Xanda's Blog !~!

Pidgin 2.5.7 Has Released



[If you plan to compile it yourself, please refer HERE]

Change log:

  • Yahoo Protocol 16 support, including new HTTPS login method; this should fix a number of login problems that have recently cropped up. (Sulabh Mahajan, Mike “Maiku” Ruprecht)
  • Only display the AIM “Unable to Retrieve Buddy List” message once per connection. (Rob Taft)
  • Blocking MSN users not on your buddy list no longer disconnects you.
  • When performing operations on MSN, assume users are on the MSN/Passport network if we don’t get network ID’s for them.

New Project / Hobby :: Hunting / Collecting 0day in Ethical Way


Maybe you’ve heard about iDefense Lab and Zero Day Initiative before.. If no, please stop reading the rest of this entry bacause you might not understand what I’m tryin’ to say.

Yes I’m trying to establish something similar to iDefense Lab and Zero Day Initiative but the difference is, I’m not gonna sell the bugs and PoC. And.. No exploit will be released to the public as well. To me, it is all about fun and ethical.

Personally I’ve found a few 0days during my Uni time & working time

  • 2007 – Local Uni’s web apps – [dah kantoi]
  • 2007 – Local Uni’s web apps – [dah kantoi]
  • 2008 – Friend’s CMS (blog) – [dah kantoi]
  • 2008 – Friend’s CMS (fyp) – [dah alert admin & dah kantoi]
  • 2009 – Famous hypermarket’s web apps – [dah alert admin]
  • 2009 – Big local company’s web apps – [dah alert admin]
  • 2009 – Foreign Uni (faculty) web apps – [hurm… :D]
  • 2009 – Local Uni (faculty) web apps – [dah alert admin]

All bugs I’ve found in 2007 & 2008 have been abused by me but starting in 2009, the vulnerabilities found have been informed to the developer/admin for further action.

Starting from next 2 weeks, I’m going to hunt more 0days in a proactive manner and in ethical way. My area of interest will be the web applications. Alert will be sent to the vendor and general advisories will be released to the public. ‘Hunting’ is not the problem now, but ‘trademark’, timeline, alerting and advisories are the current issues for me.. I’m going to consult one of the oldtimer in this area next week to seek for his advice.

Good luck to me. Till next time..


My colleague in UIA inform me that he wants to be part of the project and gonna focus in modules/components. Thanks mate

Protected: How to Bypass Touch and Go (TnG)


This content is password protected. To view it please enter your password below:

General Info , , , Enter your password to view comments.

Fedora 11 (Reign) has Released


Release Note

Screenshot Tour


P/S: WordPress 2.8 will be released soon as well. Stay tuned..

Short Update

  • Sangat bz last 2 months
    • After struggling on the so-called automagic script, now more than 80% of my works dah di automate kan, so i can relax.
    • “Automate the many, deal with the few!” (Robert Stroud, 2009)
  • Conducted 1 whole day training @ MSCOSCON 2009
    • Meet many peoples
    • Exchange opinions & contact
    • Dhillon Andrew Kannabhiran belanje donat
    • Got 3 geek tshirts HAHAHAHA
    • Established new projects/collaboration 😛
  • Addicted to WORK!
  • I am now a MacBook fan
  • Part time model? 😛
  • First time involve ngan treasure hunt.
  • New phone is on the way
  • Just got my business card & corporate shirts
  • P1WiMax is on the way
  • Has released 2 articles & 3 advisories (since last update)
  • Keeping H1N1 & Maxinvest monitoring page up to date
  • will be available in IRC for 24/7 since I’m now connected to my department’s quassel server 😉
  • I’m going to migrate to 64-bit OS on my notebook
  • xda-developer people said WM6.5 is hunger for memory but Piju said No. I’m going to bake my own WM6.5 ROM
  • Akan bercuti next week, cuti cuti semenanjung Malaysia 🙂