Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by sleed

  1. e have come to accept that the technology we interact with on a daily basis is tracking and recording our every move. Your iPhone knows everywhere you've been, Google Maps is always tracking your location, and Facebook has built a detailed character profile of all its users. By following these five steps you can see just how much Google knows about you, your interests, the places you have visited, and your search habits. 1. Go to history.google.com/history Credit: Google 2. Make sure you're logged into a Google account Google only saves the searches you have made while logged into an unrestricted Google account. While it might not have every search you've ever made, it can give you a pretty accurate picture of your browsing habits. 3. Select the down arrow next to "last week" and change it to "all time" Credit: Google 4. Browse your more recent search history by selecting "last month" and "last year" Credit: Google 5. Delete your browsing data You can delete the search data Google has stored for you by clicking the three dots on the top right hand side of the window and selecting "Delete options". It gives you the immediate option to delete data from "Today" and "Yesterday". If you click "Advanced" it then lets you delete information from the last four weeks or "All time". Credit: Google 6. Google knows where you've been Credit: Google If you click the three dots in the top right hand corner of the window and select "Settings" then "Show more controls" you can "Manage Activity" under the "Places you Go" tab. If you don't have location services turned off this will show you a map of all of the places where you have used your mobile device. This is part of Google's Timeline, which it launched last year. 7. See how old Google thinks you are Credit: Google If you scroll to the bottom of the "Activity controls" page and select "Ads" you can see the profile Google has for you, including a rough age range, your gender, and your interests. If you don't agree with the profile Google has created for you, then you can change it to make it more (or less) accurate. This affects the adverts you'll see across Alphabet products. Source
  2. Armada Collective' emails dupe recipients. An unknown group of criminals have been successful in extorting Cloudflare customers out of hundreds of thousands of dollars simply by threatening denial of service attacks, but never actually executing one. Cloudflare's founder and chief executive Matthew Prince revealed that over a hundred Cloudflare customers had received emails from the "Armada Collective" demanding "protection fees" of 10 to 50 Bitcoin (A$6000 - A$30,000) over the past two months. However, Cloudflare has been unable to find any trace of denial of service attacks carried out by the Armada Collective. Prince noted that the threat emails use the same Bitcoin address for payments, meaning it wouldn't be possible for the extortionists to tell who had paid the ransom. The threat of service interruption has been enough to scare Cloudflare customers into paying over US$100,000 to the extortionists, Prince said. Cloudflare competitor and content delivery specialist Akamai last November said it had analysed a spate of denial of service attacks against its customers, allegedly conducted by the Armada Collective. Although the blackmailers claimed to be able to launch attacks of up to one terabit per second, the largest traffic flood attributable to Armada Collective, according to Akamai, measured only 772 megabits per second. Akamai speculated at the time that the Armada Collective was another name for the DD4BC gang, whose alleged leader was arrested by Europol in January this year. Prince agreed the Armada Collective and DD4BC were likely one and the same. The present threats appear to be sent out by copycats leveraging the reputation of the original denial of service blackmailers and scaring users into paying the money. Last year, the extortionists are succesfully blackmailed Swiss email provider Protonmail, which paid the ransom, only to be attacked later on. Switzerland's computer emergency response team warned late last year that the Armada Team was targeting high-profile hosting providers in the country. The Swiss govCERT advised victims not to pay the blackmailers but to apply mitigation techniques against denial of service attacks with the help of their internet service providers, and to contact the police instead. Source: Source
  3. A novel Android attack method for ransomware has been unearthed in the form of an almost silent exploit kit—which threatens tablets, phones and set-top video streaming devices alike. But while the attack vector appears to be brand-new, the payload is decidedly old-school, hearkening back to pre-crypto "scareware" tactics. According to Blue Coat Labs, the EK is using several vulnerabilities to install malware onto the victim's phone or tablet in the background—without any user interaction at all on the part of the victim. During the attack, the device did not display the normal “application permissions” dialog box that typically precedes installation of an Android application. The exploits are commoditized implementations of leaked Hacking Team and Towelroot fare. “After consulting with analyst Joshua Drake of Zimperium, he was able to confirm that the Javascript used to initiate the attack contains an exploit against libxslt that was leaked during the Hacking Team breach,” said Blue Coat researcher Andrew Brandt, in an analysis. “Drake also confirmed that the payload of that exploit, a Linux ELF executable named module.so, contains the code for the ‘futex’ or ‘Towelroot’ exploit that was first disclosed at the end of 2014….The ELF payload in turn contains code that downloads and installs an Android .apk application—which is a ransomware Trojan.” The ransomware labels itself Cyber.Police, and is a version of older, pre-cryptographic ransomware families. It presents itself as a sort of law enforcement or intelligence agency intervention into browsing habits. The ransomware doesn't threaten to (or actually) encrypt the victim's data. Rather, the device is held in a locked state where it cannot be used for anything other than delivering payment to the criminals in the form of two $100 Apple iTunes gift card codes. “That's unusual because it's far more common nowadays for ransomware to demand non-trackable cryptocurrency, like Bitcoins,” Brandt said. “In theory, it might be possible for Apple (or its iTunes gift card partners) to track who used the gift cards provided to the criminals, which may help investigators identify them.” The lab device, an older Samsung tablet, was running the Cyanogenmod 10 version of Android 4.2.2 at the time it was infected. But the researcher cautioned that over-the-top video players running Android are also at risk. “Older devices, which have not been updated (nor are likely to be updated) with the latest version of Android, may remain susceptible to this type of attack in perpetuity,” Brandt said. “That includes so-called media player devices—basically inexpensive, Android-driven video playback devices meant to be connected to TVs—many of which run the 4.x branch of the Android OS. Some of these older Android devices are now in the same situation as PCs running Windows XP: The OS may still work, despite no longer receiving updates, but using it constitutes a serious risk of infection.” The attack, which has been going on at least since February 22 and possibly before, appears to affect at least 224 unique device models running a range of Android versions between 4.0.3 and 4.4.4. As with other ransomware, the best way to defeat the criminals is to keep a backup of those precious photos, videos, and other data files somewhere other than on your phone or tablet's internal memory or memory card. That way, users can just perform a factory reset and not worry about losing anything other than the time it takes to reconfigure and reinstall a mobile device's apps. Using a more up-to-date browser than the built-in browser app included with Android 4.x devices is also highly recommended. Source
  4. Dutch police have seized and copied the servers of an encrypted communications network behind modified phones they’ve found while investigating drug cases, criminal motorcycle gangs, and gangland killings, prosecutors said on Friday. On Tuesday, 19 April, Dutch police also arrested the network’s owner, 36-year-old Danny Manupassa, on suspicion of money laundering and illegal weapons possession. Prosecutors said in a statement that they believe the network, Ennetcom, is the “largest encrypted network used by organized crime in the Netherlands.” All Ennetcom’s users, about 19,000 of them, were sent a message on Tuesday informing them that police had copied the servers. Most of the servers are in Canada, while most of Ennetcom’s users are in the Netherlands. Ennetcom’s service, sold over a number of years, was based around customized PGP BlackBerries that were cloaked from the phone or internet networks. From the Dutch police’s statement: The company sold modified telephones for about 1,500 euros each and used its own servers for the encrypted data traffic. The phones had been modified so that they could not be used to make calls or use the internet. PGP stands for Pretty Good Privacy, a program for encrypting and authenticating data that’s often used to encrypt email. According to the Dutch Police’s news release, the message sent to network users on Tuesday explained that the investigation focuses on individuals suspected of serious crime. Earlier this year, we reported that Dutch and Canadian police have had success in “obtaining encrypted data from BlackBerry PGP devices”, so it will be interesting to see how far investigators get in this case, where they have both the phones and the servers through which they communicated. Source
  5. IDEO: Casey Ellis, founder and CEO of Bugcrowd, discusses why he built his company and where the bug-bounty model is headed in the future. Security vendor Bugcrowd today announced that it has closed a new $15 million Series B funding round, bringing total financing to date for the company up to $24 million. The new funding round is led by Blackbird Ventures and includes the participation of Costanoa Venture Capital, Industry Ventures, Paladin Capital Group, Rally Ventures and Salesforce Ventures. Bugcrowd provides private and public bug-bounty programs for companies. With a bug-bounty program, security researchers are rewarded for responsibly and privately reporting security flaws in software. The overall goal is to help improve software quality, by enabling organizations to benefit from a large community, or "crowd" of researchers that are part of Bugcrowd's program. Leading Bugcrowd's efforts is the company's founder and CEO Casey Ellis. In a video interview with eWEEK, Ellis details why he started the company and how he is seeing the market for bug-bounty programs mature. Several organizations today offer bug-bounty programs that compete with Bugcrowd, including HackerOne and Synack. Ellis noted that there is enough of a market for multiple entrants. The fact that multiple firms provide bug bounties has raised awareness of them and is good for the market overall, Ellis said. "When I started the company in 2013, I spent most of my time explaining what a bug bounty was to people," Ellis said. "I don't have to do that anymore." Another thing that has changed over the last three years for Ellis and Bugcrowd is the underlying infrastructure for working with both security researchers and with organizations like Tesla, which is one of Bugcrowd's clients. Ellis noted that when he started the company, the technology he used was very basic, and he made use of things like the online Wufoo service for forms. Now the Bugcrowd platform is significantly more advanced, which helps researchers and Bugcrowd's clients find, report and issue rewards for flaws. "How we do things today is we prove a concept manually first, apply human intelligence to the problem set and then take the repeatable learnings and codify that," Ellis said. Video & Source: Source
  6. A FireEye report discloses the activities of a financial hacking group that could be responsible for hundreds of millions of dollars in fraud. Modern cyber-crime is often conducted by well-organized groups, with sophisticated tactics and the potential to perpetrate fraud at scale. Security firm FireEye issued a new report on April 20 detailing the operations of one such financial cyber-crime group, which it dubbed FIN6. "The report talks through how the FIN6 activity fits into broader e-crime activity and underground marketplaces where malicious actors buy and sell resources," John Miller, director of ThreatScape Cyber Crime in iSIGHT Partners, a FireEye company, told eWEEK. "A lot of crimeware infections that many organizations would normally just dismiss as a nuisance can actually lead to very damaging exploitation." The full scope of how damaging the exploitation can be is discussed in the report in the context of one particular campaign executed by FIN6 in which approximately 20 million credit cards were compromised. FireEye estimates that the market value of the stolen card data could potentially have been $400 million. "We found in one breach that we linked to FIN6 there were about 20 million cards sold, primarily from the U.S., and the data was selling for approximately $21 a card at the time," Miller said. "So if all the cards were sold for $21 a card, that would have been a return of over $400 million." That said, Miller noted that not all cards are sold for the same price, as the value of compromised cards change over time. Additionally, those who buy compromised credit card data tend to pick and choose which cards they want to acquire, and likely wouldn't buy all 20 million. Beyond the revenue generated from the stolen cards, Miller said there is still all the actual fraud that attackers could generate from the compromised cards. "Criminals who purchase the compromised cards would obviously want to get more out of the data than what they paid for it," he said. "That's the value of purchasing the data in the first place." It's a large effort to correlate fraud across multiple clusters of malicious activity, but that's what FireEye has attempted to do for FIN6, according to Nart Villeneuve, principal threat intelligence analyst at FireEye. FIN6 victims fall in the retail and hospitality sectors, he added. "FireEye Mandiant goes on investigations, and that provides a lot of detailed information on what attackers might do in a post-compromise situation," Villeneuve said. "At the same time, FireEye is digging through data from FireEye sensors, trying to build out information." With iSight, which FireEye acquired for $275 million in January, Villeneuve noted that even more visibility is available to FireEye on what is happening on malicious underground networks. The attack methodology used by FIN6 involves multiple layers, and it often begins with a phishing campaign. Villeneuve explained that FIN6 will use the phishing activity to first get a foothold in a network. Once in a network, FIN6 has multiple tools to move laterally, find information and establish backdoor access to steal data. Attackers will send out phishing emails with different lures with documents that include malicious macros that when run will download a malware executable, he said. From an actual vulnerability perspective, the FIN6 group is making use of older issues including CVE-2013-3660, CVE-2011-2005 and CVE-2010-4398 that have already been patched by Microsoft. Those vulnerabilities are used for privilege escalation and are used once attackers already have a foothold in the network. While it's always a good idea to patch systems and avoid clicking on attachments from unknown sources, Villeneuve suggests additional best practices for limiting risks from groups like FIN6, including the use of network segmentation and encryption. "You should ensure that to the maximum amount possible, all data that is handled on the network is encrypted," he said.
  7. The Verizon Data Breach Investigations Report once again shows that shoddy security practices and lack of patching are at the heart of most breaches. The annual Verizon Data Breach Investigations Report (DBIR), released April 26, provides visibility into the state of security and why breaches occur. The 2016 report is based on Verizon's analysis of more than 100,000 security incidents, of which 2,260 were confirmed as data breaches. In contrast, the 2015 report received data from 79,790 security events, with 2,122 confirmed data breaches. As was the case in the 2015 report, Verizon once again has found that little has changed in the breach landscape, with attackers using the same tactics and organizations failing in the same basic areas of security. Known vulnerabilities continue to be a root cause for many breaches, explained Suzanne Widup, senior consultant, Network and Information Security, Verizon RISK Team and a co-author of the DBIR. According to the DBIR, 85 percent of all successful exploits in the last year can be attributed to 10 already-patched vulnerabilities. In some cases, the patches have been available for years and there are vulnerabilities from 1999 that can still show up as root causes of breaches. "Attackers are still exploiting old vulnerabilities really well, and they don't have to use zero-days," Widup told eWEEK. "There are a lot of things that really should have been patched a long time ago." The older vulnerabilities are typically "weaponized" in an exploit toolkit, which makes it easier for attackers to execute. Widup emphasized that there are no good reasons why organizations should not patch their systems. More: Source
  8. Ca sa stii unity trebuie sa stii mai intai C# neaparat. Altfel, poti sa te lasi de meserie...
  9. Era un baiat aici pe forum care decoda telefoane. Nu mai stiu daca mai posteaza, cauta pe la servicii..
  10. A team of security researchers last week issued a report on DROWN, a new and troubling flaw in the long-reviled SSLv2 protocol. The DROWN attack, which stands for Decrypting RSA with Obsolete and Weakened eNcryption, can "decrypt passively collected TLS sessions from up-to-date clients," according to the report. Although modern browsers no longer support SSLv2, the researchers found that as many as 6 million HTTPS servers, or 17% of those scanned, still supported it. Using a technique known as a Bleichenbacher RSA padding oracle, the researchers demonstrated the ability to "decrypt a TLS 1.2 handshake, using 2048-bit RSA in under 8 hours using Amazon [Elastic Compute Cloud], at a cost of $440." However, when paired with a newly discovered vulnerability in versions of OpenSSL from 1998 to early 2015, the researchers reported they were able to "decrypt a TLS ciphertext in one minute on a single CPU -- fast enough to enable man-in-the-middle attacks against modern browsers." In total, the research report stated that 33% of all HTTPS servers are vulnerable to the DROWN attack, because even those servers that don't directly offer SSLv2 share their RSA keys with other entities that do offer it, which would expose those keys. The researchers stated they were "able to execute the DROWN attack against OpenSSL versions that are vulnerable to CVE-2016-0703 in under a minute using a single PC." The only mitigation, they said, is to disable the use of SSLv2 entirely. "To protect against DROWN, server operators need to ensure that their private keys are not used anywhere with server software that allows SSLv2 connections," the report stated. "This includes Web servers, SMTP servers, IMAP and POP servers, and any other software that supports SSL/TLS." DROWN has been assigned CVE-2016-0800, and in the latest update to OpenSSL, the SSLv2 protocol is being disabled by default, and SSLv2 EXPORT ciphers are being removed to protect against a DROWN attack. Source
  11. Security researchers updated BREACH attack that would allow a Facebook Messenger or Gmail breach to be performed much faster, but the overall risk is limited. By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy. can be performed 500 times faster than the original method. Dimitris Karakostas and Dionysis Zindros first showed off their BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) attack at Black Hat in 2013. BREACH attacks the Deflate data compression algorithm used to save bandwidth in Web communications and allows attackers to perform a Facebook Messenger or Gmail breach to steal secure data. Karakostas and Zindros also made the attack easier to perform with a new "Rupture" framework. The researchers claim BREACH is now 500 times faster overall, with browser parallelization six times faster and site requests 16 times faster. The attack targets endpoints and uses "new statistical methods that can be used to bypass noise induced by the usage of block ciphers, as well as noise present in usual web applications," as described in their paper Practical New Developments on BREACH. In practice, this means an attack could perform a Facebook Messenger or Gmail breach and steal secure communications. Zindros said the attack could take weeks to perform although the Rupture framework would make it easier and lower the complexity of the attack. Source
  12. It's time to uninstall QuickTime for Windows, security experts -- including Trend Micro and the Department of Homeland Security -- say, because Apple has abruptly pulled the plug on the program after two zero day vulnerabilities were found. Apple issued its last patch for QuickTime for Windows in January, and it seems that will be the last patch the software ever receives. Trend Micro's Zero Day Initiative (ZDI) recently disclosed two new and critical zero-day vulnerabilities in the software, ZDI-16-241 and ZDI-16-242. Both vulnerabilities were described as potentially allowing "remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime" if the target were to visit a malicious webpage. ZDI also noted in the post that Apple said it "will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it." However, Apple has not officially announced an end of life (EOL) for QuickTime and the support page for the software still describes the process to uninstall QuickTime in terms of "If you no longer need QuickTime ..." Source Full: Full Source
  13. Juniper Networks sysadmins can add Junos Space network management patches to their to-do list. The gin palace says “any product or platform running Junos Space before 15.2R1” has the privilege escalation vulnerabilities, adding that “Attack vectors include: cross site request forgeries (CSRF), default authentication credentials, information leak and command injection”. The remotely-exploitable bugs, turned up by the company's internal code review, include six vectors inherited from Oracle's Java SE (CVE-2015-4748, CVE-2015-2601, CVE-2015-2613, CVE-2015-4749, CVE-2015-2625 and CVE-2015-2659). These have been fixed with an upgrade to the Oracle Java runtime, to 1.7.0 update 85. The company also discovered that Space still had an RC4 implementation that was vulnerable to last year's Bar Mitzvah attack, and a TLS implementation subject to Logjam. The vulnerabilities have been cleaned up in Junos Space 15.2R1, which first shipped in March 2016. Juniper adds that Junos Space should only be accessible from trusted networks, and should run on “jump boxes” without direct Internet access. ® Sursa: Source
  14. Autorul s-a inspirat si de aici : http://www.devttys0.com/blog/
  15. Mai bine dati banii si stiti pe ce dati. Gen: bluehost.com, godaddy sau namcheap, au support foarte bun si sunt promti si seriosi.
  16. Here’s a fun story that’s doing the rounds right now. It’s the perfect anecdote to cheer up a Friday afternoon. Actually, it isn’t, because it’s all about someone else’s deep misfortune. It’s more of a There, but for the grace of God, go I, but we thought we’d tell the tale anyway, so that you don’t go there yourself. Just imagine… Imagine that you were going to make a backup last night, but you never quite got a Round Tuit. This morning, you got slammed by ransomware that scrambled all your files, so you breathed in really deeply, set your jaw firmly, got out your Bitcoin wallet… …only to find that the crooks wouldn’t take your money, didn’t care about your files, just shrugged and walked away. Except they didn’t just wipe your files, they wiped everybody’s: your own files, your staff’s files, your customer’s files, along with their web server configurations, their emails, their operating systems, everything, the whole nine yards, washed down the drain, into the river, out to the North Sea. [You’re mixing your metaphors again – Ed.] And, anyway, it wasn’t the crooks that did it – it was you that did the damage, self-inflicted with a simple slip of the fingers. To explain… On a Unix-like system, rm is the command to remove a file, or to delete it, in the slightly blunter terminology of Windows. The / means “the root directory,” short for starting at the very top of everything. The -r means “recursive”, which is geek-speak for saying that you want to delete the subdirectories too, oh, and if they have subdirectories, even if they’re mapped to other drives on the network, or have removable disks mounted…heck, it means “spare nothing.” Then, to make assurance double-sure, there’s -f, for “force,” which means not only that you won’t take no for an answer, but also that you don’t even want to bother asking in the first place. Why in a script? But why would any sysadmin put rm -rf / in a script, not least because the script would inevitably be one of its own victims? [Not necessarily, e.g. due to chroot, but don’t let me interrupt you – Ed.] Surely you’d notice the self-contradictory nature of such a command? In this case, the unfortunate sysadmin had written something like: rm -rf $1/$2 The idea is that the items with the dollar signs are variables that get replaced at runtime, for example by setting $1=user/16504 and $2=retired-files/, so that the script can be used to handle archiving for different users and different directories at different times. Unfortunately, as Bleemboy himself pointed out: Those variables [were] undefined due to a bug in the code above. You can figure out what happens if you replace $1 and $2 above with nothing at all. What to do? In computer science courses – even those that supposedly don’t explicitly deal with security – you will learn (and, hopefully, learn to appreciate) all sorts of generic protections against this sort of bug. Security-conscious programming languages can help if they detect, trap and stop code where variables aren’t defined, to make sure you say what you mean, and mean what you say. Pair-programming can help, where you always work with a co-pilot, regularly swapping roles, so there are always two pairs of eyes on the job, and there’s always someone on the spot to ask the difficult questions when you start getting careless. A vigorous testing process is vital, where you don’t just crack out the code and check that it mostly works, but also produce code to help to test your code, which includes testing that it fails correctly too, an outcome that is not an oxymoron in software engineering. Security wrappers can help, too, like the safe-rm flavour of the rm command that lets you keep a “defence-in-depth” blocklist of files that should never be deleted, even if you try very hard, in order to protect you from yourself. But the big one here is backup. If ransomware has one silver lining, it’s the fact that it’s getting backup a bit closer to the front of our minds. Sursa: Sursa
  17. SpyEye Makers Get 24 Years in Prison Two hackers convicted of making and selling the infamous SpyEye botnet creation kit were sentenced in Georgia today to a combined 24 years in prison for helping to infect hundreds of thousands of computers with malware and stealing millions from unsuspecting victims. Aleksander Panin developed and sold SpyEye. Image courtesy: RT. Atlanta Judge Amy Totenberg handed down a sentence of nine years, six months for Aleksandr Andreevich Panin, a 27-year-old Russian national also known by the hacker aliases “Gribodemon” and “Harderman.” Convicted of conspiracy to commit wire and bank fraud, Panin was the core developer and distributor of SpyEye, a botnet toolkit that made it easy for relatively unsophisticated cyber thieves to steal millions of dollars from victims. Sentenced to 15 years in jail was Panin’s business partner — 27-year-old Hamza “Bx1” Bendelladj, an Algerian national who pleaded guilty in June 2015 to helping Panin develop and market the SpyEye kit. Bendelladj also admitting to running his own SpyEye botnet of hacked Windows computers, a crime machine that he used to harvest and steal 200,000 credit card numbers. By the government’s math (an assumed $500 loss per card) Bx1 was potentially responsible for $100 million in losses. “It is difficult to over state the significance of this case, not only in terms of bringing two prolific computer hackers to justice, but also in disrupting and preventing immeasurable financial losses to individuals and the financial industry around the world,” said John Horn, U.S. Attorney for the Northern District of Georgia. Sursa: Sursa
  18. Am eu o blonda sa o loviti, o gasiti pe nimfomane, top escorts bucuresti si o cheama andreea :)))
  19. Stagiu militar: satisfacuti toti
  20. Nu faceti nasoale. ca poate imi pun baietii pe voi!
  • Create New...