Monday, December 29, 2008

Awal Muharram

Assalamualaikum WBT to all muslim bro and sis. Today 1429H.. Wish u guys happy New Year Maal Hijrah celebration. It's a public holiday in Malaysia. I wish tht for this coming new year all the muslimin and muslimat wil be blessed with Allah's Rahmat. Insha Allah. My resolution? To be a better Muslim of course :)

I would like to quote some info from a web i found..

"The Islamic Calendar, which is based purely on lunar cycles, was first introduced in 638 C.E. by the close companion of the Prophet (PBUH) and the second Caliph, `Umar ibn Al-KHaTTab (592-644 C.E.) RAA. He did it in an attempt to rationalize the various, at times conflicting, dating systems used during his time. `Umar consulted with his advisors on the starting date of the new Muslim chronology. It was finally agreed that the most appropriate reference point for the Islamic calendar was the Hijrah. The actual starting date for the Calendar was chosen (on the basis of purely lunar years, counting backwards) to be the first day of the first month (1 MuHarram) of the year of the Hijrah. The Islamic (Hijri) calendar (with dates that fall within the Muslim Era) is usually abbreviated A.H. in Western languages from the latinized Anno Hegirae, "in the year of the Hegira". MuHarram 1, 1 A.H. corresponds to July 16, 622 C.E.

The Hijrah, which chronicles the migration of the Prophet Muhammad (PBUH) from Makkah to Madinah in September 622 C.E., is the central historical event of early Islam. It led to the foundation of the first Muslim city-state, a turning point in Islamic and world history.

To Muslims, the Hijri calendar is not just a sentimental system of time reckoning and dating important religious events, e.g., Siyaam (fasting) and Hajj (pilgrimage to Makkah). It has a much deeper religious and historical significance."

Tuesday, December 23, 2008

Physical Security Lessons

The newest CSO magazine featured a great article by Bill Brenner on jewelry store security. It's online via PCWorld at How Tech Caught the Jewelry Thief. I'd like to cite several excerpts and relate them to digital security.

It used to be that after a robbery, the police would review a surveillance tape for clues into who broke in, at what time and what the bad guys looked like. Since the thieves would be long gone by the time the tape was reviewed, there would often be little the authorities could do about it.

That sounds like a traditional digital forensics scenario, with the problem that it can be difficult to apprehend criminals well after the crime occurs.

But thanks to 21st-Century technology, the crooks are being watched in real time and, as a result, getting caught a lot more often.

Notice the word "watched" -- this frames the problem as one of faster detection and response.

In this Q&A, Dennis Thomas, regional loss prevention manager and certified field trainer at Zale Corp., explains how the retailer's IT operation is playing an increasingly important role in the physical security effort...

CSO: Your organization seems to be fighting back in more of a real-time fashion, as opposed to surveillance camera recordings where you would see the burglary take place long after the fact.

Thomas: Keep in mind, in the old days a crime could occur in a store with the employees there and they wouldn't always notice what was happening. With remote technology our trained operators at the command center can observe a theft in progress and notify the police in real time with important time-sensitive details like description, method of operation and where the merchandise is on the person. The police in turn are a lot more successful in making an arrest than they were five years ago.


Two points: first, Zale Corp. uses a centralize and specialize method where experts provide a service to the entire company, remotely. Second, the result is removing a threat via police arrest.

The real benefit is the increase in time notification. Let's say the operator doesn't immediately see the theft as it's happening. They can still e-mail camera images to the police, which is still faster than trying to pull video off an old VCR tape.

This sounds like Network Security Monitoring, where prevention eventually fails and sometimes intruders are smarter than you. When you know you were victimized, however, you can review your forensic evidence quickly and efficiently.

CSO: Who are you using as a vendor to operate the command center?

Thomas: We own and operate our own command center.

CSO: So you built the whole thing in house.


Zale Corp. is big enough to staff their own centralized "security operations center (SOC)". Smaller players might want to outsource, but I see more large companies building their own.

Thomas: Exactly. We worked with a local vendor to develop the technology and devised everything right down to the terminology that the operators use to communicate with the stores.

CSO: Did your command center develop gradually and organically, or was it based off of one big plan from the outset?

Thomas: It was a gradual process that took years. There were three phases: developing the technology, implementing the technology and further enhancing the system once it was operational, working out the kinks. We had our challenges as we basically ventured into uncharted territory but the technology was proven and successfully implemented the vision into the business.


No one does this correctly from day one. Developing an effective security operation is a multi-year process.

CSO: How much has this cut down on the time it takes on average to either catch the thief or at least solve a crime?

Thomas: I'll give you two statistics: First: The corporation has achieved record shrink lows for the last seven consecutive years. Second: a significant reduction in shrink [lost merchandise/revenue] as a result of burglaries. You can directly attribute that to the technology we've put in place.


This is a crucial point: Zale Corp's security department has performed a cost-benefit analysis that demonstrates how their security operation is saving money. First they had to quanitfy loss, and now they are showing how their team has reduced that loss. Note that the security team isn't "making money;" they are preventing loss.

There has been a significant increase in the number of criminals apprehended because we can get three to five cruisers out there immediately, because the police know if Zales calls, we are seeing a burglary unfolding before our eyes. We are able to verify to them immediately that it's not a false alarm.

Zale Corp. is avoiding the problem facing many MSSPs. Many MSSPs just call the customer when one of a million Snort alerts appear on an analyst's console. The customer is left to do an investigation to validate the alert. Good MSSPs (including internal ones) use an alert as an indicator to start their own investigation, backed by the necessary actionable evidence to make a decision. Then they call the customer to inform them that a problem is happening, not to ask the customer "is anything wrong?" The customer learns to trust the MSSP, because when the MSSP does call it means something.

CSO: If you are a retailer just coming to the realization that you need to adopt a system like Zale's, what are the first items you should be thinking about?

Thomas: The first thing you need to do is determine where your risk is. Is it the employee? Does the general public have access to your merchandise? Where is your shrink occurring and where will those precious dollars get the most benefit? The second thing you should do is go out and look at what your competitors are doing technologically to ensure security. Then you are able to build your system to meet the specific needs of your organization.


Again, Zale Corp. demonstrates where to begin. You can determine risk by performing preliminary monitoring to observe actual problems before implementing countermeasures. Bruce Schneier calls this monitor first.

Great article Bill Brenner!

Wednesday, November 19, 2008

DRI: Business Continuity Management Course

On 17/11/08 - 18/11/08 I've attended the Basic Course of Business Continuity Management (BCM) conducted by DRI-Malaysia at ParkRoyal Hotel, Kuala Lumpur.

The course helps me understand how important the Disaster and Recovery Plan for the organization especially systems serves mission critical operations. I would say it will helps me a lot in designing and planning disaster and recovery strategy, process and implementation of it. At the end of the course, DRI show us a very nice movie clips that shows the whole scenario how BCM can be implemented on the organization. I like the part where one of the workers interviewed by the press. It tells me whenever disaster happen never ever talk to the press, just lets the responsible person for that do their job.

I diffidently suggest this course for you to attend. It promise you a better understand and overview of Business Continuity Plan which actually most organization need them.

"DRI is the international organization of attorneys defending the interests of business and individuals in civil litigation. DRI provides numerous educational and informational resources to DRI members and offers many opportunities for liaison among defense trial lawyers, Corporate America, and state and local defense organizations. DRI also has an international presence, seeking to enhance understanding of the law among members of the defense community who have reason to be concerned with the expanding globalization of litigation defense."

Friday, November 14, 2008

Changing your Microsoft Office Key

1. Close all Microsoft Office programs.

2. Click on Start button, then click on Run.

3. Type “regedit” (without quotes) in the Run text box, and click OK or press Enter.

4. Locate and then click the following subkey:

HKEY_LOCAL_MACHINE \Software\Microsoft\Office\12.0\Registration

Inside, you will find another subkey that resembles the following subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Registration\{30120000-0011-0000-0000-0000000FF1CE}

5. Optional: Backup this registry branch by exporting the Registration subkey to a file, just in case the new product key does not work and you have to restore back the old product key. To export the registry, right click on the Registration subkey and click on Export, and follow the on-screen prompt to enter a file name for the registry file and choose a location to store it.

6. Under the Registration subkey, there may be several Globally Unique Identifiers (GUID) subkey that contain a combination of alphanumeric characters. Each GUID is specific to a program that is installed on your computer.

If you find additional subkeys that reference Microsoft 12.0 registration, then click and open each GUID subkey to view and identify the Office product version by the ProductName registry entry in the right pane. For example:

ProductName=Microsoft Office Professional Plus 2007

7. After you find the GUID subkey that contains your Office product or program which you want to remove the existing product license key or registration details, delete the following registry entries by right clicking on the registry entry in the GUID subkey, click Delete, and then click Yes:

• DigitalProductID
• ProductID

8. Exit Registry Editor.

9. Run or open an Office application program, such as Microsoft Word or Excel or Outlook. Office 2007 will prompt you to enter a new 25-character product key.

10. Type in the valid and genuine product key, and then click OK.

11. Then when prompted to choose your preferred type of Microsoft Office 2007 installation, press on “Install Now”.

12. Microsoft Office 2007 will be updated with new product CD key or volume license key, and ready for activation (if it’s a non-VLK serial) or use.

Thursday, November 13, 2008

b43 injection on ubuntu with kernel-2.6.25

apt-get install build-essential bin86 kernel-package libqt3-headers libqt3-mt-dev wget libncurses5 libncurses5-dev

cd /usr/src
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.tar.bz2
tar -xjf linux-2.6.25.tar.bz2
cd /usr/src/linux-2.6.25
wget http://patches.aircrack-ng.org/b43-injection-2.6.25-wl.patch
wget http://www.latinsud.com/bcm/mac80211_2.6.24.4_frag.patch
patch -p1 < b43-injection-2.6.25-wl.patch
patch -p1 < mac80211_2.6.24.4_frag.patch

cp /boot/config-`uname -r` .config
make oldconfig
make menuconfig
make-kpkg --initrd --revision=shaol1nint kernel_image kernel_headers modules_image
install .deb files
dpkg -i filename
and reboot

wget http://bu3sch.de/b43/fwcutter/b43-fwcutter-011.tar.bz2
tar xjf b43-fwcutter-011.tar.bz2
cd b43-fwcutter-011
make
cd ..

export FIRMWARE_INSTALL_DIR="/lib/firmware"
wget http://mirror2.openwrt.org/sources/broadcom-wl-4.150.10.5.tar.bz2
tar xjf broadcom-wl-4.150.10.5.tar.bz2
cd broadcom-wl-4.150.10.5/driver
sudo ../../b43-fwcutter-011/b43-fwcutter -w /lib/firmware wl_apsta_mimo.o

sudo apt-get install libsqlite3-0 libssl-dev

apt-get install libnl-dev
sudo mkdir iw
cd iw
sudo wget http://dl.aircrack-ng.org/iw.tar.bz2
sudo tar xjf iw.tar.bz2
sudo make
sudo make install

airmon-ng start wlan0

vi /etc/modprobe.d/options
add new line "options b43 nohwcrypt=1"
This ensures that the encryption on wlan0 doesn't interfere with monitoring. This should be only enabled when aircracking with mon0, as it increases the softmac overhead. Remove it from your options list when not using aircrack for a longer time.

Monday, October 6, 2008

PowerManagement - Taskbar Battery Icon

shaolinint@Shaolin-Integers-Hackintosh-Pro:$ pwd
/Users/shaolinint/backup

shaolinint@Shaolin-Integers-Hackintosh-Pro:$ sudo mv /System/Library/SystemConfiguration/PowerManagement.bundle .

You will need to download this files and install it on your machine.
Then, reboot and it should work.

Thursday, July 24, 2008

The Beauty of Bajau - Proud of My Culture

The Bajau, (also written as Badjao, Badjaw or Badjau) are an indigenous ethnic group the Philippines and in parts of Sabah, Brunei and Sarawak. Although the majority of the Bajau live in the Philippines, due to unrest in their native Sulu Archipelago, in the southern part of the country, many Bajau had migrated to neighbouring Malaysia over the course of 40 years, where currently they are the second largest ethnic group in the state of Sabah, making up 13.4%[1] of the total population. They were sometimes referred to as the Sea Gypsies, although the term has been used to encompass a number of non-related ethnic groups with similar traditional lifestyles, such as the Samadilaut and Jama Mapun peoples of the Southern Philippines. The Bajau of Indonesia live primarily on the islands and in the coastal districts of Sulawesi. The modern outward spread of the Bajau from older inhabited areas seems to have been associated with the development of sea trade in trepang.



VSAT Hacking

This was presented at HiTB 2006. I just wanted to put it on my blog ;)

Monday, July 7, 2008

Poco-Poco Baaahhhh

The Poco-Poco is a popular line dance which originally comes from the Minahasa people in Sulawesi. The steps are said to originate from farming activities such as picking cloves, planting rice, hoeing the fields and peeling coconut fibre.

The Poco-poco dance become very popular throughout Indonesia a few years ago and has been integrated into aerobic classes and at dance schools throughout Indonesia. It has become one of many dances that young and old want to learn. Many organisations hold Poco-poco dance competitions and it is also a popular dance for celebrations such as weddings, birthdays and Independence Day.




Now, let's watch the professional dancers ;)




Next, you'll need to learn Poco-Poco dance:


Now, you can teach your mom and dad to join you for poco poco dance.

Three Days in Berlin

Berlin is the capital city and one of sixteen states of Germany. With a population of 3.4 million in its city limits, Berlin is the country's largest city.[2] It is the second most populous city and the ninth most populous urban area in the European Union.[3] Located in northeastern Germany, it is the centre of the Berlin-Brandenburg metropolitan area, comprising 5 million people from over 180 nations.[4]

First documented in the 13th century, Berlin was successively the capital of the Kingdom of Prussia (1701-1918), the German Empire (1871-1918), the Weimar Republic (1919-1933) and the Third Reich (1933-1945).[5] After the Second World War, the city was divided; East Berlin became the capital of East Germany while West Berlin became a Western enclave, surrounded by the Berlin Wall from 1961-1989.[6] Following the reunification of Germany in 1990, the city regained its status as the capital of all Germany.[7]



Wednesday, June 18, 2008

Three Days in London

London (pronunciation ; IPA: /ˈlʌndən/) is the largest urban area and capital of England and the United Kingdom.[7] An important settlement for two millennia, London's history goes back to its founding by the Romans.[8] Since its settlement, London has been part of many important movements and phenomena throughout history, such as the English Renaissance, the Industrial Revolution, and the Gothic Revival.[9][10] The city's core, the ancient City of London, still retains its limited mediaeval boundaries; but since at least the 19th century the name "London" has also referred to the whole metropolis which has developed around it.[11] Today the bulk of this conurbation forms the London region of England[12] and the Greater London administrative area,[13] with its own elected mayor and assembly.[14]




Monday, May 5, 2008

Metasploit on Mac OS X

I just don't want to forget these steps.

root@Slash-The-Undergrounds-MacBook-Pro:# port -dv install ruby rb-rubygems
root@Slash-The-Undergrounds-MacBook-Pro:# gem install rails
root@Slash-The-Undergrounds-MacBook-Pro:# port -dv install libgalde2 pango gtk2

Sunday, May 4, 2008

US OWNS YOUR DATA!

In a letter dated Thursday, the group, which includes the Electronic Frontier Foundation (EFF), the American Civil Liberties Union and the Business Travel Coalition, called on the House Committee on Homeland Security to ensure searches aren’t arbitrary or overly invasive. They also urged the passage of legislation outlawing abusive searches.

The letter comes 10 days after a US appeals court ruled Customs and Border Protection (CBP) agents have the right to rummage through electronic devices even if they have no reason to suspect the hardware holds illegal contents. Not only are they free to view the files during passage; they are also permitted to copy the entire contents of a device. There are no stated policies about what can and can’t be done with the data.

I hope the government takes some notice of the letter and the worries over this legislation, it is something that would bother a lot of people. Especially those from European countries where privacy is an utmost concern and strongly protected by the government.

The lack of guidelines as to what can be done with the data are worrying too, what if you have commercially valuable or proprietary information there…can they distribute it freely after copying it from you?

Several of the groups are also providing advice to US-bound travelers carrying electronic devices. The Association of Corporate Travel Executives is encouraging members to remove photos, financial information and other personal data before leaving home. This is good advice even if you’re not traveling to the US. There is no reason to store five years worth of email on a portable machine.

In this posting, the EFF agrees that laptops, cell phones, digital cameras and other gizmos should be cleaned of any sensitive information. Then, after passing through customs, travelers can download the data they need, work on it, transmit it back and then digitally destroy the files before returning.

The post also urges the use of strong encryption to scramble sensitive data, although it warns this approach is by no means perfect. For one thing, CBP agents are free to deny entry to travelers who refuse to divulge their passwords. They may also be able to seize the laptop.

SOURCE: The Register

Monday, February 18, 2008

WOW! Sabah is very wonderful and amazing place.

Sabah is a Malaysian state located on the northern portion of the island of Borneo. It is the second largest state in Malaysia after Sarawak, which it borders with on its south-west. It also shares a border with the province of East Kalimantan of Indonesia in the south. Sabah used to be a British crown colony known as North Borneo prior to partnership with Federation of Malaya, Sarawak and Singapore to form the Federation of Malaysia in 1963. Its state capital is Kota Kinabalu, formerly known as Jesselton. Sabah is known as Sabah, negeri di bawah bayu, which means 'Sabah, land below the wind', because of its location being just south of the typhoon prone region around the Philippines.

I'm now often travel to Sabah for work. I can say that I travel to Sabah once a week. This time I visited ten (10) islands. Sounds like fun huh? Oh yeah! It is fun! So much fun! Really amaaazziinnggg places! Kapalai Island and Sipadan Island is the most spectacular and amazing place that I visited. I suggest if you plan to visit Sabah for holiday you better go to Kapalai Resort. In Kapalai there is one place that you can enjoy sunset. If you only knew how I feel :)






I have thank to the military for their co-operation and hospitality during my visits. Without them I will never feel so secured traveling from one island to another. Additionally, they provide me a food whenever I arrived to each islands. They are doing a good job on our border. Thank You a lot!

Thursday, January 10, 2008

Sabah Trip

Last week I was travelling to Sandakan and Tawau for a business trip. During my trip, I was lucky to had opportunity to visits Sepilok, one of the biggest 'Orang Utan' territory.

The Orangutan are the two species of great apes known for their intelligence, long arms and reddish-brown hair. Native to Indonesia and Malaysia, they are currently found only in rainforests on the islands of Borneo and Sumatra, though fossils have been found in Java, Vietnam and China. They are the only surviving species in the genus Pongo and the subfamily Ponginae (which also includes the extinct genera Gigantopithecus and Sivapithecus). Their name derives from the Malay and Indonesian phrase orang hutan, meaning "person of the forest".

Orangutans are the most arboreal of the great apes, spending nearly all of their time in the trees. Every night they fashion nests, in which they sleep, from branches and foliage. They are more solitary than the other apes, with males and females generally coming together only to mate. Mothers stay with their babies until the offspring reach an age of six or seven years. There is significant sexual dimorphism between females and males: females can grow to around 4 ft 2 in or 127 centimetres and weigh around 100 lbs or 45 kg, while fully mature males can reach 5 ft 9 in or 175 centimetres in height and weigh over 260 lbs or 118 kg.[7] Fully mature males can be distinguished by their prominent cheek flanges and longer hair.

I really recommended Sepilok to be one of your visiting place when you come for holiday to Sabah.