MDDI recently stated that "people can make a good guess at someone's full NRIC number [...] especially if one also knows the year of birth of the person". I will attempt to make a good guess at Minister Josephine Teo's NRIC based on available information. I will be working off this set of ...

Just encountered a rather interesting redirection malware. The first sign that something was wrong was that the search engine results on Google had spammy metadata. This may not be an actual compromise as it could have been caused by issues such as spammers submitting fake sitemaps to Google. ...

Apparently, you can now sign documents with Singpass using any of the digital signing partners. I have compiled the table below with each provider's most basic plan for easier reference with a focus on individual and not corporate usage. The signing certificate used by Singpass is currently not ...

Apparently, spammers are now using Flash SMS to send their messages. This is the first time I have heard of Flash SMS and it is deeply concerning as the message automatically opens and displays on the screen even if the phone is locked. Less savvy users may be easily tricked into thinking that ...

The MS-500: Microsoft 365 Security Administration, AZ-500: Microsoft Azure Security Technologies and one more exam from a list of 3, were recently stipulated as part of the requirements under the skilling section for companies interested in earning the designation Microsoft Solutions partner ...

I recently had problems using my Yubikey GPG key to SSH from my WSL instance to a linux server. After the usual checks, it seemed like it was a client side error sign_and_send_pubkey: signing failed for RSA "/home/user/.ssh/id_rsa" from agent: agent refused operation. Most people on the ...

I wasn't expecting to do yet another SANS course but the opportunity did arise for me to do SEC760 in ondemand format. Previously, I had already done SEC660 as well as OSCE and was conversant with buffer overflows in a multitude of formats (EIP overrides, SEH overrides, ASLR/DEP bypass, return ...

The Cyber Security Agency (CSA) posted an advisory about tech support scammers impersonating CSA officers 7 months ago. A few cybersecurity professional, me included, saw the post and immediately commented either directly on the post or on a copy shared by one of the deputy directors that the ...