Friday, November 23, 2012


#OpIsrael is an Anonymous-led raid to to protest Israel’s Operation Pillar of Defense by taking down Israeli government websites through distributed denial of service (DDoS) attacks.

In early November 2012, the Israel Defense Forces took to Twitter to live-update about the status of the fight in Gaza. On November 14th, IDF killed Ahmed Jabari, the chief of Hamas’ military wing, in an airstrike. Being the highest ranking Hamas official to be killed by the IDF since the 2008 Gaza War, the news of Jabari’s assassination quickly escalated tensions between the two sides.

The IDF has begun a widespread campaign on terror sites & operatives in the #Gaza Strip, chief among them #Hamas & Islamic Jihad targets. — IDF (@IDFSpokesperson) November 14, 2012

Thursday, November 22, 2012

5 Questions Great Job Candidates Ask

Great candidates ask questions they want answered because they're evaluating you, your company--and whether they really want to work for you.

Here are five questions great candidates ask:

What do you expect me to accomplish in the first 60 to 90 days?
Great candidates want to hit the ground running. They don't want to spend weeks or months "getting to know the organization." They want to make a difference--right away.

What are the common attributes of your top performers?
Great candidates also want to be great long-term employees. Every organization is different, and so are the key qualities of top performers in those organizations. Maybe your top performers work longer hours. Maybe creativity is more important than methodology. Maybe constantly landing new customers in new markets is more important than building long-term customer relationships. Maybe it's a willingness to spend the same amount of time educating an entry-level customer as helping an enthusiast who wants high-end equipment. Great candidates want to know, because 1) they want to know if they fit, and 2) if they do fit, they want to be a top performer.

Monday, November 19, 2012

Hackers obtained access to FreeBSD servers

On Sunday 11th of November, an intrusion was detected on two machines within the cluster. The affected machines were taken offline for analysis. Additionally, a large portion of the remaining infrastructure machines were also taken offline as a precaution.

We have found no evidence of any modifications that would put any end user at risk. However, we do urge all users to read the report available at and decide on any required actions themselves. We will continue to update that page as further information becomes known. We do not currently believe users have been affected given current forensic analysis, but we will provide updated information if this changes.

As a result of this event, a number of operational security changes are being made at the FreeBSD Project, in order to further improve our resilience to potential attacks. We plan, therefore, to more rapidly deprecate a number of legacy services, such as cvsup distribution of FreeBSD source, in favour of our more robust Subversion, freebsd-update, and portsnap models.

Source: FreeBSD

Thursday, November 8, 2012

Singaporeans get hard token baked into credit card

Two-factor authentication just got a whole lot more convenient for residents of Singapore, after Standard Chartered Bank's local outfit teamed with MasterCard to offer account-holders a credit card that is also a one-time-password-generating hard token.

MasterCard calls the device a 'Display Card' and says it includes “an embedded LCD display and touch-sensitive buttons”.

The hard token functionality seems not to have anything to do with the credit card, as Standard Chartered says it will be used with its online banking products when customers make “ higher-risk transactions such as payments or transfers above a certain amount, adding third party payees, or changing personal details.” If it behaves as other hard tokens do, punters enter a code with the keyboard, read the resulting one-time-password on the screen and then enter that code into the computing device they're using for online banking. Logon credentials for online banking service will still be required.

The card's been doing the rounds of Europe for a couple of years now, scoring a few wins with Turkish, Romanian and Belgian financial institutions.

But the win at Standard Chartered, a British outfit with global footprint, gives the technology useful profile.

Nagra ID security, the Swiss company behind the token-in-a-card, insists the device will sit happily in one's wallet and offers a three year warranty, which we believe makes it safe to sit on. The card is, in all other ways, a completely conventional credit card and can be embossed, branded and carry holographic security devices like any other credit card. ®

Source: TheRegister

Monday, November 5, 2012

SSH Forwarding

When Sun first produced systems, the common way for users to move around a network and to distribute workload was to leverage the Berkeley "r" tools, such as "rsh", "rlogin", "rexec", etc. under Solaris. As academics became professional, security concerns over passwords being passed in the clear were raised and SSH was born. SSH was built with a compatible superset to "rsh", but this was later removed with the second version of the protocol. This document discusses the implementation
of SSH under Solaris.

Global Configurations:
SSH uses several global configuration files, one for the client, and another for the server. Each of these config files document the default compiler flags under Solaris. The "ssh" client global configuration file can be tailored on a per-user basis while the "sshd" server global configuration file is managed at the global level.

SSH Server Daemon
Under Solaris 10, related OS's, and above - SSHD is started through the services infrastructure.

sunserver/user$ svcs ssh
STATE          STIME    FMRI
online         Aug_17   svc:/network/ssh:default
There are built-in compiled defaults and global defaults which are reviewed, upon startup, and connection.

The following error may occur due to incorrect configurations:

channel 5: open failed: administratively prohibited: open failed
Under Solaris 10, forwarding agent is disabled as a compile flag, and is documented in the global configuration file. If one makes a connection via SSH, and proxies a port - an error message will be produced upon the first connection attempt to the proxied port.

To allow for the port forwarding, edit the configuration file "/etc/ssh/sshd_config".

AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding yes
Restart the "sshd" service, the administrative message disappears.

sunserver/root# svcadm restart ssh

Saturday, November 3, 2012

Board of Computing Professionals Malaysia

There are currently an initiative to establish a Board of Computing Professionals Malaysia (BCPM), which will function to accredit ICT academic programmes, as well as to promote, facilitate and regulate the profession (very much like the Board of Engineers for engineering, and the Bar Council for the legal profession, etc.). This initiative is under the purview of the Ministry of Science and Innovation (MOSTI) and led by the National ICT Human Resource Task Force under the Ministry of Higher Education (MOHE) and within the ICT Human Capital Development Framework.

They invited all ICT practitioners and those related to the profession to participate in an on-line survey that will be open for responses from Sunday 28 Oct 2012 to Sunday 4 November 2012 (24:00). The survey aims to solicit feedback from the ICT community to determine the overall suitability and general acceptance to the proposal for the establishment of the BCPM. The survey site is avialable here.

The introduction to the survey and the instructions for filling the questionnaire will be provided at the stated site, as well as a link to another site that provides the general context to the proposal. Although we do not foresee any problem that may occur at the said site, should there be difficulties, an alternative site will be made available here.

Friday, November 2, 2012


udc-hackssh_bajaulaut is an openssh backdoor combined with reverse shell capability and part of udc-kolansong rootkit. The idea was to make use of openssh binary to control target and/or victim machines.

If you received something like "ssh_exchange_identification: Connection closed by remote host", this tool may make your life easy. Telnet to target machine and issue 'udc_gamai_magic' string. Once sent, sshd will then execute and connect to your 'client' machine on port 8080.

However, this patch has limitation. It can ONLY execute reverse openssh command to the machine where the telnet command execute from.

Download udc-hackssh-v3_bajaulaut-v1.2 here.

Thursday, October 18, 2012

uDc-hackssh-v3_bajaulaut public version

Lately, I have a small project that required an encrypted communication sessions over a network like openssh. However, I found one machine which interest me more then the others which is placed at highly secured zone. So, I had this crazy idea similar to Sebastian Krahmer but with more capabilities.

The idea was to manipulate and make use of openssh, and without additional rootkit to control and maintain root access on the target machine including machines placed at other network zones.

Long story short, I am publishing a public version of this "toy" but without the other "crazy things" for security reasons ;). Actually, this public version is nothing new. It is a combination of known openssh backdoor and openssh reverse capabilities as I mentioned above. You can download them here.

- updated for openssh-5.x version
- add reverse capabilities based on openssh.reverse

- use hardcoded DES cipher password
- ssh has the capablitiy to act as a server
- sshd has the capability to act as a client 

Friday, September 28, 2012

HITB - Keeping Knowledge Free for Over a Decade

Some of you might remember the first HITB conference at Cititel Hotel, Kuala Lumpur back in 2003. That year HD Moore spoke about Metasploit back when it was just the Metasploit Framework. That very conference also marked the last public appearance for LSD Group aka The Hackers Who Broke Windows. Sounds like a decade ago? Well, you are right. Believe it or not, it has been TEN YEARS since HITB CREW first conference and what a ride it has been – ten great years, three continents, hundreds of speakers, thousands of attendees and a lifetime of stories.

Other Conference Activities:
Following the success of HackWEEKDAY held for the first time last year at the HITB Security Conference in Kuala Lumpur, HITB2012KUL will see the introduction of HackWEEKDAY – Hack-to-Hack

An all new 36 hour hackathon which will will run alongside our 10th year anniversary conference kicking off on the evening of October 9th (training day 2).

Registration is COMPLETELY FREE and we have space for 50 developers in total comprising a mix of .edu and professional developers.

The HITB CommSec Village is our new Community and Security area dedicated to highlighting various security related projects from the open source community and from various hackerspaces. These communities will have their own playground and demonstration area to show off their projects and a chance to interact with the conference attendees.

Capture The Flag
To celebrate the 10th year anniversary of HITBSecConf, the CTF Overlords and CTF Crews 1.0, 2.0 and the all-new 3.0 will be coming together to work on a 32 HOUR NON STOP CAPTURE THE FLAG COMPETITION which we’re calling CTF Weapons of Mass Destruction – Fallout Apocalypse!

In our previous CTF Weapons of Mass Destruction, Teams had a set of daemons / services running on their machines and they had to exploit rival teams’ daemons to steal their flags. Submit the flags to obtain offensive points and also unlock nuclear weapons that can be launched against rival teams. For defensive points, all the team had to do was to keep their daemons up and running.

Saturday, May 12, 2012

Hukum, Khatan Wanita dan Bagaimana Rasulullah

Dalil utama berkaitan 'Khatan' adalah

خمس من الفطرة : الختان والإستحداد وتقليم الأظافر ونتف الإبط وقص الشارب

Ertinya: Lima perkaea fitrah : berkhatan, mencukur bulu kemaluan, memotong kuku, mencabut bulu ketiak (cukur), memendekkan misai. ) Riwayat Muslim)

 Pandangan para ulama dalam memahami hadith di atas terbahagi kepada tiga kumpulan:

1) Hukumnya sunat bagi lelaki dan wanita . Ia adalah pandangan Imam Malik dalam satu riwayat, Abu Hanfiah dan sebahagian ulama mazhab Syafie.

2) Wajib bagi lelaki dan wanita . Demikian fatwa Mazhab Syafie dan kebanyakan Ulama dan juga pandangan Imam Suhnun anak murid Imam Malik.

3) Wajib bagi lelaki dan hukumnya sunat bagi wanita. Demikian sebahagian ulama Syafie, dan mazhab Hanbali.

Kesimpulan perkara, disepakati bahawa khatan bagi lelaki adalah wajib, dan jika warga lelai satu negara semuanya tidak berkahatan, maka pemerintah perlu bertindak ke atas mereka.

Syeikh Atiyyah Saqar memberikan ijtihad beliau setelah meneliti dalil-dalil yang ada..katanya tiada dalil yang sohih serta terlepas dari komentar yang menunjukkan wajib bagi wanita untuk berkhatan.

Syeikh Mahmud Syaltut (bekas Syeikhul Azhar) pula mengatakan bahawa para doktor berkata kesan daripada wanita tidak berkhatan adalah akan menaikkan syahwatnya dan dibimbangi mendorong kepada sesuatu yang tidak diingini.

Berkata pula Prof. Dr Md Hasan Al-Hafnawi , pakar perubatan kulit di kuliah perubatan al-azhar dan Dr Md Sadiq selepas meliaht hadith2 Nabi, mereka memberi pandangan dari aspek perubatan.

"Kelentt" wanita (yang dipotng sebahagian jika dikhatan) yang berada di pangkal faraj wanita memberi rangsangan terkuat untuk hubungan lelaki dan wanita, dan kekuatan rangsangannya boleh mencecah 7 kali lebih sensitif dari zakar lelaki.."

dan pelabagi lagi hasil kajian mereka yang tidak sempat saya terjemahkan. di akhirnya pakar perubatan ini berkata :

"Demi menjaga maruah dan kehormatan wanita dan kewanitaannya, wajiblah kita mengikuti ajaran Islam dalam hal ini, yang terbaik bagi wanita adalah "isymam" atau memotong sedikit hujung dari kelentit ( Majalah, Oktober 1994).

Syeikh Dr Yusof Al-Qaradawi setelah membawakan dalil-dalil bagi kumpulan yang mewajibkan berkata, hadith-hadith dalam hal wajib khitan bagi wanita adalah lemah . Justeru khitan adalah wajib bagi lelaki sahaja, dan tidak wajib dan tidak juga sunat bagi wanita..Hanyalah harus bagi wanita, dan digalakkan jika boleh membawa kepd manfaat, dan tidak digalakkan jika sebaliknya.

Qaradawi juga berkata, setakat pengetahuannya bahawa wanita2 arab kebanyakkan tidak berkhitan kecuali mesir dan sudan. Adapun negara arab di Teluk dan maghribi..tiada khatan bagai wnaitanya, dan ulamanya juga senyap tiada memberi komen.

Rasulullah Berkhatan
Menurut pandangan dan kajian oleh Imam Ibn Qayyim dalam kitabnya Zadul Ma'ad, pandangan yang paling tepat adalah Rasulullah SAW di khatankan oleh Abd Mutalib pada hari ketujuh kelahiran baginda mengikut kebiasaan Arab.

Dan padangan bahawa Rasululllah SAW dilahirkan dalam keadaaan berkahatan adalah lemah, demiian juga pandangan yang menyatakan bahawa JIbrail as yang mengkhatankan baginda semasa membelah dada baginda SAW.


Thursday, March 22, 2012

Ustaz Azhar Idrus Menjawab - Taharah: Hukum Kencing Tidak Lawas

Hukum Kencing Tidak Lawas

SOALAN: Sebahagian orang mengalami masalah kencing berterusan atau kencing tidak lawas. Malah, ada yang sentiasa terkeluar mazi. Adakah hukum taharah dan ibadah bagi kedua-dua keadaan itu sama?

JAWAPAN: Keluar kencing berterusan adalah sama dengan  keluar mazi berterusan kerana kedua-dua ini dihukum sebagai daaimul hadas iaitu hadas sentiasa ada. Justeru, orang yang mengalami masalah ini perlu membasuh kemaluan dan memakai lampin ataupun menutup dengan sebarang kain. Kemudian berwuduk dengan sempurna. Wuduk ini hanya sah bagi satu solat fardu dan beberapa solat sunat sahaja.



Berita Harian

Saturday, March 17, 2012

Aku Anak Kampung Tiada Pelajaran

Memang aku ini
anak orang miskin
tiada apa-apa yang dapat ku berikan
engkau memang cantik
memang tidak padan dan tidak sepadan

aku anak kampung
tiada pelajaran
kuli-kuli sahaja
memang tidak padan
cantik bah kau itu
banyak yang tergoda lagi orang kaya

Tiada kereta ku bawa kau jalan-jalan
rumah ku pun tiada adapun bapa punya
apa lagi belanja mau bayar berian kahwin sama kamu

bukannya ku tidak suka sama kamu
tapi aku takut hidup kau kan sengsara
kerna aku cinta aku lepaskan kau sama orang lain

engkau masih muda cantik lagi menawan
janganlah kau cari lelaki macam saya
engkau memang cantik
nanti kau menyesal tiada guna 3x

tiada kereta ku bawa kau jalan-jalan
rumah ku pun tiada adapun bapa punya
apa lagi belanja mau bayar berian kahwin sama kamu

bukannya ku tidak suka sama kamu
tapi aku takut hidup kau kan sengsara
kerna aku cinta aku lepaskan kau sama orang lain

Tuesday, February 7, 2012

5 Sebelum 5

Rasulullah SAW bersabda yang bermaksud: "Rebut lima perkara sebelum datang lima perkara. Masa sihat sebelum sakit, kaya sebelum miskin, lapang sebelum sibuk, muda sebelum tua dan hidup sebelum mati." (Hadis riwayat al-Hakim dan al-Baihaqi)

Janganlah bertangguh-tangguh dalam berbuat kebaikan dan rebutlah 5 perkara sebelum datangnya 5 perkara.

Beribadatlah, dan lakukanlah ibadat sunat disamping ibadat fardhu semasa sihat sebelum datangnya kesakitan,

Bersedekahlah semasa masih kaya (berharta) sebelum ditimpa kemiskinan.

Berzikirlah sewaktu masih mempunyai kelapangan sebelum dilanda kesibukan, misalnya di waktu pagi sebelum melakukan kerja-kerja harian dan di waktu petang setelah selesai bekerja.

Carilah keperluan dunia dan akhirat semasa masih muda dan mempunyai kekuatan tenaga sebelum datangnya tua dan tidak mempunyai kekuatan.

Beramallah di sini (semasa berada di dunia) semasa hidup kerana ia berguna selepas kematian nanti (semasa di akhirat). Di sana kita tidak lagi dapat beramal.

Monday, January 23, 2012

Playing For Change

Playing for Change is a multimedia movement created to inspire, connect, and bring peace to the world through music. The idea for this project arose from a common belief that music has the power to break down boundaries and overcome distances between people. No matter whether people come from different geographic, political, economic, spiritual or ideological backgrounds, music has the universal power to transcend and unite us as one human race. And with this truth firmly fixed in our minds, we set out to share it with the world. Playing For Change also created a separate non-profit organization called the Playing For Change Foundation which builds music schools for children around the world.

The project started in 2004 with the organization's self described goal to "inspire, connect, and bring peace to the world through music". The creators of the project, Mark Johnson and Enzo Buono, traveled around the world to places such as New Orleans, Barcelona, South Africa, India, Nepal, the Middle East and Ireland. Using mobile recording equipment, the duo recorded local musicians performing the same song, interpreted into their own style. Among the artists participating, or openly involved in the project, include Vusi Mahlasela, Louis Mhlanga, Clarence Bekker, Tal Ben Ari (Tula), Bono, Keb' Mo', David Broza, Manu Chao and Grandpa Elliott.

The project's first single "Stand by Me", began with a Santa Monica street performer named Roger Ridley (now deceased). The duo traveled the world, recording more and more musicians. All of these versions were considered for mixing a pastiche final version.