Zoiz Blog

Just now when I was looking for a cool SiteMap generator, I found this XML-SiteMaps.com. It’s cool enough with it’s nice interface, and so I submitted my site URL (Not http://zoiz.web.id). And of course clicking on the Start button, and so the crawler start doing it’s jobs. A minute later, the XML SiteMap output was generated. And I submitted it to Google Webmasters Tools.

So where is the Denial Of Service part? Aha! Sorry to keep you read all the nonsenses above But did you notice something interesting in my story? If you don’t maybe I can share you mine. Crawling a site cost more process usage. So the point is, if you can find CSFR (Cross Site Request Forgery) on a SiteMap Generator Site and write an automated script requesting numerous crawl on a victim site will give the victim system a hard punch (drain it’s resources). The result is the same as Denial Of Service.

Original Idea By : Zoiz [at] HackingForte.org

Well it’s true that I found a critical vulnerability on WPThemesFree.com. I intended to report this vulnerability though, but never wonder that Mr. David (the owner of WPThemesFree.com) contacted me first on 16 November 2007. Maybe my friend reported to him. I am not sure.

In one of the email he asked me to work for his site security, well actually I am quite happy about that, although I am not sure that I am qualified or not I’ll try my best though.

In the emails with him, I told him (Mr.David) what were the problems. Thankfully all bugs were fixed. And yesterday I emailed him again and report some bugs, and it’s fixed today. Cheers to him! Cool And I am now working on another threat.

Thanks

Zoiz
http://zoiz.web.id

Hi there. Welcome with me again. It’s been a long time since I wrote my last article here. And I only wrote one single tutorial about registry. Now I’m going to give you tips for making a good password. Only ten. Next time I’ll write more. Enjoy.

1. Make a password with 8 characters or more. The longer you make more harder to crack. But don’€™t forget it!
2. And don’€™t write it in a sheet of paper. Maybe you want to use your own code, but you may forget the way you should read it?
3. Make a password with combination of all alphanumeric characters (letters and numbers). With case-sensitive password is recommended. If allowed and you’€™re too extreme, use symbols. I know Zoiz is too extreme (using alt+xxx )
4. Don’€™t use typical words you might find in your dictionary or a dictionary-attack word index file. The words like, “€œadministrator”€, “€œdefault”€, etc.
5. Don’€™t use these lazy combinations: “€œzxcvbnm”, “€œzcxvbn”€, “€œasdfgf”€, “€œqwerty”, “€œabcde12345″³ etc.; you know what I mean. If you’€™re too extreme, use a password generator.
6. Don’€™t use the same password for each of your accounts (gosh, I’€™m not to doing this either hee-hee).
7. Don’€™t tell anybody your passwords (tha’€™s obvious, you know, unless your parents highly insist it, because I’m not teaching people to disobey their parents)!
8. Don’€™t use a person, a company, or a pet typical names for your password or recovery questions.
9. If you think you don’€™t need recovery questions anyway, just input bullshits around.
10. Well you may use a unsual words in English, but as I say in point 3, don’€™t just “€œpneumonoultramicroscopicsilicovulcanocaniosis”€.

GreetZ

Cl4551C4G3163N

Posted on http://zoiz.web.id

This article is written as my Thuer (Ren) reguested. Hope this to be useful for you all.

1. Password
Ever saw this : “You must remember your Password. We can’t retrieve it for you because it’s Encrypted with MD5 (or SHA1, etc) ”

Don’t believe that dude. Given to the processing speed of computers nowadays, cracking a MD5 password is not that hard though (Ex : Rainbow Table). But there’s way to protecting yourself though. Read tips below :

Read the rest of this entry »