-
Posts
1909 -
Joined
-
Last visited
-
Days Won
26
Everything posted by em
-
La un moment dat devii foarte bun pe treaba ta ?i lumea te ?tie. Ori te retragi din peisaj ?i î?i vezi de via?a ta (low profile) ori te retrag b?ie?ii câ?iva ani.
-
Closed. Feedback pe privat, daca vre?i. Gramatica 6/10 Ajutor dat altora +1 Ai venit pe forum mai mult pentru trading -3 Fa si tu un tutorial. Trebuie sa fii expert pe ceva, fa un articol.
-
Salut, CTF-like quiz. Merge pe Android/Ios. Propun s? colabor?m ca s? îl rezolv?m. What is none* | none* game
- 1 reply
-
- 1
-
Download 5x Faster With Windows 10 (Free for RST Members)
em replied to aldighaz's topic in Cosul de gunoi
Eu îi dau ban ?i ne explic? el când are timp. -
Folosesc Windows 10 de când a ap?rut. Pot s? zic c? l-au f?cut din ce în ce mai bun. (Compara?ie cu W8) Fa?? de Windows 8: Pro: - Revenirea la start menu (care acum poate face ?i resize). - Tot nu po?i sc?pa de aplica?iile metro în meniul de start. Dar le po?i face pe toate foarte mici. Unele din ele au ?i preview (cea cu vremea) - În sfâr?it o aplica?ie de calendar decent? (calendarul care apare când ape?i click pe ceas era acela?i de la Windows 95 în coace). Acesta va putea fi sincronizat cu Google, de exemplu. - Sistem de notific?ri unificat (adic? ai un singur tip de notific?ri, nu utorrent un popup, windows altfel de popup, chrome altfel) - DirectX12 - Multiple Desktop la fel ca pe Linux (ctrl+windows+sageti). Pot sa zic ca e mai rapid/usor de folosit. - In sfarsit cmd.exe care copy/paste/select Contra: - Fiind un "preview" - foarte multe bsod-uri, buguri. Glitch-uri. - Foarte IO intensive (mai ales la boot). Imi amintesc ca pe Windows 7 bootam si sanatate. Aici imi sta HDD-ul la full load inca 2 minute. - Aplica?iile metro de set?ri (control panel) sunt mult mai restrictive, cu mult mai pu?ine op?iuni.
-
A group of Columbia University security researchers have uncovered a new and insidious way for a hacker to spy on a computer, Web app or virtual machine running in the cloud without being detected. Any computer running a late-model Intel microprocessor and a Web browser using HTML5 (i.e., 80% of all PCs in the world) is vulnerable to this attack. The exploit, which the researchers are calling “the spy in the sandbox,” requires little in the way of cost or time on the part of the attacker; there’s nothing to install and no need to break into hardened systems. All a hacker has to do is lure a victim to an untrusted web page with content controlled by the attacker. Once there, the software inside the bogus content launches a program that manipulates how data moves in and out of a victim PC’s cache, which is the part of the CPU that serves as the intermediary between the high-speed central processor and the lower-speed random access memory or RAM. The exploit then records the time it takes for the victim’s PC to run various operations in the cache memory, using the browser’s own high-resolution timers (we’re talking nanoseconds here). By studying the time it takes for memory access to take place, the hacker can get an accurate picture about a user’s browser history, keystrokes and mouse movements. The attack is more for spying than theft: it doesn’t steal any data or passwords or corrupt the victim’s machine. The “spy in the sandbox” is what’s known as a side-channel attack, which is one of the older tricks in the hacker’s black bag. Such an attack usually involves interpreting what’s going inside a computer guts by measuring physical outputs such as sound, electromagnetic radiation or power consumption. In the 1980s, Soviet spies reportedly were suspected of having planted tiny microphones inside IBM Selectric typewriters to record the striking of the type ball as it hit paper to determine which key was pressed. Other old-school side-channel hacks include filming and analyzing the blinking lights on old modems or external hard drives. Bad guys have since used side-channel attacks to steal pay TV streams and cars and break into phones. Modern-day side-channel attacks now take the form of reading the activity of processors, memory or networking ports. The recent and massive shift of computing to cloud services such as Amazon EC2 or Microsoft Azure initially raised fears that hackers would be able to spy among virtual machines shared on the same servers (which is how clouds get their cost efficiencies), but apart from research done in 2009 showing that it is hypothetically possible for one virtual machine to spy on another by studying how it uses computing cycles, so far there haven’t been any publicly confirmed side-channel attacks by bad guys in the cloud. Amazon tried to downplay the 2009 report by researchers at MIT and UC-San Diego. While it’s difficult to launch a side-channel attacks in a secured cloud, it would be far easier on the open web. A handful of security researchers have already proven various techniques, a recent one of which used a radio receiver to steal cryptographic keys from a computer sitting a few feet away. Yuval Yarom, a researcher from the University of Adelaide, Australia, last year presented a way to use a cache memory side-channel attack to steal a victim’s Bitcoin secret key after observing about 25 Bitcoin transactions. The Columbia researchers, Yossef Oren, Vasileios Kemerlis, Simha Sethumadhavan and Angelos Keromytis, used the same technical method as Yarom but focused on how such an attack could be built into a simple Web page to hit the most amount of users as possible—without being detected. The Columbia researchers created this exploit to prove it could work and shed some light on vulnerabilities in common browser and cache memory architecture. In doing so, they point to a couple of ways to thwart the attack. One would be to restrict access to the high-resolution timer to only those applications that gain the user’s consent by displaying a confirmation pop-up dialog box or that have been approved by an app store. Another way would be to use separate Javascript software that would analyze how memory is being accessed to spot telltale spying behavior and modifying a response by, for example, jittering the high-resolution timer or dynamically moving arrays around in memory. Sursa: New Browser Hack Can Spy On Eight Out Of Ten PCs - Forbes Full paper : http://arxiv.org/pdf/1502.07373v2.pdf
-
The head of the US Department of Homeland Security has warned the cyber security industry that encryption poses “real challenges” for law enforcement. In a speech at a cyber security conference, RSA in San Francisco, Jeh Johnson called on the industry to find a solution that protected “the basic physical security of the American people” and the “liberties and freedoms we cherish”. He said he understood the importance of encryption for privacy but asked the audience to imagine what it would have meant for law enforcement if, after the invention of the telephone, all the police could search was people’s letters. “The current course on deeper and deeper encryption is one that presents real challenges for those in law enforcement and national security,” he said. Mr Johnson’s comments echo those of FBI director James Comey who called on Congress last year to stop the rise of encryption where no one held a key and so law enforcement agencies could not unlock it. In the UK, the director of GCHQ criticised US technology companies last year for becoming “the command and control networks of choice” for terrorists by protecting communications. Across Europe, police forces have become concerned by their inability to track the communications of people who plan to travel to the Middle East to join the Islamic State of Iraq and the Levant (Isis). Technology companies including Apple, Google and Facebook have all strengthened encryption on products used every day by millions of people, partly as a reaction to the Edward Snowden revelations of a mass National Security Agency surveillance programme. These services include Apple’s iMessage and Facebook’s WhatsApp. Google and Yahoo have pledged to adopt end-to-end encryption for their web mail services this year. Mr Johnson was speaking at a conference where almost 30,000 people working in the security industry have gathered for the week and several encryption-focused security companies are selling their wares. “Our inability to access encrypted information poses public safety challenges, making it harder for your [uS] government to find criminal activity,” he said. Unlike in the fight against terrorism or conventional warfare, governments are having to depend on the cyber security industry to defend companies and the nation. Mr Johnson said the government needed help from the private sector. He announced plans to open an office of the Department of Homeland Security in California’s Silicon Valley and also called on security engineers to do a “tour of service” for their country by spending a stint in government. Sursa: US warns of risks from deeper encryption - FT.com Voi ce p?rere ave?i? Primeaz? dreptul statului de a controla mesajele schimbate între cet??eni pentru a combate terorismul sau cet??enii s? aib? dreptul s? foloseasc? orice encrip?ie vor?
-
Trashed. Gunoi
-
Unde e deface + dump SQL?
-
De?i de obicei nu facem asta, o s? fac o excep?ie pentru tine. Mereu m-a deranjat chestia asta. Oamenii bana?i pentru carding fac pe virginele. Noi îi scoatem de pe forum ca s? nu fie probleme nici cu forumul, nici cu ei (cine ?tie unde ajunge baza de date vreodat?). @viscolul, Dac? vrei s? mai intrii pe aici, nu mai pomeni ceva de nick-ul t?u vechi. Este spre binele tuturor.
-
Topicul era din 2014, deasupra fiec?rui post se poate vedea data. Nu ai voie s? reînvii topicuri moarte.
-
Ai primit ban pentru carding. Am reverificat banul si dovezile, este dat pe bune. Nu mai exist? o alt? cale de apel.
-
Reclama?iile se fac doar în nume personal. Nu ?tiu ce e atât de greu s? ignori pe cineva care te sâcâie. Fac asta de când m? ?tiu, func?ioneaz? de minune.
-
Va multumesc. Poate om iesi la o bere cu totii lunile urmatoare.
-
S? pui ?i sursa prin zon?. Totu?i lumea se logheaz? cu userul de pe forum.
- 7 replies
-
- #rstforums
- client
-
(and 3 more)
Tagged with:
-
Daca folositi acest chat vi se va vedea IP-ul real. cius.
-
Am inregistrat #rstforums pe freenode. Join me Link de web: freenode Web IRC (qwebirc)
-
ATENTIE: uTorrent Installs a Bitcoin Miner to Steal CPU Power from Your PC !!!
em replied to Che's topic in Stiri securitate
Ur?sc ce a devenit uTorrent de când au fost cump?ra?i de Bittorrent. Crapware, adware, minware. Clientul se instaleaza plin de tot felu de reclame, toolbaruri, reclame care seamana cu torrente care se descarca (ca sa dai click pe ele). Ce e cel mai de rahat e c? au l?sat în prima pagina de la install "Never PAY for a free copy of utorrent" - de?i acum au ?i versiuni pe bani. În plus de asta, am observat c? versiunile mai vechi (e.g. kitul de 2.2.1) nu mai poate fi instalat. Trebuie s? opre?ti netul înainte. Muie utorrent, s? se duc? la fundul istoriei. -
Probabil ca atunci când nu e?ti logat intri un private mode sau ceva => browser fara pluginuri => arata tot Pe modul logat, cine stie ce pluginuri ai, care blocheaza din comentarii. Ia incearca sa te loghezi din private mode. Eu le vad si logat si nelogat.
-
V?d c? acum hostul e jos. Po?i face re-up altundeva?
-
Lenovo.com, the official website of world's largest PC maker has been hacked. At the time of writing, users visiting Lenovo.com website saw a teenager's slideshow and hacker also added song "Breaking Free" from High School Musical movie to the page background. It appears that Lizard Squad hacking group is responsible for the cyber attack against Lenovo. It was revealed earlier this week that Lenovo had been pre-installing controversial 'Superfish' adware to its laptops which compromised the computer's encryption certificates to quietly include more ads on Google search. The attack appears to be a DNS hijacking orchestrated via Cloudflare, as some people can still see the normal Lenovo website. Sursa: Lenovo Website has been Hacked - Hacker News SS:
-
* Nu mai pune?i titluri idioate la topicuri. "Dac? v? plictisi?i la job/?coal?, face?i bani pe telefon". WTF? * Nu se pune spa?iu înainte de virgul?/punct. "adic? , nu . a?a". Nu are sens s? folose?ti ?i punct ?i semnul exclam?rii " [ .. ] referral . !" * În cazul dolarului, moneda se pune înainte de sum?. $10 este corect, 10$ nu este corect.
-
Acest tutorial este despre automatizarea în linia de comand?. Cel mai bine ar fi s? ave?i la dispozi?ie un VM (sau server) cu linux ca s? încerca?i câteva din ele. Înl?n?uirea comenzilor S? pornim cu comenzile înl?n?uite (comanda1;comanda2;comanda3 .. ) Dup? cum pute?i vedea în exemplul de mai sus shellul a rulat ls, apoi ps. Dac? am vrea s? rul?m o comanda doar dac? prima s-a executat cu succes am face comanda1 && comanda2 Dup? cum pute?i observa în comanda "mataegrasa && echo bine" nu s-a afi?at bine. Asta pentru ca ma-ta nu e gr .... nu nu.. pentru ca "mataegrasa" nu e comanda valida. In exemplul ls && true && echo "bine" ajungem sa executam toate comenzile (cu succes) Dac? vrem s? înl?n?uim dou? comenzi ?i s? o execut?m pe a doua doar dac? prima nu s-a executat cu succes facem a?a "comand?1 || comand?2". Un mic exemplu Putem desigur s? rul?m dou? comenzi în paralel cu "comanda1 & comanda2" Redirect?ri Majoritatea comenzilor primesc input de la terminal ?i vars? rezultatul tot în terminal. Intrarea se nume?te stdin, ie?irea standard stdout. Este posibil s? redirect?m intrarea sau ie?irea standard a unui proces cu operatorii "<" sau ">". De exemplu În exemplul de mai sus am redirectat output-ul comenzii ps c?tre fi?ierul mama. Dup? cum se poate observa, con?inutul fi?ierului mama este fix output-ul comenzii ps. Hai s? urm?rim alt exemplu despre redirectarea cu append Dup? cum se poate observa, operatorul ">" gole?te con?inutul fi?ierului înainte s? scrie în el, pentru a preveni acest lucru putem folosi ">>". Cei care s-au mai jucat cu C ?tiu de fprintf(stdout / fprintf(stderr. Fiecare proces are o ie?ire standard de output ?i de eroare. Hai s? vedem un exemplu: În primul exemplu "gogu > haha" nu a avut niciun efect. Output-ul terminalului "gogu: command not found" era pe ie?irea standard de eroare, nu de output. Aceasta se face cu operatorul "2>". Putem, bineîn?eles s? redirect?m ie?irea standard undeva ?i eroarea altundeva prin "comanda >1 iesire 2> erorile" Alte exemple Atât pentru azi, s?pt?mâna viitoare pipe-uri.
-
Acest thread f?r? cap ?i coad? încearc? s? v? introduc? în lumea semnalelor în linux. Poate unii din voi v-a?i gândit vreodat? cum s? face?i ca s? rula?i o dat? la X secunde o secven?? de cod în C. Cea mai naiv? din solu?ii ar fi aceasta #include <stdio.h> void functie() { printf("lel\n"); } int main() { int i = 0; while(1) { if(i++ == 100000000) { functie(); i = 0; } } return 0; } Dup? cum vede?i în comanda de mai sus se itereaz? prin i, ?i o dat? la 100mil se ruleaz? func?ia. Sun? bine, eh? Mhm, no. Pentru c? CPU-ul st? aproape mereu ocupat. O parte din voi poate c? a?i mai auzit de apelul sleep, un cod echivalent este cam a?a. #include <stdio.h> void functie() { printf("lel\n"); } int main() { while(1) { sleep(10); // hai s? dormim o dat? la 10 secunde ;-) functie(); } return 0; } Dac? sunte?i curio?i s? v? uita?i în top, observa?i c? CPU-ul nu mai este utilizat la 100%, ci procesul nu mai consum? nimic, de?i este într-un while(1). Aici intr? în joc semnalele. Semnalele sunt mesaje trimise de c?tre sistemul de operare c?tre procese pentru a semnala o situa?ie excep?ional? la care ele trebuie s? reac?ioneaze. To?i am folosit semnale pân? acum. S? v? dau un exemplu. vilie@em-vm:/tmp$ wget http://www.google.com/ --2015-02-19 01:41:42-- http://www.google.com/ Resolving www.google.com (www.google.com)^C vilie@em-vm:/tmp$ În exemplul de mai sus am oprit procesul wget printr-un semnal generat de combina?ia de taste "CTRL+C" (SIGINT). Procesul a primit semnalul CTRL+C si a efectuat ac?iunea implicit?. (a murit) În general procesele pot trata, bloca sau ignora semnalele primite. Ac?iunea implicit? la primirea unui semnal este omorârea procesului. În cazul în care procesul îl ignor?, sistemul de operare nu îi va mai trimite acel semnal. Hai s? observ?m câteva din semnale. vilie@em-vm:/tmp$ kill -l 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP 6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1 11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM 16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP 21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ 26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR 31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3 38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8 43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13 48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12 53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7 58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2 63) SIGRTMAX-1 64) SIGRTMAX În acest moment oamenii care d?deau f?r? mil? cu "kill -9" f?r? s? ?tie de ce, au aflat c? comanda este echivalent? cu kill -SIGKILL. SIGKILL este un semnal care nu poate fi blocat/mascat/ignorat de un proces -> procesul este omorât. Hai s? vedem un exemplu mai interesant. Poate unii din voi ?tiu c? de obicei un proces care blocheaz? terminalul poate fi omorât cu CTRL+C sau CTRL+\. Mai jos e un exemplu de program care trateaz? acele semnale (?i nu moare). #include <stdio.h> #include <string.h> #include <stdlib.h> #include <assert.h> #include <signal.h> #include <sys/types.h> #include <fcntl.h> #include <unistd.h> #define MY_MAX 32 #define TIMEOUT 1 static void print_next(void) { static int n = 1; printf("n = %d\n", n); n = (n + 1) % MY_MAX; } /* signal handler */ static void ask_handler(int signo) { char buffer[128]; printf("Got %d - Opresc programul boss? [Y/n] ", signo); fflush(stdout); fgets(buffer, 128, stdin); buffer[strlen(buffer)-1] = '\0'; if (buffer[0] == 'y' || buffer[0] == 'Y') exit(EXIT_SUCCESS); } /* configure handlers */ static void set_signals(void) { struct sigaction sa; memset(&sa, 0, sizeof(struct sigaction)); sa.sa_handler = ask_handler; sigaction(SIGINT, &sa, NULL); sigaction(SIGQUIT, &sa, NULL);; } int main(void) { set_signals(); while (1) { print_next(); sleep(TIMEOUT); } return 0; } Dup? cum vede?i programul ajunge în ask_handler dup? ce prime?te CTRL+C sau CTRL+\ Un ultim exemplu v? dau un cod care ruleaz? un handler o dat? la 2 secunde. Procesul seteaza un timer cu SIGALRM o dat? la 2 secunde ?i îl trateaz? în timer_handler. Adic? procesul î?i trimite sie?i semnale o dat? la dou? secunde, în rest se suspend? (sigsuspend). #include <assert.h> #include <time.h> #include <stdio.h> #include <string.h> #include <stdlib.h> #include <signal.h> #include <sys/time.h> #define TIMEOUT 2 // Aici seta?i o dat? la câte secunde s? ruleze comanda static void timer_handler(int signo) { time_t curr_time; curr_time = time(NULL); printf("time is: %s", ctime(&curr_time)); } static void set_signals(void) { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = timer_handler; sigaction(SIGALRM, &sa, NULL); } static void set_timer(void) { timer_t timerid; struct sigevent sev; struct itimerspec its; sev.sigev_notify = SIGEV_SIGNAL; sev.sigev_signo = SIGALRM; sev.sigev_value.sival_ptr = &timerid; timer_create(CLOCK_REALTIME, &sev, &timerid); /* Start the timer */ its.it_value.tv_sec = TIMEOUT; its.it_value.tv_nsec = 0; its.it_interval.tv_sec = its.it_value.tv_sec; its.it_interval.tv_nsec = its.it_value.tv_nsec; timer_settime(timerid, 0, &its, NULL); } static void wait_for_signal(void) { sigset_t old_mask; sigprocmask(SIG_SETMASK, NULL, &old_mask); sigsuspend(&old_mask); } int main(void) { set_signals(); set_timer(); while (1) { wait_for_signal(); } return 0; } În continuare o s? postez un program care atunci când ap?sa?i CTRL+C v? d? impresia c? el a fost omorât ?i v? afiseaz? un prompt identic cu bashul vostru. ?i atunci cel care a f?cut programul r?u inten?ionat poate vedea/interpreta/trimite toate comenzile date de voi c?tre un ter?. Poate face vreunu din voi asta (pornind de la semn.c)
- 1 reply
-
- 1