Category: porn for geeks

letsencrypt FreeBSD

screen-shot-2016-12-06-at-11-16-41

Hey Folks, I was way busy lately, and I missed out on my renewal period for letsencrypt, plus FreeBSD had some changes for letsencrypt, met with a few erros and thought it might help someone.

Note if you are using a Fresh new version of FreeBSD, then you are better off by just doing the following pkg install and skipping to the Run it! section.

pkg install py27-certbot

Ran the update the way I used to, and I started hitting an error:


sudo letsencrypt certonly --non-interactive --webroot -w /usr/local/www/hackersmu/hackers.mu/ -d www.hackers.mu -d hackers.mu --debug --agree-tos --email justAname@hackers.mu

Traceback (most recent call last):
File "/usr/local/bin/letsencrypt", line 5, in
from pkg_resources import load_entry_point
File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2927, in
@_call_aside
File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2913, in _call_aside
f(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2940, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 637, in _build_master
return cls._build_from_requirements(__requires__)
File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 650, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 829, in resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'parsedatetime<2.0' distribution was not found and is required by letsencrypt

short version: seems the port was renamed to py-certbot

So:

Get the package name and version of the previous package.


$ sudo pkg info |grep letsencrypt
py27-letsencrypt-0.4.1         Let's Encrypt client

 


$ sudo portmaster -o security/py-certbot py27-letsencrypt-0.4.1

at first it couldn’t find certbot, then I realized I need to update my ports directory,

sudo portsnap fetch update

….wait some time…
then relaunch the portmaster command as directed above.

Run it!

the rest is as simple as:

sudo certbot certonly --non-interactive --webroot -w /usr/local/www/hackersmu/hackers.mu/ -d www.hackers.mu -d hackers.mu --debug --agree-tos --email selven@hackers.mu

if you want this to run quietly and automatically for you, try

certbot renew --quiet

hackers.mu – operation S.A.D

Defimedia a fait une coverture mediatique sur l’evenement, http://defimedia.info/techno-les-hackers-mauriciens-ne-sont-pas-des-pirates-27618/ , mais voici un detailement complet sur les objectives accomplit lor de l’operation S.A.D par hackers.mu

Avinash_presentation_low_res
C’est quoi un Hackathon?

Un “Hackathon” dans le sens traditionnel est un événement  où les développeurs se regroupent pour travailler intensivement sur un ou plusieurs projets de développements des logiciels informatiques. Le terme fut utiliser pour la première fois de façon indépendante par les développeurs du système d’exploitation OpenBSD et l’équipe commercialisation de Sun.

 

C’est quoi Linux?

Linux et un système d’exploitation source libres largement utiliser a travers le monde dans de nombreuses industries, y compris par Facebook, Google, Microsoft, Amazon, les militaires,ou sur votre téléphone (et oui, Androïde, c’est du Linux). Linux, en lui même c’est le noyau, ou simplement, Linux c’est a dire, GNU/Linux est le nom de la distribution complète que nous connaissons.

presentation logan_low_res

Pourquoi un Hackathon Linux a l’île  Maurice?

Auparavant, l’île Maurice avaient des utilisateurs du système d’exploitation Linux, mais pas des développeurs qui contribuent de code pour faire fonctionner ou sécuriser le système ou composant de divers distribution de GNU/Linux. C’est pour cela que hackers.mu c’est lancer dans le création d’une équipe soudée qui fait des contribution de code source dans divers composant, y compris le noyaux du GNU/Linux en lui même.

 

Pourquoi est-ce que nous devons contribuer au système GNU/Linux?

A hackers.mu nous croyons au capacité intellectuel des jeunes développeurs ou il peuvent faire mieux que simplement être des utilisateurs, c’est bien d’utiliser, mais c’est mieux de comprendre comment c’est fait a l’intérieur, et apporter leur petit bout de contribution a ces systèmes qui sont un cadeau pour l’humanité. Tout le monde peut contribuer des codes a Linux, mais il faut une certaine discipline, et il faut bosser pour y arriver. Pour trouver des failles dans un système comme GNU/Linux ça prend du temps, et de l’expérience. Il faut  donc perseverer et bien connaitre la programmation.

founder_explaining_the_philosophy_behind_hackers_mu_low_res

C’est un peu dommage que, dans des discussions sur des  plate-forme internationale avec d’autres développeurs ou managers de grandes entreprises qui travaillent ou contribuent à open-source code, vous n’avez rien à dire en termes de contributions de votre pays (Maurice) dans un projet d’une telle ampleur.. C’est bien qu’il y a des groupes d’utilisateurs, mais concrètement, est ce nous voulons être ceux qui sont tout en bas de l’échelle tout le temp? L’île Maurice doit avoir sont empreinte dans ces systèmes source libres. Les Mauriciens n’ont rien a envier des developpeurs d’autre pays, ils faut simplement qu’ils se focalisent correctement et se lancent  dans ces projet d’envergure internationale.

 

Dune autre part, si j’ai une boite informatique en Europe ou en Amérique, et je vois qu’a Maurice il y a la compétence requise pour des projet source libres, c’est définitivement un plus pour Maurice, Les investisseurs viennent pour que le travail soit faite, une belle île est juste la cerise sur le gâteau. Pour cela il doivent pouvoir voir les compétence dans une façon ou ces codes sont utiliser en production, le source libres nous offres cette chance.

 

 

Hackers.mu, pourquoi hackers?

Les médias, surtout les films ont gâcher l’image du hacker. Un hacker n’est pas un pirate qui fait des choses illégales. Loin de la. Un hacker, c’est quelqu’un qui utilise sa créativité pour résoudre des problème concrets. Les hackers les plus connus sont, Vannevar Bush, Alan Turing, John von Neumann, J.C.R. Licklider, Doug Engelbart, Robert Noyce, Bill Gates, Steve Wozniak, Steve Jobs, Tim Berners-Lee, Larry Page, Linus Torvalds, Theo de Raadt et Elon Musk. Ils ont révolutionner le monde technologique avec leurs créativité et leur connaissance.

 

Les autre qui font plein de dégâts, et utilisent leur connaissance a des fins illégales sont plutôt des “cracker” (ou blackhat hacker), nous avons rien a voir avec c’est gens si, et sincèrement, c’est plus facile de détruire que de protéger un système. Nous avons une police stricte a hackers.mu ou nos membres doivent suivrent un code éthique extrêmement sévère. Nous ne jouons pas avec la sécurité des donner des gens. Les source libres est utiliser partout, et les codes sont auditer par des milliers de codeurs a travers le monde entier, une erreurs de notre part peuvent affecter notre réputation a tout jamais, L’éthique est très important.

question_and_answers_low_res

Que s’est il passer pendant le Hackathon?

Nous avons limité l’entrée aux seuls développeurs qui avaient déjà une certaine forme d’expérience et ont déjà contribué en termes de code à des projet source libre. Le hackathon a duré 2 jours, nous ne disposons pas vraiment le temps d’enseigner aux gens comment coder ou trouver des vulnérabilités dans un tel lapse de temps, vous êtes attendus à juste venir, commencer à coder et se sentir bien quand les choses fonctionne.

 

 

Distribution Composant Hacker
NTP ( network time protocol ) Loganaden Velvindron
Ubuntu Nagios plugins Pirabarlen Cheenaramen
Fedora Linux Fetchmail Codarren Velvindron
Fedora Linux Monit Codarren Velvindron
Fedora Linux Nagios plugins Codarren Velvindron
Fedora Linux Imap Filter Codarren Velvindron
OpenSuSE Monit Nitin  J Mutkawoa
OpenSuSE Squid Nitin  J Mutkawoa
OpenSuSE Nagios Nitin  J Mutkawoa
OpenSuSE ImapFilter Nitin  J Mutkawoa
Debian Monitoring plugins Anoop Seeburuth
Ubuntu Monit Akhil Maulloo
Debian Monit Yash Paupiah

 

Les sources peuvent être vérifier sur ces page:
https://code.launchpad.net/~pirabarlen-cheenaramen/ubuntu/wily/nagios-plugins/crypto-fix

https://fedoraproject.org/wiki/Hackathon_Mauritius_-_Operation_SAD

https://en.opensuse.org/openSUSE_talk:HackathonMauritius

http://homeunix.nl/newsportal/article.php?id=1426743&group=linux.debian.bugs.dist#1426743

https://code.launchpad.net/~akhil011/ubuntu/wily/monit/crypto_fix

https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1417334.html

 

L’île Maurice a contribuer a peut près 250 lignes de codes dans ces divers projets de source libres, juste en deux journée de hackathon organiser par le group hackers.mu, c’est une premiere pour Maurice.

 

Failles découvert dans un composant d’un produit Cisco.

Loganaden Velvindron Co fondateur de hackers.mu a aussi découvert une faille de façon indépendante dans un produit CISCO, failles qui a même le nom d’un CVE (toutes les failles informatique ont une code), CVE-2016-1550. Loganaden a D’ailleur passer plein d’heure a peaufiner la disciplines des participant du hackathon pour garder la qualité des codes. Notons que ce dernier a d’ailleurs reçus la ‘google security awards’ a plusieurs reprises. Ce composant est non seulement utilise dans les appareils CISCO: On le retrouve chez les autres tels que Apple, Juniper, et autres.
http://www.talosintel.com/reports/TALOS-2016-0084/

La presentation?

Le 30 Avril, 2016, nous avons présenté les résultats du hackathon au Flying Dodo  à Bagatelle. Avinash Meetoo qui est un des utilisateurs expérimentés de Linux parlé de la façon hackers.mu veulent inciter les jeunes à apprendre à coder et à penser au-delà des concepts qu’ils apprennent à l’école ou à l’université. ils doivent être équipés pour faire face à l’évolution rapide de la technologie et  developé leur créativité qui à son tour leur permettra de créer leurs propres “start-ups”.

 

Avinash Meetoo qui a beaucoup d’expérience avec l’open source est maintenant membre honoraire de Hackers.mu ainsi que le directeur de Knowledge 7. La foule a été totalement hypnotisé par son discours et par l’analogie qu’il a fait entre un hacker et un artiste.

 

Pirabarlen, fondateur de hackers.mu parlé sur la façon dont les jeunes en Europe sont plus confiants et peuvent fonder startups du jour au lendemain. il suffit  d’apprendre et d’être discipliné. Il a également expliqué pourquoi, les conditions d’entrée a hackers.mu sont très strictes et dures. Nous aimons travailler avec d’autres hackers, mais si nous prenons de nouveaux membres et nous ne sommes pas stricte sur la qualité de leurs codes, nous ne sommes pas entrain de les inspirer en aucune façon.


Officialiser les nouveau membre

officialising yash_tshirt_gift_low_res

Une petite cérémonie de distribution de t-shirt a eu lieu pour officialiser les deux nouveaux du groupe, notamment, Akhil et Yash.

 

 

 

 

Rejoignez nous!

Hackers.mu veut absolument faire plus pour la communauté des hackers à l’Ile Maurice. Nous voulons créer une culture où les jeunes sont curieux et veulent en savoir plus en détail sur les différents aspects des systèmes informatiques. Nous voulons que les gens contribuent davantage à l’open source. L’androïde, Linux, IoT, et d’autres composants qui dépendent de ce genre de contribution des programmeurs passionnés du monde entier. Les gens ont tendance à utiliser des logiciels source libres et certains prennent tout cela pour acquis, mais ces logiciels doivent être écrits par des gens, ces gens, généralement des programmeurs passionnés. Les membres de hackers.mu sont parmi ces personnes. Nous devons tous contribuer un peu. 🙂  Les Mauriciens peuvent le faire, nous sommes la preuve que c’est possible. Akhil et Yash vient de terminer leur etude secondaire, et ils l’ont fait, vous pouvez le faire aussi. Nous sommes une petite île, nous devons améliorer nos compétences, pour donner naissance au prochain Facebook, WhatsApp ou google. Nous devons cesser de penser qu’un job de 9 à 5  est satisfaisant. Nous valons plus que cela!


nitinmutkawoa

 

 

 

 

 

university_first_year_students_asking_for_more_info_low_res question_and_answers_low_res qa inspire_them_low_res

 

 

 

 

 

 

 

 

 

 

 

beerandlunch

 

 

 

 

 

 

Nous avons terminer le tout avec plein de bierres!


 

Nos Sponsors

Cette hackathon a été sponsorisé par ISVTEC, une Société spécialiser dans l’infogérance. Certains prefere rester dans lannonymat, nous leurs remercions aussi.

 

Notre équipe de marketing et de graphiste qui nous ont aidé pour ce hackathon:

Event planner: Ashvina Gangoo
Graphic designer: Avi Keerodhur
Social Media coordinator: Duksh Koonjoobeeharry

🙂 Milles excuse pour mon Francais!

The hackers.mu project

image

 

This is a quick and short intro to the hackers.mu project.

Got invited to participate in something big to get some programers to hang out together and participate in helping in various opensource projects. While we do try to focus on the security aspects of things, we dont just restrict ourselves to just that. Its first of all something that we do for fun.

 

With the amount of privacy concerns in mauritius, and how slow the legal system in mauritius is, it is a must for people to secure themselves and keep their private information… Well private!

 

The great thing about it is we have some nice sponsors who spoils us at times and we get to have some fun at the same time. Nothing is asked in return. We just get to do stuffs we like.

 

considering how am already in love woth my job, 🙂 this now makes things even nicer.

 

The key element is ofcourse passion and the curiousity to push things further.

 

Its crazy how the rankings for hackers.mu went up lately, there were even some wannabes who tried to claim they were members also 🙂 , while some sulk at why they are not a member and will not understand the pun behind the 90s look of the website.

 

There is http://logan.hackers.mu who is a major player in hackers.mu, he did some quite interesting work lately, plus with his current committing pattern, one might think this guy doesnt sleep!

There is also nitin.hackers.mu of tunnelix.com who is doing some fine work and has a patch contributed already. 

Other members include anoop and a few others who just prefer to lurk in the dark and just do their stuffs silently and stealthily.

 

🙂 we consider ourselves as a team of professionals with an interesting hobby and quest to empower people in Mauritius in terms of not just privacy and security, put as a hope to inspire all those coders accross the island who is fed up of the usual bullshit of funny attention seeking charlatans.

 

The key element to be invited seems  to be passion, sense of humor, hacking (well you need to code and be able to take on a mission, learn quick and jump in the code) and humility (its fair to be a jerk to incompetent arrogant braggers though 🙂 lol their reaction are always worth it!)!

 

I guess I have said enough of the good things happening. Lets hope the various Christmas gifts in forms of patches that some members have been busy hacking for you on  Christmas makes you happy and feel more secure.

 

(note there may be typos :p it is 6:45 am currently, but i just realized i was receiving some nice traffic, thought i’d write this up).

 

and yea am at selven.hackers.mu also!

 

Ps. Keep on contributing to the various projects 🙂 who knows you might get an invite for the cool ride soon with an invite to join us :).

 

funny quote of the day:  reverse(trim(“shit”, “t”));

hackers.mu using “Let’s Encrypt”!

letsencrypt

 

 

 

Following an article written by Logan about Let’s Encrypt, I decided to embark on the journey to try out Let’s Encrypt.

Surprisingly, that was pretty easy to get to work on our FreeBSD machine, and as you can check, https://hackers.mu is successfully verified by Let’s Encrypt, and seems to be working nicely.

 

Hmm, seems like we are the first ones in Mauritius to be using it! Cheers Logan, beer on this.

awesome!

 

Here’s an example a friend tried to check on his side (user sent screenshots),

12243795_10154398551444741_1174337592_n 12242330_10154398551424741_1054219415_n 12244137_10154398551374741_1838922731_n 12231326_10154398531664741_1972642516_n12231210_10154398556934741_2038910962_n 12233459_10154398556799741_1652574398_n

 

 

 

 

 

 

 

 

Tada, this looks awesome! thegodof.net shall be migrated in due time, let hackers.mu be our beta for now.

ps. You may have to accept the certificate as on some older browsers, Let’s Encrypt is not a recognized as an official certificate authority.

pps. SSLlabs gives us a grade B, since Let’s Encrypt is currently in beta. Graded A+ now 🙂

update 2016:

After expiry of the certificate, it was suprisingly easy to update the certificates and getting up and running, it was as simple as doing”
./letsencrypt-auto certonly --non-interactive --webroot -w /path/to/your/web/directory/ -d www.hackers.mu --debug

That was it, then I just linked the certs from my webserver, and tada!

Graylog Message in/out throughput

Graylog is a very interesting tool, which if you are administering really huge systems, is worth to have.

But sometimes we may want some of it data programatically, while graylog is awesome and has an awesome REST API and has nice documentation, recently, I wanted to know if there was a mean to get the message in/out throughput that usually appears on its dashboard, it was crazy, its something that’s supposed to be easy, since we basically have ALL information via its API.

 

So this is what I was looking for:

Screen Shot 2015-10-12 at 14.20.21

 

After not finding anything, I decided to dig around myself, hohohoho, found that lil bugger, and thanks to the awesomeness of jq, we can find it quick, e.g

 

curl -s 'http://user:pass@gray.log.com:12900/system/metrics/' |jq '.gauges|.["org.graylog2.throughput.input.1-sec-rate"].value'
4000
curl -s 'http://user:pass@gray.log.com:12900/system/metrics/' |jq '.gauges|.["org.graylog2.throughput.output.1-sec-rate"].value'
3905

Cool, end of story.

Jenkins Git hub Pull request plugin issues

Seems at times if you are grepping a lot of these in your log messages

(Symptoms could be that jenkins is not processing your pull requests not is it displaying anything on your github)

SEVERE: Helper is null and Project is not disabled, unable to run trigger

Well it seems, if such a thing happens, ensuring that you have your Github project properly defined in your jenkins configuration is the issue. If it is not properly defined, then you will be getting this (e.g if it is blank).

 

 

What if you keep getting the issue despite changing it??

That’ll probably be because you are a moron, 😀 you should restart jenkins (restart safely) once you did any of those changes.

jq

jqWhat is jq?

jq can transform JSON in various ways, by selecting, iterating, reducing and otherwise mangling JSON documents.

 

Basically, jq is your sed for json :D.

 

Can be found at https://stedolan.github.io/jq/

 

I randomly discovered jq recently and it seems to be quite the program I hoped it would be, in terms of helping me with json.

Ok, enough of the humanly talks, let’s get do something practical.

[note, I was in a rush so geshi is a bit screwed up, I selected most of these source as python instead of json or bash, bear with me :p]

Suppose i have a json file called output.json:

 

s3lv3n-mc-burger:jqtest selven$ cat output.json 
{"total":4,"notifications":[{"severity":"urgent","details":{"indices":69,"index_ranges":68},"type":"index_ranges_recalculation","timestamp":"2015-09-25T07:50:30.357Z","node_id":"testnode"},{"severity":"normal","type":"es_cluster_green","timestamp":"2015-09-25T06:45:01.933Z","node_id":"testnode"},{"severity":"urgent","type":"journal_uncommitted_messages_deleted","timestamp":"2015-09-24T16:28:29.122Z","node_id":"testnode"},{"severity":"urgent","details":{"journal_utilization_percentage":96.0},"type":"journal_utilization_too_high","timestamp":"2015-09-24T16:26:04.121Z","node_id":"testnode"}]}

 

s3lv3n-mc-burger:jqtest selven$ cat output.json | jq .
{
"total": 4,
"notifications": [
{
"severity": "urgent",
"details": {
"indices": 69,
"index_ranges": 68
},
"type": "index_ranges_recalculation",
"timestamp": "2015-09-25T07:50:30.357Z",
"node_id": "testnode"
},
{
"severity": "normal",
"type": "es_cluster_green",
"timestamp": "2015-09-25T06:45:01.933Z",
"node_id": "testnode"
},
{
"severity": "urgent",
"type": "journal_uncommitted_messages_deleted",
"timestamp": "2015-09-24T16:28:29.122Z",
"node_id": "testnode"
},
{
"severity": "urgent",
"details": {
"journal_utilization_percentage": 96
},
"type": "journal_utilization_too_high",
"timestamp": "2015-09-24T16:26:04.121Z",
"node_id": "testnode"
}
]
}

🙂 Yup, you now have a prettified JSON output, but hey, you are not here just for that.

 

How many notifications do i have in that JSON

s3lv3n-mc-burger:jqtest selven$ cat output.json | jq .total
4

 

awesome!

How about the contents of notifications?

s3lv3n-mc-burger:jqtest selven$ cat output.json | jq '.notifications '
[
  {
    "severity": "urgent",
    "details": {
      "indices": 69,
      "index_ranges": 68
    },
    "type": "index_ranges_recalculation",
    "timestamp": "2015-09-25T07:50:30.357Z",
    "node_id": "testnode"
  },
  {
    "severity": "green",
    "type": "es_cluster_green",
    "timestamp": "2015-09-25T06:45:01.933Z",
    "node_id": "testnode"
  },
  {
    "severity": "urgent",
    "type": "journal_uncommitted_messages_deleted",
    "timestamp": "2015-09-24T16:28:29.122Z",
    "node_id": "testnode"
  },
  {
    "severity": "urgent",
    "details": {
      "journal_utilization_percentage": 96
    },
    "type": "journal_utilization_too_high",
    "timestamp": "2015-09-24T16:26:04.121Z",
    "node_id": "testnode"
  }
]

 

Now what if we want to get only notifications which are urgent?

s3lv3n-mc-burger:jqtest selven$ cat output.json | jq '.notifications| .[]|select(.severity == "urgent")'
{
  "severity": "urgent",
  "details": {
    "indices": 69,
    "index_ranges": 68
  },
  "type": "index_ranges_recalculation",
  "timestamp": "2015-09-25T07:50:30.357Z",
  "node_id": "testnode"
}
{
  "severity": "urgent",
  "type": "journal_uncommitted_messages_deleted",
  "timestamp": "2015-09-24T16:28:29.122Z",
  "node_id": "testnode"
}
{
  "severity": "urgent",
  "details": {
    "journal_utilization_percentage": 96
  },
  "type": "journal_utilization_too_high",
  "timestamp": "2015-09-24T16:26:04.121Z",
  "node_id": "testnode"
}

 

Let’s access them with indexes

s3lv3n-mc-burger:jqtest selven$ cat output.json | jq '.notifications| .[0]'
{
  "severity": "urgent",
  "details": {
    "indices": 69,
    "index_ranges": 68
  },
  "type": "index_ranges_recalculation",
  "timestamp": "2015-09-25T07:50:30.357Z",
  "node_id": "testnode"
}
s3lv3n-mc-burger:jqtest selven$ cat output.json | jq '.notifications| .[1]'
{
  "severity": "green",
  "type": "es_cluster_green",
  "timestamp": "2015-09-25T06:45:01.933Z",
  "node_id": "testnode"
}
s3lv3n-mc-burger:jqtest selven$ cat output.json | jq '.notifications| .[2]'
{
  "severity": "urgent",
  "type": "journal_uncommitted_messages_deleted",
  "timestamp": "2015-09-24T16:28:29.122Z",
  "node_id": "testnode"
}
s3lv3n-mc-burger:jqtest selven$ cat output.json | jq '.notifications| .[4]'
null
s3lv3n-mc-burger:jqtest selven$ cat output.json | jq '.notifications| .[3]'
{
  "severity": "urgent",
  "details": {
    "journal_utilization_percentage": 96
  },
  "type": "journal_utilization_too_high",
  "timestamp": "2015-09-24T16:26:04.121Z",
  "node_id": "testnode"
}

 

How about getting the journal utilization percentage from the third notification?

 

s3lv3n-mc-burger:jqtest selven$ cat output.json | jq '.notifications| .[3].details.journal_utilization_percentage'
96

 

Note that the above can also be done this way

cat output.json | jq '.notifications[3].details.journal_utilization_percentage'

 

 

 

And here we end it with a beautiful one liner:

s3lv3n-mc-burger:jqtest selven$ all_json=`cat output.json` &amp;&amp; notifs=`echo $all_json| jq .total` &amp;&amp; urgencies=`echo $all_json | jq '.notifications | .[]| select(.severity == "urgent")| .type'`; if  [ $? -eq 0 ]; then clear; echo "Number of notification: $notifs"; echo " With pressing matters as follows: "; echo $urgencies; fi

 

Output is:

Number of notification: 4
With pressing matters as follows:
“index_ranges_recalculation” “journal_uncommitted_messages_deleted” “journal_utilization_too_high”

 

If you want to get only the keys

 

s3lv3n-mc-burger:jqtest selven$ cat output.json| jq 'keys'

Now isn’t that awesome 😀

Note that I have written this in 15 minutes, I just decided to learn jq without the tutorial, and was too much in a hurry to start firing up with jq :p.

 

Special Characters can fuck your jq filter

s3lv3n-mc-burger:jq selven$ cat test
{
"SyIf43UmQI6xC-bibitBgVkQ": {
        "valuea": 12,
        "valueb": 13
    },
"blah": 14,
"withoutminus": {
        "valuec": 15, 
        "valued": 16
    }
}
s3lv3n-mc-burger:jq selven$ cat test|jq '.SyIf43UmQI6xC-bibitBgVkQ'
jq: error: eCuBgVkQ/0 is not defined at , line 1:
.SyIf43UmQI6xC-bibitBgVkQ               
jq: 1 compile error
s3lv3n-mc-burger:jq selven$ var="SyIf43UmQI6xC-bibitBgVkQ";cat test|jq '.["'$var'"]'
{
  "valuea": 12,
  "valueb": 13
}
 
s3lv3n-mc-burger:jq selven$ Holy shit it works!

 

Happy jq discovery. There are several better ways to do the above, I have just :p been brutal above.

 

The great ask.com debate

Warning: This article in no way was meant as a form of flame, I just wanted to clarify what seems to be going on in the Mauritian blogosphere, I usually do not do that as I have better things to do. Also, if someone is telling you that this article is crap, please ensure that the person saying so, does know how to code properly and can read a stack trace or debug a live application.

Quick solution to remove it (if you want): Install MalwareBytes and do a Scan.

Lately among the Mauritians, there seems to be a wild confusion going on about ask.com’s toolbar and other related apps. Most probably fuelled by logan’s article showing a higher than expected network traffic from Mauritius to ask.com.  Following which Ish decided to write an article claiming that ask.com’s toolbar isn’t malicious, though the article.

http://logan.hackers.mu/2015/06/top-websites-visited-by-Mauritius-and-the-compromised-cyberisland
http://logan.hackers.mu/2015/06/top-websites-visited-by-Mauritius-and-the-compromised-cyberisland

So it seems a lot of people are absolutely confused about which is which?

From logan’s article one can deduce that there is a higher traffic to ask.com than normal, well, I guess you will all agree with me (except if i have hurt your ego in the past with my sheer arrogance or told you in the face that you are stupid), that the average Mauritian computer users are not really interested in ask.com or toolbar, most of them do not have a clue what this is!

 

To those who wants stats on this, I would advise you to get a log of requests going to ask.com, trace it back to the users of these machines, and just check out with an nmap what these users are running, you may even want to go to people’s machine and have a look inside, a lot of people also do complain that their “google” doesn’t sound like “google”.

 

 

Now we shouldn’t forget the number of people online also who are definitely not happy about having ask.com’s toolbar on their machine, and the number of articles that have been written claiming that ask.com’s toolbar’s activity is similar to a malware. Even on wikipedia there is an entry about ask.com’s dubious application.

e.g:

https://en.wikipedia.org/wiki/Ask.com
https://en.wikipedia.org/wiki/Ask.com

There’s an entry even on howtogeek

http://www.howtogeek.com/138516/the-shameful-saga-of-uninstalling-the-terrible-ask-toolbar/
http://www.howtogeek.com/138516/the-shameful-saga-of-uninstalling-the-terrible-ask-toolbar/

 

 

Even Microsoft decided that the previous versions of ask.com’s toolbar was malware! See this pcworld article,

pcworld

 

 

Now, let’s stop at the search article and post it here, instead let’s get down and dirty with some facts,  when we see the analysis done by Ish, which is not so bad considering he did do the effort of checking the current binary on virustotal, but it seems there’s a big item that is missing,

He analysed the wrong file!

 

When we are talking about the Alexa’s webstats, those thousands of Mauritians who are already “infected” by this unwanted application, they have already been infected by the previous versions of ask.com’s toolbar! So analysing a latest release that have been whitelisted to claim that it is fine is simply trying to turn a blind eye to the problem! Because the big elephant in the room is still, “Those thousands of Mauritians doing requests to ask.com most probably never wanted ask.com on their machine

Just use some common sense here, Do you truly want ask.com’s toolbar in your browser?

Again, there might be legit cases where someone would want ask.com’s toolbar on their machine, but the fact is that most people don’t care and don’t know! They just complain their internet is acting weird!

The fishy details?

Well ish posted a virustotal link, notice that in virus total itself, the behavioural information state that there is a read performed in autoexec.bat and it can do calls to DeviceIOcontrol.
This means:
—The autoexec.bat file usually contains contents you want to start up when your system starts up.

—Microsoft’s DeviceIOControl is defined as “Sends a control code directly to a specified device driver, causing the corresponding device to perform the corresponding operation”.

I haven’t mentioned the various files that this toolbar drops in your system also.

Method of proceeding

This ask.com’s toolbar used/in some cases still does add itself as a default option in some installations and install itself usually without your consent (atleast you are given the option to not install it, but the general users will not see it, as most people tend to do next next next :p).

So what do we know yet?

— For a certainty this toolbar is (the previous version and the new ones) reads information that a toolbar generally shouldn’t be reading.

— For certainty we know most Mauritians did not install this because they wanted it! (By logical inference)

— For certainty, we know that it routes users searches to ask.com, those non suspecting users are unknowingly sending their search terms to ask.com without having been asked clearly that its going to do that (notice clearly is something when it comes to the casual computer user, clearly means a very clear explanation when it comes to a simple non frequent computer user.).

— It has the ability to talk to devices, why does a toolbar even need this???

Conclusion?
It so far has not been doing a Virus like activity on people’s Machine, but it definitely do a lot of UNWANTED activities on users’ machine. But it has been acting a lot like a spyware (all versions) and a malware (most previous versions).

It has been carefully crafted to act in that shady grey area, and after its recent classification as malware by microsoft, it did change its ways to become a bit cleaner. There are enough information online!

My views about this?
Personally, I wouldn’t want this to be on my machine, If you are into computer security and you tell me that ask.com toolbar [old and new] is a good thing to have on your machine, Then I understand from this that you understand the implications behind, and what ask.com’s toolbar is actually doing in the background.

Who am I?

Am Selven, an ordinary guy with some common sense who did work with a few security companies in the past.
I’ve been studying viruses since around 1999, because its a fun thing to do!

Note that I don’t have comments on for now, because I don’t really care about your opinions, am just posting facts, with links you can verify, if you don’t believe this post, I don’t really care, it is after all your machine, you are free to do whatever you want with it, I don’t want to mingle with pertinently stupid questions when you have all the informations here to go and look it up.

Final note: In no way am saying Ish’s analysis is wrong, I just mean, he analysed the wrong file when Alexia clearly shows this network traffic to ask.com has been going on for some years now. Am also telling users to please always verify informations whenever they read something online.

So after all this written down, I ask you directly (and i don’t want to know the answer, keep it in your head),

Do you really want to have an ask.com toolbar installed, reading files and talking to devices on your machines without your consent?

Its up to you, though, if you do that, either you have a very good reason behind, or you really don’t care about privacy or security.

Update: I might enable comments later on, someone mentioned that this could be fun 😀
Update2: Yasir, thx for typo correction
update 3: Some people seems to want confirmation that Microsoft did indeed block the previous versions. As to why the page was removed, 🙂 is a great question i’d like to know also. But hey, this not for this debate, this is something else.

askdotcomshot

askdotcom2askdotcom3askdotcom4askdotcom5askdotcom6further read: http://blogs.technet.com/b/mmpc/archive/2014/12/11/a-timeline-of-consent-and-control.aspx

New facebook infection trending?

Hi all it seems a lot of you have started to get infected on facebook, infected people starts by sending people on their friendlist a link on which there’s a nice pic of a video with a lady with a cute cleavage, see image:

Screenshot from 2015-06-24 17:05:36
nice cleavage by the way 😀

 

When you click on the link, you shall get an “update” being downloado n your machine, dependingo n your browser, it will be e.g Google Update 4.exe which gets downloaded and tries to infect your machine, Ofcourse, for the Gods like me such method of trying to infect me is futile and makes me laugh, but hey, a lot of you seems to be infected with that, here for example, my friend kenny  got infected:

kenny

 

This file being downloaded is detected by some Antiviruses but goes undetected by others, e.g AVG, Fprot, Microsoft, Sophos etc do not detect it.

 

writes to these files:
C:\7b6e9c8188250160728283990137717993165dc1ac395ba22e42acc516fd4739
C:\WINDOWS\system32.exe
C:\Documents and Settings\<USER>\Start Menu\Programs\Startup\Service Manager.exe

This little piece of shit is pretty wise, it tries to see if you are debugging it, if you are it tries to bring you to another routing, it uses DeviceIoControl to talk to device drivers (reminds me of the ask.com installer which shows simillar abilities)

It then harvest various informations via these:

  • http://whos.amung.us/swidget/nexusexem
  • http://us1.science/read/ini.php
  • http://us1.science/read/conf.php

So if you were a really horrible hax0r who wanted to be leet, you would deface that box :D.

Note, a interesting thing to do would be to run this on a vm, then wireshark/tcpdump GETs that are sent to those links 😀 .. would be a good starting point to start giving whoever wrote this application wrong result, a bit like hacking the hacker :p. Though in no way this guy is a hacker 😀
Yes you can get more when digging into that, e.g have a look at https://m2-crush.com/234g/ca.php and https://us1.science/ALL.js

 

Ohh well there’s lots of interesting stuffs on that server, boring hax0r, but i need to pee, can’t hold for long, gtg!

 

 

 

Oh yes, I almost forgot, how to clean up?

you can allways do a housecall: http://housecall.antivirus.com, run the online virus scan from there.

Wrote this pretty quickly, didn’t have time to check my english.

Sincerely,

The Eldergod!

Implications of Free Facebook in Mauritius

freefb

I usually wouldn’t be posting such stuffs, but I just wanted to be spoil the party. 😀 For fun.

Apparently, orange is going to give out free Facebook access to its subscribers from June the 1st.

The rules are apparently:

  • Uploading pictures will costs.
  • Accessing it via mobile is free, I suppose its m.facebook.com.
  • Minimum amount of credit should on phone [Rs.6 i heard, am not sure].

 

So, technically, orange is saying, they are offering, a free route to send traffic from Mauritius to Out in the big internet for free?

 

Questions:

  • How do they know it is pictures that you are uploading? If it is by data size, then sending your picture into multiple chunks and getting it rebuilt and reposted somewhere is valid?
  • One can mimic an exact fb conversation if they use wireshark, so why can’t they send anything by mimicking it?

 

Crazy scenario:

  • Suppose I have two facebook accounts; I have one account on a local machine in Mauritius, one in England.
  • On the local machine, I add a layer that encodes ssh traffic into facebook messages, mimicking a message, which i send to the other second account in England.
  • Then in England, my second account which is running on a BSD machine, I parse out the facebook messages received, it would be ssh packets when decoded obviously, then pass this on to the ssh server there.

 

Crazier implications:

  • That would mean i could transfer any data from Mauritius to England, for free, when truly it isn’t something free.
  • It will probably be a very latent connection, but it will work but be slow and might experience timeouts.

 

Does this means that they gave us free internet without knowing it?

How do they differentiate between legit packets and non legit ones?

Infact, a less secure alternative would be to just skip off the ssh and do direct translation

 

So many questions :).

+$3|v3n