tag:blogger.com,1999:blog-221721872024-03-13T09:15:18.867+07:00My Ideas, Thoughts, Hacks, BookmarksTedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.comBlogger82125tag:blogger.com,1999:blog-22172187.post-88794560518262934892007-03-30T11:24:00.000+07:002007-03-30T11:34:09.512+07:00Goodbye IT World !Today, I am going to leave the IT world and entering another field.Many great things has come to me in the IT world, I also enjoy great relationship with many friends during my days in the IT world. But things change, I am going to pursue another things outside the IT world.I will be entering "silent" mode in blogging. You may not see new blog from me. I will try my best to write a blog entry Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com3tag:blogger.com,1999:blog-22172187.post-9321087799824636842007-03-28T11:33:00.000+07:002007-03-28T11:35:15.516+07:00When You BelieveMany nights we've prayedWith no proof anyone could hearIn our hearts a hopeful songWe barely understoodNow we are not afraidAlthough we know there's much to fearWe were moving mountains longBefore we knew we couldThere can be miracles, when you believeThough hope is frail, it's hard to killWho knows what miracles you can achieveWhen you believe, somehow you willYou will when you believeIn this Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-40922670966922204722007-03-28T11:22:00.000+07:002007-03-28T11:33:13.803+07:00I Will Win, I Will LoseIn the dreams I dreamed as a childI lived my life as a kingMy days were filled with sunshineAnd there was never any painsI will win, I will loseI will live my lifeI will have to make my way on my ownI will win, I will loseI will create my own pathI will play the game of lifeI've had brief moments of joyEndless moments of boredomI've had days full of sunshineI know what pain is...I will win, I Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-81499888527254802622007-03-26T10:55:00.000+07:002007-03-26T10:57:12.240+07:00Upgrading TrueCryptOn March 19, 2007, TrueCrypt version 4.3 is released. There are many new features, improvements and bug fixes in this release, so I think it is the time to upgrade my installation.I downloaded the TrueCrypt package, but they only provide for OpenSUSE 10.2 system. Last time I used the RPM version, it complained about kernel mismatch. But this time it didn't complain.Unfortunately, I already have Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-16440131105109815612007-03-26T10:52:00.000+07:002007-03-26T10:54:07.803+07:00Computer Virtualization in JavaResearchers at Oxford have built an x86 emulator that runs purely on Java, making it ideal for security researchers who want to analyze and archive viruses, host honeypots and defend themselves against buggy or malicious software without hosing their machines. The JPC also emulates a host of other environments, giving technophiles the ability to play Asteroids and other software that's sat on Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-78205141935821051192007-03-20T09:48:00.000+07:002007-03-20T12:37:19.606+07:00Situs Presiden SBY "Dibobol" ?Saya mengetahui informasi tentang "dibobolnya" situs Presiden SBY melalui sebuah televisi swasta pada hari Sabtu, 17 Maret 2007. Informasi tersebut saya peroleh dari newsline yang berjalan, dengan judul "Situs Presiden SBY di-hack". Detik telah pula menurunkan berita ini dengan judul "Situs Presiden SBY Dibobol".Kemudian saya bertanya kepada beberapa orang rekan mengenai kebenaran berita ini, danTedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-87734466593760339442007-03-20T09:43:00.000+07:002007-03-20T09:45:10.128+07:00Intrusion Detection RFCsThere are now three RFCs regarding Intrusion Detection :RFC 4765: The Intrusion Detection Message Exchange Format (IDMEF)RFC 4766: Intrusion Detection Message Exchange RequirementsRFC 4767: The Intrusion Detection Exchange Protocol (IDXP)Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-54522865318861272082007-03-15T14:36:00.000+07:002008-12-09T23:02:32.928+07:00Upgrading to PHP 5.2.xI have been planning to upgrade my PHP to version 5.2.1 since several weeks ago, but I couldn't find spare time to do that until last night.I upgraded the following packages (libedit is a new install) :# rpm -Uvh php5-5.2.1-15.1.i586.rpm apache2-mod_php5-5.2.1-15.1.i586.rpm php5-gd-5.2.1-15.1.i586.rpm php5-mysql-5.2.1-15.1.i586.rpm php5-zlib-5.2.1-15.1.i586.rpm php5-pdo-5.2.1-15.2.i586.rpm Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-80545249474610616162007-03-15T10:04:00.000+07:002007-03-15T10:08:17.518+07:00Paper : Case of Mistaken IdentityA University of Washington researchers Kris Erickson and Philip Howard have an interesting new paper out, "A Case of Mistaken Identity? News Accounts of Hacker and Organizational Responsibility for Compromised Digital Records, 1980–2006." This is a great survey of the dramatic explosion in reports of breaches. A couple of great quotes: One important outcome of the legislation is improved Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-84615042432329598092007-03-13T16:00:00.000+07:002008-12-09T23:02:33.434+07:00Running A Linux System on A Windows MachineIf you want to run a Linux system on Windows platform but you don't want to deal with partitioning and formatting the harddisk, fortunately you can do so with QEMU.Here is an official information about QEMU : QEMU is a generic and open source machine emulator and virtualizer. When used as a machine emulator, QEMU can run OSes and programs made for one machine (e.g. an ARM board) on a different Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-90501251961809090352007-03-13T13:55:00.000+07:002007-03-13T14:07:03.793+07:00BlackHat DC 2007 PresentationsPresentations and whitepapers of BlackHat DC 2007 are now available.You can find them here.Don't forget to download several presentations that have made news lately :- Practical 10 Minute Security Audit: The Oracle Case- Data Seepage: How to Give Attackers a Roadmap to Your Network- Beyond The CPU: Defeating Hardware Based RAM Acquisition Tools (Part I: AMD case)- Danger From Below: The Untold Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-64506752245944174412007-03-09T12:37:00.000+07:002007-03-09T12:40:18.831+07:00Pictures from Information Security Awareness Day 2007I've uploaded several pictures taken by Pak Marsel during the Information Security Awareness Day (March 7, 2007) at BPPT building.You can view the pictures here.Enjoy the view.Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-12876603587607312162007-03-09T09:02:00.000+07:002007-03-09T12:32:44.662+07:00Hardware-based rootkit detection proven unreliableFrom ZDNet :For years, we've been convinced by companies like Komoku and BBN Technologies that hardware-based RAM acquisition is the most reliable and secure way to sniff out the presence of a sophisticated rootkit on a compromised machine.Joanna Rutkowska, a security researcher at COSEINC Malware Labs, an elite hacker who specializes in offensive rootkit research, has found several ways to Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-78137814114568520602007-03-08T09:54:00.000+07:002007-03-08T10:19:03.730+07:00Experiment Computer Networking using NetkitYesterday, a friend of mine, under the name of "Olyx", inform me about a cool networking tool called Netkit. At that time, he didn't give much information about it. He just gave me the information about Netkit.After arrive home from a meeting, I read the Netkit introduction document. Finally, I figured-out that Netkit is a tool to create computer networking environment. Netkit is using User Mode Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-6919878101728759002007-03-06T15:16:00.000+07:002007-03-06T15:28:57.343+07:00Vista Research PapersSymantec has released the first three of six technical research papers evaluating Windows Vista security components.The research papers cover a range of Vista security mechanisms in-depth, from its Address Space Layout Randomization (ASLR) technology designed to thwart heap overflows and certain malware attack methods, to buffer overflow protection in Vista's Visual Studio C++ compiler and an Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-23579272451067623822007-03-06T09:11:00.000+07:002007-03-06T15:24:54.125+07:00Threats from WithinFrom DarkReading :Enterprises are leaking an increasing amount of data from the inside, and they aren't sure what to do about it. Those are the conclusions of two new studies -- one from the Ponemon Institute and one from Enterprise Strategy Group -- being published today. Both of the reports suggest that enterprises should be shifting their security attention from the outside to the inside. TheTedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-88384945015908601092007-03-06T09:03:00.000+07:002007-03-06T15:25:39.396+07:00Ferret : A Data Seepage ToolDavid Maynor from Errata Security has just released a tool called Ferret for data seepage at BlackHat DC 2007.According to the Ferret's page, data seepage are bits of benign data that people willingly broadcast to the world (as opposed to "leakage", which is data people want to hide from the world).Examples of data seepage is what happens when you power-on your computer. It will broadcast to the Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-27308351362650179312007-03-02T10:21:00.000+07:002007-03-06T15:26:22.147+07:00MOPB Has BegunStarting from March 1, 2007, the Month of PHP Bugs has begun. Here is an excerpt about this project : This initiative is an effort to improve the security of PHP. However we will not concentrate on problems in the PHP language that might result in insecure PHP applications, but on security vulnerabilities in the PHP core. During March 2007 oldTedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-37778804664326778892007-03-01T10:08:00.000+07:002007-03-06T15:27:06.603+07:00Learning Security using DamnVulnerableLinuxIf you want to learn security by doing the actual "hacking", there is a good news for you.Thorsten Schneider of the International Institute for Training, Assessment, and Certification (IITAC) and Secure Software Engineering (S²e) in cooperation with Kryshaam from the French Reverse Engineering Team has released Damn Vulnerable Linux (DVL).Here is the description about DVL : Damn Vulnerable Linux Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-82363391298404850092007-03-01T09:48:00.000+07:002007-03-06T15:28:01.493+07:00Tool to Steal Browser Historypdp has designed a new tool to steal browser history, it's called Noscript HScan. The interesting thing about this tool is it doesn't need Javascript to be turn-on.Up until now we thought that by disabling Javascript, we'll be safe. But apparently, that's no longer sufficient, now we need to disable CSS too. :DTedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-13430632013453864232007-02-28T11:03:00.000+07:002007-02-28T11:23:33.133+07:00Open Source Web App SecurityI read a blog posting by Ed Finkler "Do Open Source Devs Get Web App Security? Does Anybody?".In it he described disturbing statements contained in one of Open Source Content Management System :A colleague of mine who is dealing with Plone, a CMS system built atop Zope, pointed me to a rather disturbing documents in the Plone Documentation system, one that I feel is indicative of a much larger Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-43566434625197070472007-02-23T13:08:00.000+07:002007-02-23T13:11:30.917+07:00The OWASP Testing Guide v2 is now publishedI just found out that OWASP has released "The OWASP Testing Guide v2" on February 10, 2007.You can read the guide online at Testing Guide v2 Wiki or you can download it in PDF format.Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-37945063260002526022007-02-23T12:09:00.000+07:002007-02-23T12:14:25.183+07:00Nessus 3.2 beta available for testingTenable has released Nessus 3.1.2 for Linux, FreeBSD and Solaris which is a beta version of the upcoming Nessus 3.2.Nessus 3.2 contains the following new features :- Experimental IPv6 support- Improved bandwidth throttling- Extended nessusd.rules to add support for ports and plugins- New command 'nessuscmd' which lets you do a quick command-line scan- Improved NASL engine- Easy-update : Nessus Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-46123586538570977682007-02-22T16:16:00.000+07:002007-02-22T16:18:57.386+07:00NIST Publication on IDS and IPS technologyNIST have released a new publication (SP800-94) that covers just about everything you can think of when it comes to IDS and IPS. The report is titled "Guide to Intrusion Detection and Prevention Systems (IDPS)".Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0tag:blogger.com,1999:blog-22172187.post-52036214397197957372007-02-22T12:12:00.000+07:002007-02-22T12:16:45.176+07:00Why blurring sensitive information is a bad ideaDheera Venkatraman has published an article describing how to attack blurring image to conceal information.In the article, he describes :Undoubtedly you have all seen photographs of people on TV and online who have been blurred to hide faces.For the most part this is all fine with peoples' faces as there isn't a convenient way to reverse the blur back into a photo so detailed that you can Tedi Heriyantohttp://www.blogger.com/profile/13493962780755247716noreply@blogger.com0