Hacker Vs Cracker

It seems that I can never stress this enough. The mass public needs to be educated on the difference between these 2 words. Mass media have been using this term incorrectly since forever.

Unfortunately, the bad side of things always seem to be emphasized and being exaggerated more than the good side. Hacker is big set, where Cracker is a smaller set inside. Simply put, a cracker is a hacker but a hacker is not necessarily a cracker. Crackers are termed as Black Hat Hackers.

Originally, there are 2 types of hackers – White Hat and Black Hat. White Hat Hackers are the good guys who breaks into computer systems just to make the owners realize the security flaws while Black Hat do malicious things for personal gains.

As time goes, there exists an intermediate hybrid – Grey Hat Hackers who sometimes act legally, sometimes in good will and sometimes not.

So… when a hacker turns bad, it is more accurate to call him/her a cracker rather than tainting the image of the whole hacker community. Too bad in Malay there’s only one word – penggodam which in general points to the word hacker.

Missing AdSense Pages

A client friend of mine complained that he can’t see the pages when he clicked on AdSense links, which is quite weird. When I tried, they all loaded fine. Anyone experience the same problem?

By the way you should not click on your own ads too many times as Google will think you are trying to cheat. I am not sure it will show up in your stats as clicks anyway.

Working With Dynamic Select Inside an Ajax Container

I spent like half an hour on this, got tired, went out to The Curve Damansara, and tonight when I came back, tried a simple trick and it all worked.

I had a code similar to this (shortened for understanding):

1
2
3
4
5
<select id="distDst">
	<option value="1">Name of the option</option>
</select>
 
<input type="button" value="getSelected" onClick="getData()"/>

The JavaScript:

1
2
3
4
5
6
7
8
9
10
11
12
<script type="text/javascript">
< ![CDATA[
 
function getData()
{
	distDst = document.getElementById('distDst');
	if(distDst.selectedIndex == -1) { alert('Please select an option.'); return; }
	else alert('Selected value: ' + distDst.options[distDst.selectedIndex].value);
}
 
// ]]>
</script>

All three browsers: IE 6, Firefox 2.0, and Opera 9.02 gave me an undefined value for the selected element (focused, of course).

When I came back, I added name="distDst" to line 01 of the first part, so Firefox and Opera agreed while IE is still stubborn. Next I enclosed the select object within form tags and IE yielded and gave me the results I want.

I don’t understand about IE’s problem, but why does Firefox and Opera requires the name= attribute to be added when I used getElementById not getElementByName? Still a mystery to me. If you put those code inside a single HTML file it would work. In my case those two would end up on the same page but the JavaScript would load first inside a container, and the HTML loads within another container. They are nested.

Well hope this helps anyone trying to implement select objects with JavaScripts inside AJAX containers.

Sorry for the technicality. I am now implementing AJAX front-ends for my PHP codes, after I got bored with conventional PHP programming.

I forgot to mention: The problem only occurs when the dynamic select object have 1 item in the list.

Free Windows Vista

Last month, there was a radio commercial on Hitz.fm that promotes free upgrade to Windows Vista and I was fooled. Of course, it’s a commercial.

You get Windows Vista only if you buy a new PC with Windows XP now. For those currently using licensed Windows XP like me, you get nothing.

In fact, even now if you go and get yourself a new PC you’ll get Vista upgrade for free as stated here in Microsoft website. I am not sure whether this applies globally but I was brought to this page from Microsoft Malaysia.

I wonder if the final release is now available at Low Yat Plaza. I just want to take a look, nothing serious. I expect it to be more resource hungry and not suitable for my old hardware anyway.

Any of you have used Vista? Let me know of your opinion.

Malaysia OSS Master Plan Gets Truncated

As I thought. When the Government declared that they will favor open source for their IT needs I was thinking whether they have thoroughly analyzed their plan. What I can clearly see is that all they understand is the word FREE. No more, no less.

It was published on The Star Online on 5 December that the OSS Master Plan Gets Pruned. Indeed, they can’t simply disable or abort the plan so they removed a sentence. Originally it states:

OSS procurement should be based on merits, value for money, transparency, security and interoperability, as well as in accordance with the Government procurement policies and procedures. In situations where the advantages and disadvantages of OSS and proprietary software are equal, preference shall be given to OSS.

Now that the second line has been removed:

OSS procurement should be based on merits, value for money, transparency, security and interoperability, as well as in accordance with the Government procurement policies and procedures.

This effectively imply a new policy: neutrality.

As OSS is no longer preferred, the master plan is now useless. Very rarely OSS software can market themselves, and proprietary software have the big guns who can do marketing and sales for them.

The new sentence can also be applied to proprietary software, don’t you think? The sentence is there just to ensure existence of the master plan which is now obsolete.

RegisterFly Woes

Do yourself a favor. Do not use RegisterFly for domains.

When you submit a ticket, they don’t care. When you submit multiple tickets, they’ll reply by saying “Please do not submit multiple tickets with the same issue”. But at least I got their attention.

tickets1.jpg

I am pissed off at them since I can’t even renew my domains. Their so-called automated domain renewal emails kept flooding my mailbox, but when I try to renew everything seems to fall apart. Submitting a ticket didn’t seem to help, so I did what this commenter in Vincent Rich’s blog suggested – use Firefox’s ReloadEvery extension to submit hundreds of tickets. I got their attention. One of my .com domain got transferred but for this particular domain romantika.name their buggy system seems to be ignoring my renewal requests and gave me a blank order ID.

Now I have decided to transfer my domains elsewhere. The new registrar is powerful, their automated system is really automated, helping me register a new domain and the transfer requests within 5 minutes. However, I got stuck again with the authorization code. Previously in RegisterFly’s system you can clearly see an authorization code (a.k.a. EPP code) for every one of the domains, but recently it has disappeared. Vincent also had the same problem. Currently I see that he already succeeded in transferring his domain to NameCheap. Well done, Vincent. I wonder how long it took him for the transfer to complete.

What I have done so far about the transfer process initiated today is send another ticket, and an email to their support for the authorization codes. That’s where the transaction is stuck now. And I also see another ticket I created about my problem renewing romantika.name domain. That’s not the first. The first also went unanswered.

norespond.jpg

I warn you once more, don’t do business with them. You’ll lose precious time, and money to buy aspirin because of the headache they cause.

What registrar do you use?

Under The Hood of Microsoft Windows

Process Explorer

For a Linux geek like me, I always feel so much restrained when using Windows, due to the fact that I can’t really get into the internals of the system especially that now I am using Windows on my 2 year old notebook after the storage catastrophe. It looks like hard disks don’t really like to stay with me that long; or is it my own fault for overusing them? Oh well.

While browsing through this post from the F-Secure blog, I found out that Microsoft has bought Sysinternals in July 2006. Mark Russinovich and Bryce Cogswell must be millionaires now 😉

No wonder my friend who have just started today in F-Secure KL talked to me about the cool utilities. Now I know where he hangs out.

There are actually a bunch of tools, categorized into:

  • File and Disk Utilities
  • Networking
  • Processes & Threads
  • Security Utilities
  • System Information
  • Miscellaneous

I’ve actually tried only a few of the tools, which I chose based on my familiarity with the functions.

Continue reading Under The Hood of Microsoft Windows

Internet Marketing Goes Wild

Technology is a huge keyword in the world we live in today. More and more types of businesses are going online for promoting their products and services.

For example nowadays, businesses that we thought would never go online has already made attempts to have websites and online promotions, or as we usually say it “Internet presence”. For example, www.bungatelur.com specializes in Malaysian wedding items – something traditional that we have never imagined would be possible online. I’ve contacted the business owner and found that there are actually a lot of businesses coming through from the web!

With all these interests in having Internet presence, new opportunities are also blooming for web design and development companies that provides services for website building. Even myself is having some contractual projects for building websites for all kinds of businesses.

Moreover, some companies or site has introduced specialized services for certain types of businesses to have Internet presence. One good example would be this site called Surgeon Advisor which is targeted for plastic surgeons to market their services in the Internet. Simply termed, I call it Internet marketing for doctors.

Does your business have Internet presence yet?

The Correct Way To SPAM

Some of us might say that there’s no right way to send spams. I partially agree especially the spams contains useless information but I do sometimes receive spams that contains interesting things and products.

Spambots is a no no. But living in Malaysia I receive quite a number of people sending emails promoting their valid services and products. I don’t like it but if you can’t stop it you have to live with it.

Some rules that is acceptable under my own considerations are:

Rule 1: anti virus

Use anti virus in your computer where you send the emails from.

Rule 2: recipients

NEVER put recipients email addresses inside the To: field. Instead, use the Bcc: field. This way, the recipient will still receive your email and know who is it from. Why? This is because 100% of the times, your recipient are not related to each other. You have no rights to reveal other people’s email addresses to the public. This also increases the chances of email viruses to propagate and send emails to thousands of people. You can control your PC but not the recipient’s.

Let’s say you send an email to user A, B, and C by putting them in the To: field, and user B is a nest of virus. The viruses in user B’s PC will be able to see user A and C email addresses and propagate themselves. This will not happen if you send using Bcc: field, where user B’s PC will only be able to see your email address and sends viruses to you. Hey, that’s the risk you have to take. You can always send an email with the From: address is not yours or make up any address but I am not going to teach that here.

Rule 3: sender

Always use your real name as sender. Use something like “special promotion” or “tawaran hebat” will definitely make sure your email end up in Junk boxes.

Rule 4: subject

Don’t use weird character like the underscore (_), quotes, or even to the extreme: normal brackets. Spams usually will try to avoid spam filters by masking words. For example a spam promoting weight loss products use the word “we_ight“. This no longer works as spam filters have been made to detect these kinds of things.

So people, if you send emails using the general rules above I am more than willing to have a peek before deleting the emails.

Be safe.

Firefox 2.0 Spell Checker in Action

I knew Firefox 2.0 contains built-in spell checker, but was not really looking for it.

To my surprise while typing in my previous post, it starts underlining misspelled words. The funny thing is that even Firefox is considered as wrongly spelled? It suggested “Firebox” or “fire fox”. 🙂

This is, however not a big deal. This functionality is very good indeed, especially when posting entries. By the way in the screen shot below my active dictionary is en-GB.

Spell check

A Real Computer Expert, At Last

At last in yesterday’s edition of the articles about Internet Banking, the same newspaper as mentioned in the previous post interviewed Datuk Abdul Hamidy Abdul Hafiz, the chairman of the Association of Banks in Malaysia (ABM). In the interview, Datuk Hamidy explained about the problem like an expert. I am not sure about his background, but he sure know about it better than the “computer expert”.

Quote:

ABDUL HAMIDY: Phishing bukanlah satu trend. Ia merupakan satu penipuan dan tidak boleh dihentikan kerana ada sahaja orang yang hendak mencuba.

Tetapi kalau kita melihat cara phishing ini dia bukan hendak menembusi (penetrate) sistem bank, tetapi ingin menembusi sistem milik pelanggan. Ini bermakna, penipuan tersebut berlaku terhadap pelanggan yang masih kurang berpengetahuan mengenai keselamatan di Internet.

Maksud Datuk pelanggan yang tidak cekap menggunakan Internet.

ABDUL HAMIDY: Ya. Mereka yang masih tidak cekap menggunakan Internet.

Oleh kerana itu semua bank yang mempunyai kemudahan perbankan Internet sentiasa memberitahu peraturan dan langkah-langkah keselamatan.

Pelanggan kadangkala mengabaikan peraturan yang diberikan oleh pihak bank kerana menganggap peraturan itu terlalu panjang.

Kita berharap pelanggan akan membaca dan memahami peraturan yang telah disediakan. Kalau mereka (pelanggan) tidak faham mengenai peraturan atau langkah yang disediakan, mereka boleh menghubungi Pusat Pengurusan Pelanggan.

Original news: http://www.utusan.com.my/utusan/…

This time I am short of time to translate anything. If you are interested just let me know.

As a summary, he said that the problem is not with banking website, but with the users’ Internet skills. Criminals are not attacking banking websites, but users. Right on target, Datuk.

Internet Banking Risks – Computer Expert Fooled, Refuse to Use Service

This article from a local Malaysian newspaper website caught my eyes. The funny thing is that the person interviewed by the journalist claimed his/her self as a computer expert. And he/she was fooled by an Internet banking scam. Expert? I don’t think so.

Anyway, my point being, articles like this will surely deter usage of Internet banking in Malaysia. Internet banking is safe indeed, and with a few precautions in mind it’s a great experience. Of course, somebody from the bank can steal your money. But can they also do that without Internet banking? Think about it.

Here are some things (there may be more) that you always need to remember when using Internet banking:

  • NEVER NEVER NEVER click on links in email. For a few years now my banks have never sent me an email with links to click on!
  • Look for the padlock in your browser (please see image below). This means that the connection is secure.
  • Ensure that the address bar is pointing to the correct website. Banks have specific websites from where they operate. For example Maybank have www.maybank2u.com.my and BCB (CIMB) have www.cimbclicks.com.my. Don’t use the site even if a letter missing!!!
  • Make sure that before the site name, it shows https:// and not http:// or any other thing. This only applies to the login page. Some banks like Maybank have their main page with information served with http://
  • If a warning pops up in your face saying that this site may be forged, just believe it first, ask questions later.
  • Use a reliable browse like Firefox. In this post you can see it detects a phishing site correctly. If you’re not currently viewing this page using Firefox, consider using the link on top of the page to download it.
  • Banks will never ask for your username or password in emails or call you to ask for those information. Keep your login information to yourself.

maybank2u_verify.png

maybank2u_verify_ie.png

If you are unsure, email or call the bank helpline. Previously I suggested for you to contact me so that I can help in confirming, but changed my mind. Trust only the bank.

In my point of view, articles from a computer expert like the guy/gal below should be explaining and helping instead of complaining. He/she said he/she advices people to be careful, but how?

Get your points straight, media!

Direct translation follows:

Internet Banking Risks – Computer Expert Fooled, Refuse to Use Service

By YULPISMAN ASLI

Do you feel safe and convinced making financial transactions via Internet banking?

Do you know that Internet banking sites can be cloned by anyone – from a school kid to a cyber criminal – in only one or two hours?

Ironically, Utusan Malaysia was told by a computer expert that he/she him/her self doesn’t want to use the service anymore.

Why? Because he/she has been fooled via the online banking service.

“I made a transaction online but never received the money. Now I prefer going to the bank to make transactions,” said the computer expert (who refused to reveal his/her identity) from a government agency, here today.

For that particular case experienced by the computer expert, the acitivity was finally detected by National ICT Security & Emergency Response Centre (NISER).

The phenomenon that is happening is real.

Yesterday police arrested four university students and nine others because they created a forged web site of local banks to steal customer information before withdrawing their money.

According to the expert, with only a computer, Internet and browser software, a person can create a forged bank website that can potentially cause millions of customers’ ringgits disappear.

“Furthermore to create such website, they don’t need a long time, only about one to two hours,” he/she said.

He/she said, what the creators of the forged website needed to do is create a website that looks like the original website.

This can be done by copying the whole website, while the software is available in the market.

He/she said, the activity however can’t use the same original URL (domain address) of the website as it is protected, but they can create an alternative network that can confuse the bank customers.

“In the Internet world you can do anything (create forged bank websites). It’s not hard to copy, it takes only a while,” he/she said.

He/she said, usually, those who don’t have the knowledge and doesn’t know about IT world will be exposed to the forged websites.

In relation to that, he/she advices the public to be a lot more careful when doing online banking transactions to prevent from becoming a victim.

Yesterday, Assistant Director of Cyber Crime and Multimedia, Assistant Commissioner Ismail Yatim said, police have arrested four university students who were lead by a government officer’s son/daughter as they are involved in creating forged bank websites to steal customer information before withdrawing their money.

The four students were among the 13 people arrested for their involvement in the cyber crime. They were arrested in multiple raids in Kelantan, Selangor, and KL.

Their MO so far that has caused loss amounting to RM36,000 is sending emails to bank customers and requesting them to update the details in their bank account.

They then asked the customers to click on a link in the email, to update the details.

After clicking on the link, they are requested to input their username and password without realizing that the website is forged.

The information filled by the customers will be saved automatically in the data created by the syndicate, accordingly making it easy for them to access the victim’s bank account and transfer all the money.

Original news:

Risiko perbankan Internet — Pakar komputer pernah ditipu, enggan guna lagi perkhidmatan

Oleh YULPISMAN ASLI

KUALA LUMPUR 11 Okt. – Selamatkah atau yakinkah anda menggunakan perkhidmatan transaksi wang dan urusan seumpamanya menerusi perbankan Internet?

Tahukah anda bahawa laman web perbankan boleh diciplak oleh sesiapa sahaja – daripada murid sekolah sehinggalah kepada penjenayah siber – dalam tempoh satu hingga dua jam sahaja?

Ironisnya, Utusan Malaysia diberitahu oleh seorang pakar komputer tempatan bahawa beliau sendiri tidak mahu lagi menggunakan perkhidmatan itu.

Mengapa? Kerana dia pernah ditipu menerusi perkhidmatan perbankan secara online itu.

Saya membuat urusan secara talian tetapi bank tidak menerima wang itu. Sekarang saya lebih suka pergi ke bank untuk membuat urusan, kata pakar komputer (yang enggan mendedahkan identitinya) dari sebuah agensi kerajaan itu, di sini hari ini.

Bagi kes yang dialami oleh pakar komputer itu, kegiatan tersebut akhirnya dikesan oleh Pusat Keselamatan dan Tindak Balas Kecemasan Teknologi Komunikasi dan Maklumat Negara (NISER).

Fenomena yang berlaku ini adalah nyata.

Semalam polis menangkap empat pelajar universiti dan sembilan yang lain kerana mencipta laman web palsu bank-bank tempatan untuk mencuri maklumat pelanggan sebelum mengeluarkan wang mereka.

Menurut pakar itu lagi, dengan hanya memiliki sebuah komputer, Internet dan perisisan pelayar, seseorang itu boleh mencipta laman web palsu bank sehingga boleh melesapkan berjuta-juta ringgit wang pelanggan.

Malah untuk mencipta laman web palsu itu, mereka tidak perlukan masa yang lama, hanya kira-kira satu hingga dua jam sahaja, katanya.

Beliau berkata, apa yang perlu dilakukan oleh pencipta laman web palsu itu ialah mencipta laman web seakan-akan laman web asal.

Ini boleh dilakukan dengan meniru keseluruhan laman web terbabit, sementara perisian pula boleh didapati di pasaran.

Katanya, kegiatan itu bagaimanapun tidak boleh meniru URL (alamat domain) asal laman web berkenaan kerana ia dilindungi, tetapi mereka boleh mewujudkan rangkaian alternatif sehingga boleh mengelirukan para pelanggan bank terbabit.

Dalam dunia Internet memang semua boleh buat (mewujudkan laman-laman web palsu bank). Nak tiru bukan susah, sekejap sahaja , katanya.

Beliau berkata, selalunya, mereka yang tidak mempunyai pengetahuan dan tidak tahu tentang selok-belok dunia IT akan terdedah kepada laman web palsu tersebut.

Sehubungan itu, beliau menasihatkan orang ramai supaya lebih berhati-hati ketika membuat urusan bank secara online bagi mengelak menjadi mangsa.

Semalam, Penolong Pengarah Jenayah Siber dan Multimedia, Asisten Komisioner Ismail Yatim berkata, polis telah memberkas empat pelajar universiti yang didalangi anak seorang pegawai tinggi kerajaan setelah terlibat dalam kegiatan mencipta laman web palsu bank-bank tempatan untuk mencuri maklumat pelanggan sebelum mengeluarkan wang mereka.

Empat pelajar itu adalah antara 13 orang yang ditangkap kerana terbabit dalam kegiatan jenayah siber terbabit. Mereka ditahan dalam beberapa serbuan sekitar Kelantan, Selangor dan ibu negara.

Modus operandi mereka yang setakat ini telah menyebabkan kerugian sebanyak RM36,000 ialah menghantar e-mel kepada pelanggan bank dan meminta mangsa mengemas kini maklumat akaun bank mereka.

Mereka kemudian meminta mangsa klik pada satu pautan yang tertera di e-mel tersebut kononnya bagi tujuan mengemaskinikan akaun simpanan mereka.

Setelah klik pada pautan itu, mereka disuruh memasukkan nama pengguna dan kata laluan tanpa menyedari laman web tersebut sebenarnya palsu.

Maklumat yang diisi itu akan disimpan secara automatik dalam data yang dicipta sindiket itu, seterusnya memudahkan mereka mengakses akaun bank mangsa dan memindahkan semua wang milik mangsa.

Contents above directly copied from http://www.utusan.com.my/utusan/…

Hans Reiser Held for Murder

No, it’s not Hans Reiser the actor, it’s Hans Reiser the creator of ReiserFS. ReiserFS is a journaled computer file system mainly used in Linux.

He was taken into custody 10th October at 10am in Oakland. He is suspected of murdering his wife, Nina Reiser. Nina is currently missing, but the authorities think that she has been murdered.

Hans got into UC Berkeley when he was 15, where he obtained his Bachelors in Systematizing. I hope he didn’t do it. I want Reiser4 in Linux kernel!!

Original news here.