Gr33n Data

Democratization the Internet Infrastructure

2011-11-15T10:44:00.001+02:00

You sure heard of the Internet blackhole Egypt lived in when Mubarak's regime shut down the whole internet during January revolution. Other countries are filtering and censoring the Internet, Tunisia, Syria and Iran are just few examples. And recently the availability of the internet to the demonstrators in the Occupy Wall Street movement is an essential issue.

Isaac Wilder and Charles Wyble are two of the participants in OWS, and they also are the founders of an initiative to democratize the internet infrastructure using Wireless Mesh Network technology. Their initiative is called the FNF (Free Network Foundation)

Let me first give you quick brief about Wireless Mesh Network, normally at our homes we connect our access point to the internet via some sort of wired technology, for example ADSL. But let's imagine if I decide to get my ADSL connection then can give that internet I have to my neighbour's Access Point wirelessly, and he on his turn give it to his neighbour and so forth. So we will end up with having one internet connection shared among us. You can compare it to peer-to-peer file sharing (Kazaa and Torrent), where users are connected in a sort of mesh network.

Basically, the above description is how a Wireless Mesh Network look like, and it is already used but in different scenarios. When you need to have wireless coverage outdoors, you normally need many Access Points to cover the whole area, but also it is hard to get dedicated internet access to each of them, so you end up connecting one of them to the Internet ADSL hose, and then share that internet connection from one to the other using mesh topology.

Now from what I've read in the Free Network Foundation website, they are looking forward to have a similar mesh network that spans a whole metropolitan area or city, and in the first stage each of those cities will be connected the other cities using the internet, but I can see that they have plans to use underutilized spectrum in the VHF and UHF bands to connect those cities without the need of the Service Provider's infrastructure whatsoever, i.e. we will end up by replacing the Internet infrastructure we have today, and people will not be required to go to the Internet Service Providers or Mobile Network Operators for internet access any more.

How would such a system create cheaper Internet for everybody?

In the initial phase, people will be sharing their internet connection, so they will be saving money, and as you can see, their future plan is to totally replace the ISP's and MNO's so it decrease the internet access prices dramatically if not making it free.

But in my humble opinion, making the internet cheaper is just one benefit, but the most important benefit here, is that it will make it free from the government and ISP's censorship and control.

Is this feasible?

Well, we already have seen small scale examples of what they are willing to do, so technically it should be feasible, however I believe there will be many other obstacles such as legal or economical issues.

For example, here in Egypt, no one is allowed to cover public areas using Wifi, without having license from the government, and this might be the case in different locations, and if not, Mobile Operators will sure lobby to ban such thing, as it will directly harm their business.

Also, I believe I can compare the FNF to Web2.0. In Web2.0 the user-generated content is generated by users, and here the infrastructure is made and operated by the users as well. And while being at this analogy, huge part of FNF's success relies on users participation. Facebook's success is totally dependant on the user's participation there, and the number of photos and content they share, like and comment on, and so is FNF, it will only succeed if millions or hundreds of millions decide to participate in it, other wise it might fail.

Where are wireless mesh networks typically used?

Nowadays it's typically used in covering outdoor areas, but as far as I know, all the available mesh networks are like separate islands each of them is built and controlled by a single business or governmental entity. FNF should do to the state of wireless internet access what Gnutella and Kazaa did to file sharing, where the connection gets democratized and the network infrastructure will be owned and controlled by the people.

Have they ever been used in a protest context?

Many people though of a similar solution when the internet was down in Egypt, during January revolution, but it remained an idea and I am happy to see FNF taking it further.
During the revolution (after the internet came back), people living near Tahrir square opened their Access Points for the demonstrators to use freely. Although what they did is a very basic thing compared to FNF plans, however it shows the need for such solution, especially where governments can either totally shut the internet down or at least censor it.

What is the difference between a WMN and VPN?

They two are very different. WMN (Wireless Mesh-Network) is meant to provide physical layer connectivity to users, while VPN (Virtual Private Networks) are built on top of that connectivity to provide connectivity and security (encryption) in the upper layers of the internet stack.

To make it easier to understand, you can consider WMN as the roads and streets that connect our houses together, while VPN is the cars that run on those streets. Without the roads, no matter how good are the cars you have, they will be useless. VPN can help fighting governments censorship of the internet, but WMN can fight both censorship and internet blockage as well, which VPN's can't deal with.

Hint: This is basically how I understood the FNF ambitious initiative, and here are links to Mesh Networks, Sovereign Computing, and Packet Radio projects listed on FNF website.

Sources:
How Occupy Wall Street Is Building Its Own Internet
The Free Network Foundation

Interview with Khaled Wagdy about his Motion Capture System

2011-08-26T02:34:00.011+02:00

Do you think Egyptians are less creative than many other nations when it comes to technology startups? Well, think again. This team of brilliant computer developers created a system that makes it easier for computers to capture ones motion. You can watch this video to better understand their new system. I interviewed one of the team members, Khaled Wagdy, about their project and its future.

Hi Khaled, can you please tell me first about yourself? What did you study? Who are the other team members of the project? How did you meet?

We are Yasser El-Sherbiny and Khaled Wagdy (@kwagdy), two computer engineers with great passion for 3D computer animation and development; we studied at the same university where the dream began as our graduation project, when we decided to use our knowledge as computer engineers to develop affordable motion capture & animation solutions to play a role in improving the productivity and quality of the animation and gaming industries here in Egypt.

Also I'd like to know more about the technology used. I've noticed in the video that you said no need for cameras (like in the case of Wii), so how do you detect motion? Did you develop the sensors and softwares used yourself?

There are mainly three types of motion capture systems, and we’ve gone through the process of implementing the three types before we decided to go with the latest system. The optical system which is based on cameras surrounding the performer with markers attached to a suit he wears to track each point on the body, the mechanical system where the performer wears an exo-skeleton suite with sensors at the joints to capture the joints' rotations, and the inertial system, that's our system, which is based on Inertial Measurement Unit (IMU) sensors, fitted using straps around the body to calculate the orientation of each body segment in space, this type of motion capture system doesn't require cameras, doesn’t need special setup for the space like in the optical systems and don't have the limitations and restrictions of wearing a mechanical exo-skeleton.

We spent the last few months developing the hardware (the IMUs) and software for this system, as well as the real-time plugins for the commercial and known 3D software packages for ease of use and real-time display, so the end-user doesn’t need to learn new tools to use our system.

How do you see your technology versus competing ones like that ones applied in Xbox, or versus competing technologies such as that of Vicon (@_vicon)

The "Kinect" used with the Xbox gaming console controls the motion of the in-game character based on gesture recognition and basic tracking of the performer (gamer/user), it lacks the accuracy, gives the performer very limited space to move in and can’t handle high speed motions, these are all requirements when doing motion capturing for Media related projects (Movies, TV series', Commercials, Games ...etc.) and motion analysis in medical and sports sectors. Also, you should know that motion capturing technology was used for the characters animation we all enjoy while playing games on this and other similar high-end consoles :)

Vicon is one of the leading developers of optical motion capture systems, their systems have been used in many big budget movies and popular games by the biggest visual effects studios and game developers, however, they were one of the main reasons why we decided developing our own system, motion capture by then had established a strong foothold in the entertainment industry and gaining popularity and acceptance. It created possibilities in filmmaking which did not exist before, and became an essential element in game development elevating the gaming experience into new levels of realism, and for ongoing series and TV shows it stands out as a cost-effective tool to speed up production and increase the quality and productivity.

Unfortunately, the quality demands for animation place challenging demands on a motion capture system. To date, commercially available motion capture solutions that meet these demands (like Vicon’s optical systems) have required specialized software/hardware that is extremely expensive (hundreds of thousands of dollars) and not easily portable and require a dedicated staff for operation/support and a dedicated vast capture area with specific settings for physical installation (like lighting conditions) making it difficult for small and medium sized companies or even independent users with small budgets to take advantage of its features.

We had specific targets and vision when we started developing our motion capture systems. We want to provide portable, high quality and cost effective motion capture solutions that is accessible even to medium and small production houses, increasing their quality standards and productivity, we want to help animation houses to focus more on their ideas and their output rather than the complex technicalities faced in producing good character animation and the high costs behind them.

Other than games, where else you believe your technology can be applied?

It’s been used in many industries other than entertainment (films and games) such as sports (performance evaluation), education (training, simulation & virtual reality), medical applications (gait & motion analysis) and even military. The list of potential uses for motion capture does not stop there, and continues to rise as increasing computational power become available, alongside a general acceptance of motion capture into the mainstream.

What are your plans now? Are you looking to sell this technology to gaming platform vendors for example? Or you are looking to get incorporated and find a Venture Capital to support you?

We’ll continue the development process, right now we try to complete and integrate our facial motion capture system (you can see a very early test of it here: (http://www.youtube.com/watch?v=0RlWTZkpHFw) with the full-body system to create what’s known as “Performance Capture” which captures the hole performance not only the body motion but the facial expressions as well. Currently we are getting in contact with pilot customers to offer our animation services for real production testing and gathering their feedback; in parallel we are contacting VCs for funding.

Did you contact Angel Investors and VC's? You think it is better to be backed by VC's from within Egypt or from outside it?

In the last couple of weeks, we contacted a few VCs some of which have already invited us for meetings and interviews. We are currently waiting for feedback. We don't think there will be much difference, so far, almost all of the VCs we've met already have international connections.

How do you see the software and technology in Egypt? What obstacles did you see here?

Egypt has a lot of really great calibres, people who are determined to reach their goals despite the various technical and financial challenges, and we think as the technology sector gains more and more attention and focus, it will be one of the most valuable assets for this country. For us, we had some challenges due to the lack of high-end technology resources in the local market as well as the financial challenge. However, we are glad we didn't back out on our dream until it's now a reality :)

Any other projects you are working on, and would like to share more info about them here?

We have a few ideas; some related to the animation industry and some outside, however, we are now focused on the new Motion Capture System.

Any other questions you were expecting me to ask?

We’d like to thank you for having us on your blog, feel free to contact us if you have any questions.

Links & Contacts:
Facebook: http://www.facebook.com/pages/Motion-Capture-Egypt-Snappers-Systems/138488292872249
Youtube: http://www.youtube.com/watch?v=MVvDw15-3e8
Twitter: @SnappersSystems
Email: info(at)snapperstech(dot)com

Tags: Startup, Gaming, Gr33n Data

Android Market On Galaxy Tab

2011-04-29T20:49:00.014+02:00

For an unknown reason, the Galaxy Tab's sold here in Egypt has got no Android Market on them. I.e. there is no way to get real applications, and you should just stick to the shitty Samsung Apps that has got almost nothing. I know how frustrating this might sound, but calm down, there is a solution for this.

Open the Phone application.
Dial *#272* then your device's IMEI number ( it's on the back of the galaxy tab), followed by the # (hash sign).
You'll find something like "EGY" being selected as your Sales Code, change it to "XSG" and tap Ok/install.
The device will reboot and reset, and voilà!

The only problem here is that you will loose your 3G setting, but you still can find it anywhere online. For Mobinil for example here is how to set it back after you finish the above steps:

Go to Settings >> Wireless and network >> Mobile networks >> Access Point Names
Add a "New APN" from the below menu botton
The Mobinil APN settings are as follows:

Name: mobinilweb
APN: mobinilweb
Proxy: [Leave Blank]
Port: [Leave Blank]
Username: [Leave Blank]
Password: [Leave Blank]
Server: [Leave Blank]
MMSC: [Leave Blank]
MMS Proxy: [Leave Blank]
MMS Port: [Leave Blank]
MCC: 602 (should be set to this already)
MNC: 01 (should be set to this already)
Authentication type: [Leave Blank]
APN type: internet + mms (should be set to this already)

Or if you are Vodafone user, Vodafone APN settings are as follows:

Name: internet.vodafone.net
APN: internet.vodafone.net
Proxy: [Leave Blank]
Port: [Leave Blank]
Username: internet
Password: internet
Server: [Leave Blank]
MMSC: [Leave Blank]
MMS Proxy: [Leave Blank]
MMS Port: [Leave Blank]
MCC: 602 (should be set to this already)
MNC: 02 (should be set to this already)
Authentication type: [Leave Blank]
APN type: internet + mms (should be set to this already)

Or if you are Etisalat, user, Etisalat APN settings are as follows (Courtesy to Ehab Elzelaky):

Name: Etisalat
APN: etisalat
Proxy: 10.71.130.29
Port: 8080
Username: [Leave Blank]
Password: [Leave Blank]
Server: [Leave Blank]
MMSC: 10.71.131.7:38090
MMS Proxy: [Leave Blank]
MMS Port: 8080
MCC: 602 (should be set to this already)
MNC: 03 (should be set to this already)
Authentication type: [Leave Blank]
APN type: internet + mms (should be set to this already)

PS. May be such hack works for other Android devices too, and not only Galaxy Tab. Who knows :-) Now let me ask, why the hell Android Market isn't available in Egypt in the first place. Also after you get it, still some applications ain't available in Egypt such as Skype, and Amazon's Kindle. I'm not sure if this is due to some crappy copyrights issues, or those vendors believe that the world just ends at the borders of their countries. Anyway, screw them, there will always be ways to hack the devices and overcome these vendors' stupid limitations Update: There is a workaround to download Kindle, Skype, etc. Use the below link for Opera Mobile Store. Thanks to @OthmanVII for the tip. http://mobilestore.opera.com/ Tags: Samsung Galaxy Tab, Android Market, Gr33n Data

Can Supporting the Devil be Ethical?

2011-03-06T17:07:00.008+02:00

As you know, the Egyptians protesters attacked the Egyptian State Security Head Quarters yesterday. During Mubarak's regime the S.S. used to arrest and torture the Egyptian people. They also used to collect information of every singe person or entity in the country. The protesters were able to capture loads of documents from there, one of them revealed [Ar] that they used some kind of software tool called "FinFisher" in order to install malwares into users computers, collect data from there, and hack into their emails. According to the document, this software belongs to a German company called "Gamma Group", and was sold to the S.S. by a local Egyptian company called "MCS".

The question now, is it ethical to do business with tyrants? Let me be more specific here. Let's consider an entity like the Egyptian State Security. Is it just unethical to support them or sell them anything? Or we have to differentiate here between selling them stationary for example, and selling them torturing tools or softwares like this one?

Finally, I have to clarify that no one can be sure of the authenticity of the revealed documents so far. We still have to wait for the official entities in Egypt in order to verify the informations there. So, by all mean, nobody has the right to accuse anybody here. However, this doesn't mean that my questions aren't valid. I really want to know how ethical is it to help in oppression and information stealing. Normally those who write malicious software tools, they write disclaimers somewhere saying that they aren't responsible for any malicious use of their tools. But in our case here, the nature of the tool and the end-user makes such kind of disclaimers unacceptable, if they ever existed.

Tags: Ethics, Privacy, Gr33n Data

Is rate limiting an entire connection censorship?

2011-02-08T14:49:00.001+02:00

Is rate limiting an entire connection censorship?

Tags: Censorship, Security, Gr33n Data

Twitter is blocked here now!

2011-01-25T18:41:00.006+02:00

Ok, so because of the demonstrations here in Egypt, apparently the government owned service provider, TEData, decided to fucken block twitter!
Has Ammar 404 has left Tunisia after the flee of Ben Ali and decided to spend the rest of his life here in Egypt.
Seems that they are blocking its IP address, using a simple ACL. And not blocking it's url using a Web Filtering services on their Cache Servers, as I tried to login via "https://" and it failed too. And normally, many WF solutions miss the encrypted SSL traffic. Still not sure, but just guessing.

Tags: Network Neutrality, TEData, Gr33n Data

Juniper Networks to acquire Trapeze Networks

2010-11-16T19:53:00.005+02:00

Today, Juniper Networks announced a definitive agreement to acquire Trapeze Networks, a technology leader in enterprise wireless local area network (WLAN) systems and management software. Read more here.

P.S. Original photo copyrights goes to DailyInterview.net

Tags: Juniper Networks, Trapeze Networks, Gr33n Data

GIF Image 1x1 Pixels Error and Kaspersky

2010-11-15T03:10:00.003+02:00

It's been a while, and I wasn't able to access my blogs statistics service, SiteMeter. Every time I go there, I receive the weirdest error message ever, "GIF Image 1x1 Pixels". I go the feeling that they quit business, or something.
Today, I was accessing the following link on Global Voices Online, and guess what, I got the same error message again.
I went googling, and it came out that both SiteMeter and GVO are innocent, it's Kaspersky that is messing out the web pages there.
So, in case you have Kaspersky Antivirus installed, go to the Anti-Spy settings, and either uncheck the "Enable Anti-Banner" altogether, or go to the Anti-Banner settings and add the sites you have problems with to the white-list there.

Tags: Kaspersky, Web Filtering, Gr33n Data

VEPA - Let the Switch switch again

2010-11-02T12:57:00.006+02:00

Virtual Servers are cool, everybody is going virtual now. But we (Networking guys) hate them sometimes. The vSwitches inside the Virtual Servers are now responsible for moving the packets between the different Virtual Machines in there, hence the packets never touch the wire, and the physical switches and security devices become more and more blind and can never QoS or secure that traffic.

Now it seems that the IEEE is planning to let the switches do their switching again. VEPA (Virtual Ethernet Port Aggregator or IEEE802.1Qbg) are meant to let the vSwitch handle the packets to the adjacent edge switches. Or as HP ProCurve's CTO, Paul Congdon, described it here:

On a bridge, if the port it needs to send a frame on is the same it came in on, normally a switch will drop that packet, but VEPA enables a hairpin mode to allow the frame to be forwarded out the port it came in on. It allows it to turn around and go back.

Also another extension (IEEE802.1Qbh) was required to allow remote switches and security devices - instead of just those adjacent ones - to handle such traffic and perform whatever switching, QoS, or policy inspection tasks on it.

The below presentation is really good in describing the VEPA pre-standard.
http://www.ieee802.org/1/files/public/docs2009/new-dcb-hudson-tagless-vepa-0109.pdf

Tags: IEEE802.1Qbg, VEPA, Virtualization, Gr33n Data

Sorry Nokia, but you deserve to die.

2010-09-03T17:42:00.004+02:00

I am not a big fan of Apple's business model. And may be that's why I kept resisting the temptation to buy a new iPhone. Nowadays, no one cares about the mobile phone's hardware, or even software, it's all about the applications that run on it. And Apple was clever enough to create a huge ecosystem around their iPhones, Nokia on the other hand failed to do any proper actions. Their Ovi store sucks, and all the cool startups now such as Gowalla, Foursquare, et al consider Nokia as if it doesn't exist. They make application for iPhone, iPad, Android, and even Blackberry, but nothing for Nokia phones.

So I was forced to develop my own applications in order to be able to make use of the new web applications on my Nokia phone. Nokia then asked me to fill lengthy forms in order to give me access to their beta SDK. And they totally ignored me and never received anything from their site. And now that their QT SDK is publicly available I downloaded it yesterday, and guess what, the installer gave me nothing but errors although there is nothing on their site that says that my system doesn't meet their requirements.

I guess Nokia made it clear to me now that they have lost the battle against Apple and Google, and they have no plans to fight back. And for sure my next phone most probably will not be a Nokia.

Update: It finally worked now, yet I'm still not convinced Nokia is doing any effort to save its own butt.

Tags: Nokia, iPhone, Android, Gr33n Data

PAN - Cloud is Overrated

2010-06-22T21:21:00.004+03:00

I like how those Palo Alto Network guys come out with new ideas every now and then. Many times their new ideas aren't more than a marketing buzz, yet I like them. But this time I do not get their point at all.

Ok, they said that they came out with End Point security solution where agents on the end points will not inspect the traffic there but rather send it to the nearest PAN Firewall/UTM to inspect it!

"The Palo Alto endpoint protection takes a novel approach to overcoming this problem. Palo Alto is developing a small agent that will operate persistently on the host, detecting whenever the client connects to a public or private network. Rather than doing the traffic inspection on the client, the agent will compel all traffic to route through the closest home network. This means that all traffic will be inspected and passed through the existing network-based next-generation firewall", Channel Insider - Secure Channel Blog.

And this makes me wonder, how many Megas - if not Gigs - do we need to have on our PC's? Will it send every single executable I touch on my PC over the wire to inspected regardless of its size, whether it is few kilos or multiple Gigs? Why should a network device be bothers for inspecting activities than happen on hosts? I really don't get it. May be I am missing some points here, so would someone please help me understand their new approach.

Tags: PAN, Cloud, Gr33n Data

Is Skype really blocked in Egypt!?

2010-03-15T00:24:00.005+02:00

There are rumors here, here, and here that the Egyptian government is blocking Skype.

This morning, a call placed to Vodafone’s customer service indicated that Telecom Egypt is going to block Skype in Egypt, and that it’s out of their hands. After repeated calls from various people to Vodafone’s customer service, they were told “Skype is being blocked since 13th March based on an order from Telecom Egypt.”, The Next Web.

As you can see, the source of the news are Vodafone users who are not able to use Skype when they are connected to the internet via their 3G USB Modems. And since many of the ADSL home users are reporting that Skype is working fine at their places. Then I have strong feeling that the Egyptian government has nothing to do with this. I believe it is just Vodafone's DPI that is blocking Skype in order not to harm their revenues.

Update [16 March 2010]: It's official now, the NTRA - the government - is the one responsible for this and not the mobile operators. However I have strong feelings that the operators are the one who pushed the NTRA to take such decision in the first place as Skype harms their - as well as Telecom Egypt's - revenues.

Tags: Skype, Vodafone, Gr33n Data

Beware of this Phishing Email

2010-01-06T10:40:00.004+02:00

If you receive an email like this one, http://pic.im/g75. Most probably it's a phishing attack, and they are going to fool you in order to get your Facebook password.

Tags: Phishing, Facebook, Gr33n Data

About Last Night's Twitter Hacking

2009-12-18T12:57:00.006+02:00

This is old news now, you all know that Twitter has been hacked last night, and it's back to normal operation now.

Mashable reports that Twitter has been hacked by a group called the ‘Iranian Cyber Army’, which took over the microblogging site and added its own text; logos; and images to the site. via mediaupdate.co.za

In fact I wanted here to clarify some issues, as I've seen many twitter users so worried and some of them decided to change their passwords there. The point is, the so called 'Iranian Cyber Army' didn't crack twitter servers nor their database or anything, what they've done was just a DNS hijack. As you know each computer (server) on the internet is reachable via it's IP Address, and since we are too lazy to remember all those IP's, we reach servers via their Names, i.e. instead of typing http://168.143.162.36 we type http://twitter.com, and DNS servers are there to translate the twitter.com to 168.143.162.36 for us. Now what the hackers have done was that they hijacked the DNS servers and made it translate http://twitter.com to their own server's IP Address, and that's it. So, I believe no one was able to touch your password, and you are not supposed to be worried.

Now, let's do our non-Arabic speakers a favor and translate the banners for them.

What's written in blue there is as follows:
فإن حزب الله هم الغالبون
This is a phrase from the Holy Quraan, and it means "The party of God are the victorious ones", or "Those who belong to God are the victorious ones". By the way, the word "Party of God", is Hezbollah in Arabic, which gives the phrase another meaning, "Hezbollah are the victorious ones".
This phrase is part of an Ayah - i.e. verse - that calls people to obey God, Prophet Muhammad, and those who give money to the poor while praying - referring to Imam Ali. It then states that those who obeys them and belong to God will be victorious.
As you can see here, the whole Ayah has a special significance to the Shia, and may be that's why those Iranian Cyber Hackers decided to use it.

Now let's have a look at the phrase written in red on the green flag:
يا حسين
This is a phrase that means "Oh Hussain", or "Dear Hussain". Hussain is the grandson of Prophet Muhammad, and he is also the son of Ali. Now let's have a look at our calendars. Today is the first day of the Islamic Hijry year, and it is also the first day of the ten days of Ashura, where the Shia remember the martyrdom of Al Hussain, and most probably this is why the flag was included in the banner.

So in brief, it seems to me that the ones who hacked twitter belongs to the Iranian system, or at least sympathize with it. And they used the religious slogans mentioned above to deliver a message to the internet users worldwide via twitter that the Iranian regime are the party of God, and they shall be victorious sooner or later.

Update: Oh wait a moment, they wrote some text there, "Now Which Country is embargo list? Iran? Usa?". So my guessings were right :)

Tags: Twitter, DNS, Iran, Islam, Gr33n Data

Copied Wii Games

2009-12-03T15:08:00.005+02:00

I am not aware of the other countries, but here in Egypt most of the games sold here are copied ones, and almost all the Wii's are modded. But sometimes some of those copied games may asks you to upgrade your Wii in order to start. And I do not recommend updating the firmware of a modded Wii.

So here you are the steps needed to make those games work without any system updates.

Use ImgBurn to copy the DVD to your computer as an ISO file. Then download WiiBrickBlocker and use it to patch the ISO image. And finally, copy the ISO file back to a new DVD using ImgBurn. Don't use any other CD/DVD Burners as they won't work, just use ImgBurn.

Voilaaaa!

PS. The information provided here is for your own reference, and I am not responsible for anyone who uses this to break his countries laws, especially those copyright fanatics.

Tags: Wii, Games, Gr33n Data

Don't Force me to Hack You

2009-04-15T14:47:00.005+02:00

We all know that weak passwords are bad, and that's why most of the web sites add some code in their registration or sign up page to check if your password is strong enough before allowing you to create a new account there.

But for God's sake, why can't they just warn me if my password is weak and then give me the choice to change my password or leave it if I really insist to use a weak one.

The good news here is that most of the time, they do such checks in their front end, aka JavaScript.

Today one of my friends was creating a new account on StumbleUpon as he wanted to try it. But they refused to let him use his favorite password. So I used Firebug console to create a new function that returns true all the time.

function alwaysTrue(){return true; }

Then replaced their password strength checking function with my new function.

pwCheck = alwaysTrue;

And voila! They accepted my friend's password and stopped bugging us.

The point is, password policies are supposed to be there just for our reference. But people are supposed to be free to use whatever password they want. Or else, they will not be able to remember their passwords and will either choose not to use that annoying service at all, or - even worse - they may write those funky passwords down on a piece of paper or have only one passwords for all the sites and services they use.

Tags: StumbleUpon, Password, JavaScript, FireBug, Gr33n Data

The Pirate Bay is DDoS'ed

2009-03-03T08:56:00.003+02:00

It seems that my favorite Torrents Search website has been brought down by Copyrights crackers.

"A few hours ago The Pirate Bay website started to slow down, and eventually it became completely unresponsive. With the trial going on at the moment, the downtime instantly led to all kinds of rumors. However, there is nothing to worry about, the downtime is not related to the trial and people are on their way to bring the site back up", Torrent Freak.

"I just got word that "someone" is currently DDoS'ing the "thepiratebay.org". Even more interesting it may be a hijacked botnet causing the problem. More details as they come in", Cloud Computing Journal.

It's really shameful that those who claim that they are fighting illegal materials, are in fact doing fighting them using illegal methods.

Tags: Torrents, DDoS, Gr33n Data

NAC - IF-MAP

2008-11-18T00:13:00.003+02:00

So, what's IF-MAP!?
As, you can see, your NAC is at a certain point of time aware of your credentials, the version of the antivirus installed on your PC, the patching level of your OS, etc. And now we need such date to be available for the other devices in the network in order to be able to deal with you not only based on your IP Address, but also based on your username, and machine health. We need some database - MAP or Meta-data Access Point - where all the previous info are available for our Firewalls, IPS's, DHCP Servers and any other network element to base their policies on them. Any IPS now that supports such protocol will be able to deal with end-points and have dynamic policies for them based on various parameters, and not just their IP Address.

"Trusted network connect - part of the Trusted Computing Group - published its Interface for Metadata Access Point protocol on April 28 to provide a common framework for sharing event metadata. This means there's finally a way for security and network devices from a variety of vendors to communicate, and thus make better assessments on whether to grant or deny access to everything from PCs to switches", InformationWeek

So now, even if someone changes his IP address, the firewall will not be fooled by his new IP address, but it will be able to deal with him based on his role in the organization regardless of his address. The IPS will be able to treat the different users differently based on their machine health, role in the organization, etc.

Related Links:
InteropLabs, Making NAC Secuirty - Aware with IF-MAP.
Got the NAC Blog, IF-MAP: Integrating All Network Security.
Got the NAC Blog, The Adoption Curve for IF-MAP.
StillSecure, After All These Years, Is IF-MAP the spark that will ignite theTCG/TNC and the security industry?
Rational Survivability, I Can Haz TCG IF-MAP Support In Your Security Product, Please.

Tags: IF-MAP, TNC, NAC, Security, Gr33n Data

NAC - TNC

2008-11-12T14:36:00.007+02:00

I wrote a post here about Network Access/Admission Control as a way to make sure that only authorized and healthy machines will have access to your network.

It's a solution that can check the various hosts before giving them to the network, and it can also control the switches, access points, and create dynamic rules on your firewalls and IPS's in order to granular control the access given to each host to the various resources in the network based on their identity and security posture.

As you can see, to have a successful NAC solution, we need to make sure of the following:

1- You need your NAC Device (Policy Decision Point) to be able to communicate with the different devices in your network (Switches, Access Points, Firewalls, IPS's, etc), in order to push to them the policies needed to control who has access to whcih resources.
2- You can never guarantee that all the devices installed in your network are from the same vendor.

So, the best solution to solve this is to have a standard NAC solution to facilitate the communication between your PDP and PEP's.
And as far as I know, Trusted Computer Group's "Trusted Network Connect" is the only standard available out there.

As for the Switches and Access Points part, TNC decided to make use of the existing 802.1x standard, and added some extension to it in order to transfer the machines health along with the authentication parameters.

But when it comes to the security devices such as Firewall's and IPS's, unfortunately there was no existing standard to depend on. And that's why they decided to introduce a new standard called "IF-MAP" few months ago.

Tags: NAC, TNC, Gr33n Data

No More Blog Rushing

2008-10-30T10:05:00.003+02:00

As you may have noticed, I've just removed the BlogRush widget few days ago. In fact I was not satisfied with the quality ... ehm ... the quantity of traffic it brings to my blog. And now, it cam to my knowledge that BlogRush team have decided to shut their service down. It seems that they were listening to me :)

"After careful consideration, we have decided to shutdown the BlogRush service. If you have the widget code on your blog you will need to remove it", BlogRush.

Tags: BlogRush, Blogs, Gr33n Data

FPS - Facebook Prevention System

2008-10-28T15:36:00.007+02:00

I received a message in my Facebook account today from one of my contacts, with a malicious URL in it. The messages title is, "Youu're the wwhole shhow! i'm admirred wiith you" by the way. So take care.

I am not pretty sure how those Facebook worms normally work. One possible scenario is that there are some bots which try to guess people's Facebook passwords, and then start hacking into their accounts and send malicious messages on behalf of them. One other scenario is that attackers were able to guess the Facebook's users temporary Session Keys, and make use of the Facebook platform and API's to send malicious messages on behalf of the users. In fact, the second scenario is really scary, as users cannot protect themselves by choosing stronger passwords, or making sure they have no malicious applications installed on their PC's that can steal their passwords. But the good news here, is that facebook didn't announce any vulnerabilities in their system yet, so most probably it's the first scenario rather than the second one.

Anyway, I am writing this article to tell you, since Facebook has gained such huge momentum and almost everyone is using it. Why don't security companies start inventing new security applications on top of it.

We've got AntiSpam and Mail Gateway Security Solution for Email. So, may be some day we may see Facebook Applications that are able to check the content of your Inbox and decide whether the messages you receive are Spam, or not. We may see applications monitoring your Status Updates, sent Messages, and Friends Requests, and inform you when it notices any anomalies in such activities and warn you or even stop those anomalies.

But the point is, emails now are essential to business, so the business model for building security applications for emails is justified. But when it comes to Facebook, it's just users like you and me, who refuses to pay money for their desktop antiviruses, and either get cracked versions of them, or wait for their companies to purchase one and deploy it on their company-owned laptops. Also securing Facebook accounts is mainly the responsibility of Facebook Inc, and those guy are forced to protect people's accounts, or else people will find an alternative social network application and start using it instead.

Anyway, all those dreams and business model theories depends on the following:
How essential is Facebook in people's daily life, and may be to business as well (some may claim that they use it for networking and maintaining relations with their customers and business partners)? Are people really willing to pay money in order to protect their accounts? Will Facebook team deploy some extra security measures and charge people for those solutions (Security as a Service)? Will they just deploy those methods for free in order to make sure they do not loose customers? Is there someone really is willing to build such FPS - or let's better call it Facebook Intrusion Prevention System (FIPS) - and sell it to people?

But finally, away from all that crap I've just written above, please, please, please, I do not want to see more torturing and annoying CAPTCHA's, as some people believe they are the only way to fight spam and bots. While for me CAPTCHA's are an AntiUser solution more than an AntiSpam one.

Tags: Facebook, Spam, Gr33n Data

Arista Networks

2008-10-25T22:42:00.004+02:00

Every now and then, some companies grab bloggers attentions. Sometimes it is because they are offering new technologies or setting new standards, but some other times it's because people behind them are buzz-magnets.

A former head of Cisco's switch business, and Sun co-founder, started a new switching startup called Arista Networks. Their motto is "Extensible Operation System for Cloud Networking".

As you can see, "Sun", "Cisco", and "Cloud Networking", are all enough buzz words to grap people's attention, and start writing about the new company.

So, I decided to pay their site a visit in order to see what new technology are these guys offering to the market.

First of all, they have a very limited portfolio, 24 and 48 edge-switches with 10 GbE interfaces. They do not have any modulat chassis-based switches yet, but may be this is because they are just starting up.

They are focusing on their modular OS, but once again Juniper's JunOS for example is modular too, so what is really new in Arista's switches compared to Juniper's EX-Series?!

ISSU (In-service-software-upgrades), which is new for an edge-switch. Many modular switches with redundant Management Modules (~~Foundry Switches for example~~), can be upgraded without interruption. I also don't think this is the killing feature people are really looking for in an edge switch.

To tell you the truth, I think the main competitive value for Arista Networks, is their prices. I do not know their actual pricing, but it's said that their prices are much lower than the equivalent switches for Cisco for example. But what about HP ProCurve for example, are they cheaper too?

Anyway, it's still good to have more competing companies in the switches market which is dominated by one vendor so far. And analysts usually like to call it, "Cisco and the Seven Dwarfs" market.

Tags: Arista Networks, Cisco, Junipe, HP ProCurve, Foundry Networks, Switches, Gr33n Data

McAfee to buy Secure Computing

2008-09-22T23:27:00.004+02:00

I'm used to make fun of McAfee when they present themselves as a Network Security Vendor especially that they don't even have their own Firewall product. So, now it seems that the people at McAfee decided to spend about $465M to stop me from making fun of them.

Ok, let's get serious now. I think this is a good move from McAfee anyway. Secure Computing security portfolio will sure fill some missing gaps in McAfee's product line. They have their own firewalls (Sidewinder), and Content Security (Webwasher). But on the other hand people may argue that Secure Computing products are not highly ranked compared to other vendors in the market. And to tell you the truth, I always believed that McAfee was going to acquire a Firewall vendor someday, and I thought that Fortinet is their best option. It's not only the best buy for McAfee, but if I were in Fortinet's guys shoes I'd have asked McAfee to acquire us too. Fortinet have good products and they sure were going to fill the missing gaps in McAfee's Network Security portfolio, and McAfee's guys would have been more proud to put their logo on Fortinet's products than Secure Computing ones. And on the other hand Fortinet is that kind of vendor that is there to be acquired. Come on, they may have good products, but they are small company and it is really hard for companies with similar size are narrow line of products nowadays to last for a long while before getting acquired or quitting the market..

Anyway, congratulations to McAfee guys, and I believe the Network Security market will benefit from one strong vendor which is getting even stronger.

Tags: McAfee, Secure+Computing, Gr33n Data

Google Believes I'm a Virus

2008-09-21T11:16:00.012+02:00

I received the following Error Message today when I tried to access Google homepage.

But what makes Google believe that my request is coming from a Virus or Spyware application? Has any of you received a similar message too?

Ok, according to Google Help Center, "This message appears when Google detects automated querying coming from your IP Address, thus causing a quick spike in traffic on http://www.google.com".

But wait a minute, this can also happen if you are behind a NAT'ing device, and another device in your network is sending automated queries to Google.

It's likely that a user or a computer in your network is running automated querying. Sending automated queries of any sort to Google is against our Terms of Service. This includes, among other things, the following activities:
* Using any software that sends queries to Google to determine how a website or webpage ranks on Google for various queries
* 'Meta-searching' Google
* Performing 'offline' searches on Google

Now, what's the next step? If you have suitable privileges on that network, I think you have to deploy or gather the logs from existing IDS/IPS Sensors and Traffic Anomaly Detection Systems. Such softwares can detect Traffic Peaks and other Traffic Patterns that violates the normal Behavior on your Network, and can then detect the offending host(s). Another solution for those who do not own an IPS is to gather the traffic logs from their Gateway Firewall or Router and analyze those logs manually.

The problem here is that there is no IPS installed, or may be there is one but I have no access to it. So I am forced to do it the hard way, to analyze the firewall logs. As far as I can see the nember of sessions from the internal network to Google IP Address are not that huge or even big enough to be suspected by their system. So it seems that it's as they said in their Help Center. May be it's something in the content of the traffic and not it's volume. May be they get alerted when they see someone using their search engine for example and the User-Agent parameter in his/her get request in not equal to any web browser they are aware of.

Anyway, is seems that with the tools available to me now, it is really hard to know the real reason for Google's error message, and how to detect the violating host and stop it if possible. So you may consider this post as some kind of rant or chit-chat.

Error Message URL: http://sorry.google.com/sorry/Captcha?continue=http://www.google.com

Tags: Google, Security, Gr33n Data

Handling Rogue Access Points

2008-07-01T22:27:00.004+03:00

Michael Gregg of Search Networking wrote an article there about the best methods for handling rogue access points.

He first wrote about the potential problems of allowing end users to add wireless devices to the company network without approval.

There are several potential problems with allowing end users to add wireless or other devices to the company network without approval. One big one is they may not employ the proper security measures. There is also the issue of maintaining control of the organizations infrastructure.

Then he gave some suggestions for handling those rogue access points.

All employees should know the rules regarding wireless and what can and cannot be plugged into the network. Policy enforcement will be easier if you have managed switches. You can disable unused ports and start restricting down active ones by MAC address filtering.

Ok! Warning your employees and having some written policies is fine, but it's not enough at all. How are you going to be sure that your employees will adhere to such policy!?

Now, with respect to disabling and enabling ports on demand, and writing MAC filters. Come on, we are in the twenty first century now. Such manual controls as enabling and disabling ports on demand is something from the past, and they are not effective as well. An employee can simply connect the access point to his already activated port. And maintaining those MAC filters on the switches will be a real pain in the butt for the IT administrators, especially in a dynamic environment where users move a lot.

I believe an appropriate solution for this instead of those pre-historic ones is doing some authentication on your switch ports. IEEE 802.1x is a decent solution that will ensure that only those devices with valid credentials are given access to your network. And if you've got a NAC solution, then most probably you can use it in order to apply some network access control.

He finally suggested using tools to detect rouge access points such as AirMagnet and Air Defense.

Next, find some tools that will let you scan for rogue access points. There are commercial tools that will do this such as AirMagnet and AirDefense, and if your budget is tight you might want to try an open source tools such as RogueScanner.

Fine, monitoring your network is a good practice, but you have to apply your controls first. Such scanning tools can hardly take actions against those rogue access point, they will just warn you, and the intruders will have enough time to traverse your network till you receive such event and take action.

Tags: WiFi, Security, Gr33n Data