[Owasp-Malaysia] Owasp-Malaysia Digest, Vol 27, Issue 31

darxlord at gmail.com darxlord at gmail.com
Tue Jan 11 04:58:55 EST 2011


ntuk antivirus,myb bleh gune clamwin.xyah bayar.internet pn ok gak streamyx tu

Sent by DiGi from my BlackBerry® Smartphone

-----Original Message-----
From: owasp-malaysia-request at lists.owasp.org
Sender: owasp-malaysia-bounces at lists.owasp.org
Date: Tue, 11 Jan 2011 05:25:26 
To: <owasp-malaysia at lists.owasp.org>
Reply-To: owasp-malaysia at lists.owasp.org
Subject: Owasp-Malaysia Digest, Vol 27, Issue 31

Send Owasp-Malaysia mailing list submissions to
	owasp-malaysia at lists.owasp.org

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.owasp.org/mailman/listinfo/owasp-malaysia
or, via email, send a message with subject or body 'help' to
	owasp-malaysia-request at lists.owasp.org

You can reach the person managing the list at
	owasp-malaysia-owner at lists.owasp.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Owasp-Malaysia digest..."


Today's Topics:

   1. Re: Joomla design for simpleLinux GNU/Linux [template]
      (Hazrul Hamzah)
   2. Re: Joomla design for simpleLinux GNU/Linux	[template]
      (simpleLinux)
   3. Re: Joomla design for simpleLinux GNU/Linux	[template]
      (Mohd Fazli Azran)
   4. Re: Joomla design for simpleLinux GNU/Linux	[template]
      (Shaiffulnizam Mohamad)


----------------------------------------------------------------------

Message: 1
Date: Mon, 10 Jan 2011 22:19:38 -0800
From: "Hazrul Hamzah" <hazrul at hazrulnz.net>
Subject: Re: [Owasp-Malaysia] Joomla design for simpleLinux GNU/Linux
	[template]
To: owasp-malaysia at lists.owasp.org
Message-ID:
	<348d33df9be9a7e2d4a53b42ff6c6e18.squirrel at webmail.hazrulnz.net>
Content-Type: text/plain;charset=iso-8859-1

Before that bro, perhaps in order to avoid any entanglement with the LEA
we shud clarify few things.

a). The said systems location? In country?
b). Who own the system? Own in sense of you have this system in your own
premise, using your own subscribed line etc
c). Will the exercise involve any internet connection? Or just within LAN?

If everything is belong to you, I dun see any prob but if other parties
involved (providers, ISPs, etc) then I believe in requesting consent or
authorization in written.

Lesson learned bro, I've seen people who learned from the hard way ;)

thanks and cheers


> so the red team arrange a series of attacks on the server, while the blue
> team will detect the vulnerabilities... sounds great. my Joomla networking
> comes from absolute zero security mod, while have about 3 vulnerable mod
> such as mod_rewrite etc etc..
>
> an "exercise" should be best, it surely benefits much. so.. who want to
> nicely and prudently "hack" me?
>




------------------------------

Message: 2
Date: Tue, 11 Jan 2011 14:24:45 +0800
From: simpleLinux <2fzweb at gmail.com>
Subject: Re: [Owasp-Malaysia] Joomla design for simpleLinux GNU/Linux
	[template]
To: hazrul at hazrulnz.net, 	"Open Web Application Security Project
	(OWASP) Malaysia Local Chapter"	<owasp-malaysia at lists.owasp.org>
Message-ID:
	<AANLkTin_U7XZVHDnysHu6QwY50FWRgdrkOrcbqY3X9vX at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

a) The system location is Malaysia. the dns hosting is mschosting.com for
sure.
ns101.mschosting.com > simplelinux.my
b) My friend and I own the system. the directory is
/public_html/simplelinux/alpha > simpleLinux.my. this is a shared hosting
c) I don't sure..

perhaps my server is hard to be hacked ";)" because it's a shared server, or
perhaps, not... or should I just touch up the system... [dunno to much about
this mod-mod and .htaccess things

On Tue, Jan 11, 2011 at 2:19 PM, Hazrul Hamzah <hazrul at hazrulnz.net> wrote:

> Before that bro, perhaps in order to avoid any entanglement with the LEA
> we shud clarify few things.
>
> a). The said systems location? In country?
> b). Who own the system? Own in sense of you have this system in your own
> premise, using your own subscribed line etc
> c). Will the exercise involve any internet connection? Or just within LAN?
>
> If everything is belong to you, I dun see any prob but if other parties
> involved (providers, ISPs, etc) then I believe in requesting consent or
> authorization in written.
>
> Lesson learned bro, I've seen people who learned from the hard way ;)
>
> thanks and cheers
>
>
> > so the red team arrange a series of attacks on the server, while the blue
> > team will detect the vulnerabilities... sounds great. my Joomla
> networking
> > comes from absolute zero security mod, while have about 3 vulnerable mod
> > such as mod_rewrite etc etc..
> >
> > an "exercise" should be best, it surely benefits much. so.. who want to
> > nicely and prudently "hack" me?
> >
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>



-- 
*Fariz Luqman*
The Chairman of SimpleLinux
Visit: http://www.simplelinux.tk
Fb: http://facebook.com/simpleLinux

"There IS a Malaysian Linux Distro"

---
Facebook: facebook.com/farizluqman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20110111/3f682552/attachment-0001.html 

------------------------------

Message: 3
Date: Tue, 11 Jan 2011 17:07:15 +0800
From: Mohd Fazli Azran <mfazliazran at gmail.com>
Subject: Re: [Owasp-Malaysia] Joomla design for simpleLinux GNU/Linux
	[template]
To: "Open Web Application Security Project (OWASP) Malaysia Local
	Chapter"	<owasp-malaysia at lists.owasp.org>
Message-ID:
	<AANLkTi=JMb4UVzp=_CkNc8bypH8Qcamf8BBu=ndUfhsT at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

To all,

About the competiton it will great to have one in Malaysia. OWASP Malaysia
are welcome any individu/organisation/agency/university want startup the
ground work/ paperwork or any proposal that might help to be done to run
this competition. Thanks

On Tue, Jan 11, 2011 at 2:24 PM, simpleLinux <2fzweb at gmail.com> wrote:

> a) The system location is Malaysia. the dns hosting is mschosting.com for
> sure.
> ns101.mschosting.com > simplelinux.my
> b) My friend and I own the system. the directory is
> /public_html/simplelinux/alpha > simpleLinux.my. this is a shared hosting
> c) I don't sure..
>
> perhaps my server is hard to be hacked ";)" because it's a shared server,
> or perhaps, not... or should I just touch up the system... [dunno to much
> about this mod-mod and .htaccess things
>
> On Tue, Jan 11, 2011 at 2:19 PM, Hazrul Hamzah <hazrul at hazrulnz.net>wrote:
>
>> Before that bro, perhaps in order to avoid any entanglement with the LEA
>> we shud clarify few things.
>>
>> a). The said systems location? In country?
>> b). Who own the system? Own in sense of you have this system in your own
>> premise, using your own subscribed line etc
>> c). Will the exercise involve any internet connection? Or just within LAN?
>>
>> If everything is belong to you, I dun see any prob but if other parties
>> involved (providers, ISPs, etc) then I believe in requesting consent or
>> authorization in written.
>>
>> Lesson learned bro, I've seen people who learned from the hard way ;)
>>
>> thanks and cheers
>>
>>
>> > so the red team arrange a series of attacks on the server, while the
>> blue
>> > team will detect the vulnerabilities... sounds great. my Joomla
>> networking
>> > comes from absolute zero security mod, while have about 3 vulnerable mod
>> > such as mod_rewrite etc etc..
>> >
>> > an "exercise" should be best, it surely benefits much. so.. who want to
>> > nicely and prudently "hack" me?
>> >
>>
>>
>> _______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebook
>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
>
>
>
> --
> *Fariz Luqman*
> The Chairman of SimpleLinux
> Visit: http://www.simplelinux.tk
> Fb: http://facebook.com/simpleLinux
>
> "There IS a Malaysian Linux Distro"
>
> ---
> Facebook: facebook.com/farizluqman
>
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20110111/2a587dd3/attachment-0001.html 

------------------------------

Message: 4
Date: Tue, 11 Jan 2011 17:27:36 +0800
From: Shaiffulnizam Mohamad <shaifful at joomla.my>
Subject: Re: [Owasp-Malaysia] Joomla design for simpleLinux GNU/Linux
	[template]
To: "Open Web Application Security Project (OWASP) Malaysia Local
	Chapter"	<owasp-malaysia at lists.owasp.org>
Message-ID:
	<AANLkTi=_+CGxUqTVNaSWOBq_0oEmmK8bV_zF1AFmHKEk at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

My own VPS located at egypt, protected with CloudFlare :)
Basic Joomla 1.6, no mod_rewrite, system run on debian lenny,
basic firewall system. Please check the site. https://sslcheckoutnow.com
Do I need to provide my dedicated IP? I don't think so. Hehehe, try to guest
my site and my IP. Deface it as you need.
I don't care,* but please. Provide me what you have done*, if you can deface
it. It will really helps a lot of people, and the person who can deface it.
Win get a prize worth RM 300 of Joomla! Goodies.

On Tue, Jan 11, 2011 at 5:07 PM, Mohd Fazli Azran <mfazliazran at gmail.com>wrote:

> To all,
>
> About the competiton it will great to have one in Malaysia. OWASP Malaysia
> are welcome any individu/organisation/agency/university want startup the
> ground work/ paperwork or any proposal that might help to be done to run
> this competition. Thanks
>
>
> On Tue, Jan 11, 2011 at 2:24 PM, simpleLinux <2fzweb at gmail.com> wrote:
>
>> a) The system location is Malaysia. the dns hosting is mschosting.com for
>> sure.
>> ns101.mschosting.com > simplelinux.my
>> b) My friend and I own the system. the directory is
>> /public_html/simplelinux/alpha > simpleLinux.my. this is a shared hosting
>> c) I don't sure..
>>
>> perhaps my server is hard to be hacked ";)" because it's a shared server,
>> or perhaps, not... or should I just touch up the system... [dunno to much
>> about this mod-mod and .htaccess things
>>
>> On Tue, Jan 11, 2011 at 2:19 PM, Hazrul Hamzah <hazrul at hazrulnz.net>wrote:
>>
>>> Before that bro, perhaps in order to avoid any entanglement with the LEA
>>> we shud clarify few things.
>>>
>>> a). The said systems location? In country?
>>> b). Who own the system? Own in sense of you have this system in your own
>>> premise, using your own subscribed line etc
>>> c). Will the exercise involve any internet connection? Or just within
>>> LAN?
>>>
>>> If everything is belong to you, I dun see any prob but if other parties
>>> involved (providers, ISPs, etc) then I believe in requesting consent or
>>> authorization in written.
>>>
>>> Lesson learned bro, I've seen people who learned from the hard way ;)
>>>
>>> thanks and cheers
>>>
>>>
>>> > so the red team arrange a series of attacks on the server, while the
>>> blue
>>> > team will detect the vulnerabilities... sounds great. my Joomla
>>> networking
>>> > comes from absolute zero security mod, while have about 3 vulnerable
>>> mod
>>> > such as mod_rewrite etc etc..
>>> >
>>> > an "exercise" should be best, it surely benefits much. so.. who want to
>>> > nicely and prudently "hack" me?
>>> >
>>>
>>>
>>> _______________________________________________
>>> Owasp-Malaysia mailing list
>>> Owasp-Malaysia at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>
>>> OWASP Malaysia Wiki
>>> http://www.owasp.org/index.php/Malaysia
>>>
>>> OWASP Malaysia Wiki Facebook
>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>
>>
>>
>>
>> --
>> *Fariz Luqman*
>> The Chairman of SimpleLinux
>> Visit: http://www.simplelinux.tk
>> Fb: http://facebook.com/simpleLinux
>>
>> "There IS a Malaysian Linux Distro"
>>
>> ---
>> Facebook: facebook.com/farizluqman
>>
>>
>>
>> _______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebook
>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20110111/3447b72d/attachment.html 

------------------------------

_______________________________________________
Owasp-Malaysia mailing list
Owasp-Malaysia at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-malaysia

OWASP Malaysia Wiki
http://www.owasp.org/index.php/Malaysia

OWASP Malaysia Wiki Facebook
http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420

End of Owasp-Malaysia Digest, Vol 27, Issue 31
**********************************************


More information about the Owasp-Malaysia mailing list