Showing posts with label IT News. Show all posts
Showing posts with label IT News. Show all posts
Monday, December 28, 2020
Sunday, September 27, 2015
Don't post your log on screen @ web page
Programmers love to display log on their working page while developing the page. And normally, when they release the page or site, there are always pages that they forgot to disable of remove the log. When this happen, they are actually opening a small window to cyber threat @ hackers.
Take for example or a website below (click to enlarge)
Take for example or a website below (click to enlarge)
The site show the IP address, the type of database and the path use for the database connection. Now, this may be good for programmer, but it is security loopholes that shall and can be easily avoided.
As an advice to programmers, if you need to log, PLEASE do log on a file which shall be truncated/replace (configured) not more than a week.
p/s: I'm also programmer with security interest :)
Thursday, August 27, 2015
Misfortune Cookie - Routers firmware vulnerability
| Misfortune Cookie | |
Misfortune Cookie is a firmware vulnerability in many older routers.
Once the embedded software running the device is exploited, the attacker can gain administrative privileges and use the device to gather data, steal credentials or upload malicious files to networked devices.
When the flaw was discovered in late 2014, it had already been in existence for a decade. The source of the issue is an error in the HTTP cookie-management mechanism in the device software. All the attacker has to do is send a single packet containing a malicious HTTP cookie to begin an exploit.
Lior Oppenheim, a researcher for network and endpoint security vendor Check Point Software Technologies Ltd., discovered the flaw, officially known as CVE-2014-9222. According to Check Point, the vulnerability affects over 12 million affected devices in 200 different models.
Although there have not yet been any documented Misfortune Cookie router attacks, Check Point is publicizing the vulnerability as a wake-up call for small office and home (SOHO) networks and the embedded device industry.
Check Point provides a list of suspected vulnerable routers on their website.
.... detail article at TechTarget.
|
Tuesday, July 7, 2015
Be a Data Scientist
|
Leverage your degree to solve real-world problems. The Data Science Incubator is an intensive eight-week data science program that prepares top science and engineering graduates to work as data scientists and quants in the private secroe. We then help you find jobs at some of the world's top companies. the program is free for this Data Scientist. Join us in Kuala Lumpur. Apply today! |
||
|
||
|
|
||
|
||
|
|
||
|
Class starting on 17
August 2015!
|
Monday, June 1, 2015
[ISOC] Registration for InterCommunity 2015 is open
Dear Internet Society Member:
Exciting news! Registration for InterCommunity 2015, 7/8 July, is now open! Watch this video from our President and CEO Kathy Brown to get more details. Click here to watch the video: https://youtu.be/xwx1gi6SL00
Participation is easy -- you can join online, from wherever you are, or in-person at a Regional Event in your area. These 15 events will have their own regional activities and then link to the online InterCommunity discussions. To find a regional event near you, visit: http://www.internetsociety.org/intercommunity2015/participate
InterCommunity is an ideal opportunity to talk with the ISOC Board, share ideas and viewpoints, and discuss topics that we all care deeply about -- issues including Collaborative Security, Internet governance and bringing the nextbillion people online.
Want to help promote InterCommunity? You can download postcards and posters to share with your friends:
Plan to join us at InterCommunity -- THE place to connect and inspire each other as we work together to make a difference. Visit the InterCommunity webpage http://www.internetsociety.org/intercommunity2015/ for more information!
And join our Connect community at https://connect.internetsociety.org/communities/community-home?communitykey=3b13e5d2-d878-4a06-a11c-b74da628497d&tab=groupdetails
for detailed member-only information.
Register Today! https://www.internetsociety.org/intercommunity2015/form/ic
Thursday, December 4, 2014
Network Topology - Leaf-Spine architecture
Leaf-spine is a network topology in which a series of switches form the access layer.
Leaf-spine is an alternate to the three-layer core/aggregation/access network architecture. The leaf switches mesh into the spine, which is a series of several high-throughput layer 3 switches with high port density. Spine switches are essentially the core of the architecture, whereas leaf switches are the access layer that delivers network connection points for servers. Leaf switches also provide uplinks to spine switches.
Every leaf switch connects to every switch in the network fabric; no matter which leaf switch a server is connected to, it has to cross the same number of devices every time it connects to another server. The only exception is when the other server is on the same leaf. Latency is therefore minimized to an acceptable level because each payload only has to travel to a spine switch and another leaf switch to reach its endpoint.
A leaf-spine topology can be layer 2 or layer 3 -- the links between the leaf and spine layer can be switched or routed. In a layer 2 leaf-spine design, Transparent Interconnection of Lots of Links or shortest path bridging takes the place of spanning-tree. All hosts are linked to the fabric and offer a loop-free route to their Ethernet MAC address through a shortest-path-first computation. In a layer 3 design, each link is routed, and it is most efficient when virtual local area networks are sequestered to individual leaf switches or when a network overlay, like VXLAN, is working.
Diagram: Leaf-spine topology |
Monday, October 6, 2014
Community Forum - Internet Governance issues @ 7th October
To the Communities of the Internet Society;
As you all know, the events of 2014 on Internet Governance will ripple far into the future. On the heels of the Net Mundial Conference last April, and the IGF this past month, is the ITU Plenipotentiary meeting in Busan, Korea beginning in less than three weeks. Many of you have been participating in activities locally, regionally and globally to assure that the Open Internet and multistakeholder governance model are preserved as a result of the ITU conference well into the future. Many others of you want and need to know what this all means.
THE COMMUNITY FORUM
In our efforts to bring our Communities into ever closer alignment on these issues, with a view to the extended future, ISOC CEO Kathy Brown and Vice President for Public Policy Sally Wentworth will hold a Community Forum where they will offer an over-the-horizon view of the key Internet Governance issues in order to stimulate discussion on this critically important topic.
WHEN
Tuesday, October 7, 13:00 - 14:30 UTC
HOW TO PARTICIPATE
Log into Connect. If you haven’t already logged into Connect then you need to use your Internet Society Membership username and password at https://connect.internetsociety.org , accept the privacy terms and join in the conversation. Please do this as soon as you can but no later than 15 minutes prior to the start of the Community Forum
Once you are on Connect : To join the conversation, visit the following link: https://connect.internetsociety.org/events/plenipotbeyond. If you need any additional support to login, please contact us via isoconnect@isoc.org. If for any reason you are unable to complete this login, please go to the Webex session here. Enter in the meeting number 493 678 089. The password is internet
Once you are logged into Connect there are three ways to get your questions to Kathy and Sally:
- Type your question in the interactive chat below the video. You may type your question in English, French, Spanish, Dutch, Italian and Portuguese, we will translate as needed.
- Join the Webex feed of this event, indicate in the chat box that you have a question, when prompted by a moderator ask your questions via audio and video directly to our panelists.
- Tweet your question using hashtag #ISOCBUSAN
Moderators will queue the questions from the various channels (chat, audio/video and twitter) and will get your question to the panel.
This Community Forum promises to be informative, highly interactive and action-oriented. All members are encouraged to attend and participate. For those unable to attend, we will make the proceedings available on the ISOC website in the near future.
Monday, September 29, 2014
ATM's Machine - How can it get hacked?
Recently in Malaysia, just days ago (before I wrote this), few ATM machines was hacked and few bank losses for more than few millions RM. This is really serious and it is worst than traditional ways of stealing money from the machine. It shall be flagged as critical issue by the bankers and information security organization and community which request fast and firm action to prevent this. Just imagine if this people get to access and hacked the machine in one month from multiple locations. There will be billions losses and I can't imagine that (or rather afraid to think about it).
It was reported by The Star [3] on the same day and Harian Metero [1] and Utusan [2] on 30th September 2014 upon verification from respective agencies and company.
This is not the first as it happen previously in Montreal where 2 young teenagers unintended hacked into an Bank of Montreal ATM machines during their lunch break [8].
This won't be the last and neither the cases reported here in Malaysia. Regalado from Symantec [4], already raised the alarm since March upon his finding in end of 2013 [7].
As long as the machines is used software to operate, the issue will remain unless the community starts to built workable solutions to detect and prevent this from occurring. This is not possible until the community understand the real issue and root cause of it. People may see this as XP issue or software reside in the ATM machine and they will opt to change this two software. But in my case, these won't be the root cause. These two are merely the trigger button or one of the unlocked door waiting to be opened. The real root cause is from the initial step in software development lifecycle. This is where the community should start to implant their security measurements.
There are many ways to do this and one of the way is to increase the understanding of software developers in writing secure codes. I've wrote few papers which I hope that this will be a step moving towards having software that is harden and difficult to infiltrate:
It was reported by The Star [3] on the same day and Harian Metero [1] and Utusan [2] on 30th September 2014 upon verification from respective agencies and company.
This is not the first as it happen previously in Montreal where 2 young teenagers unintended hacked into an Bank of Montreal ATM machines during their lunch break [8].
This won't be the last and neither the cases reported here in Malaysia. Regalado from Symantec [4], already raised the alarm since March upon his finding in end of 2013 [7].
As long as the machines is used software to operate, the issue will remain unless the community starts to built workable solutions to detect and prevent this from occurring. This is not possible until the community understand the real issue and root cause of it. People may see this as XP issue or software reside in the ATM machine and they will opt to change this two software. But in my case, these won't be the root cause. These two are merely the trigger button or one of the unlocked door waiting to be opened. The real root cause is from the initial step in software development lifecycle. This is where the community should start to implant their security measurements.
There are many ways to do this and one of the way is to increase the understanding of software developers in writing secure codes. I've wrote few papers which I hope that this will be a step moving towards having software that is harden and difficult to infiltrate:
- Understanding Vulnerabilities by Refining Taxonomy (Proceeding and presented in IAS 2011. Appear in IEEE)
- Classifications and Measurement on C Overflow Vulnerabilities Attack (Published in Journal IJNCAA)
- Vulnerabilities and Exploitation in Computer System - Past, Present and Future. SiSKOM 2013 (ISBN 978-967-12088-0-9), Universiti Teknologi Mara, Shah Alam, Selangor, Malaysia, 3rd - 4th Sep 2013
I won't says that hacking will be impossible as there is no such thing as impossible when you have 'will'. But this is another step for us to create a stronger wall of security.
References:
References:
- http://www.hmetro.com.my/articles/Trojan_sasarATM//Article
- http://utusan.com.my/utusan/Jenayah/20140930/je_01/Sindiket-guna-virus-lesap-wang-ATM
- http://www.thestar.com.my/News/Nation/2014/09/29/seventh-atm-hacked-into-al-rajhi-bank/
- http://www.hackerjournals.com/?p=23437
- http://www.hackersnewsbulletin.com/2014/03/windows-xp-flaw-hackers-withdraw-money-atm-just-sending-text-message.html
- http://securityaffairs.co/wordpress/23421/cyber-crime/rob-atms-couple-sms-messages.html
- http://www.deccanchronicle.com/140326/technology-latest/article/windows-xp-atms-being-hacked-simple-sms-symantec
- http://www.forbes.com/sites/jameslyne/2014/06/11/14-year-olds-hack-atm-in-lunch-hour-how-it-happened/
- http://thehackernews.com/2014/03/hacking-atm-machines-for-cash-with-just.html
- http://www.dailymail.co.uk/sciencetech/article-2655012/Teens-hack-cash-machine-lunch-break-Stunt-prompts-security-upgrade-Bank-Montreal-ATMs.html
Wednesday, September 24, 2014
Monday, September 15, 2014
Internet Society Community Grants Programme Now Open
================================================
Versión Española abajo // Version Française ci-dessous
================================================
Dear members,
The Internet Society is now accepting applications for its Community Grants Programme. Visit our website to submit your application.
The application cycle will be open until midnight (PDT) on 30 September / 0700 UTC on 1 October. Decisions will be announced in November 2014.
All applications need to be submitted online and within the programme deadline.
If you have any questions, please contact us at projects@isoc.org and follow our Community Grants discussion group.
===========================================================
Cher(ère)s membres,
Le programme de Bourse Communautaire d'Internet Society est maintenant ouvert. Pour soumettre votre application visitez notre site web.
Les applications seront acceptées jusqu'à minuit (PDT) 30 septembre / 0700 (UTC) le 1 Octobre. Les décisions seront annoncées en novembre 2014.
Toutes les demandes d'application doivent être soumises en ligne et dans le délai du programme.
En cas de questions, n'hésitez pas à nous contacter via projects@isoc.org ou de suivre le groupe de discussionsCommunity Grants.
===========================================================
Estimados(as) colegas,
La Internet Society está aceptando solicitudes para su Programa de Subvenciones a la Comunidad. Visite nuestra página para enviar su proyecto.
Este ciclo de solicitudes estará abierto hasta la medianoche (PDT) del 30 de septiembre / 0700 (UTC) del 1 de Octubre. Las decisiones se darán a conocer en noviembre.
Todas las solicitudes deben ser presentadas en lÃnea y tienen que ser en dentro del plazo del programa.
Si usted tiene alguna pregunta, por favor póngase en contacto con nosotros en projects@isoc.org y siga nuestro grupo de discusiones Community Grants.
Saludos cordiales,
Ilda Simao
Community Grants Coordinator
Versión Española abajo // Version Française ci-dessous
================================================
Dear members,
The Internet Society is now accepting applications for its Community Grants Programme. Visit our website to submit your application.
The application cycle will be open until midnight (PDT) on 30 September / 0700 UTC on 1 October. Decisions will be announced in November 2014.
All applications need to be submitted online and within the programme deadline.
If you have any questions, please contact us at projects@isoc.org and follow our Community Grants discussion group.
===========================================================
Cher(ère)s membres,
Le programme de Bourse Communautaire d'Internet Society est maintenant ouvert. Pour soumettre votre application visitez notre site web.
Les applications seront acceptées jusqu'à minuit (PDT) 30 septembre / 0700 (UTC) le 1 Octobre. Les décisions seront annoncées en novembre 2014.
Toutes les demandes d'application doivent être soumises en ligne et dans le délai du programme.
En cas de questions, n'hésitez pas à nous contacter via projects@isoc.org ou de suivre le groupe de discussionsCommunity Grants.
===========================================================
Estimados(as) colegas,
La Internet Society está aceptando solicitudes para su Programa de Subvenciones a la Comunidad. Visite nuestra página para enviar su proyecto.
Este ciclo de solicitudes estará abierto hasta la medianoche (PDT) del 30 de septiembre / 0700 (UTC) del 1 de Octubre. Las decisiones se darán a conocer en noviembre.
Todas las solicitudes deben ser presentadas en lÃnea y tienen que ser en dentro del plazo del programa.
Si usted tiene alguna pregunta, por favor póngase en contacto con nosotros en projects@isoc.org y siga nuestro grupo de discusiones Community Grants.
Saludos cordiales,
Ilda Simao
Community Grants Coordinator
Internet Society
Monday, February 3, 2014
My slideshare result... :) with vulnerabilities slide is the top :)
|
| |
2013: My Year on SlideShare
| |
| |||||||
SHARE MY YEAR IN REVIEW
|
Thursday, January 23, 2014
New things come in - APIGEE, BIZTALK and WEBAPI
Today, new things come and my knowledge is added. Maybe I'm meant not to be a MASTER, but rather Jack of all threads....
I just learn about Microsoft BizTalk and how it works.. Although I don't really go deep into it, but when times needed, I'm pretty sure that I can do BizTalk.
Another knowledge added to my BOK (body of knowledge) is API using APIGEE and WEBAPI. It is a different perspective and game but it actually refers to one things... SIMPLIFIED development and bring the USER into the development process :).
Cheers and gears up...
Another knowledge added to my BOK (body of knowledge) is API using APIGEE and WEBAPI. It is a different perspective and game but it actually refers to one things... SIMPLIFIED development and bring the USER into the development process :).
Cheers and gears up...
Sunday, January 12, 2014
Monday, December 23, 2013
List of Coming Conference as of Dec 2013
| List of Coming Conference as of Dec 2013 | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||
