Wednesday, September 13, 2017

Computers, Phones and IoT Devices Have the BlueBorne Vulnerability

Source: Wired

"Once an attacker identifies vulnerable targets, the hack is quick (it can happen in about 10 seconds) and flexible. The impacted devices don't need to connect to anything, and the attack can even work when the Bluetooth on the victim device is already paired to something else."
"As with virtually all Bluetooth remote exploits, attackers would still need to be in range of the device (roughly 33 feet) to pull off a BlueBorne attack. But even with the extensive and productive BlueBorne patching that has already happened, there are still likely plenty of vulnerable devices in any populated area or building."

Source: Armis

"hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode."

Recommended actions:
1) Install Blueborne Detector on your Android devices.
2) Click "Tap to Check" and heed the warning if your Android device is vulnerable.
3) Set each of your Bluetooth devices to discoverable
4) Click "Check Devices Around Me"

Repeat steps 3 and 4 for every Bluetooth capable device.

Thursday, July 6, 2017

We’re a Cheap Battery Away From Phasing Out Fossil Fuels

Source: VICE Motherboard

Fossil fuels are the most widely used source of energy because of base load power, which means they provide energy at all times, night and day. In contrast, renewables have faced the 'intermittency' challenge—the sun doesn't always shine, and the wind doesn't always blow.
By 2050, these irresistible technological and market forces could make oil, gas and coal seem too costly and cumbersome, leading renewables to account for "100 percent of global energy demand."
... There will be an immediate impact within just three years.
"Solar storage is pitched to become so cheap it will make relying on natural gas peaker plants pointless…It will lead to rapid adoption of solar by businesses, local governments, and households—not because people are environmentally conscious, but simply because it will make more economic sense." --Vicente Lopez-Ibor Mayor, chairman of Lightsource—the biggest solar energy company in Europe

Wednesday, April 5, 2017


Source: Universe Today

Fast Radio Bursts (FRBs)

Molonglo Observatory Synthesis Telescope (MOST)

The BURST project will perform deep FRB searches with MOSTS’s wide field-of-view and nearly constant single pulse searches of the radio sky.

MOST provides a huge collecting area of about 18,000 square meters for a very large field of view, about 8 square degrees of the sky.

1,000 terabytes of data produced by MOST each day

They determined the three new FRBs really were from space because the events were well beyond the 10,000 km near-field limit of the telescope, which ruled out local (terrestrial) sources of interference as a possible origin.

Friday, January 6, 2017

​Have a verified Twitter account? WikiLeaks might track you

Source: CNET

"We are thinking of making an online database with all 'verified' twitter accounts & their family/job/financial/housing relationships," the WikiLeaks Task Force said on Twitter

Source: Twitter

"The blue verified badge  on Twitter lets people know that an account of public interest is authentic.

We approve account types maintained by users in music, acting, fashion, government, politics, religion, journalism, media, sports, business, and other key interest areas."

Friday, December 30, 2016

Still No Proof Or Compelling Evidence Of Russian Involvement In DNC Leaks

On Dec 29, 2016 the FBI and DHS released a Joint Analysis Report (JAR-16-20296) in which federal investigators claim that "technical indicators" link the Russian government to hacks of "a U.S. political party". For unexplained reasons the Democratic National Committee and Hillary Clinton campaign chairman John Podesta are not mentioned by name but it's clear that this report is intended as a reaction to Wikileaks' publishing emails that appear to be theirs.

The technical details in the report are limited and include a short list of tools and infrastructure that were allegedly used to “compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.”

The technical indicators are provided in Structured Threat Information Expression (STIX) and Coma Separated (CSV) format and could be used to search for attack patterns, malware, exploits and to defend networks or systems against cyber threats.  Unfortunately this report has been released too late to be of much use to security experts who potentially review thousands of port scans every minute.

The "technical indicators" include tools and techniques such as Powershell Backdoor and HAVEX which are commonly known to an average white hat hacker. The list of IP addresses and fully-qualified domain names are not very useful to identify the perpetrators of these cyber attacks because the compromised systems have probably been repaired or taken offline by now.

UPDATE on Jan 4, 2017 Micah Lee from The Intercept determined that since 367 of the 876 IP addresses in the Grizzly Steppe report "are actually just Tor exit nodes, this means that anyone in the world — not just Russian hackers — can use the internet from those IP addresses."

A "Fact Sheet" published by the White House says that the Joint Analysis Report "includes information on computers around the world that Russian intelligence services have co-opted without the knowledge of their owners in order to conduct their malicious activity in a way that makes it difficult to trace back to Russia." So even the Obama administration plainly admits that this is not proof of Russia's involvement.

During a presidential debate, Hillary Clinton claimed, "We have 17 intelligence agencies, civilian and military, who have all concluded that these espionage attacks, these cyberattacks, come from the highest levels of the Kremlin, and they are designed to influence our election." However, there is still no proof or compelling evidence provided to justify why these intelligence agencies believe that Russia was involved in the hacking of Democratic Party emails.

Furthermore,  the U.S. has a long history of influencing elections in other countries and their tactics frequently include cyber espionage and dissemination of propaganda. So the hypocrisy and double standard applied to Russia's alleged action is quite perplexing.

This Joint Analysis Report is too little too late and those responsible for its content should be ashamed of its tardiness and limited usefulness. Congress must investigate the gross negligence in handling this public disclosure. We the people of these Unites States deserve better explanation of the reasons behind our government's sanctions against Russia and the labeling of their diplomats as "persona non grata."

The Obama administration's actions are tantamount to a declaration of war on Russia. We deserve proof or at least compelling evidence of Russia's involvement in the DNC leaks. We also deserve a select committee investigation into the alleged authors of the leaked emails to determine if indeed the DNC rigged the Democratic Party primaries against Bernie Sanders and laundered money from the Democratic Party into the Clinton campaign instead of the down-ballot candidates who should have received funds.

UPDATE: On Jan 6, 2017 the Office of the Director of National Intelligence released a new report that states, "We did not make an assessment of the impact that Russian activities had on the outcome of the 2016 election. The US Intelligence Community is charged with monitoring and assessing the intentions, capabilities, and actions of foreign actors; it does not analyze US political processes or US public opinion."

Police seek Amazon Echo data in murder case

The Internet of Things (IoT) requires some risk to security and privacy in exchange for convenience.

Source: Engadget

An Amazon spokesperson gave Engadget the following statement on the matter:

"Amazon will not release customer information without a valid and binding legal demand properly served on us. Amazon objects to overbroad or otherwise inappropriate demands as a matter of course."

Echo only captures audio and streams it to the cloud when the device hears the wake word "Alexa."

Those clips, or "utterances" as the company calls them, are stored in the cloud until a customer deletes them either individually or all at once.

Tuesday, May 31, 2016

Understanding Antennas For The Non-Technical Ham

I haven't had time to review this book, but wanted to add it to my reading list.

Source: Hamuniverse

Understanding Antennas For The Non-Technical Ham
A Book By Jim Abercrombie, N4JA (SK)

Illustrations by Frank Wamsley, K4EFW
Edited by Judy Haynes, KC4NOR
Copyright July 2005. Second Edition

Edited for the web , N4UJW
Editors Note: This is a book length web article provided by the author FREE for all hams.
This is copyrighted material and is the property of and/or the article author and is to be used only for personal non-profit educational use.
You may download a pdf copy of it here....74 pages!

It is HUGE!
Bookmark this page for future reading or see more options for saving at bottom of page!
The original book contained 60 pages and illustrations.
They are all here!
Many of the antennas described here are in project form on this web site.

Here are some of the main topics in the book that you will learn more about.

Antenna systems, antennas, simple antenna formulas, basic antenna theory, feed-lines, matching units, how antennas work, polarization of electromagnetic waves, frequency, the ionosphere and modes of propagation, Ground-Wave Propagation, Direct Wave or Line of Sight Propagation, Propagation by Refraction,

Skywave Propagation, Greyline Propagation, Long Path Propagation, ham bands propagation, antenna myths, standing wave ratio, real antenna systems, Flat Top Dipole, Inverted-V Dipole, Dipole Shape Variations, Calculating the Length of a Half-Wave Resonant Dipole, The Decibel, Resistances and Reactance, Feeding Dipoles Efficiently,

Cause of Feed-Line Radiation, Baluns, Other types of dipoles, Shortened Loaded Dipole,

All Band Dipoles, Sloping Dipole, Folded Dipole, Double Bazooka Dipole, Broad-Banded Coax-Fed Fan Dipole, Two-Element Collinear Dipole, Four-Element Collinear Dipole, Coax-Fed Dipoles Operated on Odd Harmonic Frequencies, Three Half-wave Dipole, All Band Random Length Dipole, All Band Center-Fed Random Length Dipole,

A Two-Band Fan Dipole, Trapped Dipole for 75 and 40 Meters, The Extended Double Zepp Dipole, The G5RV Dipole, Off-Center Fed Dipoles, One wavelength Off-Center Fed Dipole, Carolina Windom, Windom Dipole (Fritzel Type), End-Fed Antennas, End-Fed Zepp, Alternate Method of Feeding an End-Fed Zepp, End-Fed Random Length Antenna, The Half-Sloper antenna, Vertical antennas, Ground Mounted Trapped Verticals, Disadvantages of Using Quarter-Wave Verticals, Long and Short Verticals,

Unscientific Observations of Verticals, The Inverted-L Vertical , Vertical Mobile Antennas, HF mobile antenna comparisons, One wave-length single loop antennas, Horizontally Oriented Loop, Vertically Oriented Single Loop for 40 and 80 Meters,

Single-Element Vertical Delta Loop, Directional beam antennas, Monoband Yagi, Three-Element Yagi, Trapped Multi-band Yagis, SteppIR Antenna, The Log-Periodic Array,

Directional Cubical Quad and Delta Loop Antennas, Single Band Cubical Quad, field-strength meter, The Quagi, Gain vs front to back radio, Feed lines, Antenna Safety,

Erecting Antennas on Masts, Tower Safety, Quarter Wave Matching Sections of 70-ohm Coax chart, and much more!