nAb.h4x

Gata am reusit Multumesc !

La fel

Cu siguranta

Si la mine tot mai veneau si imi ziceau : "Baiatu nu vrei sa cumperi un telefon ? Ca am de vanzare" Eu nici nu ii bagam in seama Treceam pe langa ei si imi vedeam de treburile mele !

Ai gresit unde ai postat .... Trebuia la ajutor

Sursa - Ehackingnews Pentru video accesati site-ul lor Several Yahoo users complained that their accounts have been hacked. It appears that the Yahoo email accounts are being hacked after victim click a malicious link included. The attack was started after one hacker or Security Researcher "Shahin Ramezany" uploaded a video in Youtube that demonstrates how to hack a Yahoo account by leveraging a DOM based XSS Vulnerability. The attack works in all major browsers. In the Demo video, the hacker included a link to external html file hosted in his website and send to his victim. He opened the malicious link from the victim account. When the victim opens the malicious link, the cookie logs of the victim are being stored in hacker website. Hacker managed to use those cookies to log in into the victims account. A Voice actress and singer Cristina Vee, was affected by this hack and posted in a twitter account: According to The Next Web report, Yahoo has plugged the security hole in question. At the time of writing, we are not able to confirm whether the attack was launched by the Shahin Ramezany or not. Pentru video accesati site-ul lor

Multumesc // Iti trebuie contul verificat pe paypal ...

Nu degeaba e pro inca mai incerc sa vad daca il gasesc ! // nu am reusit nimic ...

Oricum jocul e fain // ma pun acuma sa vad daca reusesc ceva

Am incercat si eu odata e de mult faza asta ... dar nu am reusit sa fac rost Am vazut pe internet la unu ... dar i-a dat discount 20%

Administration from Debian and Python project official websites confirmed that their WIKI servers were compromised by some unknown hackers recently. Hackers was able to hack because of several vulnerabilities in "moin" package. According to Brian Curtin at Python Project, Hacker user some unknown remote code exploit on Python Wiki server (http://wiki.python.org/) and was able to get shell access. The shell was restricted to "moin" user permissions, where but no other services were affected. Attacker deleted all files owned by the "moin" user, including all instance data for both the Python and Jython wikis. Python Software Foundation encourages all wiki users to change their password on other sites if the same one is in use elsewhere. For now, Python Wiki is down and team is investigating more about breach. Where as in Debian Wiki (FrontPage - Debian Wiki) security breach, user use some known vulnerabilities Directory traversal (CVE-2012-6080, CVE-2012-6495), Multiple unrestricted file upload vulnerabilities (CVE-2012-6081), Cross-site scripting (XSS) vulnerability (CVE-2012-6082). Luca from Debian also mention,"We have reset all password hashes and sent individual notification to all Debian wiki account holders with instructions on how to recover their passwords". In case of Debian, hacker compromise only 'wiki' user and have captured the email addresses and corresponding password hashes of all wiki editors. "The attacker(s) were particularly interested in the password hashes belonging to users of Debian, Intel, Dell, Google, Microsoft, GNU, any .gov and any .edu." Both servers was compromised in December 2012, but it is not clear yet that same hacker do both hacks or not Sursa - TheHackerNews

Google is the best friend ! Try it ! Si tu parca esti ala care a dat cu havij in site-urile alea doua care le-ai postat la Show Off !

Bine ai venit !

Hacker found a way to hack and change your password like, just he used to change his own password. Confused ? Recently Facebook fix a very critical vulnerability on the tip of 'Sow Ching Shiong', an independent vulnerability researcher. Flaw allow anyone to reset the password of any Facebook user without knowing his last password Facebook having an option for compromised accounts at "https://www.facebook.com/hacked" , where Facebook ask one to change his password for further protection. This compromised account recovery page, will redirect you to another page at "https://www.facebook.com/checkpoint/checkpointme?f=[userid]&r=web_hacked" Researcher notice that the URL of the page having a parameter called "f" which represents your user ID and replacing the user ID with victim's user ID allow him to get into next page where attacker can reset the password of victim without knowing his last password. The Vulnerability was very simple to execute, but now has been confirmed and patched by Facebook Security Team. Sursa - TheHackerNews

Citeste mai atent unpic

ON: OFF:

Many be many of you are not aware about this, but Facebook having a Secure Files Transfer service for their Employees at https://files.fb.com and Hacker reported a very critical password reset vulnerability. Nir Goldshlager, a researcher told 'The Hacker News' that how he defeat Facebook's Secure Files Transfer service and help Facebook by reporting them about this issue in a responsible non-disclosure way till patch. After analyzing the site, he found that the script Facebook is using is actually "Accellion Secure File Sharing Service" script and so next he download the demo version of service from Accellion website and explore the source codes and file locations. He found that, there is a user registration page also available in source, that was also on files.fb.com. Unfortunately Facebook had removed the Sign up option (link) from homepage, but forget to remove the registration page from its actual location i.e (/courier/web/1000@/wmReg.html). So this way, Goldshlager was able to make an account on the site for further pentest. He found that the demo source code of the service is encrypted by ionCube PHP Encoder, and decryption of many parts of the source code was not possible by him. Source code of a web application is like a treasure for a penetration tester, once you have source code, you can look for many critical web application vulnerabilities easily. Anyway, he drop that idea because source code is encrypted. There is a Password Recovery page (wmPassupdate.html) also available on site, which was actually allowing anyone to reset the passwords of any account. Goldshlager notice that when one request to reset the password of his account, the page was validating the user by a cookie called "referer" that contained the email ID of same logged in user but encrypted in Base64. Finally, Goldshlager hack the Facebook Employees Secure Files Transfer service by tampering the values of cookies equals to the victim email ID and Password parameters. This way he was able to reset the password of Facebook Employees using this critical flaw. Flaw was reported by him and now patched by Facebook. Sursa -TheHackerNews

Foarte interesant

X7 am si eu

.... Macar daca ai fi scris corect nu iti punea parola !

Stiu acum ... Poate o sa revina ! Asa ma gandesc eu ! // edit: vad ca acuma imi merge !

... am uitat ... la ora asta numai gandesc bine ! Numai merge site-ul momentan ... asa cred !