tag:blogger.com,1999:blog-22172187Sun, 01 Sep 2024 05:43:57 +0000hackslinkssecuritysecurity toolspythoneventsblog newscryptoholidaylyricsrubysecurity guidesvulnerabilitiesarticlesnetwork toolsphphttp://theriyanto.blogspot.com/noreply@blogger.com (Tedi Heriyanto)Blogger82125tag:blogger.com,1999:blog-22172187.post-8879456051826293489Fri, 30 Mar 2007 04:24:00 +00002007-03-30T11:34:09.512+07:00blog newsToday, I am going to leave the IT world and entering another field.Many great things has come to me in the IT world, I also enjoy great relationship with many friends during my days in the IT world. But things change, I am going to pursue another things outside the IT world.I will be entering "silent" mode in blogging. You may not see new blog from me. I will try my best to write a blog entry http://theriyanto.blogspot.com/2007/03/goodbye-it-world.htmlnoreply@blogger.com (Tedi Heriyanto)3tag:blogger.com,1999:blog-22172187.post-932108779982463684Wed, 28 Mar 2007 04:33:00 +00002007-03-28T11:35:15.516+07:00lyricsMany nights we've prayedWith no proof anyone could hearIn our hearts a hopeful songWe barely understoodNow we are not afraidAlthough we know there's much to fearWe were moving mountains longBefore we knew we couldThere can be miracles, when you believeThough hope is frail, it's hard to killWho knows what miracles you can achieveWhen you believe, somehow you willYou will when you believeIn this http://theriyanto.blogspot.com/2007/03/when-you-believe.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-4092267096692220472Wed, 28 Mar 2007 04:22:00 +00002007-03-28T11:33:13.803+07:00lyricsIn the dreams I dreamed as a childI lived my life as a kingMy days were filled with sunshineAnd there was never any painsI will win, I will loseI will live my lifeI will have to make my way on my ownI will win, I will loseI will create my own pathI will play the game of lifeI've had brief moments of joyEndless moments of boredomI've had days full of sunshineI know what pain is...I will win, I http://theriyanto.blogspot.com/2007/03/i-will-win-i-will-lose.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-8149988852725480262Mon, 26 Mar 2007 03:55:00 +00002007-03-26T10:57:12.240+07:00hackssecurity toolsOn March 19, 2007, TrueCrypt version 4.3 is released. There are many new features, improvements and bug fixes in this release, so I think it is the time to upgrade my installation.I downloaded the TrueCrypt package, but they only provide for OpenSUSE 10.2 system. Last time I used the RPM version, it complained about kernel mismatch. But this time it didn't complain.Unfortunately, I already have http://theriyanto.blogspot.com/2007/03/upgrading-truecrypt.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-1644013110510981561Mon, 26 Mar 2007 03:52:00 +00002007-03-26T10:54:07.803+07:00security toolsResearchers at Oxford have built an x86 emulator that runs purely on Java, making it ideal for security researchers who want to analyze and archive viruses, host honeypots and defend themselves against buggy or malicious software without hosing their machines. The JPC also emulates a host of other environments, giving technophiles the ability to play Asteroids and other software that's sat on http://theriyanto.blogspot.com/2007/03/computer-virtualization-in-java.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-7820514193582105119Tue, 20 Mar 2007 02:48:00 +00002007-03-20T12:37:19.606+07:00eventsSaya mengetahui informasi tentang "dibobolnya" situs Presiden SBY melalui sebuah televisi swasta pada hari Sabtu, 17 Maret 2007. Informasi tersebut saya peroleh dari newsline yang berjalan, dengan judul "Situs Presiden SBY di-hack". Detik telah pula menurunkan berita ini dengan judul "Situs Presiden SBY Dibobol".Kemudian saya bertanya kepada beberapa orang rekan mengenai kebenaran berita ini, danhttp://theriyanto.blogspot.com/2007/03/situs-presiden-sby-dibobol.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-8773446659376033944Tue, 20 Mar 2007 02:43:00 +00002007-03-20T09:45:10.128+07:00linksThere are now three RFCs regarding Intrusion Detection :RFC 4765: The Intrusion Detection Message Exchange Format (IDMEF)RFC 4766: Intrusion Detection Message Exchange RequirementsRFC 4767: The Intrusion Detection Exchange Protocol (IDXP)http://theriyanto.blogspot.com/2007/03/intrusion-detection-rfcs.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-5452286531886127208Thu, 15 Mar 2007 07:36:00 +00002008-12-09T23:02:32.928+07:00hacksI have been planning to upgrade my PHP to version 5.2.1 since several weeks ago, but I couldn't find spare time to do that until last night.I upgraded the following packages (libedit is a new install) :# rpm -Uvh php5-5.2.1-15.1.i586.rpm apache2-mod_php5-5.2.1-15.1.i586.rpm php5-gd-5.2.1-15.1.i586.rpm php5-mysql-5.2.1-15.1.i586.rpm php5-zlib-5.2.1-15.1.i586.rpm php5-pdo-5.2.1-15.2.i586.rpm http://theriyanto.blogspot.com/2007/03/upgrading-php-to-php-52x.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-8054524947461061616Thu, 15 Mar 2007 03:04:00 +00002007-03-15T10:08:17.518+07:00linksA University of Washington researchers Kris Erickson and Philip Howard have an interesting new paper out, "A Case of Mistaken Identity? News Accounts of Hacker and Organizational Responsibility for Compromised Digital Records, 1980–2006." This is a great survey of the dramatic explosion in reports of breaches. A couple of great quotes: One important outcome of the legislation is improved http://theriyanto.blogspot.com/2007/03/paper-case-of-mistaken-identity.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-8461504243232959809Tue, 13 Mar 2007 09:00:00 +00002008-12-09T23:02:33.434+07:00hacksIf you want to run a Linux system on Windows platform but you don't want to deal with partitioning and formatting the harddisk, fortunately you can do so with QEMU.Here is an official information about QEMU : QEMU is a generic and open source machine emulator and virtualizer. When used as a machine emulator, QEMU can run OSes and programs made for one machine (e.g. an ARM board) on a different http://theriyanto.blogspot.com/2007/03/running-linux-system-on-windows.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-9050125196180909035Tue, 13 Mar 2007 06:55:00 +00002007-03-13T14:07:03.793+07:00eventsPresentations and whitepapers of BlackHat DC 2007 are now available.You can find them here.Don't forget to download several presentations that have made news lately :- Practical 10 Minute Security Audit: The Oracle Case- Data Seepage: How to Give Attackers a Roadmap to Your Network- Beyond The CPU: Defeating Hardware Based RAM Acquisition Tools (Part I: AMD case)- Danger From Below: The Untold http://theriyanto.blogspot.com/2007/03/blackhat-dc-2007-presentations.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-6450675224594417441Fri, 09 Mar 2007 05:37:00 +00002007-03-09T12:40:18.831+07:00eventsI've uploaded several pictures taken by Pak Marsel during the Information Security Awareness Day (March 7, 2007) at BPPT building.You can view the pictures here.Enjoy the view.http://theriyanto.blogspot.com/2007/03/pictures-from-information-security.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-1287660358760731216Fri, 09 Mar 2007 02:02:00 +00002007-03-09T12:32:44.662+07:00linkssecurityFrom ZDNet :For years, we've been convinced by companies like Komoku and BBN Technologies that hardware-based RAM acquisition is the most reliable and secure way to sniff out the presence of a sophisticated rootkit on a compromised machine.Joanna Rutkowska, a security researcher at COSEINC Malware Labs, an elite hacker who specializes in offensive rootkit research, has found several ways to http://theriyanto.blogspot.com/2007/03/hardware-based-rootkit-detection-proven.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-7813781411456852060Thu, 08 Mar 2007 02:54:00 +00002007-03-08T10:19:03.730+07:00network toolsYesterday, a friend of mine, under the name of "Olyx", inform me about a cool networking tool called Netkit. At that time, he didn't give much information about it. He just gave me the information about Netkit.After arrive home from a meeting, I read the Netkit introduction document. Finally, I figured-out that Netkit is a tool to create computer networking environment. Netkit is using User Mode http://theriyanto.blogspot.com/2007/03/experiment-computer-networking-using.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-691987810172875900Tue, 06 Mar 2007 08:16:00 +00002007-03-06T15:28:57.343+07:00linksSymantec has released the first three of six technical research papers evaluating Windows Vista security components.The research papers cover a range of Vista security mechanisms in-depth, from its Address Space Layout Randomization (ASLR) technology designed to thwart heap overflows and certain malware attack methods, to buffer overflow protection in Vista's Visual Studio C++ compiler and an http://theriyanto.blogspot.com/2007/03/vista-research-papers.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-2357927245106762382Tue, 06 Mar 2007 02:11:00 +00002007-03-06T15:24:54.125+07:00linksFrom DarkReading :Enterprises are leaking an increasing amount of data from the inside, and they aren't sure what to do about it. Those are the conclusions of two new studies -- one from the Ponemon Institute and one from Enterprise Strategy Group -- being published today. Both of the reports suggest that enterprises should be shifting their security attention from the outside to the inside. Thehttp://theriyanto.blogspot.com/2007/03/threats-from-within.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-8838494501590860109Tue, 06 Mar 2007 02:03:00 +00002007-03-06T15:25:39.396+07:00security toolsDavid Maynor from Errata Security has just released a tool called Ferret for data seepage at BlackHat DC 2007.According to the Ferret's page, data seepage are bits of benign data that people willingly broadcast to the world (as opposed to "leakage", which is data people want to hide from the world).Examples of data seepage is what happens when you power-on your computer. It will broadcast to the http://theriyanto.blogspot.com/2007/03/ferret-data-seepage-tool.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-2730835136265017931Fri, 02 Mar 2007 03:21:00 +00002007-03-06T15:26:22.147+07:00vulnerabilitiesStarting from March 1, 2007, the Month of PHP Bugs has begun. Here is an excerpt about this project : This initiative is an effort to improve the security of PHP. However we will not concentrate on problems in the PHP language that might result in insecure PHP applications, but on security vulnerabilities in the PHP core. During March 2007 oldhttp://theriyanto.blogspot.com/2007/03/mopb-has-begun.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-3777880466432677889Thu, 01 Mar 2007 03:08:00 +00002007-03-06T15:27:06.603+07:00security toolsIf you want to learn security by doing the actual "hacking", there is a good news for you.Thorsten Schneider of the International Institute for Training, Assessment, and Certification (IITAC) and Secure Software Engineering (S²e) in cooperation with Kryshaam from the French Reverse Engineering Team has released Damn Vulnerable Linux (DVL).Here is the description about DVL : Damn Vulnerable Linux http://theriyanto.blogspot.com/2007/03/learning-security-using.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-8236339129840485009Thu, 01 Mar 2007 02:48:00 +00002007-03-06T15:28:01.493+07:00security toolspdp has designed a new tool to steal browser history, it's called Noscript HScan. The interesting thing about this tool is it doesn't need Javascript to be turn-on.Up until now we thought that by disabling Javascript, we'll be safe. But apparently, that's no longer sufficient, now we need to disable CSS too. :Dhttp://theriyanto.blogspot.com/2007/03/tool-to-steal-browser-history.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-1343063201345386423Wed, 28 Feb 2007 04:03:00 +00002007-02-28T11:23:33.133+07:00linksI read a blog posting by Ed Finkler "Do Open Source Devs Get Web App Security? Does Anybody?".In it he described disturbing statements contained in one of Open Source Content Management System :A colleague of mine who is dealing with Plone, a CMS system built atop Zope, pointed me to a rather disturbing documents in the Plone Documentation system, one that I feel is indicative of a much larger http://theriyanto.blogspot.com/2007/02/open-source-web-app-security.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-4356643462519707047Fri, 23 Feb 2007 06:08:00 +00002007-02-23T13:11:30.917+07:00security guidesI just found out that OWASP has released "The OWASP Testing Guide v2" on February 10, 2007.You can read the guide online at Testing Guide v2 Wiki or you can download it in PDF format.http://theriyanto.blogspot.com/2007/02/owasp-testing-guide-v2-is-now-published.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-3794506326000252602Fri, 23 Feb 2007 05:09:00 +00002007-02-23T12:14:25.183+07:00security toolsTenable has released Nessus 3.1.2 for Linux, FreeBSD and Solaris which is a beta version of the upcoming Nessus 3.2.Nessus 3.2 contains the following new features :- Experimental IPv6 support- Improved bandwidth throttling- Extended nessusd.rules to add support for ports and plugins- New command 'nessuscmd' which lets you do a quick command-line scan- Improved NASL engine- Easy-update : Nessus http://theriyanto.blogspot.com/2007/02/nessus-32-beta-available-for-testing.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-4612358653857097768Thu, 22 Feb 2007 09:16:00 +00002007-02-22T16:18:57.386+07:00linkssecurity guidesNIST have released a new publication (SP800-94) that covers just about everything you can think of when it comes to IDS and IPS. The report is titled "Guide to Intrusion Detection and Prevention Systems (IDPS)".http://theriyanto.blogspot.com/2007/02/nist-publication-on-ids-and-ips.htmlnoreply@blogger.com (Tedi Heriyanto)0tag:blogger.com,1999:blog-22172187.post-5203621439719795737Thu, 22 Feb 2007 05:12:00 +00002007-02-22T12:16:45.176+07:00articleslinksDheera Venkatraman has published an article describing how to attack blurring image to conceal information.In the article, he describes :Undoubtedly you have all seen photographs of people on TV and online who have been blurred to hide faces.For the most part this is all fine with peoples' faces as there isn't a convenient way to reverse the blur back into a photo so detailed that you can http://theriyanto.blogspot.com/2007/02/why-blurring-sensitive-information-is.htmlnoreply@blogger.com (Tedi Heriyanto)0