Are you looking for my non-technical blog?

This is now my technical-only blog, my non-technical blog is here.

22 September 2008

McAfee to buy Secure Computing

I'm used to make fun of McAfee when they present themselves as a Network Security Vendor especially that they don't even have their own Firewall product. So, now it seems that the people at McAfee decided to spend about $465M to stop me from making fun of them.

Ok, let's get serious now. I think this is a good move from McAfee anyway. Secure Computing security portfolio will sure fill some missing gaps in McAfee's product line. They have their own firewalls (Sidewinder), and Content Security (Webwasher). But on the other hand people may argue that Secure Computing products are not highly ranked compared to other vendors in the market. And to tell you the truth, I always believed that McAfee was going to acquire a Firewall vendor someday, and I thought that Fortinet is their best option. It's not only the best buy for McAfee, but if I were in Fortinet's guys shoes I'd have asked McAfee to acquire us too. Fortinet have good products and they sure were going to fill the missing gaps in McAfee's Network Security portfolio, and McAfee's guys would have been more proud to put their logo on Fortinet's products than Secure Computing ones. And on the other hand Fortinet is that kind of vendor that is there to be acquired. Come on, they may have good products, but they are small company and it is really hard for companies with similar size are narrow line of products nowadays to last for a long while before getting acquired or quitting the market..

Anyway, congratulations to McAfee guys, and I believe the Network Security market will benefit from one strong vendor which is getting even stronger.

Tags: , ,

21 September 2008

Google Believes I'm a Virus

I received the following Error Message today when I tried to access Google homepage.

But what makes Google believe that my request is coming from a Virus or Spyware application? Has any of you received a similar message too?

Ok, according to Google Help Center, "This message appears when Google detects automated querying coming from your IP Address, thus causing a quick spike in traffic on".

But wait a minute, this can also happen if you are behind a NAT'ing device, and another device in your network is sending automated queries to Google.
It's likely that a user or a computer in your network is running automated querying. Sending automated queries of any sort to Google is against our Terms of Service. This includes, among other things, the following activities:
* Using any software that sends queries to Google to determine how a website or webpage ranks on Google for various queries
* 'Meta-searching' Google
* Performing 'offline' searches on Google

Now, what's the next step? If you have suitable privileges on that network, I think you have to deploy or gather the logs from existing IDS/IPS Sensors and Traffic Anomaly Detection Systems. Such softwares can detect Traffic Peaks and other Traffic Patterns that violates the normal Behavior on your Network, and can then detect the offending host(s). Another solution for those who do not own an IPS is to gather the traffic logs from their Gateway Firewall or Router and analyze those logs manually.

The problem here is that there is no IPS installed, or may be there is one but I have no access to it. So I am forced to do it the hard way, to analyze the firewall logs. As far as I can see the nember of sessions from the internal network to Google IP Address are not that huge or even big enough to be suspected by their system. So it seems that it's as they said in their Help Center. May be it's something in the content of the traffic and not it's volume. May be they get alerted when they see someone using their search engine for example and the User-Agent parameter in his/her get request in not equal to any web browser they are aware of.

Anyway, is seems that with the tools available to me now, it is really hard to know the real reason for Google's error message, and how to detect the violating host and stop it if possible. So you may consider this post as some kind of rant or chit-chat.

Error Message URL:

Tags: , ,

15 September 2008

Fire Eagle and Flickr

Two new services have been added to Baralbait.

1- Now if you are a Fire Eagle user, you can now let Baralbait automatically retrieve your location from there. This is useful for those who have GPS-Enable Mobile phones.

2- We now can also retrieve Geo-Tagged photos uploaded to Flickr, and display them in their relevant Places pages. So now by clicking on a certain place (Cafe, Hotel, etc), you can see photos taken there.

12 September 2008

Baralbait - Never Stay At Home

Baralbait is an Arabic word which means "Outside Home". It's a location based service where you can tell it where you are now, and it will show you nearby friends and places to go.

In fact, I always face the same problems whenever I want to go out and meet some friends:
  • Who is free to go out
  • When is the best time to go out
  • And the most important issues is where to go
That's why Baralbait is trying to help us solve the above problems. You can simply update your current location either from the site's web interface, or by using 3rd party tools such as Yahoo Fire Eagle.

You can also add new places, tag those places, or find places added by other site members. This can help you discover new places to visit in your town or city. You also can find where your friends normally go out to help you meet easily. We are not limited here to cafes and restaurants, but you use the site the way you want, from finding nearby gas station to discovering the famous malls in a city you plan to visit next week.

The site is currently a closed beta, so you'll need an invitation to join.