Computer World

A Review on HTTPS Filtering in Islamic Republic
I have probably already told you about my stories with Datak earlier and I guess that's for more than enough. For about a month I was thinking that problems through https are actually Datak's fault of not being able to properly maintain their network and servers (Which wasn't the first time in that case). But that turned out to be quite a different issue as the things are getting clear and I'm getting aware of what government is actually capable of doing.

Of course filtering https contents is not as horrible as restricting people's access to public contents, media, and free flow of information, but it's eventually the second worst act of Islamic Republic ever taken over information censorship.


Censorship is done in pretty much different ways, one is known and rumored to be looking into HTTP headers and comparing "Host" header string with entries available in a certain unified blacklist. Pedram Azimayi is probably the first one to have this method revealed.


After I had several unsuccessful attempts on violating Host headers using ModifyHeaders, AmirMohammad Saied wrote a simple yet handy add-on for firefox which is confirmed to be working and thus you can have access to censored websites. The trick is to violate Host header string with a desired character with an ASCII code lesser than 32. According to RFC977 standards, Host header should be looking like this:


HOST_STR CR LF



So if you somehow managed to violate it to look like something like: HOST_STR\t CR LF, then you are all set. SEPAR won't detect your HOST_STR as a blacklisted entry thus grants you permission to access that website. Apache and IIS however are known to remove these character therefore making HOST_STR in a whole a valid Host header again. Lighttpd however does not take care of such characters in Host header string, so from the stand point of non-technical user, you can't have access to contents serving on a Lighttpd webserver using this method.


But the problem with https is that you cannot sniff into it's traffic, watch it and control it which is probably a good thing. Yet again it's sad to hear that when Islamic Republic is not able to control you, or solve a problem in peace, it decides to wipe you of the map completely. That's exactly the case of https. The rule of the thumb here is, when you are not able to censor traffic through https, block it completely.


Based on my guesses, they are currently keeping a whitelist of allowed websites, all others are blocked and this is not done in a similar way as what they do to HTTP contents. They actually drop all HTTPS requests to all hosts unless otherwise noted. This is completely dumb.


However, not all the routes are affected (at the time in which this is article is being written), but sooner or later when your ISP gets these new rules from TCT for their routes you might as well experience the very same problem with your https and unfortunately it would be strictly impossible to workaround it this time.

Did you know that you are nothing more than a bloody flip-flop? Face it.

17 October 08 | 4 comments
Notes on identi.ca
Couple of days ago, I accidentally ran into a new twitter-like service named Identi.ca referenced by slashdot news. For those of you who haven't yet experienced microblogging services like twitter I strongly encourage you to read this article and Wikipedia's Link as well.


It’s hard to say anything useful in 140 characters. But it is fun!


Identi.ca is a microblogging service not so very much different from twitter and bunch of others available around the net except for the idea of using an opensource tool called Laconica for it's running engine under the hood. It would be probably worthwhile if you take a brief look at Laconica anyway.


It was the second or the third day of identi.ca when I first registered for an account and started to post notices there to do some investigation and I somehow got the feeling of "Hey! I like this service more than twitter" and that in turn made me think why? If I should give a name to it, Identi.ca is in fact a microblogging service like twitter but in the geeks way. Due to the fact that Identi.ca is passing it's age of preparation you shouldn't expect a fully functional feature-rich system, yet a just-works-fine service as it is. Registration is easy, so scratch your itch. There is also a ping.fm service available which you can post to multiple of your microblogging and other services simultaneously with one update using it's web-interface and instant messaging, so don't worry if you have bunch of services at the same time.


That was how I got familiar with Identi.ca. You might very probably like to get used to microblogging services specially geek styled ones like this. So here it is, my very own profile at Identi.ca.


Also consider reading the following links:




As an update, it would be worthy to mention that Identi.ca uses PEAR package (Validate) which AmirMohammad Saied is one of it's lead developers, totally irrelevant to the fact that I really like Identi.ca


--


Choose Life. Choose a job. Choose a career. Choose a family. Choose a fucking big television, choose washing machines, cars, compact disc players and electrical tin openers. Choose good health, low cholesterol, and dental insurance. Choose fixed interest mortage repayments. Choose a starter home. Choose your friends. Choose leisurewear and matching luggage. Choose a three-piece suite on hire purchase in a range of fucking fabrics. Choose DIY and wondering who the fuck you are on a Sunday morning. Choose sitting on that couch watching mind-numbing, spirit-crushing game shows, stuffing fucking junk food into your mouth. Choose rotting away at the end of it all, pishing your last in a miserable home, nothing more than an embarrassment to the selfish, fucked up brats you spawned to replace yourself. Choose your future. Choose life.


-- from Trainspotting by Irvine Welsh
16 July 08 | 1 comments
Parsix 0.85 is Out

Today, the official site of Parsix/GNU Linux just announced that a newer version (0.85) is available for public download. Parsix is a distribution based on Debian repositories and Kanotix aimed to be a powerful and complete Operating System based on GNU/Linux for Persian users and I'd really like to say, it's cool, easy-to-use, stable and equipped with lots of features including 56k modem drivers for dialup users. Special thanks to Alan Baghumian; you can give it a try your self in LiveCD mode.

Parsix official announcement:

We are pround to announce that a brand new version of Parsix GNU/Linux is available now. This version brings the latest open source technologies to your PC. Highlights are: GNOME 2.16.2, X.Org 7.1, Linux kernel 2.6.18 with many extra patches and drivers including CK performance and Suspend2 patches and many wireless drivers, Intel ipw3945 wireless support, OpenOffice.org 2.0.4, GNU Iceweasel 2.0 web browser, seamless hibernation/suspend support, newly released xFarDic 0.8.0 multilingual dictionary, updated installer, new artwork, fixed many bugs, NTFS read/write support using ntfs3g, updated documentation and support for 3D desktop using AIGLX/Compiz. Packages are synchronized with Debian Etch repository as Nov 30, 2006. See screenshots here. Parsix wiki is ready for your contribution. See download mirrors here.

Download: parsix_085.iso (693 MB, MD5)

1 December 06 | 4 comments
Recent Jaws Vulnerabilities! Part II

I contacted Amir Mohammad today and he just informed me that they have already released Jaws 0.6.3 to fix the issues I mentioned before and of course, he advised me to set a table prefix for my mysqld stuff as well.

Download the latest version of Jaws v0.6.3

I may put the patches in here, later when I get them from gluegadget.

Cheers

24 June 06 | Comment on this
Recent Jaws Vulnerabilities! Part I

Well at last, something happened that should not! One of my old friends Hamid Ebadi tested the recent milw0rm exploit on my website successfully and informed me today that my website is vulnerable to a Remote SQL Injection bug which is available within the search gadget. Here is a link to exploit itself. Special thanks to Hamid, I disabled the search gadget at the moment untill I talk to Amir Mohammad, one of the developers of JAWS project. Hope they find a solution to this problem as soon as possible.

Thanks again Hamid.

Cheers

What I want is all of the power and none of the responsibility.

24 June 06 | Comment on this
Website Difficulties

Well, I think the holier-than-though problem of mine, with the website is solved for now. I flushed all the iptable rules, so I'm proud to announce that my website is up and running again. Feel free to reply any issues at ' ghassemi at ftml dot net ' .

Cheers

When you say "I wrote a program that crashed Windows", people just stare at you blankly and say "Hey, I got those with the system, *for free*".

-- Linus Torvalds

31 May 06 | 1 comments

« Back to my homepage

Categories

Blog Archives

Search

Friends

Pedram Azimaie
Omid Mottaghi
Abbas Esmaeeli
Omid Fathi
Mola Pahnadayan
Vahid Rafiei
Emil Sedgh
Alan Baghumian
Navid Paya
Sara Amirahmadi
Ebrahim Mohammadi Panah
Bahram Siyaadati
Saied Taghvi
Armen Baghumian
Kaveh Razavi
Ali Sattari
Behnam Behjatmarandi
Milad Raastian
Sasan Rose
Hossein Mortazavi
Mohsen Pahlevanzadeh
Siavash Safi
Hamidreza Davoodi
Amir Mohammad Saeid
Nima Mohammadi

Read List

UNIX Systems Programming: Communication, Concurrency and Threads (2nd Edition) Advanced Linux Programming (Landmark)

Professional Assembly Language (Programmer to Programmer) Operating Systems Design and Implementation (3rd Edition) (Prentice Hall Software Series)

    Feeds

    rss
    atom

    Last.fm