Nytro

======================================= |-----------:[iNFO]:------------------| |-------------------------------------| | Title: "Linux Hardening & Security" | | Author: Krun!x | QK | | E-Mail: only4lul@gmail.com | | Home: madspot.org | ljuska.org | | Date: 2009-06-20 | ======================================= Content: 1) Intruduction 2) cP/WHM Installation and cP/WHM Configuration 3) The server and it's services | PHP Installation, Optimization & Security 4) Kernel Hardening | Linux Kernel + Grsecurity Patch 5) SSH 6) Firewall | DDoS Protection 7) Mod_Security 8) Anti-Virus - ClamAV 9) Rootkit 10) The Rest of Shits =================== | 1) Intruduction | =================== I wrote a step by step paper how to secure linux server with cP/WHM and Apache installed. By default, linux is not secured enough but you have to understand there is no such thing as "totally secured server/system". The purpose of this paper is to understand how to at least provide some kind of security to the server. I prefer lsws web-server without any Control Panel at all but for this paper I have used CentOS 5 with cP/WHM and Apache web-server installed since a lot of hosting compaines and individuals are using it. Let's start So, you bought the server with CentOS 5 installed. If you ordered cP/WHM together with the server you can skip 2.1 step ============================================ | 2) cP/WHM installation and configuration | ============================================ 2.1) cP/WHM Installation To begin your installation, use the following commands into SSH: root@server [~]# cd /home root@server [/home]# wget http://layer1.cpanel.net/latest root@server [/home]# ./latest ----------------------------------------------------------------------------------------------------- cd /home - Opens /home directory wget http://layer1.cpanel.net/latest - Fetches the latest installation file from the cPanel servers. ./latest - Opens and runs the installation files. ------------------------------------------------------------------------------------------------------ cP/WHM should be installed now. You should be able to access cP via http://serverip:2082(SSL-2083) or http://serverip/cpanel and WHM via http://serverip:2086(SSL-2087) or http://serverip/whm. Let's configure it now. 2.2) cP/WHM Configuration Login to WHM using root username/passwd serverip or http://serverip/whm WHM - Server setup - Tweak Security: ------------------------------------- Enable open_basedir protection Disable Compilers for all accounts(except root) Enable Shell Bomb/memory Protection Enable cPHulk Brute Force Protection WHM - Account Functions: ------------------------- Disable cPanel Demo Mode Disable shell access for all accounts(except root) WHM - Service Configuration - FTP Configuration: ------------------------------------------------- Disable anonymous FTP access WHM - MySQL: ------------- Set some MySQL password(Don't set the same password like for the root access) -If you don't set MySQL password and if someone upload shell(E.G c99) on some site on server he will be able to login into the DB with username "root" without password and delete/edit/download any db on that server WHM - Service Configuration - Apache Configuration - PHP and SuExec Configuration -------------------- Enable suEXEC - suEXEC = On When PHP runs as an Apache Module it executes as the user/group of the webserver which is usually "nobody" or "apache". suEXEC changes this so scripts are run as a CGI. Than means scripts are executed as the user that created them. With suEXEC script permissions can't be set to 777(read/write/execute at user/group/world level) =============================================================================== | 3) The server and it's services | PHP Installation, Optimization & Security | =============================================================================== 3.1) Keep all services and scripts up to date and be sure that you running the latest secured version. On CentOS type this into SSH to upgrade/update services on the server. [root@server ~]# yum upgrade or [root@server ~]# yum update 3.2) PHP Installation/Update, configuration and optimization + Suhosin patch First download what you need, type into SSH the following: root@server [~]# cd /root root@server [~]# wget http://www.php.net/get/php-5.2.9.tar.bz2/from/this/mirror root@server [~]# wget http://download.suhosin.org/suhosin-patch-5.2.8-0.9.6.3.patch.gz root@server [~]# wget http://download.suhosin.org/suhosin-0.9.27.tgz Untar PHP root@server [~]# tar xvjf php-5.2.9.tar.bz2 Patch the source root@server [~]# gunzip < suhosin-patch-5.2.8-0.9.6.3.patch.gz | patch -p0 Configure the source. If you want to use the same config as you used for the last php build it's not a problem but you will have to add enable-suhosin to old config. To get an old config type this into SSH: root@server [~]# php -i | grep ./configure root@server [~]# cd php-5.2.9 root@server [~/php-5.2.9]# ./configure --enable-suhosin + old config(add old config you got from "php -i | grep ./configure" here) root@server [~/php-5.2.9]# make root@server [~/php-5.2.9]# make install Note: If you get an error like make: command not found or patch: Command not found, you will have to install "make" and "patch". It can be done easly. Just type this into SSH: root@server [~]# yum install make root@server [~]# yum install patch Now check is everything as you want. Upload php script like this on the server: <?php phpinfo(); ?> And open it via your browser and you will see your PHP configuration there 3.3) Suhosin Now we can install suhosin patch to get better security and performance. root@server [~]# tar zxvf suhosin-0.9.27.tgz root@server [~]# cd suhosin-0.9.27 root@server [~/suhosin-0.9.27]# phpize root@server [~/suhosin-0.9.27]# ./configure root@server [~/suhosin-0.9.27]# make root@server [~/suhosin-0.9.27]# make install After you installed suhosin you will get something like this: It's installed to /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ Now edit your php.ini. If you don't know where php.ini located it, type this into SSH. root@server [~]# php -i | grep php.ini Configuration File (php.ini) Path => /usr/local/lib Loaded Configuration File => /usr/local/lib/php.ini It means you have to edit /usr/local/lib/php.ini Type into SHH: root@server [~]# nano /usr/local/lib/php.ini If you get an error, nano: Command not found, then: root@server [~]# yum install nano Find "extension_dir =" and add: extension_dir = /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ To save it, CTRL + O and then Enter button. 3.4) We will install Zend Optimizer to get better perfomance: Download Zend Optimizer from Zend Guard - Protect Your IP & Generate More Revenue - Zend.com root@server [~]# tar -zxvf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz root@server [~]# cd ZendOptimizer-3.3.3-linux-glibc23-i386 root@server [~/ZendOptimizer-3.3.3-linux-glibc23-i386]# ./install.sh Welcome to Zend Optimizer installation..... - Press Enter button Zend licence agreement... - Press Enter button Do you accept the terms of this licence... - Yes, press Enter button Location of Zend Optimizer... - /usr/local/Zend, press Enter button Confirm the location of your php.ini file...- /usr/local/lib, press Enter button Are you using Apache web-server.. - Yes, press Enter button Specify the full path to the Apache control utility(apachectl)...-/usr/local/apache/bin/apachectl, press Enter button The installation has completed seccessfully...- Press Enter button Now restart apache, type this into SSH: root@server [~]# service httpd restart 3.5) php.ini & disabled functions Edit php.ini like this: root@server [~]# nano /usr/local/lib/php.ini ------------------------------------------------------------ safe_mode = On expose_php = Off Enable_dl= Off magic_quotes = On register_globals = off display errors = off disable_functions = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd ------------------------------------------------------------- root@server [~]# service httpd restart Or you can edit php.ini via WHM: WHM - Service Configuration - PHP Configuration Editor ========================================================= | 4) Kernel Hardening | Linux Kernel + Grsecurity Patch | ========================================================= Description : grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GPL. It offers among many other features: -An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration -Change root (chroot) hardening -/tmp race prevention -Extensive auditing -Prevention of arbitrary code execution, regardless of the technique used (stack smashing, heap corruption, etc) -Prevention of arbitrary code execution in the kernel -Randomization of the stack, library, and heap bases -Kernel stack base randomization -Protection against exploitable null-pointer dereference bugs in the kernel -Reduction of the risk of sensitive information being leaked by arbitrary-read kernel bugs -A restriction that allows a user to only view his/her processes -Security alerts and audits that contain the IP address of the person causing the alert Downloading and patching kernel with grsecurity root@server [~]# cd /root root@server [~]# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.26.5.tar.gz root@server [~]# wget http://www.grsecurity.com/test/grsecurity-2.1.12-2.6.26.5-200809141715.patch root@server [~]# tar xzvf linux-2.6.26.5.tar.gz root@server [~]# patch -p0 < grsecurity-2.1.12-2.6.26.5-200809141715.patch root@server [~]# mv linux-2.6.26.5 linux-2.6.26.5-grsec root@server [~]# ln -s linux-2.6.26.5-grsec/ linux root@server [~/linux]# cd linux root@server [~/linux]# cp /boot/config-`uname -r` .config root@server [~/linux]# make oldconfig Compile the Kernel: root@server [~/linux]# make bzImage root@server [~/linux]# make modules root@server [~/linux]# make modules_install root@server [~/linux]# make install Check your grub loader config, and make sure default is 0 root@server [~/linux]# nano /boot/grub/grub.conf Reboot the server root@server [~/linux]# reboot ========== | 5) SSH | ========== In order to change SSH port and protocol you will have to edit sshd_config root@server [~]# nano /etc/ssh/sshd_config Change Protocol 2,1 to Protocol 2 Change #Port 22 to some other port and uncomment it Like, Port 1337 There is a lot of script kiddiez with brute forcers and they will try to crack our ssh pass because they know username is root, port is 22 But we were smarter, we have changed SSH port Also, their "brute forcing" can increase server load, it means our sites(hosted on that server) will be slower SSH Legal Message edit /etc/motd, write in motd something like this: "ALERT! That is a secured area. Your IP is logged. Administrator has been notified" When someone login into SSH he will see that message: ALERT! That is a secured area. Your IP is logged. Administrator has been notified If you want to recieve an email every time when someone logins into SSH as root, edit .bash_profile(It's located in /root directory) and put this at the end of file: echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" mail@something.com And at the end restart SSH, type "service sshd restart" into SSH ================================= | 6) Firewall | DDoS Protection | ================================= 6.1) Firewall, CSF Installation root@server [~]# wget http://www.configserver.com/free/csf.tgz root@server [~]# tar -xzf csf.tgz root@server [~]# cd csf In order to install csf your server needs to have some ipt modules enabled. csftest is a perl script and it comes with csf. You can check those mudules with it. root@server [~/csf]# ./csftest.pl The output should be like this: root@server [~/csf]# ./csftest.pl Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing ipt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK No worries if you have no all those mudules enabled, csf will work is you didn't get any FATAL errors at the end of the output. Now, get to installation root@server [~/csf]# ./install.sh You will have to edit conf.csf file. It's located here: /etc/csf/csf.conf You need to edit it like this: Testing = "0" And have to configure open ports in conf.csf or you won't be able to access these ports. In most cases it should be configured like this if you are using cP/WHM. If you are running something on some other port you will have to enable it here. If you changed SSH port you will have to enable a new port here: # Allow incoming TCP ports TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096" # Allow outgoing TCP ports TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703" 6.2) CSF Connection Limit There is in csf.conf CT option, configure it like this CT_LIMIT = "200" It means every IP with more than 200 connections is going to be blocked. CT_PERMANENT = "1" IP will blocked permanent CT_BLOCK_TIME = "1800" IP will be blocked 1800 secs(1800 secs = 30 mins) CT_INTERVAL = "60" Set this to the the number of seconds between connection tracking scans. After conf.csf editing you need to restart csf root@server [~# service csf restart 6.3) SYN Cookies Edit the /etc/sysctl.conf file and add the following line in order to enable SYN cookies protection: ----------------------------------- # Enable TCP SYN Cookie Protection net.ipv4.tcp_syncookies = 1 ----------------------------------- root@server [~/]# service network restart 6.4) CSF as security testing tool CSF has an option "Server Security Check". Go to WHM - Plugins - CSF - Test Server Security. You will see additional steps how to secure the server even more. I'm writing only about most important things here and I covered most of them in the paper but if you want you can follow steps provided by CSF to get the server even more secured. 6.5) Mod_Evasive ModEvasive module for apache offers protection against DDoS (denial of service attacks) on your server. To install it login into SSH and type --------------------------------------------------------------------------------- root@server [~]# cd /root/ root@server [~]# wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz root@server [~]# tar zxf mode_evasive-1.10.1.tar.gz root@server [~]# cd mod_evasive then type... root@server [~/mod_evasive]# /usr/sbin/apxs -cia mod_evasive20.c --------------------------------------------------------------------------------- When mod_evasive is installed, place the following lines in your httpd.conf (/etc/httpd/conf/httpd.conf) -------------------------------- <IfModule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 </IfModule> -------------------------------- 6.6) Random things: csf -d IP - Block an IP with CSF csf -dr IP - Unblock an IP with CSF csf -s - Start firewall rules csf -f - Flush/stop firewall rules csf -r - Restart firewall rules csf -x - Disable CSF csf -e - Enable CSF csf -c - Check for updates csf -h - Show help screen -Block an IP via iptables iptables -A INPUT -s 208.131.183.169 -j DROP -Unblock an IP via iptables iptables -I INPUT -s IP -j ACCEPT -See how many IP addresses are connected to the server and how many connections has each of them. netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n =================== | 7) Mod_Security | =================== Mod_Security is a web application firewall and he can help us to secure our sites against RFI, LFI, XSS, SQL Injection etc If you use cP/WHM you can easly enable Mod_security in WHM - Plugins - Enable Mod_Security and save Now I will explain how to install Mod_security from source. You can't install Mod_Security if you don't have libxml2 and http-devel libraries. Also, you need to enable mod_unique_id in apache modules, but don't worry, I will explain how to do it Login into SSH and type... root@server [~]# yum install libxml2 libxml2-devel httpd-devel libxml2 libxml2-devel httpd-devel should be installed now then you need to edit httpd.conf file, you can find it here: root@server [~]# nano /etc/httpd/conf/httpd.conf You need to add this in your httpd.conf file LoadModule unique_id_module modules/mod_unique_id.so Now download the latest version of mod_security for apache2 from ModSecurity: Open Source Web Application Firewall login into SSH and type... root@server [~]# cd /root/ root@server [~]# wget SourceForge.net: ModSecurity: Downloading ... root@server [~]# tar zxf modsecurity-apache_2.5.6.tar.gz root@server [~]# cd modsecurity-apache_2.5.6 root@server [~/modsecurity-apache_2.5.6]# cd apache2 then type: root@server [~/modsecurity-apache_2.5.6/apache2]# ./configure root@server [~/modsecurity-apache_2.5.6/apache2]# make root@server [~/modsecurity-apache_2.5.6/apache2]# make install Go at the end of httpd.conf and place an include for our config/rules file... Include /etc/httpd/conf/modsecurity.conf --------------------------------------------------------- # /etc/httpd/conf/httpd.conf LoadModule unique_id_module modules/mod_unique_id.so LoadFile /usr/lib/libxml2.so LoadModule security2_module modules/mod_security2.so Include /etc/httpd/conf/modsecurity.conf --------------------------------------------------------- You need to find good rules for Mod_Security. You can find them at official Mod_Security site. Also, give a try to gotroot.com rules. When you find a good rules, just put them in /etc/httpd/conf/modsecurity.conf And restart httpd at the end, type "service httpd restart" into SSH ========================== | 8) Anti-Virus - ClamAV | ========================== You need AV protection to protect the server against worms and trojans invading your mailbox and files! Just install clamav (a free open source antivirus software for linux). More information can be found on clamav website - Clam AntiVirus In order to install CLamAV login into SSH and type root@server [~]# yum install clamav Once you have installed clamav for your CentOS, here are some basic commands you will need: Update the antivirus database root@server [~]# freshclam Run antivirus root@server [~]# clamscan -r /home Running as Cron Daily Job To run antivirus as a cron job (automatically scan daily) just run crontab -e from your command line. Then add the following line and save the file. @daily root clamscan -R /home It means clamav will be scanning /home directory every day. You can change the folder to whatever you want to scan. ============== | 9) Rootkit | ============== Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like: -MD5 hash compare -Look for default files used by rootkits -Wrong file permissions for binaries -Look for suspected strings in LKM and KLD modules -Look for hidden files -Optional scan within plaintext and binary files Instalation: Login into SSH and type root@server [~]# cd /root/ root@server [~]# wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz root@server [~]# tar -zxvf rkhunter-1.2.7.tar.gz root@server [~]# cd rkhunter-1.2.7 root@server [~rkhunter-1.2.7]# ./installer.sh Scan the server with rkhunter root@server [~]# rkhunter -c ========================= | 10) The Rest of Shits | ========================= 10.1) Random suggestions If you use bind DNS server then we need to edit named.conf file named.conf is located here: /etc/named.conf and add recursion no; under Options ---------------------------- Options{ recursion no; ---------------------------- Now restart bind, type into SSH root@server [~]# service named restart This will prevent lookups from dnstools.com and similar services and reduce server load In order to prevent IP spoofing, you need to edit host.conf file like this: This file is located here: /etc/host.conf Add that in host.conf ------------------ order bind,hosts nospoof on ------------------ Hide the Apache version number: edit httpd.conf (/etc/httpd/conf/httpd.conf) ----------------------- ServerSignature Off ----------------------- Disable telnet: Edit file: /etc/xinetd.d/telnet ------------------ disable = yes ------------------ 10.2) Passwords Don't use the same password you are using for the server on some other places. When the Datacenter contacts you via e-mail or phone, always request more informations. Remember, someone alse could contact you to get some information or even root passwords. 10.3) Random thoughts No matter what you need to secure the server, don't think you are safe only because you are not personally involved in any shits with "hackers". When you are hosting hacking/warez related sites you are the target. There is no such thing as totally secured server. Most important things are backups, make sure you will always have an "up-to-date" offsite backups ^^ Anyhow, this is the end of my paper, I hope it will help you to get some kind of security to your server. -Krun!x # milw0rm.com [2009-06-29]

Nu m-am mai ocupat de mult cu asa ceva. Credeam ca e "high" level, daca s-a cerut raspunsul.

Pffff ... JS de 2 lei.

Ho ba ca va tai!

This module will detect most of the sandboxes and virtual machines out there. It's the biggest ANTI-module out there. '--------------------------------------------------------------------------------------- ' Module : mAnti ' DateTime : 29/06/2009 15:59 ' Author : SqUeEzEr ' Mail : scott_van_dinter@hotmail.com ' Purpose : Detect most of the AV's ' by: Usernames ' Computernames ' Loaded Dll's ' HardDrive Names ' Windows Serials ' Emulators ' ' Usage : At your own risk ' Requirements: None ' Distribution: You can freely use this code in your own ' applications, but you may not reproduce ' or publish this code on any web site, ' online service, or distribute as source ' on any media without express permission. ' ' History : 29/06/2009 Created...................................................... '--------------------------------------------------------------------------------------- Option Explicit Private Declare Function GetModuleHandleA Lib "kernel32" (ByVal lpModuleName As String) As Long Private Declare Function GetTickCount Lib "kernel32" () As Long Private Declare Function RegOpenKeyExA Lib "advapi32.dll" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long Private Declare Function RegQueryValueExA Lib "advapi32.dll" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long Private Declare Sub Sleep Lib "kernel32" (ByVal lngMilliseconds As Long) Private Declare Sub ExitProcess Lib "kernel32" (ByVal uExitCode As Long) Public Sub sAnti() Dim aUsers(6) As String Dim aComputers(3) As String Dim aDlls(1) As String Dim aHDDs(3) As String Dim aSerials(1) As String Dim sUser As String * 255 Dim sComputer As String * 255 Dim sWinSerial As String Dim bFound As Boolean Dim lBefore As Long Dim lAfter As Long Dim lhKey As Long Dim sBuffer As String Dim lLen As Long Dim i As Long Dim oSet As Object Dim oObj As Object 'initialize strings and arrays aUsers(0) = "Sndbx" aUsers(1) = "tester" aUsers(2) = "panda" aUsers(3) = "currentuser" aUsers(4) = "Schmidti" aUsers(5) = "andy" aUsers(6) = "Andy" aComputers(0) = "AUTO" aComputers(1) = "VMLOG" aComputers(2) = "NONE-DUSEZ" aComputers(3) = "XPSP3" aDlls(0) = "SbieDll.dll" aDlls(1) = "dbghelp.dll" aHDDs(0) = "*VIRTUAL*" aHDDs(1) = "*VMWARE*" aHDDs(2) = "*VBOX*" aHDDs(3) = "*QEMU*" aSerials(0) = "55274-339-6006333-22900" aSerials(1) = "76487-OEM-0065901-82986" sUser = Environ("username") sComputer = Environ("computername") 'Username Detections For i = 0 To UBound(aUsers) If Left(sUser, Len(aUsers(i))) = aUsers(i) Then bFound = True Next i 'Computername Detections For i = 0 To UBound(aComputers) If Left(sComputer, Len(aComputers(i))) = aComputers(i) Then bFound = True Next i 'Dll Detections For i = 0 To UBound(aDlls) If GetModuleHandleA(aDlls(i)) Then bFound = True Next i 'Emulator Detections, Method by ChainCoder lBefore = GetTickCount Sleep 510 lAfter = GetTickCount If (lAfter - lBefore) < 500 Then bFound = True 'HardDrive Detections, Method by Cobein If RegOpenKeyExA(&H80000002, "SYSTEM\ControlSet001\Services\Disk\Enum", 0, &H20019, lhKey) = 0 Then sBuffer = Space$(255): lLen = 255 If RegQueryValueExA(lhKey, "0", 0, 1, ByVal sBuffer, lLen) = 0 Then sBuffer = UCase(Left$(sBuffer, lLen - 1)) For i = 0 To UBound(aHDDs) If sBuffer Like aHDDs(i) Then bFound = True Next i End If Call RegCloseKey(lhKey) End If 'Windows Serial Detections On Error Resume Next Set oSet = GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf(Split("Win32_OperatingSystem,SerialNumber", ",")(0)) sWinSerial = "" For Each oObj In oSet sWinSerial = oObj.Properties_(Split("Win32_OperatingSystem,SerialNumber", ",")(1)) 'Property value sWinSerial = Trim(sWinSerial) Next For i = 0 To UBound(aSerials) If sWinSerial = aSerials(i) Then bFound = True Next i 'Final check If bFound = True Then ExitProcess (0) End Sub Credits for the anti emulator idea: ChainCoder Credits for the Drive Model Name: Cobein

Vreau sa scriu un articol pentru incepatori in care sa explic cum sta treaba, si sa fie "obligati" sa il citeasca noii veniti. Bine, eu zic ca fac multe dar nu fac niciodata nimic.

A fost super misto. Femei, manele, bautura... Ce altceva mai trebuia?

Ms. Nu mai sarbatoresc... Baui 2 kile de suc si ma doare burta Dar am de toate... Mai am si beutura ( am luat 30 de beri si dupa ce venim de la gratar, se duce tata pe balcon si zice: "Pai bine ma, am luat 30 de beri si acum avem 41" ). Am si vin si lichior si coniac si sampanie. Taria s-a baut. Sunt fericit ca nu m-am imbatat. Cred ca daca ma imbatam ma ducem la pescuit ca incepuse unu dupa ce se imbatase: "Hai ba la peste, sti ce bine merge pestele noaptea?"

Ms baieti. A, da. NU m-am imbatat la propriul majorat, doar m-am ametit.

Of ce ma iubiti voi pe mine <'> De dimineata ploua si nu credeam ca merem la gratar, sper sa se faca frumos sa mergem.

Mersi baieti. Azi nu am baut decat o bere, pe care mi-am cumparat-o singur. Maine sa vad ce fac

Uuuu 10 urari peste noapte, ce ma iubeste lumea Si eu va iubesc pe voi <'> chiar daca mai dau ba un warn, ba un ban... Ei, ce sa faci, asta e meseria mea Azi si maine puteti face ce vreti, injura cat vreti, offtopic pana va pica degetele. De baut ma pastrez pentru maine. Teoretic nu vreau sa ma imbat ( rau ), imi tot zic ca nu ma imbat, nu ma imbat... Dar nu prea cred ca rezist eu pe sec... Mersi baieti

Eheee azi fac 18 ani, ziceti-mi in plm la multi ani

Sper ca ati terminat discutia asta stupida...

0.5 decrypteaza parolele, 0.1 doar uploadeaza signons pe FTP. Cel putin asa cred.

Zilele astea nu dau ban ca sunt fericit Doar closed!

This open source version does not have the best method but with a little altering you can successfully retrieve the necessary files to decrypt FireFox passwords. The new update (0.5) will decrypt these passwords for you on the remote machine and upload them to your FTP server. I did not create this optimized for use, I only made this to keep it as a small-file-size tool, and for fun. I will compromise features for file size in the future, so don’t expect a whole lot of new features or updates on this utility. If you think you would like to use it, it is crypter compatible and if your crypter has custom process injection I would suggest a default browser or system process to inject to,since it will be bypassing most free Firewalls. Version 0.1 Uploads FireFox password file (FTP) Stub Size 2kb (MASM Coded) Verify FTP Login Creates “TinyFox” folder on FTP Builder uses pure API - (OCX substitution for WinInet\Comdlg32) Server Size 2.5kb Version 0.5 Decrypts Passwords Creates computer\user-specific file on FTP server Server Size 5kb Download TinyFox0.5.rar (9kb) .rar"][source] Download TinyFox0.1[src].rar (227kb)

Microsoft extinde downgrade-ul la Windows XP pana in 2011 de Catalin Calciu | 22 iunie 2009 Se pare ca cei de la Microsoft si-au facut un obicei in a-si amana diferitele date limita pe care tot ei le inainteaza, ultimul exemplu venind…bineinteles in ceea ce priveste sistemul de operare Windows XP. Acum, ultima data “limita”, momentan spunem, pentru ca suntem convinsi ca aceasta se va modifica in functie de succesul pe care-l va avea Windows 7, va fi in anul 2011, mai exact, formularea Microsoft spune ca “Va exista dreptul de downgrade timp de 18 luni de la lansarea lui Windows 7, sau pana la lansarea primului Service Pack, oricare dintre aceste doua conditii va fi indeplinita prima”. Oricum, vedem ca Microsoft nu renunta la sustinerea batranului XP, ceea ce este si normal, pentru ca un sistem de operare matur isi are locul sau bine definit in piata.

Adobe si Nvidia anunta accelerarea filmelor Flash de Alex Hanea | 17 iunie 2009 Platforma Adobe Flash este un tot unitar, format din instrumente integrate, framework-uri, aplicatii client si server destinate dezvoltarii aplicatiilor web, a continutului video ce ruleaza indiferent de sistemul de operare si dispozitiv. Continut Adobe Flash ruleaza pe 98 de procente de desktop-urile ce au o conexiune Internet, iar tehnologia Adobe Flash este platforma numarul unu pentru materiale video pe Internet. Mai mult, aproximativ 40 de procente din telefoanele mobile de ultima generatie si alte dispozitive mobile ruleaza continut bazat pe tehnologia Flash. Tocmai de aceea, Nvidia, liderul mondial in tehnologia de procesare vizuala si Adobe Systems Incorporated anunta colaborarea lor in proiectul Open Screen Project pentru a optimiza aplicatia AdobeR FlashR Player, o componenta cheie a platformei Adobe Flash Platform. Astfel, se vor accelera pe unitatea de procesare vizuala (GPU) materialele video intr-un numar mare de dispozitive portabile pentru navigarea pe Internet, incluzand netbook-urile, tablet PC-uri, telefoane mobile etc. Adobe Flash Player va fi accelerat pe o gama larga de procesoare Nvidia, printre care amintim Nvidia TegraT, care va permite utilizatorilor dispozitivelor ultraportabile sa se bucure la maxim de experienta navigarii pe Web, de vizionarea filmelor codate H.264, de rularea aplicatiilor si materialelor video bazate pe tehnologia Flash, oriunde, oricand si pe orice platforma. Nvidia participa activ in proiectul Open Screen, o vasta initiativa cu implicarea a numai putin de 25 de lideri din industrie, ce si-au unit fortele pentru a crea o platforma de dezvoltare ce va rula pe orice dispozitiv. In frunte cu Adobe, membrii proiectului Open Screen urmaresc fructificarea capacitatilor platformei Adobe Flash, pentru ca materialele video si aplicatiile de sine statatoare sa poata rula pe desktop-uri, netbook-uri, dispozitive mobile, televizoare si alte bunuri de larg consum.

Autorii de malware folosesc Google pentru contrabanda de Vlad Matei | 22 iunie 2009 In ultimile zile G DATA a observat atacuri la scara mare asupra utilizatorilor motorului de cautare Google. Procedura folosita de infractori este extrem de vicleana: inscrierea anumitor cereri de cautare conduce la rezultate cu link-uri manipulate. Daca navigatorul le acceseaza, la urmatorul pas un cod malitios este injectat din acel website, care initiaza manevre de camuflaj foarte variate. Astfel, unii navigatori primesc un video codec, altii primesc oferte pentru program de antivirus falsificat. Conform studiilor efectuate de catre G DATA Security Labs, site-ul server-ului malware este in prezent in India. Prezentul val de atacuri, este concentrat asupra utilizatorilor care cauta site-uri cu continut pornografic. Cu toate acestea, G DATA estimeaza ca in curand se va schimba directia atacurilor. Urmatorii care s-ar putea afla in „bataia pustii” pot fi fanii sporturilor, pasionatii de autoturisme sau chiar cei care cauta slujbe. Procedura utilizata de catre infractori Atacatorii incearca sa introduca un cod malitios inlocuind text cu numere hexadecimale. Ca si rezultat, browser-ul poate procesa codul fara nici un fel de problema. Cu toate acestea, pentru oameni si motoare de cautare, acest lucru este ilizibil. Prin aceasta procedura, atacatorii se pot strecura printre filtrele Google. Codul hexadecimal contine cod HTML ascuns care este incorporat in rezultatul paginii web. Acesta este denumit „cross-site scripting”. Daca utilizatorul Google acceseaza rezultatul din cautare, atunci site-ul web dorit se va deschide, dar suplimentat de catre un script provenit de la un domeniu indian. Aparent Google foloseste continutul injectat in evaluarea termenilor cautarii. Link-urile manipulate sunt plasate de catre atacatori in blog-uri, forum-uri sau site-uri „hacked”, iar astfel se atinge un rating foarte bun pentru termenii cautati. Pentru exemplificare, se pare ca un site putin accesat al unei universitati din Statele Unite a fost manipulat astfel incat anumiti termeni de cautare sa apara in topul rezultatelor cautarii. Codul Script descarcat de pe site-ul indian este asemenea bine deghizat. Pagina web rezultata nu este produsa static de catre aceasta procedura, ci sunt o varietate de tipuri de infectii. In teste, expertii de la G DATA Security Labs au venit impotriva fisierelor flash infectate, codecurilor video aparente si a software-ului de antivirus falsificat. Cu toate acestea, intreaga varietate de inselatorii a avut acelasi rezultat – in final se descarca acelasi fisier malware. Masuri de protectie: Clientii G Data erau protejati inca de la inceput impotriva acestei amenintari. Expertii de securitate din Bochum recomanda utilizatorilor Internet-ului, pentru protectia impotriva atacurilor similare: - Intotdeauna sa mentineti sistemul de operare si soft-ul de antivirus actualizat la zi. - Asigurati-va ca protectia antivirus verifica continutul web, inainte de a ajunge la browser. - Dezactivati Java Script din browser (exemplu: cu NoScript in Firefox). - Fara navigare cu drepturi de Administrator.

Phishing cu alerta phishing catre clientii Raiffeisen de Alex Hanea | 18 iunie 2009 Clientii Raiffeisen Bank au fost, miercuri, tinta unui atac de tip phishing, prin care sunt "avertizati" ca, in urma unor atacuri phishing, banca a fost nevoita sa opreasca sistemul de plati online, iar pentru rezolvarea problemei acestia trebuie sa se autentifice pe un site asemanator cu al bancii. "Alerta atac phishing!!! Atentie!!! Utilizatori ai Serviciului Raiffeisen On-Line, in ultima perioada de timp au fost semnalate mesaje de tip phishingtransmise pe e-mail !!! Din motive de atac phishing asupra Raiffeisen Bank a oprit sistemult de transferuri si plati pana la optimizarea platformei tehnice a serviciului Raiffeisen Online. Ne cerem scuze pentru neplacerile create. Pentru rezolvarea acestei probleme Raiffeisen Bank solicita autentificarea in online cu un nou sistem de siguranta crescut de confidentialitate", se spune in mesajul e-mail. De asemenea, in mesaj se arata ca, pentru autentificare, clientii trebuie sa descarce un formular. "Va multumesc pentru intelegere! Raiffeisen Online: Reusim impreuna", se incheie mesajul. Clientii mai multor banci au fost supusi in ultima perioada unor atacuri de tip phishing, care presupune inselarea increderii persoanelor vizate, prin insusirea unei false identitati pe Internet, fara afectarea fizica/informatica a sistemelor institutiei. Mesajele e-mail, transmise aparent din partea bancii si destinate utilizatorilor de posta electronica, sunt realizate astfel incat sa poata fi considerate informari oficiale si legitime ale bancii. Anul trecut, Raiffeisen Bank a fost cea mai vizata institutie bancara din Romania de atacurile phishing, cu 60% din incercari, fiind urmata de BCR (13%), BRD (10%), Piraeus Bank (8,5%) si Banca Transilvania (8,5%), potrivit producatorului de solutii de securitate informatica BitDefender. Sursa: Mediafax

Pericolele din spatele link-urilor sponsorizate de Vlad Matei | 18 iunie 2009 G Data Software anunta ca inca de la inceputul anului 2009, a observat o crestere a utilizarii advertising-ului on-line (link-uri sponsorizate /cuvinte cheie pe Google si advertising prin bannere plasate pe site-uri web) de catre infractorii cibernetici. Din statisticile realizate de G Data pentru URL-uri cu continut, domeniile de providerii de advertising ocupa unele dintre pozitiile de top. In cadrul initiativei G Data de colectare de informatii cu privire la malware, numai in ultimele 7 zile in medie aproximativ 2,5 de URL-uri diferite s-au dovedit a avea link-uri catre site-uri malware. Dintre care, in medie 405 de URL-uri pe zi corespund unor pagini web ale unor provideri de advertising. In cadrul colectiei de date G Data, aceasta a reprezentat un procent de 18% din URL-urile cu malware. Werner Klier, Laboratoarelor de Securitate G DATA: "Economia subterana cumpara advertising pe Google sau pe alte website-uri comerciale sau comunitare pentru a atrage utilizatorii spre paginile web pe care le detin cei interesati. Aici pandeste malware-ul, care este ulterior instalat, fara aprobare din partea utilizatorului de Internet, in drivere sau alte fisiere descarcate. In mod similar cu infectiile cu malware, hackerii incearca prin intermediul advertising-ului achizitionat, sa atraga victimele spre site-uri unde este nevoie de inregistrare. Aici, victimele sunt convinse sa isi introduca datele personale intr-un formular online. Fara sa stie, ei tocmai au efectuat o plata masiva pentru un program inutil sau o versiune “gratuita”, de incercare, in schimbul a mai multe sute de euro." Cu putin timp in urma, infractorii cumparau advertising de la Google, si astfel au aparut, o data cu paginile lor web infectate si datele descarcate, pe una din pozitiile de top. De exemplu, in august anul trecut, infractorii au cumparat link-uri sponsorizate de la Google pentru ca la cautarea de actualizari ei sa ocupe primele 5 pozitii din topul listei de cautare. In loc de actualizarea Adobe Flash Player versiunea 10, victimele care dadeau click pe link primeau un fisier cu aceeasi denumire care continea un virus.

Mi-e lene sa umblu la alte variabile... Plm, cred ca sunt in germana.

"sau voi nu avetzi treaba cu programarea alea, alea? dau pariu ca voi copiatzi cu click dreapta -> copy si apoi click dreapta -> paste desigur ;-) " Ce mm sa inteleg din asta? "folositzi, suntetzi, fratzilor, ajutatzi, dak" Asta vorbesti cu mata pe mess. Asta ca mi-e lene sa-ti dau warn sau ban... PS: Nervii... _|_

Hexate cam toate. Ala e un ratat. A, e fanul meu PS: Asta iti pare cunoscut? Mie imi pare E o oarecare asemanare: