Fi8sVrs

#!/usr/bin/env python #Python Dictionary File Maker v0.2 #Written By: Absolution import os, string, time, hashlib, math,sys from itertools import product, chain bench = 0 def UI(): print "Dictionary Maker v0.2" print "Written By: Absolution" print ''' 1 - Make Dictionary 2 - Benchmark System 3 - Exit ''' ui = raw_input("What would you like to do? => ") if ui == '1': DictInfo() elif ui == '2': Benchmark() elif ui == '3': exit() def DictInfo(): print ''' 1 - Lowercase Letters 2 - Uppercase Letters 3 - Numbers 4 - Uppercase & Lowercase 5 - Uppercase, Lowercase & Numbers 6 - Uppercase, Lowercase & Punctuation 7 - Uppercase, Lowercase, Numbers & Punctuation 8 - Enter your own charset ''' charset = raw_input("Which charset to use? => ") maxfilesize = raw_input("Enter max size of each file (MB) => ") minlength = raw_input("Enter min length => ") maxlength = raw_input("Enter max length => ") maxlength = int(maxlength) + 1 md5 = raw_input("Include MD5 Hash? (Y or N) => ") MakeDict(charset, maxfilesize, minlength, maxlength, md5) def MakeDict(charset, maxfilesize, minlength, maxlength, md5): global bench #Load charset for dictionary maker to use if charset == '1': letters = string.ascii_lowercase elif charset == '2': letters = string.ascii_uppercase elif charset == '3': letters = string.digits elif charset == '4': letters = string.ascii_letters elif charset == '5': letters = string.ascii_letters + string.digits elif charset == '6': letters = string.ascii_letters + string.punctuation elif charset == '7': letters = string.ascii_letters + string.digits + string.punctuation elif charset == '8': letters = raw_input("Enter characters to use => ") else: print 'No valid char set was chosen.' DictInfo() combinations = 0 totalsize = 0 for z in range(int(minlength),int(maxlength)): combs = math.pow(int(len(letters)), z) combinations = int(combinations) + int(combs) size = int(combs) * z totalsize = int(totalsize) + int(size) wspace = int(combinations) * 2 totalsize = int(totalsize) + int(wspace) if md5 == "Y": md5calc = int(combinations) * 34 totalsize = int(totalsize) + int(md5calc) if totalsize < 1000: sizeappend = "bytes" elif totalsize > 1000 and totalsize < 1000000: sizeappend = "kB" totalsize = int(totalsize) / 1000 elif totalsize > 1000000 and totalsize < 1000000000: sizeappend = "MB" totalsize = int(totalsize) / 1000000 elif totalsize > 1000000000 and totalsize < 1000000000000: sizeappend = "GB" totalsize = int(totalsize) / 1000000000 elif totalsize > 1000000000000: sizeappend = "TB" totalsize = int(totalsize) / 1000000000000 #Creates variable for filename y = 1 #Dictionary iteration filename = 'dict' #Change name to whatever you want extension = '.txt' #Change extension to whatever you want dictfile = (filename + str(y) + str(extension)) #File name variable print ("Writing dictionary that contains the charset %s, with a min length of %s characters and a max length of %s characters." % (letters, minlength, str(int(maxlength) -1))) print ("You have selected %i different combinations, the output file size will be about %i %s" % (combinations, totalsize, sizeappend)) if bench > 0: estimatedtime = int(combinations) / int(bench) estimatedtime = int(estimatedtime) / 60 print("It is estimated that the dictionary creation will take %i minutes to complete" %(estimatedtime)) startstop = raw_input("Are you sure you wish to continue? (Y or N) => ") if startstop == "N": exit() starttime = time.time() #Create dictionary words try: f = open(dictfile,'w') #Initially opens file for x in xrange(int(minlength),int(maxlength)): my_chain = product(letters, repeat=x) print ("Writing %i letter words..." % (x)) for char_set in my_chain: word = string.join(char_set) #Join letters together in list word = string.replace(word, ' ', '') #Strip out whitespace f.write(word + '\n') #Writes current word to file if md5 == 'Y': hash = hashlib.md5(word).hexdigest() f.write(hash + '\n') #When each word is written to file, check filesize filesize = os.path.getsize(dictfile) #Get current filesize filesize = int(filesize)/1048576 #Convert to MB if int(filesize) >= int(maxfilesize): print ('%s has reached %i MB. Closing file and making a new one' % (dictfile, filesize)) print ("Last written word was " + str(word)) f.close() #Close current file y = int(y) + 1 #Move to next file number dictfile = (filename + str(y) + str(extension)) #Update filename variable print ('Opening new dictionary file called ' + dictfile) f = open(dictfile,'w') #Open new file for writing except KeyboardInterrupt or StandardError or TypeError as error: f.close() print ('Process interrupted...' + str(error)) #When done: f.close() #Finished so close the file finishtime = time.time() totaltime = int(finishtime) - int(starttime) print ("Finished!\n %i dictionary file(s) were created and your files are located in folder %s" %(y, os.getcwd())) print ('Time Taken: %s seconds' % (str(totaltime))) UI() def Benchmark(): global bench benchfile = "benchmark.txt" print("Creating benchmark test file...") benchstart = time.time() try: f = open(benchfile,'w') for x in xrange(1,5): chain = product('abcdefghijklmnopqrstuvwxyz', repeat=x) print ("Writing %i letter words..." % (x)) for char_set in chain: word = string.join(char_set) #Join letters together in list word = string.replace(word, ' ', '') #Strip out whitespace f.write(word + '\n') f.close() benchstop = time.time() benchtime = int(benchstop) - int(benchstart) bench = 475254 / int(benchtime) except ZeroDivisionError or IOError or ArithmeticError as error: print "There was an error, trying again." Benchmark() print("Your computer has been benched at %i words per second" %(bench)) print("Removing benchmark test file...") os.remove(benchfile) UI() UI() mirror scr

Mandriva Linux Security Advisory 2012-037 - The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. The updated packages have been patched to correct this issue. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:037 http://www.mandriva.com/security/ _______________________________________________________________________ Package : cyrus-imapd Date : March 23, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in cyrus-imapd: The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message (CVE-2011-3481). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3481 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: ff7b707f8503a52f3467c76cdc106ba0 2010.1/i586/cyrus-imapd-2.3.15-10.4mdv2010.2.i586.rpm daefe2c80fc7145df902c43dbf5ad50d 2010.1/i586/cyrus-imapd-devel-2.3.15-10.4mdv2010.2.i586.rpm e41ea7bf9c749026d4cd6516f6feeaf5 2010.1/i586/cyrus-imapd-murder-2.3.15-10.4mdv2010.2.i586.rpm fb6e2825a8824598ee5ae2aadd7fa12a 2010.1/i586/cyrus-imapd-nntp-2.3.15-10.4mdv2010.2.i586.rpm ebd016a661dfa7bdc042fc9140f61dd9 2010.1/i586/cyrus-imapd-utils-2.3.15-10.4mdv2010.2.i586.rpm 7888ab862ca17b0c55ad3fc52da1d858 2010.1/i586/perl-Cyrus-2.3.15-10.4mdv2010.2.i586.rpm 1b4c9cf68d17d2cab8dcab01255a1ac2 2010.1/SRPMS/cyrus-imapd-2.3.15-10.4mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 839604c4fe14a2ed84a32e810592119d 2010.1/x86_64/cyrus-imapd-2.3.15-10.4mdv2010.2.x86_64.rpm b3596d7e78caf7b1005948a462e70785 2010.1/x86_64/cyrus-imapd-devel-2.3.15-10.4mdv2010.2.x86_64.rpm ae18e2b89957dd50dbb6d284df8fa96e 2010.1/x86_64/cyrus-imapd-murder-2.3.15-10.4mdv2010.2.x86_64.rpm 049293e08b36cb86adb51b7f4eabae7f 2010.1/x86_64/cyrus-imapd-nntp-2.3.15-10.4mdv2010.2.x86_64.rpm 6670e23271557683218681c812dc3b52 2010.1/x86_64/cyrus-imapd-utils-2.3.15-10.4mdv2010.2.x86_64.rpm ed418a8cd77a041e1a060f97715fd489 2010.1/x86_64/perl-Cyrus-2.3.15-10.4mdv2010.2.x86_64.rpm 1b4c9cf68d17d2cab8dcab01255a1ac2 2010.1/SRPMS/cyrus-imapd-2.3.15-10.4mdv2010.2.src.rpm Mandriva Linux 2011: 671d5fab777fe892fdb17f746c0911af 2011/i586/cyrus-imapd-2.3.16-7.2-mdv2011.0.i586.rpm 684c26b361c8cfa2ea2f2904a4eb1c9a 2011/i586/cyrus-imapd-devel-2.3.16-7.2-mdv2011.0.i586.rpm fbcce805ef0ff3450191f42a2c03239d 2011/i586/cyrus-imapd-murder-2.3.16-7.2-mdv2011.0.i586.rpm 7bd6dddf40fee59fa1e205a1381cb55c 2011/i586/cyrus-imapd-nntp-2.3.16-7.2-mdv2011.0.i586.rpm 2e30c67b93cd77e0b93375d52c6ba3fd 2011/i586/cyrus-imapd-utils-2.3.16-7.2-mdv2011.0.i586.rpm 3b419c6a279bcd7014785ac08190a7a3 2011/i586/perl-Cyrus-2.3.16-7.2-mdv2011.0.i586.rpm ae4016358f3fb65f8848e7dfacfe51b8 2011/SRPMS/cyrus-imapd-2.3.16-7.2.src.rpm Mandriva Linux 2011/X86_64: c2d51a8608ec4b4e60dbf519efeb27a4 2011/x86_64/cyrus-imapd-2.3.16-7.2-mdv2011.0.x86_64.rpm 987ba5349ff108ecdd9196fc04a129b6 2011/x86_64/cyrus-imapd-devel-2.3.16-7.2-mdv2011.0.x86_64.rpm 7280d308aeacd0c4a42cfb8fa81d98ef 2011/x86_64/cyrus-imapd-murder-2.3.16-7.2-mdv2011.0.x86_64.rpm d87a595ef6b0c8ac1e33b95bc80a4b26 2011/x86_64/cyrus-imapd-nntp-2.3.16-7.2-mdv2011.0.x86_64.rpm 78103c0c3e65bec8b0e74cb0646da2de 2011/x86_64/cyrus-imapd-utils-2.3.16-7.2-mdv2011.0.x86_64.rpm 708d80352c941535db1543235212587f 2011/x86_64/perl-Cyrus-2.3.16-7.2-mdv2011.0.x86_64.rpm ae4016358f3fb65f8848e7dfacfe51b8 2011/SRPMS/cyrus-imapd-2.3.16-7.2.src.rpm Mandriva Enterprise Server 5: c3a25d81605b459b404904d8796d9371 mes5/i586/cyrus-imapd-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm 8041c5f3799dce70901249eb1785d4a3 mes5/i586/cyrus-imapd-devel-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm c6b4f04e130aac5fabc2fa292634bb17 mes5/i586/cyrus-imapd-murder-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm adc9eead0e01c35a3e7d6f8b229ed3e8 mes5/i586/cyrus-imapd-nntp-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm f308073537087528015e1055733681c9 mes5/i586/cyrus-imapd-utils-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm db3487fafeba5b0b2382ccc02634965c mes5/i586/perl-Cyrus-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm ad67978598b453b082cd41fc0ee523dc mes5/SRPMS/cyrus-imapd-2.3.12-0.p2.4.4mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 19410e71050d4c838089ec0a2e903812 mes5/x86_64/cyrus-imapd-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm 4cb70d841875aaf93a190b5fa9880467 mes5/x86_64/cyrus-imapd-devel-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm ddd5ca10ccf664eb339eb82d33c92359 mes5/x86_64/cyrus-imapd-murder-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm 72a0bf64084c54108b9195d296e75908 mes5/x86_64/cyrus-imapd-nntp-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm f2e109e2aafcdf58e5eb8d60ed9e965f mes5/x86_64/cyrus-imapd-utils-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm 137056e0d077cfb799a70d1249d0a45f mes5/x86_64/perl-Cyrus-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm ad67978598b453b082cd41fc0ee523dc mes5/SRPMS/cyrus-imapd-2.3.12-0.p2.4.4mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPbGb1mqjQ0CJFipgRAh1/AKC2qlbRESOUD1PBqzrPi+55cMssxgCbB8Tu pozYe8cYq/oqsWnM8dlDo9M= =Mhy0 -----END PGP SIGNATURE----- scr: packetstormsecurity.org

Globals DB now has APIs to support .NET, Java, and Node.js development. This comes two weeks before we start our 4th Globals Challenge, see Globals for more details . See the release info below: <release-info> Subject: Introducing a New Globals Version – v2012.296 We are very pleased to announce that a new version of Globals (v2012.296) is now available on the Globals Community Website: Globals This new version has a number of enhanced features and bug fixes, which have been incorporated into the Globals software since our last Globals release – v2011.111. This new release introduces the long-awaited .NET API for the Globals Database, along with corrections and enhancements to the existing Java & Node.js APIs. To download this new software, visit the Download page of the Globals website: Globals For a detailed list of all of the new features added to this release, please read the “Globals Release Notes – v2012.296?, also available on the Globals Download page. Globals v2012.296 is available immediately for the following platforms: Apple Mac OS X 10.6 for x86-64 Microsoft Windows XP Pro, Server 2003 SP2, Server 2008, Vista, 7,, 7 SP1 for x86-32 Microsoft Windows Server 2003 SP2, Server 2008, Vista, 7, 7 SP1 for x86-64 Red Hat Enterprise Linux Advanced Platform 5, 6, 6.1 for x86-32 Red Hat Enterprise Linux Advanced Platform 5, 6, 6.1 for x86-64 SUSE Linux Enterprise Server 11 SP1 for x86-32 SUSE Linux Enterprise Server 11 SP1 for x86-64 This platform list is the same as for Globals 2011.111 We look forward to your involvement in the Globals Community. </release-info> scr: globalsdb.wordpress.com

@flux mai e valabil https://rstcenter.com/forum/50626-reselleri-la-produsele-mele-vrei-20-euro.rst ? ti-am trimis pm

AMD has finally released the open-source driver code to support the Radeon HD 7000 "Southern Islands" GPUs and next-generation Fusion "Trinity" APUs under Linux with their open-source driver. Alex Deucher of AMD fired off an email to the DRI development list this afternoon with a set of 48 patches attached to provide the Southern Islands and Trinity DRM support patches, which will now need to land into the mainline Linux kernel. With the set of 48 patches also comes new microcode for Southern Islands and Trinity. The Southern Islands microcode consists of Tahiti, Pitcirn, and Verde. The Trinity microcode is for the Aruba codename. With this Radeon DRM/KMS driver enablement there is initial DCE6 display watermark support, support for CRTC power-gating, support for the Southern Islands internal thermal sensor, support for SI GPU reset, a VM CS (Command Stream) checker, and the other code necessary for this new hardware enablement. The Linux 3.4 kernel merge window opened this week and will remain open through next week. Let's hope these Radeon DRM/KMS patches will be cleared immediately for part of the DRM pull and make it into the Linux 3.4 kernel. It's unfortunate that the Radeon HD 7000 series open-source support is coming months late (I've been talking about the S.I. open-source driver support since last November, with many HD 7000 series Linux updates since), but at least it's here now and that the Trinity Fusion APU support is coming at the same time. As of right now, however, I haven't seen the new Gallium3D driver for Mesa be introduced yet for the Radeon HD 7000 series nor any Trinity patches. The Radeon DRM patches were published just minutes ago, so hopefully the Gallium3D and xf86-video-ati patches are still on the agenda for this afternoon. You can see my Radeon HD 7950 Linux review from earlier this month using the proprietary Catalyst Linux driver. Additional Radeon HD 7950 Linux benchmarks are forthcoming, plus soon as the xf86-video-ati/Gallium3D patches are ready to go with these new Radeon kernel patches, there will be open-source Linux benchmarks. On the AMD Fusion "Trinity" APU side, there's already some early Linux findings. [Phoronix] AMD Publishes Open-Source HD 7000, Trinity Code

Introducing PayPal Here: The Future of Commerce for Small Business PayPal has a long history of helping small businesses. For 14 years we’ve provided the tools and services that have allowed millions of small businesses to grow by solving the complex and critical task of processing payments securely and easily in more than 190 countries. Helping small business owners get paid is in our DNA. That’s why I’m excited to unveil PayPal Here, a new payments solution that will help small businesses get paid – whether they do business online, offline or on mobile. PayPal Here is the world’s first global mobile payment solution that allows small businesses to accept almost any form of payment. It’s designed to help those merchants make more sales and grow their business with confidence. And it gives them choices. They can accept payments by swiping cards with a fully encrypted thumb-sized card reader, or use a phone camera to scan and process cards and checks. It also allows them to invoice directly from the mobile app and, of course, accept PayPal in a brand new way. So, you’re asking, how is this different from other small business mobile payment solutions? The key differentiator is that it comes from PayPal, a trusted brand in the online payments industry with more than 100 million customers around the globe and years of proven payment innovation, driving growth for millions of businesses globally. PayPal Here comes with our world-class fraud management capabilities, and our 24×7 live customer support. In addition to accepting more payment methods, PayPal Here offers a simple flat rate of 2.7% for card swipes and PayPal payments. Merchants are also given a business debit card for quick access to their funds and 1% cash back on eligible purchases – which means if you use the debit card, your fees are actually just 1.7%! PayPal Here is just the latest addition to our comprehensive suite of payment solutions for small businesses – from PCI-compliant checkout options and invoicing, to debit cards and mobile-optimized checkout. With PayPal Here, we are now able to serve as a one-stop shop for online, offline and multi-channel small businesses. http://www.youtube.com/watch?v=x5woIGSOLGk We’re happy to be helping small businesses around the globe take the pain out of payments and let them focus on what they do best – running their business and growing their customer base. PayPal Here is available today exclusively for select merchants in the United States, Canada, Australia and Hong Kong. It will open to all other merchants in those countries next month. And we’ll announce the availability of PayPal Here in more countries soon. Be sure to visit www.paypal.com/here to get the free app and card reader as soon as it’s widely available. Feel free to let us know what you think in the comments below! –David Marcus, Vice President of Mobile, PayPal https://www.thepaypalblog.com/2012/03/paypal-here/

https://rstcenter.com/forum/50245-xtscrack-rdp-audit-tool.rst

check PM ps: http://www.vonfelten.com/blog/2007/06/05/referral-url-from-session-using-php/

lshell lets you restrict a user's shell environment to limited sets of commands, choose to enable or disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restrictions, and more. Changes: This major release adds many features, from live configuration reloading to wildcard use, and fixes many major bugs. Download Source

A "sophisticated cyber-attack" on the BBC has been linked to Iran's efforts to disrupt the BBC Persian Service. In a speech Director General Mark Thompson plans to say that the internet attack coincided with efforts to jam two of the service's satellite feeds into Iran. He will say: "We regard the coincidence of these different attacks as self-evidently suspicious." Last month Mr Thompson accused Iran of intimidating Persian service workers. Reporters Without Borders has also complained about Iran's "cyber-army". The latest revelation follows a blog post by Mr Thompson in February in which he complained of the "repeated jamming of international TV stations such as BBC Persian TV, preventing the Iranian people from accessing a vital source of free information". In his speech to the Royal Television Society he will note that on the day of the cyber-attack there had also been an attempt to disrupt the Persian Service's London phone-lines by the use of multiple automatic calls. "I don't want to go into any more detail about these incidents except to say that we are taking every step we can, as we always do, to ensure that this vital service continues to reach the people who need it," Mr Thompson will say. Some parts of the BBC were unable to access email and other internet services on 1 March. It is understood that the attack may have been caused by its systems being overwhelmed by a flood of external communication requests - a so-called distributed denial-of-service attack. However, a BBC spokeswoman was unable to provide detail about the incident. "I'm afraid we can't comment any further on the details of the attacks than what's in the extract [of the speech]," a she said. Cyber-censors The revelations follow Reporters Without Borders "Enemies of the Internet" report which was released at the start of the week. The free-speech lobby group reported that Iran and some of the other countries on its register "censor internet access so effectively that they restrict their populations to local intranets that bear no resemblance to the world wide web." It added that Iran's authorities were now capable of blocking ports used by virtual private networks designed to bypass the restrictions. It also reported that at times of unrest the state had slowed internet connections speeds to make it impossible to send or receive photos or videos. Iran's Revolutionary Guard created a "cyber army" in 2010. Hundreds of net users have been arrested and some even sentenced to death. Earlier this month the country's Supreme Leader, Ayatollah Ali Khamenei, also ordered officials to create The Supreme Council of Virtual Space - a body tasked with defining policy and co-ordinating decisions regarding the net. Iran's Ministry of Foreign Affairs did not reply to a request for comment. Cyber-Attack On BBC Leads To Suspicion Of Iran's Involvement ? Packet Storm

Cand vine vorba despre razboiul marilor corporatii cu fostii angajati, Google nu face exceptie. Mai mult, Google isi adanceste conflictul cu Microsoft, din cauza unui fost angajat, James Whittaker. Inginerul James Whittaker, fost angajat al Google, in prezent angajat al Microsoft, a facut pe blogul companiei la care lucreaza acum niste afirmatii nimicitoare despre fostul angajator. “Ultimele trei luni in care am lucrat pentru Google au fost un vartej al disperarii”, a spus Whittaker, care a condus echipa de ingineri pentru reteaua de socializare Google+. “Google-ul de care eram pasionat era o companie de tehnologie, care isi incuraja angajatii sa vina cu inovatii. Google-ul de la care am plecat este o companie de publicitate cu un singur obiectiv”, a mai spus Whittaker. El s-a alaturat echipei de la Google in 2009, a demisionat luna trecuta si a despartit evolutia corporatiei in doua ere: “inainte de Google+" si “dupa Google+”. “Dupa” a fost groaznic, in opinia lui. Google a oferit candva inginerilor sai timp si resurse pentru a deveni creativi si au ajuns sa faca Chrome si Gmail. Insa Google a vrut sa concureze cu Facebook. Asta s-a transformat in prioritatea numarul 1 a companiei . Astfel, orice nu sustinea Google+ era vazut ca o distragere de la bunul mers al companiei, iar “socializare” a devenit cuvantul de ordine in companie. Asta a fost o capcana, spune fostul angajat, cu rezultate dezastruoase. James Whittaker nu este primul fost angajat Google care isi exprima acest punct de vedere critic. Insa este primul care o spune pe blogul oficial Microsoft. Purtatorii de cuvant ai celor doua companii nu au comentat punctual de vedere. CNN: "Decizia care a ruinat Google". Un fost angajat face declaratii incredibile pe blogul Microsoft - Yahoo! ?tiri România

jTable is a jQuery plugin for creating Ajaxed and feature-rich CRUD interfaces with little effort. The plugin generates all the HTML required and uses jQuery UI for "add new/edit record" dialogs. Records can be browsed with Ajaxed pagination and they can be sorted (server-side) as well. jTable can be set to display sub-tables for a given record which is handy for listing any sub-details. The interface is completely themable via CSS (there are already several themes) and the resource is very well-documented. P.S. There are samples provided on using jTable with PHP and ASP.NET Requirements: jQuery Compatibility: All Major Browsers Website: jTable.org - A JQuery plugin to create AJAX based CRUD tables - Home Page Demo: jTable.org - A JQuery plugin to create AJAX based CRUD tables - jTable Demos-Examples Download: jTable.org - A JQuery plugin to create AJAX based CRUD tables - jTable downloads Source: Free Web Resources – Web Resources Depot

With SpritePad you can create your CSS sprites within minutes seconds. Simply drag & drop your images and have them immediately available as one PNG sprite + CSS code. No fiddling in Photoshop, no manual assignment of CSS styles. Get Started Source

Fãrã bãnci/fraude! Report

Dear Fi8svrs, Elance is coming to Iasi, and we'd like to see you! Elance has now local representatives in your area who will support you in stepping into the new way of working and achieving success as an online professional. Your local Elance representative will be holding free training sessions on a regular basis, monthly local freelancer community meet-ups and more. Whether you are a newcomer to Elance or an experienced user of our platform, we invite you to take part in building and strengthening a community of online workers with us in your area. During these monthly local meet-ups, you can meet other online professionals from your area, share experiences, and have fun. This is also a great opportunity to build your network as well as develop and sustain valuable relationships and friendships with other local freelancers in Romania. You are also invited to attend Elance sponsored trainings, where your local representative will teach you the ins and outs of our platform and how to stand out of the crowd. It does not matter if you are completely new to Elance or have used Elance before. Either way, you can get helpful tips and tools on how to improve your profile, submit exceptional proposals, and more. Your local representative for Iasi is Valentin Ciacâru. If you want to learn more, please send an email to vciacaru@crp.elance.com. The locations, dates, and times of the training sessions and meet-ups will be announced on your local Facebook page. If you have any other questions, send an email to elancecrp@elance.com. We hope to see you there! Regards, The Elance Team recive 09.03.2012 Edit: in ro: Aviz celor interesa?i de freelance ?i celor c?rora le surâde ideea de a lucra proiecte de acas?, f?r? a fi nevoie s? urmeze un program strict de 8 ore pe zi. Unul dintre cele mai mari online freelance markets, Elance.com anun?a în urm? cu ceva timp c? are nevoie de un reprezentant din România. Probabil nimeni nu se a?tepta ca totul s? se petreac? atât de repede, dar iat? c? în curând î?i anun?? sosirea sa la Ia?i. Conform unui anun? oficial primit azi-diminea??, la Ia?i se vor face training-uri gratuite ?i întâlniri lunare cu comunitatea de freelanceri, indiferent dac? e?ti încep?tor sau avansat. Important este s? participi ?i s? împ?rt??e?ti din experien?a ta celorlal?i sau s? înve?i de la al?ii. Vor fi de asemenea ?i training-uri sponsorizate, unde reprezentan?ii locali vor oferi informa?ii despre platforma Elance.com ?i despre cum s? faci pentru a ie?i în eviden??. Aceste training-uri vor oferi tips-uri despre cum s?-?i îmbun?t??e?ti profilul, cum s? trimi?i propuneri de colaborare clien?ilor ?i multe altele. Reprezentantul local pentru Ia?i este Valentin Ciacâru, pe care îl g?si?i disponibil pentru întreb?ri ?i detalii la adresa de email: vciacaru@crp.elance.com . Orele, datele ?i loca?iile pentru sesiunile de training ?i întâlniri vor fi anun?ate pe pagina oficial? de facebook a Elance România. Via: http://pierdutaprintreranduri.wordpress.com/2012/03/09/elance-com-ajunge-si-la-iasi/

http://0-day.me/cgi-sys/suspendedpage.cgi

nu poate fi criptat? sa nu rezulte in cautari nu cred ca viziteaza ei fiecare pagina

copie

With the changing landscape of warfare away from nation-states only utilizing conventional means to the addition of mobile rogue outfits utilizing cyber-attacks, not only countries but also organizations of all shapes and sizes now need to concern themselves with a new threat. Slowly but surely, the real vulnerability to the power grid is starting to grab the attention of both the public and private sectors. Along with that comes more media attention and in turn pressure to make sure these systems don’t come crashing down affecting hundreds of millions citizens dependent on today’s modern conveniences. With the need to secure such systems also comes the need for expertise and education. Enter Justin Searle, Managing Partner at UtiliSec. UtiliSec provides security consulting services to utilities and vendors in the energy sector. Some of the services offered include security assessments, guidance on regulatory issues like the NERC CIPs, participation in standards work and security training services. So who better to interview in order to shine a light on some of the many aspects of this burgeoning field of security? Here’s several questions to get us all up to speed. 1. How were you able to advance in your career far enough to specialize in Smart Grid and SCADA Security? You know, the funny part is one of my first major jobs was in control systems. Back in High School I worked for almost two years with an engineering firm that designed and built control systems for water treatment facilities. My job was to assemble, wire, and test the control cabinets that housed the switches, indicators, and PLCs. My original plan was to go into electrical engineering, and I jumped at the opportunity to participate in a work release program that gave me a jump start in the field. However when I started college, I found my attentions pulled in a few more directions. I ended up graduating with a degree in technology education with an emphasis in electrical engineering and computer science. I went on to get a masters degree in International Business and Information Systems. Career-wise I went in yet another direction. I found myself pulled towards Information Security. As many security professionals, I started on the defensive side. I quickly learned that while I loved the complexity and challenge of the defensive side of IT, it carried with it a moderate yet never-ending stress of trying to get things properly secured. Figuring out how to defend against and attacker was fun, but the continual battle of getting security implemented was not a stress I wanted to deal with in my career. After a couple of years I found myself performing more and more penetration tests, until I ended up doing it full time. As for my experience with the Smart Grid and SCADA, it started with InGuardians. While working as a Senior Security Analyst on their great team, we had an electrical utility approach us about bringing out penetration testing expertise to the energy sector. We jumped at the opportunity. Since that time, I've performed numerous security assessments and penetration tests for electric utilities and the vendors that sell equipment in that market. I've also played key roles in the creation of several industry accepted documents like the NIST Interagency Report 7628, several security profiles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), and am still heavily involved with National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). 2. SCADA is an acronym for supervisory control and data acquisition, but it is commonly used to refer to all control systems used in industrial facilities like those that maintain the power grid. Could you go over specific terms such as DCS, ICS, HMI, PLC, RTU et al including SCADA to make sure that the readers are using the correct terminology? Sure. However let me precurse this explanation with the warning that I'm going to attempt to draw a clear picture for this site's primary audience, that of IT Security professionals. The parallels I draw and examples I give may not be the ones that control system engineers would agree with, however my explanation should facility bridging and IT person's existing knowledge with that of a control system. Let’s start with the broadest term and work our way down. Industrial Control Systems or ICS is the broadest of the bunch encompassing most of the industry that run systems (not necessarily computers) that control automated and semi-automated industrial processes. ICS can be broken down into several sub-categories such as energy (electricity, oil, gas, nuclear, etc…), chemical, water (treatment and waste), manufacturing, and many others. These industry sectors use technologies like distributed control systems (DCS) and supervisory control and data acquisition (SCADA) to monitor and remotely control their industrial processes. While traditionally there was a distinct difference between DCS and SCADA, they differ somewhat between each industrial sector and in many cases have faded over time. For the purposes of this article's audience, it is usually safe to assume they are the same. If you were to step into an ICS Control Center, the most visible piece of SCADA equipment would be the human machine interface (HMI). The control operator monitors this data and initiates control commands to this user interface. HMIs can be single purpose machines, traditional applications installed on workstations running Windows (and sometimes other commodity OSes), and we are starting to see HMIs being built as web applications. These HMIs speak to the SCADA controlling server that is usually installed back in the ICS data center. This server is also sometimes called the acquisition server. It collects the data from and sends control signals to the process controlling devices. Another system we have communicating with this SCADA server is the historian or a series of historians. The historian is basically a database that the SCADA server pushes data to and in some cases pulls data from. One of the primary architectural reasons for the historian is to offload the storage and provide a separate server to hand the SCADA data up to other systems in the ICS network. This allows the SCADA server to focus on its main job of collecting data and pushing control commands and lets the historian deal with all of the other systems that need this data. So now that we've covered the central nervous system of a SCADA system, let’s talk about all the external end-points. The goal of SCADA is to monitor and control the various devices that run our industrial processes. These devices can be just about anything you can imagine. For electric utilities, this is often various devices like sensors, relays, capacitor banks, feeder switches, actuators, and literally anything that a utility can think of to monitor the health of the power grid and control which homes/businesses are connected to which power sources. These various devices can have input/output requirements as simple as a single digital on/off relay or as complex as real-time sensors that communicate on a specialized process bus. Because of the variety of I/O requirements, SCADA relies on intermediate devices to communicate with the disparate end-points. These intermediate devices are usually remote terminal unites (RTU) or programmable logic controllers (PLC). Once again, there is a difference between these two devices, but that difference is fading over time and isn't important for this basic overview. These RTUs and PLCs are the devices that play the gateway and intermediary between the SCADA server and the end-points. Notice I said gateway AND intermediary. RTUs and PLCs do act as a gateway in the traditional IT sense (router and protocol/address translation), but these devices are also programmed with logic to make their own basic decisions based on the data that they are seeing from their I/O ports. So, let’s look at the whole picture. When an operator clicks a button in an HMI to send a control signal, this signal is sent to the SCADA server. This server sends the appropriate signal to the correct RTU or PLC. The RTU or PLC consults its pre-programmed logic to determine what it should do with this control signal and initiates the appropriate I/O responses on its attached end-points. If these end-points change the state of the process, this is usually picked up by process sensors, that send their data to their respective RTU or PLC which in turn sends this data back to the SCADA server. The SCADA server sends a copy of this new data to the HMI for the operator to see, while also sending a copy of this new data to the historian for record keeping and dissemination out to other systems that need this data. I hope that helps to paint a clearer picture of SCADA systems for you readers. 3. What are the most prevalent Operating Systems seen in SCADA devices? Are there any proprietary OSes? When it comes to the HMI, the SCADA server, and the historian, most modern systems being sold today are running on Windows, Linux or Unix. RTUs and PLCs are usually embedded electronic systems running some microprocessor controlled program or VxWorks, but many modern day RTUs being sold today are now running embedded versions of Linux. These are the general circumstances that I've seen, but realize that SCADA systems are broad and all encompassing. Anything is possible in SCADA. One-off solutions in some markets are very common especially historically. 4. What devices are network connected and which are not? What type of network is used: internal only, private with external access, the Internet? In a generic sense, pretty much everything I discussed above is "network" connected. However if you are speaking about the more IT definition of "network" as in TCP/IP, pretty much everything is down to the RTU and PLC. Older RTUs and PLCs, which probably make up the majority of devices currently in use across the US, generally use serial links via dial-up modems or ISDN lines. However these have begun the slow transition to traditional TCP/IP in the last 10 years and will continue to do so. Between the RTU / PLC and the end-points, this is still predominantly serial and parallel communications although sometimes standard-based and proprietary. Some of the modern "Smart Grid" devices being sold in recent years are using new high-speed process bus technologies which occasionally use lightweight protocols directly riding atop Ethernet, but this is not widely deployed yet. As for public vs. private, the general rule of thumb is to deploy all SCADA devices on private networks with no direct links to the Internet. However all of your readers have probably seen media articles where some companies don't follow this best practice and get burned. 5. What are the most common attacks and on which devices? It’s definitely safe to say that the most common attack is on the commodity operating systems running the HMI, SCADA, or historian applications. As a penetration tester, the easier path is always from the corporate network or remote access VPN, through whatever services they permit through their ICS firewall to the Windows or Linux machine running in the ICS network. Once you gain control over one ICS machine, one simply pivots until they find gold. In this case it is usually the HMI application, as they are often point and click. To be honest, it isn't much different than doing a PCI pentest and trying to find the credit card data. As for other attack surfaces, if you can gain network access to the RTUs and PCLs, these systems often run insecure services like telnet, FTP, and TFTP. In some cases, passwords may not even be permitted on some of these interfaces, especially in older devices. Many modern day RTUs even run web interfaces, and like most web applications, they often sport a handful of security flaws. So once again, there isn't a lot different here for the traditional IT professional, however the one thing that is different is the sensitivity of these devices. You've probably heard the horror stories about how sensitive these devices are, and in many cases they are being knocked over by simple nmap scans. A researcher a few weeks ago commented that an nmap scan with OS versioning turned on crashed the PLC he was testing, taking him almost two full days to get it running again. And finally, how easy is it for an attacker to cause something to happen in a SCADA network once he has gotten into the device? Well, it’s easy to cause "something" to happen, however it is extremely difficult to cause "something you intend" to happen. This is because each ICS system (from an overarching system perspective) is custom designed. Think of it this way. If you were to number every light switch and power outlet in your house, and put them all on an interface with clickable buttons, how would you know what number to click to turn off your server rack (yes, I have one of those in my house…)? Perhaps you'd name it something instead of having just a number, but what if your naming scheme was limited to the good old DOS eight character naming convention? Remember, you might have 100 individual outlets in your house and at least 30 light switches. Well, I'm sure you'd figure out a good naming scheme, but that naming scheme probably wouldn't be the same as your neighbors. Now grow this scenario to the scale of an electric utility company. Now consider how complex these systems are when they don't just cover a single city, but multiple states and hundreds of cities. Oh, and I forgot to mention that all of those end-points (switches and outlets in your house example) aren't just simple on/off controls, but complex systems that have RTUs and PLCs that have their own logic and make decisions based on the requests you make. Fortunately for us, most electric utilities don't have an HMI that has a clickable button labeled "nuclear reaction". Even something as simple as "kill power to Chicago" is not necessarily an easy matter even after finding the appropriate HMIs. Context is everything, and, without it, attackers are extremely limited in the actions they can cause to happen. Given enough time, attackers can gain that context, but it is not an easy matter. You can randomly flip switches, which is bad, but it isn't worse-case scenario. 6. Even without specific equipment named Human-Machine Interfaces, Social Engineering must be part of the attack surface. Can you talk a little about SE attacks and defenses? Yes, social engineering is just as effective in ICS as it is in any other IT field. The benefit that ICS has though is the smaller numbers of persons that can effect change. Trying to social engineer your way into an ICS control center is equivalent to trying to social engineer your way into a SOC. Definitely possible, but it’s about equivalent to trying to get to the random company's crown jewels. 7. What are the top 5 measures an organization can put in place to protect these critical systems? They really aren't any different that any other IT organization. I personally like the concision of the SANS 20 Critical Security Controls. And while many of you may think I'm crazy, I also really like adapting PCI to whatever environment I'm trying to protect (swap PCI data for ICS data). However for a more exhaustive list of security protections, you may want to check out the NIST Interagency Report 7628 (700+ pages over 3 volumes) or the various security profiles released by ASAP-SG. For full disclosure, I should note that I played key parts in the creation of all of these documents, however these document are the primary ones used by the electric utility sector. 8. What unique challenges would a security professional face when performing a penetration test on SCADA systems in general as well as those associated with our nation’s Critical Infrastructure? I believe I've covered most of the issues above, however I should mention two other things. Number one is trust. It will not be easy to gain a company's trust to let you test their control systems. And number two is production vs. staging/testing. Because of the negative real-world effects your test can cause and the sensitivity of older SCADA devices, the risk is simply too great to test on production networks. In cases like this in the IT world, we simply setup a testing or staging environment, verify it is configured identically to the production environment and perform our test. However if you've been frustrated with the infrequency that traditional IT companies have in staging/testing their own environments, you'd be infuriated with the infrequency that industrial companies have in utilizing these testing environments. If you want a more in-depth look at the methodology we use here at UtiliSec, please check out my upcoming talk and accompanying white paper at Black Hat Europe this coming March, Dissecting Smart Meters. If you simply can't wait, contact me, and I can share a prerelease copy of the whitepaper. You should be able to find me on Twitter, Facebook, or LinkedIn. You can also reach me directly by email at [justin at utilisec dot com]. Donald C. Donzal Editor-In-Chief The Ethical Hacker Network The Ethical Hacker Network - Interview: Smart Grid Security Expert Justin Searle

xTSCrack 0.9 Released! fixed all reported bugs and added a lot features to the new version of xTSCrack. Here the screenshoot and changelog: Stop process bug fixed; Multiple users password recovery bug fixed; Logoff after logon success added; Import hosts option added; Exceptions fixed; Manual modified; Interface modified. Working very well. Download here. Torrent Manual (Requires .NET Framework 4) OR Virusltotal scan report: 0/43 Atrix Team NGT: xTSCrack 0.9 Released!

Download MSCOMCTL.OCX unzip in folderul dubrute

Vanguard is a comprehensive web penetration testing tool written in Perl that identifies vulnerabilities in web applications. It provides crawling, uses LibWhisker2 for HTTP IDS evasion, and checks for issues like SQL injection, XSS, LDAP injection and more Download Vanguard Pentesting Scanner ? Packet Storm

In fiecare an, in ultima sambata din luna martie, milioane de oameni, institutii si companii sting luminile timp de o ora, alaturandu-se celui mai mare eveniment de mediu din istorie – Earth Hour. La indemnul WWF, organizatia care a initiat miscarea Earth Hour, in anul 2007, 5200 de ora?e din peste 135 de tari au stins lumina de Earth Hour in 2011, raspandind un mesaj puternic privind impactul negativ pe care viata noastra de zi cu zi il are asupra planetei si asupra resurselor naturale. In 2011, Earth Hour a intrat intr-o noua etapa: Mai mult decat o ora pentru planeta (Beyond the Hour), in care oamenii de pretutindeni au fost indemnati nu numai sa stinga lumina, ci sa se angajeze in ac?iuni de mediu in fiecare zi. In 2012, ii provocam pe sustinatorii Earth Hour sa fac? MAI MULT – ii indemnam sa-si ia angajamentul de a-si schimba stilul de viata, pentru a-si reduce impactul negativ asupra planetei. Fiecare dintre noi este provocat s? isi ia un angajament, conditionat insa de un alt angajament, care poate veni din partea unei companii, a unui oras sau a unei singure persoane. Promiti c? vei face ceva DACA altcineva promite sa faca un lucru benefic pentru mediul inconjurator. Vom lansa, foarte curand, o platforma unde vei putea adauga oricate provocari vei dori, pe care le vei putea impartasi prietenilor din retelele sociale. Istoria Earth Hour La initiativa WWF- Australia, pe 31 martie 2007, peste 2.2 milioane de oameni si 2000 de sedii de companii din Sydney au stins luminile pentru o ora, ca semn al constientizarii problemei schimb?rilor climatice. Mii de oameni au iesit atunci pe strazile orasului, sarbatorind Pamantul in diferite feluri: petreceri si concerte fara surse de electricitate, observatii astronomice, picnicuri in familie la lumina lumanarii. In 2008, Earth Hour urma sa se extinda pe tot teritoriul Australiei. Cu putin timp inainte de eveniment, orasul Toronto din Canada a anuntat ca se alatura miscarii ?i nu a trecut mult, pana cand aproape 400 de orase din 35 de tari s-au mobilizat pentru acest eveniment. Mesajul a fost acelasi, peste tot : problemele cauzate de schimbarile climatice sunt atat de grave si de complexe, incat este nevoie urgenta de actiune, la nivel global. Bazat pe indemnul de a stinge lumina pentru o ora, Earth Hour a devenit, in timp foarte scurt, un eveniment global anual, marcat in ultima zi de sambata din luna martie, care este foarte aproape de echinoctiu, astfel incat toate orasele au parte de intuneric in intervalul 20:30-21:30. Ora Pamantului | Fiecare dintre noi are puterea de a schimba lumea in care traim

Pe data de 5 martie Terra si Marte vor fi din nou foarte aproape, cel mai aproape dupa doi ani si doua luni. Spectacolul palnetar din luna februarie continua in martie. Dupa alinierea planetelor Venus si Jupiter pe cerul noptii, saptamana trecuta, distanta dintre Pamant si Marte se va scurta, ajungand la minimul ultimilor doi ani. Opozitia fata de Soare a Planetei Rosii a inceput sambata, pe 3 martie, dand posibilitatea astronomilor sa capteze imagini rare cu Marte. Insa abia pe 5 martie (luni) palentele se vor apropia cel mai tare, iar Pamantul se va interpune intre Soare si Marte, eveniment care are loc o data la doi ani si doua luni. Asta face ca Marte sa fie perfect vizibila, deoarece de pe Pamant se vede cum razele Soarelui lumineaza intreaga fata a Planetei Rosii Cum pot vedea Marte Cu un telescop sau cu un binoclu puternic, priviti inspre est in jurul orei 19:00 si veti vedea un astru stralucitor, portocaliu, a carui lumina nu sclipeste. Este planeta Marte, aflata la 100 milioane km departare de noi. Luna va va ajuta sa o vedeti mai bine, insa abia in serile de 7 si 8 martie pentru ca atunci se va afla chiar langa planeta. Asadar, cautati Luna si veti vedea langa ea pe Marte. In aceasta luna Marte se va afla la opozitie adica in partea opusa Soarelui vazuta de pe Pamant. Este si perioada cand planeta se vede toata noaptea si se afla la cea mai mica departare de noi, intr-un interval de doi ani. Este perioada ideala pentru observatii prin telescop, daca vreti ca planeta sa fie mare. Totusi departarile minime ale planetei fata de Terra pot fi mai mici sau mai mari, in cazul acesta fiind o departare mare: cea mai mare din 1995 si pana in 2027. Diametrul aparent al planetei va fi relativ mic dar tot veti putea vedea ceva pe el: orice zona mai intunecata sau galbuie reprezinta locuri de pe suprafata. Planeta se afla in constelatia Leo, la est de steaua Regulus fata de care este mai stralucitoare. Daca veti privi cele doua obiecte veti remarca cum distanta aparenta dintre ele scade: de la 15° pe 1 martie la 5,5° la sfarsitul lunii, potrivit specialistilor de la Observatorul Astronomic Bucuresti. Au mai ramas cateva ore pana la alinierea planetelor. Marte se apropie cel mai mult de Pamant - Yahoo!

LONDON—Today, Monday 27 February, WikiLeaks began publishing The Global Intelligence Files – more than five million emails from the Texas-headquartered "global intelligence" company Stratfor. The emails date from between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal’s Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the US Department of Homeland Security, the US Marines and the US Defense Intelligence Agency. The emails show Stratfor’s web of informers, pay-off structure, payment-laundering techniques and psychological methods, for example : "[Y]ou have to take control of him. Control means financial, sexual or psychological control... This is intended to start our conversation on your next phase" – CEO George Friedman to Stratfor analyst Reva Bhalla on 6 December 2011, on how to exploit an Israeli intelligence informant providing information on the medical condition of the President of Venezuala, Hugo Chavez. The material contains privileged information about the US government’s attacks against Julian Assange and WikiLeaks and Stratfor’s own attempts to subvert WikiLeaks. There are more than 4,000 emails mentioning WikiLeaks or Julian Assange. The emails also expose the revolving door that operates in private intelligence companies in the United States. Government and diplomatic sources from around the world give Stratfor advance knowledge of global politics and events in exchange for money. The Global Intelligence Files exposes how Stratfor has recruited a global network of informants who are paid via Swiss banks accounts and pre-paid credit cards. Stratfor has a mix of covert and overt informants, which includes government employees, embassy staff and journalists around the world. The material shows how a private intelligence agency works, and how they target individuals for their corporate and government clients. For example, Stratfor monitored and analysed the online activities of Bhopal activists, including the "Yes Men", for the US chemical giant Dow Chemical. The activists seek redress for the 1984 Dow Chemical/Union Carbide gas disaster in Bhopal, India. The disaster led to thousands of deaths, injuries in more than half a million people, and lasting environmental damage. Stratfor has realised that its routine use of secret cash bribes to get information from insiders is risky. In August 2011, Stratfor CEO George Friedman confidentially told his employees : "We are retaining a law firm to create a policy for Stratfor on the Foreign Corrupt Practices Act. I don’t plan to do the perp walk and I don’t want anyone here doing it either." Stratfor’s use of insiders for intelligence soon turned into a money-making scheme of questionable legality. The emails show that in 2009 then-Goldman Sachs Managing Director Shea Morenz and Stratfor CEO George Friedman hatched an idea to "utilise the intelligence" it was pulling in from its insider network to start up a captive strategic investment fund. CEO George Friedman explained in a confidential August 2011 document, marked DO NOT SHARE OR DISCUSS : "What StratCap will do is use our Stratfor’s intelligence and analysis to trade in a range of geopolitical instruments, particularly government bonds, currencies and the like". The emails show that in 2011 Goldman Sach’s Morenz invested "substantially" more than $4million and joined Stratfor’s board of directors. Throughout 2011, a complex offshore share structure extending as far as South Africa was erected, designed to make StratCap appear to be legally independent. But, confidentially, Friedman told StratFor staff : "Do not think of StratCap as an outside organisation. It will be integral... It will be useful to you if, for the sake of convenience, you think of it as another aspect of Stratfor and Shea as another executive in Stratfor... we are already working on mock portfolios and trades". StratCap is due to launch in 2012. The Stratfor emails reveal a company that cultivates close ties with US government agencies and employs former US government staff. It is preparing the 3-year Forecast for the Commandant of the US Marine Corps, and it trains US marines and "other government intelligence agencies" in "becoming government Stratfors". Stratfor’s Vice-President for Intelligence, Fred Burton, was formerly a special agent with the US State Department’s Diplomatic Security Service and was their Deputy Chief of the counterterrorism division. Despite the governmental ties, Stratfor and similar companies operate in complete secrecy with no political oversight or accountability. Stratfor claims that it operates "without ideology, agenda or national bias", yet the emails reveal private intelligence staff who align themselves closely with US government policies and channel tips to the Mossad – including through an information mule in the Israeli newspaper Haaretz, Yossi Melman, who conspired with Guardian journalist David Leigh to secretly, and in violation of WikiLeaks’ contract with the Guardian, move WikiLeaks US diplomatic cables to Israel. Ironically, considering the present circumstances, Stratfor was trying to get into what it called the leak-focused "gravy train" that sprung up after WikiLeaks’ Afghanistan disclosures : "[is it] possible for us to get some of that ’leak-focused’ gravy train ? This is an obvious fear sale, so that’s a good thing. And we have something to offer that the IT security companies don’t, mainly our focus on counter-intelligence and surveillance that Fred and Stick know better than anyone on the planet... Could we develop some ideas and procedures on the idea of ´leak-focused’ network security that focuses on preventing one’s own employees from leaking sensitive information... In fact, I’m not so sure this is an IT problem that requires an IT solution." Like WikiLeaks’ diplomatic cables, much of the significance of the emails will be revealed over the coming weeks, as our coalition and the public search through them and discover connections. Readers will find that whereas large numbers of Stratfor’s subscribers and clients work in the US military and intelligence agencies, Stratfor gave a complimentary membership to the controversial Pakistan general Hamid Gul, former head of Pakistan’s ISI intelligence service, who, according to US diplomatic cables, planned an IED attack on international forces in Afghanistan in 2006. Readers will discover Stratfor’s internal email classification system that codes correspondence according to categories such as ’alpha’, ’tactical’ and ’secure’. The correspondence also contains code names for people of particular interest such as ’Hizzies’ (members of Hezbollah), or ’Adogg’ (Mahmoud Ahmedinejad). Stratfor did secret deals with dozens of media organisations and journalists – from Reuters to the Kiev Post. The list of Stratfor’s "Confederation Partners", whom Stratfor internally referred to as its "Confed Fuck House" are included in the release. While it is acceptable for journalists to swap information or be paid by other media organisations, because Stratfor is a private intelligence organisation that services governments and private clients these relationships are corrupt or corrupting. WikiLeaks has also obtained Stratfor’s list of informants and, in many cases, records of its payoffs, including $1,200 a month paid to the informant "Geronimo" , handled by Stratfor’s Former State Department agent Fred Burton. WikiLeaks has built an investigative partnership with more than 25 media organisations and activists to inform the public about this huge body of documents. The organisations were provided access to a sophisticated investigative database developed by WikiLeaks and together with WikiLeaks are conducting journalistic evaluations of these emails. Important revelations discovered using this system will appear in the media in the coming weeks, together with the gradual release of the source documents. The Global Intelligence Files - List of Releases