Category: Security

An introduction to Cryptography

Cryptography is an art of securing communication and data in the presence of adversaries by means of a cryptonium pipe. This definition is not limited to itself, it can be much more.

An introduction to Cryptography 1

To facilitate cryptography, a cryptosystem is built up. An encryption and decryption program is needed. So let’s say I have a plain text message (M) and to encrypt M, I will need an encryption key (Ke) to send to the encryption program (E). The outcome of the mechanism of the encryption program will be a Ciphertext (C).

The ciphertext will not travel on the internet by means of the cryptonium pipe. Now, imagine the ciphertext has been tampered with, the same ciphertext (C`) will now arrive at your destination. You will not use a decryption program by means of your decryption key (Kd) and you will receive your plain text message (M) or simply an error.

That error message indicated that C is not equal to C`. It is to be noted that the encryption and decryption program is public. Those two keys are exactly the same thing. The keys are called private or symmetric keys. Another issue is where is the Ke and Kd is not the same. This is called Public or asymmetric keys.

An interesting example in real life situation when Ke and Kd are used is in HTTPS.


cyberstorm.mu is promoting Signal

“Going further and beyond” –  That’s the motto of cyberstorm.mu. Indeed, there are many people everywhere calling themselves professionals where the fact is that they are merely wearing a mask showing off in the public. I would also claim that no one is perfect in the field of It and Security, however, acceptance of oneself and move on to another stage is the real goal.

photo credits: cyberstorm.mu
photo credits: cyberstorm.mu

What and why Signal? I posted an article yesterday to elaborate on the application. Well, cyberstorm.mu is not only promoting Signal but many free and open source security software such as Tor, Bitcoins and many others to liberate each and everyone from this sick society where governments are spying on your personal stuff. I made some research on Signal and conclude that this is indeed amazing!

With the help of Logan, member, and contributor of cyberstorm.mu, I made an audit of the Signal code and noticed that some improvements can be made on one of the libraries. A remote hacker can probe the memory and harvest the sensitive information.

The logic  – Data (an example could be cryptographic keys) in memory is not always needed because someone can look for ways to exploit the data. An analogy is that it’s like washing your keyboard after entering your password so that people cannot collect your fingerprints to steal it. In other words, a code execution can be done at the memory level to penetrate your system. To mitigate this attack, zeroing buffers which contained sensitive information is an exploit mitigation technique. Let me take an example: Imagine you are a hacker and you can see what is in the RAM of your victim. Then you can see passwords and everything else. Then it’s better to delete them if they are not going to be used or rather fill it in with wrong passwords to trick the hackers.

In a technical term, the idea is to overwrite the variable when you are about to get rid of it so that other programs cannot detect what was there. The key is not to have the secret data present in the memory longer than necessary. However, what you overwrite might matter, but what is overwritten is the key to keep it secret. So let’s see how to put Zeroes in RAM to erase what was there before. Keep in mind, it has nothing to do with overflows.

Do check out the pull requests and commit at https://github.com/WhisperSystems/libaxolotl-c/pulls


Signal – Privacy is possible with SMS encryption

Phone calls and SMS privacy are now possible with Signal. What is ‘Signal‘? “Signal has been designed for the mobile environment from the ground up. Messages and incoming calls are fully asynchronous; push notifications to let you know when new messages have arrived, so they’ll be waiting for you if the app is in the background, your battery dies, or you temporarily lose service.” – WhisperSystems

Photo credits: Mike Williamson
Photo credits: Mike Williamson

It is believed that the Government of Mauritius and other government entities around the world have been tapping into phone lines since a while and some years back this issue has also been revealed on Mauritian newspapers.  So, how do you get away from these entities trying to peak their noes into your private life? The ultimate answer is “Signal” which has been developed by the Open Whisper Systems Team.

“Use anything by Open Whisper Systems”Edward Snowden, whistleblower, and privacy advocate

“I am regularly impressed with the thought and care put into both the security and the usability of this app. It’s my first choice for an encrypted conversation.” – Bruce Schneier, internationally renowned security technologist.

The signal is freely available and compatible for almost all Android devices as well as Apple mobile phones. It supports SMS and voice calls encryption even if you are on a 3G/4G network. However, you need to assure yourself that all parties engaged in a conversation are using Signal to be secure on all sides.

You cannot assure yourself to be secure if encrypted communication is one-sided.

My next article is going to be dedicated to the cyberstorm.mu team of Mauritius.


Dare to do a brute force attack again!

Dare to do an SSH Bruteforce attack again and you are banned!! I have noticed that there are several DDOS SSH botnets attack these days on my server. Despite that I would prefer SSH to listen on port 22, I can imagine how many attempts can be made to break through it. Though these attacks are very common, it can increase CPU consumption on your server and consequently the server can die. However, if you did not protect the server from malicious SSH remote connection, things can get pretty dangerous and the attacker can take over the machine.


fail2ban
Photo credits – fail2ban.org

Fail2Ban is one of the tools which you can install on your machine to ban IPs that show malicious signs. However, today with the help of Kheshav, we have decided to find a solution to reveal all the IPs to the public. From the fail2Ban log, we can find all IPs that that are being banned. The solution was an easy one.



1.Install Nodejs, npm package

yum install nodejs npm

2. Install frontail with the npm utility

npm install frontail -g

3. Now you can launch frontail on any port as a demon with the following command

frontail -p {port number here} -h {IP or Hostname here} {location of your log} -d

Afterward, you have to include the IP, the port number and the location where you want the log to be streamed live.

Here are the banned IPs – US time attempting some brute force on tunnelix.com. You can also view the IPs on the right side widget of the blog. It might take some few seconds before loading.



There are several websites where you can report IPs for abuse as well as verification of precedent attacks. We are still brewing up some ideas to produce a better and well-defined output of the log.

Debug your Internet bugs and vulnerabilities with ICSI Netalyzr

Can your Network be easily compromised? Is your Internet vulnerable? You might want to perform some tests on the Quality of Service your Internet Service Provider – ISP is providing you. It can also be more dangerous if your ISP is also your router vendor! One of the fast and reliable tools which I would propose is the ICSI Netalyzr tool which tests your internet connections for signs of trouble and provides you detailed report vulnerabilities, latency, and several tests. The test can be performed by almost anyone with just a simple click.

“ICSI Netalyzr is a service maintained by the Networking Group at the International Computer Science Institute, an affiliate with the University of California, Berkeley and funded by the National Science Foundation. The service got some publicity and found importance after late 2007 when Comcast was sued for throttling Internet traffic which Comcast later admitted being true.” – freewareGenius

Debug your Internet bugs and vulnerabilities with ICSI Netalyzr 2

The report consists of:

  • A summary of the Noteworthy Events
  • Addresses-based Tests
  • Reachability Tests
  • Network Access Link Properties
  • HTTP and DNS tests
  • IPV6 tests and Network Security Protocols
  • Host Properties

I made several tests myself and notice that many routers are vulnerable to attacks. One of the tests I made from a Netgear router DG series intentionally downgraded with an old firmware from the official website of Netgear was found to be vulnerable. Click here on this link to access to the Netalyzr tool. I would, however, recommend you to use DD-WRT or OpenWRT for best QoS.

Example - A Netgear router vulnerable to CVE-2012-5958 and CVE-2012-5959
Example – A Netgear router vulnerable to CVE-2012-5958 and CVE-2012-5959

You could also check for DNS resolution, Latency issues and Measurement of your Network buffering capacity. You would need to authorize your browser to access a JAVA plugin to be able to perform the test.

You can also perform your test using the Android App as well as on the Netalyzer command line client.