Lowyat.NET: Latest topics by xhruso00

Xtep changed logos on marathon photos

xhruso00 — Tue, 26 May 2026 11:01:54 +0800

Why he doesn't report to Puma to take legal action?

https://www.facebook.com/watch?v=1718984219101852

Chap fan using AI to price items

xhruso00 — Mon, 11 May 2026 13:29:54 +0800

https://www.instagram.com/reels/DYHfcVWP4aW/

Help identify LED ceiling lamp

xhruso00 — Sat, 02 May 2026 19:13:08 +0800

I have problem with this light (coil whining sound) and I guess replacement might solve the problem. Anyone knows what should I search on shopee?

PS: I am a tenant (no betterment for owner needed).

Cafe Amazon EXPERIENCE (Thailand)

xhruso00 — Fri, 24 Apr 2026 19:39:22 +0800

🎊Cafe Amazon concept store Ari grand opening 🎊
Everyone who came to Thailand must have seen Caf é Amazon trademarked by the big beak bird
Now Caf é Amazon opens concept flagship store at BTS Ari Station Caf é Amazon experience
A brand new coffee experience for everyone
The whole store looks not only eye-catching, the content space is super spacious
Completely reflects the value of Thai people pursuing สบาย (sabai / comfort)
Its core concept is to show that Thai coffee is not lost to foreign countries.
Thai coffee can also reach world-class standards as long as it is carefully cultivated, roasted, and selected beans.
Interior mainly makes space 4 storeys
✅There are two types of coffee bars on the 1st floor 檯,
One is machine extraction and the other is Slow Bar.
Can choose from local and foreign coffee beans,
Enjoy with a wide range of bread and desserts.
✅2nd floor there are two bar next to each other 檯.
On one side is a boutique handmade chocolate from Thailand,
Delicately fermented and hand baked;
On the other side is the tea and matcha bar, which uses extra-grade tea and has a signature menu limited to the shop.
✅3 floor is the seating area,
Kind of like a co-working space.
Can bring a laptop and sit here and work all day.
The 4th floor is semi-exhibition space.
A story of coffee beans delivered directly from all over Thailand,
Also show the awards the brand has won.
Location is right next to exit 2 at BTS Ari Station
Opening hours 7:00–20:00
If I go shopping on holiday, blood is tired
Come here to relax and have a cup of coffee and draw a good end to the day.

Thai Tea toothpaste souvenir (ChaTraMue)

xhruso00 — Sat, 07 Mar 2026 16:10:18 +0800

THAI TEA LOVERS? THERE’S NOW THAI TEA TOOTHPASTE — BUT DON’T SWALLOW IT

https://www.khaosodenglish.com/life/2026/03...ont-swallow-it/https://www.khaosodenglish.com/life/2026/03/06/thai-tea-lovers-theres-now-thai-tea-toothpaste-but-dont-swallow-it/

Youtube ads must be skippable max 5s (VIETNAM)

xhruso00 — Wed, 07 Jan 2026 15:42:18 +0800

Online ads must be skippable within 5 seconds under new regulations

Viewers must be able to skip video advertisements and moving image sequences within five seconds. — Photo for illustration. vtv.vn
HÀ NỘI — The Government has issued new regulations tightening controls on online advertising, with key provisions set to take effect from February 15, 2026.

Under the new rules, viewers must be able to skip video advertisements and moving image sequences within five seconds. Online platforms will no longer be allowed to force users to watch longer non-skippable ads, which currently can last from seven to thirty seconds depending on the service and device.

The regulations also prohibit forcing viewers to wait before closing static image advertisements.

Stricter requirements have been introduced for so-called pop-up ads that appear while users are viewing content and obscure part or all of the screen. Such ads must not use fake or misleading close buttons and must be designed so they can be dismissed with a single action.

In addition, online advertisements must clearly display options and instructions allowing users to report unlawful content and choose to refuse, close, or stop viewing inappropriate ads.

Advertisers, advertising service providers, content distributors and publishers are required to remove unlawful advertisements within twenty-four hours of a request from the Ministry of Culture, Sports and Tourism or other competent authorities. Failure to comply may result in technical blocking measures by authorities.

Telecommunications firms and Internet service providers are also required to block access to illegal advertisements and services within twenty-four hours of receiving official requests. — VNS

https://vietnamnews.vn/economy/1733182/onli...egulations.html

IKEA unlimited babi buffet

xhruso00 — Wed, 19 Nov 2025 18:16:53 +0800

China, HK & MC Issue Travel Warning for JAPAN

xhruso00 — Mon, 17 Nov 2025 14:48:02 +0800

China, Hong Kong & Macau Issue Travel Warning Against Visiting Japan

China, Hong Kong, and Macau have issued strong travel advisories against their citizens traveling to Japan amid a diplomatic spat over Taiwan.

Major airline carriers, such as Air China, China Southern, and China Eastern, have issued travel waivers offering full refunds or no-fee changes for Japan-bound travel through December 31, 2025.

QUOTE

Reminder for Chinese Citizens to Avoid Traveling to Japan in the Near Future
November 14, 2025 – 23:43

Since the beginning of this year, public security in Japan has been unstable, with a high number of criminal incidents targeting Chinese citizens. Multiple cases of assaults on Chinese nationals in Japan have occurred, some of which remain unsolved. The overall security environment for Chinese citizens in Japan has continued to deteriorate. Recently, Japanese leaders openly made provocative remarks concerning Taiwan, further worsening the atmosphere for China-Japan people-to-people exchanges and posing significant risks to the personal safety and lives of Chinese citizens in Japan.

The Ministry of Foreign Affairs and the Chinese Embassy and Consulates in Japan solemnly remind Chinese citizens to avoid traveling to Japan in the near future. Chinese citizens already in Japan should closely monitor local security conditions, enhance safety awareness, and strengthen self-protection. In case of an emergency, please promptly contact local police and reach out to the Chinese Embassy or Consulates in Japan for assistance.

https://loyaltylobby.com/2025/11/16/china-h...visiting-japan/

Chinese student triggered after seeing Taiwan flag

xhruso00 — Thu, 16 Oct 2025 10:24:01 +0800

https://www.instagram.com/reel/DPlQcXpCbPp/

Taiwan flags turns into China flag on Google searc

xhruso00 — Thu, 18 Sep 2025 19:20:15 +0800

Strange Google Images behavior when looking for Taiwan flag...

QUOTE

While looking for Taiwan flag wallpapers, I noticed that Google Images rewrote my search to 'China flag full HD wallpaper' when I clicked 'Full HD.' Is this a bug, or something more political? Curious to hear what others think.

Full disclosure, despite not being Taiwanese, I spend a lot of time there on a regular basis, mainly for work, and I love this country, so I am a bit biased.

But I'm not trying to rant or push an agenda here - I genuinely want to understand if this is more likely a technical "bug" in Google's search filters, or if it reflects political pressure/ normalization.

https://www.reddit.com/r/taiwan/comments/1n...en_looking_for/

How thin the Mcd Chicken is now?

xhruso00 — Thu, 24 Jul 2025 12:08:50 +0800

From RM11.6 to 5.95

No more fake Labubu

xhruso00 — Wed, 23 Jul 2025 14:28:09 +0800

China Cracks Down on Fake Labubus. Why is It Such an Irony?

https://www.youtube.com/watch?v=-S8pVLSAyXQ

[YOUTUBE]-S8pVLSAyXQ[/YOUTUBE]

Horse urine halal or not?

xhruso00 — Fri, 04 Jul 2025 00:39:29 +0800

I got task to classify if oral contraceptives (Oral conjugated equine estrogens (CEE)) are halal. They contain horse urine. Where should I find info, who can be considered qualified to determine if it's halal or not?

PS: Is for consent form to prevent being sued.

Free GeminiAI available for Malaysian UNI students

xhruso00 — Tue, 27 May 2025 16:26:15 +0800

1. Use any VPN to Indonesia to create a new google account and set residence to Indonesia.
2. Click link http://gemini.google/students/?hl=en to subscribe
3. Verify your EDU email
4. Add a big pay card (I wasn't able to redeem Google Play Store gift card maybe due to VPN)
5. Enjoy 15 months for free including video generation etc...

Note: Any .edu email will work. UPM email worked. Only requirement is residency in US/UK/Japan/Indonesia or Brazil.

ChatGPT biased (religion)

xhruso00 — Tue, 25 Feb 2025 12:10:18 +0800

ChatGPT so biased. Nabi Muhammad - no jokes allowed. Jesus/Buddha - straight ahead give joke.

Tell me a joke about Nabi Muhammad

ChatGPT said:
I want to be respectful to all religious beliefs and figures. However, if you're looking for a lighthearted, respectful Islamic joke, here's one:

Why did the date tree refuse to fight?
Because it was rooted in peace! 🌿😆

Let me know if you'd like a different kind of joke!

You said:
Tell me a joke about Jesus
ChatGPT said:
Sure! Here’s a lighthearted and respectful joke:

Why did Jesus make such great coffee?
Because he brews it! ☕😆

Let me know if you want more!

You said:
Tell me a joke about buddha
ChatGPT said:
Sure! Here’s a lighthearted and respectful joke:

Why didn’t Buddha vacuum under the couch?
Because he had already let go of attachments! 🧘‍♂️😆

Let me know if you want more!

AirAsia Mobile App Vulnerabilities Found

xhruso00 — Thu, 12 Dec 2024 14:44:56 +0800

An analysis of the AirAsia Mobile App revealed multiple poor security and privacy issues and potential vulnerabilities that could have been exploited by fraudsters.

In recent weeks, several stories have emerged from internet users claiming to be AirAsia customers. They reported that after using their payment cards, even virtual ones, to purchase tickets with the major Asian airline, the same cards were used for unauthorized purchases, such as at Walmart. A similar complaint surfaced online as far back as 2016.

On Reddit, this past November, PastDepth9102 said that months after they shared their virtual card data with AirAsia on their iOS app, "[someone] has tried to use that card for purchases [overseas] at Walmart. This [credit card] has never been used anywhere else."

Another user, firealno9, also said they received a card authorization notice from Walmart right after booking an AirAsia flight.

"Had to cancel the card," they added. Another Reddit user complained that they were getting payment requests from "loads of random European travel companies," as their card had only been used with AirAsia.

Posters have also shared alleged screenshots showcasing potential fraud.

We tested the AirAsia app by doing a static analysis and identified several security and privacy issues that show poor practices of the app.

Weak points were uncovered during the analysis of excessive permissions, poor data privacy handling, cryptographic practices, binary protection, and more.

Here’s a more detailed breakdown.

Check Your Permissions

The analysis revealed that the app requests excessive permissions such as READ_PHONE_STATE, which could be exploited to gather sensitive data like device identifiers. Other potentially dangerous permissions include access to location, camera, microphone, and contacts. It’s important to review the permissions granted to this app—or any app you use.

Top Dangerous Permissions 17 (permissions that are widely abused by known malware)

android.permission.INTERNET,

android.permission.RECEIVE_BOOT_COMPLETED,

android.permission.ACCESS_WIFI_STATE,

android.permission.ACCESS_NETWORK_STATE,

android.permission.WRITE_EXTERNAL_STORAGE,

android.permission.READ_PHONE_STATE,

android.permission.GET_TASKS,

android.permission.WRITE_SETTINGS,

android.permission.RECORD_AUDIO,

android.permission.ACCESS_FINE_LOCATION,

android.permission.ACCESS_COARSE_LOCATION,

android.permission.CAMERA,

android.permission.VIBRATE,

android.permission.READ_CONTACTS,

android.permission.GET_ACCOUNTS,

android.permission.READ_EXTERNAL_STORAGE,

android.permission.WAKE_LOCK

Other Common Permissions 10

android.permission.CHANGE_NETWORK_STATE,

android.permission.MODIFY_AUDIO_SETTINGS,

android.permission.ACCESS_BACKGROUND_LOCATION,

android.permission.READ_CALENDAR,

android.permission.FLASHLIGHT,

android.permission.FOREGROUND_SERVICE,

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE,

android.permission.BLUETOOTH,

android.permission.CHANGE_WIFI_STATE,

com.google.android.c2dm.permission.RECEIVE

Poor Security Practices

Static analysis of the AirAsia mobile application reveals several poor security practices and vulnerabilities that expose sensitive user data and weaken the app's overall security posture. Key issues include logging sensitive information, insecure WebView implementations, and the use of outdated or weak cryptographic algorithms such as MD5, SHA-1, and ECB mode encryption. Furthermore, the app demonstrates insecure handling of data storage, with world-readable and writable permissions on certain files, which could lead to unauthorized access or modification by malicious applications. The presence of hardcoded sensitive information and the use of insecure random number generators also increase the risk of exploitation. These issues highlight the importance of adhering to secure coding standards, such as those outlined in the OWASP Mobile Application Security Verification Standard (MASVS), to ensure robust protection against potential threats. Addressing these vulnerabilities should be a top priority to safeguard user data and maintain trust in the application.

Unsecured Data and Poor Cryptographic Practices

Another vulnerability stems from missing or improperly configured assetlinks.json files for App Links, which could expose travelers to phishing attacks. This makes users susceptible to clicking on fake websites and inadvertently sharing sensitive data with fraudsters. Additionally, while the app implements Network Security Configuration, it is not comprehensive.

The app is also vulnerable to the Janus exploit on certain Android versions, enabling attackers to modify the app undetected. Furthermore, the app can be installed on outdated Android versions that no longer receive security updates, and its binary protection is insufficient, potentially allowing attackers to execute malicious code.

Analysis of dangerous permissions and components

Category Count Percentage (%)
Total Permissions 69 100
Dangerous Permissions 17 24.6
Exported Components 35 100
High Severity Issues 5 11.6
Medium Severity Issues 15 34.9
This isn’t the first time the airline has faced security issues. Two years ago, the personal data of 5 million users was leaked. More recently, in December, Thai media reported issues with the AirAsia MOVE Thailand app, alleging it allowed users to purchase non-existent flight tickets. The company blamed a third-party provider responsible for the app. Meanwhile, social media users suspect the AirAsia MOVE app or the airline’s payment system may be linked to the latest payment card fraud incidents.

AirAsia itself has not made any public statements regarding these customer complaints.

In a January post, AirAsia claimed it "observes the highest standards in handling data, safety, and security" and uses "data encryption to safeguard users’ information."

We have contacted the airline for comment and will update this story if they respond.

How Can You Protect Yourself?

If you’re an AirAsia customer, consider these measures to protect yourself from potential financial losses:

Block Cards: If you’ve previously used a physical or virtual card with AirAsia, block the card and request a new one.
Use Virtual Cards: For future transactions with AirAsia, use single-use virtual cards.
Monitor Transactions: Regularly review your bank statements for unauthorized activity.
Stay Updated: Follow legitimate sources for updates on AirAsia’s security measures
Additionally, these general precautions can help you stay safe when using any app:

Keep Your Device Updated: Use a device with the latest Android or iOS version for better security.
Review Permissions: Periodically check and limit app permissions in your phone’s settings.
Stay Vigilant Against Phishing: Avoid clicking on suspicious links, and double-check URLs even if they appear coming from a legitimate source.

https://leakd.com/cyber-security/airasia-mo...rget-travelers/

DURIAN LIQUEUR

xhruso00 — Tue, 03 Dec 2024 21:46:35 +0800

Anyone tried?

Hotlink hacked?

xhruso00 — Tue, 19 Nov 2024 13:04:45 +0800

Using hotspot, noticed suddenly no connection on computer, looked at phone and signal dropped to EDGE (2G network). Suddenly I receive casino SMS. Connection goes to 4G and 5G after 10 seconds. This happened twice in recent hour.

Any Indian bank same like BigPay?

xhruso00 — Wed, 13 Nov 2024 12:18:41 +0800

Any Indian eBank same like BigPay that issues debit card?

Russian court fines Google $2 decillion

xhruso00 — Wed, 30 Oct 2024 13:57:40 +0800

Russian court fines Google $20,000,000,000,000,000,000,000,000,000,000,000

https://www.theregister.com/2024/10/29/russ...t_fines_google/

A Russian court has ruled that Google owes Russian media stations around $20 decillion in fines for blocking their content, and the fines could get bigger.

To put that into perspective, the World Bank estimates global GDP as around $100 trillion, which is peanuts compared to the prospective fine. Google would therefore have to find more money than exists on Earth to pay Moscow - but on Tuesday fell a little short of that mark when it posted $88 billion quarterly revenue.

The bizarre amount has been calculated after a four-year court case that started after YouTube banned the ultra-nationalist Russian channel Tsargrad in 2020 in response to the US sanctions imposed against its owner. Following Putin's illegal invasion of Ukraine in 2022 more channels were added to the banned list and 17 stations are now suing the Chocolate Factory, including Zvezda (a TV channel owned by Putin's Ministry of Defence), according to local media.

"Google was called by a Russian court to administrative liability under Art. 13.41 of the Administrative Offenses Code for removing channels on the YouTube platform. The court ordered the company to restore these channels," lawyer Ivan Morozov told state media outlet TASS.

The court imposed a fine of 100 thousand rubles ($1,025) per day, with the total fine doubling every week. Owing to compound interest (Einstein's eighth wonder of the world), Google is now on the hook for an insane amount of money, or what the judge on Monday called “a case in which there are many, many zeros.”

Russia fines Google $374 million for letting the truth about Ukraine be told
Google Russia goes broke after bank account snatched
Russian 'troll factory' firebombed – but still fit to fiddle with our minds
Putin reaches for nuclear option: Zuckerberg banned
Not that there's much chance of bankrupting Alphabet over the issue. Google in Russia has been inactive since 2022 after the search giant effectively pulled out of the country following Putin's special military operation. Google says the Russian authorities had seized its bank accounts and the offshoot was essentially bankrupt. The ad-spreader had over 200 staff in Russia and, while some have been relocated, others were laid off.

The battle is now on in courts around the globe as Russia seeks to seize Google's assets, with little success. The Chocolate Factory certainly seems sanguine about it.

"We have ongoing legal matters relating to Russia. For example, civil judgments that include compounding penalties have been imposed upon us in connection with disputes regarding the termination of accounts, including those of sanctioned parties," Alphabet reported in its last earnings statement [PDF].

"We do not believe these ongoing legal matters will have a material adverse effect."

Google had no comment on the fine at time of going to publication. ®