lix blog

Since monday night (18th August 2014) ADS95 Ranger Drones are flying within TMA (traffic manoevering area) LSZH (ICAO code for ZRH, Zurich), using callsigns such as FOCUS1 and FOCUS2, seemingly equipped with ADS-B, as they are now visible on Flightradar24 and other platforms.

(Note that the stupid military operator does not know that the transition level for TMA LSZH is FL70 and therefore asks for clearance for FL60 instead of 6000ft!)

The virtual pilot navigating the drone applied for respective flightplans (LSME ZUE ROMIR KLO LSME) with Skyguide, – according to my call with them, – from LSME (Emmen) to LSME, without further explanation, intention nor defined route.

As there is no comprehensible reason, such as WEF Davos or Swiss political revolution for such an operation, I hereby propose to install a selfshot system equipped with ADS-B receiver to take these surveillance systems down smash into ground!

Further I should say that the Swiss Military in Emmen was very surprised by my call (01:30 a.m. CEST) to learn hat the drones are visible for anyone, as they seemingly are equipped with ADS-B. – Grotesque!

The responsible person for the operation told me on the phone that the Ranger Drones by Ruag have been in a mission to secure the Swiss-Germano border for the whole week already.

[Update 0130 UTC]
Mr. Röthlisberger, military police sergeant from VBS, was not only surprised to learn that the drones are visible for anyone through secondary radar, but, – surprisingly, – was not aware that drones from the swiss military were in operation at all, though his office is in charge for military operations within swiss aerospace!

NOTAM:
RUAG AD95 drones by Swiss Military use callsigns FOCUS1, FOCUS2 etc., whereas the registration numbers vary from D-113, D-138, D-8 etc. (*not* HB-XXX, as usual for registered a/c for Switzerland).

Many providers send you the preconfigured FRITZ!Box containing all settings, whereas passwords are not visible in the webinterface. Some providers, such as Sunrise in Switzerland, argue they wont give you the password due to “safety reasons” when you call their helpdesk. m) – To extract your VoIP password from your FRITZ!Box follow these steps:

1.) Enable Telnet
Open the webinterface of your FRITZ!Box an choose > Telephony > Telephonebook
Add two new entries:
Name: Telnet On
Number: #96*7*
and
Name: Telnet Off
Number: #96*8*

Dial #96*7* on your connected DECT phone to enable telnet on your FRITZ!Box. If you don’t have a phone connected to the Box, enable “click to dial” in telephony > calls > click to dial and dial the number by clicking on the number in the phonebook on the webinterface.

2.) Extract VoIP password in telnet
Access your router via telnet in the command line (aka Terminal). Use the IP of your router and your FRITZ!Box password.

user@host:~$ telnet 192.168.1.1
password: ***********

BusyBox v1.20.2 (2013-05-13 12:53:07 CEST) built-in shell (ash)
Enter ‘help’ for a list of built-in commands.

#

Then use the following two commands to extract the VoIP password:

# allcfgconv -C voip -o /var/tmp/temp -c
# cat /var/tmp/temp |grep passwd
passwd = “23f00b4R”;
passwd = “”;
#

Done 😎
Now disable telnet again, – for security reasons, – by dialing #96*8* on your DECT. – Have phun!

For further reading:

• Telnet auf FRITZ!Box aktivieren
• allcfgconv
• voip.cfg
• decrypt passwords on routers

Update (11. November 2016):
AVM secret FritzBox Key

34 International Experts Weigh in On Mass Surveillance on Snowden Anniversary

Today, a group of over 400 organizations and experts, along with 350,000 individuals, continue to rally in support of the 13 International Principles on the Application of Human Rights to Communications Surveillance (the Necessary and Proportionate Principles) a year to the day after Edward Snowden first revealed how governments are monitoring individuals on a massive scale. The international experts who supported the Necessary and Proportionate Principles has issued a press release containing quotes from professionals weighing in on the need to end the mass surveillance.

Source

[Update]
“Es ist Zeit, die Netze zurückzuerobern”

Die Digitale Gesellschaft veröffentlicht heute einen Report zu den Überwachungsaktivitäten der Kantone und des Dienstes Überwachung Post-
und Fernmeldeverkehr (Dienst ÜPF). Der Swiss Lawful Intercept Report
2014 besteht aus mehreren Teilen:

• Der Rückblick über die letzten Jahre zeigt den steten Anstieg der Überwachungsmassnahmen.
• Die Statistik 2013 beleuchtet die Überwachungsmassnahmen nach Delikten und zeigt signifikante kantonale Unterschiede auf.
• Ein Kapitel widmet sich der Gewichtung schwerer Straftaten, mit welchen immer wieder für Überwachung argumentiert wird, und zeigt auf,dass diese Straftaten nur einen geringen Teil an der Gesamtmenge an Überwachungen ausmachen.

Eine politische Einschätzung beleuchtet die Totalrevision des BÜPF (Bundesgesetzes betreffend der Überwachung des Post- und Fernmeldeverkehrs).

Der Swiss Lawful Intercept Report 2014 (PDF) steht online zur Verfügung.

Source

After the excitement about the new GNU/Linux Sailfish OS phone Jolla and having tinkered around for a couple of days I come to the, – unfortunate, – conclusion, that the phone is not end-user ready (yet).

Although the OS offers an intuitive, fast and clever handling of the functions, many core functions are yet missing.

• No CalDAV/CardDAV syncronisation for Calendar & Addressbook
• No Task manager
• No GnuPG native e-mail program
• Buggy browser
• No OTR support for XMPP/Jabber
• Poor battery life
• No VPN client

Watching the community reports and how desperate many are looking for a well working, nicely developed and secure smartphone, I hope that the Jolla team will come up with an update of the missing features soon.

“Hello World!“

While Apple Computers decided to violate users rights once more, ceasing the capability to synchronise PIM (personal information management) data locally with OS X Mavericks 10.9 (argueing they should store their data in their iCloud. – Bwahahahaha!1!!) there are too many PIM solutions for GNU/Linux users, whereas none of them are really feasible for users who want to switch to Free Software.

While many complain that there are too few GNU/Linux Desktop users and Linus Torvalds claims this to be his “personal failure” the GNU/Linux community fails to offer a seamless integration of GUI (graphical user interface) PIM into their OS. (Which is really sad, as fiddling around with SoGo-connector, lightning etc. does not offer a sustainable solution…)

So here is my solution:
Get DAViCal, install it on your server and get mutt, pycarddav and khal for your desktop(s), get a Jolla and you will have a beautiful and seamless PIM solution using the “good olde command line”.

7. – 9. March 2014 eth-0
17. – 21. March 2014 Troopers
18. – 21. April 2014 Easterhegg
29. – 30 May 2014 HITBSecConf
13. – 15. June 2014 Chaos Singularity in Bienne
19. – 22. June 2014 Gulasch Programmier Nacht
July 2014 SIGINT
August 2014 ICMP7
September 2014 Datenspuren
24. – 26. October 2014 Hackover
27. – 30. December 2014 31C3

Phantastic!
When searching for any search word or phrase in Duckduckgo, using the additional term “mirror”, the search phrase will be displayed upside down.

Example: “mirror hello world” will display the output “plɹoʍ ollǝɥ”.

I further think that this is a pretty neat way to send sensitive information (e.g. passwords) to people who are not using encryption technologies… 😎

˙˙˙sıɥʇ pɐǝɹ oʇ ǝlqɐ ǝq ʇ,uoʍ ɐsu ǝɥʇ ɟo sǝuıƃuǝ ǝɥʇ ʎlqɐqoɹd ʇsoɯ

Tonight in a discussion with a friend about the absurdity of patents, I came across the story that Gareth Bale, – a (seemingly) famous football player who recently was acquired by Real Madrid, – did trademark the “heart sign”, whereas I was wondering if this is in any contradiction to the recent patent, which Google got for the “heart shape”!??

The question remains: How many ways of perversion can trademarking and patenting still offer?