The good people from Barracuda Labs were kind enough to share a PCAP file from the PHP.net compromize on their blog. I decided to have a closer look at that PCAP file to see what can be extracted from it. Since the PCAP contains Windows malware I played safe and did all the analysis on a Linux machine with no Internet connectivity. » Erik Hjelmvik | netresec.com
Feel like someone is snooping on you? Browse anonymously anywhere you go with the Onion Pi Tor proxy. This is fun weekend project that uses a Raspberry Pi, a USB WiFi adapter and Ethernet cable to create a small, low-power and portable privacy Pi. Using it is easy-as-pie. First, plug the Ethernet cable into any Internet provider in your home, work, hotel or conference/event. Next, power up the Pi with the micro USB cable to your laptop or to the wall adapter. The Pi will boot up and create a new secure wireless access point called Onion Pi. Connecting to that access point will automatically route any web browsing from your computer through the anonymizing Tor network. ...
FreeNAS es un sistema operativo basado en FreeBSD pero orientado a servicios de almacenamiento en red. NAS corresponde a las siglas de ”almacenamiento conectado en red”. FreeNAS y su fork Nas4Free son gratuitos, Nas4Free es open-source basado en licencia BSD. Estos sistemas operativos permiten crear un servidor doméstico muy potente con multitud de opciones de configuración como por ejemplo administración de decenas de usuarios con los permisos adecuados, crear unidades RAID para hacer copias de seguridad redundantes o aumentar el rendimiento del sistema. ...
El bicho explotaba vulnerabilidades en distintos servicios, como un fallo en el modo debug de sendmail, un buffer overflow en fingerd y una incorrecta configuración del rsh/rexec que permitía saltar entre equipos sin validación. Además de los clásicos usuarios y contraseñas débiles. » Alejandro Ramos | securitybydefault.com
shuttle es una herramienta que nos permite redirigir todo el tráfico a través de una conexión SSH, incluyendo las peticiones DNS. Está disponible tanto en los repositorios como en GitHub. Su uso es sencillo. Para establecer la conexión: $ sshuttle --D --pidfile=/tmp/sshuttle.pid -r user@server:1234 --dns 0/0 Para terminarla: $ kill $(cat /tmp/sshuttle.pid)
So you learned the base id, class, and descendant selectors – and then called it a day? If so, you’re missing out on an enormous level of flexibility. While many of the selectors mentioned in this article are part of the CSS3 spec, and are, consequently, only available in modern browsers, you owe it to yourself to commit these to memory. » Jeffrey Way | tutsplus.com
Si al ejecutar pip, nos aparece el siguiente error: $ pip Traceback (most recent call last): File "/usr/local/bin/pip", line 5, in from pkg_resources import load_entry_point File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2707, in working_set.require(__requires__) File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 686, in require needed = self.resolve(parse_requirements(requirements)) File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 584, in resolve raise DistributionNotFound(req) pkg_resources.DistributionNotFound: pip==1.1 puede ser debido a que es necesario actualizar el propio pip: $ sudo easy_install --upgrade pip Searching for pip Reading http://pypi.python.org/simple/pip/ Best match: pip 1.4 Downloading https://pypi.python.org/packages/source/p/pip/pip-1.4.tar.gz#md5=ca790be30004937987767eac42cfa44a Processing pip-1.4.tar.gz Running pip-1.4/setup.py -q bdist_egg --dist-dir /tmp/easy_install-XSmFvr/pip-1.4/egg-dist-tmp-jmeGZW warning: no files found matching '*.html' under directory 'docs' warning: no previously-included files matching '*.rst' found under directory 'docs/_build' no previously-included directories found matching 'docs/_build/_sources' Adding pip 1.4 to easy-install.pth file Installing pip script to /usr/local/bin Installing pip-2.7 script to /usr/local/bin Installed /usr/local/lib/python2.7/dist-packages/pip-1.4-py2.7.egg Processing dependencies for pip Finished processing dependencies for pip Comprobamos que se ha solucionado: ...
Un tema hijo en WordPress es un tema que hereda la funcionalidad de otro, el tema padre, permitiendo modificar el estilo o añadir funcionalidades a éste. Es la forma más sencilla y segura de modificar un tema existente, ya sean cambios grandes o pequeños. Si utilizamos un tema de otros, ya sea gratuito o de pago, crear un tema hijo es una buena idea. ¿Por qué crear un tema hijo? Porqué en algún momento cambiaremos algo del tema que estamos usando, y en algún momento posterior es posible que haya una actualización de dicho tema. En el mejor de los casos, nos deberemos preocupar de guardar los cambios que hemos hecho en el tema y aplicarlos de nuevo tras la actualización. En el peor, perderemos los cambios que hemos hecho. ...
Computers have come a long way since the early days, when two of the machines could take over a four-story building and weigh up to 250 tons. As early as the 1930s, inventors, engineers and physicists were figuring out ways to use machines to perform complex calculations and processes, employing pioneering methods to achieve their goals. Although some of those techniques and devices are now blissfully obsolete, many early innovators hit upon technologies that are still in use today. These 10 colossal old computers are a testament to the alluring potential of computing and the ingenuity of early computer scientists – as well as a visual demonstration of just how far we’ve come. ...
The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: ”Donut” ), could affect any Android phone released in the last 4 years1 – or nearly 900 million devices2– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet. ...