Category Archives: otaku

On Anonymous declaring “War” on Singapore PAP government – Note from a regular IT dude

This post is contributed by a friend of mine, Wei Kiat, who is a regular IT dude. He has some interesting perspectives to share on the recent Anonymous and Messiah saga. If you found what was written here useful, do share this post to stop the fear-mongering:

1. Fear Mongering & the State of things

There had been a number of cyber attacks over the past few days by someone who calls himself “Messiah”. The attacks sparked panic island-wide, with people fearing about a “cyber” doomsday where everything would magically stop working and the whole island in chaos. I thought it would be prudent to set the records straight, to help layman understand what these attacks actually entail and to prevent the spread of needless panic and fear. Cases of blind-leading-blind when it comes to attacks and its implications are too rampant.

The usual disclaimer:

1) I’m not an IT security professional or a white or black hat hacker, merely a programmer, IT consultant & entrepreneur. If I have made any factual mistakes, please kindly feedback and I will rectify them.
2) The following are my theories. Many of my assumptions on the capabilities of Messiah I do not know as facts. I may be wrong. Please take it with a kilogram of salt.

Now, let’s consider Messiah’s technical capabilities.

2. Messiah’s Technical Capabilities

2.1 The Difference between “Web Systems” & “Internal Systems”

In other to understand what really went on behind cyber attacks over the past few days, for the sake of simplicity, let’s divide computer systems into two main categories, web systems and internal systems. By “web systems”, I refer to all the servers and systems behind an organization’s website. By “internal systems”, I refer to mission critical systems used by an organization for their day to day functions. For example, LTA’s website is on a “web system”, LTA’s traffic controller system is an “internal” system.

The attacks over the last few days all involved web systems, which are easier targets for attack because these systems are more public while generally having weaker security mechanisms. There is no sign that Messiah was able to gain access to any internal systems to date. Fear-mongers have been preaching and misleading people in thinking that as an example, if LTA’s website got hacked, our traffic lights will stop working. That is simply not the case, and Messiah has not yet demonstrated his ability to carry out ”infrastructure crippling” attacks. Sad to tell you, but ERP will still continue to work even if LTA’s website is down.

2.2 Understanding attacks on “Web Systems”

To help layman in understanding the nature of attacks on websites, let’s imagine that every time you type in a URL on your web browser, a tiny truck comes out of your computer (a web request), look up the destination on street directory (a DNS server), drives to the warehouse (website server) to pick something up (the actual website) and bring it back to you (website loads on your screen).

To attack a website, the attacker can either prevent your tiny truck from ever reaching the factory while leaving the factory untouched, or enter the factory to shut it down (a.k.a hack into the server.)

Attacks over the past few days can be categorized into two main types: defacement attacks (when the website got vandalized, such as Straits Times’ Blog) and service availability attacks (when the website becomes inaccessible for a period of time, such as the supposed hack on government websites).

2.2.1 Defacement Attacks

A very strange pattern emerged. It seemed as if only sites running open source CMS (content management systems) and/or or cheaply outsourced were defaced. For example, only the blog section of Straits Times was hacked, because out of the entire Straits Times site, only the blog section uses an open source CMS. Hacking into a CMS involves gaining access to either (1) the CMS admin dashboard or (2) the web server. The CMS admin dashboard is a simple system that allows non-IT personnel to update the content of a website. Hacking into the CMS admin dashboard does not mean the hacker has complete access the entire web server.

Gaining access to CMS admin dashboard is easy. For open source CMS solutions, exploits are always discovered and published, in order for security fixes to be written and distributed in a very short amount of time. However, most solution vendors in Singapore hand off CMS to their clients immediately after project conclusion, and seldom advice their clients to do constant upgrades, opening huge opportunities for attack. Many CMS admin dashboards also use the same default username, such as “admin”. In most cases, such accounts are shared among different staff, so to help everyone in remembering the password, plain english passwords are commonly used. It is then easy to use a simple dictionary attack to hack. Dictionary attack simply involves using a program to try different passwords at high speed. Given enough time (days, months, years, centuries), any account could be hacked this way.

From the very specific targets of attack (only open source CMS sections of a website were hacked i.e. Straits Times Blog, and only websites using open source CMS were hacked i.e. CHC website), I think it is safe to conclude that Messiah did not attempt or did not have the necessary skills to hack into an actual server.

2.2.2 Service Availability Attacks

How about supposedly bringing down a couple of government websites as well as Straits Times, Stomp and Hardwarezone (all owned by SPH) for a couple of minutes? For this post, let’s assume the government websites were down because of a cyber attack, not a “scheduled maintenance”.

Server hacks are hard to recover from if there’s damage done. Looking at how fast we recovered from those attacks, it is possible to speculate that the servers were never actually hacked. Using the tiny truck analogy from above, the attacker simply prevented your tiny truck from ever reaching the factory (so when you try to access a website, it could not load). Two common methods are known as DoS (denial of service) and DNS Spoofing or poisoning.

Denial of service attack is an attack that doesn’t require much skills. To prevent your tiny truck from reaching the factory (connecting to the web site), the attacker simply had to send millions of tiny trucks to the same factory at the same time so that the highway became so congested your truck couldn’t get through.

While I am not too familiar with DNS poisoning, DNS servers are like street directories. DNS poisoning attack messes up the directories, causing your tiny truck to lose its way and can never reach the factory.

Let me repeat, both DoS and DNS poisoning attacks do not involve actual hacking (e.g the factory in the analogy above was never compromised). There is no need to infiltrate any government or SPH servers to execute these attacks.

2.3 What does this say about Messiah?

In summary, Messiah was only able to breach certain web systems; he was not reported to have breached any internal systems. In cases where web systems were breached, Messiah was only able to do so via the CMS. He was never able to hack into the actual web server. For websites that does not use weak CMS, he simply did a service availability attack. This doesn’t sound like someone who is an extremely skilled hacker as proclaimed in the video.
Conversely, the skill-set required for the attacks we have seen so far are very different from those crazy hardcore attacks we have seen Anonymous do on news reports. I am speculating that Messiah may not even be from Anonymous.

3. What’s next?

I think Messiah will continue looking for easy exploits among high profile websites, and when he or they can’t hack, they will simply do a DoS or DNS poisoning attack to make a statement.

I trust the security capabilities of our government sites, and I still believe that unless there are different hackers who join today, our data on government servers and infrastructures will remain safe.

As an average Joe, I don’t think there’s much to fear about these attacks because:

1) As concluded above, Messiah doesn’t seem competent enough to actually compromise important servers
2) Once again, “web systems” and “internal sustems” are different. Hacking into LTA website does not equate hacking into LTA. Your traffic lights will still work. They are different things.
3) Assuming that even if he or they have the ability, there is no reason for Messiah to try to gain unauthorized data, or to abuse or leak them. The youtube video called for support from Singaporeans. There will be more haters than supporters if such things happened.
4) The attacks so far are more in line trying to “make a statement” than to retrieve or leak any sensitive data. This trend may continue.

Hope this post help provide some insights into the confusing world of cyber security, and to maybe help with allaying the fear and reducing confusion after all the blind-leading-blind articles that have been popping up lately.

That said, organizations and individuals should remember to always exercise prudence and preemptive diligence when it comes to security. Cyber attacks are very real and may strike you when you least expect it.

Quick Take on the Hello Kitty Madness in Singapore

It takes a plush toy with no mouth to bring out the worst in some Singaporeans. After buying and hoarding N95 masks in bulk to profiteer from the haze in times of misfortune, entrepreneurial Singaporeans were at it again the previous night, buying and hoarding a limited edition black “Singing Bone Hello Kitty” from McDonald’s to resell at exorbitant prices.

Here is an awesome video of an equally awesome grown man cursing a poor staff at McDonald’s because he cannot get a black Hello Kitty to cuddle to sleep at night and will die of loneliness if that happens.

You can read the backstory over the incident via this Facebook post by the same lady who posted the video online.

Here is another awesome video of two Ah Bengs abusing a poor McDonald’s staff because they were told they can only buy two dolls per person instead of four. I teared after watching the video because I felt so sorry for these two poor guys. Why can’t McDonald’s staff understand that the average Singaporean male needs to have at least FOUR Hello Kitty dolls to hug at night in order to sleep well? 

Here is an awesome picture circulating online of a guy who will get laid at least 21 times because he has 21 black Hello Kitty dolls:

Only in Singapore would a grown man who collects Hello Kitty plush toys get lucky with girls.

Here are some awesome spoofs:

I find it hilarious when I hear stories about random people who went to queue and buy the black Hello Kitty because they saw many others doing it. These people are not Hello Kitty fans, neither were they intending to flip it for a profit; they just buy because everyone else is doing so. Herd mentality at its best. The perfect testimony to our wonderful education system churning out drones.

I feel sorry for the genuine fans and collectors who have to compete with these people to get their full collection.

Anyway, if you are among those who die-die must get your hands on one of these dolls, why not consider ordering them directly from the China factories where they are made? 

Otherwise, I have another suggestion – take one of the old, white Hello Kitty dolls which you have queued and fought over during the last McDonald Hello Kitty craze and torch it. After that, use a chalk to draw a few white lines on the stomach. Voila! You have just made your own ultra limited edition black Hello Kitty which only you will have in the entire world!

It will definitely fetch a price higher than these on eBay:

At S$120,000 for a black Singing Bone Hello Kitty, the Singapore government should seriously consider investing in them and issuing these dolls to newly-wed couples as subsidies for their HDB down payment.

Maybe we can also offer a truckload of these to the Indonesian Minister who complained that S$1 million is too little to help them fight forest fire… This will help us get rid of the haze, once and for all.

Hail the almighty Chao-Ta Kitty!

Watch these toys animation videos by Counter656 and get blown away

Ryu vs Ken
Ryu vs Ken

After watching these videos made by Counter656, you are never going to look at playing with action figurines the same way. Here are some of my favourites:

The videos are all scripted and produced solo by a 30-years-old Taiwanese part-time university teacher in his home, with nothing more than his computer and some software. He made the videos for fun.


Then again, I hope he has many real-life friends outside his room and away from his computer. Although I respect his works, there is something depressing thinking about a grown man spending so much time playing with action figurines…

Ironman vs Woody
Ironman vs Woody

Casio G-SHOCK Celebrates 30th Anniversary in Singapore with Pop-up Store and Limited Edition Maison Martin Margiela Collaboration

Casio pop-up store at ION Orchard
Casio pop-up store at ION Orchard

Last Friday (14 June), the 30th anniversary celebration of Casio G-SHOCK kickstarted with the launch of Singapore’s first ever Casio pop-up store at ION Orchard Atrium Level 1. From now till 23 June 2013, the pop-up store will be displaying the latest and most exclusive G-SHOCK and Baby-G timepieces, along with a special limited edition G-SHOCK designed in collaboration with Maison Martin Margeila.

G-SHOCK + Supra Footwear
G-SHOCK + Supra Footwear
G-SHOCK + Be@rbrick
G-SHOCK + Be@rbrick
G-SHOCK + Stevie Williams
G-SHOCK + Stevie Williams

Thirty years ago in 1983, the founding father of G-SHOCK, Kikuo Ibe, created the original G-SHOCK after two years of trials and over 200 experimental prototypes. G-SHOCK eventually emerged as a global phenomenon, known for its innovative shock-absorbing and high water resistant material.

G-SHOCK Red & Blue series
G-SHOCK Red & Blue series
Series of red G-SHOCK watches
Series of red G-SHOCK watches
Gravity Defier
Gravity Defier
MR-G with titanium case
MR-G with titanium case

When I was in my secondary school, owning a G-SHOCK watch makes you very cool in school.  I remember saving hard to buy one together with two of my close pals. We even went down to the G-SHOCK warehouse to beg the retailer to sell it to us at a cheaper price (we succeeded). To date, I have more than seven G-SHOCK watches. All of them are still functioning, including the ones I bought more than two decades ago!

 The interior of the pop-up store is designed to be a walk-through museum, featuring 30 new and creative G-SHOCK designs conceptualised by G-SHOCK fans in Singapore as part of the “Design A Casio G-SHOCK” competition held in March this year.

Some of the watch designs submitted by fans
Some of the watch designs submitted by fans
G-SHOCK with butterfly wings
G-SHOCK with butterfly wings
Punk-rock G-SHOCK
Punk-rock G-SHOCK

There will be a “Casio Shock the World Party” to follow, whereby the top designs among the 30 entries will be announced. The winning design will win a pair of tickets to Japan, among other attractive prizes. Do go check out their designs, I was very impressed by some of them.

The “Casio Shock the World Party” is actually part of the “Casio Shock the World Tour”, which has visited 35 cities around the world since 2009, including Paris, Barcelona, Berlin, Mexico City, New York, Shanghai, Hong Kong, Sydney, Bangkok and Tokyo. It is slated to make a stop in Singapore on 19 July 2013. Keep a look out for it.

The Casio pop-up store will be open from 10.00am to 10.00pm daily till 23 June 2013. Selected limited-edition watches displayed at the store will be available for purchase at the nearest G-Factory outlet at Basement 3, unit B3-65B in Ion Orchard.

Particularly note-worthy is the exclusive G-SHOCK by Maison Martin Margiela (GA-300MMM-8). There will only be 48 pieces of this exclusive model available for sale in Singapore:

Limited edition G-SHOCK by Maison Martin Margiela
Limited edition G-SHOCK by Maison Martin Margiela

A well-acclaimed fashion brand founded in 1988, Maison Martin Margiela designed the bespoke timepiece inspired from the G-SHOCK GA-300, an orignal design by Casio. Each piece features Maison Martin Margiela’s signature “0 to 23” logo engraved on the back case of the watch and is tagged with an exclusive serial number.

Priced at S$399 each, the G-SHOCK by Maison Martin Margiela is available since last Friday, exclusively at G-Factory outlets at Plaza Singapura (#03-63), ION Orchard (#B3-47) and Takashimaya (level 1), while stocks last. Pre-orders or reservations are not available and consumers are limited to buy only 1-piece each.

Movie Review: PARANORMAN (3D)

PARANORMAN movie poster
PARANORMAN movie poster

PARANORMAN is a 2012 American 3D stop-motion animated comedy horror film produced by LAIKA, an animation studio that specialises in producing stop-motion animation.

This is seriously hardcore okay.

Everything in the movie was produced FROM SCRATCH:


The voice cast includes Casey Affleck, Tempestt Bledsoe, Jeff Garlin, John Goodman, Bernard Hill, Anna Kendrick, Leslie Mann, Christopher Mintz-Plasse, Kodi Smit-McPhee, Jodelle Ferland, Elaine Stritch, and Tucker Albrizzi.

It is the first stop-motion film to use a 3D color printer to create character faces, and only the second stop motion film to be shot in 3D.

In case you are wondering, Coraline (2009) was the first stop motion film shot in 3D. It was also produced by LAIKA and made USD$120 million worldwide. Coraline won the Annie Awards for best music, character design, and production design and received Academy Award and Golden Globe nominations for Best Animated Feature.

With such stellar credentials for their previous film, audiences’ expectations are high for PARANORMAN – and it delivered.

Here’s the official trailer:

The storyline revolves around a boy, Norman who can see and talk to ghosts. As a result, he was treated like a freak by his family and peers, leading a miserable, lonely life.

In a sudden turn of event, Norman’s town was overrun by witches and zombies. It was up to him to save the day.

Entwined into the storyline are underlying universal feel-good themes on friendship and anti-bullying/discrimination.

Yes, the film features ghostly characters.

No, I do not think the characters are likely to freak out children. The ghosts are rather likeable and there are good moral values at the end of the show.

PARANORMAN is now showing in Singapore cinemas.

Go catch it with your family and friends! It is both suitable for adults as well as family audiences.

Something fun to end this blog post with:

If you are on Instagram, remember to tag @PARANORMAN!

Formula Drift (Ken Gushi) X Casio G-Shock Collaboration

Ken Gushi together with two senior management staff from Casio Singapore Pte Ltd
Ken Gushi together with two senior management staff from Casio Singapore Pte Ltd, flashing the limited edition G-Shock

Last Friday, Casio Singapore Pte Ltd announced their inaugural sponsorship of Formula Drift star, Ken Gushi, and his team  in the upcoming 2012 Formula Drift Asia race which will see the Singapore leg flag off on 30 June 2012 at Changi Exhibition Center.

To celebrate the collaboration between Formula Drift and Casio, a limited-edition G-Shock watch, the Casio G-Shock DW-6900CB-4DRIFTDS, designed by local street brand, Flesh Imp was launched on the same day.

“Casio G-shock is thrilled to make our inaugural sponsorship to support Ken Gushi and his team in the Asian series of the 2012 Formula Drift competition, as we believe that he is a brilliant representation of the G-shock brand identity, as an up and rising young personality displaying absolute tenacity to beat the odds in his career. We have strong faith that he will be able to out do himself in this year’s race and Casio is glad to be a partner in his climb to the top spot on the podium”, said Mr Takaya Hideki, Managing Director of Casio Singapore Pte Ltd.

“I am very excited and honoured to have Casio’s support in the Formula Drift Asia race this year as I have always found the brand’s G-Shock watches to be an ideal accessory for sportsmen and those frequently on the go, like myself, as the timepieces are strong in withstanding rough situations and are known for their water/shock-resistance and durability. Their trendy and vibrant designs are also very attractive, allowing for a tough watch with practical qualities without compromising on style”, said Mr Ken Gushi, on this partnership with Casio.

Ken Gushi, armed with almost a decade of experience as a Formula Drift driver, launched his professional driving career at the age of 15 and has made his mark in prominent races such as the D1 Grand Prix of Japan and the Formula Drift Championships of the United States. Having seen his fair share of wrong turns on the race track, Ken’s stellar performance at the Formula Drift Asia series in Singapore in 2011 landed him a spot on the podium as the second runner-up and displayed his resilience as a professional driver, a quality that is reflective of the G-shock brand positioning of portraying toughness and durability.

Ken Gushi posing with a Casio G-Man
Ken Gushi posing with a Casio G-Man
Ken Gushi's very stylishly designed drifting car
Ken Gushi’s very stylishly designed drifting car
Side view of the car
Side view of the car
Ken Gushi greeting the media
Ken Gushi greeting the media

Likewise, recognised for its strength, adaptability and water/shock-resistant qualities, the Casio G-shock complements the fast-paced and active lifestyle of Ken and his team, cementing the relationship between the brand and the drivers both on and off the race track.

To mark the partnership, a Casio G-shock DW-6900 piece, specially designed by local streetwear label, Flesh Imp, was introduced to the market for fans and collectors alike.

The guy in yellow pants is one of the founder of Flesh Imp who designed the limited edition Casio G-Shock
The guy in yellow pants is one of the founder of Flesh Imp who designed the limited edition Casio G-Shock

Keeping with the red, black and white colour theme of the Formula Drift race, the straps of the digital timepiece feature the Formula Drift and Driftpac logo prominently. Inspired by the “stickerbomb” sports culture whereby many different stickers are pasted on a car over a period of time to create a random yet one-of-a-kind design, the watch design by Flesh Imp combines elements of drifting and street culture to create a unique timepiece for the occasion.

A Casio G-Shock roadshow was held at Bugis Junction from last weekend, whereby the star-driver himself made an exclusive appearance on Saturday, 16th June. Fans had a chance to take on Ken in an arcade racing competition to win exciting prizes that included entry tickets to the Singapore leg Formula Drift Asia 2012 event!

The special collaboration timepiece, Casio G-Shock DW-6900CB-4DRIFTDS (S$178.00), is now exclusively available at Casio G-Factory store at Bugis Junction, while stocks last. Go grab yours before it’s all SOLD OUT!

G-Shock watches cast in ice at the media event last Friday
G-Shock watches cast in ice at the media event last Friday
Indestructible Casio G-Shock - the time still ticks even if the watches are cast in ice
Indestructible Casio G-Shock – the time still ticks even if the watches are cast in ice
Another pair of indestructible G-Shock watches
Another pair of indestructible G-Shock watches
Ken Gushi and Mr Hideki from Casio, ready to cast the first hammer blows on the ice block
Ken Gushi and Mr Hideki from Casio, ready to cast the first hammer blows on the ice block
Ken and Mr Hideki hacking away at the ice with all their might
Ken and Mr Hideki hacking away at the ice with all their might
More people chipped in to hammer away at the block of ice
More people chipped in to hammer away at the block of ice (including me)
Look at this - after being cast in ice and hammered at, the watch is still in one piece and ticking!
Look at this – after being cast in ice and hammered at, the watch is still in one piece and ticking!

For more information and updates, join the official Casio Facebook Fanpage at: or visit

About Casio G-SHOCK

G-SHOCK began with an engineer’s brief calling for development of an “unbreakable watch”, to which CASIO responded by organizing Project Team TOUGH in 1981. The team produced over 200 experimental prototypes for performance tests, spending about two years on structural development and parts enhancement. Finally, in 1983, the original shock-resistant structure was completed and this marked the birth of the first G-SHOCK model, the DW-5000C, created by Kikuo Ibe, Casio’s Research and Development Chief Engineer.

The G-SHOCK brand has enjoyed constant popularity due to its consistent shock-resistant design, distinctive shape that exudes functionality, and its robust appearance. One of the most interesting timepieces of the brand was that of the Tough Solar series, which uses solar energy to power up; making it eco-friendly. CASIO’s G-SHOCK line of tough watches perform even under extreme conditions, thanks to its unique shock-resistant construction that withstands vibration and impact.

Throughout the years since, this tough watch has raised challenges insatiably based on its inherited shock-resistant structure. G-SHOCK continues to take up new challenges beyond the limits of time and common sense.

About Formula Drift Asia

Formula Drift is the first and only sanctioned North American professional championship drifting series, with the goal of expanding and developing the motorsport of professional drifting in Asia. The 1st Singapore championship in 2008 signified our desire to transform drifting into a truly global mainstay and the Asian championship provides an opportunity for local drifters to compete, hone and learn from the very best. In 2012, the Formula Drift Asia championship will take place in Malaysia, Singapore, Thailand and Indonesia. Supported by ESPN STAR Sports extensive broadcast network and event management expertise, the thrill of high-speed drifting will be showcased to millions of viewers in Asia and beyond, Please visit for more information.
Based on Formula Drifting’s traditional “head-to-head battle” format, drivers attempt to qualify, in single judged runs, to be one of the 32 drivers that will enter the main competition bracket. During the bracketed “tandem battle” competitions, drivers are paired off in a head-to-head competition of skill and nerves in a championship format to determine one final winner.

Tickets for the Singapore leg of Formula Drift Asia 2012, prices ranging from $30.00 to $65.00, are now available at all SISTIC outlets.

[Movie Review] POV ~Norowareta (呪われたフィルム) Film~

POV movie poster
POV movie poster

This J-Horror movie by horror movie director, Norio Tsuruta 鶴田法男 (つるた のりお), is released under the tile, POV A Cursed Film (被诅咒的影片) in Singapore and is opening in cinemas from 26 April.

Thanks to the folks at Shaw, I caught the preview screening on Monday (16 Apr) with a group of bloggers at the exclusive Shaw Preview Theatre (not open to public).

I was wondering whether the screening venue was a deliberate prank. Look at how similar it is to the movie theatre featured in the POV movie (images via Venice Jacob’s blog):

Shaw Preview Theatre on the right and the movie theatre in POV on the left
Shaw Preview Theatre on the right and the movie theatre in POV on the left

Spooky isn’t it?

The whole movie is shot with an unique video camera-style cinematography; features many short POV horror video clips; and had the lead actresses starring as themselves in a tricky plot of a reality ghost movie about the making of a reality ghost movie.


I find this a refreshing change from the typical slow-moving J-Horror movies which we are used to.

Bubblegum pop songs were used as song tracks and the two leads are dressed in super kawaii Japanese schoolgirl uniforms. These are definitely unconventional for a horror movie.

Go catch this in cinemas if you are a fan of horror movies to EXPERIENCE a “Blair Witch” style movie in Japanese (but with a proper story line and less nauseating shaky video shots)!

I am puting emphasis on the word “experience” as watching POV has a simulacrum effect where one would find it hard to discern between what was the “reality” in the movie and what was the “copied reality”. Sounds pretty confusing? You will know what I mean when you see the movie for yourself. 🙂



Mirai and Haruna are shooting a show streamed on smartphones which introduces different viewer submitted videos. That day the videos were all of paranormal phenomena, carefully selected alleged accurate accounts of haunted occurrences. In the middle of one video, the image gets interrupted, immediately turning back on to show a footage that was not in the script. The video capture an urban legend rumoured at Haruna’s school. A psychic on the show assesses that a certain demonological ritual must be performed in order to rid the school of this phenomena. The director, agents and the two girls go to the school accordingly to find there is more to the video than meets the eye…