Memo from CEO to the Manager:

Today at 11 o’clock there will be a total eclipse of the Sun. This is when the Sun disappears behind the Moon for two minutes. As this is something that cannot be seen every day, time will be allowed for employees to view the eclipse in the parking lot. Staff should meet in the lot at ten to eleven, when I will deliver a short speech introducing the eclipse, and giving some background information. Safety goggles will be made availabe at a small cost.

Memo from the Manager to the Department Head:

Today at ten to eleven, all staff should meet at the car park. This will be followed by a total eclipse of the sun, which will disappear for two minutes. For a moderate cost, this will be made safe with goggles. The CEO will deliver  a short speech beforehand to give us all some information. This is not something that can be seen everyday.

Memo from the Department Head to the Floor Manager:

The CEO will today deliver a short speech to make the sun disappear for two minutes in the form of an eclipse. This is something that cannot be seen everyday, so staff will meet in the car park at ten or eleven. This will be safe, if you pay a moderate cost.

Memo from the Floor Manager to the Supervisor:

Ten or eleven staff are to go to the car park, where the CEO will eclipse the sun for two minutes. This doesn’t happen everyday. It will be safe, and as usual it will cost you.

Memo from the Supervisor to the Staff:

Some staff will go to the car park today to see the CEO disappear.  It is a pity this doesn’t happen everyday……………..

Happy Birthday to both my sons, Adam Danish and Ariff Danial. They are more naughtier than before but I guess it is normal for any 3 years old kid eh? But one thing that I have to admit, handling the girls is kinda easy compared to the boys. I guess maybe it will be different when they reach their teenage years…

Anyway for the twins, they love to bug wifey every single time and yeah I do pity wifey as whenever I reached home from work, she appears to be lost a huge amount of energy which I believe 80% of it caused by the twins

Well, they might smear the plasma tv screen, hide the remote controls, playing with their foods, playing with the switches, the lights and the fans, keeps on bugging me to let them have shower every single time I went into the bathroom, yelling to each other, fighting, punching, arguing, shouting “Jusco” in unison whenever I wear pants or holding the house keys, never let me to close my eyes before they sleep and once in a while they get some slap at their pampers powered bottom, they always will get my hugs and kisses whenever I reached home.

Happy Birthday Sons, you are the most precious treasure I ever had… Of cause along with your mummy and your sisters lah

First of all, I am supposed to assist my colleague in preparing UiTM’s 2010 i-Hack’s forensic challenge competition which were held last weekend. I shall offer no excuse as to be honest, my schedule for the past few weeks is quite full and tight. Anyway since my colleague already asked for my help many months before the said competition date, I think it is inappropriate for me to give any excuses for that failure to fulfill my promise.

Actually I’ve thought about the concepts and materials already designed and prepared. It would be fun and quite challenging once I put the final arrangement and yeah, THAT particular final arrangement is yet to be applied hence incomplete materials from me.

So to cha’ah and the gang, I would like to say sorry eh? Maybe I could use the materials for next time or if not, maybe I just use it as one of my training materials.

There once lived a great mathematician in a small village. He was often called by the local king to advice on matters related to the economy.
His reputation had spread in whole country.  So it hurt him very much when the village headman told him, “You may
be a great mathematician who advises the king on economic matters but your son does not know the value of gold or silver.”

The mathematician called his son and asked, “What is more valuable – gold or silver?” “Gold,” said the son. “That is correct. Why is it then that the
village headman makes fun of you, claims you do not know the value of gold or silver? He teases me every day. He mocks me before other village elders
as a father who neglects his son. This hurts me. I feel everyone in the village is laughing behind my back because you do not know what is more
valuable, gold or silver. Explain this to me, son.”

To be honest, I dun have any idea what to write here but I think the poster itself is self explanatory. Perhaps for this time the final year project exhibition should be more interesting than in ’08, the participants do participate in any forums/talks/presentation that are going to be held on that day by asking more useful and meaningful questions, and yeah.. More teams participate the Hack & Defense and Computer Forensic Challenge.

Talking about Computer Forensic Challenge, one of my colleagues ask my assistance on preparing the materials for the forensic challenge part. For time being, I’m quite running out of ideas especially for a competition that is going to be held for 12 freaking hours!! OK I do have some rough ideas but then I’m open for any other suggestions or opinions.

Perhaps because currently I’m quite full with new house renovation/decoration etc and other office stuff.. But I’ll take this task as an escapism from my daily task and of cause as a challenge to prepare challenging forensic challenge materials.

Anyway, you can obtain more information on this competition from their website here

Or just drop by to their facebook here

Oh yeah, anyway I need to update the Incident Handling & Response and Basic e-Forensic Training slides and materials.. Sigh

Later…

img source: wearecentralpa.com

My email used to be bombarded with spam or phising emails either for Paypal, Maybank or CIMB and sometimes Amazon as well. Usually these emails are in the same format (sometimes even same wordings), same email subject and lil bit different header images and of cause different sender address. But today (the email actually received yesterday but I only open my trusted Thunderbird today) the content is lil bit different, convincing enough and yeah even the sender address seems like from legitimate source for the unsuspecting users.

As usual my Thunderbird categorized this email as probable Scam Email (as for some of my unfortunate friends email as well haha). Anyway for the first time I just remove the Scam tag and let the image load (after checking the email content source of cause).

As you can see the link stated in this email SEEMS to point to actual maybank2u website. But wait.. do not click it yet. Just move your mouse over the link and you can see the exact place where this link will lead you..

Yup.. Instead of going to maybank2u website, the link actually will lead (or mislead in this case) you to http://foto.asmul.com/gallery2/modules/icons/iconpacks/KSIcons/M2ULogin.doaction=Login.htm . So what if you really click on that link? For a start Firefox will not publish the site immediately but will give you an ample warning about that site instead.

And if you superbly ignorant or stubborn and choose to ignore the warning instead, you will be presented with this page

Ok even though the page bear resemblance with the actual maybank2u login page (refer image below) but IF you compare with these two, there are few glaring items that HOPEFULLY will make you aware that you are in a wrong/spoof/phising/tipu/kencing site.

The most obvious one is the address of the link. IF you are presented with maybank2u login page but the url shows address others BUT maybank2u’s, close your browser/tab and for precautionary move, run your antivirus or whatever anti spyware/bot/adware that you have in order to detect any possible unwanted malware (malicious software) downloaded unwittingly into your precious computer.

Like in this case, instead of having this address on the url field: https://www.maybank2u.com.my/mbb/m2u/common/M2ULogin.do?action=Login; you can see the address actually is http://foto.asmul.com/gallery2/modules/icons/iconpacks/KSIcons/M2ULogin.doaction=Login.htm with maybank2u login page.

Besides there’s a date on actual maybank2u’s login page, there are other differences that you should notice. Be my guest to download the images and play the “spot the different” between those images yourself as I’ve had enough of this game during my school years

The real maybank2u's login page

Well what will happen if you login or inserting your credential at this page..

Unless your username is testing and the password is 12345678abcd, you have nothing to worry about. And even with this false information, the page will “process” and lead you to another page..

Yup.. the infamous “update your Profile” page. Again unless your email is spongebob@krustykrab.com (is it yours?? sorry but I think you do not have maybank2u account rite? You do?…)

And the rest of the process is similar with the old phising scam.. Get TAC number, enter your TAC number, and the usual do not login to your account within 24 hours..

That’s for now. it seems there’s something interesting from the traffic generated by these activities. Will update on later post.

Oh yeah, it seems the site has been taken down

Anyway.. be careful and IF you have doubts, ALWAYS call your bank whenever you received any email from them. Just for confirmation and yeah you have to call them even you know that their Customer service is SUCKS..

Pic source: kellepcharles.blogspot.com

Greeting guys..

I’ve spent the past two weeks getting the draft for forensic readiness policy complete for submission to our client in Indonesia. To be honest this time around I need to assist our sister company there in designing an SOC for that particular client. In sense of security policy, bulk of the task was done by my colleague there. She’s very good in integrating the client’s security policies into ours. I really impressed with her works tho

So what the heck is Forensic Readiness Policy?

The main objectives of this policy are to maximize the usefulness of incident data and minimize the cost of forensics during incident response. Very clear eh? Well the elements of forensic readiness usually:

• How Logging is done
• What are the activities/items that being logged?
• Intrusion Detection System (Network and host based)
• Forensic Acquisition
• Evidence Handling

So before this post become a mini howto, better for me to stop till there. Nowadays more and more organizations aware on the importance of preserving or maintaining a proper record especially on their network traffics (based on my limited encounter lah.) There was a time when firewall or filtering via the boundary routers can be considered enough for network security. Now it seems that at least Intrusion Detection Systems (IDS) is the must have within the list of security devices for an organization (whether there are analysts or at least people monitoring this IDS outputs is another story). Also from my (limited) experience, most of our clients do have either one or more logs repository. Again the question whether if these logs are reviewed or not is not for me to answer.

So what does it mean?

It means that nowadays the www is not as wild wild web like it used to be. You hit and then you left the scene without much fuss on the trail. Bypassing filtering device like firewall is something cool but now if you brag on how you managed to bypass layer 3 and 4 filtering device, I guess people will just shrug off and ignore you. Now there are mechanisms to detect your activities whether on network or on the attacked system itself. Hacking is not Harry Porter stuff and you do leave a trail. Sooner or later, your “hacking” activities trails will lead to you.

With this kind of policy and many other similar policies as well, organizations perhaps are well prepared to detect and respond to any security incidents. Because for me, eventually you will be hacked or compromised. The important thing that you have to remember is how do you detect, respond and recover from these attacks.

Prepared - source :www. antithesiscommon.com

So bragging about your “hacking” activities in forums or blogs IMHO is a NO NO. It makes the task for the LEA easier especially when you include your handler in the page that you “hacked”

Anyway, somehow crime doesn’t pay

For me personally, this year started well enough. I ended the January with 5 days at Jakarta assisting our sister company there on one project with one of the largest bank in Indonesia. That trip alone requires one entry as I had plenty of things that I’ve learned in that 5 days time.

The twins are getting naughtier, the eldest daughter is growing  and so does her sister which makes me start planning on future planning to monitor my daughters. Today’s Friday prayer sermon touch on Cyber Crimes and one of the points is the importance of knowing what your children are doing online. Well I’m not that worried on NOT knowing what they are doing online but more concern on mobile communication like sms, mms, and yeah I believe in the near future, soon Blackberry will be a norm. Cracking, Sniffing GSM or BlackBerry services seems not a bad idea though.. I should find a good way to include these devices in my monitoring system…

Currently I’m suffering from sunburn.. During last Chinese New Year holiday, we spent nearly one whole day at the beach (Balok Beach) and my children really enjoyed their time there.. So I am not that comfortable of meeting people now as I believe I do look like an alien…

Till next post then.. Have a nice weekend.. I will spend my weekend reviewing document though

p/s: To wifey, Happy Birthday dear…