10 Things you need to know about kangkung censorship

Internet users in Malaysia were reporting issues trying to access a specific page on the BBC UK website that was a hilarious post making fun of our ‘beloved’ Prime Ministers Kangkung remarks. Apparently the issue became so bad, that users took to social media –only to find that they were not alone. In fact, so many Malaysians were complaining that they couldn’t access the post, that the official twitter handle of the BBC News tweeted to its followers asking them if they had issues.

Now, I for one, experienced no such disruption–but then again I use a VPN, and quite frankly, so should you!

However, there are a couple of things you need to know about internet censorship, and this debacle in particular.

Continue reading

What kind of Porn do Malaysians watch

Let’s be honest–Malaysians watch a lot of Porn.

On the outside, we may espouse our ‘Asian’ values and culture, but the cold-hard data suggest we’re as horny as the Japanese. In one of my past post, I showed how we have evidence of someone using the Government internet connection to download porn.

Today however, PornMD the self-proclaimed “biggest porn search engine” released statistics as to what Malaysians were searching on their site. The results aren’t that surprising, although I was quick shocked to see Tudung on there–apparently some people find it kinky.

Check out more on PornMD here, or head on over to this report from Quartz that explains how a lot of South-East Asians love Japanese Porn. While you may consider Malaysians vile for searching for terms like Tudung and Rape on a porn search engine–consider though that at least we’re not Pakistan, whose users searched for a far more disgusting “Girls peeing on Bed”–WTF!


Correction: A previous version of this post stated that the most downloaded torrent in Malaysia was a piece of Hentai, however a reader named Darkon commented that although the downloaded file was named Hentai Ouji, it was merely regular Japanese Anime, which wasn’t categorized as porn. Good one Darkon!

Much ado over a tweet

ETP Roadmap former prime minister tweetIn case you’ve missed it. The official twitter handle of the ETP, @etp_roadmap, recently made a serious blunder. In a tweet sent out at 1.00pm on the 6th of January, they tweetedFormer Prime Minister Najib Razak: Energy and Food Subsidies are no longer sustainable”. Now the blunder of course was the word ‘Former’ and it was only a full one hour later (or an eternity in twitter time) was the tweet deleted and an apology issued.

Obviously everyone jumped on the matter and soon people were making fun over what was a silly but common mistake. What I find particularly disturbing is the manner in which Pemandu is getting flak for this. Surely this is something to joke about, share with your friends and have a laugh, but to attack someone over a typo is ridiculous.

The pro-government bloggers are the ones leading the charge, using this as a platform to launch their claims that Pemandu is Anti-Najib and Anti-Government, that Pemandu comprises of over-paid consultants that aren’t worth the chairs they occupy in Putrajaya, and I’m OK with that. Any government agency that utilizes public funds is open and fair game to constant scrutiny, it’s how we make them accountable.

But to take out all their frustrations on a single tweet–and then to call for the resignation (or firing) of the person in charge of the twitter handle is just wrong–particularly since this was an obvious mistake, and an apology was issued–if you want to continue attacking Pemandu go ahead, but don’t attack the individual running the handle, that person was just doing their job, and in every job–people make mistakes.

We’ve seen a lot of these personal attacks, and I’m fine when people personally attack politicians. It comes to the territory when you’re a politician, but when you’re just a ‘cari makan’ guy or gal working for a government agency, being villified and attacked by high profile bloggers can take it’s toll on you. Just a few months ago, the entire pro-BN blogosphere had set their phasers to kill and trained them onto a single girl from Pemandu, posting up her private photos from facebook on their blogs, making accusations that she was a drunkard, and vilifying here because she had a foreign boyfriend. I mean–to attack someone personally, and use the vast attention their blogs get to do it–is just bullying.

It’s a bunch of bloggers who have some serious traffic–using that influence as a platform to attack a single individual that is just a employee of a government agency is just lame. If they took pot-shots at policies implemented by Pemandu, or questioned the salaries the Pemandu folks get, that’ll be fine, but to invade the privacy of one individual you don’t agree with, and then publicly (VERY publicly) launch what I can only describe as a concerted attack–on one single girl….c’mon la, have some fucking courtesy.

People need to standup for these guys, I’m by no means a fan of the government, but you need to make the distinction between THE government and government servants, the latter are just people like everyone else trying to do their jobs and get on with life, attacking and bullying them will get you nothing yet causes them severe distress.

How to prevent your Unifi account from being hacked

OK….I made a boo boo!

Actually my method of ‘hacking’ the Unifi modems has a ridiculously simple work-around. Unfortunately, when I published the findings I was absolutely convinced the workaround didn’t work–I was wrong 🙁

Details about how I was mis-lead are unimportant for now (although I will explain it later on), for now I think the simplest way to address and to make yourself more secure (though not 100% secure) is to disable remote management of the router. Don’t worry here’s a step-by-step guide on how to do it. Continue reading

How I hacked 4 Unifi accounts in under 5 minutes

So I was wondering if I should publish this, but I guess I have to. If you’re one of the 500,000 Unifi subscribers in Malaysia, you need to know that your stock router–is completely hackable. TM has left you literally hanging by your coat-tails with a router that can be hacked as easily as pasting a link. So I was struggling to figure out if I really should have made this post, but in the end I think it’s better for you (and everyone else) to know just how easy it is to Hack Unifi accounts–not so you can hack them, but so that you can take some precautions over the situation.

But first, some caveats–everything I’m showing here is already public knowledge, the only difference is that I’ve culled and aggregated knowledge from different streams to show you just how easy an attacker can circumvent your password protection on your Unifi Dlink DIR-615 router, which is the stock router that comes with Unifi. It’s better for you to know about it than to remain oblivious to possibility that anyone from anywhere in the world, sitting in their room with their pyjamas on, can log onto to your router and start doing some rather nasty stuff.

Second caveat, is that as a result of this, some ‘kiddy-hackers’ may see this post and now be empowered with the means to attack, that’s a risk I’m willing to take to allow for everyone to know about it, so that they can do something about it. Keeping everyone in the dark about vulnerabilities of their routers is not a good thing. Security works better when everyone has access to the same information, this is how security works, and if you don’t agree–well tough luck.

With that said, here’s how you use Shodan, and a well known exploit to hack Unifi. The final exploit which doesn’t require any knowledge of the passwords starts at 4:08

Update 22-Jun: My Apologies: YouTube have removed my video because someone reported it as being inappropriate. I am appealing..I’m not sure what about the video was inappropriate, and I have made no attempt to mis-lead anyone. Stay tuned. I’ve updated the video with a Vimeo upload instead.

Video Rejected by Youtube

Hacking Unifi Dlink routers using Shodan from Keith Rozario on Vimeo.

Details of the hack:

1. To access the password page the appendage is /model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd

2. To search for Dlink Routers on Shodan the query is Mathopd/1.5p6 country:MY

I’ve alerted TM to this much earlier, in August 2013 actually, and they promised they’d fix it by the end of the year. To be honest though, I don’t blame them, your router security is your responsibility and not TMs, so I think that TM isn’t doing anything wrong by not doing anything. A user should be responsible for the security of the router, just like how you are responsible for the security of your phone–even if you did get it free from Maxis or Digi. So anyhow, in the absence of any clear action from TM, I’ve taken it upon myself to inform you of the router vulnerability, and here’s hoping you do something to fix it.

As always–stay secure.

To address the issue check out my post on how to prevent this on your Unifi router, click on my post here.

Continue reading