Cover photo
ashraf monshi (‫أشرف منشي‬‎)
Works at عمادة تقنية المعلومات بجامعة أم القرى
Attended ثانوية الحسين بن علي
166 followers|129,219 views


ashraf monshi

commented on a post on Blogger.
Shared publicly  - 
I am losing trust in Google :(
Google had a cool feature as part of Location History: a dashboard that displayed how you spend your time, how much do you spend at work or at home, the places you've visited, when you visited each country, your flights, the ...
Add a comment...

ashraf monshi

Shared publicly  - 
Wall-mounted water cooled PC

Not the strangest one I have seen :)
Add a comment...
Oh my GOODNESS. Toooo crazy because toooo much TRUTHS in this photo. If you leave home without your PHONE who is going back to get it (even if you're late for work)? Yep, it's the BOSS. :-)  LOL

Don't ignore the VALUE in the SMARTPHONE. Don't miss the TREND CHANGE from computers to everything being done on/with the SMARTPHONE (ecommerce to mcommerce). Don't miss the way APPS on the SMARTPHONE will change the way we do business. Don't miss that one day Steve Job said "A business without internet is going out of business" and today it is said "A business without an app is going out of business" (mobile presence). WHEN YOU ARE AHEAD OF THE CURVE ON A TREND CHANGE THAT'S WHEN YOU WIN.  Don't miss it. :-) 

6 Minutes That Can Change Your Life Forever
Add a comment...
Has the NSA Been Using the Heartbleed Bug as an Internet Peephole?

When ex-government contractor Edward Snowden exposed the NSA’s widespread efforts to eavesdrop on the internet, encryption was the one thing that gave us comfort. Even Snowden touted encryption as a saving grace in the face of the spy agency’s snooping. “Encryption works,” the whistleblower said last June. “Properly implemented strong crypto systems are one of the few things that you can rely on.”

But Snowden also warned that crypto systems aren’t always properly implemented. “Unfortunately,” he said, “endpoint security is so terrifically weak that NSA can frequently find ways around it.”

This week, that caveat hit home — in a big way — when researchers revealed Heartbleed, a two-year-old security hole involving the OpenSSL software many websites use to encrypt traffic. The vulnerability doesn’t lie in the encryption itself, but in how the encrypted connection between a website and your computer is handled. On a scale of one to ten, cryptographer Bruce Schneier ranks the flaw an eleven.

Though security vulnerabilities come and go, this one is deemed catastrophic because it’s at the core of SSL, the encryption protocol so many have trusted to protect their data. “It really is the worst and most widespread vulnerability in SSL that has come out,” says Matt Blaze, cryptographer and computer security professor at the University of Pennsylvania. But the bug is also unusually worrisome because it could possibly be used by hackers to steal your usernames and passwords — for sensitive services like banking, ecommerce, and web-based email — and by spy agencies to steal the private keys that vulnerable web sites use to encrypt your traffic to them.

A Google employee was among those who discovered the hole, and the company said it had already patched any of its vulnerable systems prior to the announcement. But other services may still be vulnerable, and since the Heartbleed bug has existed for two years, it raises obvious questions about whether the NSA or other spy agencies were exploiting it before its discovery to conduct spying on a mass scale.

“It would not at all surprise me if the NSA had discovered this long before the rest of us had,” Blaze says. “It’s certainly something that the NSA would find extremely useful in their arsenal.”
NSA Sets Its Sights on SSL

Although the NSA could use the Heartbleed vulnerability to obtain usernames and passwords (as well as so-called session cookies to access your online accounts), this would only allow them to hijack specific accounts whose data they obtained. For the NSA and other spies, the real value in the vulnerability lies in the private keys used for SSL that it may allow attackers to obtain.

Cracking SSL to decrypt internet traffic has long been on the NSA’s wish list. Last September, the Guardian reported that the NSA and Britain’s GCHQ had “successfully cracked” much of the online encryption we rely on to secure email and other sensitive transactions and data.

According to documents the paper obtained from Snowden, GCHQ had specifically been working to develop ways into the encrypted traffic of Google, Yahoo, Facebook, and Hotmail to decrypt traffic in near-real time, and there were suggestions that they might have succeeded. “Vast amounts of encrypted internet data which have up till now been discarded are now exploitable,” GCHQ reported in one top-secret 2010 document. Although this was dated two years before the Heartbleed vulnerability existed, it highlights the agency’s efforts to get at encrypted traffic.

The Snowden documents cite a number of methods the spy agencies have used under a program codenamed “Project Bullrun” to undermine encryption or do end-runs around it — including efforts to compromise encryption standards and work with companies to install backdoors in their products. But at least one part of the program focused on undermining SSL. Under Bullrun, the Guardian noted, the NSA “has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.”

Security experts have speculated about whether the NSA cracked SSL communications and if so how the agency might have accomplished the feat. Now, Heartbleed raises the possibility that in some cases the NSA might not have needed to crack SSL. Instead, it’s possible the agency used the vulnerability to obtain the private keys of companies to decrypt their traffic.
The Good News

So far, though, there’s no evidence to suggest this is the case. And there are reasons why this method wouldn’t be very efficient for the NSA.

First, the vulnerability didn’t exist on every site. And even on sites that were vulnerable, using the Heartbleed bug to find and grab the private keys stored on a server’s memory isn’t without problems. Heartbleed allows an attacker to siphon up to 64kb of data from a system’s memory by sending a query. But the data that’s returned is random — whatever is in the memory at the time — and requires an attacker to query multiple times to collect a lot of data. Though there’s no limit to the number of queries an attacker can make, no one has yet produced a proof-of-concept exploit for reliably and consistently extracting a server’s persistent key from memory using Heartbleed.

“It is very likely that it is possible in at least some cases, but it hasn’t been demonstrated to work all the time. So even if a site is vulnerable, there’s no guarantee you’re going to be able to use [Heartbleed] to actually get keys,” Blaze says. “Then you’ve got the problem that it’s an active attack rather than a passive attack, which means they need to be able to do multiple round trips with the server. This is potentially detectable if they get too greedy doing it.”

The security firm CloudFlare, which has spent the last three days testing various configurations to determine if, and under what conditions, it’s possible to extract private keys using the Heartbleed vulnerability, says it hasn’t been able to do so successfully yet, though its tests have been limited to configurations that include the Linux operating system on Nginx web servers.

Nick Sullivan, a Cloudflare systems engineer, says he has “high confidence” that a private key can’t be extracted in most ordinary scenarios. Though it may be possible to obtain the key under certain conditions, he doubts it has occurred.

“I think it is extremely unlikely that a malicious attacker has obtained a private key from an Nginx server of a busy website,” he says.

So far, they believe private keys can’t be extracted from Apache servers either, though they don’t have the same level of confidence in that yet. “If it is possible with Apache, it’s going to be difficult,” he says.

A few other researchers have claimed on Twitter and on online forums that they have retrieved private keys under various circumstances, though there doesn’t appear to be a uniform method that works across the board.

Either way, there are now signatures available to detect exploits against Heartbleed, as Dutch security firm Fox-IT points out on its website, and depending on how much logging companies do with their intrusion-detection systems, it may be possible to review activity retroactively to uncover any attacks going back over the last two years.

“I suspect there are many people doing exactly that right now,” Blaze says.

So what might the world’s spy agencies say about all this? The GCHQ has a standard response for anyone who might wonder if the spooks used this or any other vulnerability to undermine SSL for their BULLRUN program. In a PowerPoint presentation the British spy agency prepared about BULLRUN for fellow spies, they warned: “Do not ask about or speculate on source or methods underpinning BULLRUN successes.” In other words, they’ll never say.
Add a comment...

ashraf monshi

Shared publicly  - 
New version of great Android IDE for Web Developers is out.

New in 0.38

- Color picker. Just write "#" and select "Pick color". Only FULL Version
- Css classes code completion.
- Bug fixing
Salem Bahamdain's profile photo
Add a comment...
Have him in circles
166 people
Ali Shoudary's profile photo

ashraf monshi

Shared publicly  - 
They're the big three Android smartphone launches so far this year — HTC's 2014 One, Sony's Xperia Z2, and Samsung's Galaxy S5 — and they are all now hitting stores across the world. We've...
Add a comment...

ashraf monshi

Shared publicly  - 
Time, Project, and Task Management App for Web Developers and Freelancers

For the css, I use sass to help me keep it as modular as possible.
While working on this app, I learned a couple of css and sass tricks, which I'lll be sharing here on the CSS Community (once I get the blog up). 

We built task atom because we needed an app to help us better manage our time, projects, and tasks. 

A couple of the features that are on the road map:
 - GitHub Integration
 - Integration
 - FreshBooks Integration

#sass   #programming  
Add a comment...

ashraf monshi

Shared publicly  - 
Kelly Potts's profile photo
Add a comment...
Add a comment...
Have him in circles
166 people
Ali Shoudary's profile photo
مبرمج ويب في جامعة أم القرى
Web developer
  • عمادة تقنية المعلومات بجامعة أم القرى
    مبرمج ويب في جامعة أم القرى‎, 2007 - present
  • مجموعة وحيد لخدمات الاستضافة والتصميم
    مدير المجموعة‎, present
  • فريق التقنبات الرقمية
    web developer, 1012 - present
  • مكتبة المكتبة
  • الخليج للإلكترونيات
Basic Information
Other names
أشرف طلال منشي‎, الإمبراطور وحيد
Apps with Google+ Sign-in
مبرمج ويب ومصادر مفتوحة ، محب للألعاب الإستراتيجية ، عاشق للعبة سيم سيتي .
مبرمج ويب ومصادر مفتوحة ، محب للألعاب الإستراتيجية ، عاشق للعبة سيم سيتي .
  • ثانوية الحسين بن علي
Other profiles
Contributor to
ashraf monshi (‫أشرف منشي‬‎)'s +1's are the things they like, agree with, or want to recommend.
InterfaceLIFT Wallpaper: Green Aquarium Nebula

Created in Adobe Photoshop CS6, this spacescape is designed to work with dark OS themes and interfaces. It took about 3 hours to create, hop

HTC One, Sony Xperia Z2, and the Galaxy S5: Android's flagship phones in...

They're the big three Android smartphone launches so far this year — HTC's 2014 One, Sony's Xperia Z2, and Samsung's Galaxy S5 — and they ar

شرح الساند بوكس مود في لعبة سيم سيتي 5 وأهم الأختصارات

شرح الساند بوكس مود في لعبة سيم سيتي 5 وأهم الأختصارات

Barcode Scanner

Scan barcodes on products then look up prices and reviews. You can also scan Data Matrix and QR Codes containing URLs, contact info, etc.Alm

Moments Remembered

استديو لحظات في الذاكرة للتصوير النسائي


برنامج جامعة أم القرى للأندرويد هو برنامج يستعرض أهم المعلومات عن الجامعة، ويتيح لك التواصل السهل والسريع لمشاهدة اخر الأخبار والفعاليات الت

Use Ookla Speedtest for easy, one-tap connection testing in under 30 seconds—accurate anywhere thanks to our global network.Millions of user

المشاريع المتأهلة للمرحلة النهائية لمسابقة عالم التقنية وبدء مرحلة التصويت

وصلتنا العديد من المشاركات لمسابقة عالم التقنية لأفضل مشاريع الويب العربي 2013 ولكن كثير من هذه المشاركات لم تكون تتوافق مع شروط المسابقة، و

لحن حر - إمبراطورية وحيد

من خلال أقسام لحن حر ، يمكنك تحميل العديد من الموسيقى المجانية ، وأناشيد الأطفال ، والأشعار الصوتية ، وغيرها من المسموعات المميزة والمنتقاة

DH Texas Poker

A experiência de usuário no. 1 do Texas Hold\'em Poker no Android! 100 % FGRATUITO para jogar! 50K de fichas GRÁTIS, presentes DIARIAMENTE,

Expense Manager

Manage your expenses directly on your smartphone. Easily keep track of your finances. This app allows you to record your expenses easily. Op

شرح تفاعلي للخيارات والقوائم الرئيسية في لعبة سيم سيتي SimCity 5 | SimCi...

السلام عليكم. اهلا بكم إلى تدوينة جديدة عن اللعبة المميزة SimCity 5 والتي سأشرج فيها أهم الخيارات والقوائم الموجودة في اللعبة ، للإطلاع على

Boomerang for Gmail | Plugin for Firefox and Chrome

Boomerang for Gmail is a plugin for Firefox and Chrome that lets you schedule sending and receiving emails, helping you reach Inbox Zen.


Gmail is built on the idea that email can be more intuitive, efficient, and useful. And maybe even fun. Get your email instantly via push no

Google Drive

* With Google Drive, you can store all your files in one place, so you can access them from anywhere and share them with others * Use the Go

[1] ابدأ مدينتك الأولى في لعبة simcity5

أهلا بكم معنا ... سأبدأ سلسلة جديدة ان شاء الله حول البداية مع لعبة سيم ستي ، لن أركز هنا على تصميم وشكل المدينة وجمالياتها ، فهذا راجع لكم

Give a Chromebook

The new HP Chromebook is for everyone, and we want all kinds of people to try it.

GoogleNowWallpaper HD

Get the Google Now style on your homescreen!This application changes your current wallpaper with a google now wallpaper based on your clock

وبشر الصابرين
Public - 3 months ago
reviewed 3 months ago
2 reviews