Silviu

Nu cred că ar fi atât de cretini să facă exploit-uri care pot fi descoperite de public. Ar putea face o înțelegere internă pe un exploit priv8 la care doar ei să aibe acces prin anumiți pași/chei de acces unice către sistem. O vulnerabilitate ca asta o poate găsi orice cioban cu puțin noroc, așa că tind să cred că nu e vreun serviciu legat de treaba asta, ci doar o scăpare a lor. #my2cents

Mană cerească pentru ciorditorii de aifonuri => Lost and stolen iOS devices could be at risk if ne’er-do-wells learn of this blunt-force method of getting past Activation Lock. No special equipment or technical know-how is required, which means any geek off the streets can do it. Fortunately, it’s easily fixed — but until that happens, you might want to be a little extra careful about leaving your phone unattended. The latest exploit is described by Benjamen Kunz-Mejri, founder of German security outfit Vulnerability Lab. An earlier variation, discovered by Slash Secure’s Hemanth Joseph, affected iOS 10.1 and was reported to Apple in October. Although the company attempted to fix the problem in 10.1.1, adding a twist — literally — the the attack means devices are still vulnerable after the update. When an iOS device’s owner activates Lost Mode through Find my iPhone/iPad, the device is remotely put into Activation Mode, requiring your Apple ID for it to unlock and return it to normal. But logging in requires an internet connection, and for that purpose you can opt to use wi-fi. So the attacker goes to the wi-fi network select screen, and selects “other network.” This is where things get hot. The network name and password fields here have no character limits! Apple wasn’t silly enough to allow arbitrary code execution from the fields, so there’s no serious buffer overflow attack here. But if you put enough characters into both fields (upwards of 10,000) the device will slow down and eventually freeze. Put the device to sleep with a cover, wait a few seconds, and open it up — voila, the home screen! That method worked on 10.1, but with 10.1.1, you have to do a bit of screen rotation and use Night Shift mode. The home screen only shows up for a fraction of a second, but Kunz-Mejri told SecurityWeek that one can get it to stay visible with a well-timed button press. The problem could be fixed with a simple character limit on those fields, a fix Apple apparently overlooked or didn’t have time to implement in the update. TechCrunch has contacted Apple for confirmation and further details, and this post will be updated if we hear back. Sursa: https://techcrunch.com/2016/12/02/copy-and-paste-trick-could-unlock-ios-10-devices-in-lost-mode/

Fă un excel pe Google Shits.

Le-am oprit pentru tine man, chill

Zici tu bre, dar femei bune ca aici mai rar prin alte locuri

Mai am și eu un vecin care hiperbolizează, dar parcă nici chiar așa.

Cum bre.. Există kelogger

Am dat de un site fain unde puteți învăța CSS într-un mod practic: http://cssreference.io/ Mai multe detalii: http://thenextweb.com/dd/2016/11/27/cssreference-io-gorgeous-visual-guide-css/

Aveți grijă în caz că vreți să faceți ceva serios cu domeniul. E o praștie de site al unor indieni.

Și cum de ai nimerit pe RST și nu pe avocatnet? Ți se pare că ăsta e forum juridic? Întreabă un avocat sau dacă nu ai răbdare să vezi ce zice judecătorul.

Dă-mi pe pm Skype-ul tău, vă iau eu un .com

Luați și voi o sărăcie de domeniu că pe tk nu vă vedeți în serp nici cu lupa

10k mililitri de alcool? haha

Ca în fiecare an, RST vă pune la dispoziție pachetul de revelion "lăbarchat", mâncarea și băutura incluse din ce are fiecare pe acasă. Pachetul este gratuit în limita în care un administrator nu se decide să închidă chatul din varii motive ("mai ieșiți în plm și pe afară măcar odată pe an", cum ar zice @Nytro) Nu uitați să aduceți de acasă o farfurie cu meme-uri și niște sarmale.

Bine punctat.

Țâțe = lim (înălțime/greutate) = cam slăbuț. Altfel spus, ferește-te să dai asemenea detalii pe un forum care se vrea (a fost odată) a fi unul de securitate și încearcă să postezi chestii utile, legate de nișa asta pentru că mi-am dat facepalm când am văzut prima ta postare. "Succesuri!"

Boșilor, de când cu Cloudflare, orice puștan are "SSL". Ideea e dacă e necesară într-adevăr o conexiune securizată pe respectivul site.

La mine se încarcă la secundă.

Ala da, e mai decent.

SSD-ul ăla dacă nu îl pun ăștia în fiecare an, zău. Nu te prosti cu Kingston. Ia un Samsung ceva, dacă vrei profi thing.

https://www.zoso.ro/reduceri-black-friday-2016/ Aici sunt majoritatea produselor ce or să fie la ofertă de blec fraierdei.

Salutare! Dacă e pe aici careva serios și e full stack web developer (PHP, NodeJS back-end) și e disponibil pentru colaborare de minim 6 luni, de preferat full time, remote, să îmi lase un PM cu datele de contact (de preferat Skype). O zi faină.

Păi dacă nu te pricepi să dai detalii, în privat cum le dai? Ca sfat: la cum ai prezentat problema, nu o să se sinchisească nimeni să te caute. Oamenii au nevoie de câteva detalii minimale, cum ar fi mărimea proiectului, detalii despre ce trebuie să facă sau ce nu funcționează la respectiva aplicație etc. Baftă.

E fain, dar încă slăbuț pe pachete. Dacă ai nevoie de ceva trebuie să recompilezi din sursă tot. Oricum, promite. De ar fi avut si suport mai bun pe multithreading/multiprocessing era de vis.

Not a jammer, device lets hackers fly drones and lock out original pilot. The advent of inexpensive consumer drones has generated a novel predicament for firefighters, law-enforcement officers, and ordinary citizens who encounter crafts they believe are interfering with their safety or privacy. In a series of increasingly common events—several of them chronicled by Ars—drones perceived as trespassing have been blown out of the sky with shotguns. Firefighters have also complained that hobbyist drones pose a significant threat that sometimes prompts them to ground helicopters. Now, a researcher has demonstrated a significantly more subtle and proactive remedy that doesn't involve shotgun blasts or after-the-fact arrests by law enforcement. It's a radio transmitter that seizes complete control of nearby drones as they're in mid-flight. From then on, the drones are under the full control of the person with the hijacking device. The remote control in the possession of the original operator experiences a loss of all functions, including steering, acceleration, and altitude. The hack works against any drone that communicates over DSMx, a widely used remote control protocol for operating hobbyist drones, planes, helicopters, cars, and boats. Besides hijacking a drone, the device provides a digital fingerprint that's unique to each craft. The fingerprint can be used to identify trusted drones from unfriendly ones and potentially to provide forensic evidence for use in criminal or civil court cases. Unlike most other counter-drone technologies publicly demonstrated to date, it isn't a frequency jammer that merely prevents a remote control from communicating with a drone. Instead, it gives the holder the ability to completely seize control of the unmanned craft. It was presented on Wednesday at the PacSec 2016 security conference in Tokyo by Jonathan Andersson, the advanced security research group manager at Trend Micro's TippingPoint DVLab division. "In the defense and security world, there are people who have done this," Robi Sen, the founder of counter-drone product maker Department 13, told Ars. "There are also a few hackers who have done this but have not made their research public. To my knowledge, this is the first time that this has all been presented, in a complete package, publicly." Andersson's drone hijacker works because the process DSMx uses to connect a remote control to a drone doesn't sufficiently cloak a crucial piece of information that is shared between the two devices. "The shared secret ('secret' used loosely as it is not encrypted) exchanged is easily reconstructed long after the binding process is complete by observing the protocol and using a couple of brute-force techniques," Andersson wrote in an e-mail. "Further, there is a timing attack vulnerability wherein I synchronize to the target radio's transmissions and transmit a malicious control packet ahead of the target, and the receiver accepts my control information and rejects the target's." Possession of the secret gives attackers everything they need to impersonate the vulnerable transmitter. The transmitters are also vulnerable to what security experts call a timing attack that allows the impersonating attacker to effectively lock out the original operator. Wednesday's presentation included the following video demonstration: Not available in stores For now, devices like the one Andersson demonstrated aren't publicly available, but that will undoubtedly change as more people figure out how to exploit DSMx and, quite possibly, competing radio-frequency technologies used to control drones. The widespread availability of hijacking devices comes with a tremendous number of consequences, some of them unsettling. One of the more frightening scenarios is someone using a device to hijack one or more devices that are in close proximity to a large number of people. Drones are capable of carrying large amounts of fuel that can burst into flames upon impact, as evidenced in this video. Vulnerable drones used by emergency first responders could also be commandeered. On the positive side, hijacks could allow law-enforcement officers to safely seize control of vulnerable drones that are endangering or interfering with first responders. The hacks could also provide ordinary citizens with a less-draconian way of disabling a drone they believe is impinging on their property or privacy. By measuring the frequency-hopping pattern unique to each craft, the device also gives people a way to positively identify the drones they come in contact with. As Ars has reported previously, legal scholars are uncertain about whether citizens can assert aerial trespass claims. A patchwork of federal and state laws makes it unclear if even local authorities have the legal authority to shoot or hack an aircraft out of the sky. Andersson said DSMx is a technology for hobbyists that has been marketed for its range, robustness, and other performance merits rather than its security. Now that DSMx is in wide use, it's not clear it can ever be purged of the weaknesses that make his remote hijacking attacks possible. "My guess is that it will not be easy to completely remedy the situation," Andersson said. "The manufacturers and partners in the ecosystem sell standalone radio transmitters, models of all kinds, [and] transmitters that come with models and standalone receivers. Only a certain set of standalone transmitters have a firmware upgrade capability, though the fix is needed on the model/receiver side." A representative of Horizon Hobby, the company that designed and licenses DSMx, declined to make anyone from its PR department available for comment prior to publication of this post. The representative instead referred inquiries to the company's legal department, which was closed for the day. Sursa: http://arstechnica.com/security/2016/10/drone-hijacker-gives-hackers-complete-control-of-aircraft-in-midflight/