Digital Squid

Wataniya's fibre optic cable

noreply@blogger.com (Squid) — Mon, 08 Jan 2007 03:52:00 +0000

when? where?

New Year Promotions.

noreply@blogger.com (Squid) — Sun, 31 Dec 2006 15:24:00 +0000

first of all HAPPY NEW YEAR to everyone..

With the new year, The telecom companies are coming up with new year promotions and the first thing which have grabbed my attention currently is the reduction in price of all mobile to mobile calls for the first few days of 2007.

DHIRAAGU have announced that from 31st December to 3rd of January;

Postpaid customers can talk at 0.90 Rf per minute.
Prepaid customers can talk at 0.99 Rf per minute.

Note: * both fnf nominated numbers at 0.77rf for Postpaid and 0.84 for Pre paid.
* Applicable to same network calls

WATANIYA have announced that on 2nd, 3rd and 4th of January from Midnight till 1am, all call charges will be reduced by HALF.

Postpaid customers can talk to as low as 0.28 Rf per minute
Prepaid customers can talk to as low as 0.35 Rf per minute.

Note: * Applicable to same network calls.
* Price will vary between different talk plans

ROL Back Online

noreply@blogger.com (Squid) — Fri, 29 Dec 2006 18:35:00 +0000

This is just to inform that ROL is back online and working fine. However more questions still await to be answered... like.. is this permanent? is everything fixed? where does ROL go from here? do they change their service structure? what if somethign happens tommorow? do all customers still need to pay the full monthly bill this time around as well ?

anyway... i'm not being too harsh on them. we shoud actually give them credit as well. The service have been restored within almost 3 days time. so thank you for that *with a pat on the back* !

ROL - Focus Infocom Internet Services DOWN!!!

noreply@blogger.com (Daadi) — Wed, 27 Dec 2006 06:27:00 +0000

It has come to out attention that ROL ( Raaje Online provided by Focus Infocom) services are currently down.

The services seem to have affected ROL's ability to provide internet services to the country. Currently it is being reported they are unable to provide internet access to any of their customers.
In addition to this wataniya , who has teamed up with ROL for their data services ( GPRS and WAP) are also unable to provide their customers with internet access.

Dhiraagu's connection is still up, possibly due to multiple connections they have in place to the internet backbone. That being said there are some issues connecting to Singapore and south/east Asian sites with Dhiraagu as well.

The cause of this outage is being attributed to the Taiwanese earthquakes that struck yesterday. Internet service in Asia slowed down after three earthquakes hit southern Taiwan yesterday according to (http://www.bloomberg.com/apps/news?pid=20601087&sid=aYHaxhLE4rr0&refer=home) and could possibly take weeks to repair those links.

taken from http://www.internettrafficreport.com , the graphs below show that Asia region's connectivity has deteriorated to a very bad state.

ISP's, Banks, and other Institutions with rely on the internet for it's operations have been affected in the region

Although the cause of the problem was a natural disaster, it is evident which ISP is better prepared for a situation like this. Dhiraagu is also be affected but the impact is minimal compared to Focus Infocom's ROL services.

Is it a better indication of who is a better ISP? Remains to be seen.

DSCN project cost USD 20 or 27 million?

noreply@blogger.com (Squid) — Sun, 24 Dec 2006 04:08:00 +0000

Theres been a lot of talk going on about how much did Dhiraagu really invested for the Dhiraagu Submarine Cable Network (DSCN) project… in some websites it seems the project is USD 20 million,

http://www.slt.lk/data/investor/07announcements.asp
http://www.weerawila.com/Financial/464.html

While Dhiraagu claim it’s a USD 27 million dollar project.

http://www.dhiraagu.com.mv/newsdesk/index.php?newsid=561
http://www.digitalmediaasia.com/default.asp?ArticleID=19822
http://lw.pennnet.com/news/display_news_story.cfm?Section=WireNews&Category=&NewsID=142031

So people have asked me, “ how come SLT says 20 million and Dhiraagu say 27 million?” … to be honest, I am not too sure… but I just wanted to give my view on why the confusion has occurred..

Dhiraagu’s submarine cable landed in Hulhumale. However, additional domestic links were established between Hulhumale and Male', Male and Kaafu Villingili and finally the cable connecting the two atolls, Laam and Gaaf Dhaal. And in their press release, Dhiraagu have mentioned that the links established between Laamu Gan and Gaafu Dhaal Gadhoo is the final phase of DSCN project's marine work.

So maybe, the additional 7 million Dhiraagu mentions could most probably be for the first domestic inter-atoll submarine cable.

You can get more information on their press release and DMA news.

http://www.dhiraagu.com.mv/newsdesk/index.php?newsid=560
http://www.digitalmediaasia.com/default.asp?ArticleID=20038

Nail Down Your Connection Speed!! Dhiraagu Unlimited Package Review

noreply@blogger.com (Daadi) — Wed, 20 Dec 2006 04:20:00 +0000

So it has been a while since Dhiraagu released its "Unlimited" adsl package. The first package from dhiraagu to be so. Many of us were very excited about the package being launched and rushed to sign up screaming "weeeeee... unlimited internet.... finally!! "......oh how wrong were we!!!

Dhiraagu's old 256kbps home user package the 'baraboa' one supposedly had a contention of 1:200 as so it was mentioned on dhiraagu's website as well as TAM. the new Unlimited package is supposed to have a contention of 1:75 according to TAM (http://www.tam.gov.mv/articles.php?artID=69) of coz the lower the contention the less sharing is done between users... well at least thats the way it usually is. wonder if i have this all wrong.

i do know dhiraagu has been very explicitly stating that the connection speed is not guaranteed.... no kidding!!!??? the connection i try to use seems to have a data cap set on it!!! or maybe its just my imagination.......

the above is just for HTTP downloads, starting at 1 something in the AM going on till well 7 AM. reason i used HTTP is, coz its most likely that all other protocols will be limited or http will be prioritized. i donno wat. but the fact of the matter is using a few download accelerators , coupled with normal http downloads pointed at different ends of the web, i've been tryin to sqeeze my connection to the limit. somehow it seems to be stuck at 30Mega Bytes per hour or less... it just dosent seemt to go any higher? is this just me or anyone else tried it?

hmm lets seee it usually averages around 28-30 per hour so.. lets jus say 29 MB as an average...(up and down)

29MB x 1024 = 29696KB x 8 = 237568 kbits / hour

237568kbits / 3600 seconds = 65.99kbps.... or 8.24 Kbytes /sec

(probably around 64kbps if you account for uploads)

did i get that right? any calculation errors? my bit to byte converter might be a bit rusted but if i got that right the average connection speed i get is around 64kbps

i donno.... is it just happening to me? does it seem fair to advertise a package as 256/64 when the average speed one receives is around 64kbps....

non guaranteed or not!! this isn't exactly any better than what focus used to offer.... and isn't useful for nythin other than surfing or chatting... if thats your cup of tea.. then ur better off with the 1GB baraboa package as its unlikely ur gonna exceed the usage with browsing or chatting, plus it's faster..

anythin more than that, like skyping, webcam, jus too slow to be even bloody useful......

well dhiraagu, jus have to say it's a disappointing package. but guys with enuf patience can put on their download accelerator shoes and maybe skim a few gigs of data off a month.... (don't even bother with torrents.... protocols other than HTTP seem to be on some limiter)

Dhiraagu's Fibre Optic Cable or Submarine Satellite?

noreply@blogger.com (Squid) — Wed, 13 Dec 2006 11:22:00 +0000

Yesterday was supposed to be a memorable day for all of us… do I need to say it again? … ok if u say so..

Yeah DHIRAAGU ( dhivehi – raajeyyge –gulhun) supposedly launched the first submarine cable in Maldives… happy aren’t we? But for what…. Yes, for cheaper and more superior quality service… and I’m not saying Dhiraagu’s submarine cable is not going to take any of those away from us… hopefully, a submarine cable is got to do what a submarine cable’s got to do right?

Ok back to my point… I just want to take notice on some minute details I came across in the whole launching of it..

Did it really happen? Did the first call made via the submarine cable get disconnected TWICE?
Ok… it did really happen… and think abt it.. if I did not know any better I would be saying.. “ is this the quality submarine cable brings?” … coz I can call a friend of mine in Singapore on my skype phone on dialup and still have a better conversation..

Something bothered me and I tried to get a bit more information and it came to my attention that the call was NOT made through cable BUT via SATELLITE… but they said it was fibre optic cables at the end of each sentence eh… and after calling 123 numerous times last night.. and got hold of her (after waiting IN LINE for 10 minutes) at around 2045hrs.I was even able to get the lady over there to agree with me on this as well…

So how come Dhiraagu “so called” launched a product which did not really exist in the first place… I mean yeah they have the cable in Maldives now and it’s going to work as well for sure… but just because Wataniya was going to launch their cable sometime soon , Dhiraagu wanted to FAKE a whole event JUST to TOUCH MALDIVES first.

Hopefully Dhiraagu’s services will be able to make best use of the fiber optic cables soon, but today at this second.. I don’t think so… throughout the whole ceremony they were only able to say.. WE WILL, WE CAN, WE COULD and more of WE WILL… but there was not a single WE HAVE…. Mere speculation, which in fact would mostly be true to be honest.. but as a customer I would have loved to see something there…. ( but remember… its not fully functional so can’t happen)

Anyway back to the point… having a ceremony saying “official launch of the Submarine Cable” and not showing us anything of the submarine cable.. and faking a whole conversation with the president, claiming it was the first call made through the cable abroad, while in reality it was a normal satellite call.. it’s a bit funny isn’t it…

It’s not funny actually.. it’s just another tactic to ‘andhun alhuvaning” the general public… simple as that ..

Dhiraagu Set to Reduce Internet Prices

noreply@blogger.com (Daadi) — Wed, 13 Sep 2006 18:31:00 +0000

Guess it has been a while hasnt it?

Anyways jus a lil update on whats going to happen to dhiraagu's internet prices in a bit. TAM has recently released the tarrifs for dhiraagu's products such as dedicated internet access , national leased lines, a totally new ADSL package with a price cap and their wifi hotspot usage fees.

The dedicated internet access reduction will have little intrest for most ppl ( coz they are mostly targeted to large corporations and such. but i can tell you it offers significant reduction in prices.
details as on http://www.tam.gov.mv/articles.php?artID=67

what is more interesting is the price capped ADSL packages, 256/64 speeds with 1:75 contention as compared to existing 1:200 on the home ADSL (baraboa) package, starting at MRF 430 and Price Capping at MRF 690. Beautiful!!!! looks better to me than the focus 64kbps connection.. :) cheers... just hurry up with the formalties and get on with releasing the package.... we'll be lining up in front of the door.... finally an 'unlimited' ADSL package.... yay

(link http://www.tam.gov.mv/articles.php?artID=69)

wifi rates for dhiraagu hotspots are out.. i can't say i'm thrilled with the rates... MRF 10 for half an hour? 30 for 2 hrs... thats a bit too much isnt it?.. i really don't think i can afford to get online with dhiraagu wifi.. targeted at travellers maybe?... too bad.. i was dreaming of sippin a coffee at westpark an typing up stuff for the blog....

(link http://www.tam.gov.mv/articles.php?artID=68)

anyways.. dhiraagu.. cheers.. good on ya.. lets see what focus infocom can do... personally i think that ADSL package would be very very competitive to the starter 64kbps package offered by focus infocom for 650 bucks. for an additional 40 bucks you are probably going to get a better speed an a more stable connection.

toodles

Nation-wide Wireless Network in Maldives

noreply@blogger.com (asoa) — Wed, 13 Sep 2006 14:25:00 +0000

Are you planning to deploy a Wide Area Network? Would you like to do it in the shortest time possible, with as less hassles as possible for deployment and at attractive costs?

Welcome to smartBridges. The preferred solutions partner for deploying Wide Area Wireless Networks.

Imagine covering an entire island with cables and wires. Possible, but it would take months, if not years. It would cause huge investment for deployment. Add to it, the cost of equipment and most would be ready to give up the idea. Now try to repeat the same for 200 islands!

The government of Maldives was facing a huge challenge when it decided to leap frog and provide Internet access to the all the people. The immediate answer was wireless. But, the question is, how to achieve this? The wireless market is flooded with products, but most of them focused on “Indoors” applications. The option of using indoor devices, with long-range antennae does exist. However, is this the right solution?

The island of Male required a complete wireless solution deployed across the city. This would give instant broadband access to users in offices, homes, schools, Government offices etc. Visitors, consultants and tourists to the island who carry laptops with either built in WiFi or as an add-on, would also have the ability to connect to the open node free of charge for the duration of their stay. Local Internet users would find the wireless features useful as more areas are covered with the airPoint PRO Outdoor, and users who may be in the more congested telephone circuit locales would also benefit from the new technology.

Further, it was also required to connect the various islands. The sea in between made it very difficult to lay cable/ wires for achieving network connectivity. Moreover, there were the questions of salt water, moisture, extreme weather to be answered.

To such a complex requirement, smartBridges presented the right solution – the Outdoor Wireless. No Other company has such a complete range of outdoor wireless products as smartBridges. The airPoint PRO outdoor span the area with their coverage, thus bringing entire island together on a single network.

High Speed, high reliability and High ruggedness make the smartBridges solution an absolute fit for deploying long distance networks.

Encased in a weatherproof NEMA 4X box, the rugged airPoint PRO Outdoor is indeed the best solution for the Island, for it easily withstands the frequently harsh weather conditions of high rain, winds and tropical heat! Built to withstand temperatures ranging from -40 Deg C to 65 Deg C, the airPoint PRO Outdoor is the perfect solution for this tropical paradise.

smartBridges covered the entire capital city island of the Maldives with its solution. The whole island is spanned by the wireless network equipment from smartBridges. airPoint PRO Outdoor and airBridge are placed at strategic locations all over the island. Now the race is on to cover the rest of the islands and also provide backhaul links amongst the islands.

Why smartBridges solutions?

* Easy to Deploy and Install
* Easy to manage- remotely!!
* Extremely rugged and reliable
* Low power requirements
* Quick ROI

The above article was taken from the smartBridges website

Is anybody aware there is a Nation-wide Wireless Network in the Maldives or the so called 200 island wide Hotspot in the Maldives?

Definitely I was not aware. I was aware there are some smartBridges and airPoint PRO equipment throughout Male' during my various analysis projects but was not aware of such a 200 island wide Hotspot as mentioned in the customer success stories on smartBridges website.

Dhiraagu vulnerable to Social Engineering

noreply@blogger.com (asoa) — Thu, 01 Jun 2006 07:02:00 +0000

This is the details of a social engineering attack pulled on Dhiraagu (for a good cause again).

What is Social Engineering?

Social Engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he is not, or by manipulation. As a result, the social engineer is able to take advantage of the people to obtain information with or without the use of technology.

The texts in italics in this article are extracts from the book “Art of Deception” by Kevin D. Mitnick that gives you details of the tricks of social engineering attacks used in the case.

A friend of mine has called me to help him with his ADSL connection which keeps on dropping the signal every 2 seconds. They have recently moved to this new building and Dhiraagu has moved their ADSL also to this new building. I went to meet at him around 17:30 hrs on a Thursday.

I asked my friend for the username and password of the ADSL router which he has in order to find out what could be wrong. He didn't have that information as usual with most of us who doesnt keep those type of information in a safe place. I then asked him whether he has the ADSL username and password in case if I have to reset the router back to factory settings to access it. He didn't have that either.

I called up Dhiraagu 123 from my mobile (which has no relation to the address where the ADSL was connected) and directly told the guy that I don't have my username and password of my ADSL connection and the only information which I can give him is the address where the ADSL is connected to.

The Direct Attack: Just Asking for It

Anybody gutsy enough to call and claim to be the owner or whatever will likely to be taken at his word. Unless it’s obvious that he doesn’t know the terminology, or if he’s nervous and stumbles over his words, or in some other way doesn’t sound authentic, he may not even be asked a single question to verify his claim. That’s exactly what happened here with the support person.

The guy looked up the database and simply gave me the username, I then asked for the password, he gave me the same. Then I asked him for the username of the ADSL router (which Dhiraagu provides), he gave me the username and password for the router too.

The Direct Attack: Just Asking for It

Many social engineering attacks are intricate, involving a number of steps and elaborate planning, combining a mix of manipulation and technological know-how

A skillful social engineer can often achieve his goal with a simple. Straightforward, direct attack. Just asking outright for the information may be all that’s needed—as you’ll see.

Knowledge of a company’s lingo, and of its corporate structure—its various office and departments, what each does and what information each has—is part of the essential bag of tricks of the successful social engineer.

What if somebody uses Social Engineering to harm these organisations and its customers?

ROL :: NO TERMS & CONDITIONS ??

noreply@blogger.com (Squid) — Tue, 02 May 2006 15:34:00 +0000

For the past 3 weeks I have been trying to get hold of ROL’s “terms and conditions” which I believe is something which each customer SHOULD be having.

Unfortunately I haven’t been successful and from my knowledge there are NO such documents in ROL. I will point out a few interesting facts I have come across while trying to get hold of this document from ROL!

Broken Links in the Website
The links for “Terms of Use” and “Privacy Policy” does not work

No Reply to email
It has been more than 2 weeks since I have sent an email to almost all the email addresses which were posted in contact us page in ROL’s website.
http://www.rol.net.mv/contents/Contact-Details.php

Telephone calls
Several telephone calls have been made to ROL and the girl who answered the phone had no idea what these documents were. So had a fun time trying to make her understand what they were for 5 minutes or so every time a call was made. Hehe. I asked to be passed to a senior personel and not once was able to reach anyone who was willing to answer me since they were all too busy at that moment or too busy at a meeting.

And while I was discussing my frustration with a friend of mine, unsurprisingly he also had the same problem. He was told that the copy was with their legal adviser for modification and that no applicable T&C is available at the moment. If i was him I would have brought to their attention that the availability of the currently practicing copy of the terms & conditions is a customers' legal right

So the question I ask out loud is that isn’t it a LEGAL RIGHT for each customer to be given these documents when applications are made? and ALSO for the fact that the application form asks the applicants to sign saying they understand the terms and conditions.

Lets see how the public reacts to this issue, somehow legally I think there is an issue when ROL makes the customer signs stating that they agree to these terms and conditions, but when they request to view these terms and conditions, they can’t have it? This is unacceptable on many levels and TAM as the regulating body should take action against ROL.

In comparison, that the T&C and the applicable usage policy of dhiraagu internet service is readily available on their website

I urge anyone who uses focus to file a complaint with TAM at their hotline on 332 3344, or email them at secretariat@tam.gov.mv

Comments for the Telecom Policy 2006-2010

noreply@blogger.com (asoa) — Thu, 27 Apr 2006 07:06:00 +0000

Telecommmunications Authority of Maldives (TAM) has recently opened Telecom Policy 2006-2010 for public comments. Since I am commenting for it, thought I would also share my comments with the viewers of the DigitalSquid blog to see their ideas as well.

The draft for this policy can be downloaded from TAM website.

Comments for Maldives Telecommunication Policy 2006-2010

The Introduction of this policy is basically the same thing from the policy of 2000-2005. I believe the past 5 years has brought enough change for us to write a better introduction than this.

Objective 1.1: Implement “one service one tariff” concept.

Even though the following action under the following objective was there in the policy of 2000-2005 to abolish the difference in telecommunication charges, we are at 2006 still studying the commercial impact of abolishing these differences.

Objective 1.1: Reduce the disparity in telecommunication charges between Male and the rest of the country.

Action 1.1.1: Abolish the differences in telecommunication charges among all inhabited islands, within a period of 3 years.

This action needs to be taken immediately and the difference in telecommunication charges to be abolished rather than studying the impacts of it for another 2-5 years.

Objective 3.3: The regulator should have a converged role of regulating IT and telecommunications.

I believe the following action should be added.

• The regulators skills should be enhanced for them to meet the challenges in regulating the operators.

The regulator should have enough people trained on the aspects of IT as well as telecommunications to properly regulate the issues. Unless there are trained people from these aspects, the regulator would not be in a position to properly regulate anything. People who knows IT / telecommunications should be there rather than some Management gurus who doesn’t have the knowledge or experience of IT and telecommunications. It should be more of a technical management than any other type of management.

Objective 4.2: Increase infrastructure competition

Action 4.2.3: Assign certain frequency bands as license free bands and allow installation of infrastructure for individual and scientific / experimental purposes.

- Assign the entire FCC assigned license free ISM (Industrial, Scientific and Medical) and Unlicensed National Information Infrastructure (UNII) bands as license free bands and allow them to operate as per FCC regulations with power outputs and spectrum usage.

- Assign the Military whatever frequencies they require and keep the scope to move the existing operators in these frequencies to another unallocated frequency block depending on the requirements. Everywhere else the Military is on top of the priority list and gets what ever they want before any others get a chunk of the spectrum. They should be given priority, as they are our protectors.

Even though the following action under the following objective was there in the policy of 2000-2005 for the management of the Internet domain names of the Maldives, the action has not been taken to this date and it was not even mentioned in the policy of 2006-2010.

Objective 4.2: Make available resources required for the telecommunication operators.

Action 4.2.5: Assign the Regulator with the function of registration and management of the Internet domain names of the Maldives.

The .mv domains or the Top Level Domain (TLD) for the Internet domain names of the Maldives is still under Dhiraagu which is just one of the operators.

The .mv is also believed to be the most expensive TLD which costs around USD 93.39 / year with .tv next to it with USD 34.95 / year. This could be one reason why most of the people wouldn’t want to go for a .mv domain.

The Regulator could take a small fee such as USD 0.25 / domain to maintain the list of domains as ICAAN does for most of the TLD’s and let the Operators, ISP’s and other registered / accredited Domain & Hosting companies to play the role of registration and management of the Internet domain names of the Maldives.

Objective 5.1: Increase awareness of telecommunications and ICT

ICT seminars should also be added to Action 5.1.3

Also another point should be added to encourage to form local ICT groups and to support them to conduct various ICT programs to create awareness among the public.

I welcome comments to my article as well as comments to the Telecom Policy 2006-2010.

Digitalsquid is back!

noreply@blogger.com (Squid) — Sun, 23 Apr 2006 06:40:00 +0000

This is just to inform to any reader that we are back and we will be doing our best to bring u the latest news and updates on issues which we find interesting in the IT/Telecom sector in Maldives.

Due to some problems (a.k.a "being busy" and "lazy"), we have not been able to update the blog and have recieved numerous complains from poeple.. hehehe.. so thats abt it, we r back and hope u like what we have to say, if not, just have a say and make a comment or even send a mail .. Or even if you wanna be part of it, you are more than welcome to join us.

Also, this time around, we are planning to look at the media/multimedia sector in Maldives as well as much as we can.

And again to make things clear to anyone who is interested in reading these... we are NOT against ANY person, or company or whatsoever... we are just a coupla poeple who wants things to change for the better in Maldives ( in our related fields that is ) .... we arent writing stuff anonymously... we just want poeple to know the issues and everyone has the right to know whats effecting them , dont they .

so cheers and have a nice day

note: now www.digitalsquid.org will be working as well.. so no need to use http://digitalsquid.blogspot.com everytime ...

The People of Baa Atoll are lying - Wataniya

noreply@blogger.com (asoa) — Sat, 22 Apr 2006 09:03:00 +0000

On February 16, 2006 TAM Calls for feedback on Wataniya Coverage and to complement this work, TAM was collecting information on the coverage and quality of Wataniya’s mobile service. The information was collected via a 24 hour recording hotline, the telephone number of which is 3322 050.

People from a number of islands have called into the hotline to give their feedback, the bulk of which relates to coverage issues or “Range Problems” as they are commonly referred to as.

Details of Complain Calls to TAM Hotline

Due to numerous complaints received from customers, during the feedback programme, TAM requested Wataniya to investigate the matter.

As a result, Wataniya conducted the following study on Baa Atoll to check the voice and GPRS signal coverage and quality. According to Wataniya, these tests covered voice and GPRS samples in islands of Baa Atoll.

Complaint Investigation Report on Baa Atoll by Wataniya

Wataniya's Report clearly says that out of the 9 complaints from the 9 islands, 8 are faulty complaints meaning that the People of Baa Atoll are lying. This is one of the greatest joke I ever heard. One day Wataniya's lie detectors will claim that the whole Maldives is lying.

Cream of IT or the Cream of Chicken Soup?

noreply@blogger.com (Squid) — Tue, 17 Jan 2006 08:30:00 +0000

Disclaimer: the following contents are from an email received by one of our readers who happens to be anonymous (aren’t they all?), apparently had a go at Focus Infocom. The email is presented in its entirety on this blog, and does not present any view, options or involvement by digitalsquid blog. The events presented in the following article may or may not be true and we cannot confirm it at the moment but it is interesting enough for us to present it in the blog for comments by our viewers and what they think. Further this mail has relevance to one of our articles in this blog titled "How Secure is ROL's high speed network? How Secure is your Data?" which is again one reason that the email is published. We stress that this email is published purely for discussion, and if actual , and if actually happened, maybe someone at focus infocom or anyone else might be able to shed light on the issue. Of coz we do not recommend that anyone tries this at home or elsewhere to see if it works. Comments are highly welcomed, but any comments that are directed personally and irrelevant to the topic will be removed.

--------------------------------------------------------

A previous article here has clearly hinted the real vulnerability in his article about the ROL's security issue. The dumb and the dumbers did not get an idea of what he has pointed out. Instead they pulled his tail taking some webserver issue and log2space issue which was not the real vulnerability or the security issue. After reading the article i thought i will give some try to see if it is true or close to true and to my amuzement, The ROL's network equipments can be managed by just anybody using SNMP.

Managing the Interfaces of the Routers! (Images are self explanatory in most cases)

A peak at the virtual pptp interfaces. The numbers beginning with ROL are ROL pptp usernames.

Tried to see if the interface can be disabled. Success!

Disabled

Re-enabling the interface.

A glance at the traffic statistics of the pptp users.

A glance at the interfaces.

A glance at the system info.

Trying to disable Rahul’s pptp interface.

Succeed!!

Disabled

A glance at the system info of the linux machine.

Disabling first Ethernet interface

Disabling second Ethernet interface.A peak at the Cable Routers & their interfaces. The disabling of this interface led to lose the connectivity to JSAT side of the ROL’s network. At least it took them more than 4 hours to bring the network back to normal.

A glance at the interfaces.

A glance at the ARP info.

Still more glances at the ARP.

Disabling the upstream interfaces of the cable routers

Disabling the internal interfaces (fbus1 and fbus2) and upstream interfaces and downstream interfaces.

I hope ROL fixes this problem at the earliest

How Secure is ROL's high speed network? How Secure is your Data?

noreply@blogger.com (asoa) — Fri, 13 Jan 2006 22:20:00 +0000

A boring week with nothing much to do or to celebrate, I connected a RF splitter to the J-SAT cable at our home to split the CATV cable and connected a cable modem. The cable did not lock as the power was way too low due to the splittings. We had another cable from MESCO which doesn’t have any splits. So I just split that into two and then connected the cable modem. Bingo, my modem signal is locked. Before I go any further let me try to give you all some info about the type of VPNs ROL uses now.

ROL is running on PPTP-VPNs now! What is a PPTP-VPN?

PPTP VPNs offer legacy authentication mechanisms such as PAP, CHAP, MS-CHAP, and MS-CHAPv2, with the strongest being MS-CHAPv2. MS-CHAPv2 is also used in Cisco’s LEAP and EAP-FAST phase-0. MS-CHAPv2 can be broken using the ASLEAP cracking tool for Linux and Windows. A tutorial exploiting the weakness of PPTP-VPN with Asleap and Auditor can be found here

PPTP tunnels use an IP connection to form an encrypted tunnel for data transport. The tunnel has its own IP subnet (in the case of ROL, 202.21.*.*), and after the tunnel is formed between client and server, a static route is entered into both hosts so that all future data traffic is sent through the tunnel. However, the original IP subnet (in the case of ROL on jsat cable, 10.99.*.*) on the Hybrid Fibre Coax (HFC) network can still be used for data transfer, such as port scanners and other hacking tools. The high-speed connectivity over the HFC network not only makes it quicker, easier and cheaper for customers to get the service but also enables Whackers (black hat hackers) to enjoy a number of open ports and services that are in the pipeline. Without a personal firewall in place, the client and server devices are still open to IP attacks.

PPTP uses Microsoft Point-to-Point Encryption, which uses the RC4 stream cipher. While MPPE-128 is a reasonably strong encryption scheme, it’s the authentication mechanism (MS-CHAPv2) that makes PPTP weak.

Connecting to ROL HFC Network:

Then I connected an Ethernet cable between my laptop and the modem and got an IP from the 10.99. range (original IP subnet). Fired up Nmap to see if there are any open ports and found some machines with port 80 open, ran Firefox and connected to one of those machines. Firefox brought me to a web page of some sort of web server called WAMPP with access to a MySQL database. I was even able to create my own databases without any authentications. Could this be a machine of an individual user? Could this be a machine of ROL? I leave it for the readers to do their own research and find out for themselves. (Hint: There are other interesting ports too!)

Before turning my mind to other interesting ports. I got stumbled into ROL’s Subscriber Management Software which runs on IP 202.21.176.234 externally and IP 192.168.50.1 internally. They run really interesting software called Log2Space from Spacecom Technologies Limited, India. Those of you who are interested in learning how this software works could see a demo of it on the Spacecom website. Click here for a demo.

Did some further scanning and ran a couple of tools by pressing keys and buttons here and there and I couldn’t even believe my eyes on where I end up. Where was I walking into wearing the dark black court? In fact I was in a position to map the whole network with more than 20 different segments and was also in a position to throw off individual users or a whole bunch of users from the network by pressing a couple of buttons. For those of you who are interested in the logical design of the ROL network may download this Visio network map of ROL.

For a second I thought, is this the security we talk about? Is this the industry standards and practices that ROL follows as required of an ISP (Internet Service Provider)?

A word to the tech team at ROL: Don’t mislead your Managing Director in to thinking that you have the best security that is up to the industry standards. Humans do make mistakes. Humans learn by their mistakes. So admit your mistakes to your boss, get the issues resolved internally or externally and then learn from that experience rather than trying to hide the facts and mislead your own boss. If you mislead him, he will unknowingly mislead the general public.

Some of us might think that we need a rocket scientist who has a law degree to perform such a task but in reality somebody who has a little bit of networking knowledge with a few network tools could perform such a task in a few minutes.

Dhiraagu Mail Server Issues/ Focus VPN...

noreply@blogger.com (Daadi) — Tue, 03 Jan 2006 05:28:00 +0000

Just an update.. dhiraagu is appreantly having some major issues with their mailservers.... focus is implementing VPN for all its customers.. no more free internet...more on these issues sooon...

ta for now

ROL..Free Internet Continues...

noreply@blogger.com (Daadi) — Sat, 17 Dec 2005 20:03:00 +0000

..or at least for me.... here's how it goes.. squid did say the issue was resolved but i personally found it to be unresolved...

basic story: had an old cable modem.... i had hooked up to a mesco line and powered on ever since the free ROL issue came about... welll for the first week im pretty sure i didnt get a connection off it... so i assumed it was coz it was disconnected... or suspended.. (modem was previously issued by focus).. basically.. jus that.. NO CONNECTION....

fast forward to today... i dont know when it happened... i saw the CABLE lights steady..... which meant that it had got a connection.... hooked it up to a lappy... and.. bam... thats it... i was surfin all the way to digitalsquid.blogspot.com... :D

anyone else still gettin free net?

oh.. of coz.. screenshots.. look closely and u'll know that the the IP on the system here is in the range of ROL's IP Range.. so this is def.. ROL internet :).. not mesco's gaming system

Dhiraagu, WIFI....

noreply@blogger.com (Daadi) — Wed, 14 Dec 2005 09:15:00 +0000

Saw something like this outside jade bistro café, asked around.... well supposedly jade's wifi is actually their own... maybe they use a dhiraagu connection.

i wonder why dhiraagu is not setting up wifi hotspots...? male' is a relatively small place and for a company like dhiraagu it probably wouldnt be cost prohibitive... maybe they are already planning on rolling it out...

just a thought... just a thought.....

Dhiraagu Vandalism!

noreply@blogger.com (Squid) — Tue, 13 Dec 2005 22:56:00 +0000

This was supposed to be a Dhiraagu add somewhere in Male'.
But no matter how much you hate Dhiraagu this is not the right way to go... although its funny i have to say :) . But again, please dont do this kinda stuff....cheers!

Convert you Gmail a/c into an online Hard Drive.

noreply@blogger.com (Squid) — Tue, 13 Dec 2005 10:34:00 +0000

I just wanna share this pretty neat little software which is very handy for me to share music and large files on the web using my Gmail a/c. Basicallysing this you u can make the 2GB inbox in your Gmail a/c, a web hard drive where you can store a lot of files.

First download the software Gmail drive from here http://viksoe.dk/code/gmail.htm and run the setup and the Gmail drive will be shown in My Computers as a hard drive. So just login to it and drag and drop files back and forth .

But before swapping files or anything you need to change some settings in your or else all the files would be going to your inbox as attachments. So heres what to do

After logging into your mail account, go to Settings and goto Filters and create a new filter and in the subject put GMAILFS: ( by default all stuff coming via gmail drive places GMAILFS: infront of each filename). Click Next, and tick "Skip the Inbox(Archive It)" and also tick "Apply the Label" and and create a new label called "Archived Files" and create filter.

Thats it, you have a 2GB online hard drive. I have been using this for a while now and its been pretty handy so thought ill share it. If you need a bit more information on this, this comes with a neat helpfile as well.. so have a look in it or you can ask here as well.

Been asked the question....

noreply@blogger.com (Daadi) — Sun, 11 Dec 2005 18:06:00 +0000

WHY??

"Why do you guys at digitalsquid bother with this? you're only puttin yourself in harm's way.. u can't win against big companies like Dhiraagu... and wat do you get out of this anyway? its better to mind your own business.. "

one thing to make clear....this is not about winning or losing.. its not abt bringing down dhiraagu or any other company to its knees... we probably couldn't even if we tried....we have our own reasons and its def not to attack one company.. we try to be unbaised as possible.. and we'd like to think wat we say and discuss here.. makes a bit of positive difference somewhere... to real people... encouraging ppl to discuss their issues is always a positive step.. to improve on a public service... everyone has their own interest areas.. and ours just happens to be telcos and IT.....

as for listing the flaws that are found... our approach is that it contributes to faster fixes and better quality and secure services... what's wrong with that? listing a problem someone has dosent mean we hate them!... please get over that.. whoever thinks so... we don't hate ROL or wataniya or dhiraagu...

so.. jus thought i'd create a little poll an see wat the readers say... why we should or shouldnt be doing this... and of coz.. we'd love comments as well...

thanks...

WarDriving and WEP Cracking

noreply@blogger.com (asoa) — Sun, 11 Dec 2005 09:36:00 +0000

After Wardriving through the main roads of Malé on a Friday late afternoon with my HP iPAQ 6365, I was able to find more than 100 wireless networks. Out of this more than 50% of the wireless networks are OPEN (even without the least bit of security). The rest was encrypted with WEP encryption which is known to be crackable.

Follows is a simple tutorial to crack wep using Auditor and a wireless card (Proxim 8470-WD).

Introduction:

This tutorial explains how to crack most WEP encrypted Access Points out there. The tools used will be as follows:

Airodump
Aireplay
Aircrack

As for wireless cards, i recommend any Prism , Orinoco , or Atheros based cards (i used the Atheros based card mentioned above).

Getting Started:

Let's see, First thing you are going to want to do is charge your laptop to the top (aireplay and aircrack drain the battery quite a bit) Next you are going to want to load up your favourite live CD (i used Auditor final) or Linux OS, then stumble across a encrypted WLAN, use Kismet to do so.

First off you are going to want to set your wireless card to the right mode, depending on what chipset depends on what commands you have got to use:

Since my Proxim card uses madwifi, I have to place the card in pure 802.11b mode first:

iwpriv ath0 mode 2

Then change the card into monitor mode

iwconfig ath0 mode monitor

Then bring the card up

ifconfig ath0 up

Going for the kill:

Open a terminal window and fire up Airodump to sniff the packtes.

airodump ath0 tocrack

Ok so now you have got a stream of packets from your target, you see the IV column, those are whats known as 'weak key' packets, we want as many of them as we can get (500k+ is a nice number, the more the better). Now we are going to capture a 'weak key' packet from on the network we are targeting and going to flood the Access Point with it in hope that we get lots of 'weak key' replies sent out so we can eventually crack the password. So now open another terminal window and execute aireplay

aireplay -i ath0

Here we are going to grab a few packets from the Access Point until we catch a 'weak key' packet which then aireplay will ask you if you want to use to then flood the Access Point with that packet. when it asks you if it can use one of the packets hit 'y' then return, but do not choose a packet with a destination address of FF:FF:FF:FF:FF:FF

If you flick back to your terminal with airodump running you should see the packets being captured will increase by a huge amount and with that the IV packets should also be increasing pretty damn fast aswell, if all went well in about 10mins you should have enough packets to then dump into aircrack.

Run aircrack to crack the wep from the captured file.

aircrack -q 3 -f 2 tocrack.cap

What i did there was set aircrack to read my packet file called tocrack.cap (what airodump creates). If all goes well you will get the key in a few mins.

This is a "lo-fi" version of the main content. To view the full version with more information, formatting and images, please click here.

Happy WarDriving.

Note: some portions of the texts of this article are copied from the WEP Cracking by UmInAsHoE.

Lets have a hacking day!!!

noreply@blogger.com (Daadi) — Sun, 11 Dec 2005 05:19:00 +0000

Yes, lets do have one... but before you start screaming out at me for promoting criminal activities, hear me out.. :) i know this idea would most likely be stepped on, laughed about and sometimes spit on as well... but that happens all the time so wats the difference...

i was thinkin that huge companies like dhiraagu and wataniya an ROL who's data and network security is critical to them... should have a hacking contest.... u know organised networks security analysis if you will.... we all know all systems have flaws... but it can be mitigated

if you think about it.. the idea isnt so far fetched... my idea of how it should work... example: Dhiraagu..

lets say dhiraagu sponsors contest.. the aim of the contest is to find weaknesses and flaws within their existing system... internet, mobile, data, POTS, watever....u know.. get together a band.. some food.. a bunch of nerds, script kiddes and hardcore programmers, and the rest... make a party out of it... offer cool prizes maybe.. even cash and certificates.. job offers... even...for guys who find the weaknesses or faults within the existing system... THE ONLY CONDITION BEING.... that they have to tell dhiraagu HOW they did wat they did.. to get into the system.... so that they can fix it asap...

of coz the thought of leaving the data vulberable to these type of people would prolly make dhiraagu piss in their pants... hehe but well.. can always work around it if it were organised... and of coz is always much better when u can monitor what they are doing :) but just think about how much more secure their networks would be after lets say a week contintued attacks :)

of coz an extenstion of that would be.. to encourage people to come upto dhiraagu with flaws they find without going public or using it... in return for a reward for finding such issues... again... minimize damages caused.......

plz drop ur comments on this... :)

Major Dhiraagu E-bill flaw!!!!

noreply@blogger.com (Daadi) — Fri, 09 Dec 2005 18:27:00 +0000

It has been brought to our attention that there is a major flaw with the dhiraagu e-bill system, where an ebill user can view other ebill users bill details... our good friend Jaaheen informed us of this issue, and of coz furnished us with the 'proof of concept'..

of coz jaaheen who discoverd this 'loophole' was kind enough to bring this to our attention and we have been informed that senior staff of dhiraagu has been duly notified of their 'misconfiguration' and hopefully should be working on a fix as we speak..

for the post by jaaheen plz refer to his post here. thanks again jaaheen.. for giving us a ring...

in the interest of all parties concerned, including the innocent customers of dhiraagu, who's private telephone records should of coz remain private, we will not be publishing a step by step guide on how to grab other customers details (this is easier than the 5 step ROL free internet) .... altho we do know this is possible and it works.. the screenshots below show the logs we were provided less any personally identifiable information to protect the identity of the customer...

and if we do publish, the how to step by step guide before they fix it.... well it would be immoral... some of us have a bit of morality left in us even if dhiraagu does not..... and we know that this is not a problem of the customers.. and they should be spared of any 'inconvinences'...

it is just appalling that such major flaws exist in the system... it would be easier to accept something like this if this took any skill in the dark arts of hacking, programming, and software engineering... but this is something a 15 year old kid could do... Dhiraagu should be taking more care in setting up services for their customers, and i feel that it is their responisibility to ensure that such records are kept safe an that... just a few weeks back there was the proxy server issue.. and now this.???.... god knows how many other loophole are there waiting to be discovered...

or even worse.. wat if some already know of such loopholes and are keepin those facts to themselves? wat then? wat if some psychotic ex-boy/girl friend is keeping tabs on you? wat if your competitors check up on who your clients are? the possibilities are endless.........who takes responsibilty? isnt dhiraagu responsible for protection of customers data?.... to put in all reasonable effort to protect their privacy? dosent seem like they are doing what they should....

the bills are jus from random number plucked off the air.. an have no connection to each other in any way.. plz dont ask how to do this.. we dont wanna say.. we want this fixed.. of coz.. we'll keep u updated on any issues...

oh on a personal note to dhiraagu... this must be wat's called " divine retribution"....

UPDATE 12/12/05 : E- bill is back online after been taken down for repair :)

--------------------------------------
Disclaimer: This post is strictly for educational purposes only.. specially dhiraagu's... the lesson here... take more care in setting up your system, be a lil less arrogant, for you are also like the rest of us... imperfect....the next person to discover your flaws might not be as helpful as jaaheen, or we have been in pointing it out and screaming for a fix. the least you could do is send a thank you note to jaaheen.. or maybe jaa too.. while ur at it for pointing such issues out... not reprimand them for pointing out problems and asking for them to be fixed. everyone else, dont try this at home, office, or in the loo. obviously we can't take any responsibility for who's actions we dont know and puleeease... why should we take responsibility for dhiraagu's mistakes...? so we don't do that either, plus we dont like responsibility too .....oh..since this was all created from a dream jaaheen had.. this might not even be real... there is a spoon? maybe was a spoon? there is no spoon?...watever... an leave your comment.. we love to read the comments and the last one abt ROL internet was jus overwhelming :).. thanks for the support.!