Analyst Journal @ 10 Mar 2009 08:25 pm by ayoi
Ok, ok. This post is not a rebuttal, condemning or criticizing anyone. It is more on knowledge sharing for those who didn’t know or perhaps who didn’t get the clear picture on the topic 
Btw I hope this post will indicate where I do stand and the reason why on recently hotly debated matters with this group of talented people here. So, what the hell is Full Disclosure?
Analyst Journal @ 02 Mar 2009 07:06 pm by ayoi
It’s quite unusual for me to post anything on Monday nowadays. Perhaps because most of the time I’ve to attend meetings/discussions etc (update: Just finished one meeting 
). Btw Monday also is the day when I spent most of my working time on reading news/articles/whitepapers and other stuff as well in order to get into the working mood. But then during my usual tour of blog/security websites, I came across some interesting postings (it’s one of the comments actually) at security.org.my which is managed by my friends, geek00l (he is getting busier these days and I do love to hear on the outcome of Honeynet meetings that he attended) and Mr.Mel
Analyst Journal @ 24 Feb 2009 05:02 pm by ayoi
Well as Maybank has the largest (I assume) customer in Malaysia and most of them (including me) utilize the online services offered by this bank, of cause these customers will be the main target of phising attempt. Nowadays, the phisers not only want the identity and authentication to access the online portal account, but also the TAC (Transaction Authorization Code). So what are the functions of this TAC numbers? Based on the Maybank website
“TAC is not used for login but for specific transactions and types of activities. TAC will expire after 2 hours if you do not use it, upon request. Once it is activated, you may still use it for another 2 hours. You may perform several transactions with the same TAC” Now you know why the phisers really want the TAC number..
Analyst Journal @ 20 Feb 2009 05:16 pm by ayoi
Finally today I have something to laugh about after a not so good start for the day. First it seems that my twins Adam and Ariff contracted with Chicken Pox which means that we need to scrap the PD trip again. First, because of Iman and her chicken pox which make my father to have another round of PD trip that suppose to be this week. With the current development, I think perhaps my daughters should make the trip while me, wifey and our maid will stay at home and look after the twins. Then wifey called regarding some of the problems that she faced at the office. Anyway, an email that I received from one of our clients really cheer me up…
Analyst Journal @ 19 Feb 2009 05:13 pm by ayoi
Most of the times, I commute to work by LRT (Light Rail Transit) where from my house I will take the STAR LRT route from Sri Petaling Station to Masjid Jamek. From there I will use the PUTRA (Or now they call it Kelana Jaya Line). The best thing of using public transport is you have the chance to observe and yes perform some information gathering activities and in my case usually while using the STAR route either to or from the office.
Analyst Journal @ 13 Feb 2009 11:09 am by ayoi
Note: I wrote this just to “lepas gian” and to escape from the mgmt work boredom
Act of information gathering or attempt to gain unauthorized access?
Recently I came across with a notification on HTTP HEAD request events where they were categorized as Attempted Unauthorized Access. Some of you straight away know that those events are not properly categorized and some of you might wonder what’s wrong if those events were categorized under that category. For those who knew you can share or give opinion on this analysis and for those who didn’t then perhaps this analysis can provide some light in your analysis path
Analyst Journal @ 10 Feb 2009 05:28 pm by ayoi
I’m not feeling well today and I did complain to wifey about my uneasiness feelings. Feel lil bit weak and both my eyes are red and I do feel lil bit sleepy. Perhaps because of most of the time I’ve spent most of the time during the weekend taking care of Nur Iman as she contracted with chicken pox. Actually I shared those responsibility with wifey and our maid as well but perhaps those ladies have stronger antibody compared to mine ;P I suspect that I might suffer from fever (mild one perhaps) but then maybe it’s just occurred in my mind. Anyway initially I planned to take a medical leave today but then I change my mind and go to work instead (If my Bosses read this, perhaps this can indicate my committment and dedication towards my work and this == pay raise laa hehehe). The interesting part is the moment I fire up my thunderbird and read my emails.
Analyst Journal @ 07 Jan 2009 05:33 pm by ayoi
Most of the times when I want to perform network and host assessment, the most common tools that I used are Tenable Nessus (I think everybody use this nifty tool), nikto, wikto and of cause the infamous HD Moore and Co’s metasploit framework among other tools. Even though my work and daily tasks are more into defensive posture especially on detection and response, but then I do believe in the importance of knowing and respect your adversary. Besides assessment is part of the security process, I think it is better for me to find any vulnerabilities that may exist on my systems instead of the “non users”
So I came across with OpenVAS tool when reading one of the emails in the bugtraq mailing list sent by Michael Wiegand of intevation.de announcing the new release of Open Vulnerability Assessment System (OpenVAS) on 17th December 2008. I just browse to their website and download all the necessary package to run this tool.
Analyst Journal @ 05 Jan 2009 02:43 pm by ayoi
For those who haven’t read this yet, I would recommend you to do so especially to those who possess the Nokia Series60 platform either 2.6, 2.8, 3.0 or 3.1 devices. It seems that your phone SMS/MMS capability will be disrupted or affected and most of the time the target will be the vulnerabilities that exist in Symbian 8 through 9.2. Even though other phone’s functionality will not be affected, still in this video it shows that even the phone switched off due to this hack.
So.. for further reading, just visit the Darkreading.com here or straight to the advisory produced by Mr.Tobias Engel. There is a list of all the phone models affected by this hack. That’s why I’m using Sony Ericsson though lol 
Info on S60 platform can be found here
Analyst Journal @ 30 Dec 2008 05:25 pm by ayoi
After two nice weeks of holiday, I am back at the office today. But not before me and wifey send Iman to the long awaited Kindergarden class and collecting Nisha’s last semester Report Card (and also purchasing her exercise books and other school items for next year – which is around the corner btw).
Anyway, what a way to enlighten my first day at work when I received an email from one of our clients.
” Dear *Ehem
We’ve discovered that there are two events that required immediate attention from our firewall logs.
Today 4:29:09 Firewall_ID SYN flood! From External_IP:Ephemeral_Port to web_server:http_over_ssl port, proto TCP (zone Untrust). Occurred 1 times.
Today 4:29:08 Firewall_ID SYN flood! From Another_External_IP:Ephemeral_Port to Web_Server:http_over_ssl port, proto TCP (zone Untrust). Occurred 1 times.
Did you guys detect these events or not? If not then please explain why? ”
I think I shud continue my vacation though…
