Ahmad Hadeed's Blog

A friend of mine sent me this a while ago, Firefox & IE statistical graphs have crossed, with Firefox taking the lead in Nov 2009.

The Firefox’s graph is still rising above others. Take that Microsoft!

Statistics source

Firefox has proven it’s self as a reliable browser over time, even Google have built Chrome using Firefox’s technology. Web developers should now focus on compatibility, since many websites might be targeted to work on IE, which is most of the time incompatible with any other browser.

Now with the upcoming release of Chrome OS, the whole idea of the Operating System is around the browser, that’s the future of internet computing. Now Microsoft will be trying to catch up & I don’t see them catching up anytime soon if they ever will!

Throughout my experience in life, I’ve came to a conclusion time ago that seems to prove it self on regular bases. While the title might be self explanatory to “geeks” and “network professionals” or at least would be easier to understand once you know what I’m talking about.

Girls talk & blabber too much! News spread like fire, gossips and rumors just spreads between all of them. If a girl is notified of something, she goes telling everybody about it, just like a hub!

For non network professionals, a hub is a network device that receives data & broadcast it to all connected devices on the network, whether it was their data packets or not everyone gets a copy of it.

You should be getting a part of the picture by now.

Hub

On the other hand however, boys are more careful when they speak, they speak less & they are more intelligent when it comes to the concept of spreading news. Tongues do not slip fast & they do not broadcast everything they hear, that’s why they are more like switches and routers.

Switches and routers are more intelligent devices in a network, received data are only transferred to a specific address depending on a lookup table that is called an ARP table. This way only the desired destination receives that certain desired data.

Switch

The bottom line here is … well I guess you already know it.

P.S: Another thing you should know here, though packets transferred through hubs are usually of a good quality, news spread by girls tend to mutate during transmission & original content quality degrade severely after few transmissions.

One guy thought he could trick me & infect my pc through sending me a link to a website that downloads malware to your computer.
I bet he regrets that now.

1. Website reported to Google & Firefox “Web Forgery Team”.
2. Website reported to “McAfee site advisor”
3. Virus sample sent & Antivirus vendors informed of the threat:

• Avira
• Avast
• Bitdefender
• AVG
• F-Prot
• Aladdin
• Symantec (Norton)
• NOD32
• Clamav
• eTrust
• GData
• F-Secure
• And others through sharing submitted samples.

Note: Samples sent to AV vendors that couldn’t identify the threat.

Results: website has been blocked, more AV engines can recognize the threat.
Muhaha nice try!

The guy probably didn’t know I’m a Linux guy, otherwise he wouldn’t have sent it in the 1st place.

A friend told me that I have to write about my feelings & impressions after switching to fully legal.
My iPOD only contains legal music now, my computer still have some tracks here & there that I didn’t have time to remove, but I’m not listening to any pirated stuff.
As for software, I do not use any pirated software. Though I might still have some installed on Windows here or there, lost track of them but I’ll be removing them as soon as I discover them.
This also goes for the videos, the thing is that I’m a bit messy when it comes to files, I got tens of folders here & there and on many hard drives & partitions, so it is a bit hard to keep track & remove them in time.

Am I missing anything?
Well, not really. I’m not addicted to certain series to begin with but I would probably have problem with music if I do not find what I want in tracks if you know what I mean.
iTunes is probably the best retail store when it comes to music, but Kuwait’s iTunes store sucks as I mentioned in an earlier post.
I’m currently relying on Amazon’s MP3 store to purchase all music tracks that I want. I’ve already got disappointed trying to find a certain track yesterday, the CD was available to purchase but nothing to download, though I have the CD (original), I wanted to gift a track to a friend, thought I’d get it original. Yeah yeah probably your thinking “this guy is nuts!”.
I’ll tell you to think of whatever you want, as long as I know I’m doing the right thing I don’t care!

It feels great to be living legal, knowing that you aren’t stealing others work. You also feel proud being different.

Long time ago, almost as long as we’ve been using computer, listening to music & watching movies, we’ve been using pirated software, listening to pirated music & watching pirated movies.

Why is that? Because no one told us it’s wrong and because all people around you used to copy music (casset days), share computer games on floppies or cds & when you go to buy a movie it’s most probably copied.

Well, time has come to change. Why the change?
It’s simply for religious, moral & ethical reasons.
Since all pirated stuff are essentially stolen, it all makes sense.
The bottom line here is, if you want it, buy it!

Some of people would go around in circles justifying the reason of them downloading music over the internet saying that a guy has purchased it & then distributed it.
If someone is actually making stealing easier for you, it doesn’t justify that you steal. The guy doesn’t own the music buy purchasing it, he can listen to it but cannot publish it.
People forget the fact that even soft copies such as software, music & videos are actually stuff you sell, just like a car except that the car cannot be duplicated freely. So you have to pay for another one in order to give it to a friend right? While a song is just copied.

Imagine two companies, a hardware & software vendors.
Both are making effort to manufacture & sell their products, yet the software would be loosing due to piracy, it is just not fair.

We can keep talking about the problem but the solution is to start by yourself.

I’ve been telling my friends that I’ve set a goal for myself, I’m getting rid of all pirated software, music & videos by 1st of January 2010.
I’m already using Linux with a lot of Free & OpenSouce software since 2007 so I don’t really have to worry about software much.
I’m not a fan of many series nor movies, but I like to own some stuff, so I do not have a big issue with movies either.
My main problem here is music, I’ve got an iPod but Kuwait’s iTunes store sucks! It doesn’t have any of the songs I want, it cannot even get the cover pages of the cd’s I’ve ripped.
I got about 35 CD’s didn’t get any of the album arts, not Arabic, not English, not even Yanni, one of the most known artists in New Age music.
I’ve come to know that Amazon has an MP3 store which I’m thinking to give it a try, currently I’m moving all pirated music files I own and which I really want to keep into a “to replace” directory, I won’t use any of the files but would either do a list of them or keep them there till I buy the original & delete the pirated file. A list looks better to be honest, cause the file might tempt you to click it. I think I’ll go with the list.

I must spend some good time on this, today is 31st Dec 2009, less than one day left. It’s not going to be easy, but everything begins with few steps.

Some friends are supportive, some against the idea & some is making fun of it, but hey! Legal is legal.
I believe what I’m doing is right no matter what justifications you give to “steal”.

I hope I’ll be posting some images of the CDs I’m getting rid of & posting the progress on the 1st of January 2010.

Till later…

Ok I’ll start by saying I almost freaked out I thought I’ve destroyed my blog. Yes I do not have much, but didn’t want to create one from scratch again.
I’ve just installed a plugin to support SSL admin logins, tried to login but failed. Started searching for a way to disable plugins without having to login, the solution was to delete the plugin files using an FTP access to the directories. Wonder what would ppl with Wordpress account would do if they got in similar trouble.

Anyways …

Has been sometime now, I’ve finally got a job, not what I want but better than nothing. I currently work at MEW “Ministry of Electricity & Water”. I work in Town DCC (Town District Control Center).
Basically, we monitor & control the electrical network of Kuwait city and other districts.
In Kuwait, there is the NCC “National Control Center” that’s the famous green tower next to the 5th ring road and four other DCCs. Jabriya DCC, Town DCC, Jahra DCC & Shuaiba DCC.

The latest version of the most popular Linux distribution “Ubuntu” & it’s derivatives version “9.10″ is only few days away.

To put one or more of the following countdowns on your website visit:

http://www.ubuntu.com/getubuntu/countdown

After over two months of going into some extreme stupid so called “laws” here in Kuwait, I got my license as well as my call sign for HF/VHF/UHF.

Call sign: 9K2FE

The problem with our ministries here that there aren’t written laws for many of the things & if existed they are so old & makes no sense at all!

For example, they refused to proceed with my license at MOC (Ministry of Communications) unless I bring them a radio device to include it on the license!

What country does that?! I mean when you are certified as an HF user, it doesn’t matter what device you use, it’s like requesting you to bring a car before you drive & you are stuck with that car as written on your license. Stupid aih?!

The people there are so ignorant that they cannot even read the specs of the device properly & won’t even bother to look online for it, they request a hard copy of the specs of the device you want … it can be easily edited & you can provide fake specs & get what you want & no one would know! Of course I wouldn’t do that for ethical reasons & it would also be lying.

You might be asking “get what you want”?? Ah yes, I forgot to tell you, though it is not officially written in papers, but people there say Airbands are not allowed, though one guy spoke to the minister of the MOC & he didn’t say no. Also, any device that has 6 meters band is not allowed into the country cause the military USED to use that band for it’s activities, they NO longer use it, but they are either lazy enough or afraid to change the rules. You are also restricted to 3 devices, you CANNOT have more than 3 licensed radios!

On the UHF the official range for region 1 is 430-440 MHz, in Kuwait for the Amateur service you are only allowed to use 435-438 MHZ not even enough for a proper repeater frequency separation. Yes I know the government have the right to use some of the frequencies but trust me, they have no idea what they are doing.

I mean … sigh .. check this out, now if someone dies, what should happen? His call sign is no longer reserved right? If some people did not renew there call signs they are no longer reserved right? Well, here you cannot even take a dead man’s call sign.

Almost everyone in the department there has his own rules, there are no fixed rules & every person you meet would tell you something completely different than the other, knowing that they are all in the same department not to mention in the same ministry.

The situation is bad here for Amateurs.

Till later, am just happy I got my license as well as radio finally!

My Radio & License

A question arises whether it is possible for me to apply sniffing tools & be able to spy on ummm, virtually anything (if you have the right tool) of any computer on the network.

Sometimes it might be used for security issues, parental control & maybe trust issues, everything has good & bad uses.

Our home network looks like this:

————————————————–

| (DSL Modem) ===> (Router) |

————————————————–

What I did is that I brought my computer, booted up pfSense Live CD (FreeBSD Firewall) & put it between the Modem & Router.

—————————————————————————-

| (DSL Modem) ===> (pfSense) ===> (Router) |

—————————————————————————-

I didn’t experiment a lot, but it looks like you have to add some add-ons like software to sniff IM messages and I didn’t see any packet analyzing tools.

I then booted the main OS on my computer instead of the firewall which is Linux Kubuntu 8.04, since I have two Ethernet ports, one for the WAN & the other for the LAN, I had to connect them together, the easiest way was to install a firewall to do that, though there supposed to be a simple command that can do it.

I started some packet analysing tools, but didn’t get so deep, I don’t really need to analyze all the packets from scratch, I needed specialised tools to analyse certain kinds of packets, something went wrong & I didn’t get Internet activity, so I returned everything back as before.

I decided to ignore the method if intercepting the packets by installing a hardware in between & started thinking of some hacking techniques, I started by reading a book I bought about more than 7 years ago when I was in high school, back then I didn’t understand most of what’s there, but now I really appreciate getting that book, it’s called “Anti-Hacker Toolkit”.

I called my cousin & invited him to share me the experience since he worked on BackTrack before which has many security tools. We started by trying to poison the ARP tables of the router but it failed, apparently it’s a problem with my laptop’s hardware, I tried with my netbook & it worked.

I basically lied to both the router & my cousin’s computer letting both think that my netbook is the other.

e.x: Router thinks my computer is my cousin’s & cousin’s computer thinks mine is the the router.

This way all traffic passes through me before it goes to the other side, the main problem we faced is that we had to forward the traffic, otherwise there would be no communication between the devices which is useless. With a simple command it was working.

I told him to open MSN & start chatting while I run an IM packet sniffer & I can read every message he sends & receives. One can also check the email a computer receives via POP3 & SMTP protocols, URL sniffing is also available, actually there is a program when activated & targeted to a victim, it would open your Netscape browser to whatever the victim is surfing, and as said in the book “Talk about an invasion of privacy!”

We tried other tools to try & spoof the DNS of a computer, for example hotmail.com, so when the target computer tries & requests this DNS it requests it form my own computer, doing this and with other proper tools would enable me to issue a false certificate or login session which is forwarded to the real DNS, that way I would be able to have his encrypted session details and know his login password.

It isn’t really hard to do that, it’s only a matter of having the knowledge & the right tools. I remember how much good info I gained when I took Cisco’s CCNA1 certificate, the very basics of any network & how networking works should be known to any REAL hacker (not a script kiddy!).

Spying on MSN chat

I want to thank Nosayba for this migration, though it is a sad story behind her migration & mine.

She lost her blog account on Blogger & migrated to WordPress & then advised me about it.

Thanks Nosayba & wish you the best with your new blog.