Jump to content

LLegoLLaS

Active Members
 View Profile  See their activity

  • Posts

    2060

  • Joined

  • Last visited

  • Days Won

    11

 Content Type 

Posts posted by LLegoLLaS

  5. BadUSB the unpatchable malware code published on Github

    in Stiri securitate

    Posted · Edited by LLegoLLaS

    mai pe romaneste: Este vorba de fapt de controllerul stickurilor si de faptul ca il poti accesa cu un simplu tool,putand sa modifici si chiar sa plantezi ceva bucurii care sa se execute la conectarea la pc (fara a avea vreo treaba cu autorun)

    Also,in acel ''kit'' e vorba de chipuri Phison, folosite in unele stickuri Verbatim,Silicon Power si posibil Apacer (din marcile cunoscute).Asta inseamna ca pentur aproape orice alt chip poate fi adaptata metoda(cele mai multe stickuri ieftine folosesc chip de la Chipsbank - CBM209x)

    Se pare ca Kingston DT microDUO foloseste chipuri Phison 2251

    Poza random cu un stick care foloseste chip Chipsbank

    3094522.jpg

    May be usefull:

    flashboot.ru , usbdev.ru

  10. Cosmote şi Romtelecom DISPAR din toamna!

    in Mobile security

    Posted

    Am renuntat la cosmote exact in ziua rebrandingului (dar fara vreo legatura cu asta) :)) @Sveratus .... cum sa fie buni si asa?E adevarat ca aveau cele mai multe minute in pretul respectiv (gen optiunea de 8 euro la 6 euro), dar calitatea serviciilor era de cacat.acoperire slaba spre deloc in afara oraselor, 3g(+) indecis si prost...nu mai vorbesc ca ei au 4g doar in sediul lor probabil :))

  12. Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm

    in Exploituri

    Posted 


    # Exploit Title: Sky Broadband Router Â? Weak algorithm used to generate WPA-PSK Key
    # Google Dork: 
    # Date: 08/08/2014
    # Author: Matt O'Connor / Planit Computing
    # Advisory Link: http://www.planitcomputing.ie/sky-wifi-attack.pdf 
    # Version: 
    # Category: Remote
    # Tested on: Sky SR101 Router



    The SR101 routers supplied by Sky Broadband are vulnerable to an offline dictionary attack if the WPA-PSK handshake is obtained by an attacker.

    The WPA-PSK pass phrase has the following features:
    Â?	Random
    Â?	A to Z Uppercase only
    Â?	8 characters long
    Â?	208,827,064,576 possible combinations ( AAAAAAAA Â? ZZZZZZZZ ) 26^8

    We notified Sky Broadband about the problem in January 2014 yet Sky Broadband are still supplying customers with routers / modems that use this weak algorithm.
    At the time, graphics cards were expensive and clustering several machines was not financially viable to the average hacker.

    We purchased a used rig in December 2013, comprising off:
    Â?	Windows 7
    Â?	I3 Processor
    Â?	4GB RAM
    Â?	2TB Drive
    Â?	Radeon HD 5850

    We generated 26 dictionary files using Â?mask processorÂ? by ATOM, piping each letter out to its own file, for example:

    A: ./mp32 A?u?u?u?u?u?u?u > A.TXT = AAAAAAAA Â? AZZZZZZZ
    B: ./mp32 B?u?u?u?u?u?u?u > B.TXT = BAAAAAAA Â? BZZZZZZZ
    etc

    Each .txt file weighed in at around 60GBÂ?s each. The 26 files took up about 1.6TB of storage.

    We now had the complete key space, partitioned into 26 different files. This allowed us to distribute the brute force attack amongst multiple computers. There are other ways with ocl-hashcat but this was the simplest.

    Using our Radeon HD5850 on standard settings, we were hitting 80,000 keys per second. Breakdown below:

    Â?	26^8 = 208,827,064,576 ( 208 billion possible combinations )
    Â?	26^8 / 80,000 keys per second = 2,610,338 seconds
    Â?	2,610,338 / 60 seconds = 43,505 minutes
    Â?	43,505 / 60 minutes = 725 hours
    Â?	725 hours / 24 hours = 30 Days

    For Â?185, we had built a computer that could crack the default Sky Broadband wireless password within 30 days. The WPA-PSK handshake we used started with the letter S and was cracked within 96 hours.

    We ended up getting a second machine for the same price which resulted in our maximum cracking time being reduced to 15 days.

    If youÂ?re using the default password on your Sky Broadband connection, we recommend changing it immediately to a more secure password, using a mix of letters, numbers and symbols.

    sursa: bugsearch.net

  17. Temperatura Procesor

    in Off-topic

    Posted

    CPU tau are TDP (total disipated power) 55W.Nu prea merita sa investesti.Daca vrei sa bagi un ban ia-ti alt procesor (un i3,i5) second hand (sandy sau ivy bridge) si apoi poti sa te gandesti la un cooler aftermarket

  22. Google makes 'Android L' developer preview available, with tons of new features

    in Stiri securitate

    Posted · Edited by LLegoLLaS

    Design takes center stage in the next version of Android, with a new look that will feature animated transitions and spruced-up interface elements. What it won't have is a catchy official name, at least for now—Google just calls it “Android L.”

    Android's latest release arrives Thursday in preview form, bringing with it an enormous number of changes highlighted by lots of user-facing interface changes and more than 5,000 API features for developers. It’s Google’s biggest release to date, and it will be available in the form of Nexus 5 and Nexus 7 images, together with an SDK for developers.

    Google spent a lot of time at Wednesday's I/O keynote in San Francisco talking about “Material Design,” its name for new features aimed at sharpening up interface elements for users. There’s a lot to unravel with Material Design, but the big takeaways are depth and animation. All interface elements can be given a “depth value” by developers, and the Material Design framework will automatically generate subtle shadows and perspective to make it clear which elements are “on top of” others.

    google_io_material_design_ripple_effect-100315135-large.jpg

    material touch animations

    It also makes it simpler for developers to make animated transitions from any screen to any other screen, even to another app, so users more easily understand how their apps are interacting. There are tons of touch animations, from ripples to shadows and bouncing, so users can be more clear about exactly where they’re touching and how the app is responding.

    Google is starting with Material Design in the Dialer app; it will bring the interface overhaul to all its apps over the coming months.

    Android L offers more than just design changes. Improvements to notifications allow users to interact with them right from the lock screen. They’re organized and prioritized, but you can always swipe down to see all of them. A new type of notification, called the “heads up notification,” can pop up over your app without stopping it, allowing you to interact with it or swipe it away without stopping what you’re doing.

    Personal Unlocking gives the OS a bunch of new ways to get into your phone. It can take cues from Bluetooth devices or location, so you can set your phone to open without asking for your PIN code if, say, it detects your watch is nearby (proving it’s you), or if it knows you’re at home. (We cover Personal Unlocking in greater detail elsewhere on the site.)

    google_io_material_design_touch-100315132-large.jpg

    Android L brings “depth” as a central element to interface design.

    As predicted, Android L drops the Davlik runtime for the new ART (“Android RunTime”), which improves performance of apps by up to 2x and reduces memory usage. L is also fully 64-bit compatible, ready for the glut of 64-bit, ARMv8 chips coming later this year.

    Graphics performance is getting a big boost with Android Extension Pack, which adds a lot of OpenGL ES extensions like tesselation, compute shaders, and geometry shaders to help “close the gap” between Android and desktop-class DirectX 11. This was demonstrated with a demo of Epic’s Unreal Engine.

    Project Volta is Google’s name for its efforts to bolster battery life in Android L. It improves the ability of the system to measure battery life, along with a host of changes to various subsystems and new scheduling features for developers. Google promises significant improvements to battery life in its new OS: up to 90 minutes more life in a typical day’s use. Oh, and there’s a new Battery Saver mode that can be triggered manually or set to trigger when the battery gets low.

    We’ll have a whole lot more about the “L” release of Android in the coming days and weeks.

    sursa

  23. Watch the realtime hacking map of the world

    in Stiri securitate

    Posted

    The constant barrage of headlines trumpeting high-profile security breaches makes it easy to understand at a high level that hack attacks are on the rise, but mere words alone don't truly convey the scope of the constant threats. A mesmerizing example of data visualization by computer security firm Norse lets you see penetration attempts in real time, via a DEFCON-esque map that feels like it was ripped right from the old WarGames movie.

    Witnessing the constant ping-ping-ping of individual penetration attempts is hypnotic. If you watch long enough, the map will explode in a frenzy of color, as coordinated mass-hack attacks blast across the globe—most often out of China, and often pointed toward the U.S. The U.S. itself is the steady number two on the map's "Attack Origins" list, however.

    But now for the really scary part: This map reveals only the tiniest possible tip of the hack-attack iceberg—penetration attempts against a subset of Norse's network of "honeypot" traps alone. The actual number of hack attempts lighting up the web at any given moment is far, far greater than this nifty experiment can ever possibly show.

    Anyway, check it out. Norse's map will give you a healthy respect for what security professionals and websites across the globe have to deal with day in and day out, far more vividly than simple statistics on a page ever could.

    Norse - IPViking Live

    sursa:pcworld.com

×
×
  • Create New...