Silviu

Vi cu un post la cer?it? ?i cum plm s? nu iei în derâdere când cite?ti asemenea b?l?rii? Pune mâna ?i înva??, las? hec?reala!

Al Treilea Razboi Mondial poate fi declansat de o discheta defecta. Americanii folosesc tehnologie militara de muzeu O tehnologie veche de 40 de ani e folosita inca in ziua de azi pentru a controla arme ce pot distruge omenirea. Suna ca scenariul unui film apocaliptic, dar e o simpla constatare a jurnalistilor americani. Exista probabil un singur loc in lume unde se mai folosesc dischete de 8 inci: bazele de rachete nucleare ale Statelor Unite. Daca nu stiti ce e o discheta (floppy-disk) de 8 inci, e absolut normal: nu se mai folosesc nicaieri, nici macar in cele mai inapoiate tari, de mai bine de o generatie. Sau mai bine zis, se credea ca nu se mai folosesc. Asta pana cand un reportaj CBS a dezvaluit ca o baza militara americana unde se gasesc 450 de rachete nucleare intercontinentale e controlata cu ajutorul unor calculatoare vechi de zeci de ani. Calculatoarele sunt mari cat un dulap iar datele se salveaza si se transfera pe dischete de 8 inci, care pot stoca chiar si pana la 6 megabiti de informatie. De la dischete la cloud: cum ne salvam informatiile E drept ca in 1972, cand au fost puse pe piata pentru prima data aceste dischete, era extrem de mult. In 2014 nu mai e chiar asa de mult, dar conducerea bazei aeriene Francis E. Warren din Wyoming nici nu se gandeste sa renunte la ele. rachete intercontinentale americane vechi Potrivit reporterului, militarii care folosesc aceste calculatoare nici nu au mai vazut pana acum astfel de dischete. Datele copiate pe ele controleaza rachetele, care sunt echipate cu focoase nucleare si pot fi lansate oricand. Incarcatura lor este de zece ori mai mare decat cea a bombei atomice care a distrus Hirosima. Cu o simpla rasucire a unei chei, ofiterul de serviciu in ziua respectiva poate lansa 50 de rachete intercontinentale Minuteman-III deodata. Generalii americani recunosc ca folosesc o tehnologie invechita – baza de rachete are nu doar calculatoare din anii ’70, ci si telefoane cu disc si alte aparate demne de un muzeu – dar spun ca au un motiv bun. pupitru control Minuteman “Aceste sisteme vechi ne ofera un grad extrem de inalt de securitate in fata amenintarilor cibernetice din ziua de azi”, spune generalul Jack Weinstein din fortele aeriene americane, citat de CBS. “Inginerii nostri IT au descoperit ca un asemenea sistem e extrem de sigur”. De aceea calculatoarele bazei nucleare nici nu sunt conectate la Internet – desi oricum e putin plauzibil ca sistemele lor de operare ar permite asa ceva. Problema e si mai acuta daca ne gandim ca Rusia ar putea detine chiar mai multe arme nucleare decat Statele Unite. Iar sistemele de control ale acestora probabil sunt la fel de depasite, daca nu chiar mai vechi. De pilda, rachetele intercontinentale sovietice R-36 sunt inca in dotarea fortelor militare ale Moscovei, desi dateaza din anii '60. Sursa: Stiri de ultima ora, stiri online | Stirileprotv.ro

Sunt multi care au idei si nu au bani si asteapta momentul oportun, deci nu cred ca iti va vinde nimeni niciun pont bun, cel putin eu nu as face-o. Dar ca sa fiu si pe topic, incearca sa aduci telefoane.

Daca e challange si nu tema ta de vacanta, arata propria versiune de rezolvare. //Edit: Am primit rezolvarea.

Las?-mi pm cu datele de contact. M? uit mâine. Nu am neap?rat nevoie de bani.

100 pentru toate sau 100 doar pentru asta?

Nu se aplic? aici, ar fi un haos total.

We often talk about Underground communities, illegal websites or black markets, but as they are ‘Underground’ in nature i.e. Hidden websites running under Onion Network, many of us don't know how to reach the one we are searching for and if hopefully found, then its difficult to figure out a trustworthy vendor. Underground websites offer illegal high quality drugs or rifles, hacking tools, or any illegal services, until now you needed to type long, complex and specific Tor browser URLs directly into the browser which is quite difficult and sometimes the sites change their addresses which makes more difficult to navigate. Not any More! As the first search engine, ‘Grams’ (Welcome to nginx!) for online underground Black Markets has been launched in Beta last week, that lets anyone to easily find illegal drugs and other contraband online in an easier way ever and it's pretty fast like Google Search Engine. You don't need to do anything, just like you type on the search engines like Google for the things you are looking for, same goes with this Deep Web search engine, Grams. It also looks alike Google and is quite the most comprehensive way to find all illegal things. “I am working on the algorithm so it is a lot like google's it will have a scoring system based how long the listing has been up, how many transactions, how many good reviews. That way you will see the best listing first,” Grams’ creator who calls himself Gramsadmin wrote on Reddit. He also added, “I am going to add a filter market this week so a use can search only the markets they have accounts for.” Currently Grams search engine crawls results from eight different black markets, including Agora, BlackBank, C9, Evolution, Mr. Nice Guy, Pandora, The Pirate Market, and SilkRoad2. From online conversations, it is estimated that the developer of Grams is trying to contact more underground website owners to offer them indexing their websites on his search engine. “I noticed on the forums and reddit people were constantly asking ‘where to get product X?’ and ‘which market had product X?’ or ‘who had the best product X and was reliable and not a scam?’” Grams’ creator told WIRED in a chat session. “I wanted to make it easy for people to find things they wanted on the darknet and figure out who was a trustworthy vendor.” The Grams Search engine website is now actually acting like an aggregated catalog for illegal services from different websites including child pornography and deadly weapons. Sursa: http://thehackernews.com

Analizezi traficul din retea.

Mie mi se pare o prostie. De ce n-as bana IP-urile direct din .htaccess?

At the beginning of this year, we reported about the secret backdoor ‘TCP 32764’ discovered in several routers including, Linksys, Netgear, Cisco and Diamond that allowed an attacker to send commands to the vulnerable routers at TCP port 32764 from a command-line shell without being authenticated as the administrator. The Reverse-engineer from France Eloi Vanderbeken, who discovered this backdoor has found that although the problem has been patched in the latest firmware release, but SerComm has added the same backdoor again in another way. To verify the released patch, recently he downloaded the patched firmware version 1.1.0.55 of Netgear DGN1000 and unpacked it using binwalk tool. He found that the file ‘scfgmgr’ which contains the backdoor is still present there with a new option “-l”, that limits it only for a local socket interprocess communication (Unix domain socket), or only for the processes running on the same device. On further investigation via reverse engineering the binaries, he found another mysterious tool called ‘ft_tool’ with “-f”option that could re-activates the TCP backdoor. In his illustrated report (shown below), he explained that ‘ft_tool’ actually open a raw socket, that listens incoming packages and attackers on the local network can reactivate the backdoor at TCP port 32764 by sending the following specific packets: EtherType parameter should be equal to ‘0x8888’. Payload should contains MD5 hash of the value DGN1000 (45d1bb339b07a6618b2114dbc0d7783e). The package type should be 0x201. So, an attacker can reactivate the TCP 32764 backdoor in order to execute the shell commands on the vulnerable SerComm routers even after installing the patched version. Now question rises, why the routers manufacturers are adding intentional backdoors again and again?? May be the reason behind to be a helping hand for the U.S. intelligence agency NSA. Currently there is no patch available for newly discovered backdoor. If you want to check your router for this backdoor, you can download Proof-of-Concept (PoC) exploit released by the researcher from here or follow the below given steps manually: Use 'binwalk -e' to extract the file system Search for 'ft_tool' or grep -r 'scfgmgr -f Use IDA to confirm. Sursa: http://thehackernews.com

Pai cum ne mai laudam apoi cu ce telefoane avem?

Banks are still working to move their ATMs from Windows XP to a newer and more secure platform, and today Lloyds Banking Group announced that 1,200 cash machines will switch to Windows 7 in the coming days. V3 is reporting that consumer banking software company NCR is preparing an upgrade campaign for several companies, including the Lloyds Bank, Halifax, Bank of Scotland and TSB. "Consumers are increasingly aware of the value that technology can provide when they bank with us and demand a compelling experience," said Gillian Sephton, head of ATM channel and branch security at Lloyds Banking Group. Thanks to Windows 7, bank customers can now be provided with some new features, including larger screens and voice support for visually impaired people. The 15-inch screens will also be quicker to respond to commands, while the new Windows 7 platform will provide enhanced security and support for contactless readers. Worldwide, approximately 95 percent of the ATMs were estimated to be running Windows XP, but banks are one by one taking the necessary steps to upgrade all their cash machines to a newer platform. Some have decided to purchase extended Windows XP support from Microsoft until the transition is successfully completed. Sursa

MOSCOW - Fugitive US intelligence leaker Edward Snowden on Thursday joined a phone-in with Russian President Vladimir Putin, quizzing him over the extent of Moscow's surveillance activities. Putin, a former KGB agent, greeted Snowden as a fellow "former agent" before assuring him that Russia's surveillance of the population was not on a mass scale and strictly controlled by laws. Snowden, a 30-year-old former United States National Security Agency contractor was granted asylum by Russia last August after shaking the American intelligence establishment to its core with a series of devastating leaks on mass surveillance in the US and around the world. His location has been kept strictly secret ever since. His campaign sparked global uproar over surveillance of phone calls and emails by the NSA and other intelligence agencies. Russians were able to submit video questions to Putin using cell phone apps. Snowden spoke against a dark background giving no clue to his location, wearing a dark suit jacket and grey shirt, looking unshaven with his hair plastered down. His Russian lawyer, Anatoly Kucherena, told the RIA Novosti news agency that Snowden had recorded and submitted the video in advance. "He found out there would be a direct line with the Russian president and recorded a question. He knows how to go on the Internet safely and sent a request in this way," Kucherena said. 'Does Russia intercept communications?' First the camera cut dramatically to a co-host who announced an "unexpected and I would even say sensational message" and introduced Snowden as "a person who carried out a real information revolution". "That's just what we needed," Putin joked ironically. "I'd like to ask you: does Russia intercept, store or analyze in any way the communications of millions of individuals?" Snowden asked Putin in English. "And do you believe that simply increasing the effectiveness of intelligence or law enforcement investigations can justify our placing societies rather than subjects under surveillance?" Putin appeared taken aback and was not provided with a translation through an earpiece, suggesting he was not expecting the question. "American English is a bit different," he said after the show's host initially assumed he understood the question. The host then translated it from his notes. Putin assured Snowden the kind of "mass eavesdropping" on the population that Snowden exposed in the United States was impossible as Russia's special services were under strict control. "Mr Snowden, you're a former agent, I also had something to do with this, so we'll talk in a professional language," he told Snowden, to applause from the audience. "We have strict legal regulation of the use of special surveillance by special services, including tapping phone conversations, surveillance on the Internet and so on," Putin said, stressing a court decision was necessary for this. "This is not done on a mass scale and indiscriminately in Russia." 'Not on Mass Scale' Nevertheless Putin added that special services do use "appropriate modern means" to carry out surveillance of "criminals including terrorists". "Of course we do not allow ourselves to do it on a mass scale, on an uncontrolled scale. And I hope, I very much hope, we never will. "We don't have the technological means and money the United States has, and most importantly, thank God, in our country, special services are under the control of the state and society and their activities are regulated by the law." It was a tantalizing glimpse of Snowden, who has never openly appeared in public in Russia while he is being sought for prosecution in the United States. Putin said in December that he had never met Snowden but said "he's not uninteresting to me," while insisting that espionage is a "necessity". The Russian leader served as a KGB agent for five years in East Germany and briefly headed the service's post-Soviet successor, the FSB, before becoming prime minister in 1999. Sursa

Akamai Publishes Prolexic Q1 2014 Global DDoS Attack Report Attackers are shifting away from traditional botnet-based distributed denial of service (DDoS)attacks in favor of other techniques to launch larger attacks, Akamai Technologies said in its latest report. In the first quarter of 2014, attackers continued the trend of relying less on botnets and more on various reflection and amplification techniques to launch DDoS attacks, Akamai researchers found in its Prolexic Q1 2014 Global DDoS Attack Report, released Thursday. Attackers are taking advantage of new toolkits available on underground marketplaces that make it easier to launch DDoS campaigns without a lot of technical knowledge or having to infect a large number of computers to create a zombie network. Additionally, there are more DDoS attacks happening, according to Akamai. The report showed a 47 percent increase compared to the same period last year, as well as an 18 increase from the previous quarter. The attacks are also getting larger, as the average attack bandwidth increased 39 percent compared to the previous quarter and average peak bandwidth also more than doubled. However, despite getting larger, the average duration of a DDoS attack dipped somewhat to 17 hours. A year ago, attacks on average lasted 35 hours, and the previous quarter was 23 hours. The largest-ever DDoS attack mitigated by Prolexic, now a division of Akamai after its 2013 acquisition, occurred during the first quarter of 2014, with peak traffic of more than 200 Gbps and 53.5 Mbps. The attack used multiple reflection techniques combined with a traditional botnet based application attack, Akamai said. The newer toolkits abuse Internet protocols available on open or vulnerable servers and devices, Akamai said. "We believe this approach can lead to the Internet becoming a ready-to-use botnet for malicious actors," said Stuart Scholly, a senior vice-president and general manager of security at Akamai. The most abused protocols during the first quarter were Character Generator (CHARGEN), Network Time Protocol (NTP), and Domain Name System (DNS). They are all based on the User Datagram Protocol (UDP) and may be popular because the protocols allow attackers to cover their tracks and hide their identities, Akamai said in its report. It's worth noting that the NTP flood method accounted for less than 1 percent of all DDoS attacks observed by Prolexic in the fourth quarter of 2013, but jumped to become as popular as SYN flood attacks, the most common type of DDoS attack, during the first quarter of 2014. In fact, CHARGEN and NTP attacks were not even on the radar a year ago, but accounted for 23 percent of all infrastructure attacks in the first quarter of 2014, Akamai found. NTP stands for Network Time Protocol, which runs over port 123 and is used to synchronize clocks between machines on a network. Amplification-based attacks need only a relatively small output from the source to deliver a massive flood of data at the target, Akamai said. Attackers don't need to worry about renting, or building up, a massive botnet if they use this technique. In December, researchers at Symantec noticed an uptick of attacks targeting the protocol. US-CERT warned about these types of distributed denial-of-service attacks earlier this year. New tools popping up on the DDoS-as-a-service marketplace also have a lot to do with why the number of attacks using reflection techniques increased over the last few months. These attack tools are making high-volume infrastructure-based attacks possible. These kits are likely the primary reason for the growth in NTP reflection attacks, Akamai said. More than half of the DDoS attack traffic during the first quarter targeted the media and entertainment industry, Akamai found. According to a March 2014 threat report from Black Lotus, NTP attacks now represent the most serious threat to the availability of public networks, with 40 percent of the serious attacks measured by the DDoS protection firm being NTP-based attack types. Content delivery and web security firm Cloudflare experienced an NTP Amplification-based attack that topped 400Gbs against its infrastructure in late February when attackers targeted one of its customers. Sursa

WASHINGTON - Security flaws in many satellite telecommunications systems leave them open to hackers, raising potential risks for aviation, shipping, military and other sectors, security researchers said Thursday. A paper released by the security firm IOActive found "multiple high risk vulnerabilities" in all the satellite systems studied. "These vulnerabilities have the potential to allow a malicious actor to intercept, manipulate, or block communications, and in some cases, to remotely take control of the physical device," the report said. Ruben Santamarta, author of the report, said he was concerned "because satellite communications are used in a variety of critical scenarios." Santamarta told AFP that most ships and aircraft use satellite communications, and in some cases military communications use these commercial satellite systems. If the systems are compromised, he said, "for military communications, a foreign government or agency can target these devices and they can track the location of units and soldiers." For aircraft or ships, he said, an attacker "can spoof data" and either block or disrupt emergency communications. Because of the nature of the systems using satellites, Santamarta said, "we expected better security." Santamarta said he had no evidence of any disruption affecting Malaysia Airlines flight MH370, but noted that "it is technically possible" that its communications could have been tampered with. The IOActive report studied communications over the Inmarsat and Iridium satellite networks. But Santamarta said the vulnerabilities were mainly in ground equipment which connects to the satellites. "IOActive found that malicious actors could abuse all of the devices within the scope of this study," the report said. "The vulnerabilities included what would appear to be back doors, hard-coded credentials, undocumented and/or insecure protocols, and weak encryption algorithms." The company began its research in 2013, and in early 2014, a security warning was issued by the Computer Emergency Response Team, a group of researchers backed by the US Department of Homeland Security. IOActive said however that most of the satellite telecom (SATCOM) vendors did not respond to the January alert to upgrade their systems despite the nature of the risks. "If one of these affected devices can be compromised, the entire SATCOM infrastructure could be at risk," the report said. "Ships, aircraft, military personnel, emergency services, media services, and industrial facilities (oil rigs, gas pipelines, water treatment plants, wind turbines, substations, etc.) could all be impacted by these vulnerabilities." Santamarta added, "I hope this research is seen as a wake-up call for both the vendors and users of the current generation of SATCOM technology." Sursa

A teenager has been arrested by the Canadian police in relation to the infamous malicious breach on the country's taxpayer system using one of the most critical internet flaws, Heartbleed. Heartbleed bug, that made headlines over past two weeks and every websites around the world flooded with its articles. Every informational website, Media and Security researchers are talking about Heartbleed, probably the biggest Internet vulnerability in recent history. According to the Royal Canadian Mounted Police (RCMP), a 19-year-old 'Stephen Arthuro Solis-Reyes' of London, Ontario, is charged with the unauthorized access of the computer and criminal mischief in relation to the data breach of taxpayer’s private information from the Canada Revenue Agency (CRA) website. “The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible,” Assistant Commissioner Gilles Michaud said in a statement. “Investigators from National Division, along with our counterparts in ‘Ontario’ Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners,” he added. After the public disclosure of Heartbleed bug on April 9, Solis-Reyes allegedly exploited this most critical security vulnerability, present in the OpenSSL of the CRA servers, to extract the private and sensitive information, including the social insurance numbers from the company’s system, before the computers were patched. Heartbleed is a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server’s memory, potentially revealing users data, that the server did not intend to reveal. Though there were allegations on the U.S. intelligence agency NSA of using the Heartbleed vulnerabilities from years to gather confidential information. But, this is the first known incident of hacker exploiting the critical internet Heartbleed bug to steal and compromise the data from the servers which are running on an affected OpenSSL version. Exploiting the Heartbleed bug itself rarely leaves any traces, unless the attacker is not sending millions of heartbeats continuously from his own IP addresses. "The fact that they were able to trace it back to someone implies that it is not the work of organized crime or a professional hacker. It would be someone of very low skill." said Mark Nunnikhoven, Trend Micro. Solis-Reyes was arrested at his residence without incident on April 15 and is scheduled to appear in court in Ottawa on July 17, 2014, RCMP reported. The police also seized computer equipment from his residence, while the investigation is ongoing. Sursa: The Hacker News: Hacking and Security News

Several Tor Exit Nodes Vulnerable To OpenSSL Heartbleed Vulnerability, and blacklisted 380 vulnerable Tor exit nodes. Half of the Internet fall victim to the biggest threat, Heartbleed bug and even the most popular online anonymity network Tor is also not spared from this bug. Tor is one of the best and freely available privacy software, runs on the network of donated servers that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. When you use the Tor software, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes, which can be anywhere in the world. An Exit relay is the final relay that Tor encrypted traffic passes through before it reaches its destination. But some of these Tor exit nodes are running on the servers with the affected version of OpenSSL installed which are vulnerable to the critical Heartbleed Flaw. This means an attacker can grab the hidden information from the Tor network which is actually restricted by the Tor service, making it no more anonymising service. Heartbleed is a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server’s memory, potentially revealing users data in the plaintext, that the server did not intend to reveal. By exploiting Heartbleed bug on the affected nodes, anyone could find the internal information relating to Tor network that could compromise the security and privacy of the whole network. In response to this threat, Tor Project leader as well as Tor’s co-developer Roger Dingledine, has rejected 380 vulnerable exit nodes suggesting on the Tor mailing list that the exit nodes running the vulnerable versions of OpenSSL should be blacklisted from the network. "If the other directory authority operators follow suit, we'll lose about 12% of the exit capacity and 12% of the guard capacity," he writes on the software's mailing list. Tor promises anonymity to its network users by using proxies to pass encrypted traffic from the source to destination, but the heartbleed bug gives all the hackers privilege to exploit a vulnerable exit node in order to obtain the traffic data, making its users exposed on the Internet. The first list of rejected exit nodes is released by the Dingledine and he stressed that the affected nodes will not be allowed back on the network even after being upgrade. “I thought for a while about trying to keep my list of fingerprints up-to-date (i.e. removing the !reject line once they've upgraded their openssl), but on the other hand, if they were still vulnerable as of yesterday, I really don't want this identity key on the Tor network even after they've upgraded their OpenSSL,” Dingledine wrote. Tor service was also targeted by the U.S. intelligence agency NSA, revealed by a classified NSA document titled ‘Tor Stinks’ leaked by Edward Snowden. The document shows the interest of NSA in tracking down all Tor users and monitoring their traffic. Also the recent allegations on the agency using the Heartbleed bug from years to gather information suggests the agency may have used it to track down Tor users. Although the NSA denied the claims of exploiting the Heartbleed bug in order to gather any type of information. Sursa: The Hacker News: Hacking and Security News

Nu e sculptura sa sculptezi, e programare. Cauta pe Google tutoriale HTML pentru inceput, care e un limbaj de mark-up pentru site-uri, apoi pentru programare in adevaratul sens al cuvantului cauta despre PHP.

E dr?gu?, se vede ok, mul?umim! Sent from my GT-I9505 using Tapatalk

Samsung Galaxy S5 Fingerprint feature promises an extra layer of security for your smartphone, which also lets you make payments through PayPal. But does it really secure? Just three days after the launch of the Galaxy S5, Security researchers have successfully managed to hack Galaxy S5 Fingerprint sensor using a similar method that was used to spoof the Touch ID sensor on the iPhone 5S last year. FOOLING FINGERPRINT SENSOR SRLabs researchers recently uploaded a YouTube video, demonstrated how they were able to bypass the fingerprint authentication mechanism to gain unauthorized access just by using a lifted fingerprint with wood-glue based dummy finger. The S5 fingerprint scanner allows multiple incorrect attempts without requiring a password, so an attacker could potentially keep trying multiple spoofed fingerprints until the correct match. PAYPAL USERS AT RISK Samsung Galaxy S5 users can also transfer money to other PayPal users just by swiping their finger on the sensor, but this hack now allows hackers to access your PayPal account and linked bank accounts without ever having to enter a password. In addition, If you restart your Apple’s iPhone 5S, it requires you to enter a passcode, before you can use your fingerprint as a way to unlock the phone, but Samsung has no such security method in place at this time. No doubt, one need to have physical access of your device in order to exploit this flaw, so if your phone is stolen, a thief can access anything on your device. Hack once again showed that unlocking a device with Fingerprint is convenient, but not secure that the passcode security. Sursa: The Hacker News - Latest Cyber Security News

Si eu am vrut sa fac unul, dar nu le am atat de bine cu JS-ul. Ma gandeam sa fac ceva monetizare cu site-ul, dar slabe sanse.

Am facut si eu un site care sa faca bypass la asta: Social Unlocker - Share Unlocker - Watch videos and photos without share online

Trebuia sa se lucreze de la inceput pe un /new ,dar e bine ca am revenit la versiunea veche, clasica. Mie imi place mult mai mult asta, decat aia, plus ca e optimizat si merge super ok asa cum este acum. M-am bucurat sa vad versiunea asta de forum, ca si cum as fi castigat la loto.