Like many other property developers, IOI properties put up an registration form on their website to collect user data. Unlike many, they do have a sense of security, as they have this extra captcha things that many other developers’ website lack of. http://www.ioiproperties.com.my/puterisepang/Registration.aspx Captcha is a technology to generate human readable text into an image format, where it can not be easily analyse by robot (a piece of programming script). This help to ensure submitted data come from genuine human user as they will have to reinsert this text along with the submission; Definitely one of the effective methods to stop spam and is widely use by big sites like facebook, google, yahoo. However, this IOI captcha is a wrong implementation. Not only totally useless, vulnerable to attack, but also shows the lack of understanding from its creator. IOI captcha is not dynamic generated! It is just a collection of static images. Their system just randomly select one to display. For example: http://www.ioiproperties.com.my/jcap/cimg/191.jpg http://www.ioiproperties.com.my/jcap/cimg/1.jpg http://www.ioiproperties.com.my/jcap/cimg/7.jpg http://www.ioiproperties.com.my/jcap/cimg/106.jpg This kind of bug is very dangerous, as it gave people a false sense of security. Attacker just need to download the whole set of 191 images and create a dictionary as below, next analyse the webpage html to acquire the image source url, then he can easily spam the system:

• 191.jpg – good
• 1.jpg – polish
• 7.jpg – soap
• …

In fact, there are many free and opensource captcha services available online. For example: http://www.captcha.net/. Programmer should have no excuse for not using it. Note: I am and will not be responsible for any attacked to the site caused by this article.

Got this invitation email from HleBroking to register MAS Enrich for FREE and earn point while trading. The URL is http://www.enrich.malaysiaairlines.com/EnrichWebsite/NewMember.jsp  However, after filling long registration form, on the final stage when submit, the site response with HTTP 500 error.  It appear that an error.jsp file was not found. MAS share price already drop into deep shit, required government funding to help almost every year, and yet they can’t get a membership system done correctly.  

Senheng  as one of the leading electrical appliances store in Malaysia, and known to have a sucky website since day 1. Now, they finally had revamp it with new features like e-commerce system, responsive design, better product catalogue, new layout, using cdn… But sadly, it is still full with bugs and errors. For example, the promotion page have connection to db error msg.   An e-commerce page that’s messy and long way scrolling down, more like a spoiled layout.   And a responsive design page that doesn’t looks good on small screen. IT is crucial in today retail business, looks at example like wallmart and dell, or even china gome. I likes some of senheng concept such as modern looking store & nationwide free delivery, and is always looking forward hoping to see they get serious in online store. As the best company to work for in Asia year 2013, senheng might have a happy to work in environment, but for sure, their IT staff still have many rooms of improvement.