Sunday, April 30, 2017

I just recieved one of the most sophisticated phishing attacks ever

I am not a fan of hijackers and phishing criminals. But social engineering has become the most common to crack, target and steal any online account. Those hijackers either lack the sufficient skills to penetrate a system or the system is too tedious to penetrate or hack; thus they resort to sending phishing attacks. When you send a phishing attack, you can creative as much as you want and the limit would be just the sky. In this case, they started by creating extremely identical pages which is an easy step:

    Real Apple Login Page:


    Fake Apple Login Page:


But moving on, surprisingly, the phishing link was appleid.apple.com. Yes, I was extremely surprised but it turns out that their phishing attack had used unicode characters.

    Real Apple Phishing Link:


    Fake Apple Phishing Link:


Ironically, the phishing website was linking non-https images but it was detectable by chrome and not only that, they could not fake the EV Certificate which says "Apple Inc.". Looking at both source codes and comparing them confirmed the phishing attack.

After adding dummy data, a two-step authentication page was opened where the attackers have assumed I have set it up. They did not have my mobile number or my devices so they asked me to add a mobile number (which doesn't happen on a real apple login page). If I had inserted correct login information, their system would have sent me the verification code and I would have given it to them and bingo they would have accessed my Apple ID.

This is one of the best phishing attacks I have ever received, I was really impressed by it. Even the spoof email (support@apple.com) had bypassed Outlook's spam filters and went into my inbox. But the formatting of the email really looked suspicious. They succeeded in gaining my attention by saying that a purchase has been made from my account.

Share:

Tuesday, April 11, 2017

How I built an .exe program that secretly copies source code in the clipboard

My friend recently asked me to create for him a .exe program that downloads the source code from the internet and copies it to the clipboard. Source code can be anything such as Java, PHP or Python. Without doubt, the program would only work on Windows machine. My friend also wanted:

1. The program to retrieve the code from an URL which links to a text file.
2. The program should work silently, doesn't print anything on success.
3. The program should handle and catch exceptions.
4. The program should select one out of three.txt files based on users keystroke.
5. The program should be compatible with Windows 10.
6. The program should look like a calculator.

I have found the request very fun and decided to do it. C# would be a great and excellent tool for this, so I have download Microsoft Visual Studio C# 2008 for this task. I was taught C# and C++ on Visual Studio 2005 and 2008, so I really do not know the recent versions of Visual studio.


First, I have downloaded from the internet three sources codes for my friend in Java: BucketSort, RadixSort, and MergeSort. And I have uploaded them into my Google Cloud bucket.

So, I have three public URLs.

https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/BucketSort.java
https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/MergeSort.java
https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/RadixSort.java

Then, I have started by downloading and installing a Visual Studio C# 2008 from this link and created a new project. On my machine, it was installed in French for some reason, but I was too lazy to fix it.

A default form is created by Visual Studio, so I had to rename it to form to Calculator and changed its icons. I also made sure the form doesn't resize by twisting the settings. So, it looked like the image you see on the left.


Now the fun part, our program. In the source of your form, I imported the necessary libraries.

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Net;
using System.Windows;

Then, inside the constructor of the Calculator, I have created a key event listener. What this means is that if you press any key while the .exe is running, the event listener will be called. So the constructor looked like this:

public Calculator()
{
    InitializeComponent();
    this.KeyDown += new KeyEventHandler(tb_KeyDown);
}

What's left now,  doing creating the function tb_KeyDown and making it accept some arguments. Function looked like: tb_KeyDown(object sender, KeyEventArgs e).

Now, that code is inside the function, I have captured the keystroke, then decide to which links it belongs. So, if user presses on B, the BubbleSort.java would be copied; similarly for M (MergeSort) and R (RadixSort).

string dumb_key = e.KeyCode + "";
string link = "";
if (dumb_key == "B")
     link = "https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/BucketSort.java";

if (dumb_key == "M")
    link = "https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/MergeSort.java";

if (dumb_key == "R")
    link = "https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/RadixSort.java";

Now, I had to download to URL and put it in the clipboard. For that, you need to create an object of the WebClient class:

WebClient client = new WebClient();

Then download the link:
Byte[] pageData = client.DownloadData(link);

And put in a string (With the formatting and breaks):
string pageHtml = Encoding.ASCII.GetString(pageData);

Then, put it in the clipboard:
Clipboard.SetText(pageHtml);

Then, the annoying part for me was handling exceptions, so I encapsulated the code in a try/catch clause. Inside the catch clause I handled errors:
//Couldn't connect to the internet.
if (webEx.Status == WebExceptionStatus.ConnectFailure) {
    Clipboard.SetText("Couldn't connect to a network.");
}

//Catching errors such as: 404, 403 and 400.
if (webEx.Status == WebExceptionStatus.ProtocolError) {
    var response = webEx.Response as HttpWebResponse;
   
    if (response != null) 
{
         Clipboard.SetText(response.StatusCode + "");
    }
    else {
         Clipboard.SetText(webEx + "");
    }
}

else 
{
    //An unknown error has occurred, just print to the clipboard.
    Clipboard.SetText(webEx + "");
}

Then, I compiled and ran the program, and everything was working correctly. On keystrokes, the code was copied to the clipboard. I have included the .exe in case you wish to test it. Download it at your own risk.

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Net;
using System.Windows;
namespace WindowsFormsApplication1 {
 public partial class Calculator: Form {
  public Calculator() {
   InitializeComponent();
   this.KeyDown += new KeyEventHandler(tb_KeyDown);
  }
private void Calculator_Load(object sender, EventArgs e) {
  }
  static void tb_KeyDown(object sender, KeyEventArgs e) {
   string dumb_key = e.KeyCode + "";
   string link = "";
   if (dumb_key == "B")
    link = "https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/BucketSort.java";
   if (dumb_key == "M")
    link = "https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/MergeSort.java";
   if (dumb_key == "R")
    link = "https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/RadixSort.java";
   WebClient client = new WebClient();
   try {
    Byte[] pageData = client.DownloadData(link);
    string pageHtml = Encoding.ASCII.GetString(pageData);
    Clipboard.SetText(pageHtml);
   } catch (WebException webEx) {
    //Couldn't connect to the internet.
    if (webEx.Status == WebExceptionStatus.ConnectFailure) {
     Clipboard.SetText("Couldn't connect to a network.");
    }
    //Catching erros such as: 404, 403 and 400.
    if (webEx.Status == WebExceptionStatus.ProtocolError) {
     var response = webEx.Response as HttpWebResponse;
     if (response != null) {
      Clipboard.SetText(response.StatusCode + "");
     } else {
      Clipboard.SetText(webEx + "");
     }
    } else {
     //Unknown error just print to clipboard.
     Clipboard.SetText(webEx + "");
    }
   }
  }
  private void Form1_Load(object sender, EventArgs e) {
  }
 }
}


Share:

Thursday, March 16, 2017

Trimming videos via FFMPEG

After continuous insisting from my friends, I have recently set up my Steam account and purchased two games, Portal and Portal 2. And I have also been recording the screen and audio while playing just for archival and other purposes such as uploading them to YouTube and profit from videos that get high hits.

Portal 2, for example has many chapters and in each chapter you have a singnificant set of levels to finish to levels. Chapter 1 of Portal 2 has 19 levels. Nonetheless, after recording one hour session, I had to split them later.

I found intially an excellent trimmmer that is really useful in QuickTime: 


However, the process was incredibly time-consuming. So, I thought I want to do it via coding and it was easier than I imagined.

Indeed, the first library that came was FFmpeg: the revolutionary and prominent and useful and capabable video editing software on existence.

FFmpeg is way more capable than just trimming videos, so trimming via FFmpeg was very easy. Searching through their official documentation, I was able to find this link.

In short the ffmpeg command needed for trimming is this:
ffmpeg -i input.mp4 -ss 00:01:40 -to 00:02:12 -c copy output.mp4

I have tested it tons of times and found out it is the fastest and safest way to trim videos. Here are the parameters in short: 
  • -i: This specifies the input file. In that case, it is (input.mp4).
  • input.mp4: This your input file. You can name it as anything you want.
  • --s: Used with -i, this seeks in the input file (input.mp4) to position. 
  • 00:01:00: This is the time your trimmed video will start with.
  • -to: This specifies duration from start (00:01:40) to end (00:02:12).
  • 00:02:00: This is the time your trimmed video will start with.
  • -c copy: This is an option to trim via stream copy.
  • output.mp4: This your output file. You can name it as anything you want.
You can run the ffmpeg command on any bash terminal and it will run smoothly. Nonetheless, if you want to trim around 13 videos you'd have to write the command 13 times, which left me annoyed. So, I had to write a small python script take care of it.

You can run this code by simply calling python ffmpegTrim.py and indeed you have to change the arguments.
Share:

Monday, February 27, 2017

Answering LOST's most confusing questions

Fifteen years ago, a phenomenal ground-breaking series aired on Abc Family, the show is called "LOST".  This show was confusing to plenty of viewers who especially didn't understand the ending and plenty of confusing questions throughout the series. I have recently rewatched the whole series and I will attempt to answer most of LOST's confusing questions.

Why didn't the black smoke kill the candidates when he had the chance, why put them on a submarine with a bomb? 

The thing is, candidates, selected by Jacob, the protector of the Island, are immune to death by the black smoke. While the black smoke can kill anyone he wants, he cannot kill the candidates. Candidates include Jack, Hurley and Sawyer. The black smoke is "extremely smart" and manipulated everyone throughout the series. The black smoke wanted all the candidates dead to be able to escape the Island, so what he has done is manipulated them to be on a submarine with a timed bomb. The black smoke realized that they would try to stop the bomb by messing with the wires and thus they would cause their own death, instead of the black smoke!  Jack, who realized the bomb cannot explode since it was set by the black smoke, couldn't prevent Sawyer, who tried and failed. So the bomb exploded.

How did Jack's dead father appear on the Island? 

The black smoke posted as Jack's dead father on the Island. So Jack was not hallucinating when his father on the island. A reminder that the black smoke and pose in any dead person's body. 

What was the horse Kate saw on the Island? 

The horse is still a mystery, however, my best guess is that the black smoke was trying to mess with Kate by posing as a horse. 

Why didn't Sayid stop Claire from killing Kate? 

Sayid's case got complicated. After dying from a gunshot, he was restored back to life with the help of the black smoke. Thus, Sayid lost his feelings and was only responding to the black smoke's requests. Sayid later repents by saving the candidates by running away with the bomb in the submarine.

Why didn't Jacob prevent himself from being killed by Ben? 

That's a very good question. Jacob was a very a cool character and really didn't give a damn plenty of times. There was no self-defense in the process of his murder. My best guess is that Jacob really trusted Ben and thought Ben would never harm him after being loyal all those years. Miles Straume, the spiritualist hired by Charles Widmore to go to the Island and has the ability to read the final thoughts of the deceased was able to hear Jacob's thoughts before his death and they were: I wish I was wrong about Ben.

Did Ben kill or order the death of the real Henry Gale? 

I would say: Definitely. Ben stole his identity, and knew where he was buried. 

What order did Desmond not follow that led to his dismissal in the army?

I don't believe Desmond ignored orders. The thing, Desmond started moving though time and places while being in the army so he was irresponsive and thus seen unfit to stay in the army.

Who is this person linked to Jack, his father Christian, and half-sister Claire?

We don't know. There is no reference to the "person" in the entire series.

Why does Ben insist that the Oceanic Six, as well as Locke, have to return to the Island?

Because they were candidates, and candidates have to protect island by preventing the black smoke from exiting the island. 

Why can Jacob leave the Island but the Smoke Monster can't?

As long as there are candidates, the black smoke cannot leave the Island, he's stuck. The black smoke cannot kill candidates too so they have to kill themselves. Candidates were picked since there were very young by Jacob.

What is the "infection"?

From CRACKED: "It is the word used to describe people under the Smoke Monster's influence. Claire was infected. Rousseau's husband and team were infected. Sayid was infected, until the power of love gave the infection the business."

Is Juliet Alive? And did she reset the chain of events with brought the passengers of Oceanic Air flight 815 to the island?

Juliet died at the beginning of season 6. She was still breathing before the last goodbye to Sawyer. Sawyer wanted to kill Jack out of anger when she died. So, we're sure that she's dead. Miles Straume, the spiritualist hired by Charles Widmore, also confirmed this when he read her thoughts later after insistence from Sawyer. As for the chain of events, they were not reset! Passengers were still on the island, nonetheless, they weren't in the 80s anywhere. They left the past. I understand how this might be confusing as season 6 aired two chains of events: one in the island and another off the island. I assume what was shown off the island would be the answer to the question: What would have happened if the airplane never crashed and events of Oceanic Air flight 815 are reset?

What Happened to Claire? She's been MIA for three seasons – what's up with that? And what is her son Aaron's role in the island's mythology?

Haven't you watched season 6? Claire reappears. It is really unknown what happened for those three seasons. But claire clearly was affected by the Black Smoke. She might have died and brought to life by the Black Smoke (like what happened to Sayeed), we don't know! But what we know is that she was responding to the requests of Black Smoke. Claire lost her sanity. As for her son, I don't know the answer of that. Her son might have no role in the island's mythology.

The Ajira Airways 316 Posse? And who exactly are Ilana and her crew?

Ilana is "summoned to the Island to protect the remaining candidates by Jacob, with whom she had a previous relationship." I recall that she was Jacob's bodyguard and she viewed him as her only "father". She was extremely saddened by his death. 

The Numbers! What is the significance of the numbers (4, 8, 15, 16, 23, 42), and do they connect somehow to the island or to its powers? And is Hurley truly cursed by them?

You really didn't watch season 6. In short, the numbers correspond to candidates 4, 8, 15, 16, 23, 42 respectively and one of them is supposed to protect the island. There are tons of pages regarding those numbers, please find them here and here.

When some of the survivors went back to the island on the Ajira flight, why didn't Sun end up in the past? Why was she still on the plane?

Very good question, I will quote lostpedia for this as there are plenty of theories:

1. Sun didn't go back in time because she was not a candidate. There is strong evidence that Jacob and his brother are based of the story of Jacob and Esau from the Old Testament. In a passage from the Old Testament, Jacob wants to pass his convenant through his grandchildren, and touches Manasseh and Ephraim. However, he touches Ephraim with his right hand and Manasseh with his left, proclaiming Ephraim will be a greater person. Similarly, Jacob touches Jin with his right hand and Sun with his left, only making Jin the candidate.

2. Sun wasn't sent back in time because she "betrayed" the Island by working for Charles Widmore just like Ben wasn't sent back in time because he moved the Island when Locke was suppose to and then even worse he came back.

3. Sun wasn't sent back in time because she was carrying a tracking device for Widmore. That is how he planned (successfully) to return to the Island. The tracking device worked as a sort of tether in time.

4. Sun didn't travel back in time because she was originally not supposed to be on Oceanic 815, and thus not supposed to be on the island in the first place. If you remember, she was originally going to leave Jin at the airport, but it was through her free will that she stayed with him. The island made sure she got pregnant so as to force her off the island so she would not travel back to 1977.  She was supposed to leave, but Jack, Kate, Hurley and Sayid were not.

Share:

Evidence shows majority of Palestinians aren't civil

In this blog, I will list the evidence that I found which suggests that a majority of Palestinians are not civil. I have coined the evidence to present it to my apologist friend who is working on his PhD in the United States. There might be more evidence online but I will stick to those for the moment.Here are main points:

Support for Ismail Haniyeh


What do we know about Ismail Haniyeh? 


Support for terrorism

  • According to a poll conducted by the Palestinian Center for Public Opinion (PCPO), 89 percent of Palestinians support Hamas and other terrorists firing rockets from the Gaza Strip at Israeli civilians.

Support for terrorist attacks

  • According to the Jerusalem Media and Communication Center, 75% of  Palestinian Arabs in Gaza favored continued murderous terrorist attacks. 
  • 51% of Palestinian Arabs favor terrorist attacks in Judea/Samaria too.

Justification for suicide terrorism attacks

  • According to Pew Research Survey (September 2013),  a whole whopping 62% of Palestinians justify the use of suicide terrorism. Quoting Pew Survey, “in some countries, substantial minorities of Muslims say attacks on civilians are at least sometimes justified to defend Islam from its enemies; in the Palestinian territories, a majority of Muslims hold this view.” Among Palestinians, 37% said suicide bombing is usually justified whereas 25% said sometimes justified it was justified. 

Extreme and morbid anti-Semitism

    • 80% of Palestinian Arabs agree with the statement in the Hamas Charter calling for formulation of the Arab and Islamic battalions to fight the Jews.
    • 73% agree with the hadith (Islamic tradition), quoted in Hamas’ Charter, about the need to kill Jews. 
    • 61% of Palestinians reject the idea of a peaceful Palestinian state living alongside Israel as the solution to the Arab/Israeli war.
    • 72% of Palestinians support denying Jewish history and connection to the land of Israel. An overwhelming
    • 92% of Palestinians insist on Jerusalem being the Palestinian capital.
    • 62% of Palestinians support a policy of kidnapping Israeli soldiers and holding them hostage 
    • 53% favor teaching hatred songs against Jews in Palestinian schools.
    • 22% of Palestinians support firing rockets at Israeli cities and Jewish citizens.

More support for murder

  • October 2010: A Palestinian Center for Policy and Survey Research poll conducted September 30 to October 2 found that 51% of Palestinians supported the murderous August 31 terror attacks by Hamas which killed 4 Israeli civilians near the Bani Nayim junction.
Share:

Saturday, February 4, 2017

Why I hate pop-under adveristments

I have written this blog for the public but especially for my assistant to illustrate to him why popunders suck.

Ever since 2017 started, one of my major websites witnessed a significant decline in its traffic. In fact, it lost over 30% to 40% of daily traffic. I was outraged, puzzled and obsessed. For days, I kept obsessing and thinking about this decline to find out a solution for this decline.

I have enjoyed a troubled, but stable relationship with pop-under advertisement networks since 2014. For almost 2 years, I have have been a customer to the most major pop-under advertisement networks, in fact, I think I've tried every popunder network you can think of, the networks are:
  • PopAds
  • PopCash 
  • Adsterra
  • ClickAdu
  • Propellerads
  • AdMaven
  • HilltopAds
There are probably other pop-under advertisement networks I had accounts with but forgot to list; nonetheless, those companies/websites made tons of money in 2014 - 2015 - 2016 as it was their time of rise.  Here are the main reasons why I hate  with popunder advertisements:

Malicious Advertisements, Viruses, and Scams

I have received many complaints about the quality of popunder advertisements being opened, where a lot of people alleged that the popups have tried to install pure viruses or unwanted software. I have personally witnessed "Get Rich Quick" scam themes, websites that were blacklisted by Chrome as "dangerous & deceptive", websites of my competitors, and endless advertised content with no value. I have very much contacted the advertisement managers and complained to no avail. You will always a bunch of amoral advertisers looking to spread of virus or malware to make money out of your clean traffic. 

Bad User Experience

This is one of the main reasons why I hate pop-under advertisements. Internet consumers like me completely abhor and oppose popunder advertisements and tend to close them as soon as they open. They're usually annoying because they hinder the user experience and stop his focus and engagement on the website by opening unwanted popups. 

Unethical popunder network

Popunder networks usually control your current eCPM and raise it or lower it for absolutely no valid reason whatsoever. One popunder network (I will not name) reported less number impressions instead of reporting the actual number. It was pretty obvious. Around 39,000 impressions were not reported. I completely ditched the network afterward. Other networks incredibly lower eCPM for no reason after realizing that you're dependent on their network. Once day you're 3.1, the other you're 0.9.


You're never in control

For most popunder advertisements, you don't control who bids on your website and who doesn't. You don't control the average eCPM that you desire to put. You have no idea how pop impressions are counted and if they are counted correctly. You have no idea if the network will ban you from the program the next day or not. You have no idea if the advertisement will contain malware/viruses or not. You have no idea how it is affecting the user experience and if users are ditching your site or whatever. You don't control anything, they control you. 


It is selling your website

Popups are easiest ways to make money off a website but they're the cheapest way. It is a quick weak fix that will pay you temporarily money until you realize that those pops are harming your business, especially on mobile where they have become incredibly unsupported (and almost tantamount) to redirecting your website to another one (aka, selling your website for cheap). 



Nonetheless... 

Popunder advertisements make money but so do drugs. I have enjoyed a 5-figures monthly income from popunder advertisements but eventually, I got sick of them and planning to ditch them when the budget permits. Not everything that makes money is good as it might destroy you in the long term. Google  hated popunder advertisements in the past and they were never integrated into the Adsense program and I completely understand and respect their decision.
Share:

Wednesday, January 4, 2017

Google's FIDO U2F Security Key: Taking two-step authentication to another level

A prominent Computer Science professor, Dr. Ramzi Haraty, said once "No system is fully and 100% secure". I was 18 years old when I heard that statement back then, and I didn't really take it seriously.

However, as I grew older, I realized how that statement was entirely true, beyond any reasonable doubt. Matter of fact, there isn't any service, login page, software, database or website that cannot be hacked and penetrated.

Even NSA's hidden and encrypted servers were hacked. However, each security system haps his own drastic security measures; some are challenging and tough to break into, and others are trivial.

One company that takes security extremely seriously is: "Google Inc." Behind this simple-looking login page you see on the right; there a monster security system that is beyond any person's imagination:

Matter of fact, if you can hack (not hijack) this page and access a consumer's account, your hack is worth at least: USD 25,000,000.

What Google does to protect the consumer Gmail accounts of their members is astonishing. This includes but not limited:


1. Bug bounty programs: Google pays millions of dollars each year for hackers and security researchers that report bugs to their system. In return, Google would pay cash in exchange for the information. That does push bored and opportunist programmers to start searching for the bugs on the system for hoping to get paid. Eventually, as bugs get reported over the years. They get minimized.

2. Encrypting the web, literally. In summary, this means HTTPS. This encrypts your communications: including passwords, credit card numbers, with many websites, making your browsing more secure. Without HTTPS, anyone spying on your Wifi could get personal information from you.

3. Locking your Gmail if it is signed up via Tor or a different country. If you access your Gmail from another country, it will be locked.

4. Obsessing about the sandbox. Google's security system is designed in a way where they have multiple security layers. That is, if you find one bug inside Google's page and access one protected page, you'll have to find a bug in the next security layer, then move to the next security layer, and so on. So, your chances of getting bugs and breaking this page are close to 0.

Allowing users to set up two-step authentication on their account is another way Google Inc. implemented security on their website. That means, if you log in from a new device, you will have to receive a 6-digit code on your mobile to be able to access the account (the secret code can be provided by a phone call, SMS, or an application known as Google Authenticator or Authy).  That is, even if you know the password of one account, you will not be able to access the account unless you receive that 6-digit code.

That's cool, right?


Not really. Google recently realized, due to their advanced artificially intelligent technologies, that governments are targeting social activists and breaking into their account. So, the standard two-step authentication feature (mobile) would be weak too.

Wait, how come?


Very simple; I'll give you one example. Imagine that you have a Gmail account, and I figured out your password. However, you're an intelligent person and have set up two-step authentication by receiving a phone call.

So, I get stuck here. What do I do? I can impersonate you and go to your mobile provider and claim that I lost your phone number and receive a new SIM card with your phone number.

It might not work in a phone company like Version or AT&T, but in other third world country countries (like Lebanon, for example) it would apparently work due to their pathetic security checks (Alfa or Touch).

Now imagine this. 


A corrupt government targets a journalist or a rebel's Gmail and get his password by spying on him. They can, for example, get access to his phone number and reset the password very quickly by collaborating with the phone company. 

In fact, this has happened as Google announced in a blog spot that since 2012 users have been targeted by state-sponsored attackers.

It might not be the method that I alleged of but I highly suspect it does. They said that they can't reveal the tip-off because hackers can adapt but however they said "Enable two-factor authentication and set up a Security Key" which could highly mean that the attempt goes on by targeting the mobile phone.

Google said they've sent those notices to 0.1% of their users which is a huge number considering there are more than one billion users with Google accounts. 0.1% of 1 billion is 1 million.

Google ended their post with "The security of our users and their data is paramount." which is clear illustrated and because of that you should trust and respect Google more.


So what is a security key?

It is a small USB that can be plugged into your machine to allow access to an account. It is a two-step authentication code that doesn't require a phone number. The full name being "FIDO U2F Security Key"; the security key is based on a U2F is an open authentication standard that empowers two-factor authentication using specialized USB or NFC devices based on similar security technologies found in smart cards. It has been developed by Google and Yubico. U2F security keys can also be used on Dropbox, GitLab, and Bitbucket.

How does it work? 

Once you've got two-step verification enabled and configured the security key. Each time you log in on a new (or unsaved) device, you will be asked to input your own safety key inside the machine, and press a button.

While you may keep the phone call as a backup verification method, I do not recommend since it defeats the primary purpose of the security key.

It is wise to generate backup codes and memorize them (not write them down anywhere) in case you lose the security key or want to login on a mobile phone.

If you decide to use one for your own safety, it is wise not to inform anyone of your friends, colleagues or anyone that you're using this type of security mechanism.

Hackers will adapt to the security features in whatever shape and forms. Let them be surprised if they access your account instead of letting them plan ahead.

Do I use a security key?

Yes, definitely. I have purchased this item on July 14, 2016, and added on July 25, 2016. My experience has been phenomenal as I gradually reduced two-step authentication. I've treated the security as any other standard security key and implemented it as a regular key on a key ring. I've had a bit of a hard time explaining what is this to my family and friends but eventually they got used to it.


How do I buy one?


You can purchase one from Amazon.com (provided by Yubico) for as cheap as $17.99. Configuration is easy and can be done easily on websites like Google or Dropbox.



In Summary

No matter where you go. You will never find anything as secure as your Google account: be it online bank accounts, Microsoft accounts, Facebook accounts, Akamai accounts, etc.  This company is obsessed security and breathes security. If you have sensitive information on your Google account or any critical material, it would be wise to purchase and configure a security key to take advantage of Google's security.
Share:

Tuesday, January 3, 2017

Starting 2017 with the "Nordic" template on this blog


I have recently realized how much I started to hate complicated blogging themes that are full of animations, design and javascript loaded that slows down the page, although I used them for years.



But I have recently realized I want something very simple, a clean cut design that lets u focus on content instead of anything else. I have been very lucky to find "Nordic" template, an immaculate template that was originally designed for Wordpress (a PHP-based slow and vulnerable blogging platform that I dislike) but later converted to Blogger (the robust and secure cloud blogging platform hosted and acquired by Google Inc.)

What I really liked about the Blogger version of the template is that pictures do not show on the main page (which has been an issue in the past).


Simplicity is key. As you see on the right, it is incredibly simple, clean and symmetric. Extremely useful to look at as well it looks well organized. 

By default, around 13 posts are originally posted on the main page, and they're all taking the same size (unlike what you see with other templates).

The share buttons are clean and work efficiently as well.  In some other models, they used to cause lots of headaches because they needed confirmation; and some templates required external add-on libraries.




The search bar looks decent and is hidden by default. But you can toggle it from the button on the right and the search page results. Social media icons are also provided by default on the right.



The page is responsive as well, and it can quickly shrink. There is no need to upload a separate template for mobile (as the option is already provided by Blogger). So the work that needs to be done is minimal.

The hamburger icon automatically appears on the left which is vital to use on the mobile.

Checking the publicly available blog on the service "Am I responsive?" illustrates that the blog looks incredible well on most major portable devices. 

It is worth mentioning that half of the internet's traffic comes from mobile. The mobile may and most likely will be the dominant source of traffic in the future as the people tend to visit websites from mobile devices instead of laptops.

Mobile responsiveness is not luxury but a prerequisite. 

Other than that: individual blog post pages - comments, footer, and other stuff are very well made.

According to a prominent speed test tool Pingdom, the site's load time is on average 1.11s (which is not really excellent but average). The template has no dependencies and doesn't request any additional external libraries.





Share:

Sunday, September 11, 2016

Bruno Tabbal's new music video

Music video directed by: Bruno Tabbal
Starring: Cynthia Khalifeh
Featuring: Cynthya Karam
Director of Photography: Toufic tabbal
Producer : Ralph Tabbal
Art director: Joseph Khoury
Assistant Director: Jamal Jaafar

Lyrics: Ahmad abdel Nabi
Music: Jad Mehanna
Arrangement and mix: The AB Brothers

Sponsored by: MARTINI
B-QĀ DE MARSYAS


Watch "LAYLI WARA LAYLI" here:


Share:

Thursday, March 17, 2016

It is 2016 and Payoneer still does not offer two-step authentication

In summary, this blog post is about Payoneer not offering two-step authentication for its members despite numerous requests.

As of March 17, 2016, Payoneer, a world-renowned company with more than 3 million customers, does not offer a two-step authentication protection for its members.

Founded in 2005, Payoneer provides financial services and online money transfer services worldwide. It is available in more than 200 countries and supports more than 150 currencies. 

Payoneer's concept is simple: you get an international credit card from Payoneer that allows you to get paid from any valuable american company. You will be able to use the credit card literally on any ATM machine anywhere in the world and withdraw the funds. You don't have to deal with banks, their headaches and contracts.

Payoneer had extreme success in the past and recently posted those stats on their website:


After massive success and being 10 years in business, the security department at Payoneer still doesn't get it: two-step authentication matters; all large and small tech giants include it such as: Apple, Amazon, Google, Amazon, Microsoft, etc...

Apparently, Payoneer is not aware that it is a company that handles financial accounts, not a social media accounts. Would thieves and hackers be interested to hack or hijack a simple social media account or a financial account that lets you gain access to a decent amount of cash? 

Computersolving.com said

Here goes my first criticism for Payoneer, besides no 2 factor authentication being available, I find it unbelievable that a company processing payments will not allow me to use special characters in my password, only letters and numbers are allowed, this will greatly help malicious hackers trying to break into my account using a brute force attack.

What Payoneer doesn't understand is that is not difficult to get to know someone's password, whether be it: installing some spyware on the victim's machine, standing behind the victim while s/he types  the password, or any type security vulnerability in the service's website and database. In addition to that, Payoneer does not force members to add characters in their passwords.

The community has been asking for this feature since forever, for example:




4. November, 2015: Security at Payoneer


I have personally contacted Payoneer's customer support team and this is the response I have received from them:

Thank you for contacting us. We understand your concern. Unfortunately the service is not available at present. We are working hard to make this available in future.

From this blog, I send a wake-up call to the security department of Payonner- it is time to fall out of the coma and straighten-up the security department.


Share:

Tuesday, March 15, 2016

University of Saint Joseph student dismissed because she "can kill your babies"

A Lebanese student used Instagram to post an image of her and her friend in an hospital, HDF (Hôtel-Dieu de France). Along with the picture, this caption was found:

Be careful b*tches cz We can kill your babies #OneDay.

The Lebanese audience did not like the expression and it went viral, Mawtoura, a satirical Lebanese Facebook page posted the image and captioned it with:

If garbage doesn't kill your babies, these two mawtouras will.

Apparently, this girl was a nursing major and by this caption she was warning other people to be careful because she has (or soon has) the power to take the life of their children.

Whether it was intended to be a joke or not, Lebanese people were not hesitant unveil her name and report her to the appropriate entity, which was in their university: University of Saint Joseph (USJ).

The french-speaking university later confirmed on its twitter account that the student was dismissed from the university and/or the HDF (Hôtel-Dieu de France); which is a hospital affiliated with the university.


 The tweet translates to:

Thank you @mhijazi for the tag. The girl was dismissed from the HDF.

Was the university decision too extreme?
Share:

Friday, September 4, 2015

Remove duplicate lines from a file using python


In case you have a file "input.txt" with duplicate lines and you would like to remove duplicate lines from it, and have the result put in "output.txt" all you have to do is execute
this python script, be careful and use the same indentation (space):


lines_seen = set() # holds lines already seen
outfile = open("out.txt", "w")
for line in open("input.txt", "r"):
    if line not in lines_seen: # not a duplicate
        outfile.write(line)
        lines_seen.add(line)
outfile.close()

This will execute in less than a 1 second, no matter how big is the file. Have a nice day.
Share:

Tuesday, September 1, 2015

AZLyrics.com, the multi-million dollars lyrics empire


If you're a fan of music, and a 90-something kid, then you must have stumbled upon azlyrics.com a lyrics website, that is extremely simple. What AZLyrics.com does is pretty simple, put all pop lyrics on its site, its motto is: 

We have a large, legal, every day growing universe of lyrics where stars of all genres and ages shine.


The average 9-5 Joe thinks that this is a normal lyrics website that makes 0 money and there is no effort is maintaining, and ruling the site; just some stupid site with lyrics posted by members; that's far from being true.

AZLyrics, the top website for providing lyrics, is distinguished in:
  • Its SEO, the lyrics usually rank the first on Google search results, has a page-rank of 6 on Google.
  • Its simplicity, simple A-Z search, no complex or annoying layout, unlike (metro-lyrics, rap-genius).
  • Its accuracy, it has ordinary people submitting corrections for free, you'll rarely find wrong lyrics.
  • Its speed, it adds new lyrics everyday.
  • Its history,  AZ existed since 2000, and as of 2015, its 15 years old!
And beside its simplicity, AZLyrics.com has one hell of an Alexa Rank:


AZLyrics was very kind to publish its statistics:


As you see, AZLyrics receives 190,000,000 million unique monthly visitors and 280,000,000 monthly page views (though I doubt this is less 1,000,000,000) but anyway, the site makes money through many advertising platforms including:
  • Adsense (Known for being the best advertisement platform on existence).






  • Amazon (Advertisements for amazon.com products only).









  • TribalFusion (Known for malware, spam, fake products, money scamming)


  • ClickFuse (Music, related)

  • Advertisement for http://www.jango.com/:

Using my calculation and experience, I'd guess that azlyrics makes an income between 1 million dollars and 10 million dollars monthly.

Besides all that, the team of azlyrics.com owns and operates the following websites (Updated on 1 September 2015):
  1. AZLYRICS.COM - Pop Music Lyrics
  2. AZVIDEOS.COM - Pop Videos Embedding from YouToube
  3. DARKLYRICS.COM - Heavy Metal Music Lyrics
  4. URBANLYRICS.COM - Hip Hop R&B Music Lyrics
  5. COWBOYLYRICS.COM - Country Lyrics
  6. OLDIELYRICS.COM - Old Music Lyrics
  7. PLYRICS.COM - Punk Music Lyrics
Their site AZLYRICS.COM is hosted by LeaseWeb as of September 1, 2015:





Share: