Planet Fakap

Assalamualaikum,

It has been long since my last post on my blog.  Hmm, am i busy for the whole past few months? the answer is ‘NO’.  It’s just i don’t have any idea on what topic to write.  But from now onwards, i will try to update this blog regularly since someone encourage me to keep on writing my blog - so she could read and know the happenings on my life through reading.

She is someone I knew for about 3 weeks and already gave a big impact on my daily life routines.  Is she special? Yes, she is.  She make me feel loved again.  Heh, it’s been a while huh~  I never notice that my heart could pound fast enough to generate appropriate amount of adrenalin to love someone. LOL.

Why is she so special?  First of all, she has a pleasant personality and easy going type of person.  Which makes me feel comfortable when I hangout with her.  She knew when to stop and when to push the throttle to the max when it comes to relationship.  She’s adorable and lovely(Bonus).  She know how to make impact in my life so that i will miss her when she wasn’t around.

Unfortunately, she will only be here until 20th March 2010.   But then, we will meet again in 6 months time.   Till then, I will keep on writing and update my life stories.  We won’t meet this weekend due to her sister’s wedding in Perlis, but we will meet next week.  Can’t wait to meet u dear.  I’ve already missing this much~!

Bye

During a recent conversation with a friend, the topic of intelligence gathering came up. The idea is to utilize available services such as search engines, underground hacker forums, and IRCs to determine security compromise to the organization. The goal is to utilize intelligence to complement current network security monitoring infrastructure and data leakage prevention. For example, I want to know if my IPs are part of a botnet, have been hacked, backdoored, or being used for other malicious means. Yes, I can scour all the logs and stuff like that, but is it enough?

Quite naturally, the subject moved to using Google (or any search engines) to find if your IP addresses are being used maliciously. A simple example is transparent proxy. The underground community uses proxy to cover their tracks and making investigations harder (but not impossible), while blackhat SEOs (search engine optimizations) uses proxying for automated links and comments spamming. The list of available proxies are updated very frequently, and the sources on the net are enormous.

So, how do you know if your webserver has been misconfigured or hacked which turned it to become a proxy server? You do a Google search. Having an interest in .gov.my websites, we searched for www.mampu.gov.my's IP address (202.75.4.243) in Google, giving it a simple search query of "202.75.4.243 proxy" (link). The results are surprising:













Based on Google's search results, it seems that www.mampu.gov.my was listed as a proxy in various forums in July 2009. My guess is the website was probably configured, or hacked. No one knows. A lot more investigations are needed to know how long the proxy was open, and how it was utilized by the underground hackers and blackhat SEOs.

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

This is an old news which I have been unable to verify. For non-Malaysian readers, the short of the new is: UMNO have spent RM300 million public funds to hire 300 hackers from Chennai, India, in order to monitor information and news from pro-Pakatan Rakyat bloggers. Sources said that the hackers are paid up to RM100,000 per month, with accommodation and free car each. They have expertise in computer and web hacking, their job is classified as 'top secret' and is under the direct supervision of the Prime Minister's department. They are hired to hack (and destroy?) computer systems belonging to Pakatan Rakyat at the next general election.

Well, this all sounds sensationalist and propagandist - up to you to decide whether there's any truth to the allegations. And don't ask my opinions as I don't have any.

Here's the full news at the Suara Keadilan website: RM300 Juta Upah Penggodam Halang PR Dalam PRU-13

Here's a Google translation: Google Translation

And the obligatory screenshot:

I was at the usual mamak joint, having dinner with my family when a homeless guy came in and sat. If this was one of those fancy mamak (read: Pelita, D’Kayu and etc), he would have been chased out of the joint in an instance. Not at this joint. He was treated just like everybody [...]

• Brand - Ubuntu Wiki

Morsetexter is an application to send SMS using morse code for symbian V2.X phones. It is not for latest symbian phone such as symbian 3rd or 5th versions. This application is good to amateur radio operators to sharpen their morse code sending skills. To iphone users, try iditdah from KB1OOO.

How this things work ?

When you send a message to "73s" using your APRS setup, the 73s computer will pickup the message that you sent and relay it out to Twitter. For more information, visit http://73s.org.

Ham radio and linux is my main passion right now. im writing this post to encourage all ham radio operators to consider using open source operating system for their everyday task such as controlling their rigs, logging, plotting, creating new electronic circuits, designing new antennas, encoding or decoding morse code, psk31, rtty, APRS tracking system and much more.

Quote of the day

"A Linux box is both a powerful communications platform and a really neat gadget! What ham could resist? - Jerry KF6VB"

My email used to be bombarded with spam or phising emails either for Paypal, Maybank or CIMB and sometimes Amazon as well. Usually these emails are in the same format (sometimes even same wordings), same email subject and lil bit different header images and of cause different sender address. But today (the email actually received yesterday but I only open my trusted Thunderbird today) the content is lil bit different, convincing enough and yeah even the sender address seems like from legitimate source for the unsuspecting users.

As usual my Thunderbird categorized this email as probable Scam Email (as for some of my unfortunate friends email as well haha). Anyway for the first time I just remove the Scam tag and let the image load (after checking the email content source of cause).

As you can see the link stated in this email SEEMS to point to actual maybank2u website. But wait.. do not click it yet. Just move your mouse over the link and you can see the exact place where this link will lead you..

Yup.. Instead of going to maybank2u website, the link actually will lead (or mislead in this case) you to http://foto.asmul.com/gallery2/modules/icons/iconpacks/KSIcons/M2ULogin.doaction=Login.htm . So what if you really click on that link? For a start Firefox will not publish the site immediately but will give you an ample warning about that site instead.

And if you superbly ignorant or stubborn and choose to ignore the warning instead, you will be presented with this page

Ok even though the page bear resemblance with the actual maybank2u login page (refer image below) but IF you compare with these two, there are few glaring items that HOPEFULLY will make you aware that you are in a wrong/spoof/phising/tipu/kencing site.

The most obvious one is the address of the link. IF you are presented with maybank2u login page but the url shows address others BUT maybank2u’s, close your browser/tab and for precautionary move, run your antivirus or whatever anti spyware/bot/adware that you have in order to detect any possible unwanted malware (malicious software) downloaded unwittingly into your precious computer.

Like in this case, instead of having this address on the url field: https://www.maybank2u.com.my/mbb/m2u/common/M2ULogin.do?action=Login; you can see the address actually is http://foto.asmul.com/gallery2/modules/icons/iconpacks/KSIcons/M2ULogin.doaction=Login.htm with maybank2u login page.

Besides there’s a date on actual maybank2u’s login page, there are other differences that you should notice. Be my guest to download the images and play the “spot the different” between those images yourself as I’ve had enough of this game during my school years

Well what will happen if you login or inserting your credential at this page..

Unless your username is testing and the password is 12345678abcd, you have nothing to worry about. And even with this false information, the page will “process” and lead you to another page..

Yup.. the infamous “update your Profile” page. Again unless your email is spongebob@krustykrab.com (is it yours?? sorry but I think you do not have maybank2u account rite? You do?…)

And the rest of the process is similar with the old phising scam.. Get TAC number, enter your TAC number, and the usual do not login to your account within 24 hours..

That’s for now. it seems there’s something interesting from the traffic generated by these activities. Will update on later post.

Oh yeah, it seems the site has been taken down

Anyway.. be careful and IF you have doubts, ALWAYS call your bank whenever you received any email from them. Just for confirmation and yeah you have to call them even you know that their Customer service is SUCKS..

Burn CD dengan dd command

Dah lama tak menulis.. agak sibuk. Tadi baru burn CD gune DD command..dah lama tak main "dd" ni...

Mula-mula check kat mana posisi disk kita...

root@auber:~# cdrecord -scanbus



scsibus1:
1,0,0 100) 'TSSTcorp' 'CD/DVDW SH-S182F' 'SB01' Removable CD-ROM
1,1,0 101) *
1,2,0 102) *
1,3,0 103) *
1,4,0 104) *
1,5,0 105) *
1,6,0 106) *
1,7,0 107) *

Then kalo tengok kat atas posisi dia 1,0,0...

root@auber:~# cdrecord -v -dao -dev=1,0,0 /backup/debian-504-i386-CD-1.iso



TOC Type: 1 = CD-ROM
scsidev: '1,0,0'
scsibus: 1 target: 0 lun: 0
WARNING: the deprecated pseudo SCSI syntax found as device specification.
Support for that may cease in the future versions of wodim. For now,
the device will be mapped to a block device file where possible.
Run "wodim --devices" for details.
Linux sg driver version: 3.5.27
Wodim version: 1.1.9
SCSI buffer size: 64512
Device type : Removable CD-ROM
Version : 5
Response Format: 2
Capabilities :
Vendor_info : 'TSSTcorp'
Identification : 'CD/DVDW SH-S182F'
Revision : 'SB01'
Device seems to be: Generic mmc2 DVD-R/DVD-RW.
Current: 0x0009 (CD-R)
Profile: 0x0015 (DVD-R/DL sequential recording)
Profile: 0x0016 (DVD-R/DL layer jump recording)
Profile: 0x002B (DVD+R/DL)
Profile: 0x001B (DVD+R)
Profile: 0x001A (DVD+RW)
Profile: 0x0014 (DVD-RW sequential recording)
Profile: 0x0013 (DVD-RW restricted overwrite)
Profile: 0x0012 (DVD-RAM)
Profile: 0x0011 (DVD-R sequential recording)
Profile: 0x0010 (DVD-ROM)
Profile: 0x000A (CD-RW)
Profile: 0x0009 (CD-R) (current)
Profile: 0x0008 (CD-ROM)
Profile: 0x0002 (Removable disk)
Using generic SCSI-3/mmc CD-R/CD-RW driver (mmc_cdr).
Driver flags : MMC-3 SWABAUDIO BURNFREE
Supported modes: TAO PACKET SAO SAO/R96P SAO/R96R RAW/R16 RAW/R96P RAW/R96R
Drive buf size : 1056000 = 1031 KB
Beginning DMA speed test. Set CDR_NODMATEST environment variable if device
communication breaks or freezes immediately after that.
FIFO size : 12582912 = 12288 KB
Track 01: data 645 MB
Total size: 741 MB (73:28.32) = 330624 sectors
Lout start: 741 MB (73:30/24) = 330624 sectors
Current Secsize: 2048
ATIP info from disk:
Indicated writing power: 6
Is not unrestricted
Is not erasable
Disk sub type: Medium Type C, low Beta category (C-) (6)
ATIP start of lead in: -11231 (97:32/19)
ATIP start of lead out: 359846 (79:59/71)
Disk type: Short strategy type (Phthalocyanine or similar)
Manuf. index: 27
Manufacturer: Prodisc Technology Inc.
Blocks total: 359846 Blocks current: 359846 Blocks remaining: 29222
Speed set to 8468 KB/s
Starting to write CD/DVD at speed 48.0 in real SAO mode for single session.
Last chance to quit, starting real write in 0 seconds. Operation starts.
Waiting for reader process to fill input buffer ... input buffer ready.
Performing OPC...
Sending CUE sheet...
Writing pregap for track 1 at -150
Starting new track at sector: 0
Track 01: 645 of 645 MB written (fifo 100%) [buf 99%] 41.6x.
Track 01: Total bytes read/written: 677117952/677117952 (330624 sectors).
Writing time: 158.952s
Average write speed 31.5x.
Min drive buffer fill was 99%
Fixating...
Fixating time: 15.222s
BURN-Free was 1 times used.
wodim: fifo had 10666 puts and 10666 gets.
wodim: fifo was 0 times empty and 6177 times full, min fill was 97%.

Website: Jabatan Pengajian Politeknik (Operasi)
URL: http://www.politeknik.edu.my/index.asp

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Website: Northern Corridor Economic Region (NCER)
URL: http://ncer.com.my

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Website: Pejabat Setiausaha Kerajaan Negeri Perak
URL: http://mbj.perak.gov.my/

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Website: Nippon Precision Technology Sdn Bhd.
URL: http://www.nippon-precision.com.my/newsdetail.php?newsId=24

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Website: http://ofitech.com.my
URL: http://ofitech.com.my/mydoms.php

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Website: Nature in a box, The Art of Nature
URL: http://www.natureinabox.com.my/images/index.htm

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Website: Welcome to the Nasom Teleautism
URL: http://www.nasom.com.my/

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Website:
URL: http://www.techsource.com.my/events/events.asp

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.