No More Toll, No More Traffic Jam

June 24th, 2009
No comments

Ngeh ngeh.. I’ll need to pay no toll and no need to stuck in traffic jam anymore after this.. Plus.. The route is even shorter compare to the normal route I took previously..

Thanks to the new U turn at Bukit Jalil

xanda My Self

Pidgin 2.5.7 Has Released

June 24th, 2009
2 comments

Download

[If you plan to compile it yourself, please refer HERE]

Change log:

  • Yahoo Protocol 16 support, including new HTTPS login method; this should fix a number of login problems that have recently cropped up. (Sulabh Mahajan, Mike “Maiku” Ruprecht)
  • Only display the AIM “Unable to Retrieve Buddy List” message once per connection. (Rob Taft)
  • Blocking MSN users not on your buddy list no longer disconnects you.
  • When performing operations on MSN, assume users are on the MSN/Passport network if we don’t get network ID’s for them.

xanda IT Related , ,

New Project / Hobby :: Hunting / Collecting 0day in Ethical Way

June 14th, 2009
6 comments

Maybe you’ve heard about iDefense Lab and Zero Day Initiative before.. If no, please stop reading the rest of this entry bacause you might not understand what I’m tryin’ to say.

Yes I’m trying to establish something similar to iDefense Lab and Zero Day Initiative but the difference is, I’m not gonna sell the bugs and PoC. And.. No exploit will be released to the public as well. To me, it is all about fun and ethical.

Personally I’ve found a few 0days during my Uni time & working time

  • 2007 - Local Uni’s web apps - [dah kantoi]
  • 2007 - Local Uni’s web apps - [dah kantoi]
  • 2008 - Friend’s CMS (blog) - [dah kantoi]
  • 2008 - Friend’s CMS (fyp) - [dah alert admin & dah kantoi]
  • 2009 - Famous hypermarket’s web apps - [dah alert admin]
  • 2009 - Big local company’s web apps - [dah alert admin]
  • 2009 - Foreign Uni (faculty) web apps - [hurm... :D]
  • 2009 - Local Uni (faculty) web apps - [dah alert admin]

All bugs I’ve found in 2007 & 2008 have been abused by me but starting in 2009, the vulnerabilities found have been informed to the developer/admin for further action.

Starting from next 2 weeks, I’m going to hunt more 0days in a proactive manner and in ethical way. My area of interest will be the web applications. Alert will be sent to the vendor and general advisories will be released to the public. ‘Hunting’ is not the problem now, but ‘trademark’, timeline, alerting and advisories are the current issues for me.. I’m going to consult one of the oldtimer in this area next week to seek for his advice.

Good luck to me. Till next time..

[updated]

My colleague in UIA inform me that he wants to be part of the project and gonna focus in modules/components. Thanks mate

xanda IT Related, My Self , ,

Protected: How to Bypass Touch and Go (TnG)

June 14th, 2009
Enter your password to view comments

This post is password protected. To view it please enter your password below:


xanda General Info , , ,

Fedora 11 (Reign) has Released

June 10th, 2009
No comments

Release Note

Screenshot Tour

Download

P/S: Wordpress 2.8 will be released soon as well. Stay tuned..

xanda IT Related , ,