Wednesday, December 16, 2009

POSTER


To increase the level of people awareness about multimedia law!

Sunday, December 13, 2009

Phishing in Malaysia

What is phishing?
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

The latest phishing attack on Malaysia's Maybank is the third in three months. The faked send address is from the Putrajaya World Trade Centre and the link is to a server at connhypo.com. The scam is as follows:
Reconfirm your online access
We would like to inform you that we are currently carring out scheduled maintenance.In order to guarantee the high level of security to our business customers.We require you to complete " Maybank Commercial Online Form "Please complete Maybank Commercial Online Form using the link below:
Maybank Commercial Online Form
This is auto-generated email, please do not respond to this email .

Phishing website of Maybank:
hxxp://sebastianschaper.net/aegabi06/cache/May2u-Service/Maybank2u_com.html
hxxp://tradewindcay.com/images/Internet-Customer/Maybank2u.html

The damage caused by phishing ranges from denial of access to e-mail to substantial financial loss. The damage ranges from loss of access to email and other online accounts to loss of money, investments, etc. Phishing is becoming more popular, because of the number of unsuspecting people who are easily tricked into divulging information to phishers.


There are several different techniques to combat phishing, including legislation and technology created specifically to protect against phishing. Attempts to deal with the growing number of reported phishing incidents include user training, public awareness, and technical security measures.

References:
http://www.damnedspyware.com/fake-malaysia-maybank-website-phishing.html
http://www.shaolintiger.com/2009/03/23/maybank-phishing-scam-e-mails-in-malaysia/
http://www.bankinginsurancesecurities.com/sanctions_closures_fi_frauds/fi_frauds/fi_frauds_phishing_maybank_malaysia

Kaspersky Lab's Malaysian Web site hacked

Russian security company Kaspersky Lab's Web site for Malaysia was defaced on Saturday along with one of its online shopping sites, according to Zone-H, an organization that documents such attacks.

Hacking is unauthorized use of computer and network resources. People who engage in computer hacking activities are often called hackers.

It is criminal because the hacker hacks the website without authorize permission and enable the hacker to gain control over the Web site. It causes the site to no longer open to the public and requires a user name and password for access. Although the attacks appear to be just vandalism, but there could be more serious risks because it is possible for an attacker to upload malicious software labeled as Kaspersky's software. This creates problems to user who were tricked by downloading the software and affected by it which will harm the computer system causing it to be error. Furthermore, hackers which inserted malicious software such as “key loggers” will obtain the information u keyed in and will abuse and use for their own their advantage.

Reference: http://www.itworld.com/internet/53700/kaspersky-labs-malaysian-web-site-hacked

Wednesday, December 2, 2009

Tutorial Exercise: Law on PDP and Cybercrime

a. Linda was stunned in front of her PC when she received an electronic mail, in a chain of senders and receivers, telling bad things about herself, her crazy shopping habits, her domestic problems and her involvement in superstitious activities with a bomoh(magician) allegedly for gaining her more wealth and fortunes. She is now thinking to pursue legal actions for this unfavorable email against her. With reference to the above case, explain the meaning of online defamation, and discuss the legal remedies available for Linda.


According to The Electronic Frontier Foundation, defamation is a false and unprivileged statement of fact that is harmful to someone's reputation, and published "with fault," meaning as a result of negligence or malice. Libel is a written defamation while slander is a spoken defamation. It is also a false statement, presented as fact either deliberately intended to harm your reputation or as the result of negligence. The elements that must be proved to establish defamation are included

1. a publication to one other than the person defamed;
2. a false statement of fact;
3. that is understood as
a. being of and concerning the plaintiff; and
b. tending to harm the reputation of plaintiff.
4. If the plaintiff is a public figure, he or she must also prove actual malice.

Linda can actually take the case to court, but she has to consult online reputation expert to help her as well. She is actually being protected under the law of defamation which concerned with protecting the reputation of individual, corporation or other legal person from the harm caused by the communication of untrue statements to a third party. All the claims from the email can consider as a publication of permanent form as, according to the Law of Defamation Act 1957, Section (3) For the purpose of the law of libel and slander the broadcasting of words by means of radio communication shall be treated as publication in a permanent form. As for the severance of defences, in Section (19), Whenever in any action of libel the plaintiff sues more than one defendant, whether jointly, severally, or in the alternative, each defendant may file a separate statement of his case and appear at the trial by separate counsel or if he thinks fit, apologize or pay money into court or make other amends, whatever may be the defences set up by his co-defendants, and the plaintiff may accept such apology, money, or other amends and settle or compromise the suit and discontinue the action as between himself and one or more defendants without reference to the other defendants: Provided always that the rights and interests of the other defendant or defendants shall not in any way be prejudiced thereby.


b. Tommy, a Multimedia student at MMU, was caught by University authority after it was found that he had cracked the University’s information system, defaced the front page of University’s official website and stolen a bulk of confidential data regarding students’ academic records. It was also discovered that he had attempted to break several lecturers’ computer system but without avail. On the investigation he said that all his action was just for fun exploring the system’s weaknesses and without any criminal intention. In this case, advise the University regarding Tommy’s liabilities arising from his actions with reference to the law of computer crimes in Malaysia.

Tommy had cracked the University’s information system which can lead him to guilty as base on CCA Section 3(1): A person shall be guilty of an offence if (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer; (b) the access he intends to secure is unauthorized; and (c) he knows at the time when he causes the computer to perform the function that that is the case. If Tommy is guilty under this section, he is liable to a maximum RM 50,000.00 fine or to 5 years imprisonment or to both.

Another wrongful act which Tommy defaced the front page the University’s official website and stolen a bulk of confidential data regarding students’ academic records can actually lead to punishable with a maximum RM 100,000.00 fine or to 7 years imprisonment or to both as according to CCA Section 5(1): A person shall be guilty of an offence if he does any act which he knows will cause unauthorized modification of the contents of any computer. If the act is done with further intention of causing injury, Tommy can be punished up to RM 150,000.00 fine or 10 years imprisonment or both.

Although Tommy said that all his action was just for fun exploring the system’s weaknesses and without any criminal intention. However, base on CCA Section(3), recreational hacking, unauthorized access to computer, computer system and computer network, computer cracking to explore loopholes in the system and system intrusion are the acts which prohibited in the provision as well.

Tuesday, December 1, 2009

The good hacking and bad hacking


The Good Hacking:
Most of us would never have thought there was never a good side to hacking. Well there is, such as individuals and organizations that conduct security audits and research and publishing their findings for the security industry and to also help new users who aren't familiar with security, this can also help us be a step ahead to protect the online society from exploits and security risks. The people who find security holes and help fix them, and the people who develop security tools and techniques to help fight such acts in the future is also known as hacking, but is used in a good way.

Companies such as us who test security and help users understand security easier; this is an example of a good side of testing and hacking. This is done by examining the systems and examining software that is known to have security weaknesses, then informing the customer so that they can close the hole, by finding new solutions and techniques, this can minimize the work and effort of a hacker in the future.

The Bad Hacking:
This is where you can truly now add in the hackers that break into computer systems for criminal financial gain and as well stealing accounts and causing Identity theft. Base on Computer Crimes Act 1997 Section 3(1): A person shall be guilty of an offence if (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer; (b) the access he intends to secure is unauthorized; and (c) he knows at the time when he causes the computer to perform the function that that is the case. Section 5(1): A person shall be guilty of an offence if he does any act which he knows will cause unauthorized modification of the contents of any computer.

Despite what people think, the bad side can get pretty ugly, such examples are the famous City bank hack and the UK cash-point hack that was successfully blocked before any substantial harm was caused or any information was stolen.

Hacking has a good and bad effect to itself. It can be used for positive things and negative things, no matter what the cause, everything, including hacking, has a positive effect/side. Security will get tighter as the years go by, but we don't need to contribute to the bad side.

Censorship in Malaysia


Censorship is the suppression of speech or deletion of communicative material which may be considered objectionable, harmful, sensitive, or inconvenient to the government or media organizations as determined by a censor.

We have certain human rights, freedom of speech, freedom of press, and freedom of thought. Obviously, there is no absolute freedom in any countries.

I agree with that China government restrict the Internet, press, and some kind of our freedom. Malaysia is more freedom than China in some sides, such as YouTube and Facebook can open at Malaysia. We cannot open YouTube and Face book, there is lots of offensive information to China.

I feel uncomfortable when I watch film in Malaysian cinema. I think I have not seen a whole movie in Malaysian cinema, some kissing and violence scene is cutted. Even though there has classification of movie, such as U, 18 SG, 18 SX, 18 PA, and 18 PL, I cannot watch a whole film in 18 either. Some scene also is cutted in 18 SG, 18 SX, 18 PA, and 18 PL. Some films were banned at some point of time; some films are still banned, such as series of SAW, Underworld, and Sin City.
I know that the Film Censorship Board of Malaysia is a Malaysian government ministry that vets films. It is under the control of the Home Ministry. The Board was established under the Film Censorship Act, and its role was revised in 2002 under an updated version of the Act. Any film that is to be screened in Malaysia must be certified by the Board. Under the provisions of the Act, no one is allowed to view any film that has not been licensed by the Board.

I think there is nothing to compare in different countries. Different countries have different censorship base on their norms, culture, environment, and economy.

Saturday, November 28, 2009

web site’s privacy policy is very important

There are 9 principles of data protection which are the personal data shall be collected fairly and lawfully, Purpose of collection of personal data, Use of personal data, Disclosure of personal data, Accuracy of personal data, Duration of retention of personal data, Access to and correction of personal data, Security of personal data, Information to be generally available.

Let me share an article. This article is about the website’s privacy policy that is very important. Do not copy privacy policy from other websites, it may be not correct when it comes to the new site using the policy, and when it comes to privacy policies, inaccuracy can be expensive. If you have to copy, be careful. Don’t forget that your privacy policy has to remain accurate over time. There are also organizations like TRUSTe and P3PWiz that offer templates and consulting to help with policies.

Source: http://www.businessweek.com/smallbiz/running_small_business/archives/2009/08/why_web_site_pr.html