Category: Technology

Creative Twittering

As Ashton Kutcher beats CNN in terms of Twitter followers and celebrities joining the ranks (Shaq, Ellen, Oprah, Britney) what are the more creative uses of Twitter other than answering the question of “What are you doing?”?

The 2 recent ones I’ve seen are:

PS Brunei has recently seen an upsurge of Twitterers too, with some newbies being well known Reeda Malik (anakbrunei) and Rano (ranoadidas). Others to note would be David Cheok, Ali Janah, Jan Shim (Shimworld). Find more people from Brunei here (not perfect but may help)

Brunei Recycling Bins Part Deux

As a follow up to this post and in light of Earth Hour and An Inconvenient Truth we should all pitch in to help Earth sustain generations present and generations to come. So what I have is a list and location of…

Recycling bins in Brunei

You can contribute by sending me a photo and giving me a link to the location of the place. To find out the location try using Show Me Where’s It’s At!, a little something I created to help show people where a particular place is.

Show Me Where It’s At!

Ever had a person ask you if you know where a certain place is and you couldn’t get a good map to show them? Well I ran into this issue and I wanted a quick way to add a marker to the map and pass that information on to the necessary person. So here I introduce….

Show Me Where It’s At!

Just click on the map to get started. Fill in the details. Create and give the link to the person who needs the information. A quick sample: Brunei’s National Stadium

A Lesson in Web Application Security Part 2

**Read Part 1 to get the full picture of post**

Notice that there is no user confirmation that the phone number is correct and that I really do want to receive the results via SMS especially because receiving the results comes at a cost of B$3.00! Yes it does give a cancellation code which I could have sent back to not receive the results SMS. The delay between the 2 SMS’s was 3 minutes which is ample time to send a reply, if you are actively checking your phone.

Exploit #1: Overwhelming a single person with many result SMS, and having them be charged at $3.00 a piece. If the person is using a prepaid plan, you could effectively use all their credit creating a denial of service attack. If they are using a post paid account they could just rack up the charges.

Solution: Request users to send a confirmation SMS saying they do indeed want to receive the results.

Taking things a bit further I tried a few things like putting invalid data. Good enough they did validation of the data I put in.

Validation error

After some investigation I found that the problem of this validation is that lies solely on the fact that they used Javascript alone to do the validation check. Javascript being a client side processing means that it can be subject to change. Firefox users have Greasemonkey and Opera users have user scripts. Or you can do what I did and view the source of the page, copy it to a local file, make the necessary changes to the source, load it up without validation checks and send the form on. And what did I do? I registered a my friend’s foreign mobile phone number. My friend confirmed that he received the results SMS despite the fact that he is not in Brunei. This leads to exploit #2 which could effectively rack up foreign SMS charges to SMS gateway that is providing this service.

Exploit #2: By pass client side validation of data

Solution: Use server side validation of data, in this case in the PHP code

This exploit relies on the fact that the application assumes that the information it receives is valid data. This should never be the case. You cannot assume that the user will input the correct information, you must sanitize the data accordingly to ensure that you only have valid data in your application. It is things like this that lead to SQL injection which could cause catastrophic results on your server and even information theft. So whenever designing and implementing any system, you as a developer should do you job properly and factor this in and ensure your application does not suffer from this flaw.

 

PS. This being my first vulnerability disclosure was indeed an experience but and it didn’t go too well I have to say. After I emailed them regarding this issue they didn’t even get back to me. I had to call them up 2 weeks after that to ask if they got it and apparently my email just happened to disappear somewhere. Go figure… So the guy I was talking to gave me his direct email address and he thanked me for my input saying that there are some things that they could change and some things they couldn’t. After another month and 2 emails I sent asking for updates, there was still no word from them. But 3rd times a charm and I finally got a reply saying that they fixed some of the Javascript. Despite that not being the best solution I felt I had waiting long enough and came to disclose the problem. It’s not even a hard fix to implement. Oh well. I shall wait for a reply from the next organization who I sent another security concern too. So far no reply after 3 days.. So I wait….

Brunei’s Online Shopping Experience – Part 1

I was really encouraged when I first heard of QQeStore several years back. They pioneered the field of online shopping on a local stage and they brought it with a nicely designed website too. Not sure how long after that a rival was born in Shopping.com.bn (I won’t and can’t link to them due to their ridiculous terms of use). I’ve been a customer of QQeStore for several purchases ranging from my old phone (Nokia 3110c) to a Sony Ericsson charger to a hard drive and I was please with the experience but I thought I was time to take a look at these 2 shopping stores and pit them head to head in different features and functionality and tell you which store you should shop at. I recently made purchases from both online stores and document my experiences with them in the following sections.

Covered in this art:

  • Design
  • Usability
  • Product Selection

 

Design

QQeStore
QQ: Design WIN

Shopping.com.bn
Shopping.com.bn: Design FAIL

Hands down QQeStore has a great eye pleasing design and is a joy to use: clean, simplistic and functional. Shopping.com.bn is using way too many different colours and

Round 1: QQeStore

 

Usability

QQeStore

Shopping.com.bn
QQ: Typical page Shopping.com.bn: Typical page

Typical page

QQ: item selection Shopping.com.bn: item selection

Item Selection

QQ: Item Page Shopping.com.bn:Item Page 1/2

 
Shopping.com.bn:Item Page 2/2

Item Page

QQ: Pagination WIN Shopping.com.bn: Pagination FAIL

Pagination

Browsing through the catalogue as you decide to window shop or what item to buy, both stores offer a similar experience but QQeStore stands out by having more product information: “Product Details” and “Specifications” while also offering a section on “Other Products In This Category”, a great way to discover other products that may better suite your needs. The product details is an ideal way to introduce unfamiliar customers with the product and is a great way to give an idea to the customers of what the product does, as to some specifications alone may be complete gibberish. Chalk another point for QQeStore with their “next” and “previous” pagination buttons as both offer small hard to click page numbers, these next and previous links help the process of jumping page to page.

Round 2: QQeStore

 

Product Selection

QQeStore

Shopping.com.bn

QQ: Product Selection

Shopping.com.bn: Product Selection

Both stores are very IT and home electronics related but they other things such as jewelry, wedding rings on Shopping.com.bn and some interesting toys and thinga-majigs on QQeStore

Round 3: Tie (No clear winner)

 

Part 1 Conclusion

After 3 round QQeStore has the upper hand with 2 wins over 0 for Shopping.com.bn. In the following parts, topics such as the shopping process, hidden charges, security and price will be covered so stay tuned

Using your phone as a modem via USB

image35

Though Bluetooth is a nice wireless way to use your phone as a modem, Bluetooth has it’s issues and sometimes it’s just not worth it when you can connect your phone via USB easily and without fuss. Using a USB cable would ensure faster transfer speeds over Bluetooth, if the maximum Bluetooth speed is capping your speed, and would also utilize less battery from your phone thereby giving advantages if you don’t mind the wires flowing around

Requirements:

  • Ensure your phone is configured to be able to connect to the Internet (example for DSTCom Brunei)
  • Drivers for the phone to be recognized as a modem on your computer (should be on CD that comes with the phone, or in the installed software, or possibly find it online)

Notes:

  • Following guide is done on Windows XP, if you need a Mac version, do lend me your Mac and I can tried make 1 for you =)
  • To obtain maximum connection speeds, the modem’s maximum speed to maximum as detailed here

 

For All Phones

  1. Connect the phone and install necessary drivers to recognize phone as a modem
  2. Open up “Network Connections” in the “Control Panel” and a new connection should be created
    image41
  3. Use that connection and dial *99# to connect to the Internet
     

For Nokia Phones

Continue reading “Using your phone as a modem via USB”

Using your phone as a Bluetooth modem

As a follow up to “Configuring your phone for mobile Internet (DST)”, in this post I’ll detail how to use  your phone as a Bluetooth modem freeing you from the mess of wires and also providing a way to utilize tethering without installing bloated phone software like the Nokia PC Suite. Using this method also allows DST users with 3G SIM cards and 3G/3.5G capable phones to enjoy the great speeds of DST’s Go! without having to subscribe the the DST Go! service or buying the Go! SIM card or buying the USB modem.

Requirements:

  • Phone with Bluetooth
  • Computer with Bluetooth
  • SIM card with credit (duh)

Requirements for high speed Internet over 3G/3.5G

  • 3G/3.5G phone in 3G mode (3G only or dual mode is acceptable but not GSM)
  • 3G SIM card
  • 3G phone signal (for Nokia phones it is shown with a little “3G” icon under the regular signal bar)

Note1: if phone/SIM does not meet 3G requirements or no 3G signal is available, the phone will fall back to slower GPRS / Edge connection, but the Internet will still be accessible.

Note2: Not all 3G/3.5G phones are created equally and each have a maximum 3G speed that it can obtain. This can hinder These details can be obtained online from places such as GSMArena.com. E.g. Nokia 6680 max 3G speed of 384 kbps, Nokia E51: max speed of 3.6 Mbps.

My current configuration setup:

  • Windows XP Professional
  • Using “dst.internet” as the access point
  • HP Compaq nx6320 notebook
  • Nokia E51 / Nokia 6680 / Nokia 3110c

The following is the brief outline of the procedure utilizing “My Bluetooth Places” software provided by WIDCOMM preinstalled with the notebook, however the concept stays the same over any computer / Bluetooth software:

  1. Pair phone and computer
  2. Configure phone as a Bluetooth modem
  3. Create network connection dialing *99#
  4. Optional: set extra initialization command to:
       +CGDCONT=,,”dst.internet”
           where “dst.internet” is the access point to connect to

Despite the maximum speed defined in the modem settings is 921600 bps (= 900 kbps) which is less than 3.6 Mbps or 7.2 Mbps offered by Go! and typical phones, I have managed to get 1.5 Mbps connections using this Bluetooth method my previous speed tests so I’m not really sure what’s up with that.

Nokia Phones with Nokia PC Suite

Refer to this post. It is for USB connection, but follows the same concept

Detailed Pictorial

Continue reading “Using your phone as a Bluetooth modem”

DST 3G speed tests

While I did get a DST GO! SIM card quite a while back just to see how it is, I am reluctant to call these GO! speed tests as they were done on my phone with a 3G Easi SIM card, not a GO! SIM card. Basically all mobile phone customers of DSTCom (Prima or Easi) can enjoy the fast speeds of GO! without having to spend anything extra, so long as you have the following

  • 3G / 3.5G phone
  • 3G SIM card

Note: Not all 3G/3.5G phones are created equally and each have a maximum 3G speed that it can obtain. These details can be obtained online from places such as GSMArena.com. E.g. Nokia 6680 max 3G speed of 384 kbps, Nokia E51: max speed of 3.6 Mbps.

Jalan Kebangsaan Lama

 

UBD: Institute of Medicine