Monday, December 11, 2006

I know idiot is helpless

I'm pretty dissapointed about SecurePenang. First of all - the speaker from Itrain is just another CEH instructor that been trained to be a Certified Hacker who seriously doesn't know much about the ethic of being Security Professional.

The first event of the day is Wardriving, the funny thing about the speaker is that he told us the best card for Wardriving is Orinoco - that's definitely not true as it depends on the tools and drivers that written for the networking hardware. By the way the WarDriving is pretty boring with whatever stumbler.

Coming to the Presentations that done by Symantec and Microsoft, which don't do any better, everyone feel sleepy and we all know it is boring when comes to vendors talk. Then Niser gaves the Presentation regarding Malaysia Security Outlook, this is by far the best presentation in the day, I don't want to comment anything about it but just one, building threat statistic based on incident reporting of companies is totally inaccurate, I think most of companies prefer things under the umbrella instead of sun. Please deploy sensors at ISP layer instead. I don't think DDOS cases equal to none in a quarter of the year.

The last hacking demo - this is the big woo. The so called certified hacker setup his own web server and I think he added the host mapping to the hosts file - maybank2u.com.my to his own web server with public IP. Then he uses nmap scanning to get all the opened port, then telling everyone that Maybank web server has so many ports opened including port 135 abd 139, therefore he used the script kiddies tool to launch dcom exploits and successfully getting into the server. He even shows how he able to retrieve file and so forth using tftp as well as defacing the website.

I definitely agree that there's no harm to perform live hacking demo, it should creates awareness among the audience to awake how easy your operating system can be compromised. However you should have told the audience that you are actually hacking into the demo server instead of Maybank web server, the certified hacker didn't explain and telling the audience he is hacking into demo server but Maybank Web Server. Almost 90%(can tell as most of audience are non-technical) of them believe that it is real Maybank web server. He is misguiding all the audience by showing how l33t he is, he even stated that there's no firewall or ids and they won't know what he has done(dumbass). Everyone says "WOW" and clapping hands like nobody.

Then when comes to the end of the demo, while people asking him question personally such as is he able to get into Maybank databases? Then he told that Maybank has Multilayer Network Structure and by hacking the Web Server you will have to dig out where the Database Server is located.

At the end, he still want people to believe that he(l33t) is actually hacking into Maybank Server. Remember your audience is public, you shouldn't deliver faulty information, what a breach!

Mike <- You are not qualified as ethical hacker. You just an idiot without brainer! I read from the site the Live Hacking Demo should be done by Scan Associate people and I'm wondering whether he is from Scan. The coolest statements of him - you have greater reputation if you have more bots. I bet he doesn't know the hacker communities enough. The second interesting statement is "I have never been infected by computer viruses" even I have used Windows for so long, and my antivirus program is disabled by default!" - Wow, he is definitely gosu alike.

My words to MIRC - The SecurePenang event sucks, you shouldn't have brought anyone like this to present or deliver.

P/S: I should kick Mike in the nutsack!!!!!!!! :P

18 comments:

Kris Khaira said...

That's lame. I'm glad I didn't go. You should forward this to the ICT-related Malaysia media.

Anonymous said...

i m not sure who is the guy who did the live hack demo. but he is definitely not from scan. scan rejected the participation since early Nov. the guy claimed to be from scan? that's funny.

geek00L said...

He didn't claim that he is from Scan but in the MIRC web site it states that the demo will be done by Scan Associate, that's why I'm surprised and I don't think he is from Scan and would like to know if anyone know him. I guess he is from Itrain

Kris, if you know any ICT-related medias, I don't mind forwarding to them. Thanks.

adli said...

what's his full name ah? got pic?

- adli lah

Anonymous said...

Who's that??? Can i see his picture????

geek00L said...

Since there are so many requests, you can find his pictures at News and Events link in the url below -

http://www.itrain.com.my/

Apparently he is itrain director

Anonymous said...

Geek00l,
Mike from ITrain? Is this the guy? http://www.itrain.com.my/TechEd2006.htm

check first picture titled "Our lucky draw winner receiving his prize from Mike-iTrain."

more pic of "Mike":
http://www.itrain.com.my/images/photos/teched06-8.jpg
http://www.itrain.com.my/mircipoh.htm
http://www.itrain.com.my/kltechnite1.htm (black jacket and green shirt - "Mike of iTrain explaining the purpose of Technite.")
http://www.itrain.com.my/mircmalaka.htm ("Live hacking demo with CA")

geek00l, please confirm.

Anonymous said...

Apparently, I didn't aware of geek00l latest posting. Thanks for the verification.

aphesz said...

how bout we invite that mike guy over to 07's SecConf and see how he handles the crowd ;D

ayoi said...

I've been bombarded by queries and sms by my colleagues. Apparently they've read your blog :D That ub3r 31337 h4ck3r is definitely not from scan. That's for sure.
It's a pity that someone who claimed to be from security industry misled the audience on his presentation. Nasib baik there's nobody ask him whether he has the authorization from maybank to do the live demo using their "server (ok i know he's bluffing)" Claiming that his action is undetectable and very stealthy, he obviously unaware of lokard principles.
What a lame and pity.

Akram said...

hahaha, stupid mike! what a shame! stupidity among us! duh!

eazam said...

heheh. should i quit from it related industry? finally IT GOD revealed himself :))

toxicle said...

Disinformation ... that's bad. Someone arrest him pls!

chfl4gs_ said...

hehe. I won't attend any of local live hacking demo / security seminar long long time ago. Almost 100% of them are marketing orientated and 90% are hype/fake hacking.

chfl4gs_ said...

hehe. I won't attend any of local live hacking demo / security seminar. Almost 100% of them are marketing orientated and 90% are hype/fake hacking.

Abdul Aziz said...

GeeKool could you email me at my gmail need to know more about the mike guy. upmt101@gmail.com

Anonymous said...

Agree with you...

Maybank.com.my is too easy to hack.
so why don't do REAL HACKING.

not DEMO :P


In The Sky
inthesky990@yahoo.com

Chan said...

lol.. what a stupid idiot... maybe we can try hack itrain website... lol...thx for the information by the way.