Late in January the Malaysian Airlines website was ‘supposedly’ hacked by Lizard Squad. You  might remember Lizard Squad as the guys who ‘hacked’ the XBox and Play Station network over the Christmas holidays, and I’m using a lot of ‘quotes’ here because Lizard Squad didn’t really ‘hack’ XBox One or Playstation, they merely DDOS-ed the services.

What is DDOS-ed I hear you say?

Essentially you’ve denied McDonalds their chance to serve their customers–or you’ve just launched a Denial of Service (DOS) attack–the extra D in DDOS, just stands for distributed.

Real-Life DDOS happen all the time–what do you think the Thai Protestors were doing to Airports in 2008?

But why is this important?

The REAL motive of the Lizard Squad DOS attack became apparent some days later when they started to offer their DDOS attack as a service to paying customers. Essentially you could go online and buy their services to attack a target–maybe a competitor company, a personal blog of someone you don’t like, or just about anything. Lizard Squad were hawking their services to anyone with cash.

Some suspected that Lizard Squad were running this large DDOS attack using nothing more than home routers–similar to the ones that UniFi provides and that I demonstrated could be hacked trivially over an internet connection.

I want to inform you that UnoTelly will allow people stream the NFL Super Bowl for free on Sunday, February 1, regardless of where they live or whether they are UnoTelly subscribers.

We are offering free access to media stations (NBC Sports, Channel 4 and more) that will be broadcasting the Super Bowl for free. Visitors will not be required to sign up for a subscription, but simply need to submit their e-mail address. Please feel free to visit our Super Bowl page for more information:https://www2.unotelly.com/superbowl

 Step 1: Logon to your router

To logon to your router, fire up your web-browser (Chrome, Firefox, Safari–even Internet Explorer will do).  In the address bar where you usually type www.google.com type http://192.168.0.1 (sometimes it’s http://192.168.1.1 ) or just click the link. Once there enter the username and password of the router. If you’re uncertain try any one of the following combinations:

As we come to terms with the terrible events that occurred at the offices of Charlie Hebdo, I think we need to be cognizant of  what these attacks really mean, and how our response to these events (even in far away Malaysia) has severe repercussions on our future.

As a Blogger and Techie, I’m 100% for absolute ’no holds-barred’ Freedom of expression.. I’ve written so much on the subject it begins to bore people, but we have so little freedom of expression in this country, we must fight to preserve what we have, and rise up to pursue even more.

Yesterday I Googled something about maxis that took me to a forum.maxis.com.my link. Unfortunately, Firefox wasn’t happy with Maxis, because I got the following screen:

Firefox is the first of the mainstream browsers to end support of SSLv3, ever since Poodle was published. For those of you who aren’t keeping tabs of security issues–Poodle was a big vulnerability discovered in the 2nd half of 2014, that affected the SSLv3 protocol.

A couple of days back, I was at my in-laws doing some browsing on their PC. Now my in-laws have a Windows XP laptop, that isn’t secured, which is fine because as far as I can tell, I’m the only one that uses it. Most of them now go to their phones or tablets for internet access–nobody uses PCs anymore!!

Environment News Service, an environmental focused news website this week accused Malaysian government hackers of attacking it after it ran a story implicating Sarawak governor Tun Abdul Taib Mahmud of corruption and graft. As a result, the site was down for 2-hours, before the site manage to re-gain control.

“The attack on our site came from a Malaysian government entity as identified by their IP address,” Sunny Lewis, editor-in-chief of Environment News Service (ENS)

But what exactly is an IP address, and how did ENS identify it?

Let me explain.

Recently I received a phishing email from konzie2@usm.edu telling me that Maybank had installed new security features and that I need to validate my details on the Maybank2u web portal. The email was marked as SPAM by Gmail, and trying to visit the site further sparked more warnings from Firefox AND my anti-virus.

But I was curious as to what the link would entail, in much the same way I was curious about the RHB phishing emails I received some months back.

Hopefully this post gives you an indication of just how sophisticated these attacks are, and manages to educate you on the one true way to establish if the site you’re visiting is genuine.

The fake login page for Maybank2u looks exactly like the REAL login page of Maybank2u, there really is no difference from the victims perspective. What’s more interesting is when you go deeper, by just enter in ‘a’ username and a password you get to the following page (please don’t enter ‘your’ username and password, just ‘a’ username and password)

The Star reports that :

Malaysia Crime Prevention Foundation vice-chairman Tan Sri Lee Lam Thye called on the Malaysian Communication and Multimedia Commission (MCMC) to block bomb-making websites.

“We live in a troubled age. Previously, it was unimaginable, but now even from your home, you can make a bomb. The MCMC must do a comprehensive check to see how we can block sites that are harmful to the nation,” he said.

Now, apart from the fact, that there aren't any dangerous substances used for bomb-making today, that wasn't around in the 1970's, the entire statement is one made from ignorance.

The Anarchist Cookbook, one of the most famous manuals for making home-made bombs, was written in the 1970's and improvised in the 1980's--stuff that was flammable 20 years ago, is still flammable today. It's not like as though, the atmosphere has changed and petrol no longer burns.

But calling for the MCMC to 'comprehensively' block sites that are 'harmful' to the nation is something no one, especially a Vice-chairman of an NGO should ever do. We can't allow for the MCMC to be given a rein on the internet, even if the intentions are good--after all, we know what the road to hell is paved with--we can't allow good intentions to create bad consequences such as internet censorship.

Anyone that calls for the blocking of websites needs to understand the reasons I don't condone blocking of websites.

A while back, I wrote about how the Government blew nearly RM 1 Billion ringgit on the MERS 999 system. A system that soaked up nearly Rm30 Million in consultancy cost alone–yet failed. The biggest issue I had with the MERS 999 system was that the government had a similar system called MyDistress, which not only worked well in the Klang Valley, but was given to the government free of charge by a company who was doing it as part of their CSR activities.