Nytro

Demo for us: byass ban restriction.

Attack of the Hack Back The worst idea in cybersecurity is back again. By Josephine Wolff At its heart this bill would just serve as an excuse to let anyone access anyone else’s computer systems with impunity. Alexander Ryumin/TASS If there were a prize for the worst cybersecurity policy idea that just won’tdie, it would have to go to “hacking back,” or making it legal for people to attack the computers that are attacking them. This idea has been around foryears, which means that for years, people have been warning that this is a verybad idea—it’s not the first time I’ve written about this topic myself. But it’s astrangely persistent piece of policy, regardless of the fact that it’s been condemned by just about everyone, including law enforcement, and openly endorsed by almost no one. Just last week Reps. Tom Graves, R-Georgia, and Kyrsten Sinema, D-Arizona, introduced a revised version of the Active Cyber Defense Certainty Act (anupdate of a bill discussion draft that Graves proposed back in March). It’s nice to see some bipartisan teamwork on an issue in these highly partisan times, buta pity to see it wasted on such a foolhardy endeavor. The ACDC Act (please, go ahead and eye-roll that initialism) attempts to carve out some exceptions to the Computer Fraud and Abuse Act, the U.S. anti-hacking statute, which essentially makes it illegal to access computers that don’t belong to you without permission (or “authorization”). The bill would roll back that restriction to allow companies to access computers that don’t belongto them in the name of self-defense or, as the bill calls it, “active defense.”(Active defense, for those not familiar with cybersecurity euphemisms, is thepolite term for offense. It’s meant to convey that you’re just protecting yourself,not attacking anyone, even though, of course, you are attacking someone—that’s what makes it so “active.”) Most people have interpreted the CFAA to mean that companies (and individuals) are allowed to protect their computers and data only by taking measures confined within the boundaries of their own network. So it’s fine to monitor unusual traffic patterns, or encrypt data, or implement strong authentication systems—those are all things that only require accessing yourown servers and data. But going outside the boundaries of the computers and data that you own to target people who have stolen your data, or are trying tosteal your data, could be considered illegal hacking under the CFAA. Enter the ACDC Act. Get Future Tense in your inbox. The ACDC Act clarifies “the type of tools and techniques that defenders can use that exceed the boundaries of their own computer network.” In particular, it specifies that people facing criminal charges under the CFAA for illegal hacking can defend themselves by claiming that their activities were just “active cyberdefense measures.” According to the bill’s text, the accused would have to showthat they were the victims of a “persistent unauthorized intrusion” directed at their computers. In short, if someone has compromised your computers and stolen some of your data or is bombarding your servers with a denial-of-service attack, the ACDC would make it legal for you to access their servers and delete the files that they stole from you, or bombard their servers to interrupt the ongoing attack. What’s really incredible about the ACDC Act is that Congress is still taking this idea seriously. There are also some limitations placed on what can be considered an “active cyber defense measure.” To be active defense, the measure has to either help establish attribution of the attack, disrupt an ongoing attack, or “monitor the behavior” of the attacker in order to help develop better defensive methods. Things that do not qualify as active defense include: creating a threat to public health or safety, recklessly causing physical injury or financial harm, deliberately accessing an intermediary’s computer, or destroying information that does not belong to the victim stored on the attackers’ computers. (This can get a little confusing to write about because the terms “victim” and “attacker” lose all meaning when we’re talking about hacking back. If A hacks B and then B hacks A back, then, according to the language of the ACDC Act, B is the victim and A is the attacker. But once the hacking back—I mean, the active defense—starts, then the reverse is also, of course, true.) This might all seem reasonable at first glance, but it’s a highway to hell. I am thunderstruck by how terrible it is. At its heart it would just serve as an excuse to let anyone access anyone else’s computer systems with impunity. Want to go after a competitor? Stage an attack directed at yourself coming from their servers, and then hack back! Or plant some of your sensitive files on their computers and then go in and delete them and monitor their behavior while you’re at it (all in the name of building better defenses). Of course, once that company realizes what’s going on, it may decide to take matters into its own hands and indulge in a little active defense directed at you. What could go wrong? But don’t worry, Congress has anticipated all these problems (maybe because people have been pointing them out, repeatedly, for the better part of a decade). The bill’s authors include this incredibly vague safeguard in its text: “Congress holds that active cyber defense techniques should only be used by qualified defenders with a high degree of confidence in attribution, and that extreme caution should be taken to avoid impacting intermediary computers or resulting in an escalatory cycle of cyber activity.” It’s unclear what constitutes a qualified defender in Congress’ view, much less a “high degree of confidence in attribution.” Attribution is really, really hard. Not to mention that part of the bill’s explicit purpose is legalizing hacking intended to help gather information about attribution. Why would anyone hack back to gather information about attack attribution if hacking back is only legal when victims are absolutely, 100 percent positive they know who the perpetrator is in the first place? I could go on and talk about how legalizing this type of activity under U.S. law doesn’t mean that people who practice active defense won’t be breaking laws in other countries. (Don’t worry, Congress has thought of that too; the bill warns that defenders should “exercise extreme caution to avoid violating the law of any other nation.” That’ll fix it!) Or how this would make the work of law enforcement harder, not easier—a point the FBI has already made. But what’s really incredible about the ACDC Act is not how terrible its proposals are, but that Congress is still taking them seriously after years of people pointing out how terrible they are and in the absence of any clear demand. The ACDC Act authors have clearly heard all these concerns, but their only response seems to have been inserting tepid language into the draft advising active defenders to exercise “extreme caution.” The rationale behind hacking back is supposed to be that the U.S. is full of highly sophisticated technical companies with the ability to do much more advanced and effective cybermaneuvers than the slow, bureaucratic law enforcement agencies. But if those sophisticated tech companies are eager to be doing active defense, they certainly haven’t been vocal about that desire or publicly endorsing proposals like the ACDC. When I last wrote about hacking back legislation, I spoke with Greg Nojeim, the director of the Freedom, Security, and Technology Project at the Center for Democracy and Technology, and asked him who he thought was lobbying for this kind of regulation. Nojeim, who has been working on cybersecurity policy in Washington for years, told me: “I haven’t heard from particular companies that they want to have that activity authorized. I just have not heard the proponents of that position other than some academics, one or two think tanks, and Stewart Baker.” Baker is a lawyer and former homeland security assistant secretary under George W. Bush who is probably the most vocal supporter of hacking back. No one wants this law. Or, at the very least, almost no one, except Stewart Baker, is willing to admit they want this law, which is pretty damning in itself. And yet, even though the companies that would presumably be hacking back, were it legal, have not publicly expressed any need for such a statute, it turns out to be the rare issue that Congress members from both parties can rally around right now. In fairness to Graves and Sinema, there are some reasonable things in the ACDC Act text: It still allows for civil suits against active defenders, and it permits “beaconing” tools that help defenders locate their stolen data, after it has been stolen. Though it’s not at all clear that attaching “beacon” code to your sensitive data while it’s stored on your system was illegal in the first place. But at its core, the ACDC Act is a bill that would open the door for much more misbehavior online and even greater obstacles to trying to charge the offenders and hold them responsible. Hells bells. It’s hard to fathom why, in 2017, Congress is taking up this idea, unless members are so completely out of ideas for cybersecurity that they’re stuck recycling the worst ones over and over again. This article is part of Future Tense, a collaboration among Arizona State University, New America, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, follow us on Twitter and sign up for our weekly newsletter. Sursa: http://www.slate.com/articles/technology/future_tense/2017/10/hacking_back_the_worst_idea_in_cybersecurity_rises_again.html

La cate lucruri s-au aflat la acel moment, faptul ca ar avea acces la acest "krack" e unul dintre lucrurile minore.

How Retailers Use Personalized Prices to Test What You’re Willing to Pay Rafi Mohammed October 20, 2017 https://hbr.org/2017/10/how-retailers-use-personalized-prices-to-test-what-youre-willing-to-pay

Cred ca avea codul printat si il copia.

Ma bucur ca se numesc "Track #1", "Track #2" si "Track #3", pentru ca daca exista un "Main Track", toata lumea sa ingramadea acolo pentru ca "int main()" .

Pentru doritori: https://def.camp/become-a-volunteer/

Backup! Ce exemplu esti tu pentru noi?

@dancezar Link nou?

Oberv ca lista de speakeri se actualizeaza din cand in cand. @Andrei cand o sa fie gata lista finala?

https://pastebin.com/aZyyS16w

Patch-urile sunt disponibile de ani de zile...

Cam multe in ultima vreme.

Dupa ceva cuvinte cheie: kpmg, securitycafe...

Mai sunt si alti membri RST, doar ca se pastreaza "underground".

In sfarsit ceva interesant.

Uhuuuu, "Magic":

Viitorul o sa fie interesant, sa speram ca mai bine. Oricum, Romania PSD va fi in continuare in Evul Mediu, deci sa nu avem mari asteptari. E important sa intelegem ca cel putin noi, cei care lucram in "IT", nu o sa ramanem fara locuri de munca.

eful Daimler AG prezice viitorul lumii. În particular, din 2020 va începe falimentul industriei auto 25.07.2017 Dieter Zetsche, director general al Daimler AG, corporaţie care deţine marca Mercedes-Benz, şi-a exprimat previziunile sale într-un blitz interviu pe reţeaua de socializare LinkedIn, în ce priveşte viitorul acestei lumi. Cel mai uimitor lucru pe care l-am aflat din una dintre declaraţiile sale este că industria auto va falimenta în scurt timp, asta pentru că nimeni nu va mai avea nevoie să-şi cumpere o maşină! Dieter Zetsche, CEO of Daimler and Head of Mercedes-Benz, attends a news conference in front of a Mercedes EQ Electric car on media day at the Mondial de l’Automobile, the Paris auto show, in Paris, France, September 29, 2016. REUTERS/Jacky Naegelen Iată toate prezicerile făcute de Dieter Zetsche. Urmează să vedem dacă vor deveni realitate: Software-ul (sisteme şi limbaje de programare) va distruge industria tradiţională în 5-10 ani; Deşi Uber e un soft, acum e cea mai mare companie de taxi din lume. La fel, Airbnb e cea mai mare companie hotelieră deşi nu deţine nicio proprietate; FOTO: ztb.kz Despre inteligenţa artificială: anul acesta, un calculator a bătut la jocul „Go” (un joc de masă inventat în China antică) cel mai bun jucător din lume. Era de aşteptat să se întâmple, dar abia peste vreo 10 ani; În SUA, avocaţii tineri nu mai au job-uri. Soft-urile, precum IBM Watson, îţi dau sfaturi legale în câteva secunde, cu o acurateţe de 90%, versus 70% cât îţi dau oamenii; Dacă planifici sau studiezi deja Dreptul la universitate, opreşteşte! În viitorul care bate la uşă vor fi cu 90% mai puţini avocaţi sau specialişti în drept; Acelaşi software IBM Watson reuşeşte în prezent să pună diagnosticul de cancer cu o precizie de patru ori mai mare decât oamenii, iar Facebook are un soft de recunoaştere facială mai bun decât avem noi, nativ. Până în 2030, calculatoarele vor fi superioare oamenilor; YORKTOWN HEIGHTS, NEW YORKIBM has created a computer, called Watson, that will play against the best Jeopardy contestants for three nights, Feb. 14, 15, and 16. The host of Jeopardy, Alex Trebek, rehearses for the upcoming show. (Photo by Carolyn Cole/Los Angeles Times via Getty Images) Automobilele autonome: Primele astfel de maşini, care vor fi capabile să se deplaseze fără intervenţia şoferului, vor apărea din 2018. Din 2020 industria constructoare de maşini se va schimba şi va începe să falimenteze treptat. Nu vei mai avea nevoie de o maşină personală. Tu şi copiii tăi vor putea chema o maşină printr-o aplicaţie mobilă. Maşina va fi fără şofer, tu vei plăti doar şi ea te va duce la destinaţie. În concluzie: nimeni nu va mai avea maşini-proprietate, însă toţi vom avea acces la ele; Lucrul menţionat anterior va transforma oraşele, pentru că parcările vor constitui doar 5% din suprafaţa acestora. 90-95% din „fostele” terenuri de parcare vor deveni parcuri de joacă; Potrivit statisticilor, anual îşi pierd viaţa 1.2 milioane de oameni în accidente rutiere, câte un om la 100.000 de kilometri. Maşinile autonome vor salva anual vieţile a un milion de oameni, iar rata mortalităţii va fi de un om la 10 milioane de kilometri; FOTO: sub5zero.com Companiile producătoare de maşini tradiţionale din prezent, o mare parte din ele, practic vor înceta să mai existe. Altele, precum Tesla, Google şi Apple vor revoluţiona industria auto, construind nişte calculatoare inteligente pe roţi; În prezent ştiu o mulţime de ingineri de la Volkswagen şi Audi care sunt îngroziţi de Tesla şi de posibilităţile pe care le are; Odată cu apariţia automobilelor autonome asigurările auto vor deveni iniţial de 100 de ori mai ieftine, iar ulterior această afacere va dispărea complet, asta pentru că va exista comunicare între maşini, fapt care va duce la prevenirea accidentelor rutiere; FOTO: bgr.com Vor dispărea şi agenţiile imobiliare. Nimeni nu îşi va mai cumpăra o locuinţă pentru că toţi vor locui în spaţii închiriate, şi asta pentru că se va putea munci în timpul călătoriilor şi astfel oamenii vor căuta mereu un loc mult mai frumos; Oraşele vor fi silenţioase pentru că vor fi maşini electrice. Respectiv vor fi mai curate şi va fi mai uşor de locuit în ele. Energia electrică se va ieftini considerabil din cauză că nu va exista un acces limitat la energia solară. Fiecare o va putea produce individual (prin achiziționarea unor panouri solare, de exemplu); Împreună cu energia electrică se va ieftini şi apa. Desalinizarea ei are nevoie în prezent de 2 kWh şi costă 0.25 cenţi pe metru cub (medie preţ global); FOTO: amazonaws.com Tricorder X va fi anuţat şi lansat anul acesta, un mecanism digital similar atât prin denumire, cât şi prin funcţionalitate unuia din filmele Star Trek. El va analiza prin smartphone retina, o mostră de sânge şi respiraţia. Astfel se vor face analizele, mult mai ieftin, mai rapid şi cu o precizie maximă. Respectiv, în câţiva ani va dispărea o parte însemnată a sistemului medical (recoltare şi interpretare analize); Imprimantele 3D vor revoluţiona lumea: Peste 10 ani fiecare îşi va putea permite una, cea mai ieftină şi calitativă costând 400 de dolari. Acestea vor lucra şi de 100 de ori mai rapid. Imaginaţi-vă că la sfârşitul acestui an apar telefoane cu funcţie de scanare 3D. Astfel, vă veţi putea scana picioarele şi respectiv vă veţi putea scoate la imprimantă încălţămintea dorită. În prezent în China există deja suprafeţe imobiliare imprimate 3D, iar unele companii produc cu imprimanta 3D piese pentru avioane. Până în 2027, 10% din tot ce se va produce va fi imprimat 3D; Dacă aveţi în prezent idei de business, nu le începeţi dacă nu funcţionează în acord şi relaţie cu smartphone-ul. De asemenea, ideile de afaceri care au avut succes în secolul XX, nu îl vor mai avea în secolul XXI; 70-80% din job-urile actuale vor dispărea în următorii 20 de ani. Vor apărea altele noi, dar nu se cunoaşte dacă vor fi suficiente; Vom avea în viitor fermieri-roboţi la 100 de dolari bucata. Vor munci în locul nostru, iar acest lucru va revoluţiona agricultura mai ales în ţările din lumea a 3-a (gen cele din Africa); Aeroponica, cultivarea plantelor fără sol şi practic „în aer”, se va dezvolta foarte mult. De asemenea, pe piaţă vor fi aduse produse alternative care vor conţine mai multe proteine decât carnea obişnuită, cei drept, făcute din insecte; A Bosch employee controls a deep field robot called „BoniRob” at a field in Renningen near Stuttgart, Germany July 29, 2016. REUTERS/Michaela Rehle – RTSL1NO Până în 2020 vor exista aplicaţii care vor detecta dacă minţim sau vrem să înşelăm pe cineva. Doar imaginaţi-vă cum va afecta asta campaniile electorale de exemplu; Moneda electronică, bictoin-ul, ar putea deveni monedă internaţională! Până în 2036 ar trebui să trăim în medie 100 de ani. Din prezent, în fiecare an, durata medie de viaţă creşte cu 3 luni; În 2020, 70% din oameni vor avea câte smartphone, respectiv acces la educaţie de calitate. În Africa şi în Asia se vând deja telefoane cu 10 dolari bucata. În viitor toţi copii din lume vor avea acces la învăţământ superior şi practic gratuit. FOTO: psm7.com Sursa: http://autoblog.md/seful-daimler-ag-prezice-viitorul-lumii-particular-din-2020-va-incepe-falimentul-industriei-auto/ Poate e de la prea multa cafea, dar mie articolul mi-a dat de gandit.

Da, poate fi util.

https://www.google.ro/search?q=c%2B%2B+obfuscator

Virustotal careva?

Interesant, buna idee pentru un modul de Metasploit pentru cine are ceva timp liber.

http://www.geeksforgeeks.org/get-post-requests-using-python/ ?