Jump to content

Search the Community

Showing results for tags 'account'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges
    • Bug Bounty
    • Programare
    • Reverse engineering & exploit development
    • Mobile phones
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Sugestii
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Cumparaturi online's Test
  • Web Development's Forum

Categories

There are no results to display.

There are no results to display.

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 27 results

  1. 1. Intrati pe Cuyahoga County Public Library 2. Click pe "My Account" si apoi "Create Account" 2. Deschideti Fake Name Generator 3. Introduceti datele de pe Fake Name Generator in contul de Cuyahoga Library, cu doua mentiuni: puneti cod postal de Ohio si adresa de e-mail la care sa aveti acces. 4. Intrati pe E-Mail si copiati Acces Number-ul, dupa care va logati pe Cuyahoga County Public Library, introduceti doar Acces Number-ul, dupa care va pune sa va creati un PIN Number format din 4 cifre. 5. Intrati pe Lynda.com, selectati "Sign In", dupa care selectati "Sign in with your organization portal". Acolo introduceti link-ul de la librarie, dupa care Acces Number-ul si PIN-ul pe care tocmai vi l-ati ales. Si gata, aveti cont. Daca aveti intrebari, intrebati-ma in mod inteligent. Daca stiati deja asta, puteti sari peste topic. Nu stiu cat dureaza chestia asta, insa chiar si o luna daca aveti acces, este ok. Va ia maxim 5 minute sa creati tot ceea ce am explicat mai sus. Hai bafta. EDIT: Nu numai la Cuyahoga Library merge. Puteti intra pe Free Library si va alegeti de acolo o librarie, insa una care sa emita card online. Cu tot cu AN si PIN.
  2. Va salut si apelez la priceputii in ale "iphoanelor". Am vrut sa mut toate datele importante de pe un 5s pe un 6(mesaje, contacte, note, aplicatii etc.). Pe 5s fiind un cont icloud la care posesorul nu mai are acces, nu am putut sa le transfer prin cloud si am ales varianta cu itunes-ul. In urma restore-ului nu m-am gandit ca se poate sa imi puna pe telefonul nou contul icloud fara ca eu sa am acces la contul respectiv( si daca imi cerea parola, cum mi s-ar fi parut normal, nu o stiam si nu mi lasa telefonul blocat pe cont). Dupa restore, ma trezesc cu contul icloud la care nu am acces pe telefonul nou. Exista vreo solutie sa elimin contul de pe telefon? Sau e ca si cum as fi bagat eu contu si parola pe telefon si raman cu el asa forever? Multumesc oricui se incumeta sa ma ajute! Versiune iOS 9.0.2
  3. I need an amazon account that is verified and just has free tier level. I am willing to trade whatever... i can offer a variety of hckd underground stuff, or if you prefer i have cracked some good tools webinspect 10.40, appscan 9.0.2.0, netsparker 4.0.1.0, acunetix 9.5 2015-latestest-patch, cobalt strike 2.4, etc etc. if you cant help me with amazon acct then i guess some working admin rdp would be about what i need. i already have many vnc (thank you hubba) but need less visible remote platform. ok, i am posting to the off topic section because im not sure where else might be best. thanks
  4. Step 1: Register a new account and when you fill your name and other things,you have to choose as country of residence Germany. Step2: Once you made the account you log-in and go onto the shop,chose whatever you want like wow. Step 3: Once you reach the payement site you have to chose as payment method “direct debit”,fill the iban case whit a fake iban such as “ DE24416517704804165985 “ you can take those from fake identity sites like : ”Fake-it.biz - Fake the World “ (you can use the same iban multiple times) Enjoy! N-am mai stat sa-l traduc. Probabil ca dupa vreo 1-2 zile de la cumparare o sa va intrerupa comanda, daca e asa, comandati din nou.
  5. Bad news first, folks. LastPass, our favorite password manager (and yours) has been hacked. It’s time to change your master password. The good news is, the passwords you have saved for other sites should be safe.The Intermediate Guide to Mastering Passwords with LastPass LastPass has announced on their company blog that they detected an intrusion to their servers. While encrypted user data (read: your stored passwords for other sites) was not stolen, the intruders did take LastPass account email addresses, password reminders, server per user salts, and authentication hashes. The latter is what’s used to tell LastPass that you have permission to access your account. According to LastPass, the authentication hashes should be sufficiently encrypted to prevent anyone from using them to access your account. However, the company is still prompting all users to update their master password that they use to log in to their LastPass account. If you use LastPass, you should do this immediately. If you share that master password with any other services, you should change it there, too. Finally, if you haven’t enabled two-factor authentication you should do that immediately here. Here's Everywhere You Should Enable Two-Factor Authentication Right Now We’ve talked about what happens if LastPass gets hacked before. As it stands, it doesn’t seem that this hack resulted in any significant data losses for users. However, it’s still important to take steps necessary to protect your account as soon as you can. LastPass Hacked, Change Your Master Password Now
  6. The hugely popular smartphone messaging service WhatsApp, acquired by Facebook for over $20 billion last year, has reportedly been found to be prone to hijacking without unlocking or knowing your device password, making its hundreds of Millions of users vulnerable to, not just hackers, but also non-technical people. This trick lets anyone surrounds you to get effectively control over your WhatsApp account. The attacker needs nothing more than a phone number of the target person and access to the target mobile phone for a few seconds, even if it is locked. Hacking Whatsapp account in such scenario is not hard for your friends and colleagues. This is not actually a loophole or vulnerability in WhatsApp, and rather it is just the way WhatsApp is designed and its account setup mechanism works. NOTE: Moreover, we aren’t encouraging users to hack others WhatsApp account, but the purpose of publishing this article is to warn and remind our readers that you should be extra careful to whom you lend your mobile phone and not to leave it unattended for longer durations with strangers around. The trick enables the offender to get full control over the victim’s WhatsApp account in no time and the most surprising part is that it independently works on all mobile platforms, including Android, Windows and Apple’s iOS. Here’s How to Hijack someone else’s WhatsApp Account? Below are the clear steps to hack the WhatsApp account on any Smartphones: Begin by setting up a WhatsApp account on a new mobile phone using the phone number of your target. During the setup process, WhatsApp will call the target’s phone number and will provide a PIN that needs to be entered for the authentication of the account. If you already have access to the victim’s phone, you can just answer the phone call and grab the code with no efforts. Even if the victim has a lock screen enabled on the phone, you can receive the phone call to get the secret PIN. Using this known and simple trick your colleagues can hijack your WhatsApp Account easily. The worst case is with iPhones: Things get even worse on iPhone if the users have configured their iPhones with Siri authentication for the lock screen, because all the contact details are available to access the Siri’s settings, effectively giving everyone access to their phone number without the need for a PIN. Thus, if you try to steal the account information of WhatsApp, without even having the phone number of the target user, you can just call your number from target’s phone using Siri. Just check the given video demonstration that explains the simple trick of taking control of anyone’s WhatsApp account. Source
  7. Salut , aveti careva account pe EUNE lvl 5-9 de care nu mai aveti nevoie de ele si mi le puteti da mie! Multumesc Anticipat
  8. Document Title: =============== PayPal Inc Bug Bounty #114 - JDWP Remote Code Execution Vulnerability References (Source): ==================== [url]http://www.vulnerability-lab.com/get_content.php?id=1474[/url] Video: [url]http://www.vulnerability-lab.com/get_content.php?id=1474[/url] Vulnerability Magazine: [url=http://magazine.vulnerability-db.com/?q=articles/2015/04/28/paypal-inc-bug-bounty-jdwp-remote-code-execution-vulnerability]PayPal Inc Bug Bounty - JDWP Remote Code Execution Vulnerability | VULNERABILITY MAGAZINE - Bug Bounties, Acknoweldgements & Security Research[/url] Release Date: ============= 2015-04-28 Vulnerability Laboratory ID (VL-ID): ==================================== 1474 Common Vulnerability Scoring System: ==================================== 9.3 Product & Service Introduction: =============================== PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders. Originally, a PayPal account could be funded with an electronic debit from a bank account or by a credit card at the payer s choice. But some time in 2010 or early 2011, PayPal began to require a verified bank account after the account holder exceeded a predetermined spending limit. After that point, PayPal will attempt to take funds for a purchase from funding sources according to a specified funding hierarchy. If you set one of the funding sources as Primary, it will default to that, within that level of the hierarchy (for example, if your credit card ending in 4567 is set as the Primary over 1234, it will still attempt to pay money out of your PayPal balance, before it attempts to charge your credit card). The funding hierarchy is a balance in the PayPal account; a PayPal credit account, PayPal Extras, PayPal SmartConnect, PayPal Extras Master Card or Bill Me Later (if selected as primary funding source) (It can bypass the Balance); a verified bank account; other funding sources, such as non-PayPal credit cards. The recipient of a PayPal transfer can either request a check from PayPal, establish their own PayPal deposit account or request a transfer to their bank account. PayPal is an acquirer, performing payment processing for online vendors, auction sites, and other commercial users, for which it charges a fee. It may also charge a fee for receiving money, proportional to the amount received. The fees depend on the currency used, the payment option used, the country of the sender, the country of the recipient, the amount sent and the recipient s account type. In addition, eBay purchases made by credit card through PayPal may incur extra fees if the buyer and seller use different currencies. On October 3, 2002, PayPal became a wholly owned subsidiary of eBay. Its corporate headquarters are in San Jose, California, United States at eBay s North First Street satellite office campus. The company also has significant operations in Omaha, Nebraska, Scottsdale, Arizona, and Austin, Texas, in the United States, Chennai, Dublin, Kleinmachnow (near Berlin) and Tel Aviv. As of July 2007, across Europe, PayPal also operates as a Luxembourg-based bank. On March 17, 2010, PayPal entered into an agreement with China UnionPay (CUP), China s bankcard association, to allow Chinese consumers to use PayPal to shop online.PayPal is planning to expand its workforce in Asia to 2,000 by the end of the year 2010. (Copy of the Homepage: [url=http://www.paypal.com]Send Money, Pay Online or Set Up a Merchant Account - PayPal[/url]) [[url=http://en.wikipedia.org/wiki/PayPal]]Bad title - Wikipedia, the free encyclopedia[/url] Abstract Advisory Information: ============================== An independent Vulnerability Laboratory Researcher discovered a remote code execution vulnerability in the official PayPal Inc Marketing online-service web-application. Vulnerability Disclosure Timeline: ================================== 2015-04-05: Researcher Notification & Coordination (Milan A Solanki - Safehacking4mas) 2015-04-06: Vendor Notification (PayPal Inc - Security & Bug Bounty Team) 2015-04-07: Vendor Response/Feedback (PayPal Inc - Security & Bug Bounty Team) 2015-04-09: Vendor Fix/Patch (PayPal Inc - Developer Team) 2015-04-28: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== PayPal Inc Product: Marketing Application & Service (HK) 2015 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== Critical Technical Details & Description: ================================ A remote code execution vulnerability has been discovered in the JDWP protocol of the PayPal Inc Marketing online service web-server. The vulnerability allows remote attackers to execute system specific code against a target system to compromise the webserver. The Java Debug Wire Protocol (JDWP) is the protocol used for communication between a debugger and the Java virtual machine (VM) which it debugs (hereafter called the target VM). JDWP is one layer within the Java Platform Debugger Architecture (JPDA). JDWP does not use any authentication and could be abused by an attacker to execute arbitrary code on the affected server. The tool that i used to disclose is the jdwp-shellifier. I scanned the marketing site and it had opened port 8000 (pre-auth) than i just executed after accepted connection my commands and finally disclosed a remote code execution issue. Vulnerable Protocol(s): [+] JDWP Port(s): [+] 8000 Proof of Concept (PoC): ======================= The remote code execution web vulnerability can be exploited by remote attackers without privileged application user account or user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the security vulnerability ... 1. Scan the site with the jdwp-shellifier tool ([url]https://github.com/IOActive/jdwp-shellifier[/url]) 2. Open port 8000 and connect to the service without auth 3. Execute own server-side commands as root user 4. Successful reproduce of the vulnerability! Note: Please watch the poc demo video! Solution - Fix & Patch: ======================= 2015-04-09: Vendor Fix/Patch (PayPal Inc - Developer Team) Security Risk: ============== The security risk of the remote code execution vulnerability in the jdwp protocol is estimated as critical. (CVSS 9.3) Credits & Authors: ================== Milan A Solanki - (milans812@gmail.com) [[url]www.safehacking4mas.blogspot.in][/url] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: [url]www.vulnerability-lab.com[/url] - [url]www.vuln-lab.com[/url] - [url]www.evolution-sec.com[/url] Contact: [email]admin@vulnerability-lab.com[/email] - [email]research@vulnerability-lab.com[/email] - [email]admin@evolution-sec.com[/email] Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or [email]research@vulnerability-lab.com[/email]) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: [url]www.vulnerability-lab.com[/url] CONTACT: [email]research@vulnerability-lab.com[/email] PGP KEY: [url]http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt[/url] Source: http://dl.packetstormsecurity.net/1504-exploits/VL-1474.txt
  9. Document Title: =============== PayPal Inc Bug Bounty #113 - Client Side Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1453 Video: http://www.vulnerability-lab.com/get_content.php?id=1454 View: https://www.youtube.com/watch?v=v5egy9V_Bs0 Release Date: ============= 2015-04-18 Vulnerability Laboratory ID (VL-ID): ==================================== 1453 Common Vulnerability Scoring System: ==================================== 3.4 Product & Service Introduction: =============================== PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders. Originally, a PayPal account could be funded with an electronic debit from a bank account or by a credit card at the payer s choice. But some time in 2010 or early 2011, PayPal began to require a verified bank account after the account holder exceeded a predetermined spending limit. After that point, PayPal will attempt to take funds for a purchase from funding sources according to a specified funding hierarchy. If you set one of the funding sources as Primary, it will default to that, within that level of the hierarchy (for example, if your credit card ending in 4567 is set as the Primary over 1234, it will still attempt to pay money out of your PayPal balance, before it attempts to charge your credit card). The funding hierarchy is a balance in the PayPal account; a PayPal credit account, PayPal Extras, PayPal SmartConnect, PayPal Extras Master Card or Bill Me Later (if selected as primary funding source) (It can bypass the Balance); a verified bank account; other funding sources, such as non-PayPal credit cards. The recipient of a PayPal transfer can either request a check from PayPal, establish their own PayPal deposit account or request a transfer to their bank account. PayPal is an acquirer, performing payment processing for online vendors, auction sites, and other commercial users, for which it charges a fee. It may also charge a fee for receiving money, proportional to the amount received. The fees depend on the currency used, the payment option used, the country of the sender, the country of the recipient, the amount sent and the recipient s account type. In addition, eBay purchases made by credit card through PayPal may incur extra fees if the buyer and seller use different currencies. On October 3, 2002, PayPal became a wholly owned subsidiary of eBay. Its corporate headquarters are in San Jose, California, United States at eBay s North First Street satellite office campus. The company also has significant operations in Omaha, Nebraska, Scottsdale, Arizona, and Austin, Texas, in the United States, Chennai, Dublin, Kleinmachnow (near Berlin) and Tel Aviv. As of July 2007, across Europe, PayPal also operates as a Luxembourg-based bank. On March 17, 2010, PayPal entered into an agreement with China UnionPay (CUP), China s bankcard association, to allow Chinese consumers to use PayPal to shop online.PayPal is planning to expand its workforce in Asia to 2,000 by the end of the year 2010. (Copy of the Homepage: www.paypal.com) [http://en.wikipedia.org/wiki/PayPal] Abstract Advisory Information: ============================== An independent Vulnerability Laboratory researcher discovered a client-side cross site scripting web vulnerability in the official PayPal Inc online service web-application. Vulnerability Disclosure Timeline: ================================== 2014-12-30: Researcher Notification & Coordination (Milan A Solanki) 2014-12-31: Vendor Notification (PayPal Inc - Bug Bounty Team) 2015-01-08: Vendor Response/Feedback (PayPal Inc - Bug Bounty Team) 2015-01-15: Vendor Fix/Patch (PayPal Inc - Developer Team) 2015-04-18: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== PayPal Inc Product: PayPal - Online Service Web Application 2015 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A non persistent cross site scripting web vulnerability has been discovered in the official PayPal Inc online service web-application. The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions data by client-side manipulated cross site requests. The vulnerability is located in the `q` values of the merchant search module. Remote attackers are able to inject own script codes to the vulnerable GET method request of the merchant search module. The attack vector of the vulnerability is located on the client-side of the paypal online service web-application. The request method to inject the script code on client-side is `GET`. The injection point of the issue is the vulnerable `q` value in the search engine and the script code execution point is located in the results output context page. The security risk of the non-persistent input validation web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.4. Exploitation of the client-side cross site scripting web vulnerability requires low user interaction (click) and no privileged application user account. Successful exploitation results in client-side account theft by hijacking, client-side phishing, client-side external redirects and non-persistent manipulation of affected or connected service modules. Request Method(s): [+] GET Vulnerable Service(s): [+] PayPal Inc (paypal.com) Vulnerable Module(s): [+] Merchant Search Vulnerable Parameter(s): [+] q Affected Section(s): [+] Merchant Search Results Proof of Concept (PoC): ======================= The client-side cross site scripting web vulnerability can be exploited by remote attackers without privileged application user account and with low user interaction (click). For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. PoC: Example https://www.paypal.com/directory/merchants?q=directory/merchants?q=&q=q=directory/merchants?q=&q=[CROSS SITE SCRIPTING VULNERABILITY!] PoC: Payload(s) https://www.paypal.com/directory/merchants?q=directory/merchants?q=&q=q=directory/merchants?q=&q=%22%3E%3Cimg%20src=x%20onerror=prompt%28document.domain%29%3E https://www.paypal.com/directory/merchants?q=directory/merchants?q=&q=q=directory/merchants?q=&q=%22%3E%3Ciframe%20src=x%20onerror=prompt%28document.cookie%29%3E Reference(s): https://www.paypal.com/directory/merchants?q=directory/merchants?q= https://www.paypal.com/directory/merchants?q=directory/merchants?q=&q=q=directory/merchants?q=&q= Solution - Fix & Patch: ======================= 2015-01-15: Vendor Fix/Patch (PayPal Inc - Developer Team) Security Risk: ============== The security risk of the client-side cross site scripting web vulnerability in the `q` merchant search value is estimated as medium. (CVSS 3.4) Credits & Authors: ================== Milan A Solanki - (milans812@gmail.com) [www.safehacking4mas.blogspot.in] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright Š 2015 | Vulnerability Laboratory - [Evolution Security GmbH]â? -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt Source: http://packetstorm.wowhacker.com/1504-exploits/VL-1453.txt
  10. Sveratus

    Scam

    l-am primit in casuta spam de la acest individ care ma crede idiot, a mai primit cineva atata generozitate?? :"> Dear Friend, email: mohamadhas918@gmail.com We want to transfer to overseas ($15,300.000.00 USD) I want to ask you to quietly look for a reliable and honest person who will be capable and fit to provide either an existing bank account or to set up a new Bank account immediately to receive this money, even an empty account can serve to receive this funds quietly.I am revealing this to you with believe in God that you will never let me down in this business, you are the first and the only person that I am contacting for this business, so please reply urgently so that I will inform you the next step to take urgently.email: mohamadhas918@gmail.com Send also your private telephone and fax number including the full details of the account to be used for the deposit. I need your full cooperation to make this work fine. because the management is ready to approve this payment to any foreigner who has correct information of this account, which I will give to you, upon your positive response and once I am convinced that you are capable and will meet up with instruction of a key bank official who is deeply involved with me in this business.At the conclusion of this business, you will be given 40% of the total amount, while 60% will be for me as pioneer of this business.I look forward to your earliest reply with re-confirm below information's.email: mohamadhas918@gmail.com (1)Full names:email: mohamadhas918@gmail.com (2)Occupation: (3)Age and Sex: (4)Marital Status: (5)Private phone number: (6)Current residential address: (7) Copy of your International passport or any Identity Card. Pls reply through my private email: mohamadhas918@gmail.com Sincerely, Best regard Mr.mohamad Hassan Mesaju in totalitate vine de la mrmohamad3@aol.fr cine vrea sa-i arda un flood bomb e invitatul meu
  11. Vand Minecraft Premium account cu intrebari securitate si tot, cont migrat pe Mojang (se poate migra din nou pe emailul vostru propriu, ca la steam). Vreau credit cosmote (transfer sau cod reincarcare). Trimite un pm daca esti interesat sau lasa un reply.
  12. Product Description CloudBerry Box provides bi-directional synchronization of data across remote computers. Synchronization between end-points is performed through your cloud storage account. No 3rd party services involved into data processing. Sync local content on several computers. All changes automatically apply across all end-points Use your own cloud storage account to synchronize data on remote computers. Amazon S3, Microsoft Azure, Google Cloud, Rackspace and other. Download and install CloudBerry Box on all computers you want to synchronize. Set up your cloud storage account and specify local folder to store synchronized data on each of the machines. All changes made to the folder and contents will be automatically uploaded to the cloud and applied to all computers sharing access to the cloud storage account. All data moves through direct connections between end-points and your cloud storage account. No 3rd party web services involved in data transfers or processing. -> Download <-Deal Expire in:
  13. A cross-site request forgery (CSRF) vulnerability in the website of hotel chain Hilton Worldwide could have inadvertently compromised much of its users’ personal information. Ironically the since-fixed issue stemmed from a promotion the chain was offering to users if they changed their passwords on a benefits service it runs. As part of the offer, users who changed passwords associated with their Hilton Honors account before April 1 would be given 1,000 free awards points. According to Krebs on Security, until Hilton fixed a loophole in its system, the same promotion could have let anyone hijack the account of someone who switched his or her password as long as the attacker could guess their nine-digit account number correctly. By reconfiguring the site’s HTML and reloading the page, attackers could have gleaned additional information, like the customers’ email address, physical address, and the last four digits of any credit card number they may have had on file. Attackers basically would have had complete access to the person’s account. They could have changed the password associated with it, viewed upcoming and past trips, and allowed them to use the victim’s points to book future trips. The vulnerability could have even let the attackers liquidate the user’s account and funnel their points into prepaid debit cards or into another user’s account. Researchers Brandon Potter and JB Snyder at the security firm Bancsec logged into Krebs’ Hilton account and forwarded him screenshots as proof they had found a vulnerability. It was only after Krebs contacted the hotel company that it stopped allowing users to reset their passwords and fixed the issue. “Hilton Worldwide recently confirmed a vulnerability on a section of our Hilton Honors website, and we took immediate action to remediate the vulnerability,” Hilton said in statement, according to Krebs. On top of the CSRF vulnerability, apparently Hilton didn’t enforce users to re-enter their current passwords when changing to a new one. Its site even told users whether each nine-digit number they entered was valid, according to Krebs, something which could have compounded the issue further. Attackers could have rigged the PIN reset page checker to determine users’ PINs, Snyder told Krebs. “There are a billion combinations but this… could be easily automated,” Snyder said. Hilton Hotels did fix the issue and now forbids users from using a PIN as their password. Instead users are prompted to pick a password that consists of at least eight characters, one uppercase, and a number or special character. Users can apparently still change their password without entering their current password however. Source
  14. https://www.flickr.com/photos/spacexphotos
  15. Yahoo has launched an on-demand password service that lets forgetful customers tie their account security to their mobile phone. Yahoo director of product management Chris Stoner announced the service, which US users can opt into now. The 'On-demand passwords' feature can be activated in the security section of Yahoo accounts' settings menu. Once activated, the user will be instructed to enter their mobile phone number. From this point on, whenever the customer attempts to open their account Yahoo will send a custom unlock code to their phone, removing the need for them to remember a password. Stoner said the service is part of Yahoo's ongoing efforts to make account security easier for users. "We've all been there. You're logging into your email and you panic because you've forgotten your password. After racking your brain for what feels like hours, it finally comes to you. Phew," he said. "Today, we're hoping to make that process less anxiety-inducing by introducing on-demand passwords, which are texted to your mobile phone when you need them. You no longer have to memorise a difficult password to sign in to your account - what a relief." The service is available to US users now. There is no confirmed UK release date and at the time of publishing Yahoo had not responded to V3's request for comment on when it will roll out the service in Europe. The release follows reports that many users are still failing to take even basic cyber defence measures to protect their personal data. Yahoo CEO Marissa Mayer controversially revealed she does not lock her smartphone with a password or gesture, as it made unlocking the device "too time-consuming". Yahoo is one of many companies to experiment with alternative password security services. Apple and Samsung added biometric fingerprint scanners to their latest iPhone 6 and Galaxy S6 smartphones. Source
  16. MyBB’s official Twitter profile and a staff member’s accounts were hijacked in late January. The developers of the popular open source forum software have now provided details on the incident. According to the MyBB team, someone gained unauthorized access to the community forum account and the personal website of a staff member. The password for the @mybB Twitter account was stored in plaintext in one of the threads, allowing the attacker to take over the organization’s social media account. The hacker used the hijacked Twitter account to post offensive messages, MyBB staff IP addresses, and installation statistics. The attacker also claimed to have gained access to information on unpatched SQL injection and cross-site scripting (XSS) vulnerabilities affecting the forum software. “Within two hours, we had isolated the breach and banned the staff member’s account to prevent any further purusing of private data,” MyBB wrote in a blog post on Monday. MyBB pointed out that the staff member whose account had been compromised did not have access to the Admin Control Panel, so the hacker couldn’t have gained access to private user data. The developers say there is no evidence to suggest that other information has been compromised. The attacker changed the Twitter account’s password and email address to prevent MyBB staff from recovering it. The developers regained access to the profile after contacting Twitter, which locked out the hacker during its investigation. A few days ago, someone posted screenshots of what seemed to be the MyBB 2.0 GitHub repository on a forum. The poster offered to sell the MyBB 2.0 source code for an unspecified amount of Bitcoins. It appears that the staff member whose account was compromised used the same password for GitHub and he didn’t have two-factor authentication enabled. However, MyBB said the hacked GitHub account didn’t store anything of value. “The code the user had was simply the initial commit of Laravel into the repository, none of the actual 2.0 code was present,” MyBB noted. MyBB 2.0, a complete rewrite of the software, is currently under development and in pre-alpha. “At MyBB we have a strong commitment to security. All staff with ACP access use a secret PIN, a form of 2FA. We release patches to any serious issues usually within hours of them being reported. We have Two Factor Authentication enabled on our staff email accounts and Github, and are actively working on getting 2FA for our other development tools,” MyBB said. Sursa: securityweek.com
  17. dr.d3v1l

    pppoe

    ce pot face cu un account pppoe de la net ?
  18. Do you know that your Facebook account can be accessed by Facebook engineers and that too without entering your account credentials? Recent details provided by the social network giant show who can access your Facebook account and when. No doubt, Facebook and other big tech companies including Google, Apple and Yahoo! are trying to keep their data out of reach from law enforcement and spies agencies by adopting encrypted communication and end-to-end encryption solutions in near future, but right now they have access to your personal data, and at least few of their employees can access it with one click. Earlier this week, director at the record label Anjunabeats, Paavo Siljamäki, brought attention to this issue by posting a very interesting story on his Facebook wall. During his visit to Facebook office in LA, a Facebook engineer logged into his Facebook account after his permission, but the strange part — they did it without asking him for the password. ACCESS WITHOUT NOTIFICATION Facebook even didn’t notify Siljamäki that someone else accessed his private Facebook profile, as the company does when your Facebook account is accessed from any new device or from a different Geo-location. Siljamäki got in contact with Facebook in order to know how many of Facebook's staff have this kind of 'master' access to anyone's Facebook account and when exactly they can access users’ private data, and also, how would anyone know if his/her Facebook account has been accessed. When the social network giant asked about how the employee got access to user’s Facebook account without entering the account credentials, Facebook issued the following statement: WHO CAN ACCESS MY FACEBOOK ACCOUNT? The company didn’t explain exactly who can access what, but it assured its users that the accounts access is tiered and limited to specific job function. The access to accounts are granted to most employees in order to reply to a customer request for information or error report. In short, the social network giant has a customer service tool that can grant Facebook employees access to a user’s account. Facebook runs two separate monitoring systems that generate weekly reports on suspicious behavior which are then reviewed and analyses by two independent security teams, specifically a selected group of employees. Facebook gives a strict warning when hired employees to use this tool and fired any employee directly who abuse it. So, you need not to worry about Mark Zuckerberg accessing your account, unless you yourself ask Facebook for help with something and have given permission. Source
  19. by selecting the Continuous Backup mode in IDrive Classic you can keep information permanently synchronized to IDrive's servers. The way you budget also can affect the frequency and manner in which you access your account. While there are many that are still offering a free checking account, the services they provide are starting to be limited. Here is my site ... free brazzer accounts
  20. My working facebook account hacker blog: Hack facebook account password online De asemenea alt proiect Isis simulator preluat chiar de Pewdiepies :
  21. Account Hitman 1.33 este o aplicatie folosita pentru bruteforce,analog la Sentry MBA. Introduceti doar site-ul si parametrii de logare,restul ramane pe seama ei. Parola la arhiva "hh"
  22. We all know about Google Drive, the cloud storage and file backup service offered by Google. Everyone can get free 15 GB cloud storage on Google Drive at any time: just signup for a Google account (or login to your existing Google account), head over to the Google Drive page, and boom — you have your free 15 GB that never expires. For a limited time, however, you can get an additional (extra) 2 GB for your Google Drive account for life. Yes, that means you will have 17 GB on Google Drive that won’t ever expire. Get it now. Sale ends in 2 days 18 hrs 36 mins Link: Free lifetime 17 GB Google Drive cloud storage (100% discount)
  23. Social media platforms provide fertile ground for communication without borders, so there is actually no limitation as to the potential benefits that these platforms can offer to you. This is why so many Internet users have been registering for new accounts on Facebook, Twitter, Pinterest and Google+ on a daily basis, opening just another window of communication and online interaction with friends, relatives or even mere acquaintances and total strangers. Most people own more than a couple of accounts on social media sites and use them fairly regular (even every day, as we have mentioned above). They connect with others and share personal information, videos and pictures of them and their loved ones. They also share their thoughts and anything else worthy of attention. Due to the significant increase in the social media accounts and their gravity, there have been major incidents of hacking. This means that many social media accounts get hacked, and this is not a rare phenomenon to comment on. On the contrary, many people have to confront with such a negative consequence of the importance of social media nowadays; social media is an easy and simple way for hackers and other malicious intruders to have their way and penetrate the systems of many other people (the followers of the person whose account has been breached) at once. Let’s start by looking into the signs that reveal the hacking, in order for you to be on alert and know when something is wrong with your account. Signs of a Hacked Social Media Account Although it can be difficult to realize that your social media account has been compromised, there are definitely signs that should raise an eyebrow and motivate you to look deeper into the root of the problem. Some of the most frequent signs that reveal something is not great about your account include the following: You instantly observe likes and follows that you had nothing to do with You have your status updated, although you have not shared anything There is ad flood on your page (unusually extensive) You have trouble logging in Private messages are posted on your behalf Spam posts are posted on your behalf You have new friends that you do not recall adding Others inform you of sharing malicious content on your wall If you notice some of these signs, you had better check it out and not sit idly. It is more than likely that your account has been hacked and you need to act promptly and effectively. How do accounts get hacked? In order for you to know how to be safe on social media, you need to know where the threat lies. Indeed, hacking a social media account is a lot easier and simpler than you would have expected it to be. There are sophisticated menaces nowadays lurking in the dark and targeting Internet users, so as to penetrate their system and access their sensitive data. These are the major methods for hacking a social media account being used by cybercriminals: Password exposed Phishing Malware installed Sites being hacked Third-party apps or services breached As you can see, there are multiple routes to getting the desired effect and it is true that today the threats that appear online are far more advanced and sophisticated than a few years ago. So, your defensive line should be equally strong. Below, we are going to have a look at what you need to do if your social media account gets hacked. What to do if your social media account has been hacked Even if hacking has occurred, you should not panic. There are several steps that you can take in order for you terminate the threat and reset the protection layering on your computer. Just follow the guidelines being provided below in avoidance of any further damage. With dedicated work and attention, you will be able to regain your social media account and have nobody else threatening its integrity and uniqueness. Of course it is crucial that you change your password immediately and that you use a solid password that has never been used by you anywhere else. The common strategy of using the same password on all of your accounts (email, banking accounts and social media platforms) can be catastrophic! Delete the apps that appear on your social media account and that you know nothing about. If you have not installed anything, you do not need it on your account. Equally important for safe social media is to set the default email address of your accounts and check that it is available for you to reach. Make sure that your antivirus is up-to-date and schedule a thorough scan for any threats on your computer. If you use social media on multiple devices, have them all scanned. Report spam posts, as they can hide malware and other threats. If a friend of yours clicks on them he might get in trouble and have his account hacked, too. You cannot allow this vicious circle to go on indefinitely. Think twice before clicking on anything. New malware can crawl up to your account and therefore you need to be vigilant and eliminate such threats. Use secure platforms for paid messaging. It is imperative that you buy the ads that you want right from the platform and not have a third-party getting in the way. Last but not least, make sure that the online information of yours is safe. Do not reveal information that is linked to your account and do not expose too many details from your personal life online. How to prevent hacking on social media We have already outlined what needs to be done after having realized that your social media account has been breached. Nevertheless, it is essential that you know what you ought to do, in avoidance of repeating the same mistakes. You ought to enhance your security layering and allow nothing to penetrate the safety of your online navigation. There are some fundamental details that will make a huge difference for you, and that will offer great power and effectiveness against malware and other threats. First of all, you need to be cautious with your password. Besides choosing to use a solid password that is hard to guess, you need to be really scholastic about others knowing. Even if you use social media at work, you cannot risk having the password of yours in use when leaving your office. Always log out and be twice as scholastic with shared computers. Do not share your password with others, even with your best friend or your better half. This is private for a reason and you should never underestimate the risk that you take when letting someone else know your private information. Apart from that, you ought to introduce yourself to two-factor authentication. This is an extra weapon that you can use to enhance the protection offered to you via your password. With two-factor authentication, you eliminate the threat of someone else breaching your social media account (or any other account, apparently). There is another step that has to be followed and another piece of information for someone else to breach, prior to gaining access to your social media account. So, this is a great weapon that can be put into effect and act like an armor for you online. Bottom line Safer social media can be really hard to achieve, however, if you are concentrated on what you do and if you focus on the guidelines that we have provided, you will see that you can recover from a potential hacking of your social account without any delay or frustration. Of course, you can follow these simple guidelines even if you haven’t been hacked – prevention is better than the cure, right? Feel free to enhance your social media account protection right away. This will keep all dangers at bay and shield you against the malicious intent of others on the web. Remember that social media platforms can be truly helpful, provided that you know how to use them and what safety precautions you ought to take. Source
  24. Hackers are targeting Apple iCloud users with phishing messages designed to steal financial information. Sophos employee Paul Ducklin reported in a blog post that the messages are tailored to look like legitimate security alerts. 'Your account may have been compromised. Please cancel the following Order Number: WZEYMHCQVWZ20,' reads the bogus message. 'Within Apple Inc. latest security checks, we recently discovered that today there were incorrect login attempts to your account. For your account status to get back to normal, Go Here >> to complete the details.' The links in the message go to a page owned by the criminals, which requests the filling in of a 'cancellation form'. "The bogus payment cancellation form is hosted on what looks like a hacked home-user DSL connection in Canada," explained Ducklin. "The data submission form goes to a similar ‘server' hosted on a connection via a boutique ISP in Switzerland." Ducklin recommended a variety of protective measures to defend against phishing attacks of this kind. "Don't assume that crooks aren't interested in you. You may have the smallest, simplest web server in the world, but if there's a security hole, the crooks can use your server, and your URLs, as a staging post for their cyber crimes," he said. "Use two-factor authentication if you can. This relies on one-time log-in codes, so the crooks can't simply phish your password and use it over and over." Ducklin is one of many security professionals to call for wider use of two-factor authentication. Attackers are believed to have taken advantage of a lack of two-factor authentication to guess celebrities' iCloud passwords during a wave of high-profile incidents in 2014. Source
×
×
  • Create New...