Код в мешке
249 subscribers
9.08K photos
1.6K videos
2.11K files
42.7K links
Код в мешке - про кодинг, и не только...
Это личная записная книжка

https://t.me/joinchat/AAAAAEIy6oGlr8oxqTMS5w
Download Telegram
Forwarded from TechToday News
#Cryptocurrency #report

How I Snatched 153,037 ETH After A Bad Tinder Date

Over the weekend, I did a lot of swiping right. I’ve never had a Tinder go this fast from match to agreeing on a date time this fast before. I was thrilled! On the following Friday we went out. The evening started nice, but he got creepier and creepier by the hour. A few hours in, he’s a full-on creep. I had to bolt. Not a big deal — I prefer a night tracing scam ICO’s transactions anyway.

https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7

The Parity Wallet Hack Explained :

https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7

the attacker’s account :
https://etherscan.io/address/0xb3764761e297d6f121e79c32a65829cd1ddb4d32
Forwarded from TechToday News
#WikiLeaks #Security #Network #Report

Spy Files Russia

This publication continues WikiLeaks' Spy Files series with releases about surveillance contractors in Russia.

While the surveillance of communication traffic is a global phenomena, the legal and technological framework of its operation is different for each country. Russia's laws - especially the new Yarovaya Law - make literally no distinction between Lawful Interception and mass surveillance by state intelligence authorities (SIAs) without court orders. Russian communication providers are required by Russian law to install the so-called SORM ( Система Оперативно-Розыскных Мероприятий) components for surveillance provided by the FSB at their own expense. The SORM infrastructure is developed and deployed in Russia with close cooperation between the FSB, the Interior Ministry of Russia and Russian surveillance contractors.

PETER-SERVICE

Today, September 19th 2017, WikiLeaks starts publishing the series "Spy Files Russia" with documents from the Russian company Петер-Сервис (PETER-SERVICE). This release includes 209 documents (34 base documents in different versions) dated between 2007 and 2015.

PETER-SERVICE was founded 1992 in St. Petersburg as a provider for billing solutions and soon became the major supplier of software for the mobile telecommunications industry in Russia. Today it has more than 1000 employees in different locations in Russia, and offices in major cities in Russia and Ukraine. The technologies developed and deployed by PETER-SERVICE today go far beyond the classical billing process and extend into the realms of surveillance and control. Although compliance to the strict surveillance laws is mandatory in Russia, rather than being forced to comply PETER-SERVICE appears to be quite actively pursuing partnership and commercial opportunities with the state intelligence apparatus.

As a matter of fact PETER-SERVICE is uniquely placed as a surveillance partner due to the remarkable visibility their products provide into the data of Russian subscribers of mobile operators, which expose to PETER-SERVICE valuable metadata, including phone and message records, device identifiers (IMEI, MAC addresses), network identifiers (IP addresses), cell tower information and much more. This enriched and aggregated metadata is of course of interest to Russian authorities, whose access became a core component of the system architecture.

https://wikileaks.org/spyfiles/russia/
Forwarded from TechToday News
#Hack #Security #Report

773M Password ‘Megabreach’ is Years Old

As we can see above, Collection # 1 offered by this seller is indeed 87GB in size. He also advertises a Telegram username where he can be reached — “Sanixer.” So, naturally, KrebsOnSecurity contacted Sanixer via Telegram to find out more about the origins of Collection # 1, which he is presently selling for the bargain price of just $45.

https://krebsonsecurity.com/2019/01/773m-password-megabreach-is-years-old/

https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/
Forwarded from TechToday News
#Vulnerability #Microsoft #Apple #iOS #MacOS #report

Abusing RFC-1342 to spoof email addresses: Most mail clients are vulnerable!

TL;DR: Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents (MTA) aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC (DKIM/SPF) or spam filters.

Bugs were found in over 30 applications, including prominent ones like Apple Mail (macOS, iOS and watchOS), Mozilla Thunderbird, various Microsoft email clients, Yahoo! Mail, ProtonMail and others.

In addition to the spoofing vulnerability, some of the tested applications also proved to be vulnerable to XSS and code injection attacks.

https://www.mailsploit.com/index

https://docs.google.com/spreadsheets/d/1jkb_ZybbAoUA43K902lL-sB7c1HMQ78-fhQ8nowJCQk
Forwarded from TechToday News
#Vulnerability #Report

Protonmail XSS — Stored

It’s Series of Vulnerability which i found in the Protonmail Web app and also IOS app, and only publishing two now related to Protonmail.

https://medium.com/@ChandSingh/protonmail-xss-stored-b733031ac3b5
Forwarded from TechToday News
#Vulnerability #Microsoft #Report

PoC Code Available for Microsoft Edge Remote Code Execution Bug

The flurry of security bugs Microsoft addressed with this month's rollout of updates includes a remote code execution vulnerability in Edge web browser. The glitch relies on abusing URI schemes and scripts in Windows that can run with user-defined parameters.

https://www.bleepingcomputer.com/news/security/poc-code-available-for-microsoft-edge-remote-code-execution-bug/

https://xakep.ru/2018/10/12/edge-rce/

https://leucosite.com/Microsoft-Edge-RCE/

Multiple vulnerabilities in Microsoft Edge:
CVE-2018-8473
CVE-2018-8509
CVE-2018-8512
CVE-2018-8530
CVE-2018-8503
CVE-2018-8505
CVE-2018-8510
CVE-2018-8511
CVE-2018-8513
https://www.cybersecurity-help.cz/vdb/SB2018100916
Forwarded from TechToday News
#Vulnerability #Google #Linux #Windows #MacOS #Report

Multiple vulnerabilities in Google Chrome

Severity: High
Patch available: YES
Number of vulnerabilities: 35

The Chrome team is delighted to announce the promotion of Chrome 71 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.
Chrome 71.0.3578.80 contains a number of fixes and improvements -- a list of changes is available in the log.

https://www.cybersecurity-help.cz/vdb/SB2018120506

https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
Forwarded from TechToday News
#Hack #Security #Router #Report

EternalSilence: Why your router may be at risk from this NSA tool

Do you trust your router to keep you safe from hackers and spies? You may want to take another look just to make sure.

Akamai recently discovered a malware campaign that has already compromised over 45,113 home and office routers. This was done using a tool based on the United States of America’s NSA hacking tools which were leaked online in 2017. To explain how hackers use this tool to turn your router into a proxy server, we first have to understand how UPnP works.

https://www.securityartwork.es/2019/01/14/eternalsilence-why-your-router-may-be-at-risk-from-this-nsa-tool/
Forwarded from TechToday News
#Report

Russia plans to 'unplug' from internet

Russia is planning to briefly disconnect from the internet as part of planning for a future cyber-war.

The test will mean data passing between Russian citizens and organisations stays inside the nation rather than being routed internationally.

A law mandating technical changes needed to operate independently was introduced to Russia's parliament last year.

The test is due to happen before 1 April but no exact date has been set.

https://www.bbc.com/news/technology-47198426

https://www.zdnet.com/article/russia-to-disconnect-from-the-internet-as-part-of-a-planned-test/