yesterday evening while I was planning my roadtripping from Washington DC to Davis (CA), I found this interesting Google bug (?)
Well.... What button should I click to send the link to my friend ?
Hi Folks,
yesterday evening while I was planning my roadtripping from Washington DC to Davis (CA), I found this interesting Google bug (?)
Well.... What button should I click to send the link to my friend ?
yesterday evening while I was planning my roadtripping from Washington DC to Davis (CA), I found this interesting Google bug (?)
Well.... What button should I click to send the link to my friend ?
Today and tomorrow I'm involved in NIST Workshop on a Common Data Format for Electronic Voting System
The goal of this two-day workshop is to identify and agree upon a set of requirements for a common data format for voting systems. While there have been many calls for a common data format for voting systems, there is little consensus on the requirements for this format or what it is to accomplish. Possible goals for a common data format include interoperability of different equipment, auditability, transparency, publishing (communication with consumers of election data, such as media outlets), integration between polls and registration, transition to electronic record-keeping, or the ability just to "get the data out" by any means possible. Stakeholders include manufacturers, election officials, the EAC, consumers of election data, voters, organizations with existing data formats (including OASIS and the Voting Information Project), academics, and others with related work.
I believe this workshop comes in the right time, we really need a common data format. Actually, there are too many different formats, each vendor use its own one for final reports, configuration files and communication messages. So far, not only Interoperability is a dream but also integratability is very far from the current voting systems. EML seems to be the far light and the common criteria for each system, but it is also very huge. Just to let a little flavour, EML takes care about four big set:
- Transactions (Pre-election, Election and Post-election)
- Specification (otlines voting process, identifies data requirenments, contains glossary of term, addresses security issues, overview aof the XML schemas)
- Data Dictionary (Defines all exchanged data componets)
- XML Schema (Family of 38 components, 29 specific exchange schema, 2 new US driven schema developed for UML 6.0 )
In addition we ha to remember that laws are different from state to state and EML may permit to do something which maybe it's forbidden in some states. On the other side of the coin we cannot implement different EML's slangs... we'll back to the present situation. Moreover US' precincts are so different, some are huge like LA (millions of voters) and other ones are small (hundred of voters) and they use different kind of voting systems. This is another issue, it's difficult to figure out a so much general Data Format able to satisfy each precinct.
- Transactions (Pre-election, Election and Post-election)
- Specification (otlines voting process, identifies data requirenments, contains glossary of term, addresses security issues, overview aof the XML schemas)
- Data Dictionary (Defines all exchanged data componets)
- XML Schema (Family of 38 components, 29 specific exchange schema, 2 new US driven schema developed for UML 6.0 )
In addition we ha to remember that laws are different from state to state and EML may permit to do something which maybe it's forbidden in some states. On the other side of the coin we cannot implement different EML's slangs... we'll back to the present situation. Moreover US' precincts are so different, some are huge like LA (millions of voters) and other ones are small (hundred of voters) and they use different kind of voting systems. This is another issue, it's difficult to figure out a so much general Data Format able to satisfy each precinct.
So, let's go ! We have a lot to do to improve our democracy.
Hi Folks,
today I wanna point out this amazing project called DVWA (Damn Vulnerable Web App) developed by Ryan Dewhurst.
The"camera-shy" presentation :D is here :
And here the well-done "how to install and set up" DVWA.
As you probably know I've written some Vulnerable Challenges and some Hacking Missions around theglobe (especially cesena.ing2.unibo.it) but the great idea of this guy is the "View Code" button which shows where is the bug inside the code.
Good job man, and if you need help please feel free to contact me.
today I wanna point out this amazing project called DVWA (Damn Vulnerable Web App) developed by Ryan Dewhurst.
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
The"camera-shy" presentation :D is here :
And here the well-done "how to install and set up" DVWA.
As you probably know I've written some Vulnerable Challenges and some Hacking Missions around theglobe (especially cesena.ing2.unibo.it) but the great idea of this guy is the "View Code" button which shows where is the bug inside the code.
Good job man, and if you need help please feel free to contact me.
Hi folks,
today I wanna point out this nice article written by Fabio Semperboni for CiscoZine (his blog..). The paper describes in a easy and intuitive way how the BPDU attack works and finally it describes a possible network based solution.
today I wanna point out this nice article written by Fabio Semperboni for CiscoZine (his blog..). The paper describes in a easy and intuitive way how the BPDU attack works and finally it describes a possible network based solution.
Via Wired:
America’s spy agencies want to read your blog posts, keep track of your Twitter updates — even check out your book reviews on Amazon.
In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ”open source intelligence” — information that’s publicly available, but often hidden in the flood of TV shows, newspaper articles, blog posts, online videos and radio reports generated every day.
It's amazing to see my associates on video !
This is definitely one of the best "knowledge base" video ever.
Enjoy it.
NIST Computer Security Division.
This is definitely one of the best "knowledge base" video ever.
Enjoy it.
NIST Computer Security Division.
Hey folks,
today my big news is about "the rat brain". Yea, some researchers in University of Reading (UK) build one of the first prototypes of robots working with true "animal" cells. Here the main page of the project
Here the video:
That's awesome and it seems to have infinite way to be utilized. Let's think about security, like for example patterns recognition (like CAPTCHA) or Intrusion Systems or again Intelligent HoneyNet able to follow perceptively attacks trees and so forth. Apply "Brain Computing" ( "Neural Systems" .. or whatever they call it) will be the next big challenge for security engineers, and maybe the biggest challenge ever for hacking communities.
Hi Folks,
this weekend I've been involved in a interesting Windows Forensic Analysis Process. There are lots of Forensic Analysis tools around here (just ask google to see a couple of that), but in some scenarios, like for example scenarios where you wont shutdown the machine, you might find some troubles to install new security tools because some malware make it impossible.
In these and other situations is still useful knowing where Auto Start Locations are in Windows XP and Windows VISTA (I dunno yet Windows 7, and for older Windows these location might be different).
Reading different blogs, forum and some good book, I learned some interesting places where find out malware and viruses,and today I wanna point out these interesting places where the penetrator should investigate. I don't think the following list complete, but anyway... stay tuned for more upgrades.
Some useful variables to make the list shorter:
HKLM : HKEY_LOCAL_MACHINE
HKCU : HKEY_CURRENT_USER
HKCR : HKEY_CLASSES_ROOT
%windir% : The Windows Directory. Can be C:Windows or C:WINNT or anything, depending on the location, the OS & the customization of the OS!
%USERPROFILE% : Normally is C:Documents and Settings, depending on the installation location.
%ALLUSERSPROFILE% : Normally is C:Documents and SettingsAll Users, depending on the installation location.
Register locations:
1. HKLMSystemCurrentControlSetControlTerminal ServerWdsrdpwdStartupPrograms
2. HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonAppSetup
3. HKLMSoftwarePoliciesMicrosoftWindowsSystemScriptsStartup
4. HKCUSoftwarePoliciesMicrosoftWindowsSystemScriptsLogon
5. HKLMSoftwarePoliciesMicrosoftWindowsSystemScriptsLogon
6. HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit
7. HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemShell
8. HKCUSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell
9. HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemShell
10. HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell
11. HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonTaskman
12. HKLMSOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRunonce
13. HKLMSOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRunonceEx
14. HKLMSOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun
15. HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
16. HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunOnceEx
17. HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunOnce
18. HKCUSoftwareMicrosoftWindows NTCurrentVersionWindowsLoad
19. HKCUSoftwareMicrosoftWindows NTCurrentVersionWindowsRun
20. HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerRun
21. HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun
22. HKCUSoftwareMicrosoftWindowsCurrentVersionRun
23. HKCUSoftwareMicrosoftWindowsCurrentVersionRunOnce
24. HKCUSoftwareMicrosoftWindowsCurrentVersionRunOnceSetup
25. HKCUSOFTWAREMicrosoftWindows NTCurrentVersionTerminal
ServerInstallSoftwareMicrosoftWindowsCurrentVersionRunonce
26. HKCUSOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRunonceEx
27. HKCUSOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun
28. HKLMSOFTWAREClassesProtocolsFilter
29. HKLMSOFTWAREClassesProtocolsHandler
30. HKCUSOFTWAREMicrosoftInternet ExplorerDesktopComponents
31. HKLMSOFTWAREMicrosoftActive SetupInstalled Components
32. HKCUSOFTWAREMicrosoftActive SetupInstalled Components
33. HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler
34. HKLMSOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad
35. HKCUSOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad
36. HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks
37. HKCUSoftwareClasses*ShellExContextMenuHandlers
38. HKLMSoftwareClasses*ShellExContextMenuHandlers
39. HKCUSoftwareClassesAllFileSystemObjectsShellExContextMenuHandlers
40. HKLMSoftwareClassesAllFileSystemObjectsShellExContextMenuHandlers
41. HKCUSoftwareClassesFolderShellExContextMenuHandlers
42. HKLMSoftwareClassesFolderShellExContextMenuHandlers
43. HKCUSoftwareClassesDirectoryShellExContextMenuHandlers
44. HKLMSoftwareClassesDirectoryShellExContextMenuHandlers
45. HKCUSoftwareClassesDirectoryBackgroundShellExContextMenuHandlers
46. HKLMSoftwareClassesDirectoryBackgroundShellExContextMenuHandlers
47. HKCUSoftwareClassesFolderShellexColumnHandlers
48. HKLMSoftwareClassesFolderShellexColumnHandlers
49. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellIconOverlayIdentifiers
50. HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerShellIconOverlayIdentifiers
51. HKCUSoftwareMicrosoftCtfLangBarAddin
52. HKLMSoftwareMicrosoftCtfLangBarAddin
53. HKCUSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
54. HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
55. HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
56. HKCUSoftwareMicrosoftInternet ExplorerUrlSearchHooks
57. HKLMSoftwareMicrosoftInternet ExplorerToolbar
58. HKCUSoftwareMicrosoftInternet ExplorerExplorer Bars
59. HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars
60. HKCUSoftwareMicrosoftInternet ExplorerExtensions
61. HKLMSoftwareMicrosoftInternet ExplorerExtensions
62. HKLMSystemCurrentControlSetServices
63. HKLMSystemCurrentControlSetServices
64. HKLMSystemCurrentControlSetControlSession ManagerBootExecute
65. HKLMSystemCurrentControlSetControlSession ManagerSetupExecute
66. HKLMSystemCurrentControlSetControlSession ManagerExecute
67. HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options
68. HKLMSoftwareMicrosoftCommand ProcessorAutorun
69. HKCUSoftwareMicrosoftCommand ProcessorAutorun
70. HKLMSOFTWAREClassesExefileShellOpenCommand(Default)
71. HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppinit_Dlls
72. HKLMSystemCurrentControlSetControlSession ManagerKnownDlls
73. HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSystem
74. HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUIHost
75. HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify
76. HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGinaDLL
77. HKCUControl PanelDesktopScrnsave.exe
78. HKLMSystemCurrentControlSetControlBootVerificationProgramImagePath
79. HKLMSystemCurrentControlSetServicesWinSock2ParametersProtocol_Catalog9
80. HKLMSYSTEMCurrentControlSetControlPrintMonitors
81. HKLMSYSTEMCurrentControlSetControlSecurityProvidersSecurityProviders
82. HKLMSYSTEMCurrentControlSetControlLsaAuthentication Packages
83. HKLMSYSTEMCurrentControlSetControlLsaNotification Packages
84. HKLMSYSTEMCurrentControlSetControlLsaSecurity Packages
85. HKLMSYSTEMCurrentControlSetControlNetworkProviderOrder
86. HKCUSoftwareMicrosoftWindows NTCurrentVersionWindowsload
87. HKCRbatfileshellopencommand @=""%1" %*"
88. HKCRcomfileshellopencommand @=""%1" %*"
89. HKCRexefileshellopencommand @=""%1" %*"
90. HKCRhtafileShellOpenCommand @=""%1" %*"
91. HKCRpiffileshellopencommand @=""%1" %*"
92. HKLMSoftwareClassesbatfileshellopencommand
93. HKLMSoftwareClassescomfileshellopencommand
94. HKLMSoftwareClassesexefileshellopencommand
95. HKLMSoftwareClasseshtafileshellopencommand
96. HKLMSoftwareClassespiffileshellopencommand
97. HKLMSystemCurrentControlSetControlClass{4D36E96B-E325-11CE-BFC1-08002BE10318}UpperFilters
98. HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonVmApplet
99. HKLMSoftwareMicrosoftWindows NTCurrentVersionInitFileMapping
100. HKLMSoftwareMicrosoftWindows NTCurrentVersionAedebug
101. HKLMSoftwareClassesCLSID{CLSID}Implemented Categories{00021493-0000-0000-C000-000000000046}
102. HKLMSoftwareClassesCLSID{CLSID}Implemented Categories{00021494-0000-0000-C000-000000000046}
103. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.batApplication
104. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cmdApplication
105. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.comApplication
106. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.exeApplication
107. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htaApplication
108. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pifApplication
109. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.scrApplication
110. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.batProgID
111. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cmdProgID
112. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.comProgID
113. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.exeProgID
114. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htaProgID
115. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pifProgID
116. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.scrProgID
117. HKLMSoftwareCLASSESbatfileshellopencommand @=""%1" %*"
118. HKLMSoftwareCLASSEScomfileshellopencommand @=""%1" %*"
119. HKLMSoftwareCLASSESexefileshellopencommand @=""%1" %*"
120. HKLMSoftwareCLASSEShtafileShellOpenCommand @=""%1" %*"
121. HKLMSoftwareCLASSESpiffileshellopencommand @=""%1" %*"
122. HKCRvbsfileshellopencommand
123. HKCRvbefileshellopencommand
124. HKCRjsfileshellopencommand
125. HKCRjsefileshellopencommand
126. HKCRwshfileshellopencommand
127. HKCRwsffileshellopencommand
128. HKCRscrfileshellopencommand
129. HKLMSoftwareMicrosoftActive SetupInstalled ComponentsKeyNameStubPath=C:PathToFileFilename.exe
Folders Locations
1. %ALLUSERSPROFILE%Start MenuProgramsStartup
2. %USERPROFILE%Start MenuProgramsStartup
3. %windir%Tasks
4. %windir%System32Tasks - Windows Vista
5. %ALLUSERSPROFILE%MicrosoftWindowsStart MenuProgramsStartup
6. %USERPROFILE%AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Hey Folks,
today I wanna point out this great article made by InvisibleThings. I just "cut'nPaste" the original one (from Friday October 16).
For more detail please see the InvisibleThings home page.
Enjoy your hack
today I wanna point out this great article made by InvisibleThings. I just "cut'nPaste" the original one (from Friday October 16).
Let’s quickly recap the Evil Maid Attack. The scenario we consider is when somebody left an encrypted laptop e.g. in a hotel room. Let’s assume the laptop uses full disk encryption like e.g. this provided by TrueCrypt or PGP Whole Disk Encryption.
Many people believe, including some well known security experts, that it is advisable to fully power down your laptop when you use full disk encryption in order to prevent attacks via FireWire/PCMCIA or ”Coldboot” attacks.
So, let’s assume we have a reasonably paranoid user, that uses a full disk encryption on his or her laptop, and also powers it down every time they leave it alone in a hotel room, or somewhere else.
Now, this is where our Evil Maid stick comes into play. All the attacker needs to do is to sneak into the user’s hotel room and boot the laptop from the Evil Maid USB Stick. After some 1-2 minutes, the target laptop’s gets infected with Evil Maid Sniffer that will record the disk encryption passphrase when the user enters it next time. As any smart user might have guessed already, this part is ideally suited to be performed by hotel maids, or people pretending to be them.
So, after our victim gets back to the hotel room and powers up his or her laptop, the passphrase will be recorded and e.g. stored somewhere on the disk, or maybe transmitted over the network (not implemented in current version).
Now we can safely steal/confiscate the user’s laptop, as we know how to decrypt it. End of story.
For more detail please see the InvisibleThings home page.
Enjoy your hack
Hey folks,
during these two days (13 and 14) I've been involved in E2E voting system workshop in Marvin Center @ George Washington University. The workshop was really interesting because there were lots of different cultures, like for example "University Staff", "Poll Workers", and "Usability People", that explained the same problems in different point of views.
What I liked more were the two "thinking panel" (aka: where the E2E voting science is going...) because well known people like Ron Rivest and David Chaum have given their futuristic vision and, unbelievably, it was clear and well detailed.
After the two main panels I spoke for few minutes with them, and I'm extremely grateful to both of them to have participated at our WorkShop.
during these two days (13 and 14) I've been involved in E2E voting system workshop in Marvin Center @ George Washington University. The workshop was really interesting because there were lots of different cultures, like for example "University Staff", "Poll Workers", and "Usability People", that explained the same problems in different point of views.
What I liked more were the two "thinking panel" (aka: where the E2E voting science is going...) because well known people like Ron Rivest and David Chaum have given their futuristic vision and, unbelievably, it was clear and well detailed.
After the two main panels I spoke for few minutes with them, and I'm extremely grateful to both of them to have participated at our WorkShop.
I wrote another article for Security & Privacy magazine.
It should be published in the November/December issue .The title will be "Frightened By Links". And this is the Abstract:
And this is the main example of the paper.
Comments are appreciated. Thank you.
It should be published in the November/December issue .The title will be "Frightened By Links". And this is the Abstract:
This article describes a recent attack trend called ClickJacking, aiming at the exploitation of hyperlinks as the attack vehicle.
This article introduces the reader to the attack concept and to the possible ways to implement it, by means of some practical
example. Then it discuss the detectability of this attack.
And this is the main example of the paper.
Comments are appreciated. Thank you.
These guys presented at UIST 2009 an amazing biometric typing security "engine".This software records your typing style including the time between keystrokes, the time keys are held, and key pressure data. This information is then normalized and compared to the information stored about the user when the password was originally set. If you don’t fall within specifications that match the stored data, you won’t get in even with the right password.
UIST (ACM Symposium on User Interface Software and Technology) is the premier forum for innovations in the software and technology of human-computer interfaces. Sponsored by ACM's special interest groups on computer-human interaction (SIGCHI) and computer graphics (SIGGRAPH), UIST brings together researchers and practitioners from diverse areas that include traditional graphical & web user interfaces, tangible & ubiquitous computing, virtual & augmented reality, multimedia, new input & output devices, and CSCW. The intimate size, the single track, and comfortable surroundings make this symposium an ideal opportunity to exchange research results and implementation experiences.
I was not surprised to read this result fom damballa.
The net result is that these smallest botnets efficiently evade detection and closure by staying below the security radar and relying upon botnet masters that have a good understanding of how the enterprise functions internally. As such, they’re probably the most damaging to the enterprise in the longterm.
Finally after some years of bog I decided to put on google Ad.
I've been never interested on that but I know that sometime you can earn coffee money, so I decided to try. Maybe after one or two month I'll get a coffee payed from Google :D ... who knows ?!
Anyway after a while I thought: "Hey man, his is easy to cheat !, it's probably enough a clicker boot !". Suddenly after 2 r 3 google clicks :D, I found this old, but still interesting post about that: How To Get Banned From Google Adsense.
So I just want to copy and paste it here:
Keep in mind that these are HOW TO GET BANNED. In other words, this is a “DO NOT” list if you don’t want your adsense account to be disabled .1. Ignore Adsense Program Policies & TOS2. Click on your own ads, specially those you are “genuinely interested” in. Ask people to click on your ads: your friends, your family members, your relatives, your visitors, or even your dogs or your cats. Use proxies to avoid detection.3. Participate in some form of click-ring. Click-rings are groups of people who gather with consensus to click each others’ ads. Most commonly used methods are Yahoo Groups, instant messenger, mail list, web forum, or specially written software.4. Buy, write, or use click-bot software. Click-bot software will go around your site and click on your ads. Most of the times, these click-bots are using proxies to avoid detection.5. Pay the Indian-clickers. These are the people whose main jobs are clicking on PPC advertisements and paid by the malicious publishers. Most of them are from developing countries like India or China.6. “Invest” with websites that promises to deliver “adsense clicks” for your site. Whatever methods they are using, most likely it falls under one of the aboves.7. Extra words to make your visitors to notice your ads. Write “Click here” or “Please support us” or “Visit our sponsors”. Anything other than Google-approved “sponsored links” or “advertisements”.8. Put in as many ads as possible in every page. Put more than three units of the normal ads block, more than one unit of ads links, or more than one referral buttons for each adsense, adwords, and firefox; all in one page.9. Use spyware to get traffics to your site. Spyware, adware, malware, or whatever it is called can force computer users to open your website everytime they start the computer. Or even better, use some kind of specially written software, toolbar, etc to display or click on your ads.10. Use pop-ups on your website. Everytime your user open a page, pop-up another one, ideally with the smiley or the IQ Test advertisements.11. Get as much un-targetted traffic as possible, for instance using the auto-surfing programmes to rotate the members around your site and other sites.12. Put the adsense code in non-content pages: registration forms, term and condition, login page.13. Have a competitor contextual ad on same page with adsense ads, for example Yahoo Publisher Network. Please note though that non-contextual ads, e.g. affiliate links or keyword-based ads are acceptable by google and won’t get you banned.14. Get more than one adsense account. Maybe one for your dog-site, one for your cat-site, one for the v1agra pills, one for mp3 download, etc.15. Put your adsense code in email the email, usenet, RSS, etc.16. Tell everyone what is your CTR, your page impressions, etc. Telling people about your total earning, unfortunately, is allowed.17. Put Google logo where you shouldn’t, and don’t put the logo where you should. In other word, ignore Google trademark.18.Modify Adsense code as you see fit. Modify the layout, color, URL, will be well. Just anything other than copy-and-paste the code from Google.19.And, this is important: if and when Google Adsense Team sends you email, ignore it.20.Put adsense codes in the banned contents
That's weird, how does Google know all that ? :)
Hi folks,
this week I suggest this amazing reading on "Return Oriented Programming" by 6 researchers from Princeton University, University of California @ San Diego and University of Michigan.
Viao h-online
this week I suggest this amazing reading on "Return Oriented Programming" by 6 researchers from Princeton University, University of California @ San Diego and University of Michigan.
The researchers used a clever trick to achieve this. In the existing code, they searched for short code sequences that end in a RET instruction. The RET instructions retrieves an address from the stack and jumps to this address. Using an ingeniously crafted stack consisting of the addresses of suitable code snippets, the researchers can recreate almost arbitrary programs. They created the required stack with a conventional buffer overflow in the existing program code. The program's next RET instruction consequently triggers a series of RETs which eventually executes the code that manipulates the election result according to the attackers wishes. The researchers have called their ingenious exploit technique "Return-oriented Programming".
Viao h-online
Subscribe to:
Posts (Atom)
Posts
