What happened in the MAS hack. All questions answered, one question asked.

Real-Life DDOS attack

Late in January the Malaysian Airlines website was ‘supposedly’ hacked by Lizard Squad. You  might remember Lizard Squad as the guys who ‘hacked’ the XBox and Play Station network over the Christmas holidays, and I’m using a lot of ‘quotes’ here because Lizard Squad didn’t really ‘hack’ XBox One or Playstation, they merely DDOS-ed the services.

What is DDOS-ed I hear you say?

A DDOS attack is one where you flood a server with so much web traffic, that the server is no longer able to serve content to legitimate customers. Imagine if you got 100 friends, and decided to create some havoc at the McDonalds near your home. You and your friends would line-up at the counter, and you’d place an order for 100 Big Macs, 25 Cokes and 1 Apple Pie… only to cancel your order after the cashier typed in it. The next friend in the que would do the same thing–over and over again. Even though there would be legitimate customers at this McDonalds trying to buy some food, chances are they’d either have to wait a very long time to get their food, or they’d give up entirely.

Essentially you’ve denied McDonalds their chance to serve their customers–or you’ve just launched a Denial of Service (DOS) attack–the extra D in DDOS, just stands for distributed.

Real-Life DDOS happen all the time–what do you think the Thai Protestors were doing to Airports in 2008?

But why is this important?

It isn’t. DOS attacks are pretty common–but Lizard Squad attacked the Play Station Network,and XBOX with ulterior motives. Even though they claimed to do it in the name of ‘security awareness’, they only stopped their DDOS attack because Kim Dotcom offered them USD300k worth of services on his Mega website. Kim Dotcom is another controversial character, but to cover him in this article would be too large a digression–so if you want to know more about him, just Google it.

The REAL motive of the Lizard Squad DOS attack became apparent some days later when they started to offer their DDOS attack as a service to paying customers. Essentially you could go online and buy their services to attack a target–maybe a competitor company, a personal blog of someone you don’t like, or just about anything. Lizard Squad were hawking their services to anyone with cash.

Some suspected that Lizard Squad were running this large DDOS attack using nothing more than home routers–similar to the ones that UniFi provides and that I demonstrated could be hacked trivially over an internet connection.

Continue reading

Watch SuperBowl in Malaysia

Got this email from the people over at Unotelly:

I want to inform you that UnoTelly will allow people stream the NFL Super Bowl for free on Sunday, February 1, regardless of where they live or whether they are UnoTelly subscribers.
We are offering free access to media stations (NBC Sports, Channel 4 and more) that will be broadcasting the Super Bowl for free. Visitors will not be required to sign up for a subscription, but simply need to submit their e-mail address. Please feel free to visit our Super Bowl page for more information:https://www2.unotelly.com/superbowl
 I trust UnoTelly—so if you’re an American stuck in Malaysia, this is a free way to watch the SuperBowl–otherwise move along, there’s nothing to see here.

How to determine your Unifi router MAC ID

 Step 1: Logon to your router

D-Link dir-615 Router Logon

To logon to your router, fire up your web-browser (Chrome, Firefox, Safari–even Internet Explorer will do).  In the address bar where you usually type www.google.com type http://192.168.0.1 (sometimes it’s http://192.168.1.1 ) or just click the link. Once there enter the username and password of the router. If you’re uncertain try any one of the following combinations:

Username: Management
Password: TestingR2

Username : operator
Password : h566UniFi

Username : operator
Password : telekom

Username : operator
Password : <your Unifi username in reverse order>

Otherwise refer to this post on how to find your router password. Click here, and look for option 3.

 Step 2: Click on the status button

Status-button

Hit the status button on the top right hand of the page (refer to the picture above). It’ll take you to the status page which should display your MAC ID in the clear.

Step 3: Get the MAC ID

Your MAC ID for both the LAN and WAN should be presented in the clear on this page. Here you can cross-reference to check your MAC. Your MAC ID is something your router broadcast together with the SSID–although you (as a human) won’t see it,  other computers and wi-fi enabled devices will see it. It’s essential for communications between network devies.

MAC-ID-Dlink-router

 

Step 4: Fix the hack so it doesn’t happen again

If you’ve come to this page from the unifihack one, then here’s the link to how you can fix your router so that you’re less exposed to this vulnerability. Performing the steps in the link not only make you more secure, they help with the overall security of UniFi subscribers in general, so it’s a good idea to give it go.

Can Malaysia be Land of the Free and Home of the Brave

As we come to terms with the terrible events that occurred at the offices of Charlie Hebdo, I think we need to be cognizant of  what these attacks really mean, and how our response to these events (even in far away Malaysia) has severe repercussions on our future.

As a Blogger and Techie, I’m 100% for absolute ‘no holds-barred’ Freedom of expression.. I’ve written so much on the subject it begins to bore people, but we have so little freedom of expression in this country, we must fight to preserve what we have, and rise up to pursue even more.

The pursuit of freedoms of which we do not enjoy is necessary, thanks to laws like the Sedition Act of 1948. An act so grossly out-dated it’s embarrassing that we still have it on the books. People forget that Malaya was at war in 1948, and when the act came into effect, we had already begun one of the darkest period of our history–the Malayan Emergency. This was a time when planes were dropping bombs in the jungles and rubber tappers had to be escorted with arm guards, the laws needed at a time like aren’t the laws you need now.

Because unlike World War 2, the emergency was part of a larger ideological war–one where Ideas were dangerous. So we put laws that limited the dissemination of ideas which was wrong, but then we kept them even after the last elements of the communist insurgency had left–which was definitely wrong. Soon we used these laws clampdown on everything from questioning Malay rights to criticizing education policies (education policies that were later reversed by the way!). 

How can using a law, enacted during a dark period of war be considered relevant for peace time? These things really should come with expiry dates.

And lest you think this only impacts Malaysia–every country at War will go to extremes in the law.For example, the US enacted their own sedition act in 1918, just before they were setting off to take part in the ‘Great War’–only for the act to be repealed in 1920. This in a country where the first thing they amended in their constitution was to explicitly guarantee Freedom of Speech–the lesson to take away is that whenever people’s security is threatened, they’d give up their freedoms. The Patriotic act would have never seen the light of day weren’t it not for September 11th.

But let us find solace in the last verse of the Star Spangled Banner which reads “Land of the Free and Home of the Brave”–and just like Roti Canai and Dhall, you can’t have one without the other. You can’t live in the Land of the Free, unless you are Home to the Brave, because cowards give up their freedoms at the first sight of danger. To keep your freedom you have to fight to protect them, and never give them up. Because if these laws are anything to go by, once we enact laws to curb freedoms, we seldom repeal them.

Which brings us to the point, protecting freedom requires courage. It requires us to say we don’t want to trade security for freedom, we’d rather live insecure than un-free. And that takes courage, but also common sense. Because if you don’t like that, there’s a place where you can get all the meals you want, a roof for the head and be totally secure…it’s called prison.To get total security, you need to give up ALL your freedom.

And that’s what the terrorist REALLY want you to do, because the real point of terrorism isn’t to kill people, It’s to terrorize them.

To get people to change their way of life, and force upon them a sense of fear so crippling that they will never live free again. If we are to defeat the terrorist, we must not just condemn these acts, but condemn the  weak and cowardly among us who would give in to this terrorizing and suggest that we ‘beef up our laws’ and ‘grant more powers to the government’–these are not words of strength, these are code words for giving up freedom and they come only from the lips of the meek. These are the defeatist who would allow the terrorist to win.

We must protect freedom wherever they exist–we already have so little. So when I see people being charged for selling IS merchandise, and politicians claiming we need laws to curb freedom of speech to avoid another Charlie Hebdo, I think to myself where are the brave in Malaysia? Why do the spine-less invertebrates get so much publicity, why isn’t anyone defending our right to freedom of speech (even if it offends, and especially if it offends), why isn’t anyone defending the rights of someone to sell merchandise of an organization? If you’re going to charge someone for selling merchandise of organizations that you don’t agree with–I suggest you start with those that sell swastikas and the book shop that sells Mein Kempf,better yet don’t charge them at all. Because who are you to make such assumptions of what agreeable and what isn’t–what is dangerous and what isn’t?

Isn’t this still a free country? And selling a t-shirt is hardly a crime in a free country is it?

If we are really such cowards as to be afraid of t-shirts…I fear we can never be land of the free, but that’s completely our fault.