Last month alone I’ve received 6 phishing emails asking me to change my RHB banking password. I always wondered what would happen if I’d actually clicked on one of the links in the email–and today I did just that. Immediately I was transported to a dodgy world of sophisticated deception, and soon realized this was far more complicated that I initially expected.

Before I proceed a friendly word of caution–Kids don’t try this at home–the scam is an elaborate ploy geared towards robbing you of your cash, and if you’re not sure what you’re doing–chances are you’ll be a victim yourself. The simplest way to avoid a scam like this is to never click on an email from the bank–regardless of how genuine it looks. Banks never send you email–so don’t expect one from them. Not even a Christmas card.

But if you’d like to see what happens when you click on one–read on:

Step 1: The email from RHBGroup.com

First there’s the email, it was (supposedly) from sshccserv356@rhbgroup.com. Quite deceptive, and if you visit rhbgroup.com you’ll find that it’s the legitimate RHB Bank website. So it appears this email from rhbgroup.com would be legitimate as well.

Except it’s not.

Email is a remnant of the internet past–it was created at a time when security wasn’t a priority, hence Emails lack any form of authentication (validating whom the email is from) which allows them to be easily forged. This inherent insecurity is what Emails should never be trusted, especially when those emails come from external sources like a bank.

That’s why your bank will NEVER send you an email. It’s too easy to forge. So rest assured that every email you receive from the bank is a fake (there are exceptions of course, like transfer notice etc, but those emails don’t require any action from your end)

Analysing the email further, I find the first victim of the scam. A website called pjpan.co.uk, a pajama-store (of all things). The website url was all over the email-header, which just like every other aspect of the email could be spoofed. Why the scammers chose to us pjpan.co.uk was beyond me, but they did. In any case the email was sufficiently obfuscated that trying to determine its origin would be difficult and probably pointless as well. 

Last week one of my most popular videos detailing how I hacked Unifi accounts was ‘flagged’ as inappropriate in YouTube–apparently it was in violation of their community guidelines.

As such my video was made unavailable and essentially deleted from Youtube.

I was upset.

The email I received from YouTube, gave no indication as to what I did wrong, and even though it states that someone have viewed my video, the language used suggest this was just an automated message sent to my inbox. Nowhere does it suggest an actual human viewed my video and made a judgement, and even worse no justification was given for the removal of the video other than it was ‘flagged’.

Regarding your account: Keith Rozario

The YouTube Community has flagged one or more of your videos as inappropriate. Once a video is flagged, it is reviewed by the YouTube Team against our Community Guidelines. Upon review, we have determined that the following video(s) contain content in violation of these guidelines, and have been disabled:

• "How I hacked 4 unifi accounts in 5 minutes" (http://youtu.be/MGWMFur2Pek)

Everyone hates spam. Misleading descriptions, tags, titles or thumbnails designed to increase views are not allowed. It's also not okay to post large amounts of untargeted, unwanted or repetitive content, including comments and private messages.

Your account has received one Community Guidelines warning strike, which will expire in six months. Additional violations may result in the temporary disabling of your ability to post content to YouTube and/or the permanent termination of your account.

For more information on YouTube's Community Guidelines and how they are enforced, please visit the help center.

Please note that deleting this video will not resolve the strike on your account. For more information about how to appeal a strike, please visit thispage in the help center.

Sincerely, 

The YouTube Team

Netflix is awesome. I watch it everyday, and while the selection is dated–it’s still pretty good.

If you needed proof for just how good it is–32% of all internet traffic in the US, belongs to Netflix. There’s two problems though. First, it isn’t free, and cost about Rm30 month. Not really and issue since Rm30 on Netflix gets you a lot more content than the RM100+ you spend on Astro.

The second problem is that it’s not available in Malaysia. So even if you were willing to pay the cash, you couldn’t get Netflix streamed to your home–until now that is. So here’s 3 ways to stream Netflix, BBC iPlayer and even DramaFever (for the k-drama fans out there) to your home in Malaysia.

A popular question I get, is how to boost a WiFi signal. Folks struggle to get good WiFi connections on the 2nd (or 3rd) floors of their homes because the routers they have don’t pump enough  ‘juice’ to go around. This is particularly true for those that work from home, having poor WiFi while trying to have a teleconference– just sucks. While other applications like YouTube and Facebook could use buffering or caching, a real-time conversation with someone over skype relies on good connectivity all the way from one party to the other, and it doesn’t matter if you have Unifi 20Mbps, if your WiFi is laggy.

I thought I could fix this by buying a more powerful router–but that didn’t work. The signal strength increased, but the quality was still below par.

The best solution is to skip WiFi  and get a Powerline Adapter instead. A powerline adapter uses your home electricity wiring to transmit the data, and because it uses wires, it’ll beat any wireless connection you have. The adapters fit nicely into your 3-Pin wall sockets, and all you need is Ethernet cables to plug into them to hook up your laptop or PC to your router located somewhere else in your home.

The premise is quite interesting and the results are even better.

On April 28th, 4 men were caught for installing card-skimming devices on ATM cash machines in Bangkok Thailand. They were all Malaysian.

On the 14th of May, 6 men were caught for installing similar devices in ATM machines in Jakarta Indonesia. They were all Malaysian.

On the 8th of June, 2 men were convicted in Singapore for installing card-skimming devices on ATMs in Singapore. They were both Malaysian. I wrote about this more than 2 years ago, when some DBS customers noticed withdrawals from their accounts occurring in Malaysia.

I remember this problem from watching an episode of numbers. You’re a contestant on a game show–and you’re given 3 doors to choose from.

Behind one door is a shiny new sports car–behind the other 2 are goats. Your goal is to get the sportscar, by choosing a door. But after you choose a door the host reveals one of doors with the goats. Leaving you with you just two doors, instead of your initial 3.

The truth is we all have something to hide–secrets we wished the world would never know. A political stance we once had, a video of ourselves after too many drinks, or even just a sentence we once uttered at a party somewhere. If you think you’ve got nothing to hide–you should think harder.

So, when European Court of Justice recently ruled that Google had to comply with certain request from individuals to remove links to websites with their personal information–privacy advocates were delighted that we now had the ‘right to be forgotten’. Mario Gonzalez had requested Google to remove a link to a digitized article in La Vanguardia newspaper about an auction for his foreclosed home. Google refused, Mario sued, and the links were removed–only they weren’t.

The understatement of the month would be calling this a peculiar moment. This is far from peculiar–this is straightup WTF?!

My favorite encryption software, TrueCrypt, has been abruptly and mysteriously shut-down(que dramatic music!!!). The official TrueCrypt website now only has some information on ‘alternatives’ and offers the following advice.

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

TrueCrypt was really awesome, it had features like full-disk encryption and even encrypted volumes within encrypted volumes for ‘plausible deniability’. The anonymous authors of the software have apparently thrown in the towel on what was the best free encryption software on the web.Yes, TrueCrypt was free just like Apache and OpenSSL, and just like them was pervasively used by tech-savvy web users. So any vulnerability on TrueCrypt would have severe ramifications–just like Heartbleed had for OpenSSL.

To avoid any ‘heartbleed-like’ issues with TrueCrypt–an initiative from within the security community was kicked off to perform a full security audit on TrueCrypt. Support for the initiative wasn’t hard to come by in the wake of recent developments like PRISM, specifically the revelations that the US government was intentionally making encryption software weaker to allow exploitation further down the road.

But just when the audit was making good progress the TrueCrypt team dropped their bombshell. Brian Krebs suggest that the shut-down is legit, and this isn’t some web-site hack or hoax. The speculation churning machine (a.k.a the entire internet) has been rife with guesses as to what really occurred, but honestly no one has the answer, except the authors of TrueCrypt–who are anonymous.

The problem for people who are using TrueCrypt–is what to do? TrueCrypt recommends bitlocker, but BitLocker isn’t available for basic version of Windows–the version most people use? Also, Bitlocker hasn’t been audited either and forgive me if I’m still a bit edgy about using Microsoft products. What with them spying on my Skype conversations and all.

I’m sticking to TrueCrypt for now, and wait till the dust settles before I decide to re-encrypt my drives with a new piece of software.After all the audit hasn’t found any serious flaws, and even if it did I’m betting someone will fork the code as soon as it happens

A Coalition of Muslim NGOs have asked for Cadbury to pay for the ‘cleansing’ of the blood of Muslims to remove any traces of Pig DNA they might have consumed from having eaten Cadbury chocolates.

I’m not going to debate the religious and legal implications, just the scientific aspect. The aspect which says that the DNA of what you eat doesn’t enter your blood–and cleansing your bloodstream is an absolute waste of time, not to mention precious blood.

Pi has always held a special place in my heart and probably yours as well. When people ask me to pick a number between 1 to 10, I always pick Pi (or sometimes the square root of two), which hasn’t made me the life of many parties.

And there’s an entire community of Pi lovers like me out there–people who are just fanatical about calculating pi to the trillions of digits? With just the first 40 digits of Pi we’ll be able to calculate the circumference of our galaxy with an error that is smaller than the size of a proton, so calculating PI to trillions of digits is quite superfluous. So why then do people do it?