Nytro

Da ionutcristea, un exemplu bun pentru tinerii de azi care traiesc pe banii parintilor. Si ca tot suntem pe un forum de IT, e "pa trend" ca toti studentii de la info sa se astepte la salarii de miliarde fara sa munceasca nimic. Nu e asa, viata nu e chiar asa usoara nici in IT. Puneti mana si invatati, exista atatea carti si tutoriale care asteapta sa fie citite, va pierdeti atat de mult timp cu seriale de cacat si nu va ganditi la viitorul vostru. Ar fi pacat sa ajungeti cu picioarele pe pamand cand va fi prea tarziu.

In primul rand alege ce iti place, chiar daca e ceva mai putin platit, e important. Nu vrei sa te chinui toata viata cu ceva ce nu iti place sa faci nu? Apoi, nu te astepta la sute de milioane din Internship-uri. Mai mult de 15 milioane nu cred ca ai cum sa ei, eu stiu pe cineva care a fost in Internship la Adobe, baiat destept, si lua 14 milioane, cam asa. Apoi, Java si C# sunt doua domenii total diferite, desi limbajele sunt practic inrudite. In Java cred ca ai lucra ceva mai low-level, in C# probabil trebuie sa cunosti bine .NET-ul, iar domeniile de aplicabilitate sunt total diferite. Java, nu numai ca e cross-platform si se poate executa pe Linux, ideea din spate este ca poate rula pe platformele mobile. Iar C# e pentru aplicatii mai comerciale, care doresc a fi facute mai rapid, dar cu un consum de resurse mai mare. La fel, administrator de sistem poate insemna doua lucruri: administrator Linux si administrator Windows. Pe parte de Linux, trebuie sa stii la perfectie Linux, protocoale de retea si multe altele. Pe partea de Windows trebuie sa cunosti serviciile Microsoft, gen Sharepoint, sau Exchange Server. Legat de castig, poti castiga bine sau prost in ambele, depinde cat de bine o duce firma la care te angajezi. Munca de sysadmin poate sa fie mai lejera, dar poti fi sunat la 3 noaptea in caz ca "x a spart un site" si sa fi nevoie sa repari problema. Nu cred ca exista pe aici persoane care sa iti descrie ambele posturi, depinde mult de la firma la firma cat de mult trebuie sa muncesti, ce beneficii si salariu ai.

Zicem noi de ACTA, dar de cativa ani, Google tot incearca sa monopolizeze Internet-ul, sa obtina cat mai multe informatii despre utilizatori si sa aiba un cat mai mare control asupra lor. Muie Google.

Deci cine vine maine in Bucuresti?

[h=1]Microsoft to issue more critical patches next week for Win7 than XP[/h] By Gregg Keizer February 9, 2012 05:27 PM ET Computerworld - Microsoft today said it would deliver nine security updates next week, four of them critical, to patch 21 vulnerabilities in Windows, Internet Explorer (IE), Office, .Net and Silverlight. This year's February Patch Tuesday will feature three fewer updates and one less patch than 2011's. Four of the nine updates were tagged "critical," the highest threat ranking in Microsoft's four-step system, while the other five were marked "important," the second-level rating. All of the critical updates and two of those pegged important will patch bugs that Microsoft admitted could be exploited by attackers to hijack computers and plant malware on PCs. One interesting thing in today's advance notification, said Andrew Storms, director of security operations at nCircle Security, was the impact on Windows Server 2008 R2, Microsoft's newest server operating system. "Seven Windows- and IE-related bulletins are applicable to Server 2008 R2, but Windows XP [32-bit] has only four. It's another lopsided month," said Storms, referring to past Microsoft claims that older software receive more security updates than newer titles. That upside-down pattern has been prevalent lately. "If it keeps up, pretty soon 'lopsided' won't be lopsided," Storms said in an interview. Another sign is the difference in the number of bulletins that affect Windows XP and Windows 7: One critical update is not applicable to the 10-year-old Windows XP, but does affect both 2007's Windows Vista and 2009's Windows 7. Storms and several other security experts who weighed in via email unanimously pointed to the IE update as the one users will want to deploy first. Microsoft patches its browser every other month. "Last month, we saw how quickly attackers are incorporating browser-based attacks into their toolkits," Wolfgang Kandek, chief technology officer of Qualys, said in an email today. "An exploit for MS12-004 was detected a mere 15 days after Patch Tuesday." MS12-004 was issued Jan. 10 to quash a pair of bugs in Windows Media Player that could be exploited using "drive-by" attacks triggered when users simply browse to a malicious site. Two weeks later, antivirus firm Trend Micro said browser-based attacks leveraging a Media Player bug were already circulating. Marcus Carey, a security researcher at Rapid7, agreed with Kandek. "We're seeing a great many browser patches from Microsoft these days because researchers and attackers have realized that browser exploits have the most potential for harm and are currently the best attack surface," Carey said. Next Tuesday's IE update will address one or more vulnerabilities in all versions of the browser, from the decade-old IE6 to last year's IE9. Storms pointed out that IE6's update is graded as "moderate," third on Microsoft's scale, while the newer browsers' patches will be pegged critical or important, depending on the version and operating system. "The conclusion we can draw is that while IE6 is still vulnerable, [the bug] may be harder to get at than the other versions," said Storms. "But they'll patch it anyway." Other updates will tackle vulnerabilities in Visio 2010, a diagramming application that's part of the Office family; SharePoint Server 2010; and the .Net and Silverlight frameworks, which are used by developers to craft applications and websites. None of the updates scheduled to ship next week appear to be connected to an unsolved security advisory, Storms said. Microsoft will release the nine updates at approximately 1 p.m. ET on Feb. 14. "That's Valentine's Day," noted Storms. "I can bet that some will be using it as an excuse that they forgot." Unless Microsoft issues a surprise security update after next Tuesday -- unlikely, as it shipped just one "out-of-band" patch in all of 2011 -- next week's batch will be the last from the company before its Windows 7 and Internet Explorer 9 face exploits at this year's Pwn2Own hacking contest, which will kick off March 7 and wrap up two days later. Sursa: Microsoft to issue more critical patches next week for Win7 than XP - Computerworld

In limba romana vazusem ceva, dar sunt multe carti si scumpe (daca le iei pe toate). Si mai era o carte, dar era mai veche si nu foarte utila. Eu incepusem "Visual C# - Step by step.pdf": Visual C# - Step by step.pdf - Speedy Share - upload your files here E cam "lame" la inceput, dar inveti multe chestii utile.

- C++ manual complet, Herbert Schild - Totul despre C si C++, Kris Jamsa - C++ pentru incepatori, vol I si II, Liviu Negrescu Bine, nu imi aduc aminte exact numele si autorii, dar sunt pe aproape.

Vezi Developer Tools din Internet Explorer, Tab-ul Script, dai Start Debugging. Ar trebui sa fie util.

Da, nici eu nu am idee, verifica daca acele imagini exista.

Aveti toti warn ca sa va linistiti.

Vad doar un link cu o eroare, SQL Injection inseamna sa extragi date. Nu vad date. Se muta la gunoi.

Haideti totusi sa nu decadem atat de mult incat sa numim ghicirea unei parole "Hacking" si metoda sa fie "Social engineering", este penibil si trist...

Acum cativa ani imi doream sa devin hacker. Acum, nu imi mai doresc asta, mass-media mi-a daramat visele.

Spam aici? Ban: larisuka_alecs@yahoo.com

L-a descarcat cineva? Nu ma pot conecta la thepiratebay, si ceva suspect, Mozilla zicea ca nu se poate conecta la "127.0.0.1". Si nu am antivirus, si nici ceva in hosts. Puteti lua torrent-ul?

Pentru cei care folosesc o singura baza de date MySQL, care e pe acelasi server, da, nu e aplicabil. Dar pentru cei cu baze de date distribuite? Pentru cei care au trafic, nu muritorii de rand, si un server nu e de ajuns pentru toate?

Nu e acelasi lucru.

Nice shit! Bine gandita.

Semnul fiarei? Sfinte cacat...

Da, daca e sa fim extrem de paranoici nu ne place, dar cred ca e mai in regula asa.

Pai sa vedem: Linux: ----- - ce este ELF - enumera 5 semnale ce se pot trimite unui proces - la ce feloseste initrd - ce face fork() - cum se compileaza un kernel - cum se incarca un modul de kernel - scrie o comanda iptables care sa blocheze conexiunile pe portul 1337 - la ce se foloseste sticky bit - ce stii despre procfs - exemple de grep, cut, sort si altele - ce face un sistem de jurnalizare al unei partitii - ce e serverul X, ce sunt Qt si Gtk - care sun run level-urile - ce contine /etc/passwd si ce contine /etc/shadow - cum redirectionezi output-ul unei comenzi - cate tipuri de fisiere UNIX cunosti - ce e un pipe si la ce se foloseste - cum schimbi MAC-ul pe Linux Windows: -------- - ce este VHD - ce este Windows Management instrumentation - ce stii despre Group Policy - cum blochezi pachetele ICMP din Windows Firewall - ce DLL-uri se incarca automat cu un program - ce zice Event Viewer-ul - ce API-uri Windows ai folosit - Ce e .NET CLR - la ce e util advapi32.dll - cum stergi o intrare in Registry fara regedit - ce sunt controalele ActiveX - cum functioneaza rootkit-urile - cum verifici o partitie de bad-uri pe harddisk - cum schimbi MAC-ul pe Windows Stiu, sunt intrebari stupide, dar cati stiti sa raspundeti la cea mai mare parte dintre ele? De la voi vreau argumente, cei care nu cunoasteti macar lucruri de baza despre aceste sisteme de operare, va rog sa va abtineti de la comentarii impoertinente.

[h=2]No More SSL Revocation Checking For Chrome[/h] Posted by timothy on Tuesday February 07, @11:35AM from the substitute-my-own dept. New submitter mwehle writes with this bit from Ars Technica: "Google's Chrome browser will stop relying on a decades-old method for ensuring secure sockets layer certificates are valid after one of the company's top engineers compared it to seat belts that break when they are needed most. The browser will stop querying CRL, or certificate revocation lists, and databases that rely on OCSP, or online certificate status protocol, Google researcher Adam Langley said in a blog post published on Sunday. He said the services, which browsers are supposed to query before trusting a credential for an SSL-protected address, don't make end users safer because Chrome and most other browsers establish the connection even when the services aren't able to ensure a certificate hasn't been tampered with." Sursa: No More SSL Revocation Checking For Chrome - Slashdot

[h=2]Adobe adds Flash sandboxing to Firefox[/h] Hackers bypass it in 3, 2… By Iain Thomson in San Francisco Posted in Security, 7th February 2012 01:29 GMT Adobe has released beta code for sandboxing its heavily hacked Flash code within Firefox, in a similar fashion to the Chrome security protections added to its Reader software and Google’s Chrome browser. “Sandboxing technology has proven very effective in protecting users by increasing the cost and complexity of authoring effective exploits,” said Peleus Uhley, senior security researcher for Adobe in a blog post. “For example, since its launch in November 2010, we have not seen a single successful exploit in the wild against Adobe Reader X. We hope to see similar results with the Flash Player sandbox for Firefox once the final version is released later this year.” Adobe used elements of the sandboxing technology Google had built into Chrome for its Reader code, after a string of attacks against the popular Flash platform. The technology was released on November 2010 – and promptly broken less than two months later by a Google engineer, although Adobe said this didn't count as it couldn't be done remotely. The code has also been added to Chrome, and Adobe promised other browsers would get similar protections. The code will work with Firefox 4.0 or later versions running on Windows 7 or Vista. More details will be given in Uhley’s talk at the CanSecWest security conference in Vancouver, British Columbia, early next month. Sursa: Adobe adds Flash sandboxing to Firefox • The Register

Da, nasol...

Din Bucuresti care veniti? Nu cred ca imi iau masca, imi primul rand pentru ca e folosita de cocalarii de Anonimusi pe care nu ii suport, apoi e 40+ RON si prefer sa mai pun ceva si sa iau o sticla de vodka.