CategoryMisc

Two weeks ago, I rage-tweeted something regarding Malaysian politics that got a lot more viral than I liked (I’ve censored out the profanity for various reasons, most notably, there are teenagers who read this blog). It was a pointless collection of 200 characters, that somehow resonated with people enough to be shared across social media. Obviously, since it was me, the tweet was filled...

Let’s start with the basics. Data Breaches are common — and will continue to be the norm. How the App Economy and Big Data ruined it As we shifted towards the ‘App-Economy’ and ‘Big-Data’ (circa 3 years ago), consumers begun sharing more data with more apps. Everyone and their granny, wanted to create a new app, and everyone was told to collect as much data as...

Previously, I moaned about dermaorgan.gov.my, a site that was probably hacked but was still running without basic TLS. This is unacceptable, that in 2018, we have government run websites, that ask for personal information, running without TLS. So I decided to check just how many .gov.my sites actually implemented TLS, and how many would start being labled ‘not secure’ by Google in...

220,000 is a lot of people. It’s the population of a small town like Taiping, and roughly twice the capacity of Bukit Jalil Stadium. Yet today, a data breach of this size, barely registers in the news-cycle. After all, the previous data breach was 200 times bigger, and occurred just 3 months ago. How could we take seriously something that occurs so frequently, and on a scale very few...

Part 1: An intro to Data Breaches Let’s start with some basics. What is a Data Breach? According to Verizon, a data breach is when you’ve confirmed that data has been lost to an attacker, while a data incident is merely something that ‘may’ result in a breach. An incident is when a laptop goes missing from your company’s office. A breach is when the data on that...

Consider this a bonus piece from my long thoughts about data breaches. You might the older post before reading this. So let’s dive in. The telco breach was a giant hairball of issues, and one of the strands in the hairball is false prepaid registrations. Immediately after releasing sayakenahack, people reported that they were seeing additional numbers linked to their mykad numbers. From...

While designing sayakenahack, the biggest problem I faced was trying to write millions of rows efficiently into DynamoDB. I slowly worked my way up from 100 rows/second to around the 1500 rows/second range, and here’s how I got there. Work with Batch Write Item First mistake I did was a data modelling error. Sayakenahack was supposed to take a single field (IC Number) and return the results...

Posting this here first, my thoughts to follow. Random thoughts below are draft :). Random thoughts on the matter  We still need a single identifier in Malaysia (IC Number), this is administrative necessity. LHDN needs to check your bank accounts, Election Commission needs to know you’re not double-voting..etc. But that single identifier should not be used as an authenticator. No one should...

I know the picture is a bit hard to read, but I wanted to make sure I had a detailed enough picture to understand the ‘innards’ of sayakenahack. Sometimes when you’re building stuff on the fly, and bottom-up, it’s good to take a step back, and have a top-down view. I’ll be expanding this post over time, wanted to get my thoughts down quickly on paper before I moved...

OK, this is my last post on sayakenahack.com, and I’ve got a script scheduled to run at Sunday midnight to tear down the database. So if you wanna check, you better do it now, cause in 3 days time, it’ll be gone. *poof* But here are my thoughts on this whole debacle — and it’s going to get emotional, so don’t say I didn’t warn you. So let’s start with the...