2012-11-26 (#) 7 years ago
Interesting article/presentation: Pen tester builds wifi war-bike about a motorcycle with war-driving capabilities based on kismet coupled with a heads-up display driven via a Raspberry Pi. The video in the article of the presentation is not very good, and I can't find a website about this project at the moment.
2012-11-21 (#) 7 years ago
Ik heb meegedaan aan de hackcontest ter ere van 20 jaar SURFcert. Ik vond het belangrijk om mee te doen omdat de Universiteit Utrecht betrokken is geweest bij de opzet van SURFcert. De contest bestond uit twee delen: een eerste deel waarin een ketting van puzzels opgelost moesten worden. Deze challenge was afgeleid van een van de Dragon Research Group challenges. Elke stap leverde een URL op naar de volgende stap. Een stap met een qr-code met een gemenigheidje er in (de meeste qr-code software leest geen gespiegelde qr-codes), een stap met een .pcap file waar een sessie met urls uit gehaald moesten worden, een stap met een .exe file die een ROT-47 versleutelde url bevatte (waarbij de wat meer op windows gerichte onderzoeker een decompiler zou gebruiken) en een jpg file met een url erin gestopt met steganografie met encryptie. Het tweede deel was een 'capture the flag': het inbreken in een niet geheel up-to-date windows computer met metasploit en dan het daarop vinden van 5 'flag files'. De inbraak lukte met een msrpc exploit en daarna ging het vinden van de eerste 2 files vlot voor mij. De 3e en de 4e kon ik vinden nadat ik van de meest recent ingelogde gebruiker op het systeem alle 'Recent Document' links aan het volgen was. Het eindresultaat was dat ik gewonnen heb! Surfnet maakte het gelijk bekend: Spannende hackcontest SURFcert gewonnen door Koos van den Hout.
Juist die gedachtensprongen die nodig waren om alles op te lossen maakte het leuk en uitdagend voor me.
2012-11-05 (#) 7 years ago
Interesting google ad: "Thank you for helping us measure IPv6", linking to Measuring IPv6 - APNIC. Yes, that was a session over IPv6 from home.
2012-10-15 (#) 7 years ago
Opvallend artikel: Portofoon steeds meer een smartphone - PI4RAZ met als opmerkingen:Portofoons en smartphones lijken steeds meer op elkaar. Zowel het uiterlijk, het gebruik als de functionaliteiten komen samen. Een logische ontwikkeling, vindt Arend Massier, Sales Manager bij Motorola-dealer Selecsys: "Een portofoon kan soms te intimiderend overkomen."Mijn eigen gedachte is dat die ontwikkeling vooral komt omdat de professionele portofoons steeds meer digitale netwerk functies krijgen, zoals de in het artikel genoemde ticket management en e-mail. Dat ze dan minder op een portofoon lijken is in sommige omgevingen (zoals de genoemde hotels) inderdaad een voordeel. Grappig is dat ik me vandaag juist op de fiets afvroeg of ik met een portofoon voor amateur-radio toepassingen misschien over zou komen als beveiliger of agent, wat in het verkeer niet altijd even handig zou zijn. Als ik het radio-amateur examen gehaald heb wil ik wel beginnen met wat experimenten met een portofoon op de ligfiets. Maar: eerst maar eens dat examen halen! Gevonden via Beste mederadiozendamateurs, een portofoon is intimiderend. Daarom gaan ze steeds meer lijken op smartphones. http://www.pi4raz.nl/index.php?option=com_content&task=view&id=3055&Itemid=43 … Update 2013-02-19: Ik kwam ook een opmerking van Hans PD0AC tegen in I have been scammed! - Ham Radio Blog PD0AC:Every time I'm driving my car for example, holding a microphone or some hand-held, people slam on their brakes. I can see the wives yell "Slow down, it might be police!" to their husbands.Dus de gedachte "aangezien worden voor beveiliger of agent" is niet zo vreemd. Maar met een auto is die kans natuurlijk stukken groter dan met een fiets. Om op de fiets aangezien te worden voor politie-agent moet ik op een witte mountainbike door voetgangersgebieden gaan rijden.
2012-10-09 (#) 7 years ago
I just found Intercept Service with Jane Barbe where ElmerCat has put a lot of time and energy into saving, splitting and digitizing phone phreaking recordings. My first thought was to take the Jane Barbe recordings and set up a few intercepts of my own. Maybe for playing with the people who try to break in to my asterisk testserver or (more constructive) to set up a Jane Barbe intercept service which can be used on Collectors*Net.
Found (unsurprisingly) via "1000 Abstract Machines" ... and a New Generation of Phone Phreaks? - The History Of Phone Phreaking. Update: Ok, using the 'Jane Barbe' digits in Asterisk isn't very hard. Download the .mp3 files from soundcloud and convert them to the asterisk .gsm format:$ mkdir janebarbe $ sox JB-0-neutral.mp3 -r 8000 -c 1 janebarbe/0.gsm..$ sox JB-is-not-in-service.mp3 -r 8000 -c 1 janebarbe/is-not-in-service.gsm $ sox JB-the-number-you-have-reached.mp3 -r 8000 -c 1 janebarbe/the-number-you-have-reached.gsmAnd put that entire janebarbe directory in the directory where asterisk expects the digit files for language 'janebarbe' which is /usr/share/asterisk/sounds/digits/janebarbe/ in the 'old' directory structure and /usr/share/asterisk/sounds/janebarbe/digits/ in the 'new' directory structure. Look at Asterisk multi-language - voip-info.org for details on directory structures. Using the digits is now simple, a test:exten => s,1,Answer() exten => s,n,Wait(1) exten => s,n,Playback(digits/janebarbe/the-number-you-have-reached) exten => s,n,Set(CHANNEL(language)=janebarbe) exten => s,n,SayDigits(1234567890) exten => s,n,Playback(digits/janebarbe/is-not-in-service) exten => s,n,HangupWill have Jane Barbe telling you what you expect. This can be used as an invalid-number intercept.
2012-10-05 (#) 7 years ago
I'm preparing a presentation and I got distracted by the possibility of a remote presenter. Bluetooth presenters that act as a human input device are available but somewhat expensive for the few presentations I give. So I looked at the other option: use a mobile phone as bluetooth device. On the Nokia E71 a wireless presenter is included (WiPresenter) but it needs a local program on the laptop which only has versions for Windows. A bit of google searching found me Amora: A Mobile Remote Assistant, using a symbian60 phone as presenter on Linux. It works, although I note something: the app wants to use the numeric keys but the keyboard is in normal mode, so I have to type function+number for special keys, but the middle key of the navigation pad works to get to the next slide. Now back to working on the presentation.... Update: Presentation went fine. Things I noticed about amora: the actions aren't noticed by the screensaver, so the laptop screen went dark a few times. Disabling your screensaver is always a good idea for presentations.
2012-10-04 (#) 7 years ago
Another awesome timelampse, Via Faces turned upward, a telescope array scans the southern skies Philip Plait Night landscapes and the Milky Way always work very good in timelapses.
2012-09-28 (#) 7 years ago
I found IPvFox, a firefox extension which lists all servers involved in a page and their IPv6/IPv4 addresses. The use-case is seeing how much of those use IPv6, but it's also interesting to see how many hosts are involved in a webpage. With images, frames, scripts which can all come from different places some pages have interesting dependencies. From a few sites which I tried the one which had the most servers involved turned out to be CBC North with 23 servers. With a few dual-stack servers, including a trackingserver for visual revenue, a company measuring web traffic for media companies, who seem to be interested in IPv6 traffic measurements. Update: There is one detail.. as stated on the webpage:IPvFox provides a panel listing the hosts from which the current page and its resources were loaded.So this is interesting in an environment with outside IPv4 and IPv6 connections. When I use a proxy which can be connected via IPv6 the display gets very boring: the address of the host from which the resource was loaded is always the IPv6 address of the proxy.
2012-09-17 (#) 7 years ago
The latest debian iso images support both USB and CD booting, the image can both be burned to cd and copied to a USB key, simply as# cat debian.iso > /dev/disk/by-path/..usb..; syncI was wondering how that was done, and found Further adventures in EFI booting - mjg59 which mentions Hybrid cd-rom/harddisk mode in isolinux and a simple explanation at How the Hybrid ISO/IMG works. It's an interesting trick. And with isohybrid it's easy to implement.
2012-09-07 (#) 7 years ago
Another beautiful timelapse compilation... watch it in HD + fullscreen.
2012-08-22 (#) 7 years ago
Home automation and monitoring with ideas I like: openHAB 1.0 - Home Automation For Geeks. One thing quite notable to me is the option for privacy in measuring:Persistence and Charting – Store your values and states anywhere you like: In a local database (classic or round-robin), in dedicated log files or even in an Internet-of-Things cloud service. Use the persisted data for defining complex automation logic or for dynamic chart generation.So you don't have to export all your data exactly logging your daily life to some external service. Very good! Lots better than all those devices that ship your data out first and give access to you and who else later, like the 'smart meter'. The current user-interface options are very modern-gadget centric (android mobile browser or apple mobile device browser) but given the fact that it also has a clearly defined REST api, developers can write other user interfaces. Via openHAB 1.0 - Home Automation For Geeks - Jan-Piet Mens
2012-08-15 (#) 7 years ago
2012-07-07 (#) 7 years ago
Interesting article: How software-defined radio could revolutionize wireless - Ars technica about new hardware for software defined radio (SDR). Per Vices is introducing the Phi PCIe software defined radio with quite interesting technical specifications: receive and transmit up to 200 MHz of bandwidth from 100 kHz to 4 GHz. It's still at a price ($745 - $849) where you don't simply buy one to find out later what you are going to do with it but according to the article Per Vices hopes for prices to drop once interest rises. This is one good point of this hardware: this means 'competition' in high-end gnuradio hardware.
2012-05-04 (#) 8 years ago
Awesome time lapse video by Shawn Reeder with images from Yosemite National Park:
Via Yosemite time lapse - Bad Astronomy And on the subject of time lapse, a NASA video of Aurora activity set to music:
Via The green fire of the aurora, seen from space - Bad Astronomy
2012-01-09 (#) 8 years ago
Interesting videos in wired: Short Films Expose Cities' Subterranean Spaces - Raw file - Wired. The articles links to several sites for urban explorers. The collection of photographs and videos at Silent UK Urban exploration and underground photography is awesome. I've spent quite some time this weekend browsing the stories and photographs. I would buy a poster of the fourth photograph in Northern City Line - Silent UK.
2011-08-11 (#) 8 years ago
I'm browsing offerings of DAB radio tuners. Not because a lot of radio services are available already, but I am interested in transmission technology and somebody has to be the first.
Currently I should be able to receive the public radio stations and a thematic station (Radio Top 2000) according to T-DAB netwerk van de Publieke Omroep. Frequencies have been allocated for the commercial radio stations and they will use DAB+ according to T-DAB+ netwerk van de publiek regionale, de landelijke en niet-landelijke commerciele omroepen
There is not a lot on offer. Nothing in the physical shops I see, some offerings in webshops. But technical details are really sparse in the webshops. A simple detail like 'DAB+ support' which is needed to be a bit future-proof, or which frequencies can be received. Licenses have been given out in the Netherlands for Band III VHF (174-240 MHz) and L band (1452-1492 MHz). There is a frequency allocation for local radio stations in the L-band, but it will take years before anything happens there. If I invest any money in this experiment, I want it to be future-proof.
I looked at the following:
Lots of information about DAB at Digital Audio Broadcasting - Wikipedia
- Acoustic Solutions SP111 DAB FM Tuner met RDS on marktplaats. Searching and searching for specs finds Acoustic Solutions SP 111 DAB / FM Tuner which lists the bands received, but I miss DAB+ support. Which seems to be the issue with most second-hand equipment.
- Sangean DAB radio draagbaar DPR 99 conrad which has DAB+ but only Band III support.
Ideal would be to have an interface for my laptop to receive DAB/DAB+ metadata and audio so I can scan services even at other locations, but there is nothing available at the moment. It seems the hardware developed for DAB receiving and monitoring hardware with Linux support has been discontinued.
Maybe I need to get involved with Hx2 radio and work to add a DAB transmitter for the next hacker conference in the Netherlands on an 'event' and/or 'experimental' license. There is a complete toolchain for generating DAB/DAB+ radio streams using Linux at Open digital radio. Funny: transmitting DAB+ with Linux is easier than receiving it. Update: Carefully browsing the manuals for all the products in the DAB-radio's category at conrad.nl shows me none of them supports L-band DAB. I predict L-band local radio (for which there is a frequency allotment, see L-band planning lokale omroep - radio-tv-nederland.nl) will have a very difficult start when most receivers can't receive them. Update 2011-08-15: Browsing some on-line sellers found the answer for a simple DAB/DAB+ and Band III /
L-Bandcapable DAB radio: The Pure One Mini. But in order to buy it with the right powerplug and the right firmware I had to shop via Germany. Simple solution ... Pure One Mini Tragbares Radio (DAB/DAB+/UKW-Tuner, 1,6 Watt RMS) schwarz - Amazon.de. Update: And now I discover there is a Dutch webshop which offers DAB+ radio's, including Pure models. For the next person looking: De radiowinkel. Update 2011-08-16: No the Pure One Mini is NOT L-band capable. I thought I checked thoroughly, but I guess I assumed something wrong. Update 2011-08-18: I asked Pure technical support about making the listings clearer for L-band support. The answer is that L-band support is being phased out, but radios sold to countries where L-band is in use will support it. Too bad there is no Pure Netherlands website (yet).
2011-08-10 (#) 8 years ago
Following the mp3 stream from Hx2 radio Hackerspaces signal from the Chaos communications congress and I suddenly notice something:$ host broadcast.sonologic.net broadcast.sonologic.net has address 18.104.22.168 broadcast.sonologic.net has IPv6 address 2001:888:2156::2:2:9All available via IPv6.
2011-08-05 (#) 8 years ago
From the latest blackhat conference: Flying Drone Can Crack Wi-Fi Networks, Snoop On Cell Phones - Andy Greenberg - The Firewall - Forbes magazine. A bit of a sensationalist article, but the flying platform makes a lot possible and the described attacks on wifi and GSM are not new.
DIY Spy Drone Sniffs Wi-Fi, Intercepts Phone Calls - Threat level - Wired is less sensationalist and a better description. And the latest is at the Rabbit-Hole - DIY UAVs for Cyber Warfare – Wireless Aerial Surveillance Platform where the makers of this plane tell about their progress.
I would not mind having a plane like this flying around with an airborne version of the wardriving box. More a 'warflying box'. There is some mention of running kismet on the W.A.S.P.
For as far as I can find 'serious' model plane flying in the Netherlands requires some training and having a view of the plane, which a drone like the one above doesn't have. If you ask model airplane clubs you have to be a member to be allowed to fly a model airplane at all, but opinions outside those clubs are that light planes are permitted (up to a certain height) with permission of the owner of the land where you take of and land.
Update 2011-08-06: An interesting related story: Murdoch accused of operating illegal US air force withThe Daily may be in breach of FAA regs regarding "operations of unmanned aircraft in the National Airspace System". As Forbes notes, the FAA requires wannabe drone pilots to have an airworthiness certificate for their "Unmanned Aircraft System" (UAS) and an "experimental certificate" which limits them to "research and development, marketing surveys, or crew training".Reading the referenced article FAA Looks Into News Corp's Daily Drone, Raising Questions About Who Gets To Fly Drones in The U.S. notes the huge difference between hobby and commercial use:Hobbyists are basically free to use drones as long as they keep them under 400 feet. At this point, civil and commercial use of drones is only allowed for research and development purposes. “Not for compensation or hire” says one FAA notice. To get government permission to use a drone (for non-hobby purposes), a private entity has to jump through hoops including getting an airworthiness certificate — meaning the thing is safe to fly — and an experimental certificate, approving the planned use of the unmanned system (uses are currently limited to research and development, marketing surveys, or crew training).So Murdoch papers can have wet dreams about using something like the W.A.S.P. for news reporting but will find heavy resistance.
2011-07-13 (#) 8 years ago
I did it.. I joined Google+. I actively avoided Facebook sofar and waited very long before joining Twitter but I got a reasonably early invite to Google+ and took it. The invite was from a German user so it took some changing settings before Google+ changed its userinterface language to english for me. Lots of people I know from certain places are on Google+ so there is something to read.
Google+ urls are somewhat unreadable: my page is at https://plus.google.com/114168607206195341184 so I added a redirect as http://gplus.idefix.net/.
2011-06-20 (#) 8 years ago⇐ Newer news items for tag shiny Older news items for tag shiny ⇒
Quite an interesting article this weekend When Secret Sats Spy on Us, Monsieur Legault Spies Back - Wired danger room. Thierry Legault, famous for a number of very great images of space phenomena is also busy tracking things in space which you're not supposed to know are there. Wired did a great article on the satellite-tracking community a few years ago: I Spy: Amateur satellite spotters can track everything government spymasters blast into orbit. Except the stealth bird codenamed Misty. Wired issue 14.02. The persistence of the spy satellite-tracking community combined with the telescope photography skills of Thierry Legault make for some very nice videos. I guess the owners of the spy satellites aren't too happy about these videos. They would be even more unhappy when the videos would be combined with the latest orbital data.