Silviu

Am dat de un site fain unde puteți învăța CSS într-un mod practic: http://cssreference.io/ Mai multe detalii: http://thenextweb.com/dd/2016/11/27/cssreference-io-gorgeous-visual-guide-css/

Aveți grijă în caz că vreți să faceți ceva serios cu domeniul. E o praștie de site al unor indieni.

Și cum de ai nimerit pe RST și nu pe avocatnet? Ți se pare că ăsta e forum juridic? Întreabă un avocat sau dacă nu ai răbdare să vezi ce zice judecătorul.

Dă-mi pe pm Skype-ul tău, vă iau eu un .com

Luați și voi o sărăcie de domeniu că pe tk nu vă vedeți în serp nici cu lupa

10k mililitri de alcool? haha

Ca în fiecare an, RST vă pune la dispoziție pachetul de revelion "lăbarchat", mâncarea și băutura incluse din ce are fiecare pe acasă. Pachetul este gratuit în limita în care un administrator nu se decide să închidă chatul din varii motive ("mai ieșiți în plm și pe afară măcar odată pe an", cum ar zice @Nytro) Nu uitați să aduceți de acasă o farfurie cu meme-uri și niște sarmale.

Bine punctat.

Țâțe = lim (înălțime/greutate) = cam slăbuț. Altfel spus, ferește-te să dai asemenea detalii pe un forum care se vrea (a fost odată) a fi unul de securitate și încearcă să postezi chestii utile, legate de nișa asta pentru că mi-am dat facepalm când am văzut prima ta postare. "Succesuri!"

Boșilor, de când cu Cloudflare, orice puștan are "SSL". Ideea e dacă e necesară într-adevăr o conexiune securizată pe respectivul site.

La mine se încarcă la secundă.

Ala da, e mai decent.

SSD-ul ăla dacă nu îl pun ăștia în fiecare an, zău. Nu te prosti cu Kingston. Ia un Samsung ceva, dacă vrei profi thing.

https://www.zoso.ro/reduceri-black-friday-2016/ Aici sunt majoritatea produselor ce or să fie la ofertă de blec fraierdei.

Salutare! Dacă e pe aici careva serios și e full stack web developer (PHP, NodeJS back-end) și e disponibil pentru colaborare de minim 6 luni, de preferat full time, remote, să îmi lase un PM cu datele de contact (de preferat Skype). O zi faină.

Păi dacă nu te pricepi să dai detalii, în privat cum le dai? Ca sfat: la cum ai prezentat problema, nu o să se sinchisească nimeni să te caute. Oamenii au nevoie de câteva detalii minimale, cum ar fi mărimea proiectului, detalii despre ce trebuie să facă sau ce nu funcționează la respectiva aplicație etc. Baftă.

E fain, dar încă slăbuț pe pachete. Dacă ai nevoie de ceva trebuie să recompilezi din sursă tot. Oricum, promite. De ar fi avut si suport mai bun pe multithreading/multiprocessing era de vis.

Not a jammer, device lets hackers fly drones and lock out original pilot. The advent of inexpensive consumer drones has generated a novel predicament for firefighters, law-enforcement officers, and ordinary citizens who encounter crafts they believe are interfering with their safety or privacy. In a series of increasingly common events—several of them chronicled by Ars—drones perceived as trespassing have been blown out of the sky with shotguns. Firefighters have also complained that hobbyist drones pose a significant threat that sometimes prompts them to ground helicopters. Now, a researcher has demonstrated a significantly more subtle and proactive remedy that doesn't involve shotgun blasts or after-the-fact arrests by law enforcement. It's a radio transmitter that seizes complete control of nearby drones as they're in mid-flight. From then on, the drones are under the full control of the person with the hijacking device. The remote control in the possession of the original operator experiences a loss of all functions, including steering, acceleration, and altitude. The hack works against any drone that communicates over DSMx, a widely used remote control protocol for operating hobbyist drones, planes, helicopters, cars, and boats. Besides hijacking a drone, the device provides a digital fingerprint that's unique to each craft. The fingerprint can be used to identify trusted drones from unfriendly ones and potentially to provide forensic evidence for use in criminal or civil court cases. Unlike most other counter-drone technologies publicly demonstrated to date, it isn't a frequency jammer that merely prevents a remote control from communicating with a drone. Instead, it gives the holder the ability to completely seize control of the unmanned craft. It was presented on Wednesday at the PacSec 2016 security conference in Tokyo by Jonathan Andersson, the advanced security research group manager at Trend Micro's TippingPoint DVLab division. "In the defense and security world, there are people who have done this," Robi Sen, the founder of counter-drone product maker Department 13, told Ars. "There are also a few hackers who have done this but have not made their research public. To my knowledge, this is the first time that this has all been presented, in a complete package, publicly." Andersson's drone hijacker works because the process DSMx uses to connect a remote control to a drone doesn't sufficiently cloak a crucial piece of information that is shared between the two devices. "The shared secret ('secret' used loosely as it is not encrypted) exchanged is easily reconstructed long after the binding process is complete by observing the protocol and using a couple of brute-force techniques," Andersson wrote in an e-mail. "Further, there is a timing attack vulnerability wherein I synchronize to the target radio's transmissions and transmit a malicious control packet ahead of the target, and the receiver accepts my control information and rejects the target's." Possession of the secret gives attackers everything they need to impersonate the vulnerable transmitter. The transmitters are also vulnerable to what security experts call a timing attack that allows the impersonating attacker to effectively lock out the original operator. Wednesday's presentation included the following video demonstration: Not available in stores For now, devices like the one Andersson demonstrated aren't publicly available, but that will undoubtedly change as more people figure out how to exploit DSMx and, quite possibly, competing radio-frequency technologies used to control drones. The widespread availability of hijacking devices comes with a tremendous number of consequences, some of them unsettling. One of the more frightening scenarios is someone using a device to hijack one or more devices that are in close proximity to a large number of people. Drones are capable of carrying large amounts of fuel that can burst into flames upon impact, as evidenced in this video. Vulnerable drones used by emergency first responders could also be commandeered. On the positive side, hijacks could allow law-enforcement officers to safely seize control of vulnerable drones that are endangering or interfering with first responders. The hacks could also provide ordinary citizens with a less-draconian way of disabling a drone they believe is impinging on their property or privacy. By measuring the frequency-hopping pattern unique to each craft, the device also gives people a way to positively identify the drones they come in contact with. As Ars has reported previously, legal scholars are uncertain about whether citizens can assert aerial trespass claims. A patchwork of federal and state laws makes it unclear if even local authorities have the legal authority to shoot or hack an aircraft out of the sky. Andersson said DSMx is a technology for hobbyists that has been marketed for its range, robustness, and other performance merits rather than its security. Now that DSMx is in wide use, it's not clear it can ever be purged of the weaknesses that make his remote hijacking attacks possible. "My guess is that it will not be easy to completely remedy the situation," Andersson said. "The manufacturers and partners in the ecosystem sell standalone radio transmitters, models of all kinds, [and] transmitters that come with models and standalone receivers. Only a certain set of standalone transmitters have a firmware upgrade capability, though the fix is needed on the model/receiver side." A representative of Horizon Hobby, the company that designed and licenses DSMx, declined to make anyone from its PR department available for comment prior to publication of this post. The representative instead referred inquiries to the company's legal department, which was closed for the day. Sursa: http://arstechnica.com/security/2016/10/drone-hijacker-gives-hackers-complete-control-of-aircraft-in-midflight/

Am descărcat un tutorial video (format din mai multe părți) prin programul celor de la LinkedIn, Week of Learning, care durează până pe 30 octombrie și oferă gratuit toate tutorialele până la data menționată, prin aplicația lor de android, deoarece numai prin ea se pot salva tutorialele pentru utilizare offline. Am găsit în telefon locația unde sunt salvate, numai că, nu reușesc să îmi dau seama care e giumbușlucul ce trebuie făcut pentru a putea să le pot reda printr-un oarecare player video, nu doar prin aplicația lor. Deci, dacă are cineva puțin timp să facă un reverse engineering pe aplicația lor și îmi (ne) poate da detalii în legătură cu chestia asta, ar fi de ajutor. Aș vrea să mai descarc niște seturi de tutoriale pe care o să le pun și aici. Nu uitați că pe 30 se termină "mierea" din borcan. Link fișiere: https://mega.nz/#!QclkyQYB!aCwGRU5HZXOkBDS8-IhKF6h1NO1MvX81sinDUpeOng4

A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible. While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it’s not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that’s a part of virtually every distribution of the open-source OS released for almost a decade. What’s more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild. “It’s probably the most serious Linux local privilege escalation ever,” Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. “The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time.” The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as “important.” As their names describe, privilege-escalation or privilege-elevation vulnerabilities allow attackers with only limited access to a targeted computer to gain much greater control. The exploits can be used against Web hosting providers that provide shell access, so that one customer can attack other customers or even service administrators. Privilege-escalation exploits can also be combined with attacks that target other vulnerabilities. A SQL injection weakness in a website, for instance, often allows attackers to run malicious code only as an untrusted user. Combined with an escalation exploit, however, such attacks can often achieve highly coveted root status. The in-the-wild attacks exploiting this specific vulnerability were found by Linux developer Phil Oester, according to an informational site dedicated to the vulnerability. It says Oester found the exploit using an HTTP packet capture, but the site doesn’t elaborate. Update: In e-mails received about nine hours after this post went live, Oester wrote: Any user can become root in < 5 seconds in my testing, very reliably. Scary stuff. The vulnerability is easiest exploited with local access to a system such as shell accounts. Less trivially, any web server/application vulnerability which allows the attacker to upload a file to the impacted system and execute it also works. The particular exploit which was uploaded to my system was compiled with GCC 4.8.5 released 20150623, though this should not imply that the vulnerability was not available earlier than that date given its longevity. As to who is being targeted, anyone running Linux on a web facing server is vulnerable. For the past few years, I have been capturing all inbound traffic to my webservers for forensic analysis. This practice has proved invaluable on numerous occasions, and I would recommend it to all admins. In this case, I was able to extract the uploaded binary from those captures to analyze its behavior, and escalate to the appropriate Linux kernel maintainers. The vulnerability, a variety known as a race condition, was found in the way Linux memory handles a duplication technique called copy on write. Untrusted users can exploit it to gain highly privileged write-access rights to memory mappings that would normally be read-only. More technical details about the vulnerability and exploit are available here, here, and here. Using the acronym derived from copy on write, some researchers have dubbed the vulnerability Dirty COW. Disclosure of the nine-year-old vulnerability came the same week that Google researcher Kees Cook published research showing that the average lifetime of a Linux bug is five years. “The systems using a Linux kernel are right now running with security flaws,” Cook wrote. “Those flaws are just not known to the developers yet, but they’re likely known to attackers.” Sursa: http://arstechnica.com/security/2016/10/most-serious-linux-privilege-escalation-bug-ever-is-under-active-exploit/

Criminals this morning massively attacked Dyn, a company that provides core Internet services for Twitter, SoundCloud, Spotify, Reddit and a host of other sites, causing outages and slowness for many of Dyn’s customers. Twitter is experiencing problems, as seen through the social media platform Hootsuite. In a statement, Dyn said that this morning, October 21, Dyn received a global distributed denial of service (DDoS) attack on its DNS infrastructure on the east coast starting at around 7:10 a.m. ET (11:10 UTC). “DNS traffic resolved from east coast name server locations are experiencing a service interruption during this time. Updates will be posted as information becomes available,” the company wrote. DYN encouraged customers with concerns to check the company’s status page for updates and to reach out to its technical support team. A DDoS is when crooks use a large number of hacked or ill-configured systems to flood a target site with so much junk traffic that it can no longer serve legitimate visitors. DNS refers to Domain Name System services. DNS is an essential component of all Web sites, responsible for translating human-friendly Web site names like “example.com” into numeric, machine-readable Internet addresses. Anytime you send an e-mail or browse a Web site, your machine is sending a DNS look-up request to your Internet service provider to help route the traffic. ANALYSIS The attack on DYN comes just hours after DYN researcher Doug Madory presented a talk on DDoS attacks in Dallas, Texas at a meeting of the North American Network Operators Group (NANOG). Madory’s talk — available here on Youtube.com — delved deeper into research that he and I teamed up on to produce the data behind the story DDoS Mitigation Firm Has History of Hijacks. That story (as well as one published earlier this week, Spreading the DDoS Disease and Selling the Cure) examined the sometimes blurry lines between certain DDoS mitigation firms and the cybercriminals apparently involved in launching some of the largest DDoS attacks the Internet has ever seen. Indeed, the record 620 Gbps DDoS against KrebsOnSecurity.com came just hours after I published the story on which Madory and I collaborated. The record-sized attack that hit my site last month was quickly superseded by a DDoS against OVH, a French hosting firm that reported being targeted by a DDoS that was roughly twice the size of the assault on KrebsOnSecurity. As I noted in The Democratization of Censorship — the first story published after bringing my site back up under the protection of Google’s Project Shield — DDoS mitigation firms simply did not count on the size of these attacks increasing so quickly overnight, and are now scrambling to secure far greater capacity to handle much larger attacks concurrently. The size of these DDoS attacks has increased so much lately thanks largely to the broad availability of tools for compromising and leveraging the collective firepower of so-called Internet of Things devices — poorly secured Internet-based security cameras, digital video recorders (DVRs) and Internet routers. Last month, a hacker by the name of Anna_Senpaireleased the source code for Mirai, a crime machine that enslaves IoT devices for use in large DDoS attacks. The 620 Gbps attack that hit my site last month was launched by a botnet built on Mirai, for example. Interestingly, someone is now targeting infrastructure providers with extortion attacks and invoking the name Anna_senpai. According to a discussion thread started Wednesday on Web Hosting Talk, criminals are now invoking the Mirai author’s nickname in a bid to extort Bitcoins from targeted hosting providers. Let me be clear: I have no data to indicate that the attack on Dyn is related to extortion, to Mirai or to any of the companies or individuals Madory referenced in his talk this week in Dallas. But Dyn is known for publishing detailed writeups on outages at other major Internet service providers. Here’s hoping the company does not deviate from that practice and soon publishes a postmortem on its own attack. Update, 10:22 a.m. ET: Dyn’s status page reports that all services are back to normal as of 13:20 UTC (9:20 a.m. ET). Fixed the link to Doug Madory’s talk on Youtube, to remove the URL shortener (which isn’t working because of this attack). Update, 1:01 p.m. ET: Looks like the attacks on Dyn have resumed and this event is ongoing. This, from the Dyn status page: Sursa: https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/

Toată lumea cu un nokia 1100 și un amărât de sim poate primi mesaje. Cu ce te-ar ajuta, mă rog, dacă ai face rost de un număr cu suprataxă?

Din ce văd, box-ul ăla e integrat în tema de WordPress.

Un reportaj care mi s-a părut interesant și prezintă destul de bine situația României din sfera IT-ului. http://reportaj.stirileprotv.ro/digitalizarea-hotiei/

Păi umila mea logică zice că telefonul e defect, nu bateria. Schimbă-l.