Profile

Cover photo
Muhd Hafiz Ahmad
91 followers|71,265 views
AboutPostsPhotosVideos+1's

Stream

Muhd Hafiz Ahmad

Photos with Xperia  - 
 
Taken early morning today... 
10
Add a comment...

Muhd Hafiz Ahmad

Shared publicly  - 
 
If any of you seeking for this type of honey, you may order it through me or whatsapp directly to the owner(my friend), "kelulut honey" is a better grade, the color a bit darker than common honey. I'll update more info later
1
Add a comment...

Muhd Hafiz Ahmad

Photos with Xperia  - 
 
Sorry but this is not taken by any xperia device but it is from a Symbian phone from Sony which is Satio, can't remember how old this picture already but still a lovely scene taken from under a tree while resting from a long distance ride...I still got more nice pic taken with Satio
22
sevenelly's profile photoNigel Burch's profile photo
2 comments
 
I had a Sony Ericsson Vivaz which took great pics but the Symbian OS was rubbish. 
Add a comment...

Muhd Hafiz Ahmad

Shared publicly  - 
 
Gws to both rider
 
Speedy recovery for both rider...
JUNE 7, 2015   PRESS STATEMENT FROM FIM ASIA ROAD RACING CHAMPIONSHIP       This press statement is to report on the two racing incidents that occurr...
1
Add a comment...

Muhd Hafiz Ahmad

Shared publicly  - 
 
The best burger in town, located at Jalan Sultanah Bahiyyah, Alor Setar, Kedah, Malaysia

#burger #foods #bestburger #kedah #malaysia
 ·  Translate
2
Add a comment...
Have them in circles
91 people
Joshua Bernal's profile photo
Mazlan Ishak's profile photo
Nazirah Ahmad's profile photo
Abu Saifur's profile photo
hisham afandi abd ghani's profile photo
Zhi Hao Zhuang's profile photo
Seth Ahmad's profile photo
afnan muhd's profile photo
Seniman Jalanan Kampung's profile photo

Communities

14 communities

Muhd Hafiz Ahmad

Shared publicly  - 
1
Add a comment...

Muhd Hafiz Ahmad

Shared publicly  - 
 
It's kinda funny, this little girl crying so bad angry to +Valentino Rossi VR|46​ for taking "shortcut" when battling +Marc Márquez​, the father n mother asking their girl :

Father: now who win?
Girl: +Marc Márquez​...sob sob sob (crying)
Mother: who is cheating?
Girl: +Valentino Rossi VR|46​...huhu huhu(crying louder)
Mother: tell me who is the winner
Girl: +Marc Márquez​ ...huhu huhu sob sob(still crying), dadyyyy...(calling her dad)
Father: why did +Marc Márquez​ win?
Girl: because.... Cause he playing without cheating... Sob sob(crying)
Mother: +Valentino Rossi VR|46​?
Girl: +Valentino Rossi VR|46​ is cheating! +Valentino Rossi VR|46​ is cheating!
Father: how did he cheat?
Girl: he follow different route... Huhuhu(crying)
Mother: how?
Girl: he cross the sand...sob sob huhu huhu (getting louder)
Girl: +Valentino Rossi VR|46​ is cheating! +Valentino Rossi VR|46​ is cheating!
..
..
..
..

And so on, the little girl mad at Rossi for trying to cheat Marquez according to her... I couldn't stop laughing watching this...

* If I were Rossi or Marquez, I'll definitely bring the little girl to MotoGP as an appreciation to her

#Valentinorossi #MarcMarquez #MotoGP




1
1
Zulkhanain Osman's profile photoTeik Boon Teh's profile photoBee Zee's profile photo
2 comments
 
Hahaha
Add a comment...

Muhd Hafiz Ahmad

Shared publicly  - 
 
To all humanity on this earth, lend me some of your precious time and watch this video to the end.

#purpose #talkislam #purposeoflife #ramadhan #muslim #humanity

* to all Muslims in the world, happy fasting n a blessed Ramadhan upon you
* to a new brother of Muslim #Tyrese #TyreseGibson +Tyrese Gibson​, may Allah guide you to heaven, I love you too brother 
1
Add a comment...

Muhd Hafiz Ahmad

Shared publicly  - 
 
Get well soon Zamri, keep the fighting spirit till you wake-up

Syafakallah...
1
Add a comment...

Muhd Hafiz Ahmad

Shared publicly  - 
 
Speedy recovery for both rider...
JUNE 7, 2015   PRESS STATEMENT FROM FIM ASIA ROAD RACING CHAMPIONSHIP       This press statement is to report on the two racing incidents that occurr...
1
1
Muhd Hafiz Ahmad's profile photo
Add a comment...
 
Found some interesting article somewhere on the Net regarding SharePoint weakness...

~~~~~~~~~~~~~~~~~~~~~~~

Hacktics Research Group Security Advisory
http://www.hacktics.com/#view=Resources%7CAdvisory

By Irene Abezgauz, Hacktics.
22-Feb-2010

===========
I. Overview
===========
During a penetration test performed by Hacktics' experts, a persistent
cross-site scripting vulnerability was identified in the SharePoint document
handling module. This vulnerability allows attackers to gain control over
valid user accounts, perform operations on their behalf, redirect them to
malicious sites, steal their credentials, and more. 

A friendly formatted version of this advisory, including a video
demonstrating step-by-step execution of the exploit, is available in: 
   http://www.hacktics.com/content/advisories/AdvMS20100222.html

===============
II. The Finding
===============
The document module of the SharePoint server allows attackers to inject
malicious scripts into dynamically generated web content through file
uploading. These scripts will be executed in the browser of any user viewing
the infected content (persistent cross site scripting).

Further research and correspondence with Microsoft Security Response Center
has identified that a partial mention of this vulnerability appears in
CVE-2008-5026. However, as this is only partial, there is no bugtraq record
for this vulnerability and there is no fix (making it still valid on most
SharePoint deployments), we have decided to release this to the list. 

============
III. Details
============
The Documents module is vulnerable to persistent cross site scripting: 
   https://<mySharePointServer>/<id>/_layouts/Upload.aspx

An attacker can inject malicious scripts into a file and upload it. When any
user will access the uploaded file, it will be displayed directly on their
browser (rather than having the file downloaded to the computer), and the
malicious script will be executed in the context of the vulnerable
SharePoint site. 

This vulnerability can obviously be exploited with HTML files (as mentioned
in CVE-2008-5026), but can also be exploited with any other file type parsed
as HTML by the browser. In our testing we were able to reproduce this with
uploads of TXT files as well.

===========
IV. Exploit
===========
An attacker can embed a malicious script (for example -
<script>alert("XSS")</script> in a document uploaded to the SharePoint site.
When any other user (an administrative user or a regular user who views
documents in the system) opens the file - the malicious script will be
executed on their browser. 

==================
V. Vendor Response
==================
We have contacted the Microsoft Security Response Team on 13-Dec-2009.
Microsoft response to the point was that this is a known issue, and is
considered a low impact vulnerability by Microsoft for the following
reasons:

1. Authentication and the ability to write to the SharePoint site are
required to exploit this scenario.
2. Significant workarounds exist that allow SharePoint server configurations
to be isolated from cross domain exploitation.
3. SharePoint administrators can restrict the uploading of files to
SharePoint servers.

Hacktics' research team has reviewed this response and has certain
reservations with this response. Having users authenticate and upload
documents is the inherent functionality of SharePoint. Many organizations
have implemented complex environments on top of this functionality, with
need for strict authorization separation which is easily circumvented using
this exploit.

Moreover, although the proposed workaround does indeed reduce the risk of
this vulnerability, it requires a rather complex configuration to setup and
maintain, especially with internet-facing environments. Such a solution may
not be easily adopted by most SharePoint administrators. 

Finally, restriction of uploading files may indeed provide a solution, but
may very well not be acceptable by the system's users.

It is important to note that despite this response, Microsoft has fixed this
problem entirely in SharePoint 2010. 

=======================
VI. Solution/Workaround
=======================
There is currently no fix to the problem and Microsoft has no plan of
releasing one for SharePoint 2007. Once SharePoint 2010 is officially
released this could be resolved by upgrading to SharePoint 2010.

Nonetheless, in case this poses a security risk, a suggested workaround is
proposed by Microsoft, to build the SharePoint site with separate host name
for each collection, as described in:
   http://technet.microsoft.com/en-us/library/cc262778.aspx#section6

As already mentioned, this may involve complex configuration and
maintenance, and does not provide a full solution to the risk. It is
therefore recommended that uploading of HTML files, as well as any text type
files will be disabled in the SharePoint configuration. 

=====================
VII. Affected Systems
=====================
Microsoft Office SharePoint Server 2007.

============
VIII. Credit
============
The vulnerability was discovered by Irene Abezgauz, Hacktics Ltd.


---
Ofer Maor
CTO, Hacktics
Chairman, OWASP Israel

Web: www.hacktics.com



_____________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
1
Add a comment...

Muhd Hafiz Ahmad

Shared publicly  - 
 
Who would like to give a shot first?
 
For developers accepting the challenge:
Schedule. Entrance. Register on location, find your seat, connect to the test-server (plan enough time for this purpose). 14:00–18:00 (local time) Contest. The exciting part in which you fight through the levels. after 18:00. Award ceremony and buffet; Prizes are awarded, we provide snacks+beer.
2
Add a comment...
People
Have them in circles
91 people
Joshua Bernal's profile photo
Mazlan Ishak's profile photo
Nazirah Ahmad's profile photo
Abu Saifur's profile photo
hisham afandi abd ghani's profile photo
Zhi Hao Zhuang's profile photo
Seth Ahmad's profile photo
afnan muhd's profile photo
Seniman Jalanan Kampung's profile photo
Communities
14 communities
Basic Information
Looking for
Friends, A relationship, Networking
Story
Tagline
Should I tell the whole world who I am?
Work
Occupation
Sharepoint, .Net Programmer & System Administrator
Links
Contributor to
Muhd Hafiz Ahmad's +1's are the things they like, agree with, or want to recommend.
How to Share Content on Whatsapp using jQuery
w3lessons.info

My readers keep on asking me that How to share information directly from the web page into WhatsApp? So I thought to write a simple tutorial

:-:-: Bersabarlah dengan sesuatu yg kamu benci...-:-:: Benteng Pertahana...
abimuhaimin.blogspot.com

キャサリン妃のメイク(オフの日) - どこへ行くときにも同じメイクのかたもいらっしゃるようですが、せっかく女性に生まれたのであれば、TPOに合わせてメイクの仕方も変えて、いろいろと楽しみたいとは思いませんか。 洋服にあわせて、色を変えてみるだけでも、感じが違 […] 9 bula

Riyadh us Saliheen - Melayu
market.android.com

بسم الله الرحمن الرحيمAlhamdulillah we are please to release Riyad us Saliheen in Malay Translation Free for our Malay readers. The book was

Generate SQL Server Connection String - developer Fusion
www.developerfusion.com

Use our free online tool to generate your SQL Server connection string - and never have to remember the correct parameter name again.

Angry Birds Epic
market.android.com

NOTE: ART (the KitKat experimental runtime feature) is not currently supported by Angry Birds Epic! We hope to include ART support in future

Qotak
market.android.com

******************************************************************************************* This is ALPHA VERSION. Please give it a try and

Google engineer: We need more Web programming languages
www.pcworld.com

The creator behind Google Dart showed developers at QCon some other nascent Web development languages

Dual Boot Windows 7 dan OS X Snow Leopard Menggunakan Chameleon ~ Songkar13
songkar13.blogspot.com

Menggunakan Chameleon sebagai bootloader Anda, Anda dapat boot jumlah tak terbatas sistem operasi pada PC Anda. Ini sederhana untuk mengguna

Whatsapp Plus for Android Free Download (Latest Version)
www.crazytechsolutions.org

Blogging, Wordpress, SEO Tips, Make Money Online &amp; more...

Britain needs 'national debate' about banning Muslim girls from wearing ...
www.telegraph.co.uk

Britain should consider banning Muslim girls and young women from wearing veils in schools and public places, a Home Office minister has sai

Navy has confirmed plane crashed into sea, says Vietnam media
my.news.yahoo.com

Malaysia Airlines said it has lost contact with a plane carrying 227 passengers and 12 crew on its way from Kuala Lumpur to Beijing.

The Deep Web, Browsing without a trace and Calyphrox Webproxy | Xenode S...
blog.xenodesystems.com

Disclaimer: The information shared here may contain sensitive data or material that may be considered unsuitable for readers of a given coun

Benelli BN 600 GT 2014 Live Eicma 2013
www.motoblog.it

Benelli anticipa il Salone EICMA di Milano e presenta la nuova BN 600 GT 2014. Scopri dettagli e caratteristiche.

andrdcndy: Samsung Galaxy S (i9000) ROM List
alchemistar.blogspot.com

*Please proceed at your own risk* 1010. ROM: andrdcndy recommends CyanogenMod. ' (01/13/2014) Unofficial CyanogenMod 11 nightly (4.4.2). ' (

Find files with JavaScript
www.codeproject.com

Find files or directory in client or server site with JavaScript; Author: AFShin Dehghani; Updated: 26 Mar 2002; Section: Client side script

How I hacked 4 Unifi accounts in under 5 minutes
www.keithrozario.com

So I was wondering if I should publish this, but I guess I have to. If you’re one of the 500,000 Unifi subscribers in Malaysia, you need to

How to change your Unifi password
www.keithrozario.com

Now It’s quite clear from a previous post I did how about easy it was to hack a Unifi Dlink DIR-615 Wi-Fi router, that the least you should

Counter Strike Edisi Gerak Khas Malaysia
csgerakkhas.blogspot.com

COUNTER STRIKE EDISI GERAK KHAS MALAYSIA Internet Server :- XXX.XXX.XXX.XXX