Beza ICT Dengan Bidang Lain

Apa yang bezakan ICT dengan bidang yang lain.

1) Open standard yang kita gunakan hari ini, belum tentu lagi akan menjadi keutamaan dan popular disama akan datang. Perubahan kerap berlaku dengan cepat round robin dalam +-18 bulan.

2) Ianya satu-satu bidang yang meluas dikuasai oleh ramai orang.

3) Walaupun dikuasai oleh ramai orang ia masih terbahagi kepada pelbagai kemahiran yang setiap satu mempunyai SIG masing-masing.

4) Kemahiran yang anda mahirkan dengan belum tentu lagi akan menjadi keperluan dalam masa 18 bulan mendatang.

5) Kerjaya ini milik ramai individu dalam pelbagai bidang kemahiran bukan ICT.

Bantahan Kepada "Board of Computing Professional Draft" 2011 (CPB2011)


Saya, Harisfazillah Jamel, rakyat Malaysia yang bekerja dan terlibat dalam bidang ICT ingin membuat bantahan kepada cara dan bagaimana "Board of Computing Professional Draft" dicadangkan dan mahu diwartakan.

Bantahan ini dibuat, kerana tiada notis, makluman awam, pemberitahuan awal dan sebarang perbincangan dengan mana-mana kumpulan-kumpulan bidang ICT dalam merangka akta ini. MOSTI sepatutnya sedia maklum bahawa, bidang ICT adalah meluas dan ia memerlukan rangka persetujuan ramai dalam apa jua usaha melaksanakan undang-undang tertentu. Bantahan ini merujuk kepada maksud akta.

"An Act to provide  for the  establishment of the  Board  of Computing Professionals Malaysia and for the registration of computing practitioners, computing professionals, sole proprietorships, partnerships and  bodies  corporate  providing  Computing  Services and  for purposes connected therewith."

Yang dengan jelas menyatakan hampir semua dalam bidang ICT akan terlibat. Namun saya sebagai individu dalam bidang ICT tidak mendapat maklum malah rakan-rakan ICT dalam komuniti OSS tidak juga dimaklumkan, sedangkan ia melibatkan masa depan kami semua.

Bantahan saya ini akan saya tayangkan dalam blog, Facebook dan semua rangkaian saya untuk tujuan perhatian semua pihak dan juga ia turun email dan fax kepada MOSTI.

Sila maklum, jika bantahan ini tidak diambil perhatian, dengan memanggil lebih ramai pihak daripada pelbagai lapisan bidang ICT, maka ia adalah satu kekecewaan kepada pihak saya kerana ia melibatkan masa depan saya sebagai individu yang bergiat dalam bidang ICT.

Kepakaran dalam bidang ICT tidak dapat diukur secara mutlak melalui sijil dan degree. Tapi adalah kemahiran dan kepakaran hasil pengalaman. Ia tidak dapat diukur secara total dengan peperiksaan namun ia dapat dinilaikan dengan hasil usaha sumbangan terutama kepada komuniti ICT dan awam. Jasa mereka.

Harisfazillah Jamel

8 Dis 2011.

10:13pm

Saya boleh dihubungi melalui email : linuxmalaysia @ gmail.com

Komen boleh dibuat disini dan


Asal :-

Google Developer Link Offline Card - LinuxMalaysia


Get your offline card here http://developer-link.appspot.com/ and join Google Technology User Group Kuala Lumpur or GTUG Kuala Lumpur https://sites.google.com/site/gtugkl/

Mine - LinuxMalaysia





Find your online friends offline

Have you ever attended meetups or events expecting to meet your online friends, but failing because you don't recognize their real faces? Google Developer Link is a service for developers that makes finding their online friends easier than ever before. You will need a Google+ account.

Please Change Your Password For New Format Policy


You are require to have a new password thats contain the following :-


  1. Two upper case letters
  2. Two lower case letters
  3. Two numbers
  4. Two special characters (examples: @#$%^&*()_+|~-=\`{}[]:";'<>/)


Password must contain with minimum of 8 characters
Password must be changed on at least every 6 months

Your password is easy to be remembered but it is hard to guess.


Read it online

http://goo.gl/HZZCd

http://green-osstools.blogspot.com/2011/10/please-change-your-password-for-new.html


References :-

OWASP.my Discussion Group In Facebook
https://www.facebook.com/groups/owaspmy/

Facebook Security Page and download E-book in PDF format A Guide to Facebook Security.
https://www.facebook.com/security

Password Policy
http://en.wikipedia.org/wiki/Password_policy

SANS Institute Password Policy
http://www.sans.org/security-resources/policies/Password_Policy.pdf

Malaysia Open Source Developer's Club OSDC.my in Linkedin
http://www.linkedin.com/groups/Malaysia-Open-Source-Developers-Club-2420636


What Programming Language You Start With?


What Programming Language you start with? The one you learn the logic and flow of programming.

This question I ask to Facebook friends by using Facebook Question module.


As at 8 Oct 2011 we have 251 total votes and top votes are

C++ (68), C (47), MIRC script (25), BASIC (24), PASCAL (20), Java (16) and Python (11).

The results :-

C (47 votes)
BASIC (24 votes)
Logo (6  votes)
C++  (68 votes)
MIRC Scripts (25 votes)
PASCAL (20 votes)
Java (16 votes)
Python (11 votes)
Assembly (9  votes)
PHP (8  votes)
Bash (4  votes)
FORTRAN (3  votes)
Perl (3  votes)
Shell script (3  votes)
algebra of sets  (1  vote)
LISP (1  vote)
Ada (1  vote)
Go (No vote)
C#  (No vote)
ASP.NET (No vote)
The logic structure of Ubuntu - 1 vote

Fun With Twitter and Visual.ly


Fun With Twitter and Visual.ly and follow my twitter http://twitter.com/linuxmalaysia and the full infographic can be view here http://bit.ly/ntKYOa and you can create your own by visiting the link below :-


Everyone should have a Twitter account and you can use Twitter to tweet public update about yourself. By using Twitter you can be ask friends and fans to follow you in their Twitter accounts and you can publish your tweet update without the need to expose all your personal data. Twitter much more safer  comparing to Facebook or Google Plus. You just need to careful with what you share to public.

An example of public tweets about technology related to Open Source Software and Linux, is by reading LinuxMalaysia Twitter by clicking the Twitter link below



Software Freedom Day Kuala Lumpur 2011 (SFDKL2011) - In Youtube


Archive


Youtube channel during Software Freedom Day Kuala Lumpur 2011 (SFDKL2011) 21 Sept 2011 at Universiti Kuala Lumpur (UniKL-MIIT).


Information about SFDKL2011


Software Freedom Day is a worldwide celebration of Free and Open Source Software (FOSS). Our goal in this celebration is to educate the worldwide public about the benefits of using high quality FOSS in education, in government, at home, and in business -- in short, everywhere! The non-profit organization Software Freedom International coordinates SFD at a global level, providing support, giveaways and a point of collaboration, but volunteer teams around the world organize the local SFD events to impact their own communities.

SFDKL2011 was organised by Malaysia Open Source Community with support of OSDC.my and Universiti Kuala Lumpur (UniKL-MIIT).

Pictures and youtube can be view here


Discussion about Open Source Software

OSDC.my Discussion Group In Facebook


and OSDC.my Mailing list

My ICT Activities For The Month Of September 2011


Join me LinuxMalaysia for this ICT events for the month of September 2011.

1) OWASP Day Kuala Lumpur 2011

http://owasp.csscmiit.com/

OWASP Malaysia will host OWASP Day KL 2011 in Kuala Lumpur, Malaysia from Sep. 20 to Sep. 21, 2011 and colloborate with UniKL-MIIT & OSDCMY. The events will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from Malaysia and around the world for in-depth discussions of cutting-edge application security issues.

The summit will draw participation from major Malaysia and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 200 people are expected to attend the events. exhibition and lunch will be held at the summit, providing sufficient networking opportunities.

2) Information Security and Assurance Seminar ([email protected] '11)

http://isasusim2011.blogspot.com/

Information Security & Assurance Seminar (ISAS) 2011 from Sep. 24 2011 to Sep. 25 2011 and organized by students of Bachelor of Computer Science (Information Security & Assurance), Faculty of Science & Technology, University Sains Islam Malaysia.

Schedule


Knowledge is power. Join this events to upgrade your knowledge in Linux and Open Source Security tools.

3) FAD:KualaLumpur 2011


The Fedora Activity Day (FAD) is a regional event (either one-day or a multi-day) that allows Fedora contributors to gather together in order to work on specific tasks related to the Fedora Project.

* Venue: UCTI/APIIT Kuala Lumpur Malaysia
* Date: 10th September 2011
* Time: 9am-5pm
* Facebook RSVP: http://www.facebook.com/event.php?eid=152923404776693

The Fedora Project is a partnership of free software community members from around the globe. The Fedora Project builds open source software communities and produces a Linux distribution called "Fedora."

4) SE Asia Google DevFests 2011


Venue details and agenda coming soon.

DevFest events are a great opportunity to learn more about Google technologies and developer products. The events also give you a chance to meet developer advocates and engineers who work on those products and ask them any questions you might have. Best of all, DevFest events are free to developers worldwide! Seats at the events are limited, however, so register early.

5) Software Freedom Day

http://wiki.softwarefreedomday.org/2011/Malaysia/Kuala%20Lumpur/OSDCMY

Date : Wednesday, 21 Sept 2011
Venue : Universiti Kuala Lumpur www.unikl.edu.my

The idea of SFD is for everyone without a vested interest in proprietary software to unite and educate the world about the ideals of Software Freedom and the practical benefits of Free Software.

6) Hackerspace KL


HackerspaceKL is a community-oriented hackerspace where people make creative things with technology. It will be a place for hackers, coders, geeks, makers, nerds, artists, students, and everyone from all walks of life to hang out and meet each other, work on projects and meet people with similar interest, conduct lectures, workshops, and tutorials, and share knowledge and resources such as electronic equipments, computer devices, and other gadgets.

Latest update visit

Malaysia Open Source Community (MOSC.my) Facebook


Malaysia Open Source Community (MOSC.my) Twitter


MOSC.my Planet


Compile by

LinuxMalaysia

http://twitter.com/#!/linuxmalaysia


OWASP DAY KL 2011 - Malaysia - The Open Web Application Security Project



Visit official website for detail and registration information


https://www.owasp.org/index.php/OWASP_Day_KL_2011#tab=Welcome

http://owasp.csscmiit.com/index.html


Registration

https://www.owasp.org/inde​x.php/OWASP_Day_KL_2011#ta​b=Registration

or email to owaspday @ osdc dot my

OWASP Malaysia will host OWASP Day KL 2011 in Kuala Lumpur, Malaysia from Sep. 20 to Sep. 21, 2011 and colloborate with UniKL & OSDCMY.

The events will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from Malaysia and around the world for in-depth discussions of cutting-edge application security issues.

The summit will draw participation from major Malaysia and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 200 people are expected to attend the events. exhibition and lunch will be held at the summit, providing sufficient networking opportunities.

UniKL Malaysian Institute of Information Technology (UniKL MIIT)

http://www.unikl.edu.my/

OWASP Malaysia

http://www.owasp.my/





The Open Web Application Security Project (OWASP)

https://www.owasp.org/

OSDC.my

https://www.facebook.com/groups/osdcmalaysia/


Facebook Event Page OWASP Day Malaysia 2011

http://www.facebook.com/event.php?eid=103809379720876


Invitation To Malaysia Open Source Conference 2011 (MOSC2011)

Invitation To Malaysia Open Source Conference 2011 (MOSC2011)


It is a great pleasure to announce that OSDC.my and AMDI USM will be organising annual Malaysia Open Source Conference 2011 (MOSC2011) on 3rd, 4th and 5th July 2011 at Bayview Beach Resort, Batu Feringgi, Pulau Pinang, Malaysia.

MOSC2011 is an event where you can learn on how you can maximize your profits and knowledge from Open Source software for your organization and meet the world class speakers from around the world. MOSC2011 has been a platform for networking individual involved with Open Source from Malaysia and around the world.

MOSC2011 is organise by OSDC.my, Malaysia Open Source Community together with AMDI USM (Institut Perubatan dan Pergigian Termaju or Advanced Medical & Dental Institute,Universiti Sains Malaysia).

We would like to invite you to become part of this year conference, MOSC2011. The registration fee for the conference is RM500 per participant. Should you have further enquiries, please email to [email protected] and visit MOSC2011 Official website for more information and registration information


Register yourself here


Blog For MOSC2011


If you need an invitation letter or supporting documents for LO, you need to register at MOSC2011 website by using the link above and we will contact you for further action. You can email [email protected] for urgent request. Brochure and invitation letter can be download for MOSC2011 Official website.

Help us spread words and MOSC2011 event by "Like" MOSC2011 Facebook Fanpage or forward this email to your friends.


and visit Malaysia Open Source Conference Official Event Page and click Im Attending and share with your friends.


For non Facebook users MOSC2011 discussion can be review and join open source software disscussion with email and online


Some of the speakers and topics we have selected this year are as follows:



(1)  Jim Lacey, President and CEO of the Linux Professional Institute (LPI)

LPI Official Website : http://www.lpi.org/


(2)  Rizatuddin Ramli, UNIK, Office of Prime Minister, Malaysia

Unit Inovasi Khas (UNIK) http://www.unik.com.my/
Agensi Inovasi Malaysia (AIM) http://agensi.inovasimalaysia.com/


(3)  Mrs. Irma Birchall
KOHA open-source Integrated Library System (ILS) Workshop



(4)  Mr. Robin Sheat
KOHA open-source Integrated Library System (ILS) Workshop


{5)  Chris Levanes - Platform Strategy Lead, Microsoft Asia-Pacific

Microsoft Milking The Cloud


(6)  Ryusuke Kajiyama - MySQL Principal Sales Consultant at Oracle based in Japan
Product Roadmap of MySQL - RDBMS and NoSQL, And Beyond


(7)  Evan Leybourn
Data Warehousing with Open Source Technologies (or why not to use Data Marts in 2010)


(8)  Lim Lian Tze - Malaysian LaTeX User Group
LaTeX: More Than Just Academic Papers and Theses


(9)  Errazudin Ishak - MIMOS Berhad
REST in pieces (with FRAPI)


(10) Nur Hussein
How Linux Has Evolved: A Retrospective On The Past 10 Years


(11) Cecil Su - OWASP International
Improving Application Security Assurance with OWASP ASVS


(12) AMDI, Universiti Sains Malaysia (USM)
AMDI, USM Official website http://www.amdi.usm.edu.my/

We have our own MOSC2011 Twitter and Identi.ca so join us and invite us.



Thanks.

Harisfazillah Jamel aka LinuxMalaysia

OSDC.my

6 June 2011

KOHA OSS Integrated Library System Workshop during MOSC2011

KOHA OSS Integrated Library System Workshop during MOSC2011



Date : 4th July till 5th July 2011


KOHA Community in Malaysia is going to conduct KOHA training Workshop during Malaysia Open Source Conference 21011 (MOSC2011). Koha is the first open-source Integrated Library System (ILS). In use worldwide, its development is steered by a growing community of libraries collaborating to achieve their technology goals.

Schedule for the workshop please visit this link


and any inquiry about the worksop please email to [email protected]

Speakers and trainers

Mr. Robin Sheat


Software Developer - Koha Team at Catalyst IT Limited

Robin Sheat has broad experience in various open source related technologies, mostly in the domain of software development. I have worked on large, scalable web systems in Perl, web and desktop applications in Java, system administration scripts in Puppet and shell scripting, and a number of other similar things.

Along with this industry experience, I have also gathered a range of more academic skills, such as artificial intelligence and data mining.


Mrs. Irma Birchall


Irma Birchall is the founder of CALYX information essentials, a Koha and Kete support provider in Australia. She worked at Sydney University's Fisher Library and other libraries for 10 years after graduating in Library Sciences and is an active member of the Australian Library and Information Association. She is also a member various free software user groups and takes part in many GLAM (Galleries/Libraries/Archives/Museums) sector activities.

During implementations, Irma's focus is on training, and she brings to her clients a solid understanding of Koha, library processes, international library standards and of the Australian library context. Irma speaks French, German and is learning Spanish.

Koha Library Software Community
  



Archive

OSDC.my Open Source Developers Club Malaysia Discussion Group In Facebook

OSDC.my Open Source Developers Club Malaysia Discussion Group In Facebook

Visit OSDC.my Discussion Group In Facebook and join us

http://www.facebook.com/home.php?sk=group_125842900827482

Come and join us to discussion about development in Open Source Software (OSS) or any topics related to OSS.

Malaysia Open Source Developer's Club or in short known as OSDC.my is a community based club open for all enthusiastic Open Source developers and users across Malaysia.

http://www.facebook.com/OSDC.my

OSDC.my is a new chapter that has been brought under Malaysia Special Interest Groups, MySIG for all developers to share their thought, knowledge and experience and leverage the Open Source idea to public.

Malaysia Open Source Conference 2011 (MOSC2011)

http://www.mosc.my/

MOSC is an event where you can learn on how you can maximize your profits from Open Source software for your organization. And meet the world class speakers from around the world. It's time to Innovate Change!

http://www.facebook.com/mosc2011


OSDC.my Email Discussion Group

http://portal.mosc.my/osdc-my-mailing-list-information


Archive

http://osdc.harisfazillah.info/2011/05/osdcmy-open-source-developers-club.html

KOSTEM : Draft For OSS Geek Magazine By Apogee

Thanks Apogee. This magazine still in proposal stage and draft. Join us Koperasi Sumber Terbuka Malaysia Mailing List For Further detail.


The name of the magazine is not yet final.






From OSDC.my mailing List :-

Raja Iskandar Shah <> wrote:

This Malaysian OSS Magazine is a venture of KOSTEM. KOSTEM itself is an economic venture of the Malaysian OSS Community. 58 people from the Malaysian community has already registered to be founding members of KOSTEM. The countdown is on to reach 200 founding members, so have you registered your interest as a founding member ?

https://spreadsheets.google.com/spreadsheet/viewform?formkey=dHNfc2xma1JGSkw5MHZEcFJ4Vy0zb0E6MQ

Today is the last day to suggest a name for the Malaysian OSS Magazine. The target audience for the magazine are practicing and prospective programmers, developers and administrators. This is a venture that could be syndicated to other languages, therefore the name must be recognisable internationally. It is also a medium for collaboration between the community, the industry, the academics, and the government, therefore the name must also reflect a common ground for participation.

https://spreadsheets.google.com/spreadsheet/viewform?formkey=dFdoVlZuNTVhazNGRk5iOWtheUx3OEE6MQ

Poll : What Topics Interest You For MOSC2011?

What topics interest you For MOSC2011? Please select one or more titles that you want to be in Malaysia Open Source Conference 2011 (MOSC2011)



This is only a poll for MOSC2011 team to get general view about topic of interests. The call for speakers is still open. Submit your proposal by this link


Thank you.

Harisfazillah Jamel

6 May 2011

------------

Among the propose topics for Malaysia Open Source Conference 2011 (MOSC2011)


Build Web Applications in 30 Minutes with Joget Workflow v3

bahasa melayu in german knoppix.de

Hands on Post Mortem Forensic analysis with specifics Forensic FOSS TOOLS

Implementing an Open Source Infrastructure in SME

Pengaturcaraan Mudah dengan Gambas! (Simple Programming with Gambas!)

MariaDB: The New M in LAMP

The MySQL Diaspora

MySQL Storage Engines Landscape

Hello World to Spring IoC!

Econometrics in the IT security industry

Real Time Data Visualization in the Cloud using Open Source Data Management Platform

Dhanis: a cloud business services

Engaging in OWASP ASVS

IMPLEMENTATION OF NESSUS IN THE COMPUTER NETWORK SECURITY

birgHPC: Creating Instant Computing Clusters for Bioinformatics and Molecular Dynamics

Relax, manage your data in CouchDB

Product Roadmap of MySQL - RDBMS and NoSQL, and beyond

Implementing Open Source Security in Malaysian Goverment: A Solution Integrator POV

Google App Engine With Gaelyk

The Freedom Stack

Defect Handling Mechanism in Various Open Source Projects

Open Source in Health Care: HUSM 10 Years of Innovative Effort

perception study towards the development of linear motion experiment using open source python and rotary motion sensor

Mobile OPAC for Koha Open Source ILS

BitCoin: Has Digital Money Finally Arrived?

REST in pieces (with FRAPI)

Malaysian's experience in Google Summer of Code

open source game engine

Rails 3 - Writing Beautiful Code

Open Source Game Engine and Library

Open Source Digital Forensics Tools and Framework for Analyzing Digital Evidence

Scalable and Sustainability of Teaching Information and Communication Technology (ICT) Skills and Managing Schools using Open Source Computing.

Measuring website performance with boomerang

the use of open source software for election at lower cost

Zenclouds - How we build Xen virtual server control panel using CakePHP and Gearman

NodeJS - Introduction to Javascript on the server side

Developing SaS application on the cloud

Malaysia Open Source Conference Is Back For Year 2011

Malaysia Open Source Conference Is Back For Year 2011

Malaysia Open Source Community is organizing Malaysia Open Source Conference 2011 (MOSC2011) together with AMDI USM (Institut Perubatan dan Pergigian Termaju or Advanced Medical & Dental Institute,Universiti Sains Malaysia). The official website is now open for official anoncuement and information update.

Please visit conference offcial website at http://www.mosc.my/

Official Facebook Page can be Like at


and its event page that you can use to invite friends in Facebook


We have our own MOSC2011 Twitter and Identi.ca join us and invite us.


http://identi.ca/mosc2011

Please help the Open Source Community by following and Like us in Facebook, Twitter and Identi.ca and help us by putting in the MOSC2011 countdown banner. You can get The MOSC2011 countdown code here and you are free to put it on your blog or website


AMDI USM official website http://www.amdi.usm.edu.my/

Data Centre Operation In 90's

Data Centre Operation

Data Centre Operation (DCO) is always in my heart. Its my first job in year 1991 as computer operator at Perwira Habib Bank (PHB). In 1991 PHB is using NCR 9800 mainframe using VRX/E as operating system. Remembered the commands like

RUNJ
keyboard command like dot R and function key for changing the host.
PURGE
KILL

and I learning to write COBOL.

NCR 9800 was fault-tolerant mainframe manufactured by NCR Corporation in late 80's and early 90's. I love that machine. Learn about fault-tolerant and managing batch processing with that machine.  Every Sunday we would do a power shutdown for NCR 9800. The holy words for DCO PHB at that time bye bye or in NCR machine code display B1B1 and later we will boot its again and our shift supervisor will said

Lets go for breakfast and its 4am in the morning. In 90's we don't have 24 hours Mac Donalds so mamak will do. :)

Data Centre Operation for PHB was run for 24 hours. We are devided into 3 cycle shifts. Morning, Afternoon and Night. Morning start from 8am till 4pm, Afternoon start from 4pm till midnight and Night start from midnight till 8am. In rotation of 2 days afternoon, 2 days morning and 2 days night with 1 days off.

More years to come and later DCO was called Computer Operation Unit (COU).

Reference


NCR Corporation History


Advertisment in Spanish


Translation from above web page

The NCR Horizon Information at your fingertips, not tolerate failures. Because today, the NCR 9800 is pure innovation, intelligent evolution of computers. His secret is that its architecture is a masterpiece of information, which simplifies programming support and optimizes performance of each of its elements. With the possibility of extending low-cost unlimited processing capacity due to its architecture ncremental, with the most perfect system Fault Tolerant prepared to save you time and money both in conducting transactions on-line as in conventional processes. An endless list of advances that NCR has today and which, according to the press, other manufacturers can submit ... by 1990. Contact NCR go get your company, Computer, several years ahead. NCR Vanguard Information Technology Dept. Send this coupon to Sales Promotion.

G.R.E.E.N Open Source Security Tools OWASP Malaysia

G.R.E.E.N Open Source Security Tools OWASP Malaysia


Harisfazillah Jamel presentation during KL GreenHat 2011 UniKL Kuala Lumpur Malaysia - http://greenhat.my/

Archive



Transcript :-

G.R.E.E.N 
Open Source Security Tools 

OWASP Malaysia 
www.owasp.my 
KL GreenHat - 10 Feb 2011 

G.R.E.E.N

G roup 
R econ 
E ducation 
E motion Control 
N eutralized 

G.R.E.E.N 
G roup 

G roup 

• We all need to be in a group
• We need to have policy 
• We have rules to follow 

G roup 

We all belong to group 
Company, community and education 
Why policy and rules ? 

G roup 

Haris, please reset root password? 
:) 
I have only user privileges 
BUT I can do it. 

ps. If you are reading this slide, you need to come to my session KL Greenhat 2011 and I will tell you. 

clue : chmod +s and sudo 

G roup 

Within Group 
We can set policy and rules 
We can implement policy and rules 
We can by law punish who break the rules 

We can share knowledge and experience 

(Company Organisation Community) = GROUP 

G roup 

Organisation need to have security policy 

Internal threat cause most security breaches 

G roup 

Rules thats within security policy 

Internal threat cause most security breaches 

G roup 

Audit Tools - By hand :) 

G roup 

Audit Tools - Checklist 
Benchmark Audit Tool - cisecurity.org 
OWASP How To 

http://www.owasp.org/index.php/Category:How_To 

G roup 

Audit Tools 

Bastille Unix 

• A hardening script 
• bastille --report 
• http://bastille-linux.sourceforge.net/ 

G roup 

Pentest - To check your own weakness 

Server - OpenVAS, Nikto, nmap 
Wireless - aircrack-ng, weplab, WEPCrack, airsnort 
Network - tcpdump, wireshark 

G.R.E.E.N 
R econ 

R econ 

We need to know and be active 

• Log monitoring 
• Process monitoring 
• Network Monitoring 
• Files Monitoring 
• Host Monitoring 
• Human Monitoring 

R econ 

Log Monitoring 

Central logging - syslog-ng
Monitoring File Log - swatch 

R econ 

Process Monitoring 

Barking at daemons - Monit 

R econ 

Network Monitoring 

Network Intrusion Detection System 

• Snort 
• Snort Web interface using ACID 
• BRO - ada berani (need to customize) 

R econ 

Files Monitoring 

Files integrity Checking 

• Advanced Intrusion Detection Environment - AIDE 
• Open Source Tripwire 

R econ 

Host Monitoring 

host-based intrusion detection system (HIDS) 

• OSSEC HIDS - www.ossec.net 
• Samhain - la-samhna.de/samhain
• OSiris - osiris.shmoo.com 
Detect files changes and monitoring the logs andwarn system admin. 

R econ 

Human Monitoring 

Opensource CCTV 
Zoneminder - www.zoneminder.com 

G.R.E.E.N 
E ducation 

E ducation 

Lack of awareness about security. 
Users - bring in trojan 
Sysadmin - server hijack 
Developers - not so secure web application 
Management - No ICT Security policy 

E ducation 

Action Plan 
Users - Cybersafe Malaysia 
Sysadmin - OWASP Webgoat 
Developers - OWASP top 10 
Management - Create and implement Security policy 

E ducation 

Users - Cybersafe Malaysia 

www.cybersafe.my 

E ducation 

Sysadmin - OWASP Webgoat 

The primary goal of the WebGoat project is simple: 
create a de-facto interactive teaching environment for 
web application security. 

E ducation 

Developers - OWASP Top 10 2010 

A1: Injection 
A2: Cross-Site Scripting (XSS) 
A3: Broken Authentication and Session 
Management 
A4: Insecure Direct Object References 
A5: Cross-Site Request Forgery (CSRF) 
A6: Security Misconfiguration 
A7: Insecure Cryptographic Storage 
A8: Failure to Restrict URL Access 
A9: Insufficient Transport Layer Protection 
A10: Unvalidated Redirects and Forwards 

E ducation 

Management - Create and implement security policy 

Certification is important 
Get your people certified 

G.R.E.E.N 
E motion Control 

E motion Control 

Be Calm 

You will stress out if you not. 

Be Patient 

Knowledge come from learning 
Experience come from doing 

Its all about time 

E motion Control 

TuxRacer 
Bos Wars 
Globulation 2 
FreeCol 
LinCity-NGSauerbraten 
Sokoban 
EnigmaBillardGL 
Wesnoth 
FlightgearBzflag 
Opensource games 

G.R.E.E.N 

N eutralized 

N eutralized 

Block the attack 

• Firewall 
•Intrusion Prevention Framework 
Filter the packets and data 
• Web proxy 
• Email filter 
Protect the connection 

N eutralized 

Block the attack 

Firewall 

• M0n0wall 
• PFsense 

Intrusion Prevention Framework 

• Fail2ban 
• TCP Wrapper 

N eutralized 

Filter the packets and data 

Webproxy 

• Squid + Dansguardian 
• Nginx 

Email Filter 

• Amavis-new 
• Mailscanner 

N eutralized 

Protect the connection 
Using SSL - OpenSSL 
VPN - OpenVPN 
Encryption - GnuPG 

OWASP Malaysia 

OWASP Malaysia Local Chapter 

The Open Web Application Security Project 
(OWASP) is a not-for-profit worldwide charitable 
organization focused on improving the security of 
application software. 

www.owasp.my 

The End 

Malaysia OSS Community Survey 2011 on Awareness of OSS Certification -survey.mosc.my 

Malaysia Open Source Conference 2011 portal.
mosc.my 

Harisfazillah Jamel 

linuxmalaysia @ gmail.com haris @ bytecraft.com.my 

10 Feb 2011 

Update Your Internet Explorer Or Change Your Internet Browser or Change Your Operating System

Update Your Internet Explorer Or Change Your Internet Browser or Change Your Operating System

MA-265.012011 : MyCERT Alert - Critical Vulnerability in Microsoft Windows

The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim's Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user.

An attacker who successfully exploits this vulnerability will be able to execution of arbitrary attacker-supplied script code in the context of Internet Explorer. This may allow the attacker to obtain sensitive information, spoof content, or perform arbitrary actions on a targeted website in the context of the victim.

Windows users please update your Internet Explorer or use others alternative like

Mozilla Firefox


Google Chrome


More options to Internet Explorer alternative.

Alternative Browser Alliance


Browse Free Browse Happy


Viewable With Any Browser


Linux your choice of new and future Operating System


References

Microsoft Windows MHTML script injection vulnerability


Microsoft warning over browser security flaw


Open Rembau 2011 Project Launch

Open Rembau 2011 Project Launch

Assalamualaikum and salam sejahtera,

Do join us for Open Rembau 2011 Project Launch

http://openrembau.org/ (website in Malay)

Open Rembau Project 2011 is intended to share information on the benefits and advantages of open source software as a whole to Rembau residents. It is targeted at all segments of society which include, Rembau district administration and other local government around Rembau, Negeri Sembilan, Malaysia. Open Rembau is one of the modules in the Penguin Masuk Kampung.

Date : Saturday, January 29 2011

Time : 10:00am - 1:00pm

Location : Jemaah Pengurus Kebajikan Anak-Anak Yatim dan Miskin Ulu Gadong

Ulu Gadong, Kota, Negeri Sembilan, Malaysia

More info and discussion


OSDC.my list disscussion email thread.


For anyone who want to join using public transport, a van will wait for you at Stesen Komuter Seremban around 8.30am. Please inform Shukri Jahari jshukri @ gmail.com so he know whose coming with public transport.

Map Guide


find route N111


or

SMKA Mohd Yatim

Thank you.

Harisfazillah Jamel


Its All About Community


Presentation Materials from Malaysia OSS Community For MOSC2010 Penguin Masuk Kampung


Open Source Software


Popular Posts

Labels

64bit Activity Adempire advocate Akta Apache ASAS Azam backup backuppc Bash Beowulf Big Data Broadband Budget Centos Cinta Cluster CMS cmsfornerd Complain computer Computer Operation Conference Contest Data Centre Operation DBmail Digg Digital Certification Discussion Group Django DNS Domain Duit Online Economy Elasticsearch ELK email email server English Evangelist Events Family Tree Fedora File System Firefox Foss FOSS.my FreeBSD FTX Gluster Gmail Godaddy.com Google Google App GTUG Hacking Hadoop Harisfazillah Jamel horde HP-UX hwclock IBM Indonesia Internet Internet Tools Itanium Jaring Java Javascript Jepun Jiwang Joke Joomla Kesihatan Kibana KOSTEM ldap Linux Linux Counter linuxmalaysia Logstash Love Mailman MailScanner Mailwatch Malay Malaysia MAMPU MDeC meetup Melaka Melayu Merdeka Microsoft Migration mirror sites Money Online MOSC 2010 MOSC2010 mosc2011 MOSC2013 MOSCMY MOSCMY2014 MOSCMY2015 Mozilla MPI MSC Malaysia MSC Malaysia OSCONF MSCOSCONF My Love MyGOSSCON MyMeeting Mypenguin99 mysql Nagios NagiosQL Negaraku nss_ldap ntp OBW2014 Open Office Open Source openldap Openoffice.org OpenStack Opera OS2 OS400 OSCC OSCC MAMPU osdc.my OSS OSS Policy OWASP Parallel Computing People Power Personal PGP PHP Pligg Politik Postfix Postgresql Programming Proxmox Python q1moscmy2015 Questionnaires Research Research tools RPM SASSIAN Sassian 85-89 Sassians 85-89 SCO Security Sekolah Sekolah Alam Shah Shell script Software License Solaris SongketMail SongketMailFilter sourceforge spam spamassassin Spoof Survey SVR4 System Tools Technorati Terjemahan Terminal TMnet Training translation Treasury Malaysia Trend Micro Twitter Ubuntu Unix Virtualization VMS VOIP Wang Web Server Windows Zimbra