Linux User Group of Mauritius

  • Belgacom & the Juniper backdoor in Mauritius

    Juniper Security vulnerability

    After Ajay Ramjatan talked about Juniper’s latest vulnerability, Hackers.mu decided to dig further to know the critical infrastructure in Mauritius that rely on the affected Juniper series. To make it simple, it’s an “authorized code that allows someone to remotely decrypt VPN traffic”.

    Belgacom in Mauritius

    Belgacom is present in Mauritius and is selling bandwidth to various ISPs. It obtained its license in 2012. According to Frederic Jacobs’ analysis on gist , Belgacom is vulnerable to this vulnerability. The question which we would like Belgacom to answer is how much of Internet traffic from Mauritius is going through vulnerable Juniper equipment ? While, looking for a twitter account for the Mauritian branch, we found none. So, we decided to ask to Belgacom main branch, in the hope that they can explain to us what is the impact on the Internet in Mauritius. Our tweet : here .

    Let’s see where this lead 🙂

  • Tor Users in Mauritius

    How many tor users in Mauritius ?

    Tor is an anonymizing Network, which is free of access by anybody. It hides your Internet Traffic. It is used world-wide by Journalists, dissidents, and various groups. The question of the number of Tor users in Mauritius has been on the mind of hackers.mu for a while. We expect at most around, 200 Users at most. Upon looking at the Tor statistics, we realised that there are around 700 active Tor Users from Mauritius !! We were shocked ! URL here: Tor from Mauritius.

    Why is that number so high in Mauritius ?

    One of the first acts of Internet Censorship in Mauritius occured in 2007, when ICTA ordered all of the ISPs to block facebook. We believe that this caused people to get interested in technologies such as Tor that protect their online privacy, and prevent censorship.

    More cases of censorship ?

    It is very likely that we will see more attempts by the government of Mauritius to censor the Internet. ICTA has deployed a blackbox to block child pornography. However, the setting up of the blackbox was shrouded in secrecy as Internet Users were not invited to the public consultation. Hackers.mu has been advocating the use of Tor in Mauritius since day one, on top of our other initiatives such as promoting signal, an SMS/voice encrypted communication medium, which is easy to use. We have also sent patches to Tor & Signal to try to make those privacy tools better.

    Conferences about Freedom, Privacy and Security in Mauritius

    We would like to see more conferences about protecting the privacy of Internet Citizens in Mauritius. The government should implement measures to protect our privacy, as written in the Constitution of Mauritius. The High number of Tor Users in Mauritius is a sign that people feel that their privacy is not being respected by the Government of Mauritius.

  • Evaluating linphone (Part I)

    Feedback from France

    Jean Elchinger wrote to us arguing that promoting signal is not a good idea. Instead, he proposed the idea of linphone for encrypted voice calls. Hackers.mu decided to evaluate linphone, and see if we could recommend it to Internet citizens in Mauritius.

    What is Linphone ?

    Linphone is a VOIP application that relies on the SIP protocol. Optionally, it supports encryption. However, this is not enabled by default. You can use linphone over wifi or even across 3g/4g networks.

    Installation

    We grabbed linphone from Google Play Store. The installation went more or less smoothly. We had to create a SIP account, and wait for the registration mail. Once you confirm by clicking on the link in the mail, it takes a few minutes until your account is usable. [linphone could have implemented a “WAITING for account activation” instead of saying “account deactivated”. We found this slightly confusing]. Compared to signal, it takes longer to get up to speed. The advantage of linphone is that you can use the same client, as it supports MAC OS X & Linux.

    Encrypting our voice calls

    As we said earlier, linphone is closer to a VOIP client, and does not enforce, encryption by default. This requires users to go to settings > network > media encryption and selecting one of the options available.

    Voice quality

    We are waiting for other hackers.mu to create their SIP account to test the voice quality. This will be done in a future blog post.

    Source code quality

    When talking about online security, one of the first things hackers.mu does is to look at the source code, and see how well designed is the code. In the case of linphone, so far, we find the code to be quite good. We did suggest improvements to the randomization functions, and hackers.mu submitted a patch to the linphone developers. Geeky details here.

    Recommendation for the masses ?

    Will hackers.mu recommend linphone to Internet Users in Mauritius ? We could recommend it to technically savvy people who distrust Google. However, we feel that the UX & account creation process could be simplified further. Right now, signal is much more user friendly, and thus more suitable for massive user adoption.

  • BCP38 and Orange (Part II)

    More gruelling tests

    Yesterday, I was sitting behind a Linux-based modem. This time, I hooked my MAC OS X machine directly to the modem, and used the PPPoE client on the MAC to get a public IPv4 address. This has the advantage of eliminating any address rewriting by the Linux-based router.

    Refresher: What is BCP-38 ?

    BCP-38 is a recommended Internet Standard that essentially aims at eliminating Source Address Spoofing. This has been the cause of a lot of trouble lately on the Internet. A few days ago, A massive DDOS attack was launched againt the DNS infrastructure of the Internet. Had BCP-38 been implemented all over the world, we would see less of those attacks. Those attacks are crippling to the Internet, as almost any service (facebook, twitter, instagram) relies on DNS to work so that users can reach them.

    Orange and BCP-38

    Running spoofer for MAC again:
    >> CAIDA IP Spoofing Tester v0.8d
    >> http://spoofer.caida.org/
    >> Copyright 2015 The Regents of the University of California
    >> Copyright 2004-2009 Rob Beverly

    The results

    After running the test for a while, It gives you a URL which gives you a summary. Quoting from my URL :
    Test run at: 2015-12-15 01:54:43
    Test from: 41.136.240.95
    Test OS: OSX
    Sourced Probes: 93
    Can spoof private address no
    Can spoof routable address no
    Largest neighbor prefix that can be spoofed none

    Conclusion

    Surprisingly, Orange(Mauritius) implements a fairly complete BCP-38. It is not possible to spoof a number of IP addresses from within the Orange network. Orange deserves some praise for their level of BCP-38 🙂 As for other ISPs such as Emtel and Bharat, we are currently looking at testing their BCP-38 compliance level.

  • BCP38 and Orange (Part I)

    No stats on BCP-38

    I sent a mail this morning to query about the status of BCP38 in Mauritius & Africa on the afnog mailing list. I could not get any statistics concerning the adoption of BCP38 in Mauritius & Africa. After discussing the matter with various hackers.mu and SM (of the Mauritius Internet Users), I decided to look around for tools that help to measure source address validation measures from Orange, my ISP.

    What is BCP-38 ?

    BCP-38 is a recommended Internet Standard that essentially aims at eliminating Source Address Spoofing. This has been the cause of a lot of trouble lately on the Internet. A few days ago, A massive DDOS attack was launched againt the DNS infrastructure of the Internet. Had BCP-38 been implemented all over the world, we would see less of those attacks. Those attacks are crippling to the Internet, as almost any service (facebook, twitter, instagram) relies on DNS to work so that users can reach them.

    Orange and BCP-38

    I found a nice tool known as spoofer, which is part of a University project that aims at profiling the deployment of BCP-38 across the Internet. After installing the tool, i fired it on another terminal 🙂
    >> CAIDA IP Spoofing Tester v0.8d
    >> http://spoofer.caida.org/
    >> Copyright 2015 The Regents of the University of California
    >> Copyright 2004-2009 Rob Beverly

    The results

    After running the test for a while, It gives you a URL which gives you a summary. Quoting from my URL :
    Test run at: 2015-12-14 08:41:05
    Test from: 41.136.242.104
    Test OS: LINUX
    Sourced Probes: 93
    Can spoof private address no
    Can spoof routable address no
    Largest neighbor prefix that can be spoofed none

    Conclusion

    Surprisingly, Orange(Mauritius) seems to implement BCP-38. However, It might also be my router which is filtering spoofed addresses from my machine. Tomorrow, I will use a standard modem, and later I will hook it directly. My test tomorrow might reveal some interesting issues 🙂

  • nsd & crypto improvement

    NSD

    NSD is an open source implementation of an authoritative DNS server. It has a very good security record, and lower memory usage compared to ISC BIND. As part of hackers.mu quest to make the Internet better, we decided to look into NSD’s crypto related parts, and see how we can improve it for all of the NSD users in Mauritius.

    We came across cases of modulo biases in the form of arc4random() % foo. From a mathematical point of view, this causes a bias, causing the randomization to be slightly less random. This is NOT good :). Our patch uses arc4random_uniform() which is an iterative solution which reduces modulo bias. NSD took our patch and committed it:
    10 December 2015: Wouter
    - 4.1.7 release
    - trunk has 4.1.8 in development.
    - take advantage of arc4random_uniform if available, patch from Loganaden Velvindron.

    Another small step to make the Internet more secure 🙂

  • nsd & crypto improvement

    NSD

    NSD is an open source implementation of an authoritative DNS server. It has a very good security record, and lower memory usage compared to ISC BIND. As part of hackers.mu quest to make the Internet better, we decided to look into NSD’s crypto related parts, and see how we can improve it for all of the NSD users in Mauritius.

    We came across cases of modulo biases in the form of arc4random() % foo. From a mathematical point of view, this causes a bias, causing the randomization to be slightly less random. This is NOT good :). Our patch uses arc4random_uniform() which is an iterative solution which reduces modulo bias. NSD took our patch and committed it:
    10 December 2015: Wouter
    - 4.1.7 release
    - trunk has 4.1.8 in development.
    - take advantage of arc4random_uniform if available, patch from Loganaden Velvindron.

    Another small step to make the Internet more secure 🙂

  • Tor hardened memory allocator improvement

    Tor’s Hardened memory allocator

    Tor supports a hardened memory allocator from the OpenBSD project. OpenBSD’s memory allocator was designed to be heavily randomized. During the porting effort to make OpenBSD’s malloc work on Tor & non-OpenBSD platforms, arc4random() was replaced by rand(). A modulo bias is introduced by using “rand() % bp->free”. To reduce modulo bias, hackers.mu sent a patch to the Tor project. Ideally, we would be happy to see tor ship with an arc4random_uniform() implementation from OpenBSD. arc4random_uniform() was designed to eliminate modulo biases.
    Geeky details here.

  • Tor & randomization

    Introduction to Tor

    Tor is a piece of software which is used to remain anonymous on the Internet. Users can connect to the Tor Network, and all of their traffic is “hidden”. Tor is used by several group of people: journalists living in China, Police Officers for Undercover operations, whistleblowers, human right activists, and even military officers who are on remote mission.

    Mauritius & Privacy

    In Mauritius, none of the local ISPs have made a public statement for protecting the privacy of their users. This means that the Internet traffic of Mauritians is probably monitored. ICTA has a blackbox which supposedly blocks only child pornography. We do not know what else it can do. Hackers.mu (a group of Ninjas living in Mauritius) publicly encourages Internet Users in Mauritius to adopt Tor, particularly for visiting sensitive websites such as political parties, making comments on forums against the government, and also making the truth known. We encourage civil servants who would like to disclose sensitive documents to use TOR.

    Improving Tor

    On UNIX/Linux systems, Tor relies on the Operating System to provide it with a random source of data. It’s generally /dev/random. However, opening /dev/random implies keeping a file descriptor open throughout the course of execution of tor. If someone sandboxes tor for security, this weakens the sandbox. Someone who compromises a tor process can close the file descriptor for /dev/random, and open another file which is outside of the sandbox. Hackers.mu sent a patch to the tor project which takes advantage of a new API on Linux, which opens the random source in tor without the need for a file descriptor. This in turns leads to tighter sandboxing on tor, and therefore improves the security & privacy of tor users. A different patch by Y. Angel was committed to Tor to take advantage of the new API on Linux.

    Adoption of Tor

    It is our aim that Mauritian users adopt tor to protect their online privacy, and we will continue to work on improving the code to protect your privacy online! Happy Tor 🙂

  • Tor & randomization

    Introduction to Tor

    Tor is a piece of software which is used to remain anonymous on the Internet. Users can connect to the Tor Network, and all of their traffic is “hidden”. Tor is used by several group of people: journalists living in China, Police Officers for Undercover operations, whistleblowers, human right activists, and even military officers who are on remote mission.

    Mauritius & Privacy

    In Mauritius, none of the local ISPs have made a public statement for protecting the privacy of their users. This means that the Internet traffic of Mauritians is probably monitored. ICTA has a blackbox which supposedly blocks only child pornography. We do not know what else it can do. Hackers.mu (a group of Ninjas living in Mauritius) publicly encourages Internet Users in Mauritius to adopt Tor, particularly for visiting sensitive websites such as political parties, making comments on forums against the government, and also making the truth known. We encourage civil servants who would like to disclose sensitive documents to use TOR.

    Improving Tor

    On UNIX/Linux systems, Tor relies on the Operating System to provide it with a random source of data. It’s generally /dev/random. However, opening /dev/random implies keeping a file descriptor open throughout the course of execution of tor. If someone sandboxes tor for security, this weakens the sandbox. Someone who compromises a tor process can close the file descriptor for /dev/random, and open another file which is outside of the sandbox. Hackers.mu sent a patch to the tor project which takes advantage of a new API on Linux, which opens the random source in tor without the need for a file descriptor. This in turns leads to tighter sandboxing on tor, and therefore improves the security & privacy of tor users. A different patch by Y. Angel was committed to Tor to take advantage of the new API on Linux.

    Adoption of Tor

    It is our aim that Mauritian users adopt tor to protect their online privacy, and we will continue to work on improving the code to protect your privacy online! Happy Tor 🙂