Wave of tech interview

Lovely Family Host is hosting interviews with customers around the globe to serve you how they have reached their goals while working together with Lovely Family Host.

This week, we would like to invite Ko Tin Myo Win, from Wave of Tech, to share his knowledge about working with a website and how he has made his way towards the cybersecurity and how we should care about our security.

Hi Ko Tin Myo Win, Nice To meet you. Can you introduce yourself?

I'm Tin Myo Win. I'm currently working on web security. There are two main types of protection, defensive and offensive. I mostly work on Offensive security. Offensive security means I attack as a hacker to find the vulnerable and report it to companies and tell how they can be protected.

How can we call this?

We call it Penetration testing.

Is it comparable to Forensic?

After the attack has approached, when a hacker attacked a website or infrastructure, we can trace back via collection their phone or computer usage history. They differ from each other but can categorize under cybersecurity.

Can you share your journey to Cybersecurity career?

I worked as a Web design and developer at first. In 2012, I departed to Singapore for my career. At that time, they are working to limit foreign workers. I joined most of them though they only let CV and they told that they would reach if there were some quotas available. I spend two months in Singapore. I got more information from my friends about jobs search. At that time, I created a website in Singapore named under designer Tin Myo Win. I built my website by only watching YouTube and browsing the web to install scripts and firewall on my website.

I accessed log files of my website after 6-12 month since I come back from Singapore. I found some script codes inside my firewall logs. They are mostly in Javascript and SQL codes. At first, I thought what are they and I copied and search over the engines. I found out these codes were used to hack a website though my firewall prevented these attacks. These XSS codes were in JavaScript and attacked me. I'm interested in it. The language I managed to develop that they used to attack my website. I've learned more detail about security process then I found and joined the CEH certification program.

Do you still run that website?

So far, I'm posting topics using Twitter and LinkedIn and begin shifting back to my website. I will continue as Wave of Tech. 

You can use social media to write your contents. Why do you choose to move back to websites?

I'm currently working on hunting bug bounty process. The difference between bug bounty and penetration testing is the later require teamwork.  The bug bounty hunting process is different. Any person who interested in security can participate in this process. They can hunt using the language of their choice. We call it crowd security by joining groups and hunt for vulnerable. When we emphasize hunting bounty, we have much less time for using the website and posting news and tools over twitter. I'm collecting tutorials and tools to post on my website.

What is your opinion on social media?

Social media is like a knife. If you use a knife and cook in the kitchen, we can get food. However, you can kill a person with a knife. Social media can be used to exchange multi-information though if you use the wrong side, you will inside the hole of social networks.

Let's come back to user security. How do you think about data security currently? There are loads of attacks such as Ransomware, malware in Myanmar. May I know why they spread and how we can protect.

When we talk about Ransomware, there is only one way, the internet. There is a limitation for accessing the internet in earlier times. When we have to download an application, we go to software shops. Can we get a license in these shops? No, we can't. They are cracked software. They told us to close the antivirus to install the crack. However, they do not update daily. They download the crack and use it for 3-4 months. When the company updates, they find cracks and they update the pirates. Nowadays, many think software shops are selling cracked software plus they can download via torrents to get more updates and save budgets. They also download latest updates from torrents.  Ransomware can exist if they are not confirmed. When you install such files, they fully encrypt your machine plus they ask money to decrypt. Many people pay to decrypt furthermore they lost both data and money. The difference between downloading from the internet and buying from shops is time lateness. If there is some malware included in shops, antivirus companies have researched about it also put updates so we can prevent it. If you download infected software from the internet, your data will lose and cannot recover smoothly. When you buy from the shop, they are late updates then most antivirus and antimalware software have patched about it. Another dangerous thing is downloading pornography contents from the torrent. Most of them are infected. 

If your device becomes infected, never give any money to the attacker. You will lose your money for sure if you give as they told. You will lose both your money and your data. The attackers also look for their security and safety. 

For example, I will attack your machine and ask some amount of money to decrypt. You will send the money I ask. Money transfer is only a transaction online or even using a bitcoin transaction which is untrackable. However, when I send decryption link via email, you can trackback by using logs and trace back to me. At least, you can get where am I or which country do I live. So, the attacker never decrypts your data. There is a document published by for NSA forensic investigator about wanna crypt Ransomware in iforensic.org in more detail. They used it for their greediness. They kidnap your data to get your money.

Which operating system can Ransomware infect?

Mostly windows operating system can be infected by Ransomware. I haven't discovered other OSes are infected by Ransomware so far. There is no store such as Apple Store or Linux repositories in Windows OS. It will lead to wrong URL download and get infected by Ransomware or any malware.

 

wave of tech

Can you tell us about the cons of using cracked or pirated software?

The first con is you can't get updates including security from these companies. Cracked software means a third person modifies the original codes and deliver it to you. He/She will not do anything for you free without any profit. He/she won't do for hours on decrypting. When you install cracked apps, you will be asked to disable antivirus and windows updates. Why? They do afraid antivirus software to be detected. There are some Ransomware or malware are included in most cracked software. If you can't pay for license fees, go to opensource software alternates. You can also buy with subscriptions.

There is no longer much difference between licensed and opensource software. For example, Photoshop alternative is GIMP. They have similar functions and performance. Inkscape is like CorelDRAW or Adobe Illustrator plus it can process SVG images. Adobe Indesign users can use Scribus. 

Myanmar becomes open to the internet, how should a user protect himself from internet theft?

For End-users, there are multiple devices for daily use. Regardless of your device, you must take care of the security of your devices. If you use Windows, You should use license Antivirus to get update frequently. Windows operating system is the most widely used operating system around the world. So, you can protect your device except for the very latest nightly virus. If you can't effort to use other software, you must use Windows legally. Windows updates can prevent you from infected. If you buy a new laptop, you should buy with a license. Beware that some shops remove windows license and remove stickers. Don't forget to get stickers officially.

How can we prevent if we are using Cloud services?

There are many opinions about using Cloud services. For me, Cloud is another person's computer. It is another person or company property.  If we put in the Cloud, we store our data on another person's device. You are giving the third party to manage your data. You should also backup your data personally. You should also observe your data before uploading to your Cloud for security reasons. You must back up sensitive information locally for your safety. Some incidents show that iCloud flawed some confidential photos to the public. We didn't get news about who did the hack however hacked. You shouldn't trustfully to any Cloud services.

If your phone broke, you should care about going to mobile repairs. When you forget about the login code, your mobile shop should unlock the mobile phone in front of you. You should remove sd cards before visiting a mobile shop to repair your phone. Anything can happen anytime during we left our phones. 

Can you explain why we need local storage?

You will need a NAS server when you have four to five people in your company instead of depending on Cloud service. We cannot say Ransomware cannot infect in Cloud System. We need to backup both remote or local server to protect our time and data. If you don't have computer and use mobile phones daily, you can save your data via OTG devices.

So, lets back to our website. How do you reach us?

I have a project at old Phandeeyar Co-working space then I subscribed hosting from you. I used it and feel comfortable by your interface. It is about 3 years since my first subscription.

 

May I know why do you subscribe with us among providers?

The first thing is I can reach you quickly and get supported. Also, monthly billing support makes me interested. When a person builds a website using WordPress or some other free apps, they can get their website up for free. But they are afraid to pay for annual hosting charges, especially startups. They think how will annual hosting costs affect their business to reach their targets. Especially when they are competitive to Social Networks. Many people will think you are referring to Facebook when you say the word: "Internet". They do have to publish Facebook pages if they want to target Burmese Citizens. A website is a fundamental requirement for a company. Many will think they boost on facebook and make sales, why do they require a website? Building a website that costs USD100 and boosting post costs USD100 on Social Media is different from each other.

If they invest in a website, a fundamental structure of a company has built plus International investors can reach us via websites. They will not try to contact you via Facebook.

When you are introducing a monthly billing system, These users can survive their businesses using your system. 

When you are building a brand, you need a website.

Another difference is when I use the social network, I give my data to the specific social network. My data remain mine if I use a hosting. I have to find, repost and share if I do want my data back. If I host on your hosting, I can get my data any time anywhere. There are also patent issues. You should read social medias' agreements. They preserved all the rights about the copyrights on our contents published to them.

To reach Wave of Tech:

https://www.waveoftech.com

https://www.linkedin.com/in/yasir-ansari/

https://www.twitter.com/tinmyowin

 

Category
By lwinmaungmaung on Fri, 12/06/2019 - 04:20