Nytro

Putina motivare: cine pica bacul are ban :->

[h=1]$200 Million Cybercrime Forum Disabled; 11 People Arrested[/h]By: Bianca Stanescu Vietnamese and UK police arrested 11 people and disabled a cybercrime forum that facilitated more than $200 million worth of credit card fraud, according to a press release by the Serious Organized Crime Agency. The forum Mattfeuter.ru had about 16,000 members and sold more than a million credit card numbers that were leaked after hacking and fraud. Three of the people arrested in the UK were “significant” users of the illegal forum. Police also caught 23 year-old Duy Hai Truong, a suspected ring leader from Vietnam. “One of the world’s major facilitation networks for online card fraud has been dismantled by this operation, and those engaged in this type of crime should know that that they are neither anonymous, nor beyond the reach of law enforcement agencies,” said Andy Archibald, interim deputy director of SOCA’s National Cyber Crime Unit. Mattfeuter members gained access to the website through a secure login, then specified the quantity and type of credit card data they wanted. Users were also able to check if the information they were buying was usable, and had discounts for bulk purchases. The operation was led by the Vietnamese High-Tech Crime Unit, the Criminal Investigation Division of the Ministry of Public Security of Vietnam, SOCA, the UK’s Metropolitan Police Central e-Crime Unit, and the FBI. According to Police, other arrests may soon follow. Sursa: $200 Million Cybercrime Forum Disabled; 11 People Arrested | HOTforSecurity

Cinci mituri despre intercept?rile telefonice în România. Cum urm?resc procurorii e-mail-urile ?i discu?iile de pe Facebook ale românilor de Biro Attila Publicat la: 08.06.2013 11:00 Dac? în Statele Unite presa relateaz? cu stupoare despre scandalul PRISM legat de interceptarea comunica?iilor de pe Internet, în România procurorii folosesc cu succes astfel de date ca probe în dosare penale. În ?ara noastr?, interceptarea con?inutului unui e-mail se face la fel de u?or ca interceptarea unei convorbiri telefonice. Pe lâng? e-mail-uri, procurorii utilizeaz? deseori fapte ?i date ob?inute legal despre localizarea unor inculpa?i. O astfel de prob? a fost utilizat? în dosarul Valiza. În acest context, gândul v? prezint? modalit??ile de interceptare folosite de autorit??ile române, precum ?i cinci mituri despre aceste instercept?ri. E-mail, Facebook sau Mesenger, la fel de u?or de interceptat ca telefonul Potrivit speciali?tilor consulta?i de gândul, interceptarea e-mail-urilor, a comunic?rilor pe Facebook sau a altor tipuri de comunica?ii desf??urate pe Internet se face la fel de simplu precum intercept?rile convorbirilor telefonice. Ba mai mult, intercept?rile e-mail-urilor au ?i avantajul c? nu mai trebuie transcrise. Astfel c? un procuror poate solicita mandat dac? are date sau indicii c? un cet??ean comite o infrac?iune ?i utilizeaz? în acest sens e-mail-ul sau dac? procurorul consider? c? pot ob?ine probe conculudente din interceptarea e-mail-urilor. La fel ca în cazul intercept?rilor telefonice, ?i la e-mail-uri interceptarea trebuie s? fie aprobat? de un judec?tor. E-mail-urile ?i discu?iile de pe Facebook sunt interceptate în timp real Procurorii pot intercepta coresponden?a online în timp real, la fel cum dup? ob?inerea unui mandat de la judec?tor pot intercepta în timp real ?i comunica?iile din chat-ul de la Facebook sau de pe orice alt? re?ea. Pentru a realiza aceste intercept?ri, organele de anchet? nu au nevoie s? cear? permisiunea Google sau Facebook, ori a diver?ilor furnizori de servicii de e-mail. Astfel c? intercept?rile se realizeaz? prin sistemul de intercept?ri al SRI, care opereaz? direct cu providerii de Internet. Legisla?ia din România ?i din UE spune c? orice operator de telefonie sau provider de Internet este obligat s? semneze protocoale de acest fel cu autorit??ile. Prin aceste protocoale, SRI are acces la echipamentele acestor operatori ?i poate efectua intercept?rile telefonice sau cele de date. Localizarea telefoanelor mobile, stocat? de companiile de telefonie ?i folosit? de procurori: cazul Valiza Pe lâng? interceptarea convorbirilor telefonice, procurorii au posibilitatea s? cear?, în baza unui mandat, ?i localizarea telefoanelor mobile. Mai exact, un procuror poate determina unde s-a aflat telefonul mobil al unui inculpat la un moment anume. Aceste date sunt stocate de companiile de telefonie. Procurorii au folosit aceast tip de probatoriu în dosarul Valiza. Dup? izbucnirea scandalului legat de mituirea juc?torilor de la U Cluj, Gigi Becali a încercat s? acrediteze ideea c? valiza cu bani era destinat? cump?r?rii unui teren. Astfel c? dup? ce mâna lui dreapta, Teia Sponte, a fost re?inut, Becali a încercat s? falsifice probe. Mai precis, a încercat s? falsifice un antecontract de vânzare-cump?rare cu un cet??ean din Cluj. Patronul Stelei a declarat ?i a prezentat la DNA un contract care era întocmit ?i semnat în 14 aprilie. În realitate, procurorii au demonstrat c? documentul a fost semnat dup? data de 7 mai când Teia Sponte a fost re?inut. Procurorii au solicitat prin mandat aprobat de judec?tor ca operatorii de telefonie mobil? s? pun? la dispozi?ia lor localizarea telefoanelor mobile de?inute de Gigi Becali, Victor Pi?urc?, avocata Ciul Alina ?i Gheorghe Marion, presupusul vânz?tor al terenului. To?i patru au declarat c? în 14 aprilie au participat la semnarea contractului dintre Becali ?i Marion pentru un teren din Cluj care ar valora fix 1,7 milioane euro, adic? cu banii cu care a fost prins Teia Sponte. Dup? ce au primit datele de la operatorii de telefonie mobil?, procurorii au ar?tat c? pe 14 aprilie cei patru nu s-au întâlnit ?i nu aveau cum s? semneze contractul. În plus, coroborând aceste informa?ii cu alte date, procurorii au stabilit c? Gheorghe Marino se afla la Cluj unde a participat ca martor la un proces. ”În leg?tur? cu învinuitul Pi?urc? Victor, listingul cu identificarea traficului telefonic ?i a celulei de localizare, îl plaseaz? pe acesta, în data de 15.04.2008, în intervalul 00:28 min.-17:59 min., numai în str. Erou Iancu Nicolae nr.126.A, din localitatea Pipera, jude?ul Ilfov, unde î?i are domiciliul, fiind exclus? prezen?a sa în imobilul din str.Aleea Alexandru nr.1, sector 1 Bucure?ti”, precizeaz? procurorii în cadrul rechizitoriului din dosarul Valiza. Localizarea personajelor din aprilie, reconstituit? informatic în septembrie Procurorii au primit mandat de la judec?tor pentru punerea la dispozi?ie a datelor de localizare pentru Becali, Pi?urc?, avocata Ciul ?i Marino, acesta din urm? nefind monitorizat în luna septembrie 2008. Datele cerute se refereau la luna aprilie, deci cu patru luni în urm? fa?? de momentul cererii. Din rechizitoriu, rezult? c? procurorii au primit datele de localizare chiar ?i pentru Gheorghe Marino, al c?rui telefon nu era ascultat dup? patru luni de la momentul în care acesta sus?inea c? a fost în Bucure?ti. Potrivit legisla?iei, operatorii de telefonie sunt obliga?i s? stocheze datele timp de ?ase luni. În 2012, a fost transpus? în legisla?ia noastr? directiva european? a reten?iei datelor. Astfel, legea adoptat? anul trecut prevede obligativitatea furnizorilor de telefonie fix? ?i mobil? ?i de Internet s? re?in? timp de 6 luni anumite date ale abona?ilor care s? fie trimise, la cerere, autorit??ilor din domeniul siguran?ei na?ionale pentru ac?iunile de prevenire, cercetare, descoperire ?i urm?rire a infrac?iunilor grave. Pe lâng? interceptarea telefoanelor, în dosarul hackerului „Micul Fum”, care a fost acuzat c? a spart adresele mai multor vedete, procurorii au utilizat ca metod? investigativ? ?i interceptarea de date, ei cerând informa?ii de la compania Facebook. Cum acesta folosea programe informatice pentru a-?i ascunde IP-ul real, procurorii au cerut atât interceptarea telefonului s?u, cât ?i date de la providerii de Internet. Astfel c?, prin coroborarea acestor date, procurorii l-au identificat pe „Micul Fum” în persoana lui Laz?r Marcel Lehel. Judec?torii l-au condamnat pe acesta la 3 ani de închisoare cu suspendare. ”În cauz?, în vederea identific?rii autorului faptei, au fost solicitate administratorilor serverelor de po?t? electronic? YAHOO! ?i GMAIL, precum ?i reprezentan?ilor re?elei de socializare FACEBOOK log-urile de acces din perioada în litigiu, atât la conturile compromise ale p?r?ilor v?t?mate, cât ?i la conturile autorului atacurilor informatice”, se arat? în rechizitoriu. Cinci mituri despre intercept?rile telefonice Mitul nr 1: SRI ascult? pe toat? lumea. Principalul mit al intercept?rilor este acela c? to?i cet??enii care au telefoane mobile sunt intercepta?i si asculta?i de SRI. Anual, în România sunt înregistrate aproximativ 20.000 de mandate de interceptare. Dintre acestea, aproximativ 3.000 sunt în baza legii siguran?ei na?ionale. Cele mai multe dintre intercept?rile realizate de SRI sunt destinate organelor de cercetare penal?, DIICOT, Parchetul General, DNA, etc. Mitul nr 2: Intercept?rile se fac abuziv, cu înc?lcarea legii. În România, intercept?rile se fac în principiu în felul urm?tor: procurorul formuleaz? o cerere unui judec?tor, prin care solicit? autorizarea intercept?rii unei persoane, judec?torul analizeaz? cererea ?i decide dac? aprob? sau nu. Odac? ce a primit mandatul de interceptare de la judec?tor procurorul îl trimite c?tre SRI care introduce mandatul într-un sistem electronic. Sistemul inregistreaz? mandatul ?i porne?te înregistrarea convorbirilor. Înregistrarea convorbirilor nu se face la SRI, ci la parchetul care a cerut ?i a primit mandatul de interceptare. Sistemul este automatizat, astfel c?, odat? ce perioada de interceptare aprobat? a expirat, interceptarea comunica?iilor se opre?te automat. În România, sunt dou? categorii de intercept?ri, cel pu?in cele care apar în dosarele penale. Prima categoria sunt înregistr?rile aprobate pe mandate normale ?i, de cealalt? parte, cele pe legea siguran?ei na?ionale. Aceste întercept?ri sunt aprobate în baza articolului 91 din Codul Procedur? Penal?. Procurorul poate autoriza provizoriu pe 24 sau 48 de ore interceptarea f?r? mandat dar în mod obligatoriu dup? expirarea acestei periode trebuie s? solicite un mandat post factum. În România a existat un singur caz în care CEDO nereguli în procedura de interceptare. Este vorba de cazul Dinu Patriciu. Speciali?tii spun îns? c? aceast? condamnarea se datoreaz? în principal unei legisla?iei proaste de dinainte de 2004. Dup? 2004, legisla?ia privind intercept?rile a fost modificat? ?i nu s-au înregistrat oficial cazuri de abuzuri. Mitul nr 3: Intercept?rile pe siguran?? na?ional?, nelimitate ?i f?r? control. Potrivit speciali?tilor contacta?i de gândul, în România se emit anual în jur de 3.000 de mandate de interceptare în baza legii siguran?ei na?ionale. Fa?? de mandatele de interceptare obi?nuite, aceste mandate sunt avizate de Curtea Suprem?. Interceptarea pe legea siguran?ei na?ionale a unui cet??ean are urm?torul traseu: SRI colecteaz? date sub suspiciunea de infrac?iuni la legea siguran?ei ?i decide s? cear? un mandat de interceptare. Chiar ?i la SRI exist? un prim filtru pe aceste cereri. Serviciul formuleaz? o cerere c?tre procurorul general în care prezint? argumentele pentru care dore?te s? intercepteze convorbirile persoanei vizate. Procurorul general are posibilitatea s? resping? cererea SRI. De la Parchetul General, cererea ajunge la Curtea Suprem?, unde judec?torii analizeaz? acest? solicitare si aprob? sau nu mandatul. Potrivit speciali?tilor, num?rul de mandate emise în România dep??e?te media de mandate/locuitor emise de alte ??ri din Europa. Atât Parchetul General, cât ?i SRI analizeaz? aceste mandate în baza hot?rârilor CEDO care s-au pronun?at pe cauze care priveau intercept?ri abuzive, astfel încât, în principiu, exist? anumite filtre ?i garan?ii c? nu se vor comite erori sau abuzuri. Mitul nr 4: Intercept?rile convorbirilor audio sunt modificate de SRI si procurori. Un alt mit al intercept?rilor este acela c? SRI ?i procurorii modific? fi?ierele audio ale intercept?rilor. În fa?a instan?elor, în special în dosarele de corup?ie, inculpa?ii au acuzat procurorii c? au modificat intercept?rile astfel încât probele s? fie în favoarea acuz?rii. Fisierele audio cu intercept?ri sunt fi?iere speciale care au în componen?? elemente de siguran??. La fel ?i fi?ierele video rezultate din supravegherea operativ? video a unui acuzat. Astfel c?, dac? un procuror ar dori s? modifice un fi?ier video sau audio, aceste fi?iere s-ar corupe ?i nu ar mai putea fi utilizate. De altfel, aceste fi?iere con?in ?i date suplimentare prin care poate fi identificat? fiecare persoan? care a folosit documentele. Astfel c?, potrivit speciali?tilor consulta?i degândul, este practic imposibil ca o interceptare s? fie compilat?. Mitul num?rul 5: Procurorii fac intercept?ri pe care le ?in ascunse în sertare. Un alt mit al intercept?rilor este acela c? procurorii sau SRI realizeaz? intercept?ri ilegale pe care le ?in la secret ?i le utilizeaz? în scopuri oneroase. În realitate, sistemul informatic cu care realizeaz? intercept?ri nu permite ascultarea telefoanelor f?r? mandat sau f?r? o ordonan?? provizorie a procurorului care trebuie confirmat? ulterior de judec?tor. Astfel c? exist? în permanen?? o eviden?? oficial? a celor care emit ordonan?e ?i celor care sunt asculta?i. În plus, sistemul informatic ?terge automat dup? 10 zile intercept?rile care nu sunt extrase din sistem ?i ata?ate unui dosar. Sursa: Cinci mituri despre intercept?rile telefonice în România. Cum urm?resc procurorii e-mail-urile ?i discu?iile de pe Facebook ale românilor - Gandul

Page and Zuckerberg Denials ZUCKERBERG DENIAL I want to respond personally to the outrageous press reports about PRISM: Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn't even heard of PRISM before yesterday. When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law. We will continue fighting aggressively to keep your information safe and secure. We strongly encourage all governments to be much more transparent about all programs aimed at keeping the public safe. It's the only way to protect everyone's civil liberties and create the safe and free society we all want over the long term. PAGE DENIAL You may be aware of press reports alleging that Internet companies have joined a secret U.S. government program called PRISM to give the National Security Agency direct access to our servers. As Google’s CEO and Chief Legal Officer, we wanted you to have the facts. First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday. Second, we provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. Press reports that suggest that Google is providing open-ended access to our users’ data are false, period. Until this week’s reports, we had never heard of the broad type of order that Verizon received—an order that appears to have required them to hand over millions of users’ call records. We were very surprised to learn that such broad orders exist. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false. Finally, this episode confirms what we have long believed—there needs to be a more transparent approach. Google has worked hard, within the confines of the current laws, to be open about the data requests we receive. We post this information on our Transparency Report whenever possible. We were the first company to do this. And, of course, we understand that the U.S. and other governments need to take action to protect their citizens’ safety—including sometimes by using surveillance. But the level of secrecy around the current legal procedures undermines the freedoms we all cherish. Sursa: https://docs.google.com/document/d/1mv06t60fV9YclwHzFmDOEk2wGGBj-jd5od7cS-I-d6E/edit?pli=1

Il recomand pe nedo.

Hexat, ban permanent. Muie.

[h=1]Coca Colas' Elite Proxies 5/29/13[/h] 202.114.6.37:9001 190.102.3.152:80 124.95.162.210:80 112.90.178.235:80 69.197.132.68:8089 113.31.42.30:8888 222.42.1.232:83 221.10.102.203:80 5.199.166.250:7808 69.197.132.68:7808 61.183.0.91:7938 184.154.85.252:7808 221.10.102.203:83 211.151.186.228:80 66.35.68.145:8089 192.227.137.47:7808 173.213.96.229:8089 192.227.137.47:3128 192.95.14.4:8089 198.154.114.100:8089 66.35.68.146:8089 192.110.163.22:8089 91.121.100.200:8118 74.221.211.12:8089 218.108.242.124:80 192.227.137.47:8089 192.110.163.22:3128 66.35.68.145:3128 208.68.37.137:8089 178.18.17.211:8089 221.10.102.203:84 178.18.17.208:3128 202.109.178.22:8080 108.61.89.152:3128 222.42.1.226:82 60.195.251.202:80 108.61.89.152:7808 66.35.68.146:7808 208.68.37.137:7808 199.15.248.179:7808 198.154.114.100:7808 192.110.163.22:7808 173.213.96.229:7808 178.18.17.211:7808 173.193.200.199:7808 178.18.17.208:7808 198.245.70.92:7808 91.228.53.28:7808 85.233.90.6:80 61.180.49.18:80 61.55.141.10:81 91.228.53.28:3128 178.18.17.208:8089 192.95.14.4:3128 208.68.37.137:3128 198.245.70.92:3128 37.221.162.147:443 209.170.122.42:80 222.73.242.137:81 209.97.203.60:3128 192.95.14.4:7808 66.35.68.145:7808 178.18.17.211:3128 79.170.55.226:80 122.96.59.103:81 122.96.59.103:80 222.42.1.226:83 212.160.138.234:80 222.88.236.236:81 173.213.96.229:3128 198.154.114.100:3128 61.55.141.11:81 64.178.172.154:9015 164.77.196.78:80 27.34.142.47:9090 61.155.9.130:1080 209.97.203.64:3128 91.228.53.28:8089 74.221.211.12:3128 221.10.40.236:81 178.21.112.27:3128 221.10.40.236:80 113.12.83.157:80 222.73.233.146:82 173.193.200.199:8089 77.94.48.4:80 58.240.98.179:80 116.28.65.249:80 218.28.112.114:809 180.247.222.129:80 190.151.116.146:80 174.137.152.60:8080 188.165.253.198:3128 221.10.40.232:82 221.10.40.232:81 124.128.20.79:8090 77.175.49.198:80 95.67.106.110:3128 116.77.35.118:80 218.94.1.166:82 119.36.87.26:83 219.150.204.30:80 198.102.29.195:3128 221.10.40.232:83 27.3.40.249:8080 216.201.182.164:80 74.63.243.248:80 202.104.188.53:80 54.234.65.111:443 134.76.20.210:80 75.125.208.10:8118 184.82.206.46:8888 64.62.247.244:80 37.46.197.58:3128 202.158.163.202:80 183.92.246.1:8080 116.38.254.26:18080 210.31.191.58:8080 119.194.107.89:80 220.248.7.106:80 69.50.208.129:80 59.11.237.151:808 109.123.111.99:80 54.247.99.253:443 77.175.12.100:80 60.220.212.60:14693 127.0.0.7:80 63.141.249.37:8089 118.244.183.69:80 218.204.39.164:80 222.220.34.74:1337 202.142.20.209:8088 115.25.216.6:80 202.142.20.224:8088 127.201.233.180:80 127.204.233.180:80 61.147.107.18:808 74.115.0.71:465 187.210.4.53:808 27.34.142.48:9090 202.175.87.69:808 77.175.10.120:80 176.227.208.237:3128 93.170.144.2:80 115.234.223.60:80 193.106.27.215:3128 202.142.20.249:8088 183.181.27.248:80 92.45.49.65:80 74.50.59.198:80 211.87.190.186:808 151.237.189.8:80 211.167.112.14:80 76.12.152.93:80 59.64.39.164:808 221.130.17.60:80 202.119.199.147:8080 119.36.87.32:81 201.243.100.100:3128 202.112.120.66:2345 93.157.103.243:80 188.142.73.149:80 188.142.16.249:80 61.136.68.76:808 194.149.136.24:80 54.232.93.23:80 205.164.41.101:3128 173.242.120.132:443 180.96.64.179:8080 218.2.129.53:9028 63.141.249.37:3128 173.10.134.173:8081 218.213.197.81:8088 110.136.175.173:8080 218.210.199.254:80 180.96.64.181:8080 61.135.179.167:8080 50.112.232.184:8080 186.201.198.254:8080 37.221.192.212:80 186.89.208.146:3128 80.56.75.99:80 88.198.64.141:8118 218.204.39.136:80 205.164.41.101:8089 208.84.135.55:3128 222.73.233.146:86 77.236.209.236:8080 124.128.20.80:8090 221.130.18.188:80 46.4.214.126:8118 60.220.212.67:29786 91.121.11.120:8080 111.1.32.124:81 124.227.191.74:9000 188.142.78.234:80 221.181.192.29:80 124.227.192.6:9000 205.164.41.101:7808 123.103.23.106:29786 46.61.185.31:8081 208.84.135.55:7808 95.181.33.22:8080 58.242.249.31:33944 58.242.249.31:34015 58.242.249.31:33965 58.242.249.31:34034 58.242.249.31:34043 58.242.249.31:35010 58.242.249.31:34484 58.242.249.31:33925 58.242.249.31:33987 58.242.249.31:34032 58.242.249.31:34061 58.242.249.31:23685 58.242.249.31:33942 58.242.249.31:33948 58.242.249.31:33976 58.242.249.31:33919 58.242.249.31:33719 58.242.249.31:20771 58.242.249.31:29832 58.242.249.31:18888 58.242.249.31:23684 58.242.249.31:21725 58.242.249.31:24809 58.242.249.31:29037 58.242.249.31:24379 58.242.249.31:21724 58.242.249.31:18204 58.242.249.31:19305 58.242.249.31:19279 58.242.249.31:17183 58.242.249.31:18350 58.242.249.31:18256 58.242.249.31:18253 58.242.249.31:17945 58.242.249.31:17657 58.242.249.31:15238 58.242.249.31:17403 58.242.249.31:16515 58.242.249.31:17130 58.242.249.31:16158 58.242.249.31:10000 58.242.249.31:16107 58.242.249.31:15275 58.242.249.31:15692 58.242.249.31:14826 58.242.249.31:13789 58.242.249.31:13669 58.242.249.31:11095 58.242.249.31:13243 58.242.249.31:13374 58.242.249.31:10080 115.160.227.35:80 192.95.35.201:8089 218.93.53.114:8888 125.216.144.199:8080 208.110.83.202:8089 195.209.245.226:3128 210.242.4.253:81 220.194.47.221:8080 190.102.30.19:80 218.108.85.59:82 202.142.20.205:8088 88.116.151.46:3129 50.57.175.200:8080 219.148.47.124:11119 173.212.242.164:7808 173.212.242.164:8089 64.120.242.24:3128 208.84.135.55:8089 46.51.192.48:80 5.135.81.16:8089 198.102.29.195:8089 116.228.55.217:8888 117.135.151.106:31288 124.237.77.152:8080 50.57.170.105:80 114.112.243.230:8080 97.118.113.31:80 211.99.212.154:809 111.1.32.124:82 67.215.228.129:8089 221.130.18.189:80 133.242.158.145:80 67.215.228.129:3128 63.141.249.37:7808 65.126.16.155:3128 173.213.113.111:8089 112.231.65.71:80 67.215.228.129:7808 119.167.231.73:8080 221.123.162.123:3128 217.77.50.181:3128 178.151.68.210:8080 220.247.224.103:9080 222.42.1.232:80 5.34.244.146:80 113.106.99.226:9000 183.238.133.41:80 54.234.65.111:80 124.42.121.147:8080 172.245.20.109:7808 222.88.236.236:83 211.151.187.88:80 23.29.127.173:7808 58.242.249.31:18080 91.219.238.77:7808 72.29.4.111:8089 72.29.4.111:3128 64.120.242.24:8089 119.167.231.72:8080 61.150.43.124:8080 173.213.113.111:7808 221.10.102.203:81 184.154.85.252:8089 95.31.18.119:3128 203.186.109.21:80 199.15.248.179:8089 202.202.96.84:8086 110.53.48.54:8080 72.29.4.111:7808 5.199.166.250:8089 192.95.35.201:3128 122.192.166.70:8080 199.30.136.116:8089 222.88.236.236:82 50.57.179.82:80 74.115.0.71:80 199.30.136.117:8089 58.32.208.251:8080 198.102.29.195:7808 113.31.42.30:1080 116.228.55.217:8000 5.135.81.16:7808 65.126.16.155:7808 198.27.79.149:8089 61.155.159.9:8989 202.112.113.7:80 192.95.35.201:7808 113.161.70.62:8080 116.228.55.184:80 198.27.79.149:7808 77.243.10.210:3128 27.17.61.117:9797 116.255.199.64:8080 184.154.85.252:3128 218.108.14.106:8808 198.27.79.149:3128 173.212.242.164:3128 85.92.159.84:8080 109.73.174.54:8080 50.112.235.132:80 221.10.102.203:82 222.73.233.146:80 119.36.87.32:83 62.64.9.129:3128 110.138.206.234:80 119.188.6.225:80 199.30.136.116:3128 94.247.25.162:80 222.42.1.226:81 173.193.200.199:3128 74.221.211.12:7808 199.30.136.116:7808 199.30.136.117:7808 219.232.47.153:80 31.131.30.161:3128 173.201.180.179:8080 124.207.80.227:80 27.54.182.158:80 66.35.68.146:3128 221.11.8.90:8080 101.226.74.168:8080 101.226.74.168:8081 213.160.143.150:3128 219.243.221.77:8080 222.73.242.137:80 222.42.1.226:80 67.55.115.76:8080 80.82.64.196:3128 199.193.114.15:8080 58.53.192.218:8123 218.249.86.131:553 119.36.87.32:80 190.102.17.240:80 94.137.239.19:81 211.151.115.16:2020 77.94.48.5:80 113.106.99.242:9000 218.107.132.66:2345 23.20.66.136:8080 202.116.160.89:80 84.29.56.72:80 123.103.23.106:11322 113.59.34.19:8090 123.103.23.106:10064 123.103.23.106:18508 60.195.251.213:8888 123.103.23.106:16660 123.103.23.106:11375 113.105.96.246:9090 222.57.81.198:8080 61.6.47.6:80 221.10.40.232:80 42.121.31.177:8080 194.78.20.11:8080 114.80.136.112:7780 112.125.94.54:80 119.36.87.26:81 118.126.11.36:80 166.78.253.54:80 202.142.20.238:8088 109.60.139.153:33080 122.72.0.28:80 84.26.231.56:80 127.1.0.1:80 127.204.233.19:80 127.20.233.180:80 193.239.220.148:80 202.99.21.162:8081 127.204.233.190:80 5.34.241.154:80 127.20.233.18:80 127.240.233.180:80 91.201.118.59:80 113.106.99.238:9000 220.248.176.108:3128 37.46.197.58:7808 82.204.100.37:80 118.213.148.178:80 82.75.247.8:80 83.151.4.208:8080 64.251.30.39:80 122.255.102.238:8080 198.204.231.235:3128 188.142.78.66:80 118.69.205.202:4624 46.105.20.6:8080 77.175.77.180:80 216.52.171.101:80 61.242.169.94:81 190.57.231.66:3128 61.6.254.74:8080 195.228.147.196:8080 203.126.25.164:80 77.175.78.112:80 178.150.156.219:54321 66.161.136.19:80 198.245.70.92:8089 183.181.164.180:80 80.120.42.142:3129 212.138.144.5:8118 190.102.17.180:80 219.234.80.221:80 23.29.127.173:8089 123.103.23.106:11882 123.103.23.106:15880 116.255.136.106:8989 119.62.72.202:8080 221.2.241.125:8087 54.241.211.5:80 77.175.79.221:80 211.167.112.14:82 162.209.65.100:80 202.115.27.8:123 202.112.126.88:2345 221.232.247.27:443 77.242.223.121:3128 60.220.212.60:11171 60.220.212.60:11022 60.220.212.60:22277 60.220.212.60:14841 60.220.212.60:14848 58.242.249.31:29786 60.220.212.60:11044 60.220.212.60:11033 60.220.212.60:11011 117.41.243.113:8081 157.7.137.74:80 175.139.211.105:80 54.214.17.37:80 125.208.1.163:80 218.108.85.59:80 60.220.212.60:11055 218.25.249.188:81 111.1.32.124:83 58.240.98.182:81 67.229.57.122:80 219.83.42.152:80 177.70.9.79:80 61.10.17.17:8181 64.120.242.24:7808 213.85.76.120:3128 46.61.185.31:8080 65.126.16.155:8089 113.106.99.237:9000 172.245.20.109:3128 123.103.23.106:18080 23.29.127.173:3128 211.107.42.231:8000 163.180.124.69:808 87.117.229.171:80 31.131.30.161:8089 202.171.253.111:80 222.73.242.137:84 60.220.212.60:18080 208.110.83.202:3128 31.131.30.161:7808 124.126.126.7:80 81.1.224.146:3128 220.233.207.139:80 208.110.83.202:7808 222.73.233.146:81 61.158.34.2:8080 93.78.47.20:3128 5.135.81.16:3128 180.246.230.103:80 193.53.4.252:8080 219.243.220.100:8080 77.251.219.80:80 109.195.23.55:3128 61.138.27.5:8080 116.228.55.217:80 89.44.124.12:80 119.36.87.32:82 222.73.233.146:85 222.73.233.146:83 222.73.242.137:83 222.223.155.99:9001 222.73.233.146:84 173.213.113.111:3128 69.197.132.68:3128 5.199.166.250:3128 199.15.248.179:3128 190.102.28.173:80 119.254.84.90:80 61.187.186.150:81 180.247.12.182:80 113.108.92.104:80 174.137.184.37:8080 221.10.40.236:82 199.30.136.117:3128 1.85.16.86:8888 122.96.59.103:83 122.96.59.103:82 95.241.139.55:80 218.249.86.131:554 119.36.87.26:80 119.36.87.26:82 60.195.251.213:80 190.102.2.71:80 172.245.9.56:7808 176.34.211.30:80 141.85.204.66:1920 202.142.20.204:8088 202.142.20.211:8088 58.215.137.145:3129 60.18.169.92:80 127.240.233.190:80 5.135.191.206:80 37.46.197.58:8089 62.45.154.240:80 202.112.123.2:80 54.247.99.253:80 188.142.59.116:80 14.53.34.90:3128 81.90.224.209:8080 187.45.182.9:8080 108.61.89.152:8089 206.72.194.6:443 77.250.146.5:80 84.200.43.92:80 221.181.192.29:81 205.196.211.66:3128 218.204.39.167:80 77.175.13.61:80 46.102.232.103:80 188.142.93.4:80 178.189.92.118:3129 173.45.91.40:8085 218.204.39.166:80 188.142.65.28:80 202.159.24.23:80 180.247.5.242:80 218.108.85.59:81 218.56.161.14:8118 81.9.110.98:3128 211.147.213.112:80 184.95.52.207:21104 83.239.214.100:3128 202.96.154.8:8000 172.245.20.109:8089 54.224.82.100:80 198.74.55.58:80 222.73.242.137:82 190.149.209.46:80 201.77.202.69:8090 222.73.242.137:85 188.142.2.134:80 95.215.61.164:8080 218.108.242.124:8080 121.22.72.61:8080 60.12.174.124:8090 121.240.238.160:80 209.190.112.237:3128 113.106.99.233:9000 59.148.224.190:80 77.175.84.246:80 79.129.72.226:9000 212.7.4.200:3128 112.199.89.158:6588 91.239.66.108:3128 77.175.79.225:80 188.142.59.102:80 113.106.99.239:9000 176.214.79.247:3128 202.142.20.6:8090 184.106.170.71:8787 5.199.164.214:8080 184.106.158.148:8787 218.203.121.84:8080 151.237.189.25:80 202.198.8.55:80 95.211.213.143:8080 211.1.228.96:80 164.77.196.75:80 203.171.231.36:62848 188.142.92.105:80 50.57.171.227:80 74.91.17.35:3128 60.216.99.222:80 42.120.50.45:14826 200.27.175.70:3128 46.18.244.54:80 124.227.191.70:9000 188.165.208.11:443 178.60.128.217:80 141.223.122.154:808 109.239.36.174:3128 37.251.107.74:80 199.45.9.180:80 134.181.9.145:9000 46.38.63.191:8080 119.97.244.222:9000 178.217.154.50:3128 103.22.181.247:80 60.247.77.199:8089 173.192.81.137:8080 24.132.76.164:80 213.73.146.218:80 111.223.88.132:8080 64.120.252.18:80 202.142.20.8:8090 199.127.99.219:3128 92.62.82.118:80 173.254.232.123:3128 77.175.13.93:80 123.242.172.4:80 218.62.29.154:80 188.142.6.94:80 124.227.191.69:9000 199.127.99.221:3128 77.175.14.205:80 200.12.63.104:8080 222.178.37.42:1337 218.28.59.149:8080 189.84.15.186:80 188.142.89.179:80 195.64.211.173:3128 83.128.15.240:80 188.142.77.201:80 213.111.227.92:54321 199.201.121.12:443 74.91.17.42:3128 77.175.12.50:80 173.208.246.132:3128 118.97.77.119:8080 106.187.101.178:3128 183.136.146.110:8085 114.113.156.33:8090 41.224.247.239:81 218.22.64.244:8080 124.207.34.91:808 61.28.43.204:8090 93.79.118.163:54321 183.181.25.248:80 119.184.214.18:808 113.106.99.241:9000 177.70.8.162:80 60.190.189.214:8123 87.174.110.211:8080 87.236.210.61:3128 122.194.10.198:80 78.107.239.206:54321 82.209.195.5:8080 173.255.250.38:8080 219.111.124.167:8000 62.64.7.245:3128 222.90.211.198:1337 109.86.203.184:54321 82.207.43.156:3128 37.77.51.162:80 190.208.41.84:3128 202.38.95.66:8080 173.255.142.13:80 183.105.252.141:8118 58.221.184.114:1337 77.175.77.202:80 189.75.118.154:80 107.22.112.11:8118 129.114.60.141:80 210.13.124.188:8080 195.138.81.100:3128 80.255.145.41:3128 213.0.62.70:80 82.187.108.146:8082 199.88.101.5:8080 202.103.114.13:88 202.112.50.140:8080 222.197.188.39:8080 221.7.43.71:1337 188.142.78.184:80 88.159.179.36:80 77.175.81.9:80 50.7.199.119:3128 184.73.235.9:80 113.105.65.111:8080 183.129.177.120:80 199.88.101.6:8080 80.94.238.54:3128 202.142.20.215:8088 96.126.105.156:80 188.142.70.81:80 212.34.181.124:3128 216.230.230.57:8089 199.115.94.245:80 202.194.6.227:8909 61.15.67.120:6673 218.22.180.45:8090 112.65.171.122:8080 113.204.166.90:8080 195.239.209.214:3128 222.178.12.38:6668 77.175.88.109:80 217.123.116.27:80 207.182.140.86:3128 113.106.99.235:9000 37.251.107.193:80 218.219.202.76:443 202.102.48.205:8080 84.105.67.157:80 218.63.203.202:9888 75.145.114.154:8118 202.108.251.214:8888 202.115.9.143:808 183.237.28.44:3128 68.97.243.226:36081 117.218.58.152:6588 37.251.107.222:80 58.211.195.86:8080 188.32.107.120:54321 188.142.44.83:80 211.147.226.172:80 211.147.226.169:80 198.154.120.98:3128 198.24.130.222:3128 211.147.226.170:80 119.254.66.7:5060 75.101.243.160:80 27.54.182.157:80 188.142.69.55:80 58.210.247.18:1337 61.28.39.52:8090 173.212.248.34:14416 115.151.26.86:3128 188.142.65.168:80 124.227.192.43:9000 95.87.69.59:3128 217.25.23.219:3128 87.79.33.226:81 202.46.129.120:443 173.212.195.172:8081 218.108.168.165:82 218.17.154.98:808 173.208.137.44:3128 122.228.218.163:8090 103.16.228.207:808 80.192.41.229:3128 200.62.71.41:8080 109.86.201.180:54321 212.33.12.234:80 78.63.208.158:54321 110.77.233.39:3128 89.148.197.27:3128 54.243.202.216:80 200.242.233.36:80 94.228.213.123:3128 212.204.161.180:80 201.76.149.60:3128 213.230.68.97:8081 183.129.141.15:80 192.210.210.219:3128 94.210.251.243:80 58.20.250.61:8080 115.182.10.144:80 61.28.43.205:8090 222.208.41.130:8090 77.175.85.148:80 218.28.16.170:3128 117.141.112.132:1337 180.183.2.147:8080 222.222.194.99:8090 60.247.92.242:6039 203.187.184.25:8888 221.193.245.16:8090 46.63.72.110:80 112.109.17.234:80 125.62.19.52:80 125.62.19.48:80 77.175.81.40:80 183.181.174.91:80 211.222.252.84:3129 Sursa: Coca Colas' Elite Proxies 5/29/13 - Pastebin.com

Cea mai mare prostie, sa folosesti ditamai libraria, mai ales pentru un proiect de 20 de linii de cod. black_death_c4t Deci care e problema? "Se cere un server si unul sau mai multi clienti." - Nu e server pe TCP?

Da, el e baiatu cu apa.

"325$ pe un stored xss in main site" Ce jegosi

[h=1]Cum i-a distrus fosta iubit? via?a, cu un post pe Facebook.'' Avea 30.000 de SHARE-uri''[/h]Un american din Ohio s-a trezit c? un str?in îi cere s? plece din parcul în care se plimba. "N-ai voie în acest parc pentru c? esti un violator" i-a strigat necunoscutul lui Lesko, care a încercat f?r? succes s?-i explice c? este o gre?eal?. Abia mai târziu a aflat c? fosta lui iubit? postase pe Facebook, al?turi de o poza, urm?torul text: "Dac? îl vede?i pe acest b?rbat, numele lui este Chad Michael Lesko. Este c?utat de poli?ia din Toledo, fiind suspect în patru cazuri de viol. A violat trei feti?e ?i pe propriul fiu. V? rog da?i Like ?i Share ?i r?spândi?i vestea. Nu interac?iona?i cu el". Potrivit Toledo News, toate acuza?iile sunt false, iar b?rbatul nu are nicio problem? cu legea. Drept dovad?, un alt incident similar a avut loc atunci când a mers la o întâlnire ?i cineva a chemat poli?ia. Ace?tia au verificat dac? exist? un mandat pe numele lui, îns? nu au g?sit nimic. "Dup? asta, am plecat spre cas? ?i un alt poli?ist m-a pus la p?mânt ?i voia s? m? aresteze", poveste?te Chad. Via: Cum i-a distrus fosta iubit? via?a, cu un post pe Facebook.'' Avea 30.000 de SHARE-uri'' Stiu, nu are legatura cu "securitatea", dar poate invatati ceva din intamplare si intelegeti ce riscuri pot sa apara prin simpla distribuire a unei informatii false. Da, puteti fi voi cei care veti inventa ceva la adresa altora, dar puteti fi si victime a unei astfel de prostii. Sunt curios daca exista legi in aceasta privinta.

Mi-as pula, a castigat Bayern...

[h=1]BIOS Bummer: New Malware Can Bypass BIOS Security[/h]Ericka Chickowski [h=2]Researchers expect to release proofs-of-concept at Black Hat that show how malware can infect BIOS, persist past updates, and fool the TPM into thinking everything's fine[/h] As more hardware vendors seek to implement the new NIST 800-155 specification that was designed to make the start-up BIOS firmware on our PCs and laptops more secure, they may need to rethink the security assumptions upon which the standard depends. A trio of researchers from The MITRE Corp. say that the current approach relies too heavily on access control mechanisms that can easily be bypassed. The researchers are taking their message to Black Hat USA later this summer in a talk where they plan to unveil new malware proofs-of-concept that can trick an endpoint's Trusted Platform Module (TPM) chip into thinking the BIOS firmware is clean and can persist infecting the BIOS after it has been flashed, or reset, or even after it has been updated. "The NIST document is sort of emphasizing access control mechanisms as a way to protect firmware," says Corey Kallenberg, security researcher with MITRE. "Whereas our stance is, look, access control mechanisms are going to fail, you have to assume that the attacker is going to find a way to get into your firmware." His colleague, John Butterworth, says there already has been an established history of researchers who have managed to bypass access controls in the BIOS. "For example, Invisible Things Lab showed in 2009 how firmware signing could be bypassed to arbitrarily modify the BIOS," he says. "We believe that this trend will continue in the future. Together with Xeno Kovah, lead infosec engineer at MITRE, Butterworth and Kallenberg are taking these bypass methods a step further with the research they'll unveil at Black Hat, which support their claims about the insecurity of the current methods used to assure the integrity of the BIOS. Currently, system TPM chips depend on code stored on the BIOS flash chip to perform a BIOS measurement and send that platform configuration register (PCR) value to the TPM chip as an assurance that the BIOS remains unmolested. In most cases, if the BIOS is manipulated, then the PCR value will change and will break the chain of trust with the TPM. But the MITRE researchers say that at Black Hat they will reveal how they are able to use the inherent mutability of the BIOS flash -- that's what makes it so easy to make BIOS firmware updates -- against this attestation process. They will show two different ways they're able to override it and forge the PCR values to trick the TPM into thinking the BIOS remains pristine. "The first one we're going to introduce is called the tick, which is a stealth malware that lives in the firmware, so it's persistent past reflashes and is able to forge the TPM's PCR values to provide a known good expected value," Butterworth says. "The second one we'll introduce what we call the flea because it is able to jump from one BIOS revision to the next. Whereas the tick can easily be removed if you simply update or upgrade your BIOS revision, the flea is actually able to sense that firmware is about to be updated and is able to clone itself into the update image." According to Kallenberg, the two malware samples his team has created will demonstrate why the industry can't just rely on the TPM chip to tell the system that the firmware is clean and why flashing the BIOS can't necessarily solve a malware problem at this bottom-floor level of a system's boot-up firmware. "This really isn't a problem with the TPM itself -- just sort of the way that we're trusting the TPM," he explains. In order to help the industry offer a higher level of assurance around BIOS security, Butterworth, Kallenberg, and Kovah have also been working on a new timing-based attestation technique that they say can work in conjunction with the TPM to prevent the kinds of attacks for which they designed their proofs-of-concept. "It's essentially a checksum that self-checks something over its own code, and inside this self-checksumming code is built in a timing side-channel so that if that self-checksum is manipulated in some way, you still produce the correct checksum value while the bad code exists in this region of memory it's measuring," Kallenberg says. "But it'll actually induce a timing overrun we can detect. So the two things we're checking is the results of the checksum and how long it took to calculate that checksum." Since the research was developed under federal funding meant to drive cybersecurity innovation for the public good, the technique the MITRE team developed will be made available to industry vendors willing to use it within their systems to add a stronger level of security for BIOS firmware across all platforms. "We really want to provide an offensive and defensive perspective on firmware security -- that way we can come at it from both angles and really help these vendors make their own BIOS security products better," Kallenberg says. Sursa: http://www.darkreading.com/vulnerability/bios-bummer-new-malware-can-bypass-bios/240155473

https://rstforums.com/forum/69673-win32k-epathobj-pprflattenrec-uninitialized-next-pointer-testcase.rst

Am fost plecat maxim o ora de acasa. Cat timp am fost acasa mergea perfect. Probabil net-ul tau, de 30 de ori mai prost ca am meu, e de vina: Reply from 89.45.193.183: bytes=32 time=[COLOR=#ff0000][B]2ms [/B][/COLOR]TTL=53 Reply from 89.45.193.183: bytes=32 time=[COLOR=#ff0000][B]4ms [/B][/COLOR]TTL=53 Reply from 89.45.193.183: bytes=32 time=[COLOR=#ff0000][B]3ms [/B][/COLOR]TTL=53 Reply from 89.45.193.183: bytes=32 time=[COLOR=#ff0000][B]3ms [/B][/COLOR]TTL=53 Cine-i "tipu de pe messenger"?

Mda, de-am-pulea faza cu RNS.

Apare prompt si nu a mers nici daca am dat "Turn off ActiveX filtering". A mers doar local dupa ce am dat "Allow". Daca te uiti pe la setari pe la IE o sa vezi aproape toate setarile legate de ActiveX pe Disable.

https://rstforums.com/aaa.html

C/C++ Low Level Curriculum http://altdevblogaday.com/2011/11/09/a-low-level-curriculum-for-c-and-c/ http://altdevblogaday.com/2011/11/24/c-c-low-level-curriculum-part-2-data-types/ http://altdevblogaday.com/2011/12/14/c-c-low-level-curriculum-part-3-the-stack/ http://altdevblogaday.com/2011/12/24/c-c-low-level-curriculum-part-4-more-stack/ http://altdevblogaday.com/2012/02/07/c-c-low-level-curriculum-part-5-even-more-stack/ http://altdevblogaday.com/2012/03/07/c-c-low-level-curriculum-part-6-conditionals/ http://www.altdevblogaday.com/2012/04/10/cc-low-level-curriculum-part-7-more-conditionals/ http://www.altdevblogaday.com/2012/05/07/cc-low-level-curriculum-part-8-looking-at-optimised-assembly/ http://www.altdevblogaday.com/2012/09/04/cc-low-level-curriculum-part-9-loops/ http://www.altdevblogaday.com/2013/01/05/cc-low-level-curriculum-part-10-user-defined-types/ http://www.altdevblogaday.com/2013/05/03/cc-low-level-curriculum-part-11-inheritance/

[h=1]Pwn2Own 2013 Java Exploit Details[/h] [h=2]In March 2013, during the annual Pwn2Own competition at CanSecWest, Accuvant LABS’ Joshua J. Drake demonstrated a successful attack against Oracle’s Java Runtime Environment (JRE). The demonstration proved exploiting memory corruption vulnerabilities in Oracle’s JRE 7 is still possible despite modern exploit mitigations. Accuvant LABS’ exploit code, as well as a white paper containing detailed information about the vulnerabilities, primitives and exploitation techniques, is available for download below.[/h] Download: https://www.accuvant.com/sites/default/files/downloads/pwn2own_2013_-_java_7_se_memory_corruption.pdf Data: https://www.accuvant.com/sites/default/files/downloads/pwn2own2013-jre7.zip Sursa: http://www.accuvant.com/capability/accuvant-labs/security-research/pwn2own-2013-java-exploit-details

Blackberry Z10 Research Primer – “Dissecting Blackberry 10 – An initial analysis” The goal of this whitepaper is to show an approach for testing the new Blackberry 10 operating system and to identify vulnerabilities on a new Blackberry 10 device. Topics: Discuss specifics of the operating system Check for vulnerabilities “by design” Talk about fuzzers Test default utilities Dump the “boot sector” Mention other interesting entry points / notices Propose further steps for future research Details: Date: May 2013 Version: 1.0 Author: Alexander Antukh Download PDF: Dissecting Blackberry 10 – An initial analysis Sursa: [Paper] Blackberry Z10 Research Primer by SEC Consult | ToolsWatch.org - The Hackers Arsenal Tools | Repository for vFeed and DPE Projects

[h=1]User Interface Security Directives for Content Security Policy[/h] [h=2]W3C Working Draft 23 May 2013[/h] This version:User Interface Security Directives for Content Security PolicyLatest published version:User Interface Security Directives for Content Security PolicyLatest editor's draft:http://dvcs.w3.org/hg/user-interface-safety/raw-file/tip/user-interface-safety.htmlPrevious version:User Interface Safety Directives for Content Security PolicyEditors:Giorgio Maone, Invited ExpertDavid Lin-Shung Huang, Carnegie Mellon UniversityTobias Gondrom, Invited ExpertBrad Hill, PayPal Inc. Copyright © 2012-2013 W3C® (MIT, ERCIM, Keio, Beihang), All Rights Reserved. W3C liability, trademark and document use rules apply. [h=2]Abstract[/h] This document defines directives for the Content Security Policy mechanism to declare a set of input protections for a web resource's user interface, defines a non-normative set of heuristics for Web user agents to implement these input protections, and a reporting mechanism for when they are triggered. [h=2]Status of This Document[/h] This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at All Standards and Drafts - W3C. This is a Working Draft of the User Interface Security Directives for Content Security Policy. [CSP] Portions of the technology described in this document were originally developed as part of X-Frame-Options [XFRAMEOPTIONS], the ClearClick module of the Mozilla Firefox add-on NoScript, [CLEARCLICK] and in the InContext system implemented experimentally in Internet Explorer [INCONTEXT]. In addition to the documents in the W3C Web Application Security working group, the work on this document is also informed by the work of the IETF websec working group, particularly that working group's requirements document: draft-hodges-websec-framework-reqs. This document was published by the Web Application Security Working Group as a Working Draft. This document is intended to become a W3C Recommendation. If you wish to make comments regarding this document, please send them to public-webappsec@w3.org (subscribe, archives). All comments are welcome. Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress. This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy. [h=2]Table of Contents[/h] 1. Introduction 2. Conformance 2.1 Terminology [*]3. Directives 3.1 frame-options 3.1.1 Multiple Host Source Values [*]3.2 input-protection [*]3.3 input-protection-clip [*]3.4 input-protection-selectors [*]3.5 report-uri 3.5.1 Producing blocked-target-xpath [*]4. DOM interface [*]5. Script Interfaces 5.1 SecurityPolicyViolationEvent Events 5.1.1 Attributes 5.1.2 Dictionary SecurityPolicyViolationEventInit Members [*]5.2 SecurityPolicy 5.2.1 Attributes [*]6. Input Protection Heuristic 6.1 Preparation 6.2 UI Event handling 6.3 Examples 6.3.1 Sample Policy Definitions 6.3.2 Sample Violation Report [*]6.4 Security Considerations [*]6.5 Implementation Considerations 6.5.1 Accessibility Technologies [*]6.6 Implementation Considerations for Resource Authors [*]6.7 IANA Considerations [*]A. References A.1 Normative references A.2 Informative references Link: User Interface Security Directives for Content Security Policy

[h=1]Your Mobile Device Is a Hack Waiting to Happen: Pros[/h]Published: Thursday, 23 May 2013 | 1:49 PM ET By: Cadie Thompson Technology Editor, CNBC.com When it comes to keeping their mobile devices safe and secure, consumers are playing a game of cat-and-mouse with cybercriminals. Although most users are aware that mobile devices can be hacked, just as desktops or laptops can, many still don't take steps to protect themselves and the data on their smartphones and tablets, according to a study released Wednesday at the CTIA conference in Las Vegas. (Read More: Cybercriminals Are Coming After Your Mobile Apps: Experts) "We've seen an explosion of malware for mobile devices," said Chris Doggett, senior vice president of corporate sales at the security firm Kaspersky Labs. "There is a lot of catch-up that needs to happen with people's' mindset about mobile security, and that is what we are trying to bring to bear." Eighty-five percent of consumers know that not having security software on a mobile devices puts them at risk of a breach, the study said, but only 31 percent have installed protective software on their smartphone or tablet. Why the disconnect between awareness and action? For one thing, people tend to ignore warnings until they or someone they know experiences a breach, Doggett said. Apple has also contributed to a false sense of security, he said. Because smartphone adoption in the U.S.was largely driven by the iPhone—a very secure device—consumers think that all mobile devices are as safe as the ones on Apple's platform. "I think this attitude is based on our initial experiences with these devices," Doggett said. "They were very reliable; they were pretty secure; there weren't any published examples of attacks or malware. It was a fairly safe assumption to make, relatively speaking," he said. Mobile malware attacks are aimed primarily at Android devices, which account for more than half of the world's smartphone market. In fact, Android accounts for more than 90 percent of all malware activity, according to a recent report published by the software security firm F-Secure. (Read More: Hacker Claims He Can Hijack Any Airplane Using a Mobile App) "Let's face it, the way we use devices today—everything is on them," Doggett said. "It's gotten to the point where we are using these devices for so much stuff that is sensitive ... that we need to start thinking about it much more seriously, because if someone gets their hands on that, a lot of bad stuff can happen." _By CNBC's Cadie Thompson. Follow her on Twitter @CadieThompson. Sursa: Your Mobile Device Is a Hack Waiting to Happen: Pros

Security Links 1 Security Links 2 Security Links 3 Security Links 4 Security Links 5 Security Links 6 Security Links 7