Monthly archives of “September 2015

comment 0

How corporations lie to the technologically challenged

wpid-wp-1442992521638 (1)Two weeks ago, Lowyat.net published a ‘challenge’ to their readers, one that would supposedly pay a cool RM100,000 to the winner.All you had to do was decrypt an AES-256 encoded blob of code (more accurately referred to as ciphertext).

As expected, no one won.

Because breaking that ‘military-grade’ encryption is beyond the capability of most normal human beings, and certainly not worth a paltry RM100,000 that was being offered. It’s the equivalent of offering 50 cents for someone to build a rocket capable of going to the moon. In fact, Rm100,000 is exactly the cash prize celcom offered for it’s cupcake challenge, because baking cup-cakes and breaking ‘military-grade’ encryption are the same thing.

Once the challenge has expired, Celcom conveniently launched their new zipit chat application, which surprisingly used AES-256 encryption as well, and more importantly they released some statistics of a ‘hackerthon’ they conducted in which 18 Million people viewed the challenge, and 17,000 registered to participate but none succeeded.

OK, so while there was no official announcement from Celcom to tie the original lowyat challenge to their new zipit app, it was quite plain for all to see.

So let’s go into why this upsets me.

comment 0

Using the internet anonymously

Spying ProgramWhile anonymity on the internet is slowly dying, there remain legitimate reasons for wanting to keep your online identity a secret from those meddling kids, governments or snooping criminals. From e-mailing leaked documents to commenting on blogs using pseudonyms or even just casual online chatting, utilizing the internet without leaving digital bread-crumbs behind you is a task that is getting more difficult over time, particularly when the big bad wolf that’s chasing you down is a rich and powerful government agency.

But to secure yourself online, you first need to understand whose attacking you, and what techniques they’re using. Adjusting your defense to suit your attacker is not just common sense, it is the only practical way to achieve a semblance of security and anonymity online without losing your mind and going into tin-foil hat wearing paranoia.

For example, if your adversary is the NSA, there’s nothing much you can do. This is a Federal agency so well resourced, they’re building a data-center in Utah that’s bigger than 5 Ikeas.Add to all this, the fact that it hires the cream of the crop from the Ivy-league maths programs, and you have brains and brawn that are orders of magnitude higher than the average person. If the NSA wants to target you, it’s game over. The only reason you’re not targeted by the NSA is that you didn’t factor high enough on the wanted list to merit their attention and taxpayer dollars.

But how about the Malaysian Government? How sophisticated are they and is it Game-over if the Malaysian government were targeting you?

Fortunately, our Governmen isn’t building a Utah data-center, or a Great Firewall and they’re no where close to the NSA, but they’re still a well-resourced organization that has the technical capability and financial muscle to do some serious harm against an ordinary citizen. And in order to secure yourself against them, you’d need to understand their techniques and tools.

Malaysian Government Surveillance 101

Childrens PrivacyFirstly, the government controls the ISP and Telcos, and hence the Government controls the network. The prevention of terrorism act (POTA) permits a Police Officer to waltz into any ISP or Telco and compel them to grant him your communication details without the need for any kind of judicial warrant, it also allows for the Police to place a digital wiretap on your communications (again without a warrant), but also without ever having to reveal the status of that wiretap to any court of law even if they convict of something. So anytime you’re using a Malaysian internet connection, you have to assume that the connection is compromised.

Thankfully, whenever I go into a starbucks, or use the WiFi at KLIA, I already assume the network is compromised–and there’s many ways to secure yourselves over a hostile network.

Secondly, the government has a record of purchasing surveillance spyware (twice!),  These are specialized software designed to infiltrate your laptop or smartphone, and start sending all your communication data direct from source. Again, one has to assume there is no judicial oversight over the use of these things.

If your end-device is compromised, and the Government has already installed spyware on your phone, laptop, tablet or even smart TV, there’s nothing you can do on the network end to secure things. So it’s wise to start securing the device before you think about the network, and that’s where we’ll begin.

But there’s a last and final attack-vector that a government can employ. Simply breaking into your home, and taking your laptop and smartphone away from you. Which means that you don’t just need to secure your device and network when you’re using it, but also when you’re NOT using it. In computer-geek circles we call this securing your data at rest, which protects your data while it’s just idling somewhere, and it turns out that’s not entirely easy to do either.

comments 11

Change WiFi password on Maxis home fiber router

Got Maxis Fiber to your home, but want to change your WiFi passwords, then here’s how you do it.

Image-1-Maxis-LogonFirst you need to logon to your router. You can do so by opening your Web-Browser and type http://192.168.1.254 (where you’d normally type google.com), or just click here.

You should either see a picture like the above, then you’d need to enter the username and password, or if you haven’t setup a router password, then you’d see this:

comment 0

A dumb-pipe and Net Neutrality

The pipe that brings water into your home is a pretty un-sexy thing, just like the electrical cables that deliver electricity. Your internet connection though, has gotten sexier and sexier–from being used to deliver paid content like hyppTV and Astro to other more interesting services, resulting in a triple play (internet, tv and phone) of services, all piped into your home on a fibre optic cable no thicker than a strand of your hair.

But should you internet connection be sexy or should it be a dumb-pipe? The telcos of course want to deliver more services and hence fatten the bottom-line, but the problem I have is that in their zeal to do this, they’ve violated the principles of net neutrality, and I fear that we’re going down a rabbit-hole of ‘favored’ content, that sooner or later we’re not going to be able to reverse this trend.

A quick example is Maxis, it’s the only player out that can stream Astro content over the Fibre cable. That gives Maxis an un-fair advantage over TM.