optimization into a practical technology," Neven wrote. However, the team of Google and NASA researchers announced on Tuesday that the tests on D-Wave machines using Quantum Monte Carlo algorithm simulates running an optimization problem on ordinary silicon, and again the results were more than 100 Million times faster than a conventional computer. Sursa: It Works! Google's Quantum Computer is '100 Million Times Faster' than a PC - The Hacker News
  15. Fran?a, aflat? în stare de urgen?? dup? atentatele teroriste comise la Paris pe 13 noiembrie, ar putea s? interzic? în curând re?elele publice de WiFi, informeaz? site-ul lepoint.fr. Anonimatul pe internet se afl? în vizorul Ministerului de Interne din Fran?a. În cadrul st?rii de urgen??, Guvernul francez inten?ioneaz? s? adopte mai multe m?suri care îi vizeaz? pe internau?i. Una dintre ele ar consta în interzicerea conexiunilor WiFi libere ?i partajate, potrivit cotidianului Le Monde. Suprimarea conexiunilor WiFi publice ar fi motivat? de faptul c? ele fac dificil? pentru autorit??i identificarea internau?ilor conecta?i. Contravenien?ii, continu? Le Monde, s-ar expune la "contraven?ii penale". În prezent, precizeaz? site-ul Numerama.com, legea impune ca abona?ii la internet s? î?i securizeze conexiunea WiFi, pentru a evita, de exemplu, ca un utilizator str?in s? se foloseasc? de acea conexiune liber?, pentru a opera desc?rc?ri ilegale online. O alt? m?sur? ce ar fi vizat? de Ministerul de Interne francez vizeaz? interzicerea ?i blocarea programelor ce permit navigarea pe internet într-o manier? anonim?. Potrivit Le Monde, una dintre m?suri ar consta în "interzicerea ?i blocarea comunica?iilor pe re?elele Tor din Fran?a", ce permite navigarea online anonim?. Re?eaua Tor este foarte des folosit? de activi?tii ?i disiden?ii din ??rile autoritare, care se folosesc de aceasta în special pentru a comunica f?r? a fi repera?i de autorit??i. Astfel, Iranul este una dintre primele ??ri care au blocat re?eaua Tor. Aceste texte de lege ar putea fi adoptate în ianuarie 2016. Sursa: Starea de urgen?? din Fran?a: WiFi-ul public ar putea fi interzis în curând - Mediafax
  16. ok, ok, da de ce n-ai luat ban inca ? Nu e frumos sa stricam traditia inainte de sfintele sarbatori ( @wildchild ) P.S. La multi ani
  17. Here’s a challenge for you, what does this decode to? T{4 G=C 9<=E B63 3<3;G /<2 9<=E G=C@A3:4^ G=C <332 <=B 43/@ B63 @3AC:B =4 / 6C<2@32 0/BB:3A` {4 G=C 9<=E G=C@A3:4 0CB <=B B63 3<3;G^ 4=@ 3D3@G D71B=@G 5/7<32 G=C E7:: /:A= AC443@ / 2343/B` {4 G=C 9<=E <37B63@ B63 3<3;G <=@ G=C@A3:4^ G=C E7:: AC11C;0 7< 3D3@G 0/BB:3`T _ !C< "HC^ "63 s@B =4 %/@ I was asked by a couple of folks to help them decode this (this isn't the exact string but it's similar). This was from a CTF and they couldn't figure it out. The challenge already ended so they just wanted to learn how to tackle stuff like this in the future. Unlike the real world, there is often an accompanying script or program that decodes this. You hardly encounter an encoded string and then asked to figure it out cold. CTF pros could probably do this faster than 10 minutes but that's how long it took me with Calculator and Notepad. I should have used a spreadsheet. After I was done, I thought I would write a program for myself to see if I can decode strings like this much faster. So how do you even start decoding this? I came up with three methods but I'm sure there are other, better ways. Method #1 - Character Frequency Click on the "Statistics" tab then click on the "Get Stats" button. This will count the number of times each letter appears in the script. You see that 3 and = are the most common characters (besides the space). Using this as a guide we know that the most common English letters are E T A O I N S H R . Let's see what the difference is between 3 and e. Enter those values in the "Difference" section and click on the "Calculate Difference" button. I get "50". Now click on the "Decoder" tab, enter the value "50", choose "Character Shift" then click on "Decode". Looks like we partially decoded it. Method #2 - Enumeration The second method dumps a text file that enumerates through all of the possible values. Choose the "Enumerate to File" action and the "Character Shift" operator. Examine the resulting file and look for clues. I searched for "the" and found multiple hits but the one at line #50 looks promising. The line #50 means that the character shift value of 50 was used. At this point you can go to the Decoder tab and do a character shift with a value of 50 like we did above. Method #3 - Distance Calculator The number of characters between two letters will be the same as long as the XOR or character shift value remains constant. For example, The character distance between the letters h-e-l-l-o is -3, 7, 0, and 3 (i.e. the difference between h and e is -3, between e and l is 7, and so on). If we shifted "hello" with a value of 10, the resulting string is "rovvy" and the distance between r-o-v-v-y is still -3, 7, 0, and 3. On the "Statistics" tab, you can search for "the" or any other word that has three or more characters and the toolkit will try to find the same character distance in the input string. Custom Substitution Table The three different methods revealed the character shift value of 50 as our starting point but we still have some undecoded text to contend with. In the output box, it looks like the third character is "f" so the preceeding character might be "I" as in "If". There's two other instances so it looks probable but let's test this theory out. Going back to the "Statistics" tab, I highlight a character that should be an "I" then click on "Get Highlighted Char". The program will extract the corresponding characters from both the input and output boxes. In this example, I think that the left curly brace should be a capital "I" so I make that change then click on the "Calculate Difference" button. I get "-50". So it looks like we have two different character shift values. How would I decode using two values? I need to remap characters and I also need to display the ASCII table so I can visually determine what to map. The "Custom Substitution Table" is what I came up with. If you enter a value on the header row, the values will be copied down the column. If you need to enter a value for a specific character, just enter it into the appropriate box. In this example, the space character in the input string was being shifted to "R". I want to leave this alone so I enter "0" in the "032 - SPC" box. You can download the program here. If this program is used outside of CTFs, I would really like to know Sursa: Text Decoder Toolkit | Kahu Security
      • 1
      • Upvote
  18. Usr6

    Udemy

    Eliminate Code fear - java Free €210 100% off https://www.udemy.com/eliminate-code-fear/?couponCode=NEWLAUNCH Android: https://www.udemy.com/android-tutorial/ Learn Ethical Hacking: Hack Web Applications https://www.udemy.com/ethical-hacking-techniques/ Start Kali Linux, Ethical Hacking and Penetration Testing! https://www.udemy.com/ethical-hacker/
  19. Usr6

    Udemy

    Intermediate training of C++ C++ : Intermediate training of C++ - Udemy
  20. Usr6

    Udemy

    Linux System Administration with Python This course will help you to be a System Administrator in Linux and enhance your knowledge on Python https://www.udemy.com/linux-system-administration-with-python2/?couponCode=LSAP
  21. Usr6

    Destinul

    https://www.sendspace.com/file/72gbex Indicii: 1. Metadata 2. Properties 3. Au terminat challenge-ul: 1. @Byte-ul 2. 3. 4. 5.
  22. Usr6

    Udemy

    Algorithms in C: https://www.udemy.com/algorithms-c-concepts-examples-code/?couponCode=free2day Computer Networks: https://www.udemy.com/computer-networks-course-networking-basics/?couponCode=free2day Unix and Shell Programming for Beginners https://www.udemy.com/shellprogramming/?couponCode=bashunix Software Testing: https://www.udemy.com/software-testing-and-career-in-qa/?couponCode=free2day
  23. Usr6

    Udemy

    Learn iOS Programming from Scratch Free €163 100% off https://www.udemy.com/learn-ios-programming-from-scratch/?couponCode=BBHFFREE
  24. Amazon d? în judecat? peste 1.110 de persoane acuzate c?, în schimbul unei recompense de doar 5 dolari, au acceptat s? scrie recenzii false pentru diverse produse vândute online. Cei chema?i în judecat? î?i primeau banii prin intermediul platfomei de microjoburi Fiverr. Ace?tia erau r?spl?ti?i de vânz?torii de pe platforma Amazon care voiau ca produsele lor s? fie l?udate peste m?sur? de utilizatori. Gigantul comer?ului online spune c? prin astfel de practici, care induc consumatorii în eroare, îi este p?tat? imaginea ?i afectat? credibilitatea. Amazon are îns? o problem?. Nu ?tie numele celor care au scris recenziile false. Le ?tie doar presudonimul folosit pe site-ul de microjoburi. Dar, ca s? scape de complica?ii legale, cei de la Fiverr au obiceiul s? ofere identitatea din spatele conturilor dac? exist? suspiciunea unor nereguli. Sursa: BUSSINES CLUB. Peste 1.100 de „postaci”, da?i în judecat?
  25. The great mystery since the NSA and other intelligence agencies’ cyber-spying capabilities became watercooler fodder has not been the why of their actions, but the how? For example, how are they breaking crypto to decode secure Internet communication? A team of cryptographers and computer scientists from a handful of academic powerhouses is pretty confident they have the answer after having pieced together a number of clues from the Snowden documents that have been published so far, and giving the math around the Diffie-Hellman protocol a hard look. The answer is an implementation weakness in Diffie-Hellman key exchanges, specifically in the massive and publicly available prime numbers used as input to compute the encryption key. The team of 14 cryptographers presented their paper, “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice,” this week at the ACM Conference on Computer and Communications Security, which explains that given the budgets at the disposal of the NSA, for example, such an agency could build enough custom hardware and invest the time required to derive an output that would give the attacker “intermediate” information that would eventually lead to the breaking of individual encrypted connections. “It’s not arriving at the key, instead it’s telling you something about the mathematical structure about that particular choice of the prime number when used in Diffie-Hellman,” said J. Alex Halderman associated professor computer science and engineering at the University of Michigan and one of the authors of the paper. “The analogy is sort of cracking the prime. After you crack the prime, breaking individual Diffie-Hellman connections that use that prime is easy.” The prime numbers are the most likely target, he said, because they’re usually not generated from scratch, instead are plucked from previous work or taken from recommendations in established standards. Halderman told Threatpost that an intelligence agency of the NSA’s caliber would need to spend hundreds of millions of dollars to build the custom hardware required for such a large computation. “The payoff you get is just so enormous,” Halderman said. “You built this machine and after a year or so of cranking on the problem, it produces some output that then lets you break individual connections very quickly. So you do this enormous amount of math that involves only the prime, and what you’re left with is an intermediate product of the attack, information about the mathematical structure of the prime. So you can amortize that cost of building that computer across potentially trillions of encrypted connections that you can then very quickly and cheaply break.” The paper explains that Diffie-Hellman picking a prime number from an available pool was an implementation choice that makes sense from a development standpoint, but is a disastrous choice in the context of security and privacy. “The core lesson of our paper is about this disconnect in the analysis of some foundational crypto between the mathematical cryptography community and the world of people who are applying crypto in real systems,” Halderman said. “We’re taking stuff about the cryptanalysis that’s been known within certain research circles, but the people in those research circles didn’t realize quite how Diffie-Hellman was being used in the real world. They didn’t realize that there was such widespread duplication of primes and primes of such weak strength.” Most at risk if a common 1024-bit prime is broken, the paper says, are IPsec VPNs, 66 percent of which rely on Diffie-Hellman key exchanges. Such an attack would also break 26 percent of SSH connections and 18 percent of HTTPS connections on the top one million domains. From the Snowden documents we already know the NSA had the capability and motivation to passively snag traffic from Internet backbones, collecting encrypted VPN traffic for example. Halderman said an attacker could then send that collected traffic back to the purpose-built supercomputer which hacks away at the math until the key is derived. “The mystery is how are they attacking the cryptography because standard cryptography we use for the Web and VPNs has been developed with the intention that even if you have access to enormous supercomputers, you shouldn’t be able to break it,” Halderman said. “So there must be something weak about the cryptography everyone depends on that the applied security community hadn’t realized. Our result is simply an explanation for what the big problem likely is that is enabling that large-scale decryption with high-performance computing.” The NSA’s black budget, which was explained in a Snowden document, includes $1 billion annually for computer network exploitation, and other related programs afforded hundreds of millions for the same task, putting this type of attack within range of the agency. In the meantime, it’s likely going to be years before this is properly addressed, Halderman said, because so many protocols are affected. “This isn’t a flaw in a particular protocol, it’s a property of the math the underlies Diffie-Hellman, which is part of the foundation of almost every important cryptographic protocol we use,” Halderman said. “It’s certainly not an overnight [fix]. One of the problems is that the standards behind any important protocols like the IPsec VPN protocol specify that everyone will use these particular primes that by virtue of being so lightly used are made weaker. I think it’s going to be years unfortunately before standards and implementations are widely updated to account for this threat.” Sursa: https://threatpost.com/prime-diffie-hellman-weakness-may-be-key-to-breaking-crypto/115069/
×
×
  • Create New...