Saturday, April 8, 2023

Anti-Money Laundering and Terrorism Financing

Money Laundering Definition

It’s a process used by criminals to convert dirty money into clean money. Dirty money is any money which is generated from illegal activity such as selling drugs, financial crimes, or any other form of crimes.

The 3 Stages of Money Laundering

The money which is generated from illegal activities cannot be deposited into bank that easily since the bank will ask for supporting documents that show from where this money was generated. Suppose that someone generated one million dollars by selling drugs. For this money to be legal, it goes through 3 stages, Placement, Layering and Integration.

Placement Stage

At this stage, the person who generated money from illegal activity will try to deposit the illegal money into a bank account by using a legal business as front. That business may not even exist. For example, he might pretend to own a restaurant, and the restaurant generates $50000 a month. In this situation, the criminal will attach all invoices as evidence to deposit $50000 into the bank.

Layering Stage

In this stage, the illegal money is distributed to multiple other accounts. The reason for this is to make it difficult for authorities to track original source of money.

Integration Stage

At this stage, the illegal money is transferred again to one account that the person will use to buy a legal entity such as a car or real estate. Then he will sell this entity and deposit the generated money to this account again. At this stage, the money is considered legal.

Importance of Knowing Our Customer

We need to be aware that a customer or a supplier is using us as a front-end for money laundering. If the customer is caught doing illegal activities and you are doing business with him, you will be held accountable and considered as participant in money laundering activity.

Importance of Customer Due Diligence

Customer Due Diligence (CDD) is one of the activities that is taken by the organization to obtain as much as information about any third party the organization work with, to help their money laundering risks and money laundering exposure.

This implies that an organization must have procedures to:

  • Customer Identification
  • Customer Acceptance
  • Risk Rating
  • Monitoring
  • Documentation

Money Laundering Vs Terrorist Financing

The two are usually mixed with each other since both have many similarities. The main difference between the two is that in Terrorist Financing, the end beneficiary is not the same as the person who generated the illegal money.

Tuesday, March 22, 2022

Content Sniffing in Web Development

While I was testing a software, I needed to refresh JavaScript files based on branch on GitHub. What I did is to include the raw data of the file using raw.gethubcontent.com.

What I noticed is that the console started to display the error which reads :

The resource from “https://raw.githubusercontent.com/usernane/AJAXRequestJs/master/AJAXRequest.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff).

What does this error means and why it appeared? After doing a small research, I learned about new concept which is called "Content Sniffing"

In a nutshell, content sniffing happens when a web browser change the content type of server response to a content type that it think is correct. For example, a server might send a JavaScript file with content type "text/plain". In this case, the browser will change content type to "text/JavaScript" because the file smells like JavaScript and make it executable. This can lead to security issues if the file is user generated and can lead to attacks such as .

To make sure that the browser does not change content type based on its smell, the server can send http header. The header has the name "". The error that was appearing in the console was caused by this header. GitHub server always sends this header whenever someone tries to get files using raw.githubcontent.com.

To resolve my issue, I reverted back to jsDeliver. The CDN actually has a nice feature that I just got to know. It is possible to get files using commit hash. Instead of using a branch name or tag after the @, simply add the hash of the commit.

Friday, January 28, 2022

How to Change Document Root in WHM and cPanel for Specific Website

First, create a directory in your home directory. Give it the name 'backup'. Secondly, open the terminal in WHM. Then run the following command:

cp /var/cpanel/userdata/USERNAME/* /home/backup

Replace 'USERNAME' with the username of cPanel user that you would like to change its document root. The compand will simply copy all files in the directory "/var/cpanel/userdata/USERNAME" to the directory "/home/backup". The directory "/var/cpanel/userdata/USERNAME" contains configuration files for domains.

Suppose that the domain that you want to change its document root is 'example.com'. In this case, you need to open the file 'example.com' and 'example.com_SSL and edit document root using vim.

Finally, you need to run the following commands to restart apache:

/scripts/updateuserdatacache
/scripts/updateuserdomains
cp /etc/apache2/conf/httpd.conf{,.bak-`date +%Y%m%d`}
/scripts/rebuildhttpdconf
/scripts/restartsrv_httpd
For more information, check here

Wednesday, August 11, 2021

WebFiori Framework Tutorials - 8 - Including External Resource File

In this video, we learn how to include external resource file such as JavaScript file or a CSS file in web pages by using some of the utility methods which are provided by the class 'WebPage'.