Monday, December 22, 2008

Phishing Alert: Chinabank Online

First there was Metrobank Direct, then BPI, Asia United Bank, Equitable -PCI (now Banco de Oro) that got hit by phishers wishing to earn money the wrong way from unsuspecting online bankers

I predicted my own bank to be targetted by phishing people and there it was...a phishing email was sent to numerous email recipients where the senders kept their fingers crossed that a few uninformed souls will actually login to their Chinabank Online account.

For your info, China bank Online requires two passwords: one for login and another for transactions (called transaction password). The two can be made the same (i know it's weird, but it can really be set to be the same thus defeating the purpose)

Using two passwords is not the same as two-factor authentication...

Chinabank released advisories warning their clients that they won't send emails requiring acount holders to login to their account.

No bank does that, only evil miscreants do!

Related Post:
Chinabank Swift Code
Chinabank Bank Code for Paypal

Believe It Or Not, Chris Tiu is a Boring Host

I'm a big fan of Ripley's Believe or Not, from the great Jack Palance to the later Dean Cain (of Lois and Clark) as hosts.

On Philippine TV, the show is anchored by Ateneo Basketball star Chris Tiu. While he's a very good basketball player, his hosting skills need lots of polishing...to the point of being boring with an almost monotonous tone reminiscent of AM radio station hosts.

Didn't you notice it? Try to listen to the way he presents each Believe It or Not feature and you'll see...he also depends too much on the teleprompter...

Saturday, December 20, 2008

Microsoft Internet Explorer Flaw: Patch Tuesday and Exploit Wednesday (MS08-078)

The just released patch for critical IE flaw by Microsoft, released out-of-band and not along with the regular batch of Patch Tuesday schedules just makes you realize that the vulnerability being corrected is really critical.

Normally, MS will release patches on the second Tuesday of the month, that's why it's called Patch Tuesday.

When I got wind of the vulnerability release, I immediately had the patch tested for bugs and rolled out to PCs and laptops with Internet access. It's a good thing that most users in the office don't have Internet Access (was cut off on September 21, an ominous date indeed) and also most of those who have use Firefox.

After a vulnerability's made public (though this exploit has been making the rounds of the underground hacker community for a while now), crackers and miscreants race to develop proof-of-concept codes and exploit the vulnerability, zero day or the next day, aptly called Exploit Wednesday.

For those looking download the latest patch, it's filename is IE7-WindowsXP-KB960714-x86-ENU.exe available at Microsoft Update Website (direct link here)

As for me, I don't use Internet Explorer except for testing and accessing stupid IE-only online banks and websites.

Clickjacking: Attack, Defense and Proof of Concept

Clickjacking, the latest of the seemingly endless attacks concocted by security researchers and crackers where unsuspecting visitors of a website are forced to click on invisible buttons and execute scripts, program, malware to steal passwords, cookies, listen to you , even activate your webcam to see what you're doing.

Almost presented by researchers at OWASP (Open Web Application Security Project) and also presented at the Hack in the Box security conference in KL.

For users, it's so dangerous that you'll never know what hit you just by clicking your mouse on a clickjacker's website.

Vulnerable browsers to Clickjacking: ALL (Internet Explorer, Opera, Google Chrome, Firefox, Safari)

Clickjacking Countermeasure: Firefox with NoScript add-on.

The only thing that will protect you from a clickjacking website is Firefox with NoScript Add-on, something I've been using be default when browsing the Internet. Just don't set NoScript to "Allow Scripts Globally" for it's useless defense.

For security awareness seminars, I always remind people refrain from visiting untrusted websites but it's hard for them to actually determine which sites are fine to access.

Later, I will test various clickjacking proof of concept codes/scripts to analyze, but not to be one of the miscreants.

Sunday, December 14, 2008

World of Warcraft: Wrath of the Lich King Cheats and Trailer

The hugely popular World of Warcraft by Blizzard broke its own record by The Burning Crusade which sold 2.4 million copies n 2007 by the new World of Warcraft: Wrath of the Lich King sold 2.8 Million copies.

World of Warcraft: Wrath of the Lich King Trailer:



Will update this post once my brother finds out World of Warcraft: Wrath of the Lich King Cheats one of these days.

Definition of Psychological Incapacity in Annulment Cases in the Philippines

With the growing number of annulment cases in the Philippines as a cover for not-existing divorce the law can fully catch up with loopholes exploited by annulment lawyers (divorce lawyers in the US)

In an earlier post, I've written about a case of Annulment based on psychological incapacity with a lawyer and corrupt judge conniving to fasttrack resolution of annulment cases to days instead of months and years. (In this case, the judge died a few days after issuing the ruling on the case of someone I knew...)

How do you define psychological incapacity for a marriage to be voided? Irreconcilable differences and conflicting personalities should not be one of them.
It must be identified as a psychological illness to be proven medically or clinically.

A newly-filed bill at the House of Representatives said "Its indicators include, among others, excessive and promiscuous sexual hunger, refusal to dwell with the other spouse, manifestations of socio-pathic anomalies like sadism or repeated infliction of physical violence, and laziness. In case of doubt, the bill mandates the court to resolve the case in favor of the existence of the marriage."

Unless the law is passed, the resulting lack of definition in the Family Code makes it a divorce law in disguise.

Related Post:

Marriage Annulment Philippines



Saturday, December 13, 2008

Philippine Rural Bank Holidays and Closures by BSP

We love holidays where no school and office to report to but it's a different matter whan it's a bank holiday for your bank.

In these times, several rural banks, some of them part of the Legacy group were "padlocked and placed under receivership by the Philippine Deposit Insurance Corp" :

Rural Bank of Parañaque
Rural Bank of Bais (Negros Oriental)
Pilipino Rural Bank (PRBI Cebu)
Rural Bank of San Jose (Batangas)
Philippine Countryside Rural Bank Inc. (PCRBI)

Rural banks that have declared a bank holiday:

Dynamic Bank (Rural Bank of Calatagan)
San Pablo City Development Bank
Nation Bank (Bacolod City)
Rural Bank of Carmen (Cebu) Inc.
Rural Bank of Calatagan (Batangas) Inc. (now Dynamic Rural Bank)
Rural Bank of DARBCI Inc.
Rural Bank of Kananga (Leyte) Inc. (now First Interstate Rural Bank)
Rural Bank of Bisayas Minglanilla (now Bank of East Asia)


Rural Bank of Subangdaku (RBS Bank) said they suspended business but it was not a bank holiday.

Note that for depositors of the rural banks to get their money back, just wait for official announcements from the BSP and PDIC. Note that deposits are insured up to P250,000.00 per depositor.

Lastly, thise news shouldn't sow panic on the Philippine Banking industry-- most banks are stable and liquid -- and the things that struck US banks won't hit us since banks are too strict with creditors.

Isn't it too hard to get a loan here?





Tuesday, December 09, 2008

Send Money to the Philippines: Bank SWIFT Codes Wire Transfer

For people working or living outside the Philippines e.g.expats and OFWs wishing to send money to the Philippines via Wire Transfer (or Telegraphic Transfer, TT), the recipient should at least have a bank account at a Philippine bank participating in SWIFT (not all local banks participate) though you can request a bank to transfer to money to your bank of choice for certain fee or bank commission.

You need these information about the recipient and his/her bank details:

Bank Name:
Bank Branch/Location:
Account Name:
Account Code:
SWIFT CODE:

For the Bank SWIFT CODE, here's a listing of verified SWIFT CODES directly from the official SWIFT website, not just copied from the BSP Philpass document

ABN AMRO Bank ABNAPHMM
Allied Banking Corporation ABCMPHMM
American Express Bank Philippines - AMEXPHMM
Asia United Bank Corporation AUBKPHMM
Australia and New Zealand Bank ANZBPHMX
Banco De Oro Universal Bank BNORPHMM
BDO Private Bank BOPBPHMM
Bank of America NA Manila BOFAPH2X
Bank of China Manila Branch BKCHPHMM
Bank of Commerce PABIPHMM
Bank of the Philippine Islands BOPIPHMM (BPI)
Bank of Tokyo Mitsubishi Ltd. BOTKPHMM
BSP Payments and Settlements PHCBPHMD
Chemical Bank Mla Branch JP CHASPHMM
China Banking Corporation CHBKPHMM
ChinaTrust Phil Commercial Bank CTCBPHMM
Citibank Cash Department CITIPHMXPRA
Citibank NA Manila Branch CITIPHMX
CitiBank Treasury Unit CITIPHMXTSU
Deutsche Bank AG DEUTPHMM
Development Bank of the Philippines DBPHPHMM
East West Banking Corporation EWBCPHMM
Equitable PCI Bank PCIBPHMM
Export and Industry Bank EAIBPHMM
Hong Kong and Shanghai Bank HSBCPHMM
ING Bank NV INGBPHMM
International Comm Bank of China ICBCPHMM
International Exchange Bank INXBPHMM
Korea Exchange Bank KOEXPHMM
Land Bank of the Philippines TLBPPHMM
Maybank Philippines Incorporated MBBEPHMM
Metropolitan Bank & Trust Co. MBTCPHMM
Mizuho Corporate Bank MHCBPHMM
Philippine Bank of Communications CPHIPHMM
Philippine National Bank PNBMPHMMTOD
Philippine Veterans Bank PHVBPHMM
Philtrust Bank PHTBPHMM
Prudential Bank PILBPHMM
Rizal Commercial Banking Corp RCBCPHMM
Security Bank and Trust Corp SETCPHMM
Standard Chartered Bank SCBLPHMM
Union Bank of the Philippines UBPHPHMM
United Coconut Planters Bank UCPBPHMM
United Overseas Bank Philippines UOVBPHMM

Notes:
Universal banks with foreign branches e.g. Metrobank has different SWIFT Code for the branches e.g. Shanghai and Kaohsiung (China), Tokyo (Japan), Taipei (Taiwan), and New York (USA).

Please don't ask the SWIFT code of you bank branch. Philippine Banks SWIFT Code are the same unless the branch is in a foreign country

Allied bank Swift Code, AMEX Swift Code, BDO Swift Code, Chinabank Swift Code, DBP Swift Code, HSBC Swift Code, Metrobank Swift Code, PBB Swift Code, PNB Swift Code, RCBC Swift Code, UCPB Swift Code

No information yet on the lowest rates and cheapest way to send money to the Philippines

Some banks maintain correspondent banking relationships to send/receive money

If your bank is not listed here, you may query the official SWIFT database at their website: http://www.swift.com


About Swift:
http://www.swift.com/index.cfm?item_id=41322

"SWIFT is the Society for Worldwide Interbank Financial Telecommunication, a member-owned cooperative through which the financial world conducts its business operations with speed, certainty and confidence. Over 8,300 banking organisations, securities institutions and corporate customers in more than 208 countries trust us every day to exchange millions of standardised financial messages."

There's still no information on the cheapest way to send money to the Philippines. Future posts will focus on remittance charges and money transfer rates.

Sunday, December 07, 2008

Nissin Speedlite Di622 External TTL Flash for Nikon/Canon

I've just bought a shoe-mount flash for my Nikon D80 DSLR camera from a store in Makati City

It's a Nissin Speedlight Di466 Nikon-mount that supports Nikon's i-TTL function.

My first impressions and testing:

It's so easy to use: mount it on you camera, turn it on and use i-TTL mode and you can take pictures with proper exposure.

I tested the slave function to trigger it using my cameras's on-camera flash and it works like charm but only on manual mode. It has no support for other triggers except optical

It has a built-in diffuser for wide angle shots and a built-in bounce card.

Manual mode lets you choose from 6 power level with the touch of a single button.

It's cheaper than Nikon's SB-400 by 33% and better than SB-400. It has almost the same guide number as the Nikon SB-600 Speedlight. I bought the cheaper third-party flash instead of Nikon's due to cost constraints. I can't compare the recycle time with Nikon flashes for I really don't have experience with them

It has a sister slave flash, the Nissin Di466, but I don't intend to be a strobist, I just want to have the advantage of bounced flash for family events.

This will be updated to include other observations and caveats :P

Friday, November 28, 2008

Fern-C Sodium Ascorbate Alkaline Diet and the Deceptive Sales Presentation

An agent of Fern-C visited the office, invited by a peer of mine to present the wonders of Sodium Ascorbate (Chemical Formula C6H7O6Na), claiming to aid or cure various ailments by urging us to drink megadoses of Vitamin C.

He mentioned our bodies need to take in more alkaline food and less of acid producing ones but never the rationale for the change in diet. Since I'm already fmailiar with it, it's called the Alkaline Diet that aims to maintain the proper acid alkaline balance in the body results to weight loss as claimed. No medical study however proved the effectiveness of the diet.

On with the presentation, the man has some sort of mini-laboratory of Chemistry and Physics with him for maximum impact to all of the people in the room except me.

He mixed Sodium Ascorbate with Iodine to demonstrate how Fern-C cleanses the body allegedly of toxins, in this case, iodine. Iodine, when mixed with Sodium Ascorbate, lost its color, drawing applaud and awe from the audience, but the truth is that even if the mixture is now clear, it doesn't necessarily follow it's now cleansed of toxins. No idea yet of the chemical reaction involved but the clear mixture may not exactly be good-- it looks like water but definitely not water.

On the Physics demonstration, he brought out a black box, with electrodes and incandescent light bulb, that he plugged into the AC mains outlet. He then mixed powdered Vitamin C (ascorbic acid) in water then put the electrodes of a black box to it to demonstrate lighting a light bulb.

He repeated the same light bulb experiment using water laced with Fern-C, the bulb lit brighter than with Ascorbic Acid. When immersed in distilled water, the bulb didn't light up. He even plugged an electric fan on the balck box's socket, the fan did rotate although slow and the bulb lit dimly.

Now the deceptive part is when he claimed there's more energy in Fern-C than the Ascorbic Acid solution. This is a fallacy since it only proved that Fern-C is a better conductor of electricity than ascorbic acid and has nothing to do with
energy content of the solution whatsoever. I checked the box after the presentation and noticed it was plugged into the mains socket where it gets the power. The electrodes aren't electrodes at all but merely copper wires with gaps that needed the solution to conduct electricity.

In the end, I didn't buy Fern-C due to their deceptive ways of presenting their products. I can't comment on Fern-C's efficacy but the way he "proved" its efficacy is easily proven to be false. I'm no doctor nor dietitian but I can see the veiled attempts at deception in the chemistry and physics part.

I didn't become an engineer to be fooled so easily by such antics.

---
UPDATE:

1. Ascorbic Acid mixed with Iodine also will create the same effect as Sodium Ascorbate, the "proof" is not really proof at all since the highly-complex human body can't be simulated by a cheap trick in a test tube.

2. On the lighting trick, the Fern C solution did not really produce electricity as discussed above. In order to produce electricity as in a simple cell, you need an electrolyte plus two electrodes of different make like nickel and cadmium for NiCd batteries and lead and carbon for lead-acid batteries, the ones used in automobiles.

the following words are not mine but quoted from official websites of Government agencies, scientific experts, dietitians and nutritionists

THE TRUTH ABOUT ACID/ALKALINE DIET


Acid/Alkaline Theory of Disease is Nonsense, Dr. Mirkin, Georgetown University School of Medicine: " Anyone who tells you that certain foods or supplements make your stomach or blood acidic does not understand nutrition.

You should not believe that it matters whether foods are acidic or alkaline, because no foods change the acidity of anything in your body except your urine. Your stomach is so acidic that no food can change its acidity. Citrus fruits, vinegar, and vitamins such as ascorbic acid or folic acid do not change the acidity of your stomach or your bloodstream. An entire bottle of calcium pills or antacids would not change the acidity of your stomach for more than a few minutes.

All foods that leave your stomach are acidic. Then they enter your intestines where secretions from your pancreas neutralize the stomach acids. So no matter what you eat, the food in stomach is acidic and the food in the intestines is alkaline."

Stephanie Vangsness, M.S., R.D., L.D.N, senior clinical nutritionist at Dana-Farber Cancer Institute and Brigham and Women's Hospital says "You cannot change the acidity of any part of your body except your urine. Your bloodstream and organs control acidity in a very narrow range. Anything that changed acidity in your body would make you very sick and could even kill you. Promoters of these products claim that cancer cells cannot live in an alkaline environment and that is true, but neither can any of the other cells in your body...If you hear someone say that your body is too acidic and you should use their product to make it more alkaline, you would be wise not to believe anything else the person tells you." ( Reviewed by Faculty of Harvard Medical School on October 3, 2008)

Ask the Nutritionist:"...neither the Blood Type Diet nor the Alkaline Diet have scientific evidence to support the purported health benefits made by advocates of these plans. The Blood Type Diet and Acid/Alkaline Diet lack what we refer to as biologic plausibility. In other words, given the medical community's understanding of how the body works, these diets don't make sense. Without well designed, human research studies showing that these diets actually do what they say they can, qualified dietitians, nutritionists and other health care professionals can not recommend either of these diets to their patients."

WHAT AUTHORITIES AND EXPERTS SAY ON VITAMIN C MEGADOSE AND OTHER CLAIMS:

U.S. National Library of Medicine: "Many uses for vitamin C have been proposed, but few have been found to be beneficial in scientific studies. In particular, research in asthma, cancer, and diabetes remains inconclusive, and no benefits have been found in the prevention of cataracts or heart disease."

Vitamin C Requirements: Optimal Health Benefits vs Overdose: "High levels / Overdose / Toxicity / Negative Side Effects - Symptoms and/or Risk Factors:

Diarrhea, abdominal cramps, high stomach acid, increased urination, insomnia, irritability, joint pains, osteoporosis, headaches, hypoglycemia, weakness, anemia, PMS, may increase infections by causing copper deficiency, reduced estrogen, reduced progesterone, reduced prolactin,"

UK Food Standards Agency: Vitamin C: "You should be able to get all the vitamin C you need by eating a varied and balanced diet. But if you decide to take vitamin C supplements it's important not to take too much because this could be harmful."


Vitamin C Cuts Cancer Drug Treatment Effectiveness:"researchers urge that it is vitamin C supplement conflicting with cancer treatment, natural vitamins in fruits and vegetables will never conflict with any treatment. This is why those undergoing chemotherapy should avoid taking supplements, but they (and everyone else) are always encouraged to eat vitamin rich food."

BBC News: The truth about vitamins: '"For most people there's absolutely no benefit in taking high dose vitamin supplements," said Catherine Collins, chief dietician at London's St George Hospital.

"At best they are a waste of money and at worst they could seriously affect your health."'

New York Times: Taking Too Much Vitamin C Can Be Dangerous, Study Finds: '''There should be caution about taking too much vitamin C,'' Dr. Lunec said. ''The normal healthy individual would not need to take supplements of vitamin C.'''

---

RECOMMENDATIONS:

In order for the advocates of Sodium Ascorbate to push their agenda beyond using demonstrations that deceive their audience, I recommend conducting a scientific study in a controlled environment and publishing the results in various prestigious and respected scientific publications to validate their claims (claims that's only topped by Quiapo's snake oil). Note that publishing scientific studies and medical journals will be subjected to the required peer-review, intense scrutiny and systematic review. It's in the proper scientific forum where you'll find victory (or defeat) in this debate, not by leaving comments on this post (at times illogical and nasty) that has become some sort of a religious debate one based on faith and anecdotal evidence and not on solid, scientific evidence.

For now, take the word of recognized experts and authority on this matter: Acid/Alkaline Diet is a quackery; megadoses of Vitamin C to cure/prevent illnesses as claimed by advocates doesn't have solid scientific and medical basis and is just a waste of money. Scientists are still debating on this one so better stick to the approved safe level.

Please top wasting my time and your own time to comment on this post. I no longer read them and just ignore them whether for or against. I will only change my stance on this matter IF I find the government authorities and experts I quoted above changed theirs...listen to one of your advocates who left a comment that my mind's already closed, well, not totally since I'm just following the advice of experts on Vitamin C RDA/DRI, the same commenter who falsely believe dragonflies are ephemeral creatures.

Tuesday, November 25, 2008

GoDaddy Domain Hijacking Using Gmail Security Flaw

An exploit was recently posted where miscreants can hijack domains hosted by GoDaddy using a flaw of Google's Gmail filters.
For the xploit to work the miscreant must know the email address of the domain owners registered with GoDaddy to receive Support emails, a bit of social engineering to trick your target to visit a website with malicious code to get the session authorization key.

Difficulty of Exploiting:
Medium to Hard, too complex for script kiddies,

Defenses:
1. Force Gmail to use SSL (https) to avoid snooping on your emails. Google's default setting is https for authentication and unsecure email after.
2. Avoid visiting untrusted websites.
3. Use a Firefox plugin called NoScript (like I do) so as not to allow scripts executing XSS code for hackers to steal your Google account ID and session ID.

2010 Automated Elections Security: DRE or OMR

We've all been awed anew with the speed of counting votes during the last US presidential elections where my candidate won. One and a half years from now, the Philippines will again hold new national elections in May 2010 to elect a new president (that is if assholes in Congress take it away from us through charter change to serve their own interests).

During the ARMM elections last August, there were two technologies pilot tested: optical mark recognition (OMR) and direct-recording electronic machine (DRE). DRE is more expensive for it uses touch screen machines that allows voters to key in their votes directly while OMR uses scanners that read ballots filled out by voters and transfers the data through a network.

How to choose among the technologies? It should not be on cost and a logistics alone but focus also on security. How secure is the system? Is it "immune" from hacking and cheating? Due diligence of the people behind the company/suppliers, source code audits, proper procedures, and so many things.

The hardest part here is do you trust the COMELEC? But at least traditional politicians with PhD in electoral fraud will be relegated to newbies once this system is in place. But be on guard always as some can be so smart they'll get a masters degree in no time :(

Friday, November 21, 2008

Gagambino Writers Need Lessons on Biology

Here's my usual Kapuso rant on the latest superhero series of GMA 7: Gagambino

I've always maintained that television, including teleseryes ought to write the truth and educate people even if it's just entertainment. I always see plots and twists on legal matters that's so twisted from reality that I partly blame writers and directors for the ignorance of their viewers who think teleserye plots and twists happen in real life.

The latest of these is not legal stuff but merely on biology, they keep on calling the four bida of the series as insects: a bee, praying mantis, scorpion and the spider.

Well...spiders and scorpions are not insects, they're arachnids! they have four pair pairs of legs compared to insects with three...

Now I see small children thinking spiders are insects and so thus they're parents. Thanks to Gagambino! :(

Saturday, November 15, 2008

Slowdown, Recession, Depression and St. John's Wort

Recent news about the Philippine economy to experience recession next year but the government quickly announced a slowdown, not a recession next year.

Slowdown is defined as a smaller growth rate of GDP (gross domestic product) while recession is already there when GDP shrinks for two consecutive quarters.

to further add to the definition, here's how to define recession and depression, according to a friend of mine: "Recession is when your wife loses here job; depression is when you lose your job."

'Til then I don't know if St. Johns Wort can cure your depression, much more the economic depression.

Cheep up, people! a little sense of humor to lighten up these gloomy days.

NBC Heroes Season 3 Trailer or RPN9 Crime/Suspense Channel

I just can't get enough of Heroes! It makes me think, unlike the usual teleseryes on Philippine TV with their recycled stories and much too predictable twists made for stupid audience (or also stupid writers and directors)

Am longing for Heroes Season 3 on Philippine free tv that'll end the mystery of Nathan Petrelli's assassination.

While watching tv channel-surfing, I chanced upon a teaser on Crime/Suspense channel/RPN 9 with Heroes.

I know Season 3 is alreay airing in the U but i don't want spoilers, just teasers on which I saw this online to watch for now.



I just wish I can watch Heroes online freeor just make do with getting home at 9pm again every Monday to watch in on free tv.
Will watch out for it on Monday, November 17, 2008.

Sunday, November 09, 2008

Free Load from Globe AutoLoad Max

It's weird but I'm not complaining...I have a prepaid SIM card that came from an iPhone 3G from Globe that I only loaded P100 when I was in Ormoc last month.

As I was about to give it away since I got a new postpaid line, I checked the load balance and found out I still have P477.00 load and 60 free text messages.
As the SIM card is new, I sent some load credits via Globe's Share a Load to my father in Paete, Laguna and also to my sister for I don't know what to do with the extra load after talking to them for about 30 minutes.

Yesterday, I again received a text message from Globe Autoload Max that I got P200 woth of load with no information where it came from. Normal load transfer give the mobile phone number of the retailer SIM or that of the number tho used a Share-a-Load facility. It's looks like a system generated message from Globe.

Did I just got lucky? At least I shared my gift with those around me. I expect more loads to come my way unless Globe discovers a "system error" on their part.

perhaps it's an early gift from Globe "kasi tight kami."

Saturday, November 08, 2008

Bayani Fernando: Celebrity Duets Grand Champion

Got the chance to tune in to GMA7's Celebrity Duets a few hours ago that I found out was the grand finale where the grand champion was picked

I only got the part where Celebrity Duets hosts Regine Velasquez and Ogie Alcasid were about to announce the winner and as I expected, it was Bayani Fernando or BF, won besting Joey Marquez and JC Buendia.

Wonder why BF won? Just my guess. He's a politician, used to elections. Joey Marquez also was a politician but he lost.

Don't take me too seriously though :P

Wednesday, November 05, 2008

How to Export/Backup Blog to Hard Disk in Blogger in Draft

For quite some time now, I'm outsourcing making backups of my blog to Blogger since the feature is not available for Classic Blogger, it's only for New Blgger (previously called Bl0gger Beta).

When I explored again Blogger in Draft, I found a simple way to backup my Classic Blogger-based blog by these simple steps:

Login to Blogger in Draft: http:draft.blogger.com
Click Basic tab
Click Export Blog
Click Export Blog button
Select the place to for Blogger to store your blog in XML format

Just in case you need to revert to your old blog, you can restore it using your backup by just using the Import Blog link instead of the Export Blog feature.

Barack Obama: The First Black American President?

As of posting time, John McCain conceded defeat and congratulated his rival, Barack Obama, as the 44th president of the United States of America.

I see Obama's election as a breath of fresh air. I hope to see positive developments in world politics as well as the end of American occupation of Iraq and Afganistan.

I also want a policy shift in the US as well as better treatment of other races in the giant multi-racial country not only African-Americans and Latinos but also Asians like Filipinos.

Regarding the question Who's the first black president of the USA? It's not Barack Obama, but it's Morgan Freeman. He's been US president for so many terms already.

:P

Tuesday, November 04, 2008

Blogger Comment Form Embedded Below Post Error

My blogs acting weird lately for I noticed I haven't been getting comments here and in my main blog. When I tried to reply to the comments, the drop down menu of the user name on the comment form does not work

It's not isolated to Firefox for it's the same using Internet Explorer. What I did was to temporarily revert to the pop up window when users like to post a comment.

I'm using classic blogger and maybe that's where the problem is, I don't know if it's the same for New Blogger.

Will have to check again and revert to the old comment form when the problem's solved by Google or I find the cause and solution.

---
How to embed comment form below post?

login to Draft Blogger at http://draft.blogger.com
Click Settings Tab
Select Comments
on the Comment Placement Form, check the Embedded Below Post
Click Save Settings.

Saturday, November 01, 2008

Wrong TIN Inquiry from BIR

What would you do if you discovered one day that you're paying your taxes and yet the TIN (tax identification number) you're using is incorrect? Past income tax forms 1902, 1905 and 2316 were already lost.

A friend of mine found this out the hard way. His company has been remitting income tax returns for years and when he got married, he needed to update his TIN from single to married in order to avail of the increase in personal exemptions and thus lower taxes. Problem is that the online TIN inquiry of the Bureau of Internal Revenue (BIR) is not working and calling individual BIR offices, called RDO, is a pain in the ass when most government employees are a pain in the ass to talk to when it comes to inquiries from "lowly" citizens of the Philippines that they're supposed to serve.

It's a good thing that an officemate of mine had a good day and called one of the four RDOs in Makati by giving the invalid TIN and the full name of my officemate and chanced upon a rare good mood of the BIR employee. It's great the RDO she called up was the one where my officemate registered more than ten years ago...

Case solved!

to BIR: why on earth can't you detect income tax returns with invalid TIN? SSS can detect remitances with SSS number and name mismatch. No wonder you can't run after tax cheats. Your former commissioner also had that stupid and backward policy of shifting back BIR corporate payments from online to over the counter, undoing the hard work of Parayno. Think twice!

Thursday, October 23, 2008

Gene Loves Jezebel Live In Manila Concert Tickets?

Come and get, come and get it, come and get it...

I remember in the late 80s, my kuya bought two tickets of Gene Loves Jezebel concert in Manila. Sdaly, the concert didn't push through for some reason and the tickets were never refunded for we had no time to to do so. We used to have tapes of their albums including Twenty Killer Hurts.

It's just lately that a friend of mine emailed me an invite and sample concert poster to the Gene Loves Jezebel concert next month that got me excited.

Details below:

Club 80s Flashback Tour
A Concert Dance Party

featuring songs: Desire (Come and Get It), Heartache, Jealous, Twenty Killer Hurts, Kiss of Life, Suspicion, Motion of Love, Upstairs, Gorgeous,



Gene Loves Jezebel has already toured Mexico, Brazil, Peru, France, Canada, and the UK and now coming to the Philippines particularly Clark, Pasig City and Makati with the concert venues and schedules below:

Hotel Sotsenberg, Clark Freeport Zone, Pampanga
November 14, 2008 (Friday) @ 9 PM

Alchemy, Silver City Mall, Pasig
November 15, 2008 (Saturday) @ 9 PM
(this is near Metrowalk and Tiendesitas)


Hard Rock Café, Makati (Glorietta, Ayala Center)
Date: November 17 (Monday) @ 9PM

Where to buy Tickets?

call Ticketnet at 911.555. Ticket prices don't come cheap at P1,500.00 at free seating.
Pass...

Wednesday, October 15, 2008

Pay SSS Contributions Online for OFWs, Self-employed, Voluntary et al

Ever wanted to remit your monthly SSS contributions without going to an SSS branch or bank nearest you? You can now do this online via BancNet, if you happen to have an account with the following banks:

Allied Bank, Asie United Bank (AUB), Chinabank, Chinatrust, Citibank, Citystate Savings Bank, Eastwestbank, ExportBank, Metrobank, Postal Bank, PSBank, RCBC, RCBC Savings Bank, Security Bank, Standard Chartered, Sterling Bank of Asia

To pay your monthly SSS Remittance, just follow these steps:

1. Open your browser and go to Bancnet Online Website
2. Select your bank (a new window will pop up)
3. Click I Agree (If you've already read the terms and conditions)
4. Click Payment on the left navigation pane
5. On the Biller/Institution dropdown menu, select your category from the list:

SSS Farmers and Fishermen
SSS Contribution - OFW
SSS Contribution - Self-Employed
SSS Contribution - Voluntary
SSS Non-Working Spouse

6. Enter your SSS Number (follow this format: SSS Number + month and year of payment period e.g. XXXXXXXXXXmmyyyy), ATM Card Number and Amount to be paid on their respective fields, select your Account type (Savings or Checking Account)

7. Key in your ATM Pin (or mPIN, depending on your bank) using the onscreen keypad (note the use of scrambled numbers there)

8. Hit the Submit button.

9. You may print or capture a screenshot of the resulting transaction receipt for record-keeping and reference.

Note:

this is a free transaction. Not all banks have online banking facility simply because they need an eBanking license from the BSP. No transaction fees required, no hassles, waiting time and long queues at the bank. :P

Tuesday, October 14, 2008

How to Identify Made In China Products from the Barcode

There's an email circulating in the Internet on how to identify products made in China using information "hidden" in the barcode. The email claims all barcodes with the first three digits 690, 691, and 692 are all made in China.

Is the email a hoax? No
Is is true? Partly, yes!

According to GS1, the authority behind the "UPC" stands for Universal Product Code, the barcodes only indicate the country who issued the code and NOT THE ORIGIN OF THE PRODUCT.

Second, Made in China Products use barcodes with the first three digits of 690 to 695.

the authoritative list can be found here

a made in Taiwan code (picture source: unknown)

Other barcodes can be identified e.g.

000-019, 030-039, 060-069 Made in USA
300 - 379 Made in France
480 Made in Philippines
690 - 695 Made in China
471 Made in Taiwan
450 - 459 & 490 - 499 Made in Japan
880 Made in South Korea
884 Made in Cambodia
885 Made in Thailand
888 Made in Singapore
890 Made in India
893 Made in Vietnam
899 Made in Indonesia
955 Made in Malaysia
958 Made in Macau


I would like to reiterate that the barcodes indicate the issuer of the code to the product but not the actual origin. A certain product can have A "Made in the Philippines" barcode and label but some parts, or all of it, were made in China.

Another problem, similar to the current melamine scare in milk products, is the use of raw materials, that came from China or elsewhere. For example, a certain chocolate drink may use dairy products imported from China but the information is not mentioned in the product information.

Lastly, there are also unscrupulous persons who import banned items from China at a low price, repacks it and issues a barcode issued in the Philippines. Dangerous indeed!

I expect this page to be filtered by Big Brother China one of these days!


Thursday, October 09, 2008

Starbucks: Coffee Shop Risks and Information Security

Do you have an idea where potential information disclosure is possible? It's not hacking through servers of installing bugging devices in offices or meeting places. It's actually a place popping out of almost every street and buildings in Makati, Ortigas, Fort Bonifacio Global City and other places where yuppies and oldies are present: Starbuck!

Ever notice people dressed in office attire, with laptops and other mobile devices, conducting meetings in Starbucks? The meet up up with officemates and clients and presentations and product pitches. Some of them even discuss confidential items in a public place endangering trade secrets, marketing plans and other information that should only be divulged in the hallowed and secure halls of meeting rooms in their own offices.

Some establishments offering free wifi Internet is also inviting for hackers and eavesdroppers looking for vulnerable and unsuspecting coffee drinkers with laptops unaware of the danger lurking. Bluetooth devices left open is another. There are also risks of connecting to rogue wifi hotspots set up by miscreants to lure people to connect to them and eavesdrop on the connection. Dangerous indeed!

There is also the risk of some outlets to robbery/holdups where robbers target moneyed patrons with laptops and cellphones. This is particularly risky for those on street frontage where the robbers can come and get away on motorcycles for easy escape.

This is not limited to Starbucks, btw, there's also UCC, Coffee Bean and Tea Leaf, Mocha Blends, Figaro and other coffee shops.

I only see coffee in those places as overhyped and overpriced coffee that became some sort of status symbols to some pretentious souls out there :(

Sunday, October 05, 2008

How to Sell Your Blog: Price, Copyright and Sentimental Value

I have a dilemma not so tyrpical of bloggers: I received an unsolicited offer from a Singapore-based travel agency to buy my main blog Backpacking Philippines

The company recruited me to their affiliate program but now offered to buy the whole site, domain name and content then intend to hire me as the content writer to continue blogging. that in turn will turn me into a problogger, blogging for money

I'm not a problogger. I consider myself a "fun blogger." I earn quite an amount but still too low to be considered a pro.

I still don't know how to put a price tag to my blog. I asked people and friends to assess its value. It has about 320 posts in 2.5 years yet traffic has been hitting 800 unique visitors and 1500 pageloads lately and rising. There are also about 50 draft posts waiting to be posted at the right time, to coincide with the date of a historical event.

Tell me, if you were in my place what will you do?

What are the considerations on assessment of how much a blog is worth?
Google Pagerank? Site Statistics? Technorati and Alexa rankings?

How about copyright? To whom do the copyright of all pictures and write-ups belong?
AFAIK, copyright of photos belong to the photographer unless relinquished under a special agreement.

My domain is a premium one, something I didn't expect to be still available last january when I looked for one. Bought it for $10 but I know in the future, offers for it will come at a higher price.

How about the arrangements for me as content writer? It's not easy to maintain a travel blog, unlike others. I need to travel in order to post an entry. Can I haggle for freebies, flights and accommodations in order to write something about a place? That will counter my initial aim of unbiased reviews though. The compensation should exceed my current adsense and earnings from other ads as well as allow me to upgrade my camera and other equipment.

I'm a sentimental person. I started my blog as a repository of all my personal travels. I intend to pass on to my future children, and grandchildren...it's some sort of an online heirloom in the future.

Oh well...it's a problem some people would want to be in but not me.

How much is your blog worth?

Manila Police District's Automatic License Plate Recognition System (ALPRS)

Steps in the right direction, that's how I call the recent acquisition by the Manila Police District of the so-called Automatic License Plate Recognition System (ALPRS)

After installing security cameras at various locations in the city and equiping mobile patrol cars with GPS (global positioning system) to track their locations, the patrol cars will also be installed with closed-circuit television (CCTV) cameras to capture license plate numbers and using a technology similar to optical character recognition (OCR), compare these with a database of “hot cars” maintained by the National Bureau of Investigation (NBI), Land Transportation Office (LTO) and Highway Patrol Group. A tagged license plate is alerted to all mobile patrol units to arrest the driver and seize the "hot vehicle," either carnapped or used in a criminal activity. A blackberry device is used to do this.

With these developments, the Manila Police District, also called Manila's Finest, is the best-equipped police unit in the country, world-class that is-- if only they can rid their ranks of pulis patola, kotong cops and goons in uniform!

Note: this system is a good subject for movies. I wonder how the MPD secures their system. The database is a good target practice for hacking by miscreants; but beware of the consequences. I don't want to see the system used in fighting evil hacked.

Saturday, October 04, 2008

BAIPhil Seminar: Information Security Beyond the Basics

For those interested on the latest updates in information security, particularly those in the banking industry, do check this upcoming seminar by the Bankers Institute of the Philippines (BAIPhil) on October 24, 2008 at Best Western Astor on Makati Avenue, Makati City, Philippines.

Seminar programme includes talks about Mobile Banking by Roger Delgado of D3 Systems, Jr., Application Security by Philip Casanova of Chinabank and Computer Forensics by Drexx Laggui of Laggui and Associates.

Seminar fee of P900 for BAIPhil members and P1100 for non members include buffet lunch, snacks and seminar materials and certificate.

Note: I co-organized this seminar and principally prepared the program as well as solicited speakers and sponsors. Expect me to be there.

Manny Pacquiao vs Oscar dela Hoya Live Video Streaming

I know many people will be searching for ways to be able to watch the megabuck fight between Manny Pacquiao and Oscar dela Hoya for free, or with a minimal fee. Several websites you can find on the Internet offering free streaming videos of boxing fights.

Some do it with using a pay-per-view connection coupled to a home computer connected to the Internet.

Since GMA will be broadcasting the boxing fight in the Philippines on December 6, you can watch the fight online or on the road by logging on to the recently-launched portal myGMA.

For those subscribers of Skycable, you may try to look for the scrambled, black and white "leaked" channel of pay-per-view then use fine tuning to be able to watch the boxing fight for free on cable tv or via online video streaming.

Monday, September 29, 2008

Blade Asia Trinoma Fiasco: Reversed Polarity Car Battery Installation

It was a day I never knew would happen to me. Just got back from Cainta at Town and Country Homes from a birthday party when me and friends
decided to chat over coffee at Starbucks Trinoma, something I won't normally do since I find the coffee too pricey. It was a Saturday so parking at Trinoma
at the mall is hard due to the number of people going there on a weekend. The North parking, my preferred one was full and had no choice but to park at Mindanao parking, with it's narrow lanes and dark place, it's not recommended for newbie drivers due to the possibility of your car to be sideswiped or scraped by the walls and columns.

After the chit-chat, me and my friends parted ways and I proceeded to my parking slot on the rooftop of Mindanao parking facing SM City North EDSA but I learned later that my car, a 2006 Toyota Vios's battery died on me. I can't start it. A 1.5 with an automatic transmission, you can't also jump-start it by having it pushed, something you see most of the time.

I immediately requested guards on duty for a series connection (so-called though it's actually a parallel battery connection) if they have spare batteries for dead ones. Trinoma guards were helpful but it took more than 30 minutes for them to come to help and found out they just requested a guy with a car to assist do the "series" connection wusing an improvised cable to connect his car battery to mine.

It didn't work; my car won't start.

After the futile exercise, I was advised to just buy a new battery either from Motolite via delivery or buy it myself at Blade Asia, a car accessories store, in Trinoma.

With the new battery in tow paid by a credit card, the Blade Asia staff followed us to the our parking slot and installed it without much hesitation. When he asked me to start my car, the dahsboard won't even light up. That's when I knew that the battery has been connected in reversed! He tried to reverse the battery again to the correct polarity but again, no lights, car won't start and only a single indicator light went on pointing to something: please have your car serviced!

at this juncture, the Blade Asia Staff went on panic mode and called his companion who checked the fuses for any blown ones. He found some and replaced them with ones on stock. Car can now start but the on-board computer is dead, dashboard lights still off.

It's already 10pm, two hours elapsed already and I'm hungry, no free dinner from Blade Asia for their inconvenienced customer and Trinoma's restaurants were already closing.

It's during this time that they called another higher-up, someone they said is an expert on car electrical system. It's here that i learned that there's a main fuse at the positive electrode of the battery, a fuse quite new that it's not available at their stores but had to order from Toyota Casa. They made a temporary fuse by using copper wire, actually a direct connection.

This time, my car started; heaved a sigh of relief, particularly for the staff who installed the battery for I know any expense will be shouldered by him. Blade Asia promised me to replace the fuse after three days when Toyota delivered them.

I got home at 1am in the morning.

The next morning, I informed my officemates of what happened and requested (I don't own the car yet, it'll be mine after 5 years) for a demand letter to be issued to Blade Asia to immediately fix my car.

I drove my car to the office for three days always thinking that the polarity reversal might have created latent problems that will only show up over time. It was already Wednesday when Blade Asia got the replacement fuse and demanded them to come to my office in Makati to install it.

With the fuse installed, my car's already normal, even up to now, about two months from the day I will always remember.

Lessons learned:

Have Motolite Battery Delivery always on hand, the only car battery delivery in the country at the moment. I hesitated to call them thinking it's faster if I just buy the battery myself.

Know where the fuses are in your car, learn a little DIY car electrical repairs. This incident made me study my car's electricals. I can now repair it myself in case of
busted fuses et al.

If you also have an automatic transmission vehicle, better if you have a series cable in case your battery dies on you. It's about P200 only at auto shops. Cheaper if you can build it yourself, DIY style using a large AWG cable and dinosaur clips.

Expect this thing to happen if your car's more than two years old. Imagine what you'd do if it happens in the dead of the night at a place where there are no cellphone signals-- scary!

Hippo Roller: An Ingenious and Efficient Way of Water Transport

I came across a Google-sponsored contest where bright ideas that can change the world or at least help improve the lives of others will be given funding by the search engine and advertising giant.

One of the great, actually awesome, idea, however simple, that I saw is the Hippo Roller used in Africa. It's an efficient way to fetch water for people living in the deserts of Africa. It's very different from the age-old way to fetch water by carrying water on one's shoulders.

The Hippo Roller allows one to push a water container on the ground for it to roll, thus requiring less effort and energy, and less risk of an injury for carrying heavy load. This is when laying our pipes and aqueduct is so expensive and not viable in such environments.

We need more great ideas for the lives of other people to improve.

More information about the Hippo Roller, including pictures and information on how to give donations from kind-hearted souls, is available here.

Friday, September 19, 2008

Google Phone Runs on Android Mobile OS

The Big G is at it again.

From the recent launch of Google Chrome to compete directly with Microsoft's Internet Explorer and Mozilla Firefox, now comes the so called Google Phone running on Android.

Android Mobile OS is also set to compete with Symbian and Microsoft Windows Mobile for cellphones, mobile devices and PDAs.

US telecom carrier T-Mobile will on September 23 a "Google phone" by Taiwanese firm HTC to hit stores in October.

Google hopes to make Android, an open source software, the dominant operating system for mobile phones and said to be designed with improved speed and quality of Internet experience on handsets.

Google also announced the "Open Handset Alliance" last year to develop Android, a team that includes China Mobile, HTC, Intel, Motorola, Qualcomm, T-Mobile, Telefonica, LG and eBay.

Android phone prototypes were demonstrated by ARM, Marvell, Texas Instruments, Qualcomm, NEC, ST Microelectronics recetnly at the Mobile World Congress.

Note: I would love to get hold of the Google Android phone in Philippines should I get the chance. Pictures and review to follow.

Tuesday, September 16, 2008

CEH Certified Ethical Hacker: Training Without Ethics?

I just received "great news" from an attendee of a local training of CEH or Certified Ethical Hacker held somewhere in Metro Manila. The attendee came from a local bank and came right to us that he tried to crack our website's security

It came to a surprise to me that their instructor in the "certification" training made them nominate a website for them to hack and test their newly-acquired skills. The attendee gladly told us he wasn't able to penetrate our website and so congratulated us, including me being the information security officer, for such a job well done.

I'm not going to discuss it fully and didn't rebut the attendee but there really is something wrong here.

What the certified ethical hacker instructor did was actually ethical. He ordered his students to attempt to hack websites without the website owners' written approval. Something penetration testing professionals and vulnerability assessment consultants have prior to the engagement.

CEH-EC should check him out. Gaining the basic skills to conduct security assessments is very easy even by just browsing the Internet, but who will certify hackers as ethical when the instructor himself is urging his students to let loose their new-found skills?

There is only thing that separates white hat hackers from black hats from one another despite having the same set of skills: Permission!

Poking around systems without permission is unethical and downright illegal!

Thursday, September 11, 2008

GMA Codename Asero and Information Security

I happen to always catch the showing of GMA Kapuso's Codename Asero by the time I get home at around dinner time. Not that I follow the show but since people at home are Kapuso fanantics

I was able to catch the initial showing of the science fiction series on tv, some sort of Alias meets Universal Soldier, but noticed too many glaring shortcomings typical of Filipino writers just to get a storyline going.

There is a scene there that the two protagonist agencies, Advocate and Empire, doesn't practice the age-old principle of "Know Thy Enemy and know thyself" by not actually having a dossier on their employees. Stupid leaders of the agencies don't know the parents of Asero while Empire guys have a stupid policy of not knowing anything about their employees' family.

Spare me the crap. No top secret company can operate under wraps for so long without the principle of "know thy employees."

All over the place, you get things and bags and stuff marked with Empire and Advocate, a practice not done by real top secret companies, not even the agencies of the hit TV series Alias.

There's also a stupid way to check if Agent Asero is really a cyborg when they let him get near an octopus-like gizmo to detect is he's really a cyborg. Good thing Empire guys encrypted the signal.

C'mon, a simple metal detector or x-ray machine can do the trick.

One more thing, the Empire knows where the Advocate holds office and yet they don't know the employees and stuff.

Stop pulling my leg with such glaring boob tube booboos.

Filipino writers and directors should break away from stupid plots in order to be really world-class, less of the melodrama, and more attune to reality, something like the producers of sci-fi series and films like Alias, who seem to be in touch with the real world. Foreign sci-fi series don't resort to cheap gimmicks and perhaps employ consultants on technical stuff to be at least acceptable.

Or does it really mean that Filipino audiences are too...never mind the word!

Saturday, September 06, 2008

iPhone 3G Impressions and Camera Sample Pictures

I now have a fresh out of the box iPhone 3G from Apple, the envy of my officemates due to the slick new interface but i noticed immediately several negatives on the iconic mobile device.

1. you can't foward text messages/SMS to others...quite a standard with other phones. will have to check for workarounds.
2. GPS functionality doesn't work as advertised. I will have to buy a separate GPS device, probably Garmin, for this to be installed on my car's dashboard.
3. Camera, as I expected, performs below my expectations. I'm partial to the image quality of Sony-Ericsson phones. See sample pictures taken at Tiendesitas in Pasig.

Will update this post for more observations and the dark side of the iPhone 3G.

Tuesday, September 02, 2008

Poisoned DNS Servers Redirecting My Website to AsianMultiAdvertising.Com

For the last two days, I experienced about a 30% drop in taffic to my main blog, Backpacking Philippines,. I thought it was normal until I received an email from PBS yahoogroup (one of whom seems to be working at Dell Computers traced from the IP address) asking me to check my blog since it's redirecting somewhere else.

I checked first my own blog and concluded there's nothing wrong with my blog and probably the DNS servers used by the people complaining is that the DNS server they're using are poisoned, with the recently made public critical DNS flaw still unpatched by lazy and/or clueless systems administrators.

I suspected this to be the problem also with the recent problem of SmartBro.

To check if your DNS is the culprit, change the settings of your DNS to point to OpenDNS then re-visit my blog. If it correct the problem, contact your ISP or network administrator to immediately update the DNS software their using.

Saturday, August 30, 2008

Guns N' Roses Chinese Democracy Album Released?

I used to be a huge Guns N' Roses fan beginning with their fisrst album, not just hooked on the "national anthemish" Sweet Child of Mine.

With the recent news about the drug-related problems of their former drummer Steve Adler, there's news about the illegal online streaming of their new album titled Chinese Democracy.

It's been more than 10 years since this album needs to bew released. I wonder how the band will sound like. Would it be like "Appetite for Destruction" or like their last album sounding more like pop rubbish?

One of the songs in the album is already publicly available. I suspect an enterprising guy, similar to the blogger Kevin Cogill who was recently arrested for illegal streaming of the songs on his website, will quickly rip the album songs to free mp3.

MS Outlook Attachment Received as Winmail.Dat by Thunderbird

For months, Ive been receiving attachments encoded with TNEF from friends using Microsoft Outlook received by my Thunderbird email client as Winmail.Dat attachments.

I simply ignored the emails until the other day when another peer complained to me about the problem, this time, I have to look for ways to decode the attachment for it's an urgent request.

Further research and trials got to four different solutions:

1. Configure MS Outlook to send emails either as HTML or plain text. The latter is recommended for security.

2. Use the freeware Winmail.dat reader from www.kopf.com.br/winmail/

3. In Thunderbird, use the add-on LookOut to automatically decipher TNEF-encoded attachments. Don't know of any solution if you're using Lotus Notes except # 2.

4. Screw MS Outlook completely. MS Outlook and Internet Explorer are two of the worst security nightmares on the Windows platform.

The fourth one is highly recommended. You hit two birds with one stone :P

Thursday, August 28, 2008

ATM Cards as Loan Collateral at Pawnshops

There's a prevailing practice these days at pawnshops and even loansharks where they accept ATM cards, debit cards that is, as collateral for loans they offer to people, mostly pensioners and low income group mostly tagged by credit card companies as high risk.

Most clients have no credit cards, those receiving monthly pensions, or simply low-salaried employees who want to avail of the credit facilities.

The scheme is just the lender will get the borrower's ATM card and PIN, yes the PIN, so that he can withdraw the funds from the ATM to amortize the loan.

What are the implications of this practice? Is it illegal?

First, the ATM card, technically, is the property of the issuing bank; you can't pawn something that's not yours.

Second, it's a violation of the cardholder's agreement with the issuing bank to not disclose the PIN to anyone under any circumstances.

Third, any fraud claims by the cardholder will be dismissed due to negligence since there also is a clause in the ATM card application form of the bank stating that the cardholder "shall in all circumstances assume full responsibility for all transactions processed by the use of the Card whether or not processed by the use of the Card whether or not processed with the Depositor's knowledge or by his authority." (Source: Metrobank ET atm card application form).

The risks involved needs to be viewed from the borrower(cardholder) and the lender (pawnshop or loanshark/5-6 scheme)

Disclosure of the PIN to others opens his account to fraud from insiders of the lenders, who can withdraw funds unknown to the lender.

Possession of the ATM card and PIN is a potential magnet for ATM card cloning, prevalent in Europe with credit card cloning syndicates, but use the cards to withdraw funds in Eastern Europe and Asia where the AMV Standard (chip cards) is not yet implemented and still use magnetic stripe with the transaction routed via VISA or Mastercard cash advances or Plus, Cirrus, Maestro networks.

Some online banking facility allow just the knowledge of card number and PIN to make transactions. Very dangerous to those "trusted" people of the lenders.

A borrower, after getting his loan, can go to the bank to report a lost card or request a PIN change, thereby leaving the lender with a non-working ATM card, now tagged as a hot card by the issuing bank.

Lazy cardholders don't change their PIN at all, despite all the efforts of bank advising the practice. What happens after the card is with them already after full payment of the loan?

With the use of Internet Banking, mobile banking (via cellphones), cardholders can access their accounts without their ATM cards, thereby defrauding the lender.

Disclosing the PIN to lenders is the most convenient for both borrower and lender, but also the most insecure. (Security is inversely proportional to convenience, remember?) Proponents of the scheme blame credit card companies and not themselves for not practicing money smarts; IMHO, they should regularly read Ms. Salve Duplito's for practical tips on this.

I've yet to encounter horror stories of the scenarios I described above but I know, in due time, I will. And you have to put all the blame on the cardholder.

Calling BSP, who regulates the pawnshop industry, please do something about it!

Related Posts:
ATM Transaction Fees in the Philippines
Maximum ATM Cash Withdrawal Amount Limits

Tuesday, August 26, 2008

Windows Live OneCare JS/Obfuscator.C Warning

I got a complaint from a colleague of mine regarding while browsing a certain website where Windows Live OneCare pops up a warning of a certain dangerous tool JS/Obfuscator.C

I checked out the website and just concluded that the alarm is a false positive. Windows Live OneCare warned about the Obfuscator when the tool's really used to obfuscate the URL of the page to an unintelligible form, quite effective for low-life script kiddies but not for the true h4ck3rs.

My tip: screw Windows One LiveCare! Microsoft should focus more on improving security of their products before making and selling products to improve the inherent insecurity of their own product. Such a silly situation indeed.

Manny Pacquiao vs Oscar dela Hoya?

C'mon, a megabuck fight between Olympic old medalist Oscar dela Hoya, best pound-for-pound boxer ten years ago to the current best pound-for-pound toast of the boxing world is an exciting match should it really push through.

It will also be a very dangerous fight for Manny Pacquio, 4 inches smaller and with significant height and reach disadvantage, according to the tale of the tape.

Details as mush as i can gather
Date: Dec 6, 2008
Venue: MGM Grand
Weight: 147 pounds (Welterweight)
Gloves: 8 pounds
Money involved: about $100,000,000.00 (lots of zeroes, eh?)

Oscar dela Hoya is an aging fighter about to retire, said to be slow these days, but his jab and right cross is very dangerous should they hit the mark.

I'll be looking for ways to watch the online streaming video of this blockbuster come fight night!

Related posts:
Manny Pacquiao to Retire?

Friday, August 22, 2008

How to Scan for Yahoo Messenger

Part of my regular job is to scan the internal network for rogue software installations and unauthorized software. I fiddled again with Nmap to scan for Yahoo Messenger in my home network and this is a snapshot of my findings:

snapshot of nmap to scan for TCP 5101:


Interesting ports on 10.252.236.117:
PORT STATE SERVICE
5101/tcp filtered admdog
MAC Address: 00:0B:CD:A2:10:24 (Compaq (HP))

Interesting ports on 10.252.236.122:
PORT STATE SERVICE
5101/tcp open admdog
MAC Address: 00:1B:38:9E:D9:3E (Compal Information (kunshan) CO.)

Interesting ports on 10.252.236.126:
PORT STATE SERVICE
5101/tcp filtered admdog
MAC Address: 00:0F:20:24:28:30 (Hewlett Packard)

note that I found one YM install, the one with admdog open on TCP 5101.

Yahoo Messenger is unwelcome in a corporate environment. It's a big security hole, I tell you. Ban it if you will. Installing anything on office PCs need official approval from Information Security and the installation to be performed by IT staff.

Time to draft a letter reprimand to the concerned staff!

Wednesday, August 20, 2008

Nehalem Core i7 Intel Chip Catching Up with AMD Opteron's Speed?

Recently launched at the Intel Developers Forum in San Francisco, Intel announced that Nehalem, now officially called Core i7 chip has both high performance and energy efficiency.

A news report by BBC has the following claims:

"With Nehalem Intel has combined memory and processing functions into a single chip instead of using two. On the most powerful Core i7 processors this will result in as many as eight processing cores co-existing on a single chip.

Intel claims the innovations on the family of products will offer three times the memory bandwidth of the previous generation of chips and twice the performance of 3-D animation."

Seems Intel, the leading chip manufacturer is playing catch up with AMD's Opteron in terms of speed while improving power performance. Their new chip will be powering PCs and servers in years to come and can contain up to eight cores in one chip.

Monday, August 18, 2008

WeRoam SmartBro Problem: Network or DNS?

I'm receiving queries from my friends using SmartBro Wireless Internet as well asSmart WeRoam all pointing to not being able to browse various websites. Since I no longer know anyone working at Smart (except high level ones but in different departments) I can only offer a technical explanation insiders can't or won't disclose

There's a report that using a proxy, instead of direct Internet connection fixes the problem. It means there really is a network problem of Smart, probably routing or DNS.

I suggest using a different DNS for your connections by using OpenDNS, procedure here. If it works, there's a DNS problem and Smart's DNS servers also could have been hacked or poisoned.

This goes on for days/weeks now and the only real solution for you is to shop around for another Internet provider. Service that sucks is not worth your money!

Friday, August 15, 2008

How Location Finder Services Work using Cellphones

Long before Smart announced it's Location Finder service and Globe's myGlobe Tracker, I have been aware of the GSM systems capability to pinpoint the general location of a cellphone number by just knowing its telephone number.

I once had a real need for the "service" one time when, through friends working inside the two telcos, I was able to trace the location of a fraudster hiding somewhere in Legazpi City, Albay in the Bicol region when I got hold of the miscreant's mobile phone number used in his scams. (Using other tools, I was able to actually trace his location, flew to Legazpi City and nailed the bad guy)

Do you know how to trace location? It's actually just querying the GSM system for the current cellsite a certain phone number being traced is connected. It will not give you the exact location, a capability reserved to GPS (global positioning system) particularly the military band with pinpoint accuracy, but the general area (town, barangay, city) and sometimes the building, if a micro-cellsite is inside the building the tracked mobile phone is located.

This is similar to the Internet's use of IP addresses to track a location but the IP address location (technically called IP Geo-location) is publicly available on the Internet particularly the three registries, this time, the location of the cell sites are known by the telco/mobile phone providers.

More on GSM "secrets" next time...

Notes:

The system can't track a cellphone turned off or one that's located in an out of coverage area.

This capability can be abused by insider's with the privilege to query the system for locating any phone number in their own network, but only in their own network only since the systems of Globe, Smart and Sun Cellular are not interconnected for this capability.

To activate the myGlobe tracker service, just text TRACK to 2877 and follow the instructions. For Gizmo subscribers, text GIZMO to 2877 to activate.

Please visit official Globe and Smart websites for charges and fees associated with the service.

Tuesday, August 12, 2008

Cheap MacBook Black in the Philippines?

I'm excited about this since I alreay passed the request for me to replace this aging notebook of mine, a Compaq nx9040, 3.5 years old already with a slight LCD damage to be replaced with an Apple MacBook Black.

It's not yet final but I'm keeping my fingers crossed that my superiors will approve my request for the Apple cool stuff instead of just another Windows laptop. I wrote a formal request with my justifications including being able to use security and auditing tools available only in Mac OS X environment or those that run natively there plus the ability to test web applications if they can run flawlessly under the Mac OS particularly in using Apple's proprietary Safari browser.

I asked around for possible suppliers of cheap MacBooks with upgraded specifications, if there's such a word, and the least expensive quote I got was PhP73k including the Mini-DVI to VGA adapter to enable me to use a multimdedia projector for presentations.

Hope my request get approved soon and a shiny new MacBook delivered to me...otherwise the new laptop would just be another Windoze clone :(

Insolvent G7 Bank of Naga City Closed by BSP

Two weeks ago I received a call from a bank executive inquiring if I was the one who asked her about a certain G7 bank closed by BSP. I replied no and just informed me that I already knew about the closure of the Naga City-based bank by the Bangko Sentral ng Pilipinas.

It's fortunate that the Philippine Daily Inquirer also reported about the closure due to the bank's financial woes that "lacked assets to service liabilities."

Note that all deposits are insured by PDIC up to P250,000.00 so there's nothing to worry about if your deposit falls under the insured amount. Amounts beyond the amount need to wait if you can still claim part of it once assets are disposed of

Monday, August 11, 2008

Internet Banking, IDS/IPS and Application Security

I received highly-reliable reports that two large Philippine banks' online banking system were compromised. A third bank's website got vandalized. I can't divulge the names of the banks but I'm just worried about it. One of them I have a pending application for a card that I'm thinking of just not pushing through with.

one of the banks I know have expensive and sophisticated Intrusion Prevention Systems (IPS) in place since I personally know their Information Security Officer and IS Auditors. But their "pride" took a beating at this latest problem of theirs.

I would like to point out that no amount of obscurity, Firewalls and IPS/IDS can ever compensate for a poorly designed online banking application.

Web application security is still not a hot topic here for a simple SQL injection attack can access confidential information there.

Wednesday, August 06, 2008

Chinabank High Interest Deposit Certificate Offering

Two weeks ago, I received a text message from a Chinabank insider informing me of a special product offering with much higher interest rates than their regular time deposits.

The message said "Good day, chinabank will be launching a new product called the Long-term Negotiable Certificates of Deposit (LTNCD). Minimum amount is P50t. PDIC insured. Term is 5 years. NO withholding tax. Indicative rate projected at 8% to 8.5%..an account opening fee (1 time charge) at P75 per cert will be charged and account maintenance fee of 0.025% per annum based on face value whichever is higher deducted from the gross interest due on the LTNCD on interest dates. Quarterly interest payment...offering period starts on July 28 to August 8, 2008. Please reply ASAP if interested cause it is 1st come 1st served..."

I replied immediately upon receipt of the message to express my intention to invest part of my savings. But as fate would have it, I forgot my passbook the following Monday and decided to bring it the following day. The morrow, I was able to bring my passbook but totally forgot about going to the bank when my friend from Chinabank dropped by the office and asked me if I was able to open an account to which I replied no. She just told me that it's already closed the day before due to the high turnout and already reached P5B.

Oh well, the planned early morning trip to the bank didn't materialize and thus missed an excellent investment opportunity.

Better luck and be ready next time, Paetechie!

Tuesday, August 05, 2008

Executive Privilege, Supreme Court and MILF MOA on Ancestral Domain

Here we go again, after that "error" of the Supreme Court effectively letting Neri walk away with potentially damaging disclosure regarding his conversations with PGMA about the NBN-ZTE scandal, the iron lady again is using the same executive privilege tack, not against the Senate, her traditional enemy, but against the Supreme Court, regarding the constitutionality of the proposed Memorandum of Agreement (MOA) between the Government of the Replublic of the Philippines (GRP) and the Moro Islamic Liberation Front, a Muslim rebel group in Mindanao whose end is independence.

According to news reports, GRP is considering creation of the so called Bangsamoro Juridical Entity (BJE) larger than the present ARMM with the inclusion of villages that also infringes on the ancentral domain of lumads of Mindanao particularly the Subanons of Zamboanga peninsula.

The Philippine daily Inquirer report stated "the government said while negotiations with the MILF did not involve any foreign power, there were military and national concerns raised." and that "the Philippine government and the BJE are to exercise “shared authority and responsibility” over the Bangsamoro homeland."

Let's wait and see how this will transpire. I just wish the justices who voted in favor of executive privilege realize the mistake they made and make corrections as early as possible.

Executive privilege should not be upheld when the interests of the people are at stake. It cannot be invoked just to cover up crimes committed by the president.

I am for peace, for a lasting one, but compromising other things to attain the objectives is not negotiable. The MILF has an ultimate end of secession and eventual independence. Should the MOA be implemented, only time will tell if the fears of many are true.

Saturday, August 02, 2008

How-to: View, Edit EXIF Data EXIF Editor

I've been asked many times how to view EXIF data in Windows XP as well edit the data for no obvious reason except when you're just going to brag if you have the latest camera or possibly to hide camera you're using and delete incriminating details of the date the photo was taken.

How-To view EXIF data, right click a file on Windows Explorer, select Properties on the menu, click the Summary tab, then Advanced to display EXIF data with photographic details.

I use IrfanView with the plugin to view EXIF data.

Editing EXIF data is tricky, it requires third party software like Opanda PowerExif to edit data but it doesn't come free (price: $49.99).

There's also ExifPilot and ExifEditor ExifEditor

For occasional use, the cheap trick is to use a hex editor, many free hex editors available, where you can edit the fields you want before saving to another file (don't overwrite the original file to be sure).

For my demo, i used HexEdit for its simplicity requiring no installation, just a small executable file.

To completely remove EXIF data in a picture, you may use EXIF Stripper (available here to hide settings and save on file storage space though minimal as claimed.

Tip: For anonymous bloggers, I recommend stripping pictures of EXIF data before posting in your blog. You can be traced by the camera model you have and date/time stamp on it if you're living in a small town.

Monday, July 28, 2008

Is There Such a Thing as Cheap Car Insurance?

I just renewed the auto insurance of my Toyota Vios 2006 model at a cost of P16578.99. Note that half of my insurance premium is shouldered by my company which makes it quite affordable. I don't know which is the best motor vehicle insurance but it's convenient to just talk to my office's admin staff who renewed it for me; same staff I speak to if I need to claim accidents or damage to my car.

My car insurance Deductible/Participation fee went P2950.00/incident from last years P3250.00/incident since it's already two years old. Last year's premium was about P19000 so there's a P1,700.00 drop in annual premium and P300 deduction in deductible/participation fee.

Next year, I will really look for another insurance company to get a better and cheaper auto insurance to replace my insurance broker who's really making me broke.

Tuesday, July 22, 2008

Maximum ATM Cash Withdrawal Amount per Day in Philippine ATM/Cash Machine

I usually get queries on why i advocate using your own bank's ATM for cash withdrawals and other transactions to avoid transaction charges. This time, I read about a complaint from a foreigner complaining about the P4k limit on ATM withdrawals. Note that since he's withdrawing from his account held in a foreign bank, he'll incur more charges if he needs more than P4k. I suggest he use BancNet ATMs that allow at least P10k per transaction that costs one third transaction fees (you need to transact three times in ATMs of Megalink and ExpressNet thereby incurring three times more charges.

For local bank accounts, you can withdraw your money from the ATM with the following limits:

Allied Bank 20K
Asia United Bank 100K
Banco de Oro
Banco Filipino 20K or 5x withdrawal
Banco San Juan 20K
Bank of the Philippine Islands (BPI) P20K
Centennial Bank 20K
China Bank 20K (combined w/ POS & IBFT)
Chinatrust Bank 50K
Citibank 150K
Citibank Savings Bank 150K
Citystate Savings Bank 20K
East West Bank 50K (combined w/ IBFT)
Export Bank 40K
Green Bank 20K
Malayan Bank 20K
Metrobank Regular - 30K Special - 50K
NationLink 20K
OMB 20K
PBCom 20K
Philippine National Bank (PNB)
Philtrust Bank 20K
Postal Bank 20K
PSBank Gold - 50K Regular - 30K
QCRB 20K
RCBC 50K (combined w/ IBFT)
RCBC Savings Bank 50K (combined w/ POS & IBFT)
Real Bank 20K
Security Bank Reg. Card - 40K (combined w/ IBFT)
Cashlink - 40K (combined w/ IBFT)
Sterling Bank 40K
Standard Chartered Bank 100K
Tong Yang Bank 50K
Union Bank
World Partners Bank 20K

Notes:

Data on other banks to follow once available

POS = Point-of-Sale

For BPI, you need to withdraw the P20k at the ATM before withdrawing over the counter.

Limits are imposed by the card issuing bank (where the account is)

BancNet currently allows at least P10k per transaction for member banks. Megalink and ExpressNet lowered this to P4k.

Should you need to withdraw more than P4k, transact at your own bank's ATM, BancNet then Megalink/ExpressNet, in that order of preference (particularly for those using VISA and Mastercard cash advances and Plus, Cirrus, Maestro ATM cash withdrawals from US or foreign banks.

Saturday, July 12, 2008

Secret on How to Get a Raise and Promotion

June this year has been good to me. First I got interviewed by Analyn Jusay (AJ) for her column Blog-O-Rama in Manila Bulletin, next is my main blog hit the 100,000 unique visitors,third is that I got new of a hefty raise in my company's annual performance evaluation and lastly is the best of all that effective July 1, 2008, i will be promoted from assistant manager to a full manager with another corresponding salary increase plus increase in my car plan equity and gas allowance from the present 75 liters per month to 100 liters per month, actually more than my needs making the excess liters convertible to cash, that increases every time gas prices go up.

Promotions has been rare for me, in fact, it's only my second time to be promoted. The first one was during my second job. It's because I hopped from one job to the next with a higher level that's why I was able to reach my current rank. I'm presently the youngest member of my company's ManCom (Management Committee).

Regarding the secret on how to get promoted? Nothing really, except for sycophants hanging on to the coat tails of the powers-that-be, the best way actually is pure hard work and continuous self-improvement.

If your boss, don't notice you, there may be other opportunities outside to explore. Lots of job vacancies waiting to be filled up in the Philippines and the world, you just need to equip yourself with the proper skills to fit the job.

Monday, July 07, 2008

Wanted: Chief Information Security Officer

For the nth time this year, a headhunter called me up in the office offerring me jobs referred by my peers. This time, the "headhuntress" was referred by an IS Auditor of large commercial bank looking for a CISO: Chief Information Security Officer.

There are only a few of us Information Security Officers in the Philippines, some of my peers left the country for more lucrative jobs abroad, I'm one of the few who chose to stay put. Some ISOs of banks are also security officers on paper just to comply with BSP (Philippine Central bank) regulations requiring banks to open the information security position. The headhunter was very persuasive, saying I try to explore since the company is one of the largest commercial banks in Makati.

But I was not swayed.

I flatly said no to her offer, which made her curious and said she's actually looking for people happy wit their jobs and not unhappy, worse, disgruntled ones. She asked me why but I can't say a valid reason except I'm happy at where I am presently.

One of the strengths of my company actually is that I'm not that really pressured at work, reason why I can still blog at home. Politics and "airheads" are not present and my officemates are like a family to me.

It's not only salary and compensation at stake here, but a happy working environment. My current pay is much more than I currently need.

Someday maybe...someday...

Tuesday, July 01, 2008

Nikon D700 DSLR 12.1 Megapixel Camera

So, the earlier rumors about the new Nikon D700 is true after the latest news about the new camera from Nikon

I would love to see how the ISO 6400 works and see if noise is really acceptable as claimed.

Nikon D700 Key Features

* 12.1 megapixel full-frame sensor (8.45µm pixel pitch)
* Image Sensor Cleaning (vibration) *
* ISO 200 - 6400 (with boost up to ISO 25600 and down to ISO 100)
* Also supports DX lenses, viewfinder automatically masks (5.1 megapixels with DX lens)
* 14-bit A/D conversion, 12 channel readout
* Same ultra-fast startup and shutter lag as D3
* Nikon EXPEED image processor (Capture NX processing and NR algorithms, lower power)
* New Kevlar / carbon fibre composite shutter with 150,000 exposure durability *
* Multi-CAM3500FX Auto Focus sensor (51-point, 15 cross-type, more vertical coverage)
* Auto-focus tracking by color (using information from 1005-pixel AE sensor)
* 95% coverage, 0.72x magnification viewfinder *
* Auto-focus calibration (fine-tuning), fixed body or up to 20 separate lens settings
* Scene Recognition System (uses AE sensor, AF sensor)
* Picture Control image parameter presets
* 5 frames per second continuous with auto-focus tracking*
* Optional MB-D10 Battery Pack (same as D300), increases burst rate to 8 fps *
* UDMA compatible single CF card slot *
* 3.0" 922,000 pixel LCD monitor
* Live View with either phase detect (mirror up/down) or contrast detect Auto Focus
* Virtual horizon indicates if camera is level (like an aircraft cockpit display)
* HDMI HD video output
* 'Active D-Lighting' (adjusts metering as well as applying D-Lighting curve)
* Detailed 'Control Panel' type display on LCD monitor, changes color in darkness
* Magnesium alloy body with connections and buttons sealed against moisture
* Improved Info display on main screen *

I wonder how Nikon D700 prices locally on Hidalgo against Singapore and Hong Kong so I can make a nice hands-on feel and get sample pictures.


Monday, June 30, 2008

Heavy Traffic on EDSA

This morning I left home shortly after 7 to get headway in driving to makati from Quezon City since it's a Monday and I expect more than the usual traffic during other days...turned out traffic's worst this time.

As as tuned in to DZBB on the AM band, got wind of the accident under the Ayala tunnel where a large truck containing ethanol smashed the center island of the tunnel when the truck (allegedly) avoided sideswiping with a speeding bus. The MMDA closed off the tunnel to traffic due to the dangerous cargo spilled on the road.

I was already nearing GMA Kamuning and I know traffic will really be bad. I didn't even think of finding an alternate route to avoid traffic (possibly to San Juan and Mandaluyong) since I sensed it would be futile since other drivers will also look for one.

I was right! when I got to the office at 10, after almost 3 hours driving, my officemates who tried to avoid EDSA ended up like me.

What happened to the Ayala tunnel? All I know is that it's currently germ-free and disinfected :P

Sunday, June 29, 2008

Pacquiao vs Diaz Result: Pacquiao by Knockout in the 9th Round

It's official, after 9 bloody rounds with Diaz with multiple cuts, Manny Pacquiao is no the new WBC Lightweigh Champion, making him also the first Asian to hold a championship belt in four different divisions.

The Lethal Combination is over...

That does not include Ring Magazine's People Champ bestowed on him.

Godspeed, Manny though be wary of Ricky Hatton for it's another weight division and it won't be easy.

Saturday, June 28, 2008

Air Car: Air-Powered Car from India

There's news of cars running on hydrogen fuel cells and the still present, yet unbelievable, water-powered cars in the news. The latest in today's race for a viable replacement of gas and diesel powered vehicles are cars running on compressed air to push the pistons.

When I was in Mumbai in 2004, while trying to tour the city to see the Gateway of India, UNESCO-listed Elephanta Cave and visit Mahatma Gandhi at Mani Bhavan, I also noticed the ubiquitous Tata cars practically everywhere in India.

Now, recent news are alloverthe place with Tata,India's largest car maker is planning to produce 6000 units of the zero-emissions Air Cars in August of this year.

Initially priced at $12,700, quite cheap and around the price of most cars in the market, the City CAT, the name of one of the initial models, claimed to hit 68 mph and a range of 125 miles. Refueling can be done ina few minutes for the CityCAT at gas stations equipped with custom air compressor units.

Estimated cost of re-fueling is $2 for the car’s carbon-fiber tanks with 340 liters of air at 4350 psi. There also is a built-in compressor to refill the tanks in about 4 hours using conventional electric power.

Most of all, the car is a true zero emissions vehicle friendly to the environment!

Water-Powered Car: Hoax?

There has been fresh reports lately about certain "breakthroughs" of vehicles that run on a highly available fuel: water. Fueled mainly by the skyrocketing prices of crude oil at historic highs, there's also a race in developing alternative fuels to power the future car.

One of the most controversial is the water-powered car where even the Philippines boasts of an alleged invention by a certain Daniel Dingle even demonstrated on TV from years back.

I do not doubt that we can extract energy from water since I'm aware of hydrogen fuel cells and we all know that water is composed of oxygen and hydrogen.

What I doubt is the commercial viability of extracting hydrogen in water since using electrolysis, you need much more energy, to breakup water into hydrogen and oxygen, than the energy you can produce from hydrogen.

The law of thermodynamics just won't allow that to happen...there however is a new development in India with the latest air-powered car unveiled. That's more reason to celebrate since it's real and feasible.

Free Wi-Fi in Bangkok, Thailand

This is great news for Bangkok residents since the Thai government decided to give away free Internet access to the city's residents to allow them to communicate more and drive less in an apparent move to change the driving habits of Bangkok people and thus lessen energy requirements

Project is targeting 500000 people with 15,000 free wi-fi hotspots and to last for 1 year and require use of access card to use the facility.

Just hope that the network is secure and not open to eavesdropping

Related Posts on Amazing Thailand:

Bangkok Tour
Backpacking Bangkok
Grand Palace
Ayutthaya: Old Capital of Siam
Bridge on the River Kwai
Nong Nook Tropical Garden Resort