IPv6 dream
When you contemplate the telecom companies around the world, and see their vision and preparation for moving to IPv6, you will notice a clear conflict and variation in opinions. Some of them claim they are 100% ready and it is a matter of switching from IPv4 to IPv6, while others are taking this very seriously and they are assessing their infrastructure and testing with their neighbors. In either directions, we belief it is not an easy job to do so, and it needs a wise planning, and an extensive testing for functionality, performance, advanced features etc. It is a very lengthy transition period whether they like it or not.
Apart from all this, it is obvious that the business sector is trying to get a big bucks out of this events, and they are warning the operators in order to convince them to buy their products. It is like a harvest season for an idea that has arise two decades before.
It is worth mentioning here one of the amazing projects called 6NET which took place between sixteen European countries in order to gain experience on how to deploy IPv6, and how to migrate IPv4 networks, systems, application into fully IPv6. The interesting thing is that the American companies are not as much interested as the European and Eastern companies in moving toward IPv6 technologies. This might be because they acquired enough IPv4 pools in early days, and they needs another one or two decades to consume it !
Anyway, I think it is very essential for us to understand IPv6 technologies, and get used to it, before even think to plan for migration. This will create a very good opportunity for technical people to practice, and witness a new era of the routing protocol. Hopefully one day we can export this experience to others, not the other way around as usual !
TrueCrypt
I have been looking for an encryption solution since long time ago. I was looking for a solution to encrypt the hard desk in case my laptop got stolen, or somebody expose my confidential information. I heard about too many solutions from computer companies (IBM ThinkPad, HP etc), but to be honest, I hate the closed source solutions especially in this area.
Today, I was listening to security now podcast, and I heard about an open source solution for hard desk encryption. It’s called TrueCrypt. The idea is you create a container file (volume), set a password, and then mount it to a drive letter. Any file you write to the encrypted volume will be automatically encrypted, and any file you read from the encrypted volume automatically decrypted. This means no decrypted file will be stored on the desk, and no file encrypted file will be loaded to the memory. The good thing in this solution is that not all parts of the file will be decrypted and loaded to the memory. Only small portion of the file will be decrypted and loaded, and the application associated with this file will start running this file portion, and at the same time will start loading the next portion.
Too many features in this encryption solution, you can find more information in
http://media.grc.com/sn/sn-041.mp3
Tags: encryption, Security, truecrypt
IE8 disclose user information !
Be careful when you print an html page into a PDF file. If you are using IE8, you author name, and document full path will be written in the file itself, not the file header or footer. This is a serious problem when in comes to privacy, not in the security. The user information will be completely revealed which might lead to revealing the user name, password, or may be the secret question or answer. Also, it has discovered that MS PowerPoint store the full storage path as well, but this can be disable in the Document Property tab.
lOndOn Trip
Yesterday I arrived to London to attend the broadband traffic management conference. It is not too cold (usually the temperature around 10 degree), but the wind make it very difficult to walk on the street.
Nonetheless, I like walking in this lovely city. They have a very organized walkways, and it is full of walking signs, and everybody respect that; even the kids ! I like their restaurants and fast food. I like eating in Pret. It is delicious, “just made” sandwiches. I like also their super markets. I have Sainsbury’s market just cross the street. It is full of fruits, juices, breads, biscuits bla bla bla.
I really enjoy being here. See you.
Black Tuesday !
Last Tuesday was extremely tough. I call it BLACK TUESDAY 
I spent my whole day a work trying to fix the problem, and reduce the impact of the disaster.
Let me tell you the story. It was very promise morning. I started the day by reading my email, and checking my calender to see which meeting I need to attend, and which homework I need to do. Every thing went fine till afternoon 3:00pm. All of a sudden, all internet went down, and no browsing in almost all users. It was a country wide problem, and every body started calling to check what was going on. We started our investigation by checking the DNS, and we found that it is not responding. We checked the number of requests coming to the DNS, and we found around 30k to 50k requests on each one (we have 4 DNSs in production), which is not normal. We tried to identify which IP is requesting all these requests, but unfortunately, the FW is showing normal DNS requests from internal customers (each one is requesting 5 DNS requests, which is normal). So, from the symptoms, it is clear that it is an internal DDOS attack. If this is the case, it is very very hard to fix it, since you don’t want to block all your customer !
After we tried almost everything, and we fail over to Jeddah DNSs as workaround, one idea came up by one of my friend. Do we have a stable DNS version ? We checked the version and it was ISC BIND 9.5.1 P1. The surprise was it is a vulnerable version !!
Denial of service: Remote attackers can crash vulnerable systems.
We all shocked by this fact ! we spent hours trying to investigate in the wrong direction, and we never thought about the DNS version, or security issues !! It is really very important to start checking your security before anything else. Once we know this information, we downgraded the DNS to version 9.3.6, and every thing worked just fine.
I really learned a lot from that night. Thanks to my friend Abdullah, he was the hero of the black day 
