Happy, Prosperous New Year!

It is nearly twelve hours short of the start of the new year and, through an adoring e-card, someone special has already wished me a bright and wonderful new year.

I, therefore, wish everyone reading this a lovely new year filled with happiness, success and everything else good. It is no denying that time flies quickly. I also wish that you do anything productive with your time, instead of sitting idly and wasting it. For those who have not yet realised it, time is priceless.

Happy new year!


A man lured, with sweets, the 11-year old daughter of his friend’s into his house and raped her. Subsequently, he slit her throat with a kitchen knife and, using a chain-saw, cut her body into three parts: torso, legs, and head. He hid the body parts inside cupboards, cleaned his house, and, with a look of concern on his face, went to his friend’s house to enquire after his friend’s missing daughter and, later, joined the friend in search for her. In the midst of an interrogation later that day, the man gave himself in to authorities, admitting his crime. Apparently, he had been helping his friend with monetary aid from Saudi Arabia, but was treated unfairly by the same friend on his return.

Sigh. The above, which is a brief description of the event in my own words, made it to the front page of the major newspaper this morning. The above also happens to be the first thing I read to start my day. The word inhumane seems to have suddenly lost its charm.

Random Musings #11

Promise only that which you can deliver. Learn to say no to people, instead of saying yes and ending up disappointing them. And treat people more or less the way they treat you.

A mere misinterpretation!

It takes only misinterpretation of context for one to break up an old, deep-rooted relationship. Words intended to mean an entirely different thing, but construed as entirely another can act like double-edged swords and peneterate easily through a bond of any relationship, ripping the fibres that keep the bond strengthened and intact into shreds. It is most true what they say that, “Beauty and bullshit, both, are only in the eyes of the beholder.”

It may seem at first reading that such misinterpretation might lie within the act of an unreasonable, un-understable interlocutor. The sad reality, however, suggests that it need not be.

Words can have deceiving meanings, and when used in complex, syntacticly-correct constructions can often leave behind structures whose context and meaning are baffling to not only a careless eye, but to most pedantic eyes too.

It may also seem at first reading that the fault lies within the speaker’s careless, incorrect, or at times ego-ridden interpretation of the ineptitude of their interlocutor to grasp meaning out of complexly dangling constructions. However valid that may be, it remains a fact that most interlocutors in today’s age do not care enough to properly, thoroughly read what has been addressed to them in order to comprehend the intended substance of the message. Oftener, the interlocutor finds themselve picking up not the import of the message, but that which they themselve presume to be the meaning, which, it is only fair to add, overlaps the intended meaning more than just often. It is still a sad reality, though.

This brings the focus back to why exactly I have chosen to rant under this issue. I nearly lost a close friend — to make an understatement. A harmless, childish misinterpretation of context on their part, which itself came as a thudding surprise to me, ruptured a tightly bonded relationship. What was worse was that, till the run-out to my discovering about it, I had been kept in the dark. Simply. I was not allowed a chance to clarify my context and, in doing so, undo the damage I had never intended to cause. It was all hush-hush. A mere misinterpretation inflicted enough pain to numb out the capacity to assess the situation with reason, thereby obviating a need to even indulge in a conversation with the speaker, even if only to vent feelings, let alone to allow a chance to the speaker to clarify.

A mere misinterpretation …


PAKCON II ended on 13 December in Pearl Continental, Karachi, this week. It was nothing short of a blast.

The underground hacking and information security convention spanned over two days, covering eleven different, exceedingly insightful talks and a low-profile Capture the Flag (CtF) hacking contest. This time around, five of the eleven security speakers were from abroad from various security organisations. The rest six were local speakers. I was due to present a talk myself, but could not because of a tough academic schedule at the University which kept me occupied.

Detailed information about the speakers who presented this year is available here.

With a clean shave and a hot-water bath, I dove into my casual jeans and “hacker” t-shirt, putting on a sleeveless, front-open black sweater. I drove to the hotel in my white Swift and got off right next to the hall booked for the convention. It was the first time I had driven to the hotel, so I was naturally excited. As I was heading down to the entrance to the hotel, I spotted a couple of goons coming straight my way. With them was Ben, a security researcher from eEye Digital Security, who had flown in from Thailand to present a talk. I greeted him and others. As I soon found out, Ben had a heck of a ride, as he told me with a frown how he had had to spend five hours at the airport waiting. The next few hours were spent lingering in the hall, visualising how the hall would look next morning when all preparations would have been completed, and chatting with each other. Some of the goons, who were going to present talks and not least those who were going to go in for the first time, were taking turns to stand on the podium, getting the feel of it, practising their speeches, all the while trembling at the thought of having to speak the very next morning or day after in front of a large crowd. Ben was happily occupied with tweaking the sound system to adapt it to the length of the hall so that, presumably, those sitting at the back could hear the speakers without effort. He looked like a professional. Oh, wait. He is a professional. Heh!

Jahanzaib and I left off the hall, leaving the other goons inside, and headed straight to the hotel’s lobby to use the hotel’s wireless Internet connection. The connection was galloping with a consistent 50-KB/sec download rate. But, honest-to-goodness, we did not dowload porn. A few hours later, we retired to a local cafe outside, in front of and at a five minutes walks from the hotel, to have dinner. Done with the dinner, we rendezvoused with Faiz and, consequently, checked into our room, where we spent the better part of the night chatting and designing the CtF. At around about four, setting the alarm to ring at 8 sharp, we dosed off, hoping everything would go smoothly the next morning.

During day-1, I was involved most of the time with managing the CtF, so, unfortunately, missed a whole bunch of talks. I did not attend day-2, and consequently, as a friend put it out for me, I missed out on a bunch of cool talks.

Day-1 started off with Faiz, founder of PAKCON, delivering his talk on “Hackers Methodology and Incident Handling”. Struggling with getting the CtF ready with Jahanzaib, the other guy with whom I design and implement the CtF, I let the talk pass. The Information Technology minister had been invited to the convention, but, he turned out to be a major pain. The inauguration ceremony was thus postponed until an hour or two later when, not the minister, but his personal secretary showed up. The personal secretary to the IT minister mauled the audience, who clearly did not seem interested, with a nearly half an hour long speech, three quarters of which focused on the recent earthquake incident. With my head drooped into my clasped hands, I gathered up enough patience to listen through the speech.

Later on in the day, Jamil Villiani, a Security Program Manager in Microsoft’s Secure Windows Initiative (SWI) team, spoke on “Secure Development Lifecycle”. I doubt the amp or the microphone was suffering from any technical problem, but Mr Villiani spoke in a very low, somewhat inaudible tone. I thought I had heard him chatting at a high tone with Ben earlier. Nah! Next up was Ben from eEye Digital Security, whose talk was titled “Beyond NX: An Attackers guide to anti-exploitation technology for Windows”. With a native Australian accent, Ben managed to present a deeply technical talk in an interesting fashion, keeping the audience awake and focused on what was going on. During the Q/A session with Ben, I put up a question which convinced him to throw a t-shirt at me, and he would have, if only I had not been wearing a “Hacker” t-shirt myself. The t-shirt went off to someone else in the audience. Tough luck, eh!

Jawad Sarwana, an Advocate of the High Court of Sindh and Senior Associate with Abraham & Sarwana, mused on “Identifying Cyber Crime”. Amidst his talk, the IT minister appeared from no-where and demanded that an announcement of his arrival be made. Despite attempts to explain to him that a talk was already in motion, someone went up the stage, regretfully interrupted the ongoing talk and made an announcement. Sigh! It was relieving to see that the minister at least had the sense and decency to wait till the end of the talk to deliver his speech, which I did not bother to lend an ear to, anyway.

c0ntex, a hobbyist security researcher, pen-tester and exploit developer, had been due to present his talk on “0day: Heap-based Format String Bug in Real-/Helix-players on *nix” on day-2, but, for some reason, his slot was stashed up to the end of day-1. I had not known about that change myself, and was enlightened during a small conversation I had with him. It was his first talk, he wasn’t prepared properly, and was a little nervous. I wished him good luck. In a Scottish accent, he spoke about his discovery of an 0-day bug in Real-/Helix-players on *nix systems. He presented a live demo detailing how to get a root shell by exploting a format string bug in the real-/helix-player on a Debian-based system. I enjoyed the demo more as he played tinkered with gdb to grab offsets and EIP and EBP addresses and demonstrated how he overwrote the EIP to get root on the box. His was the last presentation of the day.

The CtF, meanwhile, had been going on the whole day side-by-side as the talks progressed. It too ended coincidentally with the end of c0ntex’s talk. Only three teams showed up, and the game designed was simple itself, though hard to crack in the sense that one of the system was extremely difficult to break in to both remotely and locally. It was an interesting CtF nonetheless, althought I must say not anywhere so interesting as the one Jahanzaib and I had designed for the GameHack earlier this year in August/September. The team that had had won the CtF at GameHack were proclaimed the winners of the CtF again. Kudos to them!

With that came an end to day-1. I headed home with a friend, took a bath, sat online for a while, and went to bed. Next morning, I did get up early to get ready to leave to attend day-2, but a severe gastric ailment kept me isolated. Unfortunately, I missed out on a couple of great talks on day-2. Now that I think of it, it seems both clear and logical to me that, given the fairly sensitive gastric system I possess, the food I had had multiple times from a small, local cafe outside of Pearl Continental Hotel during the time I stayed at PC was what caused the chain reaction, so to speak. Ah, well! I will prefer to stay hungry next time.

That’s about it. All in all, it was a great security event. It would have been even greater if I had presented a talk myself. Oh, well: there’s always next time. ;-)

National Kindergarten of Computer And Emerging Sciences!

“This is the photo-copy of the first page of your answer sheet on which the marks you have scored are listed. Take it home, get it signed by your parents, and scribble on the top right corner a legitimate contact number through which to contact your parents. Bring it next Monday!”, the old professor, who could barely stand soundly, dictated on top of his otherwise inaudible voice. Before anyone could manage a groan, the professor bursts, “And I will call your parents and discuss your progress.” Half of the students drop the lower part of their jaws open in utter shock, some retain their composure, trying hide to stifle their reacation, while the rest diss away the professor’s meanderings with a cold smirk.

On a cold Thursday morning, which as the day progresses will transform into an otherwise unimaginably tiring Thursday afternoon and evening, a lecturer guards his ground and callously threatens, with a grin twisting at one end of his mouth as the words make way out the mouth, “I will show you your answer sheets next week. You will take it and get it signed by your parents and return it back. I will be cross-checking the authenticity of the signatures, and he who is found guilty of forgery, well, let’s just say, it won’t be good for him.” Half of the students are shocked, not so much by the news as the fear it has infused in their minds. Others still, don’t bother so much as a second thought, jerking off the threat as utter trash.

Ladies and gentlemen, boys and girls, allow me the once-in-a-lifetime pleasure to introduce you to everything. First, allow me to introduce who I am. My name is Ayaz Ahmed Khan, I am a four-year old baby, and I study in kindergarten. The professor and the lecturer mentioned are my kindergarten teachers. The rest are my kindergarten friends — I have many.

All my friends are very naughty. They barely study. They enjoy teasing teachers, and playing with lego, colouring pretty pictures in the pretty picture book with colourful crayons, and many more things.

My teachers are very caring. They believe that all play and no work will make Jack a dull boy. They want us all to study and do well. But, because they themselves cannot find a way to control us and make us study, they now want to complain to our parents. They believe that since we are kindergarten babies, whatever our parents will tell us to do, we will do. I think my teachers are very clever.

But, this news has scared some of my kindergarten friends. Some of my friends aren’t bothered at all — they still like playing with lego and colouring pictures, etc. Rest of my kindergarten friends did not comment. Some of my kindergarten friends who know what will happen if their parents found out are very very scared. They realise that their parents will take away their toys, keep them away from watching Barney on Nikelodion, etc, until they start studying. My friends are very worried.

Everyone in my kindergarten class is discussing what to do. Everyone is thinking what will happen next, what will become of them.

I am scared. I don’t know what will happen next.