Maxis Forum needs an upgrade

Yesterday I Googled something about maxis that took me to a forum.maxis.com.my link. Unfortunately, Firefox wasn’t happy with Maxis, because I got the following screen:

SSL V3 on maxis forum

Firefox is the first of the mainstream browsers to end support of SSLv3, ever since Poodle was published. For those of you who aren’t keeping tabs of security issues–Poodle was a big vulnerability discovered in the 2nd half of 2014, that affected the SSLv3 protocol.

The only fix for Poodle was to completely stop using SSLv3 altogether, not a bad idea, since the protocol itself is nearly 18 years old. In other words, the people born at the same time of the protocol, are already driving cars by now–on the other hand people born at the same time as the very first iphone have only just finished kindergarten, and Apple have long since stopped supporting version one of the iPhone. So would anyone support this grandfather protocol?

Just to drive home the point of how old SSLv3 is–the protocol is 3 years older than Maxis pre-paid offering, Hotlink–which was only launched in 1999.

Fortunately, most modern day browsers already support newer versions of SSL, namely TLS version 1.0, 1.1 and 1.2 (1.3 is still draft)–which means of course most people aren’t fully susceptible to the issue. Even then computer geeks were switching SSLv3 off on their servers just to be sure (there are downgrade attacks, which can force a connection to use SSLv3 even though both server and client can support TLS)

But here’s the kicker–some websites continue to support SSLv3, leaving people vulnerable as long as they’re  using a SSLv3 capable browser–which is the main reason Firefox has disabled SSLv3 in it’s latest installment, and Google will follow very soon on Chrome. So regardless of whether the server support SSLv3, clients using the latest version of Firefox will be secure (at least from Poodle)

Now with the Maxis forum though–things are far worse. Not only does forum.maxis.com.my continue to support SSLv3–it apparently is the ONLY version of https supported by the forum page. In other words, the only security the Maxis forum offers, is based of an 18-year old protocol that’s already been owned. This from a company that apparently put their CTO’s life on the line to promise zero youtube buffering.

I mean, it’s great that Maxis is promising zero youtube buffering and all—but if you can’t even get the security basics on your forum page done right–then I question your ability to secure just about anything.

Fortunately, the Maxis login page to view account information isn’t susceptible to the attack (but most users would re-use their passwords for both the forum and login),so that’s not exactly great news.

Honestly Maxis, you have to do better.

Streamyx forced ads (202.71.99.194)

Streamyx forced ads

A couple of days back, I was at my in-laws doing some browsing on their PC. Now my in-laws have a Windows XP laptop, that isn’t secured, which is fine because as far as I can tell, I’m the only one that uses it. Most of them now go to their phones or tablets for internet access–nobody uses PCs anymore!!

But I noticed something strange. I wasn’t able to access Amazon, which was where I was browsing for some Christmas shopping (but not logging in of course). Somehow every time I typed www.amazon.com on the browser, it would re-direct me to a Lazada advert. Now this looks like a piece of malware—sounds like a piece of malware–but after some investigations, I discovered this WASN’T a piece of malware.

Instead I realized that this was a problem with the streamyx DNS. For some reason all the traffic that should have been routed to Amazon, was being routed to a TM IP address at 202.71.99.194. A quick Google search led me to this lowyat post, and this one,  post from 2013–so this wasn’t new. TM was routing all unresolvable domain names to adverts that looked so much like malware, it’s indistinguishable from a malware infection.

TM was doing exactly what malware authors do!!

I would never have encountered this problem, because I use Open DNS–but this is unacceptable from TM. To deploy something, that behaves and acts like a piece of malware, just so they can force feed you some adverts isn’t just unethical and bad ISP practice–it’s terrible security.

Because when you deploy something that looks and acts like malware–but isn’t. Then people get de-sensitized to malware infections and soon ignore malware infections, thinking it’s legitimate shit done by their ISP.

TM should fix this–and really should stop this nonsense.

It’s now a good a time as any to change your DNS settings so you’re not susceptible to this Malware look-alike.