My Planner

Well, today is Friday and as usual everyone love Friday since tomorrow is a holiday. To make it much better I'll be on leave as well next Monday.
Why? According to this Bank policy, every replacement leave that you entitled must be utilized within the same month. So my boss asked me to plan my leave. Actually, they will have another simulation test this weekend but I'm still not sure whether i still need to be around. My boss will give her decision today. The department that conduct the testing requires us (me and my colleague) to be around, but everything depends on our boss. If we do need to come, then i will have another Replacement to be utilize within this month. Hahahahha.

On Saturday, I'll be sending my wife to Ampang Putri Hospital to do her blood check. The doctor just want to conduct a test whether any problem with the glucose level inside her blood.

Next month-March.

3rd of March 2008, I'll be conducting the Security Awareness training for all Group IT staff. Fuhhh....This is a tough one since that i need to understand really well about the Bank's IT policy together with the BNM GPIS1.

5th of March 2008, means I've been here (EON Bank) for 4 months. 2 months to go before my confirmation.

7th of March 2008, I'll be attending a training at my previous company SCAN Associates on Thales Websentry Management Technical Course. Hope can meet my old friends there. But too bad by that time Azie and Niza won't be around anymore.

I think thats all for now. Stay tuned for more updates. Hahahahah


Ngantuk giler hari ni ni. Ni pun asyik sangap jer.
Aku harap dgn tulis blog ni bole bg aku segar sket.
Pagi td bangun berat jer mata ni nak bukak.

Ni semua psl:
1) Sabtu tido lewat.....tengok MU lwn Arsenal. Tp memang berbaloi sebab Arsenal dgn mudah berjaya dilaukkan 4-0.
2) Smlm (ahad) kena keje. Projek e-Pki connectivity testing smlm. Nasib dpt replacement leave.
3) Penat study untuk tutorial mlm nie. Bnyk plak topik yg aku tak tau.....camna nk ngajar kalau tak tau.

If only i can sleep on my bed rite now......what a pleassure......

2007 Security Report

The Web Hacking Incidents Database 2007 reports that:

Key findings were:
  • 67% percent of the attacks in 2007 were "for profit" motivated. Ideological hacking came second.
  • With 20%, good old SQL injections dominated as the most common techniques used in the attacks. XSS finished 4th with 12 percent and the young and promising CSRF is still only seldom exploited out there and was included in the "others" group.
  • Over 44% percent of incidents were tied to non-commercial sites such as Government and Education. We assume that this is partially because incidents happen more in these organizations and partially because these organizations are more inclined to report attacks.
  • On the commercial side, internet-related organizations top the list. This group includes retail shops, comprising mostly e-commerce sites, media companies and pure internet services such as search engines and service providers. It seems that these companies do not compensate for the higher exposure they incur, with proper security procedures.
  • In incidents where records leaked or where stolen the average number of records affected was 6,000.
Another statistics shows that
the majority of critical vulnerabilities (20 of 28 flaws) found in 2007 in Internet Explorer were memory corruption issues, similar to 2006.

Lastly, comparing from year 2000 to 2007....last year the number of vulnerabilities reduced a bit. Well done.

P/s: Don't use IE...hahahhahha

Metasploit 3.1

Austin, Texas, January 28th, 2008 -- The Metasploit Project announced today the free, world-wide availability of version 3.1 of their exploit development and attack framework. The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits. "Metasploit 3.1 consolidates a year of research and development, integrating ideas and code from some of the sharpest and most innovative folks in the security research community" said H D Moore, project manager. Moore is referring the numerous research projects that have lent code to the framework.

These projects include the METASM pure-ruby assembler developed by Yoann Guillot and Julien Tinnes, the "Hacking the iPhone" effort outlined in the Metasploit Blog, the Windows kernel-land payload staging system developed by Matt Miller, the heapLib browser exploitation library written by Alexander Sotirov, the Lorcon 802.11 raw transmit library created by Joshua Wright and Mike Kershaw, Scruby, the Ruby port of Philippe Biondi's Scapy project, developed by Sylvain Sarmejeanne, and a contextual encoding system for Metasploit payloads. "Contextual encoding breaks most forms of shellcode analysis by encoding a payload with a target-specific key" said I)ruid, author of the Uninformed Journal (volume 9) article and developer of the contextual encoding system included with Metasploit 3.1.

The graphical user interface is a major step forward for Metasploit users on the Windows platform. Development of this interface was driven by Fabrice Mourron and provides a wizard-based exploitation system, a graphical file and process browser for the Meterpreter payloads, and a multi-tab console interface. "The Metasploit GUI puts Windows users on the same footing as those running Unix by giving them access to a console interface to the framework" said H D Moore, who worked with Fabrice on the GUI project.

The latest incarnation of the framework includes a bristling arsenal of exploit modules that are sure to put a smile on the face of every information warrior. Notable exploits in the 3.1 release include a remote, unpatched kernel-land exploit for Novell Netware, written by toto, a series of 802.11 fuzzing modules that can spray the local airspace with malformed frames, taking out a wide swath of wireless-enabled devices, and a battery of exploits targeted at Borland's InterBase product line. "I found so many holes that I just gave up releasing all of them", said Ramon de Carvalho, founder of RISE Security, and Metasploit contributor.

"Metasploit continues to be an indispensable and reliable penetration testing framework for our modern era", says C. Wilson, a security engineer who uses Metasploit in his daily work. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

Metasploit runs on all modern operating systems, including Linux, Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the tiny Nokia n800 handheld. Users can access Metasploit using the tab-completing console interface, the Gtk GUI, the command line scripting interface, or the AJAX-enabled web interface. The Windows version of Metasploit includes all software dependencies and a selection of useful networking tools.

The latest version of the Metasploit Framework, as well as screen shots, video demonstrations, documentation and installation instructions for many platforms, can be found online at

p/s: I haven't try it since the internet connection in my office is really bad and i don't even have a chance to try any new frustrated

Road Bully

On my way back to my hometown in Ipoh, when we (me, my wife & my brother) reached the Kg Melayu Rasa, this bullshit driver try to overtook me from left in a one lane road.
I give that bas***d a horn and then this Indian guy stopped his car.
He then give signal for me to overtake him.

Starting from that, he's been following really near with high beam. Damn Bastard!!
At the same time my wife already frighten and worried.
I quickly dialled 999 to get some help.
Unfortunately.....i got a respond from the operator to call 103 and and asked for a nearby police station. Another bulls***. He mentioned that this 999 number will only reponds to emergency.
What the F**K? This is an emergency. I'm really pissed off with that guy. Is this how policemen should react?

Luckily, there's a road block just after that. I stopped my car and rushed to the police officer and told everything about that road bully. The car ran away quickly passed the road block. I managed to get the registration number of that car. It is WDQ 6010, a blue color iswara with P license.
So anyone who reads this blog, please be careful.

Happy CNY

Tomorrow will be the last day of working for this week.
Most of my officemate will be on leave tomorrow not to forget my boss as well.
The only person left in this security administration department is only me and Salleh.
Hahahaha....we can do whatever we want.

Last week i received about 13 pieces of mandarin oranges. On monday i received about 5 more and today i got another 7 pieces. Thats the advantage working with multiracial society.

But something really pissed me off. Arghhhh...
Most of them are just chatting around today. The bosses just reading newspaper during office hour. I wonder whether we can do the same on the eve of Aidilfitr or Aidiladha. I don't think so....

Tomorrow i'll be going back to my hometown in Ipoh.
Hope the traffic isn't too bad. Maybe i'll go to Cameron Highlands on the next day. My wife want to go there before she delivered. Ngidam she said. Hahahahaha

Closing Soon......

Last week mark the end of my department in my previous company.
Starting with me......then followed by my boss and now my colleague Azie. She had submit her resignation letter. Hahahahaha....
I think this is the first time in the company history which everyone from the same department leaving the company. That's mean the end of HRD regime.

By the way, later on who will cover my previous duties? My ex boss duties? And now my colleague duties? Its really a burden for anyone employed to cover all those tasks.

To Azie, i wish you all the best for your new career. Please invite me if you have any futsal session. Insyaallah i will join.