spoonfork

teams with the highest score wins. panda was made up slash, riaf and xwings.

daemon01 and daemon02 are custom daemons with buffer overflow and format string bugs. server01 is a connectback server.
green means service is OK, red means service is down, and yellow means the service flag is compromised.

not shown on the chart are bug01, bug02, bug03 and bug04. these are codes with various overflow bugs. panda and eagles managed to write exploits for bug02, bug03 and bug04, while du0 only managed bug02.

anyways, more write-up soon.

was a blast! the usual suspects are there - gaius, jim, the grugq, sys64738 , dave, joanna, divine shadow, tony chor of microsoft, miko of f-secure, jose, marius, nish, roelof temmingh, and others. the ctf was a blast as well. teams (at least 2 teams) really attempted to write exploits for the custom application with vulnerabilities that we provided. i will write more about this in the next blog update.

the guys from mydefcon were around as well - sorry guys i can't hang out with ya'll. we also got a lof of help from the volunteers.

the post conference party - was a blast!

and oh - don't forget the zone-h special edition comic for hitb is out. you can download it here. special guest stars are l33tdawg from hitb and fyodor, author of nmap. i played a small role as a lock-picking expert.

more updates and pictures will be posted soon!

three things:

• no blog updates for the time being. my brother and i decided to take a trip to tanzania and look for business oppurtunities there. we're thinking of opening a nasi lemak stall there, and maybe laksa sarawak as well. but that is just a plan. we are not sure really. we're just gonna go there and see how it goes.


• i'm reachable via my mobile, yay for roaming. do expect a 24- to 36-hour delay if you expect me to reply if you're emailing me.


• there's no number 3

listening to: deep dish - sacramento

crazy crazy crazy crazy crazy crazY craZY crAZY cRAZY CRAZY
CRAZY CRAZy CRAzy CRazy Crazy cr AZyCRazy c RazYCRaZYc rAzy
craz yc Razycrazy cRA Zy cr A  Zy CrazycRazycrAzycraZycrazY
cRa zycr aZYcrAzycrazyc raZy cr Azy crazycraZY c raz YCraZy
c raz ycRazyCraz ycr a  Zycrazy cRazy crazycrazyc razycrAZy
CRAzy c r A z YCrazy cRazyCRAzY crazYcr azyCraZyCrazy cRAzy
crA zyCRaz yc r azY cRazYcRAZyCrAzyCRazY c rAZYCRaz yC raZy
cRaz y CraZy CRAZY crazy crazy crazy cRazycrazYC razy cRazy
c raZycrA zycr AzyCraZY CRAZYcraZycrazy cr  AzY  crazYCrazy
C r azycRazyCrazY c r azyCRAzYCrAz ycrazycRaz ycraZy Cra zy
C raz ycRazy craZYCrAzycr azy  cRAz y cRAZycraZyCraz ycrazY
craZyc raz ycra Zy cRAzyCRazy crAz ycRaZYCRAzycRa zy cr azy
c raz Y cRAzYCrazy c rAzycrazyc RAZY CRazycrAzyc razyCRa zy
cr azy crazy crazy cRAzyCRAzy crazyC razycr a ZYcraz ycRazy
crazyCRaZycrazYcRAZycraZY crazy CrA z ycra ZY c rA zYcr azy
craz y crazYcraZYCRAz y c razYCr azycrazy crazy cra ZYCraZy
CrAzyc ra zYcrAzy cRAZY CRAZY CRAZY CRAZY CRAZY CRAzy cRazy
c rAz YCrAZ yc Razycr azycrazycr AZYcrazycraz y CRAZY CRAZY
CRAZY cRAZyC ra zyc razy cr azyCrazYcrazYCrazycr azy craZ y
c RAZYC razycr azy crazy crazYcRazy crazy cRAZycrazy c razy

Listening to: Underworld - Pearl's Girl

I don't know what NISER (National ICT Security & Emergency Response Centre) is preaching these days. I downloaded their 2nd quarter newsletter and decided to figure what they're preaching. This edition contains a few topics, ranging from general article about first generation honeypots, introduction to computer forensic, a few bits about worms, viruses, trojan horse, adware and spyware, tips to secure your personal PC, and others. Included in this edition is the usual MyCERT quarterly summary.

To me, the MyCERT quarterly report section is of no use because of few reasons:

• the accompanying graphs are of little value since the images are all blur. in fact, most of the images in the newsletter are blur.


• the statistics itself is questionable. reading through section "Significant Drop on Intrusion Incidents", it mentioned defacements due to IIS Unicode traversal attack. this is bewildering since unicode traversal attacks were discovered and in 2000, and patch were available since then. 5 years on, and we're getting a newsletter from NISER informing us about unicode traversal. this makes me wonder wether the statistics that NISER get is based on real and successful attacks or just statistics massaged from IDS logs. i think that these statistics were based on IDS logs since it is highly likely that things like unicode traversal are generated by scanners, such as Nikto.
  


• Under the section "High Surge in 445/TCP Port Scanning", the graph and statistics do not mean anything because it only tell me the the scanning frequency for each port, but other metrics that will make the data more useful are missing. for example, how many host were scanned for port 445? how many unique source IPs were scanning the port? with this information missing, or an explanation of how the data were gathered, i may very well deduce that the statistics is from a single machine, and i can interpret it as "for this quarter, our Windows 2000 server which has port 445 opened to the public internet has been scanned up to a total of 3500 times".
  

A few articles caught my attention. One of this is WLAN Security. Towards the end of the article, the author writes the first criteria to decide on WLAN security is based on the type of data that needs to travel in it, and then decide on authentication and encryption system for security. Oh please! Does this mean that if an organization decides to pasang a wireless AP, they don't have to bother securing it, let alone implementing some kind of authentication, simply because data that traverse in it is just inane chatter? If this is the case, then Siti, Rupi and Ah Mei, whose interest is not in the data or the organization, can hook into the wireless network, and use that network to launch attacks against other network.

NISER, what are you preaching?

I browsed through most of the articles, but the last article is just ridiculously useless. In Tips on Protecting Your Personal Computer (which is a series as the introduction say) the author touches on user accounts, and user accounts only! To be frank, if you want to produce article about securing personal PC, don't make it into a series, especially if your newsletter is published like, 4 times a year. If you really want to help the general public secure their PC, write an article that will at least, if the reader decides to follow your advice, her PC will be secured hopefully until your next newsletter comes out!

• Choose strong administrator password


• Disable guest account


• Install anti virus. AVG Free Edition is a good one.


• If you're using Windows XP, update it to SP2


• Install Microsoft AntiSpyware


• Update your PC regularly


• Use alternative web browser, such as firefox

Assuming the main points above, is it really necessary to split the articles into series?

In my opinion, NISER is not doing a good job as a so-called national ICT security & emergency response centre. This newsletter shows the level of competencies and expertise of their staff. You decide.