Jump to content

Search the Community

Showing results for tags 'news'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 12 results

  1. Hi, I have a log from a newsgroup NNTP header from a newsgroup message containing 3 string/numbers which I would like to further investigate Xref: news.netfront.net 24hoursupport.helpdesk:77925 Injection-Info:logging-data="74569" AND Message-ID: qjmbe4$28q9$1@adenine.netfront.net is there a tool/script/program to query remote NNTP server adenine.netfront.net / netfront.net with those string/numbers 77925/74569/qjmbe4$28q9$1 that would return more info ? thank's in advance :)
  2. Va recomand sa cititi stirea de mai jos chiar daca e lunga. How do companies prepare for the worst? By exposing workers to lifelike crises. Early on Halloween morning, members of Facebook's Computer Emergency Response Team received an urgent e-mail from an FBI special agent who regularly briefs them on security matters. The e-mail contained a Facebook link to a PHP script that appeared to give anyone who knew its location unfettered access to the site's front-end system. It also referenced a suspicious IP address that suggested criminal hackers in Beijing were involved. "Sorry for the early e-mail but I am at the airport about to fly home," the e-mail started. It was 7:01am. "Based on what I know of the group it could be ugly. Not sure if you can see it anywhere or if it's even yours." Facebook employees immediately dug into the mysterious code. What they found only heightened suspicions that something was terribly wrong. Facebook procedures require all code posted to the site to be handled by two members of its development team, and yet this script somehow evaded those measures. At 10:45am, the incident received a classification known as "unbreak now," the Facebook equivalent of the US military's emergency DEFCON 1 rating. At 11:04am, after identifying the account used to publish the code, the team learned the engineer the account belonged to knew nothing about the script. One minute later, they issued a takedown to remove the code from their servers. With the initial threat contained, members of various Facebook security teams turned their attention to how it got there in the first place. A snippet of an online chat captures some of the confusion and panic: Facebook Product Security: question now is where did this come from Facebook Security Infrastructure Menlo Park: what's [IP ADDRESS REDACTED] Facebook Security Infrastructure Menlo Park: registered to someone in beijing… Facebook Security Infrastructure London: yeah this is complete sketchtown Facebook Product Security: somethings fishy Facebook Site Integrity: which means that whoever discovered this is looking at our code If the attackers were able to post code on Facebook's site, it stood to reason, they probably still had that capability. Further, they may have left multiple backdoors on the network to ensure they would still have access even if any one of them was closed. More importantly, it wasn't clear how the attackers posted the code in the first place. During the next 24 hours, a couple dozen employees from eight internal Facebook teams scoured server logs, the engineers' laptop, and other crime-scene evidence until they had their answer: the engineer's fully patched laptop had been targeted by a zero-day exploit that allowed attackers to seize control of it. This is only a test The FBI e-mail, zero-day exploit, and backdoor code, it turns out, were part of an elaborate drill Facebook executives devised to test the company's defenses and incident responders. The goal: to create a realistic security disaster to see how well employees fared at unraveling and repelling it. While the attack was simulated, it contained as many real elements as possible. The engineer's computer was compromised using a real zero-day exploit targeting an undisclosed piece of software. (Facebook promptly reported it to the developer.) It allowed a "red team" composed of current and former Facebook employees to access the company's code production environment. (The affected software developer was notified before the drill was disclosed to the rest of the Facebook employees). The PHP code on the Facebook site contained a real backdoor. (It was neutralized by adding comment characters in front of the operative functions.) Facebook even recruited one of its former developers to work on the team to maximize what could be done with the access. The FBI e-mail came at the request of Facebook employees in an attempt to see how quickly and effectively various employee teams could work together to discover and solve the problems. "Internet security is so flawed," Facebook Chief Security Officer Joe Sullivan told Ars. "I hate to say it, but it seems everyone is in this constant losing battle if you read the headlines. We don't want to be part of those bad headlines." The most recent dire security-related headlines came last week, when The New York Times reported China-based hackers had been rooting through the publisher's corporate network for four months. They installed 45 separate pieces of custom-developed malware, almost all of which remained undetected. The massive hack, the NYT said, was pursued with the goal of identifying sources used to report a story series related to the family of China’s prime minister. Among other things, the attackers were able to retrieve password data for every single NYT employee and access the personal computers of 53 workers, some of which were directly inside the publisher's newsroom. As thorough and persistent as the NYT breach was, the style of attack is hardly new. In 2010, hackers penetrated the defenses of Google, Adobe Systems, and at least 32 other companies in the IT and pharmaceutical industries. Operation Aurora, as the hacking campaign came to be dubbed, exploited zero-day vulnerabilities in Microsoft's Internet Explorer browser and possibly other widely used programs. Once attackers gained a foothold on employee computers, they used that access to breach other, more sensitive, parts of the companies' networks. The hacks allowed the attackers to make off with valuable Google intellectual property and information about dissidents who used the company's services. It also helped coin the term "advanced persistent threat," or APT, used to describe hacks that will last weeks or months targeting a specific organization that possesses assets the attackers covet. Since then, reports of APTs have become a regular occurrence. In 2011, for instance, attackers breached the servers of RSA and stole information that could be used to compromise the security of two-factor authentication tokens sold by the division of EMC. A few months later, defense contractor Lockheed Martin said an attack on its network was aided by the theft of the confidential RSA data relating to its SecurID tokens, which some 40 million employees use to access sensitive corporate and government computer systems. "That was the inspiration around all this stuff," Facebook Security Director Ryan "Magoo" McGeehan said of the company's drills. "You don't want the first time you deal with that to be real. You want something that you've done before in your back pocket." Even after employees learned this particular hack was only for practice—about a half hour after the pseudo backdoor was closed—they still weren't told of the infection on the engineer's laptop or the zero-day vulnerability that was used to foist the malware. They spent the next 24 hours doing forensics on the computer and analyzing server logs to unravel that mystery. "Operation Loopback," as the drill was known internally, is notable for the pains it took to simulate a real breach on Facebook's network. "They're doing penetration testing as it's supposed to be done," said Rob Havelt, director of penetration testing at security firm Trustwave. "A real pen test is supposed to have an end goal and model a threat. It's kind of cool to hear organizations do this." He said the use of zero-day attacks is rare but by no means unheard of in "engagements," as specific drills are known in pen-testing parlance. He recalled an engagement from a few years ago of a "huge multinational company" that had its network and desktop computers fully patched and configured in a way that made them hard to penetrate. As his team probed the client's systems, members discovered 20 Internet-connected, high-definition surveillance cameras. Although the default administrator passwords had been changed, the Trustwave team soon discovered two undocumented backdoors built into the surveillance cameras' authentication system. Havelt's team exploited the backdoors to remotely take control of the cameras. With the ability to view their output, change their direction, and zoom in and out, the Trustwave employees trained them on computer keyboards as employees in the unidentified company entered passwords. With the help of the cameras' 10x zoom, the pen testers were able to grab a "ton" of credentials and use them to log in to the company's network. From there, the employees escalated privileges to gain administrative control of the network. (The employees later reported the vulnerability to the camera manufacturer, resulting in the eventual release of this security advisory.) We "ended up with domain admin on the internal network just because [the client] left these cameras on the Internet," Havelt said during a talk at last year's RSA conference. Havelt recalled a separate engagement in the last 12 months that involved a different client. After his team gained access to a system that was on the company's internal network, the hired hackers injected malicious code into webpages regularly accessed by the company's developers. The malicious Java applet exploited a recently discovered vulnerability in the Java software framework that Oracle had yet to patch. With full access to one of the developer's machines, the payload installed a new set of cryptographic keys that was authorized to access the company's servers using the SSH, or secure shell protocol. With that significant toehold established, the pen testers were able to escalate their control over the client's network. Adriel Desautels, CEO of pen testing firm Netragard, is also no stranger to the use of zero-day exploits, although he said he's often able to infect his clients using less sophisticated methods. During a recent engagement for a sensitive governmental agency located in the US, for instance, his team used social engineering to trick an agency employee into clicking on a link. The link, unbeknownst to the employee, installed "Radon," which is the name of pseudo-malware designed by Netragard to allow employees the same kind of sophisticated access many state-sponsored hackers behind espionage campaigns have. With the employee's desktop computer infected, Radon rummaged through the agency's network and added malicious commands to the "batch file" every computer ran when it logged in. The modified file caused each computer to also become infected with Radon. Seizing control of hundreds of independent machines gave the Netragard hackers a higher likelihood of maintaining persistence over the network, even in the event that the initial infection was discovered and cleaned up. "Eventually, it was game over," Desautels told Ars. "We had more control over their network than they did. That's how you do it. You don't just infect one system and stick it in their network and then try to infect the company. That doesn't guarantee you're going to be successful." Desautels praised the architects of Operation Loopback because Facebook "did more than most other companies in this industry will do." But he went on to say that the engagement was significantly more limited than most attacks waged by well-funded and experienced hackers who are intent on penetrating a Fortune 500 company. "If this were a real attack, they probably would have gone after multiple employees, especially with a zero day," he explained. "Why target one user when you have potentially hundreds of users you can target and get hundreds of points of entry?" Facebook, he continued, "probably got some good insight. But [the engagement] is not nearly as realistic as it would be if it was a nation-state attack just because [Operation Loopback] was very singular." Stress testing Facebook's incident response To be fair, the drill Facebook executives devised wasn't intended to replicate every characteristic of a real-world attack. Instead, the executives wanted to develop employees' ability to work together to respond to an attack that could have a catastrophic effect on the site's security. Sullivan, Facebook's CSO, calls it a "stress test" of his incident response team. "The team had grown substantially in the prior year, and we wanted to see if everyone is going to start screaming at each other or blaming each other because 'your logging system broke,' or 'your automated alerting should have triggered over here.' That was the human side of the test." Operation Loopback also wasn't the first drill to test employees' ability to respond effectively in times of crisis. Six months earlier, McGeehan, the company's security director, installed a host of powerful hacking tools on a laptop computer, connected it to the Facebook internal wireless network, and stashed it behind a supply cabinet in a public hallway. A few days later, employees with the company's physical security team reported the discovery of the mysterious laptop to the security team, touching off another tense response. Over the following day, employees scouring server logs found the computer's MAC, or media access control, address had accessed key parts of Facebook's network. "The first thing is: 'Oh my God. Panic,'" McGeehan said as he recalled his team's response to the incident. For almost 24 hours, the situation gave most employees every indication of being real. "As we're dealing with this, we realize that our network has been intruded on by some bad guy. Everyone in this room [is] thinking about 'how are we going to tear down our entire network? How are we going to basically deal with the worse-case scenario as a security incident?" To ratchet up the stress even further, the drill organizers sent an e-mail to members of Facebook's security team a few hours after the laptop was disconnected from the Facebook network. The e-mail purported to come from members of what's known as the Koobface Gang, whose members last year were identified as the perpetrators of virulent malware that spread over the social networking site. It made a series of demands of Facebook and promised serious reprisals if they weren't met. With Project Vampire, as the drill was dubbed, the employees worked a full 24 hours before they learned it wasn't a real hack. "We felt it was a necessary thing to have a great security team to put them through this kind of stuff," Sullivan explained. The organizers made an exception, however, when early in the drill, an employee said the magnitude of the intrusion he was investigating would require him to cancel a vacation that was scheduled to begin the following week. McGeehan pulled the employee aside and explained it was only a drill and then instructed him to keep that information private. Drills that use real zero-day vulnerabilities, require outside penetration testing firms, and suck up hundreds or thousands of man hours on non-production activities are expensive to carry out. But in a post-Operation Aurora world, where companies as security-savvy as Google and RSA are hacked and ransacked of valuable data, it is becoming increasingly necessary. "These things used to be unheard of when back when, except for governmental type organizations," Trustwave's Havelt said. "Now, you're seeing this more in the private sector. It's good to see. If it were any other industry and it was any other critical function of a product not doing this you'd have people screaming that [the companies] were negligent and wanting to sue them left and right." Sursa: At Facebook, zero-day exploits, backdoor code bring war games drill to life | Ars Technica Via: Digg - What the Internet is talking about right now
  3. Two power plants in the US were affected by malware attacks in 2012, a security authority has said. US authorities did not specify which plants had been hit - and to what extent In its latest quarterly newsletter, the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said "common and sophisticated" attacks had taken place. Malware had infected each plant's system after being inadvertently brought in on a USB stick, it said. The ICS-CERT said it expected a rise in the number of similar attacks. Malware can typically used by cyber-attackers to gain remote access to systems, or to steal data. In the newsletter, authorities said: "The malware was discovered when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive's operation. "The employee routinely used this USB drive for backing up control systems configurations within the control environment." And at a separate facility, more malware was found. "A third-party technician used a USB-drive to upload software updates during a scheduled outage for equipment upgrades," the report said. "Unknown to the technician, the USB-drive was infected with crimeware. "The infection resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks." Physical effects The authority did not go into explicit details regarding the malware itself, but did stress that the use of removable media had to be reviewed and tightened. "Such practices will mitigate many issues that could lead to extended system downtime," it said. "Defence-in-depth strategies are also essential in planning control system networks and in providing protections to reduce the risk of impacts from cyber-events." In recent years, power plants have been the target of increasingly destructive malware and viruses - a bridge between damage in a digital sense, such as data loss of theft, and actual physical infrastructure. In 2010, the Stuxnet virus was said to have damaged critical parts of Iran's nuclear infrastructure. Security firm Symantec research said it believed Stuxnet had been designed to hit motors controlling centrifuges and thus disrupt the creation of uranium fuel pellets. A UN weapons inspector later said he believed the attack had set back Iran's nuclear programme. No country has claimed responsibility for the attack, but a New York Times report last year, written by the author of a book on the attacks, pointed the finger at the US. Journalist David E Sanger wrote that the US had acted with the co-operation of Israel. Via BBC News - US plants hit by USB stick malware attack
  4. Remember those faster-than-light neutrinos that supposedly defied Einstein’s speed limit? Never mind — or rather, maybe. Last September, CERN, the European Organization for Nuclear Research, based outside Geneva, announced a finding that, if true, would throw a large monkey wrench into physics as we know it. Ghostly subatomic particles known as neutrinos that were generated at CERN and beamed through the earth 453 miles to a detector in Italy appeared to be arriving at their destination about 60 billionths of a second faster than a particle of light would. In a detailed scrutiny of the experiment, CERN, which runs a particle-smashing machine called the Large Hadron Collider, found two problems with its equipment that could have affected its measurements. One is an electronic component that marked the exact times for GPS measurements. (The experiment requires such precise measurements of time and distance that even continental drift is taken into account.) The component was “clearly out of its specifications,” said Dario Autiero, a physicist who is the spokesman for the experiment. However, that error would have sped up the neutrinos even more. The second potential error is in the fiber-optic cabling that carried the GPS data five miles to the underground detector. The investigation discovered that for dimmer light pulses, the circuit receiving the data introduced delay — up to 60 billionths of a second — that could bring the neutrinos’ speed back under the speed of light. The circuit has now been fixed. The journal Science reported the potential fraying of the experiment’s conclusions — which many physicists had found hard to believe in the first place — on its Web site on Wednesday. But Dr. Autiero said the issues it identified did not conclusively prove or disprove the findings. “We are not sure of the state of this connection in the past,” he said. A new round of neutrino firings will begin in late March, and if the cable issue is at fault, the answer will be resolved shortly afterward.
  5. The Air Force Special Operations Command (AFSOC) on Wednesday canceled without explanation a plan to buy nearly 3,000 iPad 2s to be used as electronic flight bags. Announced in January, the initiative would have seen AFSOC purchase 2,861 iPad 2 units for use in the Command’s fleet of surveillance aircraft and helicopter gunships. As in the commercial airline industry, the devices would have been used to replace 40 pounds of manuals and navigation charts typically carried by pilots and navigators. That seems a sensible plan, and it’s not clear why AFSOC has scrapped it. Some theorize that the Command’s decision to outfit the iPads with GoodReader, a popular iPad document reader created by a Russian software developer, raised security concerns and questions about how well the plan had been vetted. Others wonder if the agency has simply postponed the initiative until the iPad 3 debuts. According to AFSOC spokeswoman Capt. Kristen Duncan, the Command is still very much interested in using tablets to lighten the load of flight crews. “[The Command] continues to explore options to develop the electronic flight bag program,” she told Nextgov.co. “We continue to look at each component of the [electronic flight bag] program to ensure we do the right thing for our airmen, don’t introduce unnecessary risk into operations and provide the best tools available to conduct the mission.” Source: Air Force cancels order for 3,000 Apple iPads | Fox News
  6. Google is prepping a pair of augmented reality glasses, which would allow users to receive, via a data connection, real-time information on their surroundings. According to a new report in The New York Times, the glasses – or Google goggles, if you like – will hit shelves by the end of the year, and retail for somewhere between $250 and $600. (The Times describes the glasses as being priced like an unsubsidized smartphone.) Unsurprisingly, Google has declined comment on the rumor, but the news does sync with a December post from Seth Weintraub, a blogger with 9 to 5 Google. The Google glasses, Weintraub wrote at the time, would "tie into Google’s location services. A user can walk around with information popping up and into display – Terminator-style – based on preferences, location and Google’s information." Think you're a true geek? Take our quiz Weintraub says the goggles will resemble the Oakley Thumps, a pair of sunglasses equipped with an MP3 player. All of which, of course, sounds both immensely cool and terribly dorky. (Not to mention potentially fatal. You think people have trouble concentrating on walking and smartphone using now? Try giving them a pair of glasses with a camera and a heads-up display and a bunch of streaming imagery.) Of course, as Damon Brown notes in a smart piece over at PC World, Google has plenty of reasons to want to shill its own augmented-reality glasses. "Glasses are actually the final piece to Google’s mission: To know what a user doing every single moment of the day," Brown writes. "The search giant already is unifying some 60-odd products into one log-in for continuous online tracking. And, as we reported last week, it’s enticing you to use Google to come up with those web passwords." Sound a little paranoid? Wi-Fi and 3G equipped goggles would allow Google access not just to your location, but to the advertisements that catch your attention, the identity of your friends and family, the whole of the world as you see it. And that's scary stuff. Source: Google glasses, due this year, turn seeing into searching - CSMonitor.com
  7. The National Security Agency (NSA) is apparently concerned that ********* will try to take down the nation's electrical grid via a cyberattack, according to a new report. *********, however, says the claims are just fear-mongering. Gen. Keith Alexander, director of the NSA, discussed the possibility of an *********-led attack in meetings with the White House and other officials, according to the Wall Street Journal. Alexander has not publicly discussed the power supply angle, but has mentioned *********' ability to go after computer networks, the Journal said. When asked for comment, an NSA spokeswoman said "it wouldn't be appropriate for us to discuss any alleged comments or internal meetings." *********, however, insisted that it has no plans to disrupt the electrical grid. "Ridiculous! Why should ********* shut off power grid? Makes no sense! They just want to make you feel afraid," according to a post on the AnonOps blog. The NSA news comes amidst reports that ********* also had plans to shut down the Internet on March 31, something the group also denied. "GlobalBlackOut is another Fake Operation. No intention of #********* to cut Internet," @AnonOps tweeted today. Indeed, that would be rather bizarre, given the fact that those associated with ********* have fought quite hard to maintain openness on the Web. The group was a vocal opponent against the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA), and has launched distributed denial of service (DDoS) attacks against groups attempting to shut down websites over copyright infringement, like Megaupload . But while ********* might not have plans to take down the Internet or our electrical grid, the group has gone after the websites of U.S. agencies with whom it disagrees. In the wake of the Megaupload takedown, ********* launched successful DDoS attacks against the Department of Justice website and earlier this month, it also took down the CIA website . This is not the first time the government has tangled with *********, meanwhile. Back in October, a Department of Homeland Security (DHS) memo said ********* is probably not yet organized enough to carry out a devastating attack on an critical infrastructure here in the U.S., but given time and resources, it might be possible. Also last year, NATO called out ********* in a draft general report about information and national security. That report noted that "********* is becoming more and more sophisticated and could potentially hack into sensitive government, military, and corporate files." As a result, ********* breached NATO databases and stole about 1GB of data. Source: NSA Reportedly Concerned About Anonymous Power Grid Attack | News & Opinion | PCMag.com - Deci deja incep astia cu atacuri false doar pentru a putea implementa legi.. trist..
  8. It's long been known that Canonical has set its sights on mobile devices as the next destination for its popular Ubuntu Linux operating system, and on Tuesday the company took the next big step in that direction by announcing Ubuntu for Android. Designed to coexist with Android on users' multicore smartphones, the new version of Ubuntu is designed to launch the full Ubuntu desktop when the phone is docked with a keyboard and monitor. The rest of the time, the phone runs Android as usual. All data and services are shared between the Ubuntu and Android environments, so Android data and applications such as contacts, telephony, and SMS/MMS messaging are accessible from the Ubuntu interface. “The desktop is the killer app for quad-core phones in 2012,” said Canonical founder Mark Shuttleworth in the Canonical announcement. “Ubuntu for Android transforms your high-end phone into your productive desktop, whenever you need it.” I had a chance to speak with Canonical CEO Jane Silber on Monday about the new Ubuntu flavor, which will be demonstrated at Mobile World Congress in Barcelona next week. Here are some of the highlights of what she told me. 'Ubuntu Remains Free' Also from Canonical, of course, we've just recently seen the debut of a version of the free and open source Ubuntu Linux tailored for businesses as well as one for TVs. A tablet version is expected too. Silber didn't have any news to share on the tablet side this week, but she said that Canonical's ultimate goal for Ubuntu is to deliver a “compelling and consistent” user experience across form factors, extending naturally from its desktop roots. “We think Ubuntu continues to be the best alternative for manufacturers worried about vendor lock-in,” she told me. “Canonical's business model is, Ubuntu remains free, and we provide services to users and industry.” As a longtime Ubuntu fan, I have to admit I'm especially excited by the prospect of having my Ubuntu desktop available on my phone, wherever I go. How about you? Is this something you think will be useful? Source and more details: Ubuntu for Android Will Bring the Desktop to Your Phone | PCWorld Business Center
  9. Google was caught last week bypassing default privacy settings in the Safari browser in order to serve up tracking cookies. The company claimed the situation was an accident and limited only to the Safari web browser, but today Microsoft claimed Google is doing much the same thing with Internet Explorer. In a blog post titled “Google bypassing user privacy settings” Microsoft’s IE Corporate Vice President Dean Hachamovitch states that “When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too? We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies.” Hachamovitch explains that IE’s default configuration blocks third-party cookies unless presented with a “P3P (Platform for Privacy Preferences Project) Compact Policy Statement” indicating that the site will not use the cookie to track the user. Microsoft accuses Google of sending a string of text that tricks the browser into thinking the cookie won’t be used for tracking. “By sending this text, Google bypasses the cookie protection and enables its third-party cookies to be allowed rather than blocked,” Microsoft said. The text allegedly sent by Google actually reads “This is not a P3P policy” and includes a link to a Google page which says cookies used to secure and authenticate Google users are needed to store user preferences, and that the P3P protocol “was not designed with situations like these in mind.” Microsoft said it has contacted Google to ask the company to “commit to honoring P3P privacy settings for users of all browsers.” Microsoft also updated the Tracking Protection Lists in IE9 to prevent the tracking described by Hachamovitch in the blog post. Ars has contacted Google to see if the company has any response to the Microsoft allegations, and we’ll update this post if we hear back. UPDATE: It turns out Facebook and many other sites are using an almost identical scheme to override Internet Explorer’s privacy setting, according to privacy researcher Lorrie Faith Cranor at Carnegie Mellon University. “Companies have discovered that they can lie in their [P3P policies] and nobody bothers to do anything about it,” Cranor wrote in a recent blog post. UPDATE 2: Google has gotten back to us with a lengthy reply, arguing that Microsoft’s reliance on P3P forces outdated practices onto modern websites, and points to a study conducted in 2010 (the Carnegie Mellon research from Cranor and her colleagues) that studied 33,000 sites and found about a third of them were circumventing P3P in Internet Explorer. “Microsoft uses a ‘self-declaration’ protocol (known as ‘P3P’) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form,” Google Senior VP of Communications and Policy Rachel Whetstone says in a statement e-mailed to Ars. “It is well known—including by Microsoft—that it is impractical to comply with Microsoft’s request while providing modern web functionality.” Facebook’s “Like” button, the ability to sign into websites using your Google account “and hundreds more modern web services” would be broken by Microsoft’s P3P policy, Google says. “It is well known that it is impractical to comply with Microsoft’s request while providing this web functionality,” Whetstone said. “Today the Microsoft policy is widely non-operational.” That 2010 research even calls out Microsoft’s own msn.com and live.com for providing invalid P3P policy statements. The research paper further states that “Microsoft’s support website recommends the use of invalid CPs as a work-around for a problem in IE.” Source: Google Tricks Internet Explorer into Accepting Tracking Cookies, Microsoft Claims | Webmonkey | Wired.com
  10. ZeroEX - Am creat acest site pentru a satisface curiozitatea fiecarui om de zi cu zi punandui intrebari si oferindui raspunsuri ce nu doar ii vor satisface nevoia de a invata ceva nou in fiecare zi dar ajutandul sa isi ascuta mintea in fiecare zi! Cred ca ZeroEX este un site pe care il poti viziona [il vei putea viziona] in fiecare dimineata cu o cafea in mana invatand ceva nou si citind ultimele stiri din lume. Site-ul nu este nici pe aproape terminat dar ma gandeam ca voi primi un feedback pozitiv ce ma va ajuta la dezvoltarea corecta a site-ului. Orcine este interesat sa scrie pe el [PM] Orcine vrea sa facem schimb de linkuri [PM], am mult loc deasupra meniului si sub el si in footer! Sugestii, Pareri, Ideii mai jos.
  11. Un nou blog cu stiri din toate domeniile it. Astept pareri si sugestii! StealData.CoM | News, Security, Windows, Hacking EDIT: Cine vrea backlink, sa imi dea pm!
  12. Sursa:Iranian Group Says It Hacked VOA Web Site VOA Breaking News Imi cer scuze daca a mai fost postat.Am dat search dar nu am gasit. LE: au scos repede deface-ul respectiv dar se pare ca inca mai au probleme http://www.voanews.com/english/search/?run=Y&c=%3CIMG%20%22%22%22%3E%3CSCRIPT%3Ealert(%22m0rphic%20RST%22)%3C/SCRIPT%3E%22%3E
×
×
  • Create New...