Nytro

Merge acum?

[h=1]Win32/Morto – Made in China, now with PE file infection[/h]by Pierre-Marc Bureau Security Intelligence Program Manager In July 2012, our virus laboratory came across what we first thought was a new family of malware. The threat spread by infecting Portable Executable or PE files used by Windows, but this malware also infected systems through remote desktop and network shares. After further analysis, we realized we were dealing with a new version of a known malware family: Win32/Morto. The author of this malware – which had already infected thousands of hosts – had updated his creation to add file infection capabilities. Win32/Morto is best known for being a computer worm, that is, a fully-self-contained rogue program that spreads copies of itself. Adding file-infecting code allows the worm to function as a computer virus as well by attaching copies of itself to other programs which can then be used to further spread the infection. This type of evolution is out of the ordinary and it prompted us to dig further in order to understand this malware better. We are presenting the results of our analysis this week at the AVAR conference in HangZhou, China. This blog contains a summary of the key findings presented at the conference. Our analysis shows that adding file infection capabilities to this malware had a significant impact on the speed at which it spread. The next figure shows the number of detections of this threat over time. We clearly see a sharp increase in detections around July; this is when the malware was updated to start infecting PE files. Other characteristics of this malware have remained constant across variants. For example, Win32/Morto has been using the DNS infrastructure to receive commands from its operator. The bot will make a DNS TXT request and will decode the received text so as to update its modules. The figure below shows one such DNS TXT response with the encoded string, which contains the update information. The information is encoded using an algorithm close to base64, but with a different alphabet. The information received by the bot is simply a list of modules to be downloaded, decrypted and executed. During the last four months, we have seen three different modules being used by the bot. One of the modules is an update to the viral code used for maintaining persistence and infecting files, one module is used to spread by exploiting weak passwords in Remote Desktop and the last module is used to launch distributed denial of service attacks and to display advertisements on the infected system. There are several clues in the malware code that suggest it was written by a native Chinese speaker. For example, the User-Agent string used by the malware advertises the Chinese language. The geographical distribution of this threat also hints as to its origin. The following figure shows the geographical distribution of Win32/Morto detections. The dark blue color indicates a high proportion of detections while light yellow shows a small proportion of detections. The map shows a significant number of detections through Asia, including Mongolia, Tajikistan, Uzbekistan and China. This might also indicate where the infection started and continued to spread. The two main infection vectors of Win32/Morto are through file infection and the exploitation of weak Remote Desktop credentials. We recommend that users use strong passwords and use an up-to-date antivirus solution to help them stay protected from this threat. Acknowledgment: I would like to acknowledge François Chagnon and Miroslav Babis for their help in analyzing Win32/Morto. Sursa: Win32/Morto – Made in China, now with PE file infection | ESET ThreatBlog

[h=1]Microsoft Security Bulletin Summary for November 2012[/h]Published: Tuesday, November 13, 2012 | Updated: Wednesday, November 14, 2012 This bulletin summary lists security bulletins released for November2012. With the release of the security bulletins for November 2012, this bulletin summary replaces the bulletin advance notification originally issued November 8, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. Microsoft is hosting a webcast to address customer questions on these bulletins on November 14, 2012, at 11:00 AM Pacific Time (US & Canada). Register now for the November Security Bulletin Webcast. After this date, this webcast is available on-demand. Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information. [h=3]Bulletin Information[/h][h=4]Executive Summaries[/h]The following table summarizes the security bulletins for this month in order of severity. For details on affected software, see the next section, Affected Software and Download Locations. Vedeti link-ul: http://technet.microsoft.com/en-us/security/bulletin/ms12-nov Cam multe Remote Code Execution, deci "stay safe".

Ooo da, asa, pe fata...

Ok, sper sa am diseara timp... 1. Fac o lista cu intrebari din domeniul securitatii IT 2. Intrebarile nu isi vor gasi raspuns usor pe Google si vreau raspunsuri "explicate" si vor fi din: putina programare, securitate web, sisteme de operare, retelistica, cunostinte generale 3. La intrebari se va raspunde pe mesenger pentru a ma asigura ca raspunsul vine prompt si nu se cauta ore pe Google 4. Dau ban tuturor care au dat like postului meu si celor care sunt de acord cu test la inregistrare 5. Astept sa ma contacteze (voi face un ID de mesenger pentru asta) 6. Le pun acele intrebari si daca nu raspund corect raman pe dinafara Asa e corect. Din moment ce unii au cont "free", altii de ce sa trebuiasca sa dea un test pentru a intra? Si cu aceasta ocazie ii verificam si pe cei care doresc acest lucru. De acord?

Apare un nou protocol care imbunatateste cu pana la 700% semnalul WiFi! de Redactia Hit | 15 noiembrie 2012 Cercetatorii de la NC State University (NCSU) au descoperit un noua cale de a amplifica si imbunatati retele WiFi. Dezvoltatorii vorbesc despre un protocol care imbunatateste cu pana la 700% semnalul! Partea cea mai interesanta a proiectului este ca nu vorbim despre infrastructura sau componente noi dezvoltate de cercetatori, ci doar despre software. Pachetul dezvoltat de cei de la NCSU monitorizeaza punctele de acces si reduce timpul de retransmitere a datelor catre utilizatori (tot printr-un singur canal). Asta inseamna ca pe actualele retele s-ar putea face, cu putin efort, un update pentru optimizarea semnalului. Noul protocol, denumit WiFox, descongestioneaza practic traficul de date din reteaua respectiva in momentul in care este folosita de un numar mare de utilizatori. Sursa: The Next Web Via: Apare un nou protocol care imbunatateste cu pana la 700% semnalul WiFi! | Hit.ro

Converting .docx to pdf (or .doc to pdf, or .doc to odt, etc.) with libreoffice on a webserver on the fly using php Vezi si asta: http://www.phplivedocx.org/

Postez aici pentru a nu deschide un nou topic. Mica rearanjare a categoriilor: "Web Design Stuff" a devenit "Web Development" si se regaseste sub sectiunea de "Programare" dupa cum probabil ati vazut.

Windows Research Kernel The Windows Academic Program supplies universities with concepts, code, and projects useful for integrating core Windows® kernel technologies into teaching and research. The program includes Windows OS Internals Curriculum Resource Kit (CRK), ProjectOZ, and Windows Research Kernel. These components illustrate real-world examples of the principles taught in class and provide source code and materials for academic purposes. You can explore the program resources using the Online Resource Kit or download the components below. Download: http://jacekowski.org/WindowsResearchKernel-WRK.zip http://www.filetransfer.ro/5tk72D http://www.multiupload.nl/C0CW6Y105G http://www.speedyshare.com/8dR72/WindowsResearchKernel-WRK.zip A se vedea si: http://kernelexplorer.net/blogs/kore/archive/2009/04/19/Building-the-Windows-kernel.aspx

PDF Search Engine http://openpdf.info/ Mi se pare foarte util, gaseste link-uri directe.

Cracking the WPA Security Standard By Andrew Garcia | Posted 2008-11-09 Analysis: As security researchers prepare to discuss how they were able to subvert the WPA wireless security standard, eWEEK Labs outlines what this means to wireless administrators. At the PacSec conference in Tokyo the week of Nov. 10, researchers Erik Tews and Martin Beck will outline the attack they created to subvert WPA wireless security protections. Although the attack is limited in scope at this time-as it only affects TKIP (Temporal Key Integrity Protocol)-protected networks and can only be used to inject traffic but not to steal data-there is sure to be significant confusion about the effects of the attack. In this article, I have outlined five points about the attack and its consequences that are crucial for wireless administrators to understand-about how it works, what its limits are, and what can be done to protect wireless networks and the data they carry from attackers. First of all, the attack by Tews and Beck only works against networks protected with TKIP. TKIP, originally called WEP2, was an interim standard adopted to allow wireless users to have an upgrade from the broken WEP (Wired Equivalent Privacy) protocol that lets them protect their wireless data without requiring an investment in new hardware. TKIP took the basics of WEP (and therefore uses the same RC4 stream cipher), enforced a longer encryption key, added per-packet keys, boosted the Initialization Vector used to generate keys from 24-bit to 48-bit in length, and added a new Integrity Check checksum (called Michael). It is Michael that is at the root of the new attack. The attack, which leverages a modified chop-chop attack that allows the decryption of individual packets without cracking the Pairwise Master key (the shared secret between clients and the network used for encryption), goes after the Pairwise Transient Key protecting the session in order to interpret very small packets (like an ARP) of just a few bytes of unknown data. The attacker must probe cautiously because Michael will shut down a device for 60 seconds and rekey if it sees two Michael errors within a minute. However, because there is little to guess in these small packets, the attacker only needs to spend a few minutes (12 to 15 minutes, from what I understand) probing Michael until it stops returning errors. At that point, the attacker can then go to work with the chop-chop attack to get past the integrity check built into the original WEP (that TKIP still uses). AES-protected networks, on the other hand, are immune to this attack, as AES uses an entirely different keying method called CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol). Second, because the encryption key is not broken as part of this attack, and the subversion of the Michael Integrity Check the attack uses is really only practical when interpreting small packets (too much to guess and not enough time before a regularly scheduled rekeying event happens), an attacker cannot decrypt and steal data from over the air. However, the attack (along with some MAC spoofing) allows the attacker to pose as an access point in order to inject a small amount of traffic into the stream. This traffic injection could be used to poison the client's ARP or DNS caches, redirecting the machine to an unintended (and possibly nefarious) destination. "In the worst possible case scenario, the attacker can inject-pretending to be the access point-up to seven packets to the client," said Rick Farina, senior wireless security researcher at AirTight Networks. "The client will accept these as validly encrypted. You could cause all kinds of denial-of-service conditions by ARP spoofing, or you could probably convince the client to talk to a server on the Internet." However, wireless users and administrators should not be fooled into thinking WPA2 equals safety from this attack. The WPA2 Wi-Fi certification standard includes both AES- and TKIP-based security as options, so wireless administrators must make sure that a WPA2-protected network only supports AES encryption in order to be safe from this attack. Third, from what I gather, the mode of authentication used for a WPA with a TKIP network does not make a difference. This attack should work against TKIP-protected networks running either preshared key or 802.1x/EAP authentication, since the attack is going after the Pairwise Transient Key, which is used in both cases. However, enterprise wireless administrators may be able to tune their networks to rekey at a faster rate than normal to thwart the attack (I've heard the attack authors recommend rekeying every 2 minutes). But wireless administrators should evaluate carefully whether the performance impact from this change is significantly greater than the impact derived from moving to AES encryption instead. Also, since this is not a brute force attack, wireless administrators should be aware that the length of a preshared key does not make a difference with this attack. Fourth, you may already have defenses in place to protect you from this attack. Companies using Wireless Intrusion Detection and Prevention technology, like that provided by AirTight Networks or Motorola's AirDefense unit, should have some protection from this attack right away. These systems can definitely identify MAC spoofing that would be used as part of an attempt to inject traffic. Location detection tools could also be useful: Since the attacker has to pose as an access point, the system should throw up immediate warnings if it looks like an access point suddenly moved. Presumably, WIPS vendors are right now cooking up new detections as well to help find and correlate any Michael errors that must occur as part of the attack. Since Michael errors are rare (it's pretty hard to accidentally change data payload without changing the checksum hash), a regular stream of Michael errors happening every 61 seconds or so should be easy to detect and send out an alert. As a temporary workaround solution, TKIP enjoyed a remarkably good run without coming under serious threat. However, with this first attack now published (and early-generation tools using the attack, like aircrack-ng, available in the wild), undoubtedly TKIP will come under significantly more scrutiny in the months to come. Consequently (fifth), even though the encryption is not yet broken, wireless administrators should start re-evaluating the use of WPA and TKIP. Many companies are already faced with some wireless upgrades to come into compliance with PCI 1.2, which last month finally put a timeline in place for retiring WEP as a security measure on wireless networks carrying sensitive data. For those companies needing to finally retire old scanners, bar code readers or other wireless mobile devices used for transactions, make sure to look for AES support on your next equipment investments. Fortunately, most enterprise-grade equipment bought in the last four years will have support for AES. However, some patches may be necessary to get common client devices up to speed. Windows Mobile devices running versions prior to WM 6.1 may not offer AES support, so mobile administrators should investigate whether an upgrade is available. Also, those who use the Windows XP and the Zero-Config wireless tool (but have not yet installed Windows XP SP3) will also need to install a patch to add AES support. eWEEK Labs Senior Technical Analyst Andrew Garcia can be reached at agarcia@eweek.com. Sursa: Cracking the WPA Security Standard

256-bit AES Encryption for SSL and TLS: Maximal Security Updated 12/7/2011 with AES security data for the newest browsers and mobile devices. SSL and TLS are the workhorses that provide the majority of security in the transmission of data over the Internet today. However, most people do not know that the degree of security and privacy inherent in a “secure” connection of this sort can vary from “almost none” to “really really good … good enough for US government TOP SECRET data”. The piece which varies and thus provides the variable level of security is the “cipher” or “encryption technique”. There are a large number of different ciphers — some are very fast and very insecure. Some are slower and very secure. Some weak ones (export-grade ciphers) are around from the days when the USA did not permit the export of decent security to other countries. AES, the Advanced Encryption Standard, is a relatively new encryption technique/cipher that is the successor of DES. AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric key cryptography (which, for example, is used for the actual data transmission in SSL and TLS). It is also the “gold standard” encryption technique; many security-conscious organizations actually require that their employees use AES-256 (256-bit AES) for all communications. This article discusses AES, its role in SSL, which web browsers and email programs support it, how you can make sure that you only use 256-bit AES encryption of all secure communications, and more. More about AES AES has been available in most cryptographic libraries for a long time. It was available in “OpenSSL” starting in 2002 with v0.9.7. OpenSSL is the foundation of most SSL services in UNIX and Linux environments, such as that used by LuxSci. GPG, the open source implementation of PGP, also include an AES 256 option. So, while AES is the new kid on the block, it has been around long enough to permeate most software. However, as we shall see, this does not mean that is its actually being used on your computer! How Secure is 256-bit AES? AES is FIPS (Federal Information Processing Standard) certified and there are currently no known non-brute-force direct attacks against AES (except some side channel timing attacks on the processing of AES that are not feasible over a network environment and this not applicable to SSL in general). In fact, AES security is strong enough to be certified for use by the US government for top secret information. The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use.” (Lynn Hathaway, June 2003 – reference.) If you have the choice of encryption methods, 256-bit AES is the method to choose. Also good are 128-bit and 192-bit versions of AES. Tutorial complet: http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html

Cine mai e de acord ca trebuie dat test la inregistrare?

1. De acord daca te ocupi tu si mai gasesti pe cineva care sa te ajute 2. Unele sunt ok pentru cateva zile, sa nu ii "descurajam" pe doritorii nostri de parole de Firefox 3. De ce nu? Cam toata lumea trece la Windows 7, procentul de compatibilitate e foarte mare

Computer Science from the Bottom Up Ian Wienand <ian@wienand.org> Copyright © 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Ian Wienand Computer Science from the Bottom Up — A free, online book designed to teach computer science from the bottom end up. Topics covered include binary and binary logic, operating systems internals, toolchain fundamentals and system library fundamentals. Table of Contents Introduction Welcome Philosophy Why from the bottom up? Enabling technologies 1. General Unix and Advanced C Everything is a file! Abstraction and function pointers Application Programming Interfaces Libraries Summary Exercises Standard File Descriptors The Shell Redirection 2. Binary and Number Representation Binary -- the basis of computing Binary Theory Hexadecimal Practical Implications Types and Number Representation C Standards Types Number Representation 3. Computer Architecture The CPU Branching Cycles Fetch, Decode, Execute, Store CISC v RISC Memory Memory Hierarchy Cache in depth Peripherals and busses Peripheral Bus concepts DMA Other Busses Small to big systems Symmetric Multi-Processing Clusters Non-Uniform Memory Access Memory ordering, locking and atomic operations 4. The Operating System The role of the operating system Abstraction of hardware Multitasking Standardised Interfaces Security Performance Operating System Organisation The Kernel Userspace System Calls Overview Analysing a system call Privileges Hardware Other ways of communicating with the kernel File Systems 5. The Process What is a process? Elements of a process Process ID Memory File Descriptors Registers Kernel State Process Hierarchy Fork and Exec Fork Exec How Linux actually handles fork and exec The init process Context Switching Scheduling Preemptive v co-operative scheduling Realtime Nice value A brief look at the Linux Scheduler The Shell Signals Example 6. Virtual Memory What Virtual Memory isn't What virtual memory is 64 bit computing Using the address space Pages Physical Memory Pages + Frames = Page Tables Virtual Addresses Page Offset Virtual Address Translation Consequences of virtual addresses, pages and page tables Individual address spaces Protection Swap Sharing memory Disk Cache Hardware Support Physical v Virtual Mode The TLB TLB Management Linux Specifics Address Space Layout Three Level Page Table 7. The Toolchain Compiled v Interpreted Programs Compiled Programs Interpreted programs Building an executable Compiling The process of compiling Syntax Assembly Generation Optimisation Assembler Linker Symbols The linking process A practical example Compiling Assembly Linking The Executable 8. Behind the process Review of executable files Representing executable files Three Standard Sections Binary Format Binary Format History ELF ELF in depth Debugging ELF Executables Libraries Static Libraries Shared Libraries ABI's Byte Order Calling Conventions Starting a process Kernel communication to programs Starting the program 9. Dynamic Linking Code Sharing Dynamic Library Details Including libraries in an executable The Dynamic Linker Relocations Position Independence Global Offset Tables The Global Offset Table Libraries The Procedure Lookup Table Working with libraries and the linker Library versions Finding symbols 10. I/O Fundamentals File System Fundamentals Networking Fundamentals Computer Science from the Bottom Up Glossary Link: http://www.bottomupcs.com/index.html Puneti mana si mai si cititi cate ceva

Daca ai un IP public pentru el, pui Linux (LAMP) si e ok sa il folosesti ca server de fisiere/upload DOAR pentru cateva persoane: link direct, dinastea.

Nu stiu exact cum vor arata tricourile sau cat vor costa, deja trebuie sa fac mai mult de 15. Trimiteti-mi PM cu marimea tricoului, le am notate si fac cate pot, nu bag 10 milioane sa va fac tricouri, dar cateva tot fac. Voi veniti la eveniment si mai discutam acolo.

Tricourile cu RST le fac eu si sunt independente de eveniment. Problema e ca s-au cerut in jur de 12 pana acum si ma va costa ceva sa le fac. Nu cheltuiesc eu 4-5 milioane pe voi degeaba Pretul va fi exact cat am cheltuit sa fac tricoul. Discutam cand ne intalnim. Daca vreti, dati-mi PM cu marimea tricoului.

Eu vin. Vin mai multi de pe RST, ne regasim acolo. Cei care vor cazare sa trimita mail la cazare@defcamp.ro Cei care vor tricou cu RST sa imi dea PM. Daca aveti intrebari postati aici.

Asta nu e problema, e feature. Dupa ce postezi ceva sau vizitezi un topic e imediat marcat ca fiind citit, de aceea nu apare. PS: Par sa fie ceva posturi si thread-uri "orphaned", o sa incerc sa le recuperez, dar nu stiu daca am prea multe sanse.

Reparat, cel putin partial: Threads 57,032 Posts 374,630 Members 88,488

O sa rezolve tex diseara.

Salut, Dupa cum ati aflat, anul acesta, intre 30 noiembrie - 2 decembrie la Bucuresti va avea loc conferinta nationala de hacking si securitate IT Defcamp 2012. Timp de 3 zile vor fi sustinute peste 20 de prezentari TEHNICE ale speakerilor din 5 tari, oameni de la OWASP, WhiteHat Security si chiar Nytro de pe RST :->. Titlurile prezentarilor le puteti vedea aici: agenda | DefCamp iar lista de speakeri aici: Speakeri | DefCamp . Dar asta nu inseamna ca evenimentul se va rezuma doar la aceste prezentari: va fi un Wall of Sheep (vedeti voi ce inseamna daca nu stiti deja), veti putea participa la concursul DCTF (Defcamp Capture The Flag) si daca aveti un site mai multi baieti se vor ocupa de un scurt audit de securitate pentru el. Va puteti inregistra aici: DefCamp 2012 @Bucharest - Eventbrite . Da, este o taxa de 50 RON (15 dolari) pentru studenti si 100 RON (30$) care sa ii ajute pe organizatori sa isi acopere o parte din cheltuieli. Daca aceasta taxa este o problema pentru voi putem discuta si daca exista persoane foarte interesate si pasionate va platesc eu taxa (2-3 persoane). Ca sa fie clar ce aveti, cu 50 RON (studenti) / 100 RON taxa de participare: - acces la eveniment si sa vad ca are curajul careva sa spuna ca nu ai ce vedea - acces la materialele promotionale ale evenimentului (mapa, pixuri si alte prostii din astea + ceva foarte misto) - cunosti oameni smecheri si daca esti cuminte poate te si distrezi cu ei (aka faci schimb de experienta) - masa de pranz inclusa (bufet suedez) pentru 3 zile Evenimentul va avea loc la Hotelul Yesterday, langa metroul Grozavesti, iar pentru cei care vin din alte orase, oferta arata asa: - 100 RON/noapte/persoana (pret preferential oferit de sponsor care include si mic dejun) ceea ce e foarte ieftin pentru un hotel de 3 stele. - daca doresti cazare trimite un mail la cazare@defcamp.ro si iti oferim detaliile necesare Asadar, cu 250 RON (daca esti din afara orasului) ai: 2 nopti de cazare cu mic dejun inclus, masa de pranz si participi la cea mai importanta conferinta tehnica de securitate IT din Romania (+ cateva surprize). Oricum, banii astia ii cheltuiti aiurea la cateva iesiri in oras + mancare + tigari... Astfel ne vom putea cunoaste personal si pe viitor putem colabora si putem dezvolta ramura securitatii IT in Romania, care este la pamant, dar care poate evolua rapid si bine, iar dupa eveniment pe RST vor fi mai multe schimbari, veti vedea. Daca sunteti si mai buni, puteti obtine un cupon gratuit de participare : Studiu de caz pe o comunitate de securitate din România, RSTCenter + cupoane de participare gratuit? la DefCamp | DefCamp Mai multe informatii pe: DefCamp | Where hacking & security collide. PS: Cine vrea tricouri cu RST? Vreau sa fac cateva, sa stiu daca sunt doritori.

Salut Exista persoane carora le-a disparut contul, nu se mai pot loga? Exista thread-uri care lipsesc? Numarul de posturi este acelasi ca inainte pentru voi? E probabil sa fi existat niste probleme cu baza de date, voi incerca sa vad despre ce e vorba cand ajung acasa. Astept de la voi raspunsuri la intrebarile de mai sus si alte eventuale probleme pe care sa le pot repara. Thanks