All posts tagged “Digi

comment 1

How secure are the webpages of Malaysian Banks and Telco

SSLI’ve almost been fascinated by the fact, that our money in the bank these days are secured not by steel doors or armed guards, but rather by cryptography and the encryption keys that enable them. To put it in the simplest form  your money in the bank is protected by a number–that’s what an encryption key essentially is. A long binary number of 1’s and 0’s that protects your life savings…

Most (if not all) of your ‘secure’ internet communications is protected by something call SSL, or its successor, TLS. SSL is the stuff of legend, initially invented by Netscape to encrypt internet communications, SSL is now used by nearly everyone online. You see it when you login to your bank account on Maybank or CIMB, when you log into a online store like the ones run by Digi and Maxis even when you do your Tax filings on e-Filing LHDN website.

However, just like every standard in IT, SSL and TLS act as frameworks, and different websites could implement these frameworks slightly differently, usually based on the customer segmentation or the amount of security required. Each implementation could vary from one to another and yet still remain compliant to the ‘standard’, we wouldn’t need consultants if it were otherwise.

The problem is, that just because some website use TLS or SSL, doesn’t mean it’s secure–all it means is that the website is now using a standard, but could have implemented the standard poorly, making it vulnerable to attack, and possibly leaking out your data (some of which might be very very sensitive).

The best way to think about is to go back the number analogy, and assume that the amount of security you get from encryption is determined by the length of the number. So a 10 digit number is less secure than a 100 digit number–and a 1 digit number is less secure than both of them. In security jargon, we call this the key length, and it’s quite a common criteria used to determine the security of a given SSL/TLS implementation. This of course is just one of the criteria to determine how secure the the implementation is.

Basically it’s not enough to check if a website is using SSL or not, it’s more important to figure out how well the encryption is implemented by the website. Of course, this is beyond the scope of most people, no one has the time or inclination to perform a security audit on their banks website, although it is in their best interest to do so. Usually that green lock icon at the bottom of the screen helps me sleep well at night–but it shouldn’t, it’s a good start, but not a guarantee of security.

Fortunately, there’s a really quick and dirty way, to determine how secure the SSL/TLS implementation of a website is. Head on over to SSLLabs.com and enter the url of the website you want to evaluate and the perform a really good audit of the site in real-time, measuring things like key-length and SSL versions, up to the certificate authenticity.

So armed with SSLLabs.com, I decided to just quickly perform a quick check of the most popular secure websites in Malaysia to see if these websites were offering the security their users deserved. Checking out the most popular forum in Malaysia, two telco companies, two banks, one government agency and a news portal, the good news is that 3 out of 7 got straight A’s on their test–the bad news is that the other 4 got F’s–and it’s possible to get E by the way…so an ‘F’ is what most people call an epic failure.

comments 6

SKMM Study: The Best and Worst Telco in KL

Who doesn’t absolutely hate that feeling you get when a call gets drop, or for some reason you just can’t seem to make a phone call on your network. Recently an elderly couple in America died while trying to phone for help--they had 9 drop calls in succession, which just goes to show just how important communications are in our time.

Malaysian wireless reports on an SKMM study done in the first half of 2012 to compare dropped and block call rates for the 3 major telcos in Malaysia. At the moment it’s still unclear why neither YES or uMobile have been studied but the study is a move in the right direction towards providing concrete data on call quality for Malaysians to make inform decision about the telco. Incidentally, SKMM also offer a form you can fill if you’ve experienced a dropped call–for some unknown reason the form is hosted on Google Docs, one can only think SKMM didn’t want to fork out cash to host the form  on their own servers.

First off, I’d like to point out that while I can see the report and search for direct links to the PDF version of the reports online. I can’t seem to locate any link to the report from the SKMM website, which is strange, it also appears that only Malaysian Wireless has reported on this particular study. With other blogs seemingly unaware of the study.

In essence, the study is rather simple:

According to the MCMC drive test report, the assessment was conducted with following criteria:

  • Tests were carried out in moving vehicles (Drive Test).
  • Call duration lasts for 60 seconds, with 10 seconds interval between calls.
  • Phones were set on roam-free environment between 2G and 3G networks that simulates the experience of user in making voice call using phone supporting both technologies.
  • The results of the study only reflect the behavior of the networks on the locations and time of the measurements.

Although, the methodology isn’t clear, and there are missing details, the study is a great starting point to confirm if the telco you’re currently on is providing you top notch quality. The 2 key measurements from the study were the drop call rates and blocked call rates, defined as follows:

a. Dropped Call Rate (DCR)
Dropped call means a call where a connection succeed, that is, the network is accessed, call set up is successful and traffic channel has been assigned, but is disconnected due to abnormal call release. Dropped Call Rate is calculated based on the percentage of number of dropped call over total number of call attempt.

b. Blocked Call Rate (BCR) 
Blocked call means a call is not connected after call attempt due to unavailability of free traffic channel. Blocked Call Rate is calculated based on the percentage of number of blocked call over total number of call attempt.

So the best telco based on these definitions is the one with the lowest DCR and BCR.  A high BCR means calls don’t get connected in the first place, and a high DCR means calls get disconnected once they’re connected. A good telco should strive for the lowest possible numbers on these 2 parameters. While the study was conducted nationally in each and every state, I thought KL would be a good place to dissect the data and provide a benchmark for the nation, if you’d like to know how your telco fared in your home state, head on over to Malaysian wireless who have all the details broken down by state.

comment 0

Data Coverage Down Under

I’ve just come back from a fantastic 2 week long vacation in Australia, and I absolutely loved it. The weather was a bit cold for my Malaysian body (especially in blue mountains), but overall the holiday was a well deserved break from nearly 8 months of non-stop work ;).

The one thing I did notice about Australia though, was that data charges were quite exorbitant. I stayed at various Youth Hostel throughout Queensland and NSW and was surprised that they charged nearly AUD7 per day for Wi-Fi connectivity. Needless to say, I wasn’t too impressed with shelling out nearly RM25 per day for something I get free from even my local mamak.

It was the same nearly everywhere else, even their coffee joints and cafes didn’t offer free Wi-Fi, one explanation I came across was that Australia was geographically very distant from the rest of the world AND it was sparsely populated, so the cost of supplying connectivity to the country was very high. Therefore, these cost were reflected in the amount users paid to go online.
In Malaysia, Tune Talk offers 5 Sen/MB, which works out to roughly Rm25 for the same 500MB of data I got from Optus, Digi offers a 600MB for an RM75. Well below the nearly Rm100 I spent on my Optus Pre-paid. So instead of subscribing to the local Wi-Fi, I decided to spring for a mobile data package, in this case the Optus Pre-paid plan that cost AUD30, with that I got unlimited minutes, 250 minutes to landlines, unlimited sms and 500 MB of data. That’s a lot of money, considering I wasn’t bothered about the other stuff except the 500MB of data.

comment 0

Digi WWWOW Awards

Digi.com has an annual Internet for all awards where they aim to with the aim of “showcasing the incredible creativity, ingenuity and entrepreneurialism of ordinary Malaysians using the Internet in extraordinary ways” . A much simpler way of thinking about the Internet for all awards is that it’s just like the Grammys for Malaysian blogs.

Digi have actually increased the breadth of the awards to include categories like

Says.My :: Online shop of the year

Malaysiakini :: Photojournalist of the year

Google :: Most inspiring internet for good Award ; and my favorite

Lowyat.net :: Fave Tech Head 

In a moment of shameless self-promotion and drunken debauchery, I submitted this blog right here keithrozario.com into the Lowyat.net :: Fave Tech Head category, hoping that I may be considered as a Fave Tech Head. Of course, it’ll be a difficult task, considering the category consist of people like the legendary Paul Tan, or the immensely successful Hongkiat.com so I actually can be lumped in the “Doesn’t have a pray in Hell” category. Then again this blog has always been about me trying out new things, and trying to win an internet award is a new thing!