PBS made “Nova” dramatization of his book starring Cliff himself called “The KGB, CIA, Computer and Me”, and someone has finally uploaded it to Youtube!.

Part 1

Part 2

Part 3

Part 4

Part 5

Part 6

You can find out more about him here:

Clifford Stoll

And he did a segment for TED too here:

Clifford Stoll: 18 minutes with an agile mind

OPST stands for OSSTMM Professional Security Tester, recursive eh? OSSTMM stands for Open Source Security Testing Methodology Manual.

If you’ve never heard of the OSSTMM, you don’t really need this cert

The OPST is a certification of applied knowledge designed to improve the work done as a professional security tester. This is an important certification for those who want or need to prove they can walk the walk in security testing, the discipline which covers network auditing, ethical hacking, web application testing, intranet application testing, and penetration testing. And it is a critical, eye-opening class for security auditors, network engineers, system and network administrators, developers, network architects, security analysts, and truly anyone who works in IT from systems to networks.

Cool eh? Kinda nerve wracking after submitting the results directly the servers in Spain and waiting 3 weeks for the pass/fail..

Yes that’s X-windows on a *nix station, the exam was done purely on Linux, Windows was used for some surfing, the exam is 90% practical a tunelled connection to spain, kinda slow..the other 10% is about some ethics and parts of the OSSTMM.

Yes of course I passed, top grade in the class I think..

Ah well, wonder which certificate to do next, kind of hard to find decent computer security courses in Asia, I think SANS is in Singapore soon though..

Don’t even mention MSCE, I’ll spit on you I wouldn’t mind RHCE or LPI next though, or perhaps go the Cisco route or something else proprietary..

Sadly it didn’t pour out loads of money..it just told me the resolution I was using was too low.

Can you believe ATMs are using Windows XP? No wonder they are down so often….

What happened to OSes built in Assembly and Embedded Device Operating Systems?!

SHE GOT OWNED HARD, LIKE IN THE ASS WITH A CHILLI PEPPER COVERED BAT.

She is full of shit, she is full of herself, she isn’t hot, she writes a lot of angsty crap but does have some great posts, whatever she’s done however and however much of a cunt she is, she doesn’t deserve this…

3 years of blog entries gone

3000 e-mail and contacts gone

Dear readers of xiaxue.blogspot.com,

Yes, indeed, my blog has been hacked. I understand some of you might be sending emails to me right now, alerting me, and the thought warms my heart (which is very startlingly cold right now mind you).

Unfortunately, the hacker is quite clever. He also managed to guess the password to my gmail account. My 3,000 emails, some of which very important business contacts, are all gone.

I don’t like her, but I do pity her, whoever did this good job, but well it’s not really a cool thing to do…

I’m a l33t h4x0r so I backup often, the reason I don’t use blogspot is because I want to backup my posts and comments easily.

Anyway best practise is BACKUP YOUR SHIT OFTEN.

That goes for your PC too, you don’t know when your hard-drive is going to conk out, organise your shit and burn it to CD.

DO IT NOW DON’T CRY TO ME WHEN YOU LOST YOUR PHOTOS OF LITTLE JOE HUMPING HIS SISTER.

Backup your blog, backup, backup backup everything, twice, three times, DO IT.

Buy some CD-RW and do it often, that’s how I do it.

You can even leave the damn CD-RW in the drive permanently unless you want to burn something else and schedule it.

That’s also why I shifted to =http://www.mozilla.org/products/thunderbirdThunderbird[/url], it’s so much easier to backup than Outcrap Express.

Anyway I =http://xiaxue.blogspot.comXia Xue[/url] I think you are a cunt, but I pity you, and frankly your situation sucks.

Hope you manage to restore everything back to normal service, I do enjoy your posts from time to time

Even though I believe in full disclosure, we have to be responsible to vendors and organisations too.

Basically it went down like this, I sent an E-mail to the editor of =http://thestar.com.myThe Star[/url] about my feelings on the Malaysian Summons system and =http://www.shaolintiger.com/2005/01/18/malaysian-bureaucracy-and-the-summons-fiascomy post about it[/url].

He clicked on the link from a web based e-mail system and came to read the article, in doing so he passed a referal string to my site (This is a string holding the information of where you just came from, so if you came from a google search on donkeys I’ll get the referal string http://www.google.com.my/search?hl=en&q=donkeys&meta=).

So in the referal string I got from the web based e-mail page, contained the session ID for the Editor who was reading his mail, this session ID wasn’t cookie based, or machine based, it was just a Session ID, which enabled me to log straight into the Editors e-mail..

The referal string I got was something like this:

Xf3969c9b9d9b929c9a9e6012d8ab in this case is the session ID, simply by entering this link into my browser I could access the editors mail account, I tested and I could change everything except the password (as I don’t know the existing password) but by sending mail from this account I could probably social engineer the password to be changed.

I could read all of the mail in the inbox and other folders

And change any settings I want..

I ever gave them a more accurate signature:

If everyone is using this webmail system I could easily hijack their accounts too, this would be done by sending a HTML mail with a simple image imbedded inside, hosted on my domain, when the mail loaded it would load the image remotely (which your webmail allows I checked) and I would have the referer URL again in my weblogs with the relevant session ID.

Again I could just paste this into my browser and access the account of anyone using this webmail software.

It shows the current state of Information (in)Security in Malaysia.

I did of course e-mail them as soon as I found at and told them how to fix it.

This is just for your information.

On a similar note, if any of you have heard of =http://www.globalmalaysians.comThe Global Malaysian Network[/url], again under the control of =http://www.thestar.com.myThe Star[/url] was programmed insecurely.

The Global Malaysian Network is an initiative by The Star Malaysia (www.thestar.com.my) to facilitate networking and to tap into the resources, knowledge, skills, investment and contacts that Malaysians can offer to other Malaysians wherever they are in the world. The directory requires members to submit their personal details including their name, marital status, postal address, contact details, professional/occupation information and even educational background details.

Due to bad programming practices and unchecked variables there are several SQL injection vulnerabilities in the web application that powers the GM Directory. By manipulating the input strings a malicious attacker could potentially compromise the security of the database server and disclose any content within the database including private and sensitive information of the Directory members.

Owned by my friends over at Hack in the Box yesterday.

So The Star, I reckon you need to buck up your ideas when it comes to Infosec

LOL

Yeah I can’t think of anything to write, well I can but I’m busy cleaning up, yes I’m domesticated..

I designed the shirt myself, it’s a part of my collection of Geek, Hacking, Computer Security and various other things related T-shirts, Mouse Mats, Jumpers and Even thongs!

I also have these:

I..

Need…sleeep *yawn*

Stupid deadlines, stupid risk assessment, stupid lack of templates, stupid no guidelines, stupid project, stupid assholes, stupid lack of questionaire answers, stupid stupid *yawn*

I slept for 3 hours yesterday morning, then another few hours in the evening, then reading and writing about a crappy risk assessment till 4am then slept a while and came to work at 8.30am…

Was playing with my connection over the weekend aswell seen as though I was stuck in front of the PC the whole time anyway..

I’m having a major problem with HTTP downloads stalling, Torrents, FTP, MSN, IRC everything else seems ok, I’d hazard a guess to it’s something to do with a transparent proxy at Tm.nut side.

Connection seems to have gotten worse since the 1MB upgrade came through..

Speeds seem to be getting better though, I get 1+MB to Malaysian sites with 45ms latency

I get 750+kbps to Japan/Korea sites with 200+ latency

I get 200-600kbps to US/Europe sites with 300+ latency..

The international link latency still leaves a lot to be desired….

Found some great resources though, will post a summary soon..

I’ll hassle them about it soon.

Dial-up still blows a big nut.

For example if you type ‘population malaysia’ in the search box, it will no longer lead you to the pages that contain the info, it will actually give you the answer and the page it got the info from:

Also works for other stuff like people, search ‘who is bruce lee’

It is however in early stages, but it looks like it will be a better alternative to =http://www.ask.comAskJeeves[/url], which was based on this metho d of searching (actually posing the search engine a question).

I also stumbled upon another new toy, =http://www.yagoohoogle.comYagoohoogle[/url], which seems to be down at the moment.

It’s a site split into 2 panes, so you chuck a search term in the first page it shows you both the Yahoo! and Google results. Pretty neat.

BTW has awesome lasagne from hotel room service last night, yum! See you all on Monday.

Source:

You can download it HERE

Why Use Firefox?

Popup Blocking
Stop annoying popup ads in their tracks with Firefox’s built in popup blocker.

Tabbed Browsing
View more than one web page in a single window with this time saving feature. Open links in the background so that they’re ready for viewing when you’re ready to read them.

Privacy and Security
Built with your security in mind, Firefox keeps your computer safe from malicious spyware by not loading harmful ActiveX controls. A comprehensive set of privacy tools keep your online activity your business.

Smarter Search
Google Search is built right into the toolbar, and there is a plethora of other search tools including Smart Keywords (type “dict ” in the Location bar), and the new Find bar (which finds text as you type without covering up anything).

Live Bookmarks
RSS integration lets you read the latest news headlines and read updates to your favorite sites that are syndicated. (This means you can easily watch blogs for new posts as long as they have RSS/XML/Atom feeds)

Hassle-Free Downloading
Files you download are automatically saved to your Desktop so they’re easy to find. Fewer prompts mean files download quicker.

Fits Like a Glove
Simple and intuitive, yet fully featured, Firefox has all the functions you’re used to – Bookmarks, History, Full Screen, Text Zooming to make pages with small text easier to read, etc.

S, M, L or XL–It’s Your Choice
Firefox is the most customizable browser on the planet. Customize your toolbars to add additional buttons, install new Extensions that add new features, add new Themes to browse with style, and use the adaptive search system to allow you to search an infinite number of engines. Firefox is as big or small as you want.

Setup’s a Snap
At only 4.7MB (Windows), Firefox takes just a few minutes to download over a slow connection and seconds over a fast connection. The installer gets you set up quickly, and the new Easy Transition system imports all of your settings – Favorites, passwords and other data from Internet Explorer and other browsers – so you can start surfing right away.

Get funky extensions here:

My favourites would be:

1) Adblock
2) BBCode
3) Bugmenot
4) Dictionary Search
5) Forecastfox
6) LiveHTTPHeaders

And you can read more about WHY you should use it =http://www.shaolintiger.com/2004/11/09/updatethe-insecurities-of-internet-exploder-and-moreHERE[/url].

Get it now, reclaim the web!

I’ve also experienced the same problem, sometimes can’t access any US sites and when I can it’s very slow..

For example even now, when it’s up latency is horrendous..

I just found out why, hopefully things should be better after this!

TMNET SERVICE DISRUPTION TM Net Sdn Bhd would like to inform its customers that we will be conducting a scheduled maintenance and upgrading exercise at the International link to the United States to improve our service performance. As a result, customers may experience a slower performance especially to its U.S. links from 12:00 noon on 24 March 2005 (Thursday) until 28 March 2005 (Monday).

TM Net Sdn Bhd apologizes for any inconvenience caused but at the same time, we would like to assure you that we are upgrading our service to serve you better.

Source: TMnet

So according to this, things should be better than before after March 28th, bring it on!

When am I actually going to get the 1MB line I am paying for rather than a measly 512k though, that’s what I want to know..

ADSL Status Mode State Up Speed Down Speed SNR Margin Loop Att.
T1. 413 SHOWTIME 128000 512000 19.0 60.0

W00t…