Mar 29, 2010

Honda Freed Coming to Malaysia

Honda Freed MPV



This MPV was coming to Malaysia the moment Honda announced that it would be building it in Honda Prospect Motor Indonesia. And Honda has just announced that the Freed is 100% coming to Malaysia, set for a launch in Q2 this year to be exact. It will come in as a CBU import from Indonesia.

“Since its official launch in Japan in 2008, Freed has been well received in the Asia region including Indonesia and Thailand. It later garnered great anticipation in Malaysia in 2009. Therefore, we are excited to inform all that Honda Malaysia will be bringing in the Freed onto Malaysian shores in the second quarter of this year,” said Mr. Toru Takahashi, the Managing Director and Chief Executive Officer of Honda Malaysia.

The Honda Freed is the latest and probably the longest wheelbase addition to the Global Small Platform which underpins cars such as the Honda Jazz. There are various seating configurations – a 5-seater 2-3 config as well as triple row configs such as 2-3-3, 2-2-3 with individual 2nd row seats, and 2-2-2 with individual seats for everyone. We’ll have to wait until the launch to find out what kind of seat configuration we’ll get.

The Freed is a B-segment MPV positioned below the Honda Stream but it has some unique features that most of its B-segment competitors do not have, such as automatic sliding doors on BOTH sides. The Freed also has a walkthrough cabin, which means the floor is flat from the front to the rea

Honda Freed MPV


Honda Freed MPV


Honda Freed MPV




Honda Freed MPV


Honda Freed MPV


Honda Freed MPV


Honda Freed MPV


Honda Freed MPV


Honda Freed MPV


Honda Freed MPV


Honda Freed MPV


Honda Freed MPV


Honda Freed MPV


Honda Freed MPV



Honda Freed MPV








Mar 20, 2010

Rahsia Waktu Solat

Rahsia waktu solat

rahsia waktu solat

Banyak cabaran nak pastikan amalan solat kita dalam keadaan 'tip-top', antaranya solat di awal waktu. Disertakan fakta sains sebagai motivasi untuk kita lebih bersungguh mematuhi waktu yang disusun oleh Allah Yang Maha Mengetahui apa yang baik buat hambaNya.

Setiap peralihan waktu solat sebenarnya menunjukkan perubahan tenaga alam ini yang boleh diukur dan dicerap melalui perubahan warna alam. Rasanya fenomena perubahan warna alam adalah sesuatu yang tidak asing bagi
mereka yang terlibat dalam bidang fotografi.


Sebagai contoh, pada waktu subuh alam berada dalam spektrum warna biru muda yang bersamaan dengan frekuensi tiroid yang mempengaruhi sistem metabolisma tubuh. Jadi warna biru muda atau waktu Subuh mempunyai rahsia berkaitan dengan penawar/rezeki dan komunikasi.

Mereka yang kerap tertinggal waktu Subuhnya ataupun terlewat secara berulang-ulang kali, lama kelamaan akan menghadapi masalah komunikasi dan rezeki. Ini kerana
tenaga alam iaitu biru muda tidak dapat diserap oleh tiroid yang mesti berlaku dalam keadaan roh dan jasad bercantum (keserentakan ruang dan masa) - dalam erti kata lain jaga daripada tidur. Disini juga dapat kita cungkil akan rahsia diperintahkan solat diawal waktu. Bermulanya saja azan subuh, tenaga alam pada waktu itu berada pada tahap optimum. Tenaga inilah yang akan diserap oleh tubuh melalui konsep resonan pada waktu rukuk dan sujud. Jadi mereka yang terlewat subuhnya sebenarnya sudah
mendapat tenaga yang tidak optimum lagi..



Warna alam seterusnya berubah ke warna hijau (isyraq & dhuha) dan kemudian warna kuning menandakan masuknya waktu Zuhur. Spektrum warna pada waktu ini bersamaan dengan frekuensi perut dan hati yang berkaitan dengan sistem penghadaman. Warna kuning ini mempunyai rahsia yang berkaitan dengan keceriaan. Jadi mereka yang selalu ketinggalan atau terlewat Zuhurnya berulang-ulang kali dalam hidupnya akan menghadapi masalah di perut dan hilang sifat cerianya. Orang yang tengah sakit perut ceria tak ?


Kemudian warna alam akan berubah kepada warna oren, iaitu masuknya waktu Asar di mana spektrum warna pada waktu ini bersamaan dengan frekuensi prostat, uterus, ovari dan testis yang merangkumi sistem reproduktif. Rahsia warna oren ialah kreativiti. Orang yang kerap tertinggal Asar akan hilang daya kreativitinya dan lebih malang lagi kalau di waktu Asar ni jasad dan roh seseorang ini terpisah (tidur la tu ...). Dan jangan lupa, tenaga pada waktu Asar ni amat diperlukan oleh organ-organ reproduktif kita.


Menjelang waktu Maghrib, alam berubah ke warna merah dan di waktu ini kita kerap dinasihatkan oleh orang-orang tua agar tidak berada di luar rumah. Ini kerana spektrum warna pada waktu ini menghampiri frekuensi jin dan iblis (infra-red) dan ini bermakna jin dan iblis pada waktu ini
amat bertenaga kerana mereka resonan dengan alam. Mereka yang sedang dalam perjalanan juga seelok-eloknya berhenti dahulu pada waktu ini (solat Maghrib dulu la ...) kerana banyak interferens (pembelauan) berlaku pada waktu ini yang boleh mengelirukan mata kita. Rahsia waktu Maghrib atau warna merah ialah keyakinan, pada frekuensi otot, saraf dan tulang.


Apabila masuk waktu Isyak, alam berubah ke warna Indigo dan seterusnya memasuki fasa Kegelapan. Waktu Isyak ini menyimpan rahsia ketenteraman dan kedamaian di mana frekuensinya bersamaan dengan sistem kawalan otak. Mereka yang kerap ketinggalan Isyaknya akan selalu berada dalam kegelisahan.

Alam sekarang berada dalam Kegelapan dan sebetulnya, inilah waktu tidur dalam Islam. Tidur pada waktu ini dipanggil tidur delta dimana keseluruhan sistem tubuh berada dalam kerehatan. Selepas tengah malam, alam mula bersinar kembali dengan warna putih, merah jambu dan seterusnya ungu di mana ianya bersamaan dengan frekuensi kelenjar pineal, pituitari, talamus dan hipotalamus. Tubuh sepatutnya bangkit kembali pada waktu ini dan dalam Islam waktu ini dipanggil Qiamullail.

rahsia waktu solat

Begitulah secara ringkas perkaitan waktu solat dengan warna alam. Manusia kini sememangnya telah sedar akan kepentingan tenaga alam ini dan inilah faktor adanya bermacam-macam kaedah meditasi yang dicipta seperti taichi, qi-gong dan sebagainya. Semuanya dicipta untuk menyerap tenaga-tenaga alam ke sistem tubuh.

Kita sebagai umat Islam sepatutnya bersyukur kerana telah dikurniakan syariat solat oleh Allah s.w..t tanpa perlu kita memikirkan bagaimana hendak menyerap tenaga alam ini.. Hakikat ini seharusnya menginsafkan kita bahawa Allah s.w.t mewajibkan solat ke atas hambanya atas sifat pengasih dan penyayang-Nya sebagai pencipta kerana Dia tahu hamba-Nya ini amat-amat memerlukannya. Adalah
amat malang sekali bagi kumpulan manusia yang amat cuai dalam menjaga solatnya tapi amat berdisiplin dalam menghadiri kelas taichinya....

Allah is The Great!! Allah is The All-Knowing!! We are so blessed to be muslim and to be allowed to see Ramadhan again this year....

"Then which of the favours of your Lord will ye deny?"
"Maka ni'mat Tuhan kamu yang manakah yang kamu dustakan?"




Mar 17, 2010

Cross Site Scripting | XSS

The use of cookies in dynamic web applications has often found, among others to save the unique association of user accounts. Some websites like yahoo, hotmail and netscape can be used as an example the use of these. In addition to these sites, some electronic commerce sites also use cookies to place a unique identity for the purposes of user authentication and authorization - on sites that use the scenario log on, usually used two token authentication, ie username and password , the token is then stored in cookies to facilitate the identification of the number of users, also for purposes of session to the site.

Perhaps the use of techniques Cross Site Scripting (XSS), is a technique that is widely used for the purposes of getting this cookie. Once the cookie is established, the attacker will be able to load the value of the stolen cookies, then directs the browser to the application site that use cookies, and access to victim accounts, without having to spend time to break the password and encryption on a combination of username and password. There are some other techniques such as "cache poisoning control techniques", utilizing weaknesses in the client browser and the social engineering to trick users into installing Trojan horses, these techniques only less popular than XSS.

Cross Site Scripting (XSS) is relatively easy to learn, because it only requires knowledge of HTML programming language such as javascript and vbscript, and supported with a creative mind and the knowledge of the browser. XSS attacks also take advantage of weakness in the share of trust between the site owners and users, therefore, quite difficult to know whether a site has been attacked XSS or not.

Introduction to XSS Vulnerability


XSS or cross-site scripting, is a type of attack intended to other users. This attack will not provide root access in the system or web server, this attack was just trying to get information related to web applications that are used. This web application can be web-based email application, an online forum or e-shopping sites.


XSS simple example, imagine a guest book where people can discuss their response to a site, when he saw the guest book, we can see what the previous user commented about the site, and these sites sometimes allow the use of HTML tags, then why do not we write a comment using the letter 'comic sans' and red, so that everyone can see that our comments. Because HTML is a scripting language and browser programs we are interpreters for it. So with a little creativity, a comment on this guest book, we insert a secret program Scrip, other users would not notice.

With the presence of technology that allows a web site more interactive and dynamic, XSS is also experiencing growth. By using java script, XSS attacks can not erase the contents of the data on the client hard drive, but it can access the url that is being accessed by client, see the history of the client web access or view the existing cookie. Little things that will bring a big impact.

Anatomy of XSS attacks


A cross-site scripting attacks carried out by providing specific addresses that are packed by the attacker to his victim. In the context of XSS, an attacker invited the victim to execute a given URL address and allow victims to follow the link to run the previous script in action on the client computer to obtain the desired information.

Well, now we actually observe how a XSS attack walk, there are three things that relate and can be arranged as an XSS attack that anatomical findings, attack, and exploitation.



Anatomical Findings
The imperfections of web-base application especially during requesting input from user and the data validation flaws in particular input form will lead the initial stage of XSS attacks.
This could allow an attacker to insert additional HTML code where they can control the execution on the page under the permit granted by the site itself. A simple example of pages that can be used for cross-site scripting as below:


Once these pages can be accessible, these variables sent through GET method directly to the intended page. Where the input is not marked as an input variable, the user can insert a few characters that are interpreted as a meta command characters, quite similar to SQL injection.

By inserting HTML meta character allows undesirable outputs: Where the input is not validated before the output is sent to the browser client. The above provides the user to control the HTML to paste the script into the page.

Some point at which there is usually XSS on the confirmation page (such as a search engine which provides the output from the user input in the search aktvitas) and an error page (error page) that helps the user to fill out the form to correct errors.


The Attack
Once entries prone identified HTTP method - which relies on the HTTP protocol facilities, then the activity can be done either attack with GET method, POST and other methods.

Insertion with the GET method is the easiest way but also frequently encountered. Because the user will see quite a lot of redirection (redirection) or any other address that the call appeared in tabulation address (address bar). The method is seen in the URL and are usually recorded in the HTTP server. Examples of attacks with this method can be seen as follows:

XSS-Example



Because the nature of XSS, an attacker can not directly use the vulnerability to their own benefit. Victims must see the code that is inserted in order to be executed. And so the victims to see the code, and executing, information about the victim can be known by the attacker.

Attacks compared with the GET method, POST method a little more complicated, which sent the POST variables are independent of the request URL, which takes the page to force the victim's transition to execute POST requests that contain XSS code.

Recently the method has XSS attacks using TRACE method, these attacks take advantage of activeX, where information about the user is sent through the TRACE request through the browser client, this information can also be converted into xml, so the client and the web site does not realize it. This method is able to pass security HTTP.

Exploitation
After the attack, an attacker can exploit the web site of the target. Plowing is usually done with the victim's session and do act like the victim to access the target web site. Losses that arise can harm the website itself, nor the victims. After this exploit, session XSS attacks can be said to have been perfect.


Conclusion
Cross Site Scripting is often ignored in the development of a web site, along with the use of dynamic web applications. Vulnerabilities that arise even threaten the relationship of users and website owners. XSS attack methods used also evolve with the development of web application protocol, the language used is also growing. Therefore there is no guarantee XSS attack did not occur.

There are a few suggestions that effective safeguards, suggestions include:
  1. The web developer should do the test for each page built, re-checking is also done for each input from the user, to avoid gaps XSS attacks.

  2. The dynamic web application user, should be careful in using web applications for encryption and firewalls is no guarantee that these web applications safe.




Mar 3, 2010

New domain




Hi, I manage to buy zuraidin.com domain name recently after waiting about one year, I dont know who reserved for such domain name, some one offer me last year with USD49 to reserved it for me. But with the godaddy.com coupon, just bought it for about $1.17 for one year. Zuraidin.com is redirect to this blog. Since zuraidin.blogspot.com with a google PR2 and so n so alexa ranking, I keep the free domain alive. Good for SEO though , "search engine optimization".

Oso, zuraidin.co.cc is available for free at www.co.cc, this one is under construction.

Coz, lately busy, I dont have an ample time to update blog, most of the time I just put my notes here. Legally or illegally paste here actually. Heheheh...

Travel alots nowdays, web advertising campaign make me busy, new project for online income (the never ending project), still target a 5 figure gross earning per month, it is very-very-very hard to achieve.



Related Posts with Thumbnails