Zoiz Blog

If you received this message on your facebook or myspace inbox : “You look awesome in this new movie, check it out!”, don’t click on anything it provided!! It could be the KoobFace worm / virus. KoobFace come through an e-mail sent by one of your social networking site friends (Facebook or myspace) inviting you to watch a ‘nice’ video.

If you clicked on the URL / link it provided, the web browser will prompt you to download a so called “Adobe Systems Inc’s Flash Player Update”. Therein the facebook / myspace virus (worm) lies.

Once you installed the fake flash player update, your computer will be infected and become a zombie computer that will attempt to infect all your friends in your facebook / myspace friends list.

Facebook posted a notice regarding how to remove / get rid of the Koobface virus (worm) on their security page. They suggested that infected PC use an up-to-date virus scanner, and then reset their Facebook password. Some of the free online virus scanners suggested are Kaspersky, Symantec, McAfee and Microsoft Live OneCare.

Been pissed off several weeks, until my blog is UP few days ago. A long story to be told. Moved hosting server several times and can’t get my domain added. Traffic went down drastically, people are running away, less than 50 visitors a day, that’s what I’ve been through.

Well enough for the sad thingies. I am very happy to announce that there is a site for you guys to test your hacking skills LEGALLY !! Don’t worry, it’s 100% legal, the site is mine

Your mission is to take out 3 hidden pictures stored on this server, and email me to see if you got the correct one. It’s not a hard task tough, I estimated people can own it within an hour. Just take it as a challenge

Here is the Challenge site : http://www.sekuriti.info/challenge/

Tell me your progress and let me know if you have beaten it!

WINNERS :

1. Tukimin, Singapore. 30 November 2008.

The Indonesian Hacking & Security Conference. Make sure you are here!

While I am not sure whether the ‘ClickJacking Proof of Concept’s video below is the ClickJacking technique that RSnake and Jeremiah Grossman mentioned, but I am very sure you might interested with the Youtube Video of Webcam ClickJacked below (The Video PoC by Guy Aharonovsky) :

Read the rest of this entry »

Every morning, I’d open ha.ckers.org to see if there’s anything new. But this morning I was a little bit shocked when I opened it. It displayed a Wordpress Database Connection Error. What is happening? I don’t know. Hope RSnake will fix this soon Here is the screenshot :

This Might Be The Biggest Ever Zero Day Vulnerabilities Reported in Indonesia From the View of it’s Impact.

Register.net.id is a .id domain registrar of Indonesia. It provided Indonesia webmasters domains at affordable prices (But I got this domain for FREE – promotion period only!! ). Since it’s a domain registrar site, so it can be considered as a very important site in Indonesia. It serves webmasters in Indonesia for their .id domains need with approximately more than 40.000 active domains, which is a huge number.

One of the term to apply a .id domain is that user must upload his/her personal information thingie like Personal Identity Card, NPWP, SIUP, SITU, etc. Depend on what kind of TLD he/she wanted. For example, to request a .web.id domain, an user must upload his/her Personal Identity Card (KTP). And so are other kinds of TLD. Read the rest of this entry »

The picture below is from one of RSnake blog visitors. Something happened when he was viewing his emails on Yahoo mail. The Avast Anti Virus prompt a trojan horse warning when he was simply viewing Yahoo Mail. It’s been becoming a trend using paid ads to spread trojan horses. You can call it “Paid to Spread” trojans. Here is the screenshot taken from RSnake blog :

Click to Enlarge

This hack ever hit FaceBook before. But I think this kind of thing may be the beginning of a epidemic. This maybe one of the reasons why you can not trust third party Javascript on your site, which included Advertisement.

This could become a massive vulnerability since many sites or blogs out there allow user to post image on their article’s comment. As my small research, I found out that we could launch a HTML Injection, XSS and even CSRF attack to sites that vulnerable to this. Here is the PoC :

Read the rest of this entry »

After hanging on a freehosting service for 7 months, finally my blog move to a paid hosting. And of course it’s faster and better. The reason why I move my blog is that recently, almost all local DNS’ couldn’t resolve my domain name, thus cause a server not found error. But  non Indonesia visitors are not affected. Now my blog can be accessed from anywhere without any problems (I hope )

I also changed my theme to this current theme (Blue Glow by NET-TEC) , downloaded from WPThemesFree.com, one of the best and largest Free Wordpress Theme site.

Jeremiah Grossman the Chief Technology Officer of WhiteHat Security officially announce the Top 10 Web Hacks 2007 polls result(s). Here is the list(s):

Read the rest of this entry »