Paul Ooi

Blog

  • Haze is back?

    Haze is back? I can’t see KL Tower in the morning, I went to visit Malaysia Department of Environment website, no update for today API.


    Usual view

  • A website, for my beloved teacher

    Today is the 4th day since my teacher passed away. Every night I dream the unforgetable moment in primary school. He was a good teacher.

    I want to dedicate the website www.chanboonheng.com to him. Every one is welcome to write a poem or article for him. I hope all his students, friends and teachers will always remember him. Whenever you think of him, you can visit the website and leave him a message.

  • 我的后代怎样生存?

    最近一直在读有关我老师坠死的新闻,到现在我还是很难的接受。越读越气,越读越“猪懒”。

    我母校已经在年头要求政府拨款维修,但是竟然没得到政府的回应。试问下教育部门到底在干什么?或者是因为是华校?吉华华小或高中,是亚罗士打的数一数二名校,一向来都是华社的帮助才能生存下去。现在人死了才拨出RM50,000来维修,那么是不是任何事都要牺牲了一条人命才有所行动?

    “我们”在这里被“他们”说我们来“他们”的地方,甚至有部长在国会里叫“我们”离开这里,部长竟然会说这种话是不是引“我们”的民愤,或是帮“他们”说出心声?那我就会想,我后代怎样在这“他们”的土地生存?

  • Hack In The Box Training

    Due to some reason, I can’t attend Hack In The Box Tech Training I – Web Application – Attack and Defence. I am selling my seat ticket to other people who are interest at the price of RM1800.

    For those who are interested, please contact me at 012 454 6360 or email to paul [at] takizo.com

    What will Web Application – Attack and Defence covered?

    Introduction to web applications
    1. Components of a web application
    2. Basics of web technologies and protocol information
    3. Evolution of technologies and impact on security
    4. Understanding other basic web security-related concepts
    5. Learning tools like netcat, achilles etc. to understand its usage and
    6. Application. (Hands on for the group)

    Web Hacking – Areas of attack

    Various attacks will be covered in detail with demonstration followed by hands on exercises. Following is a brief list of attacks.

    1. Cross-site scripting attacks
    2. SQL Query Injection
    3. Session Hijacking
    4. Buffer Overflows
    5. Java Decompilation
    6. HTTP brute forcing
    7. Trojan Horses and Malware products
    8. Form Manipulation, Query Poisoning
    9. Input Validation,Parameter Tampering
    10. Authentication
    11. Information leakage
    12. File operations
    13. Client-side manipulations
    14. Cryptography
    15. Error/Exception handling

    Attack and Defense strategies
    1. Impact of attacks
    2. Risk analysis
    3. Countermeasures
    4. Defense strategies and methods

    Assessment Methodology and Defending Applications
    1. Footprinting and Discovery
    2. Reconnaissance – Profiling a web application
    3. Black-box and White-box testing
    4. Exploiting vulnerabilities
    5. Defending applications
    6. Secure coding strategies

    Web Services Assessment
    1. Footprinting
    2. Discovery
    3. Technology Identification
    4. Attack vector for web services
    5. Defense methods
    6. Toolkit – wsChess (http://www.net-square.com/wschess) play around and learn more from Author of the toolkit.

    Hands-on : The training programme will end with an “assessment challenge” – a live Web Application. Working with time constraints, participants are expected to analyze the application, identify and exploit loopholes and apply all defense strategies learnt, to secure the application.

    For more information, check our Hack In The Box website

  • What Web Application sell?

    I am reading news in China Press website, accidentally bumped into an Ah Long(loan shark) banner.. We have very popular online banking company named Maybank2u, and now I think online loan shark will be popular in the future.

    So what is next application I wanted to invent? I think is an online ah-long application. What does the application do.. heh! It must be a lot of functions.. Let me brainstorm some.. and give me more idea..

    Centralize Black Listed Database
    There will be a central black listed database to store people who borrow money with Ah Long A,B,C. It’s like our current banking system, if you are black listed in our system, the loan shark will not borrow you the money, or still borrow, but more interested, or more thing to deposit. Then I will charge Ah Long A, B, C who want to grab black listed people, initially, I also can offer the black listed name to Bank, so they will loan out money for car/house.

    Application Processing
    There will be a system where by borrower stand in front of the camera, capture their picture, scan their thumbs, and register them as MEMBER :P. So Ah Long can keep track how much they borrow, and next time when they want to borrow it, just scan their thumb. If they didn’t return money, picture will publish on the website to black listed them.

    Cash Flow Analyses
    When all the data is inside the database, we can do analyse all the cash flow. How much is the potential rate can earn, how much money has been throw out. Which month is highest people who borrow, and interested rate can auto float base on the cash flow 😀

    Hunter
    There will be hunter membership as well, what hunter do? Hunter is the people who go to get back money from borrower. What they need to do is login to the system, check who is the person they need to find which is assigned by the system. There will be commission track how much they get, and the more they get back the money, the higher commission they get, so it motivate them to annoying the borrower return the money.

    Ah-Long unit trust
    There will be an investment link for investor invest into the cash pool. While we have the best system to analyse the risk and control the cash flow. Investors actually can login to the system and check their investment return potential.

    Referal program
    While the borrower want to earn some side income, they can do member get member commission, introduce their friend and get some commission, and the more level they have the higher potential of the income they will get.

    Reward Program
    They system can track the member/borrower who return the money on time and reward them some gift like lower interest rate, free lunch voucher or accumulate the point to exchange bicycle, Plasma TV and etc..

    SMS Alert/Reminder
    SMS system can send out latest interest rate and also remind the borrower return the money as soon as possible. Beside that, AhLong can do an SMS advertisement 😛

    Beside application, there are some other part will benefit me.

    Co-location
    More server co-location business, why server co-lo? Better security

    Security Protection Fees
    When everything come to online, there must be good secutiry to protect the data, so can charge them secutiry fees.

    Application Update/Patch
    When there is some update/patch of the application, can charge them some application upgrade fees.

    So, potential business right? 😛 Just a joke!