Facebook friend requests – Fake or Real ?

Fake profiles are raining over the Internet especially when it comes to Facebook social media. Since days, I’m receiving so many friend requests. Common, a guy receiving more than 230 friend requests !! I wonder if it’s because of the hackers.mu worldwide popularity symptoms ! Or the haters are going wild against me with this “Facebook Friend request spam mechanism”. LOL!

 

Whilst some may be genuine and others fake, it is very difficult to manage all these friend requests which consumes much time. It’s probably one of the reason I moved to Twitter and create my own Facebook page – Tunnelix.com. So, give a try and click on the like button on my Facebook page. You can still message me on my page as it is much more under my control. I’m also on Linkedin where you can easily connect with me.

So many Facebook friend requests..

Common!! How do i manage all these friend requests ?
Common!! How do I manage all these friend requests ?

However, I have gone through some profiles which is kinda weird. For example, let’s take a look at this friend request from one “Caroline Jane” who is apparently from New York and lives in United Kingdom. She is single too ^^.

 

Use images.google.com

I went on images.google.com and uploaded her profile picture there and made a search by image.

According to this simple research, she is a porn actress and her name is in fact Alina Li.

Now, you can use the same tool to check if your profile picture has been stolen and used in another profile picture. Share your comments if you have any ideas how to prevent Facebook friend requests flooding.


Operation JASK – Just a Single Keystroke

Apart from the IETF hackathons, the hackers.mu team also focused on internal hackathon either remotely or on-site participation. Another remote hackathon was already in progress since Saturday the 16th of June 2018. It was named Operation JASK – Just a Single Keystroke. Announced publicly on Sunday the 17th of June 2018 after noticing that several Crypto currency mining tools were vulnerable to CVE-2018-12356. By the time, many members of the team were already mobilised even if it was a public holiday in Mauritius. The operation was named JASK – Just a Single Keystroke as the security issues is concerned with the hardening of a regular expression, in particular requiring [GNUPG:] to be at the beginning of a line (^\[GNUPG:\]). We had to fire a single keystroke at the right place to fix a single vulnerability.

Marcus Brinkmann, who is a free software activist explained “An issue was discovered in password-store.sh in pass in Simple Password Store 1.7 through 1.7.1. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extensions scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution.” 

However, simple the patch is, the attack aimed GnuPG signature verification process which is specific to pass the Simple Password Store. It can give the attacker access to passwords and remote code execution. On theRegister.co.uk – Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug, Loganaden Velvindron core member of the hackers.mu explained “It’s hard to identify just how many downstream projects inherit a vulnerability like the one Brinkmann spotted, but the number of problem projects will likely be non-trivial because the GnuPG cryptography suite has applications beyond e-mail protection.”

The hackers.mu usual suspects during Operation JASK hackathon are: Kifah Meeran, Loganaden Velvindron, Rahul Golam, Muzaffar Auhammud, Nigel Yong and myself (Nitin J Mutkawoa) all members from the hackers.mu. Some of the projects are Bitcoin, Litecoin, Dash, Bitcoin Gold, Monacoin, Binarium, Terracoin, SmartCash and many other crypto currency projects.

Hackers.mu is now looking forward for other hackathons. We are also inviting everyone to meet us at Flying Dodo Bagatelle conference room for the Security Disclosure Process event. Feel free to RSVP on meetup.com  and Facebook before attending.


Africa Internet Summit 2018 – Hackathon – Day 2 & 3

Back to blogging after some days, I still recalled the moments in Dakar, Senegal for the Africa Internet Summit. By the time, so many days already elapsed, many have already blogged about the event and more pictures raining on the social media. Our camera, tripod and laptops were all ready. In case, you have missed Day 0 and Day 1, feel free to click on the links.

On day 2, myself with Logan and Serge made a brief introduction of the Network Time Protocol. Serge explained about the TCPDump and Wireshark tools that we can use to understand NTP traffic. We also made some demo about the NTP packets exchange between the client and the server. The algorithm behind was made clear, brief and concise as without which the hacking part would be difficult. Participants chose their projects for the hackathon. Some registered themselves for the Network Programmability track and the Intelligent Transportation Systems Projects. At the end of the day 2 we were already convinced about the hackathon would be a success. Myself, Logan and Charles decided to have a beer at a nearby restaurant.

Day 3 was the moment where everyone looked forward to hack into the code. The team spirit was here. Everyone was helping each other in their ‘parcours’. For the NTP hackathon, more and more participants start joining the team. Additional chairs and tables were needed. The best idea was to form into groups and this is where things change for the good. Patches start raining. Several tests were also carried out to confirm the code was running.

At the end of the hackathon, each group went to present their project and achievements. Their presentation slides can be viewed on the AIS wiki.

Some interesting links:

  • More information about the NTP hackathon is already uploaded on the AIS wiki.
  • The meeting statistics and report can be viewed here.
  • There is also a blog coverage by Charles from CISCO.
  • Dawit Bekele speech at the African Internet Summit 2019.
  • Another Interesting article by Kevin Chege from Internet Society.

On the last day of the hackathon, Logan, Charles and myself made a video on the hackathon.

More and more pictures:

ef15ce44-a90c-4ad4-805d-ddcb48550c5e
IMG_3335
IMG_1080
52940f96-4084-45e9-a66a-f4e0b534581c
56146117-666f-4daa-80c3-799ddbd8d6f5
IMG_3332
IMG_3295
8f360295-2549-4c3f-8fe6-aa85b70122e0
a169c827-e81a-4baf-bbd8-117b42f728b3
a169c827-e81a-4baf-bbd8-117b42f728b3

A big thank to the organisers and sponsors for doing a great job. Also congratulations to the participants for stepping ahead in the hackathon. Looking forward to see you soon in the growth and security of Internet in Africa.


Africa Internet Summit 2018 – Getting ready for the Hackathon – Day 1

On day 1, I woke up early in the morning and went outside for a morning walk. Everyone in Senegal says Bonjour to each other, irrespective of being a stranger. The people of Dakar seem very polite and relaxed in nature. Whilst walking on the coastal road of Novotel, I admired the beauty of several massive Baobab trees. 

Baobab tree coastal road of Novotel
Baobab tree coastal road of Novotel

Back at the hotel, the breakfast was delicious with lots of fruits and cakes accompanied with juice. By the time, breakfast was over, it was already 0800 AM. I took a Panoramic view from the back of Novotel.

Panorama picture coastal road of Novotel
Panorama picture coastal road of Novotel

I had to get ready as I needed to travel from Novotel hotel to Radisson Blu where the hackathon preparation was going on. I met with Serge-Parfait GOMA instructor at the Hackathon together with Loganaden Velvindron from Afrinic. On Day 1, there were about 15 participants who already registered themselves. We had to prepare for the Hackathon as it needed to be carried out both in English and French.

From Left to Right : Logan, Nitin and Serge

Preparing for the Hackathon demands lots of time and trying to cover the maximum: from the basics until when the code need to be hacked. The project chosen was the NTP client. I created both slides in English and French.

Whilst I was preparing for the slides, Serge was busy setting up the Pidgin channel. We also tested the livestream. I brought a tripod for my Iphone 7 as it’s so easy for live YouTube video broadcast. We also checked out the hackathon room and carried out several tests. We were happy to be assisted by the guys from ISOC who were always there to help. We reviewed the code anew and discussed a little about the RFCs and Internet Drafts for that specific hackathon.

Time for dinner where I met fellows from Afrinic such as Duksh Koonjoobeeharry from Atlassian User group of Mauritius and Afrinic, Tamon Mookoom from Afrinic – That guy is an IPv6 ninja, Charles Eckel from CISCO who was also leading the hackathon on the network programmability track. I also met other persons from the ISOC team and Nishal Goburdhan a FreeBSD evangelist who gave me a FreeBSD sticker.

Panorama view at the cocktail event
Panorama view at the cocktail event
 
Screen Shot 2018-05-15 at 10.26.59 AM
Screen Shot 2018-05-15 at 10.27.26 AM
Screen Shot 2018-05-15 at 10.28.00 AM
Screen Shot 2018-05-15 at 10.27.39 AM
Screen Shot 2018-05-15 at 10.27.50 AM
Screen Shot 2018-05-15 at 10.27.14 AM

By the time, dinner was over, it was already late. I went to meet the ISOC and Afrinic guys who were still working hard to set up the hackathon room. I took a cab and headed directly to Novotel hotel.

In case you missed Day 0, do check the article here

Tunnelix.com is constantly retweeting the #AISdakar. It can be viewed here:


Africa Internet Summit 2018 – My first day in Dakar Senegal – Day 0

Dakar offers much to see and do, but my goal this trip lies elsewhere: facilitating the #AISdakar 2018 NTP – Network Time Protocol hackathon under the banner of hackers.mu which has been planned days back at Radisson blu hotel. Network Time Protocol (NTP) packets, as specified by RFC 5905 [RFC5905], carry a great deal of information about the state of the NTP daemon which transmitted them. In the case of mode 4 packets (responses sent from server to client), as well as in broadcast (mode 5) and symmetric peering modes (mode 1/2), most of this information is essential for accurate and reliable time synchronizaton. However, in mode 3 packets (requests sent from client to server), most of these fields serve no purpose. Server implementations never need to inspect them, and they can achieve nothing by doing so. Populating these fields with accurate information is harmful to privacy of clients because it allows a passive observer to fingerprint clients and track them as they move across networks.

The trip from Mauritius to Senegal was lengthy but at the same time, I got to discover parts of Africa: from South Africa to Kenya, hitting Ivory Coast before reaching Dakar, Senegal. During our transit in Johannesburg, Logan and I discussed several aspects of the AIS hackathon 2018 over two large pizzas and beers. One of the main goal is to maintain clear and precise billingual communication in English and French. Our next objective was to make sure that the required level should be reached for the hackathon.

I did not know that the plane will land at Ivory Coast before heading towards Dakar. Gazing out of the plane offered us unique breath taking and impressive views of infrastructures, panorama of the land and landscapes.

 

Disembarking at Dakar International Airport, I was received by the driver who works for a well reputed company – Prestige. Logan was received by an other company. Whilst travelling to the hotel, that guy was displaying curiosity and was inquisitive about computer repairs. I gave him some tips such as YouTube tutorials and some helpful links.

After landing, I headed directly to and checked in Novotel Hotel in Dakar where I checked in. I received a warm welcome staff members. Tired after long hours of travelling, a nap was very much needed before anything else. The view from the hotel room was magnificent with a swimming pool and beach nearside.

 

By the time I woke up, it was already late at about 21:00 hrs, I went to Radisson blu and met Kevin Chege and other delegates at the Gala Dinner. The atmosphere was friendly, welcoming and promising.

Tunnelix.com is constantly retweeting the #AISdakar. It can be viewed here:

 

 

 Next article coming up soon..