SirGod
-
Posts
784 -
Joined
-
Last visited
-
Days Won
27
Posts posted by SirGod
-
-
Dupa cum spune si titlul, este un ghid de securitate pentru Windows. Este facut pentru cei care nu sunt chiar experti in domeniu, cu explicatii naturale (scris pentru blogul meu). Doar cateva sfaturi si programe recomandate.
1) Always use an anti-virus software and a firewall. Now, there are many products available all around the web, but you can’t just use the first product you come across. All security vendors will worship their product telling you that it offers the best security you can get, but it is not like that. Now, you may be wondering what are you supposed to choose, I can’t help you very much with this. I just recommend you to constantly take a look at the latest reports of anti-virus testing companies, such as: AV-Comparatives, AV-Tests, Virus Bulletin and so on. There you will be able to see the performance of every anti-virus software tested (detection rate, disinfection capabilities etc.). Then you are capable of distinguishing the best and the worst anti-virus products based on facts, not words. My recommendations would be: Kaspersky, Avira, Bitdefender, G-Data and Norton (don’t hate me if I missed your beloved anti-virus). Personally, I use Kaspersky Internet Security 2011 and I am quite content of it. Most anti-virus products have auto-update, but in case yours doesn’t have, keep it up to date, always. As you probably know, you can choose a standalone anti-virus product and a standalone firewall or, like me, you can choose a security suite including both. I also strongly recommend you to use an on-demand virus scanner (not another anti-virus, two anti-viruses are never a good choice), such as Malwarebytes’ Anti Malware. Why? Because it has a great detection and it might detect something that your antivirus doesn’t.
2) Windows updates. Always keep your operating system up to date no matterhow much it nags you, it is important. Besides stability updates, error fixing updates etc., Microsoft provides security updates for the operating system and the products associated with it (e.g. Microsoft Office). Keeping your system up to date doesn’t make you invulnerable, but it reduces considerably the probability of being hacked. I recommend you to update the system as soon as the updates are available (check for updates every week).
3) Browser updates. Maybe the most important thing is to keep up to date your web browser and the plugins/add-ons installed on it. Why? Because the web browsers are the most targeted applications when it comes to exploitation. Every week there are all kinds of vulnerabilities discovered in web browsers. Obviously, your browser has a built-in updater, use it regularly (let’s say every week).
4) All programs updates. You update your system, you update your browser, but what about your other applications? Update them, all of them. Your media player, your torrent client, your IM client, your design application, no exceptions. You can’t be always sure that you don’t download a crafted file containing an exploit meant to remotely operate your computer. And you don’t know if a remote exploit has just been released in the wild and somebody is going to target it against you. You may find painful updating all your applications. You must open each one and check for a new version. Fortunately, we have a very handy tool at our disposal. It is called FileHippo Update Checker (I am sure that out there are many other tools similar to this one, choose which one you think is the best). The application, once launched, will scan your computer (in a few seconds) for known programs and check if a new version of each program has been released. The results will be displayed in your browser together with the download links for the new versions of your outdated programs.
5) Sandbox/Virtual Machine. If you download unknown software (you are not sure about its origin) and you really need to use it, do this: run it in a sandbox or on a virtual machine. Personally, I use Kaspersky Internet Security’s integrated sandbox, but if you have another antivirus, install Sandboxie. A sandbox will run the application in an isolated space which prevents malicious software from making permanent changes to other programs and data in your computer. You can also use a Virtual Machine: VMWare, Virtual PC etc., it doesn’t matter. Install on it your operating system but do not save important data or passwords on your virtual machine. If you get infected in your virtual machine, the loss of information will be drastically reduced, almost to zero, but if you get infected in your daily enviroment, you can lose precious data such as correspondence, files, passwords etc.
6) Analyse the file. You have downloaded a file and you need it and you have above average knowledge when it comes to viruses. Your antivirus has found it clean, but you are still suspicious, you don’t even want to run it in a Virtual Machine or Sandbox, or you want to check it before. What are you supposed to do? Upload it on Virus Total. Then your application will be scanned with 41 (currently) anti-viruses so you can see the results. Furthermore, the service provides you additional info, such as: PEInfo, TrID and some other useful information. Another great service is Anubis from iSecLab. You upload your executable file and you get detailed information on it: registry activity, packers, file activity and so on. And, do not forget, always look for Digital Signatures. If the application is digitally signed, the possibility that the application is infected is reduced dramatically.
7) Safe passwords. Use them. Generate safe passwords using password generator software or even your own algorithm. Use letters, numbers, capital letters, special characters. One password for one account, don’t use the same password for two accounts or more. Of course you can’t remember such passwords, but we have KeePass. KeePass is a very advanced password manager software. It has also a built-in password generator that will generate passwords based on your criteria. The database containing the passwords is encrypted and unbreakable (so far) if you use a strong master password. KeePass encrypts the passwords even in memory (when you copy them) so there is impossible for other applications to intercept them.
8) Security enhancements. You just can’t search the web daily to see if new vulnerabilities have been discovered in your software. Luckily, Secunia PSI helps you. Secunia PSI detects all (or almost) the programs you have installed on your computer and checks if there’s a vulnerability for the version of the software you are using. If it is, Secunia will alert and offer you a solution if available (update). If no solution is available, you will know what programs you shouldn’t use (or you can use a similar program) until a patch is issued. Another great security enhancement tool is EMET (Enhanced Mitigation Experience Toolkit) from Microsoft. If a vulnerability has just been discovered, you can’t find a patch right away, so your system is prone to compromise. EMET makes the exploatation of the vulnerabilities present in your software harder, impossible sometimes. You can select your applications (browser, media player, java, flash player etc.) and apply a decent range of protections, such as DEP, ASLR, SEHOP, protection against Heap Spray attacks, EAF and so on, directly from EMET’s GUI. This way, you are almost sure that no attacker can exploit your software’s vulnerabilities. As I have said, it doesn’t stop the attacks 100%, but it makes difficult, if not impossible, for the attacker to compromise your system.
9) Browsing security. Updating your browser doesn’t prevent your accounts to be stolen. All you can do is to make sure you don’t fall into a scam page or a cookie stealer (Cross-Site Scripting exploitation, usually). For luck, developers have this covered for us. A plethora of add-ons is ready to be installed and protect us. Extensions as WOT (Web Of Trust) can make our browsing even safer, it will alert us if we follow a dubious URL (scam page or pages containing exploits). Against Cross-Site Scripting attacks, we can use NoScript. This way you’ll surf the web more comfortable. If you received an e-mail with odd links or just simple images, after viewing the e-mail, sign out of the email and log back in, if needed. It takes only a few seconds. Doing this, if the link or the image were malicious and grabbed your cookie, the cookie would be useless for the attackers since you logged out. Security problems belonging to the websites are the responsibility of their administrators. No doubt there are more ways to harden your computer’s security, but follow this steps and make it harder for hackers to compromise your system or your accounts.
Remember, this guide is far from being complete. If you have any question, use the comment form below.
-
Nu inteleg de ce toata lumea sare in sus ca e facatura. Sunteti toti experti in domeniu si stiti ca acest lucru nu poate fi realizat? Tehnologia evolueaza exponential, iar cum motion detection nu e un subiect tocmai de ultima ora, nu vad de ce nu ar fi posibil.
-
App de Havij ... Cum poti verifica daca functioneaza proxy ?
Il testezi pe un site propriu. Creezi o pagina care PHP care salveaza IP-ul si testezi Havij pe pagina respectiva. Apoi vezi daca IP-ul salvat coincide cu proxy-ul utilizat de tine.
da, nu stiu nimic, habar n-am. multumesc de reply la topic!cheers
-
pe sistem tin asa:
1. avira 2012 free
2. bitdefender free
3. avast free
4. antikeyscrambler 2.8.2 premium
5. firewallul de windows 7 configurat cum trebuie
*antivirusii nu intra in conflict si functioneaza impecabil impreuna
si sandboxies:
bt5
centos
winxp sp3 (fara antivirus,process explorer)
windows 7 (fara antivirus, process explorer)
Trei produse anti-virus. Foarte ineficient si inutil. Cred ca nu stii ce e ala un sandbox atata timp cat zici ca BackTrack 5, CentOS etc. sunt sandboxes.
NB: toate programele de genul asta le rulez mereu in sandbox indiferent daca este curat sau nu.Vrei sa zici in virtual machine.
-
"Unless their chipset has already been exploited and jailbroken on a previous device, it takes a lot of time for the iOS jailbreaking community to jailbreak for a new iOS device. The iPhone 4S and iPad 2, both of which are based on a still unexploited dual-core A5 chip, haven't received a jailbreak for iOS 5 yet. However, it appears they'll be getting one soon, as a certain eminent iPhone hacker has let us know that the iPhone 4S has jailbroken, and a jailbreak for the iPad 2 is in the works."
More:
http://www.redmondpie.com/jailbreak-iphone-4s-5.0.1-ios-by-iphone-dev-team/
Source: slashdot.org
-
Iti recomand, pe langa uitatul la filme, cititul zilnic si conversatie:
Gramatica, vocabular, fonetica etc.
Un forum foarte bun, poti pune orice fel de intrebari legate de limba Engleza. Vei primi un raspuns bun (si in scurt timp, de obicei), cel mai probabil venit de la utilizatori avansati, profesori, vorbitori nativi cat si profesori nativi.
Pentru convorbiri (oral, scris)
Language Exchange Community - Practice and Learn Foreign Languages
Language Exchange Community - Practice Foreign Languages
Aici poti vorbi cu diversi oameni, din diferite tari, interesati de anumite limbi. Unii sunt interesati de Romana, de exemplu. Tu il ajuti cu Romana, el cu Engleza.
Dictionare
Dictionary, Encyclopedia and Thesaurus - The Free Dictionary
La Cambridge ai si pronuntie disponibila (UK/US).
Bonus
Corpus of Contemporary American English (COCA)
Este un corpus. Mai exact, o baza de date cu diverse texte luate din ziare, convorbiri orale, reviste, carti, texte academice etc. La ce iti foloseste? Poti vedea, actualmente, cum folosesc limba vorbitorii nativi intr-o varietate de contexte. Poti vedea, de exemplu, cum se folosesc anumite constructii (e.g. verbe cu prepozitii), cat de des si in ce context. Este putin mai greu de inteles ce si cum, dar ai la dispozitie destule informatii pe site.
-
Cred ca o sa vin si eu, tocmai am fost anuntat de begood.
-
Dan Brown.
-
-
Vizionati asta:
Merita.
-
Ai PM.
The message you have entered is too short. Please lengthen your message to at least 10 characters.
-
@necunoscut1
//Edit
Pff, cand am vazut cine esti si cum arati...
Nu mai e nevoie de nimic. -
si ce face asta mai exact?
Remote Command Execution
-
Everest e varf nu munte
Nu ala e scopul. Stiu si eu ca e varf. Intrebarea avea alta smecherie, nu ca e varf si nu munte.
-
2. Inainte de a fi descoperit Everest, care a fost cel mai inalt munte din lume?
Everest. Doar ca nu era descoperit.
-
Acum citesc Simbolul pierdut de Dan Brown. Cum ma asteptam, exceptionala carte. Mai am putin si o termin.
-
Eu folosesc Browser Guard de la Trend Micro.
http://free.antivirus.com/browser-guard/
Detalii
Key Benefits
Protects against zero day exploits
Detects buffer-overflow and heap-spray attacks
Protects against execution of shell code
Analyzes and protects against malicious JavaScript
Connects with Trend Micro Smart Protection Network to maximize detections -
Salutari, cumpar XSS yahoo.com sau cumpar cookie-urile la 3 conturi de e-mail. Mai direct daca e cineva cu xss si vrea sa il vanda, il pot cumpara si il folosesc singur, sau daca vrea sa ma ajute cu 3 conturi si imi da cookie-urile pt ele, discutam in privat cum facem plata, si iar e foarte ok. Salutari.
Si cat esti dispus sa dai pentru un XSS?
-
Suntem frumosi ma. Venii nosferatu asta cu picioarele lui si ne strica topicu. Urat.
-
Pur si simplu penal.
-
Pfff, de ce la orice eroare toti afirmati clar si raspicat: "DDOS". Calmi fratilor, poate au probleme interne(echipamente, etc) , probleme hardware la servere sau probleme cu aplicatiile, de ce trebuie sa fie mereu DDOS? Cine cacat ar da DDOS la Google si de ce?
-
Intersante primele commenturi de la ghostery. Iti fac o asa pofta de instalare a addonului:
.9 hours agoMark as spam
DO NOT DOWNLOAD!!! SCAM & PHISHING EXTENSION!!!
anonymous3 days agoMark as spam
this is stoopid
asmp3 days agoMark as spam
This extension is dangerous... blog.betteradvertising.com/2010/01/19/better-advertising-acquires-ghostery/ man! To think I was almost installing this piece of sh.....
Seyss6 days agoMark as spam
the bottom line of this extension is to collect data about its users to feed a ad corporation
it doesnt give a shit about users' privacy. -
@dragosh: Mersi, au aparut, dar nu toate.
@begood: Mate M1, info T2.
-
Eu sunt multumit.
Romana - 9,30
Matematica - 6,00
Informatica - 9,20
Media - 8,16
Voi ce ati facut?
Typo3 v4.5-4.7 Remote Code Execution (RFI/LFI)
in Exploituri
Posted
Typo3 e un script foarte folosit. Problema este ca pentru a exploata vulnerabilitatea e nevoie de register_globals ON (sanse mici spre foarte mici).