[Robert] has been snooping around Naenara in order to learn more about how North Korea’s intranet might work. Naenara is the web browser that comes bundled with North Korea’s official Linux-based operating system known as Red Star OS. [Robert] once saw a screenshot of the browser and found it interesting that the browser seemed to automatically load a non-routable IP address immediately upon start-up. This made him curious about what other oddities one might uncover from the software.
Upon start-up, the browser tries to load a page located at IP address 10.76.1.11, which is a reserved IP address for private use. This indicated that North Korea’s “Internet” is actually more of in intranet. [Robert] suspects that the entire country may be running in private address space, similar to how your home or business likely runs.
[Robert’s] next thoughts were that the browser looks like a very old version of Mozilla Firefox, but with some default configuration changes. For one, all crashes are automatically transmitted to “the mothership”, as [Robert] calls it. He suspects this is to fix not only bugs, but also to find and repair any security vulnerabilities that may allow users more control.
There are some other interesting changes as well, such as the supported security certificates. The Naenara browser only accepts certificates issued by the DPRK, which would make it very easy for them to snoop on encrypted HTTPS traffic. there is also evidence suggesting that all traffic for the entire country is routed through a single government controlled proxy server.
None of these findings are all that surprising, but it’s still interesting to see what kind of information can be gleamed from poking around the browser and operating system. [Robert] has found more than just these few findings. You can check out the rest of his findings on his blog.
Most tech savvy individuals are well aware of the vast amounts of data that social networking companies collect on us. Some take steps to avoid this data collection, others consider it a trade-off for using free tools to stay in touch with friends and family. Sometimes these ads can get a bit… creepy. Have you ever noticed an ad in the sidebar and thought to yourself, “I just searched for that…” It can be rather unsettling.
[Brian] was looking for ways to get back at his new roommate in retaliation of prank that was pulled at [Brian’s] expense. [Brian] is no novice to Internet marketing. One day, he realized that he could create a Facebook ad group with only one member. Playing off of his roommate’s natural paranoia, he decided to serve up some of the most eerily targeted Facebook ads ever seen.
Creating extremely targeted ads without giving away the prank is trickier than you might think. The ad can’t be targeted solely for one person. It needs to be targeted to something that seems like a legitimate niche market, albeit a strange one. [Brian’s] roommate happens to be a professional sword swallower (seriously). He also happens to ironically have a difficult time swallowing pills. naturally, [Brian] created an ad directed specifically towards that market.
The roommate thought this was a bit creepy, but mostly humorous. Slowly over the course of three weeks, [Brian] served more and more ads. Each one was more targeted than the last. He almost gave himself away at one point, but he managed to salvage the prank. Meanwhile, the roommate grew more and more paranoid. He started to think that perhaps Facebook was actually listening in on his phone calls. How else could they have received some of this information? As a happy coincidence, all of this happened at the same time as the [Edward Snowden] leaks. Not only was the roommate now concerned about Facebook’s snooping, but he also had the NSA to worry about.
Eventually, [Brian] turned himself in using another custom Facebook ad as the reveal. The jig was up and no permanent damage was done. You might be wondering how much it cost [Brian] for this elaborate prank? The total cost came to $1.70. Facebook has since changed their ad system so you can only target a minimum of 20 users. [Brian] provides an example of how you can get around the limitation, though. If you want to target a male friend, you can simply add 19 females to the group and then target only males within your group of 20 users. A pretty simple workaround
This prank brings up some interesting social questions. [Brian’s] roommate seemed to actually start believing that Facebook might be listening in on his personal calls for the purposes of better ad targeting. How many other people would believe the same thing? Is it really that far-fetched to think that these companies might move in this direction? If we found out they were already doing this type of snooping, would it really come as a shock to us?
Researchers at the University of Utah have been able to detect movement in a room based on variations in wireless signals. Accurate to about a meter, they are using a 34 node wireless network to do their sensing. As a person moves, they change the signals, and can therefore be detected. They state one possible application being rescue workers deploying multiple wireless nodes around a building to find people located inside.
Our wallets are filling up with SIM and RFID cards that contain hidden information. Using our latest project, the Bus Pirate universal serial interface, we can dump the memory from many common smart cards. In today’s How-to, we show you how to interface common smart cards, and walk you through the data stored on a FedEx Kinko’s prepaid value card.
Continue reading “How-to: Read a FedEx Kinko’s smart card (SLE4442)”