Nytro

There are currently 147 users browsing this thread. (4 members and 143 guests)

Facem exceptii pentru tine

Eu m-am plictisit de Polinic, nu mai e nimic amuzant

Mergem prin Buzau sa punem stickere?

ASEF - Android Security Evaluation Framework Please refer the following blog post for in-depth design and details about A S E F :- 1) A S E F Intro Blog : https://community.qualys.com/blogs/securitylabs/2012/07/25/android-security-evaluation-framework--a-s-e-f 2) A S E F Getting Started : https://community.qualys.com/docs/DOC-3675 (Guide in .pdf -https://community.qualys.com/servlet/JiveServlet/downloadBody/3675-102-4-6580/ASEF-Blog(4).pdf) Abstract : Have you ever looked at your Android applications and wondered if they are watching you as well? Whether it's a bandwidth-hogging app, aggressive adware or even malware, it would be interesting to know if they are doing more than what they are supposed to and if your personal information is exposed. Is there really a way to automatically evaluate all your apps - even hundreds of them - to harvest their behavioral data, analyze their run pattern, and at the same time provide an interface to facilitate a vast majority of evolving security tests with most practical solutions? Android Security Evaluation Framework (ASEF) performs this analysis while alerting you about other possible issues. It will make you aware of unusual activities of your apps, will expose vulnerable components and help narrow down suspicious apps for further manual research. The framework will take a set of apps (either pre-installed on a device or as individual APK files) and migrate them to the test suite where it will run it through test cycles on a pre-configured Android Virtual Device (AVD). During the test cycles the apps will be installed and launched on the AVD. ASEF will trigger certain behaviors by sending random or custom gestures and later uninstall the app automatically. It will capture log events, network traffic, kernel logs, memory dump, running processes and other parameters at every stage which will later be utilized by the ASEF analyzer. The analyzer will try to determine the aggressive bandwidth usage, interaction with any command and control (C&C) servers using Google's safe browsing API, permission mappings and known security flaws. ASEF can easily be integrated with other open source tools to capture sensitive information, such as SIM cards, phone numbers and others. ASEF is an Open Source tool for scanning Android Devices for security evaluation. Users will gain access to security aspects of android apps by using this tool with its default settings. An advanced user can fine-tune this, expand upon this idea by easily integrating more test scenarios, or even find patterns out of the data it already collects. ASEF will provide automated application testing and facilitate a plug and play kind of environment to keep up with the dynamic field of Android Security. Download: https://code.google.com/p/asef/downloads/list Info: https://code.google.com/p/asef/

Tabel `substantive`: ----------------------------------- id | tip | substantiv | alte date | ----------------------------------- 1 | 1 | dfgdfgf | dffgdf | 2 | 1 | fgfgdfg | gfhjhj | 3 | 2 | hjhjh | hghgh | 4 | 1 | fgfgf | fhgh | ----------------------------------- Unde tip == 1 inseamna comun, iar tip == 2 inseamna propriu.

dfgdfgdgd

Da, am observat, mersi. E din cauza forumului, incepe cu un numar, si cauta automat acel thread. Am modificat titlul, dar e posibil sa nu mearga din cauza unui cache stupid.

Aici? https://rstcenter.com/forum/external.php

[h=3]Researchers uncover security holes in China-based Huawei routers[/h] Routers made by China-based Huawei Technologies have very few modern security protections and easy-to-find vulnerabilities, two network-security experts stated at the Defcon hacking convention. Huawei is one of the fastest-growing network and telecommunications equipment makers in the world. The vulnerabilities were discovered and presented by Felix Lindner and Gregor Kopf of the security firm Recurity Labs. They talks about three vulnerabilities demonstrated at the Defcon conference, which included a session hijack, a heap overflow, and a stack overflow, and the discussion of more than 10,000 calls in the firmware code that went to sprintf, an insecure function. The problem is due to the use of "1990s-style code" in the firmware of some Huawei VRP routers, he said. (The models are the Huawei AR18 and AR 29 series). With a known exploit, an attacker could get access to the systems, log in as administrator, change the admin passwords and reconfigure the systems, which would allow for interception of all the traffic running through the routers. Both Lindner and Kopf have criticized Huawei for not having a security contact, as well as for its lack of security advisories for its products. Additionally, the researchers say firmware updates don't talk about bugs that may have been fixed. A U.S.-based Huawei representative provided CNET with the following statement: We are aware of the media reports on security vulnerabilities in some small Huawei routers and are verifying these claims. Huawei adopts rigorous security strategies and policies to protect the network security of our customers and abides by industry standards and best practices in security risk and incident management. Huawei has established a robust response system to address product security gaps and vulnerabilities, working with our customers to immediately develop contingency plans for all identified security risks, and to resolve any incidents in the shortest possible time. In the interests of customer security, Huawei also calls on the industry to promptly report all product security risks to the solutions provider so that the vendor's CERT team can work with the relevant parties to develop a solution and roll-out schedule. Sursa: Researchers uncover security holes in China-based Huawei routers | The Hacker News

Kaspersky Labs uncover 'Gauss' Espionage Malware hits Middle East banks A new cyber surveillance virus has been found in the Middle East that can spy on banking transactions and steal login and passwords, according Kaspersky Lab, a leading computer security firm. After Stuxnet, Duqu, and Flame, this one seems to mainly spy on computer users in Lebanon. It’s been dubbed Gauss (although Germanic-linguistic purists will no doubt be complaining that it should be written Gauß). Gauss is a complex cyber-espionage toolkit, highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins. The currently known plugins perform the following functions: Intercept browser cookies and passwords. Harvest and send system configuration data to attackers. Infect USB sticks with a data stealing module. List the content of the system drives and folders Steal credentials for various banking systems in the Middle East. Hijack account information for social network, email and IM accounts. The researchers at Russia-based Kasperky Labs who discovered it have christened it Gauss, and say it is aimed at pinching the pocketbooks of its intended targets, whoever they may be, by stealing account information of customers of certain banks in Lebanon, but also customers of Citibank and of PayPal. An analysis of the new malicious software shows it was designed to steal data from Lebanese lenders including the Bank of Beirut (BOB), BomBank and Byblos Bank, Kaspersky said. Gauss has infected 2,500 machines, while Flame hit about 700. Two groups Russian-based Kaspersky Labs, which first published information on Gauss and Flame, and the Hungarian research lab Crysys are detecting the malware by looking for a font that shows up on infected machines called Palida Narrow.Roel Schouwenberg, senior researcher at Kaspersky Labs, said that researchers still don’t know why Gauss’s creators included the font file. Have a look on relationship between Flame, Gauss, Stuxnet and Duqu: One of the firm's top researchers said Gauss also contains a module known as "Godel" that may include a Stuxnet-like weapon for attacking industrial control systems. Kaspersky researchers said Gauss contained a “warhead” that seeks a very specific computer system with no Internet connection and installs itself only if it finds one. *Image credit Kaspersky Lab Sursa: Kaspersky Labs uncover 'Gauss' Espionage Malware hits Middle East banks | The Hacker News

Zeus malware targeting BlackBerry and Android devices Security researchers at Kaspersky Lab have discovered five new samples of the ZeuS-in-the-Mobile (ZitMo) malware package, targeting Android and BlackBerry devices. Zitmo (Zeus in the mobile) is the name given to the mobile versions of Zeus, and it's been around for a couple of years already, mostly infecting Android phones. The Zitmo variant has reportedly been operating for at least two years targeting Android phones by masquerading as banking security application or security add-on. ZitMo gets hold of banking information by intercepting all text messages and passing them on to attackers’ own devices. It gets onto devices inside malicious applications, which users are duped into downloading. In this case, the malicious app was posing as security software called ‘Zertifikat’. Once installed, the packages forward all incoming SMS messages to one of two command and control numbers located in Sweden, with the aim of snaring secure codes and other data. Kaspersky found mobile users in Spain, Italy and Germany were targeted by these fresh variants, with two command and control (C&C) numbers found on Sweden’s Tele2 operator. "The analysis of new Blackberry ZitMo files showed that there are no major changes. Virus writers finally fixed grammar mistake in the ‘App Instaled OK’ phrase, which is sent via SMS to C&C cell phone number when smartphone has been infected. Instead of ‘BLOCK ON’ or ‘BLOCK OFF’ commands (blocking or unblocking all incoming and outgoing calls) now there are ‘BLOCK’ and ‘UNBLOCK’ commands. Other commands which are received via SMS remain the same." Denis Maslennikov, a researcher at Kaspersky Lab. The tactic is designed to help the criminals circumvent the out-of-band authentication systems used by many European banks, by hijacking the one-time password authentication password sent via SMS. Earlier this year, Kaspersky warned of a set of malicious Android applications posing as security software. Zeus was sitting behind those apps, ready to siphon off text messages. Sursa: http://thehackernews.com/2012/08/zeus-malware-targeting-blackberry-and.html

Mariposa botnet creator goes on trial 26-year-old Slovenian hacker known as Iserdo stands thought to have been behind the Mariposa botnet is on trial in Slovenia, charged with having masterminded an international cybercrime gang. At its height, the Mariposa botnet infected up to 12.7 million PCs, with more than half of the Fortune 1,000 companies believed to have been compromised, including 40 major banks. Once a computer had been compromised and brought into the botnet, operators could steal information from innocent users - including credit card details and banking passwords. Computer crime-fighting authorities had succeeded in bringing down the Mariposa botnet at the end of 2009, FBI officials worked with Spanish and Slovenian authorities to track down Mariposa's mastermind, Iserdo. He was said to charge between $500 for basic versions of the botnet code and up to $1,300 for more advanced ones, which included customised features, such as capabilities which allowed its operators to to steal credit cards and online banking credentials. The code was even found to have infected 3,000 HTC handsets shipped by mobile operator Vodafone. Mariposa style botnets were built using Škorjanc's "Butterfly Bot" code, according to the Slovenian authorities, and it was sold to cyber criminals worldwide. Mariposa, the Spanish version of the botnet, was the largest and the most notorious. Sursa: Mariposa botnet creator goes on trial | The Hacker News

Unde iti face asa mai exact?

[h=1]How to write a simple operating system[/h] [h=3]© 2011 Mike Saunders and MikeOS Developers[/h] This document shows you how to write and build your first operating system in x86 assembly language. It explains what you need, the fundamentals of the PC boot process and assembly language, and how to take it further. The resulting OS will be very small (fitting into a bootloader) and have very few features, but it's a starting point for you to explore further. After you have read the guide, see the MikeOS project for a bigger x86 assembly language OS that you can explore to expand your skills. [h=2]Requirements[/h] Prior programming experience is essential. If you've done some coding in a high-level language like PHP or Java, that's good, but ideally you'll have some knowledge of a lower-level language like C, especially on the subject of memory and pointers. For this guide we're using Linux. OS development is certainly possible on Windows, but it's so much easier on Linux as you can get a complete development toolchain in a few mouse-clicks/commands. Linux is also really good for making floppy disk and CD-ROM images - you don't need to install loads of fiddly programs. Installing Linux is very easy thesedays; grab Ubuntu and install it in VMware or VirtualBox if you don't want to dual-boot. When you're in Ubuntu, get all the tools you need to follow this guide by entering this in a terminal window: sudo apt-get install build-essential qemu nasm This gets you the development toolchain (compiler etc.), QEMU PC emulator and the NASM assembler, which converts assembly language into raw machine code executable files. Tutorial: http://mikeos.berlios.de/write-your-own-os.html

Nu, nu ma refeream la tine.

Nu ma refeream la tine, ci la toate persoanele care pleaca capul in fata rahaturilor injectate de mass-media, tu doar mi-ai dat ocazia de a-mi exprima opinia.

Eu MOR pentru ca erau in tribune muisti cu tricouri cu Barcelona. Sa-i fut in inima!

Si eu le-as spune ce am de spus, dar eu nu sunt om de media. Adica parerea lor o asculta ZECI/SUTE DE MII de oameni, OAMENI RATATI = INFLUENTABILI. Si plecand de la asta ajungeti voi sa credeti toate rahaturile ce vi le baga pe gat mass-media. Sunteti fanii un astfel de oameni? Sunteti pierduti, influentati, indoctrinati. GANDITI SINGURI SCLAVILOR.

Muie barcelona!

Muie ambilor.

Categoriile si topicurile sunt copiate de pe RST, cel putin o parte. Ban, trash.

Am mai facut (mici) modificari la template: - user profile - show forum leaders - members list - homepage - activity In fine, arata putin mai "clean". Nu va asteptati la prea mult, sunt bug fix-uri, modificari foarte mici, prostii care aratau urat scoase... Ideea e sa postati aici daca sunt probleme, daca se vede ceva urat... Thanks.

Gauss: Abnormal Distribution Introduction Executive Summary Infection stats Architecture Wmiqry32/Wmihlp32.dll aka ShellHW Dskapi.ocx Smdk.ocx McDmn.ocx Lanhlp32.ocx Devwiz.ocx Winshell.ocx Windig.ocx Gauss C&C Information Timeline Files list Conclusion You can download PDF version of this article here. Link: http://www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution

Da, asa da. Ceva asemanator ar trebui sa faca si antivirusii vietii, iar asta ar salva milioane de oameni de stealere sau programe infectate. Probabil nu ar proteja impotriva tuturor PELoadere-lor, dar ar putea face o treaba excelenta.