CategoryMalaysia

Malaysian Technology Issue from a Malaysian Tech Blog

Gov.My TLS audit: Version 2.0

G

Last week I launched a draft of the Gov.my Audit, and this week we have version 2.0 Here’s what changed: Added More Sites. We now scan a total of 1324 government websites, up from just 1180. Added Shodan Results. Results includes both the open ports and time of the Shodan scan (scary shit!) Added Site Title. Results now include the HTML title to give a better description of the site...

Sayakenahack: Epilogue

S

I keep this blog to help me think, and over the past week, the only thing I’ve been thinking about, was sayakenahack. I’ve declined a dozen interviews, partly because I was afraid to talk about it, and partly because my thoughts weren’t in the right place. I needed time to re-group, re-think, and ponder. This blog post is the outcome of that ‘reflective’ period. The...

Why does SayaKenaHack have dummy data?

W

Why does sayakenahack have dummy data? If I enter “123456” and “112233445566” I still get results. I was struggling with answering this question, as some folks have used it to ‘prove’ that I was a phisher. We’ll get to that later, for now I hope to answer why these ‘fake’ IC numbers exist in the sayakenahack. Firstly, I couldn’t find a...

SayaKenaHack.com

S

On the 19th of October, Lowyat.net reported that a user was selling the personal data of MILLIONS of Malaysians on their forum. Shortly after, the article was taken down on the request of the MCMC, only to put up again, a couple of days later. Lowyat later reported that a total of 46.2 Million phone numbers were exposed,  and the data included IC numbers, Addresses, IMSI, IMEI and SIM numbers as...

Cyberwar assessment of Malaysia vs. DPRK

C

Would North Korea ever declare war on Malaysia? Probably not. But nothing is predictable when you’re dealing with a erratic despot who killed his own uncle with an anti-aircraft gun. Realistically though, few nations have the resources and political will, to launch a war, half-way across the world. And neither Malaysia nor North Korea are one of those ‘few’ nations. But what if...

Relax dear-citizen your contactless card is relatively safe—ish

R

As Malaysia slowly (but surely) migrates to Chip and Pin, some banks have taken the opportunity to issue not just new Pin-enabled cards, but contactless-enabled ones as well. To be clear, Banks are only mandated to issue new Pin cards (replacing the signature cards you had before), but are taking the opportunity to also embed contactless capabilities into them as well. After all they’re...

Two years on, teaching coding in schools declared a success

T

KLANG: Two years on, the the pilot initiative to teach coding and digital security as an SPM subject has been touted as a resounding success, and the government is mulling a move to make it compulsory by 2020. The announcement shocked parents, as out of 10,000 students who took part in the pilot program, only 10 had scored an A while the rest had failed with a grade of F. Education Minister...

The Internet is slow because of illegal downloads

T

Let’s start with the quote that set off the rage in my heart— “You can see today that our Internet is slow. Not because it itself is slow but because a lot of people are using it,” he said The government agency chief blamed this on illegal downloads hogging Internet bandwidth here, adding that this does not happen in countries like Germany due to stricter enforcement. “In Germany, the...

This is how Pedophiles get caught

T

This will easily be the most controversial blog post I ever wrote, so consider yourself warned. It’s controversial, because it touches on multiple taboos in our society, sex, child abuse and security theater. You see, there’s been a growing call for a national sex offender registry, especially in the wake of news that a British Pedophile had sexually abused up to 200 children in...

When bad advice comes from good people

W

What happens when a government agency tasked with providing cybersecurity “guidance” and “expertise” gives you advice like “avoid uploading pictures of yourself to avoid the threat of black magic”? And then goes into damage-control claiming that it “was just a casual remark and did not represent the federal agency’s official position on the matter”,  only to...