Thursday, October 30, 2008

HITB2008 - HackInTheBox 2008







hack the notebook.. and bring it back home!! for free!!! ( if u can hack it dude )



Yess.. as usual, HITB is come again!.. but this year it held on Crowne Plaza..

i went there on the 2nd day ( too bz+tired with work etc ).. but still we have some unique booth for wireless/ bluetooth, that u can build your own wireless/bluetooth device and bring it back home!




U'll see this familiar faces.. in IT conference...


Wireless device that have 8.5-9dbi.. use to steal passwords around!!





CTF, openhack etc.. as usual..









me, Toriqz ( HPUX masta! ), Kamal Hilmi



me and Kai Kaspersky ( nothing related with Kaspersky AntiVirus! ).. hackers who found bugs/vulnerability on all Intel processor!! He's look like "white wizard" from LOTR dude!



"Lepak"ing inside the halls.. me.. "the MIMOS guy", microsoft guy.. ahahaa


"somone i know" won the PSP! They also put on bidding XBOX360 and PS3 with price rm700!!





CTF - 3rd place - korean team


CTF 2nd place - Vietnam team



CTF 1st ( winner ) - Vietnam team ( aiyah so "skema" look like "ALAM FLORA" team lor )



yes.. we success to make Roberto Preatoni ( Zone-H ) half-naked!



the "revenge" of Roberto.. he successfully made ( with our support!! ) Gaius to wear the underwear ( last year Roberto's underwear ) on his head.. ahahaha..



King TUNA selling his wireless device ( used to steal passwords ) for rm450!!


we sell thier t-shirt!




it's party timeeeee!!!!!



"boss, this is the proof that i was there, ok?"- the microsoft guy


"the belly competition" winner


mr Jim "negative" Geovedi.. DJ of the night..


Good fellow, SK Chong from SCAN ASSOCIATES..
1st questions from him to me "eh nasik2 takde ke? aku lapor la.. belum makan lg ni"



Mr Terashima from Japan



"The PIRATE BAY" guy



The GRUGQ



Roberto Preatoni



The party went crazy... frenzzzyyyyyy!!



"Hot chicks" huhuhuu


Blackhat organizer from Japan!!

Friday, October 24, 2008

CyberSecurity INFOSEC-MY



I got this news from my fella irwanj @ ipvsadm.. reg it and walla! done!!.. early morning i was there.. at SAPURA, next to MINES..

go to reg table and confirmed it.. take my seat...




En Adli Wahid menyampaikan ceramah pembuka tirai majlis.. anyway he's an elitist!..





My ol' frens.. mr hazrul@ayoi, from SCAN.. an experts for long time.. give speech about security practise, process etc...



Also my 'ol pals En Mahmud from CyberSecurity deliver about Malware.. speech, details expelnation, examples, live demo, very awesome demo and the best presenter of the day!




Yondie.. ayoi, me, mnajem..




***, Aman, me , mahmud, ***




having lunch, talks, discuss etc2 with Adli, mahmud and others.. me and Adli share some ideas for centralising local antispam databases/prefs for local malaysian servers reference.. still on discussion, not deploying it yet, but some list already prepared at cybersecurity..



Wednesday, October 15, 2008

NetBSD 4.0.1 is released!




Sender: netbsd-announce-owner@NetBSD.org
List-Id: netbsd-announce

                           Announcing NetBSD 4.0.1

About the NetBSD 4.0.1 Release

The NetBSD Project is pleased to announce that update 4.0.1 of the
NetBSD operating system is now available. NetBSD 4.0.1 is the first
security/critical update of the NetBSD 4.0 release branch. This
represents a selected subset of fixes deemed critical in nature for
stability or security reasons, no new features have been added.

NetBSD 4.0.1 runs on 54 different system architectures featuring 17
machine architectures across 17 distinct CPU families, and is being
ported to more. The NetBSD 4.0.1 release contains complete binary
releases for 51 different machine types, with the platforms amigappc,
bebox and ews4800mips released in source form only. Complete source
and binaries for NetBSD 4.0.1 are available for download at many sites
around the world. A list of download sites providing FTP, AnonCVS,
SUP, and other services is provided at the end of this announcement;
the latest list of available download sites may also be found at
http://www.NetBSD.org/mirrors/. We encourage users who wish to install
via a CD-ROM ISO image to download via BitTorrent by using the torrent
files supplied in the ISO image area. A list of hashes for the NetBSD
4.0.1 distribution has been signed with the well-connected PGP key for
the NetBSD Security Officer:
ftp://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-4.0.1_hashes.asc

Please note that all fixes in security/critical updates (i.e., NetBSD
4.0.1, 4.0.2, etc) are cumulative, so the latest update contains all
such fixes since the corresponding minor release. These fixes will
also appear in future minor releases (i.e., NetBSD 4.1, 4.2, etc),
together with other less-critical fixes and feature enhancements.

NetBSD is free. All of the code is under non-restrictive licenses, and
may be used without paying royalties to anyone. Free support services
are available via our mailing lists and website. Commercial support is
available from a variety of sources; some are listed at
http://www.NetBSD.org/gallery/consultants.html. More extensive
information on NetBSD is available from our website:

  http://www.NetBSD.org/

Changes Between 4.0 and 4.0.1 update

The complete list of changes can be found in the CHANGES-4.0.1
file in the top level directory of the NetBSD 4.0.1 release tree
(ftp://ftp.NetBSD.org/pub/NetBSD/NetBSD-4.0.1/CHANGES-4.0.1).
A shortened list is as follows:

Security Advisories Fixes

  o NetBSD-SA2008-004, multiple issues (CVE-2008-1372 and
    CVE-2005-0953), has been fixed by upgrading to bzip2 to 1.0.5
  o NetBSD-SA2008-005, OpenSSH Multiple issues (CVE-2008-1483 and
    CVE-2008-1657), has been fixed by applying patches from upstream.
  o NetBSD-SA2008-006, integer overflow in strfmon(3) function
    (CVE-2008-1391), has been fixed.
  o NetBSD-SA2008-008, OpenSSL Montgomery multiplication
    (CVE-2007-3108), has been fixed.
  o NetBSD-SA2008-009, BIND cache poisoning (CVE-2008-1447 and CERT
    VU#800113), has been fixed by updating BIND to 9.4.2-P2. Note
    there are two related changes to this advisory:
       o The default behavior of ipfilter's Port Address Translation
         has been changed to using random port allocation rather than
         sequential mappings, to avoid decreasing the randomness of
         source ports used for DNS queries which affects the BIND
         cache poisoning problem.
       o A `query-source' statement, which could allow the BIND cache
         poisoning attack, has been commented out in the default
         named.conf(5) file.
  o NetBSD-SA2008-010, malicious PPPoE discovery packet can overrun a
    kernel buffer (CVE-2008-3584), has been fixed.
  o NetBSD-SA2008-011, ICMPv6 MLD query (CVE-2008-2464), has been
    fixed.
  o NetBSD-SA2008-012, Denial of Service issues in racoon(8)
    (CVE-2008-3652), has been fixed by upgrading ipsec-tools to
    release 0.7.1. Note this also fixes CVE-2008-3651.
  o upcoming NetBSD-SA2008-013, IPv6 Neighbor Discovery Protocol
    routing vulnerability (CVE-2008-2476), has been fixed.
  o upcoming NetBSD-SA2008-014, remote cross-site request forgery
    attack issue in ftpd(8) (CVE-2008-4247), has been fixed.
  o upcoming NetBSD-SA2008-015, remove kernel panics on IPv6
    connections (CVE-2008-3530), has been fixed.

Note: NetBSD-SA2008-007 and advisories prior to NetBSD-SA2008-004
don't affect NetBSD 4.0.

Other Security Fixes

  o Fix a buffer overrun which could crash a FAST_IPSEC kernel.
  o tcpdump(8): fix CVE-2007-1218, CVE-2007-3798 and CAN-2005-1278 in
    base-tcpdump.
  o Fix a buffer overflow of PCF font parser in X11 libXfont library
    (CVE-2008-0006).
  o Fix a buffer overflow of Tektronix Hex Format support in binutils
    (CVE-2006-2362).
  o machfb(4) and voodoofb(4): introduce two missing
    KAUTH_GENERIC_ISSUSER checks in the mmap(2) code.

Networking

  o Update root.cache to 2008020400 version.
  o Fix IP packet forwarding code to make sure to send a reasonable
    fragment size when IPsec is configured.
  o Fix a bug in TCP SACK code which causes data corruption.
  o Fix an rc.d(8) script for amd(8) not to shutdown gracefully since
    it seems to cause problems for more people than the old (also
    broken) behavior.
  o ftpd(8): fix and reorganize PAM support.

Libraries

  o Pthread support of BIND has been disabled for future binary
    compatibility after removal of the scheduler activations.
  o Fix coredump of gdtoa (conversion between binary floating-point
    and ASCII string) functions on out of memory conditions.

Drivers

  o fxp(4): fix random pool corruption and hangup problems.
  o wd(4): handle more LBA48 bug quirks on some Hitachi's SATA/IDE
    drives.

Miscellaneous

  o Disable a NULL pointer check in zlib for standalone programs. This
    fixes errors on loading a gzipped kernel (including installation
    kernels) on several ports (news68k etc.) whose kernels are loaded
    at address zero.
  o awk(1): bring back an accidentally removed fix to allow escape of
    a newline in string literals.
  o gcc(1):
       o fix compilation of native sh3 gcc on 64-bit build machines
       o fix an internal compiler error on compiling m68k softfloat or
         m68010 targets on 64-bit build machines.
  o zgrep(1): make `-h' option (suppress filenames on output when
    multiple files are searched) actually work.
  o Fix parallel build failure on building hpcarm, hpcmips and hpcsh
    releases.

Platform specific

  o acorn32: fix a bootloader problem on some RiscPCs.
  o cobalt:
       o add a workaround to avoid panic on probing a multi function
         PCI device on Qube's PCI slot
       o fix a bug in the interrupt handler which causes network
         freeze if more than one interfaces are used.
  o hp700: fix potential kernel / userland memory corruption in
    copyinstr(9) and copyoutstr(9).
  o sparc64: fix a bug in locore.s which causes unexpected behavior.
  o sun3: fix a bug which might cause an occasional panic during boot.
  o vax: make syscall handler use proper copyin(9) function on parsing
    syscall args.

System families supported by NetBSD 4.0.1

The NetBSD 4.0.1 release provides supported binary distributions for
the following systems:

NetBSD/acorn26   Acorn Archimedes, A-series and R-series systems
NetBSD/acorn32   Acorn RiscPC/A7000, VLSI RC7500
NetBSD/algor     Algorithmics, Ltd. MIPS evaluation boards
NetBSD/alpha     Digital/Compaq Alpha (64-bit)
NetBSD/amd64     AMD family processors like Opteron, Athlon64, and
                 Intel CPUs with EM64T extension
NetBSD/amiga     Commodore Amiga and MacroSystem DraCo
NetBSD/arc       MIPS-based machines following the Advanced RISC
                 Computing spec
NetBSD/atari     Atari TT030, Falcon, Hades
NetBSD/cats      Chalice Technology's CATS and Intel's EBSA-285
                 evaluation boards
NetBSD/cesfic    CES FIC8234 VME processor board
NetBSD/cobalt    Cobalt Networks' MIPS-based Microservers
NetBSD/dreamcast Sega Dreamcast game console
NetBSD/evbarm    Various ARM-based evaluation boards and appliances
NetBSD/evbmips   Various MIPS-based evaluation boards and appliances
NetBSD/evbppc    Various PowerPC-based evaluation boards and
                 appliances
NetBSD/evbsh3    Various Hitachi Super-H SH3 and SH4-based evaluation
                 boards and appliances
NetBSD/hp300     Hewlett-Packard 9000/300 and 400 series
NetBSD/hp700     Hewlett-Packard 9000 Series 700 workstations
NetBSD/hpcarm    StrongARM based Windows CE PDA machines
NetBSD/hpcmips   MIPS-based Windows CE PDA machines
NetBSD/hpcsh     Hitachi Super-H based Windows CE PDA machines
NetBSD/i386      IBM PCs and PC clones with i386-family processors and
                 up
NetBSD/ibmnws    IBM Network Station 1000
NetBSD/iyonix    Castle Technology's Iyonix ARM based PCs
NetBSD/landisk   SH4 processor based NAS appliances
NetBSD/luna68k   OMRON Tateisi Electric's LUNA series
NetBSD/mac68k    Apple Macintosh with Motorola 68k CPU
NetBSD/macppc    Apple PowerPC-based Macintosh and clones
NetBSD/mipsco    MIPS Computer Systems Inc. family of workstations and
                 servers
NetBSD/mmeye     Brains mmEye multimedia server
NetBSD/mvme68k   Motorola MVME 68k Single Board Computers
NetBSD/mvmeppc   Motorola PowerPC VME Single Board Computers
NetBSD/netwinder StrongARM based NetWinder machines
NetBSD/news68k   Sony's 68k-based "NET WORK STATION" series
NetBSD/newsmips  Sony's MIPS-based "NET WORK STATION" series
NetBSD/next68k   NeXT 68k "black" hardware
NetBSD/ofppc     OpenFirmware PowerPC machines
NetBSD/pmax      Digital MIPS-based DECstations and DECsystems
NetBSD/pmppc     Artesyn's PM/PPC board
NetBSD/prep      PReP (PowerPC Reference Platform) and CHRP machines
NetBSD/sandpoint Motorola Sandpoint reference platform
NetBSD/sbmips    Broadcom SiByte evaluation boards
NetBSD/sgimips   Silicon Graphics' MIPS-based workstations
NetBSD/shark     Digital DNARD ("shark")
NetBSD/sparc     Sun SPARC (32-bit) and UltraSPARC (in 32-bit mode)
NetBSD/sparc64   Sun UltraSPARC (in native 64-bit mode)
NetBSD/sun2      Sun Microsystems Sun 2 machines with Motorola 68010
                 CPU
NetBSD/sun3      Motorola 68020 and 030 based Sun 3 and 3x machines
NetBSD/vax       Digital VAX
NetBSD/x68k      Sharp X680x0 series
NetBSD/xen       The Xen virtual machine monitor

Ports available in source form only for this release include the
following:

NetBSD/amigappc    PowerPC-based Amiga boards
NetBSD/bebox       Be Inc's BeBox
NetBSD/ews4800mips NEC's MIPS-based EWS4800 workstation

Acknowledgments

The NetBSD Foundation would like to thank all those who have
contributed code, hardware, documentation, funds, colocation for our
servers, web pages and other documentation, release engineering, and
other resources over the years. More information on the people who
make NetBSD happen is available at:

  http://www.NetBSD.org/people/

We would like to especially thank the University of California at
Berkeley and the GNU Project for particularly large subsets of code
that we use. We would also like to thank the Internet Systems
Consortium Inc., the Network Security Lab at Columbia University's
Computer Science Department, and Ludd (Luleaa Academic Computer
Society) computer society at Luleaa University of Technology for
current colocation services.

About the NetBSD Foundation

The NetBSD Foundation was chartered in 1995, with the task of
overseeing core NetBSD project services, promoting the project within
industry and the open source community, and holding intellectual
property rights on much of the NetBSD code base. Day-to-day operations
of the project are handled by volunteers.

As a non-profit organization with no commercial backing, The NetBSD
Foundation depends on donations from its users, and we would like to
ask you to consider making a donation to the NetBSD Foundation in
support of continuing production of our fine operating system. Your
generous donation would be particularly welcome assistance with
ongoing upgrades and maintenance, as well as with operating expenses
for The NetBSD Foundation. Please visit:

  http://www.NetBSD.org/donations/

Donations can be done via PayPal to <paypal@NetBSD.org> and are fully
tax-deductible in the US. If you would prefer not to use PayPal, or
would like to make other arrangements, please contact
<finance-exec@NetBSD.org>.

NetBSD mirror sites

Please use a mirror site close to you.

  o FTP  - http://www.NetBSD.org/mirrors/#ftp
  o ISO images - http://www.NetBSD.org/mirrors/#iso
  o Anonymous CVS - http://www.NetBSD.org/mirrors/#anoncvs
  o BitTorrent - http://www.NetBSD.org/mirrors/#bittorrent
  o SUP  - http://www.NetBSD.org/mirrors/#sup
  o CVSup  - http://www.NetBSD.org/mirrors/#cvsup
  o rsync  - http://www.NetBSD.org/mirrors/#rsync
  o AFS  - http://www.NetBSD.org/mirrors/#afs

Please also note our list of CD-ROM vendors, located at:

  http://www.NetBSD.org/sites/cdroms.html


[NetBSD(R) is a registered trademark of The NetBSD Foundation, Inc.]


I already used it for past few days :D

NetBSD# uname -a
NetBSD NetBSD 4.0.1_PATCH NetBSD 4.0.1_PATCH (GENERIC) #5: Sun Oct 12 21:27:46 MYT 2008  root@NetBSD:/usr/obj/sys/arch/i386/compile/GENERIC i386


Sunday, October 12, 2008

Trip to Melaka..



Aku ke Melaka baru2 ni..
atas urusan yg tak dpt aku ceritakan.. port kat pantai Pengkalan Balak... was a nice place
..





Just pagi2 tu, awal2 lg aku dah kuar.. pusing2 ambik angin kat pantai.. termenung dan berpikir sendiri... terdapat question yg kadang in my confused mind:

1- Apa aku dah temui, sesuatu yg dipanggil "life"?
2- Aku dah satisfy ngan apa yg aku dpt dan buat selama ni?
3- what i gonna do and face tomorrow?
4- will i get what i'm dream of?
5- I have a dream, lots of dream.. try to reaching it.. now or never.. tapi tercapaikah?
6- Am i too greedy?

takleh nak jawap rasanya mende2 tuh semua.. takpe la ambik angin je.. takyah sakit2 kepala...







Sorg pakcik ( pangkat atuk ) terjumpa siput ni dan kasik kat aku.. menarik.. masih hidup lg dan ada hidupan2 ( teritip kut? ) masih melekat kat belakangnya.. menarik... maybe siput ni pun mcm aku.. walaupun nampak happi dan happening, actually sunyi.. ehehe... sad kan? sometime i feel pathethic about myself... kenapa? hanya aku je yg tau sebabnya..






back to my room.. just lepak depan tu dan layan angin pagi2 ni.. ngantuk sikit tp maybe ini dpt menenangkan jiwa aku kut.. sebelum agenda2 siang bermula dan aku akan sibuk...

anyway this trip really menaingful to me.. really2 meaningful...