What is Wi-Fi 6 and why it is a game changer?

Wi-Fi 6 is the consumer friendly name for the IEEE 802.11ax, which is the current generation Wi-Fi specification standard and the successor to Wi-Fi 5, also known as IEEE 802.11ac.

This new standard comes with various improvements to efficiency and throughput. It is also backwards compatible with your older devices since it supports both 2.4 Ghz and 5 Ghz bands.

But, before we can dive deep into explaining what is Wi-Fi 6 and advantages it bring to the table, we need to be on the same page regarding certain terminologies. We shall also setup some analogies that we will use to explain technical details in simpler terms.

To connect to the internet, we will need to install either a modem or gateway provided to us by internet service providers. If it is the former, a router typically is connected to the modem to provide additional connection points such as ethernet ports and Wi-Fi for our devices to connect to in order to access the internet. If a gateway is used instead, the gateway itself is also a router and could also provide the same functionality as a standalone router.

With that in mind, let us imagine the router to be a large warehouse in a middle of a small city. It has a number of gates or main doors that represent antennas. In addition, there are buildings (or clients, if you will), which represents devices such as smartphones and laptops. Then, there are also couriers who represent radio waves. These couriers are the middlemen between the warehouse and the various buildings, and are responsible for transporting packages to the mall and back to their respective clients. These packages contain things, which are pieces of data, that the building need.

It is fast

Wi-Fi 6 has a theoretical maximum speed of 9.6 Gbps (gigabits per second) or 1.2 gigabyte per seconds. That is almost 2.6 times more than Wi-Fi 5. To put things in perspective, it is possible to transfer a 100GB 4K blu-ray video in just under two minutes with such speed.

There are three key technological updates that contribute to Wi-Fi 6’s improved performance over the previous generation: MU-MIMO, OFDMA and 1024-QAM


MU-MIMO stands for “multi-user, multiple input, multiple output”. It is a technology that help increase the number of antennas a router has and could be found implemented in most Wave 2 Wi-Fi 5 (IEEE 802.11ac) routers and devices.

Wave 1 Wi-Fi 5 and earlier routers could only communicate with one device one at a time and the others have to wait until it is their turn.

With MU-MIMO release for Wave 2 routers, they could communicate with up to four devices simultaneously.

The caveat here is that, the location of each client device matters. If two or marke devices are in the same general location, they will still need to wait in line to communicate with the router.

And you might wonder how does this technology help to improve performance?

Let us assume that a router will be placed in the center of the house or a room. Then, if there are multiple devices around that require Wi-Fi access, they could access the router via the nearest antenna pointed in their respective general direction. If two or more devices are in the same general location, then these devices will share the same antenna and need to wait for their turn.

For those who have a hard time understanding that, let us go back to the analogy we created earlier.

When the warehouse is first built, which represent the earlier version of Wi-Fi, there is only one gate. In order to enter or exit, couriers need to queue up by the gate and wait for their turn before they can proceed to either deliver or collect their respective packages.

Then, with MU-MIMO technology for Wave 2 Wi-Fi 5, the warehouse undergoes a renovation to have four gates installed according to the points on a compass instead of just the one. Now with four gates, more couriers can enter and exit albeit from four different directions at any given point in time. With this, the buildings are now able to get their requests serviced faster.

But if a particular gate has a long queue of couriers, they will still need to wait for their turn to enter or exit unless they choose to use other gates.

And for Wi-Fi 6, MU-MIMO is upgraded to support up to eight devices at the same time.

Going back to the warehouse example, renovation is done to add four more gates, for a total of eight. More couriers now can enter and exit the warehouse from eight directions at any given point in time, therefore servicing even more buildings.


Orthogonal frequency division multiple access (OFDMA)is an extension of Orthogonal frequency division multiplexing (OFDM) technology.

But, before we can dive deeper into OFDMA, we must first understand what is OFDM.

OFDM is a technology that takes a radio channel such as the 20 Mhz channel, which is often used for Wi-Fi, and sets a number of sub-carriers instead of having just one carrier. For Wi-Fi 5, 52 sub-carriers can be created from a single 20 Mhz channel using this technology while Wi-Fi 6 take that to the next level and can create 234 sub-carriers.

To the uninitiated, a carrier is a modulated wave that convey information.

Each sub-carrier is then modulated independently and simultaneously to form symbols, which are waveforms that represent information or data. And these symbols are separated in time by guard intervals to prevent interference cause by neighbouring sub-carriers. Finally, a single transmission to the receiving device will consist of a number of these simultaneous symbols spanning the sub-carriers.

The receiving device is able to track all these sub-carriers simultaneously and extract data from each sub-carrier independently. This contributes to the increase in Wi-Fi performance since multiple pieces of data are transmitted at the same time.

However, the problem with OFDM is that any device is free to transmit a signal whenever they are ready, creating a first-come-first serve situation. This may work in a home-setting where there are not a lot of devices but does not work in a high-density area such as a stadium and shopping mall. Too many devices will be fighting for a chance to send and receive data from the router, resulting in an inefficient use of the router.

For those who have trouble following the above explanation, let us go back to the warehouse example we used earlier.

OFDM can be thought of as multiple couriers who are dispatched to a specific building but at slightly different timings. They travelled on the same road but on a different lane, and each of them carries a different part of the final data. Once they arrived at their destination, the building’s manager will collect the different parts of the data and began the reconstruction process. Even if some of the couriers got lost, the manager is still able to reconstruct the data because each courier carries a nice little clipboard containing a detailed description of the content and its relation to the other couriers.

However, there could be couriers serving other buildings traveling on the same road. Some of these couriers could end up on a lane where other couriers are on. This can lead to a scenario where the couriers would fight amongst themselves in order gain access the warehouse first. During the fight, packages will be lost and when that happens, the buildings need to dispatch couriers with the same packages again in an attempt to gain access to the warehouse.

This is where OFDMA comes in.

OFDMA technology solves the network contention issue by grouping the sub-carriers into Resource Units (RU) to service one or more clients depending on their needs.

Therefore, if there is a client that need higher bandwidth because of the data it is downloading, then all the sub-carriers can be grouped as one Resource Unit to give the client the full bandwidth of the channel. Similarly, if multiple clients in the same area need a fraction of the bandwidth because of their small data requirement, then multiple Resource Units can be created to serve all of the clients.

And the change in the RU configuration is also done in real time, therefore enabling a consistent efficient use of the available network bandwidth.

To the layman, it is the equivalent of upgrading the warehouse to dispatch one truck per lane to serve a group of buildings that are close together. The purpose of the truck would be to carry as many couriers as it can hold and transport them to the group of buildings where they could then drop or pick up the packages.

When does the warehouse dispatches the trucks and decides whether the couriers on board all serve the same or different building are dependent on the requirements such as the service type, package size and total number of packages.

With that, the odds of couriers losing their packages and having to restart the transport process again, which is an overhead, is reduced. Furthermore, the different buildings (clients) in the same area get an equal amount of attention from the warehouse.


Wi-Fi 6 improves on the amount of data transmitted per signal, allowing improvement in speed by up to 30%. This means that you can stream bandwidth hungry content such as 4K video with further reduction in loading times and have a smooth viewing experience.

But before we could dive deeper into how Wi-Fi 6 achieve this, we need to understand how Wi-Fi work in general.

Wi-Fi works by using radio waves. To transmit data so that the receiving device understand it, the sender need to modulate the signal to represent bits of binary code. This type of modulation is known as “Quadrature amplitude modulation” or QAM for short.

The better a device is at modulation, the more information it can transmit each time.

For example, a 2-QAM device means it capable of transmitting one bit (1 or 0) of information each time because it can modulate the signal in one of the two ways. A 4-QAM device can transmit 2 bits (00, 01, 10, 11) of information each time because it can modulate a signal four different ways.

With that in mind, current generation of Wi-Fi 5 devices are 256-QAM, which means eight bits of information can be transmitted each time. This is why most of us today do not spend a lot of time waiting for video to load and buffer. With Wi-Fi 6, devices are able to do 1024-QAM, which means 10 bits of information can now be transmitted each time.

To explain QAM much simply, let us go back our warehouse example.

2-QAM is the equivalent of the courier only having one hand. They can either carry one bag or nothing at all. 4-QAM give them another hand, so now they can carry up to two packages. 256-QAM for Wi-Fi 5 is the equivalent of giving a courier four pairs of hands, thereby enabling them to carry up to eight packages. With the upgrade to 1024-QAM for Wi-Fi 6, each courier now has five pairs of hands to carry up to ten packages.

On the surface it may not look like much. However, if a request is for a large amount of data such as those typically found during 4K movie streaming, having the ability to transfer more data per trip will mean less trips needed to download the full content. After all, less trips equals more time saving.

It could improve battery life

Other than being faster, Wi-Fi 6 also comes with a new feature call Target Wake Time. This allows certified Wi-Fi 6 routers to schedule check-in times with connected devices.

With scheduling, devices only activate their antennas at the right time instead of having to keep their antennas powered on to transmit or search for signals for an extended period of time, which can consume quite a fair amount of power.

For devices such as laptops or desktops which are connected to a power source and do need persistent internet connection, this feature may not be useful. But for IoT devices it could be a world of difference since they may not have access to consistent power and probably run on batteries.

It has better security

Since 2004, the Wi-Fi security revolves around WPA2. It is a protocol that encrypts the communication session between the router and the client device so that they could exchange information safely and privately.

WPA2 was considered to be very secure until 2017 when a weakness in the protocol was discovered that made it possible for attackers in range of the Wi-Fi router to steal sensitive information.

The Wi-Fi Alliance announced WPA3 in 2018 to be the replacement. WPA3 replaces the need for the 4-way handshake to authenticate a client in WPA2 with another method called Simultaneous Authentication of Equals (SAE).

SAE is a proven zero-knowledge method to establish a secret shared key that both the client and the router will use to generate the session key to encrypt and decrypt Wi-Fi transmissions. If another client wishes to connect to the network, the client will established its own secret shared key with the router.

The other important feature of WPA3 is Forward Secrecy, which is an indirect effect of implementing SAE. This ensure that even if an attacker managed to capture the encrypted Wi-Fi transmissions and then crack the session key, older data continue to remain unaccessible as the keys used to encrypt those data will be different.

WPA3 is optional for existing devices and many device manufacturers may choose not to patch these products via firmware update. But in order for these manufacturers to market their devices to be Wi-Fi 6 certified, the Wi-Fi Alliance mandated that WPA3 be implemented. Therefore, we can be sure that Wi-Fi 6 will be more secure.

Other than improvements made to the WPA protocol, the security and privacy of open Wi-Fi networks such as those we find in cafes, shopping malls and stadiums are also improved. Wi-Fi 6 will see the implementation of Opportunistic Wireless Encryption (OWE).

OWE is a security technique that is similar to SAE to encrypt the transmission channel between the device and the router but without the need for authentication. The established shared key is only known to the client device and the router.

Although it is not as secure since there is no way to tell who is connected to what, it is more secure than connecting to a public Wi-Fi secured by WPA2 and using a the pre-shared password, or connecting to a completely open Wi-Fi network.

More than one million WordPress sites attacked over the weekend of late May 2020

WordPress throughout its history has always found itself appearing in the news for its security vulnerabilities. The most recent vulnerability incident with WordPress is with a plugin call Page Builder by SiteOrigin.

Attackers mount a campaign over the weekend of 29 – 31 May against more than one million WordPress sites in an attempt to download wp-config.php, a file critical to all WordPress installations. This file contains sensitive information such as database credentials, connection information as well as unique authentication salt and keys. Therefore, anyone with access to the file could gain access to the database where the site content and users are stored.

To download that file, the attackers targeted cross-site scripting (XSS) vulnerabilities found in older plugins or themes that allow files to be downloaded or exported.

The attacks came from more than 20,000 IP addresses, which were also implicated in a previous attack that happened earlier in May 2020 used by the same threat actor.

The earlier attack targetted a different set of XSS vulnerabilities with the intention of having visitors redirected to malvertising sites. This set of vulnerabilities were found in plugins that have mostly been patched or plugins that have been removed from the WordPress plugin repository. Below is the list of plugins and their respective vulnerabilities that were popular with the attackers.

  • Easy2Map plugin — Removed from WordPress plugin repository due to XSS vulnerability
  • Blog Designer — XSS vulnerability that was patched in 2019
  • WP GDPR Compliance — Options update vulnerability that was patched in late 2018
  • Total Donations — Removed from Envato Marketplace permanently. It had a critical options update vulnerability.
  • Newspaper theme — XSS vulnerability that was patch in 2016.

The good news is that WordPress site owners who uses Wordfence are protected. According to Ram Gall at Wordfence, the Wordfence firewall blocked over 130 million attacks intended on harvesting database credentials.

How do you know if you were attacked?

The attack should be logged. You could look for any log entries that contain wp-config.php in the query string with the HTTP response code 200.

Below are the top 10 IP addresses used for this attack campaign.


What should you do next?

WordPress sites running Wordfence are protected from the attack. For the other users, you should change the database password and the unique authentication keys and salt immediately if you believe you are compromised.

The reason is simple.

WordPress servers that have been configured to allow remote database access could easily allow an attacker with the database credentials to add an administrative user, extract sensitive data or delete the site. Even if remote database access is not enabled, an attacker who knows the authentication keys and salts could bypass other security mechanisms that protect your site more easily.

And what if you are not comfortable making changes mentioned above?

Then you should contact your host or service provider since changing the database password without updating the wp-config.php file can render your site offline temporarily.

Last but not least, you should also update any plugins and themes. You may also want to consider changing the plugins or themes if these are no longer maintained by the original developers.

This article uses material from Wordfence.

Dyson Pure Cool Fan Review – Is it worth the premium?

When you hear of the brand Dyson, the first thing you would associate them with is the vacuum cleaner. It is not surprising as the company was founded by James Dyson with the cyclone vacuum as the first product. Since then, the company has diversified their product lines to include other types of home appliances such as hair dryers, air purifiers, fans, heaters and lightings.

And as a result of their sleek marketing, they could be perceived as the company that makes premium and high quality appliances.

I will admit, it was that perception that got me yearning for a Dyson fan when I first saw it several years ago.

And after several years of waiting, and having gone through a period of hypersensitivity to gaseous compounds from cigarette smoke and haze, I got myself the Dyson Pure Cool Advanced (TP04-White/Sliver) model and it cost me about ~$700 after some sort of discount.

I have been using it for several months now and that has allowed me to get over the initial emotional high of a new toy, which enables me to give a more objective review.

The Pros

Clean the air

The Dyson Pure Cool is first and foremost an air filter and then a fan.

Air is sucked in by the fan located at the base of the machine. There are two types of filter installed, and when combined are designed to capture up to 99.5% of pollutants in the air.

The glass HEPA filter is able to capture most pollutants, allergens, dust and viruses as small as 0.3 microns. The second filter is the activated carbon filter that can capture other smaller particles and gaseous vapours.

As of this writing, the COVID-19 pandemic is still ongoing and this double-filter system ensures the air you breathe in is clean and safe.

Air quality monitoring

It comes with a suite of sensors that detect air pollution ranging from PM10 to NO2 and will display these information in the form of graphs.

The graphs will start from green and will turn yellow if the air starts to contain certain pollutants. Red and purple graphs will follow when the pollution becomes worse.

It is especially useful in Singapore where we have haze seasons due to burning of the forest in Indonesia. Or when you live in HDB apartments where you are so close to other people who pollute the air with their cigarettes and those toxins enter your living area due to wind. You can use the Dyson air quality monitoring to help you determine if you need to take additional steps to protect your health such as putting on a mask or closing the windows.

Easy to maintain

Unlike the traditional fans, the fan blades are kept hidden within the base of the machine with the filters to keep out dust and dirt. Other than changing out the filters once every year or so, the machine needs only a simple wipeout with a lightly damp cloth.

Compact size and lightweight

Most standing fans are rather heavy and most can be difficult to transport around the house due to their size, especially due to the large fan blades and protective cage.

The Dyson Pure Cool stands at about 1.06 meters tall with a max diameter of 22.3 cm, which makes it much smaller than most standing fans. It also weighs about 5kg and that makes it light enough to carry with one hand.

During the time I had it, I have moved the machine around my room just so that I could get a decent air flow depending on where I am. And this ultimately lead us to the cons of the machine.

The Cons

Very noisy with weak air flow

At its core, it uses a motor to suck in and propel air. At lower speed, the motor is relatively quiet but it comes at a cost of low wind speed.

With the motor speed set to 5 or 6, the air projected out by the so call air multiplier technology is perceived to be weaker than a simple $20 desk fan.

As you raise the motor speed up to 8, 9 or even 10, there is a distinct whining sound that you typically hear with vacuum cleaners. Even then, the amount of air movement you get is less than a ~$30 standing fan with fan speed set at 1.

Does not cool you

The machine does not actually live up to its name Pure Cool.

It has tiny silts along the central tube that allow air to flow out after it has been pushed through the internal tunnel. To increase the airflow, a technology called air multiplier is used, which is nothing more than a fancy name that take advantage of inducement and entrainment to move a higher volume of air than it actually takes in through the machine’s base.

With the air multiplier, air moves like a steady stream but the airflow is weak. Really weak when compared to traditional standing fans. The stream of air is not fast enough and spread wide enough to create a situation where you can get indirect air flow from air molecules bouncing off surfaces.

My non-scientific test involved setting the fan speed to 8 and see how far I can go before I stop feeling the airflow. And the result is about 2.5 metres.

Also, due to its inability to move large volume of air with sufficient speed, it is unable to remove heat from a room faster than the heat can accumulate. And it is a problem especially in a country as warm and humid as Singapore. The room is so much warmer than it should have been when compared to using a traditional standing fan. Without a strong air flow, it is not able to induce faster sweat evaporation in such a weather, which makes you feel even hotter than usual.

The feeling of cheap build

When you buy a product such as a fan or an air filter, you would expect that the material used to construct the product would be of a higher quality. Yet, most of the device is made out of plastic that does not really make it feel like a premium product.

What are you actually paying for?

In my opinion, the price tag you pay for the machine is to cover the following cost:

  1. The engineering hours that goes into the sensors and software needed to run the machine
  2. The motors, asymmetrical fan blades and the R&D of the filters
  3. Whatever tests Dyson need to conduct to claim their product can filter out 99.5% of the pollutants in the air
  4. Manufacturing

Other than the above, I do not see how they could justify the price tag, which is as much as an 128GB iPhone SE (2020).


If you are living in a country as hot and humid as Singapore, I would not recommend the Dyson fan unless the company figure out a way to deliver high airflow needed to encourage heat dispersal within a room and sweat evaporation from the body.

If you need something that does not consume a lot of electricity like the air-conditioning but can still cool you down in this country, I would recommend you buy a standing fan from companies like Mistral or Sona.

But if you are looking for an air filter that doubles up as a fan and you plan to use it in an air-conditioned room with temperature around 25 degrees celsius, then Dyson Pure Cool is a product that you can consider. You can use the fan as a method to even out the cool air in a room so that there are no warm spots.

And if you are looking for just an air filter, there are other cheaper alternatives that can do the job just as well.

Bugs in WordPress page builder plugin leave 1 million sites vulnerable to full takeover

Are you using WordPress? If you are and have installed SiteOrigin’s Page Builder plugin, your site could be vulnerable to full takeover by hackers.

To the uninitiated, Page Builder is a WordPress plugin created by SiteOrigin that is used to build websites using drag-and-drop functionality. It currently has a million active installations.

Researchers at Wordfence found two security bugs in the plugin that can lead to cross-site request forgery (CSRF) and reflected cross-site scripting (XSS). These two bugs allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser.

The bugs have been assigned with a severity rating of 8.8 out of 10 by the researchers, but no CVEs have yet been assigned.

The details of the flaws

The two flaws can be used by attackers to redirect a site’s administrator, create a new administrative user account or inject a backdoor on a site. The details of the flaws could be found in the link provided above.

The first flaw affect the built-in live editor within the plugin.

For the plugin to show the modifications done in the live editor in real time, it registers the is_live_editor() function to check if a user is in the live editor. If the user is in the live editor, the siteorigin_panels_live_editor parameter will be set to “true” and register that a user is accessing the live editor. The plugin will then attempt to include the live editor file which renders all of the content. Then, the “live-editor-preview.php” rendering file updates the page preview with changes made in real time.

This is all good but the problem lies in the lack of nonce protection. It is a method that could be used to verify that an attempt to render content in the live editor came from a legitimate source.

According to the researchers, some of the available WordPress widgets, such as the ‘Custom HTML’ widget, could be used to inject malicious Javascript into a rendered live page.

The second flaw is also a CRSF to XSS issue and it lies with the action_builder_content function of the plugin.

The purpose of the function was to transmit submitted content as panels_data from the live editor to the WordPress editor in order to update or publish the post using the content created from the live editor. Although the function did have a user permission check, there was no nonce protection to verify the request source, causing a CSRF flaw.

The researchers found that the “Text” widget could be used to inject malicious Javascript due to the ability to edit content in a “text” mode rather than a “visual” mode. With this, potentially malicious Javascript could be allowed to be sent unfiltered.

What should you do?

The flaws affect SiteOrigin’s Page Builder version 2.10.15 and below. In order to avoid full site takeover, admins should upgrade the plugin to version 2.10.16.

And it should be noted that an attacker needs to trick a site administrator into executing an action like click on a link or an attachment for the attack to succeed. Therefore, it is advisable not to click on any link or open any attachments that you are unsure of.

Official government COVID-19 apps comes with security threats

COVID-19 is one of the worst public health crisis ever faced by humans since the 1918 flu pandemic.

Governments around the world launched their own version of mobile apps to help their citizens track symptoms and virus infections. However, security researchers at ZeroFOX Alpha Team uncovered various privacy concerns and security vulnerabilities —including backdoors with these apps.

The Iranian government released an Android app called AC19 on the Iranian app store known as CafeBazaar. The app claimed that it can detect whether or not people are infected by the virus and was released by the Ministry of Health. It was to take advantage of the confusion and fear gripping many parts of Iran about COVID-19 to boost Tehran surveillance capabilities.

When Iranian users downloaded the app, they are prompted to verify their phone number despite the fact that the government has access to all phone numbers via its control of the country’s cell providers. Once users provided their phone number, they are prompted to give the app permission to send precise location data to the government servers.

In addition, there is a copycat app called CoronaApp created by threat actors that is available for direct download by Iranian citizens rather than via the Google Play Store. As a result, the app is not subjected to the normal vetting process that might protect these users from malicious intentions. However, many citizens in Iran cannot access the official Google Play store due to sanctions, so they are more likely to download the unvetted apps.

Once installed, the CoronaApp does request for permission to access the user’s location, camera, internet data and system information, and to write to external storage. It is this particular combination of permissions requested that demonstrates the developer intent to access sensitive user information.

Separately, the Colombian government released mobile app called CoronaApp-Colombia on Google Play store to help people track potential COVID-19 symptoms in March 2020. However, ZeroFOX researchers discovered that the app included vulnerabilities relating to how it communicates over HTTP, affecting the privacy of more than 100,000 users.

As of March 25, the app with version number 1.2.9 communicates insecurely with the API server throughout the app workflow. Specifically, it uses HTTP instead of HTTPS or other more secure protocol for server communications. By making these insecure server calls to relay users’ personal data, CoronApp-Columbia could put sensitive user health and personal information at risk of being compromised.

But there is a shred of good news. The Columbian CERT fixed the vulnerabilities three days later after ZeroFOX Alpha Team submitted the vulnerability, listed as CVE-2018-11504 on MITRE, to them on March 26.

Last but not least, the Italian government created region-specific apps for tracking coronavirus symptoms as the country is one of the places that the COVID-19 pandemic has hit the worst.

As a result of the greater number of government-sanctioned apps, users are less certain of which COVID-19 mobile apps are legitimate.

Threat actors are taking advantage of this confusion, and inconsistency in the apps releases and availability to launch malicious copycats that contains backdoors.

ZeroFox Alpha Team found 12 android application packages related to the attack campaign. 11 of these packages were found to use various methods of obfuscation.

The first app analysed by Alpha Team was discovered to use a signing certificate where the signer was “Raven” with a location in Baltimore, likely a reference to the Baltimore Ravens NFL team. Furthermore, every other app analysed by the team used these signing certificate and issuer details.

The backdoor is activated when the Android app receives a BOOT_COMPLETED event when the boots, or when the app is opened.

The researchers advised governments with COVID-19 related apps or those thinking about releasing new ones to ensure the consistency in where the apps can be downloaded as well as in their appearance to help avoid the spread of malicious doppelgängers. Exercising due diligence during the development process will help secure the app and avoid putting citizens at further privacy risks.

Are you using Zoom? Your personal data is being leaked and you could be vulnerable to being hacked

Zoom is dealing with one hot potato after one another. They recently got out of a situation where its iOS app was found to be sharing data with Facebook secretly by updating the iOS app.

Now, they are dealing with another problem due to how the software’s Company Directory feature works.

Zoom groups users who signed up using the same company email domain together to make searches and calls easier with colleagues. So when users signs up with their private email address to join Zoom, they have had thousands of strangers added to their contact list as they were perceived to be working under the same organisation. With this, you can get insight to all subscribed users of that provider, which include their full name, physical address, profile picture and status.

However, there is a little bit of good news. Users of standard email providers such as Gmail, Hotmail and Yahoo are not affected as Zoom blacklisted them. Furthermore, the company officially requires users to submit a request for their non-standard domains to be blacklisted.

But that is not the end of bad news for the company.

It is also found that Zoom also converts any URLs into hyperlinks. This could then be used maliciously where cybercriminals could send you a Universal Naming Convention (UNC) path instead of a web link.

UNC paths are typically used for networking and file sharing. An unsuspecting user could click on the link sent via Zoom, which will then make Windows try to connect to the remote host using Server Message Block (SMB) network file-sharing protocol. By default, Windows will send the user’s login name and their NTLM password hash to this host. The NTLM password hash could easily be cracked and put your computer at risk from hacking.

What is Object-Oriented Programming?

Object-oriented programming (OOP) is a programming paradigm that organise a piece of software based on the concept of objects or data rather than by function and logic.

In OOP, software is designed by using data modelling to identify the various objects that makes up the system and how these objects interact with each other. These objects can range from physical entities such as a human being that is described by a set of attributes/properties like name, height and age to small computer programs such as widgets.

Once an object is identified, an extensible program-code template will then be created to generalise the object. This template will contain properties or attributes that the object can use to store data. In addition, it also contain functions or methods that define the logic sequences or statements to manipulate these data.

Features of OOP language

An OOP language usually come with support for code extensibility in the form of classes or prototypes and code reuse through inheritance. This kind of support ultimately give rise to two styles of OOP—one is class-based programming and the other is prototype-based programming.

Class-based programming languages support two main concepts: classes and objects.

A class is a program-code template that defines the data format and available procedures for that class. On the other hand, an object is an instance of the class, or in other words, an object is the realisation of a class.

Prototype-based programming languages on the other hand has no concept of classes. Objects are the primary entities. Generalised objects are typically used in these type of languages where the objects can subsequently be cloned and extended to form the foundation of future objects.

These languages also share certain features that are found in other programming languages that adhere to other types of programming paradigm such as procedural programming or functional programming. The two most common features are variables and procedures.

A variable is used to store information formatted based on a small number of data type like integer and alphanumeric characters that are built-in most languages.

A procedure, also known as function, methods, routines or subroutines, is simply a construct in code that takes some inputs, manipulate data and/or generate output. In addition, other programming constructs like loops and conditionals are also included in any OO language.

Furthermore, there are also four common mechanisms or features, if you will, that OOP language have that set them apart from other type of programming languages. These four mechanisms are Abstraction, Encapsulation, Inheritance and Polymorphism.


Abstract means an idea or concept that is not tied to an instance or realisation. In OOP, an abstract class or interface allows programmers to express the intent of the class instead of the actual implementation. In a way, this hides the inner working of a class from other calling classes that do not need to know in order to use it.

For example, a driver only need to know how to drive a car but does not need to know in detail of how the engine and gearbox works. In this context, the car has abstracted away the inner workings from the driver.

In an example below, we have a Vehicle class that is abstract that has implemented some logic for its move method. Another class called SedanCar is a non-abstract class but extends from Vehicle, which is a concept related to Inheritance (please see below). Then a driver gets a SedanCar by instantiating it and decides to drive it. The drive method calls the move function on the instantiated vehicle without ever needing to know what are the operations or steps needed to be executed to move the vehicle.

public abstract class Vehicle
        public void move(){
                //Logic to engage the engine
                //Logic to spin the axle
                //Logic to spin the wheel

public class SedanCar extends Vehicle


public class Driver{

        Vehicle vehicle;
        public void getASedanCar()
                vehicle = new SedanCar();

        public void drive()


Encapsulation is related to abstraction in the sense that it hides the inner working. The difference lies in that encapsulation hides the data implementation of a class from other classes— data are made private or have restricted visibility from the outside. Through this mechanism, only the host class can change its internal data while other classes has to do it via either the provided public accessors or methods that perform actions that ultimately effect a change in the data.

Below is an example of a Person class written in Java. Similar to an actual person, the person class contains both name and age properties that are private to it. Once the class is instantiated as an object, no other objects can access the properties or make changes to it.

As described earlier, these other objects have to do it via the provided accessor methods (functions) get either the name or age and use the setter methods to set the name and age of the person object.

public class Person
    private String name;
    private int age;

    public void setAge(int age)
        this.age = age;

    public int getAge()
        return age;

    public void setName(String name)
        this.name = name;

    public String getName()
        return name;


Inheritance in OOP is a mechanism that allows a class or object to be based upon another class or object and retain similar implementations. In a sense, it is similar in biology where the makeup of an organism such as a human being is based on the sum of their parents’ genes. These genes determine how they and their body react and behave in different circumstances, how they look and whether they will ultimately develop medical conditions such as diabetes, high blood pressure and heart failure.

With inheritance, original codes implemented in the parent class can be reused and help shorten the amount of codes needed. Furthermore, if there is any changes to be made to the original code, the programmer/developer only need to change the one in the parent class and all child classes will get the updated implementation.


Polymorphism refers to the ability of an object to take on many forms. There are two types of polymorphism in practice and are generally applied to methods and functions instead of classes.

The first type of polymorphism is compile time polymorphism. It also goes by another term called overloading. This means that there can be multiple methods with the same name but different type of parameters.

An example of compile time polymorphism is as follows where there are two methods named move. One of the move method takes no parameter as input and the other takes an object as an input.

public class Vehicle
    public void move(){
    public void move(Object object){

The second type of polymorphism is run-time polymorphism. It also goes by another term called overriding. With this type of polymorphism, there is only one move method but different classes will implement it differently based on the context.

Below is an example where there are three classes that implements the same move method. Since both Sedan and Bus extends from Vehicle, when either of them gets instantiated and their versions of the move method gets called, then the respective move method will be executed instead of the one in Vehicle.

public class Vehicle
    public void move()
            //some code here

public class Sedan extends Vehicle
    public void move()
        //some code here

public class Bus extends Vehicle
    public void move()
            //some code here

Apple updates Mac mini with double the storage

The Apple Mac mini (2018) sees a nice update today (Mar 18,2020) in the form of increased storage capacity for the standard configurations that you can buy from Apple store.

The S$1,139 model sees a storage increase of 128GB to 256GB for its SSD drive from the original 128GB while the $1,579 model sees an increase of 256GB to 512GB from the original 256GB.

These Mac minis are made from 100% recycle aluminium and are available from Apple now.