Nytro

Salut, nu cred ca ai nevoie de vreun programel crackuit, fa un Live CD cu Kali Linux si ai acolo tot ce ai nevoie. Tutoriale sunt o gramada, chiar si in aceasta categorie de forum, sunt o gramada de tool-uri free iar unele au si interfata grafica.

Am deschis si eu acel link, cred ca si pe mine vor sa ma cunoasca fetele respective, sper sa nu fii gelos. Vestea buna e ca nu au penis. Vestea rea ca e un spam de 2 lei. Ignori si mergi mai departe.

2020 was quite the year, one that saw many changes. As we begin 2021, we wanted to send one last note to our friends and supporters at the SecurityFocus BugTraq mailing list. As many of you know, assets of Symantec were acquired by Broadcom in late 2019, and some of those assets were then acquired by Accenture in 2020 (https://newsroom.accenture.com/news/accenture-completes-acquisition-of-broadco ms-symantec-cyber-security- services-business.htm). SecurityFocus assets were included in this transition, and the mailing list has not been updated since the work to transition to Accenture began. The SecurityFocus assets, including the BugTraq mailing list, has a long history of providing timely information on the latest vulnerabilities, security vendor announcements, and exploit information. We are forever grateful to those who created, maintained, and contributed to the archive - many of us have connected and learned from each other through these lists. The history of the list and the sharing of the information has contributed to ensuring that we are building the information security community to be something stronger. Community contribution is one of the foundations to building a stronger Information Security force. At this time, resources for the BugTraq mailing list have not been prioritized, and this will be the last message to the list. The archive will be shut down January 31st, 2021. For similar information, please refer to some of the following links: https://www.defcon.org/html/links/mailing-lists.html https://seclists.org/fulldisclosure/ This is where the appropriate geek-like reference and farewell comes in, something like “So long, and thanks for all the fish”, but that seems too cavalier for this. So thank you, for your support, wisdom, and willingness to share – whether you are a contributor, reader, or lurker on the list. All of you have made a difference. Be well, and keep up the good work!

Te referi la antivirale? Vezi asta: https://medicamente.romedic.ro/info/medicamentele-antivirale Gandeste-te la Windows, de ce sa fii infectat cu ransomware si sa incerci sa scapi de el cu cine stie ce "cleaner" (care nu poate face mare lucru) cand poti avea un antivirus actualizat la zi care sa il previna? @gigiRoman - Nu stiu de unde ai informatiile acelea, nu a zis nimeni ca anticorpii dobanditi prin infectie dureaza 3 luni. Ideea cu vaccinul si acele 2 doze o reprezinta tocmai acest lucru: stimuleaza dobandirea anticorpilor in cel mai bun mod posibil, testat de catre ei. De aceea prima doza e mai mica si a doua mai mare, tocmai pentru ca anticorpii sa dureze mai mult, sa isi faca treaba celulele de memorie T (parca). Edit: Klaus s-a vaccinat: https://www.digi24.ro/stiri/actualitate/klaus-iohannis-se-vaccineaza-anti-covid-la-ora-10-00-1434453 , deci problema e pe jumatate rezolvata. O sa o fac si eu cand imi vine randul. Apropo, mi-a dat mesaj privat Klaus, cica chip-ul ii cere licenta, zicea sa-i dau cont de filelist sa isi descarce una, sau un crack, are cineva cont filelist de dat?

Util: https://www.nytimes.com/interactive/2020/health/oxford-astrazeneca-covid-19-vaccine.html Au uitat sa explice cum functioneaza chip-ul, dar in rest, pare frumos explicat.

Gresit. Asa au inventat "hentai"-ul.

Daca o sa pot, cand ma vaccinez, pun pe cineva sa ma filmeze. Dar stati linistit ca nu sunt fraier, ma duc cu folia de aluminiu si mi-o pun pe cap apoi, nu il las eu pe Bill sa ma controleze! Cat despre prima stire, normal ca se poate ca dupa prima doza sa te infectezi. Se poate si dupa a doua, dar sunt sanse foarte mici, adica acei 5%. Mama a inteles asta, probabil are un IQ mai mare ca tine si nu prea se "documenteaza" pe subiect. PS: Da, normal ca se monitorizeaza, se vrea sa se afle durata de timp a anticorpilor. Oricum difera de la persoana la persoana, dar sa se stie aproximativ cat de mult ajuta. Intre timp ai mai sus toata documentatia necesara referitoare la vaccin. Acolo sunt datele oficiale, tot ce ai nevoie sa stii despre el. Citeste-le si spune-ne si noua daca e ceva in neregula acolo.

Nu stiu daca informatiile se voiau publice, cel putin nu de la Agentia Europeana a Medicamentului. Acele fisiere par sa contina foarte multe detalii referitoare la vaccin, poate chiar totul, ceea ce inseamna ca si altii ar putea sa il reproduca. Codul sursa Pentru noi, oamenii de rand e bine. Putem sa il intelegem, in totalitate daca am si avea cunostiintele necesare. Si poate medicii cu experienta, microbiologii sau alte persoane pot sa deduca anumite lucruri de acolo, cum ar fi efectele la persoanele cu alergii.

Da, interesant, dar nu stiu cat ajuta. Probabil altii au facut asta cu mult timp inainte, fara intentii pozitive si fara sa anunte IP-ul folosit. Dar mi se pare ca evolueaza lucrurile si la noi. Testul oricum nu e intrusiv, nici nu ar trebui sa anunte, dar probabil sa nu panicheze pe cineva. De parca ar monitoriza cineva loguri si accesul pe acel fisier... Ca dovada, am dat un grep pe mizeria mea de site - www.xssfuzzer.com root@xssfuzzer:/var/log/apache2# grep -R Orion . ./access.log.1:162.243.128.120 - - [14/Dec/2020:04:29:57 +0000] "GET /Orion/Login.aspx HTTP/1.1" 404 3537 "-" "Mozilla/5.0 zgrab/0.x" ./access.log.1:145.220.25.28 - - [28/Dec/2020:02:44:00 +0000] "GET /Orion/WebResource.axd HTTP/1.1" 404 3537 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36" Dragut.

Super, mersi mult! M-am uitat putin, vad niste mail-uri neinteresante si niste rapoarte, nu pare sa fie ceva confidential pe acolo. Am vazut intr-un docx structura si cateva detalii despre vaccin! Bine, nu inteleg mare lucru, dar e acolo. Daca va intreaba cineva ce contine acel vaccin le puteti da cu documentul ala in cap.

Am vazut si eu stirile acestea, dar nu am inteles ce ar contine acele documente. Are cineva acel leak?

E fake, stiu, dar daca nu tineti cont de asta e chiar emotionant... https://9gag.com/gag/aeDrrqQ

Daca are cere cont premium, fara reclame, pe WhatsApp, ar deveni reale (partial) acele mesaje idioate ca "WhatsApp nu o sa mai fie gratuit".

Relevant

Why everyone should be using Signal instead of WhatsApp The Signal protocol underpins WhatsApp's encryption, but Facebook's ubiquitous messaging service doesn't hold a candle to Signal itself By K.G ORPHANIDES Thursday 16 April 2020 WIRED WhatsApp is the most popular communications app on the planet with over two billion users using it for messaging. Bought by Facebook in 2014, the service popularised the use of end-to-end encryption in day-to-day communications, introducing it as its default for messaging in 2016. To do so it cooperated with Moxy Marlinspike’s Open Whisper Systems to integrate the Signal encrypted messaging protocol. Microsoft and Google have also used the protocol, widely regarded as the gold standard in encrypted communications. Now Open Whisper Systems exists as Signal Messenger, LLC, and is part of the Signal Foundation. This rebranding has seen the foundation put more effort into its own app. The Signal Foundation's flagship Signal app provides fully-fledged and easy to use secure communications in its own right. It has direct and group messaging, as well as one-to-one audio and video chat, and there are very good reasons to opt for secure messaging's Cool Original flavour over WhatsApp. In February, the European Commission advised its staff to do exactly that. Here’s why you should use Signal for any conversation where privacy matters – even if that’s just giving your family the shared Disney+ password – and why your friends should, too. 1. Signal has more up-to-date security features New security features come to Signal first. For example, Signal has had disappearing messages – which are automatically deleted after a specified period of time – since 2016 but the feature is still being tested with small numbers of WhatsApp users. Other mainstream and beta Signal features that WhatsApp users don’t have include view-oncemedia messages, encrypted profiles, an incognito keyboard switch for Android to keep Gboard from sending your typing history back to Google, and backups that don’t default to unencrypted storage in Google Drive or Apple iCloud. Signal also has a slightly broader range of clients, with a dedicated client for Linux desktop users – likely to appeal to those in the security and data analysis fields, while WhatsApp directs them to its web app. 2. Signal is open source All of Signal’s source code is published for anyone to examine and use under a GPLv3 license for clients and an AGPLv3 license for the server. This means that you can see what’s going on inside it – or, more usefully, rely on the specialist expertise of people who review the code and know exactly what they’re looking for. 3. Signal has less potential for hidden vulnerabilities As a larger platform, WhatsApp is more inviting to malicious actors to start with, but the fact that its codebase is a proprietary closed box means that it may take longer for dangerous vulnerabilities to be detected. Any application can and eventually will suffer vulnerabilities – Signal has resolved a few of its own. But WhatsApp’s closed-source code (beyond its use of the open Signal protocol) means that there are a lot of potential targets that remain unknown until they’re exploited. A particularly worrying example was a vulnerability in WhatsApp’s VoIP stack, used by intelligence agencies to inject spyware in 2019. 4. You can run your own Signal server (but probably shouldn’t) Another advantage of open source software is that you can play with it, if you’re that way inclined. You probably won’t want or need a Signal server of your own for either personal or business reasons. It’s designed as a mass communications platform and isn’t really intended to scale down, it’s a pain to build and there are currently no containerised versions for easy deployment. But if you’re technically minded, you can learn a lot about how a system functions by building a test instance and poking it with a stick. It’s non-trivial, but community guides are available to help users get a Signal server up and running and some interesting forks exist, including a decentralised messaging system. 5. How much can you trust Facebook? Perhaps the most compelling reason to use Signal is Facebook's long-standing lack of respect for its users' privacy. Facebook has an appalling history when it comes to data collection and handling, from the Cambridge Analytica affair to its practice of sharing data about users with phone manufacturers. It’s already proved that it can’t be trusted with WhatsApp user data that should, under EU law, have remained private. In 2017, European regulators took action against Facebook for sharing the WhatsApp users’ phone numbers with its Facebook social network for advertising purposes. Firmly in breach of data protection regulations, it was an opt-out rather than opt-in system. Facebook had previously claimed such a mechanism would never be implemented. WhatsApp co-developer Brian Acton, who left Facebook in 2017 and went on to co-found the Signal Foundation with Marlinspike, has harshly criticised Facebook’s approach to privacy and revealed that Facebook coached him “to explain that it would be really difficult to merge or blend data between [WhatsApp and Facebook]” when giving information to EU regulators in 2014. Facebook’s desire to insert adverts and commercial messaging into WhatsApp and potentially compromise its security prompted Acton to leave Facebook early, sacrificing some $850 million in stock in the process. Acton’s fellow WhatsApp dev, Jan Koum, also walked out on Facebook following reported disputes with the company over its efforts to weaken encryption. Mark Zuckerberg has since publicly supported end-to-end encryption, saying it will also be added to its Messenger app. Facebook was until recently still vacillating over plans to introduce adverts to WhatsApp, with the latest reports indicating that the plan has finally been scrapped. Although it's not clear what will eventually happen to the service when Facebook merges WhatsApp with Instagram messaging and Messenger. Sursa: https://www.wired.co.uk/article/signal-vs-whatsapp

Create post on any Facebook page Pouya 12:17 PM No comments Create an invisible post on any Facebook page You may know that you can create many types of posts on your Facebook feed. one of them is called "invisible" which unlike other types cannot be seen on your feed, but like others, it has a link and id. These types of posts are not shown on the feed timeline but are accessible via a direct link. the main impact of these types of posts is that the page admins cannot view or delete them since they don't have any links. At Creative Hub we can create ads and use collaboration to complete them. Facebook creates an invisible post on the selected page for previewing them to the users. I intercepted the request and change the "page_id" to the victim's "page_id" and it saves without any error or issue. The permission here has been checked before generating the preview so you should definitely have the advertiser role. (above image) Also, the Share Feature (image below) has been added to Facebook's Creative Hub recently, therefore, I started digging deeper into it again. After clicking on the share button the API will answer with a new shareable URL like this: https://www.facebook.com/ads/previewer/__PREVIEW_KEY__ The gotcha is that the permission-check is missing before generating a preview post on the share page. Changing page_id before saving the mockup in Graphql request and then getting back the sharable link for it, gives us the ability to create a post on any page. All we need to do is to find the post_id that exists on any ad preview endpoints. Finally, we created an invisible post on the victim page without their knowledge! POC: Facebook fixed this vulnerability after I reported it but still, I was able to bypass the fix by using another approach. // This request will create a post page plus sending a notification to the mobile device AsyncRequest.post('/ads/previewer/notify_mobile/__PREVIEW_KEY__',{}) The "send to mobile" feature creates a preview again without checking permission. Bypass POC: Timeline: November 6, 2020 – Report Sent November 6, 2020 – Triaged November 11, 2020 – Fixed November 12, 2020 – Bypass Sent November 12, 2020 – Triaged November 20, 2020 – Fixed December 16, 2020 – $30,000 Bounty awarded Sursa: https://www.darabi.me/2020/12/create-invisible-post-on-any-facebook.html

WhatsApp Will Disable Your Account If You Don't Agree Sharing Data With Facebook January 06, 2021 Ravie Lakshmanan "Respect for your privacy is coded into our DNA," opens WhatsApp's privacy policy. "Since we started WhatsApp, we've aspired to build our Services with a set of strong privacy principles in mind." But come February 8, 2021, this opening statement will no longer find a place in the policy. The Facebook-owned messaging service is alerting users in India of an update to its terms of service and privacy policy that's expected to go into effect next month. The "key updates" concern how it processes user data, "how businesses can use Facebook hosted services to store and manage their WhatsApp chats," and "how we partner with Facebook to offer integrations across the Facebook Company Products." The mandatory changes allow WhatsApp to share more user data with other Facebook companies, including account registration information, phone numbers, transaction data, service-related information, interactions on the platform, mobile device information, IP address, and other data collected based on users' consent. Unsurprisingly, this data sharing policy with Facebook and its other services doesn't apply to EU states that are part of the European Economic Area (EEA), which are governed by the GDPR data protection regulations. The updates to WhatsApp terms and privacy policy come on the heels of Facebook's "privacy-focused vision" to integrate WhatsApp, Instagram, and Messenger together and provide a more coherent experience to users across its services. Users failing to agree to the revised terms by the cut-off date will have their accounts rendered inaccessible, the company said in the notification. This effectively means that, while the profiles will remain inactive, WhatsApp will eventually end up deleting the accounts after 120 days of inactivity (i.e. not connected to the app) as part of its efforts to "maintain security, limit data retention, and protect the privacy of our users." WhatsApp's Terms of Service was last updated on January 28, 2020, while its current Privacy Policy was enforced on July 20, 2020. Facebook Company Products refers to the social media giant's family of services, including its flagship Facebook app, Messenger, Instagram, Boomerang, Threads, Portal-branded devices, Oculus VR headsets (when using a Facebook account), Facebook Shops, Spark AR Studio, Audience Network, and NPE Team apps. It, however, doesn't include Workplace, Free Basics, Messenger Kids, and Oculus Products that are tied to Oculus accounts. What's Changed in its Privacy Policy? In its updated policy, the company expands on the "Information You Provide" section with specifics about payment account and transaction information collected during purchases made via the app and has replaced the "Affiliated Companies" section with a new "How We Work With Other Facebook Companies" that goes into detail about how it uses and shares the information gathered from WhatsApp with other Facebook products or third-parties. This encompasses promoting safety, security, and integrity, providing Portal and Facebook Pay integrations, and last but not least, "improving their services and your experiences using them, such as making suggestions for you (for example, of friends or group connections, or of interesting content), personalizing features and content, helping you complete purchases and transactions, and showing relevant offers and ads across the Facebook Company Products." One section that's received a major rewrite is "Automatically Collected Information," which covers "Usage and log Information," "Device And Connection Information," and "Location Information." "We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services (including when you interact with a business), and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports. This also includes information about when you registered to use our Services; the features you use like our messaging, calling, Status, groups (including group name, group picture, group description), payments or business features; profile photo, "about" information; whether you are online, when you last used our Services (your "last seen"); and when you last updated your "about" information." WhatsApp's revised policy also spells out the kind of information it gathers from users' devices: hardware model, operating system information, battery level, signal strength, app version, browser information, mobile network, connection information (including phone number, mobile operator or ISP), language and time zone, IP address, device operations information, and identifiers (including identifiers unique to Facebook Company Products associated with the same device or account). "Even if you do not use our location-related features, we use IP addresses and other information like phone number area codes to estimate your general location (e.g., city and country)," WhatsApp updated policy reads. Concerns About Metadata Collection While WhatsApp is end-to-end encrypted, its privacy policy offers an insight into the scale and wealth of metadata that's amassed in the name of improving and supporting the service. Even worse, all of this data is linked to a user's identity. Apple's response to this unchecked metadata collection is privacy labels, now live for first- and third-party apps distributed via the App Store, that aim to help users better understand an app's privacy practices and "learn about some of the data types an app may collect, and whether that data is linked to them or used to track them." The rollout forced WhatsApp to issue a statement last month. "We must collect some information to provide a reliable global communications service," it said, adding "we minimize the categories of data that we collect" and "we take measures to restrict access to that information." In stark contrast, Signal collects no metadata, whereas Apple's iMessage makes use of only email address (or phone number), search history, and a device ID to attribute a user uniquely. There's no denying that privacy policies and terms of service agreements are often long, boring, and mired in obtuse legalese as if deliberately designed with an intention to confuse users. But updates like this are the reason it's essential to read them instead of blindly consenting without really knowing what you are signing up for. After all, it is your data. UPDATE: Why Zuckerberg Wants to Integrate WhatsApp and Facebook? In a statement shared with The Hacker News, a WhatsApp spokesperson justifies integrating both platforms by saying: "As we announced in October, WhatsApp wants to make it easier for people to both make a purchase and get help from a business directly on WhatsApp. While most people use WhatsApp to chat with friends and family, increasingly people are reaching out to businesses as well. To further increase transparency, we updated the privacy policy to describe that going forward businesses can choose to receive secure hosting services from our parent company Facebook to help manage their communications with their customers on WhatsApp." "Though of course, it remains up to the user whether or not they want to message with a business on WhatsApp. The update does not change WhatsApp's data sharing practices with Facebook and does not impact how people communicate privately with friends or family wherever they are in the world. WhatsApp remains deeply committed to protecting people's privacy. We are communicating directly with users through WhatsApp about these changes so they have time to review the new policy over the course of the next month." Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to read more exclusive content we post. Sursa; https://thehackernews.com/2021/01/whatsapp-will-delete-your-account-if.html

Nissan NA source code leaked due to default admin:admin credentials By Ionut Ilascu January 8, 2021 Multiple code repositories from Nissan North America became public this week after the company left an exposed Git server protected with default access credentials. The entire collection is around 20 gigabytes large and contains source code for mobile apps and various tools used by Nissan internally for diagnostics, client acquisition, market research, or NissanConnect services. It is unclear if Nissan learned about the leak by itself or received a tip, but the company took down the insecure server on Tuesday before media outlets started publishing news of the incident. Complete git repos dump Swiss developer and reverse engineer Tillie Kottmann, who maintains a repository of leaked source code from various sources and their scouting of misconfigured devops tools, posted a summary of the Nissan leak: Nissan NA Mobile apps Parts of the ASIST Diagnostic System software Dealer Business Systems/Dealer Portal Nissan internal core mobile library Nissan/Infiniti NCAR/ICAR services Client acquisition and retention tools Sale/market research tools and data Various marketing tools Vehicle logistics portal Vehicle connected services/Nissan connect things Various other backends and internal tools Kottmann told BleepingComputer that someone had informed them of the server and the admin/admin access credentials. Once the word got out, a torrent link for Nissan source code collection started being shared online; so despite Nissan's effort, the data remains in the hands of unauthorized third-parties. Repository pulled In a conversation with Kottmann, they said that the company contacted them about hosting the repositories and that they would likely remove them. It happened on Thursday. The developer told us on a different occasion that they comply with takedown requests and are even willing to provide tips for improving the security of a company's infrastructure if asked. Their public repository on GitLab contains folders with data from big companies like Pepsi, Toyota, SunTech, AMD, Motorola, Mediatek, Sierra Nevada Corporation, or the U.S. Air Force Research Laboratory. Although not all folders have sensitive data they may contain information meant to be private or that could lead to protected assets. Sursa: https://www.bleepingcomputer.com/news/security/nissan-na-source-code-leaked-due-to-default-admin-admin-credentials/

Nu ai cum, mail-urile in general nu sunt facute publice pe site-uri. Nici nu ar fi normal, mai ales din motive de confidentialitate. De exemplu aici pe forum, nu apare niciunde public mail-ul tau si Google nu are de unde sa il ia. La fel pe majoritatea site-urilor. Poti cauta intre ghilimele mail-ul tau si sa vezi pe ce pagini publice e indexat, dar mai mult nu ai ce sa faci. Sau poti sa incerci sa dai Forgot Password pe cat mai multe site-uri si sa vezi pe unde ai cont. Nu ar trebui sa dureze asa mult.

Understanding BitLocker TPM Protection January 5th, 2021 by Oleg Afonin Investigating a BitLocker-encrypted hard drive can be challenging, especially if the encryption keys are protected by the computer’s hardware protection, the TPM. In this article, we’ll talk about the protection that TPM chips provide to BitLocker volumes, and discuss vulnerabilities found in today’s TPM modules. What is TPM Trusted Platform Module (TPM) is a standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. On a physical level, the TPM might be implemented as a built-in chip, an additional module one can install into a slot on the desktop motherboard, or as a virtual emulator (the Intel PTT technology). Infineon Optiga TPM chips: Standalone TPM module for Asus motherboards: The platform consists of a secure cryptoprocessor and a small amount of built-in memory. The main functions of TPM are the generation, storage and secure management of cryptographic keys; in particular, the BitLocker keys. The operating system must provide APIs for developers for accessing the TPM, and uses TPM to manage encryption keys. In this article, I will talk about the role of TPM in BitLocker encryption. When Windows developers were designing the disk encryption scheme, they attempted to counter the following threats: Signing in to the user’s account without valid authentication credentials Moving the hard drive to a different system for analysis Altering the computer’s configuration for gaining access to the data Running an alternate OS for gaining access to the data The top priority, however, was that the protection was as transparent and as unobtrusive to the user as possible. Ideally, the user would never notice the encryption; this goal has been achieved. For those who need extra protection against additional threats, the developers allowed specifying a pre-boot PIN code or adding other types of protectors (e.g. a physical smartcard or USB drive). How BitLocker works BitLocker makes use of symmetric encryption. By default, AES-128 is used to encrypt data in either XTS (new) or CBC (legacy) mode. The data is encrypted with VMK (Volume Master Key), which in turn can be obtained in one of the following ways: Decrypted with the user’s encryption password, if this protector is enabled for a given volume. Decrypted with a Recovery Key. The Recovery Key is generated automatically once the encryption is enabled for the first time. The key is then either stored to a file, uploaded to the user’s Microsoft Account of saved in Active Directory. (You are here) Extracted from the TPM module when certain conditions are met. This is how Bitlocker communicates with TPM: The basic principle of TPM is very similar to blockchain. During the boot, the system builds chain of trust, which is stored in PCR (Platform Configuration Register) registers. This is what happens when the computer boots: Power on. SRTM (Static root of trust for measures) is the first trusted module is loaded. This module is stored in the computer’s ROM, and cannot be altered. A vulnerability in this module breaks the entire protection scheme, which was clearly demonstrated by the developers of the checkm8 exploit for iOS devices. SRTM inserts the first record into the chain of trust by calculating the hash value of the computer’s BIOS. The hash is stored in a PCR register. UEFI BIOS loads. The BIOS analyzes the computer’s configuration including the hard drive partitioning, the MBR (Master Boot Record), bootloader and many other parameters including firmware checksums of certain components (e.g. fingerprint readers or smartcard readers). Notably, the value of the previous PCR register is used to calculate new hash values, which means that any modification of a single PCR register breaks the entire chain. After filling out several PCR registers, BIOS loads the bootloader from the MBR. The bootloader inserts a few more records. Finally, the OS kernel starts. The kernel keeps adding to the chain of trust. As you can see, once the OS is finally loaded, the PCR registers contain the entire chain of trust. Note that the TPM module does not allow modifying PCR registers; one cannot alter existing records, only add new ones. This is how it all looks: BitLocker encryption Once the user enables BitLocker on a disk volume, Windows generates a random volume master key (VMK) as well as a recovery key. The master key is then stored in the TOM module; it is also encrypted with the recovery key. The encrypted VMK is then saved in the disk header. Once the computer is rebooted, the following happens: All PCR registers are zeroed out. The system follows steps 1 through 4 described earlier. The OS kernel attempts unlocking the encrypted volume and requests the VMK from the TPM module. The TOM module in turn analyzes the chain of trust by checking PCR registers. If the chain of trust is corrupted, the VMK is not released; the OS kernel than displays a message requesting the user to unlock the volume with a Recovery Key. As you can see, if the computer is powered off, the only way to obtain the VMK is by launching the original OS in its original configuration. Altering a single component will trigger the prompt for Recovery Key. Bypassing TPM Most often than not, you are analyzing a ‘cold’ system. If this is the case, make sure to capture the disk image before everything else. You can use Elcomsoft System Recovery to do that. Before taking the image, you’ll be able to see the list of disk partitions along with their encryption settings. If the tool reports that the disk is encrypted with BitLocker but the password hash cannot be extracted, you’ll have to either use the Recovery Key or attempt to extract the VMK from TPM. Extracting Volume Master Key from RAM If you are able to sign in to the computer, you may attempt capturing its memory image. By analyzing the RAM image with Elcomsoft Forensic Disk Decryptor you may be able to discover the master key and decrypt the volume without any other attacks. This, however, will not be possible if the user specified a pre-boot protector such as an extra PIN code (TPM+PIN). If you attempt to brute-force the PIN, the TPM will panic and lock access to the encryption key either permanently or for a period of time. While you may prefer live system analysis to capturing the encryption key and decrypting the disk image, offline analysis is significantly more forensically sound even if labor-intensive. Cold boot and FireWire/Thunderbolt attacks The fact that TPM releases the VMK at an early stage allows for a quite unique attack often called the ‘cold boot attack. This attack is based on the fact that the computer’s memory chips retain their content for several seconds after being powered off. However, if cooled to sub-zero temperatures, the modules will retain data for much longer. During the cold boot attack, you would start the computer and wait while the system boots up. By the time the computer presents the login prompt, the BitLocker volume would be already mounted, and the VMK decrypted and stored in the computer’s RAM. You would then cool the RAM modules with a commercially available refrigerant spray, immediately remove the modules, install them into the test computer and boot it into a Linux image with LiME kernel extension. You can then dump the memory image and scan it with Elcomsoft Forensic Disk Decryptor for BitLocker encryption keys. A similar attack is available for older systems running Windows 7 and Windows 8 if they are equipped with a FireWire or Thunderbolt port or a PC Card slot. If this is the case, you can attempt capturing the memory dump with the infamous Inception tool (yes, it’s “that Python tool”). A memory dump made with Inception can be loaded into Elcomsoft Forensic Disk Decryptor and scanned for the master key. The VMK be then used to either completely decrypt the disk image or mount it for faster analysis. Unfortunately, this method is only available on older systems running Windows 7 or Windows 8. Windows 8.1 already fixes the vulnerability by disabling DMA via Thunderbolt when the computer is sleeping or locked. The Sleep Mode attack In 2018, researchers Seunghun Han, Wook Shin, Jun-Hyeok Park, and HyoungChun Kim from National Security Research Institute published a paper named A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping (PDF). When the computer enters the energy-saving sleep state, the TPM saves its PCR registers in NVRAM, and restores them when the computer wakes up. The researchers discovered that, at this brief moment, the PCR registers can be manipulated, thus reading the chain of trust or modifying its content. The researchers notified major motherboard manufacturers such as Intel, Lenovo, Gigabyte, Dell, and hp, who in turn patched the vulnerability in BIOS updates. However, since few users install BIOS updates, there are many computers still vulnerable to this exploit. Seunghun Han released two tools: Napper for TPM and Bitleaker. The first tool can be used to test the computer’s TPM chip for the “Bad Dream” vulnerability, while the second tool is the actual exploit one can run if the TPM module has the unpatched vulnerability. The second tool requires manually creating a Live CD with Ubuntu, compiling and installing Bitleaker according to the manual. You will need to disable Secure Boot to run the tool. The alternative way would be signing the modified bootloader and kernel with your signature and adding the public key to BIOS; this, however, defies the purpose as it alters the content of PCR registers. Intercepting TPM signals TPM modules are connected to the computer via the LPC (Low Pin Count) bus. This bus is used to carry data between “slow” devices, such as the serial ports. It operates at the frequency of 33 MHz. Denis Andzakovic claims that, by default, Microsoft BitLocker protected OS drives can be accessed by sniffing the LPC bus, retrieving the volume master key when it’s returned by the TPM, and using the retrieved VMK to decrypt the protected drive. For TPM 1.2, he used the DSLogic Plus logic analyzer with USB interface. However, he found it to be far from perfect for sniffing TPM traffic as he had to solve synchronization problems and even patch the firmware. However, he was able to successfully extract the VMK from the TPM module. Sniffing TPM 2.0 was way easier with a cheap FPGA Lattice ICEStick and a specal firmware designed for sniffing TPM modules. All he needed to do was soldering the pins, enabling the sniffer and obtaining the master key. More on that in Denis’ original article. Note that desktop motherboards with add-on TPM chips are even easier to sniff with no soldering required. This method works in BitLocker’s default configuration. If the user enables pre-boot authentication with a PIN code, the PIN code will be required to make TPM release the VMK. This method will not work for Intel PTT as there is no physical access to the module’s interface. FPGA Lattice iCEStick: Connecting to the TPM chip: Conclusion Combined with TPM, BitLocker enables secure protection against unauthorized access. Despite the fact that the TPM chip itself does not do encryption, gaining access to the encryption key is not an easy task. I described a number of methods that can be used to extract the encryption keys from the TPM module. Even if you never use any of them, they are certainly worth being part of your arsenal. Sursa; https://blog.elcomsoft.com/2021/01/understanding-bitlocker-tpm-protection/

Comunitatea serviciilor de informații din SUA spune că Rusia este “probabil” în spatele recentelor atacuri cibernetice asupra a numeroase agenții guvernamentale și companii. Subliniază că a fost mai degrabă o tentativă de spionaj, nu o intenție de a provoca alte pagube. acum 9 ore Comunicatul comun emis de patru instituții americane, inclusiv FBI și NSA, reprezintă cea mai fermă reacție a autorităților cu privire la acest atac, chiar dacă și secretarul de stat Mike Pompeo a spus că implicarea Moscovei în acest caz este ”destul de clară”. De altfel, imediat după afirmația lui Pompeo, Donald Trump minimaliza importanța atacului și presupusul rol al Rusiei, spunând chiar că acesta ar fi fost coordonat de către China. După această breșă de securitate, experți din mai multe agenții guvernamentale s-au întâlnit zilnic, de două ori pe zi, pentru a studia modul în care au acționat hackerii. Totuși, nici până acum nu este clar cât de grav a fost atacul și ce cantitate de informații a fost extrasă. Ar putea dura ani până se va afla ce date au fost furate exact. Experții cred că este vorba despre importante secrete instituționale, inclusiv despre programe nucleare sau despre vaccinul anti-Covid. Surse alternative: CNN, Reuters, Washington Post Sursa: https://www.biziday.ro/comunitatea-serviciilor-de-informatii-din-sua-spune-ca-rusia-este-probabil-in-spatele-recentelor-atacuri-cibernetice-asupra-a-numeroase-agentii-guvernamentale-subliniaza-ca-a-fost-m/

Da, vrem pe cineva care sa se descurce singur, din prima zi, indiferent de proiect (le avem impartite intre noi si uneori colaboram). Trebuia sa mentionez si referitor la lucrul remote. In aceasta perioada, normal, se lucreaza 100% remote. Dar dupa pandemie, nu cred ca va mai fi 100% remote. O posibilitate e ca lunea si vinerea sa se poata lucra de acasa, dar marti-joi sa se vina la birou (nu e o problema daca nu se poate din diverse motive, dar probabil va trebui venit pe la birou). La birou, sa zicem ca nu e chiar rau, deloc

Salut, cautam un Senior Penetration Tester pentru echipa noastra. Din echipa facem parte 3 persoane de pe forum si manager-ul nostru. Avem mai multi alti colegi in echipa de security, dar pe partea de pentest (Product Security) noi suntem. Ce facem, in mare: - mult web security - mult code review, ASP.NET, JavaScript, Java dar si altele - sunt si aplicatii desktop, dar au la baza tot tehnologii web (o parte dintre ele) Ca sa nu dezamagim, cautam pe cineva cu foarte multa experienta pe web si sa stie si parte de code review. O parte dintre lucrurile pe care le vom face impreuna tine doar de code review, dar nu va ganditi la ceva extrem de greu. Avem in plan sa facem si red team, external network pentest, cloud security si altele, dar in marea majoritate a timpului cam asta facem. Mentionez asta ca sa nu vina persoane care vor sa faca mult exploit development sau red team. Nu de alta, dar vrem sa vina cineva caruia sa ii placa ce facem. Puteti aplica direct pe site. Daca aveti intrebari, postati aici sau trimiteti-mi un mesaj privat. Descrierea oficiala: At UiPath we see boundless potential in the way we live. It drives the way we work. Our culture is our most valuable asset, that's why it acts like a compass to us. We’re fast, immersed, humble and bold. And that’s not just words on the walls. Eliminating time-consuming tasks means people get to do more of what they love. It’s an inspiring, high stakes challenge that motivates us, and this common passion bonds UiPath employees globally. We all strive every day to be better and to accelerate human achievement. We make robots, but we hire people. Would you like to be part of this journey? UiPath is looking for a senior penetration tester to help and grow the security assessment function related to its products and cloud infrastructure. Your mission: You will develop and apply formal security centric assessments against existing and in-development UiPath products as well as UiPath's cloud environment. You might also be part in other activities such as red teaming, trainings for development teams or management of our bug bounty program. A successful Penetration Tester at UiPath is a self-starter, with strong problem-solving skills. Ability to maneuver in a fast-paced environment is critical, as well as handling ambiguity coupled with a deep grasp of various security threats. As a true owner of security in UiPath, great writing skills are needed, coupled with the ability to interact with stakeholders across multiple departments and teams. The Senior Penetration Tester acts as a mentor for technical peers and can transpose testing strategies and results in high level non-technical language. This is what you'll do at UiPath: Penetration testing on products and cloud infrastructure Security testing of desktop applications (Windows) Source code review (multiple programming lanugages) Recommendation of threat mitigations Security training and outreach to internal development teams Security guidance documentation Security tool development Security metrics delivery and improvements Assistance with recruiting activities This is what you'll bring to UiPath: BS in Computer Science or related field, or equivalent work experience Minimum of 7 years of experience with penetration testing at application and infrastructure layers Minimum of 5 year of experience in working with developers, with personal skills in coding/scripting Good understanding of cyber-attack tools and techniques Good knowledge of attacking services hosted in cloud (Azure, AWS, GCP) Experience writing POCs for discovered vulnerabilities Good knowledge of operating system, network and database security Advanced knowledge and understanding of web application security Experience using various penetration testing tools (such as, BurpSuite, Metasploit, Nessus, etc.) Experience using debuggers, disassemblers for reverse engineering (Ida) Experience with Red Team exercises Experience with multiple programming languages Life at UiPath like a lot of startups, can sometimes feel like a roller coaster. It comes with changes and challenges, but also with the opportunity to shape how work is done, to have great impact and learn a great deal. At UiPath, we value a range of diverse backgrounds experiences and ideas. We pride ourselves on our diversity and inclusive workplace that provides equal opportunities to all persons regardless of age, race, color, religion, sex, sexual orientation, gender identity and expression, national origin, disability, military and/or veteran status, or any other protected classes. UiPath is committed to working with and providing reasonable accommodation to individuals with disabilities. If you have a medical condition or disability which inhibits your ability to complete any part of the application process, and are in need of a reasonable accommodation to complete the process, please contact us @ TALeaders@uipath.com and let us know how we may assist you. This notice together with our Privacy Policy and Terms of Use of this website and any other documents we mention here are meant to inform you on what personal data about you we collect, use, disclose, share or otherwise process when you are applying for a job at UiPath or when UiPath contacts you for recruitment purposes. Please read this policy carefully to understand our views and practices on how we protect your personal data. Link: https://www.uipath.com/company/careers/europe/bucharest/engineering-development/senior-penetration-tester

Da, ce mi se pare ciudat e ca tehnica nu e tocmai noua, ma gandeam ca au facut ceva pentru a o preveni.

Google Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA January 05, 2021 Ravie Lakshmanan A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. Researcher Nikolai Tschacher disclosed his findings in a proof-of-concept (PoC) of the attack on January 2. "The idea of the attack is very simple: You grab the MP3 file of the audio reCAPTCHA and you submit it to Google's own speech-to-text API," Tschacher said in a write-up. "Google will return the correct answer in over 97% of all cases." Introduced in 2014, CAPTCHAs (or Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of challenge-response test designed to protect against automated account creation and service abuse by presenting users with a question that is easy for humans to solve but difficult for computers. reCAPTCHA is a popular version of the CAPTCHA technology that was acquired by Google in 2009. The search giant released the third iteration of reCAPTCHA in October 2018. It completely eliminates the need to disrupt users with challenges in favor of a score (0 to 1) that's returned based on a visitor's behavior on the website — all without user interaction. The whole attack hinges on research dubbed "unCaptcha," published by University of Maryland researchers in April 2017 targeting the audio version of reCAPTCHA. Offered for accessibility reasons, it poses an audio challenge, allowing people with vision loss to play or download the audio sample and solve the question. To carry out the attack, the audio payload is programmatically identified on the page using tools like Selenium, then downloaded and fed into an online audio transcription service such as Google Speech-to-Text API, the results of which are ultimately used to defeat the audio CAPTCHA. Following the attack's disclosure, Google updated reCAPTCHA in June 2018 with improved bot detection and support for spoken phrases rather than digits, but not enough to thwart the attack — for the researchers released "unCaptcha2" as a PoC with even better accuracy (91% when compared to unCaptcha's 85%) by using a "screen clicker to move to certain pixels on the screen and move around the page like a human." Tschacher's effort is an attempt to keep the PoC up to date and working, thus making it possible to circumvent the audio version of reCAPTCHA v2 by "Even worse: reCAPTCHA v2 is still used in the new reCAPTCHA v3 as a fallback mechanism," Tschacher noted. With reCAPTCHA used by hundreds of thousands of sites to detect abusive traffic and bot account creation, the attack is a reminder that it's not always foolproof and of the significant consequences a bypass can pose. In March 2018, Google addressed a separate flaw in reCAPTCHA that allowed a web application using the technology to craft a request to "/recaptcha/api/siteverify" in an insecure manner and get around the protection every time. Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to read more exclusive content we post. Sursa: https://thehackernews.com/2021/01/google-speech-to-text-api-can-help.html