Good news from Jezero crater as the Mars rover Perseverance manages to accomplish for the first time what it was sent to do: collect and cache core samples from rocks. Space buffs will no doubt recall that Perseverance’s first attempt at core sampling didn’t go as planned — the rock that planetary scientists selected ended up being too soft, and the percussive coring bit just turned the core sample into powder. The latest attempt went exactly as planned: the cylindrical coring bit made a perfect cut, the core slipped into the sample tube nested inside the coring bit, and the core broke off cleanly inside the sample tube when it was cammed off-axis. Operators were able to provide visible proof that the core sample was retained this time using the Mastcam-Z instrument, which clearly shows the core in the sample tube. What’s neat is that they then performed a “percuss to ingest” maneuver, where the coring bit and sample tube are vibrated briefly, so that the core sample and any dust grains left around the sealing rim slide down into the sample tube. The next step is to transfer the sample tube to the belly of the rover where it’ll be hermetically sealed after some basic analysis.
Did any Android users perhaps oversleep this week? If you did, you’re not alone — lots of users of the Google Clock app reported that their preset alarms didn’t go off. Whether it was an actual issue caused by an update or some kind of glitch is unclear, but it clearly didn’t affect everyone; my phone mercilessly reminded me when 6:00 AM came around every day last week. But it apparently tripped up some users, to the point where one reported losing his job because of being late for work. Not to be judgmental, but it seems to me that if your job is so sensitive to you being late, it might make sense to have a backup alarm clock of some sort. We all seem to be a little too trusting that our phones are going to “just work,” and when they don’t, we’re surprised and appalled.
There seem to be two kinds of people in the world — those who hate roller coasters, and those who love them. I’m firmly in the latter camp, and will gladly give any coaster, no matter how extreme, a try. There have been a few that I later regretted, of course, but by and large, the feeling of being right on the edge of bodily harm is pretty cool. Crossing over the edge, though, is far less enjoyable, as the owners of an extreme coaster in Japan are learning. The Dodon-pa coaster at the Fuji-Q Highland amusement park is capable of hitting 112 miles (180 km) per hour and has racked up a sizable collection of injuries over the last ten months, including cervical and thoracic spine fractures. The ride is currently closed for a safety overhaul; one has to wonder what they’re doing to assess what the problem areas of the ride are. Perhaps they’re sending crash test dummies on endless rides to gather data, a sight we’d like to see.
And finally, you may have thought that phone phreaking was a thing of the past; in a lot of ways, you’d be right. But there’s still a lot to be learned about how POTS networks were put together, and this phone switch identification guide should be a big help to any phone geeks out there. Be ready to roll old school here — nothing but a plain text file that describes how to probe the switch that a phone is connected just by listening to things like dial tones and ring sounds. What’s nice is that it describes why the switches sound the way they do, so you get a lot of juicy technical insights into how switches work.
Ah, phone phreaking. Some of us are just old enough to remember the ubiquity of land lines, but just young enough to have missed out on the golden years of phreaking. There’s something nostalgic about the analog sounds of the telephone, and doubly so when you understand what each click and chunk sound means. If this wistful feeling sounds familiar, then you too will appreciate [Evan Doorbell] and his recordings of 1970s telephone sounds. He’s been slowly working through his old recordings, and compiling them into a series of narrated tours of the phreak subculture.
[Evan]’s introduction to exploring the phone system started from a misdialed number, and an odd message. He describes that recorded “wrong number” message as being very different from the normal Ma Bell messages — this one was almost sultry. What number did he have to dial to hear that unique recording again? What follows is a youth spent in pursuit of playing with the phone system, though it would be more accurate to say the “phone systems”, as discovering the differences between the various local phone exchanges is a big part of the collection. Check out the first tape in the series after the break.
Continue reading “Evan Doorbell’s Telephone World”
We’ve all stared at that button in the elevator with the phone icon on it, supremely confident that if the cab came to a screeching halt while rocketing up to the 42nd floor, a simple button press would be your salvation. To be fair, that’s probably true. But the entire system is not nearly as robust as most people think.
Friday at DEF CON 27, [Will Caruana] took the stage to talk about phone phreaking on an elevator. The call buttons first appeared on elevators in 1968 as actual phone handsets, eventually becoming a mandated feature starting in 1976. Unfortunately, the technology they use hasn’t come all that far since. Phone modules on elevators did benefit when DTMF (touch tones) and voice menu systems rolled around. But for the most part, they are a plain old telephone service (POTS) frontend.
[Will] spends his spare time between floors pressing the call button and asking for the phone number. It’s the lowest bar of social engineering, by identifying yourself as an elevator service technician and asking for the number he is calling from. His experience has been that the person at the other end of the phone will give you that number no questions asked nearly every time. What can you do with a phone number? Turns out quite a bit.
The keys to the castle are literally in the elevator phone user manuals. The devices, shipped by multiple manufacturers, come with a default password and [Will’s] experience has been that nobody changes them. This means that once you have the phone number, you can dial in and use the default password to reprogram how the system works. This will not let you directly control the elevator, but it will let you speak to the people inside, and even change the call-out number so that the next time that little button is pressed it calls you, and not the phone service it’s intended to dial. That is, if the system was even correctly set up in the first place. He mentioned that it’s not too hard to find elevators that don’t have their location set up in the system — if you do need help, it may be hard to figure out which elevator you’re actually in. There have also been instances where these call the 24-hour maintenance staff for the building, a bewildering experience for sleepy personnel who didn’t sign up for this.
Want to go beyond the call button and dig deeper into the secrets of pwning elevators? [Will] suggests watching the HOPE X talk from [Deviant Ollam] and [Howard Payne] called Elevator Hacking: From the Pit to the Penthouse.
As Internet security has evolved it has gotten easier to lock your systems down. Many products come out of the box pre-configured to include decent security practices, and most of the popular online services have wised up about encryption and password storage. That’s not to say that things are perfect, but as the computer systems get tougher to crack, the bad guys will focus more on the unpatchable system in the mix — the human element.
History Repeats Itself
Ever since the days of the ancient Greeks, and probably before that, social engineering has been one option to get around your enemy’s defences. We all know the old tale of Ulysses using a giant wooden horse to trick the Trojans into allowing a small army into the city of Troy. They left the horse outside the city walls after a failed five-year siege, and the Trojans brought it in. Once inside the city walls a small army climbed out in the dead of night and captured the city.
How different is it to leave a USB flash drive loaded with malware around a large company’s car park, waiting for human curiosity to take over and an employee to plug the device into a computer hooked up to the corporate network? Both the wooden horse and the USB drive trick have one thing in common, humans are not perfect and make decisions which can be irrational. Continue reading “Social Engineering Is On The Rise: Protect Yourself Now”
Remember when you used to have to dial into a Bulletin Board System to connect with others through computers? How about those fond memories of phone phreaking? If you find that the details are fading in your mind you’ll be happy to know that [Jason Scott] is making sure they’ll never be forgotten. And now he’s landed a new job that will make this mission even easier.
We’re most familiar with [Jason’s] film, BBS: The Documentary. This five-hour epic traverses the oft-forgotten world of the BBS. It pays attention to things like the formation of ASCII art groups, the elite control of the Sysop before the Internet decentralized access to information, and quirky technological limitations like what happened as FIDOnet ran out of addresses for new nodes.
In short, [Jason Scott] is a technological historian. He gives speeches, makes movies, and finds information stashes that history shouldn’t forget. He’s done this outside the tradition of finding a Professorship or Curator position for a major institution. Instead he asked for sabbatical funding through Kickstart, and now he’s found his way to a position that seems like it’s made just for him; Archivist for the Internet Archive. Go get ’em [Jason].
[Jason Scott] curated a nice collection of links related to [Phil Lapsley]’s work on phone phreaking. [Lapsley]’s book, The History of Phone Phreaking, will be released in 2009. Meanwhile phone phreak enthusiasts can peruse his site and bone up on some interesting material, including documents that revealed the inner workings of the telephone switchboard(PDF), and the Youth International Party Line (YIPL)/Technological American Party (TAP) FBI files(PDF), which is really intriguing for the various doodles and conversations that were documented. If you have some spare time, we definitely recommend sifting through it.