Accounts Security V
Concerning Internet use at public spots & Password by Sequence
A Password Security Related Article by Calvin Limuel a.k.a. r3ck0rd
It’s been a long time since I last posted in Zoiz’ blog. Still the same topic, and it’s already the fifth! Covering internet usage at public hotspots and sequenced passwords. Here are the tips for this time: Read the rest of this entry »
Before I go back to home town and before I have problems getting internet connection, I wish you all : Happy Chinese New Year, Gong Xi Fa Cai! HUAT AH!! 
Happy Chinese New Year
Dirjen Pajak Darmin Nasution dini hari mengemukakan bahwa batas Sunset Policy diundur / diperpanjang hingga 31 Maret 2009.
Dimana seperti yang telah kita ketahui bahwa Sunset Policy adalah sebuah kebijakan dari pemerintah untuk menghapuskan sanksi pajak. Misalnya seorang wajib pajak yang tidak melaporkan / membayar pajak atas penghasilannya di tahun sebelumnya, jika mereka melaporkan dan membayarkan kewajiban pajak mereka pada masa sunset policy, mereka tidak akan dikenai sanksi ataupun denda.
Dengan diundurnya / diperpanjangnya batas Sunset Policy, para wajib pajak yang berniat melakukan pembetulan namun tidak sempat, sebuah kesempatan yang bagus untuk melakukannya sekarang juga!
Ingat bahwa saja membayar pajak adalah sebuah kewajiban kita sebagai seorang warga negara! Milikilah NPWP Anda dan laporkan penghasilan Anda sekarang juga!
Maybe you like playing in Game Arenas such as Amazone or TimeZone. And I found this vulnerability in those game arenas.
Different from the article before, this vulnerability may only be found in some game centers of TImeZone / Amazone (Not all vulnerable to this).
When Lebaran Holiday came, my mother suggested my grandma to go to Bandung and Puncak then asked all of my relatives to join us. On the 3rd day of our trip, we arrived in Puncak and go to one factory outlet that is called Brasco or Kampoeng Brasco. I only went there with my aunties, uncle and cousins.
My aunties asked us (me and my cousin) to just wait in a game center called Space Zone. “It will only take a few minutes”, my aunties said. My uncle joined my aunties to buys T-shirts and other things. So, my cousin and I was there, alone.
Ok, so we go around without doing anything (because we had no coin at that time) and just have a chat together. We keep talking and walking until we found two basketball game machines.
When my cousins keep talking, I thought a brilliant idea (because I was fed up with that place). I asked my youngest cousin to push the ball that is inside the web or wall with his small finger and It works! The ball started to move from its place! Here’s the pic:
Okay so now it has been out from its place then, my cousin that really likes basketball take the ball and throw it. So, we have nothing to do (again). So, I asked my cousin to do the same thing that he had done before. So, it was my turn! I shoot it and yeah, we’ve nothing to do (again).
Then, a man with his child played that game. We just looked at them who played it happily 
They played that game for 2 times. After they had no coin anymore, without asking or did anything, my cousin pushed the wall that protects or keep the ball inside and they had one more chance to play it for free!
Wow! They just surprised then play together (without any thanks 
() and when I asked to push the wall again, it didn’t work anymore. I think it’s all because he didn’t push the wall on the right time .
Those vulnerabilities seem won’t work in all TimeZone (but it may work in other location of TimeZone). By the way, here’s the pic of my lovely cousin that helped a lot:
Thanks!
ymm0t
If you received this message on your facebook or myspace inbox : “You look awesome in this new movie, check it out!”, don’t click on anything it provided!! It could be the KoobFace worm / virus. KoobFace come through an e-mail sent by one of your social networking site friends (Facebook or myspace) inviting you to watch a ‘nice’ video.
If you clicked on the URL / link it provided, the web browser will prompt you to download a so called “Adobe Systems Inc’s Flash Player Update”. Therein the facebook / myspace virus (worm) lies.
Once you installed the fake flash player update, your computer will be infected and become a zombie computer that will attempt to infect all your friends in your facebook / myspace friends list.
Facebook posted a notice regarding how to remove / get rid of the Koobface virus (worm) on their security page. They suggested that infected PC use an up-to-date virus scanner, and then reset their Facebook password. Some of the free online virus scanners suggested are Kaspersky, Symantec, McAfee and Microsoft Live OneCare.
Yesterday was a long day. I am the kind of people that do not enjoy shopping very much. Dragged (or even pulled 
) by my girlfriend, and we went to Nagoya Hill Mall.
After a couple of hours of walking (See that, couple of HOURS!!! Geez >.< you know why I hate shopping now? ), feeling bored and so I went to Time Zone (game arena) to see if there’s anything interesting there.
I noticed a group of teenager surrounding a game machine. Felt something amiss, so I walked closer to take a peep look. And this it what I saw :
Fire Fighter TimeZone Game Hacking
Went even closer, and this it what I saw :
Fire Fighter Time Zone Game Hacking
Look at the hand of the guy wearing white shirt and the score board. The score keeps going up when the guy keep holding the censor device. Any player can get the maximum tickets from that machine using this trick.
This Time-Zone Hacking to get maximum tickets from the game machine easily, was tested and working, and only for dummies! Cheers
When talking about ClickJacking, people will first think how to use it to Hijack Web Cam or microphone. Let’s forget about webcam jacking thingies this time. Been thinking of how to use iFrame redressing (ClickJacking) techniques to exploit web application security. Finally my mind lands to a word, which is known as ‘Worm’.
Just like the Click-Jacking style Joomla CMS hijacking. CSRF and Automation are needed to infect blogs, CMS, forums, and etc. Possible? Yes indeed!
Scenario :
- Victim log in to his/her blog, and does not sign out from it.
- Victim visits a malicious site with Click-Jacking, any clicks there will trigger a CSRF attack which will attempt to insert a script into victims blog theme. (Just like Wordpress Theme Editor)
- The script will generate an iFrame containing Click-Jacking
- Now the victim’s blog become a zombie that will attempt to infect all his/her blog’s visitors blog.
Isn’t it lovely? Just a thought . . .
There was a rare fenomena last night in our sky. You could see a smiling sky : A Moon and 2 stars – Scientist said it’s Venus and Jupiter, forming a smiling face in the sky. If you missed it, I give you this :
The Moon Smiles at you
Click The Image to Enlarge
See? Even the sky wants you to smile. Cheers
Here is the Click-jacking Proof Of Concept video made by me. On the video, I show you how to pawn or hack a joomla powered site using click-jacking.
How it works :
- First a victim logged into his Joomla Powered site Administration Control Panel
- He didn’t logged out from the service
- He visited a malicious site
- He clicked on something (anything on the page)
- By the time he clicked, his Joomla Powered site password has been changed without his notice