2011-11-22

Fox Hunting on 403MHz

Its in the news again! Thieves are jamming the car security remotes, so you can't lock your car/garage/gate.

The jamming of the car remotes by the 'bad guys' is going on all the time in South Africa. Mostly at busy shopping malls. These car thieves are well organised with medium power jamming devices.  Which should be easily detected by Doppler or RDF receivers. It doesn't matter how 'secure' the code is, these 'jammers' work by blocking the receiver from getting the code to lock the car doors.

Having had some personal experience in this field as well as the previous ZS6WL, it would be simple to make a 403MHz receiver.

How about 'we' as a club, make a project that serves the community by detecting these thieves. As Radio Amateurs 'we' could use our experience in 'Fox Hunting' and assist the police and security firms in catching these crooks.

In the late 80's an 'incident' was recounted to me by Anti-Car-Rob. They were in the process of developing a local car security system. All the previous versions were of Italian manufacture and imported illegally as they did not comply with local radio regulations.

They also had a minimal set of codes. Most cases this was less than 4096 possibilities. A 'person' who had an axe to grind went around all the car installers with a small coded transmitter. The transmitter went through all the codes in about 3 minutes, opening all the car's doors on the lot! He went round all of them in a matter of a few days. I believe he convinced most to sign with his 'new and improved' security system.

Later on these 8 bit coded systems were recorded and 'played back' to the systems. Thus opening the cars, gates and garages.

While (my long time friend) John Whitfield was working at M.S.I., he introduced both a 'frequency hopping' system and a pseudo random sequence code. Also he produced and got approval from ICASA for a super-heterodyne design working on 403MHz. This had better 'selectivity' thereby could be immune to 'blocking' than any of the previous receivers. Most current (approved) systems work on this frequency at low power (milliwatts).

On the 'down side' of this, it appears that most insurance companies will repudiate claims of theft. Especially when the car has not been broken into.
So make sure that your car/garage/gate is locked when you press your remote.

I got a very quick response from my friend...

I always walk 10 metres away and relock the car. Always have done and always will. The Crooks will think they got you first time so be surprised at the second lock and not catch you.

Best regards
Peter Greaves

The remote transmitter in your hand is very low power (milliWatts) and the interfering transmitter may be medium power (Watts). The chances of you getting your signal through, 10 metres further away from the receiver are not in your favour!

Rather make sure when you are close to the car.

2011-11-02

I have a complain!

Today on 702 the new consumer protection agency said that their email address is complains@... Which had me in fits of laughter. Why in this day and age does anyone not have the most accurate and descriptive email address. Surely its not because of the old (last century) 8 character limit on filenames?

They should 'complain' to their ISP and have them make an alias for complaints@...
Or can the system not do that? Is it a limitation of the Windows system?
Yesterday I received an email from 'stockcontrolsupervisor' at ... I could actually spell the email address but the potential for erroneously addressed emails is great. This apparently cuts down the amount of spam. But does it? The spammers are very adept at 'snarfing' email addresses from web pages and emails. 

So where and to whom do I complain?

2011-08-03

Oh the Irony!

For the past two years I have been advocating SSD's (Solid State Disk drives) for use as boot disks in Windows PC's. After purchasing a Samsung drive for a small fortune, I had a vastly improved performance Windows XP machine. And vowed to get another for the No.2 PC. The supplier ceased to supply Samsung. I went looking for alternatives. The neatest solution was the "Momentus" hybrid disk drive from Seagate. This replaced the broken disk in Edith's laptop and made her day as it really was a better speed of booting and loading programs.

I took great delight in switching on No.1 and No.2 PC's at the same time and seeing the three times speed improvement in booting. Finally I replaced the boot disk drive in No.2 with a Kingston disk drive. It happens to be a second faster than No.1 PC.

Now for the irony bit. During the conversion phase of No.2, I moved all the personal stuff from that PC to the Ubuntu PC. I started using the Ubuntu PC for all the Amateur Radio stuff, searching for Electronics and BASIC programming. Also moved the personal email account there as well. So the other day, I switched on No.1 PC and a fraction of a second later, the Ubuntu PC. The Ubuntu PC, which has an ordinary spinning disk drive inside, beat the Windows PC by three seconds!

So if you really want a performance PC, use Linux NOT Windows. You don't need a solid state disk drive either.

Darn!

2011-06-08

Yes! Wireless Radio Waves can lower your IQ!

Just look at all the people driving whilst using a cell phone. Whilst driving to and from my client in Florida, I saw several cars being driven by idiots, like this one on the right.

Do Cellphones Cause Brain Cancer? Was a recent article in the New York Times.
Now there are all sorts of articles claiming all sorts of virtually unprovable effects. I know of physical effects that my colleagues felt and exhibited in my lab. But that was at a much much higher level of power. Now some other organizations are arguing for a complete disregard of the WHO report. Far too many have a vested interest in this for a realistic finding.

Still I do feel by the evidence witnessed by me, that the cell phone inside a vehicle is a dangerous distraction to the driver. Maybe the R.F. is interfering with brain function.

2011-05-24

Warnings of extreme cold

As is usual here in SA, the Winter is to arrive on Thursday. Reports of an approaching cold front have been broadcast on TV and Radio (702). Gauteng is to expect temperatures of 3C with a lot of wind. Where I am at the top of a slope of a hill, the wind chill can take the temperature down to -20C. So what you ask?

Well in times gone by, the hard disks in PC's have failed to start spinning. They are rated at a low temperature of 15C working. And may fail to start at lower temperatures. So do I...

The cat (Tequila) has found the sun after searching through the blinds. The sun comes over the hill at 8:45 and shines in the window. The cat does not wait for the sun to shine on the window but tries each blind in turn to see if the sun is there.

Some years ago I had several calls from clients that had PC's that would not boot up on the cold mornings. I advised them to leave the PC's switched on and this would keep the inside temperature above 15C with self heating. Nowadays with the radio warning of increased power consumption and our under-capacity power stations, the PC's had better not be left on. Most do not have UPS' and will fail miserably when the power goes off in the middle of the night.

This is also the time of year that the fans fail. Or, as one lady put it, "it sounds like a dying teddy bear!" Usually the fans are clogged by the dust and fluff, sucked up by the PC air intake. When the temperature goes down the parts shrink and start to wobble in the bushes (not bearings). Vibrations of some extreme nature are sounded from the PC's boxes, sometimes the paper thin case resonates in sympathy. Giving rise to "ghost in the machine" stories.

It is time to clean both the system fans and the cpu fans. Blow them free of dust and fluff. In my case - cat fur. I bought a three quarter horsepower blower last century. I use that to blow the dust out of clients PC's. One of my clients takes the PC's up to the local garage and uses the air pump to blow it clean. Yes, you will need to open the box, make sure it is the top side of the motherboard. Don't bang the components with the pump nozzle. You can easily damage them.

When you can suffer some "down time", get someone to check the thermal coating between the heat sink fan assembly and the processor. Replace it after a few years of operation. It will keep the cpu heat down and make the PC last longer.

2011-04-28

Windows Updates Fail!

[Error 0x8DDD0018 - services not the same as M$ would like...]
So today is "Patch Tuesday", er Friday (here in SA), But the update on my 'veteran' XP PC failed. When I tried to run the update manually, the web page checking the services failed with error 0x8DDD0018. It gives instructions on how to check on the services and to reset them to working condition. Funny thing, mine were all 'started' and running. But they were not necessarily automatic or manual. The 'checker' failed with the above error code. So I checked on the web pages given on the 'help' page... nothing found. It does not 'know' the error code and fails to tell you anything about 'your problem'...

Warning this XP update/patch is 250MB and will take you closer to the 'cap' on your Internet connection. As it is halfway through the month it might take you over your 'cap'. Don't put the update/patch off. These are mostly security patches and are mandatory for the ongoing security of your PC. Unless you are going to change to Ubuntu or disconnect from the Internet right now, pay (or lobby) your isp for more Megabytes!

This weekend has been informative, instructive and wet!

A relatively peaceful weekend from Friday but with another 'incident' in Windows XP.
My friend Roy, came to me with a "Scareware Virus" called MS Removal Tool. (My first thought was - what a good idea - maybe Ubuntu...) But no, this turned into a 'major mission' to remove and recover control of his PC. It would not allow him to use any of the standard anti-virus measures nor run any diagnostic software like 'Task Manager'.

How did he get it?
Very simple, he went to a web site that had been 'click-jacked' and without him knowing, the 'virus' was installed on his PC. He was using Internet Explorer and he has Microsoft's Security Essentials. Unfortunately both are side-tracked and bypassed by this rogue software.

This is the same category of malware that disrupted another client's PC recently. There it was called 'AntiVir'. It would not allow the user to remove the virus without going into 'safe mode'. This is not the easiest of methods for an inexperienced user who may have never seen 'Press F8 to enter safe mode.'

[Since this time, a few more of my clients have come to me to 'remove' the 'ScareWare' worms and virri.]


Live Security Platinum is the latest 'scareware' worm to hit here in SA [2012]
This worm/trojan puts up a 'front' and shows you a scanning of your hard disk with a load of virii etc. While loading its 'hooks' into your system to 'own' (pwn) it.

Live Security Platinum – ThreatExpert submission [2012-07]
http://www.threatexpert.com/report.aspx?md5=e5602b9c25da9a41cf555b8e35af9742

This submission is dated 11th July 2012. So it is quite 'up to date'.

New and Improved Worms and Virii are being made right now.
'Scareware' does more 'damage' to user confidence and productivity than previous types. It also carries with it a 'payload' of worms and virii. Most are detectable but some are variations that have not yet been 'captured' in the wild.

[The 'variation on a theme' seems to be prevalent as well. Meaning that old and workable virusii can be 'recycled' into new and even more upsetting variations. In the 'process' they are disguised so that the latest anti-virus products do not recognise them.]


Data Recovery” - what a joke!

This was to be expected. As more and more 'black hats' discover the usefulness of 'bots' and worms that really can do 'damage', they are getting to release these on the day of your anti-virus 'update'. Otherwise known as 'zero day exploits'.

DO UPDATE YOUR Microsoft Security Essentials when you can.
DO NOT HAVE TWO OR MORE Anti-Virus products installed on your PC. The Microsoft Security Essentials, formerly called 'Windows Defender' works. Don't accept Mcafee as part of ADOBE's update. You will have to de-install it later if you do.

Sent at 8:45 AM on Thursday
John: I see my M$ sec essentials has gone from 411 to 601 in a few days. Your contribution I am sure has helped 'update' it...
This is on my 'no 2' PC not my 'no 1' PC. This one was updated yesterday. And this morning. Thanks Nick!
Now you should start using FireFox and or Chrome. Also update Internet Exploder to the latest possible version.
Sent at 9:20 AM on Thursday
John: I think you should run 'Windows Update' as well now. The IE8 version has just 're-installed' the activeX control for IE8 and Windows Update. I think that the previous version has been 'compromised'.

Yes! Install it.

[Alternate 'Data Recovery' removal instructions:
1. First of all, you need to unhide the files and folders. Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter cmd and hit Enter or click OK.

At the command prompt, enter attrib -h /s /d and hit Enter. Now, you should see all your files and folders. NOTE: you may have to repeat this step because the malware may hide your files again. --- This does work. But does not remove all the 'hooks'. ]


'By the rivers of Babylon' – To 'remove' Babylon...
Open a dos shell, or execute "RegEdit" through the launch menu.
Find the key: [taint there! WinXP]
HKEY_LOCAL_MACHINE
...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\About URLs\Tabs
and change the entry that points to babylon search, to the one you desire (be it google, bing, or whatever)."

Alternate removal: run
C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe

Microsoft Security Advisory (2719615)
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Published: Tuesday, June 12, 2012
http://technet.microsoft.com/en-us/security/advisory/2719615

[reply to email from client]
Hi Steven
Thank you for the nice compliments. I have never liked making money from the misery of others. The sort of virii and worms we have today have a far more devastating impact on the running of a business than last century.
Your 'incident' has actually taught me a new way of counteracting the 'scareware'. I can now boot the infested PC with a memory stick or CD. Then copy the Microsoft 'search and destroy' software to the hard disk. Also at that time, I can remove any obvious infestation. Files that are placed as a 'payload' by the scareware. Then rebooting into safe mode with networking, I run the msert program. The program can be deleted now as it only works for 10 days. Requiring an update at that time. If you had let it alone, the PC would have 'announced' itself on the Internet as a PC that can be 'owned' and run as part of the extensive networks of 'Bots'. These 'Botnets' are used to deny access to major servers and spam vast numbers of recipients. All operating without your knowledge and participation.
Little wonder that 'organised crime' have found this more profitable than drugs!
All of the best for the future.
Best regards
John Brock


--------------------------------------------------------------------------

Tools of the trade
Various web sites offer software 'tools' that will 'get rid of' this malware. One is:
Spyware doctor
http://www.spyware-experts.com/ms-removal-tool/
another is:
MalwareBytes Anti-malware
http://www.malwarebytes.org/

There are a lot of others, too numerous to go into here. Some give manual methods for removal. But state that this will be limited in effectiveness as the 'virus' changes the file names and registry entries on a daily basis. This also confirms the conclusion that I had come to, that no single anti-malware product is going to be 100% effective.

What did I use?
I used the latest 'Hiren's Boot CD' to boot his PC into mini Windows XP. [You can download it from: http://www.hirensbootcd.org/download/] Then I ran three of the malware removal tools on that CD. All ran and said that they had completed a 'removal' or 'clean'. We then rebooted into his Windows XP and ran 'msert'.

That is Microsoft's Safety Scanner tool that you can download from:
http://www.microsoft.com/security/scanner/en-za/default.aspx

This 'tool' runs, scans and removes with an up to date malware table. It 'expires' in 10 days so that you will always need to download the latest version.

When we rebooted his PC into Windows, we found no trace of the virus. Thank goodness.