Just a collection of stuff (mostly from my old blog)
Consider this a bonus piece from my long thoughts about data breaches. You might the older post before reading this. So let’s dive in. The telco breach was a giant hairball of issues, and one of the strands in the hairball is false prepaid registrations. Immediately after releasing sayakenahack, people reported that they were seeing additional numbers linked to their mykad numbers. From...
While designing sayakenahack, the biggest problem I faced was trying to write millions of rows efficiently into DynamoDB. I slowly worked my way up from 100 rows/second to around the 1500 rows/second range, and here’s how I got there. Work with Batch Write Item First mistake I did was a data modelling error. Sayakenahack was supposed to take a single field (IC Number) and return the results...
Posting this here first, my thoughts to follow. Random thoughts below are draft :). Random thoughts on the matter We still need a single identifier in Malaysia (IC Number), this is administrative necessity. LHDN needs to check your bank accounts, Election Commission needs to know you’re not double-voting..etc. But that single identifier should not be used as an authenticator. No one should...
I know the picture is a bit hard to read, but I wanted to make sure I had a detailed enough picture to understand the ‘innards’ of sayakenahack. Sometimes when you’re building stuff on the fly, and bottom-up, it’s good to take a step back, and have a top-down view. I’ll be expanding this post over time, wanted to get my thoughts down quickly on paper before I moved...
OK, this is my last post on sayakenahack.com, and I’ve got a script scheduled to run at Sunday midnight to tear down the database. So if you wanna check, you better do it now, cause in 3 days time, it’ll be gone. *poof* But here are my thoughts on this whole debacle — and it’s going to get emotional, so don’t say I didn’t warn you. So let’s start with the...
I haven’t blogged in a while because I’m busy studying (yes, studying) for my OSCP certification. But what happened over the week, was just to mind-blowingly stupid to ignore. Here’s what happened…. A Taiwanese company released a game titled Fight of Gods, which as the name implies, has Gods fighting among themselves. But the developers didn’t ‘just’ use...
The fact that this RM2 company manage to raise RM500 million should be news enough, but claims that it lost all it’s money to ‘hackers’ is too hilarious for me to ignore. If you haven’t heard, a get-rich-quick scheme called JJPTR, claimed it lost RM500 million to hackers, which even with today’s depreciating ringgit would exceed a value of USD100 million. For...
WordPress sites get hacked all the time, because the typical WordPress blogger install 100’s of shitty plugins and rarely updates their site. On the one hand, it’s great that WordPress has empowered so many people to begin blogging without requiring the ‘hard’ technical skills, on the other it just gives criminals a large number of potential victims. Two years ago, when I...
On the 1st of February, Malaysians experienced yet another fuel price increase. Which was surprising because the price of oil and the ringgit conversion rate seemed to be favoring a drop. You see in Malaysia, the fuel prices are controlled and subsidized by the government, and it sets the price for petrol at the pump. In the past, fuel price changes were few and far between, but since 2007...
Customers of Singaporean ISP StarHub, suffered two major disruptions to their service over the past week, in what the telco said was a result of a “intentional and likely malicious distributed denial-of-service (DDoS) attacks”. Oh the humanity!! In what appears to be a copycat of the Dyn attack we saw (at roughly the same time), the attack signals the first local salvo in the war of...