Tag Archives: Internet

Smile, You Just Have Been Indexed!

August 30, 2010 23:08 | 3 Comments |

Picture I’m certainly not addicted to web stats. This blog has a Google Analytics marker but I don’t follow the statistics on a regular base. After all, I’m blogging for fun and I don’t need to keep my audience at a certain amount or don’t need to attract more visitors – even if a growing audience is very rewarding. That’s a good opportunity to thank all my readers! ;-) Did you also notice that no commercial ads are displayed here? (Except for some specific security events or podcasts but they deserve!)

On the other side, I keep an eye on the server logs. I’m addicted to “logs”. They provide very useful information about your visitors and their behavior. Never forget: You need logs and you need to take care of them. Event if they contain non-critical information, the same details may get a very high value in the future when you’ll have to investigate a security incident. Think about this…

So, while reviewing the log file of the web server running this blog, I found something interesting. I published my last post yesterday at 18:40 GMT+2. Google fetched and indexed the data less than three minutes later:

   66.249.71.147 - - [29/Aug/2010:18:41:01 +0200] "GET /2010/08/29/back-online-2/ \
   HTTP/1.1" 200 15085 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; \
   +http://www.google.com/bot.html)"

Another statistic? Since the beginning of this month, the Google bot hit this blog 30056 times! Ok, honestly, blogs are not the best references. Lot of blogging platforms notify Google when new content has been published with messages such as “Hey, Google, I’ve something for you!“. But regular websites are also very often “crawled” by Google. A small forum maintained by myself (with a very low activity) has been visited by Google 3509 times this month.

What does it mean? If you publish some content on the Internet, don’t expect a chance to bring your data off-line. The time to read this post, they already have been indexed! Bots like the Google one have powerful algorithms and know where to find relevant information. “CTRL-Z does not work on the Internet”

Posted in: Net | Tagged: , , ,

Show Me Your Browser, I’ll Tell You Who You Are!

February 11, 2010 21:28 | 2 Comments |


To surf the web, you need a specific application: a browser. Today, this piece of software is delivered by default with all operating systems and becomes more and more used, even for non-related Internet stuff (Lot of applications or devices are manageable using a web interface). For some companies, the browser will even replace the operating system in a near future. Think about Chrome OS from Google… It’s mainly an OS booted to launch a Google Chrome browser!

Modern browsers are fully customizable. Like operating systems, their look can be changed, extra features can be added using plug-ins or toolbars. They can also be configured using different levels of security. Briefly, the browser reflects the profile of its owner.

When people are online, one of their main concerns is to protect their anonymity. Using some tools and safe behaviors, it’s possible to stay more or less anonymous. Are you sure?

Panoticlick is a project of the Electronic Frontier Foundation which tries to identify browsers. How does it work? When you visit a webite, your browser sends a lot of useful information to the server. The most common is called the user-agent. Example:

     Mozilla/5.001 (windows; U; NT4.0; en-US; rv:1.0) Gecko/25250101

But lot of interesting data are also available like characters enconding, timezones, etc. Based on all these details given by your browser, Panopticlick is able to compute some kind of “fingerprint” using an algorithm explained here. Basically, it’s the same method as the one used to identify people based on measures of their postal code and birth date (this is called “entropy“).

The problem with this method: visitors can be potentially identified by their browser when they visit a website. By using personal information like geographical location, language, time zone, visitors of some websites could become nice targers of marketing actions or change access to the data (restriction like geo-IP localization).

To test your browser, click here.

Posted in: Privacy, Security, Software | Tagged: , , , ,

Hello? Anybody Home?

September 9, 2009 20:28 | Leave a Comment |

Anybody home?

If you’re working in the small world of Internet Providers or perform any other business related to Internet, you are for sure aware of the major outage affecting Colt since yesterday in Europe (or you’re living on the moon!) Checkout the article on theregister.co.uk.

I received feedback from several customers whose business relies on the Colt backbone Internet (like portals or e-business) and they’re just waiting for the problem to be solved. All of them contacted Colt and are kept in the dark by the ISP: “We have big issues” or “We are trying to restore our services as soon as possible“. On a technical point of view, the outage must be something really low level because some customers also detected problems with their LAN links between different sites (nothing related to the Internet itself).

I’m sure they are fully busy to restore their services but in parallel, they should have deployed some communication channels to communicate in the same time! Leaving customers without information is a really bad press for the company. Once all the services restored, they will have to deploy much more effort to gain back their customers confidence… Funny, a Twitter account @COTLoutagenews was created today to spread news over the micro-blogging platform. I suspect this account to belong to a Colt employer which try to keep the Internet updated about their issue.

More than 24 hours since the problems started, Colt Belgium is still disconnected from the Internet. You can reach the border routers than… black hole:

Click to enlarge

Click to enlarge

I would like to be clear: This post has nothing against the Colt company nor the services they provide. They have very competent engineers who must spend a period of intense stress. The story will stay the same even if you replace “Colt” by your favorite ISP. It’s just a good opportunity to learn things from this bad experience:

1. Colt is a well-known company and was known as “reliable”. This story reveals that even the biggest one can suffer of a major outage! And often disasters are caused by a series of small minor incidents. In short read: “Shit happens!”

2. Don’t put all your eggs in the same bag! If you got connected to the Internet from Colt only, you should also be in a major crisis! Bandwidth prices are very low today and there exists lot of solutions to build redundant Internet infrastructure. No need to be a BGP guru anymore to become multi-homed.

3. Be prepared to face the same story. Have a good communication plan ready! I wrote some text about incident management a few weeks ago. When you start your BCP, DRP or whatever you call you plan, don’t forget the communication. I already read some articles in the specialized press about the current outage.

4. Once the problem is under control. Don’t try to hide the fact. You were in a deep shit? Tell it! And explain how you successfully resolved the issues! This could prove to customer, partners or press that you were able to take the right actions.

Never forget: “Humans learns by doing mistakes”. I hope that Colt will analyze and communicate about the incident. This could help them to increase the service level and could, for sure, be useful for other companies. Should I remind you how Apache handled their last incident?

Last news communicated via @COLToutagenews: Further updates can be found at http://www.colt.net/UK-en/CaseStudy/COLT_036279.

Posted in: ISP | Tagged: , ,

Security Awareness Book for our Children

August 17, 2009 23:21 | Leave a Comment |
(c) Calligram

(c) Calligram

It is never too early to give some security recommendations! My first daughter became a fan of a book series called “Max & Lili”. Those comics books (only available in French if I’m not wrong) are written by Serge Bloch and Dominique de Saint-Mars.

Each volume focuses on a specific theme (around school, friends, family, social life etc..). Themes are covered following the same scenario: first experienced by children or the family, then avoided or at least discussed with their parents. The book ends with a few pages of questions for the children. The topics range from everyday to serious problems such as death of a grandfather, divorce, racketeering, abuse, alcoholism of a loved one … and, of course… Internet and its dangers!

My goal is certainly not to revive an old debate here but I read the book and found it quite “complete” regarding the issues my children might encounter. The number of topics covered by the book is quite impressive:

  • Viruses
  • Spam
  • Phishing
  • Instant Messenging
  • Pornography
  • Identifiy / personal data
  • Blogs content (copyrights issues)

Each topics is explained with the right words fully understandable by the children. Finally, they discuss with their parents and decide to set up a clear usage policy of the family computer / Internet connection. A lexicon of technical terms is also available with clear definitions for children (or also parents who are not “computer aware” ;-) ).

The book is available since 2006 and it is still up-to-date. It was published with the collaboration of the “Délégation aux usages de l’Internet” and the “Délégation interministérielle à la Famille” in France.

I’ve no idea if this collection is available in other languages. A good reference for all the French speaking parents…

Posted in: People / Places, Privacy, Security | Tagged: , ,

E-mail Portability for Belgian ISPs Soon?

July 28, 2009 21:49 | 2 Comments |

E-mail

A new law is in the pipe in Belgium. Like snail mail or mobile numbers, the Federal authorities would like to implement the portability of e-mail addresses and homepages when the user changes of Internet Service Provider (for a period of six months). The goal of this law is to make the Internet market more open to competition. For those who are interested, information have been make publicly available by the IBPT (Belgian Institute for Postal Services and Telecommunications). Feel free to have a look at the official text in French or Dutch. It looks like a good initiative. However, this project of law made me reflect on some points….

First the term “portability” is not the right one in this case. For mobile numbers, the operators exchange calls via the SS7 protocol as example. For e-mail addresses, it’s slightly different. All e-mails are delivered based on the MX (“Mail Exchange”) records defined for the domain. Example for rootshell.be:

$ dig rootshell.be mx
...
;; ANSWER SECTION:
rootshell.be.           3600    IN      MX      20 mx1.nikita.cx.
rootshell.be.           3600    IN      MX      300 nice.try.mr.spammers.org.
rootshell.be.           3600    IN      MX      10 mail.rootshell.be.
...

The right term is in this case “forwarding”. The old ISP will forward all the received e-mails to the new address (hosted by the new one).

Today, lot of people use their Internet providers just for… the Internet access! They already subscribed to free services like Gmail or Yahoo! Mail (which often offer more features like extra storage capacity, better anti-spam, etc). Their blogs are hosted on Blogger.com

For a few years, buying a domain name does not require a big investment (Belgacom even made a big marketing campaign to receive a domain name for free!). No need to be a DNS master to manage your domain. Powerful web interfaces will take you by the hand. Dynamic DNS are also a nice alternative for blogs and homepages.

Ok, I must admit, not all users do this. The Average Joe fully relies on his Internet provider and the law could be helpful. But who will help him to update all the mailing lists, forums and web services he subscribed for maybe years? To avoid this situation, never put all your eggs in the same bag! Spread your presence across multiple online services. Example to manage your e-mail flow, use several addresses:

  • An official one (something like your@yourname.com) to exchange official e-mails (family, friends, job requests, official communication, etc). This one must be kept as private as possible
  • Another one to register on mailing lists, forums and other online services (Gmail is your best friend in this case)
  • A third one to give when future feedback is not important (example when you need to leave an e-mail address to download a file or a document). Use temporary e-mail address services like mailinator.com

What’s your opinion?

Posted in: Belgium, ISP | Tagged: , ,

DNS queries for “.”

January 21, 2009 18:05 | Leave a Comment |

As described by the Internet Storm Center in the last Sunday diary, my name server was also hit by this attack today.

380000 queries for “.” where sent to bind. For those who’re not experienced with the DNS protocol, querying for a dot (“.”), ask the name server to answer the list of the root servers. In terms of resources, the attacker send a small UDP packet (45 bytes) and the name server send back a packet of size multiplicated by at least 10! As packets were spoofed, this a perfect example of DDoS!

Here is a list of targetted IP addresses:

63.217.28.226
66.230.160.1
66.230.128.15 
69.50.142.11
69.50.142.110
76.9.16.171
76.9.31.42
216.201.82.19

The solution was to blacklist those addresses at firewall level.

Check out the ISC report: http://isc.sans.org/diary.html?storyid=5713″.

Posted in: Net, Security | Tagged: ,

Turkey Youtube Censorship Bypassed by More and More Turkish Citizen

June 27, 2008 16:02 | Leave a Comment |

Youtube Censored

The popular service Youtube is a wonderful tool to promote all kind of information. But some countries find this too dangerous for multiple reasons (mainly political and/or religious). Have a look at the map below. It represents a world map of countries were Youtube is/was blocked:

Youtube Map

I’m the owner a rootshell.be, a service which offers free UNIX shell accounts and for a few weeks, I detected more and more requests (759 to be precise) coming from Turkey. People were asking SSH tunnel to access youtube.com from Turkey.

I analyzed my web server log files and found that my site was referred on a big portal called pclabs.gen.tr (here is the posted article: http://www.pclabs.gen.tr/2008/06/02/youtube-ip-engeline-yasal-guvenilir-ve-kesin-cozum/ – Is there a Turkish speaking people who could translate it for me?). They explain how to use a SSH tunnel to access Youtube. Result: 4163 videos have been viewed thru SSH tunnels on rootshell.be in June 08.

The fact that they use my service is not the problem here, everything is logged and restricted to least privilege. But, it demonstrates that filters set by authorities in Turkey or ongoing projects like the one in France will never be the right solution.

We can split this problem in several cases:

  • Filters are applied to protect users against external risks (example: pedophilia). Filters will never do the job with 100% of reliability. It’s mandatory to perform education in parallel (don’t disclose personal data, don’t surf on suspicious web sites, …)
  • Filters are applied to prevent the users to access illegal online resources (mainly multimedia files). In this case, it’s prohibited by laws and filters must be in place but in the right way. Protocols used by most Peer-2-Peer networks are also used to spread legal files such new Linux distributions or contents.
  • Filters are applied to prevent the users to access immoral resources (religious or political). In this case, the danger comes from a main authority which decide if some information is immoral or not. I’ll not debate about religions or politic here, authorities have maybe good reasons to restrict some information but, like in case #2, they cannot block a service which can be also used for “classic” purpose.

What’s your opinion?

Posted in: Net, People / Places, Uncategorized | Tagged:

Allo Mozilla?

June 17, 2008 20:14 | 1 Comment |

Mozilla_down

Firefox 3 is out! It seems that the World Record of downloads in 24 hours will be difficult to accomplish…

Posted in: Net, Software | Tagged:

Who Still Remember Usenet?

June 17, 2008 20:07 | 3 Comments |

Usenet

A page of the Internet history will maybe be turned off soon. Three major ISPs in the United States (Verizon, Sprint and Time Warner Cable) announced they will stop access to Usenet! (or access will be limited to the Big-8).

The youngest of us have probably never used a “newsreader” to access Usenet via the NNTP protocol (already available before the World Wide Web). A few years ago, it was still a classic way to find help over thousands of topics (from IT issues to fishing or cooking). Today, Usenet (the newsgroups) are accessed via Google Groups or online tools.

But Usenet is still used by the “underground”. On Usenet, you can find almost all movies, MP3 albums or application via the well-known “alt.binaries.*” branch. Even more, it’s a method of file sharing which is unknown by most of the young surfers. Less known, discreet, fast… a perfect way to exchange illegal material. That’s why Usenet is at risk at the moment. Maintaining a Usenet feed is also very expansive in bandwidth and storage for an Internet provider: 400 GBytes of data per day!

Posted in: ISP, Net | Tagged:

“Doing Well by Doing Right”

June 13, 2008 11:35 | Leave a Comment |

Today, I received a mailing (partnership between ING and Steptone) to promote open career opportunities at ING. Well, I receive a lot of mailings but this one was quite special…

It said: For more information about career opportunities, visit www.ingitcrew.be.. I really liked the slogan “Doing Well by Doing Right“, check out:

ING Advertisement

Problem? Don’t try to visit the website, domain name has not been registered!

# whois -h whois.dns.be ingitcrew.be
% .be Whois Server 4.0
%
% (c) dns.be 2001-2004 (http://www.dns.be)
%
[stuff deleted]
%-
% WHOIS ingitcrew
Domain:      ingitcrew
Status:      FREE

www.ingitcrew.com is the right one. Typo error? Lack of project coordination? My first idea was, of course, to immediately register the domain. If anybody has a contact @ ING or Stepstone, give them a call!

Posted in: Belgium, Fun, Net | Tagged: ,