tag:blogger.com,1999:blog-73067321391290254942024-03-13T08:19:58.770+08:00Bajau Legacy In Modern WorldA Moro indigenous ethnic of Austronesian who live geographically in Maritime Southeast Asia, root language is Malayo-Polynesian (sometimes called Extra-Formosan or Malagasy). Today I speak Bajau, Malay and English.Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.comBlogger145125tag:blogger.com,1999:blog-7306732139129025494.post-78926424584735399092017-03-02T15:43:00.000+08:002017-03-02T12:19:06.176+08:00Slash Reborn<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCDlM36BJbxXaakRA3v6Nn2f8E79G7kjxhJom5BASkLwsjNKiSxuFt7Pg5lYLVoGlQaHNaKBnyoEz9m8YXPBBYFkCbZ2OJ9Ax-dWTHoilfMuOMqDnzUp5ZLiXVsXOSTxOyl-v-mdRAkztg/s1600/16463591_10209737214040223_2005275172425455804_o.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCDlM36BJbxXaakRA3v6Nn2f8E79G7kjxhJom5BASkLwsjNKiSxuFt7Pg5lYLVoGlQaHNaKBnyoEz9m8YXPBBYFkCbZ2OJ9Ax-dWTHoilfMuOMqDnzUp5ZLiXVsXOSTxOyl-v-mdRAkztg/s200/16463591_10209737214040223_2005275172425455804_o.jpg" width="200" /></a></div>
<b> بِسْمِ اللّهِ الرَّحْمَنِ الرَّحِيْمِ</b><br />
<br />
<b>السَّلاَمُ عَلَيْكُمْ وَرَحْمَةُ اللهِ وَبَرَكَاتُهُ</b><br />
<b>رَبِّ اشْرَحْ لِىْ صَدْرِىْ وَيَسِّرْلِىْ اَمْرِىْ وَاحْلُلْ عُقْدَةً مِنْ لِسَانِىْ يَفْقَهُوْاقَوْلِى</b><b> </b><br />
<b> </b> <br />
<b>اَلْحَمْدُلِلّ اَللّهُ اَكْبَرُ</b> I'm still here even though not active as I used to be. اِ نْ شَآ ءَ اللّهُ I will keep contributing to share small piece of knowledge I had, which I think acceptable by most people around the globe.<br />
<br />
So yeah, like most people, it's a complicated thing to describe me. Some might
say it's along the lines of being an "acquired taste." Others might more
correctly classify it as, "somebody that some people are willing to
tolerate." Most likely, I am just inimitable, like many others. But I'll
do the best I can to describe myself with words.<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZvqZ4c6M1e0n5FdjMCSObV5IAFKXdo_IU0qAovCLzRTyKvgwuyrscGO4QMbLiRBMrakQOIYeZjpXuF95UzdKg3VbsO7UG4GKbZpAouGYkb5hZFddF-YltoQk7qs2Ubdh4hbx-kzSIXDB4/s1600/IMG_0027.JPG" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZvqZ4c6M1e0n5FdjMCSObV5IAFKXdo_IU0qAovCLzRTyKvgwuyrscGO4QMbLiRBMrakQOIYeZjpXuF95UzdKg3VbsO7UG4GKbZpAouGYkb5hZFddF-YltoQk7qs2Ubdh4hbx-kzSIXDB4/s1600/IMG_0027.JPG" width="133" /></a>I'd say that I am an eclectic amalgamation of many seemingly paradoxical
things. This can be exemplified in both my seemingly endless
persistence on many topics and arguments, as well as my careful
cautiousness on other topics and arguments. This is largely due to how
astute I am of the topic: more knowledge, more persistent; less
knowledge, obviously more cautious.<br />
<br />
Apparently, I may look something like a serial killer or terrorist. Sometimes
I can turn and become somebody who like jokes, use my OpenSSH backdoor and pwned your servers, or I can be your personal and
sexiest bodyguard depending how you look at me.<br />
<span style="font-weight: bold;"><br />
So why Slash The Underground<br />
</span>Slash The Underground was a name given by my linux guru, <span style="font-weight: bold;">burn</span> or <span style="font-weight: bold;">lordburn.</span> My friends called me <span style="font-style: italic; font-weight: bold;">'slash' </span> and sometimes <span style="font-style: italic; font-weight: bold;">'nullbyte</span>'
which is a nickname for me. It's short, clever, derogatory and
sometimes considered desirable, symbolising a form of acceptance, but
can often be a form of ridicule.<br />
<br />
<a name='more'></a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://upload.wikimedia.org/wikipedia/commons/thumb/f/fc/Moonrise_over_kuala_lumpur.jpg/1000px-Moonrise_over_kuala_lumpur.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="126" src="https://upload.wikimedia.org/wikipedia/commons/thumb/f/fc/Moonrise_over_kuala_lumpur.jpg/1000px-Moonrise_over_kuala_lumpur.jpg" width="200" /></a></div>
Living in <a href="http://en.wikipedia.org/wiki/Kuala_Lumpur">Kuala Lumpur</a>, <a href="http://en.wikipedia.org/wiki/Malaysia">Malaysia</a> in <a href="http://en.wikipedia.org/wiki/Southeast_Asia" title="Southeast Asia">Southeast Asia</a>
with a total landmass of 329,847 square kilometres (127,355 sq mi) with
population stands at over 27 million. Malaysia is separated into two
regions—<a href="http://en.wikipedia.org/wiki/Peninsular_Malaysia" title="Peninsular Malaysia">Peninsular Malaysia</a> and <a href="http://en.wikipedia.org/wiki/East_Malaysia" title="East Malaysia">Malaysian Borneo</a>—by the <a href="http://en.wikipedia.org/wiki/South_China_Sea" title="South China Sea">South China Sea</a>. It surrounded by <a href="http://en.wikipedia.org/wiki/Thailand" title="Thailand">Thailand</a>, <a href="http://en.wikipedia.org/wiki/Indonesia" title="Indonesia">Indonesia</a>, <a href="http://en.wikipedia.org/wiki/Singapore" title="Singapore">Singapore</a>, <a href="http://en.wikipedia.org/wiki/Brunei" title="Brunei">Brunei</a> and the <a href="http://en.wikipedia.org/wiki/Philippines" title="Philippines">Philippines</a> which is located near the equator and experiences a <a href="http://en.wikipedia.org/wiki/Tropics" title="Tropics">tropical</a> climate.<br />
<a href="http://en.wikipedia.org/wiki/Malaysia#cite_note-CIA_Fact_Book-4" title=""></a><br />
I am <a href="http://en.wikipedia.org/wiki/Bajau">Bajau</a> and in general I am <a href="http://en.wikipedia.org/wiki/Malays_%28ethnic_group%29">Malay</a>. History documented that Bajau spoke Malayo-Polynesian which a subgroup of the <a href="https://en.wikipedia.org/wiki/Austronesian_languages" title="Austronesian languages">Austronesian languages</a> and a language spoken by <a class="mw-redirect" href="https://en.wikipedia.org/wiki/Austronesian_people" title="Austronesian people">Austronesian people</a>. The Nuclear Malayo-Polynesian languages are spoken by about 230 million people and include <a href="https://en.wikipedia.org/wiki/Malay_language" title="Malay language">Malay</a> (<a href="https://en.wikipedia.org/wiki/Indonesian_language" title="Indonesian language">Indonesian</a> and <a href="https://en.wikipedia.org/wiki/Malaysian_language" title="Malaysian language">Malaysian</a>), <a href="https://en.wikipedia.org/wiki/Sundanese_language" title="Sundanese language">Sundanese</a>, <a href="https://en.wikipedia.org/wiki/Javanese_language" title="Javanese language">Javanese</a>, <a href="https://en.wikipedia.org/wiki/Balinese_language" title="Balinese language">Balinese</a>, <a href="https://en.wikipedia.org/wiki/Acehnese_language" title="Acehnese language">Acehnese</a>; and also the <a href="https://en.wikipedia.org/wiki/Oceanic_languages" title="Oceanic languages">Oceanic languages</a>, including <a href="https://en.wikipedia.org/wiki/Tolai_language" title="Tolai language">Tolai</a>, <a href="https://en.wikipedia.org/wiki/Gilbertese_language" title="Gilbertese language">Gilbertese</a>, <a href="https://en.wikipedia.org/wiki/Fijian_language" title="Fijian language">Fijian</a>, and <a href="https://en.wikipedia.org/wiki/Polynesian_languages" title="Polynesian languages">Polynesian languages</a> such as <a href="https://en.wikipedia.org/wiki/Hawaiian_language" title="Hawaiian language">Hawaiian</a>, <a href="https://en.wikipedia.org/wiki/M%C4%81ori_language" title="Māori language">Māori</a>, <a href="https://en.wikipedia.org/wiki/Samoan_language" title="Samoan language">Samoan</a>, <a href="https://en.wikipedia.org/wiki/Tahitian_language" title="Tahitian language">Tahitian</a>, and <a href="https://en.wikipedia.org/wiki/Tongan_language" title="Tongan language">Tongan</a>.<br />
<br />
<a href="https://upload.wikimedia.org/wikipedia/commons/0/0a/Migraciones_austronesias.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="123" src="https://upload.wikimedia.org/wikipedia/commons/0/0a/Migraciones_austronesias.png" width="200" /></a><br />
Historically, we are originated from <b>Austronesia</b>, which refers to the homeland of the <a class="mw-redirect" href="https://en.wikipedia.org/wiki/Austronesian_people" title="Austronesian people">peoples</a> who speak Austronesian languages, including Indonesian, Malay, <a href="https://en.wikipedia.org/wiki/Filipino_language" title="Filipino language">Filipino</a>, Maori, <a href="https://en.wikipedia.org/wiki/Malagasy_language" title="Malagasy language">Malagasy</a>, Hawaiian, Fijian, <a href="https://en.wikipedia.org/wiki/Formosan_languages" title="Formosan languages">Taiwan's Austronesian languages</a> and around a thousand other languages. Austronesia covers almost half of the globe, although mostly ocean and oceanic islands, starting from <a href="https://en.wikipedia.org/wiki/Madagascar" title="Madagascar">Madagascar</a> to the west until <a href="https://en.wikipedia.org/wiki/Easter_Island" title="Easter Island">Easter Island</a>, to the east.<br />
<br />
<a href="http://upload.wikimedia.org/wikipedia/commons/c/c1/Tawau_Sabah_TownViewFromLA-_Hotel-01.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="133" src="https://upload.wikimedia.org/wikipedia/commons/c/c1/Tawau_Sabah_TownViewFromLA-_Hotel-01.jpg" width="200" /></a>My great great great grandfather generation moved to <a href="http://en.wikipedia.org/wiki/Tawau">Tawau</a>, <a href="http://en.wikipedia.org/wiki/Sabah">Sabah</a>. Tawau formerly known as <b>Tawao</b>, is the third-largest town in <a href="https://en.wikipedia.org/wiki/Sabah" title="Sabah">Sabah</a>, after <a href="https://en.wikipedia.org/wiki/Kota_Kinabalu" title="Kota Kinabalu">Kota Kinabalu City</a> and <a href="https://en.wikipedia.org/wiki/Sandakan" title="Sandakan">Sandakan</a>, and lies on the south-eastern coast of <a href="https://en.wikipedia.org/wiki/Borneo" title="Borneo">Borneo</a> in Malaysia. It is the administrative centre of <a href="https://en.wikipedia.org/wiki/Tawau_Division" title="Tawau Division">Tawau Division</a> which is bordered by the <a href="https://en.wikipedia.org/wiki/Sulu_Sea" title="Sulu Sea">Sulu Sea</a> to the east, the <a href="https://en.wikipedia.org/wiki/Celebes_Sea" title="Celebes Sea">Celebes Sea</a> to the south at Cowie Bay<sup class="reference" id="cite_ref-1"><a href="https://en.wikipedia.org/wiki/Tawau#cite_note-1">[note 1]</a></sup> and shares a border with <a href="https://en.wikipedia.org/wiki/East_Kalimantan" title="East Kalimantan">East Kalimantan</a> (now <a href="https://en.wikipedia.org/wiki/North_Kalimantan" title="North Kalimantan">North Kalimantan</a>). The town had an estimated population as of 2010 of 113,809,<sup class="reference" id="cite_ref-pop_2-0"><a href="https://en.wikipedia.org/wiki/Tawau#cite_note-pop-2">[1]</a></sup> while the whole municipality area had a population of 397,673.<sup class="reference" id="cite_ref-pop_2-1"><a href="https://en.wikipedia.org/wiki/Tawau#cite_note-pop-2">[1]</a></sup><sup class="reference" id="cite_ref-census_3-0"><a href="https://en.wikipedia.org/wiki/Tawau#cite_note-census-3">[note 2]</a></sup>. The geographic coordinates of Tawau are latitude 4.298 degree North and longitude 117.883 degree East. Among the tourist attractions in Tawau are: The Tawau International
Cultural Festival, Tawau Bell Tower, Japanese War Cemetery,
Confrontation Memorial, Teck Guan Cocoa Museum, <a href="https://en.wikipedia.org/wiki/Tawau_Hills_National_Park" title="Tawau Hills National Park">Tawau Hills National Park</a>,
Bukit Gemok, and Tawau Tanjung Markets. The main economic activities of
the town are: timber, cocoa, oil palm plantations, and prawn farming. So do let me know if you have a plan visiting my hometown ;)<br />
<br />
<div style="text-align: center;">
<br />
I've visited 14 states (6.22%)<br />
<img height="220" src="https://chart.apis.google.com/chart?cht=t&chs=440x220&chtm=world&chf=bg,s,336699&chco=d0d0d0,cc0000&chd=s:99999999999999&chld=GBITSEIDPHMYSASGKRTHAECNDENL" width="440" /><br />
<br />
<div style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
</div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQwaE1xl80XqBGou9gZ8nXDGsDxWXo-fUWOYOjlEF3o9ZltJ2iA1G9Wj_MnQS0IJ2n2G4h6nckNptrVvaAiuvGpuznSUuD9a3BQCBxqh1_lFJVGjfdu6kyxTxUqK_N1zPNrxNo0KyN5ldU/s1600/2.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQwaE1xl80XqBGou9gZ8nXDGsDxWXo-fUWOYOjlEF3o9ZltJ2iA1G9Wj_MnQS0IJ2n2G4h6nckNptrVvaAiuvGpuznSUuD9a3BQCBxqh1_lFJVGjfdu6kyxTxUqK_N1zPNrxNo0KyN5ldU/s200/2.jpg" width="200" /></a> I am
now working for defense company as a Cyber Security
Manager which I think similar to Prime Minister job :) If you live nearby, <a href="mailto:shaolinint@gmail.com">drop me a line,</a> perhaps we can hook up sometimes. Mostly I do <a href="http://en.wikipedia.org/wiki/Penetration_testing">Penetration Testing</a> and consulting work. I also do training for <a href="http://en.wikipedia.org/wiki/Information_security">Information Security</a> related subjects. If you are interested in some consultancy or such like <a href="mailto:shaolinint@gmail.com">let me know</a>. On top of this full-time job,
and nearly half-time blogging, I’m also an <b>Islamic Medical Practitioner</b>, small effort of my Islamic Dakwah to educate people "<b>How Islam and Quran heal black magic and genie (spirit, goblin, elf, demon etc.) bad work in regards to the human health and modern medical".</b><br />
<br />
<b>Why subject us to your inane ramblings?</b></div>
</div>
Perhaps people will read, perhaps people will laugh, perhaps people will get mad...as long as I invoke some kind of emotion then I've done something meaningful. It's meant to be a satirically humorous, topical outlook on things, with some interesting tidbits, weird stuff, interesting findings and the odd rant about the terrible state of things.<br />
<br />
<span style="font-weight: bold;">Final words</span><br />
Islam is my din or deen (way of life), I can be your best friend, but I can also be your worst enemy. I am
passionate with what I do and I fight for what I believe in.<span style="color: #e69138;"><b>Sometimes we feel that all doors are closed in our life, but all closed doors may not be locked, they may be waiting for a gentle push.. and that is "DUA (prayer)"</b></span><br />
<br />
<b><span style="font-size: small;">سُبْحَانَكَ اللَّهُمَّ وَبِحَمْدِكَ أَشْهَدُ أَنْ لاَ إِلهَ إِلاَّ أَنْتَ أَسْتَغْفِرُكَ وَأَتُوْبُ إِلَيْكَ</span></b><br />
<b><span style="font-size: small;"> </span></b> Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com3tag:blogger.com,1999:blog-7306732139129025494.post-4980338386278459842017-03-02T10:57:00.001+08:002017-03-02T10:57:43.013+08:00Hunting C&C For Fun and Profit<br />
This is a quick post to splainz the methodology behind how we were
able to make fingerprints for the Hacking Team and Equation Group
C&C infrastructure allowing remote identification of their servers,
as shown in <a href="https://github.com/0x27/TheItalianJob">The Italian Job</a> and <a href="https://github.com/0x27/EquationSmasher">Equation Smasher</a> releases on Github.<br />
Myself and <a href="https://twitter.com/_ta0">March</a>, the rootkit
wizard, have been at this kind of thing for quite some time, and have
had a great deal of success in enumerating and identifying C&C
infrastructure based on various oddities in how they present themselves.
A fine example of this was in our <a href="http://insecurety.net/?p=729">Hunting Red October</a> work prior (which resulted in the “asdic.pl” and “sonar.py” scripts).<br />
Basically, here is a TL;DR on how you, too, can hunt down shitbag spies and other such nasties.<br />
<br />
<h2 id="step-1-get-samples-of-the-malware-andor-ips-of-some-still-active-cc-servers">
Step 1: Get samples of the malware and/or IP’s of some still active C&C servers.</h2>
This is often trivial. Once someone publishes a report, or you get
some nasty malware, identify the C&C server (run it in a sandbox or
whatever and sniff those sweet, sweet pacotes).<br />
<h2 id="step-2-muck-about-with-the-cc-server">
Step 2: Muck about with the C&C server.</h2>
Next up, do a portscan of the C&C server(s). Of particular
interest is the callback port. You want to fiddle with that port/service
a bit and see if it returns a “weird” or unique banner or response,
that you can chuck into <a href="https://shodan.io/">shodan</a> and try identify similar servers.<br />
<h2 id="step-3-fuck-with-related-hosts">
Step 3: Fuck with related hosts</h2>
The third step is fairly simple. Once you have a list of hosts that
also act in the same fashion and “smell” the same (much of this is based
on scientific jiggerypokery and general faffing about with them), you
portscan those and look for further similarities. Most oftentimes,
C&C infrastructure is “cloned” across hosts, so they all will be set
up in the same fashion.<br />
<h2 id="optional-step-4-scan-the-planet">
Optional Step 4: Scan the Planet</h2>
Optionally, here you can scan the entire planet with masscan or zmap
looking for similar hosts that Shodan’s crawler might not have hit yet.
This gives you a nice list of IP’s to compare against netflow logs and
also to bang into online sandboxes/AV things to see if theres other
samples out there calling back, so you can gather more information and
link samples/campaigns together.<br />
<h2 id="optional-step-5-hack-the-planet">
Optional Step 5: Hack the Planet</h2>
I have NOT engaged in this hypothetical step, and cannot legally advocate for it, however others such as <a href="https://malware.lu/assets/files/articles/RAP002_APT1_Technical_backstage.1.0.pdf">Malware.lu in the case of APT-1</a>
(warning: PDF link) have done so. Somehow procure a copy of the C&C
software in question, fuzz the shit out of it, find some bugs, and own
the spying bastards, preferably uninfecting their victims and burning
their infrastructure to the ground. I include this step for completeness
only, and to point out that there is some recourse to be had.<br />
Good sources of ~~DDoS numbers~~ IP addresses/C&C hosts to initially target for, er, interrogation are reports from <a href="https://citizenlab.org/">Citizen Lab</a>
and AV vendors on the latest and lamest surveillance campaigns. Also,
because some espionage campaigns are cheapskates, obtaining copies of
widely (ab)used RAT software sold/used by ~~APT’s~~ script kiddies (such
as Poison Ivy/BlackShades/DarkComet) and analysing those examples is
also a fine way to find new, exciting fingerprints (and
vulnerabilities…) to go forth and ruin some attackers days.<br />
Further note: If the malware uses a web based (say, written in PHP)
web panel, you might be able to fingerprint on HTTP titles or figure out
a google-dork or other way of identifying the panel. Think of web
panels as vulnerable webapps and apply the same thinking to locating and
finding vulnerabilities in them. Quite often the bit of the web panel
(the “gate”) that the implant calls back to fails miserably at
sanitizing inputs to databases or file outputs, so there are often some
gloriously exploitable bugs there. See the <a href="https://malware.lu/articles/2012/05/21/analysis-and-pownage-of-herpesnet-botnet.html">Herpesnet teardown/ownage by malware.lu</a> for some ideas on that :)<br />
<br />
Have fun, and be safe. Remember kids - when fucking with C&C’s/malware, practice safe hex and wear your balaclavas!Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-10093338180373272572015-07-22T12:11:00.001+08:002015-07-22T12:28:01.103+08:00Never trust a subcontractor<div class="separator" style="clear: both; text-align: center;">
</div>
<a href="http://icbseverywhere.com/blog/wp-content/media/2010/06/Incompetence1.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://icbseverywhere.com/blog/wp-content/media/2010/06/Incompetence1.jpg" height="200" width="200" /></a>It all started with a phone call. "The whole network at [customer redacted] is down and they have no power - they need your help."<br />
<br />
My blood ran cold. The engineer calling me sounded panicked, and for good reason. [Customer redacted] has an enormous natural gas facility in South Texas, too far from civilization to get enough power off of the grid. We designed and built an onsite natural gas power plant for them - a big one, capable of supplying 40+MW of power at peak load. They could run the facility for a short while without the power plant, but not long - and shutting down the facility meant losing 7 figures per hour. By the time I was informed, they had 6 hours until they had to shut down.<br />
<br />
As the guy who had designed and installed said network, I was naturally the guy to call when it had problems, which had never happened before. It was a pretty simple network, honestly - just switches, cat5 cables and fiber. Since this was the network all the PLCs, relays, meters and whatnot ran on, it was airgapped & isolated, no routers. Not much to go wrong.<br />
<br />
I quickly get on the phone and walk the guy on their end through plugging in a laptop and running <br />
some simple tests. Check lights on things, ping this, ping that. Everything seems good, though. The network is emphatically not down. So I send him a remote app and take control of his laptop to see for myself.<br />
<br />
Log into switches, check things, nope, the network's not down. When I log into the HMI system, though, I see a big red error message: "Network Error: Cannot connect to database". The database server is up, though. I log into the database server (Windows Server 2012 running MSSQL) and that's where I find the problem: SQL isn't running. I try to start it and it immediately shuts back off.<br />
<a name='more'></a><br />
Now this is very bad for a couple of reasons. This server provides databases for a couple of very critical things in this plant. Included are the PLC systems, which explains why the plant shut down - the PLCs weren't running and the monitoring system had shut down the turbines. Additionally, this was not a problem with the network, this was a problem with a server, and we had subbed out the systems work to [PLC Contractor], so I had no idea how all this was supposed to function and no documentation on it. I'm flying blind here.<br />
<br />
<a href="http://i3.cpcache.com/product/718544436/future_system_administrator_baby_blanket.jpg?height=225&width=225" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="http://i3.cpcache.com/product/718544436/future_system_administrator_baby_blanket.jpg?height=225&width=225" height="200" width="200" /></a>A couple of phone calls later I find out that [PLC Contractor] had subbed out procurement and set up of the server to [incompetent morons], who was on vacation. [PLC Contractor] doesn't want to touch it, tells me to call [incompetent morons]. Woohoo. 4 hours to shutdown and this has now become my multi-million dollar problem.<br />
<br />
Back at the database server I start digging to find out why SQL won't start. It didn't take me very long to find the problem: "Invalid license data. Reinstall is required." Turns out that [incompetent morons] had bought the appropriate licenses for SQL 2012, but never bothered to retrieve or use the license key. The plant had been running on a trial install of SQL this entire time, and went down because the trial period ended. I wish, I really wish I was making this up, but I am not.<br />
<br />
Of course, I can't do anything to jeopardize the integrity of the database, including reinstalling, and I don't have the license key. The next hour or so consisted of lots of angry phone calls until someone at [PLC Contractor] finally dug up the documentation from the purchase, and the hour after that consisted of, roughly:<br />
<br />
<ol>
<li>Impersonate the CEO of an energy company ([incompetent morons] put him down, personally, on all the Microsoft paperwork), to get into the MSDN account [incompetent morons] had inexplicably set up in his name.</li>
<br />
<li>Find out that MS does not just give you a license key anyway, it's embedded in the install disk. Which means that [incompetent morons] actually bought SQL and then proceeded to set it up using a trial copy.</li>
<br />
<li>Sweat bullets waiting for the install disk to download.</li>
<br />
<li>Extract license key from install disk.</li>
<br />
<li>Use procedure I discovered using the powers of google to update the license information without reinstalling.</li>
<br />
<li>Reboot everything, sweat more bullets.</li>
</ol>
<br />
After the database server was again serving databases, the PLC came back online and the techs were able to restart the turbines. We avoided shutdown by about 30 minutes.<br />
<br />
I took the rest of the day off.<br />
<br />
Source: <a href="https://www.reddit.com/r/sysadmin/comments/3e3y8t/never_trust_a_subcontractor/" target="_blank">reddit</a> Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-33660961199713944242015-07-20T14:40:00.000+08:002015-07-20T14:41:36.057+08:00Hacking Team Uses UEFI BIOS Rootkit<div class="separator" style="clear: both; text-align: center;">
<a href="http://blog.trendmicro.com/trendlabs-security-intelligence/files/2015/07/HT-UEFI-InstallAgent-2a.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://blog.trendmicro.com/trendlabs-security-intelligence/files/2015/07/HT-UEFI-InstallAgent-2a.png" height="131" width="200" /></a></div>
The dissection of the data from the Hacking Team leak has yielded another critical discovery: Hacking Team uses a UEFI BIOS rootkit to keep their Remote Control System (RCS) agent installed in their targets’ systems. This means that even if the user formats the hard disk, reinstalls the OS, and even buys a new hard disk, the agents are implanted after Microsoft Windows is up and running.<br />
<br />
They have written a procedure specifically for Insyde BIOS (a very popular BIOS vendor for laptops). However, the code can very likely work on AMI BIOS as well.<br />
<br />
A Hacking Team slideshow presentation claims that successful infection requires physical access to the target system; however, we can’t rule out the possibility of remote installation. An example attack scenario would be: The intruder gets access to the target computer, reboots into UEFI shell, dumps the BIOS, installs the BIOS rootkit, reflashes the BIOS, and then reboots the target system. We’ve found that Hacking Team developed a help tool for the users of their BIOS rootkit, and even provided support for when the BIOS image is incompatible.<br />
<a name='more'></a><br />
In installation, three modules are first copied from an external source (this might be from a USB key with UEFI shell) to a file volume (FV) in the modified UEFI BIOS. Ntfs.mod allows UEFI BIOS to read/write NTFS file. Rkloader.mod then hooks the UEFI event and calls the dropper function when the system boots. The file dropper.mod contains the actual agents, which have the file name scout.exe and soldier.exe.<br />
<br />
This means that when the BIOS rootkit is installed, the existence of the
agents are checked each time the system is rebooted. If they do not
exist, the agent <i>scout.exe</i> is installed in the following path: <i>\Users\[username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6To_60S7K_FU06yjEhjh5dpFw96549UU. </i><br />
<i><br /></i>
This finding is only the most recent among the numerous discoveries triggered by the Hacking Team leak. So far, <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-in-adobe-flash-emerges-from-hacking-team-leak/">three Adobe Flash zero-day vulnerabilities</a> have
been discovered from their files, although this particular finding
gives more context on their activities. While we are not certain of who
have been affected, the fact that the group dubs the tool “The Hacking
Suite for Governmental Interception” which clarifies for whom the tool
is intended.<br />
<br />
Source: <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/" target="_blank">Trendmicro blog's</a> Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-37894821961739791442015-07-20T12:57:00.000+08:002015-07-20T14:30:39.182+08:00Blocklist for Transmission<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhx6zMO6-9BSnk3F6fNnftXfYwG4B1w6ghe7hbBgR_me017OuawoWJR63ihosFAN80QAv2mCNPZuFK7xbVVZdwdjRlPK7pDQeMbVhDuEjdX9CKoyJVnmNMGLzAmltTveYnwO3GBaMEHEpCL/s1600/transmission.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhx6zMO6-9BSnk3F6fNnftXfYwG4B1w6ghe7hbBgR_me017OuawoWJR63ihosFAN80QAv2mCNPZuFK7xbVVZdwdjRlPK7pDQeMbVhDuEjdX9CKoyJVnmNMGLzAmltTveYnwO3GBaMEHEpCL/s1600/transmission.png" height="83" width="200" /></a></div>
<a href="http://www.transmissionbt.com/" target="_blank">Transmission</a> is, in my opinion, light and the best BitTorrent client for OS X so far [and did you know there’s even an unofficial Windows version too?]. Why? Because it’s super easy to use and configure and it’s not resource-hungry like some other BitTorrent client. <br />
<br />
Looking for a nice and complete blocklist for Transmission can be a pain, especially if you’re not sure of which one to pick. In fact there are a ton of lists all for different purposes and no one will give you complete bad-peer protection since one will shield your client from spammers, one from the US Government [really?] and no one from all those things combined.<br />
<br />
If you search on Google you will find people recommending this website, called <a href="https://www.iblocklist.com/lists.php" target="_blank">iBlocklist</a>, which collects various block lists but there are to many of them and they all have the same problem I said before: no complete 100% protection.<br />
<br />
Luckly <a href="http://www.quora.com/John-Tyree-1" target="_blank">John Tyree</a>, a user from quora.com, created a <a href="https://gist.github.com/johntyree/3331662" target="_blank">GitHub project</a> which combines all those iBlocklist lists in to a single one and he hosted the result here. Simply add this URL in the Transmission preferences.<br />
<br />
Good luck!Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com2tag:blogger.com,1999:blog-7306732139129025494.post-775195453358061882015-07-13T12:06:00.000+08:002015-07-20T14:31:48.160+08:00Magsukul Sapura (thank you Sapura)<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-size: small;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhi5VnGeOHldDliSvkYYQlsQSEtTQqW3RbwITt0lmHx9TXRKGol-lY8CGOND7DG-lYQr_OI_uEhpnwLbLjazUu5yz14OWI4fd8LBMRnY8YfKd5HMdgaz4F6oK8X6-lUBXBHDyTO65eXJYr4/s1600/islamic1.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="133" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhi5VnGeOHldDliSvkYYQlsQSEtTQqW3RbwITt0lmHx9TXRKGol-lY8CGOND7DG-lYQr_OI_uEhpnwLbLjazUu5yz14OWI4fd8LBMRnY8YfKd5HMdgaz4F6oK8X6-lUBXBHDyTO65eXJYr4/s200/islamic1.jpg" width="200" /></a>السَّلاَمُ عَلَيْكُمْ وَرَحْمَةُ اللهِ وَبَرَكَاتُهُ and Good Afternoon,</span><br />
<span style="font-size: small;"><br /></span>
<span style="font-size: small;">بِسْمِ اللّهِ الرَّحْمَنِ الرَّحِيْمِ</span><br />
<span style="font-size: small;"><br />اَلْحَمْدُلِلّهِ, today is my last day working at Sapura Secured Technologies as Systemic Security Manager for Sapura Defense Sdn Bhd. Once again, I've been given opportunity by Allah S.W.T. to share knowledge and experience for the industry and Information Warfare community. Although I have my own plan, but I know Allah also plans, and Allah is the best of planners. I know who I will be, and I know where I will be, but I know that Allah will choose what’s good for me. </span><br />
<span style="font-size: small;"><br /></span>
<span style="font-size: small;">I wanted to wish everyone happy trails. My colleagues have been nothing short of amazing, the knowledge, experience, and the quality of discussions is incredibly stimulating. In the last 7 years with Sapura, Allah S.W.T has shown me a form of great challenges which almost took me down to the ground and taught me a unique knowledge through people around me. I learned a great deal, building skills, relationships and challenges that I never think of.</span><br />
<span style="font-size: small;"></span><br />
<a name='more'></a>
<span style="font-size: small;">On a happier note, there's not a person in this campus I do not like, if not love. The company has more greatness ahead of it, and I'll be watching from far and rooting you on.</span><br />
<span style="font-size: small;"><br /></span>
<span style="font-size: small;">To the Leaders, it was a great pleasure to be working with great people like you guys. For those team with whom I worked most closely, my congratulations, for this surely is emancipation day - no more late night emails or urgent tasks & messages, and to all my brothers and sisters, you know who you are, insha Allah we'll meet again, جَزَاكُمُ اللهُ خَيْرًا كَثِيْرًا وَجَزَاكُمُ اللهُ اَحْسَنَ الْجَزَاء</span><br />
<span style="font-size: small;"><br /></span>
<span style="font-size: small;">To the rest of innovators, thank you thank you thank you!</span><br />
<span style="font-size: small;"><br /></span>
<span style="font-size: small;">You’ll still find me <a href="https://twitter.com/shaolinint" target="_blank">@shaolinint</a> on Twitter. Feel free to follow there or connect on <a href="https://my.linkedin.com/in/shaolinint" target="_blank">Linkedin</a>.</span><br />
<span style="font-size: small;"><br /></span>
<span style="font-size: small;"></span><br />
<span style="font-size: small;">وَ السَّلاَمُ عَلَيْكُمْ وَرَحْمَةُ اللهِ وَبَرَكَاتُهُ</span>Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-86824419283530011012015-07-09T15:00:00.000+08:002015-07-13T09:29:19.956+08:00How to use SSHFS<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.foldr.org/~michaelw/log/static/computers/macosx/macfusion-sshfs.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://www.foldr.org/~michaelw/log/static/computers/macosx/macfusion-sshfs.png" /></a></div>
<b>Introduction</b> <br />
In <a href="https://en.wikipedia.org/wiki/Computing" title="Computing">computing</a>, <b>SSHFS</b> (<b>SSH Filesystem</b>) is a <a class="mw-redirect" href="https://en.wikipedia.org/wiki/Filesystem" title="Filesystem">filesystem</a> client to <a href="javascript:void(0)" title="Mount (computing)">mount</a> and interact with <a class="mw-redirect" href="javascript:void(0)" title="Directory (file systems)">directories</a> and <a href="https://en.wikipedia.org/wiki/Computer_file" title="Computer file">files</a> located on a remote <a href="javascript:void(0)" title="Server (computing)">server</a> or <a href="https://en.wikipedia.org/wiki/Workstation" title="Workstation">workstation</a> over a normal ssh connection.<sup class="reference" id="cite_ref-SSHFS_OpenBSD_port_1-0"><a href="https://en.wikipedia.org/wiki/SSHFS#cite_note-SSHFS_OpenBSD_port-1">[1]</a></sup> The client interacts with the remote file system via the <a href="https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol" title="SSH File Transfer Protocol">SSH File Transfer Protocol</a> (SFTP),<sup class="reference" id="cite_ref-SSHFS_security_2-0"><a href="https://en.wikipedia.org/wiki/SSHFS#cite_note-SSHFS_security-2">[2]</a></sup> a <a class="mw-redirect" href="https://en.wikipedia.org/wiki/Network_protocol" title="Network protocol">network protocol</a> providing <a class="mw-redirect" href="https://en.wikipedia.org/wiki/File_access" title="File access">file access</a>, <a href="https://en.wikipedia.org/wiki/File_transfer" title="File transfer">file transfer</a>, and <a class="mw-redirect" href="https://en.wikipedia.org/wiki/File_management" title="File management">file management</a> functionality over any reliable <a href="https://en.wikipedia.org/wiki/Data_stream" title="Data stream">data stream</a> that was designed as an extension of the <a href="https://en.wikipedia.org/wiki/Secure_Shell" title="Secure Shell">Secure Shell</a> protocol (SSH) version 2.0.<br />
<br />
In many cases it can become cumbersome to transfer files to and from proprietary and customized operating system. This can become quite a hassle in a very short period of time. Luckily there is a way to mount remote file system to local computer without NFS, SAMBA or other remote filler protocols. In this article, I will show you how to do exactly that.<br />
<br />
<a name='more'></a><span style="font-size: x-large;"><b>Installing SSHFS</b></span><br />
<br />
<span style="font-size: large;"><b>On Ubuntu/Debian</b></span><br />
SSHFS is Linux based software that needs to be installed on your local
computer. On Ubuntu and Debian based systems it can be installed through
apt-get.<br />
<br />
<blockquote class="tr_bq">
sudo apt-get install sshfs</blockquote>
<br />
<br />
<b><span style="font-size: large;">On Mac OSX</span></b><br />
You can install SHFS on Mac OSX. You will need to download FUSE and SSHFS from the <a href="http://osxfuse.github.io/" target="_blank">osxfuse site.</a><br />
<br />
<span style="font-size: large;"><b>On Windows</b></span><br />
To install SSHFS in Windows you will need to grab the latest win-sshfs package from the google code repository. A direct download link can be found below. After you have downloaded the package, double click to launch the installer. You may be prompted to download additional files, if so the installer will download the .NET Framework 4.0 and install it for you.<br />
<br />
<blockquote class="tr_bq">
https://win-sshfs.googlecode.com/files/win-sshfs-0.0.1.5-setup.exe</blockquote>
<br />
<b><span style="font-size: large;">Mounting the Remote File System</span></b><br />
The following instructions will work for both Ubuntu/Debian and OSX. Instructions for Windows systems can be found at the bottom of the tutorial.<br />
<br />
<blockquote class="tr_bq">
sshfs userame@remote_server_ip:/mount_point /remote_mount_point</blockquote>
<br />
Now you can work with files on your /mount_point as if it were a physical device attached to your local machine.<br /><br />
It is important to note that this process provides only a temporary mount point. Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-38919364426636414182015-07-08T01:30:00.000+08:002015-07-20T14:41:57.233+08:00HackingTeam become Hacked Team<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.heise.de/imgs/18/1/5/4/1/4/2/4/hacked_team-c2d0ab46c07b53e2.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://www.heise.de/imgs/18/1/5/4/1/4/2/4/hacked_team-c2d0ab46c07b53e2.png" height="111" width="200" /></a></div>
<b>An ‘enemy of the internet’ that helps governments spy on citizens has been hacked</b><br />
The (ironically-named) Hacking Team is an Italian security firm with a history of supplying surveillance technology to governments around the world, including some unpleasant regimes. It’s now been hacked itself.<br />
<br />
As CSO Online reports, the source of the hack isn’t clear yet, but a torrent file with 400GB of internal documents, product source code and email archives is now public. There’s no shortage of glee online about the development, particularly from privacy activists. Campaign group Reporters Without Borders lists Hacking Team on its Enemies of the Internet index. Most of the strong criticism directed at the company is down to its surveillance tool Da Vinci, which it says can be used to break encryption on emails, files and IP calls.<br />
<br />
In the last, Hacking Company has denied any allegations of selling
tools to the governments but the leaked emails show that company has
done some pretty good business with the oppressive regimes in Sudan,
Saudi Arabia, and Bahrain.<br />
<br />
The unknown hackers have posted various file links on file sharing
websites and replaced the company logo that read “Hacking Team” to
“Hacked Team” on Twitter. Many companies are known to develop highly
sophisticated software and help the governments to monitor the people’s
smartphones and personal computers.<br />
<br />
<a name='more'></a><br />
Apart from the above-mentioned clients, Hacking Team also supplies
surveillance tools to Morocco and Ethiopia. The Verge writes that
Hacking Team is infamous for injecting malicious scripts in Microsoft’s
Live services and YouTube. Take a look at one of interesting clients below:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgF7mU22K4xwxkOy3WUhQz-yIFNRsAccrH-dJHOVijlqeTno5bp8_2xb5CeIFJQXZdoktOELf9Nt-ChCM85KRFs_eaFOA0wjar2zw9NOH_isohwv_Ha2pzJBRVzV_ml1qytC5ecOgYYMB-f/s1600/Hacking_Team__blurred_070715.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="404" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgF7mU22K4xwxkOy3WUhQz-yIFNRsAccrH-dJHOVijlqeTno5bp8_2xb5CeIFJQXZdoktOELf9Nt-ChCM85KRFs_eaFOA0wjar2zw9NOH_isohwv_Ha2pzJBRVzV_ml1qytC5ecOgYYMB-f/s640/Hacking_Team__blurred_070715.jpg" width="640" /></a></div>
<br />
Also listed among the firm’s clients and former clients are the US
Department of Defense (shown as not active), the Drug Enforcement Agency
(DEA), which is in the process of renewing its contract, and the FBI,
which was working with it until June 30, 2015.<br />
<br />
The leak of sensitive documents from Hacking Team comes just as UK Prime
Minister David Cameron is pushing once again for new laws to <a href="http://thenextweb.com/opinion/2015/01/13/david-camerons-plan-ban-end-end-encryption-catastrophic-internet-freedom/">allow British intelligence agencies to break encryption.</a> <br />
<br />Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-9413826768020615902015-06-29T02:27:00.000+08:002015-07-13T02:31:52.903+08:00Path MTU, IP Fragmentation and MSS<div class="separator" style="clear: both; text-align: center;">
</div>
Last few weeks, I've been involved troubleshooting high latency on SATCOM and 3G infrastructure. Long story short, I found that when in UDP, the "Dont Fragment (DF)" bit is set to 1. Therefore, I would like to write about Path MTU discovery and IP Fragmentation in this post and the relation between them.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizUtW5oMZohvpV0ACMOBjVyq2Y0eWXmDCzvfOzgdtBrXrtgjXxI9c8fdl1fCjtiCIW4pNzdyenG4sF_yL2Cm3nQZReuAWe9G9mrYjPnWNY4Yr6OE7a6h0C9ierfyfYwAU-P9h6tgWqDTc9/s1600/path_mtu_ip_fragmentation_mss.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="192" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizUtW5oMZohvpV0ACMOBjVyq2Y0eWXmDCzvfOzgdtBrXrtgjXxI9c8fdl1fCjtiCIW4pNzdyenG4sF_yL2Cm3nQZReuAWe9G9mrYjPnWNY4Yr6OE7a6h0C9ierfyfYwAU-P9h6tgWqDTc9/s400/path_mtu_ip_fragmentation_mss.png" width="400" /></a></div>
<br />
As per example topology above, if the host LINUX1 is sending a packet to LINUX3 device. Packet has to go through a path in which there are various MTU sizes involved.<br />
<br />
Path MTU is; assume packet, which is leaving LINUX1 has total length of 1450 bytes. Because the link between LINUX1-LINUX2 has 1500 bytes limit, there is no problem. However, once LINUX2 receives the packet, it sees that the link that it must use to forward this packet has a lower maximum packet capacity than the packet it has. Under normal circumstances, LINUX2 sends back an ICMP notification to LINUX1 and says that <b>“Hey dude, I can’t forward this packet as I have a link having 800 bytes MTU on the way, do something and lower your packet size”</b><br />
<br />
LINUX1 gets this ICMP and lowers its further packets’ maximum sizes to 800 then the packets flow through. Why doesn’t it occur? This is what documents say <b>if the next link MTU is lower than the packet being forwarded, packets are fragmented.</b><br />
<br />
Now the Path MTU discovery comes in:<br />
<br />
<a name='more'></a><b><span style="font-family: Georgia,"Times New Roman",serif;">LINUX1# ip route show cache 192.168.111.2</span></b><br />
<b><span style="font-family: Georgia,"Times New Roman",serif;">192.168.111.2 from 172.30.73.219 via 172.30.73.85 dev eth0</span></b><br />
<b><span style="font-family: Georgia,"Times New Roman",serif;"> cache expires 596sec mtu 800 advmss 1460 hoplimit 64 </span></b><br />
<br />
<br />
Can you see it? Now LINUX1 linux knows that it shouldn’t send any packet bigger than 800 bytes if it wants to send a packet for this destination again. This cache expires in 596sec as it can be seen in the output.<br />
<br />
During my troubleshooting, I asked myself what happens if I just block every ICMP packet sent from LINUX2 device. The answer is communication halts! because LINUX2 doesn’t provide any feedback about the next link MTU and LINUX1 keeps sending its packets still at 1500 bytes. Since DF bit is set, fragmentation can’t happen and everything is stuck. This is a very bad thing indeed!<br />
<br />
So, what can I do from LINUX3 side to prevent this from happening if I can’t inform LINUX1 admin. MSS (Maximum Segment Size) comes in this situation. MSS isn’t a negotiated value indeed due to which what ever LINUX3 tells the other peer during TCP communication, LINUX1 must obey that.<br />
<br />
<b><span style="font-family: Georgia,"Times New Roman",serif;">LINUX3# ip route change 0.0.0.0/0 dev eth0 advmss 700</span></b><br />
<br />
After this command, all the subsequent TCP SYN packets will advertise its MMS as 700 and because LINUX1 will obey this and arrange the packet size according to it, packet flow will not be disrupted. Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-72328108122306000872014-05-27T10:49:00.000+08:002014-05-27T10:49:49.183+08:00Enable USB installation in Bootcamp<div class="separator" style="clear: both; text-align: center;">
<a href="http://jonzy.files.wordpress.com/2010/06/wallpaperv12b1.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://jonzy.files.wordpress.com/2010/06/wallpaperv12b1.png" height="125" width="200" /></a></div>
Before you do anything, make a backup of Info.plist or the whole Boot Camp Assitant app so that you can go back if necessary. Rename it something like "Info old.plist" or "Original Boot Camp Assistant."<br />
<br />
Mandatory steps:<br />
<ul>
<li>Add your model to DARequiredROMVersions</li>
<li>Delete the word "Pre" from UEFIModels and add your model</li>
<li>Delete the word "Pre" from USBBootSupportedModels and add your model</li>
<li>Remove your model from Win7OnlyModels (if its there)</li>
</ul>
<br />
The last step is to do a code sign. Boot Camp Assitant will not run if it's been edited. You need to resign it. Open Terminal (use spotlight to find it) and type this:<br />
<br />
<br />
<b>sudo codesign -fs - /Applications/Utilities/Boot\ Camp\ Assistant.app</b><br />
<br />
Good luck!<b> </b>Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com1tag:blogger.com,1999:blog-7306732139129025494.post-86491006852762719272013-02-20T17:41:00.000+08:002015-07-08T16:04:11.388+08:00Story of AppreciationOne young academically excellent person went to apply for a managerial position in a big company. He passed the first interview, the director did the last interview, made the last decision. The director discovered from the CV that the youth's academic achievements were excellent all the way, from the secondary school until the postgraduate research, Never had a year when he did not score.<br />
<br />
<br />
The director asked, "Did you obtain any scholarships in school?"<br />
<br />
The youth answered "none".<br />
<br />
The director asked, "Was it your father who paid for your school fees?"<br />
<br />
The youth answered, "My father passed away when I was one year old, it was my mother who paid for my school fees.<br />
<br />
<a name='more'></a><br /><br />
The director asked, "Where did your mother work?"<br />
<br />
The youth answered, "My mother worked as clothes cleaner.<br />
<br />
The director requested the youth to show his hands.<br />
<br />
The youth showed a pair of hands that were smooth and perfect.<br />
<br />
The director asked, "Have you ever helped your mother wash the clothes before?"<br />
<br />
The youth answered, "Never, my mother always wanted me to study and read more books. Furthermore, my mother can wash clothes faster than me.<br />
<br />
The director said, "I have a request. When you go back today, go and clean your mother's hands, and then see me tomorrow morning."<br />
<br />
The youth felt that his chance of landing the job was high. When he went back, he happily requested his mother to let him clean her hands. His mother felt strange, happy but with mixed feelings, she showed her hands to the kid.<br />
<br />
The youth cleaned his mother's hands slowly. His tear fell as he did that. It was the first time he noticed that his mother's hands were so wrinkled, and there were so many bruises in her hands. Some bruises were so painful that his mother shivered when they were cleaned with water.<br />
<br />
This was the first time the youth realized that it was this pair of hands that washed the clothes everyday to enable him to pay the school fee. The bruises in the mother's hands were the price that the mother had to pay for his graduation, academic excellence and his future. After finishing the cleaning of his mother's hands, the youth quietly washed all the remaining clothes for his mother. That night, mother and son talked for a very long time.<br />
<br />
Next morning, the youth went to the director's office.<br />
<br />
The Director noticed the tears in the youth's eyes, asked: "Can you tell me what have you done and learned yesterday in your house?"<br />
<br />
The youth answered, "I cleaned my mother's hand, and also finished cleaning all the remaining clothes'<br />
<br />
<b>The Director asked, "please tell me your feelings."<br /><br />The youth said,<br />Number 1, I know now what is appreciation. Without my mother, there would not the successful me today.<br /><br />Number 2, By working together and helping my mother, only I now realize how difficult and tough it is to get something done.<br /><br />Number 3, I have come to appreciate the importance and value of family relationship.<br /><br />The director said, "This is what I am looking for to be my manager. I want to recruit a person who can appreciate the help of others, a person who knows the sufferings of others to get things done, and a person who would not put money as his only goal in life. You are hired.</b><br />
<br />
Later on, this young person worked very hard, and received the respect of his subordinates. Every employee worked diligently and as a team. The company's performance improved tremendously.<br />
<br />
A child, who has been protected and habitually given whatever he wanted, would develop "entitlement mentality"and would always put himself first. He would be ignorant of his parent's efforts.<br />
<br />
When he starts work, he assumes that every person must listen to him, and when he becomes a manager, he would never know the sufferings of his employees and would always blame others.<br />
<br />
For this kind of people, who may be good academically, may be successful for a while, but eventually would not feel sense of achievement.<br />
<br />
He will grumble and be full of hatred and fight for more. If we are this kind of protective parents, are we really showing love or are we destroying the kid instead?Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-21258146492567884492012-11-23T10:23:00.004+08:002015-07-08T16:07:05.683+08:00#OpIsrael<div class="separator" style="clear: both; text-align: center;">
<a href="http://reinep.files.wordpress.com/2012/11/anonymous-opisrael.jpg?w=467&h=350" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://reinep.files.wordpress.com/2012/11/anonymous-opisrael.jpg?w=467&h=350" height="149" width="200" /></a></div>
<span style="font-size: large;"><b>Overview</b></span><br />
<b>#OpIsrael</b> is an Anonymous-led raid to to protest Israel’s Operation Pillar of Defense<sup> </sup>by taking down Israeli government websites through distributed denial of service (DDoS) attacks.<br />
<br />
<span style="font-size: large;"><b>Background</b></span><br />
In
early November 2012, the Israel Defense Forces took to Twitter to
live-update about the status of the fight in Gaza. On November 14th, <span class="caps">IDF</span>
killed Ahmed Jabari, the chief of Hamas’ military wing, in an
airstrike. Being the highest ranking Hamas official to be killed by the <span class="caps">IDF</span> since the 2008 Gaza War, the news of Jabari’s assassination quickly escalated tensions between the two sides.<br />
<br />
<blockquote class="tr_bq">
The <span class="caps">IDF</span>
has begun a widespread campaign on terror sites & operatives in
the #Gaza Strip, chief among them #Hamas & Islamic Jihad
targets. — <span class="caps">IDF</span> (@IDFSpokesperson) November 14, 2012</blockquote>
<br />
<a name='more'></a><br /><br />
<span style="font-size: large;"><b>Notable Development </b></span><br />
<center>
</center>
On November 15th, Anonymous-affiliated blog Anon Relations
claimed that Israel’s government had publicly threatened to cut off
Gaza’s internet access and called for an attack on the country’s most
important websites in retaliation. The post included a “care package”
file in both English and Arabic containing the press release, first aid
instructions, a proxy to hide the user’s IP addresses, a technical guide
on how to get around an internet access ban and a image file of the
Anonymous seal.<br />
<br />
On November 15th, a Pastebin file<sup> </sup>containing more than 650 web addresses defaced as part of the operation
was created by Anonymous Grupo. Additionally, another Pastebin file<sup> </sup>as created to collect useful information for those in Gaza, including
links to the care packages, cell phone apps, medical information,
livestreams, news links and dial-up internet access numbers, among other
resources. The same day, a modified version of the previous day’s
communique was posted to YouTube by Gigabytedrop and a Twitter account<sup> </sup>and Facebook fan page were launched with the designated hashtag for the movement: #OpIsrael.<br />
<br />
Continue reading at <a href="http://knowyourmeme.com/memes/events/opisrael" target="_blank">knowyourname</a> Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-67785321926049367702012-11-22T09:09:00.003+08:002015-07-08T16:04:56.913+08:005 Questions Great Job Candidates Ask<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.jobinterviewperfection.com/images/interview-success.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://www.jobinterviewperfection.com/images/interview-success.jpg" height="125" width="200" /></a></div>
Great candidates ask questions they want answered because they're
evaluating you, your company--and whether they really want to work for
you.<br />
<br />
Here are five questions great candidates ask:<br />
<br />
<b>What do you expect me to accomplish in the first 60 to 90 days?</b><br />
Great candidates want to hit the ground running. They don't want to spend weeks or months "getting to know the organization." They want to make a difference--right away.<br />
<br />
<b>What are the common attributes of your top performers? </b><br />
Great candidates also want to be great long-term employees. Every
organization is different, and so are the key qualities of top
performers in those organizations. Maybe your top performers work longer hours. Maybe creativity is more
important than methodology. Maybe constantly landing new customers in
new markets is more important than building long-term customer
relationships. Maybe it's a willingness to spend the same amount of time
educating an entry-level customer as helping an enthusiast who wants
high-end equipment. Great candidates want to know, because 1) they want to know if they fit, and 2) if they do fit, they want to be a top performer.<br />
<br />
<a name='more'></a><br /><br />
<b>What are a few things that really drive results for the company?</b><br />
Employees are investments, and every employee should generate a
positive return on his or her salary. (Otherwise why are they on the
payroll?) In every job some activities make a bigger difference than others.
You need your HR folks to fill job openings... but what you really want
is for HR to find the <i>right</i> candidates because that results in higher retention rates, lower training costs, and better overall productivity. You need your service techs to perform effective repairs... but what
you really want is for those techs to identify ways to solve problems
and provide other benefits--in short, to generate additional sales.Great candidates want to know what truly makes a difference. They know helping the company succeed means they succeed as well.<br />
<br />
<b>What do employees do in their spare time?</b><br />
Happy employees 1) like what they do and 2) like the people they work with. Granted this is a tough question to answer. Unless the company is
really small, all any interviewer can do is speak in generalities. What's important is that the candidate wants to make sure they have a
reasonable chance of fitting in--because great job candidates usually
have options.<br />
<br />
<b>How do you plan to deal with...?</b><br />
Every business faces a major challenge: technological changes,
competitors entering the market, shifting economic trends... there's
rarely a Warren Buffett moat protecting a small business. So while a candidate may see your company as a stepping-stone, they
still hope for growth and advancement... and if they do eventually
leave, they want it to be on their terms and not because you were forced
out of business. Say I'm interviewing for a position at your bike shop. Another shop
is opening less than a mile away: How do you plan to deal with the new
competitor? Or you run a poultry farm (a huge industry in my area): What
will you do to deal with rising feed costs? A great candidate doesn't just want to know what you <i>think</i>; they want to know what you plan to <i>do</i>--and how they will fit into those plans.Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-81507684977152370642012-11-19T09:39:00.001+08:002012-11-19T09:39:16.687+08:00Hackers obtained access to FreeBSD servers<div class="field field-name-body field-type-text-with-summary field-label-hidden">
<div class="field-items">
<div class="field-item even">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.freebsd.org/logo/logo-full.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="71" src="http://www.freebsd.org/logo/logo-full.png" width="200" /></a></div>
On
Sunday 11th of November, an intrusion was detected on two machines
within the FreeBSD.org cluster. The affected machines were taken offline
for analysis. Additionally, a large portion of the remaining
infrastructure machines were also taken offline as a precaution.<br />
<br />
We have found no evidence of any modifications that would put any end
user at risk. However, we do urge all users to read the report
available at <a href="http://www.freebsd.org/news/2012-compromise.html" shape="rect">http://www.freebsd.org/news/2012-compromise.html</a>
and decide on any required actions themselves. We will continue to
update that page as further information becomes known. We do not
currently believe users have been affected given current forensic
analysis, but we will provide updated information if this changes.<br />
<br />
As a result of this event, a number of operational security changes
are being made at the FreeBSD Project, in order to further improve our
resilience to potential attacks. We plan, therefore, to more rapidly
deprecate a number of legacy services, such as cvsup distribution of
FreeBSD source, in favour of our more robust Subversion, freebsd-update,
and portsnap models.<br />
<br />
Source: <a href="http://www.freebsd.org/news/2012-compromise.html" target="_blank">FreeBSD</a> <br />
</div>
</div>
</div>
Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-68749852446251958802012-11-08T11:47:00.004+08:002012-11-08T11:47:59.999+08:00Singaporeans get hard token baked into credit card<a href="http://news.hitb.org/sites/default/files/styles/article_large/public/field/image/displaycard.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="126" src="http://news.hitb.org/sites/default/files/styles/article_large/public/field/image/displaycard.jpg" width="200" /></a>Two-factor authentication just got a whole lot more convenient for
residents of Singapore, after Standard Chartered Bank's local outfit
teamed with MasterCard to offer account-holders a credit card that is
also a one-time-password-generating hard token.<br />
<br />
MasterCard calls the device a 'Display Card' and says it includes “an embedded LCD display and touch-sensitive buttons”.<br />
<br />
The hard token functionality seems not to have anything to do with
the credit card, as Standard Chartered says it will be used with its
online banking products when customers make “ higher-risk transactions
such as payments or transfers above a certain amount, adding third party
payees, or changing personal details.” If it behaves as other hard
tokens do, punters enter a code with the keyboard, read the resulting
one-time-password on the screen and then enter that code into the
computing device they're using for online banking. Logon credentials for
online banking service will still be required.<br />
<br />
The card's been doing the rounds of Europe for a couple of years now,
scoring a few wins with Turkish, Romanian and Belgian financial
institutions.<br />
<br />
But the win at Standard Chartered, a British outfit with global footprint, gives the technology useful profile.<br />
<br />
Nagra ID security, the Swiss company behind the token-in-a-card,
insists the device will sit happily in one's wallet and offers a three
year warranty, which we believe makes it safe to sit on. The card is, in
all other ways, a completely conventional credit card and can be
embossed, branded and carry holographic security devices like any other
credit card. ®<br />
<br />
Source: <a href="http://www.theregister.co.uk/2012/11/08/hard_token_in_credit_card/" target="_blank">TheRegister</a> Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-16606312385131120012012-11-05T23:51:00.000+08:002012-11-05T23:51:26.520+08:00SSH Forwarding<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.openssh.org/images/openssh.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="65" src="http://www.openssh.org/images/openssh.gif" width="200" /></a></div>
<b>Abstract:</b><br />
When Sun first produced systems, the common way for users to move around a network and to distribute workload was to leverage the Berkeley "r" tools, such as "rsh", "rlogin", "rexec", etc. under Solaris. As academics became professional, security concerns over passwords being passed in the clear were raised and SSH was born. SSH was built with a compatible superset to "rsh", but this was later removed with the second version of the protocol. This document discusses the implementation<br />
of SSH under Solaris.<br />
<br />
<b>Global Configurations</b>:<br />
SSH uses several global configuration files, one for the client, and another for the server. Each of these config files document the default compiler flags under Solaris. The "ssh" client global configuration file can be tailored on a per-user basis while the "sshd" server global configuration file is managed at the global level.<br />
<br />
<b>SSH Server Daemon</b><br />
Under Solaris 10, related OS's, and above - SSHD is started through the services infrastructure.<br />
<br />
<blockquote class="tr_bq">
sunserver/user$ svcs ssh<br />STATE STIME FMRI<br />online Aug_17 svc:/network/ssh:default</blockquote>
There are built-in compiled defaults and global defaults which are reviewed, upon startup, and connection.<br /><br />
The following error may occur due to incorrect configurations:<br /><br />
<blockquote class="tr_bq">
channel 5: open failed: administratively prohibited: open failed</blockquote>
Under Solaris 10, forwarding agent is disabled as a compile flag, and is documented in the global configuration file. If one makes a connection via SSH, and proxies a port - an error message will be produced upon the first connection attempt to the proxied port.<br />
<br />
To allow for the port forwarding, edit the configuration file "/etc/ssh/sshd_config".<br /><br />
<blockquote class="tr_bq">
AllowTcpForwarding yes<br />
GatewayPorts yes<br />
X11Forwarding yes</blockquote>
Restart the "sshd" service, the administrative message disappears.<br /><br />
sunserver/root# svcadm restart sshSlash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-31520180391920838802012-11-03T12:41:00.003+08:002012-11-03T12:41:54.851+08:00Board of Computing Professionals Malaysia<div class="separator" style="clear: both; text-align: center;">
<a href="https://fbcdn-sphotos-h-a.akamaihd.net/hphotos-ak-prn1/522551_375141245864406_1541745823_n.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="150" src="https://fbcdn-sphotos-h-a.akamaihd.net/hphotos-ak-prn1/522551_375141245864406_1541745823_n.jpg" width="200" /></a></div>
There are currently an initiative to establish a Board of Computing Professionals Malaysia (BCPM), which will function to accredit ICT academic programmes, as well as to promote, facilitate and regulate the profession (very much like the Board of Engineers for engineering, and the Bar Council for the legal profession, etc.). This initiative is under the purview of the Ministry of Science and Innovation (MOSTI) and led by the National ICT Human Resource Task Force under the Ministry of Higher Education (MOHE) and within the ICT Human Capital Development Framework.<br />
<br />
They invited all ICT practitioners and those related to the profession to participate in an on-line survey that will be open for responses from Sunday 28 Oct 2012 to Sunday 4 November 2012 (24:00). The survey aims to solicit feedback from the ICT community to determine the overall suitability and general acceptance to the proposal for the establishment of the BCPM. The survey site is avialable <a href="http://kict.iium.edu.my/survey/" target="_blank">here.</a><br />
<br />
The introduction to the survey and the instructions for filling the questionnaire will be provided at the stated site, as well as a link to another site that provides the general context to the proposal. Although we do not foresee any problem that may occur at the said site, should there be difficulties, an alternative site will be made available <a href="http://cserver.cs.usm.my/bcpm/" target="_blank">here.</a>Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-8768004770472811882012-11-02T17:24:00.003+08:002012-11-02T17:24:58.372+08:00udc-hackssh-v3_bajaulaut-v1.2<div class="separator" style="clear: both; text-align: center;">
<a href="https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcSccW-57-eXrEHIdhS1-K1a3D16xDqZT9gQsvY6TVzIxNL_Z-r7" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="147" src="https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcSccW-57-eXrEHIdhS1-K1a3D16xDqZT9gQsvY6TVzIxNL_Z-r7" width="200" /></a></div>
udc-hackssh_bajaulaut is an openssh backdoor combined with reverse shell capability and part of udc-kolansong rootkit. The idea was to make use of openssh binary to control target and/or victim machines.<br />
<br />
If you received something like <b>"ssh_exchange_identification: Connection closed by remote host"</b>, this tool may make your life easy. Telnet to target machine and issue 'udc_gamai_magic' string. Once sent, sshd will then execute and connect to your 'client' machine on port 8080.<br />
<br />
However, this patch has limitation. It can ONLY execute reverse openssh command to the machine where the telnet command execute from.<br />
<br />
Download udc-hackssh-v3_bajaulaut-v1.2 <a href="http://packetstormsecurity.org/files/117823/OpenSSH-6.0p1-Backdoor-Patch-1.2.html" target="_blank">here</a>. Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com1tag:blogger.com,1999:blog-7306732139129025494.post-59579143819497484162012-10-18T22:35:00.000+08:002012-11-01T20:38:36.868+08:00uDc-hackssh-v3_bajaulaut public version<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcSccW-57-eXrEHIdhS1-K1a3D16xDqZT9gQsvY6TVzIxNL_Z-r7" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="147" src="https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcSccW-57-eXrEHIdhS1-K1a3D16xDqZT9gQsvY6TVzIxNL_Z-r7" width="200" /></a></div>
Lately, I have a small project that required an encrypted communication sessions over a network like openssh. However, I found one machine which interest me more then the others which is placed at highly secured zone. So, I had this crazy idea similar to <span class="st"><a href="http://packetstormsecurity.org/files/23235/openssh.reverse.tgz.html" target="_blank">Sebastian Krahmer</a> but with more capabilities. </span><br />
<span class="st"><br /></span>
<span class="st">The idea was to manipulate and make use of openssh, and without additional rootkit to control and maintain root access on the target machine including machines placed at other network zones.</span><br />
<span class="st"><br /></span>
Long story short,<span class="st"> I am publishing a public version of this "toy" but without the other "crazy things" for security reasons ;). Actually, this public version is nothing new. It is a combination of known openssh backdoor and openssh reverse capabilities as I mentioned above. You can download them <a href="http://packetstormsecurity.org/files/117523/OpenSSH-6.0p1-Backdoor-Patch.html" target="_blank">here</a>.</span><br />
<br />
<span class="st"> </span><b>CHANGES:</b><br />
- updated for openssh-5.x version<br />
- add reverse capabilities based on openssh.reverse <br />
<br />
<b>FEATURES:</b><br />
- use hardcoded DES cipher password<br />
- ssh has the capablitiy to act as a server<br />
- sshd has the capability to act as a client <br />
<br />
<br />Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-73048292300263566492012-09-28T17:30:00.000+08:002012-09-28T17:52:55.129+08:00HITB - Keeping Knowledge Free for Over a Decade<div class="separator" style="clear: both; text-align: center;">
<a href="http://conference.hitb.org/images/conflogo.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="60" src="http://conference.hitb.org/images/conflogo.png" width="200" /></a></div>
Some of you might remember the first HITB conference at Cititel Hotel,
Kuala Lumpur back in 2003. That year HD Moore spoke about Metasploit
back when it was just the Metasploit Framework. That very conference
also marked the last public appearance for LSD Group aka The Hackers Who
Broke Windows. Sounds like a decade ago? Well, you are right. Believe
it or not, it has been TEN YEARS since HITB CREW first conference and what a
ride it has been – ten great years, three continents, hundreds of
speakers, thousands of attendees and a lifetime of stories.<br />
<br />
<b>Other Conference Activities:</b><br />
<u><b>HackWeekDay </b></u><br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-CdZGueJBSSqCHxWZMq3phqQ0fciEQ66Lejv_d91X3OpJaFjkReQgbC2s2255lkRJQ2eYVM0BEXzPwNJjk6gXkCs3Nlii1wg1LnEPbn3nNm_2cGEX8DfFo_eZ7v_dNRzD3FX8xwC9hSka/s1600/2004-win.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-CdZGueJBSSqCHxWZMq3phqQ0fciEQ66Lejv_d91X3OpJaFjkReQgbC2s2255lkRJQ2eYVM0BEXzPwNJjk6gXkCs3Nlii1wg1LnEPbn3nNm_2cGEX8DfFo_eZ7v_dNRzD3FX8xwC9hSka/s200/2004-win.jpg" width="200" /></a>Following the success of HackWEEKDAY held for the first time last year at the HITB Security Conference in Kuala Lumpur,
HITB2012KUL will see the introduction of HackWEEKDAY – Hack-to-Hack <br />
<br />
An all new 36 hour hackathon which will will run alongside our 10th year
anniversary conference kicking off on the evening of October 9th
(training day 2).<br />
<br />
Registration is COMPLETELY FREE and we have space for 50 developers in
total comprising a mix of .edu and professional developers.<br />
<br />
<u><b>CommsecVillage</b></u><br />
The HITB CommSec Village is our new Community and Security area
dedicated to highlighting various security related projects from the
open source community and from various hackerspaces. These communities
will have their own playground and demonstration area to show off their
projects and a chance to interact with the conference attendees.<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgovxeF3WTUaG504-Qv1G286pHCjquwLCsol6w2_xmmAGbnjKA4tPkgFordZqZS-sCz5MjkIa5joQMqqwdX7jfDu_OLGO0cpGJp-w_vhi0SQla1WOx94ggWEkVDoluZd9YHLH_2fujtO3yy/s1600/2005-win.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="132" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgovxeF3WTUaG504-Qv1G286pHCjquwLCsol6w2_xmmAGbnjKA4tPkgFordZqZS-sCz5MjkIa5joQMqqwdX7jfDu_OLGO0cpGJp-w_vhi0SQla1WOx94ggWEkVDoluZd9YHLH_2fujtO3yy/s200/2005-win.jpg" width="200" /></a><u><b>Capture The Flag</b></u><br />
To celebrate the 10th year anniversary of HITBSecConf, the CTF Overlords
and CTF Crews 1.0, 2.0 and the all-new 3.0 will be coming together to
work on a 32 HOUR NON STOP CAPTURE THE FLAG COMPETITION which we’re
calling CTF Weapons of Mass Destruction – Fallout Apocalypse!<br />
<br />
In
our previous CTF Weapons of Mass Destruction, Teams had a set of daemons
/ services running on their machines and they had to exploit rival
teams’ daemons to steal their flags. Submit the flags to obtain
offensive points and also unlock nuclear weapons that can be launched
against rival teams. For defensive points, all the team had to do was to
keep their daemons up and running.Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-68817257519692285992012-05-12T19:10:00.000+08:002012-05-12T19:30:27.669+08:00Hukum, Khatan Wanita dan Bagaimana Rasulullah<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicSH-M__No5xEIiU6AtzUbTEHygETtNn5S_ueNPab_-2w0RRDvMX4-Vx-dmv3kL9XfKHDPgqMRwf1doNHrLZsMBsv1mMFP-g_39UO1Mm9zLa0WxwYPUTkkI5vUWJHXHvA46MImuyRMHFNp/s1600/Islam.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicSH-M__No5xEIiU6AtzUbTEHygETtNn5S_ueNPab_-2w0RRDvMX4-Vx-dmv3kL9XfKHDPgqMRwf1doNHrLZsMBsv1mMFP-g_39UO1Mm9zLa0WxwYPUTkkI5vUWJHXHvA46MImuyRMHFNp/s200/Islam.jpg" width="200" /></a></div>
<span style="font-family: trebuchet ms,geneva; font-size: small;">Dalil utama berkaitan 'Khatan' adalah</span><br />
<div align="justify">
<br /></div>
<div style="text-align: right;">
<span style="font-size: large;"><b><span style="font-family: trebuchet ms,geneva;">خمس من الفطرة : الختان والإستحداد وتقليم الأظافر ونتف الإبط وقص الشارب</span></b></span></div>
<div align="justify">
<br />
<i><span style="font-family: trebuchet ms,geneva;"><span style="font-size: small;"><b>Ertinya</b><b>:</b><b> Lima perkaea fitrah : berkhatan, mencukur bulu kemaluan, memotong kuku, mencabut bulu ketiak (cukur), memendekkan misai.</b><b> ) </b><b>Riwayat</b><b> Muslim)</b></span></span></i></div>
<div align="justify">
<br />
<span style="font-family: trebuchet ms,geneva; font-size: small;"> Pandangan para ulama dalam memahami hadith di atas terbahagi kepada tiga kumpulan:</span></div>
<div align="justify">
<br /></div>
<div align="justify">
<span style="font-family: trebuchet ms,geneva; font-size: small;">1)
Hukumnya sunat bagi lelaki dan wanita . Ia adalah pandangan Imam Malik
dalam satu riwayat, Abu Hanfiah dan sebahagian ulama mazhab Syafie.</span></div>
<br />
<div align="justify">
<span style="font-family: trebuchet ms,geneva; font-size: small;">2)
Wajib bagi lelaki dan wanita . Demikian fatwa Mazhab Syafie dan
kebanyakan Ulama dan juga pandangan Imam Suhnun anak murid Imam
Malik. </span></div>
<div align="justify">
<br />
<span style="font-family: trebuchet ms,geneva; font-size: small;">3) Wajib bagi lelaki dan hukumnya sunat bagi wanita. Demikian sebahagian ulama Syafie, dan mazhab Hanbali.</span></div>
<div align="justify">
<br />
<span style="font-family: trebuchet ms,geneva; font-size: small;">Kesimpulan
perkara, disepakati bahawa khatan bagi lelaki adalah wajib, dan jika
warga lelai satu negara semuanya tidak berkahatan, maka pemerintah perlu
bertindak ke atas mereka.</span><br />
<br /></div>
<span class="fullpost">Syeikh Atiyyah Saqar memberikan ijtihad beliau setelah meneliti dalil-dalil yang ada..katanya tiada dalil yang sohih serta terlepas dari komentar yang menunjukkan wajib bagi wanita untuk berkhatan.<br /><br />
Syeikh Mahmud Syaltut (bekas Syeikhul Azhar) pula mengatakan bahawa para doktor berkata kesan daripada wanita tidak berkhatan adalah akan menaikkan syahwatnya dan dibimbangi mendorong kepada sesuatu yang tidak diingini.<br /><br />
Berkata pula Prof. Dr Md Hasan Al-Hafnawi , pakar perubatan kulit di kuliah perubatan al-azhar dan Dr Md Sadiq selepas meliaht hadith2 Nabi, mereka memberi pandangan dari aspek perubatan.<br /><br />
"Kelentt" wanita (yang dipotng sebahagian jika dikhatan) yang berada di pangkal faraj wanita memberi rangsangan terkuat untuk hubungan lelaki dan wanita, dan kekuatan rangsangannya boleh mencecah 7 kali lebih sensitif dari zakar lelaki.."<br /><br />
dan pelabagi lagi hasil kajian mereka yang tidak sempat saya terjemahkan. di akhirnya pakar perubatan ini berkata :<br /><br />
"Demi menjaga maruah dan kehormatan wanita dan kewanitaannya, wajiblah kita mengikuti ajaran Islam dalam hal ini, yang terbaik bagi wanita adalah "isymam" atau memotong sedikit hujung dari kelentit ( Majalah, Oktober 1994).<br /><br />
Syeikh Dr Yusof Al-Qaradawi setelah membawakan dalil-dalil bagi kumpulan yang mewajibkan berkata, hadith-hadith dalam hal wajib khitan bagi wanita adalah lemah . Justeru khitan adalah wajib bagi lelaki sahaja, dan tidak wajib dan tidak juga sunat bagi wanita..Hanyalah harus bagi wanita, dan digalakkan jika boleh membawa kepd manfaat, dan tidak digalakkan jika sebaliknya.<br /><br />
Qaradawi juga berkata, setakat pengetahuannya bahawa wanita2 arab kebanyakkan tidak berkhitan kecuali mesir dan sudan. Adapun negara arab di Teluk dan maghribi..tiada khatan bagai wnaitanya, dan ulamanya juga senyap tiada memberi komen.<br /><br />
<b>Rasulullah Berkhatan</b><br />
Menurut pandangan dan kajian oleh Imam Ibn Qayyim dalam kitabnya Zadul Ma'ad, pandangan yang paling tepat adalah Rasulullah SAW di khatankan oleh Abd Mutalib pada hari ketujuh kelahiran baginda mengikut kebiasaan Arab.<br /><br />
Dan padangan bahawa Rasululllah SAW dilahirkan dalam keadaaan berkahatan adalah lemah, demiian juga pandangan yang menyatakan bahawa JIbrail as yang mengkhatankan baginda semasa membelah dada baginda SAW.<br /><br />
Reference: <a href="http://zaharuddin.net/fiqh-ibadah/234-hukum-khatan-wanita-a-bagaimana-rasulullah-.html" target="_blank">zaharuddin.net</a><br /><br />
</span>Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com1tag:blogger.com,1999:blog-7306732139129025494.post-32894754719128045222012-03-22T18:35:00.002+08:002012-05-12T18:18:04.655+08:00Ustaz Azhar Idrus Menjawab - Taharah: Hukum Kencing Tidak Lawas<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh31Nb9ntKqrva1-84pXUDbAExauKoAaihyLAWlj-wtcEkWIabv8b33bdAVOu4Dvr0GToeh8iXzyFHnHLWVnima1Jwhq4V0vZE4ngotHDGfXrZRc5VTynn6vie7T5tceTK0FbUrAQp-n353/s1600/Anda+Bertanya+Ustaz+Azhar+Idrus+Menjawab+Berkenaan+Isu+Semasa.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh31Nb9ntKqrva1-84pXUDbAExauKoAaihyLAWlj-wtcEkWIabv8b33bdAVOu4Dvr0GToeh8iXzyFHnHLWVnima1Jwhq4V0vZE4ngotHDGfXrZRc5VTynn6vie7T5tceTK0FbUrAQp-n353/s200/Anda+Bertanya+Ustaz+Azhar+Idrus+Menjawab+Berkenaan+Isu+Semasa.jpg" width="133" /></a><b>Hukum Kencing Tidak Lawas</b><br />
<br />
<b>SOALAN:</b> Sebahagian orang mengalami masalah kencing berterusan atau kencing tidak lawas. Malah, ada yang sentiasa terkeluar mazi. Adakah hukum taharah dan ibadah bagi kedua-dua keadaan itu sama?<br />
<br />
<b>JAWAPAN:</b> Keluar kencing berterusan adalah sama dengan keluar mazi berterusan kerana kedua-dua ini dihukum sebagai <i>daaimul hadas</i> iaitu hadas sentiasa ada. Justeru, orang yang mengalami masalah ini perlu membasuh kemaluan dan memakai lampin ataupun menutup dengan sebarang kain. Kemudian berwuduk dengan sempurna. Wuduk ini hanya sah bagi satu solat fardu dan beberapa solat sunat sahaja.<br />
<br />
<br />
<b>RUJUKAN LAIN:</b><br />
Youtube<br />
<a href="http://www.youtube.com/watch?v=5qk6o2_LP2w">http://www.youtube.com/watch?v=5qk6o2_LP2w</a><br />
<a href="http://www.youtube.com/watch?v=5qk6o2_LP2w" target="_blank">http://www.youtube.com/watch?v=oSyaiOM-Tlc </a><br />
<b> </b><br />
Halaqah<br />
<a href="http://halaqah.net/v10/index.php?topic=9377.0">http://halaqah.net/v10/index.php?topic=9377.0</a><br />
<br />
Berita Harian<br />
<a href="http://www.bharian.com.my/bharian/articles/Kencingtaklawas/Article/index">http://www.bharian.com.my/bharian/articles/Kencingtaklawas/Article/index</a>Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-35159636743125490432012-03-17T01:03:00.003+08:002012-03-17T01:11:05.266+08:00Aku Anak Kampung Tiada Pelajaran<div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/7rvYOXNnHGA?feature=player_embedded' frameborder='0'></iframe> </div><div class="text_exposed_root text_exposed" id="id_4f636f96e22788876392867" style="text-align: center;">Memang aku ini<br />
anak orang miskin<br />
tiada apa-apa yang dapat ku berikan<br />
engkau memang cantik<br />
memang tidak padan dan tidak sepadan<br />
<span class="text_exposed_show"> <br />
aku anak kampung<br />
tiada pelajaran<br />
kuli-kuli sahaja<br />
memang tidak padan<br />
cantik bah kau itu<br />
banyak yang tergoda lagi orang kaya<br />
<br />
Tiada kereta ku bawa kau jalan-jalan<br />
rumah ku pun tiada adapun bapa punya<br />
apa lagi belanja mau bayar berian kahwin sama kamu<br />
<br />
bukannya ku tidak suka sama kamu<br />
tapi aku takut hidup kau kan sengsara<br />
kerna aku cinta aku lepaskan kau sama orang lain<br />
<br />
engkau masih muda cantik lagi menawan<br />
janganlah kau cari lelaki macam saya<br />
engkau memang cantik<br />
nanti kau menyesal tiada guna 3x<br />
<br />
tiada kereta ku bawa kau jalan-jalan<br />
rumah ku pun tiada adapun bapa punya<br />
apa lagi belanja mau bayar berian kahwin sama kamu<br />
<br />
bukannya ku tidak suka sama kamu<br />
tapi aku takut hidup kau kan sengsara<br />
kerna aku cinta aku lepaskan kau sama orang lain</span></div><br />
<span class="fullpost"> </span>Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-11401586015835165442012-02-07T20:48:00.001+08:002012-02-07T21:01:20.714+08:005 Sebelum 5<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiD8D3FxV7pxWgh0EnisAd5fbIFyI0CNl6kneZB3ke3cMjLrqLtDnkPl9ttMHUOTZaA6OT7w8ljpXuTxoLlZ41FvvVgWkYVuEbmTyc3zOUHxuIL4ASutAHPzY-pMU97-tRFu1hCAZZklKcV/s1600/azhar+idrus+24+Mac+2011.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiD8D3FxV7pxWgh0EnisAd5fbIFyI0CNl6kneZB3ke3cMjLrqLtDnkPl9ttMHUOTZaA6OT7w8ljpXuTxoLlZ41FvvVgWkYVuEbmTyc3zOUHxuIL4ASutAHPzY-pMU97-tRFu1hCAZZklKcV/s200/azhar+idrus+24+Mac+2011.jpg" width="140" /></a></div>Rasulullah SAW bersabda yang bermaksud: "Rebut lima perkara sebelum datang lima perkara. Masa sihat sebelum sakit, kaya sebelum miskin, lapang sebelum sibuk, muda sebelum tua dan hidup sebelum mati." (Hadis riwayat al-Hakim dan al-Baihaqi)<br />
<br />
Janganlah bertangguh-tangguh dalam berbuat kebaikan dan rebutlah 5 perkara sebelum datangnya 5 perkara.<br />
<br />
Beribadatlah, dan lakukanlah ibadat sunat disamping ibadat fardhu semasa sihat sebelum datangnya kesakitan,<br />
<br />
Bersedekahlah semasa masih kaya (berharta) sebelum ditimpa kemiskinan.<br />
<br />
Berzikirlah sewaktu masih mempunyai kelapangan sebelum dilanda kesibukan, misalnya di waktu pagi sebelum melakukan kerja-kerja harian dan di waktu petang setelah selesai bekerja.<br />
<br />
Carilah keperluan dunia dan akhirat semasa masih muda dan mempunyai kekuatan tenaga sebelum datangnya tua dan tidak mempunyai kekuatan.<br />
<br />
Beramallah di sini (semasa berada di dunia) semasa hidup kerana ia berguna selepas kematian nanti (semasa di akhirat). Di sana kita tidak lagi dapat beramal.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/-KyK9tYNUsw?feature=player_embedded' frameborder='0'></iframe></div>Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0tag:blogger.com,1999:blog-7306732139129025494.post-61738522121528924962012-01-23T14:32:00.001+08:002012-01-23T14:55:07.583+08:00Playing For Change<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFlnDvZV6I2B69fPz1BjvGmqxhRwMj717Hj-vExQZLiWmubFg5IanPMv5q5XEXX_i2QZn6VA9Q_nrbWq4Nc6VS6Cil_2zXSukltnUq-C1ZtNxh0A7iYPwKIx5Qbp7qwCnEqht1OKkSwcqE/s1600/playingforchange.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="106" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFlnDvZV6I2B69fPz1BjvGmqxhRwMj717Hj-vExQZLiWmubFg5IanPMv5q5XEXX_i2QZn6VA9Q_nrbWq4Nc6VS6Cil_2zXSukltnUq-C1ZtNxh0A7iYPwKIx5Qbp7qwCnEqht1OKkSwcqE/s200/playingforchange.gif" width="200" /></a></div>Playing for Change is a multimedia movement created to inspire, connect, and bring peace to the world through music. The idea for this project arose from a common belief that music has the power to break down boundaries and overcome distances between people. No matter whether people come from different geographic, political, economic, spiritual or ideological backgrounds, music has the universal power to transcend and unite us as one human race. And with this truth firmly fixed in our minds, we set out to share it with the world. Playing For Change also created a separate <a class="mw-redirect" href="http://en.wikipedia.org/wiki/Non-profit_organization" title="Non-profit organization">non-profit organization</a> called the Playing For Change Foundation which builds music schools for children around the world.<br />
<br />
The project started in <a href="http://en.wikipedia.org/wiki/2004" title="2004">2004</a> with the organization's self described goal to "inspire, connect, and bring peace to the world through music". The creators of the project, Mark Johnson and Enzo Buono, traveled around the world to places such as <a href="http://en.wikipedia.org/wiki/New_Orleans" title="New Orleans">New Orleans</a>, <a href="http://en.wikipedia.org/wiki/Barcelona" title="Barcelona">Barcelona</a>, <a href="http://en.wikipedia.org/wiki/South_Africa" title="South Africa">South Africa</a>, <a href="http://en.wikipedia.org/wiki/India" title="India">India</a>, <a href="http://en.wikipedia.org/wiki/Nepal" title="Nepal">Nepal</a>, the <a href="http://en.wikipedia.org/wiki/Middle_East" title="Middle East">Middle East</a> and <a href="http://en.wikipedia.org/wiki/Ireland" title="Ireland">Ireland</a>. Using mobile recording equipment, the duo recorded local musicians performing the same song, interpreted into their own style. Among the artists participating, or openly involved in the project, include <a href="http://en.wikipedia.org/wiki/Vusi_Mahlasela" title="Vusi Mahlasela">Vusi Mahlasela</a>, <a href="http://en.wikipedia.org/wiki/Louis_Mhlanga" title="Louis Mhlanga">Louis Mhlanga</a>, <a class="mw-redirect" href="http://en.wikipedia.org/wiki/Clarence_Bekker" title="Clarence Bekker">Clarence Bekker</a>, <a class="new" href="http://en.wikipedia.org/w/index.php?title=Tal_Ben_Ari_%28Tula%29&action=edit&redlink=1" title="Tal Ben Ari (Tula) (page does not exist)">Tal Ben Ari (Tula)</a>, <a href="http://en.wikipedia.org/wiki/Bono" title="Bono">Bono</a>, <a href="http://en.wikipedia.org/wiki/Keb%27_Mo%27" title="Keb' Mo'">Keb' Mo'</a>, <a href="http://en.wikipedia.org/wiki/David_Broza" title="David Broza">David Broza</a>, <a href="http://en.wikipedia.org/wiki/Manu_Chao" title="Manu Chao">Manu Chao</a> and <a href="http://en.wikipedia.org/wiki/Grandpa_Elliott" title="Grandpa Elliott">Grandpa Elliott</a>.<br />
<br />
The project's first single "<a href="http://en.wikipedia.org/wiki/Stand_by_Me_%28song%29" title="Stand by Me (song)">Stand by Me</a>", began with a <a class="mw-redirect" href="http://en.wikipedia.org/wiki/Santa_Monica" title="Santa Monica">Santa Monica</a> street performer named Roger Ridley (now deceased). The duo traveled the world, recording more and more musicians. All of these versions were considered for mixing a pastiche final version.Slash The Undergroundhttp://www.blogger.com/profile/11809812496786804883noreply@blogger.com0