Nytro

China Reveals Its Cyberwar Secrets In an extraordinary official document, Beijing admits it has special units to wage cyberwar—and a lot of them. Is anybody safe? A high-level Chinese military organization has for the first time formally acknowledged that the country’s military and its intelligence community have specialized units for waging war on computer networks. China’s hacking exploits, particularly those aimed at stealing trade secrets from U.S. companies, have been well known for years, and a source of constant tension between Washington and Beijing. But Chinese officials have routinely dismissed allegations that they spy on American corporations or have the ability to damage critical infrastructure, such as electrical power grids and gas pipelines, via cyber attacks. Now it appears that China has dropped the charade. “This is the first time we’ve seen an explicit acknowledgement of the existence of China’s secretive cyber-warfare forces from the Chinese side,” says Joe McReynolds, who researches the country’s network warfare strategy, doctrine, and capabilities at the Center for Intelligence Research and Analysis. McReynolds told The Daily Beast the acknowledgement of China’s cyber operations is contained in the latest edition of an influential publication, The Science of Military Strategy, which is put out by the top research institute of the People’s Liberation Army and is closely read by Western analysts and the U.S. intelligence community. The document is produced “once in a generation,” McReynolds said, and is widely seen as one of the best windows into Chinese strategy. The Pentagon cited the previous edition (PDF), published in 1999, for its authoritative description of China’s “comprehensive view of warfare,” which includes operations in cyberspace. “This study is a big deal when it’s released,” McReynolds said, and the current edition marks “the first time they’ve come out and said, ‘Yes, we do in fact have network attack forces, and we have teams on both the military and civilian-government sides,’” including inside China’s equivalents of the CIA and the FBI. The acknowledgment could have political and diplomatic implications for China’s relationship with the United States and other Western powers. “It means that the Chinese have discarded their fig leaf of quasi-plausible deniability,” McReynolds said. “As recently as 2013, official PLA [People’s Liberation Army] publications have issued blanket denials such as, ‘The Chinese military has never supported any hacker attack or hacking activities.’ They can’t make that claim anymore.” U.S. officials have spent years marshaling evidence of China’s cyber capabilities and have been escalating efforts to stop cyber spying. Last year, the Justice Department took the unprecedented step of indicting five Chinese military officials for hacking into U.S. companies and stealing their proprietary information to give Chinese firms a leg up on the global market. That indictment was met with more denials, which have continued even past the publication of the latest Science of Military Strategy, which has taken months to translate, McReynolds said, and has not been publicized outside the ranks of China analysts. “When asked, the Chinese as recently as a month ago denied they had a cyber command,” James Lewis, a senior fellow at the Center for Strategic Studies and a leading expert on China’s cyber capabilities, told The Daily Beast. Lewis said that the new revelations won’t come as “earth-shattering” to analysts and experts who closely follow statements by Chinese officials, because “we all assumed they were lying.” “But it’s interesting, and people outside the community won’t know it,” Lewis said. He compared the revelation to China’s testing, in 2007, of an anti-satellite missile, “which came after they had for years stoutly denied that they were building space weapons.” China has divided its cyber warfare forces into three types, said McReynolds, whose analysis is included in his forthcoming book, China’s Evolving Military Strategy, which will be published in October. First, there are what the Chinese call “specialized military network warfare forces” consisting of operational military units “employed for carrying out network attack and defense,” McReynolds said. Second, China has teams of specialists in civilian organizations that “have been authorized by the military to carry out network warfare operations.” Those civilian organizations include the Ministry of State Security, or MSS, which is essentially China’s version of CIA, and the Ministry of Public Security (its FBI). Finally, there are “external entities” outside the government “that can be organized and mobilized for network warfare operations,” McReynolds said. As to which of those groups is responsible for targeting American companies to steal their secrets, the short answer, says McReynolds: “They all do it.” Espionage by the PLA has been extensively documented, McReynolds said. And a Chinese hacking unit dubbed Axiom that has been linked to intrusions against Fortune 500 companies, journalists, and pro-democracy groups is reportedly an MSS actor. He noted that there are also many ways that Chinese civilians have been seen assisting in industrial espionage, including through “hack-for-cash” operations. Based on other PLA writings, it appears that the military would most likely handle any targeting of critical infrastructure, McReynolds said. Now that China is coming clean about its cyber warfare forces, other countries may question whether they can safely cooperate with the government on combating cybercrime. The Ministry of Public Security (MPS), for instance, has assisted more than 50 countries with investigations of more than a thousands cases of cybercrime over the past decade, and China has set up bilateral law enforcement cooperation with more than 30 countries, including the United States, the United Kingdom, Germany, and Russia, McReynolds said. “With the Chinese now explicitly acknowledging that the [ministry] has network warfare forces stationed within it, the United States and other targets of Chinese state-sponsored hacking will have to weigh carefully whether cooperation with the MPS on cybercrime is worth the risks,” he said. McReynolds also saw signs of a potential power struggle between the People’s Liberation Army and civilian government agencies like the Ministry of Public Security over who really runs cyber operations within the Chinese system. Those civilian cyber forces operated under the PLA’s “authorization,” according to the Chinese document. “As unprecedented as it is to have the Chinese military acknowledge the existence of its network attack forces, having the PLA announce the existence of such secretive forces inside the civilian government is particularly unusual, and strikes me as an attempt to ‘plant the flag’ for the PLA,” McReynolds says. The new analysis of China’s cyber operations has taken a long time to produce, in part because the latest edition of the The Science of Military Strategy wasn’t released until December 2013, McReynolds said. “It takes a while for this sort of information to filter out into the Western PLA-watcher community, especially since there’s no English translation available yet. It was only last summer that the first of us in the community started to obtain copies of the new SMS and go through its contents; it’s hundreds of pages long.” McReynolds, who said he reads Chinese, also ran his translations by analysts fluent in the language to ensure the accuracy of his work, he said. China isn’t the only major U.S. adversary with advanced military cyber operations. Russia is a “near peer” to the United States, former National Security Agency Director and Cyber Command chief General Keith Alexander said in 2010. The country’s use of cyber offensive operations has been documented both in Georgia in 2008 and more recently with Russia’s invasion of Crimea in 2014. Those operations, conducted in tandem with traditional combat operations, have been aimed at disrupting adversaries’ communications systems, including public websites. Experts generally agree that Russia, China, and the United States have the most advanced and sophisticated cyber warfare forces. But Iran has been quickly gaining new capabilities and demonstrated a willingness to use them, as with a massive attack on U.S. bank websites in 2012. North Korea has also ramped up its cyber operations, most notably with the hacking of Sony Pictures Entertainment last year, which prompted the Obama administration to impose new economic sanctions on the hermit kingdom. Eric Rosenbach, an assistant secretary of defense in charge of homeland defense and global security isssues, has said that some five dozen countries are building a military-cyber operation, equivalent to the United States’ Cyber Command. Sursa: http://www.thedailybeast.com/articles/2015/03/18/china-reveals-its-cyber-war-secrets.html

Pwn2Own 2015: Day Two results Dustin_Childs| March 19, 2015 The second and final day of Pwn2Own 2015 saw successful exploits by both entrants against four products, with each going after multiple targets and collecting a total of $235,000. This brings the two-day payout total to $552,500, not including the value of the laptops, ZDI points, and other prizes given to winning researchers. Here’s the highlights of the day’s proceedings. ilxu1a started off Day Two by taking down Mozilla Firefox with an out-of-bounds read/write vulnerability leading to medium-integrity code execution. It happened so quickly that those of us who blinked missed it — although in our defense, it was sub-second execution. He reports he found the bug through static analysis, which is truly impressive. ilxu1a received $15,000 USD for the bug. For the first of his three targets, JungHoon Lee (lokihardt) took out 64-bit Internet Explorer 11 with a time-of-check to time-of-use (TOCTOU) vulnerability allowing for read/write privileges. He evaded all the defensive mechanisms by using a sandbox escape through privileged JavaScript injection, all of which resulted in medium-integrity code execution. This got his day started out right with a payout of $65,000 USD. Next, JungHoon Lee (lokihardt) demonstrated an exploit that affects both the stable and beta versions of Google Chrome. He leveraged a buffer overflow race condition in Chrome, then used an info leak and race condition in two Windows kernel drivers to get SYSTEM access. With all of this, lokihardt managed to get the single biggest payout of the competition, not to mention the single biggest payout in Pwn2Own history: $75,000 USD for the Chrome bug, an extra $25,000 for the privilege escalation to SYSTEM, and another $10,000 from Google for hitting the beta version for a grand total of $110,000. To put it another way, lokihardt earned roughly $916 a second for his two-minute demonstration. There are times when “Wow” just isn’t enough. For his final act of the competition, JungHoon Lee (lokihardt) took out Apple Safari using a use-after-free (UAF) vulnerability in an uninitialized stack pointer in the browser and bypassed the sandbox for code execution. That netted him another $50,000 USD and brought his daily total to $225,000. This is an amazing accomplishment for anyone, but it’s especially impressive considering he is an individual competitor rather than a team. Well done. The final entrant in Pwn2Own 2015, ilxu1a, attempted to exploit Google Chrome, but ran out of time before he could get his code working. He told us he was having issues with his info leak. While not a winner on this round, he has won twice before and showed some lovely research on the topic. I’m sure we’ll see him again. As with every Pwn2Own, all vulnerabilities were disclosed to their respective vendors in our “Chamber of Disclosures,” and each vendor is working to fix these bugs through their own processes. The final numbers for Pwn2Own 2015 are quite impressive: 5 bugs in the Windows operating system 4 bugs in Internet Explorer 11 3 bugs in Mozilla Firefox 3 bugs in Adobe Reader 3 bugs in Adobe Flash 2 bugs in Apple Safari 1 bug in Google Chrome $442,500 USD bounty paid out to researchers Again, congratulations to all of this year’s champions. It was a great time for us, and we saw some amazing research throughout the contest. Thanks again to our co-sponsors at Google Project Zero. See you next year! Sursa: Pwn2Own 2015: Day Two results - HP Enterprise Business Community

Installers Installs Go and a text editor. Windows OSX (32 bit, 64 bit) The Book An Introduction to Programming in Go. Copyright © 2012 by Caleb Doxsey ISBN: 978-1478355823 This book is available for purchase at Amazon.com in Kindle or Paperback. It is available for free online below or in PDF form. Questions, comments, corrections or concerns can be sent to Caleb Doxsey. Table of Contents Getting Started Files and Folders The Terminal Text Editors Go Tools Your First Program How to Read a Go Program [*]Types Numbers Strings Booleans [*]Variables How to Name a Variable Scope Constants Defining Multiple Variables An Example Program [*]Control Structures For If Switch [*]Arrays, Slices and Maps Arrays Slices Maps [*]Functions Your Second Function Returning Multiple Values Variadic Functions Closure Recursion Defer, Panic & Recover [*]Pointers The * and & operators new [*]Structs and Interfaces Structs Methods Interfaces [*]Concurrency Goroutines Channels [*]Packages Creating Packages Documentation [*]Testing [*]The Core Packages Strings Input / Output Files & Folders Errors Containers & Sort Hashes & Cryptography Servers Parsing Command Line Arguments Synchronization Primitives [*]Next Steps Study the Masters Make Something Team Up Additional Resources Video tutorial on how to build tries in Go © 2014 Caleb Doxsey. Cover Art: © 2012 Abigail Doxsey Anderson. All Rights Reserved. Sursa: http://www.golang-book.com/

XPATH Assisted XXE Attacks DannyChrastil| March 17, 2015 I was in a coffee bar with some good friends of mine the other day and one of them asked me “Danny, if in one hand you have XPath Injection, and in the other XXE Processing… which would you choose?” With a wry smile I responded to him, “Put your hands together!” (miss the reference? )When testing applications which are employing XML, whether it be a web service for a mobile application or an ajax-mashup website, two of the main vulnerabilities you will see and hear about are XPath injection and XXE (XML External Entity) processing. While each of these on their own are interesting vulnerabilities, there is a unique situation that allows you to chain the two together in order to read data off a target system. XPath Injection XML documents act as a data store or database for applications. You can store large amounts of data in a hierarchical structure which can then be queried by the application the same way you would query a database. This querying protocol for XML is called XPath. Just like SQL queries can be vulnerable to injection attacks, so can XPath queries. If user-supplied data is not sanitized before being applied to the XPath query, an attacker could perform an injection attack much like the following: Query: $xquery = "//Customer[username/text()='" . $_POST[‘username’] . "' AND password/text()='" . $_POST("passwd") . "']"; Attack Request: username=danny’ or 1=1 or ‘1’=’1&password=testing Resulting XPath Query: //Customer[(username/text()='danny’ or 1=1) or (‘1’=’1' AND password/text()='testing')] This injection would match and return results for all of the customers in the XML document instead of data only belonging to ‘danny’. While this attack can be very powerful, it also has its limitations. Unlike SQL, XPath has very limited interactions with the OS and system files of the web server. There is a function in XPath called “doc()” that can read both local and remote files as long as they are XML documents. This is great if you can find a XML file on the server which contains sensitive information, but in most cases this won’t be helpful in trying to access /etc/passwd, etc. XXE Processing XXE stands for XML External Entity Processing. The XML data structure allows for elements called entities which are used as data variables to be used within the XML body. An XXE attack is when the user can control the XML structure that is sent along with the request to the server. If an attacker can create their own entity then they can perform attacks such as sensitive file disclosure, denial of server, port scanning and more. Attacker controlled XML: <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foobar [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foobar>&xxe;</foobar> This attack would load the file “/etc/passwd” from the server and return the data within the <foobar> element to the user. The attacker could get creative and load other files such as CMS config files for database credentials. XPath assisted XXE XPath Injection and XXE Processing are not commonly found together within the same application. So what if you find XPath Injection within a search form on a site which doesn’t contain sensitive information or authentication. Apart from changing the results which are displayed in the search response, there isn’t much to do. If only we had XXE to help us read files off the file system. Remember that XPath “doc()” function that can only load XML documents? Because “doc()” can also load external XML documents, an attacker could force the application to load an evil XML document hosted on their own server. How does this help us read sensitive files on the target server? If the attacker creates the evil XML document to contain XXE processing that loads /etc/passwd. When this XML is loaded on the target server it will then load the file corresponding to its own file system, not the attackers. How to Protect Yourself Because this attack is chaining two vulnerabilities together, it is important that both are addressed in order to mitigate the risk. XPath Injection is similar to other injection vulnerabilities in that the best approach to remediation is by implementing thorough white list validation and input sanitization on any user supplied data; in this case, anything going into the XPath query. Theoretically, if the user supplied input is being validated before building the XPath query, then the attacker would not be able to inject the “doc()” function to load the malicious XML file; however, it would be best practice to disable the “doc()” function completely if it is not required by the application. If that is not a viable option, then the next step would be to disallow any remote calls by the “doc()” function only allowing local XML files to be loaded. Here at HP Fortify on Demand, we are working to detect this issue for all of our customers' sites and provide them detailed remediation steps. Reach out to us with any questions Sursa: http://h30499.www3.hp.com/t5/Fortify-Application-Security/XPATH-Assisted-XXE-Attacks/ba-p/6721576

Te-ai insurat ba?

Fa public. 90 days policy de la Google Project Zero e cam mult. dekeeu's Disclosure Policy: 30 days.

Adu si niste argumente daca ai facut o afirmatie.

The job's daily activities include design, development, maintenance and integration of business applications. C# will be the usual programming language, Visual Studio - the development environment and Microsoft SQL Server - the data storage engine. Responsibilities: • Building new systems with ASP.MVC , ASP.NET , SQL Server 2008/ 2012 , EntityFramework and Linq • Developing new functionality on our existing software products • Leading/mentoring IT staff and sharing knowledge through knowledge-sharing presentations • Participating in a small, experienced, energetic development team. Requirements: • Solid knowledge of C# and .NET Framework, OOP concepts, algorithms and data structures – minimum 4 years of experience • Web development experience (ASP.MVC ,ASP.NET, Java script, AJAX, CSS, JSON, JQUERY); - minimum 4 years of experience • Very good knowledge of T-SQL and relational database design; - minimum 4 years of experience • Graduate of Computer Science/Cybernetics/Information Technology/Electronics College; • Fluent in English; • Ability and willingness to work as part of a team of developers; • Learning oriented person. Additional advantage: • Active Reports, SQL Reporting Services • Java & Install Shield knowledge • Active Directory knowledge • Knowledge of WCF Web Services, WCF Data Services Bestjobs: Application Developer la S.C. KPMG ROMANIA SRL, BUCURESTI - BestJobs Cine e interesat imi poate trimite CV-ul ca sa ajunga mai repede unde trebuie.

Parca aveai nevoie de DVD/USB bootabil cu Windows pentru asta.

Bla bla... Bootezi din orice distributie Live de Linux, si in partitia de Windows inlocuiesti din System32 Utilman.exe cu cmd.exe. Bootezi in Windows si apesi pe butonul din stanga jos si esti "NT Authority\System". User add + localgroup administrators sau schimbi parola de admin local si gata.

It's alive!

Fa ceva ce iti place, orice. Alege ceva de care esti pasionat. Scrie despre ceva despre care tu vrei sa inveti mai multe. Poti sa scrii de exemplu si despre "Securitatea sistemelor pornografice internationale" daca vrei.

You misspelled "nachos". On: Mobile security, root/jailbreak, Windows Phone...

[TABLE=width: 100%] [TR] [TD]Junior Information Security Engineer Position summary: Member of the Information Security team in Shared Services Platforms Operations, the successful candidate responsible for ensuring that all services operated by SSPO have appropriate security controls and that all information security risks and events are promptly reported and brought under governance. The main responsibilities are: - Information Security capabilities improvement and maintenance up to new tools development - Technical Information Security assessments, including penetration testing - Project management for information security projects - Information Security incident management - Providing advice and expertise on Information Security matters Skills, education and experience: Technical skills: - In-depth TCP-IP stack knowledge is required - Good scripting skills (at least Bash, ideally Python too) and a working knowledge of web development and technologies are required - Good (Linux) system administration knowledge, including secure configuration/hardening is required - Understanding of cloud computing and virtualization solutions is required - Entry-level Information security knowledge is needed, combined with a strong willingness to learn more - Experience with implementing and operating open source security solutions (like IDS/IPS, WAF, SIEM, honey pots, vulnerability scanners, etc.) is desirable A successful candidate should also be: - Fluent in English (mandatory), with French as a plus - Passionate about security and eager to learn (continuous learning and certifications will be part of the job) - Willing to step out of his/her comfort zone and go the extra mile - Good with people (i.e. have communication and persuasion skills) Education and experience: - A Computer Science / Telecom Bachelor’s degree is required - An information security master degree (completed or in progress) is desirable - Information security certifications such as CompTIA Security+, OSCP, C|EH, CISSP, SSCP, GPEN, GCIA, GISP, or C)PTE are a big plus - Hands-on Information security experience is desirable, but not mandatory Via (OWASP): Junior Information Security Engineer la Orange Romania SA, BUCURESTI - BestJobs [/TD] [/TR] [/TABLE] Daca sunteti interesati imi puteti da si mie CV-ul sa ajunga la cineva de acolo.

Genial. Bine, din cate imi aduc aminte nu sunt singurii care au patit astfel de lucruri.

Asta imi aduce aminte de campania pulii de pe Facebook: "Imbratiseaza un maghiar". Eu sunt de acord cu ea. Si eu as dori sa imbratisez un maghiar. Mort.

Unii fac downloadere, altii fac doar trolling.

Skills Required: - Experience with C programming on Linux/Unix environments - Experience in embedded software development, preferably for network equipments - Experience with cross compilers, debuggers, etc. - Good understanding of Ethernet and IP networking - Familiarity with SVN(or similar) and GNU tools - Knowledge of RTOS application development (VxWorks / NetBSD / Linux) - Understanding multi-process system software architectures - Experience with one or more of the following: POSIX threads, SNMP, XML - Shell Scripting - Perl, Python, PHP, HTML Cine vrea detalii sa imi dea PM.

Crezi tu? Sigur nu e de la salariu? Eu auzisem ca ar fi cam zgarciti.

Upgrade your DLL to Reflective DLL February 26, 2015 Ionut Popescu If you want to execute code stealthily on a machine and the antivirus stands in your way, you should think about avoiding the disk because this is the place where the antivirus reigns.In this scenario, you might find it useful to execute a DLL directly inside the address space of a running process without touching the disk. This will bypass the AV in a stealthy and powerful way.To achieve this, all you need to do is upgrade your DLL to Reflective DLL. Introduction The antivirus can sometimes be a significant problem during a penetration test in the post-exploitation phase. For dealing with this issue, several strategies have been proposed: making use of the command line / PowerShell executing a program (EXE) from memory executing a DLL from memory Sometimes the command line interface is severely limited.Also, by executing a program from memory you may still run into problems with the antivirus; you might get away with it by making use of a crypter (a tool that encrypts an executable, decrypting it during execution and executing it from memory) but most of them are detectable.Thus, you may find it useful to use a DLL instead of an EXE to do your job. Articol complet: Upgrade your DLL to Reflective DLL – Security Café

Il folosesti intr-un exploit.

Cacat, nu merge sa o schimb

Antivirusi cocalari. Cum cacat sa faci "semnaturi" pe baza de Mutex?

Sa ma slobozesc pe jegul lor de client. A fost foarte ok la inceput, dar apoi au inceput sa bage reclame, iar acum... Ca tot veni vorba, aveti si ceva sugestii de alternative? Eu am mai folosit BitTorrent parca, dar nici acela nu imi place. Voi ce mai folositi?

Frumoasa lista.