Nytro

[h=1]The TTY demystified[/h]The TTY subsystem is central to the design of Linux, and UNIX in general. Unfortunately, its importance is often overlooked, and it is difficult to find good introductory articles about it. I believe that a basic understanding of TTYs in Linux is essential for the developer and the advanced user. Beware, though: What you are about to see is not particularly elegant. In fact, the TTY subsystem — while quite functional from a user's point of view — is a twisty little mess of special cases. To understand how this came to be, we have to go back in time. [h=2]History[/h] In 1869, the stock ticker was invented. It was an electro-mechanical machine consisting of a typewriter, a long pair of wires and a ticker tape printer, and its purpose was to distribute stock prices over long distances in realtime. This concept gradually evolved into the faster, ASCII-based teletype. Teletypes were once connected across the world in a large network, called Telex, which was used for transferring commercial telegrams, but the teletypes weren't connected to any computers yet. Meanwhile, however, the computers — still quite large and primitive, but able to multitask — were becoming powerful enough to be able to interact with users in realtime. When the command line eventually replaced the old batch processing model, teletypes were used as input and output devices, because they were readily available on the market. There was a plethora of teletype models around, all slightly different, so some kind of software compatibility layer was called for. In the UNIX world, the approach was to let the operating system kernel handle all the low-level details, such as word length, baud rate, flow control, parity, control codes for rudimentary line editing and so on. Fancy cursor movements, colour output and other advanced features made possible in the late 1970s by solid state video terminals such as the VT-100, were left to the applications. In present time, we find ourselves in a world where physical teletypes and video terminals are practically extinct. Unless you visit a museum or a hardware enthusiast, all the TTYs you're likely to see will be emulated video terminals — software simulations of the real thing. But as we shall see, the legacy from the old cast-iron beasts is still lurking beneath the surface. Tutorial: http://www.linusakesson.net/programming/tty/index.php

Aia e altceva Rambo. Tot o sa arate urat, chiar daca nu mai iese din chenar si e doar "taiata".

Si pe mine parca ma racaia la ochi

Sa nu incadram totusi "Directory Listing" la capitolul ShowOff...

[h=2]Attackers Pounce on Zero-Day Java Exploit[/h]Attackers have seized upon a previously unknown security hole in Oracle’s ubiquitous Java software to break into vulnerable systems. So far, the attacks exploiting this weakness have been targeted and not widespread, but it appears that the exploit code is now public and is being folded into more widely-available attack tools such as Metasploit and exploit kits like BlackHole. News of the vulnerability surfaced late last week in a somewhat sparse blog post by FireEye, which said the exploit seemed to work against the latest version of Java 7, which is version 1.7, Update 6. This morning, researchers Andre’ M. DiMino & Mila Parkour published additional details on the targeted attacks seen so far, confirming that the zero-day affects Java 7 Update 0 through 6, but does not appear to impact Java 6 and below. Initial reports indicated that the exploit code worked against all versions of Internet Explorer, Firefox and Opera, but did not work against Google Chrome. But according to Rapid 7, there is a Metasploit module in development that successfully deploys this exploit against Chrome (on at least Windows XP). Also, there are indications that this exploit will soon be rolled into the BlackHole exploit kit. Contacted via instant message, the curator of the widely-used commercial attack tool confirmed that the now-public exploit code worked nicely, and said he planned to incorporate it into BlackHole as early as today. “The price of such an exploit if it were sold privately would be about $100,000,” wrote Paunch, the nickname used by the BlackHole author. Oracle has moved Java to a quarterly patch cycle, and its next update is not scheduled until October. In the meantime, it’s a good idea to either unplug Java from your browser or uninstall it from your computer completely. Windows users can find out if they have Java installed and which version by visiting java.com and clicking the “Do I have Java? link. Mac users can use the Software Update feature to check for any available Java updates. If you primarily use Java because some Web site, or program you have on your system — such as OpenOffice or Freemind — requires it, you can still dramatically reduce the risk from Java attacks just by disabling the plugin in your Web browser. In this case, I would suggest a two-browser approach. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site that requires it. For browser-specific instructions on disabling Java, click here. If you must use Java, security experts are prepping an unofficial patch for the program that should blunt this vulnerability, but it is being offered on a per-request basis at this point. A number of experts I know and respect have vouched for the integrity of this patch, but installing third-party patches should not be done lightly. Note that regressing to the latest version of Java 6 (Java/JRE 6 Update 34) is certainly an option, but not a very good one either. If you do not need Java, get rid of it, and if you do need it for specific applications or sites, limit your use of Java to those sites and applications, using a secondary browser for that purpose. Sursa: Attackers Pounce on Zero-Day Java Exploit — Krebs on Security

Chiar eram curios cat de complexe sunt "Anti"-urile astea ale lor... Edit: Se da kill la process Cam trist, toti antivirusii cam au self-defense si hook-uri pe OpeProcess/TerminateProcess, deci nu prea vor merge aceste "Anti-uri".

YAJDE = Yet Another Java Driveby Explit...

In sfarsit un POC!

Da, ce imaginatie bogata...

Stergeti si voi executabilele, nu aveti nevoie de ele, in niciun caz nu le executati. Daca tutorialul e ".exe", mutam topicul la gunoi.

La Costinesti pizza pizde cazare hotel femei cluburi shaorma in Costinesti

La Hotel Napoca e inchiriat in perioada respectiva si nu e indeajuns de mare. Asa parca zicea asta micu.

Da, e o idee, pare ok. Ar mai fi Crystal Pallace Ballrooms, dar cam prea mari si prea scump probabil. Bucuresteni, ceva sugestii in privinta locului?

Apasati si voi F2.

In primul rand, ce locatie ati sugera, votati. Apoi, daca aveti si alte sugestii, despre cum "sa fie", sunt binevenite. PS: a se vedea Blackhat si Defcon. Eu tot incerc sa dau de Andrewboy, dar nu prea reusesc.

Da ba, nu puteti sa va miscati curu...

Registrant Name:Matei Bogdan Registrant Organization:N/A Registrant Street1:Str. Constructorului, Nr. 8 Registrant City: Petrosani Registrant State/Province:Hunedoara Registrant Postal Code:332029 Registrant Country:RO Registrant Phone:+40.0732934042 Registrant Email: bogdanus_16_mihay@yahoo.com

Ban permanent si se muta la gunoi. La munca milogilor.

Nu vad nicio vulnerabilitate, ci doar un link. Vulnerabilitate RST: https://rstcenter.com/forum/admincp/index.php ? Se muta la gunoi.

Vad doar un link. Se muta la gunoi.

Oracle Abandoning MySQL Developers? To run you through the origin of MySQL, it is one of the most popular databases used by developers across the world. Sunday, August 19, 2012: Though there is no open announcement about it, but it’s getting almost clear that the company has all plans to close up the open source software, thereby abandoning the MySQL community. Stamping the move was the recent discovery, where the developers realised that the big fixes released for MySQL did not have any test cases to assure developers that the problem had actually been fixed. This is making the developers unsettled and confused about how Oracle defines open or closed software. And these developers are not shying away from openly talking about the problem in almost every platform. To run you through the origin of MySQL, it is one of the most popular databases used by developers across the world. It landed with Oracle, when it acquired Sun Microsystems in 2010. According to a post in MariaDB, MySQL has used a testing framework called mysql-test since 1999. Over the past years, tests have been built for new features and regression tests that guarantee that a bug fix is permanent. Developers such as those from Facebook and Twitter rely on the testing framework. At Twitter, MySQL serves as the “persistent storage technology behind most Twitter data: the interest graph, timelines, user data and the Tweets themselves.” Moreover, it is being reported that Oracle has removed the revision history for MySQL. This means that developers cannot know the set of changes made to the software, leaving them guessing what was changed when and by who. Kalpana Sharma, EFYTIMES News Network Sursa: http://news.efytimes.com/e1/89071/Oracle-Abandoning-MySQL-Developers

Nu, asa stiam si eu, dar am cautat mai mult de o pagina de "documentatie", si nu e chiar asa. In plus, am tot vazut zeci de pareri care se contrazic, iar diferenta in primul rand consta in modul in care se folosesc. Apoi, modul de implementare este total diferit, mai ales in functie de sistemele de operare. Pe Windows de exemplu, se pot folosi sectiuni critice in loc de mutexi, si e de preferat asta, deoarece sectiunile critice sunt implementate user-land, iar mutexul este un obiect global, inter-process, gestionat de kernel, iar aceste sysenter-uri in kernel sunt mai consumatoare de timp. Pe Linux la fel, lucrurile stau putin diferit, dar nu pot sa iti spun cu certitudine cum, deoarece am citit mai multe pareri si se contrazic, unele afirmand ca semafoarele sunt implementate user-land, ceea ce mi se pare o prostie din moment ce exista explicit syscall-uri special pentru lucrul cu semafoare, iar altii spuneau ca mutex-ul chiar este construit pe baza de semafor, in timp ce altii afirmau ca nu au nicio legatura, dar ca mutex-ul este implementat userland. Cand ajung la munca cred ca fac un mic "benchmark test".

Iar limbajul de asamblare poate sa difere: x86, ARM, powerpc... Cross compiling.