Nytro

Am decis, din moment ce majoritatea membrilor probabil au un cont de Facebook, sa cream o pagina de Facebook unde se vor posta atat informatii generale despre RST, informatii de ordin administrativ, cat si informatii de actualitate din domeniul IT, in special informatii legate de hacking, securitate IT si programare, practic legaturi catre topicuri de aici sau legaturi externe. Pagina: https://www.facebook.com/pages/Romanian-Security-Team/163592527017735 Sau mai scurt: http://www.facebook.com/rstforum

Blogs, Feeds, Guides & Links I was cleaning out my bookmarks, de-cluttering twitter favourites and closing a few tabs. Re-saw a few 'hidden gems' as well as repeating finding links for people, so I thought I would try and 'dump' them all in one place. These are roughly sorted, if you're wanting something better - I highly recommend having a look at the pentest-bookmarks. Programming/Coding [bash] Advanced Bash-Scripting Guide - http://tldp.org/LDP/abs/html/ [bash] Bash shell scripting tutorial - http://steve-parker.org/sh/sh.shtml [bash] Bourne Shell Reference - http://linuxreviews.org/beginner/bash_GNU_Bourne-Again_SHell_Reference/ [CheatSheet] Scripting Languages: PHP, Perl, Python, Ruby - http://hyperpolyglot.org/scripting Offensive Security's Pentesting With BackTrack (PWB) Course [Pre-course] Corelan Team - http://www.corelan.be [Pre-course] The Penetration Testing Execution Standard - http://www.pentest-standard.org/index.php/Main_Page [Hash] NTLM Decrypter - http://www.md5decrypter.co.uk/ntlm-decrypt.aspx [Hash] reverse hash search and calculator - http://goog.li http://security.crudtastic.com/?p=213 Tunnelling / Pivoting [Linux] SSH gymnastics with proxychains - http://pauldotcom.com/2010/03/ssh-gymnastics-with-proxychain.html [Windows] Nessus Through SOCKS Through Meterpreter - http://www.digininja.org/blog/nessus_over_sock4a_over_msf.php WarGames / Online Challenges [WarGames] Title - http://securityoverride.com [WarGames] Title - http://intruded.net [Challenge] The Ksplice Pointer Challenge - http://blogs.oracle.com/ksplice/ [WarGames] Title - http://spotthevuln.com [WarGames] Title - http://cvo-lab.blogspot.com/2011/05/iawacs-2011-forensics-challenge.html [WarGames] Title - http://ftp.hackerdom.ru/ctf-images/ Exploit Development (Programs) [Download] Title - http://www.oldapps.com/ [Download] Title - http://www.oldversion.com/ [Download] Title - http://www.exploit-db.com/webapps/ Misc [RSS] Open Penetration Testing Bookmarks Collection - https://code.google.com/p/pentest-bookmarks/downloads/list [ExploitDev] Data mining Backtrack 4 for buffer overflow return addresses - http://insidetrust.blogspot.com/2010/12/data-mining-backtrack-4-for-buffer.html [DIY] Repair a Broken Ethernet Plug - http://www.instructables.com/id/Repair-a-Broken-Ethernet-Plug/step5/Make-its-Head-Thin/ [Desktop] Ubuntu Security - http://ubuntuforums.org/showthread.php?t=510812 [TechHumor] Title - https://www.xkcd.com [TechHumor] Title - http://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf Exploit Development [Guides] Corelan Team - http://www.corelan.be [Guide] From 0x90 to 0x4c454554, a journey into exploitation. - http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html [Guide] An Introduction to Fuzzing: Using fuzzers (SPIKE) to find vulnerabilities - http://resources.infosecinstitute.com/intro-to-fuzzing/ TiGa's Video Tutorial Series on IDA Pro - http://www.woodmann.com/TiGa/idaseries.html [Guide] Advanced Windows Buffer Overflows - http://labs.snort.org/awbo/ [Guide] Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.htmlt [Guide] SEH Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html [Guide] Windows Buffer Overflow Tutorial: Dealing with Character Translation - http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html [Guide] Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability< - http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html [Guide] Windows Buffer Overflow Tutorial: An Egghunter and a Conditional Jump - http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html [Linux] Linux exploit development part 1 – Stack overflow. - http://sickness.tor.hu/?p=363 [Linux] Linux Exploit Writing Tutorial Pt 2 – Stack Overflow ASLR bypass Using ret2reg - http://sickness.tor.hu/?p=365 [Linux] Linux exploit development part 3 – ret2libc - http://sickness.tor.hu/?p=368 [Linux] Linux exploit development part 4 – ASCII armor bypass + return-to-plt - http://sickness.tor.hu/?p=378 [TechHumor] Title - [TechHumor] Title - http://amolnaik4.blogspot.com/2011/06/exploit-development-with-monapy.html Exploit Development (Case Studies/Walkthroughs) [Web] Finding 0days in Web Applications - http://www.exploit-db.com/finding-0days-in-web-applications/ [Windows] Offensive Security Exploit Weekend - http://www.corelan.be/index.php/2010/11/13/offensive-security-exploit-weekend/ [Windows] From vulnerability to exploit under 5 min - http://0entropy.blogspot.com/2011/02/from-vulnerability-to-exploit-under-5.html Exploit Development (Patch Analysis) [Windows] A deeper look at ms11-058 - http://www.skullsecurity.org/blog/2011/a-deeper-look-at-ms11-058 [Windows] Patch Analysis for MS11-058 - https://community.qualys.com/blogs/securitylabs/2011/08/23/patch-analysis-for-ms11-058 [Windows] CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability - http://j00ru.vexillium.org/?p=893 [Mobile] Analyzing and dissecting Android applications for security defects and vulnerabilities - https://www.net-security.org/article.php?id=1613 Exploit Development (Metasploit Wishlist) [ExplotDev] Metasploit Exploits Wishlist ! - http://esploit.blogspot.com/2011/03/metasploit-exploits-wishlist.html [Guide] Porting Exploits To Metasploit Part 1 - http://www.securitytube.net/video/2118 Passwords & Rainbow Tables (WPA) [RSS] Title - http://ob-security.info/?p=475 [RSS] Title - http://nakedsecurity.sophos.com/2011/06/14/the-top-10-passcodes-you-should-never-use-on-your-iphone/ [RSS] Title - http://www.troyhunt.com/2011/06/brief-sony-password-analysis.html [WPA] Offensive Security: WPA Rainbow Tables - http://www.offensive-security.com/wpa-tables/ [Tool] Ultra High Security Password Generator - https://www.grc.com/passwords.htm [Guide] Creating effective dictionaries for password attacks - http://insidetrust.blogspot.com/2010/07/creating-effective-dictionaries-for.html [Leaked] Diccionarios con Passwords de Sitios Expuestos - http://www.dragonjar.org/diccionarios-con-passwords-de-sitios-expuestos.xhtml [Download] Index of / - http://svn.isdpodcast.com/wordlists/ [Guide] Using Wikipedia as brute forcing dictionary - http://lab.lonerunners.net/blog/using-wikipedia-as-brute-forcing-dictionary [Tool] CeWL - Custom Word List generator - http://www.digininja.org/projects/cewl.php [Download] Title - http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists [Leaked] Passwords - http://www.skullsecurity.org/wiki/index.php/Passwords Cheat-Sheets [OS] A Sysadmin's Unixersal Translator - http://bhami.com/rosetta.html [WiFi] WirelessDefence.org's Wireless Penetration Testing Framework - http://www.wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html Anti-Virus [Metasploit] Facts and myths about antivirus evasion with Metasploit - http://schierlm.users.sourceforge.net/avevasion.html [Terms] Methods of bypassing Anti-Virus (AV) Detection - NetCat - http://compsec.org/security/index.php/anti-virus/283-anti-virus-central-methods-of-bypassing-anti-virus-av-detection.html Privilege Escalation [Linux] Hacking Linux Part I: Privilege Escalation - http://www.dankalia.com/tutor/01005/0100501004.htm [Windows] Windows 7 UAC whitelist - http://www.pretentiousname.com/misc/win7_uac_whitelist2.html [Windows] Windows Privilege Escalation Part 1: Local Administrator Privileges - http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/ Metasploit [Guide] fxsst.dll persistence: the evil fax machine - http://www.room362.com/blog/2011/6/27/fxsstdll-persistence-the-evil-fax-machine.html [Guide] Bypassing DEP/ASLR in browser exploits with McAfee and Symantec - http://www.scriptjunkie.us/2011/08/custom-payloads-in-metasploit-4/ [Guides] Metasploit Unleashed - http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training [Guides] Metasploit Megaprimer (Exploitation Basics And Need For Metasploit) Part 1 - http://www.securitytube.net/video/1175 Default Generators [WEP] mac2wepkey - Huawei default WEP generator - http://websec.ca/blog/view/mac2wepkey_huawei [WEP] Generator: Attacking SKY default router password - http://sec.jetlib.com/BackTrack_Linux_Forums/2011/01/12/Generator:_Attacking_SKY_default_router_password Statistics [Defacements] Zone-H - http://www.zone-h.org [ExploitKits] CVE Exploit Kit list - http://exploitkit.ex.ohost.de/CVE%20Exploit%20Kit%20List.htm Cross Site Scripting (XSS) [Guide] vbSEO – From XSS to Reverse PHP Shell - http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/ [RSS] Title - http://www.thespanner.co.uk/2009/03/25/xss-rays/ Podcasts [Weekly] PaulDotCom - http://pauldotcom.com/podcast/psw.xml [Monthly] Social-Engineer - http://socialengineer.podbean.com/feed/ Blogs & RSS [RSS] SecManiac - http://www.secmaniac.com [Guides] Carnal0wnage & Attack Research - http://carnal0wnage.attackresearch.com [RSS] Contagio - http://contagiodump.blogspot.com [News] THN : The Hacker News - http://thehackernews.com [News] Packet Storm: Full Disclosure Information Security - http://packetstormsecurity.org [Guides] pentestmonkey | Taking the monkey work out of pentesting - http://pentestmonkey.net [RSS] Darknet - The Darkside | Ethical Hacking, Penetration Testing & Computer Security - http://www.darknet.org.uk [RSS] Irongeek - http://www.irongeek.com [Metasploit] Room 363 - http://www.room362.com [Guides] Question Defense: Technology Answers For Technology Questions - http://www.question-defense.com/ [Guides] stratmofo's blog - http://securityjuggernaut.blogspot.com [Guides] TheInterW3bs - http://theinterw3bs.com [Guides] consolecowboys - http://console-cowboys.blogspot.com [Guides] A day with Tape - http://adaywithtape.blogspot.com [Guides] Cybexin's Blog - Network Security Blog - http://cybexin.blogspot.com [RSS] BackTrack Linux - Penetration Testing Distribution - http://www.backtrack-linux.org/feed/ [RSS] Offensive Security - http://www.offensive-security.com/blog/feed/ [RSS] Title - http://www.pentestit.com [RSS] Title - http://michael-coates.blogspot.com [RSS] Title - http://blog.0x0e.org [RSS] Title - http://0x80.org/blog [RSS] Title - http://archangelamael.shell.tor.hu [RSS] Title - http://archangelamael.blogspot.com [RSS] Title - http://www.coresec.org [RSS] Title - http://noobys-journey.blogspot.com [RSS] Title - http://www.get-root.com [RSS] Title - http://www.kislaybhardwaj.com [RSS] Title - https://community.rapid7.com/community/metasploit/blog [RSS] Title - http://mimetus.blogspot.com [RSS] Title - http://hashcrack.blogspot.com [RSS] Title - https://rephraseit.wordpress.com [RSS] Title - http://www.exploit-db.com [RSS] Title - http://skidspot.blogspot.com [RSS] Title - http://grey-corner.blogspot.com [RSS] Title - http://vishnuvalentino.com [RSS] Title - http://ob-security.info Sursa: http://g0tmi1k.blogspot.com/2011/11/blog-guides-links.html

New, Faster Firefox 9 Beta is Ready for Testing November 10th, 2011 A new Firefox Beta for Windows, Mac and Linux is now available for download and testing. This beta enhances JavaScript performance and adds developer tools that make Web browsing much faster. What’s New in Firefox Beta: Type Inference: Firefox Beta adds Type Inference to make JavaScript significantly faster. To learn more about how rich websites and Web apps with lots of pictures, videos and 3D graphics will load faster in Firefox, check out this blog post. Mac OS X Lion Support: Firefox Beta has a new look that matches the Mac OS X Lion application toolbar and icon styles. Firefox Beta also supports the two finger swipe navigation gesture and makes it easier to use multiple monitors. Do Not Track JavaScript Detection: Firefox Beta enables JavaScript to show developers when users choose to opt-out of behavioral tracking with the Do Not Track privacy feature. Chunked XHR Support: Firefox Beta supports chunking for XHR requests so websites can receive data that’s part of a large XHR download in progress. This helps developers make websites and Web apps faster, especially those that download large sets of data or via AJAX. If you’re a developer, please visit the Firefox for Developers page. Download: http://www.mozilla.org/en-US/firefox/channel/

Disable AutoRun to Stop 50% of Windows Malware Threats According to a biannual Security Intelligence Report from Microsoft, AutoRun—the feature in Windows that automatically executes files when you plug in a USB or connect to a network—accounts for almost half of all malware infections. That's really damn high. To be clear, these are infections that don't require any user-input from you, so it's kind of not your fault that your computer gets infected. By turning off AutoRun, you'll add an extra step to certain tasks, but it's worth it to cut down on malware 50%. What's also interesting in this report is that Windows XP SP3 systems get infected about ten times as much as Windows 7 SP1 64-bit systems, and six times as much vs. 32-bit Windows 7 systems. That alone is one reason why you might want to upgrade your parents' machines to Windows 7. The easiest way to disable AutoRun is to download a free utility like Disable AutoRun or previously mentioned Panda USB Vaccine, run it, and call it a day (these apps are made specifically to turn off AutoRun). On the other hand, if you're comfortable with editing the registry, here's a quick guide to doing it yourself. Disable autorun: http://antivirus.about.com/od/securitytips/ht/autorun.htm USB Vaccine: http://www.pandasecurity.com/homeusers/downloads/usbvaccine/ Sursa: http://lifehacker.com/5858703/disable-autorun-to-stop-50-of-windows-malware-threats

Suricata IDPE 1.1 Site openinfosecfoundation.org Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools. Changes: Performance, accuracy, and stability were improved. Many HTTP rule keywords added. Several SSL keywords have been added. Event suppression support was added. SCTP decoding support was added. IPS mode was improved. An SMTP parser was added. Protocol detection was improved. Extended HTTP output was added. AF_PACKET support was added. PF_RING support was improved. Pcap logging was added. The stream engine was improved. Download: http://packetstormsecurity.org/files/download/106889/suricata-1.1.tar.gz

Postul e prea lung, vorbesc cu kwe. Nu e problema cu postul dublu, in cazul de fata.

1. Nu esti singura persoana care a primit warn pentru asa ceva, dar esti singura care se plange 2. La categoria offtopic se posteaza lucruri care nu au locul intr-o alta categorie, iar topicul tau (chiar nu am idee care) care era o cerere, isi avea locul la categoria Cereri speciala pentru asa ceva. 3. Am mutat topicul pentru a mentine ordinea pe forum, adica fiecare topic sa fie la locul lui, pentru ca oamenii sa stie ce si unde gasesc, nu sa gaseasca discutii despre "Huidu a facut accident" la Programare sau Tutoriale engleza. 4. Daca te uitai la topicurile de la Anunturi, observai ca unul dintre ele specifica motivele pentru care se poate primi avertisment, iar postatul aiurea, intr-o categorie gresita este unul dintre ele 5. Nu imi face placere sa mut topicuri de colo-colo. Da, daca era ceva util multora, cum s-a mai intamplat nu primeai avertisment. Adica am mutat un topic despre programare de la Tutoriale la Programare si chiar am dat "+" celui care a postat pentru ca era ceva util. 6. Daca tot erai pe la offtopic, observai ca am creat vreo 3 threaduri acolo in care specificam in mod explicit ca topicurile la care se cere ajutorul si cererile au categorii speciale si nu trebuie postate acolo. 7. Am inceput sa nu mai tolerez topicurile care nu au legatura cu IT-ul aici si ar trebui sa intelegi de ce. Ar fi cam stupid sa vezi pe aici numai topicuri ca "Am parul aspru si varfurile despicate, ce pot face?" sau alte rahaturi. 8. Eu nu stiu de niciun "orice tip de cereri". E un forum de IT, sa incercam sa pastram continutul de IT, sa nu incepem toti cu probleme personale. Exista 4chan, softpedia si alte forumuri care probabil au categorii speciale pentru orice. Intelegi?

La ce functii te referi? Probabil acele functii se gasesc in "msvcrt.dll" - Microsoft Visual C Runtime, adica un DLL care contine functiile uzuale. Mi s-a parut putin ciudat, dar chiar ieri asta faceam, si am vazut ca un program compilat cu MinGW (portarea compilatorului GCC pe Windows) "leaga" executabilele tot de msvcrt.dll. Nu e nevoie sa fie definite in headere, nu sunt, functiile fac parte din diferite librarii (WinAPI de exemplu - kernel32.dll, user32.dll...) cu care programul tau e legat prin intermediul link-erului. Tu ai nevoie doar de definitia functiei si de librarie, ca sa stie link-erul de unde sa ia functia. Ca idee, functia "connect", cu care conectez un socket la o adresa IP se afla in ws2_32.dll, se include fisierul winsock2.h, dar nu e de ajuns, pentru ca trebuie stiuta si libraria in care se afla, si asta trebuie specificat printr-un parametru la compilator: -l. CodeBlocks are GUI pentru asa ceva, fisierele necesare au extensiile ".lib" sau ".a".

Si daca cineva atinge usor oglinda din greseala?

Lasati prostiile, haideti sa mergem la Hanul Drumetului :->

em, cred ca vrei sa zici: char x = 49; Adica x e codul ASCII al caracterului '1'.

Mexican drug runners torture and decapitate blogger El Mod of social network ritually murdered By John Leyden 10th November 2011 11:31 GMT The moderator of a Mexican social network has been tortured and ritually murdered by local drug lords in the latest cartel-related killing in the country. The victim, identified in an accompanying message as "El Rascatripas" (The Fiddler/Scratcher) was tortured and decapitated before his body was dumped in the early hours of Wednesday morning beside a statue of Christopher Columbus near the Texas border and outside the town of Nuevo Laredo. A blanket placed near the body featured a chilling message, scrawled in ink: "Hi I’m ‘Rascatripas’ and this happened to me because I didn’t understand I shouldn’t post things on social networks." Local reports suggest the man was a moderator on the social network Nuevo Laredo en Vivo. His death brings the death toll of bloggers and social media activists in the town – all apparent victims of the ultra-ruthless Zetas cartel – to four over the last two months. A man and a woman, who was disembowelled beforehand, were found strung from an overpass in the town in mid-September. Less than two weeks later, Nuevo Laredo en Vivo moderator Marisol Macias Castaneda, also known as The Laredo Girl, was decapitated and dumped – like the latest victim – by the Christopher Columbus statue. More details, including a grisly picture of the crime scene, can be found in local media reports here and here. A bloody turf war between the Gulf Cartel (CDG) and their former enforcers, Los Zetas, is at its bloodiest in the states of eastern Tamaulipas, around the northern city of Monterrey and in Tamaulipas (the location of Nuevo Laredo). Some estimates suggest that as many as 40,000 Mexicans had lost their lives as a result of the escalating Mexican drug wars, which have included a terrorist-style attack on a Monterrey casino in August that claimed the lives of 53 people. The April 2011 Tamaulipas massacre, involving the execution of an estimated 190-plus abducted bus passengers, and the Monterrey casino attack had both been blamed on the Zetas. Wired reports that locals are using social media tools to carry real-time reporting of firefights between drug runners and local police and cartel checkpoints on the region's dangerous roads as well as criticism of local drug lords. Drug cartels, in particular the Zetas, take a ruthless line on those reporting their activities online, treating them as snitches and murdering them as a grisly warning to others. Recent plans by a faction of Anonymous to release details of associates of Los Zetas were abandoned last weekend amid confusion over whether the alleged kidnapping of a member of the activists collective, the incident that provoked OpCartel, had ever actually taken place. Sursa: http://www.theregister.co.uk/2011/11/10/narco_blogger_murdered/

Daca deschizi cmd cu "Run as Administrator" e la fel? Zic asta pentru ca m-am chinuit si eu ore sa inteleg un cod valid care nu mergea pentru ca trebuia rulat ca Administrator... PS: Posteaza codul sursa daca poti, eu as fi interesat sa ma uit peste el.

C:\Windows>telnet www.rstcenter.com 80 GET / HTTP/1.1 Host: www.rstcenter.com HTTP/1.1 200 OK Server: LBA T2900 LINUX SECURITY GROUP Date: Thu, 10 Nov 2011 15:34:28 GMT Content-Type: text/html Connection: keep-alive Last-Modified: Wed, 03 Nov 2010 23:06:25 GMT ETag: "759ff-27-4942e172bde40" Accept-Ranges: bytes Content-Length: 39 Cache-Control: max-age=7200 Expires: Thu, 10 Nov 2011 17:34:28 GMT <img src="stfu.jpg" alt="" title="" /> Connection to host lost. C:\Windows> Asta e fara browser.

Eu ma gandesc in primul rand la mine, normal. Si ma intreb: "Ce am facut eu rau sa vrea garda sa ma ia?", si nu imi trece absolut nimic prin cap. Deci nu am niciun stres si la fel sunt si 96% (sa zicem) dintre cei de aici. Apoi, daca ma gandesc putin, imi dau seama ca din posturile mele reies multe lucruri: numele si prenumele, liceul la care am fost, facultatea la care sunt si altele. Pe un forum de "trading", unde se faceau tranzactii de milioane de dolari (carduri si alte lucruri nasoale) cica se infiltrase un agent FBI, activase mult timp si chiar ajunsese administrator ceva si dintr-o data au saltat o mare parte dintre ei. Dar acolo era vorba de bani, nu de conturi filelist date pe 1 euro credit cum se face aici. Ce-i drept vazusem intr-o zi un IP de STS pe aici, dar sunt si ei oameni, practic tot ca noi, care poate mai gasesc cine stie ce informatii utile aici, nu prea cred ca "spioneaza" pe cineva pentru ca, sa fim seriosi, chiar nu au pe cine (v-am ranit orgoliile de hackeri nu?).

Computerized Prison doors hacked with vulnerabilities used by Stuxnet worm Security holes in the computer systems of federal prisons in the United States can effectively allow hackers to trigger a jailbreak by remote control. The discovery of the Stuxnet worm has alerted governments around the world about the possibility of industrial control systems being targeted by hackers. A team of researchers with John Strauchs, Tiffany Rad and Teague Newman presented their findings at a recent security conference. They said the project wasn't really all that difficult -- it just took a little time, some equipment bought online and a basement workspace. The idea for the research came about from work that Strauchs had done previously. "I designed a maximum security prison security system. That is, I did the engineering quite a few years ago and literally on Christmas Eve, the warden of that prison after it was occupied, called me and told me all the doors had popped open, including on death row, which of course sent chills down my spine. So we fixed that problem very quickly. It was a minor technical thing that had to do with the equipment used, but the gist of it was it made me think if that could be done accidentally, what was the extent of what you could do if you did it deliberately?" The security systems in most American prisons are run by special computer equipment called industrial control systems, or ICS. They are also used to control power plants, water treatment facilities and other critical national infrastructure. ICS has increasingly been targeted by hackers because an attack on one such system successfully sabotaged Iran’s nuclear program in 2009.A malicious cyber-intruder could “destroy the doors,” by overloading the electrical system that controls them, locking them permanently open, said Mr. Strauchs, now a consultant who has designed security systems for dozens of state and federal prisons. The U.S. Department of Homeland Security has confirmed the validity of their results and the researchers have already demonstrated the attack to federal and state Bureaus of Prisons and a number of federal agencies. Sursa: http://thehackernews.com/2011/11/computerized-prison-doors-hacked-with.html

Da, nici eu nu vreau sa dau 8-10 lei pe o bere.

Am scos imaginea de la semnatura, ar trebui sa fie ok acum.

Ca idee, da, se poate face si pscarie pentru multe lucruri. Cam totul poarta numele de "Acces neautorizat" si nu e legal. Iar legea specifica faptul ca nu ai acces undeva chiar daca ai username si parola (nu conteaza cum obtinute - SQLI sau altceva) cat timp persoana respectiva nu ti-a oferit acordul sa le folosesti. Acum depinde cu cine esti in conflict, cu ce firma, unele pot sa te dea in judecata.

Da, cine stie cineva are un reverse_tcp pe IP-ul vostru chiar in acest moment...

Nu neaparat. Daca vrei sa ai succes in domeniu si sa lucrezi la o firma mare, iti faci publice niste date: numele si adresa de mail. Astfel vei putea intra in contact cu diverse companii si ai sanse mari sa lucrezi intr-un domeniu care iti place. Daca tot ce stie "lumea" despre tine este faptul ca esti "l34k" nu ai facut mare lucru. Pe scurt, e chiar invers: ideea este SA FII "prins". Cat despre meeting, stati linistiti, garantez ca nu prea o sa se vorbeasca chestii tehnice, o sa o dam in cine stie ce discutii stupide.

De ce sa fim filati? Pentru ca "x" gasesti un SQLI in site-ul lui "y"? Cui ii pasa ca cineva a facut deface la rGaming.ro in afara proprietarului acestui site? O sa vina politia sa il caute pe cel care a facut-o? De ce ar face asta? Nu inteleg aceasta paranoia, sa gasesti un SQLI nu e deloc complicat, sunt zeci de mii de persoane care o pot face, deci daca gasesti unul si faci cine stie ce, nu esti tocmai un "badass", un pericol public, un urmarit general al politiei. Zic SQLInjection pentru ca in ziua de azi la asta s-a ajuns: cine stie SQLI, sparge un site de cacat, gata, e hacker in ochii presei, in ochii tuturor. La fel si ratatii de la lulzec si Anonymous, cica "hackeri"... Dar cei care au scris, de placere practic, mii de linii de cod la kernelul de Linux care e gratuit ce sunt? HD Moore care ofera metasploit gratis (bine, inainte de Rapid7) ce e? Muts (Mati Ahroni) si Backtrack-ul, fyodor si n_map...? Si exemplele pot continua. Si da, sunt persoane publice, cunoscute de milioane de oameni poate si uite ca nu sunt la puscarie si nu le e frica de asta. Dar lui "1337Hax0r" de pe RST care a gasit SQLI in www.nea-gigi.hostgratis.com.ro.plm ii e frica... E absurd. Te poate cauta politia pentru: - SQL Injection - daca gasesti la banci, paypal si poate extragi ceva date, sau la diverse companii guvernamentale care au informatii confidentiale in baza de date - Phishing sau Scam - adica pentru tentativa de furt informational. Nu, nu pentru phishing la Yahoo ca vrei parola prietenei, ci pentru phishing la banci - Carding - imparti diverse informatii legate de conturi bancare care nu iti apartin Cam astea ar fi ideile. Daca ar fi sa facem o analogie cu RST, NU aveti voie cu astfel de rahaturi aici, acele rahaturi nu va fac hackeri ci HOTI. E o mare diferenta, foarte putin inteleasa de publicul general.

Super. Ma intreb cine a descoperit asta, daca exista un POC, daca se poate exploata, sau daca a fost folosita pe o scara larga...

Microsoft Visual Studio 11 Developer Preview Visual Studio 11 Developer Preview is an integrated development environment that seamlessly spans the entire life cycle of software creation, including architecture, user interface design, code creation, code insight and analysis, code deployment, testing, and validation. Overview Visual Studio 11 Developer Preview is an integrated development environment that seamlessly spans the entire life cycle of software creation, including architecture, user interface design, code creation, code insight and analysis, code deployment, testing, and validation. This release adds support for the most advanced Microsoft platforms, including the next version of Windows (code-named "Windows 8") and Windows Azure, and enables you to target platforms across devices, services, and the cloud. Integration with Team Foundation Server allows the entire team, from the customer to the developer, to build scalable and high-quality applications to exacting standards and requirements. Visual Studio 11 Developer Preview is prerelease software and should not be used in production scenarios. This preview enables you to test updates and improvements made since Visual Studio 2010, including the following: Support for the most advanced platforms from Microsoft, including Windows 8 and Windows Azure, as well as a host of language enhancements. New features such as code clone detection, code review workflow, enhanced unit testing, lightweight requirements, production IntelliTrace exploratory testing, and fast context switching. This preview can be installed to run side by side with an existing Visual Studio 2010 installation. The preview provides an opportunity for developers to use the software and provide feedback before the final release. To provide feedback, please visit the Microsoft Connect website. The .NET Framework 4.5 Developer Preview is also installed as part of Visual Studio 11 Developer Preview. Note: This prerelease software will expire on June 30, 2012. To continue using Visual Studio 11 after that date, you will have to install a later version of the software. In order to develop Metro style applications, the Visual Studio 11 Developer Preview must be installed on the Windows Developer Preview with developer tools English, 64-bit. Developing Metro style applications on other Preview versions of Windows 8 is not supported. Download: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=27543

E vechi, nu mai e functional probabil...