[researchers crack biometric scanners]

"There is no way to fix this vulnerability," Duc says. "Asus, Lenovo, and Toshiba have to remove this function from all the models of their laptops ... [they] must give an advisory to users all over the world: Stop using this [biometric] function."

lol ?i ce vor s? facem... s? r?mânem cu protec?ia prin parol?? asta era aia eficient??

anyway soft-urile astea sunt înc? la început, e greu s? te loghezi ?i cu propria fa?? dac? de exemplu e prea întuneric în camer? sau ?i-ai l?sat breton sau etc. oricum cine vrea s?-?i protejeze datele se bazeaz? pe encrip?ie, nu pe un windows infailibil

[!!! complex 0day auto-hacker !!!]

demo

root@bt:~# ./hack nasa.gov

nasa.gov hacked

do u want 2 hack again? (yes/nope) yes

what? norad.mil

norad.mil hacked

do u want 2 hack again? (yes/nope) nope

codul surs?: (nu încerca?i a-l în?elege; E MULT PREA COMPLICAT)

#!/bin/sh
# priv8 0day l33t auto-h4x0r
# created by Elite Nabukadnezar
# shouts go to: my mom
# h8z go to: all the fake geez out there
# do not distribute or I will personally hunt you down and kill your cat		(WITH FIRE!)

q1()
{
    echo -n "do u want 2 hack again? (yes/nope) "  
    read lameanswer
    case "$lameanswer" in
    "yes"	) q2 ;;
    "nope"	) exit ;;
    *		) echo "use English mother fucker!"; q1 ;;
    esac
}

q2()
{
    echo -n "what? "
    read victim
    echo $victim hacked
    q1
}

if [ $* ]; then
    echo "$*" hacked
    q1
else
    q2
fi

[programul minune al lui doomclip]

aha k ms pt raspuns

v?zui vid cu mobile hackerul lui doomclip ?i am r?mas impresionat de cuno?tiin?ele lui vaste în batch scripting (echo bot 1 connected ?i tot a?a)

[programul minune al lui doomclip]

aham citii numele threadului si am inteles despre ce vorbeati

oricum, daca doar captcha-ul e protectia atunci se poate folosi bruter

[programul minune al lui doomclip]

de ce vorbi?i de ”aranjamente de 26 ( sau 52,62,72 ) luate cate 5,6,7” c? nu m? prinsei

pân? la urm? de ce n-ar merge?

[Cine a reusit sa foloseasca numai Linux macar o luna?]

Pentru un Linux ai nevoie de 2 partitii, una ext2 sau ext3 si una swap.

L O L

cam ?sta e nivelul forumului când vine vorba de linux

în schimb to?i au auzit de backtrack ?i ?tiu s? intre în el (pentru c? scrie la început ce trebuie f?cut)

anyway, on topic: exclusiv linux doar aproximativ un an (nu aveam windows-ul in boot menu) ?i în paralel restul timpului

[Ce linux imi recomandati?]

click aci s? vede?i versiunea normal? 2.0

[Ce linux imi recomandati?]

Ubuntu Ultimate Edition 2.0

You`re gonna love it

http://ultimateedition.info/ultimate-edition-20/

u?u nu ?tiam de asta

acolo pe site v?zui

Release: Ultimate Edition 2.0 Gamers

are 4.3 giga

faved ?i-l iau imediat ce conectez dvd writerul la calc

eu îmi schimb recomandarea... cred c? cel mai bine bagi Ultimate Edition 2.0 Gamers si dai un copy la directorul /pentest dupa bt4 beta

[Ce linux imi recomandati?]

dac? ai de gând s? r?mâi cu el eu zic s? stai o zi întreag? ?i s? testezi cel pu?in 5 distribu?ii. Î?i recomand s? începi cu astea: Mint, DVL

[zone-h defaced]

10 feb seara

[Tutorial Parole Sigure]

rezumat: pune?i-v? o parol? gen "w@erwl2$"

da sper ca nici m?car rezumatul s? nu fie citit de cineva

[zone-h defaced]

http://209.85.129.132/search?q=cache:4eY0ub7aCt4J:www.zone-h.org/+zone+h&hl=pl&ct=clnk&cd=1&gl=pl

[Security Advisory: Banks in Taiwan (by militan)]

==============================================

Security Advisory: Banks in Taiwan

militan (Lin, Chia-Jun)

militan.c7 [at] gmail.com

Advanced Defense Lab, NCU CSIE TAIWAN

12th February, 2009

==============================================

I. VULNERABILITY

-------------------------

Blind Command(SQL, LDAP) Injection

Information Leakage

Banks below are vulnerable:

Union bank of Taiwan. www.ubot.com.tw

SinoPac Securities. www.sinotrade.com.tw

prudential uk in Taiwan. www.pcafunds.com.tw

II. DESCRIPTION

-------------------------

Some banks or fund companies contain vulnerabilities while handling account information,

it may cause information leakage.

Usually the input is sanitized indeed, but some specific pages do not perform the validation properly.

Otherwise, sometimes error messages also show the architecture of web sites.

III. POC

-------------------------

1. Union bank: may be susceptible to blind injection.

http://adl.csie.ncu.edu.tw/~militan/Ubot1.jpg

http://adl.csie.ncu.edu.tw/~militan/Ubot2.jpg

2. prudential uk in Taiwan: Get information first(JNDI LDAP), then do the LDAP injection.

http://adl.csie.ncu.edu.tw/~militan/PCAFunds1.jpg

http://adl.csie.ncu.edu.tw/~militan/PCAFunds2.jpg

http://adl.csie.ncu.edu.tw/~militan/PCAFunds3.jpg

3. SinoPac Securities: The page re-generates the password in Javascript. It`s not a vulnerability, but a insecure behavior in programming.

http://adl.csie.ncu.edu.tw/~militan/SinoTrade.JPG

IV. SOLUTION& CONCLUSION

-------------------------

Strip all symbols in ANY input variable.

This advisory prove that sites of banks are not secure enough.

Vulnerabilities may be fixed up in a very short time because details were sent to them already

Citi?i ?i:

http://www.koreatimes.co.kr/www/news/tech/2009/02/129_39347.html

[[Lansare] BackTrack 4 Beta + FastTrack]

http://www.securestate.com/Pages/Fast-Track.aspx

[DDOS-ul prin NS-e ia amploare]

The Register raporteaz?:

http://www.theregister.co.uk/2009/02/10/new_dns_amplification_attacks/

Pe scurt, din ce în ce mai mul?i hackeri floodeaza target-uri cu ajutorul NS-elor. Scenariu: kw3rln vrea s? timeouteze () asdf.com; el are o list? de mii de nameservere ?i trimite la fiecare request-uri "get root servers" (nush denumirea tehnic?), spoofând îns? IP-ul pachetelor UDP, astfel încât nameserverele s? r?spund? c?tre asdf.com

Pachetul primit de target de la nameserver con?ine:

C:\Users\Dark Zagatu>nslookup

DNS request timed out.

timeout was 2 seconds.

Default Server: UnKnown

Address: 192.168.0.1:53

> server ns.infogate.ro

Default Server: ns.infogate.ro

Address: 80.96.198.2

> set type =ns

Unrecognized command: set type =ns

> set type=ns

> .

Server: ns.infogate.ro

Address: 80.96.198.2

Non-authoritative answer:

(root) nameserver = I.ROOT-SERVERS.NET

(root) nameserver = J.ROOT-SERVERS.NET

(root) nameserver = K.ROOT-SERVERS.NET

(root) nameserver = L.ROOT-SERVERS.NET

(root) nameserver = M.ROOT-SERVERS.NET

(root) nameserver = A.ROOT-SERVERS.NET

(root) nameserver = B.ROOT-SERVERS.NET

(root) nameserver = C.ROOT-SERVERS.NET

(root) nameserver = D.ROOT-SERVERS.NET

(root) nameserver = E.ROOT-SERVERS.NET

(root) nameserver = F.ROOT-SERVERS.NET

(root) nameserver = G.ROOT-SERVERS.NET

(root) nameserver = H.ROOT-SERVERS.NET

B.ROOT-SERVERS.NET internet address = 192.228.79.201

C.ROOT-SERVERS.NET internet address = 192.33.4.12

D.ROOT-SERVERS.NET internet address = 128.8.10.90

E.ROOT-SERVERS.NET internet address = 192.203.230.10

G.ROOT-SERVERS.NET internet address = 192.112.36.4

H.ROOT-SERVERS.NET internet address = 128.63.2.53

H.ROOT-SERVERS.NET AAAA IPv6 address = 2001:500:1::803f:235

I.ROOT-SERVERS.NET internet address = 192.36.148.17

J.ROOT-SERVERS.NET internet address = 192.58.128.30

J.ROOT-SERVERS.NET AAAA IPv6 address = 2001:503:c27::2:30

K.ROOT-SERVERS.NET internet address = 193.0.14.129

K.ROOT-SERVERS.NET AAAA IPv6 address = 2001:7fd::1

L.ROOT-SERVERS.NET internet address = 199.7.83.42

L.ROOT-SERVERS.NET AAAA IPv6 address = 2001:500:3::42

>

Eventual kw3rln poate alterna cu requesturi "get tld servers" ("com" in loc de ".") sau "get zone information" ("soa" in loc de "ns" si apoi un domeniu). Acest tip de flood este foarte u?or de implementat a?a c? v? urez succes.

[[Lansare] BackTrack 4 Beta + FastTrack]

Ast?zi, 11 Februarie, a fost lansat BackTrack 4 Beta

http://remote-exploit.org/cgi-bin/fileget?version=bt4-beta-vm

Sistemul de operare con?ine programul care a f?cut valuri la ShmooCon 2009, Fast-Track

Puteti vedea cateva video-uri cu el aici:

http://www.thepentest.com/

[Mi-ar place RSS feed pt forumul Stiri Securitate]

Mi-ar place RSS feed pt forumul Stiri Securitate, cum e pe sla.ckers de exemplu

[Google vrea sa transforme PC-urile in istorie]

e bine c? ?i-a?a nu mai aveam spa?iu pt porn

[Windows 7 targeted [challenge]]

E aproape imposibil, nu cred c? o s? încerce nimeni. Poate dac? instalezi câteva daemon-uri pe el...

[Yahoo XSS - NOUTATI]

nu e utilizabil asta de kr.ban.yahoo.com

daca folosesti

http://kr.ban.yahoo.com/2uga

iti spune ca fisierul 2uga nu exista

daca folosesti

http://kr.ban.yahoo.com/2uga/ding

iti spune ca directorul 2uga nu exista; ding n-o sa apara nicaieri in sursa

nu putem folosi document location fara sa avem macar un '/' inainte de cookie_stealer.php

[c++ programare???]

la linia 4, inlocuieste >> cu ;

si ai putea incerca sa adaugi .h la sfarsitul librariei, poate asa o sa compileze programul

eu iti recomand sa folosesti visual studio 2008, il iei de aci:

thepiratebay.org/torrent/4088718/Visual_Studio_2008

si cauta un ebook care sa te invete cum sa-l folosesti, nu mai da banii pe carti de IT

[Windows 7 nu mai are nevoie de placa video]

o fi avand Windows 7 o gr?mad? de func?ii noi inutile, dar tot de-abia a?tept s? apar? ca s? scap de porc?ria de Vista. sper s? nu fie un proces ciclic

[http://hax.tor.hu/ challenges]

pff ar fi fost tare site-ul dacã nu l-ar fi terminat deja 2... nu mai e nici un challanege aºa când tot ce poþi face e sã împarþi locul 1 cu alþii

[Windows se prãbuºeºte]

da tard

[Windows se prãbuºeºte]

Windows e super-tare

Din pãcate prea mulþi au impresia cã dacã zic cã windows-ul e praf sunt cool