Security and Privacy topics
On the 19th of October, Lowyat.net reported that a user was selling the personal data of MILLIONS of Malaysians on their forum. Shortly after, the article was taken down on the request of the MCMC, only to put up again, a couple of days later. Lowyat later reported that a total of 46.2 Million phone numbers were exposed, and the data included IC numbers, Addresses, IMSI, IMEI and SIM numbers as...
Channel News Asia posted last week that hackers could steal your info by just knowing your phone number. Woah!! Must be some uber NSA stuff right–but no, it was a couple of guys with Metasploit and they required a LOT more than ‘just’ the phone number. The post was an add-on to a current affairs show called Talking Point, that aired an episode last week about cybersecurity...
Would North Korea ever declare war on Malaysia? Probably not. But nothing is predictable when you’re dealing with a erratic despot who killed his own uncle with an anti-aircraft gun. Realistically though, few nations have the resources and political will, to launch a war, half-way across the world. And neither Malaysia nor North Korea are one of those ‘few’ nations. But what if...
WordPress sites get hacked all the time, because the typical WordPress blogger install 100’s of shitty plugins and rarely updates their site. On the one hand, it’s great that WordPress has empowered so many people to begin blogging without requiring the ‘hard’ technical skills, on the other it just gives criminals a large number of potential victims. Two years ago, when I...
Last Monday, I got a text message from my uncle saying his office computer was hacked, and he couldn’t access any of his files. Even without probing further, I already knew he’d been hit with ransomware and was now an unwitting victim in a criminal industry estimated to be worth Billions of dollars. After learning a bit more, I found out that the IT guys at the company backed up their...
As Malaysia slowly (but surely) migrates to Chip and Pin, some banks have taken the opportunity to issue not just new Pin-enabled cards, but contactless-enabled ones as well. To be clear, Banks are only mandated to issue new Pin cards (replacing the signature cards you had before), but are taking the opportunity to also embed contactless capabilities into them as well. After all they’re...
As with all new shiny equipment, a newly installed router in your home requires a few things to be configured to properly secure it. Goes without saying, that you should change your WiFi password the moment the technician leaves your home, but there are other things you’d need to configure in order to secure your router against common attacks. Now remember, even if you follow all the...
As a follow-up to my previous post on DDOS attacks [1,2], I’ve seen a lot of so-called ‘solutions’ to the problem, which really aren’t solutions at all. While it’s still not explicitly clear that the StarHub DDOS was executed by Mirai, a recently released malware built specifically for DDOS, the timing and similarity of it to other Mirai attacks leave little room for...
Brian Krebs is the most reputable name in CyberSecurity reporting, his krebsonsecurity website is the best source of ‘real’ journalism on the subject. But reputation works both ways, the same thing that makes him popular in some circles, makes him unpopular in other. He’s had criminal hackers send him heroin in the mail and even have SWAT teams descend on his home with guns all...
When I was in school, we joked about people who kept their money under the mattress, that somehow those who didn’t use banks were less intelligent than people who did.The general thinking was that smart people kept their money in the bank, where it was safe from theft, fire and flood, while still collecting interest. In the 80’s this was a compelling argument, when interest rates were...