Malaysian Philharmonic Orchestra To Perform Distant Worlds: Music From Final Fantasy In April 2019

The long-running Final Fantasy series is well-known to gamers for many things: its storyline, gameplay, and of course, its music. In fact, the music from Final Fantasy are as iconic as the games themselves and next year, you will be able to see some of them being performed by the Malaysian Philharmonic Orchestra (MPO).
According to the concert listing for 2019 season that MPO released earlier this month, the Distant Worlds: Music from Final Fantasy show will be taking place on 12 and 13 April at the Dewan Philharmonik Petronas in Petronas Twin Towers, KLCC. A local choir group, Dithyrambic Singers will also be accompanying MPO at the concert which will be under the direction of Arnie Roth, the very conductor that is part of Distant Worlds’ global symphony concert tour.

Details regarding the MPO concerts have yet to appear on Distant Worlds’ official website though; so, at this moment we don’t know if there will be any special appearances by Final Fantasy composers or original vocalists. You might have remembered that the series’ legendary composer, Nobou Uemetsu himself came down to the Kuala Lumpur leg of Distant Worlds’ tour last year.
Tickets for the concerts are priced at RM 141, RM 198, RM 254, and RM 358. MPO Subscribers already able to purchase these tickets while they will be made available to the general public starting from 20 December 2018. So, get them as soon as possible if you plan to attend them.
(Source: Malaysian Philharmonic Orchestra. Thanks to Fiona for the tips!)
The post Malaysian Philharmonic Orchestra To Perform Distant Worlds: Music From Final Fantasy In April 2019 appeared first on Lowyat.NET.

Continue reading »

Alleged Nvidia RTX 2060 Official Graphics Card Logo Leaks

It looks like Nvidia will soon introduce another graphics card under the its new “RTX” series. Dubbed the “RTX 2060”, Nvidia’s new graphics card is expected to be launched sometime in early 2019. Leaks have recently surfaced regarding the logo of the aforementioned graphics card, which somewhat confirms the existence of the RTX 2060.
The leak—which came from HardwareLuxx’s Andreas Schilling—shows the alleged official logo of the RTX 2060, which apparently was obtained from Nvidia’s internally circulated marketing material. Unsurprisingly, the leaked logo of the RTX 2060 looks very similar to the logo of Nvidia’s other RTX graphics cards.

#GeForceRTX2060 for desktop is real! (For those who still had doubts) Marketing material for the smallest #Turing expansion is arriving at the manufacturers marketing divisions. Beside 6 GB of #GDDR6 I can not confirm any tech specs. Stay tuned for the second week of January! pic.twitter.com/xaorlA6JLd
— Andreas Schilling (@aschilling) December 16, 2018

What is surprising, however, is the fact that the 2060 is branded under the RTX series. This, of course, give the indication that it may come with “RT Cores” which—for those who are unaware—means that the graphics card has Ray Tracing capabilities. In addition, whilst not stated with the leaked logo, folks at VideoCardz has mentioned that the RTX 2060 may come with 1,920 CUDA cores and 6GB GDDR6 memory (read more about this here).
It’ll be interesting to see just how well the RTX 2060 will perform upon its release in a couple of months (hopefully). We’ve recently wrote an article regarding the alleged performance of the aforementioned graphics card running Final Fantasy XV. Regardless, we do advice our dear readers to take this one with a grain of salt, as always.
(Source: Andreas Schilling via VideoCardz)
The post Alleged Nvidia RTX 2060 Official Graphics Card Logo Leaks appeared first on Lowyat.NET.

Continue reading »

Epic Games Store To Give Away Free Games Every Fortnight; First Free Game Is Subnautica

Ever since the announcement of the Epic Games Store, it’s a given that it’s an uphill battle the company will be facing against other more established platforms, Steam chief among them. In addition to the 88/12 revenue share split that it announced, the company also announced that it will be giving away free games every fortnight (pun definitely intended). This round’s free game currently happens to be Subnautica.
This promotion campaign is surely an aggressive one. It also remains to be seen if there are enough developers willing to put their games out for free this way for extended periods of time. But it’s certainly a move that will bring eyeballs to the Epic Games Store, which in turn could lead to more game developers adopting the platform.

Subnautica is free between 14 and 27 December 2018. The Epic Games Store will move on to its next free game, Super Meat Boy, from 28 December 2018 to 10 January 2019.
It’s worth noting that these two games are part of the 14 titles that the Epic Games Store launched with. Once the company announces the next free game, we’ll be able to see if the free games on offer is a rotation of the current list of games.
(Source: Epic Games. Also thanks to Kenneth Tan for the tip!)
The post Epic Games Store To Give Away Free Games Every Fortnight; First Free Game Is Subnautica appeared first on Lowyat.NET.

Continue reading »

Huawei Announces The Nova 4 Smartphone; Comes With 48MP Main Camera And Punch-Hole Display

Huawei has officially lifted the veil off the Nova 4, its new mid-range smartphone with an all-screen display. The phone was teased online for weeks, with many of these teasers hinting at a display similar to Samsung’s Infinity-O display.
As per earlier reports, the phone possesses a Full HD+ display measuring in at 6.4-inches with a punch-hole situated at the top left corner of it. That hole, by the way, houses a 25MP selfie camera that is actually embedded into the display itself.

The rear snapper of the Nova 4 utilizes a triple-camera setup. Featuring a 48MP f/1.8 shooter and paired with both a 16MP f/2.2 ultrawide angle sensor and 2MP f/2.4 depth sensor.
Specs-wise, the Nova 4 is powered by the Kirin 970 SoC, 8GB RAM, and comes with 128GB of expandable storage. The phone also comes with a fingerprint sensor built into its back, fast-charging USB Type-C, and a 3750 SoC.

The Huawei Nova 4 retails for 3999 yuan (~RM2417), and will first see distribution in China. There’s also a toned down version of the Nova 4 featuring just a dual rear camera setup with 48MP + 20MP sensors and a price tag of 3099 yuan (~RM1873).
At the time of writing, Huawei Malaysia did not mentioned if or when the phone will be available in Malaysia.
(Source: The Verge, 9to5Google)
The post Huawei Announces The Nova 4 Smartphone; Comes With 48MP Main Camera And Punch-Hole Display appeared first on Lowyat.NET.

Continue reading »

CIMB Confirms That The Unauthorized Debit Card PayPal Transactions Are Not Related To CIMB Clicks

It has come to our attention that CIMB has once again updated the FAQ document that the banking institution has released alongside the official statement regarding the implementation of the new security features on CIMB Clicks. This time, the document has finally covered the unauthorized PayPal transactions by CIMB debit cards which have also been talked by many netizens for the past few days.
Through the latest revision, CIMB has confirmed that the issue faced those unfortunate customers are not related to CIMB Clicks. The bank further stated that there was no increase in unauthorized transactions on its debit cards and things were apparently running normally.
Additionally, CIMB has also pointed out that funds that were involved in any irregular transaction will be returned to customers within 14 days provided that they have gone through the verification process. Here is a screenshot of the said section for easy references:

Meanwhile, the Commercial Crime Investigation Department of Royal Malaysia Police (PDRM) has advised consumers that were affected by the issue to come forward and report it to the police. We also recommend you to file the report as well; on top of the reports that you might have made to CIMB and PayPal.
(Source: CIMB – pdf)
The post CIMB Confirms That The Unauthorized Debit Card PayPal Transactions Are Not Related To CIMB Clicks appeared first on Lowyat.NET.

Continue reading »

PDRM: No Reports of Money Missing From CIMB Account Have Been Made So Far

In general, there were actually two security issues related to CIMB that have been discussed widely among local Internet users for the past few days. One being the password implementation on CIMB Clicks which we have touched right here and another one is unauthorized PayPal transactions involving CIMB debit cards.
Since both of them took place at roughly the same time period, some might think that they are related to each other. However, CIMB has confirmed that it is a separate issue altogether according to the latest version of the FAQ document (PDF) regarding the recent security implementation on CIMB Clicks.
As posted by Qazreen Qazz, who experienced unauthorized transactions of almost RM 5,000.
Interestingly, no police reports have been made regarding the loss of funds from CIMB accounts so far according to a report by Harian Metro yesterday. Citing the Deputy Director of Commercial Crime Investigation Department (CCID) of Royal Malaysia Police in Bukit Aman, Saiful Azly Kamaruddin, this was up until 4:00PM.
Saiful further pointed out that the department already aware of the issue since it went viral throughout social media. He advises consumers who were affected by the issue should come forward and report it to the police in order to allow them to investigate the issue
.
With that, we do recommend you follow exactly what the Deputy Director has stated in the news report even if you might have notified CIMB and PayPal regarding the unauthorized fund transfer from your respective accounts.
(Source: Harian Metro)
The post PDRM: No Reports of Money Missing From CIMB Account Have Been Made So Far appeared first on Lowyat.NET.

Continue reading »

What CIMB Malaysia has not told you, but should

There is no such thing as a bullet proof system in today’s connected world – even banking institutions are not spared. When an incident like what has transpired today with CIMB Malaysia comes to light, you would expect the organisations involved to be well prepared to deal with it in the best interest of everyone involved.
But, that’s always easier said than done, and once again we are faced with yet another security incident that is being poorly handled by those who are tasked with protecting the privacy as well as the financial information of their customers.
Before we get down to the nitty-gritty details, this is what CIMB should have told you weeks ago, but even today, after the social media storm that has taken place, they have yet to enforce a mandatory password change for ALL their users. So if you haven’t already done so, do it NOW. Please change your CIMB Clicks password immediately. ‘Encouraging’ is not an option, as they have so gently requested in their FAQ. We also strongly recommend that if you do not conduct overseas online transactions, to disable overseas transaction option for your CIMB Debit Cards. Whenever possible, set your CIMB Debit card transaction limit to the lowest possible value.
We are aware of the other issues related to CIMB Malaysia, but to avoid any overlaps, we will only be looking at the password issue in this post.
That 8 character password
The 8 character issue with CIMB Malaysia’s password is not something new. Frankly speaking, we were able to trace it back all the way to 2011 based on complaints on social media in relation to their constant changing of their password policy.

@CIMB_Assists, did u guys change the length of the password on the login form? It seems now it's limited to 8 characters. I can't login
— Imran Syed Jaafar (@imranjaafar) May 20, 2011

All the passwords i have used with CIMB Clicks Malaysia myself have always been more then 12 characters. Never have i had an 8 character password, but at some point in time, the policy did change – and the passwords were limited to 8 characters. Now this in itself is not a simple exercise to do, because even based on the above tweet, when the password length was trimmed down to 8 characters, those with longer passwords were not able to login (without having to change their passwords).
So, CIMB Malaysia, has claimed, that they have once again updated their password policy, and it is now a requirement that the password be between 8-20 characters, and require a combination of letters, numbers and special characters. While it is not specifically mentioned in the FAQ, there is now a mandatory requirement for the new password to contain at least one special character. Why? More on that later.
This particular FAQ, which was only released today confirms that the new policy came into effect on the 18th of November 2018, however, for reasons unknown, CIMB Clicks continued to accept logins from legacy password users. Whatever the reason for a password policy change, it is critical that all users are explicitly informed of the change, and should be compelled to change their passwords to comply with the new policy.
How to change your Password Policy and retain old passwords in 2 minutes
So, when the new password policy came into effect, CIMB Malaysia somehow decided that instead of compelling all users to do a password change to adhere to the new policy, they would instead allow both new and old passwords to co-exist simultaneously. And instead of making massive changes to how their system would allow this to be done securely, they chose a very simple, insecure, and downright nasty way of doing it.
Coding is an artform, and any self respecting coder would not be using this piece of code to check for the passwords to his grandmothers basement, let alone on the front end of a major Online Banking system.
Essentially, what the code does is this.
IF password CONTAINS SPECIAL CHARCTERS, ACCEPT WHOLE password,
IF NOT, JUST MATCH THE FIRST 8 CHARACTERS
So, when this code came into effect, even if you had a password of 15 or 20 characters before November 18, 2018, only the first 8 would be need to be correct to gain access to your account. While this does not automatically grant anybody access to your account, it greatly increases the chances of someone who more or less knows your password habits to guess the right password.
Now, if your password was a combination of letters and numbers, it would be harder to crack, but there are a lot of people who use just numbers as their password. How long does it take to crack a 8 character all number password – about 5 minutes.
Whats that reCaptcha doing there?
One of the first tell tale signs that something was seriously wrong with CIMB Clicks Malaysia was when they suddenly, without any warning decided to implement a reCaptcha authentication on their site. This of cause was after the CIMB Clicks platform was completely inaccessible for most of Saturday.

Some smaller banks around the world do turn to Google’s reCaptcha to keep away unwanted traffic because its free, and extremely easy to implement, but to say reCaptcha has been implemented to enhance customers’ security is nothing but a blatant lie.
What reCaptcha does is slows down spam bots (and in the case of CIMB Clicks brute force scripts) from hammering their system with millions of queries as it tries every single password combination to get into a customers account.

There are so many more elegant, secure and much more effective ways to keep spam bots, nasty scripts and even malicious users away, and reCaptcha does not figure anywhere on this list for an organisation of this size.
To hash or not to hash
We are going to get a little technical here for the last bit, so turn away now if you must. Based on the minified javascript we went through on the CIMB Clicks site, we are fairly certain that post 18th November, the passwords are now stored in a one way hash algorithm, making them quite secure in the event of any future breaches.
However, we are now somewhat concerned on how the passwords were stored before November 18th. There are generally two ways that passwords are usually stored on the backend databases of any systems (we say two, because we are hoping to God that it isn’t stored in plaintext). It could have been encrypted, or it could have been hashed.
Now the good thing about hashed passwords is, even without a salt value, it is pretty much one way traffic. While not entirely impossible to reverse the hash, it is going to take you forever and a day to retrieve the actual plain text password. So going back to the CIMB Clicks issue, if the passwords post 18th November were hashed, it would have been quite impossible for them to have played around with the number of characters – simply because there is no way of knowing the first 8 characters of the password, or even correctly guessing how many characters were in the password to start with just from the hash stored on the database.
For a quick example on how a MD5 has works, see below.
String: Lowyat MD5 Hash : 3d9511b72653307778afe42b5164c38e
String: lowyat (no caps) MD5 Hash: 9a7485524402678db8c71d5fddaad6d6
String lowyat1 MD5 Hash : 39b53cce07126625efedf6c4826bab65
As you can see, even one letter change, completely changes the MD5 hashing result, and in a hashed system, only the hash is stored in the password field. You can test it yourself here.
So, unless CIMB has been only hashing the first 8 letters all the way back from 2011, it is looking very unlikely that the customers passwords were hashed.
Which leaves us with the passwords being encrypted (again we are hoping its not plain text!). Encrypting passwords works as well, but the big issue with encryption as seen from the illustration above is that, anybody with a decryption key will be able to reverse the password from its encrypted form to a plain text form. More often then not, the encryption key will be a single key across the entire data set. Even if its not, it is very likely that the decryption keys will be stored within the database itself.
If the passwords were indeed encrypted, then it would be entirely possible to change the number of characters required for the password to be accepted as required by their password policies. However, this also means that anybody with access to the database very probably also has access to your plain text passwords.
Now, remember a little over a year ago when CIMB Malaysia lost their backup magnetic tapes? Lets all now pray that the data in these tapes was hashed and not encrypted.
And on that bombshell.. cue Top Gear credits.
The post What CIMB Malaysia has not told you, but should appeared first on Lowyat.NET.

Continue reading »

AMD Radeon Technology Group Senior VP Mike Rayfield To Resign From Position

Mike Rayfield, vice president and general Manager, Radeon Technology Group (RTG), AMD, will be leaving his position at the company. Announcement of Rayfield’s departure comes less than a year after he and another colleague, David Wang, were brought on to replace Raja Koduri, who had joined Intel shortly after leaving his position at RTG.
AMD confirmed that Rayfield’s departure is due to his decision to retire and “spend more time with his family and pursue his personal passions”. With Rayfield stepping down, Wang will act as RTG’s interim leader until RTG finalises its search for a new business leader.
David Wang, Senior VP of Engineer, RTG. Wang will be acting as interim leader of RTG.
Before joining RTG, Rayfield was the leader of NVIDIA’s Tegra unit, and before that was Micron’s mobile storage business unit. Prior to joining RTG, Wang himself had worked as a GPU engineer for ATI (and then AMD) from the year 2000 to 2012. Before becoming the senior vice president of engineering at RTG with Rayfield.
(Source: Anandtech via TechPowerUp)
The post AMD Radeon Technology Group Senior VP Mike Rayfield To Resign From Position appeared first on Lowyat.NET.

Continue reading »

NES Classic And SNES Classic Going Out Of Production

If you recall, the highly popular Nintendo Entertainment System (NES) Classic Edition went out of production once last year. This was followed by the announcement of the Super Nintendo Entertainment System (SNES) Classic Edition not too long after. This time, though, it looks like both will be going out of production for good.
In an interview with the Hollywood Reporter, Nintendo of America President Reggie Fils-Aime said “at least from an Americas perspective, these products are going to be available through the holiday season and once they sell out, they’re gone. And that’s it.”

While it doesn’t seem like this is due to a supply issue, it may have something to do with the fact that Nintendo also has its classic games via Nintendo Switch Online. After all, the platform has just added three NES games – Ninja Gaiden, Wario’s Woods and Adventures of Lolo.
It’s also entirely possible that popular demand will see the two classic consoles come back in the future, the way the NES did. If not, then this will be your last chance to get your hands on either or both of Nintendo’s classic consoles before they run out forever.
(Source: Hollywood Reporter via The Verge)
Edited By John Law
The post NES Classic And SNES Classic Going Out Of Production appeared first on Lowyat.NET.

Continue reading »

Blizzard Moves Developers Away From Heroes Of The Storm; Cancels 2019 Heroes Tournaments

Blizzard has announced that it will be moving manpower away from its Multiplayer Online Battle Arena (MOBA) title, Heroes of the Storm. The announcement goes on to say that the developers shifted from Heroes of the Storm will be working on other live games and unannounced projects.
Following this, the company also announced that the game’s tourneys, Heroes Global Championship and Heroes of the Dorm, will not be returning in 2019.
While Heroes of the Storm was never explosively popular like the two dominant MOBA titles League of Legends and Dota 2, it still has a passionate following of fans. Pro players of Heroes of the Storm are also clearly unhappy about the sudden cancellation of Heroes Global Championship.

That said, the game will remain as a live service, with updates and new content coming in. This includes new heroes and themed events, according to Blizzard’s statement. They just won’t come as frequently as they did before.
As for the announced projects, perhaps the mobile Warcraft title we heard of last month is among them.
(Source: Blizzard via PCGamer [1], [2])
Edited By John Law
The post Blizzard Moves Developers Away From Heroes Of The Storm; Cancels 2019 Heroes Tournaments appeared first on Lowyat.NET.

Continue reading »