It’s quite unusual for me to post anything on Monday nowadays. Perhaps because most of the time I’ve to attend meetings/discussions etc (update: Just finished one meeting ). Btw Monday also is the day when I spent most of my working time on reading news/articles/whitepapers and other stuff as well in order to get into the working mood. But then during my usual tour of blog/security websites, I came across some interesting postings (it’s one of the comments actually) at security.org.my which is managed by my friends, geek00l (he is getting busier these days and I do love to hear on the outcome of Honeynet meetings that he attended) and Mr.Mel

(more…)

www.puertoricoartist.com/Images/TheConsult(2).jpg

To quote from Wikipedia ;P

“A consultant (from the Latin consultare means “to discuss” from which we also derive words such as consul and counsel) is a professional who provides advice in a particular area of expertise such as accountancy, the environment, entertainment, technology, law (tax law, in particular), human resources, marketing, medicine, finance, economics, public affairs, communication, engineering, sound system design, graphic design, or waste management.”

(more…)

Well as Maybank has the largest (I assume) customer in Malaysia and most of them (including me) utilize the online services offered by this bank, of cause these customers will be the main target of phising attempt. Nowadays, the phisers not only want the identity and authentication to access the online portal account, but also the TAC (Transaction Authorization Code). So what are the functions of this TAC numbers? Based on the Maybank website

“TAC is not used for login but for specific transactions and types of activities. TAC will expire after 2 hours if you do not use it, upon request. Once it is activated, you may still use it for another 2 hours. You may perform several transactions with the same TAC” Now you know why the phisers really want the TAC number..

(more…)

Finally today I have something to laugh about after a not so good start for the day. First it seems that my twins Adam and Ariff contracted with Chicken Pox which means that we need to scrap the PD trip again. First, because of Iman and her chicken pox which make my father to have another round of PD trip that suppose to be this week. With the current development, I think perhaps my daughters should make the trip while me, wifey and our maid will stay at home and look after the twins. Then wifey called regarding some of the problems that she faced at the office. Anyway, an email that I received from one of our clients really cheer me up…

(more…)

Most of the times, I commute to work by LRT (Light Rail Transit) where from my house I will take the STAR LRT route from Sri Petaling Station to Masjid Jamek. From there I will use the PUTRA (Or now they call it Kelana Jaya Line). The best thing of using public transport is you have the chance to observe and yes perform some information gathering activities and in my case usually while using the STAR route either to or from the office.

(more…)

Note: I wrote this just to “lepas gian” and to escape from the mgmt work boredom

Act of information gathering or attempt to gain unauthorized access?

Recently I came across with a notification on HTTP HEAD request events where they were categorized as Attempted Unauthorized Access. Some of you straight away know that those events are not properly categorized and some of you might wonder what’s wrong if those events were categorized under that category. For those who knew you can share or give opinion on this analysis and for those who didn’t then perhaps this analysis can provide some light in your analysis path

(more…)

I’m not feeling well today and I did complain to wifey about my uneasiness feelings. Feel lil bit weak and both my eyes are red and I do feel lil bit sleepy. Perhaps because of most of the time I’ve spent most of the time during the weekend taking care of Nur Iman as she contracted with chicken pox. Actually I shared those responsibility with wifey and our maid as well but perhaps those ladies have stronger antibody compared to mine ;P I suspect that I might suffer from fever (mild one perhaps) but then maybe it’s just occurred in my mind. Anyway initially I planned to take a medical leave today but then I change my mind and go to work instead (If my Bosses read this, perhaps this can indicate my committment and dedication towards my work and this == pay raise laa hehehe). The interesting part is the moment I fire up my thunderbird and read my emails.

(more…)

Ok to be honest I think “ransack” is not appropriate choice of word in my case. Messy or “selongkar” shud be the good choice. Currently instead of taking my usual place at the office, I spent most of the time or temporarily I take my place with my colleague who currently running the HQ MSS show. So as a unit that looking into the enhancement and the quality of the service (in other words, supporting unit laa), most of the time will be spent on discussing, planning and strategizing on the improvement of the services in the aspect of people, technology and process.

(more…)

Space Cop Gaban

Sorry for the hiatus in my blog postings. For past few weeks I have to attend few meetings and even this week I’ve been involved with the budget meetings. Besides my kids (all of them) suffered the flu and cough attacks which contributing my lack of sleep as well. Anyway in between of this busy schedule (work and personal) I managed to see my old colleague who happened to be in the same industry as me (yeah he work for the competitor). To dispel any potential rumours, I met this colleague of mine from our previous employment. We shared some stories about the industry and NO, we are NOT sharing every aspect of our work OK? We had a wonderful discussion, knowledge sharing, tips and tricks until the moment my colleague some sort like complaining to me about his workloads.

(more…)

Today, me and my colleage from another department had one interview session with one of the local newspapers. Actually the topic is regarding the oldest trick in security which is Social Engineering. It’s fun and we make it as a knowledge sharing session and forum style just to get rid the formality and tense climate. Everything went well even though I have few things that I wanted to share but perhaps due to lack of short notes and time, I just simply forgot (my bad).

Mostly we explained and shared about our experience when dealing this attack technique. I guess most of us didn’t aware that almost everyday people performing social engineering activities either with or without them knowing it.

Hopefully the readers can learn few things especially on dealing with this kind of attacks in the future. Like the famous saying by whom I dun quite remember,

“The weakest link in ICT Security is the human”

After the interview. Photo shoot session

Photo shoot