Aerosol

Annabelle See no evil 2 A Haunted House 2

The art of Human Hacking syssec red book

pe de-o parte este o idee buna dar pe de alta pare o tactica de control initiata de guvern...

The Citadel Trojan has once again branched out beyond its roots as banking malware and is now targeting the master passwords guarding major password management products. Researchers from IBM Trusteer today said they’ve notified makers of the nexus Personal Security Client, Password Safe and KeePass about a new configuration file found on an infected computer targeting processes used by the respective password management tools. Tamir said the Personal.exe process in nexus Personal Security Client, PWsafe.exe from Password Safe and KeePass.exe are called out by the new Citadel configuration files. In each case, the malware seeks out and captures the master password that unlocks the password database stored by the password management tool. NeXus Personal Security Client is cryptographic middleware used in enterprise and service provider locations to secure financial transactions, ecommerce and other services from the desktop. Password Safe, meanwhile, is an open source tool built by Bruce Schneier. KeePass is also a free, open source password manager, but it uses a random password generator preventing the user from having to come up with individual passwords. The Trojan, however, sidesteps that protection by stealing the master password. Tamir could not confirm whether these are opportunistic or targeted attacks. IBM said it has notified the respective vendors in order that users might be notified as well. Citadel, like most widely distributed malware families, is crossing over more and more from the realm of cybercrime to APT-style targeted attacks. New features and a hunger for legitimate credentials make the malware, which is already sitting on hundreds of thousands of machines, particularly dangerous to critical infrastructure, in addition to financial services. In September, a Citadel variant was used in attacks against petrochemical companies in the Middle East. IBM said at the time that the repurposed versions of Citadel were going after email credentials in order to phish others within an organization or gain deeper access to a compromised network. Tamir estimates that one in 500 computers is infected with malware used in targeted APT attacks. Citadel can sit dormant on an infected computer until a user lands on a particular site; depending on how the malware is configured, it can be triggered by visiting a specific online banking site or web-based email log in. Source

Advisory ID: HTB23241 Product: Simple Email Form Joomla Extension Vendor: Doug Bierer Vulnerable Version(s): 1.8.5 and probably prior Tested Version: 1.8.5 Advisory Publication: October 29, 2014 [without technical details] Vendor Notification: October 29, 2014 Public Disclosure: November 19, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-8539 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Solution Available Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) ----------------------------------------------------------------------------------------------- Advisory Details: High-Tech Bridge Security Research Lab discovered vulnerability in Simple Email Form Joomla Extension, which can be exploited to perform Cross-Site Scripting (XSS) attacks against visitors and administrators of Joomla websites with installed plugin. 1) Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension: CVE-2014-8539 Input passed via the "mod_simpleemailform_field2_1" HTTP POST parameter to "/index.php" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in user to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation example below uses the "alert()" JavaScript function to display "immuniweb" word: <form action="http://[host]/index.php" method="post" name="main"> <input type="hidden" name="mod_simpleemailform_field1_1" value="email@email.com"> <input type="hidden" name="mod_simpleemailform_field2_1" value='"><script>alert("immuniweb");</script>'> <input type="hidden" name="mod_simpleemailform_submit_1" value="Submit"> <input type="submit" id="btn"> </form> ----------------------------------------------------------------------------------------------- Solution: Disclosure timeline: 2014-10-29 Vendor Alerted via emails. 2014-11-06 Vendor Alerted via emails. 2014-11-14 Fix Requested via emails. 2014-11-17 Fix Requested via emails. 2014-11-19 Public disclosure with self-written patch. Currently we are not aware of any official solution for this vulnerability. Unofficial patch was developed by High-Tech Bridge Security Research Lab and is available here: https://www.htbridge.com/advisory/HTB23241-patch.zip ----------------------------------------------------------------------------------------------- References: [1] High-Tech Bridge Advisory HTB23241 - https://www.htbridge.com/advisory/HTB23241 - Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension. [2] Simple Email Form Joomla Extension - http://extensions.joomla.org/extensions/contacts-and-feedback/contact-forms/11494 - Lightweight email contact form with 8 configurable fields, plus a field for uploading attachments to the email, and a CAPTCHA based in Text_CAPTCHA from the PEAR library (included). [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. [5] ImmuniWeb® SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model. ----------------------------------------------------------------------------------------------- Source

WhatsApp has turned on an encryption system to protect messages sent with the Android version of its app. The WhatsApp Android application has been downloaded about 500 million times. It said the data scrambling system should make it much harder to eavesdrop on the messages users exchange. Tech firms have faced criticism by law enforcement figures who said greater use of encryption made it harder to track criminals and extremists. Data scramble The encryption system being applied to WhatsApp is called TextSecure and has been developed by a non-profit group called Open Whisper Systems. Unlike other encryption systems, which often scramble messages only as they travel from a device to the servers that companies use to route them to their recipients, TextSecure keeps the encryption intact throughout a message's journey from handset to handset. Initially the encryption is being applied only to messages sent via the Android version of WhatsApp. Soon it will be extended to group messages, photos and videos sent via the Android app. Open Whisper said it also planned to develop versions of TextSecure that work with WhatsApp apps on other smartphone operating systems but did not give a date for when those would be ready. Facebook acquired WhatsApp in a deal worth $22bn (£14bn) The tie-up marks a huge boost in the numbers of people using TextSecure, which had reached about 10 million, mainly people who had installed the Cyanogen variant of the Android operating system. WhatsApp said the encryption system would be turned on by default for its huge number of Android users. In October, Facebook completed a $22bn (£14bn) acquisition of WhatsApp. In a separate development, the Electronic Frontier Foundation, which campaigns on digital rights, has unveiled a project to make it easier and cheaper for smaller organisations and websites to use strong encryption. Called Let's Encrypt, the initiative aims to produce software tools that automate, as much as possible, the process of using the web's standard encryption systems. Many sites and organisations shy away from adopting these technologies because they can be technically demanding to install and administer, said Peter Eckersley, EFF technology projects director, in a statement. Let's Encrypt has been set up with the help of Mozilla, Cisco, Akamai and others and aims to launch in 2015. Both moves could anger intelligence and law enforcement agencies, which have criticised tech firms for their greater use of encryption. Source

Today I was brought to the attention of a Tumblr post - apparently there's malware doing the rounds making use of Steam chat, (adding Steam friends and) spamming Steam users. Example message: Onyx is right, the link's indeed phishy and uses bit.ly (a URL shortener) to trick users into clicking it. Remember the worm that spread via Skype and Messenger last year? (reference here and here) This is a similar campaign. Setup Someone adds you on Steam, you accept and immediately a chat pops up as similar to above. Alternatively someone from your friends list already got infected and is now sending the same message to all his/her friends. The bit.ly link actually refers to a page on Google Drive, which immediately downloads a file called IMG_211102014_17274511.scr, which is in fact a Screensaver file - an executable. The file is shared by someone named "qwrth gqhe". Looks legit. Note that normally, the Google Drive Viewer application will be shown and this will allow you to download the .scr file. In this case, the string "&confirm=no_antivirus" is added to the link, which means the file will pop-up immediately asking what to do: Run or Save. (and in some cases download automatically) At time of writing, the file is actually still being hosted by Google Drive. I have reported it however. Afterwards, you're presented with the screensaver file which has the following icon: Opening the file will result in installing malware on your system, which will steal your Steam credentials. Technical details: Downloads and executes: Remediation What if you clicked the link and executed the file? Follow these steps: Exit Steam immediately Open up Task Manager and find a process called temp.exe, wrrrrrrrrrrrr.exe, vv.exe or a process with a random name, for example 340943.exe Launch a scan with your installed antivirus Launch a scan with another, online antivirus When the malware has been disinfected or deleted, change your Steam password - if you use the same password for other sites, change those as well Verify none of your Steam items are missing Prevention Be wary when someone new adds you on Steam and immediately starts sending links In fact, don't click on links someone unknown sends to you If you did, don't open or execute anything else - just close the webpage (if any) or cancel the download By default, file extensions are not shown. Enable 'Show file extensions' to see the real file type. Read how to do that here Add the IP 185.36.100.181 to your host file or block it in your firewall. In the host file, add: 127.0.0.1 185.36.100.181 Follow the tips by Steam itself to further protect your account: Account Security Recommendations Conclusion Never click on unknown links, especially when a URL shortener service like bit.ly is used. (others are for example t.co, goog.gl, tinyurl, etc.) Don't be fooled by known icons or "legit" file descriptions, this can easily be altered. Even if you clicked the link and you're not suspicious, you should be when a file is downloaded and it's (in this case) a screensaver file. For checking what is really behind a short URL, you can use: http://getlinkinfo.com/ For checking whether a file is malicious or not: https://www.virustotal.com/ Follow the prevention tips above to stay safe. Source

Frate sa fim seriosi adica majoritatea parintilor nu stiu sa umble pe internet si cacaturi. Degeaba ii invata ceva parintii daca ei fac altceva nu sunt ei de condamnat, plus ca astia au fost si idioti nu au stiut sa se protejeze, daca faci un cacat iti iei anumite masuri de siguranta dar pula mea, noul val de "hackeri" Oricum nu are rost sa o lungim aiurea, concluzia sunt doar niste retardatii ce si-au primit pedeapsa (sau o vor primi).

Totul e strategic, vine iarna mancare/caldura gratis ii doare la basca... Ce s-au gandit ba nu ne mai dau parintii banii e de rau hai sa ajungem la bulau.

@Eddie91 nu fi rau frate omu' din poza tocmai a trecut printr-un accident de masina iar medicii de pe ambulanta i-au dat o patura apoi reporteri l-au fotografiat in timp ce isi anunta mama...

Am un windows phone (nokia lumia) si de fiecare data cand accesez/dau sa vad un post/refresh rstforums.com imi apare mesajul: E cam enervat... reactia mea cand trebuie sa dau "Continue to website" de fiecare data..

nu, acum am observat si eu

felicitari @sleed dupa ce primesti confirmarea (daca le-ai raportat) sa postezi si tu vectorul.

Sincer aici tin sa te contrazic man, ce treaba au parintii? poate chiar s-au ocupat de ei... Singuri de vina sunt acesti copii aka hackeri... bine vina parintilor poate fi ca le-a platit netul

Vad ca ai pus WP mare greseala ))

Copii retardati cu deficiente mintale grave... "we are anonymous we are stupid kids we don't know anything but it's cool to be a fake hackers" "Am spart undernet si garda iar mascatii mi-au spart casa" )

@molecu joburi fara sa bati la usi pai depinde de ce stii tu sa faci, cunostiinte si in primul rand ce esti dispus sa faci... Cat despre RDS toti stiu ca e cea mai jegoasa firma asa ca "norocul" tau...

Nu ai urmat tu acei "pasi" ca promotia inca mai e valabila azi dimineata l-am luat si eu Thanks

Gasesti pe forum tutoriale iti e greu sa cauti? si lasa programele gen havij,acunetix sau rahaturi de genu...

link was removed because skimming and bank fraud are strictly prohibited here.

e de la tine cel putin doar pe tine te atentioneaza...

E tema "default" de la phpBB cu imagini modificate so... ala nu e design unic nici daca eu imi bag un burghiu de 23 in nas si-l scot pe gura. Cat despre categorii sunt aiurea dar mna, iti urez bafta.

@Casper00 RAT (Remote Administrator Tools) uite aici: Remote administration software - Wikipedia, the free encyclopedia frate ne-ai inebunit cu keyloggerul ala din discutiile cu tine in PM am inteles ca nu ai deloc cunostiinte si vrei sa inveti sa dai flood si alte rahaturi iti zic din prima ca ai inceput cu stangul, a da era sa uit tutoriale pentru stealere gasesti pe aici o gramada daca cauti, programul il ai (Coailii), asa ca bafta.

Prietene firma allview e o maxima de chinezarie ... stiu asta fiindca am avut si telefon si tableta de la ei si nu ieftine...

Ploua cu banii si cica visele nu se indeplinesc ( pentru cersetorii si tiganii care erau pe faza)