Silviu

Din ce vad eu pe desktop, mai ales daca faci prostii, foarte usor.

Vrei sa prepari proteine? M-am gandit si eu la asta. PS: Uita-te si in link-ul de ti l-am lasat, au multe modele de aparate.

Ai aici de toate: Distribuitoare automate cafea

Romania ar putea fi supravegheata de un sistem de monitorizare adus din China, sistem care va contine si un program de recunoastere faciala, asa cum vedem prin filme. Play video Vice-premierul Liviu Dragnea se afla in China, unde a discutat cu giganti in domeniu despre implementarea unui proiect-pilot intr-un oras din Romania. Se pune insa intrebarea daca acest sistem nu incalca dreptul la intimitate al cetatenilor filmati pe strada cu camere inteligente. Daca fotografia unei persoane a fost deja introdusa in baza de date, este o chestiune de minute pana cand dispecerul unui asemenea sistem de recunoastere faciala poate sa o depisteze in trafic prin intermediul camerelor de supraveghere, folosind bineinteles tehnologia de ultima ora. Sistemul poate recunoaste fetele trecatorilor si poate accesa baza de date cu criminali cunoscuti. Poate preveni astfel o crima inainte sa se intample. Inca din 2013, chinezii ii prezentau premierului roman, aflat in vizita oficiala in China, sistemul de supraveghere, iar Victor Ponta se arata interesat. "As vrea sa implementez un asemenea sistem in Romania, dar mai inainte trebuie sa intreb presa daca e de acord si sa ii conving ca Guvernul va supraveghea totul", spunea Ponta, in 2013. Acum vicepremierul Liviu Dragnea se afla in China si a discutat despre instalarea acestui sistem cu cele doua mari companii de telecomunicatii chineze. "Am propus sa identifice un oras unde sa dezvolte un proiect-pilot pentru un sistem de supraveghere pentru siguranta cetateanului", a spus Dragnea. Ce nu stie vicepremierul este ca ZTE e pe cale sa instaleze un astfel de sistem intr-un oras din sudul Romaniei, proiect tinut deocamdata secret. "42 de camere sunt aduse pentru acel oras - camere de luat vederi, exista un software cu sistem de recunoastere achipului si un centru de virtualizare a imaginii si un centru de stocare si un dispecerat de interventie care notifica politia locala sau alte unitati", a spus Lorian Vintila, directorul ZTE Romania. Pretul unei astfel de camere de supraveghere ajunge la 500 de euro. Acum, atat ZTE, cat si Huawei, vor instala sisteme de supraveghere intr-un alt oras din Romania, pe care il vor stabili dupa discutii si cu premierul. "Ne referim la un pilot de monitorizare video si supraveghere. Softul care sa poata faca monitorizarea poate sa aiba aplicatie de tip plate recognition, sa ai identificarea numerelor de inmatriculare a automobilelor, daca se intampla infractiuni sau trebuie aplicate amenzi. Pot sa aiba diverse softuri care sa faca recunoastere de permietru, inclusiv de face recognition", a spus Vlad Doicaru, directorul Huawei Romania. Monitorizarea traficului face parte dintr-un memorandum mai amplu semnat de guvern cu Huawei in noiembrie, care mai prevede realizarea unei infrastructuri nationale de informatii si comunicatii. Documentul a fost criticat de presedinte. "Securitatea nationala nu se da pe mana unor firme IT straine, indiferent cat de prieteni am fi cu o tara sau cu alta", a spus Basescu. Huawei spune ca a instalat deja un sistem de monitorizare a traficului in Chisinau, in timp ce ZTE a montat 20.000 de camere de supraveghere pentru primaria din Marsilia, dar si sisteme similare in Londra sau Moscova. Sursa: Stiri de ultima ora, stiri online | Stirileprotv.ro

Nicio firma care se respecta nu te va lasa sa urci mizerii pe serverele lor. Incearca sa cumperi ceva off-shore, prin Germania, Olanda, Panama, Ucraina sau Rusia.

Securing wireless local area networks can be a tricky business, and a group of researchers have highlighted just how much. Published in the International Journal of Information and Computer Security, the research outlines how the Wi-Fi Protected Access 2 (WPA2) protocol can be potentially exposed using deauthentication and brute force attacks. "Thus far, WPA2 is considered to be amongst the most secure protocols," according to the researchers' paper. "However it has several security vulnerabilities. Until now there has not been a complete and fully successful methodology capable of exposing the WPA2 security. This paper provides a novel way of successfully exposing WPA2 security issues by using a complete dictionary that generates all the possible printable ASCII characters of all possible lengths." The research was performed by Achilleas Tsitroulis of Brunel University in the UK; Dimitris Lampoudis of the University of Macedonia in Greece; and Emmanuel Tsekleves of Lancaster University, UK. According to the researchers, the 802.11i deauthentication process presents a flaw. During the process, clients are forced to reconnect and re-authenticate to the correspondent access point, resulting in the capture of an instance of the pre-shared key. In the case of WPA/WPA2, the four-way authentication handshake is revealed. To prove their point, the researchers analyzed 10 different scenarios, with the main difference between them being the password. "At the beginning, the area was scanned-sniffed with ‘Airodump’ and then a deauthentication attack was made with ‘Aireplay’," according to the paper. "Through that, an instance of the PSK was caught. Finally, ‘Aircrack’ was attempting to reveal the secret password by using the instance of the PSK and matching it with every record of the dictionary. For these experiments we used a very big dictionary that consisted of 666,696 standard printable ASCII character records of various lengths. ‘Airodump’ and ‘Aireplay’ are commands of the ‘Aircrack’ suite, responsible for sniffing and deauthentication respectively." In all but one of the cases, the key was easily found, the researchers stated. "The biggest advantage of WPA/WPA2 security protocols is security reliance on dictionary pluralism in words," the researchers continued, adding that while it is very difficult to expose the WPA/WPA2 security protocol, it is not impossible. "Even though, a considerable amount of time would be required. In order to accomplish that, in a relatively short period of time, the adversary should have a FPGA (instead of a computer), performing the whole procedure." The best way to protect an 802.11i network is through the use of WPA2 in combination with MAC filtering, the researchers recommend. In addition, changing the encryption key periodically can increase the level of difficulty for attackers. The more complex the password, the more the difficulty will rise as well. "Firstly, network security can be increased by firstly hiding the SSID, so that the procedure of gathering information regarding the network becomes more difficult," the researchers added. "Furthermore, in some APs the Telnet/SSH services are enabled by default. It is advisable to disabling those services in order to protect unauthorised network access, by providing password checks. Not following the above actions, increases the risk of unauthorised network access that can lead to various malicious actions, such as having the AP reconfigured by the adversary." Sursa.

Vulnerability CVE-2014-1761 in Microsoft Word Could Allow Remote Code Execution, Microsoft Warns - Office 2011 for Mac Affected Microsoft warned on Monday of a remote code execution vulnerability (CVE-2014-1761) in Microsoft Word that is being actively exploited in targeted attacks directed at Microsoft Word 2010. “The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer,” Microsoft explained in the advisory. If successfully exploited, an attacker could gain the same user rights as the current user, Microsoft said, noting that users whose accounts are configured to have fewer user rights on the system could be less impacted than accounts with administrative privileges. Word Vulnerability Used in Targeted AttacksApplying the Microsoft Fix it solution, "Disable opening RTF content in Microsoft Word," prevents the exploitation of this issue through Microsoft Word, Microsoft said. Specifically, the issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted, giving a potential attacker the ability execute arbitrary code on the affected system. “In a web-based attack scenario, an attacker could host a website that contains a webpage that contains a specially crafted RTF file that is used to attempt to exploit this vulnerability, Microsoft explained. “In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.” "The in the wild exploit takes advantage of an unspecified RTF parsing vulnerability combined with an ASLR bypass, which depends by a module loaded at predictable memory address," Chengyun Chu and Elia Florio, MSRC Engineering, explained in a blog post that provides additional details. Fortunately, according to the Microsoft engineers, tests showed that EMET default configuration can block the exploits seen in the wild. The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer, Microsoft warned. By default, Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013. While the reported attacks are targeting Microsoft Word 2010, other software products affected by the vulnerability include: Microsoft Word 2003, Microsoft Word 2007, Microsoft Word 2013, Microsoft Word Viewer and Microsoft Office for Mac 2011. Microsoft did not share any details on the attacks that leveraged the vulnerability, but did credit Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team for reporting it to Microsoft. As an initial workaround until the bug is patches, Microsoft is providing a Fix it automated tool which uses Office’s file block feature and adds few registry keys to prevent opening of RTF files in all Word versions. Enterprise security teams can also implement their own custom protection using Trust Center features of Office, Microsoft said, as these settings can be managed and deployed through GPO. Sursa.

Android Privilege Escalation (Pileup) Flaws leave Billions of Devices vulnerable to Malware Infection via Package Management Service (PMS) Android - a widely used Smartphone platform offered by Google is once again suspected to affect its users with malicious software that puts their android devices at risk. This time the vulnerabilities occur in the way Android handle the updates to add new flavors to your device. Researchers from Indiana University and Microsoft have discovered [Paper PDF] a new set of Android vulnerabilities that is capable to carry out privilege escalation attacks because of the weakness in its Package Management Service (PMS) that puts more than one billion Android devices at risk. The researchers dubbed the new set of security-critical vulnerabilities as Pileup ?aws which is a short for privilege escalation through updating, that waylays inside the Android PMS and intensifies the permissions offered to malicious apps whenever an android update occurs, without informing users. The research was carried out by Indiana University Bloomington researchers, Luyi Xing, Xiaorui Pan, Kan Yuan and XiaoFeng Wang, with the help of Rui Wang of Microsoft. Six different Pileup vulnerabilities have been found by the researchers within the Android PMS, those are present in all Android Open Source Project versions, including more than 3,500 customized versions of Android developed by handset makers and carriers. "Every few months, an update is released, which causes replacement and addition of tens of thousands of files on a live system. Each of the new apps being installed needs to be carefully configured to set its attributes within its own sandboxes and its privileges in the system, without accidentally damaging existing apps and the user data they keep," the researchers wrote. "This complicates the program logic for installing such mobile updates, making it susceptible to security-critical flaws." The researchers also found that by exploiting the Pileup vulnerabilities, a hacker can not only control the system permission and signature but also their settings. Moreover an attacker could use the malicious app to access and steal the device data, including, sensitive user information such as activity logs, user credentials, Contacts, Messages etc. “A distinctive and interesting feature of such an attack is that it is not aimed at a vulnerability in the current system. Instead, it exploits the ?aws in the updating mechanism of the “future” OS, which the current system will be upgraded to,” the researchers wrote. “More specifically, though the app running on a lower version Android, the adversary can strategically claim a set of carefully selected privileges or attributes only available on the higher OS version.” In short, it means that, if an attacker sends the malicious app update and if the permission don’t exist in the older version of the android that is added to the new version; the malicious app will silently acquire the permissions and when the device is upgraded to the newer version, the pileup flaws will be automatically exploited. "A third-party package attribute or property, which bears the name of its system counterpart, can be elevated to a system one during the updating shuffle-up where all apps are installed or reinstalled, and all system configurations are reset," the researcher wrote. "Also, when two apps from old and new systems are merged as described above, security risks can also be brought in when the one on the original system turns out to be malicious." During the update, first the PMS will install all new and existing system apps and then will proceed to install third party apps from the old OS and during the installation of malicious app packed inside PMS, the device will recognize and silently grants all the permissions that malicious app requests, as it supposes that these permissions are with an existing app and have already been approved by the user. “With the help of a program analyzer, our research discovered 6 such Pileup flaws within Android Package Manager Service and further confirmed their presence in all AOSP (Android Open Source Project) versions and all 3,522 source code versions customized by Samsung, LG and HTC across the world that we inspected, which strongly indicates their existence in all Android devices in the market.” Moreover detecting the critical flaws, the researchers have developed a new scanner app called SecUP that search for malicious apps already on a device designed to exploit Pileup vulnerabilities. Scanning tool inspects already installed Android application packages (APKs) on the device, in an attempt to identify those that will cause privilege escalations during an update, the paper stated. The SecUP scanning tool consists of an automated vulnerability detector, a program veri?cation tool for Java that discovers the Pileup ?aws within the source code of different Android versions and a threat analyzer that automatically scans thousands of OS images. “The detector verifies the source code of PMS (from different Android versions) to identify any violation of a set of security constraints, in which we expect that the attributes, properties (name, permission, UID, etc.) and data of a third-party app will not affect the installation and configurations of system apps during an update,” the researchers explained. “A Pileup flaw is detected once any of those constraints are breached.” All the six vulnerabilities have been reported to Google by the researchers, from which one of it has been fixed by them. Sursa.

Foloseste pe pagina de landing, dupa trimitere https://jqueryui.com/dialog/ .

Vezi ca are nein, eu mereu cumpar de la el. E ok omul!

Nu au bre treaba astea, nici macar nu are nevoie de cookies, pentru ca nu se logheaza nicaieri.

Ca tot citeam intr-o zi la zoso pe blog, chestia cum ca ar fi murit. Eram sigur ca o sa revina, mai ales ca e open-source!

Ca tot sunt in aceeasi "incurcatura" cu un login care imi face probleme. Incearca sa faci cu PhantomJS, se instaleaza foarte usor pe server si ai deja model de script care face submit la un form.

Foloseste functia asta si trebuie sa mearga daca ai pus totul ok: <?php // Create a function to handle the posting of data function http_post($url, $post) { $c = curl_init(); curl_setopt($c, CURLOPT_URL, $url); curl_setopt($c, CURLOPT_POST, true); curl_setopt($c, CURLOPT_POSTFIELDS, $post); curl_setopt ($c, CURLOPT_RETURNTRANSFER, true); return curl_exec($c); } $fields = array('data' => 'John Doe', 'idx' => 11321); echo http_post('http://example.com/script.php', http_build_query($fields)); ?>

Eu de 4 ani de cand hoinaresc pe aici nu am auzit de el, mai ales de tine cu 8 posturi, asa ca.. Data viitoare pazeste-ti pielea.

In the mob of Smart Devices, after Smartphones... Google glass would definitely be the next must-have device. It’s non-other than a small computer you wear like eyeglasses allows you to surf the Web, email, text, take photos, live videos and more, -- all hands free. Google Glasses are yet in very limited release, but researchers have developed the world’s first spyware that could hijack your Google’s Glass computer eyepieces. Two Polytechnic graduate researchers, 22-year-old Mike Lady and 24-year-old Kim Paterson, from California designed an app that has the capability to convert the Google Glass into a Spy Camera, click a photo every ten seconds without giving any visible sign to the wearer, Forbes reported yesterday. The malware app developed by the researchers, masquerades itself as a fair piece of note-taking software, ironically dubbed as ‘Malnotes’, that trick users accept the permissions which allow them to capture images of whatever the glass wearer is looking at, in every 10 seconds when Glass’s display is turned off and uploads them to the remote server. Although, it’s Google’s developer policy which specifically ban apps that capture images while the device display is off, but the two California researchers proved that there were no real security prohibitions to enforce this policy. Forbes reported that in a short video interview with the researchers, the Google Glass handset running Malnotes belonging to Mike Lady apparently uploaded more than 150 snapshots of his vision, with no indication for either him or any other person. “The scary thing for us is that while it’s a policy that you can’t turn off the display when you use the camera, there’s nothing that actually prevents you from doing it,” says Paterson. “As someone who owns Glass and wants to install more apps, I’d feel a lot better if it were simply impossible to do that. Policies don’t really protect us.” The researchers were successful in uploading the malicious app into the Google app store which was subsequently removed from the Google when the news broke. But, when their professor tweeted about their work and received a response from a Google staffer, they didn’t bother to try uploading the app to Google MyGlass app store. Such malicious apps could be served via 3rd party app stores or could be installed using a USB cable via computer, when in debug mode. Just yesterday, we have reported about a Windows Spy tool that can even install a spyware app to Android devices connected to the infected computer. The Google spokesperson stated in response, "Right now Glass is still in an experimental phase and has not been widely released to consumers. One goal of the Explorer program is to get Glass in the hands of developers so they can hack together features and discover security exploits." Sursa: thehackernews.com

Inca o informatie interesanta: WikiLeaks: Putin planuia inca din 2008 sa intervina in Crimeea. Scenariul care s-ar putea repeta in Moldova

Pe laptop Intel® Core™ i7-3612QM Processor (6M Cache, up to 3.10 GHz) BGA - Quad Core si pe telefon APQ8060pro Quad Core.

Atunci fute-i un android 4.0 sau 4.1.

Te-a mintit, e telefonul stricat si a zis asta ca sa il cumperi tu, iar tu cu gandul ca e din soft l-ai luat.

Te imprumuti. Lucrezi cu ziua, dar nu faci atat in mod legal niciodata.

"Am glumit, ne-am distrat, am facut show, dar ma gandesc ca domnul Chioristian Tudchior Popescu are ocazia sa fie penibil grav daca va comenta cu seriozitate "relevanta fenomenului DEMITE". Au aflat pana si curcile ca "votul" a fost influentat major de niste hacherasi trogloditi si murichiori de foame. Dar, poate voi avea in seara noi motive sa rad major." Sursa. Care il calcati cu X6-le? Sa vada ca nu suntem "trogloditi" si "murichiori de foame".

Mai smecher decat Adsense nu gasesti. Daca ai trafic romanesc, nu prea ai ce face, CTR-ul e mic la noi.

Tu ai stat prea mult la soare m?. Cum s? faci un server de ceva dac? lucrezi cu un user f?r? permisiuni? De aia îi ?i zice nologin.

Nu mai fii omule agitat, el s-a referit la experienta pe care ai trait-o aici, in niciun caz la chestii de genul. Nu ti-ar zice nimeni asta de aici, pentru ca nu suntem forumul sinucigasilor. Pe forum au fost cel mult tachinari constructive. Si eu am luat ban, warn si alte lucruri, ca sa iti dau exemplu de chestii de genul, dar mi-am dat seama ca eu greseam si acum e totul ok. Acum depinde de tine ce iti doresti.