Nytro

phpDesigner 7 phpDesigner 7 is an all-in-one solution for your web-development. It is a rapid fast full-featured PHP editor and PHP IDE with built-in HTML-, CSS- and JavaScript editors and FTP! ~Create, edit, debug, analyze and publish PHP, HTML, CSS and JavaScript ~Speed up your coding with tons of time-saving features ~Support all PHP frameworks e.g. Zend, CodeIgniter, Yii, Symfony and Prado ~JavaScript frameworks jQuery, Ext JS, YUI, Dojo, MooTools and Prototype Perfect for professional developers, novices and anyone, who wants to code great websites and improve their coding skills. Download: http://www.mpsoftware.dk/downloads.php Informatii: http://www.mpsoftware.dk/phpdesigner.php

Pe de-o parte e bine, ca vezi reclame care iti arata ceva util, ce ti-ar putea fi de folos, pe de alta parte ar trebui sa ai o oarecare intimitate...

Stiu si eu unul, dar nu am reusit sa il exploatez, e ciudat de tot, nici nu cred ca poate fi exploatat. Nu e gasit de mine, e gasit de... altcineva. Dar nu am reusit nimic, e posibil sa nu se poata nimic. Gaseste versiunea bazei de date macar, si probabil vei primi ceva. Asta daca reusesti sa o gasesti. Cu Havij sau alte programele nu ai nici cea mea mica sansa.

Major New DNS Vulnerability Discovered Posted by Mathew J. Schwartz, InformationWeek February 25, 2011 The Internet Systems Consortium has issued a warning that certain versions of BIND are vulnerable to a denial of service attack. BIND is the most widely used domain name system protocol implementation. The latest version of BIND, 9.7.3, is not affected, but versions 9.7.1 through 9.7.2-P3 are vulnerable. Attackers could exploit the vulnerability to create a denial of service attack because of the way that BIND handles incremental zone transfers (IXFR), which is a technique for transferring data on top of the Transmission Control Protocol (TCP). "When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time during which the IXFR/update--coupled with a query--may cause a deadlock to occur," according to the ISC's security advisory issued on Tuesday. "This deadlock will cause the server to stop processing all requests. A high query rate and/or a high update rate will increase the probability of this condition." According to the ISC, this severe vulnerability can be remotely exploited, although no related attacks have been seen in the wild. DNS is the technique used to resolve domain names into IP addresses. Accordingly, security experts are urging any organizations running a vulnerable version of BIND to upgrade immediately. "IXFRs between authoritative name servers are a vital part of keeping DNS both alive and correct," said Paul Ducklin head of technology for antivirus firm Sophos in the Asia-Pacific region, in a blog post. With 300,000 new computers being connected to the Internet every day, as well as the role of DNS in supporting cloud computing, its importance continues to increase. "DNS servers are at the heart of many cloud-style security services, providing the mechanism by which up-to-date blocklist data is published," said Ducklin. He also noted that Apple OS X includes a copy of BIND, though most people don't run it. Even if they do, however, the latest Mac operating system, OS X 10.6.6, includes the older BIND 9.6, which is not vulnerable to the above exploit. "Sometimes, being behind the curve is a good thing," he said. Sursa: Major New DNS Vulnerability Discovered - Network Computing

How to be a Programmer: A Short, Comprehensive, and Personal Summary Robert L Read Table of Contents 1. Introduction 2. Beginner Personal Skills Learn to Debug How to Debug by Splitting the Problem Space How to Remove an Error How to Debug Using a Log How to Understand Performance Problems How to Fix Performance Problems How to Optimize Loops How to Deal with I/O Expense How to Manage Memory How to Deal with Intermittent Bugs How to Learn Design Skills How to Conduct Experiments Team Skills Why Estimation is Important How to Estimate Programming Time How to Find Out Information How to Utilize People as Information Sources How to Document Wisely How to Work with Poor Code How to Use Source Code Control How to Unit Test Take Breaks when Stumped How to Recognize When to Go Home How to Deal with Difficult People 3. Intermediate Personal Skills How to Stay Motivated How to be Widely Trusted How to Tradeoff Time vs. Space How to Stress Test How to Balance Brevity and Abstraction How to Learn New Skills Learn to Type How to Do Integration Testing Communication Languages Heavy Tools How to analyze data Team Skills How to Manage Development Time How to Manage Third-Party Software Risks How to Manage Consultants How to Communicate the Right Amount How to Disagree Honestly and Get Away with It Judgement How to Tradeoff Quality Against Development Time How to Manage Software System Dependence How to Decide if Software is Too Immature How to Make a Buy vs. Build Decision How to Grow Professionally How to Evaluate Interviewees How to Know When to Apply Fancy Computer Science How to Talk to Non-Engineers 4. Advanced Technological Judgment How to Tell the Hard From the Impossible How to Utilize Embedded Languages Choosing Languages Compromising Wisely How to Fight Schedule Pressure How to Understand the User How to Get a Promotion Serving Your Team How to Develop Talent How to Choose What to Work On How to Get the Most From Your Teammates How to Divide Problems Up How to Handle Boring Tasks How to Gather Support for a Project How to Grow a System How to Communicate Well How to Tell People Things They Don't Want to Hear How to Deal with Managerial Myths How to Deal with Organizational Chaos Glossary A. B. History (As Of February, 2003) C. GNU Free Documentation License PREAMBLE APPLICABILITY AND DEFINITIONS VERBATIM COPYING COPYING IN QUANTITY MODIFICATIONS COMBINING DOCUMENTS COLLECTIONS OF DOCUMENTS AGGREGATION WITH INDEPENDENT WORKS TRANSLATION TERMINATION FUTURE REVISIONS OF THIS LICENSE ADDENDUM: How to use this License for your documents Legatura: http://samizdat.mines.edu/howto/HowToBeAProgrammer.html

Google Chrome 11 va avea recunoastere vocala de Cristina Enescu | 28 aprilie 2011 Google si-a propus ca facilitatile precum recunoasterea vocala si functionalitatile text-to-speech sa nu mai fie limitate decat la dispozitivele mobile. Se pare ca ultima versiune beta a browser-ului Chrome va avea suport pentru API-ul HTML5 speech input, care le va permite dezvoltatorilor sa scrie aplicatii de recunoastere vocala pentru Chrome in standardul HTML5. Aceasta functionalitate le va oferi utilizatorilor posibilitatea de a adauga text pe un site fara a fi nevoiti sa foloseasca tastatura. Sunetele inregistrate sunt trimise catre serverele speciale Google pentru transcriere. Viteza de recunoastere este destul de mare, asemanatoare celei de pe Google Voice Android. Sursa: Google Chrome 11 va avea recunoastere vocala | Hit.ro

Cam asa ceva? http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+^mysql_query.*\.\%24_GET\.*&sbtn=Search Mai bine asa, sa nu inceapa randu cu mysql_query: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query.*\.\%24_GET\.*&sbtn=Search Si cu spatii, poate ceva de forma: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query.*\.[[%3Aspace%3A]]*\%24_GET[[%3Aspace%3A]]*\.*&sbtn=Search Daca mai punem POST si COOKIE: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query.*\.[[%3Aspace%3A]]*\%24_%28GET|POST|COOKIE%29[[%3Aspace%3A]]*\.*&sbtn=Search Pentru $_GET intre ghilimele, dar da multe alte rezultate: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query\%28\%22.*\%24_GET.*\%22\%29&sbtn=Search LFI sau RFI simplu: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+%28include|require%29.*\%24_GET.*&sbtn=Search RCE: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+%28eval|exec|system|passthru|shell_exec%29\%28.*\%24_GET.*\%29&sbtn=Search Conexiune mysql, cu mici filtre: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_connect\%28\%22[^%28127\.0\.0\.1%29%28localhost%29%28\%24%29].*&sbtn=Search Veniti si voi cu idei...

Tehnologia iti poate distruge viata? de Andrei Ciltaru | 28 aprilie 2011 Socializam pe Facebook, vorbim cu orele la telefon sau, atunci cand nu vorbim, trimitem mesaje de la volanul masinii noastre electrice. Cat de rea poate sa fie tehnologia? Destul de rea, spun cei de la Business Insider, care au alcatuit o lista cu modalitatile in care tehnologia iti poate distruge viata. Mesajele soferilor Din 2001 si pana in 2006, s-au inregistrat 16.000 de victime din cauza tendintei celor aflati la volan de a trimite mesaje, numai in SUA. Nici pietonii nu sunt feriti de aceasta "boala". La spitalele din America au ajuns peste 1.000 de pacienti, ca urmare a lipsei de atentie. "Relationship status: divorced" Comentariile si like-urile de pe Facebook pot naste gelozii atat de puternice, incat sa distruga o casnicie. In final, divortul poate conduce la depresie si, de aici, pot lua nastere alte gesturi necugetate. Tehnologia ne ia din orele de somn Fie ca stam toata noaptea sa jucam ultimul Call of Duty sau sa ne uitam la serialul preferat, orele de somn "mancate" de tehnologie se resimt, pe termen lung. Astea deoarece, potrivit unui studiu facut de cercetatorii americani, lipsa somnului reduce perioada de viata. Pericolul motorului electric Masinile electrice sunt silentioase, motiv pentru care pot deveni un pericol pentru orbi. Lucru stiut foarte bine de producatorii auto, care se gandesc sa adauge un zgomot in exteriorul masinii, pentru a alerta posibilii pietoni ce se bazeaza pe auz. Sursa: Tehnologia iti poate distruge viata? | Hit.ro

Google recunoaste ca inregistreaza deplasarile utilizatorilor Android de Silviu Anton | 28 aprilie 2011 La numai cateva zile dupa ce specialistii in securitate au descoperit ca Apple inregistreaza deplasarile utilzatorilor de iPhone-uri si iPad-uri printr-un fisier de tracking, Google a recunoscut ca foloseste aceleasi practici. Intr-o strategie de genul "mai bine sa previi decat sa combati" sau "mai bine sa le spunem noi inainte sa afle ei", un purtator de cuvant al companiei a declarat ca datele sunt colectate intr-un fisier anonim, alaturi de un numar de identificare, care ajuta la furnizarea informatiilor targhetate pentru mapping si servicii locale. Google sustine ca informatia nu poate fi urmarita astfel incat sa conduca la identificarea unui individ dupa nume, iar datele inregistrate sunt sterse de fiecare data cand telefonul este resetat. Reprezentantul companiei a numit acest “feature”, o optiune a sistemului, desi daca instalezi orice fel de mapping sau aplicatii de cautare, inregistrarea deplasarilor porneste automat. Credeti ca tehnicile parcticate de Apple si Google reprezinta o amenintare la intimitatea si confidentialitatea datelor nostre? Sau reprezinta doar unul dintre compromisurile pe care oamenii ar trebui sa le faca intr-o era in care cu totii vrem acces constant la informatie? Sau poate ar trebui sa ne intoarcem cu totii la asa-numitele dumbphones? Sursa: Google recunoaste ca inregistreaza deplasarile utilizatorilor Android | Hit.ro

Da, nu m-as fi gandit la asa ceva. Ceva banal: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query.*\%24_GET&sbtn=Search

Block Autorun Malware with BitDefender USB Immunizer 27 April 2011 A low-footprint tool to protect both your USB stick and your computer For years, Autorun-based malware has been atop of the worldwide e-threat landscape, with notorious representatives such as Trojan.AutorunInf, the Conficker worm (Win32.Worm.Downadup), Worm.Autorun.VHD or the fearsome Stuxnet. The Autorun feature dates back in the Windows® XP® era, when it was first introduced to facilitate software installations from CD-ROM media for non-technical computer users. This feature has quickly become the cyber-criminals’ tool of choice to automatically execute malware located on infected USB drives. The USB Immunizer – You’re just two clicks away from full protection against Autorun-based e-threats Since early 2009, malware exploiting the Autorun technology in order to subsequently infect other computers via flash disks has significantly increased. Trojan.AutorunINF has been world’s number one e-threat since the second half of 2009, while the other two representatives of the Autorun family – Worm.Autorun.VHG and Trojan.Autorun.AET are constantly present in the global Top 10 malware tops. The evolution of autorun-based malware displayed in percentage points of infection The BitDefender USB immunizer is our response to this growing issue. Divided in two sections, this small utility is able to protect both your storage device and your computer. The Immunize option allows you to immunize your USB storage device or SD card against infections with autorun-based malware. Even if your storage device has been plugged into an infected computer, the piece of malware will be unable to create its autorun.inf file, thus annihilating any chance of auto-launching itself. The Immunize Computer slider allows you to toggle the Autorun feature On or Off for any removable media (except for CD/DVD-ROM devices). If you frequently read and write data from USB sticks or SD cards which do not belong to you or which haven’t been immunized yet, disabling the Autorun option may save you the unpleasant surprise of getting your computer infected without warning. The BitDefender USB Immunizer is available for free on the product’s page located at the BitDefender Labs. Sursa: Block Autorun Malware with BitDefender USB Immunizer - MalwareCity : Computer Security Blog

Un nou telefon de la HTC: Doubleshot, cu Android Gingerbread si tastatura QWERTY de Cristina Enescu | 27 aprilie 2011 Numele HTC Doubleshot a ajuns pe taramul zvonurilor in urma cu cateva zile, cand un angajat HTC a upload o poza pe site-ul de foto-sharing Picassa. Speculatiile care sustin existenta noului telefon HTC au fost generate de informatiile din EXIF-ul imaginii postate. Potrivit acestor date, HTC are in lucru un telefon cu tastatura QWERTY, care ruleaza pe Android 2.3 Gingerbread. Cel mai probabil HTC Doubleshot va avea un procesor dual-core de 1.2GHz si un ecran mare, cel mai probabil de 4 inci, cu rezolutie de 480x800. Alte specificatii includ conectivitatea 802.11 b/g/n si Bluetooth 3.0. Nu se cunoasc alte informatii, desi unele surse sustin ca numele Doubleshot se refera la camerele duale, al caror scop este inregistrarea imaginilor 3D stereoscopice. Au fost descoperite de asemenea indicii ale unei camere de 6MP cu abilitati HDR. Din pacate nu exista imagini disponinile cu dispozitivul, dar cel mai probabil va avea avea un design asemanator cu Desire Z.

Spotlight on Linux: Toorox Apr 26, 2011 By Susan Linton Toorox is a Gentoo-based installable live CD that features your choice of KDE or GNOME desktops. It comes with lots of useful applications including system configuration tools, easy package management, and proprietary code installers. Toorox is sometimes compared to another Gentoo-based distribution, Sabayon. This comparison may be legitimate on the surface, but differences emerge when looking deeper. Sabayon is indeed based on Gentoo as Toorox, but Sabayon is primarily a binary distribution. Package installation almost always involves installing binary Sabayon packages. While this is convenient and often preferred, Toorox compiles and install software from Gentoo sources. Toorox begins life on your computer as a binary installation with all its advantages, such as fast, easy, and ready at boot, but subsequent package installation compiles source packages. So Toorox is perfect for users that would like a source-based distribution, but don't want the initial time and effort investment. Either over time or with a all-at-once effort, one can fairly easily transform Toorox to a full source install. Toorox lists some of their software in an introduction that appears when the desktop starts. These include: - Kernel 2.6.37-gentoo - KDE 4.6.0 - Xorg-Server 1.9.4 - LibreOffice 3.3.1 - IceCat 3.6.13 - Thunderbird 3.1.7 - K3b 2.0.2 - Gimp 2.6.11 - Wine 1.3.14 - VLC 1.1.7 - Amarok 2.4.0 - Audacious 2.4.3 - Ardour 2.8.7 - Kino 1.3.3 - Cinelerra 20101104 Toorox includes two graphical Portage front-ends: Potato and Porthole. Of course, users can use Portage at the commandline just as in Gentoo. In any case, there's plenty of software available to install. In addition, users may wish to install NVIDIA or ATI proprietary drivers. In the Systemconfig are the utilities that will install those. Users may also install Flash and multimedia libraries with the provided scripts. Like other Gentoo-based systems, Toorox suffered through growing pains and initial failings. But also like Sabayon, it's shown great improvement over the years and now gives users a stable and enjoyable experience. The hard drive install is a simple procedure, asking only a few questions. It does offer one bootloader option rarely seen. It offers the usual choices of installing on the MBR or root partition, but it also allows users to add Toorox to an existing bootloader list. To use that option, one merely ticks the partition that contains the bootloader menu. Toorox routinely comes in KDE and GNOME versions for 32-bit or 64-bit systems. The basic look and feel have been updated a bit in the newest releases, but overall it still retains the Toorox personality. This is usually formed from a black to white gradient background embossed with the Toorox logo with dark panels and desktop widgets. The latest wallpaper feature a multicolor design surrounding the Toorox logo and the machine architecture. Stable version 2.2011 was released February 27 and developmental release 3.2011 was released March 30. Toorox is a great choice for those who wish a bit more control over their machine or would like an introduction to Gentoo with a little less pain. Some may say Toorox isn't ideal for new users, but that depends on the user really. In between the vast work of Gentoo and the ease of Sabayon comes Toorox. Give it a try. Sursa: Spotlight on Linux: Toorox | Linux Journal

Fa asa, probabil nu te lasa sa folosesti acele caractere la numele de fisiere: Open "F:\" & Day(Now()) & "-" & Month(Now()) & "-" & Year(Now()) & ".txt" For Append As #1 Print #1, "Test" Close #1 Si ai si functiile Hour, Minute si Secunde, formatezi tu cum vrei.

Open "D:\" & Now() & ".txt" For Append As #1 ?

Da, dar daca iese ceva frumos si elegant, il potin vinde si castigi ceva bani. Poti pune o optiune de editare headere HTTP, daca ar fi si multithreading ar fi perfect... Si inveti multe lucruri noi cand lucrezi la un proiect mai complex.

Hmm, deci poate detecta si posibile Blind SQL Injection? Ai putea sa folosesti mai multi "vectori", sa incerci mai multe lucruri pe acelasi link. Poti sa sniffezi Acunetixu sa vezi ce metode foloseste el si sa te inspiri.

Da, m-am gandit ca se poate face asta. Dar mi se pare dedicat acelor script-kiddie care vor sa gaseasca vulnerabilitati intr-un site si nu conteaza ce site, doar sa fie un site, sa aiba cu ce sa se laude. Nu arata rau, probabil e error-based. Si felicitari daca e facut de tine.

Da, interesant, dar ideea de baza e stupida. Eu vreau sa gasesc SQL Injection in site-ul "x", cu ce ma incanta sa gasesc vulnerabil site-ul lui Vasile, folosind un dork?

Nu m-am uitat la emisiunea asta cacacioasa, dar am vazut cateva videoclipuri pe youtube, si asta chiar nu merita.

Open "D:\Fisier.txt" For Append As #1 Print #1, Text1.Text Close #1

Mi-a dat o poza cu ea, e draguta.

Sau poate sa fie fata. Nu e imposibil sa intre si fete aici.

Ce facea mai bine zis. Pe scurt: "transforma" un executabil detectabil intr-unul nedetectabil.

Security and Data Protection in a Google Data Center Nu e tocmai un tutorial, dar sunt lucruri interesante. Durata: 07:01 (cred ca gasiti voi 7 minute sa il vizionati) Youtube: http://www.youtube.com/watch?v=1SCZzgfdTBo&feature=player_embedded