Home Blog

Ah… Now I get it!

0
Bild

I’m no big fan of Halloween or the Swedish “All-helgona”. Visiting the graves of my relatives is a very fine tradition, but the whole “trick-or-treat”-thing is not only ignored by me, but I will simply not open the door.

Goodbye, mr Randi

0
The light shines a little less bright today as mr Randi is now a near and dear memory. But what a good one.

Today, the news that James Randi, magician and skeptic-extraordinaire has passed away at the age of 92 reached me.

I have had the good fortune to sit in the audience in one of his shows. And an amazing show it was, but one where your fascination was not the most important thing. It was the lessons he taught about our inabilities to correctly observe the world even if we consider ourselves smart and attentive. He started many of his shows/lectures but talking into a handheld microphone which he later demonstrated was an electric beard trimmer. He then removed his glasses and put his fingers through them, making us understand they never had any lenses in them to begin with. This simple trick shows us how much of our world that is just beliefs rather than facts. If we cannot even see the most obvious things clearly, how can we truly understand this world? Randi meant that is what makes a magician’s magic possible. It is not “magic” per see, it is just a trick that a good magician will never explain.

But Randi’s career as a magician never actually was the most important part of his life as I see it. it was his skills as a skeptic and a driving force in teaching people to doubt and refuse any charlatan’s lies and deceit. He accepted any magic trick and magician if they did not try to fool people magic was for real and to try to sell products based on false promises. He promised one million dollars to anyone who could demonstrate that “junk science” like homeopathy, chakras, auras and esp works. If you for an example wanted to prove that dowsing could find water, all you had to do is demonstrate that ability in front of a couple judges. All it took was a success rate above random chance and the money would be yours. The prize was retired many years later… unclaimed… No big surprise there.

As a self-appointed skeptic and science-buff, mr Randi has meant a lot to me. And as I am sad to see him go, I am happy for the time he spread enlightment to the world.

An older article I wrote in 2010 – “The always amazing mr Randi”

He’s looking sternly at you charlatans!

I live in Sweden, so I will have to travel far to meet people like James Randi. That is unless they decide to go on a tour and visit Sweden, which fortunately mr Randi did. So on the 15th of June 2010 I went to see his appearance at the Oskar Klein Auditorium which is located on the premises of the Royal Institute of Technology here in Stockholm.

The event was organized by the Swedish skeptics organisation “Vetenskap och Folkbildning”. As one of their members I must say I’m impressed that they got the legendary illusionist and paranormal debunker to come to Stockholm. I wasn’t as impressed on how they handled the logistics. Many of us barely got a ticket and they had to cram the auditorium to allow everyone entrance. But it’s a minor complaint.

What makes a magician “magic” ? I won’t go into detail, because it would be spoiling all the fun. But he used the first five minutes of the show to demonstrate that things are not what they appear to be using among other things a beard-trimmer. The lesson is simple: we all assume things about what we see. A good illusionist knows exactly what his or her audience believe that they see and use this against them.

Randi is not here just to entertain. He started the “James Randi Educational Foundation” which goal “(…) is to promote critical thinking by reaching out to the public and media with reliable information about paranormal and supernatural ideas so widespread in our society today”. They’re most famous for their $1 million challenge. The first person who can prove their psychic or paranormal abilities, gets the money. So far none has ever succeeded. It’s not from the lack of trying if you believe mr Randi.

He went on to demonstrate why there can be a serious problems with things like new age medicine or psychic healing and their unverifiable claims. A number of years ago he managed to uncover a scam where a TV-evangelist used a wireless earpiece and some social trickery to fool people that he could heal them through god. Off course he charged them for it and most likely caused people not to seek proper medical attention. This could prove to be fatal.

The most valuable lessons from the whole event was when Randi reminded us that “people that get fooled are not stupid, just uninformed” and when he explained why you cannot prove a negative. “I can prove you that I’m not a giraffe but I cannot prove that there are no unicorns in Africa”.

His explanations were blended with video clips from his career and sprinkled with many interesting anecdotes. Everything was delivered with a subtle, bit dry and very charming humor that made me laugh and think at the same time. He also made a lot of fun of people carrying the title Doctor of Philosophy. I may read too much into it, but I can’t help suspecting that he feels a that he is in a weak position since he himself lacks an academic title. Projection, anyone?

Still he was both funny and dead serious at the same time and kept my undivided attention for the whole two hours the show lasted. I walked home feeling that I’ve encountered a true showman with the heart in the right place and the brains to match.

James Randi gets a full score from me (5/5). If he comes to your town or your country, I highly recommend that you get a ticket!

The shelter – a study in where pure desperation leads us

0
There is a weird man in a costume in the neighborhood jammering on about some weird “zone”, talking to himself none the less. Somebody, call the police!

“What you are about to watch is a nightmare. It is not meant to be prophetic, it need not happen, it’s the fervent and urgent prayer of all men of good will that it never shall happen. But in this place, in this moment, it does happen. This is the Twilight Zone.”

— intro to the Twilight zone episode “The shelter”.

The opening scene shows a party in a quiet suburbia, where the neighbors celebrate the good doctor’s birthday. Everyone is happy and comments on his newly built fallout shelter with a bit of scorn. The situation is fine until the son of the house asks him to switch the radio to the Conelrad station. In the early 60s, this is probably the last thing you wanted to hear. Had things gone wrong in the Cuban missile crisis, Conelrad may have been the last radio station in the US. The idea was that in the (un?) likely event of a Soviet nuclear strike, all TV- and radio stations would stop transmitting with only Conelrad remaining on the air on two frequencies to guide the population. Back then, many nuclear war heads would have been delivered by bomb plane, and navigation was much easier with local radio stations in the cities acting as unwitting beacons. The bombers could use radio location to find the cities, so that is why the US government made the stations switch off as soon as the early warning systems went off. Back to the episode.

The radio states that something bad is flying in the air and the nation is in “yellow alert”. People are asked to find shelter as soon as possible. So far so good. The doctor has his fallout shelter ready for him, his wife, and his son. They soon proceed there.

This is the beginning of the episode “the shelter” from Rod Serling’s legendary TV-series “The Twilight zone”. It was on the air between 1959-1964 and dealt with many serious societal issues by presenting them as science fiction, but I’ve talked about that previously on this blog. The neighbors get more and more desperate and some of them try to force themselves into the doctor’s shelter. This poses a big problem for the doctor as the supplies are few and room is limited. They were made to accommodate his family only and the situation turns truly hostile as everyone starts yelling and screaming and then it finally becomes physical. When a battering ram comes into play, the whole situation finally goes into full chaos. In the end, the crisis is averted, and the United States goes back to normal leaving a very uneasy situation as the doctor now knows what his neighbors are capable to. And they now know it too.

“No moral, no message, no prophetic tract, just a simple statement of fact: for civilization to survive, the human race has to remain civilized. Tonight’s very small exercise in logic from the Twilight Zone.”

— the closing words from the episode.

Me in Belgian TV. Not really OPSEC, and everyone in that country knows it too now…

A few years ago, the message from the Swedish government was that every household need to have supplies and capabilities to be habitable for three days without any support from them. Today it is actually one week. How many have prepared for this?

A very common comment you get is when you talk about this simple but necessary preparation is “Good, then we can come to your house”.

NO! You cannot. If you doubt this, please see the whole episode on YouTube… Now. I’ll wait!

The episode on YouTube

Good, do you see the problem with not being prepared now? I don’t think its everyone for themselves. The wise prepper involves everyone in the neighborhood if they can. This makes for a good network that will aid each other in a crisis and bond in good times.

TTFN, Erik Zalitis

When are when gonna get out of this mess?

0
This is the party one really CAN wait to get started…

I thought about writing a letter to myself a time now. I got the idea from “God morgon världen” a radio show on Swedish Radio program 1 that runs on Sunday mornings. They had one of their journalists talk to her younger self about the Corona in letter form.

My version is a letter sent back in time to January 2020, before this situation got out of hand. Back then, the worst fear was that that China situation would go bad. So here goes, a letter sent from October 2020 to January 2020. For the sake of this argument: time travel mail exists and my younger self will believe it’s not a prank letter.

Disclaimer: please understand I’m not trying to choose sides here, just showing a little dark humour. You must be able to laugh at everything in order to cope with this madness. Also I’m mostly making fun of the discussion that goes on in media and over the Internet. Please don’t sue! Or be mad! It’s the Corona that’s nasty, not me!

Dear Erik

Worried about IT-security issues, the pending American election or that recession we’ve been talking about since 2017 that never materialized? I have good news: you don’t have to worry anymore. I promise you 20/20 will be remembered best in hind-sight and fondly enjoyed in the far, far future. Here’s some predictions that are 100% accurate due to them already having happened:

Corona – more than just a mediocre beer

What little Coronas made of? Death and nothing nice…

Meet Corona, a friendly and very communicatible (is that a word, or did I make it up?) thing that really gets around. Never lets you down and has no biases against anyone. Clearly a being of this centuary.

You might want to stay clear of this virus, cause, it’s not really something that improves your life.

Enjoy your bunker
So you’re an introvert? Nice! Gotcha covered. In february, the evil child of the Spanish flu will be making its world tour. You don’t get a T-shirt with the dates and the locations, but a reason to stay at home all day long without missing a second of the thrills of pointless meetings, impossible dead lines, irrate customers, broken servers, hacked networks and the results of inefficient planning.

The work day can start, go on an end at any time of the day. Get ready to have little concept the passage of time while looking into screen with messages blinking red and the loudspeaker blaring out bleeps for every ad, important message, expired time warning, social media-message, Teams-notification and e-mail that immediatly calls for your attention. The signal is like Forrest Gump’s chocolate box, you never know what you’ll get. “Ohh… Just a new ad for a set of speakers … or sneakers. Or some Rock’n’roll album”. Next time “Ahhhh. It’s 10 pm and a customer representative reports a possible security incident. Meeeting in 15 minutes… Yikes”.

Stocked up on food, water, toilet paper (Yes, that’s a thing!), power banks, alternative internet connections, spare parts and medication? Good… I’m just saying… No, don’t worry, it’s just a precaution.

It’s not paranoia when it’s out there to get you
Corona is totally fine to have. 80% of all that get it will have little problems going through the ordeal. The other 20% that get problems might end up in the ICU or die. No worries, you’re probably in the 80% group. Wanna bet? Doesn’t matter, because you will be betting your life on it no matter what.

You have to be careful not to meet people or touch any surfaces (the floor counts!) without sanitizing. You might think it’s better to inject the hand sanitizer in your blood stream as a profylactic. But that’s mad, no one would seriously suggest that off course. Unless they’re crazy, sarcastic or maybe both. Which leads me into…

Donald Trump and Joe Biden. I can’t say who is really who, can you?

The US election…
Enjoy the weirdest election year known to our times. It goes like this: a red and a blue team wants the US voters to vote for them. But there is a catch: each voter is only allowed to vote for ONE of them. Otherwise it would be no challenge I guess. And getting people to vote for the correct color means shouting, scaring, tweeting, scandalizing and otherwise causing quite a ruckus. Media, Internet outfits, radio stations and some nice intelligence agencies are all eager to help out. Otherwise the system won’t work they tell me. And maybe that is so. You can choose between two men that each is in the phase of their respective lives that they should be sitting in a rocking chair and tell boring stories to their grand children.

People will be protesting pretty much everything for any reasons. There may also be some bad stuff happening, you have been warned.

On November the 5th we will know who gets to use the white house as their retirement home.

… And stop laughing, in 2022 we get our own election year… It’s going to be interesting…

Coughing… Damn! it’s corona. Time to write your will…
Here’s a chart for your convenience:

Symptom…What you think it is…
Coughing once.Corona.
A celebrity just died.Corona.
A bit of a fever.Corona.
Unable to breathe.Corona.
Broken leg.Corona.
The computer will not start.The GRU just hacked it.
Corona come lately, sweet as can be….

What symptons are there really that may indicate Corona: pretty much everything.
What parts of your body is affected by Corona: every part except the toe nails (pending further scientific research and may be revised later)

Sweden has a system, no one knows how and if it works and that includes us
All countries will lock down, except Sweden. And that’s because we’re smart, crazy, incompetent, have a system, have no clue, want to be the odd one out, the arrow hit that suggestion on the board, just a random choice, very well made scientific study, the witch doctor said “oh .. ah… oh.. a walla-balla-bing-bong”, Tegnell read his party book, the party said so and then drinks were served, cosmic fluke or just a very brilliant decision.

The outcome of Sweden’s and all other countries efforts will be evaluated at a later date, then we’ll assign blame and maybe more blame to all of the countries involved. And all are going to get some… So there… I don’t think anyone is going to be happy with anything that happens right now anywhere in the world. So there are really no winners.

And Sweden, the Corona virus control group of the world, may be either the smartest … or dumbest country in the world when it comes to handling this situation. I really want to know which it is.

BOHICA – Bend over, here it comes again
The summer will see us running out on the fields with reckless abandon. Someone with knowledge comments that the virus does not seem to be seasonal, but no one is listening. Beer (even the Corona brand) flows, bath time – big time!, going on vacation to places with no available hospitals nearby and just chilling in pubs where some tables are kept empty unless someone really wants to sit there.

And then fall arrives and the everything comes back, people, cars and … my Corona… It has quite the knack for it.

Look it’s getting better, man! Big sigh of relief…

Let’s party like it’s 1929...
The recession was waiting for a reason to pop out of its lair, and Corona just gave it one. So here it is, and some industries will be weathering the storm fine whereas other come into a crisis with no end in sight.

Restaurants and other services with high physical attendence will be hit the hardest, but slowly rebound. Whatever the outcome is of this, it’s like to be a watershed moment for all of us.

Hackers at large
Everyone is hacking everything. But that’s nothing new. It seems like hackers are just retargetting us poor fellas that have to sit at home and work. An advice, there’s something called Zoom. Never mind what it is, just don’t use it for anything, ok?

So to sum it up:
The best one can be in 2020 is a stoic, accepting the storm as it arrives, doing whatever he or she can do and then going with whatever comes out of it without regrets.

Yeah, and stocking up on toilet paper, that is always a good thing…

A signage of the times?

0

How will we remember this time in the future? All eras have their respective stereotypes when it comes to political views, music, hair styles and such things. So what about the new roaring 20s?

The jury is still out on this question, but let me guess that I can at least come up with a suggestion.

Consider this sign in an elevator of a Swedish higher education school:

The text above the arrows read “Keep a recommended distance”. The text below the elevator read “Thanks for your consideration”.

This is a pretty standard sign during Corona-times, as an elevator is a cramped area that can be a problem when it comes to not spreading the virus.

A few days later, some students had amended the sign with this:

The text on the top reads “Warning for gender stereotyping” and the text below reads “Should the men go upwards and the women downwards? Should men be at the front and women have to stand back? Where did LGBTQP and norm-criticism go?”.

This may actually be one thing we remember in the future as it clearly is, well, just a sign(-age) of our time.

Hacking it up!

0
Five screens trained on the problem of getting all the flags. A snapshop in the middle of the process that lead us to 17th place among 152 competing teams.

I was working from home one Friday as Dnov sent me an email asking for my participation in the FOI 20/20 CTF. I thought about it, and decided to join him and his crack (haha!) squad of elite haxx0rs. A “capture the flag” or CTF is simply a hacking competition, where you work as a team to solve tasks that require you to “hack” something. It does not necessary mean rooting a system, but you have to subvert a service, program or system in order to prove your skills in breaking its security.

FOI – Totalförsvarets forskningsinstitut

FOI is a Swedish governmental organisation tasked with aiding the Swedish armed defence with technology research and support things like disarmamernt and international security. In a typical Swedish manner, doing a lot of things that looks like they’re contradictionary. 🙂

On the 26th of September the 20/20 CTF started with a bang as the virtual doors flung open at 2 pm and we worked until 10 pm that same evening.

Meet 0xDEADBEEF

In the Atrocity archives, supernatural hacker/sysadmin/government agent Bob Howard destroys the content of a hard drive by writing the hexdecimal string DEADBEEF over and over again on all the tracks. This is as far as I know an old hacker joke and it fits. 0xDEADBEEF is also the name of our team. We’re at this moment five guys employed in the IT-security field. So let’s talk about us.

Really not sure who is who here among us, but it amuses me to try to figure it out.

dnov
The principal leader of the team. He’s like that white haired old man who likes a good plan coming together in the A-team TV-series. With a broad knowledge in infosecurity, it-security and working with our Swedish defense effort, he is really the right man for the job.

CrashOverride
Ok, so we’re doing A-team references here? This is clearly Mr T. The heavy hitter, who managed to come up with solutions to many different tasks and worked all over the board mostly with cryptograhy and reversing. He has an academic background “in something cyber”. That’s his story, and I’m sticking with it. So there…

StripeCAT
Enough references to the old TV-series, as I really don’t remember it all that well. But StripeCAT is my nome de guerre and I’m a good supporting role, with plenty of experience with web hacking and network (in)security. Know my way around Kali Linux and Burp suite and Metasploit.

FX
Working in the same company as dnov and specializing in webhacking and security analysis.

Zaffner
General profile with experience in a number of different areas.

A journal of sorts… Because, why not?

Saturday, the 26 th of September

10:00 woke up late and spoke to my mother over the phone. Got on an uber to a music store in Järfälla to get my new mixing console. An errant soldering job had swiftly killed the one I had.

12:00 connected the new mixing console and patched the compressor into it. This made it possible to get sound to my rig. A good thing when you’re in a teleconference. Due to Corona, I decided not to go to the location where the others were gathering.

Look at it! It has blinkly lights!!!

Made contact with the team on Slack. CrashOverride offered to come and get me into the building, until I pointed out I’m working from my home.

Thunderbirds are go!

12:30 updated Kali Linux on my main PC as a virtual machine. Also had a real laptop with Kali on standby. “All events random favor the prepared” and all that.

13:00 ordered some food and made sure everything worked. At this time everyone in the team had arrived, with FX being the last to enter the room.

14:00 dnov was frantically smashing the “F5”-key to reload the CTF website, waiting for it to start. And sure enough, the challenges appeared on time.

We all started working. Zaffner took the first flag. Just a few seconds before I did. This is not a good thing, as it meant he missed that I was working on it. But dnov soon started coordinating the challenges so we would not work on the same ones unless cooperating. Doing so would otherwise make us lose valuable time.

The first tasks went down easy.

Who is a good doggie? You are! Yes, you are! (kinda used that joke already in this blog)

I fed a total list of all existing breeds of dogs into Burp suite and solved a very weird flag involving trying to figure out how to get a web app to give out information to some kind of dog collar that a normal user should not be able to get. It worked and I got a good laugh out of it.

The others worked through cryptography and reversing. One task spewed out simple aritmetic questions that had to be solved with in a few seconds. CrashOverride and Dnov quickly wrote a script to do so and the flag was caught.

FX and Zaffner looked into the arguably convoluted mess of a Javascript that held the secret to one of the flags.

I wrote a script to recursivly open encrypted ziparchives, but CrashOverride mistakenly solved it before I was done. Having lost two flags because of the others failed to note that I was on them made me a bit irritated, so I told them in no unclear terms to start keeping track on who is doing what. No more incidents after that, but my outburst probably rendered this choice of emoji representing me on Twitter from dnov:

Hacking while annoyed.. That’s not illegal, is it?

… I find that highly amusing… 🙂

The afternoon went on and we steadily captured the flags. At one point we were ranked as number nine among the 152 competing teams and this energized us even further.

The 90s rave culture never really died. Aciiiiiiiid! I’m still trying to figure out if Dnov choose the emojis on random or if he is trying to tell us something.

The remaining tasks were harder and it was pretty clear that the tasks on the right side of the list were the really hard ones. Each flag gives the team and the member points. The points decrease over time as others solve them as well. So looking on tasks that still have the full score you will see that no one else have been able to solve them either…

What the Sam Hill am I looking at here? Does this require a degree in SCADA protocol analysis? Yes, actually, I does! Who said things should be easy?

In the evening we ordered pizza and the team took a short break.

9 pm The night was looming and we were frantically trying to solve the last challenges. The final minutes had me and CrashOverride fighting with a very obfuscated javascript mess to find a flag.

10 pm All is over and the final score is in. We did quite well, but no prizes coming our way. 17th place, that rocks!

The aftermath

CrashOverride’s graph over all teams. Not bad, not bad at all. But next time, lets go for gold!

So… Did we do it well? Heck, yeah! But we also had fun and learnt a lot along the way. Much obliged.

The good

  • A brand new team that had no problems getting into high gear.
  • We hit the ground running.
  • No real technical problems on our side. Except maybe with Zoom.

The bad

  • Took a while before we started helping each other on a regular basis. At first everyone was focused on their tasks.

The ugly

  • The test environment provided by FOI was a bit flaky at times.

The links

CrashOverride’s own write-up (In Swedish):
https://github.com/dansarie/FOI2020CTF/blob/master/README.md

For the love of radio

0
The year was 1994, and as you can clearly see, I had already amassed an impressive amount of audioequipment.

I am not sure, but I believe it was in 1984, when my audio/radio-romance begun. It happened as almost all my life-changing events do by mere coincidence. I went with my mother to an infamous, now defunct, flea market here in Stockholm and bought some antique 8mm movie equipment. Once I got home, I found out it was “double 8”, which I could not use with the films I had. The salesperson was recalcitrant to give me a refund but offered me something else worth the 20$ (200 sek) I had paid for it. Not knowing what to do, I pointed to an old open reel tape recorder. Once I got it home, I got a cheap microphone from an electronics store and set the whole thing up. My first recording was some chirping birds outside the window.

As I got several old vinyl players, cassette desk and an amplifier, I built my first own radio studio and recorded several radio shows with my very uncooperative neighbors, a few kids my age. They mostly did not want to say anything and asked me not to disturb them as they were busy reading comics. I already obsessed with audio and radio, and that never changed. The tapes are long lost, but they were not really that much of a master piece anyway. One of the shows had me shouting “I’m besieged” when I could not keep my brothers from entering my room. Also, I did not know how to pronounce it, as I only seen it in text. So, I shouted “I’m bes-eye-jdged”.

At night I slept with a radio in my bed, listening mostly to Swedish Radio Program 1 (P1). Sometimes the shows could be scary as they dealt with getting old and dying and that was no help with my sleep, that much I can tell you. I also remember tuning into Radio Luxemburg or listening to Swedish community broadcasts from SAF Radio City.

A logo type I made fot the school’s radio station. It was used on the stationary I sent to them with the new jingles and probably ended up in their circular files. Geek points if you can tell which old Amiga game I got some of the graphics from.

In 1991 I enrolled into second upper class school in Sweden (Brännkyrka gymnasium) and they had a couple of older students running a radio station called Radio B.R.I.E. I was hooked and listened every week at Wednesday through a home-built receiver.
Over the years, I tried to join the radio team. At first, they were interested, but I had a habit of being more than just a little bit into doing things my way, while being very energic and not listening to what other people said (I got much better over the years 🙂 ). I believe they eventually didn’t really want me to join after all. But I remained a loyal listener and purveyor of “creative” jingles, made on my Amiga 500. They put some of them on the air, mostly to be nice to me. You, know, those jingles were… to put it mildly… not so good.

In 1994, I saw an ad for a community broadcasting activity for teenagers (and I was one of them, back then!). I joined them three times and every time made a new show that was heard over 95,3 MHz here in Stockholm in Sweden. I did not speak on the first show as I was the audio engineer, a job I loved beyond belief. The second one was the same, with two guys from school that spent most of the time joking and telling rude stories. They interviewed a person talking about Leonardo Davinci but spun out of control when she spoke about his sexual habits. The result was borderline catastrophe and it just had to be put on the air. The third session was just me and some BBS-sysops talking about all the unjustified fear mongering that was going on about our dear BBS:es. The radio studio was shut down that same year.

But at the same time, around February 1994, I was also involved in broadcasts on Radio Sydost 101,1 MHz. This was cut short after a month when they lost their studio due to unpaid dues.

In 1995 another project I had started finally came to fruition. I had long wanted the Swedish federation of young scientists (Förbundet Unga Forskare) to start broadcasts here in Stockholm. And on the 26th of February 1995, it went on the air on 88,9 MHz with the program “Radio Unga Forskare”. We were also one of the first broadcasters in Sweden providing on demand streaming in 1997. Today, this phenomenon still exists, but is now known as a podcast. We used to put out science shows and had a team of scientists and students doing weekly clips that ran on the radio and on the Internet.

Me in the foreground recoding a science show with four of the science team.

In 1995 I took an old essay I wrote as a school project and started spreading it over the bulletin board systems of the day, while adding more text to it. This essay covered audio enginering and community broadcasting here in Sweden. The title of it alluded to the sci-fi book series “The hitchhikers guide to the galaxy” and was thus called “The audio engineer’s guide to the galaxy” (Ljudteknikerns guide till galaxen). For a number of years, it was really popular. But it’s just an archive now, I guess.

This is a story all by itself, but it ended in 2006, as I had no more time and wish to continue. At our height, we had 10-15 persons regularly contributing to keep the station running.

After that, I found my love for listening to radio rekindled as streaming radio was becoming a common thing. Then I bought a CB radio kit and found it to be quite boring as no one really was on the frequencies. 2011 I took the step and finally became a radio amateur (Ham radio). I took up shortwave listening but lost interest as the number of stations dwindled.
During all this time I dreamt about starting a YouTube-channel.

In 2018, a friend tried to get me to start a podcast with him. This DID happen, and as I write this, it’s still running.

Me trying a webinar format on the pod. This was interesting, but we soon went back to just using audio.

The podcast, IT-säkerhetspodden, has been quite a journey. While a fairly popular niche-podcast in itself, it has taught me and Mattias a lot about interviews, audio editing, microphones, writing better texts, meeting people, using social media to get listeners and web site design. Not to mention digital imaging and keeping everything running during half way impossible dead lines.

My podcast cohost (or am I the cohost?) Mattias Jadesköld talking to Matilda Sjöstrand who works at Swedish cyber security company Sentor and who is also involved in a project to protect women from digital violence (Yes, that is real thing!)

In September 2020 I bought the software “Playit live” and setup a real 24/7 radio station with a lot of old Amiga music, professional jingles (Yes, I finally know how to make jingles that don’t suck!) and funny little messages from me.

It runs itself. Unless the computer dies or something really bad happens.

It runs on an old PC located on my balcony. You can listen to it here. It has been a lesson in how to properly format a station with clocks, scheduled, recurrency and Internet streaming.

So I have in some capacity been into nearly all radio there ever was. As a broadcaster, as an avid listener and as an engineer. It should be told, though, that I have never held a paid position in the business.

As I listen to my oldest shows and to what I do today, it is clear I have really improved. Anything else would have been strange, so all those years listening to radio, creating radio and recording the spoken word has really given me something.

On my surgery table: an Amiga 3000

0
Knee deep in the dead… This machine was quite an expericence.

A few days ago, an opportunity came my way: an Amiga 3000 appeared on a retrogroup I often read. I just had to have it. A few days later, I boarded a train to a small city in the middle of Sweden.

Me on the train to somewhere…

The journey was uneventful. It was very nice to meet Mats, the seller, who have a big garage as the ultimate man cave filled with pretty much everything Commodore ever created. At he station on the way home, I came across an old engineer and we spent 1 1/2 hour discussing power distribution, gaspower, nuclear dito and memories from Sweden’s past.

When I came home and hooked everything up, I was met by this.

Ehh… Where’s that hand with the diskette???

I have never seen something like this before. Clicking on either of the “Floppy” buttons lead to the computer asking for a super kickstart.

–“What, isn’t the regular one, you already have enough?”.

Actually, I already had figured it out. This computer requires a kickstart boot rom on disk. Googling on it, revealed this to be true. The first Amiga 3000 had a hardware kickstart boot rom that was incomplete. It wasn’t the old 1.3 or the new 2.04. Rather it was known as Kickstart 1.4 and that’s what is on the screen. It needs to have a file of either 1.3 or 2.04. The hard drive was dead, so it could not supply one. Hence this screen crying for help.

But where to get a super-kickstart disk? Well, Mats the seller had provided me with a diskette he said could boot the system. It didn’t work. So I decided to put it in my Amiga 500 to see if it was ok.

Abort! Aaaaaaargh!!!

I might have been the lamer here, but the antivirus saved me. Trying to scan the disk further revealed that the Saddam Hussein-virus was present as well.. Party on, dudes…

Right. This is a bit problematic. The disk was put in a bio hazard cotainer and will be delivered to SIPRI tomorrow..

The retro group on Facebook delivered the solution after I posted a request for one of those pesky “superkickstart”-disks. Turns out Cloanto sells those as file for AmigaForever. Finally a break through.

I generated the 2.04 disk and inserted it into the computer and it promptly started to boot with it. After that I got the nice boot image.

Who’s a good doggy? You! Yes, you are!

This is where my luck ran out. It just wouldn’t boot. I popped the WB 2.04 disk into the diskdrive. Nothing happened. Giving the keyboard the three finger salute (Ctrl-Amiga-Amiga) did work! Then Workbench started up just fine.

It was pretty soon clear to me what was going on. The diskdrives would happily read any disk that was inserted at the time the computer warm started, but would then never detect when disks were later removed or added.

Googling the problem didn’t help as I came up empty… And that’s where I am right now.

I have not given up, but for now, the work has be postponed, as I have a radio station to setup.

More to come…

The anatomy of an attack

2
The email that started it all. Sounds very legit, but clearly isn’t Hint: hover over the link if you get this mail!

(Updated at 2020-09-19 19:13) – Good news, everyone. bxsmail.com is not responding anymore. Could one hope Telia booted mr Spammer off the net? Probably just a minor setback until he finds a news place to send his crap from. Pyrobee.com is, alas, still up and running. Why, oh why…?

How the journey begun….

On Friday the 11th of September I found an email in my junk mail folder. That in itself is nothing special, but this particular spam stood out. It was in Swedish, without the usual auto-translated mess that those are wellknown for. It simply said (translated from Swedish):

Hi

Thanks for the last time, here are the statistics you wanted. I hope you’ll receive this mail before going home for the day.
<Link to what looks like tillvaxtverket.se, but really sends you to a malicious site>

[I] believe it rather clearly shows what we though from the start and that is that there is a large lack of available talent in the rural communes. The quiestion is what could be done about it on a regional level.

The Swedish original:

From: Magnus notification@bxsmail.com
Sent: den 11 september 2020 21:35
To: Erik Zalitis erik@zalitis.se
Subject: Jag tror det var detta du ville ha

Hej

Hoppas du hinner få mailet innan du går hem idag.

hxxps://tillvaxtverket.se/statistik/vara-undersokningar/kompetensforsorjning/2020-04-24-kompetensforsorjning-i-landsbygder.html

Tror den visar ganska klart det vi trodde från början att det är stor brist på kompetens i de större landsbygdskommunerna.
Frågan är vad man skulle kunna göra åt det regionalt.

/Magnus

I racked my brains trying to remember ever having spoke to someone on Tillväxtverket about something that would warrant this response and came up empty handed. I quickly Googled and what I found made me suspect it was some kind of fraud or spam. I posted my preliminary findings on “Säkerhetsbubblan”, a Facebook group dedicated to IT-security discussions.

At this time I was quite curious about what was going on and started tracing the sending system down. The mailheaders were clear on the matter.

Ok, got it… server.bxsmail.com

The IP was recognized almost immediately by me, as I used to work at Swedish telecom provider Telia back in the day, and sure enough, it was them.

Hallsberg does not sound as a center of cybercriminal activity, especially when…

The post code is easy to put on a map:

A typcial war zone in Sweden. A few day care centers for children and small suburban housing. This is where the hacker roams freely…. or maybe not. Seriously though, it’s probably located on someones home network, directly connected to a consumer Internet broadband connection operated by Telia.

One click on this link and you’re toast…

Let’s take a look on the seemingly innocent email (you should know better now, though):

One-click selling of your identity… Ain’t life grand?

Hovering over the link in the email, shows you where it really goes. The link leading to the Tillväxtverket-site uses an old trick, where the displayed link does not correspond to the one you’re actually are clicking on (Se picture above!).

Weirdly named proxy “Burp suite”, shows exactly what happens over the wire when you click the evil link like there was no tomorrow.

As you ask…
… ye shall receive…

This fake link instead leads to a server for the domain pyrobee.com which is located in Germany. The reply-to address in the mail also points to info@pyrobee.com. The ip-information for this site is as follows.

Details for 78.46.65.196 
Decimal: 
1311654340 
Hostname: host2.sitedns_se 
ASU 24940 
ISP: 
Hetzner Online GmbH 
Organization: Hetzner Online GmbH 
Services None detected 
Assignment Likely Static IP 
Blacklist 
Click to Check Blacklist Status 
Continent Europe 
Country: Germany 
Latitude 51.2993 (51' 17' 57.48" N) 
Longitude: 9.491 (9' 29' 27.60" E) 
Geolocation Map 
Sch 
Nederland 
Belgié :BeIÉ que 
an tadt 
Niedersac 5 en 
tschland 
hijFi 
B ande b 
Belgien 
•de-Éra bourg 
icardie 
woje "6dztwo 
z achodniopomo' 
dztWO kg 
ztwo dolnog« 
tesko

If you somehow doubt they are malicious, note the abuse-link provided in the mail:

Ah.. Mr Bond, that was a bad move, now we know you’re trying to thwart our nefarious plans.

OH!! They have a Facebook presence too… How “I’m just a serious business owner” of you.

Aint nuthing but us chikkuns in here… Sez the fox… The farmer is not amused…

And for my final trick, I going to pull a rabbit out of my hat. Or rather, disclose the identity of the spammer. He seriously has his REAL name on the FaceBook-group above. A fast check shows that he lives in the exact same area and in the same Zipcode as the bxsmail.com-server is located.

This links him to the Pyrobee.com-server AND the bxsmail.com-server. So it’s a wrap then? We’ll see.

What about them servers?

So, back to the server in Sweden, server.bxsmail.com. What is it running? Quite a lot actually.

o 
O 
O 
O 
O 
o 
O 
O 
P ort 
22 
53 
80 
465 
587 
2020 
2525 
3306 
8083 
Protocol 
tcp 
tcp 
tcp 
tcp 
tcp 
tcp 
tcp 
tcp 
tcp 
State 
open 
open 
open 
open 
open 
open 
open 
open 
open 
open 
open 
Service 
ftp 
smtp 
domain 
http 
smtp 
smtp 
x Inupageserver 
smtp 
mysql 
http 
Version 
vsftpd 3.02 
OpenSSH 7.4 (protocol 2.0) 
Ex im smtpd 4.93 
(unknown banner: get lost) 
ngvnx 
Ex im smtpd 4.93 
Ex im smtpd 4.93 
cbdev cmail smtpd 
MySQL 5.5.65-MariaD8 
ngvnx
An open Mysql-port, a nasty DNS that tells me to get lost and god knows what port 2020 is about. The webserver has little to say:
Did you forget to remove the shrink wrap?

We can go no further as this would constitute an intrusion, and I’m strictly a white hat.

Analysis

Given what we know:

  • The link in the email takes the user clicking on it on a detour to pyrobee.com, a server in Germany, and then automatically bouces the unwary user to Tillväxtverket. This way, it will look legit. This link has, what looks to be a identifier, that is most likely connected to the email-adress the mail was sent to. Thus the Pyrobee.com-server will know who clicked on the link.
  • Most likely this gives the hacker a list of people that clicked on the link and who can now be further investigated and targetted for phishing attacks in the future. Caveat emptor: don’t click the link! (Unless you’re like me, curious and want to see what happens..)
  • It’s impossible to say if this attack was aiming to target Tillväxtverket in any way or capacity, or if they were selected to give the attack itself a semblance of credibility.
  • The server sending the email is barely configured at all and only the services needed to send the emails seem have anything more than just minimal “dial tone”-setup.
  • It’s likely not to be secured in any meaningful matter. I cannot, as I stated, investigate this any further
  • The server in Germany uses a template that teases with stuff like podcasts and a blog, but in reality does not exist. It’s kinda a good thing to remove services featured on the template by default, if you don’t intend to offer them. Looks more serious like that.
  • Real advertising campaigns often work exactly like this, but they generally don’t use badly built servers running on someones home broadband connection and then redirect you to another, barely setup server in Germany. Also, they DO NOT SEND spam that tries to fool you that the message is an answer to a previous discussion with the sender that obviously did not happen.

Time line

2020-08-07 – The domain bxsmail.com was registered. It’s probably around this time the mails started appearing.

2020-09-11 – I noticed the mail, that was sent to my private email address, in my junk folder and started to investigate the matter. Had to stop due to needing to sleep.

2020-09-11 – Asked Telia to shut the server in Sweden (bxsmail) down.

2020-09-12 – Sporadic work in spare time during a trip to another city in Sweden.

2020-09-12 16:12 – completed the report after some questions were asked and then added new stuff I found.

2020-09-12 16:23 – reported Pyrobee.com to their upstream provider’s abuse department.

2020-09-12 17:xx – reported spam to spamcop.

2020-09-13 19:xx – They have now created more domains with servers: ettmoln.com and merkurex.com. Probably not a complete list, but I will update as soon as I learn more… Their weak point is pyrobee.com. Take that down and they will have nothing going on.

2020-09-12 22:31 – The identity of the owner of all the servers has been found. He wrote it on Pyrobee’s FaceBook-page. The name is Magnus, but I will not write his whole name here as to stay within the Swedish law. He lives exactly in the same postal code (zip code) area where the bxsmail.com server is located. I have a hard time believing this… Really takes the cake.

2020-09-14 – Right, I was told by the German abuse-department that they will not process the report unless they can tell the owner about it. That will effectivly send this link to the guy behind all this. Who said life should not be interesting?

Evidence and other material

The spam mail, complete with all headers:
https://erik.zalitis.se/files/spam.txt

Thanks

Malin Ekström for spotting a thing I missed.
The rest of the “Säkerhetsbubblan“-Facebook group for aiding me in my research… You guys and gals rock.

My burp just barfed

0
Burp suite, as painted by Picasso. Not rare at all amazingly enough and not valued for its intrinsic artistic skills.

Update 2020-09-28: Answer from Burp suite support:

Screen redraw issues have appeared on various Windows versions when custom scaling has been adjusted in the display settings. Have you adjusted the default scaling behavior at all? If so, can you try returning that to the default setting? Additionally, can you try adding the following options to your VMOPTIONS file? This can be found in the installation directory.

1: -Dsun.java2d.noddraw=true
2: -Dsun.java2d.d3d=false
3: -Dswing.useflipBufferStrategy=True
4: -Dsun.java2d.ddforcevram=true
5: -Dsun.java2d.ddblit=false

You can add them in order until the issue disappears or add all of them at once.

https://forum.portswigger.net/thread/gui-graphics-corruption-at-random-intervals-14765ccb

Is it just me, or is this a common thing? It kinda makes my pentesting experience quite dull. The only resolution is to restart the program if you can find out how and then you lose a lot of your progress. Thanks a bunch…

What’s happening here? Well, this problem occurs after a few minutes or hours. The window seems to “break apart” and the different pieces move around as you move your mouse or …. worse… click around.

When you stop the program, it sometimes seems to corrupt the saved file and you could easily lose days of work.