ZNAK SAGITE — više od fantastike — edicija, časopis, knjižara...

хакован и беј

интерактивна мапа интернет напада...неодољиво подсећа на ратне игре

http://map.ipviking.com/

Auuu... Strava! Još da je Drecun komentator...

zanimljivo

Canon printer hacked to run Doom video game

Quote
A wireless Canon Pixma printer has been hacked to run classic video game Doom.


The hack was carried out by security researcher Michael Jordon, and it took four months to get the game running on the hardware.


He said he had undertaken the project to demonstrate the security problems surrounding devices that would form the "internet of things".


Canon said it planned to fix the loopholes on future printers to make them harder to subvert.


Control code

Like many modern printers, Canon's Pixma range can be accessed via the net, so owners can check the device's status. However, Mr Jordon found, Canon had done a poor job of securing this method of interrogating the device.


"The web interface has no user name or password on it," he said.


That meant anyone could look at the status of any device once they found it, he said. A check via the Shodan search engine suggests there are thousands of potentially vulnerable Pixma printers already discoverable online. There is no evidence that anyone is attacking printers via the route Mr Jordon found.


At first glance, the remote access feature did not look like a problem, until Mr Jordon realised it was possible to update the printer's controlling software, known as firmware, via the interface too.


Although the firmware was encrypted, research revealed it was possible to crack this protection system to reveal the core computer code. Reverse engineering the encryption system used by Canon also meant that if Mr Jordon wrote his own firmware the printer should accept it as authentic.


It was then Mr Jordon conceived the idea of getting the 1993 game running on the printer.


"Running Doom, that's real proof you control the thing," he told the BBC.


"The printer has a 32-bit Arm processor, 10 meg of memory and even the screen is the right size," said Mr Jordon. "I had all the bits, but it was a coding problem to get it all running together."


The biggest problem, he said, had been that the printer's firmware lacked functions provided by the operating system on any PC or other device it was running on. A version of Doom does exist that runs on Arm processors, but a lot of coding and experimentation was needed to convert this so it coped with the internal idiosyncrasies of the printer.


Writing code and getting it running sucked up months of Mr Jordon's spare time, and he finally got it to run two days before he was due to give a speech about the work at the UK's 44Con hacker conference.


"The colour palette is still not quite right," he said. "But it proves the point and it runs quite quickly, though it's not optimised."


Mr Jordon has no plans to fine tune the demonstration and do that optimisation or take on more work to get the game beyond its loading screen, given how much trouble it took to get it working at all.


"I'm so sick of it," he said. "I'm done."


On a blog entry about Mr Jordon's work, Canon said it intended "to provide a fix as quickly as is feasible".


This will involve adding a user name and password field to the web interface for future Pixma printers and issuing an update for existing owners to add the same feature.

An unfixable USB bug could lead to unstoppable malware

Quote
Once again USB has come up as a major threat to a vast number of users who use USB drives – including USB sticks and keyboards. Security researchers have released a bunch of hacking tools that can be used to convert USB drive into silent malware installer.
This vulnerability has come about to be known as "BadUSB", whose source code has been published by the researchers on the open source code hosting website Github, demanding manufacturers either to increase protection for USB flash drive firmware and fix the problem or leave hundreds of millions of users vulnerable to the attack.
It all comes down to the microcontroller firmware used by the Taiwanese firm Phison, one of the largest manufacturers in the world. The exploit gains control of this code to reprogram the USB controller and allow it to secretly interface with malware on a USB drive. For example, a flash drive could impersonate a keyboard and enter text on a computer without the user's knowledge. Because the compromised code is stored in the USB controller's memory, there is no way for a user to remove it.
Patching this hole would basically require a new security architecture that requires a manufacturer signature to alter the controller's code, but that's not the sort of thing that can work on existing devices — you have to replace them. That could mean a decade or more to transition fully to devices that aren't vulnerable to this exploit. Even Caudill and Wilson, who are confident in their decision to release the details, are not posting all the work they've done on the issue. A separate implementation of this exploit the pair are working on would use the USB controller to infect files with malware as they are copied from a USB drive. Things might get quite messy before they get better.

Ako imate DropBox nalog, možda će vas interesovati da znate da su podaci za skoro sedam miliona naloga kompromitovani i da je vreme da menjate pasvord:


http://www.ign.com/articles/2014/10/14/almost-7-million-dropbox-accounts-hacked-via-third-party-services

Interesantan i pomalo jeretički pogled na onlajn bezbednost:


Do we really need strong passwords?

најбољи (или најклул) хакови 2014. (виа даркридингс)

Quote
The Coolest Hacks Of 2014
TSA baggage scanners, evil USB sticks, and smart homes were among the targets in some of the most creative -- and yes, scary -- hacks this year by security researchers.
It's easy to forget some of the more innovative and eye-popping hacks by the good guys in 2014 amid the painful and unprecedented wave of cybercrime, cyber espionage, and cyber mayhem that the world has witnessed the past 12 months.

But the lessons learned from the epidemic of retailer hacks this year starting with Target, and the unprecedented destructive breach and doxing of Sony that to date has come as close to an international incident as any cyberattack, serve as a chilling reminder that any organization's computing infrastructure is breakable by bad hackers. And that raises the stakes in the race to find new security weaknesses before the bad guys do.

The epidemic of real-world breaches this year has lent some blatant and highly tangible credence to the dangers of malicious hacking that white hat hackers for years have been warning about and demonstrating in their own research.

So yes, our annual lighthearted look back at the year's coolest hacks by the good guys has a more profound feel to it now. Even so, kick back with some holiday cheer and have a look at some of the more memorable and creative hacks this year:

A weaponized PLC
Programmable logic controllers (PLCs), the systems that run machinery in power plants and manufacturing sites, are traditionally the target of attackers looking to disrupt or sabotage critical systems. But Digital Bond researcher Stephen Hilt earlier this year decided to rig a PLC with a low-cost hacking tool that would allow the system to shut down a process control network via a text message.

The so-called "PLCpwn" hacking tool cost Hilt about $400 and a couple of weeks to build, and lets an attacker bypass perimeter security and air gaps to wreak havoc on the plant floor. "It can cause a large disruption with a single text message," Hilt said. "It will sweep an entire subnet with STOP CPU," and is capable of data exfiltration and injection-style attacks, he said.

Hilt's weaponized PLC uses attack modules previously written by Digital Bond, and is based on a 5-volt Raspberry Pi board with DualComm Tap and a DroneCell card for communications.

Cheating TSA's carry-on baggage scanners
Turns out you can easily sneak a weapon or a banned substance past US airport security by exploiting "lame bugs" in a pervasive X-ray scanner for carryon baggage at TSA checkpoints.

That's how renowned researcher Billy Rios described the flaws in the Rapiscan 522 B x-ray system used by the TSA at some major airports. Rios and his colleague Terry McCorkle discovered some painfully wide open holes in the scanners, including user credentials stored in plain text, the outdated Windows 98 as the underling operating system, as well as a training feature for screeners that injects .bmp images of contraband, such as a gun or knife, into a passenger carry-on in order to test the screener's reaction during training sessions. The researchers say the weak logins could allow a bad guy to project phony images on the X-ray display.

They were able to easily bypass the login screen and see the stored user credentials sitting the database store. "These bugs are actually embarrassing. It was embarrassing to report them to DHS -- the ability to bypass the login screen. These are really lame bugs," Rios said.

Hacking satellite ground terminals by air, sea, land
Ruben Santamarta found critical design flaws in the firmware of popular satellite land equipment that could allow attackers to hijack and disrupt communications links to ships, airplanes, military operations, industrial facilities, and emergency services.

An attacker could install malicious firmware or even send an SMS text message to spoof communication to a ship, for example. Another even scarier possibility: he could wrest control over the Satellite Data Unit or SwiftBroadband Unit interface in the satellite terminals sitting on an airplane's in-flight WiFi network via its weak password reset feature, hardcoded credentials or the insecure protocols that support the so-called AVIATOR 700 satellite terminal, as well as compromise control of the satellite link communications channel used by the pilot.

"We're not crashing planes here," Santamarta said of the potential danger, but some of the vulnerabilities could pose a safety risk, he said.

In many cases the attacker would need physical access to the ground equipment, as well as knowledge of the firmware and its security weaknesses.

Smart home devices not so savvy
If an attacker has physical access to your Nest Learning Thermostat or your DropCam camera, bad things can happen easily -- and fast. Two groups of researchers this summer demonstrated the ease with which an attacker can turn the devices against their owners to spy on them, attack other devices on the network, or spoof their activities.

University of Central Florida researchers Grant Hernandez and Yier Jin and independent researcher Daniel Buentello showed at Black Hat USA how in less than 15 seconds a bad guy can rig a Nest with a micro USB cable and backdoor to spy on the owner, capture wireless credentials, as well as attack other home network devices. Another risk would be Nests backdoored and then returned to a store or resold on Craigslist to target a neighborhood, for example.

DropCam, the plug-and-play webcam-based video monitoring system used for watching over your house while on vacation or the on the kids at daycare, can be similarly abused. Synack researchers Patrick Wardle and Colby Moore at DEF CON this summer demonstrated holes in the WiFi security cameras, such as intercepting video and hot-miking audio for spying purposes. Wardle and Moore inserted a malware "implant" that can infect computers used to configure a DropCam camera.

"Don't trust a camera from strangers," Wardle said, a theme echoed by the Nest hackers on the potential for rigged smart thermostats.

Meanwhile, security researcher David Jacoby of Kaspersky Lab recently put his own smart home to the test. That's right -- he hacked his own home, specifically his smart TV, satellite receiver, DVD/Blu-ray player, network storage devices, and gaming consoles. "Before I started, I was pretty sure that my home was pretty secure. I mean, I've been working in the security industry for over 15 years, and I'm quite paranoid when it comes to such things as security patches," Jacoby wrote in a blog post on Dark Reading sharing his findings.

But Jacoby quickly found flaws in his network-attached storage systems, smart TV, and in his home router, including weak default passwords, incorrect permissions in configuration files, and plain text passwords. "The DSL router used to provide wireless Internet access for all other home devices contained several hidden dangerous features that could potentially provide the Internet service provider remote access to any device in my private network. The results were shocking, to say the least," Jacoby said.

Crashing the vehicle traffic control system
Outfitted with a backpack carrying his prototype access point to passively test access to the vehicle traffic control systems in major cities including Washington and New York, researcher Cesar Cerrudo was able to reach from a few hundred yards away traffic control equipment and access points supporting them.

Cerrudo found that hundreds of thousands of road traffic sensors and repeater equipment are at risk of attackers wreaking havoc that could result in traffic jams or even vehicle crashes. In his experiment, Cerrudo discovered the devices communicate traffic information in clear text and don't authenticate the data, opening the door for possible sabotage.

The Sensys Networks sensors he tested detect vehicles and use that data to determine the timing of traffic lights and for issuing electronic alerts of events on the highway. "You can sniff the wireless data, learn how the system was configured, how it was working, and then just launch an attack with fake data," Cerrudo said. The access point will accept the phony traffic data, but an attacker would need to know the where the AP, repeaters and sensors are located at an intersection he or she targets.

Sensys Networks recently updated its software, but Cerrudo said it's difficult to confirm whether the updates fix the security flaws because the nature of the patches wasn't public.

One bad-ass USB
Don't trust that USB stick. Researchers Karsten Nohl and Jakob Lell created "BadUSB," a weaponized USB stick that once plugged into a machine can wage attacks on the network. The pair basically reverse-engineered and retooled its firmware to become an attack tool that among other things steals information or installs malware.

An Android plugged into a computer could intercept all network traffic to and from that machine, for instance, and Nohl said there isn't much you can do to prevent BadUSB attacks. Anti-malware software only scans the data on an USB stick, not the firmware, for example, he noted.

BadUSB can't be cleaned up by reinstalling the operating system, and it can replace the computer's BIOS by posing as a keyboard and unlocking a hidden file on the stick.

A worm in your NAS
Jacob Holcomb this fall constructed a proof-of-concept, self-replicating worm that scans for vulnerable services running on network-attached storage devices and identifies the NAS device. If a NAS is vulnerable, the worm launches an exploit to take over the device and then spread to other NAS devices.

"I wanted to actually develop a POC myself and present it so people can understand the ramifications as my findings are being demonstrated and publicly disclosed, versus six months later when adversarial attackers are trying to exploit it for profit," Holcomb said.

Holcomb, a security analyst at Independent Security Evaluators, has been studying flaws in NAS devices for the past year or so, and the list of vulnerable products is a who's who of the storage market Seagate, D-Link, Lenovo, Buffalo, QNAP, Western Digital, Netgear, ZyXEL, Asustor, TRENDnet, HP, and Synology. "Pretty much everything we do relies on some form of backend storage for access," he said of the problem.

и најштетнији хакови 2014. (виа вајерд)

Quote
With each passing year, data breaches get bigger and more invasive. But 2014 saw a new twist to the breach phenomenon with the Sony hack. The attackers didn't just steal data, they scorched Sony's digital earth as they exited its networks, wiping data from servers and leaving administrators to clean up the mess and restore systems.
Digital destruction of this sort was first seen in Saudi Arabia and Iran when computers used in the oil industries were struck in 2012 with data- and system-destroying malware. The attack against Sony was different, however, in that gigabytes of sensitive Sony data were also released to the public, creating damage of a different sort—to the company's bottom line. Whether this sparks a new trend in corporate hacks remains to be seen. One thing is certain: next year will bring a new round of attacks.


Here's a look back at this year's top hacks—the biggest and the noisiest.


1. Sony Wins for Most Pwned Company
On November 24, workers at Sony Pictures Entertainment got a rude surprise when an image of a red skeleton suddenly invaded computers nationwide and announced that the company's secrets were about to be spilled. Yes, the company had been hacked yet again, in a breach that was so widespread administrators kicked workers off the network entirely, taking down email servers, VPN access and even the company WiFi as they attempted to root out the invaders and re-seize control.


News of what may turn out to be the biggest hack of the decade went public after a former worker posted an image of the ominous skeleton splash screen on Reddit, saying a former colleague at Sony had sent it to him. The group claiming responsibility for the breach—GoP, or Guardians of Peace—soon made good on its threat to spill, leaking more than 40 gigabytes of stolen data to the internet—including sensitive worker information such as medical data, salaries and performance reviews; celebrity film salaries and Social Security numbers; and full copies of several unreleased films. It's a hack that will continue to give long into the new year, since the hackers claim to have stolen more than 100 terabytes of data, including entire databases and email spools, but have so far released only a small fraction of this.


It's not the first time Sony has been hacked, of course. In 2011, members of Anonymous and LulzSec tore through the company's networks as part of a 50-day hacking spree targeting multiple victims. They launched the breach against Sony on its PlayStation Network, where they stole data pertaining to more than 75 million customers. A second breach at Sony Online Entertainment compromised an additional 25 million customers. Sony Pictures and Sony BMG were also struck.


2. Regin Reigns as Top Government Hack
Stuxnet and Flame are difficult kings to unseat. But Regin—the massive government spy machine responsible for invading the European Union, a Belgian telecom and a Belgian cryptographer—managed to do just that. Although the hacks were done in 2011 and 2013, the spy tool responsible for them was exposed only this year. Regin is more than a spy tool, though. It's a customizable platform capable of hijacking entire networks and infrastructures rather than just individual machines and has been around since at least 2008, possibly earlier. Built to remain stealth on systems for years, its most disturbing feature is a component designed to target GSM base stations in a way that could give the attackers control over a telecom's entire mobile network. It's believed to have been used by government spy agencies to hijack the mobile network in Afghanistan and other countries. Who's behind the tool? The UK spy agency, GCHQ, perhaps with help from the NSA, is believed to be its designer.


3. Home Depot
Continuing the wave of attacks that struck Target, Michael's and Neiman Marcus, Home Depot announced in September that it had suffered a breach that exposed some 56 million credit and debit cards of customers, a figure that surpassed last year's Target breach by more than 10 million. The attackers had been in the company's network since at least April, before the company discovered the breach five months later, and had gained entry following two previous, smaller breaches of the company's network. Security contractors had reportedly urged the company to activate an extra security measure that might have helped spot the malicious activity but failed to do so.


4. Live Nude Girls! Fappening Now!
In September, Hollywood It-girl Jennifer Lawrence inadvertently joined the growing pantheon of celebrities whose private parts were made public after hackers seized her nude selfies and posted them online. Lawrence was in good company. Hackers who frequented the 4chan forum released a cache of some 500 images—an event that came to be known as The Fappening—stolen from a reported 100 celebrity iCloud accounts. These included nude pics belonging to Kate Upton, Kaley Cuoco, Hayden Panetierre, and Kirsten Dunst. Speculation about how the photos were obtained focused on a flaw in iCloud, Apple's online backup service, that failed to limit the number of times someone can attempt to open an account with a password, making it possible for someone to brute-force their way in with repeated password guesses.


But Apple Chief Executive Tim Cook denied the brute force method and said the photos were stolen because hackers were able to correctly answer the security question celebrities set up for their iCloud accounts to reset their password or because celebrities were likely tricked into revealing their usernames and passwords in a phishing scam. Once in the accounts, the hackers were able to download the entire contents of the accounts to their own device.


In response, Apple tightened its iCloud account protections by setting up a system to send an email alert to users whenever someone tries to obtain the contents of their iCloud account from a new device. It also added two-factor authentication to its iCloud service.


But never fear. Even with Apple's fixes hackers will find other ways to feed their need for nude celebrity pics. Look for Fappening II coming to a theater soon.


5. Snappening Becomes the New Fappening
Just as the fracas over the Fappening was beginning to die down, a new online debacle took its place—this one involving the release of some 13 gigabytes of data, or 98,000 photos and videos belonging to users of Snapchat. The images were made available through the Pirate Bay file-sharing service after someone at 4chan discussed releasing them. The data belonged to Snapchat users who had saved their Snapchat session pics and videos through a third-party application called Snapsaved.com, undermining Snapchat's "instant delete" privacy feature.


6. TweetDeck Hacked—Panic (and Rickrolling) Ensues
What's worse than a Twitter feed flooded with promoted tweets you don't want to see? A Twitter feed laced with a worm. After an Austrian teen discovered a flaw in TweetDeck, Twitter's popular application for managing Twitter feeds, untold numbers of users began exploiting it to turn other Twitter accounts into their zombies. The vulnerability allowed anyone in a TweetDeck user's Twitter timeline to send JavaScript in a tweet to that user that would then execute arbitrary pop-up messages on the user's screen or cause their Twitter account to automatically re-Tweet messages of the attacker's choosing. Miscreants mostly used it for amusement, forcing accounts to distribute messages like "Yo!", "HACKED" and the RickRoll classic "NEVER GOING TO GIVE YOU UP, NEVER GOING TO LET YOU DOWN." The 19-year-old Austrian responsible for the melee discovered the flaw when he tried to send a ♥ symbol in a Tweet. In doing so, he found that he could send coded script in a tweet that would force other accounts to retweet his message automatically. The @NYTimes and @BBCBreaking were among some 30,000 Twitter feeds that inadvertently retweeted his message containing the heart symbol. The teen notified Twitter about the flaw, but before the company could patch it, other users were already exploiting it.


7. Bitcoins Hacked Bit by Bit
Let's call it the other Moore's Law. The more popular a new system becomes, the more likely it's going to get hacked. If digital currencies like Bitcoin didn't quite hit the mainstream as a monetary option this year, they certainly did as hacker targets. Several heists involving Bitcoin and other currencies surfaced as the value of the currencies rose. It began in part last February when the online drug emporium Silk Road 2.0, successor to the original Silk Road, was hacked and drained of all of its currency—an estimated 4,400 Bitcoins worth about $2.6 million. "I am sweating as I write this," Defcon, the site's administrator, wrote. "I must utter words all too familiar to this scarred community: We have been hacked. Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as 'transaction malleability' to repeatedly withdraw coins from our system until it was completely empty."


This wasn't the end of Bitcoin woes, however. The following month, news emerged of a global Bitcoin heist conducted through the Pony botnet. Using machines infected with the Pony virus, cybercriminals hijacked about 85 virtual wallets holding Bitcoin and other crypto currencies, making off with about $220,000 over five months.


The crimewave continued in March when Flexcoin, a Canada-based Bitcoin bank, announced it had been hit by hackers who siphoned 896 Bitcoins worth about $620,000 at the time. The heist crippled Flexcoin, which was forced to close down as a result. Numerous other crypto currency services were hit in a domino wave: the Bitcoin exchange Poloniex was hacked the same month, losing 76 Bitcoins worth about $50,000 at the time; CoinEX, too, was struck, losing all of the bitcoins in its possession. The wave of attacks raised suspicions about possible embezzlement, prompting a CoinEx representative to assure customers that the company's operators were not "doing a runner" and simply pretending to be hacked while absconding with their funds. In June, yet another crypto currency heist was exposed when Dell SecureWorks reported that Synology NAS storage units used for mining Dogecoin were being hijacked in an attack that netted the thieves $620,000 worth of the digital currency in two months. A few months later, SecureWorks reported another novel tactic in which the thieves used BGP hijacking techniques to redirect traffic from customers of at least 19 ISPs in order to seize temporary control of a group of Bitcoin miners.

Pošto ovo što želim na određeni način spada u hakeraj, zanima me sledeće: program ili način putem kog bih mogao skinuti dokument koji se "lista kao knjiga" na kompu. Ne daje mi ocije za skidanje niti snimanje a potreban mi je dokument radi preuzimanja određenih delova.
Ima li načina?
I ako uspem da svučem to čudo, kako da ga konvertujem u Word?

dok ne dođe neko stručan, ja obično krenem od samog tipa fajla pa po tome nađem program

dakle šta piše iza tačke, iza imena dokumenta

----.XXX

šta je xxx, pa ideš na google

''open XXX file''

eventualno, da guglaš

convert XXX to doc/rtf

doc i rtf su Word fajlovi

mogao bi biti neki program za čitanje stripova, ili sam ja bar koristio neki koji je listao strane

Ja pretpostavljam da je taj fajl u flešu?

Onda možda prvo ovaj plagin za Firefox koji može da ripuje fleš:

https://addons.mozilla.org/en-US/firefox/addon/download-flash-and-video/

A onda ovaj onlajn konverter:

http://www.flashprobe.com/

а ако је у случају нека врста заштите баш од покушаја копирања, увек можеш прибећи принт скрину као последњем решењу. јесте мало грубо и временски захтевно, али мени се у неколико ситуација показало корисно.

Meho, hvala ti, ovo tvoje radi, ali samo mi skine prvu stranicu... Nece ostalih 400.

Sasvim je moguće da moraš jednu po jednu. 

Isprobaj i ovo:
http://lifehacker.com/5498771/the-complete-guide-to-ripping-and-converting-flash-videos

http://www.orbitdownloader.com/Use-as-Flash-Video-Downloader.htm

ajd malo da iskrenem topik, imal kaki haker da objasni šta ovaj palamudi o Windowsu

Instead of the
deliberately low default value that the CPU automatically loads
into the hidden sections ofits segment register at every reversion to
Real Mode, programs could also set completely different values.
Every 386-AT goes into all four of the possible operating modes
with 100 lines of code-into Protected Modes with 32- or 16-bit
segment width, but also into Real Modes with the corresponding
segment width. As a result, the Real Mode with 32-bit segments
could produce the most compact and thereby fastest code by far,
although there is no mention in the data sheets and manuals ofits
being even a possibility, 22 to say nothing ofreal existing operating
systems ofthe 80386.
164
One hundred lines of Assembler, but only ofAssembler, solve
the problem ofa postmodern metaphysics. At the risk ofgoing crazy,
they lead through MS-DOS beyond MS-DOS. Along with the infamous sound barrier at which the operating memory in DOS remains
limited to a ridiculous mega-byte, all of the advantages for which
Windows is praised dwindle to nothing. In a drastic paradox, it is
precisely the most antiquated of all operating systems that provides
the trap door out of the operating system. Intel's built-in blockades-which engage immediately in more complex operating systems such as UNIX, and subsequently even pick out those hundred
program lines as illegal commands and refuse them-are powerless
against stupidity.

Be paranoid: 10 terrifying extreme hacks

Nisam znao za hakere - zagovornike morala:


http://www.b92.net/tehnopolis/internet.php?yyyy=2015&mm=07&nav_id=1017612



Hakovan sajt "Ešli Medison" - strepi 37 miliona preljubnika

Sajt "Ešli Medison", specijalizovan za "diskretno preljubništvo", hakovan je i moguće je da su kompromitovani podaci više od 37 miliona njegovih korisnika, piše "Tajm".

Kako bi to i Kevin Mitnik rekao, najbolje hakovanje ne zahteva nikakve posebne IT već samo dobre socijalne veštine:


Swindlers Target Older Women on Dating Websites

QuoteJanet N. Cook, a church secretary in the Tidewater, Va., area, had been a widow for a decade when she joined an Internet dating site and was quickly overcome by a rush of emails, phone calls and plans for a face-to-face visit.
"I'm not stupid, but I was totally naïve," said Ms. Cook, now 76, who was swept off her feet starting in July 2011 by attention from a man who called himself Kelvin Wells and described himself as a middle-aged German businessman looking for someone "confident" and "outspoken" to travel with him to places like Italy, his "dream destination."


But very soon he began describing various troubles, including being hospitalized in Ghana, where he had gone on business, and asking Ms. Cook to bail him out — again and again. In all, she sent him nearly $300,000, as he apparently followed a well-honed script that online criminals use to bilk members of dating sites out of tens of millions of dollars a year.


Many of those targeted are women, especially women in their 50s and 60s, often retired and living alone, who say that the email and phone wooing forms a bond that may not be physical but that is intense and enveloping. How many people are snared by Internet romance fraud is unclear, but between July 1 and Dec. 31, 2014, nearly 6,000 people registered complaints of such confidence fraud with losses of $82.3 million, according to the federal Internet Crime Complaint Center.
Older people are ideal targets because they often have accumulated savings over a lifetime, own their homes and are susceptible to being deceived by someone intent on fraud. Most victims say they are embarrassed to admit what happened, and they fear that revealing it will bring derision from their family and friends, who will question their judgment and even their ability to handle their own financial affairs.
"That would ruin my reputation in my community," said a woman from Pensacola, Fla., who spoke on condition of anonymity. She lost $292,000, she said, to a man she met online in late 2013, but she has kept it secret from her family and friends.
At first, Louise B. Brown, 68, a nurse in a pediatrician's office in Burlington, Vt., also hid the fact she had been defrauded online. She said she had tried several dating sites, including eHarmony.com, because, "After my husband died, I had no spouse to talk to."
Then in 2012, on Match.com, she met a man who called himself Thomas. He said he was a road contractor in Maine and was about to leave for a business venture in Malaysia.
"At first it made sense, but then he started asking me for money to cover expenses like work permits," she said. "Eventually, I sent $60,000." After she ran through her savings, her suitor urged her to accept illegally obtained money from his friends, then forward the money to him, she testified before Vermont lawmakers this year at a hearing on Internet dating fraud. It was not until her credit union alerted her that she learned that "Thomas" was a swindler. Advertisement
Continue reading the main story As a result of investigations into more than two dozen complaints by victims in the state, Vermont's Legislature is poised to pass a law requiring online dating sites to notify members quickly when there is suspicious activity on their accounts or when another member has been barred on suspicion of financial fraud.
Victims typically lose $40,000 to $100,000, said Wendy Morgan, chief of the Public Protection Division of the Vermont Attorney General's Office. The highest reported loss in the state was $213,000.
Swindlers can gain access to the lovelorn by hacking into a dormant dating profile and altering such information as age, gender and occupation, according to Vermont investigators. After contacting a possible victim, the swindler tries to avoid detection on the dating site by insisting that communications shift to email, telephone or instant message.
Typically, the Internet swindler says he speaks English because he has lived in Europe or the United States and is working as a contractor or builder in Malaysia or another country where he encounters trouble with local authorities. The website romancescams.org lists red flags to look for to identify such predators, who urgently appeal to victims for money to cover financial setbacks like unexpected fines, money lost to robbery or unpaid wages.
That is how Betty L. Davies, 62, of Conyers, Ga., lost a huge sum to a man who called himself Donald Leo Moore and claimed to be a chemical engineer working on a pipe refinery in Malaysia. Three weeks into a relationship that began in 2013, he told Ms. Davies that he had been robbed by a man on a bicycle and asked her to send him money.
"I debated for a long time, but I wanted to help him," she said. "Then his project had a problem, and he needed $20,000, and then immigration officials in Singapore stopped him on his way to visit me for Christmas, and he needed $30,000."
"He even sent me his flight itinerary to Atlanta for Christmas. I had bought him a sweater, but Christmas came and went," she said. Later, he threatened her with not returning any of her money if she did not send more.
Her reaction to losing almost $300,000 to the swindler: "I blame myself. I felt like jumping off a cliff."
Law enforcement authorities say the swindlers follow a similar pattern.
"They get the victim to trust them, then create a sense or urgency and prey on the trust they've created," said David Farquhar of the Federal Bureau of Investigation's financial crimes section. "These are threads in all confidence schemes," said Mr. Farquhar, who is the section's chief of the intellectual property and cyberenabled crimes.
Victims who are looking for romance but find online criminals instead should alert authorities, he said.
"It's imperative for someone who thinks they have been scammed to move quickly and notify the bank and law enforcement authorities," he said. Even so, he admitted, "The chances are not great of seeing that money again."
While some swindlers are local, others are part of international crime rings and are more difficult to track, although, Mr. Farquhar said, the F.B.I. has personnel in a number of countries, including Nigeria and Ghana, where Internet romance swindlers operate.


Despite warnings, the digital version of the romance con is now sufficiently widespread that AARP's Fraud Watch Network in June urged online dating sites to institute more safeguards to protect against such fraud. The safeguards it suggests include using computer algorithms to detect suspicious language patterns, searching for fake profiles, alerting members who have been in contact with someone using a fake profile and providing more education so members are aware of romance cons.
The AARP network recommends that from the beginning, dating site members use Google's "search by image" to see if the suitor's picture appears on other sites with different names. If an email from "a potential suitor seems suspicious, cut and paste it into Google and see if the words pop up on any romance scam sites," the network advised.
Like others who have been tricked by financial swindlers, Ms. Cook was won over by her suitor's constant attention. So when he said he was hospitalized in Ghana, she sent him money for medical and hospital bills and for medicine. As the sums mounted, she assured her bank that she knew Mr. Wells. After she exhausted her savings, she said, she contacted Match.com, where she and Mr. Wells had posted their profiles.
Match.com declined to make a company official available to discuss possible frauds. But Eva Ross, of DKC, Match.com's public relations agency, said the site asks users to pledge "never to send money or share financial information with other Match users" and "to report anyone who asks me for money or my financial information."
She said users can alert the site about suspicious activity with a "report a concern" button. She noted, however, that con artists "have the ability to hide or mask their I.P. addresses using various services and software available to hide their true location and bypass our security checks."
The lure of romance swindlers can be hard to resist, said Ms. Brown, in Vermont. "It makes me sound so stupid, but he would be calling me in the evening and at night. It felt so real. We had plans to go to the Bahamas and to Bermuda together.
"When I found out it was a scam, I felt so betrayed. I kept it secret from my family for two years, but it's an awful thing to carry around. But later I sent him a message and said I forgave him."

Ne da je ovo neko iznenađenje...
Almost None of the Women in the Ashley Madison Database Ever Used the Site

Još neiznenađujućih priča o Ešli Medison:



Ashley Madison Code Shows More Women, and More Bots

Russia's rise to cyberwar superpower

Quote
"The Russians are top notch."
Chris Finan is a former director of cybersecurity legislation in the Obama administration, an ex-director at DARPA for cyberwar research, and a former U.S. Air Force pilot and intelligence officer. When it comes to explaining Russia's place in the evolving world of cyberwar, he ranks the world's nations and firmly declares Russia's place in the top tier.
"They are some of the best in the world," Finan, now the CEO of the security firm Manifold Technology, says. "We're not talking North Korea or even China, who are really sloppy. The Russians are really good at covering their tracks."
Sometimes the best way to explain war is the language of sport. Cyberwar is no different. So we talk about who is best, worst, and most improved—everything short of handing out a trophy. We try to predict the future geopolitical games that seemed impossible yesterday and inevitable today.
In a flurry of action over the last decade, Russia has established itself as one of the world's great and most active cyber powers.
The focus this week is on the leak of nearly 20,000 emails from the Democratic National Committee. The culprit is alleged by many, including Democratic Party officials, to be Russia. The evidence—plainly not definitive but clearly substantial—has found support among a wide range of security professionals. The Russian link is further supported by U.S. intelligence officials, who reportedly have "high confidence" that Russia is behind the attack.


The blame and the proof for the DNC hack will be debated for weeks and months beyond. Attributing cyberattacks is notoriously difficult, doubly so when the adversary is among the best in the world.
"To definitively attribute the breach at the DNC to a Russian actor is next to impossible," Leo Taddeo, former special agent in charge of the FBI's NY cybercrime division and now the chief security officer of Cryptzone, explains. "Unless we have a window into their side, we'll probably never definitively attribute this to Russia."
Beyond the forensic evidence that points to Russia, however, is the specter of President Vladimir Putin. Feeling encircled by the West and its expanding NATO alliance, the Kremlin's expected modus operandi is to strike across borders with cyberwar and other means to send strong messages to other nations that are a real or perceived threat.
This is not unique to Russia. The United States is extremely active and effective in the cyberdomain. The Americans spend billions of dollars annually to launch hundreds of cyberattacks every year. Furthermore, Washington has a long history of interfering in foreign elections and politics. And U.S. actors are often the chief suspects in unrest when the evidence is less than clear.
The most poignant such episode began in 2011, when protesters took to the Moscow streets to speak against Russian elections they deemed flawed or fixed—elections that put Putin into his third term as Russian president. You didn't hear much about it in the American press, but Putin accused then-Secretary of State Hillary Clinton of giving "the signal" and trying to "set the tone" that led to the demonstrations—an open charge of American politicians interfering in Russian elections.
To understand Russia's decade-long rapid rise in cyberwar, you have to look at Russia's number one perceived enemy: The West's North Atlantic Treaty Organization alliance and its slow but steady creep eastward toward Moscow, the capital city that the NATO alliance was originally built to defeat.


Sixteen years can seem like an eternity when it comes to the international sport of war.
"Russia is part of the European culture," Putin said 2000, the year he rose to the presidency. "And I cannot imagine my own country in isolation from Europe and what we often call the civilized world. So it is hard to visualize NATO as an enemy."
The newly minted head of state sought "more profound integration" with NATO, he said, including the possibility of joining the alliance if Russia "is regarded as an equal partner."
Whatever warmth existed between Russia and NATO disintegrated over the next few years. The Western alliance took in a dozen new member states since the end of the Cold War, a move seen by Russian leadership as an openly broken promise meant to take advantage of Moscow's post-Soviet weakness.
Russia's western-facing cyberwar exploded onto the world stage a decade ago when, in 2007, it smashed neighboring Estonia's national internet during nights of deadly riots sparked by disputes over the country's Soviet-occupied history and a bronze statue in Tallinn, Estonia's capital, that embodied it.
This Russian cyberattack opened a new era in war. Estonia, one of the world's most connected countries, was hit with a hammer that cut down the websites and servers of the country's leading newspaper, banks, police, parliament, national ministries, and the national emergency number.
"Attacking us is one way of checking NATO's defenses," Ene Ergma, speaker of the Estonian parliament in 2007, said. "They could examine the alliance's readiness under the cover of the statue protest."
The answer to that check: The alliance was not ready.
In an attempt to fix that failure, Estonia is now home to the cyber defense headquarters of NATO.
Despite the cyber defense center's existence, however, there's little feeling or evidence the Western alliance has a coherent and effective strategy against aggressive action from their Russian rivals.
After a massive amount of behind-the-scenes work and very public diplomatic efforts, China and the U.S. seemed to reach a detente that cooled an ongoing cyberwar between the two great powers. No such success has visited American–Russian relations.
"What the president has been able to do to restrain Chinese behavior has been effective," Finan, who worked on cybersecurity in the Obama White House, says. "Hacking private companies has really dropped off. We haven't had that kind of progress with Russia. We don't have the same type of leverage with Russia, and we need their help elsewhere. But [the DNC hack] has raised the stakes."
A year after Estonia's networks buckled, Russia's growing hammer in cyberspace dropped on another neighbor and former Soviet Republic nation it deemed a threat: Georgia.
Georgia ended up in a full blown war with Russia in 2008. But before a single shot was fired, denial-of-service attacks and defacements against targets like the website of the Georgian president—he was compared to Adolf Hitler on his own Georgian websites when hackers took control—set the stage for the traditional war that would begin a month later. Dozens of Georgian government, finance, and communications websites went down in the lead up to kinetic fighting.


When the shooting war began, the cyberattacks continued, marking the first time in history that the two domains of warfare coincided. In contrast to the relatively small on-the-ground fighting, the Russian–Georgian War has been called "quite historic and precedent setting," as David Hollis wrote in the Small Wars Journal, because Russia attacked Georgia on four fronts: Land, air, sea, and cyberspace.
Georgia is no Estonia, however; it was and is not nearly as connected a nation, so the effects paled in comparison to even the relatively small and contained shooting war. But it mattered.
"As tanks and troops were crossing the border and bombers were flying sorties, Georgian citizens could not access web sites for information and instructions," journalist Jon Oltsik wrote on Networked World. "From a U.S. perspective, imagine a 9/11 or Hurricane Katrina event if citizens had no idea what to do, emergency responders couldn't communicate, and utilities were cut off in a 200 mile radius outside of the disaster zone. This is the risk."
The message became increasingly clear: Cyberwar is a ready and effective tool in Russia's growing arsenal.
Part of what makes it such a potent tool is, once again, that attribution is difficult. Does this or that attack originate within Russia? That's often tough to say, but, even when that much is definitive, there remains the trouble of sorting through all the different cyberspace movers and shakers in Russia.
Some of the 2008 cyberattacks against Georgia were linked to a Russian criminal gang known as the Russian Business Network, or RBN. Pinning down the extra level of control and coordination between the Kremlin and the criminals for each specific incident can be a titanic task.
In this particular war, however, the links shined brightly.
Hackers took out Georgian news and government websites exactly in locales where the Russian military attacked, cutting out a key communication mode between the Georgian state and citizens directly in the path of the fight.
"It created panic and confusion in the local populace, further hindering Georgian military response," Hollis, a veteran of the U.S. Defense Department's cyberspace efforts, wrote in his 2011 study on the war.
The intimacy between the Russian state, private industry, and criminal underworld is notorious in cyberspace and beyond, to the top levels of Russian government and private industry.
"There is no doubt Russia uses these criminal organizations to mask their state-sponsored intelligence and military operations," Leo Taddeo, the former special agent in charge of the FBI's New York cybercrime division, says. Taddeo began his career in the Bureau focused on Russian organized crime.
"The Russian science and math programs are very good," Finan says. "They also have a ton of organized criminal groups that are frankly very innovative in their methods. Sometimes the state will outsource their work there."
Taddeo is convinced that Putin's ultimate goal in his alleged hack of the DNC is to knock back against NATO, the U.S., and the West in general.
"Putin and his senior leadership believe the main threat to Russia is the perception of a slow but steady encirclement of Russia by the U.S. and NATO," Taddeo argues. "Throughout the Obama administration, we have moved closer to Russia with advanced missile defense systems and the expansion of NATO bases. As such, the main strategic objective for Putin is to disrupt the U.S./NATO advance to their borders. This can not be overstated."
In the last year alone, the effects of this apparent agenda have been felt strongly in countries nearest to Russia that are either already in NATO or who flirt heavily with the alliance. After NATO conducted a naval exercise from Finnish territory for the first time ever earlier this year, hackers knocked the Finnish Ministry of Defense's website offline. Germany accused Russia of a cyberattack against a steel mill that caused "massive" damage.
The steel mill attack stands as only the second known incident in which hackers have caused physical damage. The first is Stuxnet, the American–Israeli cyberattack against Iranian nuclear facilities in 2007 and 2008.
The French television network TV5 Monde was knocked off the air for 18 hours in April 2015. The website was replaced by jihadist propaganda, but French authorities insisted Russian state-sponsored hackers were behind the attack. More to the point, they accused a group called Fancy Bear that American security experts believe is behind this year's hack of the Democratic National Committee.
When a Dutch commission concluded a Russian weapon destroyed a Malaysian airliner over war-torn Ukraine, Russian hackers targeted the investigation from start to finish.
In late 2015, Ukraine itself was the target of hackers who took control of a western Ukrainian power grid that knocked out power substations and launched a blackout for 230,000 Ukrainians.
Coming amid an ongoing armed struggle in Eastern Ukraine that heavily and continuously involved Russian soldiers and weapons taking and holding formerly Ukrainian soil, it was little surprise when the finger was pointed from Kiev to Moscow.


German intelligence backs Ukraine's blaming of Russia, but, as always, definitive proof remains elusive.
A year prior, just days before a Ukrainian presidential election, self-avowed pro-Moscow hackers crippled the country's national election commission digitally. Software, hard drives, routers, and backups were decimated.
In the middle of not only a civil war and armed conflict with Russia but also a political drama about the future of Ukrainian democracy, the country's election authorities being hamstrung and unable to offer real-time results may have sparked doubts about the legitimacy of a vote that was putting a more pro-Western and anti-Russian government in office in Kiev.
Ukraine's government and military have been the target of numerous cyberattacks since war broke out, putting it squarely on the front line of a new, hybrid conflict with Moscow. And although NATO has spoken about giving resources and defense aid to Ukraine, the progress has been slow so far.
The Kremlin's response to these accusations echoed their answer to nearly every charge leveled at them in the last decade. It's "absurd," Kremlin spokesman Dmitry Peskov said.
"The campaigns being monitored by the BfV [Germany's domestic intelligence agency] are generally about obtaining information, that is spying," Hans-Georg Maaßen, who leads BfV, said this year. "However, Russian secret services have also shown a readiness to carry out sabotage."
"Cyber-attacks carried out by Russian secret services are part of multi-year international operations that are aimed at obtaining strategic information," Maaßen said, also earlier this year. "Some of these operations can be traced back as far as seven to 11 years."


It's called "gray zone" combat, because cyberwar is saturated by such a dense fog that clear understanding or response can feel out of reach.
"The biggest problem in cyber remains deterrence,"  Toomas Hendrik Ilves, the Estonian president, said earlier this year. "We have been talking about the need to deal with it within NATO for years now."
In June, just prior to WikiLeaks public release of emails stolen during the DNC hack, Ilves said his biggest fear was the escalation of cyberattacks. If the DNC proves to be Russian work—or, more likely, if no absolute proof is forthcoming, but the the evidence and context continues to point that way—it won't be the first time high-level American politicians were hit by Russian hackers.
In 2014, hackers breached the White House's unclassified servers and accessed some (but not all) emails from President Barack Obama to staffers. The State Department was also breached, though Secretary of Defense Ashton Carter said the breach there was also limited to unclassified computers. One U.S. official called their adversaries "one of the most sophisticated actors we've ever seen."


Despite the decade-long rise in Russian cyberwar, the DNC hack is seen by many in the West as a blatant escalation beyond what the Kremlin has done previously.
"Everyone steals secrets," American political scientist P.W. Singer says. "Everyone. The difference is the dumping of them in ways designed to influence elections of foreign powers. It's akin to Putin's personal rise, viewing the processes of democracy as merely something to manipulate, not institutions to respect."
Russian actions on the internet extend beyond traditional hacking. Singer points to the country's dynamic troll factory system that influences social media; the international propaganda system, centered around Russia Today, aimed at influencing news; efforts to influence European politics and Brexit; and an information war focused on the U.S. election that fuels extremist support of Donald Trump.
"They literally invented [information warfare]," Singer says of the Russians. "They also have set up a wide apparatus to support it, some 75 different organizations, ranging from university programs to military units, studying the issue and operationalizing. Finally, the willingness to look at democracy as merely something to be manipulated gives a wider scope of activity they can do."
With the DNC breach as the latest cherry on top of what seems to be an endless onslaught of headline-making hacks, the potential responses vary widely.
Financial sanctions are seen by many as the most effective immediate tool to fight Russian action. Singer suggests retaliatory data dumps targeting the bank accounts of Putin and Russian oligarchs.
Acting chair of the DNC Donna Brazile, Trump, and Putin himself take a different lesson: Just don't use email—it's horribly insecure. Plenty of security experts agree, though the ubiquity of the medium make it tough to get rid of.
"The DNC breach really hits home on the evolution of the data breach from a sort of petty crime or adolescent act of vandalism to a professionalized tool of global influence being deployed by state-sponsored organizations carefully executing these acts in order to influence national elections with international consequences," says Danny Rogers, CEO of the security firm Teribium Labs.
It's the result of these breaches that remains the biggest question mark for Rogers.
"It remains to be seen throughout the election season whether this action is effective," he says, "or if it's a desperate attempt where there aren't stronger levers to pull."

Mr Russian Robot!

Hackers Could Break Into Your Monitor To Spy on You and Manipulate Your Pixels

Quote
We think of our monitors as passive entities. The computer sends them data, and they somehow—magically?—turn it into pixels which make words and pictures.
But what if that wasn't the case? What if hackers could hijack our monitors and turn them against us?
As it turns out, that's possible. A group of researchers has found a way to hack directly into the tiny computer that controls your monitor without getting into your actual computer, and both see the pixels displayed on the monitor—effectively spying on you—and also manipulate the pixels to display different images.
"We can now hack the monitor and you shouldn't have blind trust in those pixels coming out of your monitor," Ang Cui, the lead researcher who come up with this ingenious hack, told me earlier this week.



Cui, the chief scientist at Red Balloon Security and a recent PhD graduate from Columbia University, presented his findings at the Def Con hacking conference in Las Vegas on Friday along with Jatin Kataria and other colleagues.
During a demo at the Red Balloon offices in New York City earlier this week, Cui and his colleagues showed me how the hack works. Essentially, if a hacker can get you to visit a malicious website or click on a phishing link, they can then target the monitor's embedded computer, specifically its firmware. This is the computer that controls the menu to change brightness and other simple settings on the monitor.
The hacker can then put an implant there programmed to wait for further instructions. Then, the way the hacker can communicate with the implant is rather shrewd. The implant can be programmed to wait for commands sent over by a blinking pixel, which could be included in any video or a website. Essentially, that pixel is uploading code to the monitor. At that point, the hacker can mess with your monitor.
In practice, Cui said this could be used to both spy on you, but also show you stuff that's actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency.



"Can I get you to shut down the power plant?" Cui asked rhetorically, with a sly smile. "I can do that."
The researchers warn that this is an issue that could potentially affect one billion monitors, given that the most common brands all have processors that are vulnerable.
"If you have a monitor, chances are your monitor is affected," Cui, who last year showed how to turn printers into bugging devices, told me.
The attack, however, has a downside, images are slow to load, so it's perhaps not the most effective way to manipulate things quickly on the victim's computer. But that wouldn't be an issue if hackers are targeting industrial control systems monitors, whose displays are mostly static.
For Cui, in any case, the point of the research is to show that this is possible, and that we shouldn't consider monitors as untouchable, unhackable things.
"We now live in a world where you can't trust your monitor," Cui concluded.               

Hackers claim to be selling NSA cyberweapons in online auction

Ishakerisaše mi nalog na akademskoj mreži

Poslato hiljade mejlova sa mog naloga, 6150 poruka sam dobio da nije moguće uspostaviti vezu sa primaocem, ko zna koliko ih je isporučeno. Sve to za otprilike 24 sata, pre nego je admin primetio da se nešto čudno događa i promenio šifru.

Dakle, pažljivo, i povremeno menjajte šifru.

Uf, bedak... Meni su zimus to uradili sa skajpom mada nisu naneli MNOGO štete...

Inače, generalni savet ljudi koji se bave kiberbezbednošću je da se pasvordi ne menjaju povremeno jer je to manje sigurnije nego da se koristi jedan ozbijan pasvord sve vreme. Logika je da kad menjaš pasvorde na par meseci, imaš tendenciju da koristiš reči koje se mogu upamtiti a one se komparativno lako brutforsuju. Pravi način je korišćenje pasvorda poput UjjZce4%&nz/=5464.

u sobu 101 s njim! 

Quote
Romanian hacker who targeted Clinton, Bushes, sentenced to four years

The notorious criminal known as "Guccifer" is believed to have over 100 victims, including many prominent politicians. The hacker pled guilty to charges such as aggravated identity theft after extradition from Romania.

http://m.dw.com/en/romanian-hacker-who-targeted-clinton-bushes-sentenced-to-four-years/a-19521654

Quote from: Meho Krljic on 20-08-2016, 06:55:10
Uf, bedak... Meni su zimus to uradili sa skajpom mada nisu naneli MNOGO štete...

Inače, generalni savet ljudi koji se bave kiberbezbednošću je da se pasvordi ne menjaju povremeno jer je to manje sigurnije nego da se koristi jedan ozbijan pasvord sve vreme. Logika je da kad menjaš pasvorde na par meseci, imaš tendenciju da koristiš reči koje se mogu upamtiti a one se komparativno lako brutforsuju. Pravi način je korišćenje pasvorda poput UjjZce4%&nz/=5464.

Svojevremeno mi je jedan domaći "haker" objasnio kako to radi. Kaže da mnogo gledamo filmove. Nema šanse da se iščešlja bilo koja šifra jer većina sistema ne dopušta veliki broj pokušaja. On je, npr, devedesetih imao back door za eunet i za još jedan valjda bits.net... on jednostavno presreće sve što ti kucaš i šalješ na internet i ne zanima ga koliko je šifra komplikovana. Kakva god da je on je dobija na tacni. Sva borba oko hakovanja je veština ubacivanje trojanaca i takvih stvari koje mogu da "uhvate" potrebne podatke. Kaže čovek: Nit treba da menjaš šifru nit da je praviš preterano komplikovanom, niko ti preko toga neće ući u provaliti u računar..

Ali zapravo, najveća većina hakovanja nije ubacivanje keyloggera (taj program koj snima šta kucaš) ili inih trojanaca/ malwarea, već se mnogo više oslanja na "social engineering" - na primer činjenicu da ljudi radije koriste jednostavniju šifru koja može da se zapamti (na primer svoj datum rođenja ili ime svog deteta, ili reč iz rečnika) i da će je ponavljati na više mesta. Offline krekovanje takvih pasvorda je odavno zamenilo pokušaje da direktno nekom upadneš u nalog, pa se tu prevazilazi problem sa ograničenim brojem pokušaja. Mnogo je manji broj hakera koji će uspešno da ti na kompjuter instaliraju keylogger nego skript kidija koji prebiraju po onlajn bazama koristeći skripte koje su pazarili od nekog.

al zato valjda imamo https://lastpass.com/ ?

Ili samo spojimo imena svojih omiljenih sedam superheroja u jedno i to koristimo kao password na svim sajtovima?

U.S. developers have the numbers, but China and Russia have the skills

Quote
While the United States and India may have lots of programmers, China and Russia have the most talented developers according to a study by HackerRank, which administers coding tests to developers worldwide.



The study looked at the results of 1.4 million of HackerRank's coding test submissions, called "challenges," during the last few years. "According to our data, China and Russia score as the most talented developers. Chinese programmers outscore all other countries in mathematics, functional programming, and data structures challenges, while Russians dominate in algorithms, the most popular and most competitive arena," said Ritika Trikha, a blogger at HackerRank.
The United States and India provide the majority of competitors on HackerRank but only manage to rank 28th and 31st, respectively. "If we held a hacking Olympics today, our data suggests that China would win the gold, Russia would take home a silver, and Poland would nab the bronze," Trikha said. "Though they certainly deserve credit for making a showing, the United States and India have some work ahead of them before they make it into the top 25."
HackerRank's coding challenges cover aspects of computing ranging from languages to algorithms, security and distributed systems. Developers are scored based on a combination of accuracy and speed. The algorithms category has nearly 40 percent of developers competing, featuring tests on sorting data, dynamic programming, keyword searches and other logic-based tasks. Following algorithms were Java and data structure tests, with 10 percent of developers participating. Distributed systems and security were the least popular tests, although thousands still took them.   To determine which nation had the highest-scoring programmers, HackerRank looked at each country's average score across domains. Data was restricted to the top 50 countries with the most developers on HackerRank. Following China and Russia with the top developers were Poland, Switzerland, Hungary, Japan, Taiwan, France, Czech Republic, and Italy.
"Since China scored the highest, Chinese developers sit at the top of the list with a score of 100," Trikha said. The 100 score does not mean Chinese developer had a perfect score on the tests but represents the country's being first in the rankings. "But China only won by a hair. Russia scored 99.9 out of 100, while Poland and Switzerland round out the top rankings with scores near 98. Pakistan scores only 57.4 out of 100 on the index, (ranking 50th)."
Poland was tops in Java testing, France led in C++, Hong Kong in Python, Japan in artificial intelligence, and Switzerland in databases. Ukrainian programmers led in security, while Finland was top in Ruby coding challenges.

Мехо, награбусио си

Na poznatoj porno stranici hakovano 800.000 profila

http://rs.n1info.com/a191039/Sci-Tech/Na-poznatoj-porno-stranici-hakovano-800.000-profila.html

Nemam ja profil na Brazzersovim sajtovima, suviše sam lenj da ga otvorim 

Има ли ово смисла и смије ли ко да проба

Would you like to know if your account has been hacked?

https://haveibeenpwned.com

Ne znam da li ima smisla, ja sam probala sa dva naloga i jedan jeste jedan nije.

Сад пробао, мени је ок

Quote from: Pizzobatto on 24-09-2016, 21:08:01
Сад пробао, мени је ок

Aha, dobro, e onda očekuj za koji dan da ti spam folder u mailu bude pun kojekakvih ponuda vrućih dama i tako to. Taj sajt je navlaka...

Ne bi trebalo da je navlaka

https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F

За сада немам проблем, али исто сам помислио да ће да ме нафилују смећем

Ništa više od uobičajenog đubreta mi nije stiglo - i da, reče mi da sam okay, barem baš taj, moj mejlbox.

Your home's online gadgets could be hacked by ultrasound

Quote
This may have happened to you. You idly browse a pair of shoes online one morning, and for the rest of the week, those shoes follow you across the Internet, appearing in adverts across the websites you visit.
But what if those ads could pop out of your browser and hound you across different devices? This is the power of ultrasound technology, says Vasilios Mavroudis at University College London – and it offers a whole new way in for hacking attacks and privacy invasions. He and his colleagues will spell out their concerns at next week's Black Hat cybersecurity conference in London.
   So far, this kind of ultrasound technology has mainly been used as a way for marketers and advertisers to identify and track people exposed to their messages, like a cross-device cookie. High-frequency audio "beacons" are embedded into TV commercials or browser ads. These sounds, which are inaudible to the human ear, can be picked up by any nearby device that has a microphone and can then activate certain functions on that device. But the technology has many more applications. Some shopping reward apps, such as Shopkick, already use it to let retailers push department or aisle-specific ads and promotions to customers' phones as they shop.
"It doesn't require any special technology," Mavroudis says. "If you're a supermarket, all you need are regular speakers."
Who is listening? But the technology has been identified as a privacy risk. In March, the US Federal Trade Commission (FTC) rapped the knuckles of 12 app developers who used ultrasound for cross-device tracking – even when the apps weren't turned on. This means that the apps could collect information about users without their awareness.
The software developer providing this code quickly withdrew it, but an FTC spokesperson says that the commission continues to be interested in cross-device tracking: "We're continuing to look at the ways that can be achieved."
And this is just one of the problems Mavroudis and his colleagues discovered when examining the vulnerabilities of ultrasound-based technologies.
One worry is that these programs may not just be picking up ultrasound. "Any app that wants to use ultrasound needs access to the full range of the microphone," says Mavroudis. That means it would be possible, in theory, for the app to spy on your conversation.
The ultrasonic audio beacons that these apps pick up can also be imitated. This means that hackers could create fake beacons to send unwanted or malicious messages to your device, like malware. Mavroudis and his team realised that this would be possible when they found evidence of people trying to cheat a shopping rewards app by recording the 'silent' beacons (or just downloading recordings from the Internet) and then playing them to the app to supercharge their reward points. "That was when we realised how easy it would be to spoof these," he says.
Home invasion Mavroudis says that these vulnerabilities do not affect many people yet, as ultrasound apps are still niche. But the simplicity of ultrasound could make it an attractive technology for use in applications across the Internet of Things (IoT), says Mu Mu, a lecturer at the University of Northampton, UK.
As more IoT devices become connected and interlinked, they could overwhelm a home's Wi-Fi channel, and different technologies will need to step in. Ultrasound is a good candidate for pairing home-connected devices that have a speaker and microphone. For example,Google's Chromecast app uses ultrasound to pair your mobile phone with its streaming dongle.
This creates a potential new channel for hacking attacks. Ultrasound can't carry a lot of data, says Mu. "But if you know what you're doing, just by sending a few bytes, you can hack a system and instruct it to do a lot of things. It doesn't always take a lot of data to make something bad happen."
Before ultrasound goes mainstream, Mavroudis says that it's time to work out how to regulate it and keep it from being hijacked for malicious purposes. "Ultrasound beacons don't have specs yet," he says. "There are no rules about how to build or connect ultrasound beacons. This is kind of a grey area where no one wants to take responsibility."
He and his co-authors are agitating for standards similar to those that exist for Bluetooth. But that will take a while, so they have also developed countermeasures you can use in the meantime. The first is an ultrasound-filtering browser extension for Google Chrome that blocks any website-embedded beacons from sounding. The second is a patch for Android devices that means users have to opt in to pick up ultrasound beacons and audible sound separately when they give an app permission to use their microphone.
"It's going to get worse unless we fix it," says Mavroudis.

A Lithuanian phisher tricked two big US tech companies into wiring him $100 million

Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election

у ово изнад је јако тешко поверовати

Amerikanci u to veruju, a čini mi se da sad kad to javlja i Intercept, u to počinju da veruju i oni inače neskloni verovanju... Putin reče da to nema veze s mozgom pre neki dan ali naravno da tu ima raznih slojeva psihološkog rata 

мехо, НСА прислушкује, посматра и прати буквално цео свет - цео свет(!)...а нса је само орган унутрашње сигурности, не спољашњег деловања. врста опреме, обучености и организације је 50 година испред остатка света (изузећу кину, пошто само бог зна шта се тамо дешава, ипак, званично, кинези имају најбржи (познати) суперкомпјутер на свету)...а интерсепт, уз све друге мање-више интересантне погледе, никада до сада није показао ни мрву различитог става према русији од класичне хладноратовске пропаганде.