What pisses me off the most is when funding goes to R&D and operations to big ISPs in Malaysia and particularly a government owned ISP does not care at all about its users and the potential security risk their sites might have. From the perspective of a commoner, there is no reason to care and make sense of the potential risk one site might have in terms of data secrecy and information breach. I would like to introduce you to the wonder site managed by ISPx, occ.unifi.my One might have a new site to login but for god sake please take this site off production. Thx.
When you run a Qualys test on the site, you are in for a disaster result. I do not wish to disclose the results here but this is terrible. I wish i can sack their information security head for being so ignorant with the problems of the site. Okay, even if you do not manage the site anymore, there are lots of users who have personal data on that site. I have tried addressing this to ISPx but to my failure. It always falls on deaf ears.
This probably goes for most of the sites which share the same certificate under the unifi or tm domain. I “applaud” the work done by the security team of ISPx. Why do we pay big bucks then. No idea! Now to the biggie, it is probably the biggest social engineering campaign. There is no verification that it is a Unifi site on Facebook but they have their own form and site, and the details they collect. Man.. seriously, what are you doing ISPx? dont you have a opsec team. Hire me, ill do you a great favor!
Bite me, ISP x. You failed Information Security Practices 101.