Paul Ooi

Category: Work

  • Best Security Conference in Kuala Lumpur, Malaysia!

    I can’t wait to blog this…I just (got) back home from Hack In The Box Post Conference Party at the top of Menara Kuala Lumpur.

    Special thank(s) to Hack In The Box for organising the best security conference happened in Kuala Lumpur, Malaysia. If you ever want to attend a world class security conference, you might need to spend few thousand ringgit flying all the way to state (the) US. I still wonder why there are people still think(ing) that RM450 is expensive. Even my company superior also said that (the) price is expensive (and) ask(ed) me go for others trainings/conferences which are free. By the way, I paid RM1800 myself to attend the training + conference and being (was also part of) the crew for HITB. Few speakers pointed (out) that at the price of USD120 is extremely cheap. Usually it’s from the minumum price of USD200 and above. Furthermore, all the speakers invited by HITB have a very good/high profile(s) in international conferences.

    Trust me, beside the conference (proper), you are meeting cool people/dude(s) (from) around the world. The cool don’t doesn’t stand for just acting cool or wear dressing cool. What they (have done) did in their career is extremely “cool”!!! The speakers are from different background(s) but all the papers they presented are were related to security in network, application and data.

    But I believe that they (there) are a lot of company(ies), who provides IT services in our country, (that) are not concern(ed) on (with) application security and network security. That is why TMNet Netmyne/streamyx are always having(e) downtimesss, or our government/business websites/portal are defaced/hacked.

    Most of the IT/Security conferences happened in Malaysia are suck (I mentioned in MOST but NOT ALL). They are presenting vendor’s products, show you the dumb shit (like) how to use the commercial products and selling (it) at very high price(s). HITB conference is totally different. They The creator(s) show you their tools/applications, methodologies and codes. I (am thinking) have think of atten(ding) Zend/PHP Conference & Expo 2005, International PHP Conference and etc, but it’s way too expensive to fly there for the conference.

    Overall, we got (had a) big crowd attent(ding) the conference and the respond(se) is (was) overwhelming. Bravo to (the) HITB team effort and hope to meet the speakers again next year.

    Backstage: Eggman was drunk! Why??? He asked one of the MSIE engineer: “Tell me why you are using Microsoft???”… LoL, I hope safely drive back home…

    After all (that)…here are the pictures 😉


    HITB Post Conf Party


    HITB crew from MMU


    Joanna from Invisible Things


    Jimmy from FRA


    Rob Franco – IE Lead Manager, he can drink a cup of beer in 3 second(s) :d


    Fyodor from o0o


    Dave Aitel from Immunity Inc


    Alphademon


    Martin – security consultant


    Meder from o0o


    Spoonfork


    Grugq from Digital CSI


    Tony from Microsoft IE.


    Zubair



    KL View


    KLCC and Public Bank

  • I am certified

    After 2 days Hack In The Box Web Application – Attacks and Defense training, now I am certified 🙂 But I didn’t know how to hack people website.. LoL.. Sound like wasted RM1800.

    Haha, by the way, the purpose of attending the training is not gain knowledge to hack people website but gain knowledge on implementing secure application and secure coding.

    I will try to penetrate my own developed application. Sure easily HACKED I THINK 😛 May be can try penetrate Word Press and contribute to them huh? Hehe..

    Have been busy for the pass 2 days, and will busy on tomorrow and thursday for the conf.


    Certified 🙂 Crew tag and Participant tag on Hack In The Box event.


    They given me a cool name in the crew tag list, which is PAUL DDI… Phew.. Luckily not Paul 001

  • Hack In The Box Conference

    Last call to Hack In The Box Conference, Kuala Lumpur, Malaysia 2005. It’s on tomorrow 28th and 29th September 2005! What you will see tomorrow?

    HITB Conference
    KEYNOTE SPEAKER – Tony Chor
    (Group Program Manager, Microsoft Internet Explorer, Microsoft Corporation)
    Presentation Title: Internet Explorer Security: Past, Present and Future
    Microsoft’s Internet Explorer team is on the frontline of the battle to protect users from malware and social attacks. Tony Chor will outline threats to secure browsing, discuss Microsoft’s response with Internet Explorer for Windows XP SP2, and detail the implementation of safety features in the upcoming Internet Explorer 7.0, such as the Phishing Filter and Protected Mode (the feature formerly known as Low Rights IE).

    About Tony:
    Tony Chor is the Group Program Manager of the Microsoft’s Internet Explorer team. He is responsible for leading the IE team’s security response as well as for driving the design, development, and release of new versions of IE including IE 6 in XP SP2 and IE 7 for XP and Windows Vista.

    Tony is a fifteen year veteran of Microsoft and has worked on a variety of projects including digital imaging in Windows Vista, MSN Explorer, Works, Encarta Online, Bookshelf, Picture It!, and Golf. He holds a B.S. in Computer Science from Stanford University.

    KEYNOTE SPEAKER – Mikko Hypponen
    (Chief Research Officer, F-Secure Corp.)
    Presentation Title: Mobile Malware
    The first real viruses infecting mobile phones were found during late 2004. Since then, dozens of different viruses and Trojans – including cases like Commwarrior, Lasco and Skulls – have been found. Mobile phone viruses use totally new spreading vectors such as Multimedia messages and Bluetooth.

    How exactly do these mobile viruses work? We’ll have a look at their code and discuss what factors affect their spreading speeds. Virus writers have always been trying to attack new platforms. What draws them now towards the mobile phone? Are phones as a platform simply widespread enough, or is the possibility of making easy money via phone billing systems driving this development? Where are we now and what can we expect to see in the Mobile Malware of the future?

    About Mikko:

    Mr. Mikko Hypponen is the Chief Research Officer at F-Secure Corp. He has been analysing viruses since 1991. He has consulted several high-profile organizations on computer security issues, including IBM, Microsoft, FBI, US Secret Service, Interpol and the Scotland Yard. Mr. Hypponen (35) led the team that infiltrated the Slapper worm attack network in 2002, took down the world-wide network used by the Sobig.F worm in 2003 and was the first to warn the world about the Sasser outbreak in 2004.

    Mr. Hypponen and his team has been profiled by Wall Street Journal, Vanity Fair, New York Times and Newsweek. He has been an invited member of CARO (the Computer Anti-Virus Researchers Organization) since 1995.

    Apart from computer security issues, Mr. Hypponen enjoys collecting and restoring classic arcade video games and pinball machines from past decades. He lives with his family, and a small moose community, on an island near Helsinki.

    Click here for list of speakers

    CAPTURE THE FLAG (CTF) Hacking Game
    You have heard about Counter Strike game but have you heard about Hacking Game? What is CTF Games? CTF is a game attempts to test a security administrator’s ability to secure a complex system with unknown but required functionality.

    While this task seems rather odd, this is similar to a day job as a security consultant:

    a customer has a large dot.com site, they don t know what it does (the IT staff have all left), and they want it to be secure. And don’t turn it off, there is live traffic running on it. The HITBSecConf CtF game models this situation as follows:

    · Players are provided with a table, one 5-point power outlet, and one Ethernet connection.
    · Players get a class-C network address space, and all traffic coming to the player s connection is reverse-NAT’d so that the source of traffic cannot be identified. This eliminates the obvious defence of filtering all traffic from other teams using a simple firewall.
    · Players are handed a reference system at the beginning of the game. The reference system is guaranteed to provide all the Services required by the Score Server. The Flags which the Score Server is looking for have already been implanted in each team’s reference system. This becomes the Home Flag of the team.
    · The actual Services required by the Score Server are secret, and subject to change throughout game play.
    · The reference system is riddled with security vulnerabilities, and may possibly include vulnerable Services, such as telnet and FTP.
    · To score a home point, a team’s server must fully satisfy the Score Server’s requested interactions, and the team’s Flag must be intact on their server.
    · To score an own3d point, the Score Server must be fully satisfied with the Services on other team’s server, the attacking team’s Flag must be present on other team s server, and the attacking team’s server must also be fully functional. This is to prevent a team from deploying only attackers, and not bothering to defend.
    · To discourage DoS attacks and lazy bulk scanning, each team is charged a penalty for bandwidth coming from their connection. This penalty may include temporary disconnection from the network and thus the loss of home points as the Score Server will not be able to score the team.

    For more info of HITB CTF Game

    Zone-H Hacking Challenge
    Zone-H in colaboration with the Hack in The Box crew will organize a web-based hackgame at HITBSecConf2005 in which participants will be challenged to try to beat the hackgame in the shortest possible time. The hackgame rules are fairly simple. There is a central server offering an online hackgame which is developed along three different levels. The three levels are of increasing difficulty, all of them can be beaten just using a simple web browser so there will be no need to bring your own exploits or your own laptop. Each participant has a limited amount of time to beat all three levels; upon completion of each level a separate scoring mechanism will assign to the participant some points based on a time-mission scheme.

    Open-Hack sponsored by VIA Technologies
    The game is simple. There will be 4 notebooks configured. Each notebook will be installed with Windows XP and setup as a stand-alone machine (no Local Area Network or Internet Access). There will be a virtual drive created with a passkey. A target document will be placed on this virtual drive. To win, a participant must be able to retrieve the stored document from the virtual drive and decrypt the contents within. Each participant will have a maximum time allocation of 60-minutes per attempt. You have unlimited attempts over the 2-day period. Be the first person to successfully defeat the PadLock system and you could walk away with some brand new IT gear worth USD5,000!!!

    — Beside all that, you can meet the experience security consultants and hackers around the world, which you can’t meet in PC Fair 😛

  • Get your own Domain Name from Yahoo

    Do you have your own domain name? If yes then how many domain name do you own?? Some people might own 20-30 domain name or may be more. If you don’t have your own domain name, try to get for yourself now. But how to get it?

    (more…)

  • Microsoft plans to outsource more, says ex-worker

    Microsoft is on track to outsource more than 1,000 jobs a year to China, according to blistering evidence released yesterday in Microsoft’s increasingly nasty spat with Google over an employee who jumped ship in July.

    (more…)