Nytro

Proiectul legii securitatii cibernetice a Romaniei: Furnizorii de internet si telefonie trebuie sa permita accesul la datele clientilor catre reprezentantii SRI, MApN, MAI, ORNISS, SIE, STS, SPP, CERT-RO si ANCOM 'la solicitarea motivata' a acestora de Adrian VasilacheVineri, 6 iunie 2014, 12:37 etinatorii de infrastructuri cibernetice (n.a toti furnizorii de internet si telefonie) trebuie sa permita accesul la datele detinute, relevante în contextul solicit?rii, reprezentantilor Serviciului Român de Informa?ii, Ministerului Ap?r?rii Na?ionale, Ministerului Afacerilor Interne, Oficiului Registrului Na?ional al Informa?iilor Secrete de Stat, Serviciului de Informa?ii Externe, Serviciului de Telecomunica?ii Speciale, Serviciului de Protec?ie ?i Paz?, CERT-RO ?i ANCOM la "solicitarea motivata" a acestora. Dispozitia apare in proiectul Legii securitatii cibernetice a Romaniei, initiat si adoptat de Guvern in 30 aprilie, si dezbatut acum in Parlament. Dispozitia din proiectul de lege a fost semnalata initial de juristul Bogdan Manolea pe blogul sau: Drept & Internet - noutati si opinii. Iata ce prevede articolul 17 din acest proiect legislativ: Art. 17 - (1) Pentru realizarea securit??ii cibernetice, de?in?torii de infrastructuri cibernetice au urm?toarele responsabilit??i: a) s? acorde sprijinul necesar, la solicitarea motivat? a Serviciului Român de Informa?ii, Ministerului Ap?r?rii Na?ionale, Ministerului Afacerilor Interne, Oficiului Registrului Na?ional al Informa?iilor Secrete de Stat, Serviciului de Informa?ii Externe, Serviciului de Telecomunica?ii Speciale, Serviciului de Protec?ie ?i Paz?, CERT-RO ?i ANCOM, în îndeplinirea atribu?iilor ce le revin acestora ?i s? permit? accesul reprezentan?ilor desemna?i în acest scop la datele de?inute, relevante în contextul solicit?rii; Proiectul de lege are urmatoarea definitie pentru infrastructuri cibernetice: infrastructuri cibernetice - infrastructuri din domeniul tehnologiei informa?iei ?i comunica?iilor, constând în sisteme informatice, aplica?ii aferente, re?ele ?i servicii de comunica?ii electronice; Proiectul Legii securitatii cibernetice a Romaniei a fost adoptat in sedinta Guvernului din data de 30 aprilie, in aceeasi zi in care a fost scos in dezbatere publica pe site-ul Ministerului pentru Societatea Informationala (MSI). Proiectul a fost inregistrat la Camera Deputatilor in data de 27 mai 2014. Comisia pentru ap?rare, ordine public? ?i siguran?? na?ional? si Comisia pentru tehnologia informa?iei ?i comunica?iilor au avut termen de depunere amendamente data de 3 iunie 2014, iar in 10 iunie 2014 au termen pentru depunere raport. Potrivit proiectului Legii securitatii cibernetice a Romaniei, detinatorii de infrastructuri cibernetice, furnizori de servicii de internet, au obligatia de a-si notifica, de indata, clientii, persoane de drept public si privat, in situatiile in care sistemele informatice utilizate de acestia au fost implicate in incidente sau atacuri cibernetice si de a dispune masurile necesare in vederea restabilirii conditiilor normale de functionare. Nerespectarea acestei obligatii constituie contraventie si se va pedepsi cu amenda de la 500 la 5000 de lei. Cheltuielile firmelor private legate de executarea dispozitiilor acestei legi vor fi deductibile fiscal in conditiile si cuantumul stabilit de Ministerul Finantelor Publice. Pentru detalii privind acest proiect, citeste si: UPDATE Proiectul Legii securitatii cibernetice a Romaniei: Furnizorii de servicii de internet risca amenzi de pana la 5000 lei daca nu-si notifica, de indata, clientii in cazul incidentelor sau atacurilor cibernetice Sursa: ?Proiectul legii securitatii cibernetice a Romaniei: Furnizorii de internet si telefonie trebuie sa permita accesul la datele clientilor catre reprezentantii SRI, MApN, MAI, ORNISS, SIE, STS, SPP, CERT-RO si ANCOM 'la solicitarea motivata' a acesto

UK wants to imprison hackers for life Life terms sought for hacks causing death, injury, or damage to national security. by David Kravets - June 5 2014, 6:28pm GTBDT The UK government is mulling life sentences for hackers whose attacks have catastrophic consequences. The proposal, outlined in the Queen's speech Wednesday, would update the Computer Misuse Act and impose life terms for those convicted of "cyberattacks which result in loss of life, serious illness or injury or serious damage to national security, or a significant risk thereof." The Guardian said the plan would also increase maximum sentences for industrial espionage from 10 to 14 years. It's conceivable that a hacker in the US could get a life term, too, although no individual statute carries that penalty. The longest sentence ever given to a hacker in the US was 20 years—Albert Gonzalez was sentenced in 2010 in Boston after being convicted of leading a conspiracy that hijacked more than 90 million credit and debit card numbers from TJX and other retail outlets. Sursa: UK wants to imprison hackers for life | Ars Technica

Pagubele provocate de Edward Snowden NSA sunt mai mici decât s-a estimat de Lumini?a Bogdan Fostul consultant al NSA, Edward Snowden, nu pare s? fie luat chiar atât de multe documente de la Agen?ia american? pentru Securitate Na?ional? cât s-a crezut ini?ial, potrivit cotidianului The Washington Post. Pagubele sunt înc? importante, dar ''se pare c? el n-a luat atât de multe'' documente cât s-a crezut ini?ial, a declarat directorul serviciilor americane de informa?ii, James Clapper, citat de cotidianul The Washington Post. Fostul consulant al NSA Edward Snowden a declan?at un scandal la nivel mondial, dup? ce oferit presei zeci de mii de documente care dezv?luie amploarea supravegherii efectuate de Agen?ia american? pentru Securitate Na?ional?. ''Suntem pe punctul de a verifica, dar credem c? multe documente pe care le-a consultat n-a putut s? le descarce", a declarat Clapper. "Exist? lucruri pe care noi credeam c? le ob?inuse ?i acum se pare c? nu le-a ob?inut", a ad?ugat el. Potrivit The Washington Post, aceast? analiz? contrasteaz? cu scenariul ini?ial catastrofal conturat de comunitatea de informa?ii din SUA, care a sugerat c? Snowden, între timp inculpat pentru spionaj, "ar fi compromis re?elele de comunicare care formau sistemele de comandament ?i control militar". La un an dup? primele dezv?luiri în cotidianul britanic The Guardian, la 5 iunie 2013, detaliile continu? s? apar? în acest caz. Cotidianul The New York afirma, duminic?, pe baza documentelor oferite de Snowden, c? NSA recupereaz? fotografiile unor persoane pentru a le folosi în programele de recunoa?tere facial?. Sursa: Pagubele provocate de Edward Snowden NSA sunt mai mici decât s-a estimat - Mediafax

Vodafone DEZV?LUIE date despre intercept?rile din anumite state de Marius Oncu - Mediafax Vodafone a dezv?luit vineri existen?a unor conexiuni directe ale agen?iilor guvernamentale la re?elele grupului, care permit interceptarea conversa?iilor în unele dintre ??rile în care opereaz?, îns? pentru România ?i alte câteva state nu a putut prezenta informa?ii fiind interzis de legisla?ie. Conexiunile agen?iilor guvernamentale na?ionale sunt utilizate la scar? larg? în multe dintre cele 29 de ??ri care au avut pe parcursul anului trecut acces la re?eaua grupului, inclusiv în baza unor mandate, a afirmat grupul, într-un raport care rupe t?cerea asupra utiliz?rii la scar? tot mai larg? de c?tre autorit??i a intercept?rilor re?elelor telefonice ?i de transmisie de date pentru a spiona proprii cet??eni, scrie publica?ia britanic? The Guardian. Agen?iile au instalat conexiuni directe la re?eaua Vodafone ?i a altor operatori telecom, ceea ce le permite s? asculte ?i s? înregistreze live conversa?ii, iar în anumite cazuri s? localizeze persoanele. În România, Albania, Egipt, Ungaria, India, Malta, Qatar, Africa de Sud ?i Turcia este interzis? dezv?luirea oric?ror informa?ii legate de interceptarea convorbirilor telefonice ?i mesajelor, inclusiv dac? astfel de capabilit??i exist?. "Este înfior?tor ca guvernele s? poat? accesa convorbirile telefonice cu simpla ap?sare a unui buton", a declarat directorul organiza?iei Liberty, Shami Chakrabarti, citat de cotidianul britanic. În circa ?ase din ??rile în care Vodafone opereaz?, legea oblig? operatorii telecom s? instaleze conexiuni directe de acces sau s? permit? autorit??ilor s? fac? acest lucru. Grupul nu a nominalizat statele, întrucât unele dintre acestea ar putea r?spunde prin contram?suri incluzând arestarea unor angaja?i. Sistemele directe de acces nu necesit? mandate, iar companiile nu au informa?ii despre identitatea sau num?rul clien?ilor viza?i. Supravegherea în mas? poate avea loc pe orice re?ea, f?r? ca autorit??ile s? fie nevoite s? se justifice companiilor. "Acestea sunt scenariile de co?mar pe care le imaginam. Nu a? fi crezut niciodat? c? operatorii telecom sunt complici în asemenea m?sur?. Este un pas curajos al Vodafone ?i sper?m ca ?i alte companii s? prind? mai mult curaj în privin?a dezv?luirilor, dar ceea ce avem nevoie este s? fim noi mai curajo?i ?i s? lupt?m împotriva cererilor ilegale ?i chiar a legilor", a declarat Gus Hosein, director al organiza?uei Privacy International, care a dat în judecat? guvernul britanic pentru intercept?ri în mas?. ?eful diviziei Vodafone pentru informa?ii cu caracter personal, Stephen Deadman, a admis existen?a conexiunilor directe folosite de autorit??i pentru intercept?ri. "Facem un apel pentru a pune cap?t accesului direct ca modalitate pentru autorit??i de a ob?ine date despre comunica?iile popula?iei. F?r? un mandat, nu exist? vizibilitate din exterior. Dac? primim o cerere, putem s? încerc?m s? ne opunem. Faptul c? autorit??ile trebuie s? emit? o hârtie reprezint? o limit? important? asupra modului cum este folosit? aceast? putere", a spus el. Grupul britanic a f?cut apel ca toate conexiunile care ofer? acces direct s? fie oprite, iar legile care le permit s? fie anulate. Toate ??rile ar trebui s? publice date despre num?rul de mandate emise, potrivit Vodafone. Acestea sunt de dou? tipuri - cele pentru con?inutul convorbirilor ?i mesajelor, precum ?i cele pentru metadate (date care descriu alte date - n.r.), care pot acoperi loca?ia utilizatorului unui dispozitiv, timpul ?i data comunica?iei, precum ?i persoanele cu care a comunicat. Cotidianul The Guardian a realizat un tabel în care a inclus la categoria metadate ?i mandatele pentru informa?ii precum nume ?i adrese. Informa?iile sunt pentru 2013 sau pentru cel mai recent an ?i includ date atât din raportul Vodafone, cât ?i disponibile de la autorit??ile na?ionale. Un singur mandat poate viza, îns?, sute de persoane ?i dispozitive, în timp ce o singur? persoan? poate fi ?inta mai multor mandate. Potrivit The Guardian, Malta este una dintre cele mai spionate ??ri din Europa. Vodafone a procesat 3.773 de cereri pentru metadate la o popula?ie de numai 420.000 de oameni. În Italia, unde activit??ile mafiei necesit? un nivel mai ridicat de supraveghere, grupul britanic a primit 606.000 de cereri pentru metadate, mai mult decât în oricare alt? ?ar?. Spania, unde autorit??ile au avut de luptat cu atacuri ale terori?tilor islami?ti ?i basci, Vodafone a primit peste 24.000 de mandate pentru con?inut. Agen?iile din Cehia au transmis aproape 8.000 de cereri pentru con?inut. Dup? Italia, Cehia este ?ara cu cea mai ridicat? accesare de metadate, vizate de 196.000 de mandate în cel mai recent an pentru care au fost publicate cifre. Tanzania, una dintre pu?inele ??ri africane în care activeaz? Vodafone, a emis 99.000 de mandate pentru metadate. Tabelul întocmit de cotidianul britanic noteaz? la România: "Este ilegal? dezv?luirea oric?rui aspect despre modul în care se efectueaz? intercept?rile". Sursa: Vodafone DEZV?LUIE date despre intercept?rile din anumite state. În România divulgarea este interzis? - Mediafax

[h=2]Romania digitala - sa dai cu subsemnatul la WiFi free si cartele pre-pay !?![/h] O propunere de lege de 5 articole adoptata de Guvernul Romaniei in 30 Aprilie 2014 care cere inregistrarea obligatorie a utilizatorilor de free WiFi si a cartelelor pre-pay a trecut in viteza super-sonica prin Senat, iar in Camera Deputatilor are termene de 2 zile pentru depunere amendamente si raport - ne arata adevarata fata a Romaniei digitale dorita de guvernantii nostri - un spatiu virtual in care sa dai cu subsemnatul pentru orice utilizare a tehnicilor de comuncatie si in care (prin noul proiect de lege privind securitatea cibernetica) datele sa fie accesibile direct si fara mandat de toate serviciile secrete si nesecrete. Intr-un stil traditional de ne-dezbatere publica (proiectul NU a fost transmis societatii civile si industriei inainte de adoptarea de guvern si niciuna din comisiile Senatului NU a fost interesata de alte opinii) riscam sa fie adoptate niste articole lacunare si care nu au niciun efect practic serios, in afara de limitarea drepturilor cetatenilor. Dar sa analizam mai in detaliu. Articol complet: Romania digitala - sa dai cu subsemnatul la WiFi free si cartele pre-pay !?!

OpenSSL Security Advisory [05 Jun 2014] ======================================== SSL/TLS MITM vulnerability (CVE-2014-0224) =========================================== An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC. The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi. DTLS recursion flaw (CVE-2014-0221) ==================================== By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This issue was reported to OpenSSL on 9th May 2014. The fix was developed by Stephen Henson of the OpenSSL core team. DTLS invalid fragment vulnerability (CVE-2014-0195) ==================================================== A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. Thanks to Jüri Aedla for reporting this issue. This issue was reported to OpenSSL on 23rd April 2014 via HP ZDI. The fix was developed by Stephen Henson of the OpenSSL core team. SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198) ================================================================= A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h. This issue was reported in public. The fix was developed by Matt Caswell of the OpenSSL development team. SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298) =============================================================================== A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h. This issue was reported in public. Anonymous ECDH denial of service (CVE-2014-3470) ================================================ OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack. OpenSSL 0.9.8 users should upgrade to 0.9.8za OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h. Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this issue. This issue was reported to OpenSSL on 28th May 2014. The fix was developed by Stephen Henson of the OpenSSL core team. Other issues ============ OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g. References ========== URL for this Security Advisory: http://www.openssl.org/news/secadv_20140605.txt Note: the online version of the advisory may be updated with additional details over time. Sursa: https://www.openssl.org/news/secadv_20140605.txt

Date: Wed, 04 Jun 2014 10:50:57 +0200 From: Giuseppe Iuculano <iuculano@...ian.org> To: oss-security@...ts.openwall.com Subject: CVE-2014-0476 chkrootkit vulnerability Hi, Thomas Stangner reported the following chkrootkit vulnerability. We assigned CVE-2014-0476 Cheers, Giuseppe -------- Original Message -------- Subject: Serious chkrootkit vulnerability Date: Sun, 25 May 2014 00:53:00 +0200 From: Thomas Stangner <thomas.stangner@...zner.de> Organization: Hetzner Online AG To: team@...urity.debian.org Hi, we just found a serious vulnerability in the chkrootkit package, which may allow local attackers to gain root access to a box in certain configurations (/tmp not mounted noexec). The vulnerability is located in the function slapper() in the shellscript chkrootkit: # # SLAPPER.{A,B,C,D} and the multi-platform variant # slapper (){ SLAPPER_FILES="${ROOTDIR}tmp/.bugtraq ${ROOTDIR}tmp/.bugtraq.c" SLAPPER_FILES="$SLAPPER_FILES ${ROOTDIR}tmp/.unlock ${ROOTDIR}tmp/httpd \ ${ROOTDIR}tmp/update ${ROOTDIR}tmp/.cinik ${ROOTDIR}tmp/.b"a SLAPPER_PORT="0.0:2002 |0.0:4156 |0.0:1978 |0.0:1812 |0.0:2015 " OPT=-an STATUS=0 file_port= if ${netstat} "${OPT}"|${egrep} "^tcp"|${egrep} "${SLAPPER_PORT}"> /dev/null 2>&1 then STATUS=1 [ "$SYSTEM" = "Linux" ] && file_port=`netstat -p ${OPT} | \ $egrep ^tcp|$egrep "${SLAPPER_PORT}" | ${awk} '{ print $7 }' | tr -d :` fi for i in ${SLAPPER_FILES}; do if [ -f ${i} ]; then file_port=$file_port $i STATUS=1 fi done if [ ${STATUS} -eq 1 ] ;then echo "Warning: Possible Slapper Worm installed ($file_port)" else if [ "${QUIET}" != "t" ]; then echo "not infected"; fi return ${NOT_INFECTED} fi } The line 'file_port=$file_port $i' will execute all files specified in $SLAPPER_FILES as the user chkrootkit is running (usually root), if $file_port is empty, because of missing quotation marks around the variable assignment. Steps to reproduce: - Put an executable file named 'update' with non-root owner in /tmp (not mounted noexec, obviously) - Run chkrootkit (as uid 0) Result: The file /tmp/update will be executed as root, thus effectively rooting your box, if malicious content is placed inside the file. If an attacker knows you are periodically running chkrootkit (like in cron.daily) and has write access to /tmp (not mounted noexec), he may easily take advantage of this. Suggested fix: Put quotation marks around the assignment. file_port="$file_port $i" I will also try to contact upstream, although the latest version of chkrootkit dates back to 2009 - will have to see, if I reach a dev there. Keep up the good work, Cheers, Thomas Sursa: oss-security - CVE-2014-0476 chkrootkit vulnerability

Real life: WordPress < 3.6.1 PHP Object Injection - VaGoSec

Mai adaug eu o conditie. Sa fiti VIP.

The Art of Assembly Language Programming [TABLE=width: 615] [TR] [TD=width: 560, colspan: 6, align: left]The PDF version of "The Art of Assembly Language Programming" is a complete, high-quality version of the text. It is much easier to read and provides an excellent vehicle for printing your own copy of the text. However, to view and print PDF files, you will need a copy of Adobe's Acrobat reader program. You may obtain a free copy of this program for a wide variety of operating systems directly from Adobe.[/TD] [TD=width: 36][/TD] [/TR] [TR] [TD=width: 1][/TD] [TD=width: 16][/TD] [TD=width: 512, colspan: 5, align: left]If you have installed Adobe Acrobat Reader, clicking on the following links should automatically bring up the PDF version of the specified chapter.[/TD] [TD=width: 48][/TD] [TD=width: 36][/TD] [/TR] [TR] [TD=width: 1][/TD] [TD=width: 16][/TD] [TD=width: 16][/TD] [TD=width: 224, colspan: 1, align: left] Short Table of Contents Long Table of Contents Forward Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 [/TD] [TD=width: 16][/TD] [TD=width: 256, colspan: 2, align: left] Chapter 15 Chapter 16 Chapter 17 Chapter 18 Chapter 19 Chapter 20 Chapter 21 Chapter 22 Chapter 23 Chapter 24 Chapter 25 Note: Appendix A is non-existant Appendix B Appendix C Appendix D Index [/TD] [/TR] [/TABLE] Sursa: Art of Assembly Language, PDF Files

Nu mi se pare nimic critic: https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf

Coding Principles Every Engineer Should Know Throughout my engineering career, I’ve had the opportunity work alongside and learn from many incredibly talented people, solve some serious technical challenges, and scale several successful companies. Recently, I was talking with the engineering team at Box about what I’ve learned along this journey, and what came out of that conversation were my personal engineering principals. These aren’t rules or engineering guidelines. They’re simply the principles that I pay attention to when I write and operate code. Be paranoid. This one comes naturally to me. Since I’m mostly self-taught as a programmer, I never trust computers. I never trust that the system I just launched is really up. That the bug I fixed is really fixed. That code really does work the way I think it does without a test. I don’t trust anything. I don’t even trust myself! I never trust that I understand anything as well as I think I do until I check more than once. Paranoia is my friend, and it should be your friend, too. Always try to find a way to test assumptions along some other path, or get a second set of eyes to see what you’ve missed. Most of the time it’s not needed. Sometimes it’s really important. Don’t lie to the computer. Another way to say this is “avoid leaky abstractions.” Don’t use systems in ways they’re not meant to be used. Don’t count on side effects. Don’t do things that won’t be obvious to the next person because the system wasn’t designed for them or they’re undocumented. If usage is three orders of magnitude more than current usage, then you should probably rethink the design. If the contract implies, but doesn’t guarantee, your use, you should change the component and the contract to be aligned. Computers are nasty things. They always bite when lied to, eventually. Keep it simple. We like building things and solving problems. That’s why we do what we do. But a lot of the time, just because we can see a problem that could be solved, doesn’t mean it’s useful to solve it right now. I always think of myself as a fairly dumb programmer?—?I like clean, simple designs that are easy to understand. And this is a high challenge?—?anyone can solve a problem in a complex way, but only good programmers can solve problems in simple, understandable ways. It’s much harder to really think through the problem and solve only what needs to be solved in a simple, robust manner. Making yourself understood is the most important thing. Most time in code is spent maintaining, not creating. First rule of optimizing: don’t. This is from a good book by John Bentley called Programming Pearls. (It’s explicitly meant to help you learn to think like an experienced programmer. It may be an old book but most of the lessons are incredibly relevant today.) Optimization can take many forms: speed, future-proofing, potential scale, possible uses, etc. The problem is, most optimization is ultimately never used, and, more or less by definition, optimization makes designs more complicated. So, first rule of thumb is don’t optimize until it’s really clear that you understand the problem completely. (His second rule: “don’t optimize, yet.” Meaning, even if you do understand it, don’t optimize until you really need to.) Don’t just fix the bug; fix all possibility of it ever happening again. Don’t be sorry if you made a mistake?—?be angry and make it something you never have to think about again. I hate bugs. I hate systems that let me create bugs. I hate it when my own software lets my fragile human brain down and I create a bug that could have been avoided. And I really, really hate fixing the same bug twice. So I try as much as I can, every single time I fix a bug, to think about the following: where else might this bug be happening now? Where might it happen in the future? What are the adjacent patterns that create similar bugs? And how can I kill all the bastards at once, right now? Question assumptions constantly. Because I have spent most of my time in my own startups, I’ve gotten in the habit of asking myself constantly “Why am I doing this? What problem does it solve? Is there a better way? Is there something else I could do instead that’s more important?” You should have that attitude all the time. Constantly be questioning the assumptions given to you. What’s the real problem you’re solving? Did someone ask you to solve an effect rather than the root cause? Is the solution complete? Over-complete? Is the impact worthwhile? Think long term. Slow down, it goes faster. This might be one of the most important ones. It’s easy to hack things out. As engineers, we like efficiency; we like to build as many things as we can. But if we don’t build for the long term, eventually it gets harder and harder to build anything. Sometimes we don’t understand the problem at first and we write code that we later have to back out. Sometimes we do things that are easy for our local problem, but make things worse or harder for someone else or for a larger problem. Sometimes we rush and don’t finish the design, and this causes much more time later on for someone to fix. Sometimes we don’t bother to write it the right way, we just make a copy or hack something in because we’re under time pressure or don’t want to really think it through. I’ve seen all these things too many times. Others have said this better than I have. But I’ll repeat?—?the goal is building the largest number of great features, reaching the largest number users over time. The area under the curve for a given day doesn’t add much, no matter how much gets done on that day, relative to all the days added together. Think long term. Care about your code. I guess this one doesn’t need much explanation, but it’s still something I see people missing from time to time. Take pride in your work! Care about the code you produce! I usually think of my poor future self, having to deal with my crappy code, when I’m tempted to be lazy and cut a corner. You don’t have to take this to an extreme?—?I used to joke at Google that other engineers treated their code like a pet, where my relationship with mine was more like a ranchers?—?pragmatic, not sentimental. But even still, I always hate it if my code isn’t well designed, doesn’t work well, isn’t readable, all that stuff. Cheap, fast, right?—?pick two. This is the iron triangle of software. This is the way the world of software engineering works. But it’s not an excuse for complacency. In fact, this is your opponent every single day. The difference between good and great programmers is often measured in how well they navigate the iron triangle. And really great ones find ways to bend it and get some of all three, more often than not. Try to be that kind of programmer?—?can you find a more elegant design that’s faster to build and is still right? Can you relax some constraint in the spec to get to the goal more quickly? You might not always be able to do that; in fact, you won’t beat the triangle. But if nothing else, make sure you understand what compromise you are choosing, and why, and that it’s the right one for the current situation. Conclusion: Be curious. Learn as much as you can, all the time. Okay, this one is more career advice than anything else. But if you’re not curious and don’t really care that much about learning new things as an engineer and don’t care about new tech or new languages or new ideas, then why are you here? By no means are my principles perfect or an absolute representation of thinking/acting like a successful engineer, but I’m willing to bet there’s a fair amount of overlap with what others might be thinking. I’d love to hear your thoughts. Written by Sam Schillace Sursa: https://medium.com/on-coding/coding-principles-every-engineer-should-know-b946b48cc946

Bucuresti Bookfest

Jegosilor, care ati fost? Muie _|_

De ceva timp: https://www.demonoid.ph/

[h=1]Aparatele se blocheaz?, iar astronau?ii au senza?ii stranii: ce este „Triunghiul Bermudelor spa?ial”, care produce aceste fenomene ciudate?[/h] Unele vehicule spa?iale, precum telescopul spa?ial Hubble, au fost proiectate astfel încât instrumentele delicate de la bordul lor s? închid? la trecerea prin zon?, pentru a evita defectarea lor. Unele defec?iuni ap?rute la sateli?ii re?elei Globalstar sunt atribuite tot trecerii sateli?ilor prin aceast? regiune. Se crede c? tot radia?iile puternice din aceast? regiune ar fi cauza fosfenelor (un fel de scântei sau „stele zbur?toare” care apar în câmpul vizual) raportate de astronau?i. Link: Aparatele se blocheaz?, iar astronau?ii au senza?ii stranii: ce este „Triunghiul Bermudelor spa?ial”, care produce aceste fenomene ciudate?

Da, nu prea ai ce ii face Si versiunea Desktop e "safe". Uite cateva detalii: https://rstforums.com/forum/85016-windows-7-security-features.rst Cateva idei: - pe Desktop nu prea ai limitari la ce poate face un program (desi nu ar fi o idee rea sa se implementeze asa ceva) - pe Desktop ai o flexibilitate mult mai mare in dezvoltarea aplicatiilor, de la exe la bat-uri si X limbaje de programare - daca consideram ca versiunea "Desktop" nu e "safe", atunci nici Linux-ul nu e "safe" deoarece la fel ca pe Windows, o aplicatie malitioasa e foarte usor de facut, de la executabile la "rm -rf"-uri A aparut Windows Phone mai tarziu, dar a avut timp sa invete si sa nu faca aceleasi greseli ca Android si iOS.

how to hack a windows phone In today’s how to we will be discussing on how to hack a Windows Phone 8. Every hacker should know about the internals of a device and operating system before he could attempt to compromise it. So lets try to understand the underlying hardware and OS security before we try to break it. To begin, we will try to compromise the hardware so that we can gain access to the hardware and then exploit the OS and ultimately take control of it or at least to steal data from it. Windows Phone employs UEFI Firmware Hardware at the very low level. In addition to that, every hardware which runs Windows Phone 8 OS has to be certified by Microsoft. Now when we say certified, it also means that all the hardware has to be signed and the chips will be burned with the keys from Microsoft. The “Trusted Boot Chain” component will make sure that all the signatures are in place and if they are valid before and during the process. Every program written in the silicon chip has to be signed including the BIOS, drivers etc. On top of these Windows Phone 8 device will also come with a TPM chip which means your encrypted data it is as good your Windows 7 & 8 PC. UEFI Windows Phone Lets see what are the options we have to break the security of the device. Hardware Now that we know all the components / programs are verified for the signature by the “Trusted Boot Chain”, why don’t we try to spoof the boot chain program itself with our own. If we are able to do that then we could easily make the device load our own components instead of the Windows Phone OS exploiting it completely naked. Though at the first look it is appears to be a very good idea, unfortunately all the hardware chips which can’t or can be overwritten comes with something called an efuse. The moment when you are trying to write something in these chips without a valid signature which will be there only with Microsoft and the device manufacturer, the efuse will trip. Once the efuse trips off, the boot loader will not be able to boot up your device. Congratulations! now you have a phone which is officially no better than a brick. For a moment even if we assume that you somehow fooled the efuse, the device still wont boot up just because you don’t have a valid key. Operating System Windows NT kernel it is. The Redmond guys have made sure that its sturdy enough. Windows NT kernel along with “Code Signing” makes a killer shield that you will not be able to penetrate. If you think you can get the control of the kernel using some code, wait till you read the “Malicious Code” section. For now lets think about the Windows Phone updates. Windows Phone does do regular updates just like your PC so what if we can trick the windows phone to install my program? Unfortunately the windows phone is programmed to get the updates only from the Microsoft update servers and no other place. Still its no big deal because I can always trick my network to believe some malicious hardware / software as the update server. Sadly, the update will again need the code signing process to pass. You can never break through it unless you are hacking into the Microsoft update server; definitely not a great plan. Storage How about the internal storage itself? Why don’t we break the phone take out the internal storage and may be at least try to steal the data? But wait, the storage again uses a 128 bit Bitlocker for encryption. The drive remains encrypted until the boot loader performs the job completely. The TPM chip which comes with the hardware is the one which manages the key for the encryption which means that once the disk is outside the hardware, you will need the 128 bit recovery key to break in the data. The storage behaves the same way as what your bitlocked hard drive behaves. Brute force opening a encryption is a very well known procedure to break encryption however its impossible when it comes to a 128 bit encryption. So to understand the quantum of complexity, lets assume that you have 10 million computers where every computer can process 100 billion keys per second (higher than 100GHz) and if you put them all together to crack the key, it will take 1013 years to find the key which is longer than the age of universe itself. If you are thinking of trying the PIN instead, you can always configure your phone to automatically wipe after a amount of incorrect tries. Some people try to snoop the data from the disk after it is wiped because it is easier that way since it wont have any encryption constraints. Luckily for the user what Windows Phone, it never decrypts the data but it wipes the encrypted data along with the key. You can be pretty sure that not even NSA can retrieve them. Malicious Code We have now almost come to the last and the mot favorite resort of a hacker. Most the hackers disassemble the system instructions and try to inject or alter the commands in the memory location. However the app model which windows phone function is always a sandbox, which means the app will have its own area where it can execute store data and perform actions. Windows Phone with the advantage of Code Signing will sign the apps based on the feature set they are allowed to access. E.g.) If a program does not have a valid signature to access the Camera, it wont be able to. This is true for any feature or hardware access in the device. So even for a moment if we assume that you are able to try writing something into the system memory location of the phone, the “Code Signing” will invalidate the program and unload it immediately. Starting from the phone to your protected mail message, everything is safe in Windows Phone 8. More information on the security of Windows Phone can be found at http://www.windowsphone.com/en-US/business/security-us This how to is written based on Windows Phone 8. Actual functionality might differ from device to device. Some features may not be available with pre-Windows Phone 8. Sursa: how to hack a windows phone | how to windows phone

E doar o colectie de metode de anti-debug. Daca e folosita la un proiect, persoana care face reverse engineering trebuie sa se fereasca de toate metodele pentru a putea face linistit reverse engineering.

This is a blog by Szymon Sidor. Its original purpose was to present nontrival Computer Science and Mathematical problems in an accessible way, but it evolved and now diverse topics are covered. Thursday, May 22, 2014 Exploring limits of covert data collection on Android: apps can take photos with your phone without you knowing. SHORT VERSION: Android apps can take photos with your phone in background phones without displaying any notification and you won't see the app on the list of installed applications. App can send the photos over the internet to their private server. You can also find video with demo in this post. Introduction I discovered this almost by accident while doing a team project for a Computer and Network Security course at my university. The project suggested by college of mine (Predrag Gruevski) was mostly about using cameras on PC's without turning on indicator light. There were already promising findings in this field (iSeeYou paper discussed doing so on old Mac models). Since the project was relatively general each of member of our team took different approach. I initially started with low-level USB hacking, but despite genuine efforts I found nothing really interesting. Further experiments seemed really boring to me, because they in general involved trying various different cameras and hours of starting at LED light hoping the camera light won't blink. I switched my focus to Android. Initial research was promising. There are many apps on Play Store (if you are iPhone user think App Store) that aim at taking pictures without any visual indication (ACLU-NJ Police Tape, Mobile Hidden Camera and more) but from what I found all of them require app activity to be visible and phone screen to be on. Some of them manage to record video without visible preview. Technical Details What I wanted is to take pictures without user knowing, but at any time, not only when the app is on. I started googling and first thing that I found is that using Camera technically requires a preview to be displayed on screen in order to take video, but background services do not have associated visible activity. But let's not get discouraged an keep trying. I wrote a small camera app for my Nexus 5. My first approach was to create a View object that is not attached to any activity and feed preview to that object. That fails (I literally get "take picture failed" exception). The I remembered something that later turned out to be very relevant. Facebook messages draws to the UI, even when the app is not technically running: This turned out to be indeed the right track. I attached preview to the screen from the background service and indeed I was able to take a photo! This is not yet ideal - the preview is visible on the screen user can clearly see that something is going on. But then I tried to remove it. Here's a list of approaches: Make preview invisible - failed: Android just ignores this setting for preview Make preview transparent - failed: Android just ignores this settings for preview Cover preview by another view - partially failed: the view on top is still obstructing the screen Make preview 1x1 pixel - successful The result was amazing and scary at the same time - the pixel is virtually impossible to spot on Nexus 5 screen (even when you know where to look)! Also it turned out that even if you turn the screen completely off, you can still take photos, as long as the pixel is still there. Demo If you cannot see this video here's a direct link: How can you protect yourself form malicious apps? If you are as disturbed by this find as I am you will start asking what can we do to avoid such situations. The bad news is that it's kind of a cat and mouse game - no matter how hard you try attackers can find more ways to obfuscate malicious activity. The good news is there are some ways that seem (at least given my current knowledge hard to circumvent: Pay attention to permissions (for example does Simple Notepad* really need access to your camera?) Keep your Google Account secure - if somebody can access your Google account they can install apps on your phone remotely without you approving it! Set up two step verification. Change your password from time to time. Set up secure password. Uninstall unused apps. High battery consumption (settings -> battery), and high bandwidth (settings -> data usage) are potential culprits Look at the background services that are running (settings -> apps -> running) - does Simple Notepad* really require background service Swiping app out of application list does not switch off background services (if you want to completely switch it off go to App Info (long press app icon inside menu and drag it to app info section) and click force stop - this ensures no background services are running. *Simple Notepad is a made up example - I am not referring to any app in particular. (hopefully constructive) criticism of Android design decisions Let me start by the fact that I really like Android SDK (maybe except the fact that it's Java - but I understand the logic behind that decision). It's nice because it gives a developer a lot of power. There are just some things that are possible on Android that simply would not be possible on other platforms. However given the fact that privacy is recently more and more of a growing concern, it would be nice to adjust accordingly. In my opinion privacy can be achieved by transparency without sacrificing comport. I could imagine use cases where I want app to take photos from background service. But I think it's inexcusable that user is not notified about this face. Android has a very nice notification bar. Users are very used to it. Why not make a use of it here. Same goes for sounds recording location recording etc. Another thing I think Android team should look into is modern security research. There's lot of ways of using data without direct access. Very simple example would be that can send emails to users without learning their email address - with Google acting as a intermediary. All of those suggestions can be summarized in on sentence - please put more effort into ensuring users' privacy. Szymon Sidor at 1:48 AM

Pwners

Bypassing SSL Pinning on Android via Reverse Engineering Denis Andzakovic – Security-Assessment.com 15 May 2014 Table of Contents Bypassing SSL Pinning on Android via Reverse Engineering ......................................................................... 1 Introduction .................................................................................................................................................. 3 Tools Used ..................................................................................................................................................... 3 The Victim ..................................................................................................................................................... 3 The Approach ................................................................................................................................................ 4 Reversing ....................................................................................................................................................... 5 Retrieving and Disassembling the APK ..................................................................................................... 5 Patching .................................................................................................................................................... 6 Patch at class instantiation ................................................................................................................... 6 Patch the Class ...................................................................................................................................... 7 Hijacking the Keystore .......................................................................................................................... 8 Repacking and Running ........................................................................................................................... 10 Tricks ........................................................................................................................................................... 11 Information in Stack Traces .................................................................................................................... 11 Decompiling into Java Code .................................................................................................................... 12 References .................................................................................................................................................. 12 Download: http://www.exploit-db.com/wp-content/themes/exploit/docs/33430.pdf

Linux x86 Reverse Engineering Shellcode Disassembling and XOR decryption Harsh N. Daftary Sr. Security Researcher at CSPF Security Consultant at Trunkoz Technologies info@securityLabs.in Abstract: Most of the Windows as well as Linux based programs contains bugs or security holes and/or errors. These bugs or error in program can be exploited in order to crash the program or make system do unwanted stuff. A code which crashes the given program is called an exploit. Exploit usually attack a program on Memory Corruption, Segmentation Dump, format string, Buffer overflow or something else. Now exploit's work is just to attack the bug but there is another piece of code attacked with the exploit called as Shellcode whose debugging and analysis we will understand in this paper. Download: http://www.exploit-db.com/wp-content/themes/exploit/docs/33429.pdf

SpiderFoot 2.1.4 released From: Steve Micallef <steve () binarypool com> Date: Mon, 28 Apr 2014 10:34:40 +0200 Hi all, SpiderFoot 2.1.4 is now available, and will be the last enhancement release on the 2.1 branch as I focus on 2.2. SpiderFoot is an open source footprinting and intelligence gathering tool, written in Python and runs on Linux, *BSD and Windows. Since 2.1.0 was announced here in January, the following enhancements have been implemented.. - Integration with: - SHODAN - VirusTotal - AlienVault IP Reputation DB - projecthoneypot.org - nothink.org - autoshun.org - isc.sans.edu - openbl.org - SORBS and a bunch more... - PasteBin searching - Zone-H.org defacement look-up - TOR exit node check - Whole bunch of DNS-based functionality - Extracts meta data from PDF, DOCX, PPTX and XLSX files - Identifies human names in content - Finds associated Facebook, Google+ and LinkedIn profiles - SOCKS proxy support - Real-time scan status UI - Bug fixes and smaller miscellaneous enhancements Website: SpiderFoot - The Open Source Footprinting tool GitHub: https://github.com/smicallef/spiderfoot Twitter: https://twitter.com/binarypool Feel free to mail me any questions, enhancement requests or general feedback. Thanks, Steve Sursa: Penetration Testing: SpiderFoot 2.1.4 released