Is Skype really blocked in Egypt!?

There are rumors here, here, and here that the Egyptian government is blocking Skype.

This morning, a call placed to Vodafone’s customer service indicated that Telecom Egypt is going to block Skype in Egypt, and that it’s out of their hands. After repeated calls from various people to Vodafone’s customer service, they were told “Skype is being blocked since 13th March based on an order from Telecom Egypt.”, The Next Web.

As you can see, the source of the news are Vodafone users who are not able to use Skype when they are connected to the internet via their 3G USB Modems. And since many of the ADSL home users are reporting that Skype is working fine at their places. Then I have strong feeling that the Egyptian government has nothing to do with this. I believe it is just Vodafone's DPI that is blocking Skype in order not to harm their revenues.

Update [16 March 2010]: It's official now, the NTRA - the government - is the one responsible for this and not the mobile operators. However I have strong feelings that the operators are the one who pushed the NTRA to take such decision in the first place as Skype harms their - as well as Telecom Egypt's - revenues.

Tags: Skype, Vodafone, Gr33n Data

Beware of this Phishing Email

If you receive an email like this one, http://pic.im/g75. Most probably it's a phishing attack, and they are going to fool you in order to get your Facebook password.

Tags: Phishing, Facebook, Gr33n Data

About Last Night's Twitter Hacking

This is old news now, you all know that Twitter has been hacked last night, and it's back to normal operation now.

Mashable reports that Twitter has been hacked by a group called the ‘Iranian Cyber Army’, which took over the microblogging site and added its own text; logos; and images to the site. via mediaupdate.co.za

In fact I wanted here to clarify some issues, as I've seen many twitter users so worried and some of them decided to change their passwords there. The point is, the so called 'Iranian Cyber Army' didn't crack twitter servers nor their database or anything, what they've done was just a DNS hijack. As you know each computer (server) on the internet is reachable via it's IP Address, and since we are too lazy to remember all those IP's, we reach servers via their Names, i.e. instead of typing http://168.143.162.36 we type http://twitter.com, and DNS servers are there to translate the twitter.com to 168.143.162.36 for us. Now what the hackers have done was that they hijacked the DNS servers and made it translate http://twitter.com to their own server's IP Address, and that's it. So, I believe no one was able to touch your password, and you are not supposed to be worried.



Now, let's do our non-Arabic speakers a favor and translate the banners for them.

What's written in blue there is as follows:
فإن حزب الله هم الغالبون
This is a phrase from the Holy Quraan, and it means "The party of God are the victorious ones", or "Those who belong to God are the victorious ones". By the way, the word "Party of God", is Hezbollah in Arabic, which gives the phrase another meaning, "Hezbollah are the victorious ones".
This phrase is part of an Ayah - i.e. verse - that calls people to obey God, Prophet Muhammad, and those who give money to the poor while praying - referring to Imam Ali. It then states that those who obeys them and belong to God will be victorious.
As you can see here, the whole Ayah has a special significance to the Shia, and may be that's why those Iranian Cyber Hackers decided to use it.

Now let's have a look at the phrase written in red on the green flag:
يا حسين
This is a phrase that means "Oh Hussain", or "Dear Hussain". Hussain is the grandson of Prophet Muhammad, and he is also the son of Ali. Now let's have a look at our calendars. Today is the first day of the Islamic Hijry year, and it is also the first day of the ten days of Ashura, where the Shia remember the martyrdom of Al Hussain, and most probably this is why the flag was included in the banner.

So in brief, it seems to me that the ones who hacked twitter belongs to the Iranian system, or at least sympathize with it. And they used the religious slogans mentioned above to deliver a message to the internet users worldwide via twitter that the Iranian regime are the party of God, and they shall be victorious sooner or later.

Update: Oh wait a moment, they wrote some text there, "Now Which Country is embargo list? Iran? Usa?". So my guessings were right :)

Tags: Twitter, DNS, Iran, Islam, Gr33n Data

Copied Wii Games

I am not aware of the other countries, but here in Egypt most of the games sold here are copied ones, and almost all the Wii's are modded. But sometimes some of those copied games may asks you to upgrade your Wii in order to start. And I do not recommend updating the firmware of a modded Wii.

So here you are the steps needed to make those games work without any system updates.

Use ImgBurn to copy the DVD to your computer as an ISO file. Then download WiiBrickBlocker and use it to patch the ISO image. And finally, copy the ISO file back to a new DVD using ImgBurn. Don't use any other CD/DVD Burners as they won't work, just use ImgBurn.

Voilaaaa!

PS. The information provided here is for your own reference, and I am not responsible for anyone who uses this to break his countries laws, especially those copyright fanatics.

Tags: Wii, Games, Gr33n Data

Don't Force me to Hack You

We all know that weak passwords are bad, and that's why most of the web sites add some code in their registration or sign up page to check if your password is strong enough before allowing you to create a new account there.

But for God's sake, why can't they just warn me if my password is weak and then give me the choice to change my password or leave it if I really insist to use a weak one.

The good news here is that most of the time, they do such checks in their front end, aka JavaScript.

Today one of my friends was creating a new account on StumbleUpon as he wanted to try it. But they refused to let him use his favorite password. So I used Firebug console to create a new function that returns true all the time.

function alwaysTrue(){return true; }

Then replaced their password strength checking function with my new function.

pwCheck = alwaysTrue;

And voila! They accepted my friend's password and stopped bugging us.

The point is, password policies are supposed to be there just for our reference. But people are supposed to be free to use whatever password they want. Or else, they will not be able to remember their passwords and will either choose not to use that annoying service at all, or - even worse - they may write those funky passwords down on a piece of paper or have only one passwords for all the sites and services they use.

Tags: StumbleUpon, Password, JavaScript, FireBug, Gr33n Data

The Pirate Bay is DDoS'ed

It seems that my favorite Torrents Search website has been brought down by Copyrights crackers.

"A few hours ago The Pirate Bay website started to slow down, and eventually it became completely unresponsive. With the trial going on at the moment, the downtime instantly led to all kinds of rumors. However, there is nothing to worry about, the downtime is not related to the trial and people are on their way to bring the site back up", Torrent Freak.

"I just got word that "someone" is currently DDoS'ing the "thepiratebay.org". Even more interesting it may be a hijacked botnet causing the problem. More details as they come in", Cloud Computing Journal.

It's really shameful that those who claim that they are fighting illegal materials, are in fact doing fighting them using illegal methods.

Tags: Torrents, DDoS, Gr33n Data

NAC - IF-MAP

So, what's IF-MAP!?
As, you can see, your NAC is at a certain point of time aware of your credentials, the version of the antivirus installed on your PC, the patching level of your OS, etc. And now we need such date to be available for the other devices in the network in order to be able to deal with you not only based on your IP Address, but also based on your username, and machine health. We need some database - MAP or Meta-data Access Point - where all the previous info are available for our Firewalls, IPS's, DHCP Servers and any other network element to base their policies on them. Any IPS now that supports such protocol will be able to deal with end-points and have dynamic policies for them based on various parameters, and not just their IP Address.

"Trusted network connect - part of the Trusted Computing Group - published its Interface for Metadata Access Point protocol on April 28 to provide a common framework for sharing event metadata. This means there's finally a way for security and network devices from a variety of vendors to communicate, and thus make better assessments on whether to grant or deny access to everything from PCs to switches", InformationWeek

So now, even if someone changes his IP address, the firewall will not be fooled by his new IP address, but it will be able to deal with him based on his role in the organization regardless of his address. The IPS will be able to treat the different users differently based on their machine health, role in the organization, etc.

Related Links:
InteropLabs, Making NAC Secuirty - Aware with IF-MAP.
Got the NAC Blog, IF-MAP: Integrating All Network Security.
Got the NAC Blog, The Adoption Curve for IF-MAP.
StillSecure, After All These Years, Is IF-MAP the spark that will ignite theTCG/TNC and the security industry?
Rational Survivability, I Can Haz TCG IF-MAP Support In Your Security Product, Please.

Tags: IF-MAP, TNC, NAC, Security, Gr33n Data

NAC - TNC

I wrote a post here about Network Access/Admission Control as a way to make sure that only authorized and healthy machines will have access to your network.

It's a solution that can check the various hosts before giving them to the network, and it can also control the switches, access points, and create dynamic rules on your firewalls and IPS's in order to granular control the access given to each host to the various resources in the network based on their identity and security posture.

As you can see, to have a successful NAC solution, we need to make sure of the following:

1- You need your NAC Device (Policy Decision Point) to be able to communicate with the different devices in your network (Switches, Access Points, Firewalls, IPS's, etc), in order to push to them the policies needed to control who has access to whcih resources.
2- You can never guarantee that all the devices installed in your network are from the same vendor.

So, the best solution to solve this is to have a standard NAC solution to facilitate the communication between your PDP and PEP's.
And as far as I know, Trusted Computer Group's "Trusted Network Connect" is the only standard available out there.

As for the Switches and Access Points part, TNC decided to make use of the existing 802.1x standard, and added some extension to it in order to transfer the machines health along with the authentication parameters.

But when it comes to the security devices such as Firewall's and IPS's, unfortunately there was no existing standard to depend on. And that's why they decided to introduce a new standard called "IF-MAP" few months ago.

Tags: NAC, TNC, Gr33n Data

No More Blog Rushing

As you may have noticed, I've just removed the BlogRush widget few days ago. In fact I was not satisfied with the quality ... ehm ... the quantity of traffic it brings to my blog. And now, it cam to my knowledge that BlogRush team have decided to shut their service down. It seems that they were listening to me :)

"After careful consideration, we have decided to shutdown the BlogRush service. If you have the widget code on your blog you will need to remove it", BlogRush.

Tags: BlogRush, Blogs, Gr33n Data

FPS - Facebook Prevention System

I received a message in my Facebook account today from one of my contacts, with a malicious URL in it. The messages title is, "Youu're the wwhole shhow! i'm admirred wiith you" by the way. So take care.

I am not pretty sure how those Facebook worms normally work. One possible scenario is that there are some bots which try to guess people's Facebook passwords, and then start hacking into their accounts and send malicious messages on behalf of them. One other scenario is that attackers were able to guess the Facebook's users temporary Session Keys, and make use of the Facebook platform and API's to send malicious messages on behalf of the users. In fact, the second scenario is really scary, as users cannot protect themselves by choosing stronger passwords, or making sure they have no malicious applications installed on their PC's that can steal their passwords. But the good news here, is that facebook didn't announce any vulnerabilities in their system yet, so most probably it's the first scenario rather than the second one.

Anyway, I am writing this article to tell you, since Facebook has gained such huge momentum and almost everyone is using it. Why don't security companies start inventing new security applications on top of it.

We've got AntiSpam and Mail Gateway Security Solution for Email. So, may be some day we may see Facebook Applications that are able to check the content of your Inbox and decide whether the messages you receive are Spam, or not. We may see applications monitoring your Status Updates, sent Messages, and Friends Requests, and inform you when it notices any anomalies in such activities and warn you or even stop those anomalies.

But the point is, emails now are essential to business, so the business model for building security applications for emails is justified. But when it comes to Facebook, it's just users like you and me, who refuses to pay money for their desktop antiviruses, and either get cracked versions of them, or wait for their companies to purchase one and deploy it on their company-owned laptops. Also securing Facebook accounts is mainly the responsibility of Facebook Inc, and those guy are forced to protect people's accounts, or else people will find an alternative social network application and start using it instead.

Anyway, all those dreams and business model theories depends on the following:
How essential is Facebook in people's daily life, and may be to business as well (some may claim that they use it for networking and maintaining relations with their customers and business partners)? Are people really willing to pay money in order to protect their accounts? Will Facebook team deploy some extra security measures and charge people for those solutions (Security as a Service)? Will they just deploy those methods for free in order to make sure they do not loose customers? Is there someone really is willing to build such FPS - or let's better call it Facebook Intrusion Prevention System (FIPS) - and sell it to people?

But finally, away from all that crap I've just written above, please, please, please, I do not want to see more torturing and annoying CAPTCHA's, as some people believe they are the only way to fight spam and bots. While for me CAPTCHA's are an AntiUser solution more than an AntiSpam one.

Tags: Facebook, Spam, Gr33n Data