Web kiloseven.blogspot.com
www.arrl.org www.eham.net


[Security] Steve Gibson's WPA random key generator

Decent wireless security depends on WPA, for the older WEP security systems (whether 40-bit or 128-bit) are useless in preventing any curious and bright grade schooler on your block from hacking in and accessing everything you do over the network. Really. Not to mention any aficianado of informally acquired methamphetamine who happens to be driving by with a laptop and a wireless card.

If the FBI can do it in three minutes, how long do you think it would take a teenager?

WPA-PSK, the version of WPA which does not require special hardware, instead needs a very, very random number used as a 'key.' Fortunately, doyen utility publisher Steve Gibson now makes available a good random key generator to make that part easy.


On the Effectiveness of Aluminium Foil Helmets: An Empirical Study

Inquiring minds wanted to know, I guess. Gotta love this finding (from the abstract):
... certain frequencies are in fact greatly amplified. These amplified frequencies coincide with radio bands reserved for government use according to the Federal Communication Commission (FCC). Statistical evidence suggests the use of helmets may in fact enhance the government's invasive abilities. We speculate that the government may in fact have started the helmet craze for this reason.

However, I must take exception with their claim that

The 2.6 Ghz band coincides with mobile phone technology. Though not affiliated by government, these bands are at the hands of multinational corporations.

for mobile telephony in North America primarily uses 824MHz-894MHz and 1850-1990MHz frequencies. Think they need a better grade of tinfoil.


[Ham Radio] EggsHam

EggsHam is a freeware test drill program for US hams, now with the updated question set. Whether you are working on your first Technician license, or want to step up to the General or Extra tickets, this freeware program is extremely useful. It contains every question in the Question Pool, and throws them at you randomly, scoring after you complete the test and showing you the errors.


[Games] RISK

Play RISK(TM) on line using Google Maps. Kewl. Now, where's Freedonia?

[Safety] How 911 failed in Katrina

This Washington Post article details how badly 911 failed in Katrina.

[E-Mail] Time travel: Send yourself a message in the future

Futureme will, free of charge, send an e-mail to you, or someone else, at a specific date in the future.


[Mobile] DIY Cellphone

Tired of paying through the nose for absurdly spendy hardware plus signing away your firstborn with a multi-yaron 'contract' for cellular service? Then, look at this DIY Cellphone project up in Pugetopolis, and another one here.


[Data Security] Digital Pearl Harbor

I've been pondering how to explain the immensity of the evil which Sony Music has done to any Windows user who has bought a CD from any of their record labels (which include Arista, BMG, Columbia, Epic, J, RCA, RCA Victor, SunComm).

Then, Dr. Jerry Pournelle, and authentic Rocket Scientist, former Presidential Advisor and whose work on computing I've trusted for a quarter century, sends me this.

No way I can top it.

Yes. he's serious, and 100% accurate.
---------- Forwarded message ----------
From: Jerry Pournelle
Date: Nov 4, 2005 8:57 PM
Subject: A Chaos Manor Root Kit Warning (1)
To: Jerry Pournelle

This is a Chaos Manor Warning. I would be shouting if I were not concerned that it would trigger your spam filters.

You may or may not be familiar with the Sony Music CD Root Kit problem.

Let me begin with the warning: do not buy or install any Sony Music CD on your PC. The records play just fine on other systems. There's no problem with Mac or Linux or with self contained music players.

But if you try to play that record on your CD, it will tell you that you must install the Sony CD player codec (you can't play the record through Microsoft Media Player or any other stuff you have installed on your system).

DO NOT INSTALL THAT SOFTWARE. If you do you may never be able to get it off there short of scrubbing your system down to bare iron, reformatting, and reinstalling everything. I wish I were spoofing you, but I am not. This is a serious warning.

Moreover, if you have given a Sony Music CD to anyone as a gift, and they have tried to play that music on their PC (not Mac, not a standalone player, not Linux, but Windows PC) then their systems are infected, and it is exceedingly difficult -- exceedingly difficult -- to remove that infection in a way that doesn't blue screen of death the PC.


I have heard nothing about Sony movie DVD's having any such infection, but it's possible. So far all my Sony DVD's have played with Power DVD and I have not been asked or required to install any special Sony software to play a Sony movie DVD; if I am asked to do so I will refuse, and so should you.

Understand that the Root Kit on the Sony Music CD is a deliberate
installation by Sony as part of a Digital Rights Management scheme. They will now, if you jump through enough hoops, send you a patch that will make their scheme visible -- like all root kits, their original installation so infects your operating system as to hide in a directory your operating system literally cannot see or access -- but it still does not remove it.

I'll have more on removal in the column and at another time this being column time. I will also have a


warning in my Christmas Shopping List in the column.

This is a serious infection: the scheme has actually been used by third parties to hide other malware on systems that have the Sony root kit installed, and others have used the Sony root kit to hide cheat software for World of Warcraft. Even if you think you know what you are doing, you should not fool around with this stuff. It's dangerous, it's very difficult to remove, and there is a very real risk that you will have to reformat your disk and reinstall your OS and everything else.

For more information see:

The Register

The Register (redux)


The last reference is to the Sysinternals page where an incredulous Mark Russinovich relates how he found the root kit on his system: the root kit has been out for months, and this is the first indication of its existence. Sony did a splendid job of stealthing this.

I will have more in the column and on the web page. If you have bought and installed a Sony Music CD on your PC, *you need more help than I can give you*. Start with the Sysinternals page, and *proceed with extreme caution*.

And the best of British Luck to you.

Best regards,

Jerry Pournelle
Chaos Manor

I'm not buying any Sony anything until a complete and total repair procedure for Windows users is issued. The current procedure offered users, as per reliable sources, does not completely remove the malware. Since the removal programming is not Open Source, how do we know what else it does?

As a protective measure, I'd suggest you disable autoplay for all optical (CD, DVD) disk drives on every Windows machine you have.

Other information sources include:

The United States Code, Title 18, Section 1030, which to some seems potentially applicable.

The Washington Post


The Finnish antivirus company F-Secure

Steve Gibson and Leo Laporte (see or listen to Issue # 12).


And, an explanation (PDF, requires Adobe Acrobat or other PDF reader) of why this DRM malware is irrelevant, which confirms the findings of Eric Flint, a Baen Books author.

To: nobuyuki.idei@jp.sony.com
Subject: Your Digital Pearl Harbor

Dear Chairman Idei:

I regret I shall not purchase any more Sony merchandise of any kind, including from any subsidiary, until the practice of installing rootkit software by your company's products ends. The security and integrity of my computing equipment, and the data I entrust it to, is worth far more to me than your products.

I regret having to say this, for I have been a lifelong Sony customer and consistant advocate of the quality of your merchandise. However, beginning Monday, I shall search for a replacement for every piece of Sony equipment, as well as advising every other professional I know to consider doing the same.

Sincerely yours,