Favorite Post

F
  • Access Keys in AWS Lambda
    Let’s look at AWS Access Keys inside a Lambda function, from how they are populated into the function’s execution context, how long they last, how to exfiltrate them out and use them, and how we might detect an compromised access keys. But before that, let’s go through some basics. Lambda functions run on Firecracker, a microVM ...
  • Contact Tracing Apps: they’re OK.
    I thought I’d write down my thoughts on contact tracing apps, especially since a recent BFM suggested 53% of Malaysians wouldn’t download a contact tracing app due to privacy concerns. It’s important for us to address this, as I firmly believe, that contact tracing is an important weapon in our arsenal against COVID-19, and having ...
  • My experience with AWS Certified Security – Specialty
    Last week I took the AWS Certified Security – Specialty exam — and I passed with a score of 930 (Woohoo!!) In this post I cover why I took it, what I did to pass, my overall exam experience, and some tips I learnt along the way. So let’s go. Why? Why would anybody pay good money, subject themselves ...
  • The problem with Grab
    As a company, Grab has done enormously well for itself, and naturally will be the target of some hate. But I think there’s a deeper issue with Grab that needs addressing before it becomes an unsolvable problem.
  • Here’s one thing that’s already changed post GE14
    In 2015, I was invited to a variety program on Astro to talk about cybersecurity. This was just after Malaysian Airlines (MAS) had their DNS hijacked, but I was specifically told by the producer that I could NOT talk about the MAS hack, because MAS was a government linked company, and they couldn’t talk bad about ...
  • Gov TLS Audit : Architecture
    Last Month, I embarked on a new project called GovTLS Audit, a simple(ish) program that would scan 1000+ government websites to check for their TLS implementation. The code would go through a list of hostnames, and scan each host for TLS implementation details like redirection properties, certificate details, http headers, even stiching together Shodan results ...
  • Read this before GE14
    Let’s start this post the same way I start my day — by looking at Facebook. Facebook made $40 Billion dollars in revenue in 2017, solely from advertising to pure schmucks like you. The mantra among the more technically literate is that facebook doesn’t have users it has products that it sells to advertisers, it just ...
  • Gov.My TLS audit: Version 2.0
    Last week I launched a draft of the Gov.my Audit, and this week we have version 2.0 Here’s what changed: Added More Sites. We now scan a total of 1324 government websites, up from just 1180. Added Shodan Results. Results includes both the open ports and time of the Shodan scan (scary shit!) Added Site Title. Results now include ...
  • Sayakenahack: Epilogue
    I keep this blog to help me think, and over the past week, the only thing I’ve been thinking about, was sayakenahack. I’ve declined a dozen interviews, partly because I was afraid to talk about it, and partly because my thoughts weren’t in the right place. I needed time to re-group, re-think, and ponder. This blog post ...
  • Why does SayaKenaHack have dummy data?
    Why does sayakenahack have dummy data? If I enter “123456” and “112233445566” I still get results. I was struggling with answering this question, as some folks have used it to ‘prove’ that I was a phisher. We’ll get to that later, for now I hope to answer why these ‘fake’ IC numbers exist in the sayakenahack. Firstly, ...
  • SayaKenaHack.com
    On the 19th of October, Lowyat.net reported that a user was selling the personal data of MILLIONS of Malaysians on their forum. Shortly after, the article was taken down on the request of the MCMC, only to put up again, a couple of days later. Lowyat later reported that a total of 46.2 Million phone numbers were ...
  • Writing a WordPress Restoration script
    WordPress sites get hacked all the time, because the typical WordPress blogger install 100’s of shitty plugins and rarely updates their site. On the one hand, it’s great that WordPress has empowered so many people to begin blogging without requiring the ‘hard’ technical skills, on the other it just gives criminals a large number of potential ...
  • Relax dear-citizen your contactless card is relatively safe—ish
    As Malaysia slowly (but surely) migrates to Chip and Pin, some banks have taken the opportunity to issue not just new Pin-enabled cards, but contactless-enabled ones as well. To be clear, Banks are only mandated to issue new Pin cards (replacing the signature cards you had before), but are taking the opportunity to also embed contactless capabilities into them ...
  • The safest place for your money is under the mattress
    When I was in school, we joked about people who kept their money under the mattress, that somehow those who didn’t use banks were less intelligent than people who did.The general thinking was that smart people kept their money in the bank, where it was safe from theft, fire and flood, while still collecting interest. In the 80’s this ...
  • Two years on, teaching coding in schools declared a success
    KLANG: Two years on, the the pilot initiative to teach coding and digital security as an SPM subject has been touted as a resounding success, and the government is mulling a move to make it compulsory by 2020. The announcement shocked parents, as out of 10,000 students who took part in the pilot program, only 10 ...
  • Show notes for today
    Your browser does not support native audio, but you can download this MP3 to listen on your device.   Some interesting links you might want to check out during my interview on BFM today, will tidy up this list later in the week. Office of Personnel Management Data Breach (Chinese hackers breaking into US Federal Employee Databases) China arrested ...
  • The Internet is slow because of illegal downloads
    Let’s start with the quote that set off the rage in my heart— “You can see today that our Internet is slow. Not because it itself is slow but because a lot of people are using it,” he said The government agency chief blamed this on illegal downloads hogging Internet bandwidth here, adding that this does not ...
  • When bad advice comes from good people
    What happens when a government agency tasked with providing cybersecurity “guidance” and “expertise” gives you advice like “avoid uploading pictures of yourself to avoid the threat of black magic”? And then goes into damage-control claiming that it “was just a casual remark and did not represent the federal agency’s official position on the matter”,  only to follow-up with ...
  • The miners dilemma – Bitcoin sabotage can be profitable
    Imagine a small village of a 100 people. One day,  a sorcerer shows up,  and grants all the villagers magical 1000-sided dice, which are purely random and can only be thrown at a fixed rate of 1 throw per second (no faster & no slower). Over the next year, at noon of every day, the sorcerer will announce a random number ...
  • Apple vs. FBI: Everything you need to know
    A judge in the US has ordered Apple to provide ‘technical assistance’ to FBI, in creating what some (but not all) cybersecurity experts call a backdoor. In the few years I’ve written about these issues, I’ve never seen anything as hotly debated as this one, across the folks from digital security to foreign policy all coming down ...
  • Keith’s on BFM Talking about spyware–again!!
    Today, I was on BFM talking about Hacking Team, the audio for which is below, and more comments and thoughts below that. Your browser does not support native audio, but you can download this MP3 to listen on your device.    This is my last ditch attempt to get a conversation started about the use of surveillance software by ...
  • Questions we need to ask about spyware
    If you believe (as I do), that the government bought spyware, then here are some pertinent questions Question 1: Do these government agencies actually have investigative powers? While the police might have the legal authority to investigate someone, does the PMO, MACC or anyone else share that authority. If a government agency has no right to investigate ...
  • PMO purchases of Hacking Team software
    The Prime Ministers Department has denied (twice!) that it has ever procured surveillance software from Hacking Team. Even though hundreds of e-mails in the leaked Hacking Team archive point to it. The latest rebuttal, Datuk Azalina distanced her Ministry from other government agencies, encouraging reporters to seek official statement directly from other agencies accused of ...
  • The Government doesn’t buy spyware–yea right!
    The Government has denied buying spyware from hacking team, they really should have checked with me before issuing the statement. On the 23rd of November 2015, Datuk Seri Azalina Othman Said denied that the Malaysian government had procured spyware from hacking team. In a formal response (in Parliament!!), the Minister simply stated “For your information, no such ...
  • So you think English is the lingua-franca of Science…
    I get annoyed when parent associations insist that the Government needs to teach science and maths in English. They argue that because English is the lingua-franca of science, teaching science in English will help students learn more effectively without needing them to translate scientific terms from the vernacular. They add that teaching Science and Maths in ...
  • The PM’s year end cyber-security message
    From: [email protected] Sent: 23 Dec 2015 To: [email protected] Subject: Cybersecurity Year end message. *This message is intended for all Malaysian Government servants only, do not forward without prior approval* Greetings and Salam 1Malaysia. I want to use this year-end as an opportunity to discuss the important topic of Cybersecurity. This year was interesting for me personally, and for all Malaysians, and we need ...
  • Hackers and terrorist
    There is no greater danger of tech illiteracy, than the way we treat hackers. A society that doesn’t understand technology will view those who can manipulate it as wizards and sorcerers. Technology sufficiently advanced is indistinguishable from magic, and to most people that bar of being ‘sufficiently advanced’ isn’t set very high. The magic analogy is apt, ...
  • Chip And Pin : An intro for Malaysians
    In 2016, Chip and Pin will gradually be introduced in Malaysia, that means your Credit Cards now will prompt you for a PIN instead of signature during purchases. This will be a bit of a hassle, but it will be worth it,  here’s what you need to know about it and credit card transactions in ...
  • Ransomware
    By now, you either know someone that’s been a victim of nasty malware or have yourself been on the business end of nefarious software. The perpetual duel between security companies and malicious elements in cyberspace has changed dramatically over time, and no change has been so dramatic as the rise of a new type of threat, ...
  • Hacking Government, Malaysian Style
    The simplest definition of a hacker, is someone who breaks systems. We tend to equate systems to computers, but that’s a limited definition of the term. A system can also refer to a legal system or a set of processes that have nothing to do with technology. For example, lawyers often hack around the law, looking ...
  • Why we fear ‘hackers’: Dangers of Technical Illiteracy
    Are you afraid of Hackers? Do you lie restless at night thinking of what might happen if they got into your bank account, facebook profile, or e-mail. Perhaps you’re also worried about that they might hack into a forum you visit, or that they might get into your personal messages on whatsapp. It’s true that hackers ...
  • Understanding Anonymous from a Malaysian context
    The latest buzz in Malaysian cyberspace is the ‘threat’ from Anonymous Malaysia to launch ‘internet warfare’ on the Malaysian government, singling out our poor ol’ Prime Minister, demanding that he step down or face the consequences of Anonymous actions. The threat of internet warfare even came with a date, 29th to 30th August at 2.30pm, coinciding with ...
  • How I hacked 4 Unifi accounts in under 5 minutes
    So I was wondering if I should publish this, but I guess I have to. If you’re one of the 500,000 Unifi subscribers in Malaysia, you need to know that your stock router–is completely hackable. TM has left you literally hanging by your coat-tails with a router that can be hacked as easily as pasting ...
  • Why Malaysians shouldn’t buy Coin–yet
    There’s a lot of talk about COIN, the aptly named card replacement device that promises to end the bulge in your wallet–literally. Basically this handy device is meant to replace all your cards in your wallet, and saving you space in a secure yet convenient way. It’s oversold its pre-order a thousand times over, and ...
  • Why Malaysia should never send anyone into space again–EVER!!
    There’s been a lot of talk lately on Malaysia sending a second Angkasawan into space. Unfortunately, we don’t seem to be getting our moneys worth, the Angkasawan program has done nothing to stop the slide in our Scientific literacy in Malaysia, in fact, if the graph above is anything to go by it’s actually made ...
  • Of pirated software and vaccinations
    Here’s a quick question–do you have a ‘original’ version of Windows running on your PC or is it pirated? If you’re like me, then obviously you’ve learnt long ago to only use original versions of software–especially when it’s the operating system of your PC. Of course, I wasn’t always like this, back in my university days, ...
  • Internet Censorship won’t work in Malaysia
    Why shouldn’t Malaysia censor the internet? Of late, the recent cases involving a certain pair of ‘sex’ bloggers and their ilk have prompted certain parties to call for more stringent regulations of the internet, but I for one think that we need to ensure that the internet remain free and un-censored–now more than ever. So why ...
  • Fair Usage Policy: Data caps and Torrent filters
    This article is really more a continuation from yesterdays piece about how unfair the Fair usage policies in Malaysia are. In my view telcos complaining about 15% of customers using 70% of their traffic is just ludicrous behaviour–it’s the cost of doing business. This is akin to a restaurant owner offering a buffet and then ...
  • What is PRISM?
    There’s a controversy brewing in the land of the free, one that will have implications for Americans, but also Malaysians and nearly every citizen of the world. We may look back at the moment Mr. Snowden leaked controversial (and ugly) slides about a program called ‘PRISM’ as the start of a pivotal moment in internet ...
  • Security Offences Bill vs. Universal declaration of Human Rights
    This is what Article 12 of the Universal Declaration of Human Rights says: No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks. This is what security offences bill ...
  • Can you out-tech the government?
    Over the past years we’ve seen a recurrent theme where Government agencies were attempting to curtail internet freedom in the name of ‘keeping the peace’. From Saudi telcos threatening security experts to help them hijack tweets to governments procuring tools like Finspy to spy on their citizens–usually without any warrant or legal oversight. We’ve seen ...
  • I’m Sorry, the Malaysian Government IS spying on you
    A couple of weeks ago, I wrote about an ‘irresponsible’ piece of journalism by the Malaysian Insider when the ‘claimed’ the Malaysian government was spying on Malaysian citizens–but they didn’t have any proof. I was very upset that a reporter would make such a bold statement and not back it up with any proof –so ...
  • Telekom Malaysia is censoring the internet prior to GE13
    I’m not a usual fearmonger, or a person who panics easily–yet you friendly local tech evangelist has a warning for Malaysian users out there. Unifi is censoring the internet in the run up to the hotly contested GE1–and that’s what the data suggest. You heard that right folks, some of you suspected all along, and I ...
  • Why is Malaysia trailing Singapore, Taiwan, Korea
    A lot of people ask why Malaysian has fallen behind countries like Korea, Taiwan or Singapore in terms of our economic development. The answer most politicians give is corruption–but there’s hardly any data to suggest that’s a big issue–at most corruption can account for the ‘loss of income’. There’s no guarantee that the money we ...
  • Government Network used to download porn : Privacy is dead
    Just how private are your searches…turns out they aren’t private at all. The wonderful people at Torrentfreak did an amazing piece of investigative journalism today. Upset over the passing of CISPA, they decided to do an internet check on how active the House of Representatives were–on bit torrent. It turns out with a couple of IP ...
  • Pitchin.my Crowdfunding success in Teach a Child to Read
    A couple of months back, I wrote a short post about a Malaysian project that was successfully funded on kickstarter. Today, I can proudly say that Malaysians continue to surprise me in untold ways. Pitchin.my is the Malaysian kickstarter, and recently it saw a successful funding of a project on it’s website–that literally brought tears to ...
  • MACC says Facebook at work is Corruption
    According to last weeks Star, MACC deputy chief commissioner Datuk Sutinah Sutan was reported to have said that Civil servants and staff of government-linked companies (GLCs) surfing social media or engaging in personal matters during working hours may be categorized as having committed corruption!! The underlying logic to the argument seems plausible enough, Datuk Sutinah goes on to elaborate that: “For instance, ...
  • SKMM Study: The Best and Worst Telco in KL
    Who doesn’t absolutely hate that feeling you get when a call gets drop, or for some reason you just can’t seem to make a phone call on your network. Recently an elderly couple in America died while trying to phone for help--they had 9 drop calls in succession, which just goes to show just how ...
  • Science Education in Malaysia — it just sucks!
    Putrajaya we have a problem. While the economy maybe growing and the KLCI trending upwards, Malaysia’s number 1 resource is most definitely trending down. In fact there may be a time when it disappears completely and we’ll have to either import it, or live without it. I’m not talking about oil, I’m talking about our scientist ...
  • IT Career in Malaysia : Why Information Technology rocks
    So your child has just finish SPM or STPM or A-Levels and now you’re looking at a possible future career for them, or you yourself have just graduated and considering your future career. This is not something to take lightly, after all it’s the 4th most important decision in your life, behind who you get married ...
  • Evidence Act: Anonymity before the internet
    I read a brilliant article on the Evidence act by Zul Rafique and Partners that I think everyone should read. In it, the author compares the newly amended Evidence Act (supposedly amended to combat the evils of the internet) to a sub-section of the original act meant to look into telegraphs. Now I must admit, ...
  • Auditor-General report 2011 : When can Malaysians expect Transparency in IT spend
    As a tech blog in Malaysia, I thought it’d be interesting to see the latest Auditor-General’s report faired in terms of IT spend from the government. IT spend is a tricky thing, and most don’t understand just how tricky it is, particularly around big IT spend by governments–they often fail. In fact, one of my ...
  • Software piracy in China : Can the Yankees really complain?
    Did you know the term ‘Yankee’ is thought to be derived from the Dutch name Janke, which means “little Jan” or “little John,” a nickname that can be traced back to the 1680s, when it was used as a slang term for pirates. Yes, you heard that right, the Americans were regarded by the Europeans as ...
  • Why Apple is really suing Samsung
    I’m not the biggest fan of Apple, I consistently compare my Galaxy S3 (which is great) to my wifes Iphone 4 (which is not so great). So when I first heard the news that Apple was suing Samsung for a ridiculous amount of money because of things like ‘slide to unlock’, ‘pinch to zoom’  and ...
  • One Visa files suit against TM : Is it a Human Rights abuse?
    The Star today reported that a company called One Visa is suing Telekom Malaysia (TM) for providing telecom services and infrastructure to squatters on it’s land in Negeri Sembilan. TM was alleged to have trespassed five pieces of One Visa’s land by supplying the telco services to the illegal occupiers of its land. One Visa had sought ...
  • Why I stopped the Nuffnang Ads on my blog
    About 2 months back, I posted up a nuffnang ad on my blog, and with reasons explaining why I felt the need to advertise. The guys from Nuffnang were pretty stand-up characters and I felt like I could trust them, so I begin to post Nuffnang ads and monitor that over time. Unfortunately the results haven’t ...
  • Evidence Act Technological Misconceptions: A response to Rocky and Fatimah
    The government has finally ‘relented’ and now wants to ‘discuss’ section 114A of the Evidence act 1950. Now it’s great because it proves beyond a shadow of a doubt that: 1. The internet can be used for fantastic good. 2. The general Malaysian public can make a difference in the governance of the country. My website also had ...
  • MSC Cloud Initiative : Why it’s a bridge too far
    Why does Amazon–arguably the biggest cloud player in the world–choose to launch it’s Asia-Pacific Offering in Singapore rather than Malaysia? One would think that the prohibitively high prices of land in Singapore, coupled with it’s higher base cost and employee wages would make Singapore a terrible place to put up a Huge Datacenter comprising of ...
  • Personal Data Protection Act 2010 Malaysia
    Data is the natural by-product of every computer mediated interaction.  It stays around forever, unless it’s disposed of.  It is valuable when reused, but it must be done carefully.  Otherwise, its after-effects are toxic. – Bruce Scheneier As society moves towards a ‘knowledge’ based society, data naturally becomes a by product. Every action you perform leaves a ...
  • Wikipedia from a Malaysian perspective
    Wikipedia is quite possibly the greatest repository of information mankind has ever seen. It’s built around an amazing concept of allowing anyone the ability to create, document and moderate information in real-time, and so far the concept has proven successful–some may even argue that it’s too successful. For the past two days, I’ve been writing about ...
  • What I learnt from winning the DigiWWWOW awards
    Exactly one month ago, I was honored to be awarded the DigiWWWOW awards Fave tech Head award. It was truly unexpected and I continue to feel grateful for it. For those of you who don’t know what the DigiWWWOW awards is, it’s basically like the Grammy Awards for Malaysian blogs, so instead of singers ...
  • Is your Wi-Fi safe?
    With the newly enacted Evidence Bill Amendment, you would have been deemed to have published everything that originates from your IP address. What that means is that if someone hacks your Wi-Fi and then uses it to publish malicious or seditious statements online, you will be deemed to have published it, and the onus is ...
  • Is Dowloading a banned ebook illegal?
    Let’s get straight to the point, the latest case where the Federal Territory Islamic Affairs Department (Jawi) is prosecuting a store manager is both disgusting and without merit. Not only is she just a Manager carrying out here duties–thereby making the bookstore liable instead of her, but the raid on the bookstore was carried out ...
  • Watch Netflix, Hulu and even Euro2012 online from Malaysia
    Malaysians have always been deprived of real-time video content online. We’ve no access to Netflix or Hulu, we can’t watch the full episodes of the Jay Leno show online, we can’t watch the BBC replays of the football matches, we can’t even watch videos from TheOnion for crying out loud. Why? because NBC, FOX, Netflix, Hulu, BBC and even ...
  • Black Day for Malaysians : New Evidence Bill Takes effect today
    Today marks a crucial point in the crusade against freedom on the internet in Malaysia. We’ve had SOPA in the US, ACTA in Europe and the TPP has brought the fight closer to our borders. Today in a brilliant tactical move by the enemy of Freedom,  Malaysians will be subjected to an amended evidence act ...
  • Malaysians Against the Trans-Pacific Partnership Agreement
    To visit the Malaysians against TPP Facebook Page, please click here P. Ramlee was arguably the most influential Malaysian Artist to ever lived. His musical talents and acting ability set him head and shoulders apart from most of his contemporaries, or any other Malaysian Artist from whatever generation. So it was unfortunate, that he left in ...

Add comment

Astound us with your intelligence