ITU is a key partner in United Nations efforts to “Deliver as One” in addressing the major global climate change challenge. Indeed, UN Secretary-General, Ban Ki-moon said: “ITU is one of the most important stakeholders in terms of climate change”.In 2007 at the UN Climate Change Conference in Bali, Indonesia, the 2008 Conference in Poznan, Poland, and the 2009 Conference in Copenhagen, ITU highlighted the role of ICTs as an important enabling tool to reduce global greenhouse gas (GHG) emissions across all sectors.Resolution 73 of The World Telecommunication Standardization Assembly recognizes the crucial role of ICTs in addressing climate change and resolves to continue and further develop the ITU-T work programme in this area as a high priority and in close collaboration with the other two ITU Sectors. In addition, Resolution 73 instructs the Director of the Telecommunication Standardization Bureau (TSB) to organize related events in developing countries, given that they are the most vulnerable, to raise awareness and identify their needs in this domain.ICTs and the Environment & Climate Change will be held in Cairo, Egypt on 2-3 November 2010 and will be hosted and Co- organized by the Ministry of communications and Information Technology (MCIT) Egypt, and the Ministry of state for Environmental Affairs (MSEA) Egypt.
Protect Your Self From FireSheep
Firesheep banks on the fact that most social sites default to the HTTP protocol because it’s quicker. The already existing Firefox extension Force-TLS attempts to circumvent this by forcing those sites to use the HTTPS protocol, therefore making user cookies invisible to Firesheep.
Like the alternative option HTTPS Everywhere, the Force-TLS Firefox extension allows your browser to change HTTP to HTTPS on sites that you indicate in the Firefox Add On “Preferences” menu, protecting your login information and ensuring a secure connection when you access social sites.
HTTPS encrypts user data, so if a script like Firesheep’s like tries to pull it, it can’t be read. Force-TLS forces a number of sites to make all of their requests over an SSL secured channel and while some sites, like Amazon, don’t currently have the secure option, the majors like Facebook, Twitter, Google, etc all allow a HTTPS connection.
How to configure:
1. Download the plugin here and install into Firefox.
2. Open “Preferences” and add the domains you want to force the HTTPS connection with.
3. Restart Firefox.
Note: Unlike HTTPS Everywhere, Force-TLS relies on the user defining the sites they want to access through a secure HTTPS connection.
And while everyone know that there’s always some privacy risk when interacting online, hopefully the installation of Force-TLS will at least put less of a damper on today’s stint at your local “free Wifi!” boasting cafe. I’m also looking into the possibility of equivalents for this extension on other browsers and will update this post as soon as I have alternative options.
Hacking WEB 2.0 Apps " FireSheep "
It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.
This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new "privacy" features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room.
Days at Toorcon 12 They announced the release of Firesheep, a Firefox extension designed to demonstrate just how serious this problem is.
After installing the extension you'll see a new sidebar. Connect to any busy open wifi network and click the big "Start Capturing" button. Then wait.
As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed:
Double-click on someone, and you're instantly logged in as them.
Firesheep is free, open source, and is available now for Mac OS X and Windows. Linux support is on the way.
Fake Microsoft security essentials
Microsoft Security Essentials is fake. Well, it is and it isn't. Microsoft Security Essentials is a free antimalware protection program from Microsoft, but anew malware threat identified by security software vendor F-Secure is also masquerading as Microsoft Security Essentials. You want to avoid that one. The new malware attack is distributed through a drive-by download as either hotfix.exe or mstsc.exe--both reasonably benign and almost legitimate sounding file names that might not raise red flags with some users. The "alert" from the threat steals the Microsoft Security Essentials brand, including the little blue fortified castle icon. The software then displays a seemingly comprehensive list of antimalware solutions--including all of the top names that users are familiar with such as Trend Micro, McAfee, Panda, and Symantec-- and identifies those that are capable of detecting and blocking this nefarious threat. The F-Secure blog explains, "Surprisingly, the only products that seem to be capable of handling the infection are AntiSpySafeguard, Major Defense Kit, Peak Protection, Pest Detector and Red Cross. Never heard of these? No wonder. They are all fake products." The attackers are counting on users being naïve enough to take the bait and agree to be "saved" by purchasing one of these awesome antimalware tools to help eradicate the threat. But, since these are all rogue antivirus programs what you really end up with is some sort of Trojan that opens the system up to further malware compromise and exploit. Don't get confused, though. As mentioned above, Microsoft Security Essentials is a legitimate antimalware application as well. It is offered for free by Microsoft, and is in fact a very capable defense against malware. Microsoft just recently expanded the availability of Microsoft Security Essentials to small businesses as well--making it free to install on up to ten PCs. I must say, though, that I have never understood how anyone falls for rogue antivirus attacks. It seems to me that users should know whether or not they have some sort of malware protection installed, and if so which software it is. If no antimalware is installed, or if the fake alert is apparently from a program other than the one that is installed--why would anyone take it seriously? Did magic antimalware fairies stop by in the night and install this new beneficent tool? And, doesn't it seem at all suspicious that this strange antimalware detection is capable of scanning the PC and identifying this new threat, but invites you to purchase something else to actually deal with the problem? F-Secure detects this new rogue Microsoft Security Essentials threat as Trojan.Generic.KDV.47643.
Securing Android Apps with SSL Certificates
Android: Trusting SSL certificates
Required tools:
- OpenSSL's command line client
- Java SE 6 (for keytool)
- Bouncy Castle's provider jar
1. Grab the public certificate from the server you want to trust. Replace${MY_SERVER} with your server's address.
echo | openssl s_client -connect ${MY_SERVER}:443 2>&1 | \ sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > mycert.pem For example, here's the PEM-encoded public certificate from google.com:
-----BEGIN CERTIFICATE----- MIIDITCCAoqgAwIBAgIQL9+89q6RUm0PmqPfQDQ+mjANBgkqhkiG9w0BAQUFADBM MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0wOTEyMTgwMDAwMDBaFw0x MTEyMTgyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRcw FQYDVQQDFA53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEA6PmGD5D6htffvXImttdEAoN4c9kCKO+IRTn7EOh8rqk41XXGOOsKFQebg+jN gtXj9xVoRaELGYW84u+E593y17iYwqG7tcFR39SDAqc9BkJb4SLD3muFXxzW2k6L 05vuuWciKh0R73mkszeK9P4Y/bz5RiNQl/Os/CRGK1w7t0UCAwEAAaOB5zCB5DAM BgNVHRMBAf8EAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwudGhhd3Rl LmNvbS9UaGF3dGVTR0NDQS5jcmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUF BwMCBglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRw Oi8vb2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0 ZS5jb20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUF AAOBgQCfQ89bxFApsb/isJr/aiEdLRLDLE5a+RLizrmCUi3nHX4adpaQedEkUjh5 u2ONgJd8IyAPkU0Wueru9G2Jysa9zCRo1kNbzipYvzwY4OA8Ys+WAi0oR1A04Se6 z5nRUP8pJcA2NhUzUnC+MY+f6H/nEQyNv4SgQhqAibAxWEEHXw== -----END CERTIFICATE-----
2. Android has built-in support for the Bouncy Castle keystore format (BKS). Put Bouncy Castle's jar in your classpath, and create a keystore containing only your trusted key.
export CLASSPATH=bcprov-jdk16-145.jar CERTSTORE=res/raw/mystore.bks if [ -a $CERTSTORE ]; then rm $CERTSTORE || exit 1 fi keytool \ -import \ -v \ -trustcacerts \ -alias 0 \ -file <(openssl x509 -in mycert.pem) \ -keystore $CERTSTORE \ -storetype BKS \ -provider org.bouncycastle.jce.provider.BouncyCastleProvider \ -providerpath /usr/share/java/bcprov.jar \ -storepass ez24get
3. Create a custom Apache HttpClient that uses your custom store for HTTPS connections.
import android.content.Context; import org.apache.http.conn.ClientConnectionManager; import org.apache.http.conn.scheme.PlainSocketFactory; import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.scheme.SchemeRegistry; import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.impl.conn.SingleClientConnManager; import java.io.InputStream; import java.security.KeyStore; public class MyHttpClient extends DefaultHttpClient { final Context context; public MyHttpClient(Context context) { this.context = context; } @Override protected ClientConnectionManager createClientConnectionManager() { SchemeRegistry registry = new SchemeRegistry(); registry.register( new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); registry.register(new Scheme("https", newSslSocketFactory(), 443)); return new SingleClientConnManager(getParams(), registry); } private SSLSocketFactory newSslSocketFactory() { try { KeyStore trusted = KeyStore.getInstance("BKS"); InputStream in = context.getResources().openRawResource(R.raw.mystore); try { trusted.load(in, "ez24get".toCharArray()); } finally { in.close(); } return new SSLSocketFactory(trusted); } catch (Exception e) { throw new AssertionError(e); } } } Techwadi Live-streaming
The Rising Tide of Entrepreneurship
25 Oct. 2010 – Smart Village (10:00am – 2:00pm)
26 Oct. 2010 – AUC New Campus (10:30am – 4:30pm)
Google Android 3.0
It seems that the new operating system Android 3.0 is completed.Android is hoping to have a big succes with this new operating system called Android 3.0.An official announcement said on the internet that there are increasing rumors that the Android developers said that the next version of its mobile operating system Android 3.0 have been completed. The starting point of speculation: If recently on Youtube is a video to see the uploaded android developers on the user account and shows how a group of young people on the Google Campus überdimensioneles gingerbread males unpacks and sets up – the code name of the next Android version is ” Ginger Bread “to German gingerbread. Commented on the video with the words “We’ve been baking something and it’s pretty sweet” is.Android 3.0 is a great operating system.
What Android 3.0 will contain in terms of new features, is still largely unknown. It seems however to be established that it is suitable not only for smartphones, but better than the current Android 2.2 to cope with tablet computers. Manufacturers such as Motorola and LG have already announced any event, to delay the appearance of new tablets until they can provide them with “Ginger Bread”. It is also expected to support the next Android Google’s new Web video formats WebM / VP8.I am sure that Android 3.0 will have a great succes.
$250 million fund for social entrepreneurs
John Doerr on Thursday launched a $250 million investment fund to find and bankroll what he said would be the next wave of social entrepreneurs Entrepreneurship Forum in Egypt
An exciting opportunity is finally taking shape.
We now have a fixed date for the launch of a PlugandPlay (PnP) incubator in Cairo – an important step in our diasporas’ initiatives to promote entrepreneurship and innovation in Egypt. PlugandPlay will house hundreds of entrepreneurs in the next three years. Our focus will be on mentoring, financing and accelerating the growth of the most promising start-ups.
To celebrate and deliberate, we invite executives and high impact entrepreneurs to join us for an open dialogue on how to make the initiative a success. The proposed Agenda is as shown below:
Agenda
October 25, 2010 – Smart Village Cairo
10:00am – 2:00pm
Entrepreneurship in Egypt: Current State of Affairs
Egypt’s commitment to work with entrepreneurs, diasporas, and the private sector to create jobs and value: how real? How effective?
Silicon Valley Ecosystem: Will it Work in the Nile Valley?
How to make the dreams of Egypt’s entrepreneurs come true by providing a complete ecosystem and interconnection with Silicon Valley. Entrepreneurs: Challenges, Opportunities, and Aspirations
Egypt’s best and brightest share their journey to launch, operate, and expand vibrant startups… and the challenges they face Angel Financing, Venture Capital, and Private Equity
Investors from Silicon Valley and Egypt discuss the creation of an effective Angel network and vibrant VC industry in Egypt and the resulting boom in entrepreneurship. Emerging Opportunities: Mobile, Digital Media, and the Internet Leading CEOs and serial entrepreneurs from the US discuss lessons learnt and targeted advice for Egyptian business leaders on the rise.
Register Now for the Rising Tide Forum
The Digital Boom, Egypt
Download the Presentation
Announcing The Launching of AMANAK.ORG
The Arab Internet Safety Portal “Amanak” is an integral project addressing the issue of
on line safety in the Arab region. Stemming from a growing concern about the
importance of ensuring the safety of young people and families on the Internet in the
last couple of years, this ambitious plan is to create and avail an interactive platform for
all Arab countries to share information, best practices, resources and concerns about
children’s online safety. Most importantly, the AIS offers a platform for a dialogue, among
the Arab community. Amanak will also be a repository of knowledge and progress in the field.
The creation of the AIS was a decision of the 2nd International Executive Board meeting of the Cyber Peace Initiative of the Suzanne Mubarak Women’s International Peace Movement in 2009, to bridge a gap in existing in Arab resources and information related to the issue of family online safety. The portal is implemented in cooperation with the Egyptian Ministry of Communications and Information Technology.
I swim with Marcos Diaz
In the Summer of 2010, Marcos Diaz will swim across the continents to raise the voices of the world and show that we are not that far apart after all. His purpose is to bring global attention to the Millenium Development Goals and urge people to act and demand that the leaders deliver their promises by 2015.Today I had the chance to meet Marcos Diaz Good Will Ambassador of the Dominican Republic, he is swimming across the continents, as part of the United Nations Millennium Development Goals Campaign.
I'm so glad having the chance to meet him :))
Join Marcos @ http://iswimwithmarcos.com/app/en/frontpage.aspx
GNU C Library vulnerabilities
Ubuntu Security Notice USN-944-1 May 25, 2010 glibc, eglibc vulnerabilities
CVE-2008-1391, CVE-2010-0296, CVE-2010-0830
===========================================================
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libc6 2.3.6-0ubuntu20.6 Ubuntu 8.04 LTS: libc6 2.7-10ubuntu6 Ubuntu 9.04: libc6 2.9-4ubuntu6.2 Ubuntu 9.10: libc6 2.10.1-0ubuntu17 Ubuntu 10.04 LTS: libc6 2.11.1-0ubuntu7.1 After a standard system update you need to restart all services to make the necessary changes. Details follow: Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon function. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. (Ubuntu 10.04 was not affected.) (CVE-2008-1391) Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. (CVE-2010-0296) Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-0830)
Installing libc6-2.11.1 on Ubuntu
More information on libc6_2.11.1-0ubuntu7.1_i386.deb:
Exact Size 3779220 Byte (3.6 MByte)
MD5 checksum 05f769d40e681c86bf6769a1f125f205
SHA1 checksum 49083ed7258090677e39ea431b37864c6685dafd
SHA256 checksum 707ac992b3438f9a3b5a84f1ea920662e1abf73f0cd747247856a857a3458a41
You should be able to use any of the listed mirrors by adding a line to your /etc/apt/sources.list
deb http://ftp.de.debian.org/debian experimental main
If you are running Debian, it is strongly suggested to use a package manager
like aptitude or synaptic to download and install packages, instead of doing so manually via
http://packages.debian.org/experimental/i386/libc6/download
1GOAL, Education for All.
The First Arabic Country Code Top Level Domain of Egypt “.مصر”
Google BigTable !!
Open Source Convention "OSCON 2010"
There is big change in technology and society, and open source is making it happen. Cloud computing is transforming our toolkit, from NoSQL to systems management. Mobile services are growing exponentially, set alight by Android and iPhone. New languages and APIs are flourishing. Developers must adapt to a rapidly evolving platform, which open source is the key to managing and steering.
Rapid change presents opportunity as well as challenges. Open source isn't just about being cost-effective, it's leading in innovation. You can change the game in your business, your community, or even the world.
- Explore the benefits and challenges of building scalable applications for the cloud
- Use open source to target Android, iPhone and other mobile platforms
- Understand how and when to use NoSQL databases
- Learn best practice from experts in Python, Java, Ruby, Perl, PHP and JavaScript
- Use open source effectively as part of your business strategy
- Learn how to foster contribution and adoption of your open source projects
At OSCON, hundreds of sessions covering open source languages and platforms, practical tutorials that go deep into technical skill and best practices, inspirational keynote presentations, an Expo Hall featuring dozens of the latest projects and products, fun networking events and activities, and the best "hallway track" around.
https://en.oreilly.com/oscon2010/public/register
Running Internet Explorer on Linux
- First of all you need to get the latest version of wine. Do the following depending on the version of Ubuntu.
- Open Terminal and copy-paste the following line into Terminal(Give password when prompted).
sudo add-apt-repository ppa:ubuntu-wine/ppa
- For Ubuntu versions before Ubuntu 9.10, this is little bit trickier. First you have to get the gpg key and later you to add the wine ppa repo to your sources.list.
- Don't worry, let me make it simple for you. Copy-paste the following line to Terminal to add the gpg key.
wget -q http://wine.budgetdedicated.com/apt/387EE263.gpg -O- | sudo apt-key add -
- Now, add PPA Repo depending on the version of Ubuntu you use. For that, simply copy paste the command into Terminal.
sudo wget http://wine.budgetdedicated.com/apt/sources.list.d/jaunty.list -O /etc/apt/sources.list.d/winehq.list
For Ubuntu 8.10 Intrepid
sudo wget http://wine.budgetdedicated.com/apt/sources.list.d/intrepid.list -O /etc/apt/sources.list.d/winehq.list
For Ubuntu 8.04 Hardy
sudo wget http://wine.budgetdedicated.com/apt/sources.list.d/hardy.list -O /etc/apt/sources.list.d/winehq.list
- Now, install the latest version of wine in ubuntu.
sudo apt-get update sudo apt-get install wine cabextract
- Done. Cabextract is a dependency you need to install.
- Now, unzip the downloaded tar.gz file. (Right click > Extract here).
- Open the extracted folder and double click 'ies4linux' file.
- Choose the 'Run' OR 'Run in Terminal' option.
- Following window will pop up.
- Choose the options you want and that is it.
- Don't ever expect IEs4linux to work as your regular browser. Even the original IE doesn't stand a chance in front of Firefox, Chromium, Google Chrome or Opera ;-)
UNESCO Fights Brain Drain With Computing Gain
The 'Brain Gain Initiative', set up in partnership with computer firm Hewlett-Packard, enables researchers to collaborate with experts around the world through grid and cloud computing and so boost loyalty to the local science and technology effort.
Grid computing combines the processing power of several computers across a network to work on a single scientific problem, while cloud computing allows researchers to access the latest web applications and databases.
In Burkina Faso, two projects at the University of Ouagadougou will benefit from the scheme: modelling the movement of pollutants in the drainage basin of the Sourou river, led by Blaise Some; and the implementation of a high-performance computing grid, led by Oumarou Sie.
Sie told SciDev.Net that his project would allow local researchers to share resources with their counterparts anywhere in the world, while also giving them power to perform calculations that their own computers cannot do.
Previously, such calculations had to be conducted abroad, but now Sie's laboratory, and others receiving funding, can be more independent, he said.
The laboratories overseeing these projects will each receive about US$25,000 worth of computer equipment as well as US$20,000 of operational funds, said Sie.
The scheme builds on a successful pilot in five universities from 2006-09, and will involve 15 more universities in the Middle East and Africa.
"The Brain Gain Initiative has a direct link with lasting development," said Some.
Training for participants on how to use and maintain the equipment took place in South Africa this month (14-18 December) and a UNESCO spokesperson said that partnership agreements were being prepared, with schedules to be signed at the end of January 2010.
UNESCO and Hewlett-Packard say they plan to include 100 more universities in the scheme by the end of 2011, with help from additional partners.
