Vulnerability and Exploit Reporting

We would like to share any tricks and interest here:

22 April 2010 - Report a hacked subdomain incident to HKBU (www.hkbu.edu.hk)

- Case was reported. (credit to Toykit)

Jan 2010 - Report server vulnerability to LEGCO (legco.gov.hk)

- Case was reported and rectified. (credit to DF)

26 Nov 2009 - Report a C&C server to HKCERT with the help from Taiwan Police

- Under investigation and followed up. Case is reported back to Taiwan Police

20 Nov 2009 - Replicate the Win7 Remote Kernel Crash Exploit (by 0xdf - Super Thanks to Overrides's detailed guidance)

23 Oct 2009 - Malware Analysis Scanner from Taiwan Police Fellows

I have got this free software from my Taiwan Police Fellow "PK" who works on Malware and Rootkit investigation, in fact, it is written by him. Enjoy it and scan your computers :)

http://www.police.org.tw/NPASCAN_1.7.zip

19 Oct 2009 - Discovery of Potential Sensitive Information Exposure Vulnerability in Jusco.

Case is reported. Once it is rectified, we will publicize the problem for lesson learnt purpose. (credit to DF)

Updated: No reply from this Japs corp. Good luck :)

12 Oct 2009 - Discovery of Privacy Exposure Vulnerability in a HKU (The University of Hong Kong) web site.

Case is reported. Once it is rectified, we will publicize the problem for lesson learnt purpose. We will publish the lesson learnt together with the case from CUHK as their vulnerabilities are similar to each other.

Updated: Their IT helpdesk sent me a note to request us to provide the individual information, why don't HKU look at the potential vulnerability instead? I am sorry, HKU, we will disclose it soon :)

(credit to DF, IA and Taku)

05 Oct 2009 - The privacy exposure vulnerability in a CUHK web site was rectified reported by their vendor.

We have obtained appreciation from CUHK and the system development vendor.

The lesson learnt will be published soon for reference only.

(credit to DF and Taku)

01 Oct 2009 - Article about reversing Green Dam was published in PISA Journal #10.

URL: http://www.pisa.org.hk/images/PISA_publication_journal/issue10/pisa_j10.pdf

27 Sep 2009 - Discovery of Privacy Exposure Vulnerability in a CUHK (Chinese University of Hong Kong) web site.

Case is reported. Once it is rectified, we will publicize the problem for lesson learnt purpose.

(credit to DF and Taku)