Nytro

[h=1]The Best Hacking Film You Haven't Seen (Yet)[/h] Robert Vamosi, Contributor When was the last time you saw a good documentary about the origins of computer hacking? Well, , a new documentary film from a young filmmaker named Jeremy Zerechak comes really close to being both accurate and entertaining while at the same time scaring the pants off anyone who doesn’t yet know that computer data is eternal and can be stolen by the wrong people if we’re not careful. So it is fitting that the documentary, which is only available in limited release right now, will be shown next Friday at DefCon, the world’s largest hacker conference and this year also celebrating its 20th anniversary. Code2600 is a rich visual history of computer hacking’s past as told by some of its principal participants. The film opens with news of a Soviet satellite orbiting the earth in the late 1950s. The United States, which once thought itself on top of the world in technology, found itself behind. Suddenly, says Zerechak, the US military was keen on computer technology. He points out that in the 60s and 70s the military had all the best high-grade computer equipment, but after the computer revolution of the 80s and 90s that was no longer the case, with the military today buying off-the-shelf mobile devices. Somewhere in those intermediate 60 years of military history we have the origins of computer hacking. Like Steven Levy’s 1984 classic book Hackers, the film explores early computer hackers who studied the original wired telephone switching system. One hacker, John Draper, discovered that the sound produced by an inexpensive Capt’n Crunch cereal toy whistle could interrupt the normal AT&T long-distance billing process. This 2600 hertz tone (hence the title of Zerechak’s documentary) was very important to early hackers, known as Phone Phreaks, who wanted to access fast computers on the other side of the world without paying long distance charges. AT&T, at great expense, began to change its switching system. Around the same time, the Homebrew Computer Club was starting in the San Francisco Bay Area. Member Bob Lash remembers a young Steve Wozniak showing off his early Apple computers – along with everyone else who was also building their own computers at the time. There was a lot of trial and error. But smart people where able to do very sophisticated things at home. Throughout the film, Zerechak uses classic footage to capture a moment or to make a point. One reoccurring sequence is the 1950s black and white footage of Dr. Claude Shannon, mathematician, cryptographer and the father of information theory, with his metal mouse and its square maze. This was one of the first experiments in artificial intelligence, demonstrating how Theseus, his robotic mouse, could learn and adapt to a rapidly changing environment. This is an obvious metaphor for computer hackers who probe the phone networks, and later the Internet, simply wondering what is connected to what. In one of his interview segments, Marcus Ranum, Chief Security Officer at Tenable Security, says that in the early days there was limited addressing. In other words, without a Google search, you had to know where on the Internet you wanted to go. Or, like the metal mouse, you had to search until you found something new or interesting. Often, you used your phone modem to find other phone modems. In looking for computers set with default “guest” accounts, hackers used war dialing — randomly dialing phone numbers until they got a computer on the other end — to access corporate or military computers. At the time, says Ranum, system administrators would laugh at logs that showed 800 attempts for access using the default word “guest.” But that was when the Internet was still an intimate community of military, academics, and a few curious hackers, barely a few years removed from the days of the early ARPANET that predates today’s Internet. The upcoming shift, from in invite-only world to what we have today, is important; that’s when hackers realized they were no longer alone on the Internet and had to go underground. Jeff Moss, founder of Black Hat and DefCon, describes in one of his interview segments growing up in the Bay Area in the 1980s and having one of the first affordable home computers that, with a modem, connected over the phone to various bulletin boards. He says that he could connect and no one would know his true identity or age; he would only be judged by what he wrote. For a 14 year old boy, Moss says it was liberating to be able to talk about sex and drugs. Then in the early 1990s, Moss says AOL, Prodigy, and CompuServe destroyed the local community bulletin board, opening up what had been an exclusive neighborhood of thought and discussion to the entire world. It created a gold rush—it gave us spamming and phishing which both got started only once the masses starting surfing the net. It also threatened to push the curious hacker community into a dark corner — until Moss founded DefCon in the summer of 1992. DefCon is a real-world computer bulletin board where communities of hackers and law enforcement talk openly about the Internet with an eye toward fixing what is broken. Not every computer hacker is malicious; Moss makes the point that there are good plumbers and bad plumbers. And not all famous computer hackers are ex-felons like Kevin Mitnick. Zerechak’s film includes footage of the Boston-based L0pht Heavy Industries members testifying before Congress in May of 1998, saying confidently that they had the knowledge to take down the Internet in 30 minutes (but also that they wouldn’t do it). Today, one of the original members of L0pht, Peiter Zatko aka “Mudge,” works for DARA. Another, Joe Grand aka “Kingpin,” runs a hardware design studio in San Francisco. And even Moss, who wasn’t part of Lopht, has served on President Obama’s Homeland Security Advisory Council and is today ICANN’s Chief Security Officer. Sursa: The Best Hacking Film You Haven't Seen (Yet) - Forbes

Linux iotop: Check What’s Stressing And Increasing Load On Your Hard Disks by Vivek Gite on July 20, 2012 The iotop command is top like utility for disk I/O. It watches I/O usage information output by the Linux kernel (requires v2.6.20 or later) and displays a table of current I/O usage by processes or threads on the system. This post expalins how to install and use iotop to find out what's stressing (or program names) on your hard drives under Linux operating systems. Install iotop Use the yum command to install iotop under RHEL / CentOS Linux, enter: # yum install iotop Sample outputs: Loaded plugins: auto-update-debuginfo, product-id, protectbase, rhnplugin, subscription-manager Updating certificate-based repositories. Unable to read consumer identity 0 packages excluded due to repository protections Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package iotop.noarch 0:0.3.2-3.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================================================= Installing: iotop noarch 0.3.2-3.el6 rhel-x86_64-server-6 49 k Transaction Summary ============================================================================================================================================================================================= Install 1 Package(s) Total download size: 49 k Installed size: 0 Is this ok [y/N]: y Downloading Packages: iotop-0.3.2-3.el6.noarch.rpm | 49 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : iotop-0.3.2-3.el6.noarch 1/1 Installed products updated. Verifying : iotop-0.3.2-3.el6.noarch 1/1 Installed: iotop.noarch 0:0.3.2-3.el6 Complete! Debian / Ubuntu Linux user try apt-get command as follows to install the same: $ sudo apt-get install iotop Sample outputs: [sudo] password for vivek: Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: iotop 0 upgraded, 1 newly installed, 0 to remove and 12 not upgraded. Need to get 26.5 kB of archives. After this operation, 168 kB of additional disk space will be used. Get:1 http://debian.osuosl.org/debian/ squeeze/main iotop all 0.4-2+squeeze1 [26.5 kB] Fetched 26.5 kB in 1s (17.0 kB/s) Selecting previously deselected package iotop. (Reading database ... 256274 files and directories currently installed.) Unpacking iotop (from .../iotop_0.4-2+squeeze1_all.deb) ... Processing triggers for man-db ... Setting up iotop (0.4-2+squeeze1) ... Processing triggers for python-support ... How do I use iotop command? iotop command displays columns for the I/O bandwidth read and written by each process/thread during the sampling period. It also displays the percentage of time the thread/process spent while swapping in and while waiting on I/O. For each process, its I/O priority (class/level) is shown. In addition, the total I/O bandwidth read and written during the sampling period is displayed at the top of the interface. Type the following command to run iotop (must run as root): $ sudo iotop OR # iotop Sample outputs: iotop: Linux Disk I/O Monitor Command Fig.01: iotop: Linux Disk I/O Monitor Command in Action However, I recommend that you start iotop with --only option to see only processes or threads actually doing I/O, instead of showing all processes or threads (you can set this mode dynamically too see keyboard shortcut o for more info): # iotop --only Sample outputs: iotop: Linux Disk I/O Tools To See Process Eating Disk I/O Fig.02: Only See Process Eating Your Disk I/O Other supported options by iotop command: -o, --only Only show processes or threads actually doing I/O, instead of showing all processes or threads. This can be dynamically toggled by pressing o. -b, --batch Turn on non-interactive mode. Useful for logging I/O usage over time. -n NUM, --iter=NUM Set the number of iterations before quitting (never quit by default). This is most useful in non-interactive mode. -d SEC, --delay=SEC Set the delay between iterations in seconds (1 second by default). Accepts non-integer values such as 1.1 seconds. -p PID, --pid=PID A list of processes/threads to monitor (all by default). -u USER, --user=USER A list of users to monitor (all by default) -P, --processes Only show processes. Normally iotop shows all threads. -a, --accumulated Show accumulated I/O instead of bandwidth. In this mode, iotop shows the amount of I/O processes have done since iotop started. -k, --kilobytes Use kilobytes instead of a human friendly unit. This mode is useful when scripting the batch mode of iotop. Instead of choosing the most appropriate unit iotop will dis- play all sizes in kilobytes. -t, --time Add a timestamp on each line (implies --batch). Each line will be prefixed by the current time. -q, --quiet suppress some lines of header (implies --batch). This option can be specified up to three times to remove header lines. -q column names are only printed on the first iteration, -qq column names are never printed, -qqq the I/O summary is never printed. Important keyboard shortcuts for iotop command Hit the left and right arrow keys to change the sorting. Hit r to reverse the sorting order. Hit o only to see processes or threads actually doing I/O, instead of showing all processes or threads. Hit p only show processes. Normally iotop shows all threads. Hit a display accumulated I/O instead of bandwidth. In this mode, iotop shows the amount of I/O processes have done since iotop started. Ht i to change the priority of a thread or a process' thread(s) i.e. ionice. Hot q to quit iotop. Check out related media Sursa: Linux iotop: Check What’s Stressing And Increasing Load On Your Hard Disks

Mie imi place cand ne certam (tipam unu la altu) pe teme foarte tehnice, ca bypass-ul la DEP sau la ASLR, cand spunem prostii, dar ne credem, si intotdeauna noi avem dreptate

[h=1]ClubHACK Magazine July 2012![/h] July 20, 2012 By Mayuresh ClubHACK has released the July 2012 version of their magazine. It is the first Indian “Hacking” Magazine. This 30th issue discusses topics such as PHP shells, DirBuster, Secure Android Coding and much more. [h=2]Contents of ClubHACK Magazine July 2012:[/h] Tech Gyan: PHP Shells PHP shells are used by Blackhats to maintain persistence into a compromised machine, typically a webserver. A “shell” is the common name given to a Command Line Interface (CLI) used to interact with the Operating System, even at low level. The usage requires the knowledge of a discrete set of commands that are often different among different Operating Systems (e.g. Unix/DOS). After a successful breach into a vulnerable system, the attacker could adopt a “Shell” as a payload in order to taking control of the victim system. Legal Gyan: Section 66E – Punishment for violation of Privacy Policy In some of the latest articles we have focused on the areas of data privacy, due diligence to be observed by the companies handling sensitive personal data, etc. But, not much has been spoken/written on violation of person’s privacy. I.e. ensuring privacy on an individual at the places where he/she under the normal circumstances expects to be in a private environment. Tool Gyan: OWASP DirBuster – Bruteforcing the Web DirBuster is a multi-threaded Java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. This tool is written by James Fisher and now an OWASP’s Project, licensed under LGPL. Mom’s Guide: Private Browsing While trying to read what “private browsing” means, I came across its page in Wikipedia. It has a very interesting definition. It reads as follows: Privacy mode or “private browsing” is a term that refers to privacy features in some web browsers. Historically speaking, web browsers store information such as browsing history, images, videos and text within cache. In contrast, privacy mode can be enabled so that the browser does not store this information for selected browsing sessions. Code Gyan: Basics of Android Secure Coding Android is an OS designed for Smart phones. The phones are meant for office productivity apps, games, social networks etc. The phone comes pre-installed with a selection of system applications, e.g., phone dialer, address book, but the platform gives ample opportunities for the developers to create their own applications and publish into the huge android market, so called the “Play Store”. Matriux Vibhag: MITM with Ettercap Hello readers, we are back with our tutorials on Matriux, due to some unwanted circumstances we weren’t able to be a part of last month’s issue. However we promise to provide our continued support and help to the users. This month we are going to cover a basic tutorial of Man-In-The-Middle (MITM) attack using Ettercap by ARP spoofing technique. Special Feature: Impact of Cybercrime on Businesses IT security is more important for businesses than ever. A study that was carried out by the Ponemon Institute has revealed that businesses lacking in IT security could be losing over £200,000. The study, entitled “Impact of Cybercrime on Businesses”, surveyed 2,618 C-level IT security and executive personnel with the aim of finding out what everyone has in common. The survey spanned the United States, United Kingdom, Hong Kong, Brazil and Germany. It was found that in the latter country, cyber-attacks cost businesses more than anywhere else, with the average cost being around $298,359. The average cost that cyber-attacks will have on companies in the United States is $276,671, if they are successfully carried out. Download: http://chmag.in/issue/jul2012.pdf Sursa: 'ClubHACK Magazine July 2012!' — PenTestIT

"The amount of hackers per m*m (metru patrat) is too damn high"

Si, cum functioneaz, cum schimba icon-ul?

Cum s? m?re?ti pozele, f?r? s? pierzi detaliile Aurelian Mihai - 19 iul 2012 Procedeul v?zut pân? acum doar în filmele poli?iste, în care specialistul laboratorului de investiga?ii reconstruia ca prin minune orice imagine neclar? ap?sând câteva taste în fa?a unui PC extrem de sofisticat, ob?inând în câteva secunde portretul unui suspect sau num?rul de înmatriculare al unui vehicul, este acum realitate ?i aproape la îndemâna oricui. În lumea real? procedeul se nume?te super-resolu?ion ?i poate fi abordat în dou? moduri diferite. Prima abordare presupune existen?a unei secven?e video din care s? prelu?m mai multe imagini succesive care surprind acela?i obiect, urmând ca un filtru software s? extrag? cât mai multe detalii cu putin?? din care s? construiasc? o singur? imagine mai clar?. A doua abordare func?ioneaz? cu o singur? imagine surs? ?i presupune folosirea unor tehnici de procesare avansate, prin care se analizeaz? con?inutul imaginii c?utând elemente similare, care pot fi combinate pentru reconstruirea detaliilor neclare. Pentru a în?elege mai bine acest procedeu, imagina?i-v? o poz? abia descifrabil? cu un peisaj din ora?, în care apar cl?diri, str?zi asfaltate, un afi? cu text aproape ilizibil, etc. Majoritatea obiectelor din imagine au un aspect distinctiv, ce urmeaz? un anumit tipar: textura asfaltului, liniile c?r?mizilor de pe peretele c?dirii, forma literelor de pe afi?. În majoritatea cazurilor, detaliile abia vizibile urmeaz? un tipar repetitiv, dar cu varia?ii subtile la nivel de sub-pixel ?i dimensiunea elementelor individuale, în func?ie de cum sunt pozi?ionate obiectele în spa?iul tridimensional. Filtrul super-resolu?ion separ? din imagine cele mai reprezentative detalii, generând un veritabil puzzle cu modele de texturi , care serve?te apoi la reconstruc?ia detaliilor estompate din imaginea surs?. Pe scurt, cu procedeul super-resolution putem transforma o poz? neclar? sau de rezolu?ie mic?, într-o imagine mai bine detaliat? , redat? la o rezolu?ie mai mare decât originalul. Tehnologia super-resolution, dezvoltat? de Institutul Weizmann de cercet?ri ?tiin?ifice,func?ioneaz? atât cu imagini statice dar ?i secven?e video, dând cele mai bune rezultate cu scenele care con?in multe detalii cu tipar repetitiv. Tehnica Weizmann func?ioneaz? desp?r?ind mai întâi imaginea original? într-un puzzle de imagini mai mici, fiecare m?surând doar câ?iva pixeli. Elementele individuale ale acestui puzzle sunt comparate între ele c?utând detalii cu aspect asem?n?tor. Atunci când sunt g?site dou? sau mai multe texturi asem?n?toare, este posibil? recompunerea &unei texturi mai clare decât originalul. Toate fragmentele de texturi rezultate sunt folosite apoi la reconstruc?ia imaginii originale. Procedeul nu este chiar perfect ?i poate genera detalii false, percepute ca artefacte în imagine ?i vizibile mai ales la reconstruc?ia detaliilor fine, abia vizibile în imaginea surs?. Tehnologia super-resolu?ion se prezint? ca o modalitate mai avansat? de m?rire a imaginilor, cu rezultate mult superioare calitativ fa?? de tehnicile clasice implementate în aplica?iile de editare imagine. O a doua utilitate poate fi în domeniul cre?terii eficien?ei tehnicilor de compresie video ?i imagine. Din p?cate procedeul super-resolu?ion are ?i un inconvenient major: este foarte intensiv din punct de vedere al cerin?elor de procesare ?i prea lent pentru a fi aplicat în timp real (de exemplu pentru îmbun?t??irea imaginilor afi?ate în browserul web sau filme pe YouTube). Exist? totu?i speran?e ca procesarea în timp real s? fie în cele din urm? posibil? cu ajutorul acceler?rii prin GPU, folosind una sau mai multe pl?ci video performate. Sursa: Cum s? m?re?ti pozele, f?r? s? pierzi detaliile

Example: [h=1]Compilers[/h][h=3]Alex Aiken, Professor[/h]This course will discuss the major ideas used today in the implementation of programming language compilers. You will learn how a program written in a high-level language designed for humans is systematically translated into a program written in low-level assembly more suited to machines! https://www.coursera.org/course/compilers [h=1]Cryptography[/h][h=3]Dan Boneh, Professor[/h]Learn about the inner workings of cryptographic primitives and how to apply this knowledge in real-world applications! https://www.coursera.org/course/crypto -------------------------------------------------------------- ALL courses: https://www.coursera.org/courses

Iei, exista seriale care sa imi placa si mie

[h=2]Hello World in C without libraries or similar dependencies[/h]2012-07-12 Sometimes it's fun to forget about why an Undefined Behavior in C is bad and just write some code that works here & now, but not necessarily will work tomorrow (with a different compiler version or different compiler settings) or in another place (another platform/system/architecture). A few weeks ago I had a chance to do such fun coding due to a thread "Hello world bez bibliotek i asm" (eng: "Hello world without libraries or asm") on a Polish programming forum - the thread creator was asking if it's possible to create a program writing out "Hello World" without using any libraries (including includes) or inline assembly. While at the beginning the thread was still about proper C, it soon moved to low-level code (still written as C) that depended on the underlying system, CPU architecture or even the way the compiler does its job. In this post I present my idea on how to write out "Hello World" to a GNU/Linux console; also it might be worth to take a look at the thread itself (I guess you won't need to know Polish just to look at C code ;>). The post below was originally published (in Polish) on forum 4programmers.net in the "Hello world bez bibliotek i asm" (link) thread. --post start-- A piece of code from me - please note that I wanted to demonstrate a method and not create an always-working-code The code was written to work on linux (32-bits x86) but you can use the same method on 64-bits or on Windows both 32- and 64-bits. The code does not use any libraries (it doesn't even look for any in the memory) and there is no inline assembly/etc (well, no direct or explicit inline assembly/etc ;>). I've placed the explanation of the method below the code. volatile unsigned int something_wicked_this_way_comes( int a, int b, int c, int d) { a ^= 0xC3CA8900; b ^= 0xC3CB8900; c ^= 0xC3CE8900; d ^= 0x80CDF089; return a+b+c+d; } void* find_the_witch(unsigned short witch) { unsigned char *p = (unsigned char*)something_wicked_this_way_comes; int i; for(i = 0; i < 50; i++, p++) { if(*(unsigned short*)p == witch) return (void*)p; } return (void*)0; } typedef void (*gadget)() __attribute__((fastcall)); int main(void) { gadget eax_from_esi_call_int = (gadget)find_the_witch(0xF089); gadget set_esi = (gadget)find_the_witch(0xCE89); gadget set_ebx = (gadget)find_the_witch(0xCB89); gadget set_edx = (gadget)find_the_witch(0xCA89); if(!eax_from_esi_call_int) return 1; if(!set_esi) return 3; if(!set_ebx) return 4; if(!set_edx) return 5; set_edx(12), set_ebx(1), set_esi(4); eax_from_esi_call_int("Hello World\n"); return 0; } This code uses a method really similar to the JIT-language exploitation techniques when the memory is protected via XD/NX/XN/DEP/etc - i.e. I tried to implicitly place in executable memory a couple of "gadgets" (think: ret2libc or return oriented programming - gynvael.coldwind//vx.log) and then use them to make a syscall call into the kernel (so, there are no libraries needed at all, but of course there is interaction with the environment, i.e. the Linux kernel). These gadgets are places in the something_wicked_with_way_comes function as the constants used in XORs. a ^= 0xC3CA8900; b ^= 0xC3CB8900; c ^= 0xC3CE8900; d ^= 0x80CDF089; The above C code on assembly / machine code level might look like this (compiled using gcc; disassembled using objdump afair): [...] 6: 35 00 89 ca c3 xor eax,0xc3ca8900 b: 89 45 08 mov DWORD PTR [ebp+0x8],eax e: 8b 45 0c mov eax,DWORD PTR [ebp+0xc] 11: 35 00 89 cb c3 xor eax,0xc3cb8900 16: 89 45 0c mov DWORD PTR [ebp+0xc],eax 19: 8b 45 10 mov eax,DWORD PTR [ebp+0x10] 1c: 35 00 89 ce c3 xor eax,0xc3ce8900 21: 89 45 10 mov DWORD PTR [ebp+0x10],eax 24: 8b 45 14 mov eax,DWORD PTR [ebp+0x14] 27: 35 89 f0 cd 80 xor eax,0x80cdf089 [...] So, if we would disassemble the code with a slight misalignment (one or two bytes) we would get a code that differs a little: 6: 35 00 89 ca c3 ? mov edx, ecx ; ret 11: 35 00 89 cb c3 ? mov ebx, ecx ; ret 1c: 35 00 89 ce c3 ? mov esi, ecx ; ret 27: 35 89 f0 cd 80 ? mov eax, esi ; int 0x80 Thanks to the above I'm certain that in this case the needed gadgets do reside in memory (of course if the compiler would work in a slightly different way the opcodes might never show up; but in this specific compilation-case they did). Going further into the code, I use the find_the_witch function to actually find these gadgets in memory in the something_wicked_this_way_comes function (the argument for the scanning function are the two first bytes of a gadget I'm looking for represented as uint16_t (little endian)). gadget eax_from_esi_call_int = (gadget)find_the_witch(0xF089); gadget set_esi = (gadget)find_the_witch(0xCE89); gadget set_ebx = (gadget)find_the_witch(0xCB89); gadget set_edx = (gadget)find_the_witch(0xCA89); One more important thing - here's the gadget type: typedef void (*gadget)() attribute((fastcall)); It has two essential features: 1. The unspecified amount of arguments denoted by the C's () (please note that in C++ () means (void), but in C it's closer to (...)). 2. The fastcall convention thanks to which the function arguments will be places in the general purpose registers and not on the stack (in case of the first few arguments of course) - in this specific case the first argument is always placed in the ecx register (the gadgets are designed to use this fact). After that I "construct" a simple assembly-like hello world using the gadgets I have: set_edx(12), set_ebx(1), set_esi(4); eax_from_esi_call_int("Hello World\n"); This will be executed as following: (main) mov ecx, 12 mov eax, set_edx call eax (gadget) mov edx, ecx ret (main) ... ... ... (gadget) ... int 0x80 Or, skipping the parts from the main() function: [gadget 1] mov edx, 12 (length of the string) [gadget 2] mov ebx, 1 (stdout) [gadget 3] mov esi, 4 (sys_write) [handled by fastcall] mov ecx, address "Hello World\n" [gadget 4] mov eax, esi [gadget 4] int 0x80 Of course I'm missing a C3 (ret) after the int 0x80 (no place left in a 4-byte gadget) so the program will crash AFTER writing out "hello world". However it would be fairly simple to fix this Test: $ gcc -m32 test.c -O0 $ ./a.out Hello World Segmentation fault (core dumped) $ --post stop-- An elegant fix to the Segmentation fault problem was posted by Azarien in the same thread - he created another function called graceful_exit where, using the existing gadgets, he invoked the exit syscall. And then he added the call to this function in the something_wicked_this_way_comes just after d ^= 0x80CDF089; - thanks to this after the gadget 89 F0 CD 80 is executed the CPU will execute whatever is next after the CD 80 (int 0x80) and that would be the call to the graceful_exit function. The said patch looks like this (Azarien's changes are yellow; there was another change in the patch - the gadget type declaration was moved to the top of the file but I'll skip this in the listing): void graceful_exit() { set_ebx(0); set_esi(1); eax_from_esi_call_int(0); } volatile unsigned int something_wicked_this_way_comes( int a, int b, int c, int d) { a ^= 0xC3CA8900; b ^= 0xC3CB8900; c ^= 0xC3CE8900; d ^= 0x80CDF089; graceful_exit(); return a+b+c+d; } As said, very elegant solution It's worth also taking a look at MSM's post and the discussion underneath it (in Polish) - MSM's method uses the commonly known (in RE/shellcoding) technique of looking up kernel32 address in the loaded DLLs list in PEB, finding the GetProcAddress in the import tables and acquiring the addresses of all API functions required to print out "Hello World" (that being said, it kinda relies on some libraries; still, fun to look at). And that's that. Cheers ;> Comment: 2012-07-12 17:15:11 = tehnicaorg { $ uname -a | cat b.c && gcc b.c -Wall -std=c99 -nostdlib && ./a.out char _start[] __attribute__ ((section(".text#"))) = { 0xE8, 0x0D, 0x00, 0x00, 0x00, 0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x20, 0x57, 0x6F, 0x72, 0x6C, 0x64, 0x21, 0x0A, 0x5E, 0x31, 0xC0, 0x89, 0xC2, 0xFF, 0xC0, 0x89, 0xC7, 0xB2, 0x0D, 0x0F, 0x05, 0x48, 0x31, 0xFF, 0x6A, 0x3C, 0x58, 0x0F, 0x05}; Hello World! The variant without -nostdlib parameter is similar, but it also has a main(): [...] int main(void) { ((void (void))a)(); return 0; } } Sursa: gynvael.coldwind//vx.log

Am actualizat pagina de Facebook: Course subscription Traffic Sniffing, Not Botnet, May Have Led to Android Spam Run [RST] Y!M IMified php bot pyLauncher | Windows Application Launcher Video Spin Blaster v 2.85 DEC Alpha Linux <= 3.0 local root exploit Linux Kernel <= 2.6.37 local privilege escalation Android < 2.3.6 PowerVR SGX Privilege Escalation Exploit Exploit Mitigations in Android Jelly Bean 4.1 Totul despre noul Microsoft Office 2013: de la design pana la cloud Microsoft Windows Shell Command Injection - MS12-048 (CVE-2012-0175) Top 10: The Web Application Vulnerability Scanners Benchmark, 2012 Backtrack Wireless: Packet Sniffing si Injecting Android Security shielded with full ASLR implementation Cracking RDP Backtrack5 Linux Developers Step Up to the Secure Boot Challenge Apple's App Store bypassed by Russian hacker, leaving developers out of pocket PdfStreamDumper 0.9.320 Hacking pentru gadgeturile proprii: rooting, jailbreak, modding 3D printer helps pick locks in high-end security handcuffs Bug in Skype Lands Conversations in Wrong Windows How Google is becoming an extension of your mind Microsoft Disables Windows Sidebar and Gadgets to Keep Users Safe Profiles in Linux: H. Peter Anvin https://www.facebook.com/rstforum Daca aveti sugestii de topicuri pentru pagina, dati-mi PM.

Frumos

[h=1]Linux Developers Step Up to the Secure Boot Challenge[/h]By Katherine Noyes, PCWorld Jul 17, 2012 3:15 am The prospect of Windows 8's planned Secure Boot restrictions has caused no end of controversy in the Linux world, where distributors and users of the free and open source operating system have been struggling to figure out just what it's all going to mean for those who don't embrace Windows. It wasn't long ago that the Free Software Foundation spoke out for a second time on the topic, but recently there have been signs that a broader effort is in the works in the Linux community. “The purpose of this email is to widen the pool of people who are playing with UEFI Secure boot,” began a message late last month from James Bottomley, chair of the Linux Foundation's Technical Advisory Board. Based on Intel's Tianocore It turns out Bottomley has created a platform Linux developers can use to get around Secure Boot--specifically, a boot system based on Intel's Tianocore, which is an open source implementation of the Unified Extensible Firmware Interface (UEFI). The Intel Tianocore project just recently added the Secure Boot facility to its UEFI ROM images, he noted. Also posted in a repository by Bottomley are a set of tools that can be used to sign EFI binaries, he said. “The current state is that I've managed to lock down the Secure Boot virtual platform with my own PK and KEK and verified that I can generate signed EFI binaries that will run on it (and that it will refuse to run unsigned efi binaries),” Bottomley explained. “Finally I've demonstrated that I can sign elilo.efi ... and have it boot an unsigned Linux kernel when the platform is in secure mode (I've booted up to an initrd root prompt).” 'Far From Rock Solid' The Linux Foundation Technical Advisory Board began looking into the situation “because it turns out to be rather difficult to lay your hands on real UEFI Secure Boot enabled hardware,” Bottomley pointed out. This new contribution, however, is still “very alpha,” he warned. “The Tianocore firmware that does Secure Boot is only a few weeks old, and the sbsigning tools weren't really working up until yesterday, so this is very far from rock solid.” Still, after two distributions each made an early--and controversial--attempt at proposing a solution, it's exciting to see this new, higher-level effort. As Bottomley notes, this new virtual platform could give the various Linux distributions a new basis for experimentation that will help them come up with innovative solutions of their own. Sursa: Linux Developers Step Up to the Secure Boot Challenge | PCWorld Business Center

[h=1]AttacksTargeting Activists Uses Blackshades Trojan[/h]Tuesday, July 17, 2012 Article by Eva Galperin and Morgan Marquis-Boire Since March of this year, EFF has reported extensively on the ongoing campaign to use social engineering to install surveillance software that spies on Syrian activists. Syrian opposition activists have been targeted using several Trojans, including one disguised as a Skype encryption tool and others disguised as revolutionary documents. As we've tracked these ongoing campaigns, patterns have emerged that link certain attacks to one another, indicating that the same actors, or groups of actors are responsible. More than a dozen of these attacks have installed versions of the same remote access tool, DarkComet RAT, and reported back to the same IP address in Syrian address space. DarkComet RAT's increasingly close association with pro-Syrian-government malware, combined with the Human Rights Watch report on the Assad regime's network of torture centers, may have motivated the project's sole developer to shut it down, declaring his intention to work on an alternative tool that more closely resembles VNC and requires administrative access to install. Pro-Syrian government hackers appear to have moved on to another remote access tool: Blackshades Remote Controller, whose capabilities include keystroke logging and remote screenshots. EFF reported on the use of this tool in malware targeting officers of the Free Syrian Army on June 19th. Similar command and control domains suggest that this campaign is being carried by the same actors responsible for the fake YouTube attack we reported in March, which lured Syrian activists in by advertising pro-opposition videos, stole their YouTube login credentials by asking them to log in before leaving a comment, and installed surveillance malware disguised as an Adobe Flash Player update. A new campaign, using Blackshades Remote Controller, has been discovered via a message sent from a compromised Skype account to an individual working with the Syrian opposition, seen in the screenshot below. Roughly translated, the message reads: "There is a person who hates you, and keeps talking about you. I took a screenshot of the conversation. Please beware of this person, as he knows you personally. This is a screenshot of the conversation." ?? Clicking on this link--(http://14wre.co.za/new.zip - now dead because the malicious software has been removed)--provided new.zip, which unzipped to new.pif. 430f220ee9b3083b43347918dbda3051145734e243e92b966a99990376c21eb8 new.pif This malware attempts to connect to the command and control server at: alosh66.servecounterstrike.com. While the DNS provider for this domain has been notified and the domain has been disabled, the last IP address that this domain resolved to was 31.9.48.11. The subdomain "alosh66" appeared in the command and control domains of the two other campaigns EFF has described above. This sample drops the following files: C:\Documents and Settings\Administrator\Templates\THEMECPL.exe, a copy of the malware itself copied to the templates folder, shown in the screenshot below. C:\Documents and Settings\Administrator\Local Settings\Temp\sppnp.exe, BlackShades RAT, shown in the screenshot below. This is very similar to the previous installation detailed by Citizen Lab. And C:\Documents and Settings\Administrator\Application Data\demo.exe, a version of AppLaunch.exe, the Microsoft ClickOnce Launcher, shown in the screenshot below, along with the keylogger file, C:\Documents and Settings\Administrator\Application Data\data.dat. If you see these files on your computer, you have been infected with BlackShades If your computer is infected, deleting the above files or using anti-virus software to remove the Trojan does not guarantee that your computer will be safe or secure. This malware gives an attacker the ability to execute arbitrary code on the infected computer. There is no guarantee that the attacker has not installed additional malicious software while in control of the machine. Some anti-virus vendors recognize this malware as BlackShades Remote Controller. You may try updating your anti-virus software, running it, and using it to remove the Trojan if it comes up, but the safest course of action is to re-install the OS on your computer and change the passwords to any accounts you have logged into since the time of infection. EFF urges Syrian activists to be especially cautious when downloading files over the Internet, even in links that are purportedly sent by friends. While Syrians have become increasingly sophisticated in their privacy and security practices, pro-Syrian-government actors have also increased the frequency and sophistication of their campaigns. In light of disturbing reports documenting the use of torture by Syrian security forces in detention facilities across the country, the need for caution is greater than ever. Cross-posted from Electronic Frontier Foundation Sursa: AttacksTargeting Activists Uses Blackshades Trojan

[h=1]PdfStreamDumper 0.9.320[/h] April 25, 2012 By Mayuresh Our first post regarding the PdfStreamDumper can be found here. Recently, an update – PdfStreamDumper version 0.9.320 – was released. PdfStreamDumper is a free tool for the analysis of malicious PDF documents. It also has some features that can make it useful for PDF vulnerability development. It has as specialized tools for dealing with obsfuscated javascript, low level PDF headers and objects, and shellcode. In terms of shellcode analysis, it has an integrated interface for libemu sctest, and a shellcode_2_exe feature. Javascript tools include integration with JS Beautifier for code formatting, the ability to run portions of the script live for live deobsfuscation, toolbox classes to handle extra canned functionality, as well as a pretty stable refactoring engine that will parse a script and replace all the screwy random function and variable names with logical sanitized versions for readability. PdfStreamDumper also supports unescaping/formatting manipulated pdf headers, as well as being able to decode filter chains (multiple filters applied to the same stream object.) [h=2]Changes made to PdfStreamDumper:[/h]PdfStreamDumper got a Virustotal plugin. It has two modes, one just searchs for the currently loaded file, and the other is a bulk request mode. The bulk request mode can load a CRLF list of md5s from the clipboard, or it can scan the currently laded PDF and grab the md5s for the embedded objects (flash, u3d, ttf, prc etc). Dumper also received an Extract URLs menu item and Download File menu item. The Stream Parser has finally been optimized and is now 20x faster. [h=3]Download PdfStreamDumper:[/h]PDFStreamDumper 0.9.320 – PDFStreamDumper_Setup.exe – http://sandsprite.com/CodeStuff/PDFStreamDumper_Setup.exe Sursa: PdfStreamDumper version 0.9.320! — PenTestIT

[h=1]Which browser is safest? The browser wars are back and this time you win[/h]by Chester Wisniewski on July 16, 2012 Several media organizations have recently reported that Chrome has bypassed Internet Explorer in worldwide browser market share. Here at Sophos, we don't keep track of that sort of thing, but we have seen a major change in browser marketing over the last 24 months. The browser makers are selling security. Microsoft has been promoting Internet Explorer 10's security chops, which will ship later this year with Windows 8 and will reportedly be made available to Windows 7 users as well. The new version of IE will be a full 64 bit application on 64 bit Windows, increasing the difficulty of bypassing exploit mitigation techniques like ASLR. IE 10 also introduces a new setting called Enhanced Protected Mode (EPM). EPM adds several new sandbox-like technologies and introduces the concept of plug-in-free browsing. Mozilla is preparing to launch Firefox 14 any day now with its own set of security-enhancing features. Firefox will now default to using HTTPS for search queries submitted to Google. This is a great improvement for privacy and it appears that the Firefox developers are exploring similar features for other search engines. My favorite new Firefox feature is the "Click to Play" plugin preference. If you enable this feature (plugins.click_to_play under about:config), websites containing content such as Flash or Quicktime will be blocked by default, to prevent drive-by exploitation. If you wish to see the video, you simply click on the box to enable the plugin. Chrome 20 was released last month, and attempts to get a grip on malicious extensions being distributed on Facebook and other sites. The latest version of Chrome will no longer allow extensions to be loaded from any web page other than the Chrome Web Store. Additionally, Google has begun screening applications submitted to the official Web Store. It is a bit shocking that Google wasn't doing any screening before - but better late than never. The Google Chrome team are now bragging about Chrome 21 including a fully-sandboxed version of Adobe Flash for all versions of Windows. (Adobe released a sandboxed version of Flash for Firefox in June. The differences between the Firefox and Chrome sandboxes is unclear.) With the browser developers trying to gain market share and using security as a competitive advantage, we all win. Security doesn't need to be annoying or difficult and when implemented elegantly is an advantage. Hopefully the developers of Java are listening and will try to catch up with Adobe, Microsoft, Mozilla and Google. Sursa: Which browser is safest? The browser wars are back and this time you win | Naked Security

[h=1]3D printer helps pick locks in high-end security handcuffs[/h]Man at hacker conference demonstrates how he made CAD models of restricted keys and produced plastic replicas, according to a Forbes report. by Steven Musil July 16, 2012 7:26 PM PDT While 3D printing has shown much promise in helping to treat physical ailments and disabilities, there may be more nefarious applications in the near future. The security of high-end handcuffs can be defeated by plastic keys cheaply produced with a laser cutter and 3D printer, a man who identified himself as "Ray" demonstrated last week at a Hackers on Planet Earth conference workshop, according to a Forbes report. His 3D-printer-produced replica keys opened handcuffs produced by German manufacturer Bonowi and British maker Chubb, both of which try to restrict distribution of keys that open their locks to law-enforcement agencies. Ray said he made precise measurements of the key, which he said was purchased on eBay, and created CAD models from which he produced copies in plexiglass and ABS plastic. 3D printing is executed on large machines that can spit out copies of digital designs on a wide range of materials, from polymers to recyclable plastics to metals. Some recent uses include the production of replacement jaws to the creation of new blood vessels. However, the machines can cost tens of thousands of dollars and often turn out misprinted copies. The demonstration also highlights a challenge faced by police departments, which typically issue a standard key to officers that open all the handcuffs used in that particular department. "Police need to know that every new handcuff they buy has a key that can be reproduced," he says. "Until every handcuff has a different key, they can be copied." Ray, a security consultant who also advises German police on handcuff technology, said he plans to upload the Chubb CAD files to the 3D-printing Web platform Thingiverse later this week. He said the goal of his demonstration was expose the vulnerabilities of handcuffs. "If someone is planning a prison or court escape, he can do it without our help," he said. "We're just making everyone aware, both the hackers and the police." Sursa: 3D printer helps pick locks in high-end security handcuffs | Security & Privacy - CNET News

[h=1]NIST Recommendations for Cryptographic Key Management[/h] Tuesday, July 17, 2012 The proper management of cryptographic keys is essential to the effective use of cryptography for security. Keys are analogous to the combination of a safe. If a safe combination is known to an adversary, the strongest safe provides no security against penetration. Similarly, poor key management may easily compromise strong algorithms. Ultimately, the security of information protected by cryptography directly depends on the strength of the keys, the effectiveness of mechanisms and protocols associated with keys, and the protection afforded to the keys. All keys need to be protected against modification, and secret and private keys need to be protected against unauthorized disclosure. Key management provides the foundation for the secure generation, storage, distribution, use and destruction of keys. Users and developers are presented with many choices in their use of cryptographic mechanisms. Inappropriate choices may result in an illusion of security, but little or no real security for the protocol or application. This Recommendation (i.e., SP 800-57) provides background information and establishes frameworks to support appropriate decisions when selecting and using cryptographic mechanisms. This Recommendation does not address implementation details for cryptographic modules that may be used to achieve the security requirements identified. These details are addressed in [FIPS140], the associated implementation guidance and the derived test requirements (available at Bounce to index.html). This Recommendation is written for several different audiences and is divided into three parts. Part 1, General, contains basic key management guidance. It is intended to advise developers and system administrators on the "best practices" associated with key management. Cryptographic module developers may benefit from this general guidance by obtaining a greater understanding of the key management features that are required to support specific, intended ranges of applications. Protocol developers may identify key management characteristics associated with specific suites of algorithms and gain a greater understanding of the security services provided by those algorithms. System administrators may use this document to determine which configuration settings are most appropriate for their information. Part 1 of the Recommendation: 1. Defines the security services that may be provided and key types that may be employed in using cryptographic mechanisms. 2. Provides background information regarding the cryptographic algorithms that use cryptographic keying material. 3. Classifies the different types of keys and other cryptographic information according to their functions, specifies the protection that each type of information requires and identifies methods for providing this protection. 4. Identifies the states in which a cryptographic key may exist during its lifetime. 5. Identifies the multitude of functions involved in key management. 6. Discusses a variety of key management issues related to the keying material. Topics discussed include key usage, cryptoperiod length, domain-parameter validation, publickey validation, accountability, audit, key management system survivability, and guidance for cryptographic algorithm and key size selection. Part 2, General Organization and Management Requirements, is intended primarily to address the needs of system owners and managers. It provides a framework and general guidance to support establishing cryptographic key management within an organization and a basis for satisfying key management aspects of statutory and policy security planning requirements for Federal government organizations. Part 3, Implementation-Specific Key Management Guidance, is intended to address the key management issues associated with currently available implementations. The NIST Recommendations for Cryptographic Key Management can be downloaded here: NIST Recommendations for Cryptographic Key Management.pdf Sursa: NIST Recommendations for Cryptographic Key Management

[h=1]Serial hacker says latest Android will be "pretty hard" to exploit[/h] [h=2]Defenses added to Android Jelly Bean make it harder to hijack end users' phones.[/h] by Dan Goodin - July 16 2012, 11:45pm GTBDT Diagram showing attacker overwriting a return address with a pointer to the stack that contains attacker-supplied data Wikipedia The latest release of Google's Android mobile operating system has finally been properly fortified with an industry-standard defense. It's designed to protect end users against hack attacks that install malware on handsets. In an analysis published Monday, security researcher Jon Oberheide said Android version 4.1, aka Jelly Bean, is the first version of the Google-developed OS to properly implement a protection known as address space layout randomization. ASLR, as it's more often referred to, randomizes the memory locations for the library, stack, heap, and most other OS data structures. As a result, hackers who exploit memory corruption bugs that inevitably crop up in complex pieces of code are unable to know in advance where their malicious payloads will be loaded. When combined with a separate defense known as data execution prevention, ASLR can effectively neutralize such attacks. Although Android 4.0, aka Ice Cream Sandwich, was the first Android release to offer ASLR, the implementation was largely ineffective at mitigating real-world attacks. One of the chief reasons for the deficiency was Android's executable region, heap, libraries, and linker were loaded at the same locations each time. This made it significantly easier for attackers designing exploits to predict where in memory their malicious code can be located. "As long as there's anything that's not randomized, then it (ASLR) doesn't work, because as long as the attacker knows something is in the same spot, they can use that to break out of everything else," Charlie Miller, a veteran smartphone hacker and principal research consultant at security firm Accuvant, told Ars. "Jelly Bean is going to be the first version of Android that has full ASLR and DEP, so it's going to be pretty difficult to write exploits for that." Miller has spent the past seven years writing software exploits that can install malware on Macs, iPhones, and Android handsets when they do nothing more than browse a booby-trapped website. By contrast, Apple's competing iOS has offered fully implemented ASLR and DEP for the past 16 months. Not that Apple developers' track record of adding the protection has been perfect. The 2009 debut of OS X Snow Leopard also failed to randomize core parts of the OS. Those omissions were finally fixed with the later release of OS X Lion. Unlike its Android predecessors, Jelly Bean provides randomization for what's known as position-independent executables. That will make it significantly harder to use a technique known as return-oriented programming when exploiting buffer overflows and other memory-corruption vulnerabilities discovered in the mobile platform. Jelly Bean also provides defenses to prevent information leakage exploits that can lead to much more serious OS exploits. Android has yet to introduce code signing, a protection designed to prevent unauthorized applications from running on the device by requiring code loaded into memory to carry a valid digital signature before it can be executed. It has long been present in iOS. Sursa: Serial hacker says latest Android will be “pretty hard” to exploit | Ars Technica

[h=2]New 'Madi' cyber-espionage campaign targets Iran AND Israel[/h] Attackers 'fluent in Persian', say security sinkholers By John Leyden Security researchers have discovered a new cyber-espionage campaign targeting victims in the Middle East. Kaspersky Lab and Seculert identified more than 800 victims located in Iran, Israel, Afghanistan and elsewhere in the course of monitoring control servers associated with cyber/espionage operation over the last eight months. "Statistics from the sinkhole revealed that the victims were primarily business people working on Iranian and Israeli critical infrastructure projects, Israeli financial institutions, Middle Eastern engineering students, and various government agencies communicating in the Middle East," according to Seculert. The Madi malware associated with the electronic spying operation is far less sophisticated than the Flame, Duqu and Stuxnet worms associated with previously discovered spying operation in the Middle East, many of which have become associated with operations against Iran's controversial nuclear program. Leaked briefings from the Obama administration suggest both Flame and Stuxnet were joint US/Israeli operations Madi is a Trojan that allows remote attackers to swipe sensitive files from infected Windows computers, monitor email and instant messages exchanges, record audio, log keystrokes, and take screenshots of victims' activities. in all these respects the malware is similar in capabilities to banking Trojans. Common applications and websites that were spied on include accounts on Gmail, Hotmail, Yahoo! Mail, ICQ, Skype, Google+, and Facebook. Surveillance also tapped integrated ERP/CRM systems, business contracts, and financial management systems. Kaspersky Lab and Seculert worked together to sinkhole the Madi Command & Control (C&C) servers and thus monitor the spying operation, which they characterise as "amateurish and rudimentary" in execution. "While the malware and infrastructure is very basic compared to other similar projects, the Madi attackers have been able to conduct a sustained surveillance operation against high-profile victims," said Nicolas Brulez, a senior malware researcher at Kaspersky Lab. "Perhaps the amateurish and rudimentary approach helped the operation fly under the radar and evade detection." Aviv Raff, Chief Technology Officer, Seculert, added: "Interestingly, our joint analysis uncovered a lot of Persian strings littered throughout the malware and the C&C tools, which is unusual to see in malicious code. The attackers were no doubt fluent in this language." More on the Madi campaign can be found in a post on Seculert's blog (here) and from Kaspersky Lab here. ® Sursa: New 'Madi' cyber-espionage campaign targets Iran AND Israel • The Register

[h=1]Bug in Skype Lands Conversations in Wrong Windows[/h]By: Bogdan Botezatu IM provider Skype appears to have made a major privacy error yesterday, which may have unforeseen consequences for its users. According to multiple support requests on the Skype forums, instant message delivery has become impossible or, even worse, have been delivered to random Skype users. Image credit: Skype “Messages sent by one contact (2 lines out of a hundred or so) were sent to another contact of mine. These 2 contacts are not connected on Skype. The 2 IMs appeared to be sent by me, so the other contact asked me if I sent them by mistake,” wrote one customer on the Skype support forum. Skype has confirmed the existence of this bug in an official statement. It appears the glitch only occurs when the Skype application crashes while a session is established. This leads to the message sent just prior to the crash to be delivered to a random contact. “ This issue occurs only when a user’s Skype client crashes during a Skype IM session, which may in some cases result in the last IM entered or sent prior to the crash being delivered to a different IM contact after the Skype client is rebooted or logged in as a new user,“ Leonas Sendrauskas, Web QA engineer at Skype, said in a blog post. The company can’t estimate the number of affected customers, but, since the bug only manifests when the application crashes, the company believes few customers have been impacted. However, Skype is not only used by end-users, but is also a means of internal or external communication within companies, where data disclosure could have a different impact. Skype is currently preparing a hotfix to address the issue and advises its customers to update as soon as it becomes available. Sursa: Bug in Skype Lands Conversations in Wrong Windows | HOTforSecurity

[h=1]How Google is becoming an extension of your mind[/h]commentary Google could have us all headed for a mind-blowing future -- if the company can back away from targeted advertising and better help users manage their personal information. by Stephen Shankland July 16, 2012 12:00 AM PDT SAN FRANCISCO -- It's time to think of Google as much more than just a search engine, and that should both excite and spook you. Search remains critical to the company's financial and technological future, but Google also is using the search business' cash to transform itself into something much broader than just a place to point your browser when asking for directions on the Internet. What it's now becoming is an extension of your mind, an omnipresent digital assistant that figures out what you need and supplies it before you even realize you need it. Think of Google diagnosing your daughter's illness early based on where she's been, how alert she is, and her skin's temperature, then driving your car to school to bring her home while you're at work. Or Google translating an incomprehensible emergency announcement while you're riding a train in foreign country. Or Google steering your investment portfolio away from a Ponzi scheme. Google, in essence, becomes a part of you. Imagine Google playing a customized audio commentary based on what you look at while on a tourist trip and then sharing photo highlights with your friends as you go. Or Google taking over your car when it concludes based on your steering response time and blink rate that you're no longer fit to drive. Or your Google glasses automatically beaming audio and video to the police when you say a phrase that indicates you're being mugged. Exciting? I think so. But it's also, potentially, a profoundly creepy change. For a Google-augmented life, you must grant the Googlebot unprecedented privileges to monitor your personal information and behavior. What medicine do you take? What ads did you just glance at while walking by the bus stop? What's your credit card number? And as Google works to integrate social data into its services, you'll have to decide how much you'll share with your contacts' Google accounts -- and the best way to ask them to share their data with your Google account. Where your Google comfort zone ends It'll be foolhardy to be as cavalier with tomorrow's Google as you might be with it today. I think some of those sci-fi possibilities I just described could be real within three to five years, so now is a good time to start thinking about where your Google comfort zone ends. Me? I'm immersed in Google services, but I worry that handy new features will arrive in a steady stream of minor changes that are all but imperceptible until one day I wake up and realize that Google has access to everything that makes me who I am. Google Now says it needs access to my calendar? Sounds useful. My Android phone needs to turn on my phone's microphone so the Google Maps app can judge by ambient noise whether I'm indoors or outdoors? Well, that'll help me get through the airport faster. My glasses need to identify the faces of people in my company so Google can deduce who gets consigned to the Google Voice answering machine and who gets through to my phone even at 3 a.m.? Well, I sure don't want to have to set all that up manually. ARTICOL COMPLET: http://news.cnet.com/8301-1023_3-57470853-93/how-google-is-becoming-an-extension-of-your-mind/

[h=1]Microsoft Disables Windows Sidebar and Gadgets to Keep Users Safe[/h]By: Loredana Botezatu To avoid a possible security flaw, Microsoft made available a fix to disable Windows Sidebar and Gadgets in Windows Vista and Windows 7. The software company intends to keep its users protected in case they run insecure Gadgets that may trigger the execution of arbitrary code by the windows Sidebar and Gadgets. “An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user,” Microsoft points out in a security advisor published on July 10. “If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system.” This makes it clear that an attacker can do whatever he wants on the compromised system, such as install or uninstall programs, change, add or delete data, and, worse, generate new accounts endowed with full user privileges. It becomes clear that users who configured their accounts to have fewer user rights on the system will be safer than those “who operate with administrative user rights”. The Sidebar is an application on one side of the desktop screen to accommodate Gadgets – small applications that display user information such as favorite news feeds, clock or temperature. And should these Gadgets originate from unsafe sources, they can become a hazard to the system and the user. Sursa: Microsoft Disables Windows Sidebar and Gadgets to Keep Users Safe | HOTforSecurity

[h=2]Profiles in Linux: H. Peter Anvin [/h]Friday, 13 July 2012 07:40 Carla Schroder Every time you boot a CD or DVD, thank Peter Anvin for making it possible. And, as a key Linux contributor that's not all Peter has done in his long Linux career. . Peter Anvin is one of the "old geeks" of Linux, and has been a key contributor since 1992, specializing in low level hardware. Currently he is co-maintainer of the unified x86 Linux kernel tree. Peter has contributed to numerous Linux kernel subsystems, and is the author and/or maintainer of several Open Source projects, including the Syslinux boot loader suite, the Netwide Assembler (NASM), klibc, and tftp-hpa. He founded The Linux Kernel Organization, which maintains the kernel.org servers around the globe. Peter lives in San Jose, California, working for Intel's Open Source Technology Center. He has previously worked as an architect and technical director at Transmeta, working on CPU architecture and Code Morphing Software, at Orion Multisystems, designing personal supercomputers and at rPath, working on Linux software appliances. In his spare time, he enjoys hacking programmable logic, scuba diving, fuzzy bunnies, psychotic cats and historical reenactment. He is married to Dr. Suzi Anvin, and is the proud father of almost brand-new baby Erik. I always wonder how people end up doing what they do, and Peter was kind enough to answer a few nosy questions. You've been a key Linux contributor from the beginning, and have written and maintained key Linux subsystems that don't get attention like glamorous desktop environments. But they provide essential functionality that we take for granted. What are you working on now? Anvin: These days I work for Intel's Open Source Technology Center, and my job is to make sure Linux works great on the x86 architecture, and also to make sure the x86 architecture is great for Linux. I was into low-level bits and bytes x86 hacking long before Linux existed, and have always enjoyed working very close to the hardware-software boundary, so for me this is a very exciting place to be. I believe that the biggest weakness in Free Software is the lack of energy and resources being directed into developing and supporting open hardware. We're dead in the water without open hardware. Of course the barrier to entry is a lot higher than software; it's expensive and not something we can just sit down and type into existence. Do you have any ideas on how to improve this situation? Anvin: The real problem with "open hardware" is that it inherently means something different than the "open" in "Open Source". At the bottom there is always a piece of hyper-purified silicon that someone has meticulously modified to turn into millions or billions of transistors, and then soldered down with other components to a manufactured circuit board. None of that is generic; even with technologies like FPGAs (field-programmable gate array, programmable silicon chips) you have to have the physical FPGA manufactured, and you would be lucky to get one-tenth of the performance of the state of the art hard silicon technology. That being said, FPGA hacking is a lot of fun. On the other hand, look at how Linux originally appeared: a college student in Finland took an off-the-shelf commercial product and turned it into something completely different. This was not because the design itself was open, but because it was standards-based technology that could be repurposed. I don't even know what manufacturer made Linus' original PC, and it doesn't even matter -- the key was that it was built to the ISA specification which was the standard at the time; a lot of manufacturers did so and it helped push the prices way down. This is the essence of what separates a piece of hardware from a platform; the PC today is very different from the PC from 31 years ago, but there is a contiguous heritage carried forth by standards and compatibility. Peter dissecting an innocent LED table lamp at Lincon 2012. The most successful open hardware projects, like Arduino, seem to have been the ones that step into a niche not where there is nothing available, but rather there is a hopeless fragmentation problem (exactly how many microcontroller development boards are there out there?) Such a market is desperate for something to become the standard platform of choice, and being an "open hardware project" gives at least a perception that there might be additional longevity over the competition. Since this is largely a self-fulfilling prophecy the openness begets the platform. You and Suzi both have a lot of interests, and you've accomplished a lot in a short amount of time. How do you do everything you do, have you figured out a way to live without sleep? Anvin: I don't think it is as short of a time as you think... I got started on computers very very early. The platform I learned to program on was a Swedish Z80-based computer called the ABC80. It had a whopping 16 kilobytes of RAM; my current PC has 16 gigabytes. My family was at the time in a somewhat hard financial situation, which meant I never actually owned this machine; I borrowed access to it when I could. It also meant I spent a lot of time thinking about the design long before I sat at the computer; I ended up being the weird kid sitting on the playground writing programs in machine code on pieces of paper. Eventually I ended up writing an assembler since I couldn't afford buying one and there wasn't a free one for that platform. However, there is no question that we live very busy lives, and I often get to hear that I work way too much. A big key to making it work at all is the relative flexibility of the work environment in the modern technology industry -- elective telecommuting, flexible hours, IRC and so on; features which are pretty much necessary anyway if you are going to interact with a global development community on which the sun never sets. At the same time, it puts a big onus on the individual worker to find a sane balance with other life commitments. One important skill is to know when to let a project go. For example, autofs has now been maintained by Ian Kent for a long time, and Cyrill Gorcunov does much more work than I do on the Netwide Assembler these days, even if I am still in charge of that project. This can be very hard if there isn't an obvious person that you can trust to hand over to, however. This is sometimes worth thinking about when a project grows from a one-man-band to a real community. As the Linux world matures it is attracting a broader diversity of contributors and users. We need coders, designers, bugfixers, documentation writers, artists, musicians, distributors, community managers, marketers, OEMs -- it takes a large variety of skills and roles to get Linux out the door and to keep improving it. Many Linux contributors have children, but it seems that there is little energy directed towards drawing in children, and creating good child-oriented teaching tools. So where are the next generations of these essential contributors coming from? Anvin: I actually think that there are some excellent child-oriented teaching tools out there! Kids love things where they can see the impact they are having directly, so things like LEGO Mindstorms, Arduino, the Blockly programming language, and even Minecraft are certainly things that should attract children. Some of these may not be Open Source all the way down, but I'm not convinced that matters so much at that stage; what matters is that it can be programmed, and that it provides a platform for sharing. In the 1980s what made the early home computers approachable was the fact that they came with BASIC interpreters; they were horribly slow compared to assembly programming, but they lowered the barrier to accomplish something down to very little. I used Microsoft QuickBASIC for some trivial hacking projects well into the mid-1990s when I otherwise was using Linux and C. I could hammer out a quick hack complete with pretty graphics in half an hour. I think it's the only Microsoft product that I actually miss. Do you have any thoughts on what sort of technical education kids should be receiving in school? What skills do they need, how young should they start? Anvin: Kids need to learn to explore. I have always found that the big problem with most school-based technical education is that it is a single path from A to B; that doesn't give any opportunity for exploration, and without exploration you have no room for creativity. Imagine an art class where every project is paint-by-numbers! As for how young... I don't think there is a lower limit, and I definitely don't believe in protecting kids from things that are too "advanced" for them. The key is to find the spark of curiosity and let them run with it. Sursa: https://www.linux.com/news/software/linux-kernel/602693-profiles-in-linux-h-peter-anvin