Fi8sVrs

lshell lets you restrict a user's shell environment to limited sets of commands, choose to enable or disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restrictions, and more. Changes: This major release adds many features, from live configuration reloading to wildcard use, and fixes many major bugs. Download Source

A "sophisticated cyber-attack" on the BBC has been linked to Iran's efforts to disrupt the BBC Persian Service. In a speech Director General Mark Thompson plans to say that the internet attack coincided with efforts to jam two of the service's satellite feeds into Iran. He will say: "We regard the coincidence of these different attacks as self-evidently suspicious." Last month Mr Thompson accused Iran of intimidating Persian service workers. Reporters Without Borders has also complained about Iran's "cyber-army". The latest revelation follows a blog post by Mr Thompson in February in which he complained of the "repeated jamming of international TV stations such as BBC Persian TV, preventing the Iranian people from accessing a vital source of free information". In his speech to the Royal Television Society he will note that on the day of the cyber-attack there had also been an attempt to disrupt the Persian Service's London phone-lines by the use of multiple automatic calls. "I don't want to go into any more detail about these incidents except to say that we are taking every step we can, as we always do, to ensure that this vital service continues to reach the people who need it," Mr Thompson will say. Some parts of the BBC were unable to access email and other internet services on 1 March. It is understood that the attack may have been caused by its systems being overwhelmed by a flood of external communication requests - a so-called distributed denial-of-service attack. However, a BBC spokeswoman was unable to provide detail about the incident. "I'm afraid we can't comment any further on the details of the attacks than what's in the extract [of the speech]," a she said. Cyber-censors The revelations follow Reporters Without Borders "Enemies of the Internet" report which was released at the start of the week. The free-speech lobby group reported that Iran and some of the other countries on its register "censor internet access so effectively that they restrict their populations to local intranets that bear no resemblance to the world wide web." It added that Iran's authorities were now capable of blocking ports used by virtual private networks designed to bypass the restrictions. It also reported that at times of unrest the state had slowed internet connections speeds to make it impossible to send or receive photos or videos. Iran's Revolutionary Guard created a "cyber army" in 2010. Hundreds of net users have been arrested and some even sentenced to death. Earlier this month the country's Supreme Leader, Ayatollah Ali Khamenei, also ordered officials to create The Supreme Council of Virtual Space - a body tasked with defining policy and co-ordinating decisions regarding the net. Iran's Ministry of Foreign Affairs did not reply to a request for comment. Cyber-Attack On BBC Leads To Suspicion Of Iran's Involvement ? Packet Storm

Cand vine vorba despre razboiul marilor corporatii cu fostii angajati, Google nu face exceptie. Mai mult, Google isi adanceste conflictul cu Microsoft, din cauza unui fost angajat, James Whittaker. Inginerul James Whittaker, fost angajat al Google, in prezent angajat al Microsoft, a facut pe blogul companiei la care lucreaza acum niste afirmatii nimicitoare despre fostul angajator. “Ultimele trei luni in care am lucrat pentru Google au fost un vartej al disperarii”, a spus Whittaker, care a condus echipa de ingineri pentru reteaua de socializare Google+. “Google-ul de care eram pasionat era o companie de tehnologie, care isi incuraja angajatii sa vina cu inovatii. Google-ul de la care am plecat este o companie de publicitate cu un singur obiectiv”, a mai spus Whittaker. El s-a alaturat echipei de la Google in 2009, a demisionat luna trecuta si a despartit evolutia corporatiei in doua ere: “inainte de Google+" si “dupa Google+”. “Dupa” a fost groaznic, in opinia lui. Google a oferit candva inginerilor sai timp si resurse pentru a deveni creativi si au ajuns sa faca Chrome si Gmail. Insa Google a vrut sa concureze cu Facebook. Asta s-a transformat in prioritatea numarul 1 a companiei . Astfel, orice nu sustinea Google+ era vazut ca o distragere de la bunul mers al companiei, iar “socializare” a devenit cuvantul de ordine in companie. Asta a fost o capcana, spune fostul angajat, cu rezultate dezastruoase. James Whittaker nu este primul fost angajat Google care isi exprima acest punct de vedere critic. Insa este primul care o spune pe blogul oficial Microsoft. Purtatorii de cuvant ai celor doua companii nu au comentat punctual de vedere. CNN: "Decizia care a ruinat Google". Un fost angajat face declaratii incredibile pe blogul Microsoft - Yahoo! ?tiri România

jTable is a jQuery plugin for creating Ajaxed and feature-rich CRUD interfaces with little effort. The plugin generates all the HTML required and uses jQuery UI for "add new/edit record" dialogs. Records can be browsed with Ajaxed pagination and they can be sorted (server-side) as well. jTable can be set to display sub-tables for a given record which is handy for listing any sub-details. The interface is completely themable via CSS (there are already several themes) and the resource is very well-documented. P.S. There are samples provided on using jTable with PHP and ASP.NET Requirements: jQuery Compatibility: All Major Browsers Website: jTable.org - A JQuery plugin to create AJAX based CRUD tables - Home Page Demo: jTable.org - A JQuery plugin to create AJAX based CRUD tables - jTable Demos-Examples Download: jTable.org - A JQuery plugin to create AJAX based CRUD tables - jTable downloads Source: Free Web Resources – Web Resources Depot

With SpritePad you can create your CSS sprites within minutes seconds. Simply drag & drop your images and have them immediately available as one PNG sprite + CSS code. No fiddling in Photoshop, no manual assignment of CSS styles. Get Started Source

Fãrã bãnci/fraude! Report

Dear Fi8svrs, Elance is coming to Iasi, and we'd like to see you! Elance has now local representatives in your area who will support you in stepping into the new way of working and achieving success as an online professional. Your local Elance representative will be holding free training sessions on a regular basis, monthly local freelancer community meet-ups and more. Whether you are a newcomer to Elance or an experienced user of our platform, we invite you to take part in building and strengthening a community of online workers with us in your area. During these monthly local meet-ups, you can meet other online professionals from your area, share experiences, and have fun. This is also a great opportunity to build your network as well as develop and sustain valuable relationships and friendships with other local freelancers in Romania. You are also invited to attend Elance sponsored trainings, where your local representative will teach you the ins and outs of our platform and how to stand out of the crowd. It does not matter if you are completely new to Elance or have used Elance before. Either way, you can get helpful tips and tools on how to improve your profile, submit exceptional proposals, and more. Your local representative for Iasi is Valentin Ciacâru. If you want to learn more, please send an email to vciacaru@crp.elance.com. The locations, dates, and times of the training sessions and meet-ups will be announced on your local Facebook page. If you have any other questions, send an email to elancecrp@elance.com. We hope to see you there! Regards, The Elance Team recive 09.03.2012 Edit: in ro: Aviz celor interesa?i de freelance ?i celor c?rora le surâde ideea de a lucra proiecte de acas?, f?r? a fi nevoie s? urmeze un program strict de 8 ore pe zi. Unul dintre cele mai mari online freelance markets, Elance.com anun?a în urm? cu ceva timp c? are nevoie de un reprezentant din România. Probabil nimeni nu se a?tepta ca totul s? se petreac? atât de repede, dar iat? c? în curând î?i anun?? sosirea sa la Ia?i. Conform unui anun? oficial primit azi-diminea??, la Ia?i se vor face training-uri gratuite ?i întâlniri lunare cu comunitatea de freelanceri, indiferent dac? e?ti încep?tor sau avansat. Important este s? participi ?i s? împ?rt??e?ti din experien?a ta celorlal?i sau s? înve?i de la al?ii. Vor fi de asemenea ?i training-uri sponsorizate, unde reprezentan?ii locali vor oferi informa?ii despre platforma Elance.com ?i despre cum s? faci pentru a ie?i în eviden??. Aceste training-uri vor oferi tips-uri despre cum s?-?i îmbun?t??e?ti profilul, cum s? trimi?i propuneri de colaborare clien?ilor ?i multe altele. Reprezentantul local pentru Ia?i este Valentin Ciacâru, pe care îl g?si?i disponibil pentru întreb?ri ?i detalii la adresa de email: vciacaru@crp.elance.com . Orele, datele ?i loca?iile pentru sesiunile de training ?i întâlniri vor fi anun?ate pe pagina oficial? de facebook a Elance România. Via: http://pierdutaprintreranduri.wordpress.com/2012/03/09/elance-com-ajunge-si-la-iasi/

http://0-day.me/cgi-sys/suspendedpage.cgi

nu poate fi criptat? sa nu rezulte in cautari nu cred ca viziteaza ei fiecare pagina

copie

With the changing landscape of warfare away from nation-states only utilizing conventional means to the addition of mobile rogue outfits utilizing cyber-attacks, not only countries but also organizations of all shapes and sizes now need to concern themselves with a new threat. Slowly but surely, the real vulnerability to the power grid is starting to grab the attention of both the public and private sectors. Along with that comes more media attention and in turn pressure to make sure these systems don’t come crashing down affecting hundreds of millions citizens dependent on today’s modern conveniences. With the need to secure such systems also comes the need for expertise and education. Enter Justin Searle, Managing Partner at UtiliSec. UtiliSec provides security consulting services to utilities and vendors in the energy sector. Some of the services offered include security assessments, guidance on regulatory issues like the NERC CIPs, participation in standards work and security training services. So who better to interview in order to shine a light on some of the many aspects of this burgeoning field of security? Here’s several questions to get us all up to speed. 1. How were you able to advance in your career far enough to specialize in Smart Grid and SCADA Security? You know, the funny part is one of my first major jobs was in control systems. Back in High School I worked for almost two years with an engineering firm that designed and built control systems for water treatment facilities. My job was to assemble, wire, and test the control cabinets that housed the switches, indicators, and PLCs. My original plan was to go into electrical engineering, and I jumped at the opportunity to participate in a work release program that gave me a jump start in the field. However when I started college, I found my attentions pulled in a few more directions. I ended up graduating with a degree in technology education with an emphasis in electrical engineering and computer science. I went on to get a masters degree in International Business and Information Systems. Career-wise I went in yet another direction. I found myself pulled towards Information Security. As many security professionals, I started on the defensive side. I quickly learned that while I loved the complexity and challenge of the defensive side of IT, it carried with it a moderate yet never-ending stress of trying to get things properly secured. Figuring out how to defend against and attacker was fun, but the continual battle of getting security implemented was not a stress I wanted to deal with in my career. After a couple of years I found myself performing more and more penetration tests, until I ended up doing it full time. As for my experience with the Smart Grid and SCADA, it started with InGuardians. While working as a Senior Security Analyst on their great team, we had an electrical utility approach us about bringing out penetration testing expertise to the energy sector. We jumped at the opportunity. Since that time, I've performed numerous security assessments and penetration tests for electric utilities and the vendors that sell equipment in that market. I've also played key roles in the creation of several industry accepted documents like the NIST Interagency Report 7628, several security profiles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), and am still heavily involved with National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). 2. SCADA is an acronym for supervisory control and data acquisition, but it is commonly used to refer to all control systems used in industrial facilities like those that maintain the power grid. Could you go over specific terms such as DCS, ICS, HMI, PLC, RTU et al including SCADA to make sure that the readers are using the correct terminology? Sure. However let me precurse this explanation with the warning that I'm going to attempt to draw a clear picture for this site's primary audience, that of IT Security professionals. The parallels I draw and examples I give may not be the ones that control system engineers would agree with, however my explanation should facility bridging and IT person's existing knowledge with that of a control system. Let’s start with the broadest term and work our way down. Industrial Control Systems or ICS is the broadest of the bunch encompassing most of the industry that run systems (not necessarily computers) that control automated and semi-automated industrial processes. ICS can be broken down into several sub-categories such as energy (electricity, oil, gas, nuclear, etc…), chemical, water (treatment and waste), manufacturing, and many others. These industry sectors use technologies like distributed control systems (DCS) and supervisory control and data acquisition (SCADA) to monitor and remotely control their industrial processes. While traditionally there was a distinct difference between DCS and SCADA, they differ somewhat between each industrial sector and in many cases have faded over time. For the purposes of this article's audience, it is usually safe to assume they are the same. If you were to step into an ICS Control Center, the most visible piece of SCADA equipment would be the human machine interface (HMI). The control operator monitors this data and initiates control commands to this user interface. HMIs can be single purpose machines, traditional applications installed on workstations running Windows (and sometimes other commodity OSes), and we are starting to see HMIs being built as web applications. These HMIs speak to the SCADA controlling server that is usually installed back in the ICS data center. This server is also sometimes called the acquisition server. It collects the data from and sends control signals to the process controlling devices. Another system we have communicating with this SCADA server is the historian or a series of historians. The historian is basically a database that the SCADA server pushes data to and in some cases pulls data from. One of the primary architectural reasons for the historian is to offload the storage and provide a separate server to hand the SCADA data up to other systems in the ICS network. This allows the SCADA server to focus on its main job of collecting data and pushing control commands and lets the historian deal with all of the other systems that need this data. So now that we've covered the central nervous system of a SCADA system, let’s talk about all the external end-points. The goal of SCADA is to monitor and control the various devices that run our industrial processes. These devices can be just about anything you can imagine. For electric utilities, this is often various devices like sensors, relays, capacitor banks, feeder switches, actuators, and literally anything that a utility can think of to monitor the health of the power grid and control which homes/businesses are connected to which power sources. These various devices can have input/output requirements as simple as a single digital on/off relay or as complex as real-time sensors that communicate on a specialized process bus. Because of the variety of I/O requirements, SCADA relies on intermediate devices to communicate with the disparate end-points. These intermediate devices are usually remote terminal unites (RTU) or programmable logic controllers (PLC). Once again, there is a difference between these two devices, but that difference is fading over time and isn't important for this basic overview. These RTUs and PLCs are the devices that play the gateway and intermediary between the SCADA server and the end-points. Notice I said gateway AND intermediary. RTUs and PLCs do act as a gateway in the traditional IT sense (router and protocol/address translation), but these devices are also programmed with logic to make their own basic decisions based on the data that they are seeing from their I/O ports. So, let’s look at the whole picture. When an operator clicks a button in an HMI to send a control signal, this signal is sent to the SCADA server. This server sends the appropriate signal to the correct RTU or PLC. The RTU or PLC consults its pre-programmed logic to determine what it should do with this control signal and initiates the appropriate I/O responses on its attached end-points. If these end-points change the state of the process, this is usually picked up by process sensors, that send their data to their respective RTU or PLC which in turn sends this data back to the SCADA server. The SCADA server sends a copy of this new data to the HMI for the operator to see, while also sending a copy of this new data to the historian for record keeping and dissemination out to other systems that need this data. I hope that helps to paint a clearer picture of SCADA systems for you readers. 3. What are the most prevalent Operating Systems seen in SCADA devices? Are there any proprietary OSes? When it comes to the HMI, the SCADA server, and the historian, most modern systems being sold today are running on Windows, Linux or Unix. RTUs and PLCs are usually embedded electronic systems running some microprocessor controlled program or VxWorks, but many modern day RTUs being sold today are now running embedded versions of Linux. These are the general circumstances that I've seen, but realize that SCADA systems are broad and all encompassing. Anything is possible in SCADA. One-off solutions in some markets are very common especially historically. 4. What devices are network connected and which are not? What type of network is used: internal only, private with external access, the Internet? In a generic sense, pretty much everything I discussed above is "network" connected. However if you are speaking about the more IT definition of "network" as in TCP/IP, pretty much everything is down to the RTU and PLC. Older RTUs and PLCs, which probably make up the majority of devices currently in use across the US, generally use serial links via dial-up modems or ISDN lines. However these have begun the slow transition to traditional TCP/IP in the last 10 years and will continue to do so. Between the RTU / PLC and the end-points, this is still predominantly serial and parallel communications although sometimes standard-based and proprietary. Some of the modern "Smart Grid" devices being sold in recent years are using new high-speed process bus technologies which occasionally use lightweight protocols directly riding atop Ethernet, but this is not widely deployed yet. As for public vs. private, the general rule of thumb is to deploy all SCADA devices on private networks with no direct links to the Internet. However all of your readers have probably seen media articles where some companies don't follow this best practice and get burned. 5. What are the most common attacks and on which devices? It’s definitely safe to say that the most common attack is on the commodity operating systems running the HMI, SCADA, or historian applications. As a penetration tester, the easier path is always from the corporate network or remote access VPN, through whatever services they permit through their ICS firewall to the Windows or Linux machine running in the ICS network. Once you gain control over one ICS machine, one simply pivots until they find gold. In this case it is usually the HMI application, as they are often point and click. To be honest, it isn't much different than doing a PCI pentest and trying to find the credit card data. As for other attack surfaces, if you can gain network access to the RTUs and PCLs, these systems often run insecure services like telnet, FTP, and TFTP. In some cases, passwords may not even be permitted on some of these interfaces, especially in older devices. Many modern day RTUs even run web interfaces, and like most web applications, they often sport a handful of security flaws. So once again, there isn't a lot different here for the traditional IT professional, however the one thing that is different is the sensitivity of these devices. You've probably heard the horror stories about how sensitive these devices are, and in many cases they are being knocked over by simple nmap scans. A researcher a few weeks ago commented that an nmap scan with OS versioning turned on crashed the PLC he was testing, taking him almost two full days to get it running again. And finally, how easy is it for an attacker to cause something to happen in a SCADA network once he has gotten into the device? Well, it’s easy to cause "something" to happen, however it is extremely difficult to cause "something you intend" to happen. This is because each ICS system (from an overarching system perspective) is custom designed. Think of it this way. If you were to number every light switch and power outlet in your house, and put them all on an interface with clickable buttons, how would you know what number to click to turn off your server rack (yes, I have one of those in my house…)? Perhaps you'd name it something instead of having just a number, but what if your naming scheme was limited to the good old DOS eight character naming convention? Remember, you might have 100 individual outlets in your house and at least 30 light switches. Well, I'm sure you'd figure out a good naming scheme, but that naming scheme probably wouldn't be the same as your neighbors. Now grow this scenario to the scale of an electric utility company. Now consider how complex these systems are when they don't just cover a single city, but multiple states and hundreds of cities. Oh, and I forgot to mention that all of those end-points (switches and outlets in your house example) aren't just simple on/off controls, but complex systems that have RTUs and PLCs that have their own logic and make decisions based on the requests you make. Fortunately for us, most electric utilities don't have an HMI that has a clickable button labeled "nuclear reaction". Even something as simple as "kill power to Chicago" is not necessarily an easy matter even after finding the appropriate HMIs. Context is everything, and, without it, attackers are extremely limited in the actions they can cause to happen. Given enough time, attackers can gain that context, but it is not an easy matter. You can randomly flip switches, which is bad, but it isn't worse-case scenario. 6. Even without specific equipment named Human-Machine Interfaces, Social Engineering must be part of the attack surface. Can you talk a little about SE attacks and defenses? Yes, social engineering is just as effective in ICS as it is in any other IT field. The benefit that ICS has though is the smaller numbers of persons that can effect change. Trying to social engineer your way into an ICS control center is equivalent to trying to social engineer your way into a SOC. Definitely possible, but it’s about equivalent to trying to get to the random company's crown jewels. 7. What are the top 5 measures an organization can put in place to protect these critical systems? They really aren't any different that any other IT organization. I personally like the concision of the SANS 20 Critical Security Controls. And while many of you may think I'm crazy, I also really like adapting PCI to whatever environment I'm trying to protect (swap PCI data for ICS data). However for a more exhaustive list of security protections, you may want to check out the NIST Interagency Report 7628 (700+ pages over 3 volumes) or the various security profiles released by ASAP-SG. For full disclosure, I should note that I played key parts in the creation of all of these documents, however these document are the primary ones used by the electric utility sector. 8. What unique challenges would a security professional face when performing a penetration test on SCADA systems in general as well as those associated with our nation’s Critical Infrastructure? I believe I've covered most of the issues above, however I should mention two other things. Number one is trust. It will not be easy to gain a company's trust to let you test their control systems. And number two is production vs. staging/testing. Because of the negative real-world effects your test can cause and the sensitivity of older SCADA devices, the risk is simply too great to test on production networks. In cases like this in the IT world, we simply setup a testing or staging environment, verify it is configured identically to the production environment and perform our test. However if you've been frustrated with the infrequency that traditional IT companies have in staging/testing their own environments, you'd be infuriated with the infrequency that industrial companies have in utilizing these testing environments. If you want a more in-depth look at the methodology we use here at UtiliSec, please check out my upcoming talk and accompanying white paper at Black Hat Europe this coming March, Dissecting Smart Meters. If you simply can't wait, contact me, and I can share a prerelease copy of the whitepaper. You should be able to find me on Twitter, Facebook, or LinkedIn. You can also reach me directly by email at [justin at utilisec dot com]. Donald C. Donzal Editor-In-Chief The Ethical Hacker Network The Ethical Hacker Network - Interview: Smart Grid Security Expert Justin Searle

xTSCrack 0.9 Released! fixed all reported bugs and added a lot features to the new version of xTSCrack. Here the screenshoot and changelog: Stop process bug fixed; Multiple users password recovery bug fixed; Logoff after logon success added; Import hosts option added; Exceptions fixed; Manual modified; Interface modified. Working very well. Download here. Torrent Manual (Requires .NET Framework 4) OR Virusltotal scan report: 0/43 Atrix Team NGT: xTSCrack 0.9 Released!

Download MSCOMCTL.OCX unzip in folderul dubrute

Vanguard is a comprehensive web penetration testing tool written in Perl that identifies vulnerabilities in web applications. It provides crawling, uses LibWhisker2 for HTTP IDS evasion, and checks for issues like SQL injection, XSS, LDAP injection and more Download Vanguard Pentesting Scanner ? Packet Storm

In fiecare an, in ultima sambata din luna martie, milioane de oameni, institutii si companii sting luminile timp de o ora, alaturandu-se celui mai mare eveniment de mediu din istorie – Earth Hour. La indemnul WWF, organizatia care a initiat miscarea Earth Hour, in anul 2007, 5200 de ora?e din peste 135 de tari au stins lumina de Earth Hour in 2011, raspandind un mesaj puternic privind impactul negativ pe care viata noastra de zi cu zi il are asupra planetei si asupra resurselor naturale. In 2011, Earth Hour a intrat intr-o noua etapa: Mai mult decat o ora pentru planeta (Beyond the Hour), in care oamenii de pretutindeni au fost indemnati nu numai sa stinga lumina, ci sa se angajeze in ac?iuni de mediu in fiecare zi. In 2012, ii provocam pe sustinatorii Earth Hour sa fac? MAI MULT – ii indemnam sa-si ia angajamentul de a-si schimba stilul de viata, pentru a-si reduce impactul negativ asupra planetei. Fiecare dintre noi este provocat s? isi ia un angajament, conditionat insa de un alt angajament, care poate veni din partea unei companii, a unui oras sau a unei singure persoane. Promiti c? vei face ceva DACA altcineva promite sa faca un lucru benefic pentru mediul inconjurator. Vom lansa, foarte curand, o platforma unde vei putea adauga oricate provocari vei dori, pe care le vei putea impartasi prietenilor din retelele sociale. Istoria Earth Hour La initiativa WWF- Australia, pe 31 martie 2007, peste 2.2 milioane de oameni si 2000 de sedii de companii din Sydney au stins luminile pentru o ora, ca semn al constientizarii problemei schimb?rilor climatice. Mii de oameni au iesit atunci pe strazile orasului, sarbatorind Pamantul in diferite feluri: petreceri si concerte fara surse de electricitate, observatii astronomice, picnicuri in familie la lumina lumanarii. In 2008, Earth Hour urma sa se extinda pe tot teritoriul Australiei. Cu putin timp inainte de eveniment, orasul Toronto din Canada a anuntat ca se alatura miscarii ?i nu a trecut mult, pana cand aproape 400 de orase din 35 de tari s-au mobilizat pentru acest eveniment. Mesajul a fost acelasi, peste tot : problemele cauzate de schimbarile climatice sunt atat de grave si de complexe, incat este nevoie urgenta de actiune, la nivel global. Bazat pe indemnul de a stinge lumina pentru o ora, Earth Hour a devenit, in timp foarte scurt, un eveniment global anual, marcat in ultima zi de sambata din luna martie, care este foarte aproape de echinoctiu, astfel incat toate orasele au parte de intuneric in intervalul 20:30-21:30. Ora Pamantului | Fiecare dintre noi are puterea de a schimba lumea in care traim

Pe data de 5 martie Terra si Marte vor fi din nou foarte aproape, cel mai aproape dupa doi ani si doua luni. Spectacolul palnetar din luna februarie continua in martie. Dupa alinierea planetelor Venus si Jupiter pe cerul noptii, saptamana trecuta, distanta dintre Pamant si Marte se va scurta, ajungand la minimul ultimilor doi ani. Opozitia fata de Soare a Planetei Rosii a inceput sambata, pe 3 martie, dand posibilitatea astronomilor sa capteze imagini rare cu Marte. Insa abia pe 5 martie (luni) palentele se vor apropia cel mai tare, iar Pamantul se va interpune intre Soare si Marte, eveniment care are loc o data la doi ani si doua luni. Asta face ca Marte sa fie perfect vizibila, deoarece de pe Pamant se vede cum razele Soarelui lumineaza intreaga fata a Planetei Rosii Cum pot vedea Marte Cu un telescop sau cu un binoclu puternic, priviti inspre est in jurul orei 19:00 si veti vedea un astru stralucitor, portocaliu, a carui lumina nu sclipeste. Este planeta Marte, aflata la 100 milioane km departare de noi. Luna va va ajuta sa o vedeti mai bine, insa abia in serile de 7 si 8 martie pentru ca atunci se va afla chiar langa planeta. Asadar, cautati Luna si veti vedea langa ea pe Marte. In aceasta luna Marte se va afla la opozitie adica in partea opusa Soarelui vazuta de pe Pamant. Este si perioada cand planeta se vede toata noaptea si se afla la cea mai mica departare de noi, intr-un interval de doi ani. Este perioada ideala pentru observatii prin telescop, daca vreti ca planeta sa fie mare. Totusi departarile minime ale planetei fata de Terra pot fi mai mici sau mai mari, in cazul acesta fiind o departare mare: cea mai mare din 1995 si pana in 2027. Diametrul aparent al planetei va fi relativ mic dar tot veti putea vedea ceva pe el: orice zona mai intunecata sau galbuie reprezinta locuri de pe suprafata. Planeta se afla in constelatia Leo, la est de steaua Regulus fata de care este mai stralucitoare. Daca veti privi cele doua obiecte veti remarca cum distanta aparenta dintre ele scade: de la 15° pe 1 martie la 5,5° la sfarsitul lunii, potrivit specialistilor de la Observatorul Astronomic Bucuresti. Au mai ramas cateva ore pana la alinierea planetelor. Marte se apropie cel mai mult de Pamant - Yahoo!

LONDON—Today, Monday 27 February, WikiLeaks began publishing The Global Intelligence Files – more than five million emails from the Texas-headquartered "global intelligence" company Stratfor. The emails date from between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal’s Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the US Department of Homeland Security, the US Marines and the US Defense Intelligence Agency. The emails show Stratfor’s web of informers, pay-off structure, payment-laundering techniques and psychological methods, for example : "[Y]ou have to take control of him. Control means financial, sexual or psychological control... This is intended to start our conversation on your next phase" – CEO George Friedman to Stratfor analyst Reva Bhalla on 6 December 2011, on how to exploit an Israeli intelligence informant providing information on the medical condition of the President of Venezuala, Hugo Chavez. The material contains privileged information about the US government’s attacks against Julian Assange and WikiLeaks and Stratfor’s own attempts to subvert WikiLeaks. There are more than 4,000 emails mentioning WikiLeaks or Julian Assange. The emails also expose the revolving door that operates in private intelligence companies in the United States. Government and diplomatic sources from around the world give Stratfor advance knowledge of global politics and events in exchange for money. The Global Intelligence Files exposes how Stratfor has recruited a global network of informants who are paid via Swiss banks accounts and pre-paid credit cards. Stratfor has a mix of covert and overt informants, which includes government employees, embassy staff and journalists around the world. The material shows how a private intelligence agency works, and how they target individuals for their corporate and government clients. For example, Stratfor monitored and analysed the online activities of Bhopal activists, including the "Yes Men", for the US chemical giant Dow Chemical. The activists seek redress for the 1984 Dow Chemical/Union Carbide gas disaster in Bhopal, India. The disaster led to thousands of deaths, injuries in more than half a million people, and lasting environmental damage. Stratfor has realised that its routine use of secret cash bribes to get information from insiders is risky. In August 2011, Stratfor CEO George Friedman confidentially told his employees : "We are retaining a law firm to create a policy for Stratfor on the Foreign Corrupt Practices Act. I don’t plan to do the perp walk and I don’t want anyone here doing it either." Stratfor’s use of insiders for intelligence soon turned into a money-making scheme of questionable legality. The emails show that in 2009 then-Goldman Sachs Managing Director Shea Morenz and Stratfor CEO George Friedman hatched an idea to "utilise the intelligence" it was pulling in from its insider network to start up a captive strategic investment fund. CEO George Friedman explained in a confidential August 2011 document, marked DO NOT SHARE OR DISCUSS : "What StratCap will do is use our Stratfor’s intelligence and analysis to trade in a range of geopolitical instruments, particularly government bonds, currencies and the like". The emails show that in 2011 Goldman Sach’s Morenz invested "substantially" more than $4million and joined Stratfor’s board of directors. Throughout 2011, a complex offshore share structure extending as far as South Africa was erected, designed to make StratCap appear to be legally independent. But, confidentially, Friedman told StratFor staff : "Do not think of StratCap as an outside organisation. It will be integral... It will be useful to you if, for the sake of convenience, you think of it as another aspect of Stratfor and Shea as another executive in Stratfor... we are already working on mock portfolios and trades". StratCap is due to launch in 2012. The Stratfor emails reveal a company that cultivates close ties with US government agencies and employs former US government staff. It is preparing the 3-year Forecast for the Commandant of the US Marine Corps, and it trains US marines and "other government intelligence agencies" in "becoming government Stratfors". Stratfor’s Vice-President for Intelligence, Fred Burton, was formerly a special agent with the US State Department’s Diplomatic Security Service and was their Deputy Chief of the counterterrorism division. Despite the governmental ties, Stratfor and similar companies operate in complete secrecy with no political oversight or accountability. Stratfor claims that it operates "without ideology, agenda or national bias", yet the emails reveal private intelligence staff who align themselves closely with US government policies and channel tips to the Mossad – including through an information mule in the Israeli newspaper Haaretz, Yossi Melman, who conspired with Guardian journalist David Leigh to secretly, and in violation of WikiLeaks’ contract with the Guardian, move WikiLeaks US diplomatic cables to Israel. Ironically, considering the present circumstances, Stratfor was trying to get into what it called the leak-focused "gravy train" that sprung up after WikiLeaks’ Afghanistan disclosures : "[is it] possible for us to get some of that ’leak-focused’ gravy train ? This is an obvious fear sale, so that’s a good thing. And we have something to offer that the IT security companies don’t, mainly our focus on counter-intelligence and surveillance that Fred and Stick know better than anyone on the planet... Could we develop some ideas and procedures on the idea of ´leak-focused’ network security that focuses on preventing one’s own employees from leaking sensitive information... In fact, I’m not so sure this is an IT problem that requires an IT solution." Like WikiLeaks’ diplomatic cables, much of the significance of the emails will be revealed over the coming weeks, as our coalition and the public search through them and discover connections. Readers will find that whereas large numbers of Stratfor’s subscribers and clients work in the US military and intelligence agencies, Stratfor gave a complimentary membership to the controversial Pakistan general Hamid Gul, former head of Pakistan’s ISI intelligence service, who, according to US diplomatic cables, planned an IED attack on international forces in Afghanistan in 2006. Readers will discover Stratfor’s internal email classification system that codes correspondence according to categories such as ’alpha’, ’tactical’ and ’secure’. The correspondence also contains code names for people of particular interest such as ’Hizzies’ (members of Hezbollah), or ’Adogg’ (Mahmoud Ahmedinejad). Stratfor did secret deals with dozens of media organisations and journalists – from Reuters to the Kiev Post. The list of Stratfor’s "Confederation Partners", whom Stratfor internally referred to as its "Confed Fuck House" are included in the release. While it is acceptable for journalists to swap information or be paid by other media organisations, because Stratfor is a private intelligence organisation that services governments and private clients these relationships are corrupt or corrupting. WikiLeaks has also obtained Stratfor’s list of informants and, in many cases, records of its payoffs, including $1,200 a month paid to the informant "Geronimo" , handled by Stratfor’s Former State Department agent Fred Burton. WikiLeaks has built an investigative partnership with more than 25 media organisations and activists to inform the public about this huge body of documents. The organisations were provided access to a sophisticated investigative database developed by WikiLeaks and together with WikiLeaks are conducting journalistic evaluations of these emails. Important revelations discovered using this system will appear in the media in the coming weeks, together with the gradual release of the source documents. The Global Intelligence Files - List of Releases

As the European Parliament considers passing a directive that would target hacking, EFF has submitted comments urging the legislators not to create legal woes for researchers who expose security flaws. In the United States, laws such as the Digital Millennium Copyright Act and the Computer Fraud and Abuse Act have created a murky legal landscape for researchers who conduct independent analysis of technology for security threats. Throughout the world, the Convention on Cybercrime has caused similar problems. Now, new vague and sweeping computer crime legislation is back on the European Union's agenda threatening coder’s rights: the European Commission’s proposal on a draft Directive on Attacks Against Information Systems [pdf]. All told, the European Commission needs to make a stronger case for why this directive is needed at all. We believe it is largely duplicative of the Convention on Cybercrime, which itself is riddled with problems. Should the proposed directive move forward, however, we urge the Parliament to improve several aspects. No criminalization of tools The main so-called “novelty” of the draft directive is the criminalization of the use, production, sale, or distribution of tools to commit attacks against information systems. In our submission to the European Parliament, we opposed the wholesale criminalization of these tools: while they can be used for malicious purposes, they are also crucial for research and testing, including for "defensive" security efforts to make systems stronger and to prevent and deter attacks. We urge the Parliament to focus on the intent behind using the tool, rather than mere possession, use, production, or distribution of such tools per se. The latter approach threatens valuable security testing that makes technology more robust and benefits us all. Protect coders’ rights to unauthorized access to computers for security testing We asked the European Parliament to protect researchers who access a computer system without explicit permission when the perpetrator does not have a criminal intent, or mens rea. This protection is needed to safeguard security researchers’ rights to free expression and innovation. Examining computers without the explicit permission of the owner is necessary for a vast amount of useful research, which might never be done if obtaining prior permission was a legal requirement. The language of the draft Directive resembles language in the Computer Fraud and Abuse Act (CFAA), which provides, among other things, that it is illegal to ‘intentionally access[] a computer without authorization or exceed[] authorized access, and thereby obtain[] . . . information from any protected computer.’ The precise scope of the phrases "without authorization" and "exceeds authorized access" has been hotly disputed in the US courts, with the US government and private companies arguing for a broad interpretation that would go so far as to criminalize violations of private contractual agreements. 1 If adopted by European courts, this approach threatens to put the immense coercive power of criminal law into the hands of those who draft contracts. This means that private parties, rather than lawmakers, would be in a position to determine what conduct is criminal, simply by prohibiting it in an agreement. Criminalizing breaches of website terms of use could turn millions of Internet users into criminals for typical everyday activities. The US experience can serve as a warning to European legislators that vague ill-defined terms can have deleterious effects on free expression, innovation, and competition, especially with respect to the meaning of "authorized" computer access. Protect coders' rights to free expression and innovate Finally, we asked the European Parliament to protect security researchers’ right to free expression. Their ability to freely report security flaws is crucial and highly beneficial for the global online community. Public disclosure of security information enables informed consumer choice and encourages vendors to be truthful about flaws, repair vulnerabilities, and improve upon products. For example, in early February, two German security researchers reported a vulnerability in two encryption systems that could allow eavesdropping on hundreds of thousands of satellite phone calls. Public disclosure of this kind of research allows consumers to be better informed and aware that their communications are not actually protected, which in turn lets them make thoughtful choices about the technology they use. Hopefully it could even inspire the European Telecommunications Standards Institute to formulate a stronger security algorithm that protects users’ privacy. In our submission, we asked the Parliament to protect the rights of those researchers and whistleblowers. In the course of fixing a problem, they could inadvertently violate laws—even if they never intend to steal information, invade people’s privacy, or otherwise cause harm. By reporting the vulnerability, researchers could risk exposing themselves to a lawsuit or criminal investigation. On the other hand, potentially serious security flaws will go unaddressed if security researchers are forced to withhold information to protect themselves from possible legal liability. All told, the European Commission hasn’t demonstrated that this proposed directive is necessary, and we don’t think it is. If this proposal moves forward, though, the European Parliament needs to narrowly define and clarify it. The goal should be to leave breathing room for legitimate security research and testing, allowing security researchers to flourish and do what they do best. https://www.eff.org/deeplinks/2012/02/eff-european-parliament-protect-coders-rights

le criptezi sa nu apara pe google, le dai paste aici, click encrypt, dai edit la primul post si pui codu care ti-l genearaza

conteaza mai mult detalii tehnice decat designul

Recent au tot aparut diverse informatii cu privire la urmatorul model de iPhone. Ca inginerii si designerii de la Apple sunt extrem de secretosi cand vine vorba despre produsele la care lucreaza, nu mai incape nicio indoiala. Cu toate acestea, silueta mult-asteptatului iPhone 5 pare sa se contureze in ochii milioanelor de fani si pasionatilor de tehnologie. Daca urmatorul iGadget va arata insa asa cum este prezentat in imaginile de mai jos, cea mai admirata companie americana va inregistra vanzari record. Un designer independent, citat de Business Insider, a prezentat cateva fotografii in care este ilustrat conceptul iPhone 5. De unde a obtinut insa Frederico Ciccarese interesantele schite nu stim cu exactitate, caci acesta i-a rugat pe jurnalistii site-ului american sa pastreze confidentialitatea. Pozele prezentate mai jos ilustreaza un smartphone total diferit de iPhone 4S, ultimul prototip de la Apple, lansat in octombrie 2011. Schitele dezvaluie un telefon usor curbat, argintiu, dotat cu camera centrala, cu un ecran mai mare decat iPhone 4S si cu un logo luminat printr-un led. Ramane de vazut insa daca realitatea va intrece fictiunea. iPhone 5 ii va lasa muti de uimire pe fanii Apple. Schimbare la 180 de grade GALERIE FOTO - www.InCont.ro

This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), we've added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. New modules since the last weekly update include 12 VMWare modules, a Javascript keylogger (as detailed on the blog), exploits for Horde and Java, a generic directory traversal module, and an IIS info disclosure module. See the new product news section for more information! https://community.rapid7.com/docs/DOC-1701 video: https://community.rapid7.com/videos/1256 Download

Salut, Bine ai venit.

Free Password Generator - Generate passwords instantly online! si le scrieti pe hartie

Box for Android and Android Tablet lets you view and share files from anywhere! Box provides simple, secure sharing from anywhere – letting you easily store files online, send big files quickly, access content from your Android phone or tablet, and collaborate with others. Now through Friday, March 23, 2012, log in to receive a free 50GB account upgrade! Box for Android lets you: * Access, create and view content on your Android phone or tablet * Upload multiple images, videos and files from the SD card * Save files to your SD card for offline access * Easily share files and folders with links * Invite colleagues to shared folders and leave comments on files for them (note that you’ll need to grant permission for the app to access your contacts – we only use this permission to quickly retrieve email addresses when you want to invite collaborators, and we do NOT store any contact information on Box’s servers) * Find content fast with built-in search * Save files you edit or create in other Android apps to your Box account * Add a widget to your home screen to see updates on files by colleagues More than 7 million users, including 82% of the FORTUNE 500, rely on Box for simple, secure content sharing. Companies such as Pandora, TaylorMade, Clear Channel and Six Flags are successfully building collaborative mobile workforces and realizing the benefits of Box's mobile solution -- which saves a typical company over 3,000 hours a month. Upgrade to Box Business to collaborate with shared workspaces and sync files to your PC for offline access. "I haven't taken my laptop on the road since I started with Box. I run the entire company off my tablet." - Lance Locher, SVP, Clear Channel - Total Traffic Network “In this firm, there's been a huge move to a new mobile workforce. Having cloud-based, mobile access to our content has saved an immeasurable amount of time." - Greg Dasher, Integrated Projects Director, Balfour Beatty Construction https://market.android.com/details?id=com.box.android