Tech Sharing

Tech Sharing


Posts Tagged ‘ security ’

At the Security TRENDs 2017 summit, Trend Micro reiterated the threat ofransomware and how it is adapting to infect today’s highly-connected digital environment.


“To be one step ahead, organizations need to anticipate the shifts in IT infrastructure, embrace changes in user behavior and adapt protection for new and constantly-emerging threats. Whether organizations are deploying workloads in the physical, virtual, cloud or hybrid environments, investments for security capabilities need to be comprehensive. They should also look at more holistic approaches, rather than rely on narrower security protection methods,” said Dhanya Thakkar, Vice President, APAC & MMEA, Trend Micro Inc.


Ransomware still holds access to your machine’s files hostage until users pay a certain amount to obtain a ‘decrypt key’. However, in 2016, Trend Micro warned that the implementations of delivering the malware have increased over the years.


With the implementation of interconnected devices under the Internet of Things (IoT), the likelihood of infection has increased by way of more access points and ever-increasing data volumes. There are myriad ways of infection, which include drive-by downloads, email spams, and web advertisements.


“The number of new families is forecasted to grow 25 percent in 2017, and organizations need to look at mitigation at every point,” said Law Chee Wan, Head-Solution Architect, Trend Micro Malaysia.


Organizations should protect their data with multiple layers of protection that can adapt to different threats. Trend Micro’s XGen security provides a cross-generational threat defense that continuously optimizes your security system to fight off known and unknown malware threats.



The ai Corporation has launched its global transaction-monitoring service, allowing companies to outsource their fraud management functions.


The new outcome-based fraud service model, which combines man and machine learning technology, will allow companies to outsource their fraud management to ai’s team, under a performance-based contract. The company will be fully responsible of implementing a customer’s fraud prevention strategy and will offer clear performance indicators. 


This will also make the ai Corporation fully accountable for any fraud losses and will be compensated in line with successfully stopping fraud. The service is distributed via the cloud and can be implemented without major upfront IT costs.


The company said that the service will be deployed following an initial base cost, after which companies will not be charged more for using the product until it achieves the promised performance.


Founded in 1998, The ai Corporation (ai), which is FCA approved, provides solutions for fraud and risk management. The company has also invested in developing business intelligence from payments data. In 2016 ai purchased a payment gateway and now also offers all its solutions in via managed services.



Google, in its Google Apps Update Blog, announced a new third option to their two-step verification system. The option, which will see a gradual rollout, aims to bolster log-in security with a solution that is surprisingly simple.

Available for both Android and iOS, the new two-step verification gives users an option to verify their log-in activity by either using a Security Key, a verification code sent to their smart device or through a simple prompt.

The pop-up prompt displays a dialogue with your name, profile image, and current location (city), and device you are trying to log-in from. Underneath it is a simple “No, deny sign-in” or “Yes, allow sign-in” to approve the sign-in request.

Google, in their blog post, notes that Android users will need updated version of Google Play Services to use Google prompt while iOS users will need the Google Search app to use Google prompt.

A new password-free system is currently being tested by a small group. The project, which was launched by Google, aims to remove what is often the weakest link of any login system, the password, while providing an alternative secure login method that is less troublesome than the current two-factor authentication.

The system is similar to Account Key launched by Yahoo, and once you boil it down, it actually isn’t all that different from the two-factor authentication. Here is how it works: When you log into your account, rather than entering your password, you select a button that sends a push notification to your phone. You then select the push notification, open the app, which asks you if you are attempting to log in. Once you approve the log-in on your phone, the account opens in your browser.

But what if your device is stolen or if your password has been phished? According to Google, your lock screen or Touch ID should be more than enough to activate your phone (You do lock your phone, don’t you?). As a pre-cautionary measure, Google also advises that you sign into your account from another device and remove account access from the device which you no longer in your possession of.

The server lockdown guide for ColdFusion 10 is now available on the Adobe website. The ColdFusion 10 Server Lockdown Guide will help server administrators secure their ColdFusion 10 installations. You will also find several tips and suggestions intended to improve the security of your ColdFusion server.


ColdFusion 10 Server Lockdown Guide (865)

The latest free WordPress eBook from Code Poet has arrived, Locking Down WordPress. This new eBook from Rachel Baker, Brad Williams, and John Ford, will show you how to secure your WordPress installation and take care of it when things get out of hand.


In Locking Down WordPress, seasoned WordPress pros Rachel Baker, Brad Williams, and John Ford take you through everything you need to know to make sure you have WordPress security under control.
Security should be one of your fore-most concerns with any website, and this eBook is free and available in PDF, EPUB, and Kindle formats, so get it while it’s hot!


Locking down wordpress (567)

Hacking and attacking of web server or computer over the internet is no longer a new story, whoever connect their device to the internet will be potentially being attack. Normally the attack is done by connecting to your computer or let your computer to connect to certain dangerous web site to download the malware. What can we do to help to reduce the potential risk other than install antivirus is by blocking the communication between our devices


PeerBlock is a type of program known as an “IP Blocker”. IP-addresses are used to identify a computer whenever it connects to the internet. PeerBlock will sit between your computer and ourside world and monitor each of the connection that your computer try to make to as well as any connection that try to make with you.


If any of the IP address that try to communicate with/from are listed in the “known bad” list, than PeerBlock will blocked.


PeerBlock come with a list of pre-defind list of IP for P2P web site, Spyware web site, advertising and data tracker servers, and also Educational institutions and universities. Not only the predefined list available for you to use, you may also get IP list from I-BlockList to either allow it or blocked it from accessing your network.
Other than this, you may also create your own list which can specific to either want to block the IP in the list or always allow the IP in the list.


The most important and beautiful part of PeerBlock is it totally free.


PeerBlock home page

PeerBlock (395)


The application home page for PeerBlock


PeerBlock List manager, you can select the predefined list, create a custom list or get the list from


This is where you can create your own defined IP list to either blocked it or allow it


PeerBlock history page which show the blocked and allow IP address, it also provide the function to search for any record in the history list

SplashData, well-know provider of password management applications just list out the “25 Worst Passwords of the Year”. The list was compiled from files containing millions of stolen passwords posted online by hackers. If you are using any of the passwords in the list, change your password immediately!


If any of your current password is listed in the list, it’s highly recomand that you should do something in order to secure your information on the Internet.


In an effort to encourage adoption of stronger passwords, SplashData, a leading provider of password software for more than 10 years, today released its “25 Worst Passwords of the Year” list for 2011. According to SplashData, the most common passwords on the web are:

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football


SplashData suggests making passwords more secure with these tips:

  • Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, “eat cake at 8!” or “car_park_city?”
  • Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services. Use different passwords for each new website or service you sign up for.

Recently running some security checking of one of my web site and found out that getting the alert of deprecated SSLv2.0 protocol still enabled on my server. This is also one of the requirement from Payment Card Industry Data Security Standrad (PCI-DSS) v1.2.

So I spend sometime to Google it and go through some forum + blog, finally found out the solution to turn it off, but microsoft not providing the UI way to do that, have to manually go to registry and edit it by our self. How to check is my server are enable the SSLv2?

There are many way to check the configuration including using the Open SSL (I’m not too familiar with the OpenSSL so i use the alternative way – web). You may go to, enter your web domain or IP address of your server which enabled the port 443 or you may edit the port number if you not using the standard SSL port of 443. After all, just click on SSL-Check.

How to disabled the SSL2.0 in window server 2003?

  1.  Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate the following registry key/folder: HKey_Local_Machine/System/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Protocols/SSL 2.0
  3. Right-click on the SSL 2.0 folder and select New and then click Key. Name the new folder Server.
  4. Inside the Server folder, click the Edit menu, select New, and click DWORD (32-bit) Value.
  5. Enter Enabled as the name and hit Enter.
  6. Ensure that it shows 0x00000000 (0) under the Data column (it should by default). If it doesn’t, right-click and select Modify and enter 0 as the Value data.
  7. Restart the computer.
  8. Verify that no SSL 2.0 ciphers are available at or the Public SSL Server Database

Registry key location which you may need to touch on

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Ciphers/DES 56/56] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Ciphers/NULL] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Ciphers/RC2 40/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Ciphers/RC2 56/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Ciphers/RC4 40/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Ciphers/RC4 56/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Ciphers/RC4 64/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Protocols/PCT 1.0/Server] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Protocols/SSL 2.0/Server] "Enabled"=dword:00000000

D & E Safety Consultant Logo

The bodyguard or close protection officer is a type of security operative agent who protects a person, usually a famous, wealthy or politically important figure from assault, kidnapping, assassination, stalking, loss of confidential information, terrorist attack or other threats around the world 24/7.

D & E Safety consultant ( is one of top bodyguard and consultant in Malaysia who provide the services including Close protection which ensure the security of their client at anywhere and at anytime.

Besides that, armed ascot also the other services that provided by D&E safety consultant where they provide the security on the road when you need to transport important items from one place to another. Their high skilled team will escort your vehicles to the destinations securely as well as ensure the safe transport of valuable goods.

Other than that, D & E Safety Consultant provides armed and unarmed security services for a wide range of commercial clients including office buildings, department stores, retail establishments, hotels, nightclubs, and restaurants.

Event Security at any public or private event that needs well-planned security coverage, D & E safety consultant is your choice that you can believe and trusted in. D & E Safety Consultants’ CPO are well train to handle the safety and security from trade shows, concerts, conferences, festivals to sports and private. D & E Safety Consultant’s CPO will safeguard the smooth running of your event and ensure that your guests and partners can enjoy themselves with total confidence.

Last but not least, D & E safety consultant also provide the arms and practical shooting training to all close protection officer and teach the basic knowledge, skills, and attitude for owning and operating a pistol safely at anytime, anywhere.

For more information about D&E safety consultant, you may have a look on their web site or contact them via following detail:

Address: 9-5, The Boulevard,
Mid Valley City, Lingkaran Syed Putra,
59200 Kuala Lumpur.

Tel: +603-2287 0511 / +603-2287 6511

Fax: +603-2287 9511


Email: [email protected]