Policy, Standards, Practices, Guidelines, Procedures, blablabla

sometimes, thinking for higher level is good for me.. management of information security skill is an adding advantage with my little security technical skill.. with sunday laziness and some boredness i start here.. and end with example..

Policies..
deliberate plan of action to guide decisions and achieve rational outcomes..
some call a short and concise what is expected. This thing stand at he higest level.. no step by step "how to". (that is standards)

Standards..
more detailed statement of what must be done to comply with policy.. including more specific details on how to comply with policy..

Practice,Guidelines, Procedures
sharing quite same definitions.. actual process of doing things.. correct or usual way of doing something or usual order followed when doing something..
this is how it looks like.. (some lazy photoshoping)

examples
for a simple example, a company policy is each employee must have strong password.. just want strong password but how? here we have standards (come with practices, guidelines and procedures) which describe what is strong password and what are the criteria and how to make it.. for example must contains at least 8 characters with combination of letters, symbols,numbers, lower and upper case letter and yada..yada..

references
M.E Whitman, H.J. Mattord, Management of Information Security, Course Technology , 978-1-4239-0130-3
Advance English Dictionary
and some web references..

flaws in our email service? be careful..

just now i just playing around with a mail after capek tell a story about his friend's email had been compromised..

what i had founded was quite shocking.. it was very easy to change others password just by having their ID..

it starts here.. I just click on I can't access my account link..

Then choose My account may have been compromised.. And click next..

complete some easy captcha n email id..

complete easy form..

finally i got an email..

maybe i miss something that make this system secure in other way.. because this is just my simple lazy experiments..(thats why my English is bad also) please add any if there are any, my friends..

Earthquake can be everywhere!!

There're lot of earthquake cases recently and the latest one is in Haiti.. I think government should have a syllabus in school on what to do when there are disaster especially earthquake.. (sorry if this one already implemented) ..If we cannot prevent earthquake, at least we can prevent lot of fatal death because of lack of education on how to protect ourselves during earthquake..

here i copy paste some procedure what to do during earthquake from FEMA dedicated for me as a reference in the future (who knows)..

If indoors

• DROP to the ground; take COVER by getting under a sturdy table or other piece of furniture; and HOLD ON on until the shaking stops. If there isn’t a table or desk near you, cover your face and head with your arms and crouch in an inside corner of the building.
• Stay away from glass, windows, outside doors and walls, and anything that could fall, such as lighting fixtures or furniture.
• Stay in bed if you are there when the earthquake strikes. Hold on and protect your head with a pillow, unless you are under a heavy light fixture that could fall. In that case, move to the nearest safe place.
• Use a doorway for shelter only if it is in close proximity to you and if you know it is a strongly supported, loadbearing doorway.
• Stay inside until shaking stops and it is safe to go outside. Research has shown that most injuries occur when people inside buildings attempt to move to a different location inside the building or try to leave.
• Be aware that the electricity may go out or the sprinkler systems or fire alarms may turn on.
• DO NOT use the elevators.

If outdoors

• Stay there.
• Move away from buildings, streetlights, and utility wires.
• Once in the open, stay there until the shaking stops. The greatest danger exists directly outside buildings, at exits, and alongside exterior walls. Many of the 120 fatalities from the 1933 Long Beach earthquake occurred when people ran outside of buildings only to be killed by falling debris from collapsing walls. Ground movement during an earthquake is seldom the direct cause of death or injury. Most earthquake-related casualties result from collapsing walls, flying glass, and falling objects.

If in a moving vehicle

• Stop as quickly as safety permits and stay in the vehicle. Avoid stopping near or under buildings, trees, overpasses, and utility wires.
• Proceed cautiously once the earthquake has stopped. Avoid roads, bridges, or ramps that might have been damaged by the earthquake.

If trapped under debris

• Do not light a match.
• Do not move about or kick up dust.
• Cover your mouth with a handkerchief or clothing.
• Tap on a pipe or wall so rescuers can locate you. Use a whistle if one is available. Shout only as a last resort. Shouting can cause you to inhale dangerous amounts of dust.

anti-shouldersurfer

How To Cyberstalk Potential Employers

Zaman pencarian kerja untuk para graduan telah bermula... rasanya inilah masanya untuk implement tutorial dari irongeek.com ni..

How To Cyberstalk Potential Employers

Add new Partitions to Virtualbox OSE Ubuntu

1. Create new Virtual Hard Disk

Open Virtualbox OSE, go to File > Virtual Media Manager(VMM) or just Ctrl + D. Click New button on the Hard Disk Tab. Follow the instructions, until finish. Make sure this time take care about the size of the partition. And finish the procedure (choose the right partition type, name and size. Now we have created a new Virtual Hard Disk (VHD).

2. Add the new VHD to the VCO

Exit the VMM by clicking OK button. On the Virtualbox OSE, Right Click the targeted VCO, go to setting.. (Make sure the VCO is Powered Off) Go to Hard Disks. Click the Add Attachment Button (Button with + ) and your newly created VHD will be inserted automatically and finish it with OK button.

3. Start targeted VCO

The VCO will detect and install the new VHD when startup and wait until it finish and the Right Click on My Computer, choose Manage. Computer Management will be opened and go to Storage > Disk Management. Your new VHD will be in the list but labeled as Unknown. At the time you click the Disk Management, there will be a popup for Disk Initialize and go through the procedure until finish. The new VHD will be detected as Unallocated.

4. Format the new VHD

Right click the Unallocated drive and choose New Volume. Go through the Procedure until finish depends on your requirement. And now you already have new disk partition on you VCO.

I'm Halal ~ Web browser for Muslims

http://www.imhalal.com/

Alhamdulillah,

Ade juga akhirnya usaha nak mengislamkan search engine.. Tapi still beta version lagi..
untuk lebih maklumat pergi ke : http://imhalal.com/blog/
yang best pasal web browser ni ialah:

1. wow.. leh filter search result ikut tahap keharaman tu.. jeng jeng jeng... (klik gambar utk gambar yg lebih clear)



dan



2. wow.. leh tukar2 background la...

aiyak.. rempah nasik briani..

Combine video.001, video.002 dengan command prompt

Biasenye uploader movie akan splitkan movie diorang kepada beberapa part untuk memudahkan untuk upload movie.. selain untuk cantumkan balik movie2 ni gune tools, kite leh gune command promt. Caranya begini:

copy /b "movie_name.wmv.*" "movie_name.wmv"

tu saja.. yang penting file tu kene letak dalam folder yg sama.. ".wmv" tu leh ganti ngan file type lain yg berkenaan..

[Java] Wake on LAN

On PC di rumah dari ofis adalah idaman aku sekian lama. Dan aku rase aku memang 'n00b' giler sebab baru tau pasal wake on LAN. Jadi tak salah rasenye aku post bende ni untuk panduan aku (kalau save dalam PC confirm tak jumpe cari).

Wake on Lan adalah cara 'on'kan PC remotely dengan menghantar simple UDP packet ke port 9 kat NIC yg support Wake on LAN. Nak tau support ke tak biasenye LED kat LAN socket tu masih menyala walaupun PC dah turn off. Untuk anta packet tu, leh pkai ape2 pun coding n ni aku nak share coding Java:

import java.io.*;
import java.net.*;

public class WakeOnLan {

public static final int PORT = 9;

public static void main(String[] args) {

if (args.length != 2) {
System.out.println("Usage: java WakeOnLan ");
System.out.println("Example: java WakeOnLan 192.168.0.255 00:0D:61:08:22:4A");
System.out.println("Example: java WakeOnLan 192.168.0.255 00-0D-61-08-22-4A");
System.exit(1);
}

String ipStr = args[0];
String macStr = args[1];

try {
byte[] macBytes = getMacBytes(macStr);
byte[] bytes = new byte[6 + 16 * macBytes.length];
for (int i = 0; i <>
bytes[i] = (byte) 0xff;
}
for (int i = 6; i <>
System.arraycopy(macBytes, 0, bytes, i, macBytes.length);
}

InetAddress address = InetAddress.getByName(ipStr);
DatagramPacket packet = new DatagramPacket(bytes, bytes.length, address, PORT);
DatagramSocket socket = new DatagramSocket();
socket.send(packet);
socket.close();

System.out.println("Wake-on-LAN packet sent.");
}
catch (Exception e) {
System.out.println("Failed to send Wake-on-LAN packet: + e");
System.exit(1);
}

}

private static byte[] getMacBytes(String macStr) throws IllegalArgumentException {
byte[] bytes = new byte[6];
String[] hex = macStr.split("(\\:|\\-)");
if (hex.length != 6) {
throw new IllegalArgumentException("Invalid MAC address.");
}
try {
for (int i = 0; i <>
bytes[i] = (byte) Integer.parseInt(hex[i], 16);
}
}
catch (NumberFormatException e) {
throw new IllegalArgumentException("Invalid hex digit in MAC address.");
}
return bytes;
}


}

lepas compile code ni, run code ni dengan due argument tambahan: ip adress n MAC address.
contoh:

java WakeOnLan 192.168.0.20 00:0D:61:08:22:4A

tu saja.. kalau tak success, antar 2, 3 kali sebab UDP ni maklum la.

p/s: kalau PC kat umah tu behind firewall, jgn lupe allow port 9 n jagn lupe port forwarding port 9 ke ip pc kite tu. maknenye, mase run java tu, letak ip luar (WAN IP) pastu kat firewall or adsl router tu foward port 9 ke LAN ip PC kite. (aku taktau la ape instilah sebenar ip luar tu..duhh)

http://bit.ly/ pendeknyeeee

Bestnye menggunakan http://bit.ly ni.. tp apekah ia? bit.ly ni pemendek url yg panjang lebar..

contohnye:

url asal: http://example010.blogspot.com/2008/05/how-to-remove-flash10exe-and.html

lepas gune bit.ly: http://bit.ly/Cya6J

wah.. mantapnye..

Public key problem when update - Ubuntu

gpg --keyserver keyserver.ubuntu.com --recv-keys $KEY

then

gpg --export --armor $KEY | sudo apt-key add -

$KEY = key value we have missed.

Upgrade to OpenOffice 3.0

1. Go to System -> Administration -> Software Sources...
2. Open "Third-Party Software" tab, and click add
3. Paste this: deb http://ppa.launchpad.net/openoffice-pkgs/ubuntu intrepid main
4. Download this: key
5. Open "Authentication" tab and import the downloaded file.
6. Close the Software Source and click reload.

Turning off GCC Stack Smashing Protection

When trying to test my code against stack smashing, I'm stuck when the stack smashing protection always disturb me and terminate the program. Thats really frustrated because I'm just want to learn buffer overflow attack. After a short research and googling, I wrote this short tutorial for my own reminder if i forgot it in the next time.

What is stack Smashing protection?

From http://www.trl.ibm.com/projects/security/ssp/ .

It is a GCC (Gnu Compiler Collection) extension for protecting applications from stack-smashing attacks. Applications written in C will be protected by the method that automatically inserts protection code into an application at compilation time. The protection is realized by buffer overflow detection and the variable reordering feature to avoid the corruption of pointers. The basic idea of buffer overflow detection comes from StackGuard system.

How to Bypass SSP?

Let say our program named unprotect.c. To bypass the stack smashing protection, we just compile it with -fno-stack-protector option.

for example:

user@user:~$ gcc -fno-stack-protector unprotect.c -o unprotect


so, when we text the code, the SSP is not activated when we smash the stack.

for example:


user@user:~$printf "%0516x" | ./unprotect
user@user:~$Segmentation fault


yahoo.. we did it..

Detect and Bypass Packer

Sometimes, when doing RCE (Reverse Code Engineering) using ollydbg, we got a message tell that the source are encrypted. And that make our life harder if the code are encrypted but ollydbg did not alert to us. Both of them because the code had been encrypted using "packer". Packer are used for reducing the size of file and at the same time it encrypt the code. It is one of anti-reverse engineering method. One of the commonly used is UPX but it was already known and easily unpackt it.

In this post I will demonstrate how easy you can bypass the the packer in our code. For this example, i used UPX for the packer and I'm packing calc.exe and rrenamed it to kalc.exe. Tutorial on how to pack using UPX is out of scope of this post but trust me, there're lots of tuts in google.

First thing is of course load the code in ollydbg and the first thing you see on EP was the PUSHAD instruction. PUSHAD was used to PUSH all the registers (eg: EAX,EBX ...) to the stack. This make the the backup af the data before the packing process occured. So, they did not fear of changing the data during packing.

So, the second thing is we step into the instruction by pressing F8. This is for making the all the data PUSHed into the stack.


After we step into the instruction, we can see ESP at the right side had filled with something. ESP is stack pointer and point to the top of the stack.

Then we right-click at the ESP and choose follow in Dump. We will see that something chnaging in the hexdump below the ollydbg.



Then, we will make a hardware breakpoint. Highlight the first dword value (thats are the first 4 pair hex value) and then right-click > Breakpoint > Harware on access > Dword.


After that, run the code and it will stop at the hardware breakpoint that we made before. If you notice, there are POPAD instruction. This instruction is calling or POP all the data in stack. It is opposite with PUSHAD. Thats mean, we are at the end of the packing process. But we need to step a little bit by pressing F8 and after we step after the JMP, we will arrive at the start point of the unpack file or we called Original Entry Point (OEP).

Change Explorer Background Image

This a simple manipulation of regestry for changing explorer background image.

1. Create your own image in photoshop with you own size. I prefer 785x86 pixel and save with .bmp for example back.bmp.





This is my example.

2. Then open registry editor: Start > Run > Regedit.exe
3. Open HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Toolbar.
4. Add new string by right click and named it BackBitmapShell.
5. Double click the key and enter the full path of your bitmap image. Click OK.
6. Close registry editor and open my computer. Walla!.

How to insert things in context menu

Open your Registry Editor by start>run and type regedit.. then, go to HKEY_CLASSES_ROOT\*\Shell\ .

Create a new key by right clicking it. And rename it for whatever you want for example notepad. On the right hand side, double click the default and put on the value, what you want it to appear, example "open with notepad".

And then create new key under the previous key and name it command. Change tha default value to the link to your file for eg: C:\WINDOWS\System32\Notepad.exe and dont forget to add %1 at the end to ensure this is appear only on the supported file only. So it becomes C:\WINDOWS\System32\Notepad.exe %1.

Easy way to rename recycle bin

Many people having problems to rename their recycle bin to whatever name they want it to be. So I provide a simple tutorial on how to do it..

Open up your text editor or notepad and copy the following text into a new file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder]
"Attributes"=hex:50,01,00,20
"CallForAttributes"=dword:00000000

and now this file as whatever name you want but must end with .reg, eg: rename bin.reg.. save the file and double click the saved file and press yes if prompted a message box. Then, you can rename the recycle bin by right click>rename or directly press F2 when highlight the recycle bin..

Change Background of the folder

As Windows XP Home/Pro was released, many have realized that Microsoft had removed our ability to change wallpaper of our folders! Shortly after we realized the trouble on our machines, we got to work on a solution. We’ve found that Microsoft™ did not remove the ability to change the background and text color but instead hide the interface.

Now, it is somewhat simple for anyone to add wallpaper to a Windows XP folder.


1) Open notepad

2) Type in the text below
[{BE0981 40-A513-11D0-A3 A4-00C04FD706EC}]
IconArea_Image ="C:\your picture location.jpg"
IconArea_Text= 0x00FFFFFF

3) Save file as desktop.ini
Save as type : All Files

4) Copy the desktop.ini file you just created, and
paste into the folder you want the background to
be change

5) Go to START --> RUN..

6) Type Attrib s "C:\Location of your folder"
Click OK

7) Open your folder and the picture should be set by now.

Boost the speed of your Adobe Reader 8.0

To boost your adobe acrobat reader 8.0, open the Adobe Reader 8.0 directory at:

C:\Program Files\Adobe\Reader 8.0\Reader

There you will see Optional and Plug-ins folder. Open the Plug-ins folder, then cut all the files and folders inside and paste it at Optional folder.

Good Luck.

How to remove virus from USB drive

The most popular media to spread virus is USB drive and it is faster to spread virus and very effective. But do you know, if you know how to remove the virus in your USB drive, you can save not even your computer but the whole organization. What is the most important thing is at the moment you open your USB drive.

Opening USB

Usually we always just double click the USB drive but after this you need to open it using adress bar. Address bar is on the top of your window at about 1.5 cm from the title bar. But if there is no address bar, you can enable it by click view> toolbars> address bar. By opening your USB drive using this way, you can prevent the virus from autorun.

After you open your USB drive, you need to enable hidden and super hidden file. To do this, click on Tools> Folder Options.
Click on view tab and scroll down and thick on Show Hidden Files and Folders radio button and uncheck the Hide protected operating systems and Hide extensions for known file type. After that click apply. After this step you will see all the hidden and super hidden in your computer but remember, don't remove blindly files in other drive because some of it is important systems file.

After that, if your drive is infected, you can see a file named autorun.inf. Double click the file to know what the virus file. In my USB drive the files contain:

[autorun]
Open = wscript.exe \VirusMawar.js
shellexecute = wscript.exe \VirusMawar.js
shell\Open\command = wscript.exe \VirusMawar.js
shell\Explore\command = wscript.exe \VirusMawar.js -Clicked
shell\AutoPlay\command = wscript.exe \VirusMawar.js
shell\Scan for Viruses\command = wscript.exe \VirusMawar.js
shell\Scan with Norton AntiVirus\command = wscript.exe \VirusMawar.js
shell\Scan with AVG\command = wscript.exe \VirusMawar.js
shell = Explore

The suspected virus is VirusMawar.js and find the virus in you USB drive and hightlight the virus file and press shift+delete to permanently remove the file. Now you can be a hero. :) Hopefully you enjoy this tutorial.