-
Posts
1838 -
Joined
-
Last visited
-
Days Won
31
Everything posted by M2G
-
Traian Basescu a promulgat asa numita 'lege Big Brother'
M2G replied to Nytro's topic in Stiri securitate
Un vot nu face diferenta? Pai atunci de ce ar mai vota cineva din tara asta? Mai gandesc la fel ca tine inca 5 mil de oameni si asa se aduna 5 mil voturi. E aceasi chestie ca si cand zici "hai sa arunc pe jos petul asta de bere ca doar nu se observa ca e doar unu". Mai vin 5 care zic la fel si deja is 5 peturi de bere..in fine.. Stati acasa si ziceti ca nu aveti cu cine sa votati si cand va merge rau iesiti in strada la scandal. E comic...sau trist, nici nu stiu. Stiti cum se fraudeaza voturile? Pentru fiecare persoana care sta acasa si nu merge la vot ramane cate un buletin de vot gol. Alea se pot stampila ulterior si folosite in avatajul unui candidat sau altuia. Mai bine mergeti la vot si stampilati peste tot pe buletinul de vot astfel incat sa fie anulat. Macar daca nu aveti un simpatizant, stiti ca votul vostru nu ajuta la fraudarea alegerilor. Stiti ce ii lipseste acestei tari? Solidaritatea. -
Traian Basescu a promulgat asa numita 'lege Big Brother'
M2G replied to Nytro's topic in Stiri securitate
Baieti, vin vremuri grele. Puneti ceva bani la ciorap pentru asa ceva: http://www.ubnt.com/nanostation -
In primul rand trebuie sa incarci fisierul cu mailurile si trebuie sa salvezi intr-o lista fiecare linie citita din acel fisier. Dupa ce ai facut asta ar trebui sa ai o lista cu toate mailurile din fisier. Cand vrei sa le trimiti doar parcurgi acea lista cu un for si trimiti un mail pentru fiecare. Ca sa afiseze cate a trimis faci un contor pe care il incrementezi dupa fiecare trimitere. Reading a Text file Line by Line - Visual Basic - Source Code | DreamInCode.net ArrayList Class (System.Collections) How to use VB.NET ArrayList VB.NET Collections Tutorials Invata sa scrii cod. Ce faci tu, nu e programare.
-
Hai ma ca e simplu. Uita-te cum a facut totti la prima varianta. Varianta a doua are diferit fata de prima doar acele asignari de variabile: in loc de x = a ai a = a - b. La fel si la celelalte... Deci codul e cam asa: #include <iostream> using namespace std; int main() { float a, b; cin >> a >> b; a = a - b; b = a + b; a = b - a; cout << a << endl << b; return 0; } //sorry ai fost mai rapid totti
-
Eu folosesc de obicei asta: 10 Minute Mail
-
The md5crypt() author says the algorithm is no longer secure
M2G replied to me.mello's topic in Stiri securitate
Just use SHA-2. -
A pair of cybersecurity researchers say an encrypted chip used by the military and nuclear power plants has a secret 'backdoor' that can be hacked. It could be a wakeup call for the industry. A secret nanoscale "backdoor" etched into the silicon of a supposedly secure programmable chip could give cyberattackers access to classified US weapons systems, including guidance, flight control, networking, and communications systems, according to a new report by cybersecurity researchers in Britain. The Cambridge University study is apparently the first public documentation that such a serious vulnerability has been deliberately built into a class of microchips used across the military and in key industrial applications such as power grids, the researchers say. The discovery underscores the Pentagon's growing concerns over the vulnerability of the "supply chain" for computer chips it relies on. The new research illustrates how spying or even destructive functions, such as a "kill switch" that could make a plane fall out of the sky like a brick, could be added unnoticed to microchips while they are being designed and manufactured either at home or overseas, hardware-security experts say. The chip in question – one of the ProASIC3 (PA3) line – is designed by a California company but manufactured in China. It is not know how or why the backdoor was installed on the chip, but experts say it is highly unlikely that it was inserted nefariously during the manufacturing process in China. More likely, it might be merely an overlooked feature left over from a period of early development, some say. Yet how the backdoor got there is, in many ways, less important than the fact that it is there at all, the experts add. It suggests that even the PA3 chip, purchased by a variety of critical industries and touted as having "one of the highest levels of design security in the industry," could have exploitable vulnerabilities that users don't even know about. "The major concern here is: If there are backdoors built into other chips, how easy will it be to find them?" says Sergei Skorobogatov, the researcher who led the Cambridge University study, in an interview. "It doesn't really matter much if it's a backdoor or a special test function embedded by the original chip designer. All a hacker wants is access to the chip.... If the attacker can find it and use it, he gets what he wants." What the chip does The PA3 A3P250 chip is a field programmable gate array, meaning it is basically a blank slate ready to be programmed to perform myriad functions. Experts agree that the chips are used widely by the US military in various settings, some likely to be critical, others likely to be much less so. Strong encryption protects the chip from further changes. But the Cambridge report, titled "Breakthrough silicon scanning discovers backdoor in military chip," claims to have found an internal passcode and other vital keys needed to make big changes can be filched through the hidden backdoor. Once inside the chip's backdoor, the potential for mischief is significant. The chip can be reprogrammed to do anything the attacker wants it to do, including erase itself or divulge information like classified algorithms for targeting, flight control, and other systems, the researchers say. Moreover, successful attackers would have access to proprietary secrets behind the chip's design. "This means the device is wide open to intellectual property theft, fraud, re-programming as well as reverse engineering of the design which allows the introduction of a new backdoor or Trojan," writes Mr. Skorobogatov and fellow Cambridge researcher Christopher Woods in their paper. Concern about kill switches These are some of the concerns that have led the Pentagon and intelligence agencies to accelerate the development of tools that can scrutinize chips for signs of intentionally built-in microscopic vulnerabilities. A kill-switch, for example, could allow an adversary to send a command that could cause a critical failure on a computer controlled weapon system like a jet fighter, these experts say. "There's a lot of concern within the US military and intelligence agencies that people, other governments, could be putting into these chips not just backdoors, but kill switches that are extremely difficult to detect," says David Adler, president of DLA Instruments Corp. of San Jose, Calif., which is assisting the Pentagon in its efforts to detect microscopic tampering. The concern spreads beyond the military. The chips are also used widely in nuclear power plants, power distribution, aerospace, aviation, public transport, and automotive products, and the discovery could pave the way for cyberattacks on vital infrastructure. "This permits a new and disturbing possibility of a large scale Stuxnet-type attack via a network or the Internet on the silicon itself," the Cambridge researchers write, referring to a now notorious cybersabotage attack on centrifuge systems inside Iran's nuclear fuel-enrichment facility – an attack recently identified as the handiwork of the US and Israel. "To our knowledge, this is the first documented case of finding a deliberately inserted backdoor in a real world chip," the researchers state. Chipmaker's response The chip's maker, Actel, now a subsidiary of Irvine, Calif.-based Microsemi Corp., disputes the researchers' claim, saying there is no backdoor at all, while also noting that future designs will be even more secure. "Microsemi can confirm that there is no designed feature that would enable the circumvention of the user security," the company said in a statement. "The researchers assertion is that with the discovery of a security key, a hacker can gain access to a privileged internal test facility reserved for initial factory testing and failure analysis. Microsemi verified that the internal test facility is disabled in all shipped devices." The report arrives on the heels of another recent backdoor revelation. In April, a cybersecurity researcher in San Francisco went public with evidence that a technology firm with ties to the military, Canada-based RuggedCom, also had a backdoor built into the firmware of an industrial control system router that it touted as secure. In that case, RuggedCom was able to issue a patch to eliminate the vulnerability. But backdoors left in chips cannot be patched. Moreover, backdoors are extraordinarily difficult to find. Finding a backdoor is roughly equivalent to comparing every street address from a satellite image of North America to a map of North America just to be sure they match and that no fake addresses have been added, DLA's Mr. Adler says. That suggests many more backdoors may be out there waiting to be found by friend or foe. "It's hard to say about this discovery, but it could be a canary-in-the-coal-mine-type incident that indicates a big problem," says Olin Sibert, an expert in hardware systems security and founder of Boston-based Oxford Systems Inc. "It would not be surprising if similar vulnerabilities were found elsewhere in widely used components." This shows how important it is that security awareness be pervasive throughout a manufacturing organization, he says. A China role? In this case, he agrees, there doesn't yet appear to be any sign of malicious intent from China or anyone else. "There's lots of chips manufactured in China," Mr. Sibert says. "It's theoretically possible, but it would be very difficult for them to install this sophisticated backdoor." One factor that mitigates against the vulnerability being used to install a kill switch is that physical access would be needed to most of the chips that have been deployed, Skorobogatov says. Even so, at least some of the chips have been "wired to the network" to enable reprogramming – and therefore they and their backdoors are reachable over the Internet, he says. Even if the chips are just inside telephones, the idea of being able to modify them "is a critical concern," Adler says. "If you are using encryption in a call and someone can disable that and eavesdrop on the call – that's a big concern." Regardless of the origin of the backdoor, more are likely to be found as researchers become more adept at searching and new tools become available. "What the researchers have found is ... the strongest suggestion to date that those who claimed complete security for their systems are at best mistaken," says Andrew Righter, a researcher at the University of Pennsylvania. "What the researcher has done is said – in the middle of the parade – 'The emperor has no clothes' to the manufacturing industry that says all our toys are secure." "We are going to see a lot more chips fall to these attacks and a lot of companies backpedaling, trying to explain why these backdoors exist," Mr. Righter says. Sursa
-
The Debugging Chronicles I course showcases a debugging process closely related to that of Detective work. I'll show how you can follow the detective process in order to tackle the toughest of bugs. The case studies range from problematic Windows Services to a complete library system build around WCF and hosted in IIS. Furthermore the library system uses other.NET frameworks (such as EF and ADO.NET) to increase the complexity. Each of the Crime Scenes will tackle a particular bug by utilizing the debugging detective process as well showing the complete analysis of how to arrive at root cause (using a plethora of super useful tools including the native debuggers). Download: rstcenter.com Debugging Chronicles I.rar Cele de aici: Debugging Chronicles I - Online Training Course for .NET Developers
-
Poate azi cauti informtii despre ce e ddos si cum se face un astfel de atac. Poate mai spre seara faci un tool care da ping. Tool inutil in ziua de azi dar din care ai ceva de invatat. Poate maine incepi sa studiezi mai mult si intelegi mai bine sistemul. Incepi sa faci modificari la tool. Dupa cateva saptamani/luni de studiat si incercat poate ai o chestie noua la care nu sa gandit nimeni pana atunci? Acum intrebarea: Cum ai ajuns sa faci un tool nou daca nu ai inceput prima data de undeva? Nu e o rusine sa studiezi, nu e o rusine sa inveti lucruri de baza. E rusine mai mare sa postezi ca ai gasit un xss cand defapt nu prea stii ce ai facut sau cum il poti expoata. Nu suntem toti nascuti invatati ca si unii de pe aici... "Viata e greu." Apropo ahead, nu sunt eu atutorul clipului. L-am postat doar dupa ce l-am vazut si mi sa parut util.
-
Foarte multi de pe forumul acesta sunt "la inceput". Care inceput, nu stiu. O sa stati toata viata sa cautati xss si sa traiti din asta? E ok pentru o vreme si pentru a invata despre securitate dar multi raman doar la a cauta si a posta vulnerabilitatea. Nu au habar ce se intampla defapt sau cum ar putea chiar ei sa rezolve problema. Majoritatea cand vad un camp unde pot sa introduca un input baga repede vectori de xss, daca are noroc ii sare o alerta si dupa asta posteaza la showoff pentru ca e smecher. Ce basca lui? Macar in video-ul acesta va arata cum se scrie codul php si explica bine tipul astfel incat sa inteleaga fiecare. Eu, cel putin, nu folosesc asa ceva si nu stau sa caut dupa xss-uri sau sqli pentru ca am alte pasiuni si prioritati dar de dragul informatiei si pentru a invata ceva eu zic ca e un clip bun.
-
Cross Site Scripting (Xss): Form Action Modification
-
Vezi ca nu e voie cu link de ref pe RST. Scoate-l daca vrei sa nu primesti warn. Eventual pune unul sub altul. Cine vrea sa te ajute isi face cont de pe cel cu ref si cine nu, nu.
-
The same hackers responsible for the theft of over 6.4 million LinkedIn passwords also acquired passwords from the popular dating site eHarmony. "After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected," eHarmony's Becky Teroka wrote on the company blog yesterday evening. According to the Los Angeles Times, 1.5 million passwords were stolen. That's significantly less than the 6.4 million LinkedIn passwords, but still a considerable amount of eHarmony's 20 million users. The Russian hacker responsible uploaded the encrypted passwords to a Russian-language website forum. Many of them have been cracked, and while the usernames are not posted, security experts believe the hackers are in possession of that information as well. Similar to LinkedIn, eHarmony has reset the passwords for those with compromised accounts. If you're such a user, you will be prompted to change your password next time you attempt to log in to the site. Still, if you're a LinkedIn or eHarmony user you should still change your password. Additionally, if you have used that password on other sites or services, you should change that password on those sites as well. EHarmony Passwords Stolen By LinkedIn Hackers | ABC News - Yahoo! Hash Download: FileShare Download rst eharmony.txt
-
Eu nu vin la HackaServer ca nu am timp dar vin la o bere mai spre seara daca mergeti.
-
WebSploit is an open source project which is used to scan and analysis remote system in order to find various type of vulnerabilities. This tool is very powerful and support multiple vulnerabilities Download WebSploit Toolkit from SourceForge.net Sursa
-
Creati(personalizati) propria distributie Linux (bazata pe openSuse)
M2G replied to M2G's topic in Tutoriale in romana
Pai din moment ce poti instala aproape orice soft vrei si poti rula si scripturi personalizate cred ca se poate face si ce vrei tu. Nu l-am butonat foarte mult sa pot sa iti zic exact. Mie mi sa parut foarte tare cand am dat de el. Ideea de a configura online un sistem si sa ai apoi posibilitatea sa iti descarci acel iso cu tot ce vrei tu in el. -
Visual Basic .NET programming for Beginners - How to Write to a Text File Greu, greu cu programarea asta... Primul rezultat de pe google.
-
Already in the spotlight over concerns that its iOS app collects full meeting notes and details from a device’s calendar and sends them back to the company in plain text, LinkedIn user accounts are now said to have been compromised, with 6.5 million hashed and encrypted passwords reportedly leaked. Norweigan IT webite Dagens IT reported the breach, with 6.5 million encrypted passwords posted to a Russian hacker site. Security researcher Per Thorsheim has also confirmed reports via his Twitter feed, stating that the attackers have posted the encrypted passwords to request help cracking them. Finnish security firm CERT-FI is warning that whilst user details have not been posted, it is believed that the attackers will have access to user data as well as their passwords. What should you do? For starters, change your password. LinkedIn hasn’t responded to reports at the time of writing, so the breach is yet to be confirmed. However, over 300,000 passwords are said to have been decrypted, and more are being cracked as we write this. We suggest you employ good security practises and amend yours, regardless of whether you have been affected or not. LinkedIn is home to more than 150 million users, suggesting the breach is limited to less than 10% of the professional social network’s userbase, but it will still affect a huge number of users. The unsalted hashes use SHA-1 encryption, and while it is somewhat secure, it can still be cracked if the user employs a simple dictionary password. Earlier today we reported that the LinkedIn iOS app collects full meeting notes and details from your device’s calendar and sends them back to the company in plain text. The information is gathered without explicit permission by a feature that allows users to access their calendar within the app. LinkedIn has took the time to formulate an official response, noting that a new version of the app it on its way. It also provided a list of what it does and doesn’t do with your data. Sursa
-
De cand au inceput sa copieze Chrome l-au stricat urat de tot. Eram fan firefox pana pe la versiunea 4. Am fost nevoit sa trec pe chrome din cauza ca FF se misca infect. Porneste greu, incarca pagini greu, foloseste prea multe resurse etc. LA fiecare versiune lansata se misca tot mai rau.
-
Secure chat system (sketch) Schita postata in 26 aprilie. Oricum al meu e diferit fata de acesta. Ma rog...o sa fie ca deocamdata e doar asa un mockup.
-
Felicitari! Aceasi chestie vroiam sa o fac si eu dar nu am mai apucat sa o termin. Poate pe viitor... Vezi ca nu sunt bune link-urile de download.
-
Mobile security researchers say they have identified flaws in Google's system to keep malware off Google Play. Duo Security's Jon Oberheide and Charlie Miller say they exploited weaknesses in Google's Bouncer service to sneak malicious apps on to the Android market. Oberheide demonstrated in a video presentation (see below) how he submitted a fake app and used a remote shell it got access to when Bouncer attempted to analyze the app. That access allowed the pair to "look for interesting attributes of the Bouncer environment, such as the version of the kernel it's running, the contents of the file system, or information about some of the devices emulated by the Bouncer environment," he said. "This is just one technique to fingerprint the Bouncer environment, allowing a malicious app to appear benign when run within Bouncer, and yet still perform malicious activities when run on a real user's device," Oberheide said in the video, which was released today ahead of a planned presentation later this week at the SummerCon conference. Introduced in February, Bouncer is an automated process that scans apps for known malware, spyware, and Trojans, and looks for suspicious behaviors and compares them against previously analyzed apps. If malicious code or behavior is detected, the app is flagged for manual confirmation that it is malware. Unlike Apple, which vets every iPhone app before it hits the iTunes Marketplace, Google does not require pre-approval for Android apps. Instead, it does the screening of the apps behind the scenes when the developers upload them to the Android Market. However, "while Bouncer may be unable to catch sophisticated malware from knowledgeable adversaries currently, we're confident that Google will continue to improve and evolve its capabilities," Oberheide wrote in a companion blog post. "We've been in touch with the Android security team and will be working with them to address some of the problems we've discovered." http://youtu.be/pQOU5ahJe8c Sursa