Category Archives: Sh*ts

Indexing HTTPS pages by default

December 18, 2015Sh*tsgoogle, SEO, serpPF

At Google, user security has always been a top priority. Over the years, we’ve worked hard to promote a more secure web and to provide a better browsing experience for users. Gmail, Google search, and YouTube have had secure connections for some time, and we also started giving a slight ranking boost to HTTPS URLs in search results last year. Browsing the web should be a private experience between the user and the website, and must not be subject to eavesdropping, man-in-the-middle attacks, or data modification. This is why we’ve been strongly promoting HTTPS everywhere.

As a natural continuation of this, today we’d like to announce that we’re adjusting our indexing system to look for more HTTPS pages. Specifically, we’ll start crawling HTTPS equivalents of HTTP pages, even when the former are not linked to from any page. When two URLs from the same domain appear to have the same content but are served over different protocol schemes, we’ll typically choose to index the HTTPS URL if:

It doesn’t contain insecure dependencies.

It isn’t blocked from crawling by robots.txt.

It doesn’t redirect users to or through an insecure HTTP page.

It doesn’t have a rel=”canonical” link to the HTTP page.

It doesn’t contain a noindex robots meta tag.

It doesn’t have on-host outlinks to HTTP URLs.

The sitemaps lists the HTTPS URL, or doesn’t list the HTTP version of the URL

The server has a valid TLS certificate.

Although our systems prefer the HTTPS version by default, you can also make this clearer for other search engines by redirecting your HTTP site to your HTTPS version and by implementing the HSTS header on your server.

We’re excited about taking another step forward in making the web more secure. By showing users HTTPS pages in our search results, we’re hoping to decrease the risk for users to browse a website over an insecure connection and making themselves vulnerable to content injection attacks. As usual, if you have any questions or comments, please let us know in the comments section below or in our webmaster help forums.

Source http://googlewebmastercentral.blogspot.ch/2015/12/indexing-https-pages-by-default.html

Instagram’s Million Dollar Bug

December 17, 2015Sh*tsbug, hack, instagram, sensu, whitehackPF

account-login

Someone has found an ONE MILLION DOLLAR BUG…
but looks like facebook doesn’t want to pay him…

read all about it at http://exfiltrated.com/research-Instagram-RCE.php

A Secret Catalogue of Government Gear for Spying on Your Cellphone

December 17, 2015Sh*tsgsm, hack, mobilePF

TSSC_CatalogueCTA_01_thumb

The Intercept is a Fearless, adversarial journalism.
Today they released a article named

A Secret Catalogue of Government Gear for Spying on Your Cellphone

I’m really not into this kinda sh*ts but we need to know what the fuck is going on around us.

More readings

How to intercept mobile communications (calls and messages) easily without hacking

https://theintercept.com/document/2015/12/17/government-cellphone-surveillance-catalogue/
http://www.wired.com/2015/10/stingray-government-spy-tools-can-record-calls-new-documents-confirm/
https://oversight.house.gov/wp-content/uploads/2015/10/15-3959-S2-DHS-Signed-Policy-Directive-047-02-Use-of-Cell-Site-Simulator-Tech.pdf
http://www.wired.com/1996/02/catching/

iphone – copy to clipboard, without flash

December 17, 2015Sh*ts, Utilitiesclipboard, copy, iphonePF

I’m tweaking a webapp for a client and he wants a button to copy some text to clipboard – mainly for mobile devices -.
This shit works!
On desktop browsers it works, on Chrome for Iphone, it selects the text inside the text-area and shows the native copy&past menu from the browser..

http://clipboardjs.com/

New server… data imported

November 28, 2015Sh*tsPF

Some data has been copied to the new server!

The source server didn’t allowed rsync ’cause it was a cpanel environment…

Captura de ecrã 2015-11-27, às 20.40.37

wget -m -c ftp://username:password@host/folder

the end looks like this…

FINISHED --2015-11-27 21:41:31--
Total wall clock time: 4h 6m 50s
Downloaded: 8286 files, 12G in 3h 0m 38s (1.11 MB/s)

Intel Xeon E3 1225v2, 32GB DDR3, 2x 2 TB SATA

November 27, 2015Sh*tsPF

Got a new server today.

3759

Continue reading Intel Xeon E3 1225v2, 32GB DDR3, 2x 2 TB SATA →

Microsoft’s Software is Malware

November 25, 2015Big Data, Linux, Sh*tsbackdoor, malware, microsoft, nsa, privacyPF

Microsoft Back Doors

Microsoft Windows has a universal back door through which any change whatsoever can be imposed on the users.More information on when this was used.
In Windows 10, the universal back door is no longer hidden; all “upgrades” will be forcibly and immediately imposed.

Windows 8 also has a back door for remotely deleting apps.You might well decide to let a security service that you trust remotely deactivate programs that it considers malicious. But there is no excuse for deleting the programs, and you should have the right to decide who (if anyone) to trust in this way.

Windows 8’s back doors are so gaping that the German government has decided it can’t be trusted.

Microsoft Sabotage

The wrongs in this section are not precisely malware, since they do not involve making the program that runs in a way that hurts the user. But they are a lot like malware, since they are technical Microsoft actions that harm to the users of specific Microsoft software.

Microsoft is repeatedly nagging many users to install Windows 10.

Microsoft informs the NSA of bugs in Windows before fixing them.

Microsoft cut off security fixes for Windows XP, except to some big users that pay exorbitantly.Microsoft is going to cut off support for some Internet Explorer versions in the same way.
A person or company has the right to cease to work on a particular program; the wrong here is Microsoft does this after having made the users dependent on Microsoft, because they are not free to ask anyone else to work on the program for them.

Microsoft Surveillance

Windows 10 ships with default settings that show no regard for the privacy of its users, giving Microsoft the “right” to snoop on the users’ files, text input, voice input, location info, contacts, calendar records and web browsing history, as well as automatically connecting the machines to open hotspots and showing targeted ads.

Windows 10 sends identifiable information to Microsoft, even if a user turns off its Bing search and Cortana features, and activates the privacy-protection settings.

Microsoft uses Windows 10’s “privacy policy” to overtly impose a “right” to look at users’ files at any time. Windows 10 full disk encryption gives Microsoft a key.Thus, Windows is overt malware in regard to surveillance, as in other issues.
We can suppose Microsoft look at users’ files for the US government on demand, though the “privacy policy” does not explicit say so. Will it look at users’ files for the Chinese government on demand?

The unique “advertising ID” for each user enables other companies to track the browsing of each specific user.

It’s as if Microsoft has deliberately chosen to make Windows 10 maximally evil on every dimension; to make a grab for total power over anyone that doesn’t drop Windows now.

Windows 10 requires users to give permission for total snooping, including their files, their commands, their text input, and their voice input.

Spyware in Windows: Windows Update snoops on the user. Windows 8.1 snoops on local searches. And there’s a secret NSA key in Windows, whose functions we don’t know.

Microsoft SkyDrive allows the NSA to directly examine users’ data.

Microsoft DRM

DRM (digital restrictions mechanisms) in Windows, introduced to cater to Bluray disks. (The article also talks about how the same malware would later be introduced in MacOS.)

Microsoft Jails

Windows 8 on “mobile devices” is a jail: it censors the user’s choice of application programs.

Microsoft Tyrants

Mobile devices that come with Windows 8 are tyrants: they block users from installing other or modified operating systems.

As this page shows, if you do want to clean your computer of malware, the first software to delete is Windows.

Source: www.gnu.org/philosophy/malware-microsoft.html

Multiple Google ReCaptcha on a simple page

November 24, 2015Sh*tscaptcha, recaptchaPF

HTML

<form>
    <h1>Form 1</h1>
    <div><input type="text" name="field1" placeholder="field1"></div>
    <div><input type="text" name="field2" placeholder="field2"></div>
    <div id="RecaptchaField1"></div>
    <div><input type="submit"></div>
</form>

<form>
    <h1>Form 2</h1>
    <div><input type="text" name="field3" placeholder="field3"></div>
    <div><input type="text" name="field4" placeholder="field4"></div>
    <div id="RecaptchaField2"></div>
    <div><input type="submit"></div>
</form>

JavaScript part

<script type="text/javascript">
    var CaptchaCallback = function(){
        grecaptcha.render('RecaptchaField1', {'sitekey' : '6Lc_your_site_key'});
        grecaptcha.render('RecaptchaField2', {'sitekey' : '6Lc_your_site_key'});
    };
</script>

recaptcha script url

<script src="//www.google.com/recaptcha/api.js?onload=CaptchaCallback&render=explicit" async defer></script>

Source

http://stackoverflow.com/questions/1241947/how-do-i-show-multiple-recaptchas-on-a-single-page

How to center Google Recapcha

November 22, 2015Sh*tsPF

Continue reading How to center Google Recapcha →

instagram – html link to open on instagram

November 19, 2015Sh*tsPF

link to open instagram app
<a href = “instagram://app”>open instagram</a>

link to open instagram on camera mode
<a href = “instagram://camera”>open instagram on camera mode</a>

link to open instagram on a mobile device library
~~<a href = “instagram://library”>open instagram on device’s library</a>~~

link to open instagram on a user’s profile
<a href = “instagram://user?username=pjrfigueiredo”>pjrfigueiredo profile</a>

link to open instagram on a location id
<a href = “instagram://location?id=1”>some location</a>
- How to get a location id?
  http://stackoverflow.com/questions/26645645/where-i-can-find-location-id-of-location-when-using-instagram-api

link to open instagram on a specific media (photo)
<a href = “instagram://media?id=1114062050188371922_213108624”>a photo that i’v toke</a>
- How to get the media id?
  http://instagram.com/publicapi/oembed/?url=https://www.instagram.com/p/918Yg3OKfS

Continue reading instagram – html link to open on instagram →

digitalwhores.net

yet, another geek blog

Category Archives: Sh*ts

Indexing HTTPS pages by default

Instagram’s Million Dollar Bug

A Secret Catalogue of Government Gear for Spying on Your Cellphone

A Secret Catalogue of Government Gear for Spying on Your Cellphone

iphone – copy to clipboard, without flash

New server… data imported

Intel Xeon E3 1225v2, 32GB DDR3, 2x 2 TB SATA

Microsoft’s Software is Malware

Microsoft Back Doors

Microsoft Sabotage

Microsoft Surveillance

Microsoft DRM

Microsoft Jails

Microsoft Tyrants

Multiple Google ReCaptcha on a simple page

HTML

JavaScript part

recaptcha script url

Source

How to center Google Recapcha

instagram – html link to open on instagram