All posts filed under “Malaysia

Malaysian Technology Issue from a Malaysian Tech Blog

comments 2

Relax dear-citizen your contactless card is relatively safe—ish

As Malaysia slowly (but surely) migrates to Chip and Pin, some banks have taken the opportunity to issue not just new Pin-enabled cards, but contactless-enabled ones as well.

To be clear, Banks are only mandated to issue new Pin cards (replacing the signature cards you had before), but are taking the opportunity to also embed contactless capabilities into them as well. After all they’re already issuing new cards to every (single!) card holder, might as well get them on the contactless bandwagon while they’re at it.

The reason for being so gung-ho about contactless is purely economical. Research suggest that the easier payment methods become, the more money people are willing to spend. People with credit cards spend more than people with just cash, and 0% interest schemes have been a godsend to retailers. Contactless payments, which don’t involve cumbersome Pins or signatures, are clearly the next evolutionary step, with one research paper suggesting they increase customer spending by nearly 10%.

Banks make money from small percentages per transactions, the more transactions at higher amounts, the more money they stand to make. So if an extra dollar worth of electronics in a contactless card increases revenue by 10%–why not?!

Pins are for security, Contactless is for convenience

But while PINs are a security feature, contactless is all about convenience. And conveniences trade-off security, so it stands to reason that contactless cards are less secure than regular ‘contact’ ones.

The question is whether that trade-off is worth the increase in convenience. After all, nothing is absolutely secure, and in today’s criminally infested internet, keeping your money under the mattress is safer than keeping it in a bank–but nobody does it because the mattress would be too inconvenient.

So what convenience are you getting with a contactless cards?

For one thing, no more waiting for a receipt printout to sign on, or bending down to an inconveniently placed pinpad to type in your PIN. Plus, for someone with gigantic fingers like me, I jump on the opportunity to avoid having to fidget with pinpads that must have been designed for dwarf children after they’ve been struck by the ray gun from Honey I shrunk the kids.

But that’s about it–the only convenience contactless cards provide is that you can do contactless payments–up to a specified amount.

The question now is what security trade offs are you making for this remarkable feature?

comment 0

Two years on, teaching coding in schools declared a success

teach-codingKLANG: Two years on, the the pilot initiative to teach coding and digital security as an SPM subject has been touted as a resounding success, and the government is mulling a move to make it compulsory by 2020.

The announcement shocked parents, as out of 10,000 students who took part in the pilot program, only 10 had scored an A while the rest had failed with a grade of F.

Education Minister, Dato’ Seri Java, said that this reflects the current IT market, where out of 10,000 security consultants, only 10 will ever give you good advice.

“We benchmarked against the industry, and set the grading curve accordingly, so only a 10 students getting an A was the intention!! We can’t have cases where students just memorize a textbook and then score an A, this is not History or Geography, this is an important subject” he said, while further mocking drama and English literature under his breath.

Deputy Director of Education, Perl Ramachandran further added that instead of focusing on the 9,990 students who failed, the public should instead focus on the ‘A’ students who showed exemplary work and are were ‘bright spots’ in the dark abyss which is the Malaysian education system.

One such exemplary student was 17-year old lass Siti Pintu bt. Belakang, she had managed to install a backdoor into the MOE exam system and downloaded the question paper days before the exam. A backdoor is an application that allows an attacker unfettered access to the compromised system, and Siti managed to code one from scratch specifically for this purpose.

Already Russian cyber-criminal organizations are offering her scholarships to prestigious universities, Perl further added.

Then there Godam a/l Rajakumar, who instead of stealing exam papers, simply hacked into the MOE grading system and gave himself a ‘A’.

comment 0

The Internet is slow because of illegal downloads

Let’s start with the quote that set off the rage in my heart—

“You can see today that our Internet is slow. Not because it itself is slow but because a lot of people are using it,” he said

The government agency chief blamed this on illegal downloads hogging Internet bandwidth here, adding that this does not happen in countries like Germany due to stricter enforcement.

“In Germany, the Internet is fast because if you download illegally, you will be charged by the authorities.

“You can’t download illegal movies, songs and pictures there, you need to pay but we here, anything also we download illegally right up to the pictures of our grandfathers.

“That is why the Internet highway is slow but we blame the government. The government has created proper Internet highways but we don’t know how to use it. Millions have been spent on this by the government,” he explained.

So apparently, Datuk Ibrahim Saad, the  National Civics Bureau (BTN) chief  thinks that the internet is slow in Malaysia (it’s not that slow), because illegal downloads are hogging up the pipelines.

Let’s start with his first sentence, an substitute the word ‘internet’ with the name of any Malaysian highway you choose, personally I like to use the LDP:

You can see today that our LDP is slow. Not because it itself is slow but because a lot of people are using it

Hmmm, I guess in his infinite wisdom that makes sense to the BTN chief, but to me that just sounds like the highway wasn’t built properly.

Let’s go to the 2nd statement:

In Germany, the Internet is fast because if you download illegally, you will be charged by the authorities.

“You can’t download illegal movies, songs and pictures there, you need to pay but we here, anything also we download illegally right up to the pictures of our grandfathers.

“That is why the Internet highway is slow but we blame the government

Now we come to the crux of the issue. If Malaysians weren’t illegally downloading, they’d have faster internet.

Here’s 4 reasons why he’s wrong.

comment 0

This is how Pedophiles get caught

SexOffenderThis will easily be the most controversial blog post I ever wrote, so consider yourself warned.

It’s controversial, because it touches on multiple taboos in our society, sex, child abuse and security theater. You see, there’s been a growing call for a national sex offender registry, especially in the wake of news that a British Pedophile had sexually abused up to 200 children in Malaysia.

The news is especially shocking for Malaysians, who are still coming to grips with the fact that a foreign ‘mat salleh’ abused our children, in our country, right under our fucking noses, and we’re only now learning about it….years after the abuse had taken place and even then, the details are sketchy.

As I said,many have renewed the call for a Sex Offender registry. The idea being, that if we start registering sex offenders, we could more easily monitor them, and be able cut-off  their ability to further abuse children. It’s a great idea, but it wouldn’t have saved these 200 children, simply because Richard Huckle wasn’t convicted of any sexual abuse, he wouldn’t have been on the registry even if had one.

Then we have calls for better screening procedures of people who work with children. Another great idea, but again wouldn’t have stopped Richard Huckle. Maybe a extremely thorough and in-depth screening  process that interviewed his parents, grandparents and fourth grade history teacher would have uncovered something about his psychology that may have triggered some alarms–but that level of screening is both unrealistic and a gross invasion of privacy.

Finally we have calls for better sex-education in schools, which I’m 100% in favor off. Proper sex education may have prompted one of Huckle’s victims to speak out and report the issue, which may prompted his arrest at a much earlier time–but ultimately these were impoverished children who were not given access to proper education anyway, so sex education in public schools probably wouldn’t have helped them.

But are we forgetting something obvious?

comment 0

When bad advice comes from good people

What happens when a government agency tasked with providing cybersecurity “guidance” and “expertise” gives you advice like “avoid uploading pictures of yourself to avoid the threat of black magic”?

And then goes into damage-control claiming that it “was just a casual remark and did not represent the federal agency’s official position on the matter”,  only to follow-up with more ridiculous advice like “passwords should be changed constantly to prevent identity theft and hacking”.

Sometimes I sigh so often my wife gets worried—or annoyed, maybe both 🙂

First-off you know my view on black magic, and for an agency under MOSTI to make such an anti-science remark is just appalling. Secondly, from a security point of view, changing passwords regularly doesn’t help, and they cause more harm than good by encouraging users to use easy to remember passwords that they transform after every iteration. Think superman123, then superman456…etc.

In fact, research from Microsoft suggest changing your passwords regularly isn’t worth the effort, and the best one can do is use a password manager that would allow you to have passwords that are both unique and hard to remember across all online services you use.

The fact, that the head of cybersecurity Malaysia is giving advice that most people in the security community consider obsolete doesn’t exactly calms your nerves.

comments 2

Forcing journalist to reveal sources will be bad–for the government!

Our spanking new, hand-picked Attorney-General is proposing life imprisonment for journalist who refuse to reveal their sources.

And surprisingly, my favorite Member of Parliament,Dato Azalina Othman, has supported the move, saying it was ‘high-time’ Malaysian did something. Fortunately, some calmer more rationale heads, like Dato Paul Low have criticized the A-G for his short-sighted stupidity.

Putting aside the fact that anonymity of sources is a core component of Press freedom, it’s easy to extrapolate how harsher punishment for journalists who keep their sources anonymous will back-fire spectacularly for the Government.

If sources know that Journalist will be pressured to reveal their identities, most sources will stop speaking journalist, thereby stemming the leakages from the government, and keeping the status quo.Or so the theory goes…

comment 0

Being Terrified: The price of terrorism

Next week, I’ll be on BFM for an interview about spyware, which will be my last Hail Mary play to get a conversation started about the use of surveillance software by the Government. If a radio interview on a popular station won’t do it, nothing on my blog will possibly be able to anyway 🙂

In any case, this post is a pre-emptive response to a slightly controversial idea that I cover (very briefly) in the interview, and hopefully it can be articulated better here than in a radio segment. To be honest, I haven’t fully thought this through, but I believe it at least some some aspects of truth that deserve further attention.

The Idea comes in 3 parts:

  1. Terrorism has changed dramatically with ISIS (or Daesh)
  2. Our conventional approach to surveillance will be ineffective against this new threat
  3. Our surveillance-based response to the new threat may end up hurting us more than ISIS ever could

Let’s go through them one at a time

comment 0

Netflix is setting back Piracy and Security

copying_is_not_piracy

Malaysian rejoiced last month when Netflix announced that they would be coming to our shores. We were all salivating over the massive amount of content we would finally have access too…except that it wasn’t so massive.

Malaysia would enjoy less than 20% of what was available to Netflix users in the US or even in the UK, and that looked like an especially lousy deal since we were paying the same amount for our subscriptions.

I wasn’t that interested in the news, after all, I had already subscribed to Netflix for more than 2 years, and used a VPN to enjoy US and even UK content. I loved Netflix because it had a lot of interesting content, but what really sealed the deal for me was Pocoyo and Dora the explorer…I’m a father of a 2-year-old, and having a video on demand service that lets me address my toddlers demand was a life-saver.

Netflix was far more effective than youtube for videos for my kid, first of all, the content was pure, and I could be sure that nobody was messing with it or adding commentary, but more importantly, it had no adverts, and when you have a 2-year-old the last thing you want them to watch is adverts.

comment 0

Medium blocked: Collateral Censorship vs. Collateral Freedom

Website Blocked

So the buzz around twitter is that Medium.com has been blocked by the Malaysian Authorities, and guess what? It’s true.

It was expected, after all Medium is where the ‘infamous’ Clare Rewcastle Brown uploads her articles to circumvent censorship of her own site, the equally diabolical SarawakReport.org.

Medium is like twitter without the character limits, and it’s quite a cool site to just browse around and look for interesting articles to read, The platform claims to be “community of readers and writers offering unique perspectives on ideas large and small”.

A lot of successful writers and bloggers have taken to Medium to host their content, including Stephen Levy, the author of In the Plex, one of my favorite books on Google. He’s using it (and only it) to start a Tech Hub  for his content, and placing it alongside millions of other articles contributed by both professional and amateur writers.

So it made sense for SarawakReport to take their content to Medium. After all, most of their readership is Malaysian, and since Malaysian ISPs ‘censored’ their content, using a neutral ‘un-censored’ platform like Medium was a perfect solution—well almost perfect!

It’s a phenomenon called ‘collateral freedom’, and for a while SarawakReport readers, and Malaysian internet users enjoyed that collateral freedom, Medium was free and un-censored, which made Sarawark also free and un-censored as long as it was on the platform.