Category Archives: Bug Spotted

Normal Map

We asked for normal map to use on 3d coin, but our freelance designer gave us this: 5Cent_LoNormalsMap   This is not normal map, not even quite a bump map. Here is a better explanation: normalMapMiniTut Malaysia colleagues trains many good 3D artist, but mostly for the pre-rendered video use. They should expose more to real-time rendering 3d modelling.  

IOI Properties: this is not how you use captcha

Like many other property developers, IOI properties put up an registration form on their website to collect user data. Unlike many, they do have a sense of security, as they have this extra captcha things that many other developers’ website lack of. puterisepang Registration.aspx Captcha is a technology to generate human readable text into an image format, where it can not be easily analyse by robot (a piece of programming script). This help to ensure submitted data come from genuine human user as they will have to reinsert this text along with the submission; Definitely one of the effective methods to stop spam and is widely use by big sites like facebook, google, yahoo. However, this IOI captcha is a wrong implementation. Not only totally useless, vulnerable to attack, but also shows the lack of understanding from its creator. IOI captcha is not dynamic generated! It is just a collection of static images. Their system just randomly select one to display. For example: 191 1 7 106 This kind of bug is very dangerous, as it gave people a false sense of security. Attacker just need to download the whole set of 191 images and create a dictionary as below, next analyse the webpage html to acquire the image source url, then he can easily spam the system:
  • 191.jpg – good
  • 1.jpg – polish
  • 7.jpg – soap
In fact, there are many free and opensource captcha services available online. For example: Programmer should have no excuse for not using it. Note: I am and will not be responsible for any attacked to the site caused by this article.

MAS Enrich system down

Got this invitation email from HleBroking to register MAS Enrich for FREE and earn point while trading. The URL is  However, after filling long registration form, on the final stage when submit, the site response with HTTP 500 error.  It appear that an error.jsp file was not found. MAS share price already drop into deep shit, required government funding to help almost every year, and yet they can’t get a membership system done correctly.   mas

Senheng Online Store

Senheng  as one of the leading electrical appliances store in Malaysia, and known to have a sucky website since day 1. Now, they finally had revamp it with new features like e-commerce system, responsive design, better product catalogue, new layout, using cdn… But sadly, it is still full with bugs and errors. senheng error For example, the promotion page have connection to db error msg. senheng messy   An e-commerce page that’s messy and long way scrolling down, more like a spoiled layout. responsive design   And a responsive design page that doesn’t looks good on small screen. IT is crucial in today retail business, looks at example like wallmart and dell, or even china gome. I likes some of senheng concept such as modern looking store & nationwide free delivery, and is always looking forward hoping to see they get serious in online store. As the best company to work for in Asia year 2013, senheng might have a happy to work in environment, but for sure, their IT staff still have many rooms of improvement.