Google Friend Connect



Tuesday, November 15, 2011

QuickLink To Project HoneyPot

QuickLink which can be use to track and catch malicious web-bots such as spam harveters, form spammers, and blog spammers. Visit http://www.projecthoneypot.org/ for more information.


QuickLinks are a quick and easy way for anyone who can post to a website to help trap malicious web spiders. We have found that the best honey pots installed online are the ones with the most in-bound links to them. QuickLinks allow users who may not be server administrators to still participate in Project Honey Pot simply by including a link on the pages they post to or Email.

Archive

http://cikgucyber.blogspot.com/2011/11/quicklink-to-project-honeypot.html

Visit Project Honey Pot

Tuesday, October 11, 2011

Please Change Your Password For New Format Policy


Please Change Your Password For New Format Policy

You are require to have a new password thats contain the following :-

  • Two upper case letters
  • Two lower case letters
  • Two numbers
  • Two special characters (examples: @#$%^&*()_+|~-=\`{}[]:";'<>/)


Your password must contain with minimum of 8 characters
Your password must be changed on at least every 6 months

Your password is easy to be remembered but it is hard to guess.

You want it to be complex enough that it can’t be guessed, yet meaningful enough that you can actually remember it. Use non-words but associate them with a word. Imagine your pet’s name is Buddy, you live on State Street, you’re 15, and you like to stargaze at night. A good password for you would be BudStat15** - A Guide to Facebook Security

References :-


OWASP.my Discussion Group In Facebook

https://www.facebook.com/groups/owaspmy/

Facebook Security Page and download E-book in PDF format A Guide to Facebook Security.


Password Policy

SANS Institute Password Policy

Wednesday, September 21, 2011

Introduction To ICT Security Audit OWASP Day Malaysia 2011


Introduction To ICT Security Audit OWASP Day Malaysia 2011 by Harisfazillah Jamel or LinuxMalaysia during OWASP Day Malaysia 2011 20 Sept 2011.

-

Introduction To ICT Security Audit OWASP Day Malaysia 2011
-
-

Introduction To ICT Security Audit OWASP Day Malaysia 2011 - Presentation Transcript


Agenda ● Objective of The Day ● Identified The Risks ● Who should be involved ● Where To Starts ● What To Audit ● When To Audit ● How To Do It

Objective • Harden Our Servers • In Depth Defense• Find the loophole • Find the zero day

Risk Only one risk – HumanTo Err Is Human
Its our job to find it. :-)

Risks ● Not a latest Patches ● Forget my password ● Allow all, Deny None ● Install everything ● Share anything ● Phishing ● No backup


Lab One ● Subscribe websites to Google Reader ● http://www.kb.cert.org/vuls/

Forget My Password● We will use easy password ● Password must = Senang nak ingat, susah nak teka.● Dont leak the hash ● Generate MD5 hash – http://md5crack.com/crackmd5.php ● Crack MD5 – http://isc.sans.edu/tools/reversehash.html

Lab Two ● Crack this – password – abc123 – haris – Your own name – Birthday date in numbers – Birthday date in any format

Allow All Deny None ● Any ports outbound open ● Not proxy between LAN and Internet ● Used by BOT to attack and comm with BOSS

Lab Three ● Telnet – Telnet in CMD and Shell – Port 80 GET /index.htm HTTP/1.1 and enter twice – Port 25 helo and quit ● Visit this website – http://www.yougetsignal.com/tools/open-ports/http://canyouseeme.org

Install Everything ● To many patches ● To many services ● Only select what you want

Share Everything ● Windows Share permission “every body” – Dont trust your network ● Putting files in web servers – Google BOT nyum-nyum

Lab Four ● Google own name in PDF files – harisfazillah filetype:pdf ● You own IC numbers (with and without -) – Do this on your own

Phishing ● The most used tactic to gain password – Email – Phone

Lab Five ● Track your organisation here – http://www.phishtank.com/ ● You will never know, you are the target.● Defacement Archive – http://www.zone-h.org/archive

BreakJom Minum

Who ? - The Management - ICT - Me Everybody need to be involved

Lab Six ● CIS Security – The Benchmark – http://www.cisecurity.org/

Where To Start ● Any servers that have IP address – Public or Internal – Heavy traffic websites and Email ● LAN – Review firewall and proxy log – SMTP activities – IRC bot activities – HTTP and HTTPS requests – Minitor network traffic

Lab Seven ● Get the bootable CD ● tcpdump ● wireshark ● Any network analysis tools
When To Do It ● A must every 6 months● Any security warning

Contact linuxmalaysia@gmail.com


Download



Sunday, September 11, 2011

Important: Security Breach on Linux.com, LinuxFoundation.org

I got this notice when visiting http://www.linuxfoundation.org/ and http://www.linux.com/ websites date and time 11 September 2011 19:58

Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. The Linux Foundation made this decision in the interest of extreme caution and security best practices. We believe this breach was connected to the intrusion on kernel.org.

We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information.

We apologize for the inconvenience. We are taking this matter seriously and appreciate your patience. The Linux Foundation infrastructure houses a variety of services and programs including Linux.com, Open Printing, Linux Mark, Linux Foundation events and others, but does not include the Linux kernel or its code repositories.

Please contact us at info@linuxfoundation.org with questions about this matter.

The Linux Foundation

Email from info@linuxfoundation.org

Important: Security Breach on Linux.com, LinuxFoundation.org


Attention Linux.com and LinuxFoundation.org users,

We are writing you because you have an account on Linux.com, LinuxFoundation.org, or one of the subdomains associated with these domains. On September 8, 2011, we discovered a security breach that may have compromised your username, password, email address and other information you have given to us. We believe this breach was connected to the intrusion on kernel.org.

As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update public statements when we have more information.

We have taken all Linux Foundation servers offline to do complete re-installs. Linux Foundation services will be put back up as they become available. We are working around the clock to expedite this process and are working with authorities in the United States and in Europe to assist with the investigation.

The Linux Foundation takes the security of its infrastructure and that of its members extremely seriously and are pursuing all avenues to investigate this attack and prevent future ones. We apologize for this inconvenience and will communicate updates as we have them.

Please contact us at info@linuxfoundation.org with questions about this matter.

The Linux Foundation

My advice to System Administrators from Malaysia, lets join OWASP Malaysia Chapter for ICT security alerts and discussion.

OWASP Malaysia Chapter links :-

OWASP.my Discussion Group In Facebook

OWASP Malaysia Twitter

OWASP Malaysia Local Chapter Facebook Page

OWASP Malaysia Local Chapter official Website

OWASP Malaysia Local Chapter Mailing List



Saturday, August 27, 2011

Logo OWASP Day Kuala Lumpur Malaysia 2011

OWASP DAY KL 2011 - Malaysia https://www.owasp.org/index.php/OWASP_Day_KL_2011



Call For Participants OWASP Day Kuala Lumpur Malaysia 2011




Click for "Registration Tab" for Call For participants Forms

We have a number of sessions available during the OWASP Day Kuala Lumpur Malaysia, join us for multiple papers presentation for 45 minutes each and training sessions for whole day (8am till 5.30pm).

OWASP Day topics of interest cover the following topics or any other topics that out of ordinary :-

- Web Application Security
- Mobile Application Security
- Cloud Application Security
- Software and Architecture Patterns for Application Security
- Metrics for Application Security
- OWASP Tools and Projects
- Secure Coding Practices (J2EE/.NET)
- Application Security Testing
- New Attacks and Defense
- Other subjects related to OWASP and Application Security

Detail and official schedule, visit the official website :-


For more information about OWASP Day KL 2011 participants, call for paper and training, you can email to

owaspday @ osdc dot my

About OWASP DAY KL 2011 - Malaysia - The Open Web Application Security Project :-


OWASP Malaysia will host OWASP Day KL 2011 in Kuala Lumpur, Malaysia from Sep. 20 to Sep. 21, 2011 and colloborate with UniKL & OSDCMY.

The events will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from Malaysia and around the world for in-depth discussions of cutting-edge application security issues.

The summit will draw participation from major Malaysia and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 200 people are expected to attend the events. exhibition and lunch will be held at the summit, providing sufficient networking opportunities.

UniKL Malaysian Institute of Information Technology (UniKL MIIT)


OWASP Malaysia


The Open Web Application Security Project (OWASP)


Join OWASP.my Discussion Group In Facebook


OSDC.my



Facebook Event Page OWASP Day Malaysia 2011


Thursday, August 11, 2011

Call For Speakers OWASP Day Kuala Lumpur Malaysia 2011


Call for speakers OWASP Day Kuala Lumpur Malaysia 2011 official website :-


Click for "CFP and CFT Tab" for Call For Presenter (CFP) and Call For Trainer (CFT) Forms

We have a number of sessions available during the OWASP Day Kuala Lumpur Malaysia, please feel free to submit multiple papers - presentation length is 45 minutes block and training sessions for whole day (8am till 5.30pm).

OWASP Day topics of interest can cover the following topics or any other topics out of ordinary :-
  • Web Application Security
  • Mobile Application Security
  • Cloud Application Security
  • Software and Architecture Patterns for Application Security
  • Metrics for Application Security
  • OWASP Tools and Projects
  • Secure Coding Practices (J2EE/.NET)
  • Application Security Testing
  • New Attacks and Defense
  • Other subjects related to OWASP and Application Security

For more information about OWASP Day KL 2011 CFP and CFT, you can email to

owaspday @ osdc dot my

About OWASP DAY KL 2011 - Malaysia - The Open Web Application Security Project :-

Popular Posts