Category: Uncategorized

My trip to Pension Cargo, Bras-Panon – Reunion Island

I had a splendid time in Reunion Island this week. I stayed at “Pension Cargo” which is owned by Christian, a friend at Bras-Panon, Reunion island in the north-east of the neighbor island thirty minutes away from Roland-Garros, St-Denis Airport. I reached there on Wednesday at around midnight. Christian was waiting for me as I told him that I will reach there by Taxi. I was so tired already and went to sleep.

On the next day, I went for a casual meeting on cybersecurity at a Media-Tech center as well as meeting with another acquaintance who is in the medical field. At St-Marie Media-Tech center, I got the opportunity to discuss Ansible, Automation technologies, Linux and TLS 1.3 for the IETF hackathons by the cyberstorm.mu team. It’s true that in Mauritius there is considerable effort to be made to do better Developers conferences, but, I seized this opportunity to build up the circle on the neighbor island which is also advanced in software development and Automation Engineering. The day was an enriching and successful one, however, time-consuming it was, I have been able to achieve my goal. I reached quite late at “Pension Cargo” and was so tired.

Pension Cargo
Pension Cargo

On Friday, I went for a nature walk near Pension Cargo. That place is still in its natural state with lots of exotic fruits.

Exotic fruits on the beach near Pension Cargo
Exotic fruits on the beach near Pension Cargo

In case you are a fan of the nature walk, I’m sure you would like it. It was indeed a nice time meeting up with several Linux user groups to discuss avenues of collaboration between Reunion and Mauritius. However, there are much more to see in Reunion island.

Random picture taken near Pension Cargo

IMG_2608
IMG_2608
IMG_2606
IMG_2591
IMG_2591
IMG_2591
IMG_2591
pensioncargo
IMG_2607
IMG_2607
IMG_2568
IMG_2568
IMG_2568
IMG_2568
IMG_2568
IMG_2568
IMG_2594
IMG_2596
IMG_2596
IMG_2596
IMG_2593
IMG_2566
IMG_2584
IMG_2573
IMG_2573
IMG_2573
IMG_2592
IMG_2592
IMG_2592
IMG_2606
IMG_2606
IMG_2606
IMG_2606
IMG_2607
IMG_2607
IMG_2567
Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...Loading image...

At “Pension Cargo”, you can never miss the Reunion beer made locally. I got it free too! This is something to never miss at all!

Beer made locally in Reunion island
Beer made locally in Reunion island

As regards to breakfast, lunch and dinner, its always nice and yummy whether it is chicken, duck, and seafood which is always accompanied by salads french style-made.

Lunch with chicken, Seafood, Potatoes and Salads
Lunch with chicken, Seafood, Potatoes, and Salads

In case, you are heading up to Reunion island or in transit, feel free to check out “Pension Cargo” which is always worth the price. As usual, I convinced Christian to join and create a Twitter account as a marketing strategy which worth for where it is located. Pension Cargo can seem to be easily booked on Booking.com and Airbnb. However, you can always contact the Christian and his family who are always there to welcome you with a smile and lots of beers and goodies.

The team at the bar
The team at the bar

I got the opportunity to visit Riviere des Roches which is located a few meters from where I live. I was told that fishermen build up walls on the river with the aim to narrow the passage and by using fishing nets to catch “bisik” fish known as the caviar of the Reunion island which is pretty expensive and delicious. Unfortunately, this can be a problem to the ecology of the island as depending on the curve being built with the wall and the increase of sea water levels might change drastically the width of the river. This is contributing to severe land erosion and inviting sharks close to the river. Obviously, some people in the vicinity are not happy at all. Its all a question of eating the famous caviar of Reunion island!

Walls built on the river
Walls built on the river

Walls built on the river to catch fish

IMG_2620
IMG_2621
IMG_2621
Loading image...Loading image...Loading image...

On the way to Mauritius, the weather was sunny and I seized the opportunity to make a video for my YouTube Channel. I already had so many landings from several countries. Why not add Mauritius to the playlist?


Phishing Attack – Free Travel tickets with Emirates Airline

Today itself, a friend sent me a message about free travel ticket with Emirates airline through WhatsApp. On seeing the URL, I immediately doubt about the authenticity of such kind of strategy spammers are using to make money as well as to harvest data about you. Once you fill in the form, it will prompt you to share the information to 30 people on WhatsApp to get your ticket. Common, this does not make sense at all and I believe that the website should be reported and Emirates Airline to make an official announcement on its website about these scammers.


Photo Credits: Emirates.com

The message sent to me was in French. Since I’m well conversant in French, I could easily read and interpreted it. The message received is as follows:


“Pour le 33° Anniversaire, la compagnie aérienne *Emirates Airline* donne à tout le monde *2 billets d´avion gratuits*. Récupérez votre billets d´avion immédiatement. http://bit.ly/Emirates-airline”

The translation looks like this in English:

“For the 33rd Birthday, the aviation airline “Emirates Airline” is giving a free *2 air travel tickets. Get your airline tickets immediately. http://bit.ly/Emirates-airline”

If you observed carefully the real URL has been shortened on bit.ly. There is nothing wrong when using bit.ly which is a great tool for URL shortener. However, if you try to access the URL, you will be redirected on http://5ack.com/Emirate/ which is well known for attacks.

Let’s see what does the whois tool said about 5ack.com:

1.According to domaintools.com, the IP Address behind is 107.180.59.131 

2. The IP Address 107.180.59.131 is well known for attacks and there is no real information as to who is behind this domain name.

3. Worst, the domain 5ack.com has a history of 55 counts of changed IP addresses.

Extract from domaintools.com

4. On the following link https://chat.stackexchange.com/transcript/65945/2018/11/14/2 we can see someone has blacklisted the IP 107.180.59.131 who at that time was selling health supplement. Of course, it’s fake again.

Please don’t click on the link otherwise you might eat those baits and be a victim of Phishing attacks. I wonder how come those links ended in Mauritius which is probably due to French-speaking people here in Mauritius. Otherwise, several French-speaking countries in Africa is at risk. I wish someone from the security team of Emirates Airline read that blog and made an official announcement soon about those spammers hovering everywhere on the Internet. Let’s work together for a safe and secure Internet and keep on passing the message.


XpressLiteCoin – Your Litecoin payment gateway

As promised days back on my Tunnelix.com Facebook Page, I would blog about setting up a Litecoin button on your website for payment or donation purpose which I did myself. See on the top right corner of the blog. I would strongly suggest using the XpressLiteCoin payment gateway for such type of transaction. Some days back during the operation JASK, I contributed to the LiteCoin repository and I thought why not set up a Litecoin donation button. The funds received will be used to renew my server hosting and tunnelix.com domain. Below are some instructions to start with.


For some who are not well acquainted to cryptocurrencies, Litecoin is one amongst many and it is a fork from the Bitcoin. Litecoin is an experimental digital currency that enables instant payments to anyone, anywhere in the world. Litecoin uses peer-to-peer technology to operate with no central authority: managing transactions and issuing money are carried out collectively by the network. Litecoin Core is the name of open source software which enables the use of this currency.Litecoin

Imagine, you want to receive payments for your business in a more secure way. Of course, when it comes to cryptocurrencies, no one wants to take the risk. XpressLiteCoin is here to provide merchants with a cheap and convenient way to integrate Litecoin in their business payment process. – XpressLiteCoin

How to start with XpressLiteCoin payment gateway?
1. First, you will need to register yourself on the XpressLiteCoin.com website. This is pretty straightforward. Make sure you received the confirmation email once you have to sign up on the website.

Create a Litecoin address.

2. You can create a paper-based wallet but the procedures can be lengthy and you will have to secure your key and record all transactions. However, using the online wallet is pretty simple with Jaxx.

3. After installing Jaxx, you will have the option to create a new wallet.

4. Then, you will have the option to choose the paper-based wallet or an online wallet which is easier.

You can create your wallet and scan the QR code to use the same wallet on your mobile device such as Android, IOS etc..

5. After configuration, you will have an LTC Address.

Merge your Litecoin address with XpressLiteCoin gateway

6. Save your Litecoin address and enter it on the prompt which you received when logging for the first time on the prompt as shown below:

By this time, you should have been able to access the dashboard as a user. Now it’s time for some basic installation on the server.

Some basic installations on the server

7. On the server, install the “npm” package manager:

yum install npm

8. You can also upgrade your version of npm as follows:

npm install npm -g --ca=""

9. Use known registrars for the current version of npm

npm config set ca ""

10. Some installations with npm package manager which are required:

npm install express
npm install request
npm install  body-parser

11. You will also need to download the xpresslitecoin.gz at the following link as shown below :

12. To integrate the XpressLiteCoin on your website, go to the documentation page and/or click on guide. You will notice find the integration.pdf which have a piece of Javascript that will be needed on your application.

13. There are two parameters in the code to tweak: First is the port number your application will be listening and second is the token which you will get from the XpressLiteCoin dashboard on the merchant settings option.

14. Copy the token and insert it at line 10 of the code. Example:

const api_token = "XXXX<Token Value here XXXX";

15. By default, the port runs on 8080. In case, you want to change it, feel free.

16. You will also need to run your application. I would, however, recommend you to have a script on autostart for this service :

node xpresslitecoin.js

17. Since the application need to be inserted as a plugin on your website, you can create a ProxyPass on your web server. For Nginx proxy use the following parameter

location /xpresslitecoin/ {

    proxy_set_header HOST $host;

    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_pass http://127.0.0.1:8080/xpresslitecoin/;

}

18. For Apache HTTPD ProxyPass, see the documentation here.

Create the payment button

19. By now, you should be able to run the node service with the XpressLiteCoin application. However, to insert a button your website to received payments through the gateway, you will need to insert a few lines on JavaScript codes.

<script type="text/javascript" src="xpresslitecoin.js">
</script>
<button id="xpl-donate"> <img src="LocationToYourImage.png" alt="Please Donate"> </button>

20. An issue that your might encountered if you have CSP enabled which is a good thing. However, you will need to make sure that you have an exclusion on the plugin.

Facebook friend requests – Fake or Real ?

Fake profiles are raining over the Internet especially when it comes to Facebook social media. Since days, I’m receiving so many friend requests. Common, a guy receiving more than 230 friend requests !! I wonder if it’s because of the cyberstorm.mu worldwide popularity symptoms! Or the haters are going wild against me with this “Facebook Friend request spam mechanism”. LOL!

Whilst some may be genuine and others fake, it is very difficult to manage all these friend requests which consumes much time. It’s probably one of the reason I moved to Twitter and create my own Facebook page – Tunnelix.com. So, give a try and click on the like button on my Facebook page. You can still message me on my page as it is much more under my control. I’m also on Linkedin where you can easily connect with me.

So many Facebook friend requests..

Common!! How do i manage all these friend requests ?
Common!! How do I manage all these friend requests ?

However, I have gone through some profiles which is kinda weird. For example, let’s take a look at this friend request from one “Caroline Jane” who is apparently from New York and lives in United Kingdom. She is single too ^^.

Use images.google.com

I went on images.google.com and uploaded her profile picture there and made a search by image.

According to this simple research, she is a porn actress and her name is in fact Alina Li.

Now, you can use the same tool to check if your profile picture has been stolen and used in another profile picture. Share your comments if you have any ideas how to prevent Facebook friend requests flooding.


IETF 101 Hackathon by the cyberstorm.mu team

We believe in rough consensus and running code” – Just have a look at the IETF website, this is the motto that you would come across. This is why the IETF hackathons are so special during the year and cyberstorm.mu team is proud to be the first team in Mauritius who does not only participate in such type of event but also lead the TLS working group. The IETF 101 hackathon was yet another challenge for the cyberstorm.mu team. But, once you are in, the fun begins. Compared to the IETF 100 hackathon, cyberstorm.mu team made an improvement in terms of lines of codes and focused on more projects. We participated remotely in projects such as TLS 1.3, DNS, and HTTP 451. A wiki was also created during that event.

Photo credits: IETF.org
Photo credits: IETF.org

We used Jabber to communicate for the IETF 101 hackathon. Other media such as Facebook was found out to be interesting. I should admit that on Friday and Saturday I went to sleep at 02.00 AM with just the testing part completed. At 23:00 hrs, Logan was asking everyone to go to sleep as we needed more energy on the next day. What is more relieving is the team spirit where everyone was helping each other during that hackathon.

One of the interesting issues noticed is about TLS malformed traffic and such thing was able to be detected using Wireshark. Once the patches were ready and the testing part was working fine, we made a debrief at Flying Dodo beer brewing company at Bagatelle Mall and was ready to submit patches to their respective projects. I was assigned the “Stunnel” project and a library in “Eclipse Paho”.

Debriefing at Flying Dodo accompanied with beer and some fries
Debriefing at Flying Dodo accompanied with beer and some fries

After the debriefing, Logan was getting ready for his remote presentation at the IETF. We all went through the slides that logan created and went back home happy to see the presentation live on YouTube.

Special thanks goes to the IETF Organising team for having us as Technology Champions! Nick Sullivan head of cryptography expert at CloudFlare, Charkes Eckel, Barry Leiba, Meetecho team, Cisco for sponsoring the event and the all members of the cyberstorm.mu team which made this hackathon a success in the world history of Mauritius.

Other’s are also talking about the IETF 101 hackathon ?

“I had initially started a bit slow, as I was working on other projects in parallel. Everyone was already deeply immersed in their projects, we could see PRs and code merges flying right from the first day.”Codarren Velvindron

Developers working with OpenSSL can finally start to work with TLS 1.3, thanks to the alpha version of OpenSSL 1.1.1 that landed yesterday.” – TheRegister

I think that you guys have more better weather and more fun that we did”Charles Eckel

The DNS madness: 185 RFCs totaling 2781 pages. Hello DNS security flaws ” – Loganaden Velvindron

IETF Hackathons encourage developers to collaborate and develop utilities, ideas, sample code and solutions that show practical implementations of IETF standards. The IETF Hackathon in London on 17-18 March is poised to be the largest ever.” – IETF

 In case you are asking yourself, “who are the cyberstorm.mu ?” You can consider is as “a group of developers from Mauritius who loves to code and are passionate about information security.” More information at https://www.cyberstorm.mu