Netflix is setting back Piracy and Security

copying_is_not_piracy

Malaysian rejoiced last month when Netflix announced that they would be coming to our shores. We were all salivating over the massive amount of content we would finally have access too…except that it wasn’t so massive.

Malaysia would enjoy less than 20% of what was available to Netflix users in the US or even in the UK, and that looked like an especially lousy deal since we were paying the same amount for our subscriptions.

I wasn’t that interested in the news, after all, I had already subscribed to Netflix for more than 2 years, and used a VPN to enjoy US and even UK content. I loved Netflix because it had a lot of interesting content, but what really sealed the deal for me was Pocoyo and Dora the explorer…I’m a father of a 2-year-old, and having a video on demand service that lets me address my toddlers demand was a life-saver.

Netflix was far more effective than youtube for videos for my kid, first of all, the content was pure, and I could be sure that nobody was messing with it or adding commentary, but more importantly, it had no adverts, and when you have a 2-year-old the last thing you want them to watch is adverts. Continue reading Netflix is setting back Piracy and Security

Medium blocked: Collateral Censorship vs. Collateral Freedom

Website Blocked

So the buzz around twitter is that Medium.com has been blocked by Malaysian ISPs. Which isn’t completely unexpected,since Medium is where the ‘infamous’ Sarawakreport uploads its reporting to circumvent the censorship of its own site.

For those out of the know, Medium is a popular website that allows users to post articles, and have those articles commented on by others. It’s like twitter without the character limits, and it’s quite a cool site to just browse through and look for interesting stuff to read. The platform claims to be “community of readers and writers offering unique perspectives on ideas large and small”.

A lot of successful writers and bloggers have taken to Medium to host their content, including Stephen Levy, the author of In the Plex, one of my favorite books on Google. He’s using it (and only it) to start a Tech Hub  for his content, and placing it alongside millions of other articles and post contributed by both professional and amateur writers.

So it made sense that Clare Rewcastle Brown, the women behind SarawakReport, would take her content to Medium. After all, most of her readership is Malaysian, and since Malaysian ISPs ‘censor’ her content, it was wise of her to use a ‘neutral’ un-censored platform to overcome the blockade. It’s a phenomenon called ‘collateral freedom’, and for a while SarawakReport readers, and Malaysian internet users enjoyed the collateral freedom that the internet naturally provides, Medium was free and un-censored, which made Sarawark also free and un-censored as long as it was on the platform. Continue reading Medium blocked: Collateral Censorship vs. Collateral Freedom

Questions we need to ask about spyware

If you believe (as I do), that the government bought spyware, then here are some pertinent questions

Question 1: Do these government agencies actually have investigative powers?

While the police might have the legal authority to investigate someone, does the PMO, MACC or anyone else share that authority. If a government agency has no right to investigate someone, then why is it buying spyware?

The conversation should end here, as I don’t believe the PMO has any authority to use spyware, but the next question actually goes even further and ask if anyone has the legal authority to use it.

Question 2: Is spyware legal?

Installing spyware on a laptop or smartphone is far more intrusive than a regular home search, it’s like having an invisible officer stationed in your house listening in on everything you say and do. It doesn’t just invade the privacy of the victim, but even those that victim communicates with, shares their laptop with or even those that just happen to be nearby.

The MACC act, that governs the powers of the commission, specifically state that a the Public Prosecutor or Commissioner of the MACC can authorize the interception of communications if they ‘consider’ that the specific communication might help in an ongoing investigation. However, spyware from hacking team isn’t really ‘intercepting’ communications, because what is being communicated through the Internet is usually encrypted, Hacking team circumvents this by capturing the data before it is encrypted and then sends that captured data in a separate communication back to its control servers. Strictly speaking, this isn’t interception, its shoulder surfing on steroids.

Hacking Team InterceptionMore worrying, is that the spyware might take screen shots of diary entries and notes that the victim never intended to communicate with anyone, or draft e-mail entries that they later delete are also captured by this spyware.  Obviously this falls into a different category than simple ‘interception’, but I’m not done yet.

Slide2 Continue reading Questions we need to ask about spyware

PMO purchases of Hacking Team software

E-mail from Miliserv to Hacking team stipulating the end-customer as the Prime Ministers Department
E-mail from Miliserv to Hacking team stipulating the end-customer as the Prime Ministers Department

The Prime Ministers Department has denied (twice!) that it has ever procured surveillance software from Hacking Team. Even though hundreds of e-mails in the leaked Hacking Team archive point to it. The latest rebuttal, Datuk Azalina distanced her Ministry from other government agencies, encouraging reporters to seek official statement directly from other agencies accused of procuring the spyware.

In the mean-time though, we’ve now learnt that the MACC has made a ‘semi’ admission that they procured the spyware, and to clear any doubts there’s more proof at the end of this post. But in-spite of this, Datuk Seri Azalina has remained silent.

To be clear, I’m not accusing anyone of anything. I’m merely reproducing what is already in the public domain, in the hopes of us taking this conversation further to address more pertinent points. We are frustratingly stuck on this issue of purchase (or lack thereof) because the Prime Ministers Department denies it bought spyware. I find it quite appalling that the Ministry would issue a simple denial without further clarification when I had furnished many documents, in other words they’ve provided an unsubstantiated denial to my substantiated claim.

So…here’s an e-mail (linked here), showing Miliserv requesting Hacking Team to register the Prime Ministers Department as the End User of the system in the Licensing agreement, and here’s another (below), showing Miliserv preparing to welcome 6 PMO staff to their headquarters in Milan for ‘advanced training’. I have removed the names of the PMO staff (red blocks) as I believe that employees shouldn’t be punished for mistakes their employers commit (but you can search for it online, it comes with passport numbers as well). Why send 6 staff to Milan for training if you didn’t buy the spyware?

Continue reading PMO purchases of Hacking Team software

The Government doesn’t buy spyware–yea right!

The Government has denied buying spyware from hacking team, they really should have checked with me before issuing the statement.

Spying ProgramOn the 23rd of November 2015, Datuk Seri Azalina Othman Said denied that the Malaysian government had procured spyware from hacking team. In a formal response (in Parliament!!), the Minister simply stated “For your information, no such device was purchased by the Prime Minister’s Department”.

For YOUR information, dear Minister, I don’t like being lied to, and oh look there’s a flying pig by the window.Next time ask your PR guys to call me before you go setting your pants on fire.

Ok folks, here’s a step-by-step on why we can trust the hacking team leak, why there’s conclusive proof Malaysia bought this spyware, and why we should be worried about the manner in which it is being used. So let’s go. Continue reading The Government doesn’t buy spyware–yea right!

Anti-TPP Ideologies?

2 weeks ago, Wan Saiful Wan Jan. the chief executive of the Institute for Democracy and Economic Affairs (IDEAS) penned an opinion piece in thestar claiming that there was a prevalence of anti-TPP ideologies in Malaysia.

The Gist of his piece centered on 4 key points:

  1. The Anti-TPP ideologues opposed the bill before knowing what it was, and therefore must be stupid (or bomohs)
  2. Opponents of the TPP oppose trade liberalisation
  3. TPP like any other free trade agreement was negotiated in secret and not exceptional
  4. That the government was doing a bad job communication the TPP to the rakyat

Apart from point 4, all his other points are either red-herrings, or completely wrong.

Let’s go through them one by one: Continue reading Anti-TPP Ideologies?

The price of freedom

The price of freedom is the possibility of crime, and if you’re unwilling to pay that price, don’t be surprised when your freedom is taken away from you.

In a free country, it’s impossible to prevent a mad lunatic from getting a knife and stabbing people on a train, you might prevent some lunatics but you can’t prevent them all. The best you can hope for is that rescue comes fast enough before anything serious occurs.

But sometimes that doesn’t happen. People die at the hands of psychos and ISIS supporters, because freedom is applied to everyone, the law-abiding and the criminals, the peace-lovers and loonies, the innocent and the guilty. That’s the price we pay for being able to go out without fear of government intervention, for having the law protect our privacy and property from the government eaves-dropping, for being innocent till proven guilty. That’s the price of freedom.

If you’re unwilling to pay that, then, don’t expect to live in a free country. A

country where the police have absolute rights to search your house, your smart phone and your physical self without a warrant or due cause will make it difficult for terrorist to operate, it also makes us all vulnerable to government bullying. Nobody in North Korea is afraid of ISIS, because the government has such a strangle hold on privacy that no terrorist organization could mount any operation in such a country.

But do you think the people there would rather be safe–or free?

North Korea is a country that prevents you from watching south korean dramas, and I’m sure there’s very little rape and pillaging going on, primarily because the government is doing most of the crime.

Look at East Germany, do you think a country that has lived under the stasi would rather be safe under stasi like surveillance, or free? You can’t have it both ways, if you want freedom you have to tolerate some crime, that is the price you pay.

And for the most part, everyone prefers freedom. Because freedom is worth the price, even if that price is paid in the blood of innocent people.

Everyone knows I’m a fan of the SR-71 blackbird, it’s the worlds fastest and highest flying plane. But do you know why the Soviets never built anything similar?

The Americans had to build the black-bird because they couldn’t operate spies within the Soviet Union the same way the Russians could operate in the US. They had to necessarily build a plane that could perform reconnaissance of Soviet missile installations. The Soviets never needed such missions, because they had boots on the ground, a presumed weakness in the free-ish society that was America.

But even at that disadvantage, who won the cold war?

Freedom always wins, and we can’t pawn our freedom because some pseudo-state assholes in black leotards pose a threat to us. We can’t just draft freedom encroaching laws just because we feel like it. Freedom has to be defended, even from ourselves, and we need to ensure that we give the freedom we inherited from our parents to our children.

The National Security Council act is pawning our freedom to the terrorist. If our senate passes it, the terrorist would have won.

So you think English is the lingua-franca of Science…

Nanoscience centerI get annoyed when parent associations insist that the Government needs to teach science and maths in English. They argue that because English is the lingua-franca of science, teaching science in English will help students learn more effectively without needing them to translate scientific terms from the vernacular. They add that teaching Science and Maths in English is a great way to improve the standard of English in schools.

It would great if those points were true, but they’re not.

English as the Lingua franca of Science?

Firstly, English isn’t the lingua-franca of Science. True, scientific journals are mainly in English and citations in most scientific literature point to English journals only, but shockingly primary and secondary school children don’t read the latest publications on the higgs-boson.

Instead, what children learn in school is so dated, that their initial publications were probably in Latin or Greek, with older text going back to Arabic, Chinese or even Indian origin. The most recent ‘findings’ your children learn in physics is Quantum Physics, which is roughly a hundred years old. Even then, they aren’t reading Einstein’s original paper on the Photoelectric effect, they’re reading a textbook that sufficiently distils and simplifies it for their consumption.

In fact, a vast majority of what children learn in Form 4 physics is derived from Principia, which is a collection of 3 books by Sir Isaac Newton who wrote them in Latin. The famous rhyme that “Every action has an equal and opposite reaction” may sound nice in English, but doesn’t exist in the original text, simply because it wasn’t written in English. Going further back in history, the algebra you loved in high school derives its name from a notoriously hard to pronounce book titled “kitāb al-mukhtaṣar fī ḥisāb al-ğabr wa’l-muqābala” , the highlighted al-gabr means the reunion of broken parts, and forms the origin of the word Algebra. The book itself was written by al-khwarizmi (who is the most important mathematician you never heard of), and whose name is where we get the word Algorithm from, obviously he didn’t write his works in English.

Of course, I use these ancient examples a bit unfairly, but the fact is that your children are learning ancient science in schools. It’s not irrelevant, it’s that you have to build the foundation of scientific literacy from these ancient roots before you can tackle modern day science of the Higgs-Boson. You can’t fly before you learn how to walk.

The point is, that if these ancient text were translated into English at some point, why can’t we do the same to Bahasa, or Mandarin, or Tamil..or whatever language you want to. Isn’t it easier to translate and contextualize these century old ideas into a language the next generation is comfortable with, rather than hope they suddenly develop a love and understanding of a foreign language like English?

When you say Lingua-franca of science, in the context of what children actually learn in primary and secondary school–it isn’t English. Continue reading So you think English is the lingua-franca of Science…

The PM’s year end cyber-security message

From: [email protected]
Sent: 23 Dec 2015
To: [email protected]
Subject: Cybersecurity Year end message.

*This message is intended for all Malaysian Government servants only, do not forward without prior approval*

Greetings and Salam 1Malaysia.

I want to use this year-end as an opportunity to discuss the important topic of Cybersecurity. This year was interesting for me personally, and for all Malaysians, and we need to be aware of cybersecurity issues in order to avoid situations where some people go bat crazy over a missing pendrive, or we’re struggling to interrogate a sysadmin in Thailand.

But let’s start with a Government Linked Company, Malaysian Airlines (MAS).

In February, MAS had their website hacked by a group calling themselves Lizard Squad, which appeared at the time to be affiliated with ISIS. However, I confirmed with my pal Badghdadi that Lizard squad are in no way related to our good friends at the Caliphate, and we should continue striving to be as brave as them.

Delving deeper into the hack, revealed it to be a domain registrar hijack, and was not a result of inadequate security from MAS. Essentially MAS registered their website with a registrar, and it was that registrar which was hacked, not MAS themselves. Let that be a lesson for us all, sometimes the responsibility of security rest not just with us, but with our IT vendors as well.

Another good example of IT vendors completely messing up is Miliserv. Continue reading The PM’s year end cyber-security message

Keith on BFM

Keith_on_BFM_Tech_Talk3-4 weeks ago, I pimped myself an interview on BFM, and yesterday it finally aired. Woohoo!!

Here’s the audio, and below are some show-notes you might be interested in if you want to learn more. I searched for these links AFTER the show, so they may not be 100% in step, but good place to start.

Show notes:

  1. My post on how to change Unifi WiFi password and a bonus note, here’s how to hack them.
  2. Windows Tech Support Scam , here’s another and here’s how some pros respond
  3. Why Anti-Virus is dead from Brian Krebs
  4. Russian Business Network (I wrongly called them the Russian Business Alliance on the podcast): Wikipedia Link is here, but I suggest buying Spam Nation by Brian Krebs, easily the best book on the subject.
  5. Target hacked through their HVAC supplier, while their supplier was using anti-virus
  6. Kevin Mitnick on social engineering and corporate inoculation.
  7. Cybersecurity professional shortage…trust me, IT is the way to go.
  8. Security frameworks like PCI-DSS, I should have mentioned it.
  9. My favorite password manager: Lastpass
  10. The Fappening (if you don’t know what it is, please click the link NOW)
  11. Ashley Madison password, rights and wrongs.
  12. Why I don’t like bio-metrics
  13. OPM Hack : you need to know this
  14. TheStar reporting on teen winning award from Google (fake report)
  15. Google Malaysia was hacked–and my explanation on why it wasn’t.
  16. My take on our view of hackers and specifically anonymous
  17. Tech Journalism in Malaysia
  18. Ahmed didn’t build his clock and now he’s suing for $15 Million–damn.
  19. Tony Stark asking to boost ISDN by 15%.
  20. Hacker who claimed he could hack a plane avionics from the seat.

I really enjoyed the interview, and felt it came out really well.

Shout out to Jeff Sandhu for the brilliant work, and let me know if you enjoyed the show.

Keith Out!!