me, just me

Me, Just Me, Blog of Chang Gee Guan

Archive for August, 2008

Pages (3): « 1 2 3 »

Joomla Vulnerable Issue

Author: chang

21 Aug

Just received this email. Worth Sharing...

21/08/2008 05:33 PM
Adalah dimaklumkan bahawa GCERT telah menerima makluman bahawa terdapat kelemahan pada aplikasi Joomla! versi 1.5.x yang digunakan oleh beberapa laman web agensi kerajaan yang terdedah kepada ancaman password reset bagi akaun Administrator secara jarak jauh.

Kelemahan tersebut akan membolehkan kata laluan bagi 'Administrator' diubah dan seterusnya membolehkan penceroboh menukar maklumat yang terdapat pada laman web berkenaan. Penceroboh juga berupaya untuk memasukkan backdoor ke server berkenaan dan seterusnya mendapat kawalan penuh terhadap server web tersebut.

NOTA MAKLUMAN GCERT BIL. 4/2008

PADA 14 OGOS 2008

KETERANGAN ANCAMAN

Nama dan Jenis Ancaman
Joomla "token" Password Change Vulnerability
(Pencerobohan Laman Web)

Tarikh Dikesan
13 Ogos 2008

Bilangan Agensi Terlibat
Semua agensi yang menggunakan Joomla! CMS versi 1.5.x

Sistem Pengoperasian/Aplikasi Berisiko
Joomla! CMS versi 1.5.0 - 1.5.5

Kaedah Serangan
Penceroboh boleh reset kata laluan bagi akaun pertama yang masih aktif (kebiasaannya adalah akaun Administrator)

Kesan Serangan
Penceroboh akan login sebagai 'Administrator' dan berupaya membuat pelbagai perubahan termasuk mengubah kandungan laman web, mencipta akaun pengguna yang baru, memuat naik backdoor, memasang perisian bot, dll.

Cadangan Tindakan Pengukuhan
1. Menukar (rename) akaun (login ID) 'Administrator' ke nama yang lain.
2. Menukar (rename) folder 'administrator' ke nama yang lain.
3. Menaiktaraf Joomla! CMS ke versi 1.5.6 atau audit source code bagi fail 'reset.php'

Maklumat Lanjut
1. http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html
2. http://secunia.com/advisories/31457/
3. http://gcert.mampu.gov.my/index.php?option=com_content&task=view&id=209&Itemid=1

"BERKHIDMAT UNTUK NEGARA"

Government Computer Emergency Response Team (GCERT)
Aras 3, Blok B2
Bahagian Keselamatan ICT
MAMPU, Jabatan Perdana Menteri
62502 PUTRAJAYA
No. Tel: 03-8888 2273
No. Faks: 03-8888 3201

  • 1 Comment
  • Filed under: my posts

    • Iklan Petronas

    Author: chang

    21 Aug

    Iklan Petronas yang best!

    Selamat Menyambut Kemerdekaan ke-51

  • 0 Comments
  • Filed under: my posts

    • Sharing… Think bout it

    Author: chang

    20 Aug

    Lesson 1
    A man is getting into the shower just as his wife is finishing up her shower, when the doorbell rings.

    The wife quickly wraps herself in a towel and runs downstairs.
    When she opens the door, there stands Bob, the next-door neighbour.
    Before she says a word, Bob says, 'I'll give you $800 to drop that towel.'
    After thinking for a moment, the woman drops her towel and stands naked in front of Bob, after a few seconds, Bob hands her $800 and leaves.
    The woman wraps back up in the towel and goes back upstairs.
    When she gets to the bathroom, her husband asks, 'Who was that?'
    'It was Bob the next door neighbour,' she replies.
    'Great,' the husband says, 'did he say anything about the $800 he owes me?'
    Moral of the story
    If you share critical information pertaining to credit and risk with your shareholders in time, you may be in a position to prevent avoidable exposure.
    Lesson 2
    A priest offered a Nun a lift.

    She got in and crossed her legs, forcing her gown to reveal a leg.
    The priest nearly had an accident.
    After controlling the car, he stealthily slid his hand up her leg.
    The nun said, 'Father, remember Psalm 129?'
    The priest removed his hand. But, changing gears, he let his hand slide up her leg again.
    The nun once again said, 'Father, remember Psalm 129?'
    The priest apologized 'Sorry sister but the flesh is weak.'
    Arriving at the convent, the nun sighed heavily and went on her way.
    On his arrival at the church, the priest rushed to look up Psalm 129. It said, 'Go forth and seek, further up, you will find glory.'
    Moral of the story
    If you are not well informed in your job, you might miss a great opportunity.
    Lesson 3
    A sales rep, an administration clerk, and the manager are walking to lunch when they find an antique oil lamp.

    They rub it and a Genie comes out.
    The Genie says, 'I'll give each of you just one wish.'
    'Me first! Me first!' says the admin clerk. 'I want to be in the Bahamas , driving a speedboat, without a care in the world.'
    Puff! She's gone.
    'Me next! Me next!' says the sales rep. 'I want to be in Hawaii , relaxing on the beach with my personal masseuse, an endless supply of Pina Coladas and the love of my life.'
    Puff! He's gone.
    'OK, you're up,' the Genie says to the manager.
    The manager says, 'I want those two back in the office after lunch.'
    Moral of the story
    Always let your boss have the first say.
    Lesson 4
    An eagle was sitting on a tree resting, doing nothing.
    A small rabbit saw the eagle and asked him, 'Can I also sit like you and do nothing?'
    The eagle answered: 'Sure, why not.'
    So, the rabbit sat on the ground below the eagle and rested. All of a sudden, a fox appeared, jumped on the rabbit and ate it.
    Moral of the story
    To be sitting and doing nothing, you must be sitting very, very high up.
    Lesson 5
    A turkey was chatting with a bull.

    'I would love to be able to get to the top of that tree' sighed the turkey, 'but I haven't got the energy.'
    'Well, why don't you nibble on some of my droppings?' replied the bull. They're packed with nutrients.'
    The turkey pecked at a lump of dung, and found it actually gave him enough strength to reach the lowest branch of the tree.
    The next day, after eating some more dung, he reached the second branch..
    Finally after a fourth night, the turkey was proudly perched at the top of the tree.
    He was promptly spotted by a farmer, who shot him out of the tree.
    Moral of the story
    Bull Shit might get you to the top, but it won't keep you there.
    Lesson 6
    A little bird was flying south for the winter. It was so cold the bird froze and fell to the ground into a large field.

    While he was lying there, a cow came by and dropped some dung on him.
    As the frozen bird lay there in the pile of cow dung, he began to realize how warm he was.
    The dung was actually thawing him out!
    He lay there all warm and happy, and soon began to sing for joy.
    A passing cat heard the bird singing and came to investigate.
    Following the sound, the cat discovered the bird under the pile of cow dung, and promptly dug him out and ate him.
    Morals of the story
    (1) Not everyone who shits on you is your enemy.
    (2) Not everyone who gets you out of shit is your friend.
    (3) And when you're in deep shit, it's best to keep your mouth shut!

  • 3 Comments
  • Filed under: my posts

    • ADORE YOURSELF

    Author: chang

    17 Aug

    The seed of God is in us. Pear seeds grow into pear trees, nut seeds into nut trees, and God seeds into God.

    -Meister Eckhart-

    Often we may feel critical and judgmental about our maturity or personality. When we read that we have God seeds within us, we may find it difficult to believe. How can we have the God seeds within us that other people have? It may seem that everyone else has more good within them than we have.

    Just as we admire certain qualities about other people, so can we admire quality about ourselves. We need to remember that a good critic looks at both the good and the bad. A good critic doesn't pass judgment, but merely assembles the facts to allow others to make judgments.

    The seeds that grow pear trees don't yield perfect fruits. Some of the fruits are ripe and juicy, some are hard and dry and some never mature. Yet the pear tree will be a good tree, if it is tended with care. So it is with us. Every part of us may not be perfect, but with care we can make the best person possible from the God seed that began us.

    I can be a healty, bountiful person, if I give myself plenty of care, in future, I won't give up on me!

  • 0 Comments
  • Filed under: my posts

    • Graduation Ceremony for Infosys Foundation Programme 2008

    Author: chang

    15 Aug

    Event: Graduation Ceremony for Infosys Foundation Programme 2008
    Date: 14th August 2008
    Venue: Auditorium, Melaka International Trade Centre

    At last, after been postponed from the original date of 19 July, the Ministry of Higher Education had requested UTeM to held this event on 14th August.
    This time UiTM and UTHM which conducted the programme for the first time also joint us at MITC.
    As usual, i m involving in this programme too. This time as an emcee. Nervous but managed to do my best. Thanks alot for Emma's script and supports.

    Well, still waiting for pictures from the event, will update this entry when got the pictures.  ;-)

  • 1 Comment
  • Filed under: my posts
    • Pages (3): « 1 2 3 »

    My Blog in Mobile

    Calendar

    February 2012
    M T W T F S S
    « Mar «-»  
     12345
    6789101112
    13141516171819
    20212223242526
    272829  

    My Java Articles

    Giveaway of the Day

    Giveaway of the Day

    Facebook Widget

    About Me

    Chang Gee Guan
    Name: Chang Gee Guan
    A not Chinese or Indian looking Chinese-Indian mixed guy.
    Born on 28 August 1982.
    Currently Studying Master of ICT at UTeM

    Signature

    Blog Stats

    Visits today: 51
    Total visits: 17200
    Visitors online: 3
    This month visits: 21
    Since : July 2, 2008
    OS:
    Top OS: Windows XP
    Browsers:
    Top Browser: Page: Home

    me, just me - MoFuse

    What you want to say?

    blogexplosion

    Live traffic feed

    Copyright © 2007 - me, just me - is proudly powered by WordPress
    Illacrimo Theme is created by: Design Disease brought to you by LifeSpy.