img source: wearecentralpa.com

My email used to be bombarded with spam or phising emails either for Paypal, Maybank or CIMB and sometimes Amazon as well. Usually these emails are in the same format (sometimes even same wordings), same email subject and lil bit different header images and of cause different sender address. But today (the email actually received yesterday but I only open my trusted Thunderbird today) the content is lil bit different, convincing enough and yeah even the sender address seems like from legitimate source for the unsuspecting users.

(more…)

Pic source: kellepcharles.blogspot.com

Greeting guys..

I’ve spent the past two weeks getting the draft for forensic readiness policy complete for submission to our client in Indonesia. To be honest this time around I need to assist our sister company there in designing an SOC for that particular client. In sense of security policy, bulk of the task was done by my colleague there. She’s very good in integrating the client’s security policies into ours. I really impressed with her works tho

(more…)

Recently one of my friends performed penetration testing on one of our client’s networks. Well most of the times the penetration testing will be done based on “white box” testing technique and yeah sometimes the client of cause request “black box” technique as well. And sometimes we just performed both of these techniques also. During the “black box” session, he mentioned that it seems that this particular client has some sort of content filtering device or mechanism that managed to block most of his attack assessment techniques. I assume that this client has an IPS installed on their network. No, this is not IPS bashing posting from me OK?

(more…)

http://www.linux.org.au/projects/grants/

Nowadays, either people are getting lazier than before or the technology is becoming too convenient  for us. We used to go to the bank for financial matters, to respective utility companies for settling our monthly utility bills, go to the shop/mall for shopping. Now everything (mostly) can be done via click of the mouse. In fact wifey once bought  traditional food/cookies via internet and that goodies were sent via Pos Laju. By the time we receive that particular parcel, I think some of the cookies were not in their original shape and crushed

And recently I received this in one of the posts comment section awaiting to be approved by me

(more…)

I think somewhere around January, I did mention to my colleagues on the possible rise of cybercrime cases due to the world economy crisis. There will be more spam email than before, more phising emails than before and yes, this time the target has been shifted to client or user side Why? Because it is a “lucrative”, often overlooked, less controlled and high in numbers. Instead of controlling few servers in that particular organisation (and difficult as well because most of the times these servers will be highly protected, monitored as those machines are in the high priority list ) why not just concentrate on the users. 1% of let say 1000 users is not bad eh? My friend mel posted one of the trick of misleading the users at security.org.my

(more…)

It seems that my previous posting did offend some people. I want to take this opportunity to say sorry to whoever offended either directly or indirectly by that post and there are no malicious intentions in it. As most of the people in this particular industry I can call them as my friends and professional colleagues. But with that in mind, these people also entitled for their comments, views and opinions.

(more…)

http://www.dailystrength.org/people/110944/photos-videos/item/293887

As usual, Monday is a very bad day for me. Dun ask me why but perhaps I’m watching /reading too much Garfield and influenced by this fat lazy but adorable cat obsession on hating Mondays . So while doing my usual Monday activities (this of cause after reading my emails especially the ones in the inbox as I’ve filtered other emails to their respective mailing list folders, so the ones arrived in the Inbox are usually meant for me personally:)), one of my friends “buzzing” me via one of the Internet Messenger clients.

(more…)

My friend’s gave a presentation on the mod_security usage last few weeks to a group of users from the government. In his presentation he gave a demo on how mod_security managed to prevent “blind sql injection” attacks on the application run on mod_security enabled web engine. He even received a thunderous applaud from the audience once he concluded his presentation. However one of the attendees asked one good question afterward.

“My friend said you do not need to installed any WAF (web application firewall). All you need to do is fine tune the firewall filtering policies and that’s it.”

(more…)

Again.. Sorry for the long Hiatus.. Anyway I did received an email from one of my friends at CyberSecurity Malaysia..

“maybe u can pos something useful & reminder in your blog & security.org.my to remind your blog visitors bout this malware.
thanks bro..”

Ahhh the link.. http://www.mycert.org.my/en/services/advisories/mycert/2009/main/detail/647/index.html

Yeah guys.. This ain’t no HOAX. In fact, there are few entries in SANS Handler’s diary regarding the increase of DNS polling performed by the infamous Conficker or Dowandup (from 250 different domain names per day to 500 ).

Read it here : April 1st – What Will Really Happen?

Btw Felix Leder, Tillmann Werner of The HoneyNet Project produced one good writeup “Containing Conficker“. I recommend you guys to download that paper and read it. Also read another good writeup of Conficker variants by SRI here.

Also you can now identify possible Conficker infected machines by performing network scanning via NMAP or NESSUS.

For NESSUS the related plugin description :PluginID 36036

How to scan using NMAP can be read from this site : www.skullsecurity.org

For removal instructions and tools, just follow the links provided in special Conficker page at Dshield site.

There you go folks. Sorry it’s lil bit late and yeah I’m lil bit tight right now..

p/s: Btw my friend mel already post an entry regarding Conficker worm at security.org.my

Dun know about you guys but during my time (not that long ago lah), the only avenues for me to test my newly acquired skills and tools (most of the time to test the tools and scripts -yeah I used to be a script kiddie ) are servers, websites, routers belong to other people. Ahh forgot to mention that I used to test these tools on other PCs in the CyberCafe as well . In that time also IRC chatrooms can be the testing ground and learning centre as well. Mind you that at that time, VMWare just founded and the first product (VMWare Workstation) only delivered a year later Nowadays  you only need a PC/laptop, internet browser (for WIMP users, no worries on this part) and you dun even have to be connected. Thanks to OWASP’s WebGoat Project

(more…)