New Blog Address

http://otak.org.my/

Read Full Post »

FAA System Hacked

This is an article published some days ago regarding the US FEDERAL AVIATION Administration’s (FAA) computer systems. The system has been hacked several times during the past period; one major reason was the switchover of all systems to an all IP based servers! No real damage is reported (officially), however, beside the user account theft, [...]

Read Full Post »

Chinese hackers ‘using ghost network to control embassy computers’

Becareful of what HUAWEI capable off  :-) Quote:- A spy network believed to have been controlled from China has hacked into classified documents on government and private computers in 103 countries, according to internet researchers. The spy system, dubbed GhostNet, is alleged to have compromised 1,295 machines at Nato and foreign ministries, embassies, banks and [...]

Read Full Post »

Teknik “SMS Spoofing” melanda trg?

Semlm TRG di’kejut’kan dgn insiden pemulauan 10 adun dari BN akibat daripada pesanan SMS yang mengugut untuk membunuh 3 adun. Yang pelik, org yang dituduh mereka (Setiausaha Sulit Kanan Menteri Besar) menafikan penglibatan dirinya dari mengirim SMS itu. http://www.utusan.com.my/utusan/info.asp?y=2009&dt=0415&pub=Utusan_Malaysia&sec=Politik&pg=po_07.htm quote “Terdahulu sebelum sidang akhbar itu bermula, Setiausaha Sulit Kanan Menteri Besar, Wan Ahmad Muda dilihat [...]

Read Full Post »

Moving into new WORLD!

For your information, i’ve been in SEM (Security Events Management) for the last 2 years, now i’ve to consider to make use of SIEM (Security Information and Events Management) concept for my daily tasks. What is the different between SIM, SEM and SIEM? SIM – provides reporting and analysis of data primarily from host systems [...]

Read Full Post »

Vulnerability Management for Dummies: Free eBook!

Eliminating network security threats and achieving compliance doesn’t need to be complicated, time consuming, or expensive. As a network security professional, understanding how to prevent attacks and eliminate network weaknesses that leave your business exposed is critical. Vulnerability Management for Dummies arms you with the information needed to implement a successful security risk management program [...]

Read Full Post »

Creating OWN WEB CERT key using crypto-utils

Generating a Key You must be root to generate a key. First, use the cd command to change to the /etc/httpd/conf/ directory. Remove the fake key and certificate that were generated during the installation with the following commands: rm ssl.key/server.keyrm ssl.crt/server.crt The crypto-utils package contains the genkey utility which you can use to generate keys [...]

Read Full Post »

psad: Intrusion Detection and Log Analysis with iptables

psad is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. A typical deployment is to run psad on the iptables firewall where it has the fastest access to log data. Download [...]

Read Full Post »

mod_defensible

mod_defensible is an Apache 2.x module intended to block spammers/hackers/script kiddies using DNSBL servers. It will look at the client IP and check it in one or several DNSBL servers and return a 403 Forbidden page to the client. Kewl eh? hehee… furthermore it’s very easy to configure

Read Full Post »

Hardening PHP Using Suhosin

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that [...]

Read Full Post »