Tuesday, December 30, 2008

Memerangi "phishing" dengan "Phish"

"Phishing" memanipulasi kejahilan pengguna Internet dan ketidaktahuan mereka mengenai protokol, URL dan sebagainya yang berkait.

Untuk menguji samada anda benar-benar mampu untuk mengenalpasti laman "phishing", cubalah main permainan ini!

klik sini

Monday, December 22, 2008

Unlucky John

apt-get install lame john
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
john lame
0 upgraded, 2 newly installed, 0 to remove and 27 not upgraded.
Need to get 823kB of archives.
After this operation, 1901kB of additional disk space will be used.
Get:1 http://my.archive.ubuntu.com hardy/main john 1.6-40.3ubuntu1 [548kB]
Get:2 http://my.archive.ubuntu.com hardy/multiverse lame 3.97-0.0 [275kB]
Fetched 823kB in 55s (14.9kB/s)
Selecting previously deselected package john.
(Reading database ... 258521 files and directories currently installed.)
Unpacking john (from .../john_1.6-40.3ubuntu1_i386.deb) ...
Selecting previously deselected package lame.
Unpacking lame (from .../lame_3.97-0.0_i386.deb) ...
Setting up john (1.6-40.3ubuntu1) ...

Setting up lame (3.97-0.0) ...

Sunday, December 21, 2008

Publication listed in PNM

PNM - Perpustakaan Negara Malaysia (?) indexed my publication into their database:


Author Muhammad Najmi Ahmad Zabidi
Main Title Projek lokalisasi perisian sumber terbuka : usaha perkembangan, harapan dan realiti / Muhammad Najmi Ahmad Zabidi
Host Item Free and Open Source Software conference : 2003: Subang Jaya p. 105-113
Subject Open source software
Subject Computer software
Notes Bibl.
Call No. (Rujukan) 005.309595 FRE f M
Record Status

Monday, December 15, 2008

Walimah@ Bagan Datoh on 26th Jan 2009


*and we shall accumulating, categorizing excuses for not attending the event.

Tuesday, December 02, 2008

Life with Due Dates

Nikah 26 Okt 2008
Father in Law passed away 19 Nov 2008
TOEFL 10 Jan 2009
GRE 5 Feb 2009

My death? My first baby born?

Thursday, November 20, 2008

Malware Challenge 2008 Results


Contest Results

In all, we received 29 submissions to the contest. All of the papers showed their own unique approach to the challenge which made it very difficult to pick who received any prizes. However, after reading through all the submissions we picked the ones we felt were written the best, performed the best analysis and demonstrated theri knowledge in a way which was most learnable by others.

Top 3 Submissions

Runner Ups

* Those marked are not eligible to receive prizes since they reside outside of North America. However, we wanted to recognize their excellent contribution to the contest.

Rest of Submissions

Monday, November 17, 2008

List of CS schools in US which offering Phd

Refer here

Wednesday, November 12, 2008

Skype-pidgin plugin

I found skype-pidgin plugin. You can download it here

Tuesday, November 11, 2008

Hamming's advice

If you're in pursuit of research problem ... read this

Monday, November 10, 2008

Online Interview

I gonna have online interview this Wednesday 2PM (NL time). Good luck to me

Thursday, October 23, 2008

Offline(hopefully) enjoying *real life*

Your hot blog author will be offline, soul searching for real life out there. He will be back once he got something to blog. But somehow since he got dial up access in kampung, he might hardly to offline unless his mum pinches him.

I just wonder whether this blog has its own reader. Looking at the traffic it tells somebody's here.

Wednesday, October 22, 2008

Open Problem : Why should I go to US for Phd?

I already bought TOEFL/GRE books and that cost me around RM180(approx USD60). Now that I discussed and influeced by several ideologies I become hesitate again with the effort.

Where should I go for my Phd study?

I was initially plan to AUS but then after several search, I don't really think I'm interested to work with the topic.. though under the security theme. Next, I was phone interviewed by an interviewer from UK but seems the sponsoring institution no longer favor on sponsoring students to UK. Also, thinking of doing only research will lead to the real depth of micro problem, I'm thinking to get exposed to broader issue/circulation of the intended problem.

What that suppose to mean?

It means I have a thought to master several areas related to my research interest. Say, my research interest will be around malware analysis. I would like to learn on Machine Learning, which under the AI theme, also, Systems Programming since dealing with OS stuffs.

But looking in the US graduate coursework curriculum somehow that will not necessarily happened since they ask for "Breadth" requirement, which usually falls under Theory of Computation which I never learned, and also, some other requirement.

I did ask one of the Prof then, will they accept with this deficiency, he said;

I can evaluate/decide/advise on your admission once I got your GRE score.

Seems that GRE is that important it can be a complement of your coursework deficiency? Some school such as Purdue's CS school don't even bother GRE but the requirement explicitly put average student admitted got 3.7 CGPA. That will answer everything.

Nevertheless, I think I should proceed with GRE, though it cost me USD170 . TOEFL, however still can be used for any institution admission requirement. 

Tuesday, October 21, 2008

Read only if you have time for ALLAH
إقرأه فقط إن كنت تمتلك وقت لـ الله

Let me tell you, make sure you read all the way to the bottom. I almost deleted this email but I was blessed when I got to the end
دعني أخبرك، تأكد أنك ستقراه الى النهاية. لقد كدت احذفه ولكني بوركت عندما وصلت إلى نهايته

ALLAH,'This is the message title'!!
when I received this e-mail, I thought...
' الله ' هو عنوان الرسالة !! عندما وصلتني هذه الرسالة, فكرت....

I don't have time for this... And, this is really inappropriate during work.
أنه ليس لدي الوقت لمثل هذه الأشياء وأنه ليس من المناسب أن اقرأ مثل هذه الأشياء خلال العمل

Then, I realized that this kind of thinking is.... Exactly, what has caused lot of the problems in our world today.
بعد ذلك انتبهت, أن هذا النوع من التفكير هو تماماً السبب في جعل عالمنا مليء بالمشاكل حالياً

We try to keep ALLAH in MASJIDS on FRIDAY...
لقد حاولنا جعل الله والدين في المساجد أيام الجمعة

Maybe, FRIDAY night...
أو ليلة الجمعة

And, the unlikely event of a MAGHRIB SALLAH.
وصلاة المغرب أحيانا

We do like to have ALLAH around us during sickness...
نحن بالفعل نحب أن نذكر الله في فترة المرض

And, of course, at funerals.وطبعا ً في الجنائز

However, we don't have time, or room, for ALLAH during work or play...
ولكن ليس لدينا الوقت أو المساحة لكي نذكر الله خلال العمل أو اللعب

Because.. That's the part of our lives we think.... We can, and should, handle on our own.
لأن هذا الوقت من حياتنا الذي نعتقد فيه أنه يمكننا و يجب علينا الاعتماد على انفسنا في تلك الامور

May ALLAH forgive me for ever thinking...
يا الله سامحني على هذا النوع من التفكير

That... there is a time or place where..
ALLAH is not to be FIRST in my life.
التفكير الذي يجعلني في وقت أو مكان ما يكون هو ' الله ' الأول والأهم في حياتي

We should always have time to remember all what ALLAH has done for us.
يجب علينا جميعا أن يكون عندنا وقت نتذكر فيه كل الأشياء التي عملها الله من أجلنا

Pass this on ONLY IF YOU MEAN IT!!
إنشرها فقط إن كنت مقتنع بها

Yes, I do Love ALLAH.
نعم, انا أحب الله

ALLAH is my source of existence and Savior.
فهو مصدر وجودي ومنقذي

ALLAH keeps me functioning each and every day. Without ALLAH, I will be nothing.
وهو الذي يبقيني حي و فعّال كل يوم. بدونه أكون لا شئ
This is the simplest test.هذا أسهل اختبار ممكن

If You Love ALLAH... And, not ashamed of all the marvelous things that ALLAH
Has done for you...

اذا كنت تحب الله ولست خجولاً من كل العجائب والمعجزات اللي عملها لك ومن أجلك

Send it on... إنشرها
Now do you have the time to pass it on?
والان هل لديك الوقت لنشرها؟؟

Make sure that you scroll through to the End

.تأكد بأنك سوف تصل لنهاية الرساله

Easy vs. Hard
السهــــل × الصعـــــــــب

Why is it so hard to tell the truth but Yet so easy to tell a lie?

لماذا يكون من الصعب جداً أن تقول الحقيقة و مع ذلك فإنه من السهل جداً أن تكذب؟؟!!

Why are we so sleepy in THE MASJID but Right when the sermon is over we suddenly wake up?

لماذا نشعر بالنعاس في المساجد أو وقت الصلاة و بمجرد انتهاء الخطبة فإننا نستفيق؟؟!!

Why is it so easy to delete a HOLY e-mail, but yet we forward all the other ones?

لماذا يكون من السهل علينا أن نحذف ايميل ديني و مع ذلك فإننا نرسل جميع الايميلات الأخرى؟؟

Of all the free gifts we may receive,
Prayer is the very best one....

من ضمن جميع الهدايا المجانية التي تصلنا،فإن دعوة صادقة هي افضلهم

There are no costs, but wonderful rewards....

لن تكون هناك أي عقوبات لعدم النشر ولكن جائزة رائعة
بإذن الله لنشهرها

Notes: Isn't it funny how simple it is for people to NOT BELIEVE IN ALLAH and then wonder why the world's going to hell.

ملحوظة: أليس من المضحك أنه من السهل على الاشخاص أن لا يؤمنوا بالله و مع ذلك فإنهم مندهشين لماذا العالم منقاد إلى الجحيم؟؟!! ( دلالة على فساد العالم)

Isn't it funny how someone can say 'I believe in ALLAH ' but still follow Satan (who, by the way, also 'believes' in ALLAH ).

أليس من المضحك أن شخص يقول انا أؤمن بالله ولكنه مازال يتبع
إبليس !!؟؟ ( للمعلومية فإن إبليس يؤمن بالله)

Isn't it funny how you can send a thousand jokes through e-mail and they spread like wildfire, but when you start sending messages regarding ISLAM , people think twice about sharing?

أليس من المضحك أن بإستطاعتك ارسال آلاف النكت عبر الايميل و انها تنتشر مثل النار في الهشيم لكن اذا بدأت بإرسال رسائل تتعلق بالاسلام فإن الاشخاص يفكرون مرتين قبل اعادة ارسالها؟؟!!

Isn't it funny how when you go to forward this message, you will not send it to many on your address list because you're not sure what they believe, or what they will think of you for sending it to them.

أليس من المضحك أنه عندما تريد ارسال هذه الرسالة فلن ترسلها إلى جميع الاشخاص الموجودون في القائمة التي لديك لأنك لست متأكد بماذا سوف يفكرون أو يعتقدون بإرسالك مثل هذه الرسائل...

Isn't it funny how I can be more worried about what other people think of me than what ALLAH thinks of me.

أليس من المضحك أن أكون اكثر هماً في رأي الناس و تفكيرهم بي اكثر من رأي الله بي؟؟

I MADE DUA, for everyone who sends this to their entire address book, they will be blessed by ALLAH in a way special for them.

لقد دعوت ربي لكل شخص يرسل هذا الإيميل لكل الاشخاص الموجودون في القائمة،بأن يبارك الله لهم بطريقة خاصة بالنسبة اليهم
بإذن الله

And send it back to the person who sent it, to let them know that indeed it was sent out to many more

وأرسلها لنفس الشخص الذي أرسلها لك لكي يعرف\تعرف أن الرسالة قد إنتشرت

Monday, October 20, 2008

Machine Learning for Network Security

Another informative link from Down Song, a prof @ Berkeley


Sunday, October 19, 2008

Self Regenerative Systems

To get to know, get in touch with these people


Friday, October 17, 2008

Machine Learning for Computer Security

I stumbled to several website.. since I'm searching work on malware detection rate improvement. Found a few


Also works by Terran Lane (I emailed him once)


Seems that many faculty that I stumbled into were alumnus of Purdue (specifically in Computer Security domain).

Thursday, October 09, 2008

Busy as a bee

Today- I should submit my research proposal - perhaps at least general idea what you intend to accomplish for

Also, have to accomplish few stuffs before my big day ... including planning sightseeing somewhere locally. Not money ma ...

Every morning I start to pick up things, move them to my new house... slowly moving from the currently rented flat house which I lived for more than a year.

Wednesday, October 08, 2008

Monday, October 06, 2008

Raya like no others.

Boom! The self made cannon made by the kampung folks booming during the raya days, as usual I tried to figure out how many cannons out there which I can archive their picture.

Unfortunately, I only found one, which the same arch as last year.

Saturday, September 13, 2008

Pidgin-Facebook plugin

After I got my gtalk enabled on my Pidgin, now that I'm thinking of whether somebody already did something on Facebook. Yeah it's there!


Work on multiplatform.. since I'm working on Ubuntu now, .deb worked just fine:

dpkg -i pidgin-facebookchat-1.35.deb
Selecting previously deselected package pidgin-facebookchat.
(Reading database ... 179380 files and directories currently installed.)
Unpacking pidgin-facebookchat (from pidgin-facebookchat-1.35.deb) ...
Setting up pidgin-facebookchat (1.35) ...


Wednesday, September 10, 2008

Louisiana @ Lafayette!

Mr/Ms Najmi,

Your qualifications appear to be good, and we will be pleased to
consider your application. If you will give your mailing address, I
will ask our office to send you our application packet, with all forms
and requirements of our programs. You may wish to visit our web site at
http://www.cacs.louisiana.edu/ and that of the Graduate School
http://www.louisiana.edu/Academic/GradSchool/ . Fee schedules will be
at http://bursar.louisiana.edu/ . You may also apply online.

Deadlines for application are 1 November for Spring, and 1 April for
Fall, if you wish to be considered for assistantship.

CACS and the Graduate School require a BS degree with GPA >= 2.75, or
First Class honors from universities using that system. We require the
GRE, General Test, with GRE-V >= 380, Q >= 600, and TOEFL >= 80(new online).


tapi baru ni masa Gustav alert tu dengornya area selatan2 ni la yang kelam kabut kena. Ish ish... sukarnya!

Monday, September 08, 2008

As Time Goes By....

Hi Najmi,

The best way to figure out if I'd like to have you as a PhD student, and if you'd like to have me as your advisor, would be to meet and talk. We can do that once you start USC in Fall. I looked over your CV and papers you sent. This is nice work for BSc degree. What you want to do during your MS and PhD is to expand on the research part. Best way to do this, and also to improve writing style and language, is to read a lot of research papers so that would be my first suggestion. Look at top security conferences such as USENIX, CCS or security papers at networking conferences SIGCOMM, Infocom, NDSS and NSDI.

The length of the study depends on both your topic and your work. You usually are ready to graduate once you had 3-5 papers from your topic published at good conferences. Publishing takes time and that's the major source that defines when one can graduate. That, and finishing the work on the topic - but since you need to finish the work anyways to get publications I'd look at publications as the main factor defining when you're ready. Usual duration of PhD is 5-7 years.

Prof "X".
USC Information Sciences Institute
4676 Admiralty Way, Suite 1001
Marina del Rey, CA 90292

Tuesday, September 02, 2008

[wtr] Rumah sekitar Taman Melati, julat RM400-800 sebulan

Mula duduk: Nov 2008

Contact saya dengan komen di komen sini. Atau call 019 387 0980

Spam akan dihantar ke /dev/null

Wednesday, August 27, 2008

Nobody will care about out existence.... we are merely just statistics!

Wednesday, August 20, 2008



My paper and slides can be downloaded here:



Thursday, August 14, 2008

MyEduSec 2008 speakers' slots

Click here .... mine is the last slot.

Just wondering who is Madihah Saudi, 3 papers are hers.

Tuesday, August 12, 2008

HEADS UP: KDE l10n EN-ms-MY Progress (as of 12th Aug '08)


Saturday, August 09, 2008

Kisah Lipan dan Pepijat

A new SVN commit after ~2 years

svn commit -m "update" desktop_kdebase.po

You can track my SVN commit activities here

Phrack #65


I just realized that Phrack #65 was released months back in April 2008. Hardly to keep up since I'm not sure how frequent they release their underground zines.

View here

Friday, August 08, 2008

Nak ambik GRE kot

Thinking of registering GRE exam.. since applying to US/CA/SING (hmm) means they need this exam to check your sanity level.

Ask Prometric for the exam fees.. around USD170 and have to pay by US Dollar . The exam will be held every Thursday, and if you want to retake the buffer is one month. (why?).

Some US univ just fine with IELTS.. but most of them need TOEFL.

So far I'm not that satisfied with AU/NZ research groups... I do not know whether this is the best decision.

As if I just forgotten about Plymouth. Not that I do not want to go there, it just simply I just do not know which is the best place to suit me and my wife wannabe later on.

Hopefully can make it, getting my butt outta here for Fall 2009.

Thursday, August 07, 2008

“The best methodology for C++ teaching from ground up – an experience in the XYZ University”

By me {at} gmail.com, B.MIS, MSc(CS)

In this paper we share our experience in delivering the structured programming introduction to the undergraduates whom never learn programming, or had background in C language. We observed this behavior and measure the students by looking at their quantitative output. This hopefully will be towards the effectiveness in teaching and the best measurement to evaluate education methodology. For the milestone we hope that this novel approach will yield to yet another Nobel Laureate winner from Malaysia.


In XYZ we use C++ as the introductory language, and formerly we used C language. One of the reasons is simply because the advanced subjects in the undergrad years mostly are using object oriented language. For example, books in Data Structure and Algorithm nowadays focusing in C++, and the C version on the same title are slowly taken out from the market. Since C++ itself is a superset of C, it seems no big deal on switching the language.

For the method of the course content’s delivery we use several method which inclusive of personal assessments and group-based assessments.

Personal assessment:

  1. Quiz
  2. Midterm exam
  3. Final exam

Group based assessments

  1. Assignments
  2. Group project


We found that the barrier of delivering the content’s syllabi being categorized into:

The student’s perspective:

  1. Do not read book
  2. Do not even own book
  3. Absent in class
  4. Do not participate in assignment/group project
  5. Do not do homework/exercise

The instructor’s perspective:

  1. Do not effectively communicate his/her knowledge
  2. Slides/handouts are vague
  3. Not able to cope into different level of student’s background

The laboratory’s perspective:

  1. Faulty and always faulty machines
  2. Some machine cannot probe the external drive i.e USB. Hence the students felt bit distracted

Course material

Currently we are using Introduction to Computer Science by C++ written by Forouzan. The book however no longer being published since the author is changing the publisher. Hence we opt to switch to the other textbook which was written by Bronson.

Operating System environment

We are using Microsoft Windows XP as the workstation’s operating system and people are happy that way until they got infected with viruses.

Compiler and IDE

We now heavily use the free, and sometimes always hassle Dev C++ IDE hosted by Bloodshed. Personally we think of to advocate the usage of the command line interface/CLI for the sake of “leetness” or simply l337. But since nobody give a damn about that hence we just stick with windowish and be another fan of Bill Gates.

Now that the students getting confused Dev C++ as a compiler , we are having royal pain in the butt to telling that Dev C++ is an IDE, and we are using GCC/G++ as the compiler. Since the definition of GCC was once GNU C Compiler and now GNU Compiler Collection, we do not dare to tell that since it just getting things worst.

==to be continued, when I've mood to write more!

Macam bagus

Seperti yang anda lihat di dalam gambar, kereta reban ayam sudah berganti dengan kereta satria 1996 ku yang sudah dicat baru.. kos semua ialah

RM1,650 untuk cat satu body+ganti penutup depan
RM65 untuk logo Proton baru .. ni kedai tu pandai2 ganti... but then since dia dah pasang aku malas nak gaduh la.. kalau ikutkan mana boleh macam tu.. simply kau je nak ganti.. kalau free takpe la.. macam mana kalau logo tu somebody kasi ke or simply aku nak preserve as most antique car. Not everything must be new.. tawkeh!

RM28 untuk lampu depan belah kiri yang pecah.. tu pun sama aku tak bagitau suruh ganti.. aku ada plan nak pi Brothers saja tukar. But this one OK kot. Cuma aku tak survey la tempat lain kan tengok harga.. kot2 lagi murah.

I'm thinking of tukar power window belah kiri punya rotor since jammed kerap sangat, especially kalau aku turunkan abis langsung tak boleh naik! Kalau hujan ke apa kan naya je. Aku tanya harga kat situ RM110.. before minyak naik dulu aku buat kat Penang RM80.. so aku tak survey tempat lain lagi jadi aku tak proceed la.. abis duit aku.. uhuk!

Kucing betul (meow 10x)

Balik kampung ada kucing... then geletek kucing pastu baru kasi makan.. hoho..

Wednesday, August 06, 2008

Keta spare + reban ayam bergerak

Aku hantar keta satria aku pergi ketuk+cat satu body... RM1600 hengget. Then kedai tu janji nak kasi keta spare (aku dah agak la keta cabuk).. so aku ikut pomen tu pergi ampang.. dekat rumah tunang aku.

Then sampai sana aku tengok dia kasi keta saga aeroback.... dia punya wiper dan lampu switch ko tau guna pulas macam radio tu.. damn serious aku tak penah tengok..

Yang paling jijik dinding luar keta tu penuh taik burung... so aku sabor je.. then aku bawak balik keta tu dari ampang... trafik jem la plak.. sampai depan sket dari flamingo.. dang!!!!! enjin berenti.

Aku bengang betui... so aku takde plak nombor cawangan bengkel tu kat taman melati.. so aku check resit aku dulu-dulu dalam wallet.. takde nombor tepon!!!!

Last-last dah dekat 1/2 jam aku call tunang aku mintak dia pergi bengkel tu kasi tau aku tersadai kat MRR2... mula2 lane tengah tu.. nasib la trafik jem.. then aku tolak keta tu kat tengah2 susur masuk dari flamingo dan MRR2.. lepak situ.. just in case pomen yang bawak aku tadi lalu... tunggu-tunggu takda...

Dekat 2 jam aku kat tengah-tengah MRR2 tu.. macam orang gile... Bengkel tu pulak bila tunang aku kasi phone suruh dia jawab ada ke dia tanya aku dah isi minyak ke belum... %@#%@#%#@...

Kalau nak bagi kereta kat pelanggan bagi la kereta dah isi minyak.. ni dah la kereta reban ayam bergerak.. takde minyak pulak tu.

Tak lama lepas tu (lama la jugak.. aku tersadai dalam pukul 3.. dia sampai pukul 5 petang).. brader bengkel dari Ampang datang bawak tong.. isi minyak RM10.. (3 liter).. lepas tu aku pun singgah Petronas isi lagi RM10.. esoknya aku isi RM20 lagi.. so ada la dalam 12 liter.

Skang ni aku bawak kereta tu pergi opis... malu pun ada.. tapi since orang tak tanya aku peduli apa kan. HAHAHA...

Janji esok (Khamis) siap.. kita tengok la sama siap atau kencing je lebih.. dah la caj RM1,600. Ni suma termasuk pasal sorang budak tu hantam wa punya bonet belakang la.. abis bengkok besi bonet tu.

Tuesday, August 05, 2008

Saturday, August 02, 2008

Usenix papers for HotSec 2008

I just checked on this.. you can download the papers here

Thursday, July 31, 2008

Am I really fit to that_great_school

Response from one prof that I emailed:

I am no longer taking PhD students in the area of security. My suggestion is
that you apply to Purdue, Dartmouth, George Mason, Johns Hopkins.

Best wishes on your education.

Oh boy!
Coming soon

Thank you very much for interest in our program.
congratulation , your paper entitled:

1. Effective Malware Analysis with Nepenthes

has been accepted and approved by our committee to present for our

as for the presentations , shall you have any
notes/handouts(ie:power point slides) to be distributed, please submit to
us at least a day before the actual presentation day for preparation.

to remind you, the fee for each paper is RM650.00 payable on the
registration day.

thank you very much and congratulation again


MyEduSec 2008
Striving Towards Secured Information

Wednesday, July 30, 2008

KDE revisited

I just went through bulks of my previous papers and what not and I found my previous writings on KDE localization, and presentation slides. I edited few old stuffs (such as email, because it was not being used anymore.. and also updated the blog address). The rest just remain, including my English level at that time.

If you have time to read, or simply just want to read it then you refer here:

KDE to Malay report [pdf]

KDE to Malay presentation [converted to pdf]

Monday, July 28, 2008

Libang-libu (the lemma of choices)

Don't ask me what it meant, it just words that I think it fun to put as my topic today.

I am pretty much snowed under with tremendous workload ... teaching 3 sections with ~120 students, meetings, seminars in the workplace.. and what not. Alas, I'm not forgetting my pursuit for Phd ... despite I'm worrying whether I'm on par with the rest of the CS scientist (wannabe).

Thinking about go to States, looking that_many people from Asia going there, and lotsof them even become the faculty members. Not I'm thinking to become like them(though I admit it is kinda pride working as a faculty member in a place where CS was borned). Now that one thing I don't really like about applying to States is that you_have_to_spend_USDs_for_just_applying.

Unlike applying for .AU, where you just simply go to IDP, and send your letters, etc and *they will take care most of the stuffs for you for FREE*...

If I'm applying for States, means I've to sit down for GRE... and I spend some times to surf to CS dept's overview/requirement... it's very comprehensive in a sense it carefully tells you what to do, what to expect etc. Some CS schools mentioned that if the applicants have deficiencies in some subject, the candidate can take the undergrads subject there... this is awesome. But of course if applying for good school, why they should care teaching more loads if they can have off the shelf, ready to go candidate?

Thursday, July 24, 2008

Tuesday, July 22, 2008

API Hooking

Ok, I admit it. I stumbled to these words once I read literatures on CWSandbox from Mannheim. Since in Nepenthes we can simply send the newly fetched binaries to the sandboxes, I was like triggered to know what was executed behind them.

The method being called as API hooking. The other similar solution being used by Joebox, developed by postgrad student from Switzerland.

Anubis from Vienna in the other way around use QEMU ... but if you google around you will see there is one paper written by Symantec researcher refuting on the usage of virtual machines.

Since I got this tiny meenie D430 Lattitude now I always "read" downloaded PDF files while I rest on the sofa, or simply on the floor back home.

Usually I checked for Mannheim PDF reports... seems they actively put their research works for e.g in the recent DIMVA 2008 . Apart from that UC Davis, or some other institution which have works on botnet/malware countermeasure, honeypot/net, security visualization (just recently since Bro Adli point it out) .. etc.

I'm hardly to understand cryptographic stuffs due to several reasons..though I already took it once. It seems very theoretical which some other geeks might find that interesting, but not me. Usually I'll focus on the application part... but of course who knows I'll find the love on cryptography soon.

Monday, July 21, 2008

Interesting Computer/Network Security Paper Links

Usually I just marked by FF bookmark, or just tag with Delicious add on. Now I think I want you guys to read this and comment them out. A lot, by Dawn Song of Berkeley.

click here

Friday, July 18, 2008

Afterglow visual from Amun sensor

Splendid, awesome.. whatever....!




Thursday, July 17, 2008

Lynis rootkit detector

I just tried Lynis, a pretty cool tool developed by a Netherlands security evangelist. Nice ...

The checking is pretty thorough.. I think neater compared to rkhunter and chkrootkit.

Tuesday, July 15, 2008

From Aachen to Mannheim

Well, it seems the Germanians did pretty good job on the lightweight honeypot. I just stumbled to the Thorltz's blog, and it seems that I missed something. Yet another honeypot.. amun!

Download here

Written in Python, I just got it work in seconds, prior to that you've to install python-psycho module.

See, the verbose output:

.::[Amun - Decoder] compiling siegburg xor decoder ::.
.::[Amun - Decoder] compiling plain1 shellcode ::.
.::[Amun - Decoder] compiling plain2 shellcode ::.
.::[Amun - Main] ready for evil orders: ::.

Among the services (mixed with my valid ssh service)

21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
42/tcp open nameserver
105/tcp open csnet-ns
110/tcp open pop3
135/tcp open msrpc
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
554/tcp open rtsp
587/tcp open submission
617/tcp open sco-dtmgr
623/tcp open unknown
631/tcp open ipp
1023/tcp open netvenuechat
1025/tcp open NFS-or-IIS
1521/tcp open oracle
1533/tcp open virtual-places
1900/tcp open UPnP
2105/tcp open eklogin
3268/tcp open globalcatLDAP
3306/tcp open mysql
3372/tcp open msdtc
5000/tcp open UPnP
5432/tcp open postgres
5900/tcp open vnc
6101/tcp open VeritasBackupExec
7100/tcp open font-service
8080/tcp open http-proxy
8118/tcp open privoxy
9050/tcp open tor-socksport
9999/tcp open abyss

All the best, luring malware ;-)

Friday, July 04, 2008

It's so 2000

I bought my first very own desktop PC when I was in my undergrad.. this machine.. still rock on.. doing some funny stuffs. Now part of it already being replaced... new CPU.. new graphic card.. new AC device(I replaced them twice, of course since they're broke already).. and new motherboard(not so new.. I guess it's around 2004). Perhaps the only artifact if I can call them are my Philips 15" monitor and the Low Yat rock solid casing (perhaps, legacy serie).

Well, the other part is my laptop.. that's the other new machine.. just 2 years back(almost) and at that time it wasn't el cheapo you know.. RM4,399 (this including the Shell's Petrol Card cost around RM300 voucher). So it's around RM4,100 (USD1500). Not so cheap at that time as well. The stressed part nowadays with the less costs I can get dual core machine.. LoL.

This old machine now running the Nepenthes sensor.. emulating few virtual nodes.

Next part is my D-Link 5 ports Ethernet switch.. well this gizmo being bought simply because I want to wire more machine (most of the time I do not prefer wireless, since it's always disconnected).

Wednesday, July 02, 2008

Phd Phone Interview

I was interviewed by Dr Maria Papadaki from Plymouth Univ, UK regarding my Phd application. There were several Malaysians, and my officemate is doing her research phd there as well.

It took for about 45 minutes to discuss things related to the research, the process, funding etc. At first I forgot that UK is included in country which uses DST for their time. Somehow the discussion was OK, but of course given the communication distance, there was jitters.

Reminded me to Maxis's ad where people only yelled GOAL after a shortwhile. Same goes .

Hopefully I'll get conditional offer, prior to taking IELTS. Now that I can't confirmed the place, there's possibility of going places taking GRE/TOEFL, though it's tough.

Are you the like of taking *hard* problem as breakfast?

Friday, June 27, 2008

Reply for previous Purdue/CERIAS admission's pos

taken from here

Since the commenter using blogger's profile but I can't access his blog, this Prof might suits the profile > here

What an honour to have his visit to my lair here.. anyway this were his words:

All students are charged an application fee to help cover processing costs. As it is, there are many thousands of applications to the university each year.

Applications for grad programs at Purdue are considered by committees of faculty. They look at issues such as transcripts of grades, quality of undergrad program, the student essays, and especially the recommendations. Scores on tests are examined -- especially TOEFL -- and some departments look at GRE scores.

The admissions committee picks the students who the committee believes will do well in the program. If there are more qualified candidates than there are positions in the incoming class, then the students are ranked by the committee and the top ones taken to fill out the class.

If you meet the minimum requirements for a program, whether you get accepted depends on how many other people apply that year, and how you rank among them (if there are a lot).

p/s: We need more Malaysian doing phd degress in United States... for real!

Wednesday, June 25, 2008

hmm... in my dreamm..!

The admission committee makes the decision in October
for spring admission
and in January for fall admission for applicants
who have submitted their
You must decide on your own whetherto apply
or not.

Make sure you met the admission requirements
listed here:


Department of Computer Science
Lawson Computer Science Building
Room 1137 B
Purdue University
305 North University Street
West Lafayette, IN 47907-2107

Phone: (765)494-xxxx
Fax: (765)494-xxxx
E-mail: xxx@cs.purdue.edu

-----Original Message-----
From: me
Sent: Wednesday, June 25, 2008 6:25 AM
To: R
Subject: Re: Phd in CS/Cerias

Hello, I would like to know how do you select the students,
since I've to
pay USD55 for the application-so I've to be sure that
chances probability
to get in.

I ask this since CERIAS did not require GRE results
for admission, but it
seems that the it received quite a number
of applications.

If I got a place secured in Purdue,
I'll be sponsored by the government of
Malaysia, the sponsorships stipulating
the student's fee, living allowance
etc for the whole study period.

Plan to begin mid of 2009.

Thanks :-)

comment: No, I do not think worth it to gamble.. better go elsewhere.. be your own hero... rather spending your hard-earned bucks for unsure stuffs... ahahahaa
[nepenthes] Using Anubis Python script

We can use this python script to automate/mocking the automated submission triggered by Nepenthes...

root@nuvox:~/binaries# ./submit_to_anubis.py * -e mailaku @ gmail.com
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
Could not submit the sample.
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
Could not submit the sample.
Could not submit the sample.
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
Could not submit the sample.

Some of the binaries are malformed.. you will received the same notification from the other sandbox provider given you use the default submit_norman.conf submission as well.

Also, by using this way the malware analysis submission reports do not have any nepenthes- prefix at all.

Tuesday, June 17, 2008

Monday, June 16, 2008

[nepenthes] Emulating physical nodes

Since the higher number of sensor we get, the huge coverage of outbreak we can cover, so I opt to choose the Neil's and his pal way of doing things:

for i in `seq 230 254`;do ip addr add X.X.X.$i/24 brd + dev eth0;done

This of course just cover the range of X.X.X.230 until X.X.X.254 .

Still finding method to simulate say 10,000 nodes since IPv6 address will be fine. Nobody really use ipv6 here, I guess.

Run, ip add show

You should see things similar like this:

1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000

inet X.X.X.139/24 brd X.X.X.255 scope global eth0
inet X.X.X.230/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.231/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.232/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.233/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.234/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.235/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.236/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.237/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.238/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.239/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.240/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.241/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.242/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.243/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.244/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.245/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.246/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.247/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.248/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.249/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.250/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.251/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.252/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.253/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.254/24 brd X.X.X.255 scope global secondary eth0

IPs obfuscated for anonimity

You should able to see this host "alive" given you scan from the other node. I did scan using Windows Nmap via my lappie to the honeypot sensors.

Saturday, June 14, 2008

[darknet-cymru] meet ryan conolly

I volunteering myself in any way for Cymru's Darknet Project. Actually before I attended Ryan's talk in Westin Hotel Imbi, I already read about the Cymru, IMS and CAIDA stuffs but hardly to get the picture. Now that since Ryan replying my emails and why not for a meetup.

So I asked Sharuzzaman to accompany me and we met just 11am this morning. Wow, it lasts around 3 hours, as if there was a business negotiation (laugh). Ryan nicely shared his experiences and darknet's implementation stuffs.

So I offered him whether it's possible for educational JV and why not for a "academic" talk on Darknet/security advosaries stuffs. Hope you'll arrive here in Gombak, I'll arrange a slot for, if possible. Students would be happy then.

Script to create and resize to 640x480 resolution that I used for pix above:

for i in *.jpg;do convert -size 640x480 -font helvetica -fill white -pointsize 16 -draw 'text 10,550 "Meeting with Darknet-Cymru Ryan Conolly@Starbuck KLCC 14 June 2008"' $i new-$i;done

[clamav] submission added


Submission-ID: 3571791
Sender: me
Added: Trojan.Kolabc.BFY
Virus name alias:
Net-Worm.Win32.Kolabc.bfy (Kaspersky AVP)

Friday, June 13, 2008

[clamav] Submission not added


Erk.. somebody else already made it.

Submission-ID: 3026528
Sender: me
Submission notes: Already detected as Worm.Kolab-284
Added: No
Virus name alias:
Net-Worm.Win32.Kolabc.sd (Kaspersky AVP),
Trojan.Packed.470 (Drweb),
Packer.XComp.A (Bitdefender)

Thursday, June 12, 2008

[nepenthes] New binary notification

Description Risk
Autostart capabilities: This executable registers processes to be executed at system start. This could result in unwanted actions to be performed automatically. medium
Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. medium
Joins IRC Network: The executable connects to an IRC network, most probably functioning as a zombie in a botnet. high
Performs Address Scan: The executable scans a range of IP Addresses. In most cases these scans identify more potential vulnerable targets. high

The analysis of your file is finished.
You can find your report at http://analysis.seclab.tuwien.ac.at/result.php?taskid=81e476fbfdfa581435e56c5242ea22cb

[CWsandbox-mannheim and nepenthes]

Just this morning I was being alerted by the email sent by CWsandbox-mannheim. At last I received analysis email from them. It seems that one of these malwares which they analyzed considered *known* already since I already sent the binary manually to ClamAV:

click here

analysis details for Sdbot-8639 <-- just wondering where the rest 5 binaries' report..shouldn't they being analyzed as well?

analysis from different AV vendors

Tuesday, June 10, 2008

[clam-av and nepenthes]

Sharuzzaman mentioned to me that instead of using virustotal, we can help clam-av (which however given on Windows, I prefer to use AVG since Clam-av definition considered pretty much obselete), to update clam-av's virus definition. However, if you refer to my previous post, AVG on Linux detect less malware compared to Clam-av.

This is awesome! Means that, the new malware that I got from the junkyard in /var/lib/nepenthes, given it was/*they were* signaled by Clam-av as "OK" I must send them straight away. (Well, if you have spare time. Consider this as your social community service ;) ).

Though the submission per person restricted only up to TWO files only, you can manually email the personnel to send more than that.

Interested to help? Send using this form

Sample submission report (both malware accepted), click here

Submission-ID: 3434478
Sender: nama aku
Added: Trojan.SdBot-8639
Virus name alias:
Net-Worm.Win32.Kolabc.aws (Kaspersky AVP),
Packer.XComp.A (Bitdefender)

Submission-ID: 3278336
Sender: nama aku
Added: Trojan.SdBot-8638
Virus name alias:
Net-Worm.Win32.Kolabc.afj (Kaspersky AVP),
Packer.XComp.A (Bitdefender)

Monday, June 09, 2008

[nepenthes] scanning with AVG

root@nuvox:/var/lib/nepenthes/binaries# ls -l
total 280
-rw-r--r-- 1 nepenthes nepenthes 41928 2008-06-09 07:43 0c6734accaf1d500a388f690a1ef3a76
-rw-r--r-- 1 nepenthes nepenthes 41928 2008-06-05 20:16 381dd5ff2ef3993bd92923626ee7948a
-rw-r--r-- 1 nepenthes nepenthes 51664 2008-06-04 14:03 3d39a29913a2fe54009d491b89b01ab4
-rw-r--r-- 1 nepenthes nepenthes 41936 2008-06-03 11:04 8e072862754ef6e80831d2fd50376b43
-rw-r--r-- 1 nepenthes nepenthes 41928 2008-06-02 16:38 ba106399aad8b515319f52fac4794a73
-rw-r--r-- 1 nepenthes nepenthes 51664 2008-06-02 16:00 c2f699282a7a16ecf554cfbaa2724204

root@nuvox:/var/lib/nepenthes/binaries# avgscan *
AVG7 Anti-Virus command line scanner
Copyright (c) 2007 GRISOFT, s.r.o.
Program version 7.5.51, engine 442
Virus Database: Version 270.0.0/1491 2008-06-09
License type is TRIAL for WORKSTATION.
Number of days to expiration: 30
3d39a29913a2fe54009d491b89b01ab4 Virus found Win32/Virut
c2f699282a7a16ecf554cfbaa2724204 Virus found Win32/Virut
Tested: 6 files, 0 sectors
Infections: 2
Errors: 0

Seems that AVG detected only 2 malwares, while ClamAV 3.
[nepenthes] New malware coming in

I just wondering why my ClamAV did not detect the fetched malware as "malware", instead just OK. But then since nepenthes already classified it as "suspicious binary".. and why would a binary being sent to my honeypot anyway?

I also create a cron job to ensure that ClamAV updates its definition, sixth times per day.

This is the first time I was being alerted by the malware submission after I enabled the submit_norman.so line.

my very own 1st automated malware submission

The other links was being redirected to joebox.. it just shows this stuffs along with the zip file contains reports of the analyzed malware:

The attached zip document contains all kind of behaviour information which Joebox has detected.
Please note that Joebox currently only analyse file system, registry system and process system behaviour.
Analysis information about network, services and thread activities will be added in the next months.
The analysis machine which executes your submitted binaries has no access to the internet.
An all time available internet connection is a too high risk either to be detected (via dns) or to be controlled by malware (we use real machines for analysis) which bypasses our used disk protection tools.

Best regards

Joe Security

Hehe.. nice ;) .. you know that, this submission alert was received after the power trip/network problem here was resolved. It means, I should get this alert earlier..

It seems that this network segment contains a lot of "harta karun" or "hidden treasure" which unexplored.... looking at this ClamAV scan, 3 binaries yet to be defined..

root@nuvox:/var/lib/nepenthes/binaries# clamscan *
0c6734accaf1d500a388f690a1ef3a76: OK
381dd5ff2ef3993bd92923626ee7948a: OK
3d39a29913a2fe54009d491b89b01ab4: W32.Virut.ca FOUND
8e072862754ef6e80831d2fd50376b43: Trojan.DsBot-15 FOUND
ba106399aad8b515319f52fac4794a73: OK
c2f699282a7a16ecf554cfbaa2724204: W32.Virut.ci FOUND

----------- SCAN SUMMARY -----------
Known viruses: 309947
Engine version: 0.92.1
Scanned directories: 0
Scanned files: 6
Infected files: 3
Data scanned: 0.25 MB
Time: 12.340 sec (0 m 12 s)

Friday, June 06, 2008

[nepenthes] submit_norman.conf config file

This was sent by Lucas

// this is the address where norman sandbox reports will be sent
email "email_aku gmail.com";


Thursday, June 05, 2008

[Nepenthes] GOT CHA!

Living in protected LAN.. I thought I am pretty safe.. not so! I rarely checked my nepenthes /var/lib until today.. after I upgraded my Ubuntu Gutsy to Hordy... wooow...

root@nuvox:/var/lib/nepenthes/binaries# ls -l
total 192
-rw-r--r-- 1 nepenthes nepenthes 51664 2008-06-04 14:03 3d39a29913a2fe54009d491b89b01ab4
-rw-r--r-- 1 nepenthes nepenthes 41936 2008-06-03 11:04 8e072862754ef6e80831d2fd50376b43
-rw-r--r-- 1 nepenthes nepenthes 41928 2008-06-02 16:38 ba106399aad8b515319f52fac4794a73
-rw-r--r-- 1 nepenthes nepenthes 51664 2008-06-02 16:00 c2f699282a7a16ecf554cfbaa2724204

Lemme check...!

Doesn't seems that it is clean as expected

root@nuvox:/var/lib/nepenthes/binaries# clamscan *
3d39a29913a2fe54009d491b89b01ab4: W32.Virut.ca FOUND
8e072862754ef6e80831d2fd50376b43: Trojan.DsBot-15 FOUND
ba106399aad8b515319f52fac4794a73: OK
c2f699282a7a16ecf554cfbaa2724204: W32.Virut.ci FOUND

----------- SCAN SUMMARY -----------
Known viruses: 306262
Engine version: 0.92.1
Scanned directories: 0
Scanned files: 4
Infected files: 3
Data scanned: 0.17 MB
Time: 9.410 sec (0 m 9 s)

Wednesday, June 04, 2008

Phd Quest? :=p

It's royal pain in the back (weh, it should be harsher). Sent e-mails to the prospective supervisor.. asking for updates..

Edith Cowan Univ: My friend said better go for public univ in Western AU.. but I did checked in Wiki ECU is a public univ.. well said, since ECU having good time doing research in network security... asked and the Dr said please apply..

Victoria Wellington: NOT YET!

     Dear mnajem,
Sure.... I am happy to supervise you.
Have you already applied to
RMIT International?
As you will starting in next year,
it would be great to do some
english courses for reading and writing,
even if you have a good IELTS.

I am currently a research project in the area
of security in "X"
systems (with other schools - Engineering and Maths),
sponsored by
the university.
It involves the protection of entreprise//"X"
networks again all the various attacks.
IDS are one of the
techniques, but there are other ones.
The security researchers in RMIT did pretty much VERY QUICK YET MADE ME LIVING WITH A JOY in a short while.. aha.... might be I am destined for RMIT ahahaa

Previously before he responded actually I did email his pal as well, he responded:

Dear mnajem
Thanks for your inquire. Your research interest fits into my group.
However, I'm not
involved in the application procedure.
Please contact our program coordinator Vic on
this CC list for further advice. Good luck,

Which means.. for now I will concentrate on realizing getting in RMIT.. RMIT at least get ranked in THES you know... though as you know 4 season in .au is a no no... huhu... why get yourself cold in snow : you've to pay gas for the heater. Get yourself somewhere tropica alike and mix around with that mat saleh.. however it seems my prospective SV is Asian-alike living in Mat Saleh land...

*just had meeting.. now somebody in my room doing make-up coursework stuff...

Monday, June 02, 2008

Nice Updates

-I'm in the office of Deputy Dean Student Affair now. For some unknown reason I was being appointed. Work as usual.

-Will attend marriage course this week.. pfft I chose to go outside which worth RM80 because I'm too shy for RM20 course provided along with the student. Well, you know, I might get my face red ... blushing haha.

-For the Phd Quest(as what Usin said), yesterday Dr Colin told me he will ask for Dr George Mohay consideration for my application... hopefully I can get the answer faster. Victoria Wellington still yet to answer my email.. be patient.

To my fellow friend, I'll be happy if you can come to my hometown in Perak.. ;)

(Well, just wondering who'll drop to my blog anyway.. the traffic feeds seems so busy but hardly to get my writings commented)


Tuesday, May 20, 2008

Adegan aku yang sengal

apsal takde network ni?
cuba ping.

ping google.com . takde pun?

hmm hmmm apsal tgk dalam icon eth connection takde lampu berkelip pun.. NIC card punye lampu pun tak berkelip.

tgk2 mcm ada benda pelik berlaku..... aa aa.. oo rupanya tercabut plug wayar d-link switch 5 port ku.. ee ee ee.. ingat tadi plug tu untuk speaker.

---aku malu sendiri bwahahahak.. nasib kantui dalam bilik sorang2 je