2018 in review
I started the year building out govScan.info, a site that audits
.gov.my websites for TLS implementation. Overall I curated a list of ~5000 Malaysian government domains through various OSINT and enumeration techniques and now use that list to scan them daily. The project stalled around Jun/July, and it’s basically on auto-pilot till I figure out what to do. The scans still happen daily, and the API still returns useful data, but I’ve moved on, and might even shut it down mid next year. The project was my first attempt at some serious Python coding, which combined with the serverless framework really helped me improve.
In early Jan, I went on BFM to talk about sayakenahack, the only interview I ever gave on the topic, it was fun to be on air again, but unfortunately it was a phone interview, hence the Audio wasn’t great. I also recommend listening to a similar themed podcast by the super-dude-lawyer Foong Cheng Leong here.
By April, a newly acquainted friend, managed to secure a meeting between us and the PDPA commissioner. Yes, I met the folks who ordered sayakenahack to be blocked. In fact, I met them again later in November which was at their requests. I ended 2017 thinking sayakenahack was a mistake, but meeting the wonderful folks in the PDPA, and having those important discussions with them, proved otherwise. Things always work out for the best possible outcome.
In May, I had a tweet blow up to the point where I was appearing on data-analysis articles as some sort of influencer (gasp!). I’ve deleted that tweet and explained why, it’s important to periodically delete your old tweets and facebook posts — things that are in vogue now are going to be unacceptable later on, and people are allowed and expected to change.
In June, I was ‘somewhat’ involved in the reporting of the SAPS NKRA data breach. My nieces and nephews still think I’m an awesome uncle for shutting down a website built solely for exam results — but truthfully I was just helping reporters understand the issue. I reached out to the person who actually did it, and we had some great discussions — I can’t reveal much, but if these young hackers represent the future of our country, we’re in good hands.
In July, I presented at my first TedX talk (not to be confused with Ted Talk). This was run by the students of UCSI, and I only wished these things existed when I was university. I spoke about Data breaches and how it would impact them, judging by the number of questions most had for me, I’d say they enjoyed it. They’re still University grades, so pardon the audio quality of the video.
In August, I presented sayakenahack at Hack in the Box, presenting at a bona-fide security conference was truly the highlight of my year, and one I thoroughly enjoyed. Honestly, I shopped that talk to many other conferences and they rejected it, so thanks to Dhillon (@l33tdawg) from HITB for accepting it. In the end, I think HITB was the best conference to present it at anyway, it was a community driven conference, and not some vendor pimp-fest, so all things worked out for the best (again!).
September and October were quite months for me, but I did learn how to cook the most amazing Steak (Gordon Ramsay style) — turns out it’s not that hard, the secret ingredient is butter and salt, which I’m guessing go well with red-meat on the Healthy diet scale. Truthfully though, I’ve begun to enjoy cooking, and looking forward to more of it in 2019.
In November we traveled to Taiwan, and amazing country that I never thought I’d enjoy much. The middle part of the country is just breath-takingly beautiful, and Taipei while still a normal city has some wonderful historical sites like the Chiang Kai-Shek memorial. Plus, Taipei 101 is the only tall skyscraper in the world that lets you view the tuned mass damper of that gigantic superstructure — that’s a geeky thing to see if you’re interested.
Also in November, I went to Parliament for the first time in my life. It’s ironic that this important building we see in all our textbooks has been visited by so few Malaysians. I was there speaking at the Bersih Round Table event (yes, Bersih event **in** parliament), and spoke on the same panel with the President of the Kofi Annan Foundation and the Head of the election commission in the UK. In what universe am I qualified to be on the same panel with these guys? Thanks Gayathry for making it possible for me to speak there. I’ll upload the material I presented with sometime in the future.
Oh, and Head of the Election Commission in the UK, Sir John Holmes, was a also key member in negotiating the Good Friday agreement, and here he is taking a selfie — with me!!
Early December, I took part in my first Hackathon, building a tool that I miserably named Gloda (short for Global Lambdas) — I didn’t win anything at the hackathon, but I used a lot of the code from Gloda to build out Potassium-40, my latest crazy invention.
Potassium-40 is my latest project, and one I hope to build on in 2019. It’s a application level web-scanner that uses lambda functions to scan the internet. If you didn’t understand any of that, it’s fine, I just enjoyed building it.
The year was awesome, but all ups have downs. I recently shut down sayakenahack — there was no point keeping it up, I also had many other failures I can’t talk about publicly — but I’ve learnt to roll with the punches.
After all, I still believe things always turn out to the best possible outcome.