Category: Uncategorized

Phishing Attack – Free Travel tickets with Emirates Airline

Today itself, a friend sent me a message about free travel ticket with Emirates airline through WhatsApp. On seeing the URL, I immediately doubt about the authenticity of such kind of strategy spammers are using to make money as well as to harvest data about you. Once you fill in the form, it will prompt you to share the information to 30 people on WhatsApp to get your ticket. Common, this does not make sense at all and I believe that the website should be reported and Emirates Airline to make an official announcement on its website about these scammers.


Photo Credits: Emirates.com

The message sent to me was in French. Since I’m well conversant in French, I could easily read and interpreted it. The message received is as follows:


“Pour le 33° Anniversaire, la compagnie aérienne *Emirates Airline* donne à tout le monde *2 billets d´avion gratuits*. Récupérez votre billets d´avion immédiatement. http://bit.ly/Emirates-airline”

The translation looks like this in English:

“For the 33rd Birthday, the aviation airline “Emirates Airline” is giving a free *2 air travel tickets. Get your airline tickets immediately. http://bit.ly/Emirates-airline”

If you observed carefully the real URL has been shortened on bit.ly. There is nothing wrong when using bit.ly which is a great tool for URL shortener. However, if you try to access the URL, you will be redirected on http://5ack.com/Emirate/ which is well known for attacks.

Let’s see what does the whois tool said about 5ack.com:

1.According to domaintools.com, the IP Address behind is 107.180.59.131 

2. The IP Address 107.180.59.131 is well known for attacks and there is no real information as to who is behind this domain name.

3. Worst, the domain 5ack.com has a history of 55 counts of changed IP addresses.

Extract from domaintools.com

4. On the following link https://chat.stackexchange.com/transcript/65945/2018/11/14/2 we can see someone has blacklisted the IP 107.180.59.131 who at that time was selling health supplement. Of course, it’s fake again.

Please don’t click on the link otherwise you might eat those baits and be a victim of Phishing attacks. I wonder how come those links ended in Mauritius which is probably due to French-speaking people here in Mauritius. Otherwise, several French-speaking countries in Africa is at risk. I wish someone from the security team of Emirates Airline read that blog and made an official announcement soon about those spammers hovering everywhere on the Internet. Let’s work together for a safe and secure Internet and keep on passing the message.


XpressLiteCoin – Your Litecoin payment gateway

As promised days back on my Tunnelix.com Facebook Page, I would blog about setting up a Litecoin button on your website for payment or donation purpose which I did myself. See on the top right corner of the blog. I would strongly suggest using the XpressLiteCoin payment gateway for such type of transaction. Some days back during the operation JASK, I contributed to the LiteCoin repository and I thought why not set up a Litecoin donation button. The funds received will be used to renew my server hosting and tunnelix.com domain. Below are some instructions to start with.


For some who are not well acquainted to cryptocurrencies, Litecoin is one amongst many and it is a fork from the Bitcoin. Litecoin is an experimental digital currency that enables instant payments to anyone, anywhere in the world. Litecoin uses peer-to-peer technology to operate with no central authority: managing transactions and issuing money are carried out collectively by the network. Litecoin Core is the name of open source software which enables the use of this currency.Litecoin

Imagine, you want to receive payments for your business in a more secure way. Of course, when it comes to cryptocurrencies, no one wants to take the risk. XpressLiteCoin is here to provide merchants with a cheap and convenient way to integrate Litecoin in their business payment process. – XpressLiteCoin

How to start with XpressLiteCoin payment gateway?
1. First, you will need to register yourself on the XpressLiteCoin.com website. This is pretty straightforward. Make sure you received the confirmation email once you have to sign up on the website.

Create a Litecoin address.

2. You can create a paper-based wallet but the procedures can be lengthy and you will have to secure your key and record all transactions. However, using the online wallet is pretty simple with Jaxx.

3. After installing Jaxx, you will have the option to create a new wallet.

4. Then, you will have the option to choose the paper-based wallet or an online wallet which is easier.

You can create your wallet and scan the QR code to use the same wallet on your mobile device such as Android, IOS etc..

5. After configuration, you will have an LTC Address.

Merge your Litecoin address with XpressLiteCoin gateway

6. Save your Litecoin address and enter it on the prompt which you received when logging for the first time on the prompt as shown below:

By this time, you should have been able to access the dashboard as a user. Now it’s time for some basic installation on the server.

Some basic installations on the server

7. On the server, install the “npm” package manager:

yum install npm

8. You can also upgrade your version of npm as follows:

npm install npm -g --ca=""

9. Use known registrars for the current version of npm

npm config set ca ""

10. Some installations with npm package manager which are required:

npm install express
npm install request
npm install  body-parser

11. You will also need to download the xpresslitecoin.gz at the following link as shown below :

12. To integrate the XpressLiteCoin on your website, go to the documentation page and/or click on guide. You will notice find the integration.pdf which have a piece of Javascript that will be needed on your application.

13. There are two parameters in the code to tweak: First is the port number your application will be listening and second is the token which you will get from the XpressLiteCoin dashboard on the merchant settings option.

14. Copy the token and insert it at line 10 of the code. Example:

const api_token = "XXXX<Token Value here XXXX";

15. By default, the port runs on 8080. In case, you want to change it, feel free.

16. You will also need to run your application. I would, however, recommend you to have a script on autostart for this service :

node xpresslitecoin.js

17. Since the application need to be inserted as a plugin on your website, you can create a ProxyPass on your web server. For Nginx proxy use the following parameter

location /xpresslitecoin/ {

    proxy_set_header HOST $host;

    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_pass http://127.0.0.1:8080/xpresslitecoin/;

}

18. For Apache HTTPD ProxyPass, see the documentation here.

Create the payment button

19. By now, you should be able to run the node service with the XpressLiteCoin application. However, to insert a button your website to received payments through the gateway, you will need to insert a few lines on JavaScript codes.

<script type="text/javascript" src="xpresslitecoin.js">
</script>
<button id="xpl-donate"> <img src="LocationToYourImage.png" alt="Please Donate"> </button>

20. An issue that your might encountered if you have CSP enabled which is a good thing. However, you will need to make sure that you have an exclusion on the plugin.

Facebook friend requests – Fake or Real ?

Fake profiles are raining over the Internet especially when it comes to Facebook social media. Since days, I’m receiving so many friend requests. Common, a guy receiving more than 230 friend requests !! I wonder if it’s because of the hackers.mu worldwide popularity symptoms ! Or the haters are going wild against me with this “Facebook Friend request spam mechanism”. LOL!

 

Whilst some may be genuine and others fake, it is very difficult to manage all these friend requests which consumes much time. It’s probably one of the reason I moved to Twitter and create my own Facebook page – Tunnelix.com. So, give a try and click on the like button on my Facebook page. You can still message me on my page as it is much more under my control. I’m also on Linkedin where you can easily connect with me.

So many Facebook friend requests..

Common!! How do i manage all these friend requests ?
Common!! How do I manage all these friend requests ?

However, I have gone through some profiles which is kinda weird. For example, let’s take a look at this friend request from one “Caroline Jane” who is apparently from New York and lives in United Kingdom. She is single too ^^.

 

Use images.google.com

I went on images.google.com and uploaded her profile picture there and made a search by image.

According to this simple research, she is a porn actress and her name is in fact Alina Li.

Now, you can use the same tool to check if your profile picture has been stolen and used in another profile picture. Share your comments if you have any ideas how to prevent Facebook friend requests flooding.


IETF 101 Hackathon by the Hackers.mu team

We believe in rough consensus and running code” – Just have a look at the IETF website, this is the motto that you would come across. This is why the IETF hackathons are so special during the year and hackers.mu team is proud to be the first team in Mauritius who does not only participate in such type of event but also lead the TLS working group. The IETF 101 hackathon was yet another challenge for the hackers.mu team. But, once you are in, the fun begins. Compared to the IETF 100 hackathon, hackers.mu team made an improvement in terms of lines of codes and focused on more projects. We participated remotely in projects such as TLS 1.3, DNS, and HTTP 451. A wiki was also created during that event.

Photo credits: IETF.org
Photo credits: IETF.org

We used Jabber to communicate for the IETF 101 hackathon. Other media such as Facebook was found out to be interesting. I should admit that on Friday and Saturday I went to sleep at 02.00 AM with just the testing part completed. At 23:00 hrs, Logan was asking everyone to go to sleep as we needed more energy on the next day. Selven was also working hard remotely to bring all members on track. What is more relieving is the team spirit where everyone was helping each other during that hackathon.

Photo Credits: Codarren.com
Photo Credits: Codarren.com

One of the interesting issues noticed is about TLS malformed traffic and such thing was able to be detected using Wireshark. Once the patches were ready and the testing part was working fine, we made a debrief at Flying Dodo beer brewing company at Bagatelle Mall and was ready submit patches to their respective projects. I was assigned the “Stunnel” project and a library in “Eclipse Paho”.

Debriefing at Flying Dodo accompanied with beer and some fries
Debriefing at Flying Dodo accompanied with beer and some fries

After the debriefing, Logan was getting ready for his remote presentation at the IETF. We all went through the slides that logan created and went back home happily to see the presentation live on YouTube.

Special thanks goes to the IETF Organising team for having us as Technology Champions! Nick Sullivan head of cryptography expert at CloudFlare, Charkes Eckel, Barry Leiba, Meetecho team, Cisco for sponsoring the event and the all members of the hackers.mu team which made this hackathon a success in the world history of Mauritius.

Other’s are also talking about the IETF 101 hackathon ?

“I had initially started a bit slow, as I was working on other projects in parallel. Everyone was already deeply immersed in their projects, we could see PRs and code merges flying right from the first day.”Codarren Velvindron

“It seems that I am not the only one who feels that this hackathon was really addictive. we were hooked the moment we started working out on our tasks.”Pirabarlen Cheenaramen

Developers working with OpenSSL can finally start to work with TLS 1.3, thanks to the alpha version of OpenSSL 1.1.1 that landed yesterday.” – TheRegister

I think that you guys have more better weather and more fun that we did”Charles Eckel

The DNS madness: 185 RFCs totaling 2781 pages. Hello DNS security flaws ” – Loganaden Velvindron

hackers.mu pioneering the internet! We made it to IETF 101 hackathon with our team members getting featured in front of thousands, followed by a round of applause by IETF members in London. Congratulations guys, we did it again!”Yasir Auleear 

IETF Hackathons encourage developers to collaborate and develop utilities, ideas, sample code and solutions that show practical implementations of IETF standards. The IETF Hackathon in London on 17-18 March is poised to be the largest ever.” – IETF

 In case you are asking yourself, “who are the hackers.mu ?” You can consider is as “a group of developers from Mauritius who loves to code and are passionate about information security.” More information at https://www.hackers.mu

Happy New Year 2018 from TheTunnelix

My dear friends, readers and fellow bloggers, I would like to seize this opportunity as this is my last blog for the year 2017 to wish you and your family a Happy New Year 2018. There were lots of events in the month of November – December 2017. For today, I’m having a drink with family and friends. Oh yeah, Tomorrow, will be a super party 🙂

Those who missed cyberstorm.mu events recently, in the month of November was about the Infotech 2017 where cyberstorm.mu was present on our special stand busy evangelizing OpenSource products. Our accomplishments were also displayed. Logan, from the cyberstorm.mu team also made an amazing speech at the video conference room.

The cyberstorm.mu team also had an end of year get together and lunch in a restaurant at Rose-Hill.

I’m happy to be able to complete my VMware Certified Administrator and VMware Certified Administrator Professional exams. I’m looking forward for more certifications next year. This year has marked the history of Mauritius where lot’s of Open Source contributions were carried out from Mauritians, mainly by cyberstorm.mu. Right now, we have several stuffs in our pipeline. Surprise soon 🙂