Immigration checks

Earlier today, some MD of a security firm on channel new asia commented that it is impossible to check every single passport against the list of stolen passports due to the time needed to search the database. Such stringent checks would result in massive holdups at checkpoints. Therefore, apart ...

Encryption and blackmailing

Just read something quite interesting here. Apparently, all the research put into mathematical algorithms is a double edged sword. Encryption can be used to deny the rightful owner access to his data. Fortunately, the attacker in this case made a mistake resulting in a 128 bit key that was ...

Singtel's 5012NV-002 vulnerability

Type: Open port Affects: Singtel's firmware on 2wire 5012NV-002 Version: (HW version: 2701-000808-004, SW version: 9.3.1.29) (Unable to ascertain if other versions are affected as I do not have access to the firmware) Severity: High Ease of exploit: Low Impact: Allows an attacker to gain access ...

URL shortening services

I have never liked nor seen the point of using URL shortening services such as bit.ly, is.gd . The only time I have used it is during lectures or talks when links are shared by copying them directly off the whiteboard or slides. Even then, there are probably better ways to share the links such ...

windows file metadata

Windows seems to keep a very poor record of file attributes such as date created, date modified and date accessed. These attributes are important especially for audit purposes. My profs are even using these dates (in UNIX fortunately) as submission dates. Furthermore, I believe that these dates ...

Layered security

The unfortunate happened to me a few days back. While pushing a project onto a github public repo, I had forgotten to replace my mysql password with a dummy one. So, it was out there in the open for almost 1 entire day before I noticed it. Fortunately for me though, I had an additional layer of ...