Jump to content

Nytro

Administrators
 View Profile  See their activity

  • Posts

    18715

  • Joined

  • Last visited

  • Days Won

    701

 Content Type 

Everything posted by Nytro

  1. Nytro
    Understand heap structure Author: Senator of Pirates (zhani khalil)
  2. Nytro
    Da, ar trebui sa mai dau niste banuri pe aici, s-au strans o gramada puradei ratati...
  3. Nytro
    Pound Reverse HTTP Proxy 2.6 Authored by roseg | Site apsis.ch Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests. Changes: Support for SNI via multiple Cert directives. A pre-defined number of threads for better performance on small hardware. Translation of hexadecimal characters in the URL for pattern matching. Support for a "Disabled" directive in the configuration. More detailed error logging. Allows multiple AddHeader directives. Download: http://packetstormsecurity.org/files/download/108220/Pound-2.6.tgz Sursa: Pound Reverse HTTP Proxy 2.6 ? Packet Storm
  4. Nytro
    What to Look for in PHP 5.4.0 PHP 5.4.0 will arrive soon. The PHP team is working to bring to some very nice presents to PHP developers. In the previous release of 5.3.0 they had added a few language changes. This version is no different. Some of the other changes include the ability to use DTrace for watching PHP apps in BSD variants (there is a loadable kernel module for Linux folks). This release features many speed and security improvements along with some phasing out of older language features (Y2K compliance is no longer optional). The mysql extensions for ext/mysql, mysqli, and pdo now use the MySql native driver (mysqlnd). This release also improves support for multibyte strings. Built-in Development Server In the past, newcomers to PHP needed to set up a server. There was no built in server like a few other languages/web frameworks already had. If developing on *nix, a server needed to be set up with the right modules and the the files to test needed to be copied over to the document root. Now, you can just run PHP with some options to get a server: $ php -S localhost:1337 It runs in the current directory, using index.php or index.html as the default file to serve. A different document root can be specified as either an absolute or relative path: $ php -S localhost:1337 -t /path/to/docroot The server will log requests directly to the console. Interestingly, this server will not serve your static files unless your script returns false. Existing frameworks will need to be modified to add in functionality that is commonly in rewrite rules. This is really all that is needed: // If we're using the built-in server, route resources if (php_sapi_name() == 'cli-server') { /* * If the request is for one of these image types, return false. * It will serve up the requested file. */ if (preg_match('/\.(?:png|jpg|jpeg|gif)$/', $_SERVER["REQUEST_URI"])) return false; } // Process the rest of your script One of the inconveniences of the server is lack of support for SSL. Granted, it is meant for development purposes only. However, some projects I’ve worked on required testing with SSL. Perhaps there will be demand for this once it’s out there. An Overview of Traits Traits are bits of code that other objects can use. Traits allow composing objects and they promote code reuse. The Self programming language, one of the precursors to the JavaScript language, introduced them. JavaScript, strangely, does not directly implement traits; instead it allows one to extend objects directly with other objects. In PHP (and other languages), traits cannot be instantiated, only used to compose other objects. Traits do not imply inheritance, they just add methods to classes. They can be used with inheritance and interfaces. Traits could be used as standard implementations of interfaces, then one could easily compose classes that comply with certain interfaces. Here is an example, demonstrating a simple use of traits: name().", run!\n"; } // Gets the name of the runner // Must be implemented by the class using the trait. abstract public function name(); } /** * Define a class that uses the runner trait */ class runningPerson { // Use the runner trait use runner; // Used to store the person's name protected $name; // Constructor, assigns a name to the person public function __construct($name) { $this->name = $name; } // Retrieves the name of the person, required by runner trait public function name() { return $this->name; } } $gump = new runningPerson("Forrest"); $gump->run(); When a class implements a method that is also defined in a trait it uses, the method in the trait takes precedence and overrides the class method. If two traits implement the same method, the conflict needs to be resolved using the insteadof keyword, or given a new signature (only visibility and name can be changed) using the as keyword. <?php /** * Define traits with conflicting function names */ trait A { public function do_something(){ echo "In A::do_something():\n"; for($i = 0; $i do_something(); $testB->do_something(); $testB->something_else(); More examples reside at the current PHP documentation for traits. If that documentation is lacking in substance, Wikipedia’s article on traits links to plenty of background info. Changes to Anonymous Functions In PHP 5.3.x, working with anonymous functions needed a work around when stored in an array. The function needed to be stored in a temporary variable before it could be called. For instance: $functions = array(); // assign an anonymous function to an array element $functions['anonymous'] = function () { echo "Hello, the parser needs to make up a name for me...\n"; }; // to call it you had to do this: $temp = $functions['anonymous']; $temp(); Now, anonymous functions stored in an array can be called directly without first storing them in a temporary variable: // assume $functions[] is still around. $functions['anonymous'](); Closures in Classes Closures defined inside of a class are automatically early bound to the $this variable. If a class method returns a closure, it retains access to the original class that defined it (along with all the public member properties and methods) no matter where it is passed. If assigned to a member property and called as a method, PHP issues a warning if it was called directly. If called as a local variable or by calling the Closure::__invoke() method (which it inherits), PHP issues no warning. value = $value; } public function getValue() { return $this->value; } public function getCallback() { return function() { return $this->getValue(); }; } } /** * Create a class that calls a closure. */ class ClosureCaller { private $callback; public function setCallback($callback) { $this->callback = $callback; } public function doSomething() { // Since this is a member variable, call Closure::__invoke(). echo $this->callback->__invoke() . "\n"; } } // Set up a class to generate closures that reference itself $test = new ClosureTest(); $test->setValue(42); $closure = $test->getCallback(); echo $closure() . "\n"; // Test calling a closure from another class $testCaller = new ClosureCaller(); $testCaller->setCallback($test->getCallback()); $testCaller->doSomething(); Closures allow changing what object scope $this is bound to by calling the bindTo() method and passing in the new object to use as $this. Currently, no consensus exists around letting closures bound to an object access the private and protected methods of that class. Additionally, PHP still needs to iron out the details around binding closures to static classes. One can find more details about closures, $this, and Closure::bindTo() at https://wiki.php.net/rfc/closures/object-extension Outlook There are a lot of established projects that may not immediately start taking advantage of these features, unless the community sees an obvious benefit to drastically changing their projects. When PHP 5.3.0 was released with namespace support and anonymous functions, new frameworks sprung up like Laravel (anonymous functions), FLOW3 (namespaces), Lithium (namespaces), and Symfony2 (namespaces). After PHP 5.4.0 is released, I’m sure new frameworks (or new versions, like Symfony2 vs. Symfony) will spring up around using traits to compose functionality and using the new $this functionality in closures defined in classes. The built in server definitely has some potential for making it easier for developers to debug their apps. It’s just a matter of time before frameworks start taking advantage of it. Reference PHP 5.4.0 Release Candidate 2 News Sursa: What to Look for in PHP 5.4.0
  5. Nytro
    [h=1]Stuxnet weapon has at least 4 cousins: researchers[/h] By Jim Finkle Wed Dec 28, 2011 6:46pm EST (Reuters) - The Stuxnet virus that last year damaged Iran's nuclear program was likely one of at least five cyber weapons developed on a single platform whose roots trace back to 2007, according to new research from Russian computer security firm Kaspersky Lab. Security experts widely believe that the United States and Israel were behind Stuxnet, though the two nations have officially declined to comment on the matter. A Pentagon spokesman on Wednesday declined comment on Kaspersky's research, which did not address who was behind Stuxnet. Stuxnet has already been linked to another virus, the Duqu data-stealing trojan, but Kaspersky's research suggests the cyber weapons program that targeted Iran may be far more sophisticated than previously known. Kaspersky's director of global research & analysis, Costin Raiu, told Reuters on Wednesday that his team has gathered evidence that shows the same platform that was used to build Stuxnet and Duqu was also used to create at least three other pieces of malware. Raiu said the platform is comprised of a group of compatible software modules designed to fit together, each with different functions. Its developers can build new cyber weapons by simply adding and removing modules. "It's like a Lego set. You can assemble the components into anything: a robot or a house or a tank," he said. Kaspersky named the platform "Tilded" because many of the files in Duqu and Stuxnet have names beginning with the tilde symbol "~" and the letter "d." Researchers with Kaspersky have not found any new types of malware built on the Tilded platform, Raiu said, but they are fairly certain that they exist because shared components of Stuxnet and Duqu appear to be searching for their kin. When a machine becomes infected with Duqu or Stuxnet, the shared components on the platform search for two unique registry keys on the PC linked to Duqu and Stuxnet that are then used to load the main piece of malware onto the computer, he said. Kaspersky recently discovered new shared components that search for at least three other unique registry keys, which suggests that the developers of Stuxnet and Duqu also built at least three other pieces of malware using the same platform, he added. Those modules handle tasks including delivering the malware to a PC, installing it, communicating with its operators, stealing data and replicating itself. Makers of anti-virus software including Kaspersky, U.S. firm Symantec Corp and Japan's Trend Micro Inc have already incorporated technology into their products to protect computers from getting infected with Stuxnet and Duqu. Yet it would be relatively easy for the developers of those highly sophisticated viruses to create other weapons that can evade detection by those anti-virus programs by the modules in the Tilded platform, he said. Kaspersky believes that Tilded traces back to at least 2007 because specific code installed by Duqu was compiled from a device running a Windows operating system on August 31, 2007. (Reporting By Jim Finkle; Editing by Phil Berlowitz) Sursa: Stuxnet weapon has at least 4 cousins: researchers | Reuters
  6. Nytro
    [h=2]Web Application Vulnerability Scanner Evaluation[/h] A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners. Important Update: auto-installer must be used - load war in tomcat, access URL "/wavsep/wavsep-install/install.jsp", and follow instructions. [h=3]Previous benchmarks performed using the platform:[/h] 2011 Comparison of 60 commercial & open source scanners 2010 Comparison of 42 open source scanners Additional information can be found in the developer's blog: Security Tools Benchmarking PDF files with detailed feature comparison are now hosted in the following web site: sectooladdict-benchmarks - A collection of benchmarks from the security tools benchmarking blog - Google Project Hosting [h=3]Project WAVSEP currently includes the following test cases:[/h] Vulnerabilities: Reflected XSS: 66 test cases, implemented in 64 jsp pages (GET & POST) Error Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST) Blind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST) Time Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST) Passive Information Disclosure/Session Vulnerabilities (inspired/imported from ZAP-WAVE): 3 test cases of erroneous information leakage, and 2 cases of improper authentication / information disclosure - implemented in 5 jsp pages Experimental Tase Cases (inspired/imported from ZAP-WAVE): 9 additional RXSS test cases (anticsrf tokens, secret input vectors, tag signatures, etc), and 2 additional SQLi test cases (INSERT) - implemented in 11 jsp pages (GET & POST) False Positives: 7 different categories of false positive Reflected XSS vulnerabilities (GET & POST ) 10 different categories of false positive SQL Injection vulnerabilities (GET & POST) Additional Features: A simple web interface for accessing the vulnerable pages An auto-installer for the mysql database schema (/wavsep-install/install.jsp) Sample detection & exploitation payloads for each and every test case Database connection pool support, ensuring the consistency of scanning results [h=3]Usage[/h] Although some of the test cases are vulnerable to additional exposures, the purpose of each test case is to evaluate the detection accuracy of one type of exposure, and thus, “out of scope” exposures should be ignored when evaluating the accuracy of vulnerability scanners. [h=3]Installation[/h] (@) Use a JRE/JDK that was installed using an offline installation (the online installation caused unknown bugs for some users). (1) Download & install Apache Tomcat 6.x (2) Download & install MySQL Community Server 5.5.x (Remember to enable remote root access if not in the same station as wavsep, and to choose a root password that you remember). (3) Copy the wavsep.war file into the tomcat webapps directory (Usually "C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps" - Windows 32/64 Installer) (4) Restart the application server (5) Initiate the install script at: http://localhost:8080/wavsep/wavsep-install/install.jsp (6) Provide the database host, port and root credentials to the installation script, in additional to customizable wavsep database user credentials. (7) Access the application at: http://localhost:8080/wavsep/ [h=3]Troubleshooting Installation Issues[/h] [TABLE=width: 100%] [TR=class: pscontent] [TD=class: psdescription] As of version v1.1.1, several installation related issues were fixed (encoding / other). Make sure the JRE/JDK was installed using an offline installer. Make sure the tomcat server was installed after the offline JRE/JDK installation. Make sure that the mysql server was installed with remote root connection enabled, and with a firewall rule exception (options in the mysql installer). If previous versions of wavsep v1.1.0+ were installed, it's best to delete the "db" folder which was created after the previous installation under the tomcat root directory - prior to installing the new version (the installation should work even without this deletion, as long as sql-related pages were not accessed in the current tomcat execution). If the previous derby database was not deleted prior to the installation for whatever reason, do not access any sql-related existing pages before accessing the schema installation page. On windows 7, it might be necessary to run the tomcat server as an administrator permissions (rare scenario) [/TD] [/TR] [/TABLE] Download: http://code.google.com/p/wavsep/downloads/list Sursa: wavsep - Web Application Vulnerability Scanner Evaluation Project - Google Project Hosting
  7. Nytro
    Hash collisions in POST Denial-of-service exploit demo by Krzysztof Kotowicz (@kkotowicz) More info: Denial of Service through hash table multi-collisions advisory | sources The following POST content should DoS PHP 5.3.x for a minute or so Post of Doom Link: http://koto.github.com/blog-kotowicz-net-examples/hashcollision/kill.html Info: http://thehackernews.com/2011/12/web-is-vulnerable-to-hashing-denial-of.html
  8. Nytro
    ack - Source code Grep ack is a tool like grep, designed for programmers with large trees of heterogeneous source code. ack is written purely in Perl, and takes advantage of the power of Perl's regular expressions. [h=2]Latest version of ack: 1.96, September 18, 2011[/h] Read the Changelog [h=2]How to install ack[/h] It can be installed any number of ways: Install the CPAN module App::Ack. If you are a Perl user already, this is the way to go. Download the standalone version of ack that requires no modules beyond what's in core Perl, and putting it in your path. If you don't want to mess with setting up Perl's CPAN shell, this is easiest. curl http://betterthangrep.com/ack-standalone > ~/bin/ack && chmod 0755 !#:3 Install the Macport: /trunk/dports/perl/p5-app-ack/Portfile – MacPorts Install the Debian package: ack-grep To install ack-grep as "ack" instead of "ack-grep", use this command: sudo dpkg-divert --local --divert /usr/bin/ack --rename --add /usr/bin/ack-grep [*]Install the Ubuntu package: ack-grep [*]Install the Fedora package: ack [*]Install the Gentoo package: sys-apps/ack [*]Install the Arch package: community/ack [h=2]Top 10 reasons to use ack instead of grep.[/h] It's blazingly fast because it only searches the stuff you want searched. ack is pure Perl, so it runs on Windows just fine. It has no dependencies other than Perl 5. The standalone version uses no non-standard modules, so you can put it in your ~/bin without fear. Searches recursively through directories by default, while ignoring .svn, CVS and other VCS directories. Which would you rather type? $ grep pattern $(find . -type f | grep -v '\.svn') $ ack pattern [*]ack ignores most of the crap you don't want to search VCS directories blib, the Perl build directory backup files like foo~ and #foo# binary files, core dumps, etc [*]Ignoring .svn directories means that ack is faster than grep for searching through trees. [*]Lets you specify file types to search, as in --perl or --nohtml. Which would you rather type? $ grep pattern $(find . -name '*.pl' -or -name '*.pm' -or -name '*.pod' | grep -v .svn) $ ack --perl pattern Note that ack's --perl also checks the shebang lines of files without suffixes, which the find command will not. [*]File-filtering capabilities usable without searching with ack -f. This lets you create lists of files of a given type. $ ack -f --perl > all-perl-files [*]Nicer and more flexible color highlighting of search results. [*]Uses real Perl regular expressions, not a GNU subset. [*]Allows you to specify output using Perl's special variables. To find all #include files in C programs: ack --cc '#include\s+<(.*)>' --output '$1' -h [*] Many command-line switches are the same as in GNU grep, so you don't have to relearn two sets: -w does word-only searching -c shows counts per file of matches -l gives the filename instead of matching lines etc. [*]Command name is 25% fewer characters to type! Save days of free-time! Heck, it's 50% shorter compared to grep -r. Download: http://betterthangrep.com/ack-standalone More info: ack 1.96 -- better than grep, a source code search tool for programmers
  9. Nytro
    Train-switching system can be vulnerable to DDoS attack Hackers who have shut down websites by overwhelming them with web traffic could use the same approach to shut down the computers that control train switching systems, a security expert said at a hacking conference in Berlin. Prof. Stefan Katzenbeisser, the man behind this shocking claim made the revelation during his speech at the Chaos Communication Congress hosted by the Berlin. Prof. Katzenbeisser explained that all hell will break lose in case the encryption keys are compromised in the system, used for switching trains from one line to another. "Trains could not crash, but service could be disrupted for quite some time," Katzenbeisser told Reuters on the sidelines of the convention. "Denial of service" campaigns are one of the simplest forms of cyber attack: hackers recruit large numbers of computers to overwhelm the targeted system with Internet traffic. Katzenbeisser said GSM-R, a mobile technology used for trains, is more secure than the usual GSM, used in phones, against which security experts showed a new attack at the convention. "Probably we will be safe on that side in coming years. The main problem I see is a process of changing keys. This will be a big issue in the future, how to manage these keys safely," Katzenbeisser said. Prof Katzenbeisser believes the system is relatively secure from hackers under normal circumstances. However, the computer science expert from Technische Universitat Darmstadt warns that encryption keys, used to protect the communications, could pose risks. It said the risk would occur if one of them fell into the wrong hands. This could allow hackers to mount a denial of service attack by overwhelming the signals system with traffic, forcing it to shut down. The technology, on which the professor issued the advisory, is already in use in a number of countries in Europe, Africa as well as Asia. A group of manufacturers decided to switch to a single digital standard and developed GSM-Railway, a more secure version of the 2G wireless standard used by mobile phones. [Source] Sursa: Train-switching system can be vulnerable to DDoS attack | The Hacker News (THN)
  10. Nytro
    Weaver-wps Brute force attack against Wifi Protected Setup Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf. Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase. Download: http://code.google.com/p/reaver-wps/downloads/detail?name=reaver-1.1.tar.gz&can=2&q= Sursa: reaver-wps - Brute force attack against Wifi Protected Setup - Google Project Hosting
  11. Nytro
    28c3 MP4 videos 28c3-4640-en-time_is_on_my_side_h264.mp4 28-Dec-2011 20:58 498M 28c3-4640-en-time_is_on_my_side_h264.mp4.sha1 28-Dec-2011 20:58 83 28c3-4640-en-time_is_on_my_side_h264.mp4.torrent 28-Dec-2011 20:58 20K 28c3-4652-en-data_mining_the_israeli_census_h26..> 28-Dec-2011 21:22 146M 28c3-4652-en-data_mining_the_israeli_census_h26..> 28-Dec-2011 21:22 95 28c3-4652-en-data_mining_the_israeli_census_h26..> 28-Dec-2011 21:22 6646 28c3-4660-en-post_memory_corruption_memory_anal..> 29-Dec-2011 00:39 541M 28c3-4660-en-post_memory_corruption_memory_anal..> 29-Dec-2011 00:41 103 28c3-4660-en-post_memory_corruption_memory_anal..> 29-Dec-2011 00:41 22K 28c3-4661-en-scade_and_plc_vulnerabilities_in_c..> 29-Dec-2011 09:25 461M 28c3-4661-en-scade_and_plc_vulnerabilities_in_c..> 28-Dec-2011 14:09 121 28c3-4661-en-scade_and_plc_vulnerabilities_in_c..> 28-Dec-2011 14:09 19K 28c3-4669-en-bionic_ears_h264.mp4 28-Dec-2011 20:14 437M 28c3-4669-en-bionic_ears_h264.mp4.sha1 28-Dec-2011 20:14 76 28c3-4669-en-bionic_ears_h264.mp4.torrent 28-Dec-2011 20:14 18K 28c3-4675-de-politik_neusprech_2011_h264.mp4 28-Dec-2011 23:08 449M 28c3-4675-de-politik_neusprech_2011_h264.mp4.sha1 28-Dec-2011 23:08 87 28c3-4675-de-politik_neusprech_2011_h264.mp4.to..> 28-Dec-2011 23:09 18K 28c3-4676-en-apple_vs_google_client_platforms_h..> 29-Dec-2011 00:08 273M 28c3-4676-en-apple_vs_google_client_platforms_h..> 29-Dec-2011 00:09 97 28c3-4676-en-apple_vs_google_client_platforms_h..> 29-Dec-2011 00:09 11K 28c3-4680-en-effective_dos_attacks_against_web_..> 28-Dec-2011 19:30 342M 28c3-4680-en-effective_dos_attacks_against_web_..> 28-Dec-2011 19:31 120 28c3-4680-en-effective_dos_attacks_against_web_..> 28-Dec-2011 19:32 14K 28c3-4699-en-building_a_distributed_satellite_g..> 29-Dec-2011 00:10 412M 28c3-4699-en-building_a_distributed_satellite_g..> 29-Dec-2011 00:11 120 28c3-4699-en-building_a_distributed_satellite_g..> 29-Dec-2011 00:12 17K 28c3-4700-en-what_is_whiteit_h264.mp4 29-Dec-2011 09:27 556M 28c3-4700-en-what_is_whiteit_h264.mp4.sha1 28-Dec-2011 13:55 80 28c3-4700-en-what_is_whiteit_h264.mp4.torrent 28-Dec-2011 13:55 22K 28c3-4706-en-power_gadgets_with_your_own_electr..> 28-Dec-2011 21:24 489M 28c3-4706-en-power_gadgets_with_your_own_electr..> 28-Dec-2011 21:24 104 28c3-4706-en-power_gadgets_with_your_own_electr..> 28-Dec-2011 21:25 20K 28c3-4711-en-the_atari_2600_video_computer_syst..> 28-Dec-2011 19:32 356M 28c3-4711-en-the_atari_2600_video_computer_syst..> 28-Dec-2011 19:33 119 28c3-4711-en-the_atari_2600_video_computer_syst..> 28-Dec-2011 19:33 15K 28c3-4712-en-mining_your_geotags_h264.mp4 28-Dec-2011 20:08 235M 28c3-4712-en-mining_your_geotags_h264.mp4.sha1 28-Dec-2011 20:08 84 28c3-4712-en-mining_your_geotags_h264.mp4.torrent 28-Dec-2011 20:08 10K 28c3-4713-en-what_is_in_a_name_h264.mp4 28-Dec-2011 21:10 529M 28c3-4713-en-what_is_in_a_name_h264.mp4.sha1 28-Dec-2011 21:10 82 28c3-4713-en-what_is_in_a_name_h264.mp4.torrent 28-Dec-2011 21:11 21K 28c3-4721-en-pentanews_game_show_2k11_h264.mp4 28-Dec-2011 19:26 632M 28c3-4721-en-pentanews_game_show_2k11_h264.mp4...> 28-Dec-2011 19:29 89 28c3-4721-en-pentanews_game_show_2k11_h264.mp4...> 28-Dec-2011 19:29 25K 28c3-4722-de-dick_size_war_for_nerds_h264.mp4 29-Dec-2011 01:49 618M 28c3-4722-de-dick_size_war_for_nerds_h264.mp4.sha1 29-Dec-2011 01:51 88 28c3-4722-de-dick_size_war_for_nerds_h264.mp4.t..> 29-Dec-2011 01:52 25K 28c3-4730-en-crowdsourcing_genome_wide_associat..> 29-Dec-2011 01:08 284M 28c3-4730-en-crowdsourcing_genome_wide_associat..> 29-Dec-2011 01:09 110 28c3-4730-en-crowdsourcing_genome_wide_associat..> 29-Dec-2011 01:09 12K 28c3-4732-en-datamining_for_hackers_h264.mp4 29-Dec-2011 09:25 446M 28c3-4732-en-datamining_for_hackers_h264.mp4.sha1 28-Dec-2011 14:00 87 28c3-4732-en-datamining_for_hackers_h264.mp4.to..> 28-Dec-2011 14:00 18K 28c3-4735-en-reverse_engineering_a_qualcomm_bas..> 28-Dec-2011 22:28 415M 28c3-4735-en-reverse_engineering_a_qualcomm_bas..> 28-Dec-2011 22:29 104 28c3-4735-en-reverse_engineering_a_qualcomm_bas..> 28-Dec-2011 22:29 17K 28c3-4736-en-defending_mobile_phones_h264.mp4 29-Dec-2011 09:25 354M 28c3-4736-en-defending_mobile_phones_h264.mp4.sha1 28-Dec-2011 14:14 88 28c3-4736-en-defending_mobile_phones_h264.mp4.t..> 28-Dec-2011 14:14 15K 28c3-4738-de-echtes_netz_h264.mp4 28-Dec-2011 22:26 314M 28c3-4738-de-echtes_netz_h264.mp4.sha1 28-Dec-2011 22:26 76 28c3-4738-de-echtes_netz_h264.mp4.torrent 28-Dec-2011 22:26 13K 28c3-4749-en-does_hacktivism_matter_h264.mp4 29-Dec-2011 09:25 476M 28c3-4749-en-does_hacktivism_matter_h264.mp4.sha1 28-Dec-2011 14:44 87 28c3-4749-en-does_hacktivism_matter_h264.mp4.to..> 28-Dec-2011 14:44 19K 28c3-4753-en-the_movement_against_state_control..> 29-Dec-2011 01:50 476M 28c3-4753-en-the_movement_against_state_control..> 29-Dec-2011 01:52 121 28c3-4753-en-the_movement_against_state_control..> 29-Dec-2011 01:53 19K 28c3-4755-en-counterlobbying_eu_institutions_h2..> 28-Dec-2011 21:08 418M 28c3-4755-en-counterlobbying_eu_institutions_h2..> 28-Dec-2011 21:08 96 28c3-4755-en-counterlobbying_eu_institutions_h2..> 28-Dec-2011 21:09 17K 28c3-4756-en-quantified_self_and_neurofeedback_..> 29-Dec-2011 01:12 595M 28c3-4756-en-quantified_self_and_neurofeedback_..> 29-Dec-2011 01:14 111 28c3-4756-en-quantified_self_and_neurofeedback_..> 29-Dec-2011 01:14 24K 28c3-4758-de-ein_mittelsmannangriff_auf_ein_dig..> 28-Dec-2011 21:06 292M 28c3-4758-de-ein_mittelsmannangriff_auf_ein_dig..> 28-Dec-2011 21:06 119 28c3-4758-de-ein_mittelsmannangriff_auf_ein_dig..> 28-Dec-2011 21:06 12K 28c3-4763-en-the_science_of_insecurity_h264.mp4 28-Dec-2011 21:26 308M 28c3-4763-en-the_science_of_insecurity_h264.mp4..> 28-Dec-2011 21:26 90 28c3-4763-en-the_science_of_insecurity_h264.mp4..> 28-Dec-2011 21:26 13K 28c3-4764-en-automatic_algorithm_invention_with..> 29-Dec-2011 09:26 522M 28c3-4764-en-automatic_algorithm_invention_with..> 28-Dec-2011 14:10 105 28c3-4764-en-automatic_algorithm_invention_with..> 28-Dec-2011 14:10 21K 28c3-4766-en-802_11_packets_in_packets_h264.mp4 29-Dec-2011 09:25 424M 28c3-4766-en-802_11_packets_in_packets_h264.mp4..> 28-Dec-2011 14:12 90 28c3-4766-en-802_11_packets_in_packets_h264.mp4..> 28-Dec-2011 14:12 17K 28c3-4768-en-eating_in_the_anthropocene_h264.mp4 28-Dec-2011 21:18 552M 28c3-4768-en-eating_in_the_anthropocene_h264.mp..> 28-Dec-2011 21:18 91 28c3-4768-en-eating_in_the_anthropocene_h264.mp..> 28-Dec-2011 21:19 22K 28c3-4770-en-dont_scan_just_ask_h264.mp4 28-Dec-2011 20:10 190M 28c3-4770-en-dont_scan_just_ask_h264.mp4.sha1 28-Dec-2011 20:10 83 28c3-4770-en-dont_scan_just_ask_h264.mp4.torrent 28-Dec-2011 20:10 8362 28c3-4775-de-hacker_jeopardy_h264.mp4 29-Dec-2011 02:37 916M 28c3-4775-de-hacker_jeopardy_h264.mp4.sha1 29-Dec-2011 02:40 80 28c3-4775-de-hacker_jeopardy_h264.mp4.torrent 29-Dec-2011 02:41 37K 28c3-4777-en-r0ket_h264.mp4 29-Dec-2011 09:27 586M 28c3-4777-en-r0ket_h264.mp4.sha1 28-Dec-2011 14:04 70 28c3-4777-en-r0ket_h264.mp4.torrent 28-Dec-2011 14:04 24K 28c3-4799-de-can_trains_be_hacked_h264.mp4 29-Dec-2011 09:27 531M 28c3-4799-de-can_trains_be_hacked_h264.mp4.sha1 28-Dec-2011 14:02 85 28c3-4799-de-can_trains_be_hacked_h264.mp4.torrent 28-Dec-2011 14:02 21K 28c3-4800-en-how_governments_have_tried_to_bloc..> 28-Dec-2011 21:04 602M 28c3-4800-en-how_governments_have_tried_to_bloc..> 28-Dec-2011 21:04 104 28c3-4800-en-how_governments_have_tried_to_bloc..> 28-Dec-2011 21:04 24K 28c3-4804-de-politik_hacken_h264.mp4 28-Dec-2011 21:20 344M 28c3-4804-de-politik_hacken_h264.mp4.sha1 28-Dec-2011 21:20 79 28c3-4804-de-politik_hacken_h264.mp4.torrent 28-Dec-2011 21:20 14K 28c3-4811-en-rootkits_in_your_web_application_h..> 28-Dec-2011 23:02 571M 28c3-4811-en-rootkits_in_your_web_application_h..> 28-Dec-2011 23:02 97 28c3-4811-en-rootkits_in_your_web_application_h..> 28-Dec-2011 23:02 23K 28c3-4813-en-macro_dragnets_h264.mp4 28-Dec-2011 21:12 284M 28c3-4813-en-macro_dragnets_h264.mp4.sha1 28-Dec-2011 21:12 79 28c3-4813-en-macro_dragnets_h264.mp4.torrent 28-Dec-2011 21:12 12K 28c3-4816-en-7_years_400_podcasts_and_lots_of_f..> 29-Dec-2011 01:46 400M 28c3-4816-en-7_years_400_podcasts_and_lots_of_f..> 29-Dec-2011 01:48 118 28c3-4816-en-7_years_400_podcasts_and_lots_of_f..> 29-Dec-2011 01:48 16K 28c3-4817-en-string_oriented_programming_h264.mp4 28-Dec-2011 21:14 258M 28c3-4817-en-string_oriented_programming_h264.m..> 28-Dec-2011 21:14 92 28c3-4817-en-string_oriented_programming_h264.m..> 28-Dec-2011 21:14 11K 28c3-4826-en-a_brief_history_of_plutocracy_h264..> 28-Dec-2011 19:34 314M 28c3-4826-en-a_brief_history_of_plutocracy_h264..> 28-Dec-2011 19:35 94 28c3-4826-en-a_brief_history_of_plutocracy_h264..> 28-Dec-2011 19:35 13K 28c3-4844-de-eu_datenschutz_internet_der_dinge_..> 28-Dec-2011 19:22 803M 28c3-4844-de-eu_datenschutz_internet_der_dinge_..> 28-Dec-2011 19:24 98 28c3-4844-de-eu_datenschutz_internet_der_dinge_..> 28-Dec-2011 19:25 32K 28c3-4847-en-reverse_engineering_usb_devices_h2..> 28-Dec-2011 19:28 171M 28c3-4847-en-reverse_engineering_usb_devices_h2..> 28-Dec-2011 19:29 96 28c3-4847-en-reverse_engineering_usb_devices_h2..> 28-Dec-2011 19:29 7628 28c3-4848-en-the_coming_war_on_general_computat..> 29-Dec-2011 09:24 406M 28c3-4848-en-the_coming_war_on_general_computat..> 28-Dec-2011 14:48 102 28c3-4848-en-the_coming_war_on_general_computat..> 28-Dec-2011 14:48 17K 28c3-4871-en-hacking_mfps_h264.mp4 28-Dec-2011 20:12 294M 28c3-4871-en-hacking_mfps_h264.mp4.sha1 28-Dec-2011 20:12 77 28c3-4871-en-hacking_mfps_h264.mp4.torrent 28-Dec-2011 20:12 12K 28c3-4876-de-die_spinnen_die_sachsen_h264.mp4 29-Dec-2011 09:25 350M 28c3-4876-de-die_spinnen_die_sachsen_h264.mp4.sha1 28-Dec-2011 13:50 88 28c3-4876-de-die_spinnen_die_sachsen_h264.mp4.t..> 28-Dec-2011 13:50 14K 28c3-4897-en-keynote_h264.mp4 29-Dec-2011 09:24 351M 28c3-4897-en-keynote_h264.mp4.sha1 28-Dec-2011 11:12 72 28c3-4897-en-keynote_h264.mp4.torrent 28-Dec-2011 11:12 14K 28c3-4901-de-der_staatstrojaner_aus_sicht_der_t..> 29-Dec-2011 09:27 777M 28c3-4901-de-der_staatstrojaner_aus_sicht_der_t..> 28-Dec-2011 14:07 105 28c3-4901-de-der_staatstrojaner_aus_sicht_der_t..> 28-Dec-2011 14:07 31K 28c3-4905-en-lightning_talks_day_2_h264.mp4 29-Dec-2011 00:29 989M 28c3-4905-en-lightning_talks_day_2_h264.mp4.sha1 29-Dec-2011 00:34 86 28c3-4905-en-lightning_talks_day_2_h264.mp4.tor..> 29-Dec-2011 00:35 39K 28c3-4910-de-demokratie_auf_saechsisch_h264.mp4 29-Dec-2011 00:44 79M 28c3-4910-de-demokratie_auf_saechsisch_h264.mp4..> 29-Dec-2011 00:44 90 28c3-4910-de-demokratie_auf_saechsisch_h264.mp4..> 29-Dec-2011 00:44 3955 28c3-4913-de-almighty_dna_and_beyond_h264.mp4 29-Dec-2011 09:27 585M 28c3-4913-de-almighty_dna_and_beyond_h264.mp4.sha1 28-Dec-2011 14:42 88 28c3-4913-de-almighty_dna_and_beyond_h264.mp4.t..> 28-Dec-2011 14:42 24K 28c3-4916-en-buggedplanet_h264.mp4 29-Dec-2011 09:25 321M 28c3-4916-en-buggedplanet_h264.mp4.sha1 28-Dec-2011 14:46 77 28c3-4916-en-buggedplanet_h264.mp4.torrent 28-Dec-2011 14:46 13K 28c3-4930-en-black_ops_of_tcpip_2011_h264.mp4 28-Dec-2011 21:16 531M 28c3-4930-en-black_ops_of_tcpip_2011_h264.mp4.sha1 28-Dec-2011 21:16 88 28c3-4930-en-black_ops_of_tcpip_2011_h264.mp4.t..> 28-Dec-2011 21:16 22K 28c3-4932-de-camp_review_2011_h264.mp4 28-Dec-2011 19:25 966M 28c3-4932-de-camp_review_2011_h264.mp4.sha1 28-Dec-2011 19:28 81 28c3-4932-de-camp_review_2011_h264.mp4.torrent 28-Dec-2011 19:29 38K Sursa: Index of /mp4-h264-HQ/
  12. Nytro
    [h=1]Anonymous hackers target South Bend company's website[/h] By DAVE STEPHENS South Bend Tribune 11:22 a.m. EST, December 28, 2011 SOUTH BEND — An international company based in South Bend has been targeted by hackers claiming to be a part of the group Anonymous. On Wednesday, users of the website for Abro Industries Inc., an adhesives and automotive fluids supplier that sells its products exclusively overseas, were redirected to the black and white image of a headless suit, followed by a short letter. The message read, in part, “It has come to the attention of the Anonymous activist community that you have chosen to support the SOPA Act.” The Stop Online Piracy Act, which was being discussed in Congress before it recessed for the holiday break, looks to regulate copyrighted materials on the internet. Opponents of the bill argue that the law would lead to censorship. Reached by phone Wednesday morning, Abro president Peter Baranay was initially unaware that his company’s website had been attacked, but later confirmed that it had. “I’m not a very happy camper,” Baranay said, adding that it appeared someone had committed several felonies. Baranay said Wednesday morning he wasn’t sure if his company had lobbied in support of the bill. But Baranay and Abro have been stanch supporters of anti-piracy measures in the past. In the early 2000s, Abro began fighting with foreign companies that were using the company’s name and packaging to manufacture and sell counterfeit products. In 2005, Baranay was appointed by President George W. Bush to serve on the U.S. Trade Representatives advisory committee, in part because of his company’s experience fighting against the piracy of its products in China and other countries. Although it’s not known where the hacking attack came from, postings online by someone claiming to be Anonymous do mention the company. One posting, on the website www.pastebin.com, encourages people to contact companies that lobbied for the SOPA bill, and lists more 60 different companies, including Abro Industries. Anonymous, which is a loose collaboration of political advocates and computer hackers, has been connected to everything from the Occupy movement to the recently reported theft of internal documents from a Texas-based securities company. Sursa: Anonymous hackers target South Bend company's website - wsbt.com
  13. Nytro
    [h=1]Hashes Used by PHP, ASP.NET, Java, Python and Ruby Vulnerable to DoS Attacks[/h]December 29th, 2011, 12:16 GMT · By Eduard Kovacs A couple of researchers showed how a common flaw in the implementation of the most popular web programming languages and applications can be used to force servers to use their CPU at full capacity for several minutes, causing a denial-of-service (DoS) condition. Julian Wälde and Alexander Klink made a presentation at the 28C3 Chaos Communication Congress in Berlin, Germany, showing that the way most popular programming languages such as PHP, Java, Apache Tomcat, ASP.NET, Phyton, Plone, Ruby and V8, use hash tables make servers susceptible to DoS attacks. The issue was known since 2003 when Perl and CRuby changed their hash functions to include randomization, but others seem to have neglected to take the same measures. Hash tables are data structures that utilize hash functions to map identifying values, or keys, to their associated values. Most of these hash functions can be broken fairly fast by using equivalent strings or by launching a meet-in-the-middle attack, according to the advisory published by n.runs AG. The first method is plausible because some hash functions have the property that if two strings collide, then hashes having the same substrings at the same position collide as well. Basically, any website that runs a technology that provides the option to perform a POST request is highly vulnerable to a DoS attack and since the attack is just a POST request, a website can be targeted by using an XSS flaw present on another popular site. Just to make an idea on how effective these attacks are, Cryptanalysis provides some interesting figures. Assuming that the processing time for a request is not limited, a Core i7 CPU on a system that uses PHP, can be kept busy for 288 minutes just to process 8 megabytes of POST data. More precisely, you could keep 10,000 such CPU’s busy processing requests by using a 1 gigabit Internet connection. Some of the vendors rushed to release updates and workarounds for their products. Microsoft will release sometime today an out-of-band security update for ASP.NET and Ruby’s security team have already provided updates for their customers. The guys from Apache Tomcat also came up with some effective workarounds. PHP has yet to release an official statement regarding the issue, but in the meantime, users who haven’t heard from their product’s vendor can apply some simple measures to counterattack the problem. The easiest way to reduce impact is by limiting the CPU time that a request is allowed to take. Also, by limiting the maximal POST size and the number of parameters, an attack can be mitigated. A video demonstration made by the researchers can be downloaded from here. Sursa: Hashes Used by PHP, ASP.NET, Java, Python and Ruby Vulnerable to DoS Attacks - Softpedia
  14. Nytro
    Wi-Fi Protected Setup PIN brute force vulnerability Stefan @ 3:00 am A few weeks ago I decided to take a look at the Wi-Fi Protected Setup (WPS) technology. I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide. I reported this vulnerability to CERT/CC and provided them with a list of (confirmed) affected vendors. CERT/CC has assigned VU#723755 (will be released today) to this issue. To my knowledge none of the vendors have reacted and released firmware with mitigations in place. Detailed information about this vulnerability can be found in this paper: Brute forcing Wi-Fi Protected Setup – Please keep in mind that the devices mentioned there are just a tiny subset of the affected devices. I would like to thank the guys at CERT for coordinating this vulnerability. P.S. My brute force tool will be released once I get around to cleaning up the code Download paper: http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf Sursa: Wi-Fi Protected Setup PIN brute force vulnerability
  15. Nytro
    [h=1]28c3: Apple vs. Google Client Platforms[/h] **This video might be broken, incomplete and out of sync. It will be replaced very soon by the official recording.**
  16. Nytro
    [h=1]Tails (Incognito OS) - foloseste computerul fara sa lasi urme pe internet[/h]de Radu Eftimie | 29 decembrie 2011 De la bun inceput trebuie sa precizam ca a folosi un sistem de operare care nu lasa urme pe internet si care iti asigura in mare parte cel mai eficient anonimat nu inseamna ca poti face tot ceea ce iti trece prin cap fara sa tii cont de regulile si de legile care guverneaza spatiul virtual. Nu. Sistemul de operare pe care vi-l prezentam astazi este dedicat celor care doresc mai multa intimitate atunci cand folosesc internetul, nimic mai mult. Daca vreti, va asigura mai mult un confort psihic, daca sunteti genul care isi face griji ca datele personale introduse la autentificarile pe retele sociale, mail, messenger si alte astfel de servicii pot fi urmarite si retinute de anumite servere. Tails - The Amnesic Incognito Live System este un sistem de operare bazat pe Linux (Debian) si care poate fi rulat pe orice computer in sistem "live", adica direct de pe un mediu extern precum un CD sau un memory stick. Ce este Tor? Tail functioneaza prin intermediul retelei Tor, care asigura anonimat online si care va permite sa navigati pe orice site de pe internet in mod incognito, fara sa lasati urme. Mai exact, toate conexiunile la servere externe pe care le accesati cand folositi Tails sunt fortate sa devina active doar prin Tor, un server care va pune la adapost de monitorizarea pe care o folosesc anumite retele, care va incalca, nu de putine ori, intimitatea online, avand ca pretext ca nu pot functiona altfel. Tor, care poate fi descarcat individual si folosit pe sisteme de operare precum Windows, Mac, Linux/Unix si Android, previne tentativele de localizare, dar si monitorizarea comportamentului utilizatorilor de internet, metode deja folosite de majoritatea advertiserilor, de exemplu. Aveti in vedere, insa, faptul ca Tor nu poate rezolva toate problemele legate de anonimatul online si se concentreaza pe transferul de date. Tail Incognito OS este un sistem de operare complet, gratuit, care poate functiona independent de sistemul de operare preinstalat pe un PC. Ofera o interfata grafica familiara utilizatorilor de distributii Linux (KDE) si este bazat pe Debian Linux. Sistemul vine cu mai multe aplicatii utile preinstalate: un browser web, client de mesagerie intantanee multi account - Pidgin, client de email, o suita office, editor de sunet si imagini etc. The Amnesic Incognito OS ofera aproape toate aplicatiile de care aveti nevoie pentru o utilizare zilnica normala. Tails este configurat special pentru a nu utiliza hard disk-ul PC-ului, chiar daca exista partitii swap pe HDD. Folosit in sistem "Live", Tail utilizeaza doar memoria RAM pentru a stoca anumite informatii, iar in momentul in care opriti sau reporniti calculatorul, toate aceste date sunt sterse din memorie in mod automat. Astfel nu veti lasa urme nici legate de utilizarea Tails pe un anumit PC si nici legate de ceea ce ati facut pe PC-ul respectiv. Acesta este de altfel si motivul pentru care dezvoltatorii l-au denumit "Amnesic". Cel mai important aspect dupa asigurarea anonimatului online este ca Tails nu permite recuperarea de date dupa repornirea unui calculator, iar acest lucru este extrem de important in momentul in care folosit date "sensibile" pe PC. Nu uitati - Tor poate fi utilizat pe orice sistem de operare, iar Tails - The Amnesic Incognito OS ofera o integrare excelenta. Descarca Tails - The Amnesic Incognito OS Un tutorial si alte informatii pentru instalare se gasesc AICI Sursa: Tails (Incognito OS) - foloseste computerul fara sa lasi urme pe internet | Hit.ro
  17. Nytro
    [h=1]GrrCON '11 Hunting Hackers Tim Crothers[/h] While a web site defacement is an indicator that bad guys have been doing bad stuff in your network or systems, in the real day-to-day of security increasingly its rarely that obvious. The criminals likely to do the most damage use stealth. So how do you find and get rid of them? In this session we'll cover techniques for finding the wily rabbits, err hackers, lurking in our environments unseen. We'll use several real-life incidents (anonymized to protect the not-so-innocent of course) to cover some of the latest techniques in use by the miscreants and methods for helping you defeat them.
  18. Nytro
    [h=1]GrrCON '11 sploit me if u can - atlas 0f d00m[/h] The exploitation landscape has changed it's scenery with aslr/nx... have you aDEPted? this presentation will cover some of the challenges exploiting in newer environments, tactics for success, and tricks to make the job easier. come watch as atlas iterates through the 2011 defcon quals "potent pwnables 500? challenge and a few solutions. the quals system may not have used NX, but what if it had? 'cuz eip is half the battle... from there you have to think.'
  19. Nytro
    [h=1]GrrCON '11 ZeuS -- Inside Command and Control Adam Johnson[/h] The ZeuS bot network, while being some what aged, still represents a major realization of what past bot networks have tried to achieve. This "low-PowerPoint" presentation gives an inside look at a ZeuS command and control server. From setting up command and control, to configuring and creating the bot, to the ease or difficulty of controlling and issuing commands to one of the infected computers in its network, this presentation covers the bot-masters tools and capabilities. While being specific to ZeuS, the general capabilities of the Zeus bot net are replicated in most modern bot nets.
  20. Nytro
    [h=1]28c3: Rootkits in your Web application[/h] Uploaded by 28c3 on Dec 28, 2011
  21. Nytro
    [h=1]28c3: Bitcoin - An Analysis[/h] Uploaded by 28c3 on Dec 29, 2011
  22. Nytro
    [h=1]22C3: Disassembler Internals[/h]Speaker: Richard Johnson Disassembler Internals II is an advanced look at the power of programmatic disassembly analysis. The talk will focus on data structure recognition for the purposes of reducing time spent reverse engineering protocols and proprietary file formats. For more information visit: 22C3: Private Investigations To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network
  23. Nytro
    [h=1]22C3: Secure Code[/h]Speaker: Paul Böhm Why developing Secure Software is like playing Marble Madness This talk will introduce new strategies for dealing with entire bug classes, and removing bug attractors from development environments. For more information visit: 22C3: Private Investigations To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network
  24. Nytro
    [h=1]22C3: Learning cryptography through handcyphers[/h]Speaker: Brenno de Winter Shaping a digital future with ancient wisdom For many people cryptography is something that they consider too complicated. But actually one can understand the principles very well if they only try. By looking at old handcyphers used for coding one can begin to understand modern cryptography. For more information visit: 22C3: Private Investigations To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network
  25. Nytro
    [h=1]22C3: Vulnerability markets[/h]Speaker: Rainer Böhme What is the economic value of a zero-day exploit? What is the market value of a zero-day exploit? It is evident that information on vulnerabilities and information security threads is very valuable, but the market for it is neither structured nor liquid. This talk combines examples from real world information security business with academic arguments on the pros and cons of vulnerability markets, including vulnerability sharing circles, bug auctions, remote root derivatives, and cyber-insurance. Would we live in a more secure world if every geek could go and sell his exploit at the market price? How could this market eventually be organised? What are the incentives of market participants and where are dangers for conflicts of interest? Join us on a journey to a hypothetical world where information security is entirely melted into finance so that S&P quotes a daily kernel hardness index ... For more information visit: 22C3: Private Investigations To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network
×
×
  • Create New...