Nytro

Cred ca asta ajuta putin oamenii sa inteleaga de ce fie nu ruleaza pe PC-ul/lapopul lor, fie ruleaza pe setari low.

Interesantul bug de anii 2000. Sunt curios cate oare astfel de bug-uri mai sunt "in the wild".

Da, e frumos. Ai idee daca e ceva de genul pentru ZIP?

Super, sunt sigur ca e mai OK ca Revelionul cu Dan Negru. Daca tot stam acasa, e o idee.

Din cate stiam eu, in general vorbind, cel.ro au preturi ceva mai ok (teoretic) ca altii, dar au "probleme" cu retururile. Mai da-le un mail si explica-le ca te duci la ANPC, ar trebui sa ii motiveze.

Se pare ca Gigel cu 6 milioane de masti are relatii mai ceva ca Illuminati, in toata lumea. Merkel, Trump, Putin... Ii are pe toti la picioare. Daca era vorba doar de Romania mai ziceam, desi chiar si pentru Romania as zice ca e totusi PREA mult... Bine ca nu are firma de umbrele ca ar ploua non-stop. Acum serios, putem inventa teorii conspirationiste la orice. Cum ar fi ca firmele de umbrele au dispozitive care aduc ploaia ca sa isi creasca profitul. Normal ca s-au produs multe masti, a fost afacerea anului. Cine s-a bagat mai repede si a stiut cum sa gestioneze cererea mare, in special la inceput, a facut profit frumos. Nu e conspiratie, e BUSINESS. Asa functioneaza lucrurile. Apare o nevoie, cerere mare, profit mare. Economie. Daca in anii urmatori continua incalzirea globala, ati face bine sa va pregatiti firmulite de ochelari de soare sau sepci/palarii.

Puteam sa jur ca e ceva cu "covfefe"

Da, nu e nimic in neregula sa nu vrei sa te vaccinezi la inceput, are sens. Oricum vom avea la dispozitie rezultatele din Marea Britanie si SUA. Ulterior vor fi si mai multe date disponibile. Nu sunt tocmai expert in vaccinuri si medicina insa din cate m-am documentat eu nu are ce sa se intample rau (nu am nicio alergie). Ca simptome ar putea sa apara aceleasi simptome ca la Covid, diminuate si declansate de catre sistemul imunitar. De aceea eu sunt unul dintre cei care s-ar vaccina. In plus deja a fost testat pe cateva zeci de mii de persoane, nu e ca si cum as fi primul.

Nu se stie 100% sigur, inca se cerceteaza, de aceea trebuie, pentru siguranta, purtat masca in continuare. Cea mai comuna cale de infectie e prin gat. Desi recent ziceau ca la "contactul cu suprafete" sunt sanse "mici" de infectare, acestea exista, ca la orice alt virus si nu numai. Adica degeaba oamenii se vaccineaza daca dau noroc (e.g. unul vaccinat cu unul nevaccinat) si cel nevaccinat ia pe mana virusul de la cel vaccinat de pe mana. Acelasi principiu se aplica (probabil) si in gat. Virusul, pe cale aeriana, ajunge in gat. Nu se stie inca daca vaccinul opreste multiplicarea virusului in gat, inainte de a intra in sange, e posibil sa nu. Asta inseamna ca un vacinat poate avea virusul in gat si sa il dea mai departe, fara niciun simptom si cu siguranta ca nu va pati nimic din cauza virusului care va fi distrus cand din gat va intra in sange. Cat despre masti, mai e un lucru la care trebuie sa ne gandim. Daca persoanele vaccinate ar merge pe strada fara masca, ce i-ar opri pe cei nevaccinati sa minta si sa zica ca sunt vaccinati? Se ajunge la un fel de discriminare (desi e cam mult spus, dar oamenii sunt idioti in general) si nu ai cum sa verifici daca o persoana a fost vaccinata sau nu (tu, ca persoana normala). PS: Eu o sa ma vaccinez cu prima ocazie. Probabil din martie incolo se va ajunge la "populatie", doar sa treaca intai prin vaccin persoanele care conteaza, medicii si cei in grupa de risc. Daca o sa pot ma filmez. Oricum, stiti bine ce o sa fac cand ajung acasa: ma tai la mana, iau un magnet, il pun pe mana ca sa prinda chipul si cand il prinde ma tai putin la mana, iese sange si prind chip-ul. Apoi o sa fac reverse engineering pe el, il conectez prin JTAG, ii scot firmware-ul, il decriptez, caut exploit-uri remote si apoi pot obtine eu acces la persoane de pe strada, nu doar Bill Gates! Haha!

Salut, nu stiu ce ai putea face in afara de folosirea acelui support de 2 lei. Mai incearca. Incearca sa le explici ca la prosti. Banuiesc ca nu poti inregistra acel Gmail din nou nu?

https://www.timesnewroman.ro/it-stiinta/romania-debransata-de-google-dupa-ce-n-a-platit-factura-de-5-ani/

Salut, teoretic, daca stii PIN-ul, da. In cel mai simplu (si scump) caz, inlocuiesti display-ul si totul e functional. Apoi poti instala acele programele de recuperare date care pot face o treaba buna. Pot, teoretic. Fara display cred ca e mai complicat, ar putea fi conectat prin USB (teoretic) dar nu stiu cum poti face enable la developer mode ca sa instalezi apk-uri si sa faci alte lucruri.

Da, e si un film si o carte. Eu o sa caut cartea. Ca orice film/carte, nu e totul complet real, dar e bazat pe acele fapte.

M-am gandit la tine Ma gandeam ca se rezolva rapid, la un service din zona. A iesit OK, pret final 700 RON, mai putin decat m-as fi asteptat. Pare sa mearga OK.

Ca nu mai stii parola am intelege, dar nici mail-ul? Daca e al tau, incearca sa dai Forgot password pe toate adresele de mail pe care le folosesti, una tot trebuie sa fie.

X-MAS CTF is a Capture The Flag competition organized by HTsP. This year we have prepared challenges from a diverse range of categories such as cryptography, web exploitation, forensics, reverse engineering, binary exploitation, hardware, algorithmics and more! We made sure that each category has challenges for every skill level, so that there is always something for everyone to enjoy and work on. This competition is using a dynamic scoring system, meaning that the more solves a challenge has, the less points it will bring to each of the solving teams. This system is put in place in order to keep the challenge score updated to its real difficulty level. Sursa: https://xmas.htsp.ro/home

Da, oricum era prea tarziu, cel putin au "spart" acel mesaj. Desi nu pare tocmai SF, algoritmul nu era chiar foarte complicat, a fost extrem de complicat din cauza ca existau miliarde de posibilitati. Dar e frumos sa vezi un exercitiu de criptanaliza practic si real.

Mi se pare genial. Va recomand. E chiar interesanta si povestea si cum a fost crackuit. Crypto in viata reala.

On December 3rd, 2020, an international three-person team of codebreakers made a breakthrough with the Zodiac Killer's unsolved 340-character cipher. By December 5th, the team finished cracking the cipher and sent the solution to the FBI. This is the full message from the Zodiac Killer that was hidden in the 340-character cipher for 51 years: I HOPE YOU ARE HAVING LOTS OF FUN IN TRYING TO CATCH ME THAT WASNT ME ON THE TV SHOW WHICH BRINGS UP A POINT ABOUT ME I AM NOT AFRAID OF THE GAS CHAMBER BECAUSE IT WILL SEND ME TO PARADICE ALL THE SOONER BECAUSE I NOW HAVE ENOUGH SLAVES TO WORK FOR ME WHERE EVERYONE ELSE HAS NOTHING WHEN THEY REACH PARADICE SO THEY ARE AFRAID OF DEATH I AM NOT AFRAID BECAUSE I KNOW THAT MY NEW LIFE IS LIFE WILL BE AN EASY ONE IN PARADICE DEATH The members of the team that cracked the code are: * Sam Blake (Australia) * Jarl Van Eycke (Belgium) * David Oranchak (USA) This video is my attempt to tell the story of this long overdue breakthrough. More details are reported in Michael Butterfield's article here: http://zodiackillerfacts.com/news-and... Credits: Music: Dave Miles: Movement (ZapSplat: https://www.zapsplat.com/author/dave-...) “Thanks” animation: https://www.youtube.com/watch?v=l1whg... melissariveradesign.com Jim Dunbar show archival footage: https://www.youtube.com/watch?v=oTJI4... Mentioned in the video: AZDecrypt code breaking software by Jarl Van Eycke: http://zodiackillersite.com/viewtopic... Peek-a-boo cryptanalysis software by Heiko Kalista: http://www.zodiackillersite.com/viewt... Zkdecrypto by Brax Cisco et. al.: https://code.google.com/archive/p/zkd... Mike Morford’s Zodiac site: http://zodiackillersite.com Michael Butterfield’s Zodiac site: http://zodiackillerfacts.com Tom Voigt’s Zodiac site: http://zodiackiller.com http://zodiackillerciphers.com We dedicate these efforts to the victims of the Zodiac Killer, their families and descendants. We hope that one day justice will prevail.

Nu stiu ce mizerii posteaza asta de mai sus. Uitati aici ce efecte are vaccinul: https://9gag.com/gag/a8GBWeQ (PS: caterinca, in caz ca unii nu se prind). E nasoala teoria cu Bill Gates... Iti dai seama cu ar fi sa aiba acel microchip? Ar avea clar Windows! Vrei sa te duci la cumparaturi? BSOD in mm! Vrei sa te culci? Stai in plm sa isi faca update! Nici nu vreau sa ma gandesc la cat de greu ti-ar merge corpul apoi...

M-au sunat de la service, se pare ca l-am crapat destul de bine 1. Tastatura trebuie prinsa in nituri de plastic, cel putin 80%. Eu am topic cu pistolul de lipit o tasta veche si am bagat in cateva loguri, nu e ok asa 2. Banda aceea de la tastatura aparent trebuia lipta cumva de partea pe care sta tastatura. Eu am lasat-o "libera" si nici nu intra bine, a facut un scurt-circuit ceva si a prajit controllere video (nu am idee ce sunt alea) si de aceea nu vedeam nimic pe ecran 3. Se pare ca nici touchpad-ul nu merge, nu stiu exact de ce, probabil am tras tare de banda lui. Cel putin nu stricasem butonul de Power, ma simt expert Vestea buna: pare ca service-ul a gasit la parteneri palmrest cu tastatura si touchpad la vreo 360 RON. Ce gasisem eu pe net era peste 600 RON, deci stau bine. Si probabil luni o sa il am functional. Sper sa imi lipeasca si carcasa, "s-au rupt" vreo 2-3 surubele si partea din spate nu mai statea deloc Concluzie: nu ma mai bag la asa ceva, doar daca e ceva extrem de simplu. Poate nici atunci. Si mai invat si eu cate ceva despre hardware...

Intradevar, traficul DNS poate fi "interceptat" de catre ISP, dar totusi... Oricum, pentru mai multa siguranta folositi DoH - DNS over HTTPS si ati rezolvat problema.

DECEMBER 9, 2020 STEVE MOULD HACKS INTO HIS CAR WITH A HACKRF Over on YouTube popular science content creator Steve Mould has uploaded a video showing how he was able to open his own car using a HackRF software defined radio. In the video Steve first uses the Universal Radio Hacker software to perform a simple replay attack by using his HackRF (and also an RTL-SDR V3) to record the car's keyfob signal away from the car and replay it near the car. Steve goes on to note that most cars use rolling code security, so a simple replay attack like the above is impractical in most situations. Instead he notes how a more advanced technique called "rolljam" can be used, which we have posted about a few times in the past. Later in the video Steve interviews Samy Kamkar who was the security researcher who first popularized the rolljam technique at Defcon 2015. Sursa: https://www.rtl-sdr.com/steve-mould-hacks-into-his-car-with-a-hackrf/

Four sentenced to prison for planting malware on 20 million Gionee smartphones Chinese quartet conspired to plant a malicious SDK inside an app that came preinstalled on Gionee devices. By Catalin Cimpanu for Zero Day | December 9, 2020 -- 02:40 GMT (02:40 GMT) | Topic: Security Image: Gionee Four Chinese nationals were sentenced last week to prison sentences for participating in a scheme that planted malware on devices sold by Chinese smartphone maker Gionee. The scheme involved Xu Li, the legal representative of Shenzhen Zhipu Technology, a Gionee subsidiary tasked with selling the company's phones, and the trio of Zhu Ying, Jia Zhengqiang, and Pan Qi, the deputy general manager and software engineers for software firm Beijing Baice Technology. According to court documents published last week by Chinese authorities, the two companies entered into a hidden agreement in late 2018 to create a powerful software development kit (SDK) that would allow the two parties to take control of Gionee smartphones after they were sold to customers. The SDK was inserted on Gionee smartphones by Shenzhen Zhipu Technology in the form of an update to Story Lock Screen, a screen-locker app that came preinstalled with Gionee devices. But Chinese officials said the SDK acted like a trojan horse and converted infected devices into bots, allowing the two companies to control customers' phones. The two companies used the SDK to deliver ads through a so-called "live pulling" function. THE TWO COMPANIES MADE $4.26 MILLION FROM ADS Court documents say that between December 2018 to October 2019, more than 20 million Gionee devices across the world received more than 2.88 billion "pull functions" (ads), generating more than 27.85 million Chinese yuan ($4.26 million) in profit for the two companies. The entire scheme appears to have come crashing down after a suspected bug started blocking access to some Gionee phone screens, which led the parent company's support staff to start an investigation, which then led to an official complaint with Chinese authorities. The four suspects were arrested in November 2019. According to reports from local media, the four didn't dispute the investigators' findings and pleaded guilty for reduced sentences. The quartet received prison sentences ranging from 3 to 3.5 years in prison and fines of 200,000 Chinese yuan ($30,500) each. Shenzhen Zhipu Technology also received a separate fine of 400,000 Chinese yuan ($61,000). A Gionee spokesperson did not return emails or phone calls seeking comment on the countries where the malware-laced smartphones were sold. Sursa: https://www.zdnet.com/article/four-sentenced-to-prison-for-planting-malware-on-20-million-gionee-smartphones/

FireEye reveals that it was hacked by a nation state APT group By Sergiu Gatlan December 8, 2020 04:58 PM Leading cybersecurity company FireEye disclosed today that it was hacked by a threat actor showing all the signs of a state-sponsored hacking group. The attackers were able to steal Red Team assessment tools FireEye uses to test customers' security and designed to mimic tools used by many cyber threat actors. Attacker showed all the signs of a state-backed threat actor Top "Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack," Chief Executive Officer and Board Director Kevin Mandia said in a filing with the Securities and Exchange Commission (SEC). "Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities." The threat actor who breached FireEye's defenses specifically targeted FireEye's assets and used tactics designed to counter both forensic examination and security tools that detect malicious activity. The cybersecurity firm is still investigating the cyberattack with the collaboration of the Federal Bureau of Investigation and security partners like Microsoft. So far, initial analysis of the attack supports FireEye's conclusion that the company was the victim of a "highly sophisticated state-sponsored attacker utilizing novel techniques." State-sponsored hackers stole FireEye Red Team tools "During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security," Mandia added. "None of the tools contain zero-day exploits. Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools." The stolen tools "range from simple scripts used for automating reconnaissance to entire frameworks that are similar to publicly available technologies such as CobaltStrike and Metasploit," FireEye said in a blog post on its Threat Research blog. However, many of them were already available to the broader security community or were distributed as part of FireEye's CommandoVM open-source virtual machine. The Red Team tools stolen in the attack haven't yet been used in the wild based on information collected since the incident and FireEye has taken measures to protect against potential attacks that will use them in the future: We have prepared countermeasures that can detect or block the use of our stolen Red Team tools. We have implemented countermeasures into our security products. We are sharing these countermeasures with our colleagues in the security community so that they can update their security tools. We are making the countermeasures publicly available on our GitHub. We will continue to share and refine any additional mitigations for the Red Team tools as they become available, both publicly and directly with our security partners. This GitHub repository contains a list of Snort and Yara rules that can be used by organizations and security professionals to detect FireEye's stolen Red Team tools when used in attacks. Government customers' information also targeted During the attack, the threat actor also attempted to collect information on government customers and was able to gain access to some FireEye internal systems. "While the attacker was able to access some of our internal systems, at this point in our investigation, we have seen no evidence that the attacker exfiltrated data from our primary systems that store customer information from our incident response or consulting engagements, or the metadata collected by our products in our dynamic threat intelligence systems," Mandia explained on FireEye's corporate blog. FireEye is a cybersecurity firm founded in 2004 with headquarters in Milpitas, California. It has over 8,500+ customers in 103 countries and more than 3,200+ employees worldwide. Sursa: https://www.bleepingcomputer.com/news/security/fireeye-reveals-that-it-was-hacked-by-a-nation-state-apt-group/