July 2009 Archives

John Hering and Kevin Mahaffey of Flexilis demonstrate an SMS attack targeting a Windows Mobile phone.

(Credit: Elinor Mills/CNET News)

LAS VEGAS--In one of a handful of SMS-related presentations here at the Black Hat security show, researchers demonstrated on Thursday how they can force certain types of smartphones to visit a malicious URL or install an app without user approval.

The vulnerability only affects phones that have been misconfigured by the original equipment manufacturer so that they accept any message sent through WAP Push (Wireless Application Protocol), a service that runs on top of SMS, said researcher John Hering.

WAP Push messages should only be accepted when sent by a trusted party such as the mobile operator, said Hering, chief executive of Flexilis, which provides software for protecting mobile phones from attack.

The vulnerability spans all Windows Mobile devices including HTC, Motorola, and Samsung, but not all of any one make or model of phone is found to be vulnerable, only random ones, he said.

Phone owners can test their phone to determine if they are affected by the issue. Hering and Kevin Mahaffey, Chief Technology Officer at Flexilis, are releasing a free tool that can be used to test whether a mobile phone is vulnerable, and if so fix the issue.

The researchers said they had not yet determined whether the iPhone or other devices were vulnerable. They said they have notified carriers, or Microsoft, and fixes are being worked on.

The attack works on GSM networks, the men said, adding that they had not yet tested it on CDMA networks.

The researchers built this device for testing for the vulnerability on multiple phones at once.

(Credit: Elinor Mills/CNET News)

The researchers have developed free, open-source software called "Fuzzit," which is designed to test the security of mobile devices and is geared towards mobile manufacturers, operators, and software developers. It will be released shortly. They also built a device that allows for the testing of multiple phones on different platforms at once for internal research and development.

Their session was just one of a handful that dealt with vulnerabilities on mobile phones and SMS, in particular.

In a presentation earlier in the day, Zane Lackey of ISEC Partners and independent researcher Luis Miras demonstrated how an attacker could spoof an MMS (multimedia messaging service) type of SMS message that appears to be sent from a trusted source and trick the recipient into visiting a malicious Web site.

Also on Thursday, Charlie Miller of Independent Security Evaluators and independent researcher Collin Mulliner demonstrated another type of attack in which they can take complete control over an iPhone merely by sending special SMS messages. They proved the attack the night before with a denial of service attack on my non-jailbroken iPhone, which runs OS 3.0.

Since SMS is available on so many devices and is always on--as long as the phone is turned on--it makes for an attractive target for attackers, according to researchers.

So a friend of mine did some riding and exploring in the mountains to the North of HWY6/Spanish Fork Canyon. The USFS has marked most of the trails in this area, and most are accessible via 4x4 and OHV's; in fact, we've seen many RV's and campers up in this area as well.

Here's a video that Coop made from his ride last weekend:








Here's the Garmin tracks from the area:

L.H fork to Daniels, 65 mile loop.gdb


In May 2009, I purchased a Dodge Ram 2500 (i6 6.7L Turbo Diesel). My purpose for purchasing this truck was two-fold:  1) to haul my ATV without the use of a trailer and 2) so we could eventually sell our 31" Ford Chassis (V10) motor home and replace it with a huge 5th wheel trailer.

The truck now has 48,000 miles on it and is suffering from DPF (Diesel Particulate Filter) and Turbo soot-clogging.  This issue occurs because to meet EPA emissions requirements, Diesel engine manufacturers (in the case, Cummins) pump exhaust (with soot, etc) back into the engine and turbo charger via the EGR (Exhaust Gas Recirculator). Supposedly, if you drive the truck hard and tow often, and in conjuction with the exhaust brake, you can purge this soot from the turbo.

Often however, folks find themselves stuck in traffic or unable to keep their vehicle above 2000 RPM's, so the soot starts to accumulate on the fins of the turbo charger, causing it to malfunction. In addition, once that occurs, soot starts to also begin to full the DPF.

Normally, the truck goes into what's called "Regeneration Mode". In this mode, the truck will (about every 200 miles) force Diesel fuel into the exhaust system and increase exhaust temperatures to +1200F, turning the soot into ash and expelling it through the tail pipe.

When the turbo clogs, however - the truck stops REGEN mode, thereby hastening the clogging of the DPF.

I have found myself in a situation where the Turbo, DPF and ECM (electronic control module -aka- main car computer) are all screwed up.

Fortunately, Dodge and Cummins offer a 5year/100,000 mile warranty on these items and have plans in place to either clean (difficult to do) or replace all the effected components.

On Wednesday (my birthday) the 29th of July, I dropped my truck off at Ken Garff Dodge (in West Valley City) to effect these repairs.

While I understand the absolute necessity of maintaining tight emissions standards, what I don't understand is the EPA's rationale. For my truck to blow less (almost no) smoke and release virtually no particulates, it must burn considerably more Diesel fuel and have more maintenance related issues. Does this make sense?

headupass9gv.jpg
 




Jacob City Loop through Ophir

| No Comments
On Wednesday (22 July), I took half the day off and decided to ride the Jacob City Loop. This time, I was determined to make the entire loop while crossing through (and over) Ophir toward Mercur.

I arrived at the staging area at 0830 and the temperature was still in the 70's. The sun hadn't yet reached the mountains yet as it was still riding behind the Wasatch.

I rode from the Stockton area (staging area) up to the top, dropped down into Ophir, rode to the far east end of Ophir to recover my geocache ammo-can (since it seemed to be about 15' on private property), then proceeded back up the mountain on the South side of Ophir Canyon.

Somewhere in the process, I hit a rock (or something) with my left/rear tire and gashed the sidewall. Unfortunately, I didn't know this for at least an hour and just thought the constant rock bashing was making steering difficult; all the while riding on a flat tire.

I didn't realize I had a flat until I was easily 21 miles from my truck at the furthest point away, overlooking the Mercur mine. I used all my water to try to locate the hole but couldn't find it. It simply wouldn't hold air. After riding another mile, I looked back and saw the tear in the sidewall. As luck should have it, two plugs in the sidewall managed to hold air long enough for me to continue the entire loop (I was not eager to end the riding because of a hole).

If you've never been up in this area, I highly suggest you try the riding. At just over 10,000' in elevation, the aspens and pines and wild mountain flowers are just awesome. Additionally, its rare to see other people in this area.

Attached is the Garmin map tracks for this ride:
JacobCity-Ophir.gdb

The comments at the bottom of the article are priceless
------------------
Original Article

(07-17) 18:01 PDT MOUNT PLEASANT, Wis. (AP) --

One southern Wisconsin homeowner is probably not in love with the Oscar Mayer wiener. The famed hot dog's Wienermobile crashed Friday into the deck and garage of a home in Mount Pleasant, about 35 miles south of Milwaukee.





Police said the driver was trying to turn the Wienermobile around in the driveway and thought she was moving in reverse. But she instead went forward and hit the home. It sat in the driveway as if it were stuck in the garage Friday afternoon.

No one was home and no one was injured. No citations were immediately issued.

Both the home and vehicle suffered moderate damage, which Oscar Mayer spokeswoman Sydney Lindner says insurance will cover.

Police hadn't been able to speak to the homeowner as of early Friday evening.


Comments are now being taken by the USFS for the Clearwater National Forest in Idaho. Almost all options show 0 acres open to OHV use. Please send in your comment now.

How to Comment

Written, facsimile, hand-delivered, oral, and electronic comments concerning this project will be accepted for 45 calendar days following the printing of the legal notice in the Lewiston Morning Tribune.  The publication date in the newspaper of record (July 17, 2009) is the exclusive means for calculating the comment period for this project.  Those wishing to comment should not rely on dates or timeframe information provided by any other source.

Written comments should be submitted to the project Team Leader at the following address:

Kamiah Ranger Station
Attn:  Lois Foster, Travel Planning IDT Leader
903 Third Street
Kamiah, ID 83536

Electronic comments must be submitted in a format such as an email message, plain text (.txt), rich text format (.rtf), or Microsoft Word (.doc) document to:

comments-northern-clearwater@fs.fed.us

Email comments must include the commenter's name, and the words "Travel Planning" should appear in the subject line of the message.

It is important that any comments you provide are substantive and specific; some suggestions for making effective comments are on the Travel Plan section of the website on the "Effects and Comments" page.

Appeal Eligibility

If you wish to comment, it is your responsibility to submit them by the close of the comment period.  Those who provide comments during the comment period are eligible to appeal a decision on this project under 36 CFR 215.13, as published in the Federal Register regulations.  If you have further concerns, please contact the Team Leader, Lois Foster, at 208-935-4258.


Specifics are as follows:

090710_travel_plan_summary.pdf


Bountiful Skyline Drive

| No Comments
After spending my entire Saturday driving up to Flaming Gorge (east side) scouting for good RV camping locations (didn't find any), I decided that on Sunday I just had to take the 2005 BF 750i out for a high mountain ride.

Since my geocache container along the power line trail was vandalized, I decided to head up to the Skyline drive above Bountiful.

This trail is easiest one of the most difficult to ride down and back up. It's steep and chock full of rocks that make traction almost impossible.

Looking downhill:
DSC07547.JPG

At any rate, I made it down the hill with only minimal slipping and nearly getting sideways. I located my geocache container (standard ammo can), found it bent in and full of water. The contents were soaked and worthless. I replaced the container with a larger ammo-can, took in the great views and rested on the rocks above for a few minutes.

Looking to the North:
DSC07548.JPG



After resting up, I geared back up and proceeded to make the dreaded ride back to the top. I put my machine in 4L/4WD and squashed the throttle.

Half-way up the hill, I saw motorcycles and a dune buggy attempting to come down. The trail is just barely wide enough for one machine, let alone multiple going opposite directions.

I smashed the brakes and came to a stop mid-hill, nearly flipping backwards in the process. Fortunately my brakes held and I didn't roll backward. After a minute or so, two guys (no shirt or gloves, but wearing helmets) tore down the hill, slipping, sliding and dang near wiping out. Seconds later, a two-stroke sport quad zipped up to me (yet another shirtless rider) asking me if I needed help; I proceeded to read the riot act about etiquette and allowing uphill riders (especially this dangerous type hill) to proceed first.

Since my momentum was gone, I proceeded (with the help of the Sport Quad rider) to roll 150' back down the hill backward - nearly flipping over backwards 3 (or so) times.

I got to the bottom and decided to hang out, drink some water and enjoy the view. After the motorcycles and sport quad departed, I let 2 pounds of air out of the tires, removed my 4GAL. flat pack (walked those up to the top) and again gave throttle. I made it up without incident.

Reminder trail etiquette when riding. This could have turned dangerous in a hurry and I'm disgusted with some of these new riders ignoring common courtesy.

Note: Just another reason for my wanting to be cremated and ashes spread across the Fishlake national forest (or someplace):

--

ALSIP, Ill. --  Workers at a historic Illinois cemetery may have dug up more than 100 bodies and dumped them in mass graves at the back of the 150-acre property in a scheme to resell plots to unsuspecting customers, authorities said Wednesday.

Cook County Sheriff Tom Dart said his office was questioning five employees from Burr Oak Cemetery in Alsip, about 20 miles southwest of Chicago. But no charges were announced and investigators were working to determine how many plots may have been resold.

The sheriff's investigation began six weeks ago when the cemetery's owner reported that an employee who began feeling guilty revealed what allegedly had been going on, possibly for as long as four years, Dart said.

"All of us who were working on this for the last week were pretty distraught," Dart said. "You start with the premise of your own loved ones and how they are cared for after they are buried, but there is also a true significance to this particular cemetery."

Chicago native Emmett Till, whose 1955 lynching at age 14 added impetus to the civil rights movement, is buried at Burr Oak. It's also the final resting place of singers Dinah Washington, Willie Dixon, and Otis Spann, as well as former world heavyweight boxing champion Ezzard Charles, Harlem Globetrotter Inman Jackson, and several Negro League baseball players.

"For many years, this was the only cemetery where African Americans could be buried," said Spencer Leak Sr., president of Leak and Sons Funeral Home, noting that Burr Oak once was owned by Ebony Magazine publisher John Johnson.

Dart said the scheme appears to have targeted older, unmarked graves that had not been visited in a long time. There was no indication the more famous sites were disturbed.

Perpetua Holdings of Illinois, Inc., a subsidiary of a Tucson, Ariz.-based funeral home and cemetery development company, has owned the cemetery since 2001. A message seeking comment was left Wednesday for the company president, listed on corporation records as Melvin Bryant of Richardson, Texas.

The Cemetery Care and Burial Trust Department, a division of the Illinois Comptroller's office, has said it has received complaints in recent years about poor upkeep at Burr Oak, including sunken or tilting gravestones, unmanageable roads, drainage problems and weeds.


SEOUL, South Korea -- A wave of cyberattacks aimed at 27 American and South Korean government agencies and commercial Web sites temporarily jammed more than a third of them over the past five days, and several sites in South Korea came under renewed attack on Thursday.


The latest bout of attacks, which affected service on one government and six commercial Web sites in South Korea, was relatively minor, and all but one of the sites was fully functional within two hours, an official from the state-run Korea Communications Commission told The Associated Press.

Officials and computer experts in the United States said Wednesday that the attacks, which began over the July 4th weekend, were unsophisticated and on a relatively small scale, and that their origins had not been determined. They said 50,000 to 65,000 computers had been commandeered by hackers and ordered to flood specific Web sites with access requests, causing them to slow or stall. Such robotic networks, or botnets, can involve more than a million computers.

The Web sites of the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department were all affected at some point over the weekend and into this week, The Associated Press reported Tuesday, citing American officials.

A White House spokesman, Nick Shapiro, said in a statement on Wednesday that "all federal Web sites were back up and running" by Tuesday night and that the White House site had also been attacked.

He said, "The preventative measures in place to deal with frequent attempts to disrupt whitehouse.gov's service performed as planned, keeping the site stable and available to the general public, although visitors from regions in Asia may have been affected."

The Web site of the New York Stock Exchange also came under attack, as well as the sites of Nasdaq, Yahoo's finance section and The Washington Post.

Researchers who are following the attacks said that they began July 4 and focused on the small group of United States government Web sites, but that the list later expanded to include commercial sites in the United States and then commercial and government sites in South Korea. Files stored on computers that are part of the attacking system show that 27 Web sites are now targets.

In South Korea, at least 11 major sites have slowed or crashed since Tuesday, including those of the presidential Blue House, the Defense Ministry, the National Assembly, Shinhan Bank, the mass-circulation newspaper Chosun Ilbo and the top Internet portal Naver.com, according to the government's Korea Information Security Agency.

On Wednesday, some of the South Korean sites regained service, but others remained unstable or inaccessible.

"This is not a simple attack by an individual hacker, but appears to be thoroughly planned and executed by a specific organization or on a state level," the South Korean spy agency, the National Intelligence Service, said in a statement, adding that it was cooperating with the American authorities to investigate the attacks.

The spy agency said the attacks appeared to have been carried out by a hostile group or government, and the news agency Yonhap reported that the agency had implicated North Korea or pro-North Korean groups.

A spokesman at the intelligence agency said it could not confirm the Yonhap report about North Korea's possible role. The opposition Democratic Party accused the spy agency of spreading rumors to whip up support for an antiterrorism bill that would give it more power.

Although most of the North Korean military's hardware is decrepit, the South Korean authorities have recently expressed concern over possible cyberattacks from the North. In May, South Korean media reported that North Korea was running a cyberwarfare unit that operated through the Chinese Internet network and tried to hack into American and South Korean military networks. United States computer security researchers who have examined the attacking software and watched network traffic played down the sophistication and extent of the attacks.

"I would call this a garden-variety attack," said Jose Nazario, manager of security research at Arbor Networks, a network security firm that is based in Chelmsford, Mass. He said that the attackers were generating about 23 megabits of data a second, not enough to cause major disruptions of the Internet at most of the sites that were being attacked.

"The code is really pretty elementary in many respects," he added. "I'm doubting that the author is a computer science graduate student."

As for possible origins, there were only hints. One researcher, Joe Stewart, of Secureworks' Counter Threat Unit in Atlanta, said the attacking software contained the text string "get/China/DNS," with DNS referring to China's Internet routing system. He said that it appeared that the data generated by the attacking program was based on a Korean-language browser.

Amy Kudwa, a Department of Homeland Security spokeswoman, said that the agency was aware of the attacks and that it had issued a notice to federal departments and agencies, as well as to other partner organizations, advising them of steps to take to help mitigate attacks.

Just before purchasing my 2008 Dodge Ram 2500 (i6 6.7L Turbo Diesel), I took it to Larry H. Miller Dodge in Sandy. I saw a few dents on the lower suspension and wanted to determine if there were other issues before committing to a purchase.

At the time, they quoted about $1200 in repairs for all four ball joints (upper / lower, left and right side), and outer tie rod ends. Considering the deal I was getting on the truck ($24000), I thought $1200 in front-end work would still be a bargain.

The odd thing was, the front tires showed no signs of wear, the ride was fine (until about 75mph, where it would shake a bit) and there was no obvious indication of front-end problems.

On Monday (at 7am), I dropped the truck back off at Larry H. Miller to effect the repair work.  Around 2pm, LHM phoned me (Service advisor = Jim) and indicated that the price was now up to $2500 and pretty much the entire front-end needed to be replaced (shocks, control arms, ball joints, tie rod ends, etc..). I said, No-Thanks and recovered my truck.

Yesterday, I decided to get a second opinion and took the truck to Les Schwab Tire & Service Center (Taylorsville). After 10 minutes of inspecting, the two mechanics walked me over to the truck, showed me how they inspected and indicated that no front-end work was needed. They said, there was a little play in the ball joints, but that was normal for stock Dodge parts.

Now that the founder is dead (Larry H. Miller), are they becoming so desperate for revenue that they would lie to generate short-term gains in service fees by losing a customer for life (long-term)?
 

Since we were just going to stay home this Independence Day weekend, I took Saturday to ride up along the Skyline drive between Farmington and Bountiful. Total mileage: 60.

Even though the weather was threatening to rain/storm, I still decided to head out. I never ride without my rain poncho and wet weather gear, so wasn't too worried.

The staging location (just to the right of the "B") has recently been covered in asphalt, making parking a bit better (no dust/pot holes, etc). If you've never been up here, you can park and stage in this area:  N 40 53 45.12 W 111 50 43.44.

For the most part, the riding was quite enjoyable. Up top, temperatures easily dropped to ~50F, while down below it was approaching ~90F. The wind howled, but the rains never started up top, but could be seen hammering the valley far below.

Looking to the West, toward the Great Salt Lake:
DSCF0053.JPG
DSCF0055.JPG


Above photo is hiding my latest geocache placement (the Skyline Cairn).

DSCF0060.JPG


A brief video on the ride up to the FAA/Radar Station:







Once I finished riding around up top, I decided to get back down and prepare Prime Rib for the family. As a final distraction, I took a side trail (marked as the USFS 288). Going down wasn't too bad, but the trail then looped back upward and that's when I discovered this trail was a vehicle grave yard. Climbing back up was tough. More winch work than I can recall.

Downhill, the 288 was smooth riding (until the creek):
DSCF0077.JPG



The trail was picturesque:DSCF0078.JPG




The vehicle graveyard:
DSCF0079.JPG


Steep and off-camber trail sections:
DSCF0080.JPG

DSCF0082.JPG

New puppy: Winchester

| No Comments
Mid-last week, I surprised the wife by taking her to the Humane Society (ie.. Dog Pound) to look at a new puppy. She's been in "puppy-lust" for the past few months and since our eldest dog is now approaching 16 years old, we figured it was time to start the search for a new dog.

After reviewing all the dogs and puppies, we finally settled on a stray 5 month old Pitbull/Mix (or so the pound had labeled). The pound quickly told us that South Jordan City had a 100% ban on any "bully-breed" to include mutts (mixed breeds). After a big of "discussion", I convinced the pound that this stray 5 month old puppy was really a bulldog-mix, thereby eliminating the zoning issues in South Jordan.

A few photos of our K9 friends:

Winchester
~5 months old:
DSCF0046.JPG


12Gauge (Labrador) ~ 3 years old:
DSCF0047.JPG


Sasha (Ibris/Mix) ~16 years old:
DSCF0048.JPG



 Where is James King?


 

Language Translation




 

Other Links:


 Main
 Public Trail Maps
 Archives
 CMS
 About/Contact
 Twitter @BruteForce
 Facebook
 LinkedIn
 Geocaching
 View DGP stats

 

My Audio & Video:


 Flickr
 YouTube
 Pandora

 

Elsewhere:


 ATV Utah
 Our ATV Obsession
 Bogley Outdoor Community
 ATV Escape
 Trish's Cake Shop
 Dennis Udink's Site
 Army Ranger
 Alex's World
 Grizzly Guy
 Adventure World TV
 WeatherCam: UofU
 Delta Bravo Sierra Comics  
 PowerPoint Ranger Comics
 Reversaroller ATV Winch

March 2022

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Recent Photos

  • headupass9gv.jpg
  • DSC07548.JPG
  • DSC07547.JPG
  • DSC07545.JPG
  • DSCF0082.JPG
  • DSCF0080.JPG
  • DSCF0079.JPG
  • DSCF0078.JPG
  • DSCF0077.JPG
  • DSCF0060.JPG

About this Archive

This page is an archive of entries from July 2009 listed from newest to oldest.

June 2009 is the previous archive.

August 2009 is the next archive.

Find recent content on the main index or look in the archives to find all content.