Last week, MyNic suffered a massive outage taking out any website that had a .my domain, including local banks like maybank2u.com.my and even government websites hosted on .gov.my. Here’s a great report on what happened from IANIX. I’m no DNSSEC expert, but here’s my laymen reading of what happened: .my uses DNSSEC Up to 11-Jun,.my used a DNSKEY with key tag:25992 For some...
The Malaysian Ministry of Education Data Breach
Ok, I’ve been pretty involved in the latest data breach, so here’s my side of the story. At around 11pm last Friday, I got a query from Zurairi at The Malay Mail, asking for a second opinion on a strange email the newsdesk received from an ‘anonymous source’. The email was regular vulnerability disclosure, but one that was full of details, attached with an enormous amount...
3 times GovTLS helped fixed government websites
Couple months back I started GovTLSAudit. A simple service that would scan .gov.my domains, and report on their implementation of TLS. But the service seems to have benefits above and beyond that, specifically around having a list of a government sites that we can use to cross-check against other intel sources like Shodan (which we already do daily) and VirusTotal. So here’s 3 times...
Look ma, Open Redirect on Astro
If you’ve come here from a link on twitter — you’d see that the address bar still says login.astro.com.my, but the site is rendering this page from my blog. If not, click this link to see what I mean. You’ll get something like this: Somehow I’ve managed to serve content from my site on an astro domain. Rest assured, I haven’t ‘hacked’ astro servers...
The Astro Data Breach
I previously wrote about how data breaches are like diamonds: They’re not as rare as you think They’re worth far more to you than to a thief They last forever And the recent debacle over the Astro data breach epitomizes all of these characteristics. First off, Lowyat has already reported 3 big data breaches (at least by my count), and rest assured these won’t be the last. Data...