News items for tag shiny - Koos van den Hout

This morning I was looking on shodan for open remote desktop servers in the work network since RDP was mentioned as an attack vector in the latest GANDCRAP ransomware.

Searching for '3389' on shodan found something completely different: an open industrial control system (ICS) for tankstation gauges.

IN-TANK VOORRAAD        

TANK PRODUCT             VOLUME TC VOLUME   VULVOL   HOOGTE    WATER     TEMP
  1  UL 98                 9757      9693    10283    939.2      0.0    20.09
  2  EURO                 2...

According to The Internet of Gas Station Tank Gauges -- Take #2 - Rapid7 this was already a reported issue in January 2015 and according to their research it may be possible to do bad things with this access.

The above is from a gas station I can find on google maps.

Oh I found the way to search for open remote desktop servers on shodan: port:3389.

I noticed the Nomadic Research Labs site was cleaned up a bit more, so I searched again for the article that I read in August 1995 about Steven K. Roberts and his recumbent bicycle Behemoth: "Big Electronic Human-Energised Machine ... Only Too Heavy".

The scans are at BEHEMOTH in Kijk – Dutch Magazine. Interesting detail is that the top left text refers to a picture of a Challenge recumbent. I recently ordered a new Challenge recumbent! Maybe I should find out whether I can find that page of that magazine.

Several things can be related to seeing this article: buying the book Computing Across America, selecting a recumbent bicycle later in life and this idea in the back of my head of future recumbent cycling trips.

I had a serious case of 'ooooh shiny' today. I browsed a bit of Northern Canada news from CBC and found the article Dempster Highway drivers flock to new destination — the Arctic coast about the new Inuvik Tuktoyaktuk Highway which connects the Dempster Highway all the way to Tuktoyaktuk on the northern arctic coast.

So I started wondering whether people are cycling the Dempster Highway. Yes, they are. I found several travel stories, Cycling the Dempster Highway to Inuvik, Cycling the Dempster Highway Part 1: Hungrier than the bears - Tasting Travels and Dempster Highway to the Arctic about one cyclist who cycled from Vancouver to Inuvik on a recumbent.

I may have found some future cycling ideas there. Those ideas aren't really new, from time to time I get back to thinking about Computing Across America and Steven K. Roberts.

A while ago I found out about Ham Radio Signs who make custom signs with your callsign (or anything else). I really liked the idea and decided I would 'gift' myself one when I got my new callsign after upgrading to the full license. So after I was able to register PE4KH I ordered the ham radio sign for it in the style/colour I wanted. It arrived today and I'm happy with it.

It needs 12V-13.8V power but that is usually not a problem in an amateur radio environment!

Op sommige repeaters hoor ik mensen wel eens roepen dat ze "'m aan het haakje gaan hangen" als ze willen stoppen met meepraten. Dat verwijst naar het haakje of clipje waaraan de handmicrofoon opgehangen kan worden.

Ik had van een stukje koperdraad een simpel haakje gebogen maar dat was niet echt handig en viel wel eens van de plank af. Dus toch maar eens uitgekeken naar een echt goed beugeltje. Op de beurs in Rosmalen kon ik geen aanbieder vinden. On-line even gekeken en terecht gekomen bij Microphone Hang Up Clip for KMC-30,KMC-32,KMC-35,KMC-36 en nu kan ik 'm dus ook aan het haakje hangen!

Het is een hele nette microfoonhouder, die ook in een auto of boot zou werken, er zit een veer achter die de microfoon vasthoudt.

This evening when I had time to play with the radio the HF bands I can use were already going 'silent'. But I left the setup running om 14.070 MHz in fldigi in PSK31 mode. This is the recommended standard frequency for PSK31 in the 20 meter band, so a lot of people will try there first. I saw a CQ call from EA9BO and fldigi filled in the country as Ceuta & Melilla which I did not recognize.

Map of Ceuta and Melilla, from Ceuta-melilla.png, Wikimedia Commons, Anarkangel

Which means one thing: a contact with a new country! I was able to answer his call after he had contacts with a few other stations and he got my signals and we had a short QSO. Afterwards I looked up Ceuta & Melilla which are the two autonomous Spanish cities that are within Morocco.

Again amateur radio learns me new things about geography! I already have looked up a number of interesting city names in eastern parts of Europe because of what I received as the cities of radio amateurs I had contacts with.

Oh and this is the first contact on the African continent.

For a while I have been considering my wishes for a more elaborate amateur radio. What I want to do with it is continue and expand the use of amateur satellites, and try to get into PSK31 on HF, starting on the 20m band. So a list of must haves and should haves arose: all-mode, portable, computer assisted tuning, HF support, 2 meter and 70 centimeter and an increas of power from 5W.

Adding it all up and looking for a reasonable price I ended up considering the Yaesu FT-857(D). It's in the middle between the FT-817 (too low power, still 5 watts) and the FT-897 (too heavy: 3.9 kilograms). And a reasonable pricetag, were other amateur radio brands have nothing comparable or at a much higher pricetag. I went looking for a second-hand one and when we got back from holiday a nice one (FT-857 with DSP and installed filter, and a remote control+DTMF hand microphone) showed up from Communicatie Centrum Venhorst - Hilversum and I bought it. Picked it up this week, and I am learning using it. I listened to SO-50 this evening using this radio with a lot of wires on the table in the backyard.

Radio setup - FT-857, PC power supply for 12V, laptop, Arrow antenna: ready for amateur satellites

It was clear I also need headphones to listen to amateur satellites on this radio so I'll get the parts to connect a headphone soon. Cables for computer assisted tuning and interfacing to a computer sound card are already ordered.

This radio also allows me to access SSB satellites, so I'll have to learn how to do that.

The good news about the SO-50 pass: there were QSOs going on, the person just calling CQ and never listening to the answers was missing.

There are great things happening at the moment: the NASA ISEE-3 satellite from 1978 is going to pass earth again in August 2014. Due to budget cuts and cleanups at NASA they decided to not do anything with the satellite. International Cometary Explorer - Wikipedia.

The first signals from this satellite were received in March: AMSAT-DL and Bochum Observatory Detect ISEE-3 Transmitters - Space College and since that moment people have been busy with it. The satellite was supposed to be switched off but it wasn't completely switched off and it receives enough solar power to overcome the lack of energy storage. A project was started named the ISEE-3 Reboot Project - Space College to get in touch with the satellite again and control it to make the course correction to return to the original orbit. With crowdfunding this project was able to get started quickly and the project received the control keys from NASA to be able to command the satellite. The first commands were successfull: Happy Dance Video: First Successful ISEE-3 Commanding - Space College when the satellite was ordered to send more telemetry data.

I'm following this story as I think it's great: commanding a satellite that has been in space for 36 years. The amateur radio angle is that recent developments in amateur radio have made this possible: the kind of specialized equipment that was needed in 1978 is now done with software defined radio and really good amplifiers.

Browsing from one hamradio web log to the other I came across this gem: Humorous Repeater IDs - KB6NU's Ham Radio Blog. Don AE5DW of Amateur Radio Newsline recorded some humourous IDs for repeaters.

Repeaters have to announce themselves on their output frequency on a regular basis (the rules for this can differ per country). Default is an output of the callsign in morse code or synthesized voice, but the above is what you get when you let someone with a good voice and experience in radio making.

After trying owx to talk to my Wouxun KG-UVD1P transceiver a co-worker who is a licensed radio amateur showed me CHIRP: an open source programming tool for amateur radio which does the programming of memory channels for different types of amateur radio sets with a friendly and easier to understand user-interface. For example I can select a set of channels from another channel list and paste them in my list.

Installing it on my laptop with Ubuntu was easy since chirp is available via the ubuntu-hams-updates ppa.

As a christmas present I got a hamradio transceiver, a Wouxun KG-UVD1P. I should not use it until I get the right amateur radio license! All the more reason to study for it and pass the exam.

Wouxon KG-UVD1P image from RadioPics Database

I plan to use it to work FM repeaters when I get my license. I hope to do long rides on the recumbent again and using this radio at the same time. It is a small radio, it fits in my hand. The speaker microphone should make use on the recumbent easy.

Otherwise I'm getting myself familiarized with it and trying to understand it all. I bought it with a speaker microphone and a programming cable and software. The software with the programming cable came on a recordable small-format CD-ROM and only mentioned Midland product numbers so I had to look up that the Wouxon KG-UVD1P is also known as the Midland CT790. This is Windows software and since the cable has a PL2303 serial/usb convertor you also need a driver for that. Programming repeater names and frequencies into the radio using the software is easy.

Having to use Windows isn't my idea of very usable hardware, so I searched whether someone had already done something and I found Open Wouxon (OWX) which allows reading the radio and writing it from Linux and other Unix versions. Reading over the serial/usb cable worked the first time:

$ owx-check -p /dev/ttyUSB0 
Found radio: KG669V
$ owx-get -p /dev/ttyUSB0 -o file.bin
Found radio: KG669V
Reading address 0x1FC0 (99% done)
$ cp file.bin backup.bin
$ owx-export -i file.bin -o wouxon.csv
$ vim wouxon.csv

and I was able to make some edits, writing data back gave me timeouts on the first few tries where the owx-check utility showed perfect communication with the radio.

$ owx-put -p /dev/ttyUSB0 -i file.bin -r backup.bin 
owx: Radio not responding
$ owx-check -p /dev/ttyUSB0 
Found radio: KG669V
$ owx-put -p /dev/ttyUSB0 -i file.bin -r backup.bin 
owx: Radio not responding
$ owx-check -p /dev/ttyUSB0 
Found radio: KG669V
$ owx-put -p /dev/ttyUSB0 -i file.bin -r backup.bin 
Found radio: KG669V
Skipping address 0x1FF0 (99% done) 

Strange, but in the end it all works.

The manual of the Wouxon KG-UVD1P gives me the idea that this radio is one where a lot is done in software. It can be programmed to go outside hamradio bands for other uses. The manual is somewhat terse and the English used isn't too great, but it works for me.

I found this review of the Wouxon KG-UVD1P by N9EWO which has more on longer use and compares it with other amateur radio sets. I'll post updates on this after I get to actually use it.
Reviews of the Wouxon KG-UVD1P at eham.net

Wouxon KG-UVD1P manufacturer webpage

Vandaag een PTT Ericsson model 51 DTMF geleerd met behulp van de DTMF omzetter van picbasic.nl met ondersteuning voor PTT Ericsson model 51. Een wandtoestel wat een ontwerp is uit 1951. Het toestel wat we onderhanden hadden had een productiedatum 'VII 1964', vermoedelijk dus juli 1964. De PTT W65 is de opvolger hiervan.

Na het werkend krijgen van de DTMF omzetter hebben we het toestel aangesloten op een Cisco ATA 186 die gekoppeld is met de asterisk testcentrale zodat we de sprekende klok in asterisk en het weerbericht in asterisk konden bellen. En natuurlijk de telefoon laten rinkelen!

One thing I love to do here at BA HQ is feature beautiful, time-lapse videos of the night sky. The advent of high-definition digital cameras has led to an explosion of these videos. If the photographer takes care, the result can be an ethereally lovely and (ironically) other-worldly feel to the animation.

My pal Christoph Malin is one such photographer. He is a member of The World At Night, a global effort to make more people aware of the beauty of the night sky. Over the past year and a half, he’s been traveling to the volcano island of La Palma, one of the Canary Islands off the coast of Morocco, filming the landscape and skyscape there. He generated over a terabyte of raw images (!!) and put them together to create this gorgeous time lapse video, Island in the Sky.

You want to watch this in HD and fullscreen.
Via Time-lapse video: clouds and stars over the volcanic La Palma Canary Island

Interesting article/presentation: Pen tester builds wifi war-bike about a motorcycle with war-driving capabilities based on kismet coupled with a heads-up display driven via a Raspberry Pi.

The video in the article of the presentation is not very good, and I can't find a website about this project at the moment.

Ik heb meegedaan aan de hackcontest ter ere van 20 jaar SURFcert. Ik vond het belangrijk om mee te doen omdat de Universiteit Utrecht betrokken is geweest bij de opzet van SURFcert.

De contest bestond uit twee delen: een eerste deel waarin een ketting van puzzels opgelost moesten worden. Deze challenge was afgeleid van een van de Dragon Research Group challenges. Elke stap leverde een URL op naar de volgende stap. Een stap met een qr-code met een gemenigheidje er in (de meeste qr-code software leest geen gespiegelde qr-codes), een stap met een .pcap file waar een sessie met urls uit gehaald moesten worden, een stap met een .exe file die een ROT-47 versleutelde url bevatte (waarbij de wat meer op windows gerichte onderzoeker een decompiler zou gebruiken) en een jpg file met een url erin gestopt met steganografie met encryptie.

Het tweede deel was een 'capture the flag': het inbreken in een niet geheel up-to-date windows computer met metasploit en dan het daarop vinden van 5 'flag files'. De inbraak lukte met een msrpc exploit en daarna ging het vinden van de eerste 2 files vlot voor mij. De 3e en de 4e kon ik vinden nadat ik van de meest recent ingelogde gebruiker op het systeem alle 'Recent Document' links aan het volgen was.

Het eindresultaat was dat ik gewonnen heb! Surfnet maakte het gelijk bekend: Spannende hackcontest SURFcert gewonnen door Koos van den Hout.
Juist die gedachtensprongen die nodig waren om alles op te lossen maakte het leuk en uitdagend voor me.

Interesting google ad: "Thank you for helping us measure IPv6", linking to Measuring IPv6 - APNIC. Yes, that was a session over IPv6 from home.

Opvallend artikel: Portofoon steeds meer een smartphone - PI4RAZ met als opmerkingen:

Portofoons en smartphones lijken steeds meer op elkaar. Zowel het uiterlijk, het gebruik als de functionaliteiten komen samen. Een logische ontwikkeling, vindt Arend Massier, Sales Manager bij Motorola-dealer Selecsys: "Een portofoon kan soms te intimiderend overkomen."

Mijn eigen gedachte is dat die ontwikkeling vooral komt omdat de professionele portofoons steeds meer digitale netwerk functies krijgen, zoals de in het artikel genoemde ticket management en e-mail. Dat ze dan minder op een portofoon lijken is in sommige omgevingen (zoals de genoemde hotels) inderdaad een voordeel.

Grappig is dat ik me vandaag juist op de fiets afvroeg of ik met een portofoon voor amateur-radio toepassingen misschien over zou komen als beveiliger of agent, wat in het verkeer niet altijd even handig zou zijn. Als ik het radio-amateur examen gehaald heb wil ik wel beginnen met wat experimenten met een portofoon op de ligfiets. Maar: eerst maar eens dat examen halen!

Gevonden via Beste mederadiozendamateurs, een portofoon is intimiderend. Daarom gaan ze steeds meer lijken op smartphones. http://www.pi4raz.nl/index.php?option=com_content&task=view&id=3055&Itemid=43 …

Update 2013-02-19: Ik kwam ook een opmerking van Hans PD0AC tegen in I have been scammed! - Ham Radio Blog PD0AC:

Every time I'm driving my car for example, holding a microphone or some hand-held, people slam on their brakes. I can see the wives yell "Slow down, it might be police!" to their husbands.

Dus de gedachte "aangezien worden voor beveiliger of agent" is niet zo vreemd. Maar met een auto is die kans natuurlijk stukken groter dan met een fiets. Om op de fiets aangezien te worden voor politie-agent moet ik op een witte mountainbike door voetgangersgebieden gaan rijden.

I just found Intercept Service with Jane Barbe where ElmerCat has put a lot of time and energy into saving, splitting and digitizing phone phreaking recordings. My first thought was to take the Jane Barbe recordings and set up a few intercepts of my own. Maybe for playing with the people who try to break in to my asterisk testserver or (more constructive) to set up a Jane Barbe intercept service which can be used on Collectors*Net.
Found (unsurprisingly) via "1000 Abstract Machines" ... and a New Generation of Phone Phreaks? - The History Of Phone Phreaking.

Update: Ok, using the 'Jane Barbe' digits in Asterisk isn't very hard. Download the .mp3 files from soundcloud and convert them to the asterisk .gsm format:

$ mkdir janebarbe
$ sox JB-0-neutral.mp3 -r 8000 -c 1 janebarbe/0.gsm

..

$ sox JB-is-not-in-service.mp3 -r 8000 -c 1 janebarbe/is-not-in-service.gsm 
$ sox JB-the-number-you-have-reached.mp3 -r 8000 -c 1 janebarbe/the-number-you-have-reached.gsm

And put that entire janebarbe directory in the directory where asterisk expects the digit files for language 'janebarbe' which is /usr/share/asterisk/sounds/digits/janebarbe/ in the 'old' directory structure and /usr/share/asterisk/sounds/janebarbe/digits/ in the 'new' directory structure. Look at Asterisk multi-language - voip-info.org for details on directory structures.

Using the digits is now simple, a test:

exten => s,1,Answer()
exten => s,n,Wait(1)
exten => s,n,Playback(digits/janebarbe/the-number-you-have-reached)
exten => s,n,Set(CHANNEL(language)=janebarbe)
exten => s,n,SayDigits(1234567890)
exten => s,n,Playback(digits/janebarbe/is-not-in-service)
exten => s,n,Hangup

Will have Jane Barbe telling you what you expect. This can be used as an invalid-number intercept.

I'm preparing a presentation and I got distracted by the possibility of a remote presenter. Bluetooth presenters that act as a human input device are available but somewhat expensive for the few presentations I give. So I looked at the other option: use a mobile phone as bluetooth device. On the Nokia E71 a wireless presenter is included (WiPresenter) but it needs a local program on the laptop which only has versions for Windows. A bit of google searching found me Amora: A Mobile Remote Assistant, using a symbian60 phone as presenter on Linux.

It works, although I note something: the app wants to use the numeric keys but the keyboard is in normal mode, so I have to type function+number for special keys, but the middle key of the navigation pad works to get to the next slide. Now back to working on the presentation....

Update: Presentation went fine. Things I noticed about amora: the actions aren't noticed by the screensaver, so the laptop screen went dark a few times. Disabling your screensaver is always a good idea for presentations.

Another awesome timelampse, Via Faces turned upward, a telescope array scans the southern skies Philip Plait

Night landscapes and the Milky Way always work very good in timelapses.