Computer Fraud and Abuse Defense Fund – What Happened to Weev
On November 20, 2012, controversial computer security researcher Andrew Auernheimer was convicted by a jury sitting in the Federal District Court for the District of New Jersey of one count of conspiracy to violate the Computer Fraud and Abuse Act (18 U.S.C. 1030(a)(2)(C)) and one count of identity theft (18 U.S. C. 1028(a)(7)). The verdict has startled and alarmed many legitimate computer security researchers and it should be of concern to anyone who uses the Internet on a regular basis.
The facts are simple. In June of 2010, Andrew Auernheimer’s co-defendant Daniel Spitler discovered that AT&T’s servers were publishing email addresses of iPad subscribers on the servers authentication log in page when queried with a SIM card number that matched an existing AT&T subscriber’s SIM card number. Upon discovering this, Spitler wrote an iterative script that queried AT&T’s publicly accessible iPad servers and copied over 120,000 email addresses. No password or any type of security was ever hacked, nor was any attempt ever made to hack any password or bypass any existing security measures. In essence, what Spitler’s script did is what countless computer users do every day when they type information into their web browser’s URL. Auernheimer immediately went to the press with this information, and emailed some of the people whose email addresses were obtained. Neither Auernheimer nor Spitler did anything else with the information. At trial there was no evidence of any harm to anyone except for the allegation that AT&T was embarrassed by its failure to protect what it claimed was confidential information.
On March 18, 2013, the Honorable Susan D. Wigenton sentenced Andrew Auernheimer to 41 months on each of the Indictment’s counts, to run concurrently, as well as three years of supervised release with special terms, and ordered him to pay restitution in the amount of $73,167.00. The basis for the restitution was that AT&T had to pay for a direct mailing to its customers roughly one week after it had emailed them about the so called breach. …more (http://cfaadefensefund NULL.com/)
May 16, 2013 No Comments
“The truth will heal us and heal our planet, heal our diseases, which result from the disharmony of our planet caused by the worst weapons in the history of mankind, which should not exist. For this we give our lives — for the truth about the terrible existence of these weapons.”
- Sr. Megan Rice
How the US Turned Three Pacifists into Violent Terrorists
15 May, 2013 – Common Dreams – by Fran Quigley
In just ten months, the United States managed to transform an 82 year-old Catholic nun and two pacifists from non-violent anti-nuclear peace protestors accused of misdemeanor trespassing into federal felons convicted of violent crimes of terrorism. Now in jail awaiting sentencing for their acts at an Oak Ridge, TN nuclear weapons production facility, their story should chill every person concerned about dissent in the US.
Here is how it happened.
In the early morning hours of Saturday June 28, 2012, long-time peace activists Sr. Megan Rice, 82, Greg Boertje-Obed, 57, and Michael Walli, 63, cut through the chain link fence surrounding the Oak Ridge Y-12 nuclear weapons production facility and trespassed onto the property. Y-12, called the Fort Knox of the nuclear weapons industry, stores hundreds of metric tons of highly enriched uranium and works on every single one of the thousands of nuclear weapons maintained by the U.S.
Describing themselves as the Transform Now Plowshares, the three came as non-violent protestors to symbolically disarm the weapons. They carried bibles, written statements, peace banners, spray paint, flower, candles, small baby bottles of blood, bread, hammers with biblical verses on them and wire cutters. Their intent was to follow the words of Isaiah 2:4: “They shall beat their swords into plowshares and their spears into pruning hooks; nation shall not lift up sword against nation, neither shall they learn war any more.”
Sr. Megan Rice has been a Catholic sister of the Society of the Holy Child Jesus for over sixty years. Greg Boertje-Obed, a married carpenter who has a college age daughter, is an Army veteran and lives at a Catholic Worker house in Duluth Minnesota. Michael Walli, a two-term Vietnam veteran turned peacemaker, lives at the Dorothy Day Catholic Worker house in Washington DC.
In the dark, the three activists cut through a boundary fence which had signs stating “No Trespassing.” The signs indicate that unauthorized entry, a misdemeanor, is punishable by up to 1 year in prison and a $100,000 fine.
No security arrived to confront them.
So the three climbed up a hill through heavy brush, crossed a road, and kept going until they saw the Highly Enriched Uranium Materials Facility (HEUMF) surrounded by three fences, lit up by blazing lights.
Still no security.
So they cut through the three fences, hung up their peace banners, and spray-painted peace slogans on the HEUMF. Still no security arrived. They began praying and sang songs like “Down by the Riverside” and “Peace is Flowing Like a River.”
When security finally arrived at about 4:30 am, the three surrendered peacefully, were arrested, and jailed.
The next Monday July 30, Rice, Boertje-Obed, and Walli were arraigned and charged with federal trespassing, a misdemeanor charge which carries a penalty of up to one year in jail. Frank Munger, an award-winning journalist with the Knoxville News Sentinel, was the first to publicly wonder, “If unarmed protesters dressed in dark clothing could reach the plant’s core during the cover of dark, it raised questions about the plant’s security against more menacing intruders.”
On Wednesday August 1, all nuclear operations at Y-12 were ordered to be put on hold in order for the plant to focus on security. The “security stand-down” was ordered by security contractor in charge of Y-12, B&W Y-12 (a joint venture of the Babcock and Wilcox Company and Bechtel National Inc.) and supported by the National Nuclear Security Administration. …more (https://www NULL.commondreams NULL.org/view/2013/05/15-7)
May 16, 2013 No Comments
May 16, 2013 No Comments
From the Pentagon to Whitehall, caving in to fear of terror has given data intrusion and press restriction the best tunes
The digital revolution? It’s all a gift to the power of the state
The Guardian – 14 May, 2013 – Simon Jenkins
On Monday the US justice department admitted it knew of every phone call made by 100 Associated Press reporters in April and May last year. It had seized the details, undisclosed, from the relevant phone companies. No reason was given. The department said it “valued the freedom of the press”, but – that phrase is always followed by but – it had to balance this against the public interest in security.
This week also saw the boot on the other foot. Reporters at Bloomberg had access to restricted data via market tracking terminals that the firm had sold to Wall Street banks. The banks realised that reporters could follow “searches and keystrokes in their mergers and acquisitions departments” as a result of Bloomberg’s “spy in the office”. The company hurriedly apologised.
Meanwhile, in Britain it was revealed that Jack Straw’s notorious 2000 Regulation of Investigatory Powers Act (Ripa) is about as secure as a telephone book. The biggest mobile company, EE (for Orange and T-Mobile) has been selling on its 27m mobile subscribers, including calls made, location of use, downloads and sites visited. Quick off the mark, Ipsos Mori offered to sell on the acquired material to the Metropolitan Police. EE protested that its data was “aggregated and anonymised to protect its customers”. Why then did the Met want to buy it? Everyone apologised.
You can scream that nothing online is secure until you are blue in the face. No one seems to believe it. Governments and corporations claim to respect data privacy, but they are babes in arms against nerds in attics, including those they employ. I am sure 2 million American officials thought their missives were safe from WikiLeaks. I am sure Whitehall ministers and officials who claimed ID-card records and NHS computers were “double-locked” may have thought so. They also thought the kit they bought from computer snake-oil sales staff would work.”
Data protection is a blazing contradiction in terms. True, the sheer quantity of the stuff can defy retrieval. As the American statistician Nate Silver says, the problem today is not information or transparency but “finding patterns in random noise”. Doubtless a killer algorithm will do it one day. But for all the boasts of computer geeks, the internet still cannot stop crime, cure cancer, predict earthquakes or resolve the greatest recession of modern times, which it in part caused.
This is all mildly reminiscent of the early days of atomic power. That too was the wild-eyed futuristic dream, of a world powered by nuclear fission, made secure by it and liberated by it. The atomic revolution now seems so much neophiliac dross, with built-in nightmares.
There is now a deluge of futurology about the data surge. The latest, and best, is from Google’s Eric Schmidt and Jared Cohen. In The New Digital Age they map the emerging dualism between real and virtual worlds. There is no dodging it. Those who try to avoid the virtual one will become, in the state’s eyes, “hidden people”, and will be digitised as such.
Without a digital personality and a “verifiable” past, we will not be trusted by bank managers, employers, border guards, even spouses. Our teenage years will haunt us, perhaps rendering millions unemployable. Such people are Orwell’s unpersons. When the internet, a sensational tool for living, crosses the frontier and becomes a life in itself, it risks destroying life. …more (http://www NULL.guardian NULL.co NULL.uk/commentisfree/2013/may/15/digital-revoltution-gift-power-state?)
May 16, 2013 No Comments
Rewire Your File-Transfer Routine
By Jack Donovan – 17 January, 2012
Shuffle data at twice the speed for one tenth the cost.
When moving terabytes of data from one computer to another, cut out the external drive—an expensive, sluggish middle man—by cutting up an Ethernet cable. Rearranging the small internal wires on one end allows near-instant data transfer between computers via their network cards. Here’s how to do it.
Time: 10 minutes – Cost: About $10
1) Cut off one end of an Ethernet cable, strip an inch of its outer sheath, and untwist the four pairs of colored wires inside.
2) Rearrange the wires in this order: green-striped/green, orange-striped/blue, blue-striped/orange, brown-striped/brown. (This links one computer’s outputs to the other computer’s inputs, and vice-versa.)
…illustrations and more (http://www NULL.popsci NULL.com/diy/article/2013-01/rewire-your-file-transfer-routine?s)
January 17, 2013 No Comments
What Is an Assange? Part 2
14 January, 2013 – Huffington Post – John Cusack
Two and a half weeks ago, I was pleased to help launch the Freedom of the Press Foundation, which aims to promote and help fund independent journalism organizations who aggressively report on issues that the U.S. government considers secret. You can read about it here (and see Freedom of the Press Foundation co-founder Daniel Ellsberg’s post here (http://www NULL.huffingtonpost NULL.com/daniel-ellsberg/secrecy-and-national-secu_b_2469058 NULL.html)).
Below is the second part of my conversation with Jonathan Turley and Kevin McCabe. You can read part one here (http://www NULL.huffingtonpost NULL.com/john-cusack/what-is-an-assange_b_2317824 NULL.html).
We left off speaking of Assange, publishers and journalists — about definitions and constitutional protections in the new digital world — and the grey areas that seem to be artificial and convenient for those in power — with the media’s largely passive response.
Jonathan Turley: The government is treating him as if he is a hacker. In fact, many people insist that it’s clear he’s not a hacker, that he somehow got this material from a third party.
John Cusack: — Like the New York Times got from Ellsberg -he was the third party
Jonathan Turley: Right. I think that if he’s a hacker, it’s difficult to treat him as a journalist. And it may be difficult to treat him as a whistleblower.
Kevin McCabe: Another element to it — my understanding of it; was that when he was negotiating with the Times, regarding what would be reported therefore verified and validated through the New York Times and the Washington Post — he lost any ability to get into the club, because of the way he engaged them.
Apparently when the Times set out parameters, Assange became difficult and insisted on a different approach, the Times was like no, that’s not how we do it and Assange lost any institutional support going forward, on an ongoing basis, to be considered a journalist because he wouldn’t play by those rules. So it’s just an interesting part of the dynamic, when you so eloquently put that — it’s sui generis, but of what? He’s neither fish nor fowl, but he’s serving, and filling a vacuum and serving the public by disclosing information and reporting information everyone should be aware of.
John Cusack: So Jon, on the same terrain — if you give me information and I decide I want to put it out on, say Twitter, — and it’ll reach a million plus people — am I in the same class as Assange — if somebody sends me a video of a crime, and I believe a crime has been committed? Do I have a right or moral obligation to expose the truth…And am I protected?
Jonathan Turley: Well, this is a longstanding conflict that we’ve had in the civil liberties community with Congress. In fact, I testified before the House Intelligence Committee years ago on the move by a number of members to criminalize the publication of classified information, whether you’re a journalist or anyone else. So they were including all the journalists, as well as non-journalists.
And this had the support of the Republicans and Democrats. Members of Congress tend not to like whistleblowers, or journalists for that matter, because they get them off-script and when they are most vulnerable. They make this less controllable. I have previously testified before both Democratic and Republican members considering a disastrous move toward criminalizing the publication of classified information regardless of how you receive it.
The question of your releasing the same information on Twitter is interesting. Given your status, you actually reach more people than virtually all of the daily newspapers. So you’re reaching over a million-plus people with a single tweet that most newspapers would dearly love to replicate.
John Cusack: We both blog and write on line — as we are now –
Jonathan Turley: Then, we get into this serious question of why you’re not a journalist but Chris Matthews is. I mean, you actually are likely to reach 100 times more people than MSNBC would on any given evening because of your status.
John Cusack: One of Arianna’s big ideas was to create what she calls citizen journalists to participate and have your voices heard, — and ordinary people could be alongside — right up there with Hillary Clinton. And blog, and she’ll aggregate news. She’s created this kind of revolution in her own way. But it has to do with connectivity and aggregation and the idea of a citizen journalist. So is Assange basically a citizen publisher? It gets back to the same question — what are the rights of people to expose the truth? Where are their protections?
Jonathan Turley: I think that’s right. And this is where I think the media has decided to go conspicuously silent. Because there’s no question that Assange’s release of this information resembles the type of act for which journalists have received Pulitzers. He released information that came to him, and information that had not been released in any other forum. That information dealt directly with government deception and potential crimes.
So it walked and quacked just like a journalistic story. But they’re not willing to call him a journalist.
John Cusack: And so therefore, he has no protections?
Jonathan Turley: Well, that’s how the US government is dealing with it. They have rather transparently opted to deal with him as a suspected hacker. And they’re going to pursue him on that ground. If they get their hands on him, I expect they’re going to do everything they can to keep him in jail. They need to hoist the wretch, they need to make it clear that you won’t get away with this if you embarrass the government and release this type of information. Both the Bush and Obama Administration have previously threatened journalists. They are not going to hold back on Assange if they have already threatened to prosecute reporters. …more (http://www NULL.huffingtonpost NULL.com/john-cusack/what-is-an-assange-part-2_b_2402236 NULL.html)
January 17, 2013 No Comments
January 17, 2013 No Comments
Farewell to Aaron Swartz, an Extraordinary Hacker and Activist
12 January, 2013 – By Peter Eckersley – Electronic Freedom Foundation
Yesterday Aaron Swartz, a close friend and collaborator of ours, committed suicide. This is a tragic end to a brief and extraordinary life.
Aaron did more than almost anyone to make the Internet a thriving ecosystem for open knowledge, and to keep it that way. His contributions were numerous, and some of them were indispensable. When we asked him in late 2010 for help in stopping COICA, the predecessor to the SOPA and PIPA Internet blacklist bills, he founded an organization called Demand Progress, which mobilized over a million online activists and proved to be an invaluable ally in winning that campaign.
Other projects Aaron worked on included the RSS specifications, web.py, tor2web, the Open Library, and the Chrome port of HTTPS Everywhere. Aaron helped launch the Creative Commons. He was a former co-founder at Reddit, and a member of the team that made the site successful. His blog was often a delight.
Aaron’s eloquent brilliance was mixed with a complicated introversion. He communicated on his own schedule and needed a lot of space to himself, which frustrated some of his collaborators. He was fascinated by the social world around him, but often found it torturous to deal with.
For a long time, Aaron was more comfortable reading books than talking to humans (he once told me something like, “even talking to very smart people is hard, but if I just sit down and read their books, I get their most considered and insightful thoughts condensed in a beautiful and efficient form. I can learn from books faster than I can from talking to the authors.”). His passion for the written word, for open knowledge, and his flair for self-promotion, sometimes produced spectacular results, even before the events that proved to be his undoing.
In 2011, Aaron used the MIT campus network to download millions of journal articles from the JSTOR database, allegedly changing his laptop’s IP and MAC addresses when necessary to get around blocks put in place by JSTOR and MIT and sneaking into a closet to get a faster connection to the MIT network. For this purported crime, Aaron was facing criminal charges with penalties up to thirty-five years in prison, most seriously for “unauthorized access” to computers under the Computer Fraud and Abuse Act. …more (https://www NULL.eff NULL.org/deeplinks/2013/01/farewell-aaron-swartz)
January 17, 2013 No Comments
In the Wake of Aaron Swartz’s Death, Let’s Fix Draconian Computer Crime Law
14 January, 2013 – By Marcia Hofmann – Electronic Freedom Foundation
Outpourings of grief and calls for change continue to flood the Internet after the suicide of Aaron Swartz, only 26 years old.
Aaron was one of our community’s best and brightest, and he acheived great things in his short life. He was a coder, a political activist, an entrepreneur, a contributor to major technological developments (like RSS), and an all-around Internet freedom rock star. As Wired noted, the world will miss out on decades of magnificent things Aaron would have accomplished had his time not been cut short.
Over the past two years, Aaron was forced to devote much of his energy and resources to fighting a relentless and unjust felony prosecution brought by Justice Department attorneys in Massachusetts. His alleged crimes stemmed from using MIT’s computer network to download millions of academic articles from the online archive JSTOR, allegedly without “authorization.” For that, he faced 13 felony counts of hacking and wire fraud (pdf), which carried the possibility of decades in prison and crippling fines. His case would have gone to trial in April.
The government should never have thrown the book at Aaron for accessing MIT’s network and downloading scholarly research. However, some extremely problematic elements of the law made it possible. We can trace some of those issues to the U.S. criminal justice system as an institution, and I suspect others will write about that in the coming days. But Aaron’s tragedy also shines a spotlight on a couple profound flaws of the Computer Fraud and Abuse Act in particular, and gives us an opportunity to think about how to address them.
Problem 1: Hacking laws are too broad, and too vague
Among other things, the CFAA makes it illegal to gain access to protected computers “without authorization” or in a manner that “exceeds authorized access.” Unfortunately, the law doesn’t clearly explain what a lack of “authorization” actually means. Creative prosecutors have taken advantage of this confusion to craft criminal charges that aren’t really about hacking a computer but instead target other behavior the prosecutors don’t like.
An obvious problem with this argument is that it would mean anyone who runs afoul of a web site’s fine print is a criminal â€” and many of us intentionally or unintentionally violate those agreements every day. Prosecutors wouldn’t bother filing criminal charges against most of us, of course. But if they wanted to, they would have the leeway to do it under the government’s theory.
But other criminal defendants haven’t been so lucky.
In November, a jury convicted Andrew Auernheimer after someone else wrote a script to collect thousands of iPad owners’ email addresses â€” which AT&T had failed to secure. Auernheimer’s involvement in the “hack” appears to have been primarily telling journalists about the vulnerability after the fact (pdf). He plans to appeal the conviction.
It’s possible that Auernheimer’s unsympathetic reputation as an Internet troll played a role in the government’s decision to indict him. And the CFAA’s vague and overbroad language gave the jury an excuse to punish someone who didn’t carry out anything remotely resembling a serious computer intrusion, even though that’s the concern that caused Congress to criminalize “unauthorized” access in the first place.
Let’s be clear: being an unsympathetic person is not a computer crime.
Most of the government’s charges against Aaron alleged “unauthorized” access. We’ll never know exactly how prosecutors planned to argue at trial that Aaron’s access to JSTOR and the MIT network was “unauthorized.” However, the allegations in the indictment suggest the case was based at least in part on the idea that Aaron violated JSTOR and MIT’s network rules and user agreements. Under Drew and more recent precedent(pdf), that theory of criminal liability is dubious at best. …more (https://www NULL.eff NULL.org/deeplinks/2013/01/aaron-swartz-fix-draconian-computer-crime-law)
January 17, 2013 No Comments
Swartz’s death shines light on strict hacking laws
By: Nestor E. Arellano – 17 January, 2013 – Computer World
Digital rights group, Electronic Frontier Foundation, says it’s time to fix the United States’ ‘draconian’computer crime law
The suicide last week of extremely talented programmer Aaron Swartz has brought about an outpouring sorrow in many quarters of the technology industry but recently it has also brought about calls for change to the United States’ laws around hacking and computer crime.
“The government should have never thrown the book at Aaron for accessing MIT’s network and downloading scholarly research,” said Marcia Hoffman, senior staff attorney for the Electronic Frontier Foundation in a blogpost Wednesday on the digital rights group’s Web site. “However, some extreme problematic elements of the law made it possible.
Swartz, one of the creators of the first version of RSS (Rich Site Summary) format for delivery Web content, a co-founder of social news site Reddit and co-founder of the anti-Internet censorship group Demand Progress, hanged himself last Friday in his Brooklyn, New York apartment. At that time, the 26-year-old programmer was facing 13 counts of felony related to his alleged 2011 illegal downloading through the Massachusetts Institute of Technology network of nearly five million academic journals from JSTOR, a non-profit publisher of journals. The charges carried a maximum sentence of 35 years in jail and up to US$1 in fines.
MIT to probe its role in Reddit founder’s suicide
“…Aaron’s tragedy shines a spotlight on a couple of profound flaws of the Computer Fraud and Abuse Act in particular, and gives us an opportunity to think about how to address them,” wrote Hoffman.
It is critical that these flaws are addressed, she said, because individuals who “intentionally or unintentionally” violate them could face severe penalties.
The U.S. laws around computer fraud and abuse are too broad and too vague, according to the EFF lawyer.
Hoffman said the CFAA makes it illegal to gain access to protected computers without authorization or in a manner which “exceeds authorized access.” Unfortunately, she said, the law doesn’t clearly state what constitutes lack of authorization.
The prosecutor’s argument, Hoffman said would mean that anyone who runs afoul of a site’s fine print could be considered as having broken the law.
(http://www NULL.itworldcanada NULL.com/news/swartzs-death-shines-light-on-strict-hacking-laws/146612)
January 17, 2013 No Comments
TwitLonger swedenvsassange (@swedenvsassange)
10 January, 2013 – Twitlonger
You were quoted in an article published in an anti-Wikileaks British paper penned by fellow Oxford PPE student @AlexJ_Rankine
You state in your facebook event that “Assange is refusing to face the Swedish legal system with respect to rape allegations”. This is false. You show a complete disregard for the presumption of innocence or the fair trial rights of a persecuted journalist, a recognised political refugee.
It is admitted in the United Kingdom Supreme Court by the prosecution that neither of the women intended to file a complaint against Mr. Assange. Neither woman has ever alleged rape. In the official police documentation, Woman B states that she was “railroaded” by police and others around her to make a statement, which she refused to sign. There are not two allegations of rape, but one allegation by the Swedish state of what Swedish law calls ‘minor rape’. According to an analysis by a professor of English law at Oxford University, Prof. Andrew Ashworth, the conduct described in the allegations would not be criminal in the United Kingdom.
Swedish lawyers who have read the police report (which clearly those supporting your campaign have not), argue that even in Sweden the conduct alleged does not constitute a crime. A fact that senior prosecutor Eva Finne relied on when she dropped the ‘rape’ investigation, before it was resurrected by a prosecutor who is close to the women’s politician-lawyer, Borgstrom.
Mr. Assange has be granted asylum because he is the subject of a political persecution. The Ecuadorian Government has found that his fears of persecution and torture are justified and that Sweden will not protect him from persecution by the United States. Amnesty International has made a statement calling on Sweden to guarantee that Mr. Assange will not be sent to a political persecution designed to silence whistleblowing and undermining freedom of the press in the West.
Mr. Assange has asked to give his side of the story for two years. It is the Swedish prosecutor who is fleeing Mr. Assange’s cooperation. The prosecutor refuses to abide by standard Swedish and European mechanisms which mandate the prosecutor to interview Mr. Assange in London. The prosecutor refuses to give any reasonable explanation for this refusal. The prosecutor is under a legal obligation to advance the investigation. Misinformed misinformation campaigns such as yours are not benefiting the two women. Even Swedish lawyers and media commentators are critical of the Swedish prosecutor’s untenable position, which is harming Sweden’s international reputation.
The presumption of innocence is a basic principle of law. The abuse of process involved in this case is flagrant. Your campaign propagates smears and is imbued by ignorance to further the political aims of powerful actors. It is specially interesting that you are taking this position in connection with a speech at a whistleblower event.
Please correct the falsehoods you have publicised. Propagating these with the knowledge that they are false is malicious and defamatory. More importantly, your position reinforces the political persecution of Mr. Assange and WikiLeaks, and actively undermines the important work that whistleblowers do to protect your civil liberties. Julian Assange has taken risks and you have an obligation to, at the very least, not mislead your audience in relation to the facts of this spurious case.
Of course your campaign is not about women’s rights, or about the rights of these two women (whose interests you clearly have not seriously considered). This is not even about Assange.
If I were you I would be thinking about how this will look when this investigation is dropped. I would take a long hard look at the arguments you are making against free speech in connection with a whistleblowing event. And I would think twice about actively undermining the presumption of innocence and the right to due process. That’s what your future employers will see when they search your names on the internet. But perhaps the type of employers you will be applying to will like your politics.
http://justice4assange.com (http://justice4assange NULL.com)
@tomrutland @santaevita @izzywestbury
January 17, 2013 No Comments
January 17, 2013 No Comments
New satellite launch vehicle to carry CubeSat Swarm in 2013
24 December, 2012 – SouthGate Amateur Radio News
2013 should see the first flight of a new satellite launch vehicle, Super Strypi, also known as SPARK (Space-borne Payload Assist Rocket – Kauai)
It has been developed by Sandia National Laboratories, the University of Hawaii and Aerojet and is based on an enlarged version of Sandia’s Strypi sounding rocket.
The all solid fueled vehicle uses a GEM-46 (LEO-46) motor of Delta-2H heritage as first stage. A Orbus-7S (LEO-7) motor acts as second stage and a Star-30BP (Spark-30) or an Orbus-1 (LEO-1) as third stage. It is spin and fin stabilized during fist stage burn and has attitude control for the two upper stages. The low cost rocket will be launched from a rail launcher and can put a payload of 250 kg into a 400 km sun-synchronous orbit.
The Super Strypi vehicle will be launched from a rail-launcher at Barking Sands, Kauai (Pacific Missile Range Facility) towards the end of 2013.
Super Strypi will be carrying a swarm of CubeSats, the Edison Demonstration of Smallsat Networks (EDSN). The CubeSats are an unusual size of 10 by 10 by 15 cm (1.5U) and weigh 2 kg. The EDSN swarm will demonstrate distributed, multipoint space weather measurement and are expected to operate for at least 60 days and have an orbit life-time of up to 4 years. …more (http://www NULL.southgatearc NULL.org/news/december2012/new_satellite_launch_vehicle_to_carry_cubesat_swarm_in_2013 NULL.htm# NULL.UPGtE8WnLzE)
January 12, 2013 No Comments
Cheapo Software Defined Radio – Getting Started With RTL-SDR
@aggregator – thepowerbase.com – temporaryartist.wordpress.com
The last few months have seen an explosion of activity in the field of Software Defined Radio (SDR), after it was discovered that cheap USB TV tuners based on the Realtek RTL2832U chip could be dialed into frequencies well outside their advertised ranges. What was designed and sold as a simple device for watching TV on your computer could be turned into a radio capable of receiving anything between 64 MHz to 1700 MHz with open source software.
Now, anyone with about $20 USD to spare can tune into everything from police and fire transmissions to the International Space Station.
Before you can start exploring the airwaves, you’ll need a USB tuner supported by RTL-SDR, the software used to unlock the full potential of the Realtek RTL2832U chip. For best results, you’ll also want to get one that uses the Elonics E4000 tuner, as that will give you the broadest frequency response. The RTL-SDR project maintains a short compatibility list which can help narrow things down a bit:
VID PID tuner device name
0x0bda 0×2832 all of them Generic RTL2832U (e.g. hama nano)
0x0bda 0×2838 E4000 ezcap USB 2.0 DVB-T/DAB/FM dongle
0x0ccd 0x00a9 FC0012 Terratec Cinergy T Stick Black (rev 1)
0x0ccd 0x00b3 FC0013 Terratec NOXON DAB/DAB+ USB dongle (rev 1)
0x0ccd 0x00d3 E4000 Terratec Cinergy T Stick RC (Rev.3)
0x0ccd 0x00e0 E4000 Terratec NOXON DAB/DAB+ USB dongle (rev 2)
0x185b 0×0620 E4000 Compro Videomate U620F
0x185b 0×0650 E4000 Compro Videomate U650F
0x1f4d 0xb803 FC0012 GTek T803
0x1f4d 0xc803 FC0012 Lifeview LV5TDeluxe
0x1b80 0xd3a4 FC0013 Twintech UT-40
0x1d19 0×1101 FC2580 Dexatek DK DVB-T Dongle (Logilink VG0002A)
0x1d19 0×1102 ? Dexatek DK DVB-T Dongle (MSI DigiVox? mini II V3.0)
0x1d19 0×1103 FC2580 Dexatek Technology Ltd. DK 5217 DVB-T Dongle
0×0458 0x707f ? Genius TVGo DVB-T03 USB dongle (Ver. B)
0x1b80 0xd393 FC0012 GIGABYTE GT-U7300
0x1b80 0xd394 ? DIKOM USB-DVBT HD
0x1b80 0xd395 FC0012 Peak 102569AGPK
0x1b80 0xd39d FC0012 SVEON STV20 DVB-T USB & FM
Tuner Frequency range
Elonics E4000 52 – 2200 MHz with a gap from 1100 MHz to 1250 MHz (varies)
Rafael Micro R820T 24 – 1766 MHz
Fitipower FC0013 22 – 1100 MHz (FC0013B/C, FC0013G has a separate L-band input, which is unconnected on most sticks)
Fitipower FC0012 22 – 948.6 MHz
FCI FC2580 146 – 308 MHz and 438 – 924 MHz (gap in between)
Read more on SDR (http://www NULL.thepowerbase NULL.com/2012/06/getting-started-with-rtl-sdr/)
…source (http://temporaryartist NULL.wordpress NULL.com/2012/12/29/cheapo-software-defined-radio-getting-started-with-rtl-sdr/)
January 12, 2013 No Comments
Top Risk Factors of the Un-Monitored Firewall
By Steven Vigeant – 6 January, 2013 – Business-2-Community
Top Risk Factors of the Un Monitored Firewall image monitor your firewallHackers work day and night to attack systems, and small businesses increasingly top the list of targets. As a small business owner, you have private client information and fewer resources to ensure data protection. Hackers look at this as an opportunity. One of the best protections against an unauthorized intrusion is your firewall. Let’s take a deeper look at your company’s first line of defense.
What is a Firewall?
A firewall stands as a barrier between your computers and the internet. Depending on the severity of your settings, it can block out virtually all traffic or only block known threats. Essentially, when you visit a website, the site and your computer talk back and forth. The firewall looks for data packets that you did not request and denies them access. Unfortunately, a firewall does not always recognize a potential threat. For example, if you use a site regularly, you will want to grant access to the site. If a hacker embeds malicious code onto the site, without the owner’s knowledge, your next visit could come with a virus attached.
For more IT Security Buzzwords: Check out last week’s translations for the small business owner.
Preventing Firewall Mistakes
Firewalls, both hardware and software versions, only work as well as they are programmed to work. When users change threat definitions to allow access to sites, they reduce the level of security. A good system allows for some security compromises to enable users to browse relatively unrestricted; however, the trade-off is that these systems require more monitoring. A firewall acts automatically, but without oversight it becomes out-of-date and easier to work around.
Every time an employee needs to access a specific site, there is a risk that the firewall will disable or block certain functions. Then, firewall definitions in regards to that site need adjustment. Over time, you can have thousands of exceptions to general security functions. Each exception represents a potential threat, but they are necessary for productivity. Monitoring reduces these risks by allowing your security professionals to take preventative steps, identifying trouble spots and enables police reporting.
Before downloading a virus onto your network, most hackers send out fishing expeditions. They check to see if a particular port is activated, giving them backdoor access. Monitoring your firewall logs shows these attempted exploits and allows you to take pro-active steps to prevent them. Instead of waiting until after your network is hacked and cleaning up the resulting mess, you can prevent the hack from taking place. Closing down the ports hackers are attempting to access is one of many different security options when an attempted intrusion is detected.
Even with monitoring, your computer network will eventually fall victim to one hack or another. If you do not monitor your firewall, you will have no idea when or where the virus or intrusion came from. Monitoring allows you to find out exactly when the issue occurred, so you can trace it back and find the vulnerability the hack used to gain access. This allows you to prevent repeat issues in the future.
Many hackers release viruses to cause mischief, but many also have criminal purposes. If your network is hacked for criminal purposes, you need to be able to provide as much information as possible to the enforcement agency investigating the intrusion. This will allow them to gain much greater traction in an investigation, and ultimately, bring more cyber terrorists to justice.
You probably have an alarm system for your business, but it does not do a lot of good unless there is someone monitoring to alert the police. The same is true for your firewall. It does a lot of the heavy lifting for security, but without monitoring you might as well lock the door and leave all the windows open.
…source (http://www NULL.business2community NULL.com/tech-gadgets/top-risk-factors-of-the-un-monitored-firewall-0367940)
January 12, 2013 No Comments
A Multi-purpose Portable Setup
by Ivo Klinkert, PA1IVO – 2012-2013
SLIDE PRESENTATION (http://ivok NULL.home NULL.xs4all NULL.nl/pa1ivo/doc/AmsatColloquium2011 NULL.pdf)
The setup ready for action on a campsite in Scotland. At the AMSAT-UK Colloquium 2011, I gave a short presentation about my experiences with my portable setup, called A Multipurpose Portable Setup. Based on this presentation, Andreas Bilsing DL2LUX invited me to write an article about this subject for the AMSAT-DL Journal. The article, Eine tragbare Mehrzweck-Satellitenstation, was translated from English to German by Andreas and appeared in the March 2012 issue of the AMSAT-DL Journal. The English version of the article appeared later in two issues of OSCAR NEWS of AMSAT-UK (July and September 2012).
The original English text can be read below (not all pictures appeared in the article in OSCAR NEWS). Please be informed that the status of the satellites mentioned in the article is not updated since the article was written! If you are interested in working satellites as a portable station, Google can give you more webpages about this subject, for example a similar setup of KB5WIA.
A Multi-purpose Portable Setup – Working low-earth orbit satellites from any place
Only a relatively simple setup is necessary to use amateur radio low-earth orbit satellites. The design of a portable setup is described here, together with some experiences and rationale.
The current fleet of operational AMSAT satellites consists solely of low-earth orbit (LEO) satellites. Although high-earth orbit (HEO) satellites like AO-40 (and the upcoming P3E) delivers worldwide communication capabilities and interesting technical challenges, using LEO satellites is also interesting and fun, and has its own challenges to deal with.
This article describes a portable satellite setup for working LEO voice satellites. The setup was developed and optimized over several years, and the article mentions some rationale behind design decisions and practical experiences with the setup. Excellent results were achieved in terms of making QSOs via LEO satellites as a portable station.
The setup described here has the following main features:
Truly portable. It is quick and easy to take in and out of an apartment, or a small tent on a campsite during holidays. The setup can also be carried entirely by one person, including the batteries to power it.
Full-duplex capabilities. In the context of this article, full-duplex means the possibility of transmitting on one band, and receiving on the other band at the same time. When working QRP, listening to your own downlink is advantageous and increases chance of making successful QSOs.
Satellite modes V/U and U/V are available, which are the main modes for the current fleet of LEO voice satellites. Also S-band reception capabilities are available (mode V/S, mode U/S also possible), after some small conversions in the setup.
Multi-mode capabilities. Both FM and SSB can be used, including exotic combinations of modes (DSB up/ FM down used by AO-51, or the planned FM up/DSB down by Triton-2).
With no less than four new low-earth orbiting satellites scheduled to be launched in late 2012 (FUNcube, UKube, Delfi N3xt, and Triton-2, at the time of writing), three carrying a U/V linear transponder and one a U/V and a U/S repeater, the portable setup described here could be very interesting for many radio amateurs. …more (http://ivok NULL.home NULL.xs4all NULL.nl/pa1ivo/portable_satellite_setup NULL.html)
January 12, 2013 No Comments
Parser updates and new delayed packet filtering feature
31 December, 2012 – http://blog.aprs.fi
I’ve updated the APRS device identification module Ham::APRS::DeviceID to include detections for new APRS devices (KissOZ, anyfrog, unknown mic-e, SARTrack, Altus Metrum, SM2APRS, aprsc, NW Digital Radio UDR56K). The new version, 1.06, has been published on CPAN for your open source pleasure, and installed on aprs.fi.
I also published version 1.19 of the Ham::APRS::FAP packet parser used by aprs.fi. It only includes a small fix to the binary value telemetry bit order in Base91 comment telemetry. But at least that keeps me in the regular 1 release per year schedule! Just in time!
The larger feature in the aprs.fi upgrade is that it now utilizes the sequence number present in Base91 comment telemetry for detecting delayed packets.
APRS packets notably lack any sort of sequence number that could be used to detect old duplicate packets arriving late, or to place them in the correct order. Newer Byonics trackers can transmit telemetry (battery voltage, temperature, etc) within position packets using the new Base91 comment telemetry format, which is quite tightly packed, and also includes a sequence number in a range of 0…8280. This makes it really easy to detect a packet having an older sequence number than the previously received packet. There are already a lot of those devices in use.
aprs.fi has now been updated to make use of the sequence number when available. It’s more reliable and faster than the old methods of detecting too high speed or duplicate packet content. Due to the amount of broken igates and digipeaters delaying packets for minutes or tens of minutes (often due to a buggy Kantronics KPC3+ in KISS mode) it can make sense for a tracker to transmit the sequence number alone without any actual telemetry! Packets dropped due to this will be shown with this error message:
Delayed or out-of-order packet (sequence number)
In practice it will usually be shown together with the error message about dropped telemetry, since the telemetry content is also ignored due to the duplicate sequence number:
2012-12-31 00:24:51 EET: N0CALL-9>SY0UWY,WIDE1-1,WIDE2*,qAR,N00CALL:`pOnqgd>/’”KQ}MT-RTG|!D&=’a|!w;a!|3
[Duplicate telemetry sequence, Delayed or out-of-order packet (sequence number)]
You can use the Decoded mode of the raw packets view to see sequence numbers and telemetry values decoded from each packet.
…source (http://blog NULL.aprs NULL.fi/2012/12/parser-updates-and-new-delayed-packet NULL.html)
January 12, 2013 No Comments
Uploading Frames to APRS with Python
John Malsbury – 3 January, 2013
An upcoming project will be using a redundant communication system that is co-located with an APRS beacon (but won’t communicate in the ham band). In case of APRS beacon failure, we would like to upload position packets from this redundant communications path. I put together a simple tutorial on how to log-in to an APRS server and upload a packet.
Upload APRS Frames to APRS-IS (http://www NULL.jmalsbury NULL.com/techwiki/index NULL.php?title=Uploading_ARPS_Frames_to_APRS-IS_-_Part_I) – Part I – Learn how to get access to APRS-IS
Uploading APRS Frames to APRS-IS – Part II – Python application that uploads frames…
…source (http://www NULL.jmalsbury NULL.com/uploading-frames-to-aprs-with-python/)
January 12, 2013 No Comments
What is Hacktivism? A short history of Anonymous, Lulzsec and the Arab Spring
By Martyn Casserly – PC Advisor – 3 December, 12
We examine so-called ‘Hacktivism’, taking in Anonymous, Wikileaks and Lulzsec, and their impact on major world events. (See also: Hacktivism gets attention, but not much long-term change.)
Over the past two years around 90 people – some as young as 16 years old – have been arrested in the US, UK, and mainland Europe for online criminal activities relating to the hacktivist group Anonymous. The charges they face range from disabling commercial websites, stealing sensitive information such as credit card details, to attacking government security sites. In March 2012 one of the leaders of the spin-off group called Lulzsec was arrested and has subsequently become an informant for the FBI in exchange for leniency, which has led to more arrests. It marks a significant moment in the fight against these new breed of activists, but the story behind them isn’t a simple case of young, technologically skilled kids with malicious intent. Some of them have a cause.
Ever since the dawn of computers there have been hackers. In fact many of the advances in technology and the internet have come from people who wanted to take something apart to understand how it worked, or use technology in ways that its creators never intended. Google, Apple, Microsoft, and Facebook all were birthed in environments such as these, with Steve Jobs and Steve Wozniak famous for selling little blue boxes that hacked the US telephone system and allowed their customers to make long distance calls for free.
There are also those who use these skills to make people’s life a misery, steal information, or generally wreak havoc. These are the reason we have firewalls, virus scanners and emails from Nigerian princes who want to give you a million pounds if you’ll just hand over your bank details. Somewhere between these extremes is another class of hacker, whose motives are considered noble by some and criminal by others. They are the Hacktivists, a modern equivalent of the political protesters, who instead of picketing embassies or wielding banners outside corporate headquarters conduct their campaigns over the internet with arguably more profound results. See also: Hacktivism trumps money as motivation for Denial of Service Attacks.
What is Hacktivism?
The origins of the term Hacktivist comes from, depending which reports you believe, a hacker collective amusingly named The Cult of the Dead Cow. The name joined the words Hacker and Activist together in 1996 to describe people who had a political agenda for their digital infiltrations. Of course the name didn’t create the movements involved – there were recorded politically motivated hacks as early as 1989 – but it did give a distinction from those who attacked websites for personal gain. The causes that the early Hacktivists pursued included nuclear disarmament, a mass attack on the Indonesian government to highlight the conditions in East Timor, a series of hacks championing those murdered in the Acteal Massacre in Mexico by a paramilitary death squad, plus the Guy Fawkes day attack on the UK Government in 1994 protesting about the proposed Criminal Justice Bill, which disabled the Government’s official website for a full week.
The common weapon of the hacktivist is a Distributed Denial of Service (DDoS) attack, which bombards the target servers with thousands of page requests (similar to masses of people sitting on the site and continually pressing refresh). This then overloads and crashes the site. The idea is likened to a virtual sit-in and seen as disruptive rather than destructive because the target sites aren’t damaged, no information is stolen, but the volume of requests causes them to shut down, thus preventing anyone from gaining access.
…more (http://www NULL.scoop NULL.it/t/anonymous-hackers)
January 12, 2013 No Comments
January 12, 2013 No Comments