Sunday, January 31, 2010

New Google Chrome security features

Posted on 29 January 2010.

The latest release of Google Chrome has integrated five new security features that "make it easier for developers to build secure web sites," writes Adam Barth, one of the software engineers working on the project:

1. ClickJacking Protection with X-Frame-Options
X-Frame-Options lets web sites defend themselves against clickjacking attacks. To do this, the web developer includes the X-Frame-Options: deny HTTP header, which makes sure that the webpage doesn't get loaded inside a frame, making it impossible for attackers to conceal malicious links behind legitimate ones.

2. Reflective XSS Protection
This feature protects against a type of cross-site scripting attack. "The XSS filter checks whether a script that's about to run on a web page is also present in the request that fetched that web page. If the script is present in the request, that's a strong indication that the web server might have been tricked into reflecting the script," describes Barth, and says that unlike in IE8 and NoScript, this filter is "integrated into WebKit, which Google Chrome uses to render webpages".

3. CSRF Protection via Origin Header
This feature was inserted to prevent cross-site request forgery attacks, making it impossible to trick the server into carrying out an action "requested" by a malicious site.

4. Strict-Transport-Security
Enables the browser to force a secure connection. It will always use HTTPS to connect to the site and will treat all HTTPS errors as hard stops (instead of prompting the user to "click through" certificate errors). This feature strengthens the browser's defenses against attackers who control the network," says Barth. "A number of high-security web sites have already started to use the feature, including PayPal. As with all of our security improvements, we hope that every browser will adopt Strict-Transport-Security, making the web, as a whole, more secure."

5. Cross-Origin Communication with postMessage
postMessage provides a richer interaction and more secure communication between frames, and enables the creation of more secure versions of existing gadgets.

Reference url :

Credit to :

Top 5 online privacy tips

Posted on 29 January 2010.
Increasingly sophisticated spam and an ever-changing array of new email-borne malware continue to have a huge impact on the growing levels of loss of sensitive and personal data.

Consumers are already aware of basic techniques to protect themselves from abusive email messages, such as don't give out your email address randomly, think twice before opening messages if you don't know the source and automatically send suspect mail to a spam or bulk folder. Given this increasing variety of spam, how can consumers best protect themselves in an increasingly complex environment?

Message Systems offers a few valuable tips to help thwart spam and protect your online privacy:

Be judicious with whom you share your personal data. Incidents of data loss continue to rise despite increased security measures. Check to see if a company adheres to the OTA’s data privacy and protection principles. The OTA, along with a coalition of industry and business organizations, recently developed the Data Breach and Incident Readiness Planning Guide, a framework to assist businesses and government agencies in establishing data governance and incident plans to increase consumer protection.

Keep kids safe with another layer of protection. Protecting children from offensive messages and images is always a top priority. Consider reconfiguring your email software to prevent automatic rendering of images and links when messages are opened. Parents should also consider installing PC-based software to add an extra layer of protection for their children and monitor their activity for unsafe online practices.

Install software updates. Software vendors regularly provide updates to correct discovered security issues with their applications, such as gaps that might allow cyber criminals to access your data. Keep your operating system, applications, Internet browser and spam/virus filters up to date. Set your system preferences to automatically check for updates at a certain day and time each week, and to remind you to install them. Don't forget to select a day and time that you are likely to be online; otherwise you will not receive the updates or reminders.

Secure your home network. Use a wireless network at home? Make certain that you password protect your network. Otherwise, others may access and use your network for free. If your home computers are networked together to share information, anyone accessing your network can access information on the shared computers or use your computers to send spam.

Friends don't send friends chain email. Don't send chain email. For instance, when you receive an email with a funny joke, don't forward it to everyone that you know. Chain email is a top conduit to spread viruses. If you care about your friends, don't infect their PCs. And if you are the recipient of such a message, don't open it. Delete it without reading it.

Reference Url :

Credit to :

Thursday, January 28, 2010

Dangerous friend requests on Facebook

While analyzing the Koobface trojan, I just made a interesting find. As mentioned in my post “Koobface – the social network trojan” from last year, Koobface uses social networks to spread itself. So let me ask you: What does a trojan need to spread itself on social networking sites? The answer is simple: A valid account. The cybercriminal has two possiblities to obtain valid accounts:

  • Using some phishing tricks to steal credentials
  • Creating fake accounts

There are two reasons why most cybercriminals are trying to phish the credentials from users of social networking sites instead of creating fake accounts by their own:

  • Most of the time the register forms of the social networking sites are protected with a captcha
  • At the moment, there is no reliable method to break captchas

As described in my post about Koobface last year, the Koobface trojan is able to “break” captchas (to be correct, the trojan isn’t able to break captchas rather then it servs the captchas to the infected bots where the captchas will be solved by the users). By using this technique, he is able to create hundreds of faked accounts on social networks (per minute!).

read more at :

Data Privacy Day is January 28, 2010!

Around the globe, people use powerful technologies and devices every day to improve their lives. Businesses develop software, build hardware and provide services designed to enhance individual productivity, communications and safety. We have come to depend on mobile communications, instant access to information, and intelligent services. We are empowered by these technologies in ways that those who have lived before us could never have imagined.

globeDespite all of the benefits of these technologies, doubts and worries persist about just how much personal information is collected, stored, used, and shared to provide these convenient and pervasive tools and services.

Data Privacy Day is an international celebration of the dignity of the individual expressed through personal information. In this networked world, in which we are thoroughly digitized, with our identities, locations, actions, purchases, associations, movements, and histories stored as so many bits and bytes, we have to ask – who is collecting all of this – what are they doing with it – with whom are they sharing it? Most of all, individuals are asking ‘How can I protect my information from being misused?’ These are reasonable questions to ask – we should all want to know the answers.

These are not questions for consumers and citizens alone – business operators must engage in this dialogue as well. They have to question whether they are complying with laws and regulations requiring consumer privacy protections. They know that customers have to trust their technologies and services before they will use and pay for them.

Join in the dialogue among all of the stakeholders – businesses, individuals, government agencies, non-profit groups, academics, teachers and students – to look more thoroughly at how advanced technologies affect our daily lives. We encourage this dialogue and are providing this website as a service to those who care about our common future and our roles as digital citizens and consumers. And let us know what you think – and how you might be able to contribute to the discussion.

more at :

Wednesday, January 27, 2010

Digital fingerprints to identify hackers

Posted on 27 January 2010.
How can you retaliate against a cyber attacker if you don't know who he is? As we have witnessed lately, attribution of an attack is quickly becoming one of the biggest problems that the US defense and cyber security community are facing at the moment.

According to Wired, DARPA, the agency of the US DoD responsible for the development of new technology for use by the military - and of the Internet - has accepted the challenge and will be starting Cyber Genome, a project aimed at developing a “cyber equivalent of fingerprints or DNA”, so that the hacker can be conclusively identified. The project will be set in motion as early as this week.

The agency announced on Monday that they will strive to produce "revolutionary cyber defense and investigatory technologies for the collection, identification, characterization, and presentation of properties and relationships from collected digital artifacts of software, data, and/or users."

The digital artifacts in question will be "collected from live systems (traditional computers, personal digital assistants, and/or distributed information systems such as ‘cloud computers'), from wired or wireless networks, or collected storage media."

Theoretically, this could mean that someday, everybody's "cyber genome" will be known and mapped. But, let's not get ahead of ourselves - first, DARPA will have to see if the idea can be translated to reality.

Credit to :
Url Ref:

Hacker attacks on healthcare organizations double

Posted on 27 January 2010.
Bookmark and Share
SecureWorks reported that attempted hacker attacks launched at its healthcare clients doubled in the fourth quarter of 2009. Attempted attacks increased from an average of 6,500 per healthcare client per day in the first nine months of 2009 to an average of 13,400 per client per day in the last three months of 2009.

In the Fall of 2009, the security community began tracking a new wave of attacks involving the latest version of the Butterfly/Mariposa Bot malware. If a computer is infected with the Butterfly malware, it can be used to steal data stored by the victim's browser (including passwords), launch DDoS attacks, spread via USB devices or peer to peer, and download additional malware onto the infected computer.

SQL Injection attacks target vulnerabilities in organizations' web applications. "We also saw a resurgence of SQL Injection attacks beginning in October," said Hunter King, security researcher with SecureWorks. "They were being launched at legitimate websites so as to spread the Gumblar Trojan. Although SQL Injection is a well known attack technique, we continue to read news reports where it has been used successfully by cyber criminals to steal sensitive data," said King. One of the most recent cases reported involved American citizen Albert Gonzalez who was charged, along with two unnamed Russians, with the theft of 130 million credit card numbers using SQL Injection.

Factors contributing to healthcare attacks:

1. Valuable data stores – Healthcare organizations often store valuable data such as a patient's Social Security number, insurance and/or financial account data, birth date, name, billing address, and phone, making them a desirable target to cyber criminals.

2. Large attack landscape – Because of the nature of their business, healthcare organizations have large attack surfaces. Healthcare entities have to provide access to many external networks and web applications so as to stay connected with their patients, employees, insurers and business partners. This increases their risk to cyber attacks.

Credit to :
Url Ref :

Tuesday, January 26, 2010

The Top 10 Things To Do While Under DDoS Attack

The Top 10 Things To Do While Under DDoS Attack

January 24th, 2010 by Barrett Lyon

In my past decade-plus dealing with distributed denial-of-service attacks, I have noticed a few patterns in the way that companies handle these attacks. Usually when an unprepared virgin company is first attacked, all hell breaks loose. The lack of preparedness causes several chain reactions that make the situation worse. Addressing these most common mistakes ahead of time can help a situation tremendously.

When someone calls me for advice, the first few items I go over have nothing to do with fixing the attack. I’m giving advice that I think is common sense, and I’ve been surprised that others don’t find it obvious.

Here are my Top 10 To-do’s for making life less painful during an attack.

1. Don’t Panic

While the network and your services are exploding and bouncing offline, there must be someone that is comfortable enough to make good decisions. I’ve seen managers freak out and threaten everyone with the prospect of the company collapsing. I think they were trying to motivate people to figure out some solution, but they ended up creating more chaos during an already tough situation.

Once I saw employees hastily rip out the network’s firewalls and re-configure the load balancers. They ended up creating more mess than they had before because they were reacting to an angry and stressed manager.

You are going to create a disaster if you approach with a sledgehammer and wishes. Don’t let anyone make quick changes; try to follow your company’s policies. Sit back, analyze the problem, isolate the actual device that’s failing in the chain, and make an informed–and usually small–adjustment.

If you’re in the 10th hour and things don’t seem to be improving, gather everyone, go away from the office, have a beer, relax for 15 minutes, and talk about something positive. The information flow after that beer might just save you and motivate everyone to do a good job – the solution will come!

2. Create a contact list of external email addresses and phone numbers.

This one is sadistically funny. Most companies host their email, VoIP system, IRC, Wiki, databases, primary storage, etc. all in the same colocation behind the same network connection that hosts their web sites and services. This is, for lack of better words, stupid. All of your digital eggs are in one basket, and that basket is also holding a grenade. A DDoS attack ends up crippling the company’s infrastructure, leaving it with no phones, email, or any communications structure whatsoever.

I’ve seen CEOs of massive companies using their hotmail account and cell phone to contact me because it was their only way of communicating from their multi-million dollar offices.

If you insist on being an “eggs in one basket” company, keep a list of vital email accounts and cell phone numbers on a notepad. That way you can at least call your IT person when everything is down.

3. Setup a “War Room”

Convert your conference room into a war room. Get everyone that has influence in the company in that room. This includes marketing, IT, the CEO, etc. It ensures everyone is on the same page, leaders can lead, and everyone can be in sync.

I typically fill the room with a constant flow of healthy snacks, coffee, and other beverages. If you don’t have anything like that handy, order pizza immediately or send someone shopping.

4. Get one of your guys to the colo ASAP

If you are offline due to DDoS attack, chances are your IT staff cannot log in to the remotely hosted hardware in your datacenters. The easy solution is to physically get them there. They can console in to the hardware and actually see what is going wrong. It’s not fun, but it will result in a much faster resolution to the problem (Make sure they have folding chairs, cash for the vending machines, and serial cables).

5. Find an old hub

Yes, I said hub. You know, those old things that cause collisions? If you’re dealing with an attack and yours is like a lot of companies, it may be difficult for you to set up a traffic monitoring port on your main routers. Assuming you’re setup with Ethernet, at least you can bridge a hub in-line and connect a laptop to the hub and sniff or analyze the traffic!

This is key because having eyes into the data stream really helps figure out how to filter it. Pulling random cables and shutting down random services is not the solution. Make an informed call because you were thoughtful enough to have a hub or SPAN/Mirror port pre-configured.

6. Understand the nature of the attack

There’s a reason you are the target for this attack. Obviously there are a lot of reasons for any given attack, yet understanding the attacker’s motivation is key to creating a better defense strategy.

In the field I have observed a very strange phenomenon; the people working at a victim company usually have a gut feeling about why they are being attacked. So far, their gut instinct has been correct.

Some people know they are being extorted and some people feel it’s a competitor trying to shut them down. Others have a customer that has pissed someone off so the attacker takes down the whole company just to silence one customer. Maybe shutting down the attacker’s target for awhile may actually save the entire ship. Go with your gut on this, make a hypothesis and test it.

7. Document everything

Your business was just smacked around by some bad guys, but what proof do you have? If you don’t have any, then what do you think the law enforcement is going to do for you?

During the attack, lock down all your logs and assign someone within the company to be the custodian of the records. Save server logs, web logs, email logs, any packet capture, network graphs, reports – anything – including a timeline of events.

8. Call your ISP

Your ISP can help, however they have a process to follow. The process usually requires a ticket escalation requirement before you can get real help. If you call early in the attack and open a ticket, that can help you when you really need someone.

Your ISP also has hardware that may be capable of filtering or rate-limiting the attack. The more you know about the attack and you can point them in the right direction, the more they can help you.

They may also suggest you to sign up for their DDoS protection system. Don’t do that right away; reserve that until you are out of all other options. If you do sign up, make sure there is a service level agreement. In the meantime, there are a number of free services you can request:

Null routing of the target IP address
Router ACLs of the top attacking source addresses
New IP addresses
Detailed traffic reports

If you can find the guru at the ISP that knows how to fix these problems, that might be time well spent.

9. Setup “We are down” web hosting services

If the attack is running longer than you had anticipated and you don’t have a solution in sight, you could get your site working at least enough to communicate to your customers.

There are web-hosting companies, which as part of what they do, provide DDoS service level agreements. For a small amount of money you could quickly sign up with several of these companies, upload a “Sorry we’re down, but contact us here” page, and flip your DNS to the cluster of hosted servers.

Your customers will have more confidence in your performance and the attackers may get bored because the attack has not completely shut everything down. If this plan doesn’t work, at least you have diverted some of the attack away from your network.

10. Learn from the event

Post attack can be a blur; everyone is exhausted and burnt out. Mostly, everyone just wants the day-to-day atmosphere to return to status quo. Well, if you’ve been attacked and you did not learn and improve your strategy on how to deal with future attacks, then you are not doing your job.

You should start a review the very day after, while everything is fresh, and make sure that everyone is prepared. Go over what worked, what did not work, and how to improve your system’s overall technology.

Spend the money to fix things properly. Don’t just duct-tape it.

Credit to :

Friday, January 22, 2010

Radio coverage on CSM Advisory re IE vulnerability

On 21/01/2010

Radio 24 – 7.00am – 1.13mins – CyberSecurity Malaysia mengingatkan pengguna Internet supaya berwaspada tentang kelemahan ketara yang terdapat pada browser Microsoft Internet Explorer

Hitz FM – 7.00am – 7secs – CyberSecurity Malaysia is warning Internet users of a critical vulnerability involving the Microsoft Internet Explorer browser

Hitz FM – 8.00am – 30secs – CyberSecurity Malaysia has warned Internet users of a fraud involving Microsoft Internet Explorer which would allow attackers to hack into PC…

Hitz FM – 9.00am – 15secs – CyberSecurity Malaysia is warning Internet users of a critical vulnerability involving the Microsoft Internet Explorer browser, however Microsoft has just announced that issuing a new patch to rectify the problem which will be ready by tomorrow

Lite FM – 7.00am – 8secs – CyberSecurity Malaysia is warning Internet users of a critical vulnerability involving the Microsoft Internet Explorer browser

Lite FM – 8.00am – 40secs – CyberSecurity Malaysia has warned Internet users of a fraud involving Microsoft Internet Explorer…

Mix FM – 7.00am – 7secs – CyberSecurity Malaysia is warning Internet users of a critical vulnerability involving the Microsoft Internet Explorer browser

Mix FM – 8.00am – 40secs – CyberSecurity Malaysia has warned Internet users of a fraud involving Microsoft Internet Explorer…

ERA FM – 8.00am – 24sesc – Pengguna Internet dinasihat berwaspada dengan kelemahan ketara yang terdapat pada Microsoft Internet Explorer, CyberSecurity Malaysia berkata ini kerana komputer pengguna akan diancam virus…

Microsoft To Release Special Update For Internet Explorer Users

KUALA LUMPUR, Jan 21 (Bernama) -- Microsoft Malaysia will release a special "out-of-band" update by midnight on Thursday to address vulnerabilities relating to recent attacks against search engine Google.

The update serves as an additional layer of protection for all supported Internet Explorer users, said the company's national technology officer Dzahar in a statement.

"We highly recommend that customers install the 'out-of-band' update when it becomes available later tonight," he said.

"For customers using automatic updates, this update will automatically be applied once it is released," he added.

Dzahar said this in reference to a statement by CyberSecurity Malaysia yesterday, cautioning Internet users of a critical vulnerability involving Microsoft's Internet Explorer browser.

He also said that to date, the only successful attacks that Microsoft was aware of had been limited and concerned only Internet Explorer 6 (IE6).

For better security protection, Dzahar advised IE6 users to immediately upgrade to Internet Explorer 8 due to its improved security features.

"We continue to monitor the situation and will keep customers apprised of any changes to the situation or threat landscape through the Microsoft Security Response Centre Blog (


url ref:

Kaedah canggih kesan jenayah

sama seperti pakar forensik di hospital, kakitangan Forensik Digital di CyberSecurity juga terlibat dalam membantu menyelesaikan pelbagai jenis kes jenayah.

DUA contoh tersebut adalah antara kes biasa daripada beratus-ratus jenayah siber yang berlaku di negara ini.

Ini belum lagi jenayah siber yang melibat perbankan seperti kad kredit, menggodam laman web (sesawang) atau mewujudkan perang siber.

Jika dahulu penjenayah perlu hadir di tempat kejadian tetapi kini penjenayah boleh melakukan jenayah walaupun tidak berada di lokasi.

Justeru jika terdapat pakar forensik di hospital untuk menyelesaikan kes pembunuhan, rogol atau culik begitu juga dengan dunia siber.

Bagi kes jenayah siber, sebuah agensi di bawah Kementerian Sains Teknologi dan Inovasi (MOSTI) iaitu CyberSecurity Malaysia diberikan peranan yang besar bagi menanganinya.

Ketua Pegawai Eksekutif CyberSecurity Malaysia, Lt. Kol. (B) Husin Jazri berkata, Cyber Forensics yang biasanya digunakan adalah merujuk kepada Forensik Digital.

"Forensik Digital adalah aplikasi kaedah saintifik dalam pemeriksaan dan analisis, yang dilakukan ke atas bahan storan digital yang terlibat dalam siasatan kes jenayah atau sivil.

"Hasil penganalisaan tadi akan digunakan untuk dijadikan bahan bukti digital yang boleh digunapakai di mahkamah," katanya.

Biasanya menurut Husin, golongan yang sering terdedah kepada jenayah siber adalah mereka tidak mendapat pendedahan serta pengetahuannya.

Selain itu mereka yang tidak mengambil berat aspek keselamatan terhadap sistem komputer mereka juga merupakan golongan yang berisiko.

"Biasanya mereka ini melibatkan diri dalam laman rangkaian sosial seperti,, dan

"Di sini, mereka yang kurang pengetahuan mengenai sistem komputer mempunyai risiko tinggi menjadi mangsa kepada jenayah komputer dan jenayah berkaitan dengan dengannya," katanya.

Justeru CyberSecurity Malaysia berperanan memberikan bantuan dari aspek teknikal kepada pihak berkuasa tempatan dalam menjalankan analisis terhadap bahan bukti digital seperti komputer, telefon bimbit dan pemain digital mudah alih.

Husin berkata, CyberSecurity Malaysia berkebolehan untuk menganalisis sebarang jenis media storan digital dan sentiasa berusaha untuk memahami apa yang berlaku atau apa yang disimpan di dalamnya.

kursus dan latihan

CyberSecurity Malaysia juga telah membantu dari segi memberikan kursus dan latihan mengenai forensik digital kepada pegawai-pegawai penguatkuasa kerajaan dan juga membantu Institut Latihan Kehakiman dan Perundangan (ILKAP) dalam modul keselamatan siber.

Selain itu CyberSecurity Malaysia juga terlibat dalam memberikan ceramah berkaitan forensik digital di institut pengajian tinggi awam (IPTA) dan institut pengajian tinggi swasta (IPTS).

Ini termasuk juga memberikan penerangan di program kesedaran yang berkaitan dengan ancaman siber kepada orang awam.

CyberSecurity Malaysia berperanan memberikan bantuan dari aspek teknikal kepada pihak berkuasa tempatan.

Antara jenayah siber yang biasa ditangani terdiri dari penipuan internet, laman web skim cepat kaya, pemalsuan dokumen, penyalahgunaan laman blog untuk menyebarkan fitnah atau hasutan, penyebaran video dan gambar lucah, perisian cetak rompak, kecurian identiti atas talian, atau pencerobohan terhadap sistem maklumat.

Bagaimanapun CyberSecurity Malaysia tidak mengumpul statistik jenayah siber kerana hanya pihak penguatkuasa yang menyimpan rekod jenayah siber.

"Pihak kami hanya menyimpan maklumat dan statistik bagi insiden-insiden yang dirujuk kepada kami melalui Pusat Bantuan Cyber999 dan juga makmal forensik digital sahaja.

"Bagi tahun ini, setakat 30 November 2009, CyberSecurity Malaysia telah membantu pihak berkuasa menganalisis sebanyak 338 kes forensik digital, berbanding 298 kes sepanjang tahun 2008," katanya.

Seperti yang disebutkan, CyberSecurity Malaysia berperanan memberikan bantuan dari aspek teknikal kepada pihak berkuasa tempatan.

Bantuan dari segi kajian dan analisis forensik digital merupakan sebahagian sahaja daripada rangkaian nilai dan proses penyelesaian jenayah siber.

Kebanyakan jenayah di alam siber juga merupakan jenayah di alam nyata, oleh itu undang-undang sedia ada boleh digunakan dan masih digunakan untuk mendakwa pesalah di alam siber.

Sebagai contoh, kita lihat kes-kes hasutan yang biasanya dilakukan di alam nyata, tetapi kini hasutan mula disebarkan melalui alam siber.

Bagaimanapun, Akta Hasutan 1948 tetap digunakan sama ada kesalahan hasutan itu dilakukan melalui alam siber ataupun tidak. (Akta Hasutan 1948 merupakan suatu akta undang-undang di Malaysia yang digubal untuk menghalang perbincangan yang dikatakan sebagai menghasut.)

Akta ini menjadikan ucapan yang "mempunyai kecenderungan menghasut" sebagai suatu kesalahan jenayah).

Ada juga undang-undang yang dirangka khas untuk mengendalikan kes-kes berkaitan alam siber seperti Computer Crime Act 1997 atau Akta Jenayah Komputer 1997 dan juga Akta Komunikasi dan Multimedia 1998.

melengkapkan diri

Akhir sekali Husin berpesan, pengguna hendaklah sentiasa melengkapkan diri dengan pengetahuan dan peraturan semasa berada di alam siber.

Sebarang petua mengenai keselamatan internet dan siber, para pengguna Internet disarankan supaya mengunjungi laman web - yang dibangunkan khusus oleh CyberSecurity Malaysia dalam meningkatkan kesedaran keselamatan Internet dan siber di kalangan rakyat Malaysia.

Pengguna yang ragu-ragu terhadap sesuatu laman web boleh merujuk kepada CyberSecurity Malaysia di URL dan hendaklah merujuk insiden yang dialami kepada khidmat Pusat Bantuan

"Jangan terlibat dengan sebarang bentuk jenayah dan jenayah alam siber adalah sama dengan jenayah yang lain.

"Jika jenayah di alam nyata meninggalkan kesan DNA, penjenayah siber pula meninggalkan jejak bukti digital," katanya.

Orang awam juga boleh mendapatkan sebarang maklumat mengenai ancaman siber di laman web CyberSecurity Malaysia atau menghubungi perkhidmatan Pusat Bantuan Cyber999 jika terdapat sebarang keraguan dan ancaman siber dari masa ke semasa.

Pusat Bantuan Cyber999 yang beroperasi 24 jam sehari boleh dihubungi melalui e-mel: atau telefon 1-300-88-2999 ataupun melalui laporan atas talian di laman web dan ataupun melalui pesanan ringkas (SMS) ke nombor 019-2813801 atau faks ke nombor 03-8945 3442.

ARKIB : 07/01/2010 (

Add to Google

Thursday, January 21, 2010

Dah bukak kembali...

ok all...
sekarang aku dah bukak kembali blog yang satu lagi ni...
dah hampir setahun aku menyembunyikan blog tersebut...
waaa...lama tu...selepas semua content dalam tu aku dah buang..
waaa...takkan nak repost kan content dalam tu...
so aku akan mulakan dengan content yang baru...
blog aku mana la ada theme2 yang heaven and ganas2...
so just for all my friend information about Internet Security, Computer Security dan Connection Security...heheheeheheheeh....that all...

CyberSecurity Warns Internet Users Of Explorer Vulnerability

SERDANG: CyberSecurity Malaysia hari ini mengeluarkan amaran keselamatan kepada semua pengguna Internet yang menggunakan perisian peluncur Microsoft Internet Explorer kerana terdapat unsur kerapuhan yang kritikal.

Ketua Eksekutifnya, Husin Jazri, berkata dalam satu kenyataan hari ini, situasi itu dirujuk sebagai "0-day" kerana kerapuhan itu didedahkan disebabkan belum ada tampalan (patch) yang disediakan oleh vendor terbabit.

"Kerapuhan itu dengan mudah boleh dieksploitasi jika pengguna melawat laman web yang dicipta oleh penyerang. Penyerang akan menghantar URL (alamat laman web) kepada pengguna menggunakan email untuk mengelirukan mereka, sedangkan mereka sebenarnya memasuki ke laman yang berniat jahat," katanya.

Beliau berkata, kerapuhan itu juga boleh digunakan oleh pencipta kod yang berniat jahat untuk memasang komputer dengan pelbagai ancaman seperti trojan atau virus untuk menyerang komputer mangsa.

credit :
article url :

other article url :

technical reference :