Xanda's Blog !~!

Protected: BlackBerry Security Guideline – DRAFT

Mar
11

This content is password protected. To view it please enter your password below:

IT Related, My Self Enter your password to view comments.

Introducing MyEja – Bahasa Malaysia dictionary for spell-checking in Firefox and Thunderbird

Mar
04

After 3-4 hours struggling to make it public so here we go.. MyEja, the Bahasa Malaysia dictionary for spell-checking in Firefox and Thunderbird

The open-source Firefox Add-on MyEja for spell-checking supports Firefox and Thunderbird platform-independently. It is based on the OpenOffice Extension “Kamus Bahasa Malaysia (Malay Dictionary)”. The contents of the dictionaries are untouched and is in original state in the initial release of MyEja . The latest versions of Firefox and Thunderbird are also supported. MyEja was founded by me and it is the second initiative project from Mozilla Malaysia Community.

Looking forward for the approval from Mozilla Add-on Team.. The add-on is accessible at https://addons.mozilla.org/en-US/firefox/addon/myeja/

Why Improper Naming Convention Sux

Apr
20

Hi,

😀 First of all, i would like to say sorry to those who have read my previous entry (that has been removed; but thanks to Google people can still read it :P)

It was my fault; and here is the story 😛

I’ve been working on something and I simply create a file named aaaaaa.html on my tmp folder. Suddenly I found the FD challenge and decided to play around. I’ve copied the JS into aaaaaaa.html (with an extra ‘a’) and shamelessly tough that I’ve analyze the right file. Without further verification, i straightaway blog about it. LOL!

P/S: the same method used on the correct FD’s JS and again I’m able to decode it without getting my hand dirty. I’ll only share it publicly once I stop working on my JS-obfuscation-related-project.

Thanks

[img source: http://toddecreason.blogspot.com/2011/01/what-are-you-ashamed-to-be-seen-here.html]

Protected: I Knew Kevin Mitnick’s Password ;)

Jul
29

This content is password protected. To view it please enter your password below:

My Self , , , , Enter your password to view comments.

New Project / Hobby :: Hunting / Collecting 0day in Ethical Way

Jun
14

Maybe you’ve heard about iDefense Lab and Zero Day Initiative before.. If no, please stop reading the rest of this entry bacause you might not understand what I’m tryin’ to say.

Yes I’m trying to establish something similar to iDefense Lab and Zero Day Initiative but the difference is, I’m not gonna sell the bugs and PoC. And.. No exploit will be released to the public as well. To me, it is all about fun and ethical.

Personally I’ve found a few 0days during my Uni time & working time

  • 2007 – Local Uni’s web apps – [dah kantoi]
  • 2007 – Local Uni’s web apps – [dah kantoi]
  • 2008 – Friend’s CMS (blog) – [dah kantoi]
  • 2008 – Friend’s CMS (fyp) – [dah alert admin & dah kantoi]
  • 2009 – Famous hypermarket’s web apps – [dah alert admin]
  • 2009 – Big local company’s web apps – [dah alert admin]
  • 2009 – Foreign Uni (faculty) web apps – [hurm… :D]
  • 2009 – Local Uni (faculty) web apps – [dah alert admin]

All bugs I’ve found in 2007 & 2008 have been abused by me but starting in 2009, the vulnerabilities found have been informed to the developer/admin for further action.

Starting from next 2 weeks, I’m going to hunt more 0days in a proactive manner and in ethical way. My area of interest will be the web applications. Alert will be sent to the vendor and general advisories will be released to the public. ‘Hunting’ is not the problem now, but ‘trademark’, timeline, alerting and advisories are the current issues for me.. I’m going to consult one of the oldtimer in this area next week to seek for his advice.

Good luck to me. Till next time..

[updated]

My colleague in UIA inform me that he wants to be part of the project and gonna focus in modules/components. Thanks mate