Search This Blog

Sunday, January 16, 2022

How We Can Lose Our Bank Money

15 January 2022



Lately,  there is a lot of reports about people losing their bank money.   These people have something in common.

1.  They are from the certain bank;

2.  They lost the money due to phishing;

3.  Sum involved is pretty large; in terms of tens of thousands and in some cases,  more than SGD$100,000;

4.  They all receive an SMS that is using the bank's ID; and

          5.  They are unaware that they have been phished;

What is phishing?

It is a fraudulent practice of attackers sending emails or SMS using the name of reputable companies in order to get the victims to reveal their personal information, such as passwords and credit card or bank account numbers.  

How do they get phished?

In the present context,   the attackers were sending SMS messages under the name of the bank.  This led to the victims believing that the message was sent by the bank.  Usually, these phishing messages will require the victims to click a  web address.  For example,  in this SMS message shown attached,  the victims must be very surprised to receive the SMS that said a payee account of an unknown person has been added.   And if the victims never knew who is Mr Jones,  they would normally click the link "ocbc-help.com" to find out.  That site listed is actually the phishing website.
 







Once the user is at that phishing webpage that will look exactly like the bank's webpage,   the victim will unsuspectedly enter their user name & password like usual in order to find out what went wrong.  

How does the attacker send SMS under the Bank's IDs?

All the attacker needs to do is to change the sender's ID in the SMS to the one that matches the bank's ID.  Normally,  this is not possible using handphones as many countries disallowed such practices.   If we open our SMS,  we will find that there is no way to change the sender's ID.


But,  the attacker can always use other means to send SMS to the victims' phones.  This is because phones today are using digital signals to send and receive voice & messages. There are many service providers in the market that can send SMS using other means such as a PC.  One of them available in many countries is called "Exotel".   This service is using iCloud.  It is believed this kind of service has not been regularised.  For some reason, the service provider allows users to change the sender's ID
   

Why Can't the Government Block the Service?

There is no reason why Government cannot issue directives to cellular partners and providers to block this kind of service.  But it is believed that this will not help much as attackers will always come up with other means to negate the block and carry out their phishing business in other ways. Also,  there will be many difficulties trying to track down and get rid of these attackers because they are likely to be overseas. 

Whatever the Government can do will be rather limited.   But one thing is for sure,  no matter how much the Government could do to stamp out bank phishing,  it will not solve the root problem of people being greedy & curious and can be easily lurked to reveal their personal information.

How does the attacker transfer the money out of the bank?

No one really knows how the attacker transferred the money out of the bank.   One possible scenario could be as follows:-

Take the above SMS about MR C. JONES, for example,  the attacker would have expected the victim to key in the user name and the password and click the "login" button when he lurked the victim to the phishing page.   This might have established a network link.

By clicking the login button,  it will easily allow the attacker to upload spyware to the victim's phone and initiate an installation without the victim noticing anything wrong.  The function of the spyware is to "listen" or eavesdrop on the MSM message of the phone.    


When the attacker requested a bank transfer using the user ID and the passwords (given earlier by the victim),  the bank would,  as usual, send out an OTP message to the victim for which the attacker would have also received at the same time.  Once the attacker is inside the victim's digital account,  they will be able to do many things including silencing the subsequent SMS notifications.  By the time,  the victim noticed there were something wrong and contacted the bank to find out what had happened,   the attacker must have already transferred the money out of the victim's account.


How does the Attacker Withdraw Above the set Limits?

This is one other question that most people would like to know. Usually,  there is always withdrawal limits set either by the bank or the users. Once the limit is breached,   the users will get at least an SMS prompt or the bank will intercept and stop the transaction.    

One possible answer is that since the attacker already has full access to the victim's digital account,  he can always change the withdrawal limits.  He could also change the limits that will require the token confirmation or SMS notification as shown inside the apps of this bank.  



Why Can't the Bank Strengthen their Systems?

There is also no reason why the banks cannot strengthen their checking, verification and messaging system for large sums of money to be transferred out of an account. This was one of many points that many victims have raised.  They blamed the banks for the loss of their money.   

Usually,  the banks would have multiple checking & verification systems in place. Maybe all these safeguards are still not 100% foolproof.  The banks should therefore carry out throughout investigation and find out whether they could further strengthen their checking & verification systems.   

The banks are relying on an SMS system which is not very secure. They should consider using a better messaging system. 

What the users could do to prevent future happening?

There are a few good suggestions thrown around in the forums.

Recommended

1)  Never trust any SMS or email messages and do not click any links in the SMS or email, especially those from the banks.  Always use only the Bank's Apps for inputs and entries;

2)  Always check if the web address is correct;  If one must access the internet banking site,  always use the one saved in the bookmark & never the one in banking SMS site or in the email;

3)  Always log out using the apps and clear the cache after use; 

Other Suggestions

1)  Use 2 devices,  one for banking transactions which could be the iPad or PC and use the phone only for receiving OTP SMS.  But this method will not help if the attacker already has the victim's user ID and passwords;

2)  Always test the site first by entering a false password and user ID.   Phishing webpage will never be able to correct any wrong entries. But this method will allow also the attacker to upload their spyware into one's phone;

3)  Never be lured to fake pages that offer attractive rewards,  like lucky draws,  job offerings or the like or any news about new notes or otherwise.   This is easy said than done.  Some people will find it difficult to resist such temptations.   



back to top
Update:  18 January 2022

I)  The Zero Click Attack- the Pegasus Spyware

There is a report in Guardian about this new spyware which has become more advanced and powerful.  It was developed by NSO group which is an Israeli company.  This spyware called "Pegasus" has the capability of doing a "zero-click" attack.

Conventional spyware will require phone users to click a button on a webpage for the spyware to be uploaded to the phone.   This Pegasus spyware only needs to place a WhatsApp call to the target device for the spyware to be installed.  Once it has been installed,  the spyware will be able to copy messages, photos and record one's call on a 24/7 basis.  It might even turn on the phone's camera, activate the microphone to record conversations. report where we are and who we have just met etc.

Understand Pegasus spyware is presently only available for use by Government agencies.  The setup price will be more than USD$300,000 as reported by the India Times.


II)   Money Gone within Minutes

Saturday, January 15, 2022

The Comparison of Real World Covid Charts


This 3-chart enables one to compare the infection and death rates of various countries in the World.  They are enlarged charts linked to the following webpage


Navigation:
1.  2 top buttons are for adding and selecting countries.  The right button is for adding countries to pre-selected countries.   It will be displayed when the region and type buttons are selected.  The left button is for selecting & building up countries; 
2.  Use dropdown boxes provided to select the menu for charts;
3.  Use <ctl><click> to select on country or <shift><click> to select several countries in <select countries>;
4.  Use [Call/Save Chart] to call and save the existing chart.  The data saved can be erased by browser memory clearances;
5.  Use the [Expand] button to expand/contract and examine each chart.
6.  To go to Our-World-in-Data page,  just click the "full screen" symbols.  It is located  at the bottom right of every chart.



The death rate is usually more reliable than the infection rate; a lower testing rate will often give false readings in the infection rate


Case Fatality Rate of Various Countries




% of Population Vaccinated According to Vaccination Status


Share of the population partly or fully vaccinated against COVID-19
This is an animated bar chart showing the progress of vaccination in various countries.  Click the play button at the bottom to play.

 

Vaccines Used in Some Countries


One can check from here the various brand of vaccines used by various countries.  Unfortunately,  not all countries are here

Tuesday, January 11, 2022

Repairing Stuck & Broken Key Cap for Logitech MX Keyboard

`
11 January 2022

"Sticking keys" is a common problem in some keyboards. The keys become not sensitive to the finger pressure last time,  causing missing characters while typing.   

The conventional wisdom is to remove the keycap of the key and take out the key hinge to clean them.   But this kind of repair will often break the very flimsy clips on the keycap. The recommendation is to replace the cap and maybe the key hinge.  But these keycaps are not easy to find.  They are also quite expensive.  

This article will not only introduce an easy way to clean the stuck key but also provide an alternate solution to fix the keycaps if they were broken.

The Components of the KeyPad

The keypad consists of the 3 components.   The first component is the base.  It is made of metal.   The second component is the keycap hinge which consists of 2 small plastic pieces; one of the pieces is pivoted and allowed to move freely and the other is a fixed piece that will be clipped onto the metal base.   The last component is the keycap.  It has very few flimsy and easily broken hooks and clips as shown in the following pictures.



Why the keys can get stuck?

The key hinge can get stuck at times due to a lack of lubrication.  This will prevent the keycap from moving up and down.  When this happens,  the keycap will no longer be sensitive to the finger pressure;  therefore,  users will experience a stuck key. Removing the keycap & key hinge will usually free the stuck key but soon,  the stuck key will reappear in the future.  


Knowing this to be the problem,  one could use some lubricants such as WD40  or an electronic switch cleaner to clean and lubricate the keys.  One can do this without having to remove the keycap and key hinge.  The electronic switch cleaner is a better choice because the fluid will evaporate quickly whereas WD40 will leave some oil behind the keyboard.



Why the KeyCap can be Broken?

Usually,  the keycap is broken by the wrong way of removing the keycap.  If one has the chance to open up a keycap and look at the back,  one will see this picture




For this Logitech MX keyboard,   the keycap has a pair of plastic clips at the top,  and a pair of hooks at the bottom.  Therefore,  one should always remove the keycap by prying open the keycap from the top right-hand and the left-hand corner.  One should never try to pry open the keycap from the bottom as this will break the hooks of the keycap.  After the clips at the top are free,   the keycap should be "slide" forward to unhook the keycap before removing it.  

The keycap clips at the top can be easily broken if one were to force-fit the keycap when it is not in the correct position.  To re-assemble back the keycap,   the correct way is to place the keycap such that the bottom hooks can be "slide" in first,  and when there is a feeling that the hooks are in the correct place, press the top part down,  one corner at a time.
  

Why the Key Hinge can be Broken?

As for the key hinge, one should always remove it from the top right-hand and left-hand clips.  Prying the hinge from the centre might break the hinge.




What to do when they were Broken?

One can search the web and buy them online but they are pretty expensive.  The pairs of the keycap and the hinge might cost around USD15/=. 

If the keycap clip is broken,  one can still use it by applying a small bit of strong rubber glue on the top of the moving hinge (as shown brown in the yellow moving hinge).  After that,  secure the keycap with adhesive tape until the glue is dry. Try not to apply too much glue as the spilling of the glue might glue up the moving hinge.  It is not wise to use "super glue" for the job as there might be a need to break the glue in future to do some repair underneath the keycap.


If the keycap hook at the bottom is broken, looks like the repair will need a replacement.  This is because the keycap is using the hook as a pivot for the up and down "floating" movement.  

However,  it might be worth the while to investigate if one can glue a hook made of copper wires and glue it onto the keycap as suggested by the following picture. One can also try to use the keycap with the missing hooks though the key might not be so sensitive as before.  
 



The Reports About Covid Death Rates in Singapore and Malaysia

`

11 January 2022

There was a lot of discussions about which vaccine is better and why are they better.   There are generally 2 active discussion groups among the netizens of  Singapore and Malaysia.  These groups are divided among those who took Pfizer or Moderna,  the mRNA vaccine and the Sinovac or Sinopharm,  the inactivated vaccine.  

What are the differences?

Both brands are extensively used all over the World especially in Singapore and Malaysia.  The "mRNA" is using the newer technology whereas the "inactivated" is using the traditional method i.e. taking live viruses and killing them using chemicals, heat or radiation.  The "inactivated" has been proven to work in people in the past but the "mRNA" is said to have better protection power but it is a new technology that has not been proven except for the approval of various Authorities under the name of "emergency use".  

Because of this,  many anti-mRNA are not convinced that mRNA is a better vaccine.  They often tried to sell "inactivated vaccine" as a well-proven and safer vaccine with lesser side effects.  This is despite the many reports indicating all brands of the vaccine are more or less having similar side effects except some people were more allergic to mRNA for some reason.

What has been found today?

It is the death rate reports of those fully or partially vaccinated who have died recently.  Both Malaysia and Singapore Authorities have published details about the dead figures regularly but they seldom release anything about the death rates according to the brands of the vaccine.   Here is a summary of their recent reports.


Their reports show that Sinovac is a weaker vaccine in protecting people against death.   The best is offered by Moderna,  followed by AstraZeneca,  Pfizer,  Sinopharm and Sinovac in that order.

Limitations of the Reports

The Malaysian report was published in a Medical Journal called MedRvix whereas the Singapore report was a transcript of a speech delivered by the Singapore Health Minister, Mr Ong YK,  in the Parliament. 

The Malaysian report cited that there were no observation data for each vaccinated patient who died recently due to Covid.  There were also no data about the factors that caused the Covid-19 death.   As for the Singapore report,   most would like to read the detailed reports to be released by the Authority.

In Conclusion

The reports released by the Authorities must be for information purposes in order to satisfy the general public who have not been kept informed about the protection of vaccines against death.   

The Malaysian report has pointed out the limitations of their report and advised readers to pay more attention to the advantage of COVID-19 vaccination in reducing the risk of death rather than choosing which vaccine is better than the other.   It added that "regardless of the vaccine type, getting vaccinated is the best way to protect against the risk of COVID-19 death".

Update (20 March 2022)

Hong Kong released death figures for Covid cases. 5,437 deaths so far, out of which 5,167 or 70% unvaccinated. Among the remaining 1,486 or 30% vaccinated, 1,292 or 87% took Sinovac and 184 or 12% took N-Tech or Pfizer.

Double click picture to go to website




Attachments

a)  Video of Straits Times 









Saturday, January 8, 2022

The Components Inside a DeskTop PC (Lesson 1)

8 January 2022

This article is prepared for those who want to learn how to assemble a personal computer. 

What are the Components inside the PC?

Inside a desktop PC,  one should find the following components


1)   Motherboard


The Motherboard is where the CPU is located and the CPU is the "brain" inside a PC.

The CPU is located beneath the CPU fan as shown in the following picture


Besides the CPU,   there are other supporting components to facilitate the communication between the CPU and Graphics card for example.   There are also other communication channels allowing the CPU to talk to other peripherals connected to the PC,  such as printers,  games controllers and monitors that are to be connected to the PC.


2)  Power Supply Unit

The CPU or the PC will not run unless there is power connected to it.  This is where the power supply unit is so important.   The power supply unit converts and steps down the 230 household supply into lower voltages so that the PC can run.   The following lower voltages are supplied by the Power Supply unit:-

a)  5 Volts
b)  -5 Volts
c)  +12 Volts
d)  -12 Volts
e)  +3  Volts
f)    -3 Volts




3)  Graphic Card

This is the card that converts the CPU's output signal into a video signal so that the CPU output can be displayed on the monitor.   There is various type of connection for various kind of monitors;  some have display resolution better than the others.


For example,  this graphic card will convert the CPU output signals directly into a monitor that has a display port.  It has also an HDMI & a DVI connector.    It does not have the usual VGI connector because this is a high-resolution card that will display higher resolution graphics for computer games.



4)  Internal Drives

PC will need devices to store all the programs and the operating system (OS) that controls the CPU and other components inside the PC.   This is the function of the internal drives inside the PC.

The internal drive might consist of the following devices

a)  DVD Rom Drive: -  This device allows DVD discs to be read and written by the PC;

b)  SSD Drive:   This device,  consists of computer memory cards that do not have any moving parts.  It is commonly called Solid State Drive.
 
c)  Hard Drive:-  This device has magnetic discs inside that will spin at a very high speed so that information can be stored inside it for the PC to read and write on it.   Besides the spinning disc which is different from an SSD drive,  it has huge storage memories allowing thousand of gigabyte memory to be stored at a cheaper cost,

To be continued.....    

The Holographic Technology Used on the Stage

6 January 2022

Jump to 

1) Update : 8 January 2022  Which Video Show is more impressive?

Jiangsu Satellite TV held a New Year's Eve Concert on eve of 31 December 2021.   It is a concert where a renowned Chinese Singer called Zhou Shen (周深) sang a song together with Teresa Deng Li Jun (邓丽君) on the stage. Deng Li Jun is a famous Taiwanese Singer who passed away on  8 May 1995 in Chiang Mai, Thailand.  


How Do They Do it?

There were no exact details on how they did it;  but,  it is believed they make use of illusion techniques that have been used extensively on the stage.    A simple example is illustrated as follows.


This technique will enable the audiences or viewers to enjoy the 3D photography display without the need of wearing any glasses or gear.


Illusion Technique?

It is a sort of technique to "trick" one's brain so as to see a 3D object as if the object is floating in the air.   Many referred to this as Holographic technology. It is a technique that has been used a centennial ago by a man called  John Henry Pepper who in 1826 came up with a set-up that could show 3D images on the stage.  This technique is now called "Pepper's Ghost"


Today,  this technique is still being used but the illusion effect is much better because of better image processing and projection technologies.  But,  there is one thing that has never changed since Pepper's day in 1826;  that is the use of a projection screen on the stage. What has been changed is the direction of the screen decline and the way to project the image.

The Way of Projection

In the past,  most theatres used declining screens at a 45-degree angle just like what Pepper has used in the last centennial.   Today,  the screen is likely to be vertical for better aesthetic and arrangement.   One screen maker has this illustration on how to locate the projector and the screen.


Isn't Pepper's Ghost a Holographic Technology?

For some reason,   many theatres called Pepper's Ghost stage a holographic stage.   That is just a promotional gimmick to attract more audiences.  There is nothing holographic about Pepper's Ghost stage setup.

Today, real holographic technology is still in the development stage.   It has not been fully commercialised for stage application.  This is mainly because of the limitations in laser and computerisation technology.  The complicated and expensive setup makes it difficult to give a realistic performance on the stage.


What other 3D Techniques are available for Stage?

There is still no other 3D display techniques available today for stage performance if one does not expect the audiences to wear some glasses and gear.   However,  some theatres have used augmented virtual reality techniques;  one example is this performance by Teresa Deng Li Jun (邓丽君) in 2017 where she performed in front and at close distance to the audience,  It is believed that the theatre is using augmented virtual reality rather than the normal pepper's ghost technique.


What is Augmented Virtual Reality?

This is one new technology that makes use of photographic equipment like a handphone to superimpose 2 objects from different locations so that the videos or pictures taken appears to be having the two objects co-existing in one location.  Take the following picture for example,  the polar bear and the members of the family in the picture are seen to be on an iceberg.  Actually,  the picture of the iceberg and the polar bear was taken separately from another location.  The pictures are then superimposed together by photographic equipment and projected onto a large screen to show that the family and the polar bear are together on the iceberg.


BroadcastAR Augmented Reality for National Geographic Channel / UPC from INDE on Vimeo.

The Summary

This youtube video sums up what has been discussed in this article




back to top

Update: 8 January 2022

Which Youtube video show is more impressive?


iPhone and iPad: How to Create a Short Cut in Home Screen to Clear Cache & History

23 November 2024 What are Cache and History? Cache and browser history store information about websites you've visited.  The C ache s to...