Xanda's Blog !~!

BruCON 2010: Call for Papers

Feb
17

Call for Papers BruCON.v2 2010: Hacking for B33r
================================

Brussels, Belgium — This is a call for papers and participation for the second BruCON edition, a 2-day Security and Hacking Conference, full of interesting presentations, workshops and security challenges.

BruCON is an open-minded gathering of people discussing computer security, privacy, and information technology. The conference tries to create bridges between the various actors active in computer security world, included but not limited to hackers, security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies,…..

The conference will be held in Brussels (24 & 25 September 2010) at The Surfhouse(www.surfhouse.be).

[READ MORE HERE]

12DBi WiFi Antenna

Nov
18

Here is the 12BDi antenna that mentioned before.

Full test heven’t been done on the antenna yet. Full review will be post onc the test has been performed later.

WiFi Antenna Hack

Nov
12

Aku MC hari nie disebabkan demam yang teruk. Aku kena suntik btw.

Boring asyik berbaring, I did some searching on boosting WiFi signal. Actually WiFi nie di-share dengan najib yang tinggal di selang sebuah rumah, di bilik paling hujung.

So aku try la 1 poorman project nie. All I need is a aluminum can

It might look stupid but it works!

P/S #1:- Actually I already bought a 12DBi WiFi antenna and tentatively it gonna arrive on 12/11/2008 (morning). HAHAHA… I really cant wait..

Brand new 12DBi WiFi Antenna for only RM43. Nice and cheap huh?

P/S #2:- I’ve cooked another OS ROM for HTC P3600i

Fedora and Red Hat servers compromised – CentOS unaffected

Aug
25

Let’s start with an item that dominated the coverage on many Linux web sites – the security breach of Fedora and Red Hat servers. This is what happened: “Last week we discovered that some Fedora servers were illegally accessed. The intrusion into the servers was quickly discovered, and the servers were taken offline. One of the compromised Fedora servers was a system used for signing Fedora packages. However, based on our efforts, we have high confidence that the intruder was not able to capture the passphrase used to secure the Fedora package signing key.” The fact that it took Fedora more than a week to publish a report on the problem was heavily criticised by some media (see this article by ITWire). However, the simple truth is that as soon as Fedora discovered the breach, they have stopped providing software updates, they mobilised their resources to deal with the situation and, once they analysed the extent of the problem, published a report about it. That’s pretty much what I would expect from any distribution – nothing more and nothing less. The incident also confirms another fact: there is no such thing as “100% secure” and similar issues are bound to happen from time to time (one of the Debian servers was also hit by a security compromise in July 2006). While it is regrettable that a server of a major Linux project gets broken into, there is no doubt that Fedora has dealt with the situation in a highly efficient, competent and responsible manner.

As far as the users of Red Hat Enterprise Linux are concerned, the company sent out the following security alert (RHSA-2008-0855) to its customers: “Last week Red Hat detected an intrusion on certain of its computer systems and took immediate action. … In connection with the incident, the intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only). As a precautionary measure, we are releasing an updated version of these packages, and have published a list of the tampered packages and how to detect them.” But those customers who use Red Hat Network to update their products are not affected by the issue: “Our processes and efforts to date indicate that packages obtained by Red Hat Enterprise Linux subscribers via Red Hat Network are not at risk.”

Next, it was the turn of CentOS, a distribution that is effectively a clone of Red Hat Enterprise Linux (RHEL) and which uses RHEL packages for their own security updates. Karanbir Singh in CentOS position on systems intrusion at Red Hat: “We take security issues very seriously, and as soon as we were made aware of the situation I undertook a complete audit of the entire CentOS 4/5 build and signing infrastructure. We can now assure everyone that no compromise has taken place anywhere within the CentOS infrastructure. Our entire set-up is located behind multiple firewalls, and only accessible from a very small number of places, by only a few people. Also included in this audit were all entry points to the build services, signing machines, primary release machines and connectivity between all these hosts. … Finally, while we feel confident that there is no possibility of this compromise having been passed onto the CentOS user base, we still encourage users to verify their packages independently using whatever resources they might have available.”

[Hahaha… Source: Distrowatch]

Hack Attack Challenge 2008

Apr
14

Start: 21/04/2008 – 10:00am
End: 23/04/2008 – 5:00pm
Timezone: GMT+8

About
Hack Attack is a web-based hack game testing players in their knowledge of Web security. There are 4 levels in total and each one of them has their own security flaw caused by bad programming and misconfiguration. Players have to find these so called flaws and exploit them to gain access to the next level using only a web browser.

Prize
Be the fastest to beat all 4 levels within 20 minutes and win a seat for Hack in the Box Security Conference 2008 – Kuala Lumpur (HITBSecConf2008), sponsored by Hack in the Box (M) Sdn. Bhd.

Event Details
Date: 21st – 23rd April 2008 (Week 12)
Time: 10.00 AM – 5.00 PM
Venue: Lobby, Block B (Old Fosee), Multimedia University (Malacca Campus)
Website: http://hackattack08.linuxsig.net
Registration: Free