ROL..Free Internet Continues...

..or at least for me.... here's how it goes.. squid did say the issue was resolved but i personally found it to be unresolved...

basic story: had an old cable modem.... i had hooked up to a mesco line and powered on ever since the free ROL issue came about... welll for the first week im pretty sure i didnt get a connection off it... so i assumed it was coz it was disconnected... or suspended.. (modem was previously issued by focus).. basically.. jus that.. NO CONNECTION....

fast forward to today... i dont know when it happened... i saw the CABLE lights steady..... which meant that it had got a connection.... hooked it up to a lappy... and.. bam... thats it... i was surfin all the way to digitalsquid.blogspot.com... :D

anyone else still gettin free net?

oh.. of coz.. screenshots.. look closely and u'll know that the the IP on the system here is in the range of ROL's IP Range.. so this is def.. ROL internet :).. not mesco's gaming system

posted by Daadi @ 12:03 PM 14 comments

Dhiraagu, WIFI....

Saw something like this outside jade bistro café, asked around.... well supposedly jade's wifi is actually their own... maybe they use a dhiraagu connection.

i wonder why dhiraagu is not setting up wifi hotspots...? male' is a relatively small place and for a company like dhiraagu it probably wouldnt be cost prohibitive... maybe they are already planning on rolling it out...

just a thought... just a thought.....

posted by Daadi @ 1:15 AM 13 comments

Dhiraagu Vandalism!

This was supposed to be a Dhiraagu add somewhere in Male'.
But no matter how much you hate Dhiraagu this is not the right way to go... although its funny i have to say :) . But again, please dont do this kinda stuff....cheers!

posted by Squid @ 2:56 PM 2 comments

Convert you Gmail a/c into an online Hard Drive.

But before swapping files or anything you need to change some settings in your or else all the files would be going to your inbox as attachments. So heres what to do

After logging into your mail account, go to Settings and goto Filters and create a new filter and in the subject put GMAILFS: ( by default all stuff coming via gmail drive places GMAILFS: infront of each filename). Click Next, and tick "Skip the Inbox(Archive It)" and also tick "Apply the Label" and and create a new label called "Archived Files" and create filter.

Thats it, you have a 2GB online hard drive. I have been using this for a while now and its been pretty handy so thought ill share it. If you need a bit more information on this, this comes with a neat helpfile as well.. so have a look in it or you can ask here as well.

posted by Squid @ 2:34 AM 3 comments

Been asked the question....

"Why do you guys at digitalsquid bother with this? you're only puttin yourself in harm's way.. u can't win against big companies like Dhiraagu... and wat do you get out of this anyway? its better to mind your own business.. "

one thing to make clear....this is not about winning or losing.. its not abt bringing down dhiraagu or any other company to its knees... we probably couldn't even if we tried....we have our own reasons and its def not to attack one company.. we try to be unbaised as possible.. and we'd like to think wat we say and discuss here.. makes a bit of positive difference somewhere... to real people... encouraging ppl to discuss their issues is always a positive step.. to improve on a public service... everyone has their own interest areas.. and ours just happens to be telcos and IT.....

as for listing the flaws that are found... our approach is that it contributes to faster fixes and better quality and secure services... what's wrong with that? listing a problem someone has dosent mean we hate them!... please get over that.. whoever thinks so... we don't hate ROL or wataniya or dhiraagu...

so.. jus thought i'd create a little poll an see wat the readers say... why we should or shouldnt be doing this... and of coz.. we'd love comments as well...

thanks...

posted by Daadi @ 10:06 AM 3 comments

WarDriving and WEP Cracking

After Wardriving through the main roads of Malé on a Friday late afternoon with my HP iPAQ 6365, I was able to find more than 100 wireless networks. Out of this more than 50% of the wireless networks are OPEN (even without the least bit of security). The rest was encrypted with WEP encryption which is known to be crackable.

Follows is a simple tutorial to crack wep using Auditor and a wireless card (Proxim 8470-WD).

Introduction:

This tutorial explains how to crack most WEP encrypted Access Points out there. The tools used will be as follows:

Airodump
Aireplay
Aircrack

As for wireless cards, i recommend any Prism , Orinoco , or Atheros based cards (i used the Atheros based card mentioned above).

Getting Started:

Let's see, First thing you are going to want to do is charge your laptop to the top (aireplay and aircrack drain the battery quite a bit) Next you are going to want to load up your favourite live CD (i used Auditor final) or Linux OS, then stumble across a encrypted WLAN, use Kismet to do so.

First off you are going to want to set your wireless card to the right mode, depending on what chipset depends on what commands you have got to use:

Since my Proxim card uses madwifi, I have to place the card in pure 802.11b mode first:

iwpriv ath0 mode 2

Then change the card into monitor mode

iwconfig ath0 mode monitor

Then bring the card up

ifconfig ath0 up


Going for the kill:

Open a terminal window and fire up Airodump to sniff the packtes.

airodump ath0 tocrack

Ok so now you have got a stream of packets from your target, you see the IV column, those are whats known as 'weak key' packets, we want as many of them as we can get (500k+ is a nice number, the more the better). Now we are going to capture a 'weak key' packet from on the network we are targeting and going to flood the Access Point with it in hope that we get lots of 'weak key' replies sent out so we can eventually crack the password. So now open another terminal window and execute aireplay

aireplay -i ath0

Here we are going to grab a few packets from the Access Point until we catch a 'weak key' packet which then aireplay will ask you if you want to use to then flood the Access Point with that packet. when it asks you if it can use one of the packets hit 'y' then return, but do not choose a packet with a destination address of FF:FF:FF:FF:FF:FF

If you flick back to your terminal with airodump running you should see the packets being captured will increase by a huge amount and with that the IV packets should also be increasing pretty damn fast aswell, if all went well in about 10mins you should have enough packets to then dump into aircrack.

Run aircrack to crack the wep from the captured file.

aircrack -q 3 -f 2 tocrack.cap

What i did there was set aircrack to read my packet file called tocrack.cap (what airodump creates). If all goes well you will get the key in a few mins.

This is a "lo-fi" version of the main content. To view the full version with more information, formatting and images, please click here.

Happy WarDriving.

Note: some portions of the texts of this article are copied from the WEP Cracking by UmInAsHoE.

posted by asoa @ 1:36 AM 11 comments

Lets have a hacking day!!!

Yes, lets do have one... but before you start screaming out at me for promoting criminal activities, hear me out.. :) i know this idea would most likely be stepped on, laughed about and sometimes spit on as well... but that happens all the time so wats the difference...

i was thinkin that huge companies like dhiraagu and wataniya an ROL who's data and network security is critical to them... should have a hacking contest.... u know organised networks security analysis if you will.... we all know all systems have flaws... but it can be mitigated

if you think about it.. the idea isnt so far fetched... my idea of how it should work... example: Dhiraagu..

lets say dhiraagu sponsors contest.. the aim of the contest is to find weaknesses and flaws within their existing system... internet, mobile, data, POTS, watever....u know.. get together a band.. some food.. a bunch of nerds, script kiddes and hardcore programmers, and the rest... make a party out of it... offer cool prizes maybe.. even cash and certificates.. job offers... even...for guys who find the weaknesses or faults within the existing system... THE ONLY CONDITION BEING.... that they have to tell dhiraagu HOW they did wat they did.. to get into the system.... so that they can fix it asap...

of coz the thought of leaving the data vulberable to these type of people would prolly make dhiraagu piss in their pants... hehe but well.. can always work around it if it were organised... and of coz is always much better when u can monitor what they are doing :) but just think about how much more secure their networks would be after lets say a week contintued attacks :)

of coz an extenstion of that would be.. to encourage people to come upto dhiraagu with flaws they find without going public or using it... in return for a reward for finding such issues... again... minimize damages caused.......

plz drop ur comments on this... :)

posted by Daadi @ 9:19 PM 17 comments

Major Dhiraagu E-bill flaw!!!!

It has been brought to our attention that there is a major flaw with the dhiraagu e-bill system, where an ebill user can view other ebill users bill details... our good friend Jaaheen informed us of this issue, and of coz furnished us with the 'proof of concept'..

of coz jaaheen who discoverd this 'loophole' was kind enough to bring this to our attention and we have been informed that senior staff of dhiraagu has been duly notified of their 'misconfiguration' and hopefully should be working on a fix as we speak..

for the post by jaaheen plz refer to his post here. thanks again jaaheen.. for giving us a ring...

in the interest of all parties concerned, including the innocent customers of dhiraagu, who's private telephone records should of coz remain private, we will not be publishing a step by step guide on how to grab other customers details (this is easier than the 5 step ROL free internet) .... altho we do know this is possible and it works.. the screenshots below show the logs we were provided less any personally identifiable information to protect the identity of the customer...

and if we do publish, the how to step by step guide before they fix it.... well it would be immoral... some of us have a bit of morality left in us even if dhiraagu does not..... and we know that this is not a problem of the customers.. and they should be spared of any 'inconvinences'...

it is just appalling that such major flaws exist in the system... it would be easier to accept something like this if this took any skill in the dark arts of hacking, programming, and software engineering... but this is something a 15 year old kid could do... Dhiraagu should be taking more care in setting up services for their customers, and i feel that it is their responisibility to ensure that such records are kept safe an that... just a few weeks back there was the proxy server issue.. and now this.???.... god knows how many other loophole are there waiting to be discovered...

or even worse.. wat if some already know of such loopholes and are keepin those facts to themselves? wat then? wat if some psychotic ex-boy/girl friend is keeping tabs on you? wat if your competitors check up on who your clients are? the possibilities are endless.........who takes responsibilty? isnt dhiraagu responsible for protection of customers data?.... to put in all reasonable effort to protect their privacy? dosent seem like they are doing what they should....

the bills are jus from random number plucked off the air.. an have no connection to each other in any way.. plz dont ask how to do this.. we dont wanna say.. we want this fixed.. of coz.. we'll keep u updated on any issues...

oh on a personal note to dhiraagu... this must be wat's called " divine retribution"....

UPDATE 12/12/05 : E- bill is back online after been taken down for repair :)

--------------------------------------
Disclaimer: This post is strictly for educational purposes only.. specially dhiraagu's... the lesson here... take more care in setting up your system, be a lil less arrogant, for you are also like the rest of us... imperfect....the next person to discover your flaws might not be as helpful as jaaheen, or we have been in pointing it out and screaming for a fix. the least you could do is send a thank you note to jaaheen.. or maybe jaa too.. while ur at it for pointing such issues out... not reprimand them for pointing out problems and asking for them to be fixed. everyone else, dont try this at home, office, or in the loo. obviously we can't take any responsibility for who's actions we dont know and puleeease... why should we take responsibility for dhiraagu's mistakes...? so we don't do that either, plus we dont like responsibility too .....oh..since this was all created from a dream jaaheen had.. this might not even be real... there is a spoon? maybe was a spoon? there is no spoon?...watever... an leave your comment.. we love to read the comments and the last one abt ROL internet was jus overwhelming :).. thanks for the support.!

posted by Daadi @ 10:27 AM 17 comments

ROL "loophole" fixed !! At Last

We have been informed a short while back that the free internet problem have been fixed today. I know there are a lot of poeple out there who are pretty angry at us as well.. hehe. but anyway, we will be posting an article VERY SOON with details of the whole "free internet" problem, what really caused it, why it took so long to fix it and why IT WAS a fault of ROL and NOT MESCO! stay tuned.

and thanks again for the wonderful comments by the viewers!

posted by Squid @ 4:03 AM 6 comments

Free ROL Internet in Male'

It has come to our attention that poeple can get free internet from ROL due to a flaw in their setup. It's stupid right? but we have tried it and it works and here are your free guide to free internet from ROL

Rumors are that N**** F**** has revealed to the public that ROL internet connectivity has a leak. We tried contacting him but he didnt response. Our investigation shows that ........

5 step free internet guide
(you need to have a a cable in your house which is provided by MESCO)

1. Buy cable modem. you can get it in most of the computer stores in male'.
2. Get MESCO cable connection in your house( this is if you dont have it currently)
3. Connect the modem to the cable.
4. Connect modem to PC
5. VOLA! free Internet.

hehe. yeah i know it seems so easy and me putting it in 5 steps and telling to connect modem to PC and stuff were stupid as well. But i just wanted to break it down into 5 steps so it looks cool.. anyway what the heck!

This to me is the biggest technical flaw in the history if IT in Maldives. from what i know the poeple at ROL are sweating buckets over this and still have not been able to find a solution :) and they are 24 hrs monitoring and disconnecting poeple who they THINK are doing this and in the process disconnecting a lot of paid internet users as well.

Btw All this is for educational purposes and we will not be taking any responsibilities on anyone using this technique to get free internet..hehe..anyway who cares, use it while you can, its not ure problem, it's theirs.. so happy surfing or shud i say downloading!









(p.s. if any of you have used this pls post a comment on the blog. thanks)

posted by Squid @ 3:02 AM 105 comments