☠ Bahrainy Days

It's been more than one year since i did not write anything on this blog. It's also been more than one year i'm getting a close look to Syria with my friends of Telecomix, FHIMT and Reflets.info. During this year, we've been tracking european and american companies selling surveillance technologies to countries that use them against political opponents to identify them, track them, arrest them, torture them, and then kill them.

But we did not forget Bahrain.

We identified through a leaked official document that Finfisher technology (aka UK company Gamma Group), was responsible for Bahrain's activists tracking in this country. Finfisher is a collection of intrusive tools to break into any computer, maintaining access and spy in deep anyone connected on the Internet.

The leaked document is in Arab, translations will be soon available in french and in english on Reflets.info.

Stay tuned

Finfisher-Bahrain

☠ Bahrainy Night البحرين

WARNING : PLEASE, DO NOT EXPLOIT !

You might have follow us yesterday night doing a bunch of tourism in the wonderful Syrian Internet. As we had pretty much fun playing with Bachar, we thought Hamad could get jealous.
This pad is dedicated to you Hamad.

You can kill your people and shit on freedom in Bahrein... but never forget hackers are watching at you... we're close... even closer.

We do not attack, we're just tourists. Then we take pictures to show them to our friends from the Internets.

Hope you'll enjoy our journey as we did

/-)

Leak it Baby :


First step : asking a good friend the best way to have a nice touristic journey :

http://tinyurl.com/4ymbzsu


Second step : Dropping some small stones to get sure we won't get lost

9 ix-3-2-1.core1.JSD-Jeddah.as6453.net (195.219.153.94) 118.911 ms if-6-0.core1.JSD-Jeddah.as6453.net (80.231.165.78) 101.096 ms 101.239 ms
10 85.158.130.225 (85.158.130.225) 117.310 ms ix-3-2-1.core1.JSD-Jeddah.as6453.net (195.219.153.94) 119.919 ms 120.602 ms
11 85.158.130.225 (85.158.130.225) 116.242 ms 115.735 ms 119.568 ms
12 85.158.131.10 (85.158.131.10) 100.865 ms * 105.516 ms
.....
.....
social.gov.bh has address 89.31.192.132 http://www.social.gov.bh/


Third step : you will have to visit the customs

inetnum:85.158.128.0 - 85.158.135.255
netname:BH-EXCHANGE-20050110
descr:Bahrain Internet Exchange
country:BH

Nothing to declare ? Ok let's jump to the next step, enjoying the journey and taking pictures.
Ok it's time for getting change with local currency, http://www.gosi.gov.bh/calc/military/


The most beautiful places in the country

• http://www.housing.gov.bh/arableague/files/meetings_files/PHPJackal.php <-- lol
• Hamad runs his own direct download website http://tinyurl.com/6gpnsyf (Megaupload fears) 00000H i'm so sorry you deleted it HAMAD,I took a picture for a souvenir :) http://www.dropmocks.com/mUBLH
• http://www.housing.gov.bh/arableague/files/meetings_files/
• http://www.housing.gov.bh/arableague/files/meetings_files/1.txt/
• http://www.social.gov.bh/robots.txt
• http://www.social.gov.bh/scripts/
• http://www.social.gov.bh/scripts/code-style.pl
• http://www.social.gov.bh/scripts/drupal.sh
• http://bit.ly/i8f9wE (just create your account to visit, it's free)
• http://websrv.municipality.gov.bh/cornersell/Locale.do
• http://sio.bh/empl2.php (guess what)
• On Internet you might need help of a nice policeman : http://www.interior.gov.bh/online_policing.asp ... they know the Internetz, they use Frontpage :

<HTML dir=rtl><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1256" /><title>:: وزارة الداخلية | شرطة خدمة المجتمع | التبليغ الإلكتروني ::</title><META http-equiv=Content-Type content="text/html; charset=windows-1256"><META content="MSHTML 6.00.2800.1106" name=GENERATOR><META content=FrontPage.Editor.Document name=ProgId><META http-equiv=Content-Language content=ar-bh><style type="text/css"><!-- body {

• http://www.cbb.gov.bh/cbbstat/index.php (piwik1.0)
• Compare : http://www.mofne.gov.bh/faq.asp with : http://webcache.googleusercontent.com/search?q=cache:cibZDCLlMSwJ:www.mofne.gov.bh/faq.asp
• http://www.mew.gov.bh/default.asp?action=category&id=44
• Any complaints ? http://www.moic.gov.bh/4DPublic/Complaints/RegisterEnqCompl.aspx?css=BSMD&Lang=ar-BH
• Barheiny Cypherpunks are here : view-source:http://www.cio.gov.bh/cio_eng/
• https://216.157.36.90/ Database
  

Staying in touch with Hamad :<

• https://webmail.mun.gov.bh/owa
• https://webmail.info.gov.bh/Exchweb/bin/auth/owalogon.asp?url=https://webmail.info.gov.bh/Exchange&reason=0
• https://webmail.cio.gov.bh/OWA/auth/logon.aspx?url=https://webmail.cio.gov.bh/OWA/&reason=0

rDNS record for 89.31.192.137: www.moh.gov.bh
PORT STATE SERVICE
12/tcp open unknown
23/tcp open telnet
80/tcp open http
1025/tcp open NFS-or-IIS
1080/tcp open socks
8080/tcp open http-proxy

websrv.municipality.gov.bh
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
80/tcp open http
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
1025/tcp open NFS-or-IIS
1080/tcp open socks
8080/tcp open http-proxy


... We're not snipers, we did not shoot, we did not hack, we did not deface...what about your security forces ?

From Paris with Love

Fo0 & Bluetouff

Samsung GalaxyS : Android made comfortable

Even if i did not get the time play with my new phone, a Samsung Galaxy S, i must say i feel quite excited to plan some hacky stuff with it and Android OS that it runs. Android is a really cool platform that lets advanced users play with modified firmwares to extends its features. Officials and beta firmware for the Galaxy S can be found here, this page could save your life if something goes wrong with the following hacks. Consider having a look on the new Samsung Flash wiki page and on the i9000 official flashing guide. If your are not familiar with flashing devices or running tools that could brick your phone, please, do not even try.

Here is my first impression for this device :

• Effortless root ;
• Multitask ;
• Android has many useful apps that just works for a professional use (excellent email app, SIP, tethering that actually works for no money ...) ;
• Android makes your phone highly hackable, and some apps like Touiteur a very good surprise.

Issues :

• No SSHd by default, I just recommend QuickSSHd, an inexpensive but useful app ;
• A strange behavior with GPS, Samsung USA recently admitted an issue and was planning to fix it in september. Did not see such a (official) fix yet;
• Memory acces may sometimes be slow which is a software issue but a lag fix can be applied once the phone rooted. The 1Ghz CPU should be fast enough.
• Last point that is not related to the phone itself, but to operators that filter http requests from a tethered computer browser, but should I need more than a ssh term ? Well, a browser might be useful so you will easily find a way to cheat them by modify the user agent parameter of your browser, using this plugin for Chrome or this one for Firefox.

What could be improved

• The default factory firmware with the GPS bug but I recently moved to Froyo, not an official firmware, but the GPS works perfectly on this one.
• There are not as much great 3D games on Android. If you're a gamer, excepting being an absolute fan of Asphalt 5 you should consider using an iPhone. I hope some companies like Gameloft or Electronic Arts will launch more 3D games on Android.

Tunneblick quick and dirty configuration

I had few troubles with adding a new configuration in Tunneblick, a cool free VPN software for OSX. The documentation of my provider was not so clear and a small mistake took me some time get started.

I had already a previous configuration and when i read the documentation of my new VPN provider, i was told to drop the config files in the openvpn folder located in the Library folder, in my Home directory. Of course, i had no "openvpn" folder located here. After a few greps, i found the good place : on Snow Leopard, you have to put your configuration files in /Users/yourname/Library/Application\ Support/Tunnelblick/Configurations/

So here's the trick :

First clean the configurations folder from your previous VPN provider config files :

$ cd /Users/yourname/Library/Application\ Support/Tunnelblick/Configurations/
$ rm *

Move to the folder where your new VPN provider configuration files are :

$ cd /User/yourname/Desktop/MyConfFiles
Check that you have copied your .pem, .crt and .key with others config files, then copy your new configuration files to to the Tunnelblick configuration folder :

$ cp * /Users/yourname/Library/Application\ Support/Tunnelblick/Configurations/

If you have some .ovpn you get an error launching Tunnelblick, you might have to rename the .ovpn extension to .conf

Dell puts Firefox in jail

Applicative virtualization is now a security oriented feature implemented by Dell for Mozilla Firefox web browser. The french website PCInpact explains that only Internet Explorer 8 and Chrome have implemented a sandbox to prevent the risk of a browsing security exploitation that could compromise the whole system.

Firefox is now so popular that Dell decided to provide it's own secured environment with Kace (a Dell subsidiary). Kace not only prevents Firefox vulnerabilities, it also protects users from the use of critical plugins like Flash and Adobe Reader.

Anyway, this won't protect users against malicious plugins use.

Here's a small demo of Kace secure browsing.

Swedish Pirate Party becomes an ISP

The Piratpartiet (Swedish Pirate Party) seems about to become an ISP. It's the first known initiative of that kind for a politic party to provide a connexion to the Internets, but it seems to be a very good way to deliver a service that ethically gives an answer to the fight for Net Neutrality. Pirateisp will provide soon connexions from 10mb to 1gb, you can check the pricelist here (prices are from 26 to 55€).

Two months ago, Arstechnica wrote that the Piratpartiet was considering being ISP for the Pirate Bay.

The domain name Pirateisp.net has been registered to Rene Malmgren.

The FAQ : http://pirateisp.net/faq/

Fiber for communities by Google

Google has just launched Fiber for Communities, a website. A few month after Google revealed its plans about optical fiber deployment. Today it concerns 1100 lucky beta testers (some US municipalities) but Google goal is to provide a gigabit connectivity to 50 000 persons, then 500 000. Google should deploy it's own ultra-high speed broadband networks as an experimentation that could "benefits all communities". But for now in Europe, we are just jealous about it.

We should probably expect some news broadband services by Google, more than having Google becoming an ISP in Europe, but who knows ? One day maybe..