, 24 tweets, 5 min read Read on Twitter
Bercakap dari aspek seorang programmer, sebenarnya password kita ni senang-senang ja boleh leak.

Aku taktau ramai ke tak orang Malaysia yang ada kesedaran ni, but scammer/hacker or whatever you call them ada banyak cara untuk curi duit korang.

So let me tell you something,,
I'll try to write this information as generic as possible so that semua orang boleh faham.
PERTAMA: Make sure akaun internet banking korang TOTALLY DISTINCT daripada memana akaun internet korang yang lain, termasuklah akaun portal universiti korang tu!

For instance, ada universiti secara semborono simpan password portal pelajar in cleartext, which means ..
.. which means kalau ada orang IT dalam universiti yang ada root access ke database, dia boleh tengok email and password korang tanpa hijab.

Begitu juga dengan akaun tah apa benda lagi yang korang sign up kat internet ni, tak semuanya amanah.
Ethic seorang programmer tu, bila dia simpan user's authentication data kat dalam database, DIA WAJIB HASH password tersebut, sampai dia sendiri pun taktahu apa password orang tu.

Bayangkan, some IT guys boleh access database dan boleh nampak password hang seketul kat situ.
Gambar ni adalah contoh PERKARA YANG SEPATUTNYA BERLAKU dalam sesebuah database. The passwords must be hashed!

Even tho aku yang develop the whole system dan ada FULL ACCESS kepada database, tapi aku sendiri pun tak tahu apa password depa ni.
Aku cuma nak habaq yang somebody boleh access database and tengok password korang kalau programmer system tu tak hash password user.

Dia ni boleh try an error untuk login ke akaun bank, Twitter, Facebook etc. Kalau password korang sama kat semua akaun, nahaslah korang.
KEDUA: Jangan memandai-mandai isi your debit/credit card details kat memana web waktu hampa nak bayar something.

Kalau boleh, guna third party punya payment method, contoh Internet Banking ke, PayPal ke, etc.

Jangan DIRECTLY enter your card details kat website tu.
Menurut PCI Compliance, seseorang atau sesebuah bisnes tu tak boleh sewenang-wenangnya request atau simpan data debit/credit card user, such as;

- 16 digits card number
- card expiry
- CVC

Why? Chances are ..
.. chances are, the web doesn't have a secure connection (HTTPS), or they store your card data and other risks as well.
KETIGA: HTTPS tu penting.

Setengah bukan orang IT tak nampak pun kepentingan benda ni, so dia semberono ja login kat memana website tanpa sedar ada risiko sebenarnya.

Bahasa mudah, HTTPS ni encrypts any data yang korang pass kepada website tu such as username, password, etc.
Secara mudah fahamnya, mana-mana website yang hanya guna http:// instead of https:// adalah berisiko sekiranya korang isi maklumat sensitif di situ.

Let me tell you why.
Sekiranya korang connect ke public WiFi, and pada masa yang sama ada orang jahat connect to the same WiFi too, he can actually sniff (pintas) your data.

We call it Man-in-the-Middle attack, which means any form yang you isi online, once you hit the Submit button, dia boleh baca.
So kalau ada HTTPS, he only sees gibberish data. You isi password, he can't read that. You're safe.

But in computer security, not everything is 100% secured. Kekadang masih ada loophole jugak.
KEEMPAT: Elakkan login apa-apa guna public WiFi, especially your Internet Banking.

Orang ambik mudah ja benda ni, tapi sebenarnya dia ada impak jugak.
For instance, purchasing something from Lazada, pastu nak bayar guna Internet Banking, PayPal, etc.

Bayar guna IB/PayPal kan kena login? Even tho IB and PayPal use HTTPS and request TAC, but kalau boleh elakkan la for your own safety. Reason dia macam tadi, orang boleh sniff.
Aku biasanya guna data sendiri je. Or guna WiFi rumah sebab dalam rumah aku takdak hacker lol.

Kekadang kalau trauma or terpaksa sangat sampai guna VPN 😂
KELIMA: Bila nak login CIMB ke apa tu, rajin-rajinla tengok address bar tu. Make sure URL dia betul.

Sebab, boleh je kalau kitorang nak buat replika website yang sejibik macam CIMB. Bila orang login, kita log username and password dia. This is called phishing.
Ni la tujuannya any internet banking ada SecureWord, SecureImage untuk make sure sebelum korang isi password tu, korang boleh verify your SecureWord tu.

Bukan saja-saja letak kat situ untuk menyusahkan korang.

Sebab ada ja orang sangat-sangat careless. Tau nak login ja.
KESIMPULANNYA,

Ada banyak lagi cara orang nak scam kita. Otak manusia ni semakin hari semakin kreatif. Tunggu la kita careless sikit je, habiss.

Please stay safe online people.
I forgot this. Additional info:

If you click "Forgot Password" and they decided to email you your real password instead of a link for you to reset your password,

That absolutely means you're vulnerable.
Imagine kalau database system kerajaan leaked and end-up programmer tak hash password users.

Millions of data can fall into the wrong hands.

Dah la kebanyakan Malaysians guna password yang sama untuk apa-apa accounts 😅

Em ramai yang tanya pasal incognito. Sebenarnya incognito ni doesn't necessarily mean that you are safe.

Incognito does one thing: he does not remember you. Dia lupakan kuki, autofill, history and all that.

So, filling your card info in incognito mode doesn't do anything 😂
But incognito is useful bila nak cek email ke apa dekat cc or public computer perhaps.

Berguna untuk jenis yang login pastu lupa nak logout. Ehe!
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Omar Mokhtar Al-Asad
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!