em

Copy Fail (CVE-2026-31431) is a logic bug in the Linux kernel's authencesn cryptographic template. It lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system. A single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017. The kernel never marks the corrupted page dirty for writeback, so the file on disk remains unchanged and ordinary on-disk checksum comparisons miss the modification. However, the page cache is what actually gets read when accessing the file, so the corrupted in-memory version is immediately visible system-wide. A local unprivileged user can turn this into root by corrupting the page cache of a setuid binary. The same primitive also crosses container boundaries because the page cache is shared across the host. This finding was AI-assisted, but began with an insight from Theori researcher Taeyang Lee, who was studying how the Linux crypto subsystem interacts with page-cache-backed data. He used Xint Code to scale his research across the entire crypto subsystem, and Copy Fail was the most critical finding in the report. https://imgur.com/a/z2EsMAg

Operatorii din Romania sunt obligati sa decodeze telefoanele dupa perioada contractului la pretul de 10 euro.

Daca vrei sa fii angajat si in timpul facultatii zic sa nu te bagi la Politehnica - Calculatoare, nu o sa ai timp de nimic. Politehnica - Automatica sau ASE cu cibernetica poate fi o cale destul de buna. La poli gasesti cam toate cursurile aici https://ocw.cs.pub.ro/courses/

Pana la urma ce vrei sa obtii? Sa te angajezi in IT? Sa faci o facultate? Care e interesul tau de fapt? Se angajeaza programatori si fara facultate (mai ales pe QA). Mai mult de atat, acum nu mai conteaza ce facultate ai ca sa fii scutit de impozit.

Salut și bine ai venit, Să te gândești de două ori înainte să dai bani oamenilor de pe aici. Mai umblă și țepari prin zonă.

Try logging with the user "root" without a password on the latest ver of MacOS (try two times) https://mobile.twitter.com/lemiorhan/status/935581020774117381 LE: Already news https://www.laptopmag.com/articles/root-macos-high-sierra

Ne vedem acolo.

Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. - In timpul acestui tutorial mi-am dat seama ca mai am nevoie de pachetele po4a, libtool, texi2html. sudo apt install po4a libtool texi2html Folosesc American Fuzzy Lop (afl). - http://lcamtuf.coredump.cx/afl/' $ wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz $ tar xf afl-latest.tgz $ cd afl-2.39b/ $ make $ sudo make install Ca să vedeți dacă s-a intalat cu succes puteți verifica tastând afl-gcc $ afl-gcc afl-cc 2.39b by <lcamtuf@google.com> This is a helper application for afl-fuzz. It serves as a drop-in replacement for gcc or clang, letting you recompile third-party code with the required runtime instrumentation. A common use pattern would be one of the following: CC=/usr/local/bin/afl-gcc ./configure CXX=/usr/local/bin/afl-g++ ./configure You can specify custom next-stage toolchain via AFL_CC, AFL_CXX, and AFL_AS. Setting AFL_HARDEN enables hardening optimizations in the compiled code. În principiu acest program se așteaptă ca ținta testată să citească fișiere. Să zicem că vrem să testăm utilitarul "wc" (utilitar care numără linii în linux). man wc .. derulăm până jos cu SHIFT-G .. [..] GNU coreutils 8.25 Bun am aflat că wc face parte din pachetul coreutils. Hai să luam sursa de coreutils și să o compilăm Din moment ce folosesc ubuntu server o caut direct pe repo-urile canonical. O găsesc aici $ wget http://archive.ubuntu.com/ubuntu/pool/main/c/coreutils/coreutils_8.25.orig.tar.xz $ tar xf coreutils_8.25.orig.tar.xz $ cd coreutils-8.25/ $ CC=afl-gcc ./configure $ make Bun. Acum am compilat utilitarul pe care vrem sa il testam cu afl-gcc. Hai să verificăm dacă chiar au fost adăugate simbolurile fuzzerului. $ cd src/ $ strings ./wc | grep -i afl [..] __afl_fork_pid .AFL_VARS __afl_global_area_ptr Totul e în regulă deci. Hai să verificăm că programul nostru chiar merge. $ ./wc /etc/passwd 33 48 1740 /etc/passwd Fuzzerul are nevoie de două foldere. Unul pentru input altrul pentru output. $ mkdir in/ $ mkdir out/ $ echo "test" > in/input $ echo "test2" >> in/input # testam $ ./wc in/input 2 2 11 in/input Acum hai să pornim o rulare. $ afl-fuzz -i in/ -o out/ ./wc @@ american fuzzy lop 2.39b (wc) lq process timing qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwq overall results qqqqqk x run time : 0 days, 0 hrs, 0 min, 5 sec x cycles done : 0 x x last new path : 0 days, 0 hrs, 0 min, 2 sec x total paths : 58 x x last uniq crash : none seen yet x uniq crashes : 0 x x last uniq hang : none seen yet x uniq hangs : 0 x tq cycle progress qqqqqqqqqqqqqqqqqqqqwq map coverage qvqqqqqqqqqqqqqqqqqqqqqqqu x now processing : 0 (0.00%) x map density : 0.23% / 0.25% x x paths timed out : 0 (0.00%) x count coverage : 1.92 bits/tuple x tq stage progress qqqqqqqqqqqqqqqqqqqqnq findings in depth qqqqqqqqqqqqqqqqqqqqu x now trying : havoc x favored paths : 1 (1.72%) x x stage execs : 21.6k/32.8k (65.87%) x new edges on : 8 (13.79%) x x total execs : 23.7k x total crashes : 0 (0 unique) x x exec speed : 3591/sec x total hangs : 0 (0 unique) x tq fuzzing strategy yields qqqqqqqqqqqvqqqqqqqqqqqqqqqwq path geometry qqqqqqqqu x bit flips : 8/88, 1/87, 1/85 x levels : 2 x x byte flips : 0/11, 1/10, 4/8 x pending : 58 x x arithmetics : 1/616, 0/75, 0/0 x pend fav : 1 x x known ints : 0/62, 3/280, 3/352 x own finds : 57 x x dictionary : 0/0, 0/0, 0/0 x imported : n/a x x havoc : 0/0, 0/0 x stability : 100.00% x x trim : 0.00%/2, 0.00% tqqqqqqqqqqqqqqqqqqqqqqqqj ^Cqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj [cpu000: 44%] O să găsiți inputurile care crapă programul în ./out/crashes și cele care îl blochează în ./out/hangs. Have fun

Amazon cauta ingineri cu experienta pe Security si/sau Virtualizare. Beneficii OK, colegi foarte inteligenti. Pentru intrebari/curiozitati PM sau aici. https://www.amazon.jobs/en/jobs/494863

Suntem o țară low-cost. Sunt foarte multe firme care aganjează oameni. Nu sunt destui absolvenți pe an care să acopere deficitul.

Update: Se pare că omul de fapt nu a semnat nimic. A făcut un replay attack. https://www.reddit.com/r/Bitcoin/comments/4hflr3/craig_wrights_signature_is_worthless/ Australian entrepreneur Craig Wright has publicly identified himself as Bitcoin creator Satoshi Nakamoto. His admission follows years of speculation about who came up with the original ideas underlying the digital cash system. Mr Wright has provided technical proof to back up his claim using coins known to be owned by Bitcoin's creator. Prominent members of the Bitcoin community and its core development team say they have confirmed his claims. But many others in the Bitcoin world are asking for more proof. Signed blocks Mr Wright has revealed his identity to three media organisations - the BBC, the Economist and GQ. At the meeting with the BBC, Mr Wright digitally signed messages using cryptographic keys created during the early days of Bitcoin's development. The keys are inextricably linked to blocks of bitcoins known to have been created or "mined" by Satoshi Nakamoto. Sursa: http://www.bbc.com/news/technology-36168863

Ofer preț premium.

Boss, vezi că superi entitatea statală din spatele lui Marius

Topic închis. Cine vrea să doneze știe unde. // Later edit: Unlocked. Cine mai face offtopic aici ia ban pe viață.