Monday, December 22, 2008

Phishing Alert: Chinabank Online

First there was Metrobank Direct, then BPI, Asia United Bank, Equitable -PCI (now Banco de Oro) that got hit by phishers wishing to earn money the wrong way from unsuspecting online bankers

I predicted my own bank to be targetted by phishing people and there it was...a phishing email was sent to numerous email recipients where the senders kept their fingers crossed that a few uninformed souls will actually login to their Chinabank Online account.

For your info, China bank Online requires two passwords: one for login and another for transactions (called transaction password). The two can be made the same (i know it's weird, but it can really be set to be the same thus defeating the purpose)

Using two passwords is not the same as two-factor authentication...

Chinabank released advisories warning their clients that they won't send emails requiring acount holders to login to their account.

No bank does that, only evil miscreants do!

Related Post:
Chinabank Swift Code
Chinabank Bank Code for Paypal

Believe It Or Not, Chris Tiu is a Boring Host

I'm a big fan of Ripley's Believe or Not, from the great Jack Palance to the later Dean Cain (of Lois and Clark) as hosts.

On Philippine TV, the show is anchored by Ateneo Basketball star Chris Tiu. While he's a very good basketball player, his hosting skills need lots of the point of being boring with an almost monotonous tone reminiscent of AM radio station hosts.

Didn't you notice it? Try to listen to the way he presents each Believe It or Not feature and you'll see...he also depends too much on the teleprompter...

Saturday, December 20, 2008

Microsoft Internet Explorer Flaw: Patch Tuesday and Exploit Wednesday (MS08-078)

The just released patch for critical IE flaw by Microsoft, released out-of-band and not along with the regular batch of Patch Tuesday schedules just makes you realize that the vulnerability being corrected is really critical.

Normally, MS will release patches on the second Tuesday of the month, that's why it's called Patch Tuesday.

When I got wind of the vulnerability release, I immediately had the patch tested for bugs and rolled out to PCs and laptops with Internet access. It's a good thing that most users in the office don't have Internet Access (was cut off on September 21, an ominous date indeed) and also most of those who have use Firefox.

After a vulnerability's made public (though this exploit has been making the rounds of the underground hacker community for a while now), crackers and miscreants race to develop proof-of-concept codes and exploit the vulnerability, zero day or the next day, aptly called Exploit Wednesday.

For those looking download the latest patch, it's filename is IE7-WindowsXP-KB960714-x86-ENU.exe available at Microsoft Update Website (direct link here)

As for me, I don't use Internet Explorer except for testing and accessing stupid IE-only online banks and websites.

Clickjacking: Attack, Defense and Proof of Concept

Clickjacking, the latest of the seemingly endless attacks concocted by security researchers and crackers where unsuspecting visitors of a website are forced to click on invisible buttons and execute scripts, program, malware to steal passwords, cookies, listen to you , even activate your webcam to see what you're doing.

Almost presented by researchers at OWASP (Open Web Application Security Project) and also presented at the Hack in the Box security conference in KL.

For users, it's so dangerous that you'll never know what hit you just by clicking your mouse on a clickjacker's website.

Vulnerable browsers to Clickjacking: ALL (Internet Explorer, Opera, Google Chrome, Firefox, Safari)

Clickjacking Countermeasure: Firefox with NoScript add-on.

The only thing that will protect you from a clickjacking website is Firefox with NoScript Add-on, something I've been using be default when browsing the Internet. Just don't set NoScript to "Allow Scripts Globally" for it's useless defense.

For security awareness seminars, I always remind people refrain from visiting untrusted websites but it's hard for them to actually determine which sites are fine to access.

Later, I will test various clickjacking proof of concept codes/scripts to analyze, but not to be one of the miscreants.

Sunday, December 14, 2008

World of Warcraft: Wrath of the Lich King Cheats and Trailer

The hugely popular World of Warcraft by Blizzard broke its own record by The Burning Crusade which sold 2.4 million copies n 2007 by the new World of Warcraft: Wrath of the Lich King sold 2.8 Million copies.

World of Warcraft: Wrath of the Lich King Trailer:

Will update this post once my brother finds out World of Warcraft: Wrath of the Lich King Cheats one of these days.

Definition of Psychological Incapacity in Annulment Cases in the Philippines

With the growing number of annulment cases in the Philippines as a cover for not-existing divorce the law can fully catch up with loopholes exploited by annulment lawyers (divorce lawyers in the US)

In an earlier post, I've written about a case of Annulment based on psychological incapacity with a lawyer and corrupt judge conniving to fasttrack resolution of annulment cases to days instead of months and years. (In this case, the judge died a few days after issuing the ruling on the case of someone I knew...)

How do you define psychological incapacity for a marriage to be voided? Irreconcilable differences and conflicting personalities should not be one of them.
It must be identified as a psychological illness to be proven medically or clinically.

A newly-filed bill at the House of Representatives said "Its indicators include, among others, excessive and promiscuous sexual hunger, refusal to dwell with the other spouse, manifestations of socio-pathic anomalies like sadism or repeated infliction of physical violence, and laziness. In case of doubt, the bill mandates the court to resolve the case in favor of the existence of the marriage."

Unless the law is passed, the resulting lack of definition in the Family Code makes it a divorce law in disguise.

Related Post:

Marriage Annulment Philippines

Saturday, December 13, 2008

Philippine Rural Bank Holidays and Closures by BSP

We love holidays where no school and office to report to but it's a different matter whan it's a bank holiday for your bank.

In these times, several rural banks, some of them part of the Legacy group were "padlocked and placed under receivership by the Philippine Deposit Insurance Corp" :

Rural Bank of ParaƱaque
Rural Bank of Bais (Negros Oriental)
Pilipino Rural Bank (PRBI Cebu)
Rural Bank of San Jose (Batangas)
Philippine Countryside Rural Bank Inc. (PCRBI)

Rural banks that have declared a bank holiday:

Dynamic Bank (Rural Bank of Calatagan)
San Pablo City Development Bank
Nation Bank (Bacolod City)
Rural Bank of Carmen (Cebu) Inc.
Rural Bank of Calatagan (Batangas) Inc. (now Dynamic Rural Bank)
Rural Bank of DARBCI Inc.
Rural Bank of Kananga (Leyte) Inc. (now First Interstate Rural Bank)
Rural Bank of Bisayas Minglanilla (now Bank of East Asia)

Rural Bank of Subangdaku (RBS Bank) said they suspended business but it was not a bank holiday.

Note that for depositors of the rural banks to get their money back, just wait for official announcements from the BSP and PDIC. Note that deposits are insured up to P250,000.00 per depositor.

Lastly, thise news shouldn't sow panic on the Philippine Banking industry-- most banks are stable and liquid -- and the things that struck US banks won't hit us since banks are too strict with creditors.

Isn't it too hard to get a loan here?

Tuesday, December 09, 2008

Send Money to the Philippines: Bank SWIFT Codes Wire Transfer

For people working or living outside the Philippines e.g.expats and OFWs wishing to send money to the Philippines via Wire Transfer (or Telegraphic Transfer, TT), the recipient should at least have a bank account at a Philippine bank participating in SWIFT (not all local banks participate) though you can request a bank to transfer to money to your bank of choice for certain fee or bank commission.

You need these information about the recipient and his/her bank details:

Bank Name:
Bank Branch/Location:
Account Name:
Account Code:

For the Bank SWIFT CODE, here's a listing of verified SWIFT CODES directly from the official SWIFT website, not just copied from the BSP Philpass document

Allied Banking Corporation ABCMPHMM
American Express Bank Philippines - AMEXPHMM
Asia United Bank Corporation AUBKPHMM
Australia and New Zealand Bank ANZBPHMX
Banco De Oro Universal Bank BNORPHMM
Bank of America NA Manila BOFAPH2X
Bank of China Manila Branch BKCHPHMM
Bank of Commerce PABIPHMM
Bank of the Philippine Islands BOPIPHMM (BPI)
Bank of Tokyo Mitsubishi Ltd. BOTKPHMM
BSP Payments and Settlements PHCBPHMD
Chemical Bank Mla Branch JP CHASPHMM
China Banking Corporation CHBKPHMM
ChinaTrust Phil Commercial Bank CTCBPHMM
Citibank Cash Department CITIPHMXPRA
Citibank NA Manila Branch CITIPHMX
CitiBank Treasury Unit CITIPHMXTSU
Deutsche Bank AG DEUTPHMM
Development Bank of the Philippines DBPHPHMM
East West Banking Corporation EWBCPHMM
Equitable PCI Bank PCIBPHMM
Export and Industry Bank EAIBPHMM
Hong Kong and Shanghai Bank HSBCPHMM
International Comm Bank of China ICBCPHMM
International Exchange Bank INXBPHMM
Korea Exchange Bank KOEXPHMM
Land Bank of the Philippines TLBPPHMM
Maybank Philippines Incorporated MBBEPHMM
Metropolitan Bank & Trust Co. MBTCPHMM
Mizuho Corporate Bank MHCBPHMM
Philippine Bank of Communications CPHIPHMM
Philippine National Bank PNBMPHMMTOD
Philippine Veterans Bank PHVBPHMM
Philtrust Bank PHTBPHMM
Prudential Bank PILBPHMM
Rizal Commercial Banking Corp RCBCPHMM
Security Bank and Trust Corp SETCPHMM
Standard Chartered Bank SCBLPHMM
Union Bank of the Philippines UBPHPHMM
United Coconut Planters Bank UCPBPHMM
United Overseas Bank Philippines UOVBPHMM

Universal banks with foreign branches e.g. Metrobank has different SWIFT Code for the branches e.g. Shanghai and Kaohsiung (China), Tokyo (Japan), Taipei (Taiwan), and New York (USA).

Please don't ask the SWIFT code of you bank branch. Philippine Banks SWIFT Code are the same unless the branch is in a foreign country

Allied bank Swift Code, AMEX Swift Code, BDO Swift Code, Chinabank Swift Code, DBP Swift Code, HSBC Swift Code, Metrobank Swift Code, PBB Swift Code, PNB Swift Code, RCBC Swift Code, UCPB Swift Code

No information yet on the lowest rates and cheapest way to send money to the Philippines

Some banks maintain correspondent banking relationships to send/receive money

If your bank is not listed here, you may query the official SWIFT database at their website:

About Swift:

"SWIFT is the Society for Worldwide Interbank Financial Telecommunication, a member-owned cooperative through which the financial world conducts its business operations with speed, certainty and confidence. Over 8,300 banking organisations, securities institutions and corporate customers in more than 208 countries trust us every day to exchange millions of standardised financial messages."

There's still no information on the cheapest way to send money to the Philippines. Future posts will focus on remittance charges and money transfer rates.

Sunday, December 07, 2008

Nissin Speedlite Di622 External TTL Flash for Nikon/Canon

I've just bought a shoe-mount flash for my Nikon D80 DSLR camera from a store in Makati City

It's a Nissin Speedlight Di466 Nikon-mount that supports Nikon's i-TTL function.

My first impressions and testing:

It's so easy to use: mount it on you camera, turn it on and use i-TTL mode and you can take pictures with proper exposure.

I tested the slave function to trigger it using my cameras's on-camera flash and it works like charm but only on manual mode. It has no support for other triggers except optical

It has a built-in diffuser for wide angle shots and a built-in bounce card.

Manual mode lets you choose from 6 power level with the touch of a single button.

It's cheaper than Nikon's SB-400 by 33% and better than SB-400. It has almost the same guide number as the Nikon SB-600 Speedlight. I bought the cheaper third-party flash instead of Nikon's due to cost constraints. I can't compare the recycle time with Nikon flashes for I really don't have experience with them

It has a sister slave flash, the Nissin Di466, but I don't intend to be a strobist, I just want to have the advantage of bounced flash for family events.

This will be updated to include other observations and caveats :P