Jump to content

M2G

Moderators
  • Posts

    1838
  • Joined

  • Last visited

  • Days Won

    31

Everything posted by M2G

  1. Site: rstcenter.com Date: 05.06.2012 Author: M2G Cand se vorbeste despre un sistem Linux, de cele mai multe ori se vorbeste despre Fedora, Ubuntu, Debian, OpenSUSE, Back|Track. De ficare data cand incercati sa instalati un sistem de operare, fie el Linux sau Windows faceti aceasi pasi: Trageti de pe net un ISO Il ardeti pe un CD/DVD Instalati sistemul de operare Si apoi petreceti cateva ore bune instaland aplicatii si facand configurari Se pare ca cei de la SUSE au realizat un sitem care sa rezolve aceasta problema si sa dea mai multa putere de alegere utilizatorului. Acest serviciu se numeste SUSE Studio si poate fi gasit aici: Welcome to SUSE Studio Procesul configurarii unei distributii este foarte simplu. Tot ce trebuie sa faceti este sa va creati un cont sau sa va logati cu unul din conturile voastre de facebook, twitter, google, yahoo, novell sau openID. Dupa ce va logati o sa vedeti o lista cu sistemele pe care le puteti configura: De la sistemul standard pana la cele enterprise. Pentru a trece la pasul urmator o sa aleg sistemul openSUSE 12.1 cu Gnome Dektop: Dupa ce am creat sistemul de baza urmeaza sa configuram sistemul, sa adaugam software, sa personalizam unele aspecte. In tabul Software cautam si selectam pachetele software pe care vrem sa le includa distributia noastra. Se pot adauga si alte "repositories" si/sau "RPM's". Am adaugat firefox si pidgin in acest demo: In urmatorul tab "Configuration" putem sa configuram sistemul conform preferintelor. Se pot selecta optiuni pentru a activa sau dezactiva firewall-ul Se poate deschide portul 22 (ssh) Se pot seta optiuni pentru configurarea retelei Se poate selecta limba si layout-ul tastaturii Se pot adauga useri In urmatorul tab se poate seta logo-ul si fundalul: In celelalte taburi din sectiune de configurare se mai pot seta optiuni ca: Modul de boot (grafic, consola etc...) Puteti sa scrieti un EULA Puteti seta baze de date PostgreSQL si MySQL Puteti seta un user care sa se logheze automat Puteti seta aplicatii care sa porneasca automat la pornirea sistemului (autostart) Puteti seta memoria, spatiul de disk utilizat, dimensiunea partitiei de swap pentru virtualizare puteti sa scrieti scripturi care sa ruleze la pornirea sistemului In tabul "Files" puteti alege fisiere care sa fie incluse in sistem(poze, muzica, documente etc..). In final in tabul "Build" se pot seta optiunile pentru a construi sistemul configurat de voi. Dupa ce sa terminat buildul (Dureaza aproximativ 10 min) puteti alege sa descarcati distribuitia sau sa o testati: Aveti optiunea de a testa distributia din browser dar aveti la dispozitie pentru asta doar 60min(oricum se misca cam greu). Distributia va ramane salvata in contul SUSE Studio si puteti sa o descarcati de acolo oricand. De asemenea puteti sa creati mai multe configurari de sisteme si sa le aveti la dispozitie oricand(in limita unor dimensiuni totale de 15GB). Have fun.
  2. We are proud to announce that we have released our brand new extension for Anubis: Andrubis. As the name already suggests, Andrubis is designed to analyze unknown apps for the Android platform (APKs), just like Anubis does for Windows executables. The main goal we had in mind when designing Andrubis is the analysis of mobile malware, motivated by the rise of malware on mobile devices, especially smartphones and tablets. The report provided by Andrubis gives the human analyst insight into various behavioral aspects and properties of a submitted app. To achieve comprehensive results, Andrubis employs both static and dynamic analysis approaches. During the dynamic analysis part an app is installed and run in an emulator. Thorough instrumentation of the Dalvik VM provides the base for obtaining the app’s behavioral aspects. for file operations we track both read and write events and report on the files and the content affected. For network operations we also cover the typical events (open, read, write), the associated endpoint and the data involved. Additionally all traffic transmitted during the sandbox operation is captured and provided as a pcap file. Of course we employ the containment strategies for malicious traffic that have proven their effectiveness with Anubis. Dynamic analysis allows us to detect dynamically registered broadcast receivers that need not be listed before actual execution as well as actually started services. We also capture cellphone specific events, such as phone calls and short messages sent. Taint analysis is used to report on leakage of important data such as the IMEI and also shows the data sink the information is leaked through, including files, network connections and short messages. Invocations of Android’s crypto facilities are logged, too. Finally we report on dynamically loaded code, both on the Dalvik VM level (DEX-files) and on the binary level. The latter include native libraries loaded through JNI. Additionally, we collect information that can be obtained statically, i.e. without actually executing the app. To begin with, we list the main components an app needs to communicate with the Android OS: activities, services, broadcast receivers and content providers. Going into more detail, information related to the intent-filters declared by these components is also included. We recommend to read the Android framework documentation for a detailed explanation on what these components are and which role they play. Runtime requirements are a further aspect: the report displays both external libraries that are necessary to run the app as well as specific hardware features the app requires. Furthermore, we compare the permissions the user has to grant at installation-time with those actually used by the application. We then provide a detailed list of the method calls that require a certain permission. Finally, we also output all URLs that we were able to find in the app’s byte code. Check out the new Andrubis at Anubis: Analyzing Unknown Binaries and submit your APKs! Sursa
  3. M2G

    melodii deface

    Vezi astea: Trailer music - Wikipedia, the free encyclopedia
  4. Authored by: Dr. Joe Hummel Duration: 3h 44m Level: Intermediate Released: 5/29/2012 Discusses the design of asynchronous and parallel applications using the new Task-based model available in .NET 4 and Silverlight 5. Contents: Download: http://ge.tt/6LO6rTI/v/0 (Asteptati pana il termin de urcat, probleme cu site-ul de filesharing) Cele de aici: Async and Parallel Programming: Application Design - Online Training Course for .NET Developers
  5. O atitudine diferita fata de ce se vede in ultimul timp pe aici. Daca vrei carti din care sa inveti da un ochi pe aici: Index of / Bine ai venit si sper sa reusesti sa inveti ce ti-ai propus!
  6. Most modern programming languages, such as Java, C#, Ruby, and Python, are object-oriented languages, which help group individual bits of code into a complex and coherent application. However, object-orientation itself is not a language; it’s simply a set of ideas and concepts. Let Simon Allardice introduce you to the terms—words like abstraction, inheritance, polymorphism, subclass—and guide you through defining your requirements and identifying use cases for your program. The course also covers creating conceptual models of your program with design patterns, class and sequence diagrams, and unified modeling language (UML) tools, and then shows how to convert the diagrams into code. Topics include: Why use object-oriented design (OOD)? Pinpointing use cases, actors, and scenarios Identifying class responsibilities and relationships Creating class diagrams Using abstract classes Working with inheritance Creating advanced UML diagrams Understanding object-oriented design principles Contents: Download: i-lynfopood.iso (Aveti unpic de rabdare pana se uploadeaza ca nu merge foarte repede. 20% in momentul in care am facut threadul.) Sunt cele de aici: Tutorials | Foundations of Programming Object-Oriented Design
  7. battlelab robotica digilent design contest Parca mai erau ceva dar astea mi le amintesc acum. Urmareste site-ul celor de la Digilent, ei se ocupa cu asa ceva.
  8. M2G

    Fun stuff

    http://www.youtube.com/watch?v=yHFnrWo_lDU
  9. Recently, we've seen a few attacks in the wild targeting a patched Adobe Flash Player vulnerability. The vulnerability related to this malware was addressed with a recent patch released by Adobe on May 4th. On the Windows platform, Flash Player 11.2.202.233 and earlier is vulnerable. If you're using vulnerable version, you need to update your Flash Player now to be protected against these attacks. We had a chance to analyze how the malware (sha1: e32d0545f85ef13ca0d8e24b76a447558614716c) works and here are the interesting details we found during the investigation. The following diagram shows the overview of the attack flow. The attack is initiated by sending a malicious document that contains a SWF download trigger and a malicious binary. The document doesn't contain any malicious SWF payload at all. Figure 1 Overview of the attack Here is the detailed process that describes how the infection occurs when the victim opens the malicious document: 1) When the user opens the malicious document, the SWF download trigger part of the document downloads external content for rendering. This is specifically crafted to download malicious SWF content from malicious server 1. The embedding feature is not malicious itself, but the downloaded SWF is malicious and abuses the vulnerability in the Adobe Flash Player plugin. 2) The malicious SWF content is downloaded to the user's application and is rendered. The malicious SWF is a wrapper with the actual payload encoded inside it and is loaded dynamically. We call this dynamically loaded content layer 2 SWF. The layer 2 SWF is loaded and spreads heap spraying code on the target application's memory space. 3) The vulnerability trigger part of the layer 2 SWF contacts the designated malicious server to retrieve malicious data. This data causes the vulnerability to manifest. 4) The heap spray code loaded by layer 2 SWF is executed when the vulnerability is triggered. 5) The shellcode inside this layer 2 SWF decrypts a PE file from the malicious document. First of all, it enumerates all the opened handles to find the original malicious document - if the enumerated file contains an 8 byte marker at a certain offset then it is found. Then it decrypts the PE file from 0x10 bytes after the found marker. Each byte is XORed with a hard coded key while skipping byte zero and the byte with the same value as" key". After decryption, the PE file (SHA1: 27c8bdacd4023858a810bec917381c6a7512715e) is detected as TrojanDropper:Win32/Glacid.A. Compared to other attacks in the past, this attack is a little bit more complicated as different elements work together to achieve the whole attack. Each modularized component is designed to be configurable. For example, when the original malicious SWF is downloaded from malicious server 1, the original malicious document is crafted to pass HTTP request parameters which will be used inside the malicious SWF file. The following packet capture shows one of the example requests we obtained. We can see that the request is using the "info" and "infosize" HTTP parameters. These parameters are later used in layer 2 SWF. Figure 2 Malicious SWF Download Request Here is the layer 2 SWF code which uses one of the dynamically passed parameters. The data dynamically passed is converted to binary form and is decompressed. The decompressed data is connection information about malicious server 2 which serves malicious data. Figure 3 Parameter Usage Inside Layer2 SWF As we saw from the overview diagram, layer 2 is loaded dynamically from the malicious SWF. The following code from the malicious SWF file shows how the layer 2 SWF file is loaded. The "loadBytes" method from "flash.display.Loader" class is called to load layer 2 SWF dynamically. This is a very typical way of loading malicious layer 2 SWF as seen in recent SWF malware. Figure 4 Dynamic Loading Of Layer2 SWF Using loadBytes One notable thing with the layer 2 SWF file is that it is using the"Shared Object" feature from Adobe Flash Player. This is the mechanism to save persistent data on a user's machine which can be shared through sessions. When the same SWF file is loaded later, it can retrieve previously saved data from this "Shared Object". By using this "Shared Object" feature, the malware avoids multiple exploitation attempts by checking the existence of the data and not performing the exploitation when it is found. Figure 5 Usage Of Shared Object To Prevent Multiple Exploitation As usually seen from malware abusing Adobe Flash Player, this malware is also using a heap spray technique to achieve shellcode execution. The following code part shows how the heap spray is happening. During this heap spray phase, you can observe that the application's memory usage spikes. Figure 6 Heap Spraying The following picture shows what the shellcode sprayed on the memory looks like. When the exploitation is successful, the control flow is passed to one of these sprayed shellcodes in the memory. Figure 7 Sprayed Shellcode On the Memory The overall attack requires multiple modules to work together. We don't see the attack as widespread yet. The vulnerability is not about the carrier that triggers the downloading of the SWF, but more of the Adobe Flash Player's vulnerability. So, if you update your Adobe Flash Player, you can prevent the attack from affecting you. Sursa: A technical analysis of Adobe Flash Player CVE-2012-0779 Vulnerability - Microsoft Malware Protection Center - Site Home - TechNet Blogs
  10. Yahoo! today announced their new Axis web browser. It is implemented as an extension to Chrome, Firefox and Internet Explorer. I installed the Chrome extension (direct link to original Chrome extension, probably not a good idea to install it) with the idea of checking out the source code. The first thing I noticed is that the source package contains their private certificate file used to sign the extension: The certificate file is used by Yahoo! to sign the extension package, which is used by Chrome and the webstore to authenticate that the package comes from Yahoo!. With access to the private certificate file a malicious attacker is able to create a forged extension that Chrome will authenticate as being from Yahoo! Demonstration To demonstrate the vulnerability, I cloned the source to the extension and added a content script that will prompt a Javascript alert. I then signed my forged extension with the Yahoo! certificate, and installed it in Chrome. The code for the original Yahoo! extension, and the forged extension I created have been checked into GitHub in a repository at http://github.com/nikcub/yahoo-spoof The source is the same as the original Yahoo! Axis extension except for this content script which triggers an alert. Warning: Only install the forged extension if you know what you are doing Here is a link to a build of the forged extension. It is the same as the original Yahoo! source except it includes a content script that will popup a javascript alert on each page, and it has been signed by Yahoo! (well, me). This is a proof of concept. When you click on that link it will install the extension in Chrome. Removing the Extension See the detailed instructions on the Google Support website on managing extensions. There is also a page detailing how to remove extensions permanently. First open the Chrome Extensions setting window. Either: a) On Mac OS X click on 'Window' and then 'Extensions'. On Windows click on 'Tools' then 'Extensions', or Click on the wrench icon that is located to the right-hand side of the address bar, click on Tools and then Extensions c) Visit the address chrome://extensions in your address bar. This works on all platforms Then when you have the extensions setting page open. scroll down until you see the Yahoo! Axis extension and either uncheck the 'enabled' checkbox, or mouse over the trash icon to delete it. Implications The clearest implication is that with the private certificate file and a fake extension you can create a spoofed package that captures all web traffic, including passwords, session cookies, etc. The easiest way to get this installed onto a victims machine would be to DNS spoof the update URL. The next time the extension attempts to update it will silently install and run the spoofed extension. I immediately reported this to Yahoo! on their security contact address and have yet to hear back. Update: Regarding responsible disclosure. I have a long history of contacting vendors and working with them on security and privacy leaks. I have probably reported over a hundred incidents over the past 15 years. The way this came about was out in the open, and started with tweet pointing out the file and only later in the conversation was the possible seriousness of the leak established. It was only via conversations and messages on Twitter after the initial tweet that we worked out that this could be a serious issue, but I contacted Yahoo almost right away. I think it is important for users to know that there is potentially an issue here and to be wary of it. With hindsight I would have kept it to myself and messages Twitter, but I relied on a number of other people on Twitter who responded to my original message to ascertain the potential of this disclosure. There is also an element of obviousness in this vulnerability. Any developer who is familiar with how Chrome extensions are verified who looked at the source of this package would have seen and noticed the certificate file. Axis: Yahoo! Axis - A new way to search and browse Chrome extension(direct link): http://sxp.yimg.com/ei/ynano/YAxis_Chrome_v1_0_20120520.crx Demo: http://github.com/nikcub/yahoo-spoof Sursa: New Web Order - Yahoo Axis Chrome Extension Leaks Private Certificate File
  11. M2G

    Security links

    Ai intrat macat pe linkurile alea? Majoritatea dau 404 sau redirectioneaza catre IBM si alte site-uri pe care nu am vazut mare lucru..
  12. M2G

    Fun stuff

    Bump ca e prea tare asta Tex, te recomanda Gina Pistol!
  13. M2G

    Fun stuff

  14. Dupa ce faci un proiect te duci in folderul creat de visual studio si dezarhivezi astea acolo: glut-3.7.6-bin.zip Ar trebui sa mearga.
  15. M2G

    C++ help

    Uite o carte in romana care sper sa te ajute: TOTUL DESPRE C SI C++ (MANUALUL FUNDAMENTAL IN C SI C++).pdf Eu am ceva experienta in Java dar de curand am inceput sa mai studiez si C++ pentru ca mi se pare ca ofera mai multe posibilitati, e un limbaj mai puternic care iti ofera mai mult control. Apropo, un client-server in java arata cam asa: Server: package com.m2g.hospital.server.hospitalServer; import java.io.IOException; import java.net.ServerSocket; public class HospitalServer { private static int port = 1337; private static boolean listening = true; public static void main (String[] args) throws IOException { ServerSocket server = null; try { server = new ServerSocket(port); } catch (IOException e) { System.err.println("Could not listen on port: " + port); System.exit(1); } while(listening) { new HospitalServerThread(server.accept()).start(); } } } Client: package com.m2g.hospital.client.hospitalClient; import java.io.IOException; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.net.Socket; import java.net.UnknownHostException; import com.m2g.hospital.server.data.Command; public class HospitalClient { private static int port = 1337; private static String host = "localhost"; private ObjectOutputStream out; private ObjectInputStream in; public HospitalClient() { Socket socket = null; try { socket = new Socket(host, port); out = new ObjectOutputStream(socket.getOutputStream()); in = new ObjectInputStream(socket.getInputStream()); } catch (UnknownHostException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } } public ObjectOutputStream getOut() { return out; } public void setOut(Command obj) { try { out.writeObject(obj); out.flush(); } catch (IOException e) { e.printStackTrace(); } } public Object getIn() { try { return in.readObject(); } catch (IOException e) { e.printStackTrace(); } catch (ClassNotFoundException e) { e.printStackTrace(); } return null; } public void setIn(ObjectInputStream in) { this.in = in; } }
  16. M2G

    Voyo

    Incearca cu Internet Download Manager Plus: Internet Download Manager: the fastest download accelerator Il gasesti si pe filelist.
  17. After the big Galaxy S III announcement we knew it would only be a short amount of time before the cool software features were pulled from the phone for use across other Android devices. One of the more noteworthy GSIII features is the S-Voice app, basically Samsung’s version of Siri. Thanks to XDA member Ascarface23, we now have a working S-Voice apk that has been tested to work on various Android 4.0.4 roms across various devices. I was able to successfully install the app on my Galaxy Nexus running the latest AOKP rom and it has also been reported to work on CM9 as well. How to install: You can either install it through the Android package installer like any other 3rd party app but reports suggest it is better to install it as a system app. To install as a system app do the following: Make a nandroid backup! (just to be safe) Download the apk on your SD card Using a file manager, copy/paste into system/app Longpress the apk file from Within system/app, select “permissions” and change to r-w, r, r UPDATE: If you are experiencing force closes or other issues after installing as a system app, try this route: After the app is installed, use a file explorer and navigate to system/app and press on the voicetalk.apk to reinstall again over top of the original install. Readers have reported that this helps with ongoing issues. (Thanks RubinRybnik!) Side note: I should mention one thing from my brief experience with the app. Don’t try to change the wake up command because that will usually result in a force close situation and you will have to reinstall and start over. I would just leave it at “hi Galaxy” and just be happy that it works. Download: voicetalk.apkAveti nevoie de Andoid ICS ca sa va mearga! Sursa: S-Voice Pulled from the Galaxy S III, Download the App Now! | TalkAndroid.com si 400+ Games for you pleasure!! Enjoy!! - xda-developers
  18. Nu vezi ca omu trolleaza la greu? Cum ce sa faci? Ignora si fa ceva util... Nu ma prea implic in threaduri de genul acesta dar multi ati face orice pentru unpic de atentie. Think about it.
  19. "Haha" hai sa radem ca doar e topic facut de admin. Nu conteaza ca e thread idiot dar hai sa ne amuzam pentru ca e deschis de un admin. :|
  20. Ma, eu am inteles altceva din postul asta. Ce am inteles eu e ca Microsoft practic nu baneaza un alt browser cum scrie in titlu. Ce se inampla e ca aplicatiile x86 nu or sa ruleze pentru versiunea ARM al sistemului de operare. Din moment ce Chrome si Firefox nu au suport (cel putin momentan) pentru arhitecturi ARM, acestea nu or sa ruleze pe Windows RT. Mai ramane o singura optiune pentru un utilizator Win RT si asta este sa foloseasca browserul default, adica IE. Daca mozilla si Google or sa faca o varianta a browserului care poate rula pe arhitecturi ARM, atunci o sa puteti instala si chrome/firefox pe acel SO. Nu mi se pare ca este o strategie de a creste popularitatea IE desii asta se intampla ca un rezultat al incompatibilitatii instructiunilor X86 cu ARM in acel sistem de operare. Se spune clar in primele randuri ca aplicatiile X86 nu or sa ruleze pe Windows RT. Google si Mozilla nu au decat sa faca o noua versiune de browser care sa ruleze pe acea platforma.
  21. Din seven pounds: Sapte suflete (2008) - IMDb On:
  22. Da! Stiam cum merge SSL doar ca nu stiam daca si in cazul acesta e la fel. Deci pana la urma tot e o entitate la mijloc care elibereaza certificatele si noi ar trebui sa avem incredere in ea. Multumesc de raspuns!
×
×
  • Create New...