Nytro

Da, daca e sa fim extrem de paranoici nu ne place, dar cred ca e mai in regula asa.

Pai sa vedem: Linux: ----- - ce este ELF - enumera 5 semnale ce se pot trimite unui proces - la ce feloseste initrd - ce face fork() - cum se compileaza un kernel - cum se incarca un modul de kernel - scrie o comanda iptables care sa blocheze conexiunile pe portul 1337 - la ce se foloseste sticky bit - ce stii despre procfs - exemple de grep, cut, sort si altele - ce face un sistem de jurnalizare al unei partitii - ce e serverul X, ce sunt Qt si Gtk - care sun run level-urile - ce contine /etc/passwd si ce contine /etc/shadow - cum redirectionezi output-ul unei comenzi - cate tipuri de fisiere UNIX cunosti - ce e un pipe si la ce se foloseste - cum schimbi MAC-ul pe Linux Windows: -------- - ce este VHD - ce este Windows Management instrumentation - ce stii despre Group Policy - cum blochezi pachetele ICMP din Windows Firewall - ce DLL-uri se incarca automat cu un program - ce zice Event Viewer-ul - ce API-uri Windows ai folosit - Ce e .NET CLR - la ce e util advapi32.dll - cum stergi o intrare in Registry fara regedit - ce sunt controalele ActiveX - cum functioneaza rootkit-urile - cum verifici o partitie de bad-uri pe harddisk - cum schimbi MAC-ul pe Windows Stiu, sunt intrebari stupide, dar cati stiti sa raspundeti la cea mai mare parte dintre ele? De la voi vreau argumente, cei care nu cunoasteti macar lucruri de baza despre aceste sisteme de operare, va rog sa va abtineti de la comentarii impoertinente.

[h=2]No More SSL Revocation Checking For Chrome[/h] Posted by timothy on Tuesday February 07, @11:35AM from the substitute-my-own dept. New submitter mwehle writes with this bit from Ars Technica: "Google's Chrome browser will stop relying on a decades-old method for ensuring secure sockets layer certificates are valid after one of the company's top engineers compared it to seat belts that break when they are needed most. The browser will stop querying CRL, or certificate revocation lists, and databases that rely on OCSP, or online certificate status protocol, Google researcher Adam Langley said in a blog post published on Sunday. He said the services, which browsers are supposed to query before trusting a credential for an SSL-protected address, don't make end users safer because Chrome and most other browsers establish the connection even when the services aren't able to ensure a certificate hasn't been tampered with." Sursa: No More SSL Revocation Checking For Chrome - Slashdot

[h=2]Adobe adds Flash sandboxing to Firefox[/h] Hackers bypass it in 3, 2… By Iain Thomson in San Francisco Posted in Security, 7th February 2012 01:29 GMT Adobe has released beta code for sandboxing its heavily hacked Flash code within Firefox, in a similar fashion to the Chrome security protections added to its Reader software and Google’s Chrome browser. “Sandboxing technology has proven very effective in protecting users by increasing the cost and complexity of authoring effective exploits,” said Peleus Uhley, senior security researcher for Adobe in a blog post. “For example, since its launch in November 2010, we have not seen a single successful exploit in the wild against Adobe Reader X. We hope to see similar results with the Flash Player sandbox for Firefox once the final version is released later this year.” Adobe used elements of the sandboxing technology Google had built into Chrome for its Reader code, after a string of attacks against the popular Flash platform. The technology was released on November 2010 – and promptly broken less than two months later by a Google engineer, although Adobe said this didn't count as it couldn't be done remotely. The code has also been added to Chrome, and Adobe promised other browsers would get similar protections. The code will work with Firefox 4.0 or later versions running on Windows 7 or Vista. More details will be given in Uhley’s talk at the CanSecWest security conference in Vancouver, British Columbia, early next month. Sursa: Adobe adds Flash sandboxing to Firefox • The Register

Da, nasol...

Din Bucuresti care veniti? Nu cred ca imi iau masca, imi primul rand pentru ca e folosita de cocalarii de Anonimusi pe care nu ii suport, apoi e 40+ RON si prefer sa mai pun ceva si sa iau o sticla de vodka.

Windows: - Nu am virusi - Nu imi merge greu - Nu imi da erori - E documentat pe MSDN - E piratat, deci gratuit Aduceti si voi argumente. De ce e mai bun Linux? Ce sistem de operare aveti? Si fara Ubuntu sau alte pule-n cur ca daca va intreb despre "Linux" nu o sa aveti habar.

Se muta la gunoi. Sa nu mai prind cu Havij si alte rahaturi. Nu sunteti in stare manual, gasiti-va alte cacaturi de facut.

Se muta la gunoi, trebuia sa postezi la RST Market daca vrei bani.

Ban si se muta la gunoi.

Topic de cacat, se muta la gunoi.

De ce postezi aici? Ban 2 zile si mutat la gunoi. PS: Nu inteleg cum ai tu de gand sa "hackuiesti" un act legislativ.

Bun, am citit si eu aberatiile. Club ShowOff ar trebui sa fie una dintre categoriile principale ale forumului. Problema e mentalitatea tuturor. Bine, ii excludem pe cei care vin cu rahaturi gasite cu Havij si le mutam topicurile la gunoi, dar daca sunt gasite manual, e ok. Bine, de cele mai multe nu exista factorul etic: "motivul", dar se gasesc si se exploateaza SQLI-uri. De ce doar SQLI? Pentru ca nimeni nu vrea sa isi largeasca orizonturile. Au invatat toti un UNION SELECT si gata, considera niste cunostinte pur DE BAZA ca "dovada suprema a hacking-ului". De asemenea, pe langa continutul primului post, exista factorul cel mai important: parerea celorlalti utilizatori. Acum, cum sa zic, nu inteleg de ce gasind un SQLI cu dork intr-un site de 2 lei, "atacatorul" asteapta lauda suprema si doreste sa fie pupat in cur de toata lumea si considerat zeul lor. Nu e prima oara cand vedem un cacat de SQLI, stim cu ce se mananca, chiar daca nu vedeti ca stam sa postam. Asadar, daca se iau in considerare: popularitatea site-ului cu pricina, motivul atacului si tehnica folosita, atunci da, e un post demn de respect. Dar cum se posteaza porcarii, nu va asteptati la laude. Categoria nu se va inchide, eu nu sunt de acord. Nici nu putem limita accesul, nu are rost. Oricine e liber sa posteze ce considera un ShowOff. Daca e de cacat, va fi mutat la gunoi, si de aceea ii inteleg pe cei care ii iau la misto pe cei care se asteapta la mult prea mult pentru o porcarie. Nu toti gasesc Blind SQLI intr-un cookie de pe un site important, avand si un motiv pentru asta, asadar sa nu ii privim de sus pe cei care posteaza, pentru ca si noi am inceput tot cu porcarii. RST Market nu stiu ce vreti sa fie, sunt multi oameni care au chestii de oferit sau doresc diverse servicii sau produse, contra-cost. Eu oricum nu am inteles aceasta categorie, pentru ca vad numai posturi cu root-uri, scannere si alte rahaturi inutile, dar acestea se cauta. Nu inteleg nici cu ce va incanta pe unii sa se inchida o anumita categorie. Nu va place ce e acolo, nu o vizitati. Dar pentru unii probabil chiar este utila, si poate scot ceva bani, desi sfatul meu ar fi sa lase cacaturile astea si sa puna mana pe "sapa", sa munceasca pentru ceva. Desigur, nu sunt de acord nici cu inchiderea acestei categorii, desi ar fi frumos daca cei care vand/cumpara tot felul de porcarii acolo ar evolua si ei la lucruri mai avansate, si ar constata cu stupoare ca daca invata putina programare, pot crea chiar ei acele scannere. Ce vreau sa subliniez e ca acea categorie e utila unor membri, iar daca unii nu vand sau nu cumpara nimic, nu stiu care ar putea fi problema lor.

Sa-mi faca si mie cineva un rezumat. Eu nu sunt de acord sa se inchida.

Si Java? Nici nu cred ca am instalat, iar daca am, oricum il am Disabled in Firefox.

Uhuuu, arata bine. Problema e acel UTF-8, ca nu cred ca e extrem de folosit

Hai sa formam un grup si sa mergem. Bine, daca sunt in oras...

Deci e o problema de Outlook sau de Browser? Ce vor sa zica, ca o sa ma infecteze fie ca folosesc Outlook, Thunderbird, Firefox sau Chrome?

[h=1]Fondatorii Pirate Bay, condamna?i la închisoare în Suedia[/h]01 februarie 2012 | 16:19 Aurelian Mihai Pirate Bay este unul dintre cele mai cunoscute ?i longevive website-uri dedicate g?zduirii ?i distribuirii de fi?iere torrent, devenit faimos pentru modul în care a reu?it s? evite toate ac?iunile legale demarate de-a lungul anilor, în care fondatorii s?i au fost acuza?i înc?rcarea legii drepturilor de autor prin facilitarea accesului la software piratat, filme noi preluate direct din s?lile de cinema ?i alte crea?ii protejate. Fondatorii Pirate Bay, condamna?i la închisoare în Suedia Din nefericire pentru milioanele de fani din lumea întreag?, aventura prin tribunalele suedeze la care au luat parte fondatorii s?i - Fredrik Neij, Peter Sunde ?i Carl Lundström, respectiv co-fondatorul Gottfrid Svartholm, pare s? se apropie de un deznod?mânt dureros dup? ce Curtea Suprem? a dat un r?spuns negativ ultimului apel înaintat de website. Dup? ce au fost condamna?i la închisoare în anul 2010 sub acuza?ia de facilitare a înc?lc?rii legii drepturilor de autor, cei trei fondatori au f?cut apel, ob?inând reducerea sentin?ei ini?iale de 1 an, la o perioad? cuprins? între 2 ?i 8 luni. Cei trei au contestat sentin?a cu un nou apel, la rândul s?u respins de Curtea Suprem? în cursul zilei de azi. Prin urmare, sentin?ele finale r?mân fixate la 12 luni pentru Gottfrid Svartholm, 10 luni pentru Fredrik Neij, 8 luni pentru Peter Sunde ?i 4 luni pentru Carl Lundström, la care se adaug? ?i o amend? de 6.8 milioane de dolari reprezentând costurile de judecat? ?i alte daune - sum? infim? dac? ne raport?m la veniturile lunare ob?inute de Pirate Bay din publicitate ?i dona?ii . Totu?i, exist? posibilitatea ca cei patru s? scape f?r? a isp??i m?car o singur? zi de închisoare, deoarece sistemul legal suedez permite comutarea sentin?elor mai mici de 12 luni la închisoare cu suspendare. Decizia ?ine îns? de bun?voin?a tribunalului suedez. În compara?ie cu atitudinea extrem de ostil? cu care este tratat fenomenul pirateriei online peste ocean, sentin?a dat? de tribunalul suedez este una blând?, ce las? s? se în?eleag? c? acesta nu este ultimul capitol în istoria Pirate Bay. Via: Engadget.com Sursa: Fondatorii Pirate Bay, condamna?i la închisoare în Suedia

[h=1]Leading Kernel Maintainer Greg Kroah-Hartman Joins The Linux Foundation[/h] By Linux_Foundation - January 31, 2012 - 10:45pm Kroah-Hartman joins distinguished group of Linux Foundation fellows, including Linus Torvalds, to advance the operating system SAN FRANCISCO, February 1, 2012 – The Linux Foundation, the nonprofit organization dedicated to accelerating the growth of Linux, today announced that Greg Kroah-Hartman is joining the organization as Fellow. Kroah-Hartman is among a distinguished group of software developers that maintain Linux at the kernel level. In his role as Linux Foundation Fellow, Kroah-Hartman will continue his work as the maintainer for the Linux stable kernel branch and a variety of subsystems while working in a fully neutral environment. He will also work more closely with Linux Foundation members, workgroups, Labs projects, and staff on key initiatives to advance Linux. The Linux Foundation Fellowship program provides financial support to software developers working on Linux and open source community projects. Under the auspices of this fund, The Linux Foundation works with users, vendors and developers to identify where and how additional work or resources could accelerate development efforts and spur the adoption of Linux and open source software. “The Linux Foundation does extremely valuable work, and I am proud to join the organization,” said Greg Kroah-Hartman. “I’m excited to continue my work on the Linux kernel alongside the best developers in the world and to increase collaboration among Linux Foundation members and kernel developers.” “Greg is among the world’s most talented software developers and is providing unmatched contributions to the advancement of Linux,” said Jim Zemlin, executive director at The Linux Foundation. “We’re looking forward to working even more closely with Greg and to allow him to expand his focus on the kernel.” Kroah-Hartman created and maintains the Linux Driver Project. He is also currently the maintainer for the Linux stable kernel branch and a variety of different subsystems that include USB, staging, driver core, tty, and sysfs, among others. Most recently, he was a Fellow at SUSE. Kroah-Hartman is an adviser to Oregon State University’s Open Source Lab, a member of The Linux Foundation's Technical Advisory Board, has delivered a variety of keynote addresses at developer and industry events, and has authored two books covering Linux device drivers and Linux kernel development. The Linux Foundation Fellows today include Till Kamppeter, Greg Kroah-Hartman, Janina Sajka, Richard Purdie and Linus Torvalds. Previous Fellows include Steve Hemminger, Andrew Morton, Andrew Tridgell and Ted Ts’o. For more information on Linux Foundation Fellows, please visit the Linux Foundation Fellowship website. About The Linux Foundation The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux. Founded in 2000, the organization sponsors the work of Linux creator Linus Torvalds and promotes, protects and advances the Linux operating system by marshaling the resources of its members and the open source development community. The Linux Foundation provides a neutral forum for collaboration and education by hosting Linux conferences, including LinuxCon, and generating original Linux research and content that advances the understanding of the Linux platform. Its web properties, including Linux.com, reach approximately two million people per month. The organization also provides extensive Linux training opportunities that feature the Linux kernel community’s leading experts as instructors. Follow The Linux Foundation on Twitter. ### Trademarks: The Linux Foundation, Linux Standard Base, MeeGo, Tizen and Yocto Project are trademarks of The Linux Foundation. Linux is a trademark of Linus Torvalds. Sursa: Leading Kernel Maintainer Greg Kroah-Hartman Joins The Linux Foundation | The Linux Foundation Vedeti si: Linux kernel chief exits SUSE, takes vendor-neutral oversight role

[h=1]Google, condamnata pentru abuz de pozitie dominanta de catre un tribunal francez fiindca serviciul Maps este gratuit si afecteaza concurenta[/h] de Vlad Barza HotNews.ro Miercuri, 1 februarie 2012, 17:52 Economie | IT Un tribunal comercial din Paris a condamnat Google pentru abuz de pozitie dominanta dupa ce o companie de servicii de cartografiere s-a plans ca serviciul Google Maps afecteaza concurenta din piata prin faptul ca este gratuit pentru majoritatea companiilor. Firma Bottin Cartographes spune ca decizia este una istorica si reprezinta o dovada ca practicile Google in domeniul hartilor sunt abuzive, informeaza AFP. Tribunalul a condamnat Google sa plateasca 500.000 euro daune companiei Bottin Cartographes plus o amenda de 15.000 euro. Google spune ca va face apel si adauga ca o aplicatie gratuita si de foarte buna calitate este benefica pentru toti internautii si pentru proprietarii de site-uri. Cei de la Google mai spun ca in domeniu exista o concurenta reala. Cei de la Bottin se arata entuziasmati ca "dupa o batalie de doi ani" s-a luat "o decizie fara precedent" de condamnare atat a Google Inc, cat si a Google France. Ei mai spun ca tribunalul a constatat ca practicile Google in domeniul hartilor online sunt abuzive si pun piedici concurentei. Compania Bottin furnizeaza servicii asemanatoare cu cele din Google Maps, insa contra-cost. Sursa: Google, condamnata pentru abuz de pozitie dominanta de catre un tribunal francez fiindca serviciul Maps este gratuit si afecteaza concurenta - IT - HotNews.ro Francezii astia sunt penibili...

Ba, am auzit ca l-au arestat pe Tinkode

Understanding the bin, sbin, usr/bin , usr/sbin split Rob Landley rob at landley.net Thu Dec 9 15:45:39 UTC 2010 On Tuesday 30 November 2010 15:58:00 David Collier wrote: > I see that busybox spreads it's links over these 4 directories. > > Is there a simple rule which decides which directory each link lives > in..... > > For instance I see kill is in /bin and killall in /usr/bin.... I don't > have a grip on what might be the logic for that. You know how Ken Thompson and Dennis Ritchie created Unix on a PDP-7 in 1969? Well around 1971 they upgraded to a PDP-11 with a pair of RK05 disk packs (1.5 megabytes each) for storage. When the operating system grew too big to fit on the first RK05 disk pack (their root filesystem) they let it leak into the second one, which is where all the user home directories lived (which is why the mount was called /usr). They replicated all the OS directories under there (/bin, /sbin, /lib, /tmp...) and wrote files to those new directories because their original disk was out of space. When they got a third disk, they mounted it on /home and relocated all the user directories to there so the OS could consume all the space on both disks and grow to THREE WHOLE MEGABYTES (ooooh!). Of course they made rules about "when the system first boots, it has to come up enough to be able to mount the second disk on /usr, so don't put things like the mount command /usr/bin or we'll have a chicken and egg problem bringing the system up." Fairly straightforward. Also fairly specific to v6 unix of 35 years ago. The /bin vs /usr/bin split (and all the others) is an artifact of this, a 1970's implementation detail that got carried forward for decades by bureaucrats who never question _why_ they're doing things. It stopped making any sense before Linux was ever invented, for multiple reasons: 1) Early system bringup is the provice of initrd and initramfs, which deals with the "this file is needed before that file" issues. We've already _got_ a temporary system that boots the main system. 2) shared libraries (introduced by the Berkeley guys) prevent you from independently upgrading the /lib and /usr/bin parts. They two partitions have to _match_ or they won't work. This wasn't the case in 1974, back then they had a certain level of independence because everything was statically linked. 3) Cheap retail hard drives passed the 100 megabyte mark around 1990, and partition resizing software showed up somewhere around there (partition magic 3.0 shipped in 1997). Of course once the split existed, some people made other rules to justify it. Root was for the OS stuff you got from upstream and /usr was for your site- local files. Then / was for the stuff you got from AT&T and /usr was for the stuff that your distro like IBM AIX or Dec Ultrix or SGI Irix added to it, and /usr/local was for your specific installation's files. Then somebody decided /usr/local wasn't a good place to install new packages, so let's add /opt! I'm still waiting for /opt/local to show up... Of course given 30 years to fester, this split made some interesting distro- specific rules show up and go away again, such as "/tmp is cleared between reboots but /usr/tmp isn't". (Of course on Ubuntu /usr/tmp doesn't exist and on Gentoo /usr/tmp is a symlink to /var/tmp which now has the "not cleared between reboots" rule. Yes all this predated tmpfs. It has to do with read- only root filesystems, /usr is always going to be read only in that case and /var is where your writable space is, / is _mostly_ read only except for bits of /etc which they tried to move to /var but really symlinking /etc to /var/etc happens more often than not...) Standards bureaucracies like the Linux Foundation (which consumed the Free Standards Group in its' ever-growing accretion disk years ago) happily document and add to this sort of complexity without ever trying to understand why it was there in the first place. 'Ken and Dennis leaked their OS into the equivalent of home because an RK05 disk pack on the PDP-11 was too small" goes whoosh over their heads. I'm pretty sure the busybox install just puts binaries wherever other versions of those binaries have historically gone. There's no actual REASON for any of it anymore. Personally, I symlink /bin /sbin and /lib to their /usr equivalents on systems I put together. Embedded guys try to understand and simplify... Rob -- GPLv3: as worthy a successor as The Phantom Menace, as timely as Duke Nukem Forever, and as welcome as New Coke. Sursa: http://lists.busybox.net/pipermail/busybox/2010-December/074114.html

[h=1]Online Hacking/Programming Challenges[/h] Just a short list. Please let me know of ones I am missing: HAX.TOR :: Hacking Challenges - Free Shell Account - Security TryThis0ne - Hacking Challenges! Hack This Site! NetWars - Cyber Hacking Challenge http://intruded.net/ OverTheWire - Wargames https://cybersecuritychallenge.org.uk/index.php HackQuest :: Learn about Hacking, Cracking, JavaScript, PHP, Cryptology and Password security http://www.try2hack.nl/ https://www.hacking-lab.com/ Offensive Security Online Security Training Challenge <Code/Racer> - Battle it out and learn the code... Brought to you by Treehouse SmashTheStack Wargaming Network The Python Challenge Sursa:

[h=1]FBI Says Social Media-Sniffing App Will Protect Privacy[/h] By Damon Poeter January 30, 2012 05:45pm EST The Federal Bureau of Investigation said Monday that a social media monitoring application it is seeking to develop will be vetted to ensure it protects the privacy of individuals and protected groups before being used. The FBI's Strategic Information and Operations Center (SIOC) made waves last week with a FedBizOpps.gov post requesting information about the potential for building an app capable of sniffing through online media sites and social networks to look for emerging threats around the world. Absent any context, the ad led to speculation that the feds are ginning up a "Big Brother"-type operation to snoop on users of Facebook, Twitter, and other popular social media platforms frequented by hundreds of millions of people around the globe. But if such an application is developed and used by the FBI, the agency's Privacy and Civil Liberties Unit "will review the legal implications of the application and ensure that we meet all privacy requirements prior to the application being implemented," an FBI spokesperson told PCMag.com. "The intent is to view publicly available open-source, non-private social data that is readily available on the open Internet," Special Agent Ann Todd of the FBI's Office of Public Affairs said. "The application will not focus on specific persons or protected groups, but on words that relate to 'events' and 'crisis,' and activities constituting violations of federal criminal law or threats to national security. Examples of these words will include 'lockdown,' 'bomb,' 'suspicious package,' 'white powder,' 'active shoot,' 'school lock down,' etc." Todd also reiterated that the Jan. 19 post on FedBizOpps.gov was a request for information (RFI) only. The FBI sought "to determine the capabilities of the IT industry to provide an open-source and social media application," she said, adding that "[t]he RFI was issued for market research and planning purposes only ... t was not intended to solicit proposals and no submissions will be accepted as official offers for contract." Sursa: FBI Says Social Media-Sniffing App Will Protect Privacy | News & Opinion | PCMag.com