July 2008 - i'm saimatkong
Follow saimatkong @ twitter

Archive for July, 2008

PIKOM PC Fair 2008 (II) Dates and Venues and Offers

Thursday, July 31st, 2008 9,792 views

PIKOM PC Fair 2008 (II) Dates and Venues

PIKOM PC Fair 2008 (II)

PIKOM PC Fair 2008 (II) is coming in August 2008, which is tomorrow. It is the second PC Fair of the year. Check out the 1st Pikom PC Fair of the year. I went to PC Fair since few years back till now, every time there’s PC Fair I will sure go and have a visit no matter I have anything in mind to purchase or not.

But for me, I still like PC Fair in PWTC better, because the KLCC PC Fair really badly manage for the past few times, all one way straight and if you decide to go out or halfway, you can’t! That’s the main problem, besides jam, crowded, expensive food, expensive car parking fees etc.

Pikom PC Fair 2007
This was last year Pikom PC Fair Banner, it’s stated there “The Exit is at Hall 5, ground floor only. The distance between Conference Hall To Hall 5 is 1060 Meters. If you do not wish to enter the exhibition, please turn back now. Thank you.” This show how arrogant are they.

Yes, PC Fair is here again. Want to buy cheap laptop? cheap pc? cheap pen drive/thumb drive, dvd-r, dvd-rw, cd-r, Broadband like Streamyx, IZZI, Maxis Broadband, Celcom Broadband, U Mobile 018, HWM Magazine, PC.com, pc accessories, mouse, keyboard… etc and a lot’s more. Subscribe HWM Magazine and PC.Com Magazine for free Gift?!

PC.Com Subscription Offer / Deal / Promotions

PIKOM PC Fair 2008 (II) PC.Com Magazine Subscription Offer / Deal / Promotions

PC.Com Storage Mania

Get a 160GB Western Digital My Passport Essential or an Imation Apollo portable Hardisk (HDD), free when you subscribe to PC.Com @ only RM158

*Only original form from PC.Com magazine will be entertained. (So get your form ready!)
*100 subscribers per day. First come first serve basis. While stocks last. Terms & conditions apply.

PC.Com Subscription Offer / Deal / Promotions

PIKOM PC Fair 2008 (II) HWM Magazine Subscription Offer / Deal / Promotions

This time HWM offer is not so attractive as compared to the last pc fair.

Subscribe to HWM magazine for Evercool NP-301 Zodiac (Pure Aluminium Notebook Cooling Pad worht RM100) + Imation USD2.0 Nano 4GB Flash Drive (worth RM50) + Kingsoft Office 2007 (worth RM359) @ only RM144

PIKOM PC Fair 2008 (II) Game Axis Magazine Subscription Offer / Deal / Promotions
Game Axis Subscription Offer / Deal / Promotions

Most importantly some ppl just go all the way there to check some of the tech updates but some go all the way there to see leng luis? I think I’m one of them too. Haha. Are you one of them? If yes then join me!

Which day to go PC Fair is the best and can get the best deal?

First day can go and collect all the broucher & price list. If you want to subscribe magazine and get wonderful free gift, also need to subscribe on 1st day itself (their expensive free gift will giving very fast, sometimes can get a WIFI Router, DVD Burner, Speaker)

Second day can go there and get those selling fast goods.

Third day can go sapu all the cheap deal products and sometimes they throw the price, they will not want to bring back all the products and what they want is just cash$$

Good luck in getting good deal =)

If you don’t wish to buy anything and want to make money, you may find some part time job for this PC Fair too, just apply to be a Promoter or flyer distributer, you able to get around RM80-200 per day plus free lunch and dinner meals maybe, besides that, if you are a pretty women, you can get the salary up to RM200 a day just to hold notebook or mp3 players or other products and the cash is yours $$, good? Source for part time job now and hope it’s not too late =)

When is PC Fair 2008 (II)?

Here is the dates and venues for PIKOM PC Fair 2008 (II):

1–3 August 2008
* KL Convention Centre, Kuala Lumpur
* Persada Johor International Convention Centre, Johor Bahru, Johor
* Central Square, Sungai Petani, Kedah
* Dewan Sri Mentakab, Mentakab, Pahang

8–10 August 2008
* Penang International Sports Arena, Penang
* Mahkota Parade Melaka, Melaka
* Sabah Trade Centre, Kota Kinabalu, Sabah
* Dewan Tun Hj Mustapha, Lahad Datu, Sabah

14–16 August 2008
* KB Mall, Kota Bharu, Kelantan
* Pusat Dagangan Terengganu, Kuala Terengganu, Terengganu
* Star Parade, Alor Star, Kedah

15–17 August 2008
* Berjaya Megamall, Kuantan, Pahang

12–14 September 2008
* Stadium Indera Mulia, Ipoh, Perak
This event has been postponed to 12 – 14 September

All PC Fair exhibition start from 11:00am to 9:00pm

Cabinet mulling over lowering fuel prices! Lower Fuel Price? Reduce Fuel Price? Petrol Price may drop?

Thursday, July 31st, 2008 3,316 views

Cabinet mulling over lowering fuel prices

PUTRAJAYA: Malaysians may be paying less for fuel soon as the Cabinet is mulling over the possibility of lowering the present prices.

Several Cabinet Ministers said the matter was discussed during their weekly meeting Wednesday but declined to elaborate, saying that Prime Minister Datuk Seri Abdullah Ahmad Badawi was expected to make an announcement soon.

Higher Education Minister Datuk Seri Mohd Khaled Nordin said the possibility of consumers paying lesser for fuel was raised and that the mechanics were still being worked out.

Information Minister Datuk Shabery Cheek also admitted that the Cabinet was studying the matter.

“Let the Prime Minister make the announcement,” he said yesterday.

Domestic Trade and Consumer Affairs Minister Datuk Shahrir Samad , however, declined to comment on the subject, saying that it would be best to wait for the PM.

The government, had on June 4, raised the prices of petrol and diesel, on grounds that that it could no longer continue to subsidise fuel, but give a 30 sen per litre discount from market prices.

Currently, Malaysians are paying RM2.70 per litre at the pump while diesel is priced at RM2.58 per litre.

Source : TheStar

Updates

Fuel prices may drop soon, say ministers

PUTRAJAYA: Malaysians may pay less for fuel soon, as the Cabinet is mulling over the possibility of lowering the pump prices.

Several Cabinet Ministers disclosed that the matter was studied during their weekly meeting yesterday but declined to elaborate, saying that Prime Minister Datuk Seri Abdullah Ahmad Badawi was expected to make an announcement soon.

Higher Education Minister Datuk Seri Mohd Khaled Nordin said the possibility of consumers paying less for fuel was discussed and that the mechanics were being worked out.

Information Minister Datuk Shabery Cheek said the matter was studied by the Cabinet, but declined to elaborate.

Domestic Trade and Consumer Affairs Minister Datuk Shahrir Samad, when contacted, declined comment, saying that it would be best to wait for Abdullah to make an announcement at an appropriate time.

On June 4, the Government raised petrol and diesel prices, stating that it could no longer continue to subsidise fuel prices at the then rate. However, it would continue to provide a 30 sen per litre discount on the market price.

Currently, motorists pay RM2.70 a litre for petrol and RM2.58 a litre for diesel at the pump.

Shahrir was quoted by Bloomberg.com on Tuesday as saying that the Government might reduce fuel prices if crude oil prices stay at US$125 (RM408) per barrel for at least three weeks.

Shahrir said that it that was the case then a reduction in prices could come within the year to enable the Government to keep its pledge of maintaining a 30 sen per litre subsidy.

“Why not, it would be good news, right?” he said during the interview.

Source : TheStar

There’s news to reduce fuel prices?! Remember last two week Pak Lah supposed to announce steps to ease fuel price rise burden? But after the news, there’s no one talking about it or no updates at all? What happened? I was waiting for the steps to ease fuel price but nothing happened. Now news review that fuel prices will be lower down? How much? How soon? Is it 100% real?

I will start dreaming from today on wards for lower fuel price and better economy =)

Wait for the announcement! Hopefully yes but what about those ppl that claim their fuel subsidy of RM625 from pos office? Too bad, my road tax due at March, so I still haven’t claim back my subsidy!

If it’s really true that our fuel price will be lower down, then will other goods, food, transport all reduce their price too? I don’t think so. Roti Canai, Bread, Rice, all increased. They will happily earn more!

Bday @ SteakOut & BumbuBali @ Bandar Puteri Puchong Part 1

Tuesday, July 29th, 2008 7,362 views

Last two weeks was my bday =) Who haven’t wish me still can wish me now! hehe

Booked table at SteakOut and all happily went there… mana tahu…black out @!#@$@##$%^$# it’s Steak Out and not Black Out ok?! Luckily we did not order our food yet, only drinks and finger food. But it was not cheap! The crackers cost RM3 per bowl we sumore thought free because the waiter keep on refill. =_=”

SteakOut Bandar Puteri Puchong

Interior of StekOut
That time still not yet black out. Still got light. Haha

SteakOut Menu

SteakOut Menu

SteakOut Menu

SteakOut Menu

Crackers that cost RM3
This was the crackers that I mention, it cost RM3 per bowl imagine that! No free lunch in this world.

Nachos
This was the Nachos that we order before black out and we eat in the shadow of candle.

Potato
This was the Potato Skin that we order before black out and we eat in the shadow of candle.

All in all, it’s expensive and not worth to eat in SteakOut. Sumore I thought there will be discount … but tak da.

Some ppl sumore romatic there eat candle light dinner. Haha… but we decided to go to other restaurant end up in BumbuBali near by also around Bandar Puteri Puchong.

Will post more on BumbuBali soon. Thank you for all those who came and celebrated with me and those who msg or call me. Bravo! =)

The Gang @ BumbuBali
The Gang @ BumbuBali Bandar Puteri Puchong

Steakout Steakhouse
5, Jalan Puteri 1/6
Bandar Puteri Puchong
47100 Puchong

Tel: 03-80622201

Map:
SteakOut Bandar Puteri Puchong Map

China Dual Sim Card TV Radio Camera Touch Screen PDA Like Phone – Jinke E100

Monday, July 28th, 2008 11,063 views

TV Phone with Dual Sims Dual Lines Model : E100

Looking for Dual Sim Card Phone for those who own two phone and think it’s very tedious to carry two phone? Tv Phone? Radio Phone? Touch Screen PDA Phone? You may consider this Jinke E-100 China Phone. It’s cheap and a lot of functions.

Descriptions & Specs:

*Dual Sim Card Working On Standby For Receiving Calls

*Supports The Bluetooth Function

*TV Music Phone

*Handwriting-Two Cameras

*FM Dual Listening Feature Through The Headset And Speaker At The Same Time

*2.8 inch High Quality Flat Screen

*MP3/MP4 Media Player

*3D Speaker Dolby Stereo

*Recording Function

*Bright Keyboard Lighting

*Trans-Flash Card Slot Supports

*Long Standby Time

*Games Support

*Supports Variety Languages English,Melayu,Chinese

*Slide to unlock (cool it looks like iPhone, check the video for more details)

*STANDBY TIME : About 240-360 hours
*TALKING TIME : About 3-5Hours

** This package include
-2 battery(2600mAh) [Can last long]
-1 charger
-earphone
-USB cable
-256M TF

Part 1

Part 2

China Dual Sim Card TV Radio Camera Touch Screen PDA Like Phone - Jinke E100

China Dual Sim Card TV Radio Camera Touch Screen PDA Like Phone - Jinke E100

China Dual Sim Card TV Radio Camera Touch Screen PDA Like Phone - Jinke E100

China Dual Sim Card TV Radio Camera Touch Screen PDA Like Phone - Jinke E100

China Dual Sim Card TV Radio Camera Touch Screen PDA Like Phone - Jinke E100

GSC Website Hacked?

Friday, July 25th, 2008 3,093 views

Just now wanted to book movie for Batman, The Dark Knight online from GSC website but it encounter the following error when I tried to login.

Microsoft OLE DB Provider for SQL Server error ’80004005′

Transaction (Process ID 275) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.

/2007/_login/login_engine1.asp, line 99

GSC Hacked

is GSC being hacked again or it’s only the webmaster/programmer mistake? Some of the reader even said GSC website always timeout when buying tickets online, but for me so far I have been purchasing tickets with my Credit Card, it fast and smooth experience for me =)

Few months back it was hacked with 2117966.net

Today as I surf to GSC.com.my – place where most Malaysians make their bookings for cinema tickets, AVG Security Toolbar alerted me of a JS/Downloader.Agent threat coming from 2117966.net!”

All Malaysian’s should take the necessary step not to visit this site at the moment until this problem is fix.
Update: GSC has removed the exploit. You can now surf GSC.com.my without any worries.

We have made a report on our blog not too long ago about 10,000 website injected with malicious iframe – this is the same threat that is affecting GSC’s website. This particular threat takes advantage of the vulnerability in Internet Explorer ActiveX and SANS Internet Storm Center said that as a result of this threat a password-stealer program will be installed on the infected machine.

AVG alert of 2117966.net

Further looking at GSC’s html source code, we found related code entries to load a javascript “fuckjp.js” from 2117966.net.

source : drsafemode.com

‘No stop’ toll trials to begin in November = Smooth Traffic = No Jam

Wednesday, July 23rd, 2008 4,692 views

‘No stop’ toll trials to begin in November = Smooth Traffic = No Jam? Do you agree with it?

KUALA LUMPUR: Trials on a multi-free flow toll system will start in November with the Sungai Penchala toll plaza on the LDP being the test site.

Motorists will not need to slow down, as is the case with the current infrared SmartTag system, since there will not be any boom gates.

Malaysian Highway Authority director-general Datuk Mohamad Razali Othman said about a hundred regular users of the LDP would be selected for the first stage of the trial, set to begin in the third week of November.

The new system uses microwaves to read the onboard units in cars, enabling users to pass through a toll gantry without having to stop.

“The gantry is capable of reading onboard units even if the vehicle were travelling at 180kph,” said Works Minister Datuk Mohd Zin Mohamed, adding that the trial will be fully sponsored by Mitsubishi.

Mohamad Razali said that while about 800-1,000 cars could pass through a SmartTag lane per hour, the new system would enable double that amount to pass through.

“For the trial, we will only be using one lane. It will be able to read both SmartTag and the new onboard unit,” he said.

“However, before we migrate over we need to figure out how to go after those who don’t have onboard units but pass through the trial lane anyway.”

Earlier, Mohd Zin delivered a keynote speech at the ‘Globalisation of Young Malaysian Professionals – A Future Perspective’ seminar

He said that it was important for young Malaysian engineering and architectural professionals to realise that they could contribute to the country, add value to themselves, then market their skills globally.

source : TheStar

When I went to Singapore few years back they already using this kind of “No Stop” toll which in Singapore they called it “ERP” and I was very amused with this and hope Malaysia too will be implementing it and now finally there’s something that we gonna test run but not sure it will be widely use in Malaysia to reduce jam?

So no ppl will be queuing and get caught in traffic jam? Are you happy now? I will definitely grab a smart tag or on board device if it’s really implementing it. But before we Malaysia implementing it we should enforce the law on this no stop toll and get more high technology stuff to handle this if not it will sure be another failure project and is a waste of rakyat money?!?

ERP - Singapore Toll

What’s ERP?

The Electronic Road Pricing (ERP) (Malay: Sistem Kadar Jalan Elektronik; Chinese: 电子道路收费系统) scheme is an electronic toll collection scheme adopted in Singapore to manage traffic by road pricing, and as a usage-based taxation mechanism to complement the purchase-based Certificate of Entitlement system. The ERP was implemented by the Land Transport Authority in September 1998 to replace the Singapore Area Licensing Scheme after successfully stress-testing the system with speeding Lamborghinis, Porsches and Ferraris. Singapore was the first city in the world to implement an electronic road toll collection system for purposes of congestion pricing.

SQL-Injection – "ASCII Encoded/Binary String Automated SQL Injection Attack"

Monday, July 21st, 2008 48,940 views

What is SQL Injection?

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

Source : WikiPedia

Is your website hack proof or affected by SQL Injection? You might want to check your site now and make sure that your site is not affected by SQL Injection. Today itself, I just found out that my client website was hacked by this SQL-Injection with the script “ngg.js” which created much trouble. (as you could see from the image below with this “script src=http://www.keje.ru/ngg.js /script”)

SQL Injection

There seems to be a new wave of sql injections ending with ngg.js, it’s a kind of script that will run maybe to harm your pc recently?

The following table lists the references to malicious scripts detected and reported to date:

Date Monitored | Script Reference
7/20/2008 http://www.o1o2qq.cn/ri.js
7/20/2008 http://www.5kc3.ru/ngg.js
7/20/2008 http://www.sslwer.ru/ngg.js
7/20/2008 http://www.gb53.ru/ngg.js
7/20/2008 http://www.vcre.ru/ngg.js
7/20/2008 http://www.4cnw.ru/ngg.js
7/20/2008 http://www.sdkj.ru/ngg.js
7/20/2008 http://www.lkc2.ru/ngg.js
7/20/2008 http://www.kc43.ru/ngg.js
7/20/2008 http://www.bnrc.ru/ngg.js
7/20/2008 http://www.adwr.ru/ngg.js
7/20/2008 http://www.jvke.ru/ngg.js
7/20/2008 http://www.h23f.ru/ngg.js
7/20/2008 http://www.90mc.ru/ngg.js
7/20/2008 http://www.keec.ru/ngg.js
7/20/2008 http://www.jex5.ru/ngg.js
7/20/2008 http://www.rrcs.ru/ngg.js
7/20/2008 http://www.iogp.ru/ngg.js
7/20/2008 http://www.nudk.ru/ngg.js
7/20/2008 http://www.lodse.ru/ngg.js
7/20/2008 http://www.adwbn.ru/ngg.js
7/20/2008 http://www.ecx2.ru/ngg.js
7/20/2008 http://www.d5sg.ru/ngg.js
7/20/2008 http://www.keje.ru/ngg.js
7/19/2008 http://www.wowofmusiopl.com.cn/456.js
7/19/2008 http://www.btoperc.ru/ngg.js
7/19/2008 http://www.gbradde.tk/ngg.js
7/19/2008 http://www.korfd.ru/ngg.js
7/19/2008 http://www.movaddw.com/ngg.js
7/19/2008 http://www.usabnr.com/ngg.js
7/19/2008 http://www.ausbnr.com/ngg.js
7/19/2008 http://www.adwnetw.com/ngg.js
7/19/2008 http://www.grtsel.ru/ngg.js
7/19/2008 http://www.cdrpoex.com/ngg.js
7/19/2008 http://www.tctcow.com/ngg.js
7/19/2008 http://www.adpzo.com/ngg.js
7/19/2008 http://www.brcporb.ru/ngg.js
7/18/2008 http://www.hiwowpp.cn/ri.js
7/17/2008 http://www.rcdplc.ru/ngg.js
7/17/2008 http://www.maigol.cn/ri.js
7/17/2008 http://www.j8heisi.cn/ri.js
7/16/2008 http://www.cdport.eu/ngg.js
7/16/2008 http://www.bkpadd.mobi/ngg.js
7/16/2008 http://www.pyttco.com/ngg.js
7/16/2008 http://www.butdrv.com/ngg.js
7/16/2008 http://www.gitporg.com/ngg.js
7/16/2008 http://www.cliprts.com/ngg.js
7/16/2008 http://www.nopcls.com/ngg.js
7/16/2008 http://www.loopadd.com/ngg.js
7/16/2008 http://www.tertad.mobi/ngg.js
7/16/2008 http://www.destad.mobi/ngg.js
7/15/2008 http://www.porttw.mobi/ngg.js
7/15/2008 http://www.bnsdrv.com/ngg.js
7/15/2008 http://www.hdrcom.com/ngg.js
7/15/2008 http://www.addrl.com/ngg.js
7/14/2008 http://www.usaadp.com/ngg.js
7/14/2008 http://www.gbradp.com/ngg.js
7/14/2008 http://www.gbradw.com/ngg.js
7/14/2008 http://www.drvadw.com/ngg.js
7/14/2008 http://www.crtbond.com/ngg.js
7/14/2008 http://www.usaadw.com/ngg.js
7/11/2008 http://www.destbnp.com/ngg.js
7/10/2008 http://www.ausadd.com/ngg.js
7/9/2008 http://www.attadd.com/ngg.js
7/8/2008 http://www.allocbn.mobi/ngg.js
7/8/2008 http://www.catdbw.mobi/ngg.js
7/8/2008 http://www.asslad.com/ngg.js
7/8/2008 http://www.browsad.com/ngg.js
7/8/2008 http://www.bnrbase.com/ngg.js
7/8/2008 http://www.brsadd.com/ngg.js
7/8/2008 http://www.bnrbtch.com/ngg.js
7/8/2008 http://www.loctenv.com/ngg.js
7/8/2008 http://www.appdad.com/ngg.js
7/8/2008 http://www.apidad.com/ngg.js
7/8/2008 http://www.asodbr.com/ngg.js
7/8/2008 http://www.bnradd.mobi/ngg.js
7/8/2008 http://www.dbgbron.com/ngg.js
7/8/2008 http://www.adwadb.mobi/ngg.js
7/8/2008 http://www.blcadw.com/ngg.js
7/8/2008 http://www.portadrd.com/ngg.js
7/8/2008 http://www.blockkd.com/ngg.js
7/8/2008 http://www.clrbbd.com/ngg.js
7/7/2008 http://www.adbtch.com/ngg.js
7/7/2008 http://www.lokriet.com/ngg.js
7/7/2008 http://www.ucomddv.com/ngg.js
7/7/2008 http://www.bnrbasead.com/ngg.js
7/7/2008 http://www.aladbnr.com/ngg.js
7/7/2008 http://www.hiwowpp.cn/k.js
7/7/2008 http://www.mainbvd.com/ngg.js
7/7/2008 http://www.mainadt.com/ngg.js
7/7/2008 http://www.stiwdd.com/ngg.js
7/7/2008 http://www.upcomd.com/ngg.js
7/7/2008 http://www.portwbr.com/ngg.js
7/7/2008 http://www.testwvr.com/ngg.js
7/7/2008 http://www.ktrcom.com/ngg.js
7/7/2008 http://www.canclvr.com/ngg.js
7/4/2008 http://www.loveqianlai.cn/ri.js
7/3/2008 http://www.maigol.cn/k.js
7/3/2008 http://www.qqcc123.cn/ri.js
7/2/2008 http://www.qqcc123.cn/k.js
7/2/2008 http://www.debug73.com/ngg.js
7/2/2008 http://www.cont67.com/ngg.js
7/2/2008 http://www.config73.com/ngg.js
7/2/2008 http://www.default37.com/ngg.js
7/2/2008 http://www.cntrl62.com/ngg.js
7/2/2008 http://www.config73.com/b.js
7/2/2008 http://www.default37.com/b.js
7/2/2008 http://www.csl24.com/b.js
7/2/2008 http://www.cont67.com/b.js
7/2/2008 http://www.cntrl62.com/b.js
7/2/2008 http://www.get49.net/b.js
7/2/2008 http://www.web923.com/b.js
7/2/2008 http://www.debug73.com/b.js
7/2/2008 http://www.pid76.net/b.js
7/2/2008 http://www.adwste.mobi/b.js
7/2/2008 http://www.pid72.com/b.js
7/2/2008 http://www.adupd.mobi/b.js
7/2/2008 http://www.bnrupdate.mobi/b.js
7/2/2008 http://www.qq117cc.cn/ri.js
7/2/2008 http://www.qq117cc.cn/k.js
7/1/2008 http://www.suppadw.com/b.js
7/1/2008 http://www.supbnr.com/b.js
7/1/2008 http://www.hdadwcd.com/b.js
7/1/2008 http://www.kadport.com/b.js
6/30/2008 http://www.adwsupp.com/b.js
6/28/2008 http://www.hlpgetw.com/b.js
6/28/2008 http://www.lang34.com/b.js
6/28/2008 http://www.dl251.com/b.js
6/28/2008 http://www.tid62.com/b.js
6/28/2008 http://www.rid34.com/b.js
6/27/2008 http://www.bin963.com/b.js
6/27/2008 http://www.base48.com/b.js
6/27/2008 http://www.appid37.com/b.js
6/27/2008 http://www.apps84.com/b.js
6/27/2008 http://www.aspx49.com/b.js
6/27/2008 http://www.app52.com/b.js
6/27/2008 http://www.aspssl63.com/b.js
6/27/2008 http://www.batch29.com/b.js
6/26/2008 http://www.j8j8hei.cn/k.js
6/26/2008 “http://www.heiheinn.cn/k.js”
6/26/2008 http://www.bios47.com/b.js
6/26/2008 http://www.asp707.com/b.js
6/26/2008 http://www.dbupdr.com/b.js
6/26/2008 http://www.cid26.com/b.js
6/26/2008 http://www.st212.com/b.js
6/26/2008 http://www.getbwd.com/b.js
6/25/2008 http://www.westpacsecuresite.com/b.js
6/25/2008 http://www.update34.com/b.js
6/25/2008 http://www.bnradw.com/b.js
6/25/2008 http://www.pingadw.com/b.js
6/25/2008 http://www.pingbnr.com/b.js
6/24/2008 http://www.coldwop.com/b.js
6/24/2008 http://www.alzhead.com/b.js
6/24/2008 http://www.chkbnr.com/b.js
6/24/2008 http://www.chinabnr.com/b.js
6/24/2008 http://www.adwbnr.com/b.js
6/24/2008 http://www.chkadw.com/b.js
6/22/2008 http://www.heiheinn.cn/k.js
6/16/2008 http://www.heihei117.cn/k.js
6/16/2008 http://www.heihei117.cn.js
6/13/2008 http://www.fengnima.cn/k.js
6/13/2008 http://www.killpp.cn/k.js
6/10/2008 http://www.fengnima.cn/m.js
6/7/2008 http://www.killpp.cn/m.js
6/7/2008 http://www.qiqicc.cn/m.js
6/6/2008 http://www.nihao112.com/m.js
6/5/2008 http://o7n9.cn/a.js
6/2/2008 http://www.dota11.cn/m.js
5/24/2008 http://9i5t.cn/a.js

Introduction
Research, as well as Google’s Cache, indicates that there is a significant number of websites that are still vulnerable to SQL Injection attacks. Despite the fact that input filtering techniques and other protective measures are widely known, it is understandable why this is still the case. Regardless of their underlying technology, it often would be almost impractical to review out dated and/or poorly written websites and eliminate all vulnerabilities in their code bases. Such websites typically use the dynamic construction of ad-hoc SQL queries at run-time quite extensively. Even if a given website is less vulnerable, unintentionally missing even a single security hole could be sufficient to permit a successful SQL Injection attack. Such holes can be easily found during the “study” phase of the site (for example, by crawling the site in question and looking for vulnerable web pages).

Regardless of the complexity and costs involved, a publisher has a responsibility to shield his website from the risk of infection and becoming a virus distributing agent. Publishers of any size must protect their sites’ visitors from exposure to malicious scripts at all times.

Financial benefits, such as click-fraud, ad revenue generating zombies, and virtual assets, are generally the driving force behind these types of attacks, as research suggests. However, this can be prevented by use of secure programming and best practices. Ongoing monitoring, detection, and pro-active defensive methods should be utilized within the various layers of any web application.

Attack Description
Recently, we came across a particularly interesting type of SQL Injection that, at times, can be quite difficult to clean, even with the most robust database backup and recovery scheme. This massive and ongoing attack is conducted with the help of an Internet robot—also known as malbot and botnet—which attacks its prospects daily. It is likely that such a botnet fires the series of injection attempts continuously and conditionally until the malicious script references are sensed on the targeted web pages and/or based on detected vulnerability indicators.

The botnet behind this attack, called ASProx, was previously associated with Phishing attacks, and is now indirectly pushing malware through websites that are vulnerable to SQL Injection. The attackers have designed the Asprox botnet to conduct, with the help of Google search engine, an initial research for web pages utilizing ASP (.asp), ASP.NET (.aspx), and PHP (.php) web technologies. The ASProx botnet also utilizes a DNS Fast-Fluxing technique to hide the actual malware delivery sites behind an ever-changing network of compromised hosts acting as proxies. The botnet’s infrastructure grows steadily, and our own attack sample indicates it exceeds 24,200 distinct and recurring IP addresses to date.

There is nothing new in the way that the following T-SQL is injected. Yet, the generic nature of the script is somewhat interesting to see.

Analyzing the pattern above, it is quite obvious this attack is carefully crafted and fully managed. New malware domains are introduced daily, while others are excluded, probably based on declining success metrics as anti-virus and related software and hardware vendors are updating their databases and blacklisting newly detected domains.

This T-SQL script—carried by a single malicious request to a website that is vulnerable to SQL Injection—results in content contamination of the entire site with Persistent/Type 2 Cross-Site Scripting (XSS) exploit. The injected Javascript dynamically writes an invisible IFRAME HTML tag to the involuntarily hosting page, pointing to the actual web page that contains different malicious content in an effort to exploit current software configuration vulnerabilities of the end-user’s machine (and to further empower the botnet). Ironically, the botnet masters explicitly express cyber-crime sympathy or sort of patriotism by excluding all end-users with the following language preferences set in their browser—Russian (RU), Chinese (ZH-CN, ZH-TW, ZH), Korean (KO), Hindi (HI), Thai (TH), and Vietnamese (VI)—as the ngg.js script suggests.

Solutions: How To Immune Your Web Application and Database From Such Automated SQL Injection Attacks

Our attack sample indicates that the botnet zombies cover the entire globe and therefore, an IP-based filtering solution that excludes certain regions will not suffice by itself. Still in the networking-layer, an Intrusion Prevention System (IPS), be it hardware or software based, can make access control decisions based on sensed content and drop the malicious request and other potential malicious activity before it is passed to the web server. A software-based IPS can, for example (but not limited to), provide protection via integration with the IIS platform as an ISAPI filter.

If the web application being attacked is templated, or the underlying web technology is configurable and/or extensible and allows participation in the page processing, it is possible to detect the injected malicious T-SQL script during early stages of the page processing and force an exception at that point. Because such a solution is centralized, it is manageable and will prevent the malicious T-SQL from being propagated to an ad-hoc SQL query down the queue of the page request processing. This effectively stops this attack vector “at the gate.” The following ASP 3.0/VB and ASP.NET/C# code snippets demonstrate this (imperfect)

Quick & Dirty approach:
<%
Dim strQuery

strQuery = Request.ServerVariables("QUERY_STRING")
strQuery = Replace(URLDecode(strQuery), " ", "")

If InStr(UCase$(strQuery),"EXEC(") > 0 OR Len(strQuery) > 500 Then
Response.Write 1/0
End If
%>

Or you may follow my own way to replace the single quote syntax which is the cause of the SQL-Injection by just calling this valid_sql function across all your program. You may save it into a file and then use include function to include the file which can be accessible by all the pages.

<%
Function valid_sql(s)

For i = 1 To Len(s)
If Mid(s, i, 1) = "'" Then
temp = temp + "'"
End If

temp = temp + Mid(s, i, 1)
Next

valid_sql=trim(temp)

End Function
%>

source : bloombit.com

Neway Karaoke Box Member's Promotions. Sing only @ RM8

Saturday, July 19th, 2008 19,922 views

Neway Karaoke Box Member’s Promotions

Neway Karaoke Box Member's Promotions. Sing only @ RM8

Promotion 1

Normal Hour (6pm-10pm) RM22++ Offer Price

Promotion 2

Mid Night Hour (10pm-till late) RM8++ Offer Price

Terms & Conditons
*Only valid for Neway’s Member
*Only valid from Sunday to Thursday
*Only valid at Klang Outlet
*Not valid on eve of Public Holidays, Public Holidays & School Holidays

For reservation call (Tel): 03-33442600

Let’s go sing k!

Cops arrest Anwar outside his house

Wednesday, July 16th, 2008 2,411 views

Anwar arrested outside his house

KUALA LUMPUR: Datuk Seri Anwar Ibrahim arrived at the city police headquarters here in a white Pajero at 1.15pm Wednesday after being arrested by the police.

He had been arrested in front of his house in Bukit Segambut.

His lawyer Sankara Nair said the police told Anwar that he was being arrested for investigations under Section 377C of the Penal Code for alleged “carnal intercourse against the order of nature.”

On June 28, his 23-year-old former aide Mohd Saiful Bukhari Azlan had lodged a police report alleging that Anwar had sodomised him.

Asked if Anwar was handcuffed, Sankara said he was not.

Anwar started giving his statement to the police at about 2.50pm, said another of his lawyers R. Sivarasa, also the Subang Member of Parliament (MP).

Anwar’s wife Datuk Seri Dr Wan Azizah Wan Ismail said he had called her from the police car to say he had been arrested.

“He asked me to go home to look after the children,” she said when met in Parliament lobby earlier Wednesday.

Wan Azizah was at the city police headquarters by 1.30pm, followed 25 minutes later by daughter Nurul Izzah and her husband Raja Ahmad Shahrir.

“It’s a feeling of deja vu with what happened 10 years ago,” Wan Azizah said, adding that she was unhappy over how the arrest had been conducted.

“We’d already given our assurance that he would be at the police headquarters at 2pm,” she said.

Police said they arrested Anwar an hour earlier before the 2pm deadline because they feared he would not show up.

Federal CID director Comm Datuk Bakri Zinin said Anwar was supposed to have gone directly to the Kuala Lumpur police headquarters immediately after giving his statement to the ACA in Putrajaya.

“However, we were informed that after he left the ACA headquarters in Putrajaya, he had changed his route and was heading back to his house in (Bukit) Segambut,” he said.

“He was arrested as we had reason to believe he was not going to show up,” he claimed.

“We wish to point out that Anwar had initially agreed to meet us on Monday but he failed to keep his appointment,” Comm Bakri added.

PKR members and about 200 supporters had gathered at the city police headquarters after news of the arrest went out.

“I don’t believe this is happening. We will seek to get him released as soon as possible,” said DAP chairman Karpal Singh.

DAP adviser Lim Kit Siang described the arrest as “highly provocative and shocking.”

Balik Pulau MP Yusmadi Yusuf, who was there as Anwar’s lawyer, said the matter would be brought up in Parliament.

The police had on Tuesday given Anwar a 2pm deadline to answer allegations of sodomy.

Anwar was at the Anti-Corruption Agency (ACA) headquarters in Putrajaya at 10am Wednesday over reports he had lodged against the Inspector-General of Police (IGP) and the Attorney-General (A-G).

In his report lodged on July 1, Anwar had alleged that IGP Tan Sri Musa Hassan and A-G Tan Sri Abdul Gani Patail had fabricated evidence in the “black eye” investigation in 1999.

Musa was the investigating officer and Abdul Gani led the prosecution in the case in which Anwar had been beaten up by the IGP then, Tan Sri Abdul Rahim Noor.

The two were questioned by the ACA on July 11.

Anwar left the ACA headquarters at 12.20pm.

He said the ACA had not completed its interview, but he had to cut it short to make his 2pm appointment with the police to answer questions over the sodomy allegation made against him.

“I have adduced all evidence to the ACA officers and I am satisfied with the line of questioning,” he said, adding that everything he said had been recorded.

The interview was conducted by a few ACA officers, said Anwar, who arrived at the agency accompanied by lawyers Sankara, Sivarasa, Param Cumaraswamy and dozens of supporters.

“If I am arrested, I guess the ACA can do their follow-up interview at the lock-up,” he joked.

source : TheStar

Anwar arrested outside his house

Opposition leader Anwar Ibrahim was arrested by the police just outside his home in Bukit Segambut, Kuala Lumpur, at 12.55pm.
-Convoy of 15 police vehicles
-Arrested by cops with balaclavas
source : Malaysiakini.com

DiGi launches new postpaid plans, I Love Savings – Lowest reates to anyone, any network, anytime

Tuesday, July 15th, 2008 9,090 views

Digi New Postpaid Plan - I Love Savings

DiGi Telecommunications Sdn Bhd is strengthening its “best value” position in the postpaid market with the announcement of four (4) new Postpaid plans. Whilst continuing to focus on simplicity, DiGi is now offering customised plans that cater for different type of users, including one that offers free domestic calls and SMS.

DiGi’s Chief Commercial Officer, Tom Schnitker, said this launch is in line with the company’s move to enhance DiGi’s market share in the growing Malaysian postpaid market. In view of the changing market dynamics and postpaid customers becoming more discerning, DiGi believes that it is imperative to address specific needs and provide customised plans that are relevant to the customers’ usage patterns.

“By creating relevance to customer needs, we bring about value and savings that will continue to give us the competitive edge in our efforts to further grow the postpaid segment,” he added.

DiGi’s four new plans, DG20, DG50, DG150 and DG250, leverage on “savings” as its key proposition and subsequently give customers the choice to choose Plans that cater to their specific usage patterns. DG250 Plan is the first of its kind to be offered in the local mobile telecommunications industry – it gives customers free domestic calls and SMS to any network at anytime for just RM250.

“We believe this plan will be well received by higher end customers as domestic calls often chalk up a significant amount on their monthly bills,” Tom said.

In another first for Malaysia, the new DG20 Plan offers the lowest industry access fee to date, at RM20. The other plans include DG50 and DG150; which feature simple rates structure with the latter offering free DiGi-to-DiGi calls.

source : lowyat.net

SHAH ALAM: DiGi Telecommunications Sdn Bhd expects its postpaid subscriber growth this year to surpass the 41% recorded in the first quarter with the introduction of four new packages.

Chief commercial officer Tom Schnitker said the first-quarter figure was much stronger than the industry’s growth of 21%.

“The rise in our postpaid subscribers during this period resulted in a 30% increase in revenue,” he said at the launch of the new plans.

As at March 31, DiGi had 6.6 million subscribers, with 775,172 postpaid users.

DiGi Telecommunication Sdn Bhd chief commercial offier Tom Schnitker
DiGi Telecommunication Sdn Bhd chief commercial offier Tom Schnitker speaking on Thursday

DiGi’s new postpaid plans are DG20, DG50, DG150 and DG250, with a monthly commitment fee of RM20, RM50, RM150 and RM250 respectively.

DG250 rewards users with free domestic calls and short messaging service to any network at any time for a fixed monthly commitment.

“Just stay tuned with us,” Schnitker said when asked if data and international direct dialling call charges would be lower for its latest postpaid plans.

DiGi, which has allocated RM15mil to RM20mil to promote its products this year, is also looking at increasing its share of the postpaid market.

Schnitker said the local postpaid segment was still quite small compared with countries like Singapore and Australia where it had reached over 60% of the mobile market.

Schnitker also said DiGi was likely to introduce its 3G services in the fourth quarter or first quarter 2009.

source : TheStar

About Me

This blog is a platform for me to write and share my passions: food, travel, gadgets, photography and events.

Facebook | Twitter | +Google | Instagram

Read more...

Want to subscribe?

 Subscribe in a reader Or, subscribe via email:
Enter your email address:  
Google