Security and Privacy topics
The new Prevention of Terrorism Act (POTA) in Malaysia should not be considered in isolation but rather in the context of the 6 other anti-terrorism Bills that were concurrently proposed. All of these new laws, will almost certainly come into effect, thanks to the whip system employed by the ruling party. Yet the laws violate fundamental human rights, such as a right to fair trial and right to...
The team over at the FireEye threat intelligence published a special report(pdf) detailing an long running (and still on-going) cyber-espionage operation that has targeted multiple entities in ASEAN countries, including Malaysia. The program was reported to be running for more than a decade, and the sustained period coupled with the list of targets the program had, led FireEye to believe it to be...
Last month, a company called MDSec released a video detailing how they manage to brute force hack an iPhone PIN lock. Pretty sweet piece of work, but I thought this would be a good example to understand how hacks work, and how hackers think. What is a hacker First off, we need to define what a hacker is, it’s a convulated term, but my favorite definition is : A hacker is someone who makes...
It’s now almost two years on, since that fateful day at the Mira Hotel in Hong Kong when Edward Snowden divulged secret NSA documents detailing unlawful and on-going spying programs carried out in the name of security. Sure we knew the government had ‘a’ spying program, and we’ve all seen Hollywood movies with fictional technology that allowed governments to carry out un...
Recently I moved the hosting for keithRozario.com from a regular hosted platform called WPWebhost to my own Virtual machine on digitalOcean. The results have been great, but the migration process was a bit tedious and took some effort. I thought I’d share my Apache configurations, so that if you’re thinking of hosting your own WordPress site on an SSL server, you’ll at least...
As the 1MDB fiasco begins to simmer over the political stove, I wanted to inject some technical information into this discussion, specifically around emails and how they’re almost useless pieces of evidence. Just to make sure everyone’s on the same page, here’s some context. In early March 2015, sarawakreport.org, a website run by investigative journalist Clare Rewcastle-Brown...
Late in January the Malaysian Airlines website was ‘supposedly’ hacked by Lizard Squad. You might remember Lizard Squad as the guys who ‘hacked’ the XBox and Play Station network over the Christmas holidays, and I’m using a lot of ‘quotes’ here because Lizard Squad didn’t really ‘hack’ XBox One or Playstation, they merely DDOS-ed the...
Step 1: Logon to your router To logon to your router, fire up your web-browser (Chrome, Firefox, Safari–even Internet Explorer will do). In the address bar where you usually type www.google.com type (sometimes it’s ) or just click the link. Once there enter the username and password of the router. If you’re uncertain try any one of the following combinations: Username: Management...
As we come to terms with the terrible events that occurred at the offices of Charlie Hebdo, I think we need to be cognizant of what these attacks really mean, and how our response to these events (even in far away Malaysia) has severe repercussions on our future. As a Blogger and Techie, I’m 100% for absolute ‘no holds-barred’ Freedom of expression.. I’ve written so much...
Yesterday I Googled something about maxis that took me to a forum.maxis.com.my link. Unfortunately, Firefox wasn’t happy with Maxis, because I got the following screen: Firefox is the first of the mainstream browsers to end support of SSLv3, ever since Poodle was published. For those of you who aren’t keeping tabs of security issues–Poodle was a big vulnerability discovered in...