Tag: hardware
No need to bypass security with a boot disk – 17 year old Windows exploit found
by Derek on Feb.18, 2010, under Security
The problem has been discovered in the Virtual DOS Machine (VDM) introduced in 1993 to support 16-bit applications (real mode applications for 8086). VDM is based on the Virtual 8086 Mode (VM86) in 80386 processors and, among other things, intercepts hardware routines such as BIOS calls. Google security team member Tavis Ormandy has found several vulnerabilities in this implementation that allow an unprivileged 16-bit program to manipulate the kernel stack of each process via a number of tricks. This potentially enables attackers to execute code at system privilege level.
In addition to the unpatched hole in Internet Explorer, a now published hole in Windows allows users with restricted access to escalate their privileges to system level – and this is believed to be possible on all 32-bit versions of Windows from Windows NT 3.1 up to, and including Windows 7. While the vulnerability is likely to affect home users in only a minor way, the administrators of corporate networks will probably have their hands full this week.
The problem is caused by flaws in the Virtual DOS Machine (VDM) introduced in 1993 to support 16-bit applications (real mode applications for 8086). VDM is based on the Virtual 8086 Mode (VM86) in 80386 processors and, among other things, intercepts hardware routines such as BIOS calls. Google security team member Tavis Ormandy has found several vulnerabilities in this implementation that allow an unprivileged 16-bit program to manipulate the kernel stack of each process via a number of tricks. This potentially enables attackers to execute code at system privilege level.
Ormandy has also published a suitable exploit which functions under Windows XP, Windows Server 2003 and 2008, Windows Vista and Windows 7. When tested by the The H’s associates at heise Security, the exploit opened a command prompt in the system context, which has the highest privilege level, under Windows XP and Windows 7. No patch has become available, although Ormandy reports that Microsoft was already informed of the hole in mid 2009. The developer decided to publish the information regardless because, in his opinion, there is a simple workaround: to disable the MS-DOS subsystem.
The workaround requires users to start the group policy editor and enable the “Prevent access to 16-bit applications” option in the Computer Configuration\Administrative Templates\Windows Components\Application Compatibility section. When tested with these settings by the heise Security team, the exploit no longer functioned. The settings reportedly don’t cause any major compatibility problems for most users while no 16-bit applications are being used.
Update – The above option is only available through the group policy editor on Windows 2003 systems. Some versions of Windows do not include a group policy editor. As an alternative, users can also create a registry key under \HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat with a D-Word value of VDMDissallowed = 1. Under Windows XP, to prevent the system from being vulnerable to the exploit, users can place the following text:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat]
“VDMDisallowed”=dword:00000001
into a file called vdmdisallow.reg and double click the file. Windows will then automatically import the key (admin rights are required to perform this action).
Update 2 - Microsoft has now confirmed the privilege escalation hole in Windows. The company says that it wants to complete its investigation of the vulnerability and will then decide whether, how and when to close it.
See Also:
- Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack, security advisory from Travis Ormandy.
REDMOND — When it rains, it pours. Especially in the Seattle area. Tavis Ormandy has published full details on a privilege escalation hack of all versions of Windows including Windows 7.
The exploit takes advantage of a bug in the Windows implementation of the ‘virtual DOS machine’ used to run legacy 16-bit programs. The exploit can be avoided by turning the VDM ‘feature’ off but the danger of course is that enough Windows lusers won’t know about the bug and/or bother turning the ‘feature’ off.
16-bit applications need BIOS support; the Windows kernel supports virtual BIOS interrupts in its ‘Virtual-8086′ mode monitor code. The code is implemented in two stages. The #GP trap handler transitions to the second stage when CS:EIP faults with specific ‘magic’ values.
The transition requires (subsequent to authentication) restoring the context and the call stack from the faulting trap frame. But the authentication process is flawed, relying as it does on three incorrect assumptions.
- Setting up a VDM context requires SeTcbPrivilege.The barrier to getting a VDM context can be subverted by requesting the NT VDM subsystem and then using CreateRemoteThread() to run code in the context of the VDM subsystem. The VDM subsystem already has the necessary flag set.
- Ring 3 (unprivileged) code cannot install arbitrary code segment selectors.Using the two least significant bits of CS/SS to calculate the privilege of a task doesn’t work when it comes to Virtual-8086 mode. The 20-bit addressing (by adding CS << 4 to the 16-bit IP) is also used to map onto the protected linear Virtual-8086 address space. If CS can be set to an arbitrary value, then the privilege calculation can be circumvented.
- Ring 3 (unprivileged) code cannot forge a trap frame.Returns to user mode are through IRET. An invalid context can cause IRET to fail pre-commit, which in turn forges a trap frame. And even with address randomisation it’s trivial to use NtQuerySystemInformation() to obtain the address of the second stage BIOS handler.
Affected Systems
This bug dates back 17 years and affects all systems released since 27 July 1993 – Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. See the links below for further details.
See Also
MITRE: CVE-2010-0232
Windows plagued by 17-year-old privilege escalation bug
NEOPHASIS: Trap Handler Allows Users to Switch Kernel Stack
Ham Radio Links
by Derek on Nov.29, 2009, under Amateur Radio
Amateur Packet Radio Australian
Aussiewide Packet Radio Network http://www.ampr.org.au/
AAPRA http://members.optusnet.com.au/aapra
Australian Amateur Packet radio directory http://www.wia.org.au/links/Packet Radio Directory 050703.PDF
Data Group Sub Committee WICEN Vic http://datagrp.vic.wicen.org.au/
Queensland APRS Users Group http://www.tech-software.net/
VK2KFJ’s Packet Radio Links page http://www.qsl.net/vk2kfj/pacradio.html
VK3JED http://quest.apana.org.au/~tl/vk3jed/
VK4TTT XROUTER http://xrouter.ampr.org.au/
VK4ZU http://www.users.on.net/~trevorb/
VK5 AX25 Packet Network Map (VK5AH) http://homepages.picknowl.com.au/wavetel/vk5pack.htm
10GHz data Link http://www.cck.net.au/areg/inside/projects/10ghz/10ghz.htm
International
About Digital Ham Radio http://home.teleport.com/~nb6z/about.htm
Amateur Packet Radio Gateways http://www.ampr-gates.net/frame_e.htm
Amateur Packet Radio, net 44, and AMPR.ORG `http://www.ampr.org/
American Febo Enterprises http://www.febo.com/index.html
ARRL HSMM Links http://www.arrl.org/hsmm/links.html
Athenian TCP/IP http://www.athnet.ampr.org/freeserv.htm
BayCom http://www.baycom.org/
BBS Hierarchical Addressing Protocol http://www.tapr.org/tapr/html/Fbbssig.html
Colin’s packet info http://website.lineone.net/~colin_mccord/Radio/packet_radio.htm
CHIFLEY A R CLUB http://hamgate.rpi.net.au/netstat.html
CHIFLEY A R CLUB http://hamgate.rpi.net.au/chifley/packet.html
CX2SA http://cx2sa.net/
digitalhamradio http://www.digitalham.net/
DRSTM (Data Radio Standard Test Methods) http://www.rocler.qc.ca/burt/drstm.html
Flexnet http://dl0td.afthd.tu-darmstadt.de/~flexnet/
FUNET http://www.funet.fi/pub/ham/packet/
FUNET ftp://ftp.funet.fi/pub/ham/packet/
F4DAY http://perso.wanadoo.fr/jf.fourcadier/index_e.htm
F6FBB http://www.f6fbb.org/
GB7DIP TNOS/PBBS http://www.qsl.net/gb7dip/access.html
GB7IMK http://www.gb7imk.co.uk/
G4JKQ http://www.btinternet.com/~g4jkq/
G4JKQ TCP/IP Telnet listing http://www.qsl.net/g4jkq/tcp.htm
G7JJF TNC Driver Support (WINTNC) http://www.g7jjf.demon.co.uk/
High speed (2 Mbit/s) data signaling project http://perso.wanadoo.fr/jf.fourcadier/haut_debit/projet/projet_e.htm
High speed packet http://hydra.carleton.ca/articles/hispeed.html
High Speed Packet radio http://www.lmrgroup.com/ke3ht/hspr.html
High-speed Packet Radio http://cacofonix.nt.tuwien.ac.at/~oe1kib/Radio/
KE5FX http://www.qsl.net/ke5fx/
K4ABT (home page) http://www.packetradio.com/
K4ABT (packet radio primer) http://www.packetradio.com/primer.htm
Linux® / Amateur Radio Information http://delbert.matlock.com/linux-radio.htm
Linux projects http://cacofonix.nt.tuwien.ac.at/~oe1kib/Linux/
Linux AX25-HOWTO http://tldp.org/HOWTO/AX25-HOWTO/
MPRG http://www.mprg.ampr.org/index.html
NNA http://www.btinternet.com/~nna/
Netterm http://www.cs.unca.edu/~edmiston/handouts/netterm.html
PA3CGO http://www.qsl.net/pa3gco/
Packet Cluster information http://cpcug.org/user/wfeidt/Misc/pctut.html
Packet Info and Downloads http://www.packetradio.com/
Packet Links http://www.stack.serpukhov.su/~victor/hamradio/packet/packet.html
Packet Net (VK5 packet map) http://www.packetnet.org/
Packet Net (FBB software) http://www.packetnet.org/fbb.htm
PAcket Digital Amateur Network (PADAN) http://www.weaksignals.com/
PZT Software by G8PZT (Xrouter, PZT BBS) http://www.g8pzt.pwp.blueyonder.co.uk/software/software.htm
Radio-TNC Wiring Diagrams http://users3.ev1.net/~medcalf/ztx/wire/
RST http://www.qsl.net/on1blu/
Russian Packet http://www.stack.serpukhov.su/~victor/hamradio/packet/packet.html
Slovenian ATV/Packet http://lea.hamradio.si/~s51kq/
Sound Card Packet http://www.qsl.net/soundcardpacket/index.html
TAPR http://www.tapr.org/
TCP/IP Telnet listing http://www.btinternet.com/~g4jkq/tcp.htm
TNC-X http://www.tnc-x.com/
TPK http://www.f6fbb.org/f1ebn/index.htm
TNOS Central http://www.lantz.com/tnos/
TVIPUG http://www.tvipug.org
United Kingdom Internet Protocol http://www.gb7imk.co.uk/ukip/
VHF/UHF/Microwave Radio Propagation: A Primer for Digital Experimenter http://www.tapr.org/tapr/html/ve3jf.dcc97/ve3jf.dcc97.html
WA4DSY 56k RF Modem http://www.wa4dsy.net/
Yet Another 9k6 Modem http://www.microlet.com/yam/
1.2 GHz TRX http://www.ccr.jussieu.fr/physio/f6bvp/txenglish.html
9600 BAUD – A SHOPPERS GUIDE: http://www.g1gyc.demon.co.uk/martin/9600.htm
Sound Card Packet
ILINKBOARDS.com http://www.ilinkboards.com/
Sound Card Buddy http://www.sparetimegizmos.com/Hardware/SoundBuddy.htm
Soundcard Interfacing http://www.qsl.net/wm2u/interface.html
Sound Card Packet AGWPE (KC2RLM) http://www.patmedia.net/ralphmilnes/soundcardpacket/SV2AGW http://www.elcom.gr/sv2agw/ Sound Card Interface with Tone Keyer (WA8LMF) http://members.aol.com/wa8lmf/ham/tonekeyer.htm
Winlink
Winlink! 2000 http://winlink.org/
Aussie Winlink http://www.aussiewinlink.org
Pactor Communications Australia http://www.pca.cc/
Winpack
Winpack home page http://www.peaksys.co.uk/
Winpack info http://www.g4fip.cwc.net/winpack.htm
Winpack info http://www2.tpg.com.au/users/peteglo/winpack.htm
Winpack info http://www.btinternet.com/~gb7omn/winpack.htm
TNC information
General
Data Group Sub Committee WICEN Vic http://datagrp.vic.wicen.org.au/
Setting Your TNC’s Audio Drive Level http://www.febo.com/packet/layer-one/transmit.html
TNC and Radio mods http://www.johnmather.free-online.co.uk/tnc.htm
TNC 2 – MFJ 1270 – Tone Calibration Procedure http://datagrp.vic.wicen.org.au/mfjtones.htm
TNC Mods by Warren Stirling VK3XSW http://203.36.211.21/xswmods/
MFJ
Alignment of MFJ-1270B http://www.packetradio.com/1270algn.htm
MFJ-1270 Tone Calibration http://gyld.online.se/mods/misc/MFJ1270
MFJ-1270B mods http://www.mods.dk/mods.php3?radio=tnc&model=mfj-1270&selectid=1073#1073
MFJ 1270B Modifications http://203.36.211.21/xswmods/mfj1270b.htm
MFJ-1270B Electromagnetic Interference http://datagrp.vic.wicen.org.au/mfj_emi.htm
MFJ-1278B Care and maintenance http://www.qsl.net/ke4mob/
AEA
PK-88 Mods http://www.mods.dk/mods.php3?model=pk-88&radio=tnc
PK-88 birdie fix http://732.com/ham/mods/aea/pk88fix.htm
AEA radio and TNC mods http://www.k7on.com/mods/aea/mods/aeamod.txt
Other suppliers
BYONICS http://byonics.com/
Fox Delta http://www.foxdelta.com/
Hal Communications http://www.halcomm.com/AmateurProducts.htm
Kantronics http://www.kantronics.com/
PacComm http://www.paccomm.com/
PKTerm for Windows http://www.cssincorp.com/pkterm/
Small Wonder Labs http://www.smallwonderlabs.com/
The DXZone Digital and Packet Radio http://www.dxzone.com/catalog/Manufacturers/Digital_and_Packet_Radio/
Tigertronics http://www.tigertronics.com/
Timewave http://www.timewave.com/amprods.html
TNC-X – The Expandable TNC http://www.tnc-x.com/
YAM Modem http://www.nordlink.org/yam/
Gateways
Amateur Packet Radio Gateways http://www.ampr-gates.net
G4JKQ http://www.g4jkq.co.uk/
Packet gateways http://www.packetnet.org/packet_gateways.htm
Radio Gateway Project http://www.cisi.unito.it/radiogw/index.html
The Gateways Home Page http://www.ampr-gateways.org/
High-Speed Digital Networks and Multimedia (Amateur)
N5OOM’s HSMM Projects http://www.n5oom.org/hsmm/
ARRL High-Speed Digital Networks and Multimedia http://www.arrl.org/hsmm/
North Texas High Speed MultiMedia group http://groups.yahoo.com/group/ntms-hsmm/
San Antonio 802.11 http://home.satx.rr.com/wdubose/
Also take a look at the wireless LAN pages
APRS
Aus APRS http://www.radio-active.net.au/vk2_aprs.html
APRS http://www.radio-active.net.au/web/gpsaprs/aprsrept.html
APRS http://web.usna.navy.mil/~bruninga/aprs.html
APRS http://www.cave.org/aprs/
APRS http://www.ew.usna.edu/~bruninga/aprs.html
APRS in Adelaide http://vk5.aprs.net.au/
APRS+SA Home Page http://www.tapr.org/~kh2z/aprsplus/
APRS maps & stuff http://www.users.cloud9.net/~alan/ham/aprs/
APRS Maps for G4IDEs UI-VIEW http://www.gb7iph.demon.co.uk/APRS_Maps___Links/aprs_maps___links.html
AVR-Microcontroller http://www.qsl.net/dk5jg/aprs_karten/index.html
APRS in the UK http://www.aprsuk.net/
aprsworld http://www.aprsworld.net
APRS.DE http://www.aprs.de/
APRS-Berlin http://www.aprs-berlin.de/
APRS-Frankfurt http://www.aprs-frankfurt.de/
BYONICS (Electronics Projects for Amateur Radio) http://www.byonics.com/
CanAPRS http://www.canaprs.net/
Dansk APRS Gruppe http://www.aprs.dk/
findU.com http://www.findu.com/
France APRS http://www.franceaprs.net/
Kansas City APRS Working Group http://www.kcaprs.org/
KD4RDB http://wes.johnston.net/aprs/
Le Club ARPS France http://aprs.free.fr/
Live Australian APRS data maps http://www.aprs.net.au/japrs_live.html
N2YGK http://www.users.cloud9.net/~alan/ham/aprs/Ohio APRS NET http://www.ohioaprs.net/
Queensland APRS Users Group http://www.tech-software.net/
Tri-State APRS Working Group http://www.tawg.org/
Other Digital Modes
General HF-FAX http://www.hffax.de/index.html The Digital Ham Radio Revolution! http://home.teleport.com/~nb6z/about.htm NB6Z http://home.teleport.com/~nb6z/ ZL1BPU http://www.qsl.net/zl1bpu/
Morse Code
CW FACTS AND OPERATING TIPS http://www.magiclink.com/web/shurst/Page2.html
CW Operators’ QRP Club Inc. http://www.users.on.net/~zietz/qrp/club.htm
Fists Down Under http://fistsdownunder.morsekeys.com
FISTS DOWNUNDER http://www.fistsdownunder.org
LEARN MORSE CODE in one minute ! http://www.learnmorsecode.com/
MRX morse code http://www.mrx.com.au/
NZART CW program http://www.nzart.org.nz/nzart/Exam/morse.html
Not Morse Code, Slow Scan , Packet or APRS
HamDream by HB9TLK (digital radio) http://www.qslnet.de/member/hb9tlk/
JE3HHT, Makoto (Mako) Mori http://www.qsl.net/mmhamsoft/
PSK31 and other PC Magic http://www.psk31.com/
SIMPLE32 http://www.simple32.com/
WSJT ACTIVITY IN AU (follow link) http://www.tased.edu.au/tasonline/vk7wia/
Amateur Digital Radio
AR Digital Voice Communications http://www.hamradio-dv.org/
ARRL digital voice http://www.arrl.org/tis/info/digivoice.html
ARRL Digital Voice the next new mode? http://www.arrl.org/tis/info/pdf/0201028.pdf
Australian National D-Star http://www.dstar.org.au/
G4GUO (HF digital modems) http://www.chbrain.dircon.co.uk/index.html
Ham Radio digital info http://www.hamradio.com/pdf/dstar.pdf
ICOM America digital http://www.icomamerica.com/amateur/dstar/
TAPR digital http://www.tapr.org/tapr/dv/
Temple University Digital Voice Project http://www.temple.edu/k3tu/digital_voice.htm
Temple University Vocoder Redux http://www.temple.edu/k3tu/VocoderRedux.pdf
WinDRM – HF Digital Radio Mondiale http://n1su.com/windrm/
W2BRI’s Digital Voice Site http://www.standpipe.com/w2bri/fastmodem/fastmodem.htm
D-Star
Australian D-Star information http://www.dstar.org.au/
D-Star users http://www.d-starusers.org/
D-Star wikipedia http://en.wikipedia.org/wiki/D-STAR
ICOM America D-Star Forums http://www.icomamerica.com/en/support/forums/tt.asp?forumid=2
K5TIT http://www.k5tit.org/
Software Defined Radio
FlexRadio Systems Software Defined Radios http://www.flex-radio.com/
Rocky software for SoftRock-40 hardware http://www.dxatlas.com/rocky/
SDRadio – a Software Defined Radio http://digilander.libero.it/i2phd/sdradio/
SoftRock-40 Software Defined Radio http://www.amqrp.org/kits/softrock40/index.html
The Weaksignals pages og Alberto I2PHD (software) http://www.weaksignals.com/
Winrad software defined radio http://www.winrad.org/winrad/index.html
Digital Radio
BBC digital Radio http://www.bbc.co.uk/digitalradio/
DABdigital http://www.ukdigitalradio.com/home/default.asp
Digital Audio Broadcasting http://www.digitalradio.ca/
Digital Radio Broadcasting http://happy.emu.id.au/lab/info/digradio/index.html
Digital Radio is the sound of the future http://www.radio.cbc.ca/radio/digital-radio/drri.html
Digital Radio http://www.magi.com/~moted/dr/
Digital radio mondiale http://www.drm.org/indexdeuz.htm
DRDB http://www.drdb.org/
DRM – Digitaler Rundfunk unter 30 MHz http://www.b-kainka.de/drm.htm#dritte
SimplyRadios.com http://www.simplyradios.com/dab/dabhome.htm
Amateur Radio Direction Finding
Amateur Radio Direction Finding – ARDF http://www.nzart.org.nz/nzart/ar_info/ardf.html
Amateur Radio Direction Finding and Orienteering http://vkradio.com/ardf.html
Amateur Radio Direction Finding Webring http://www.qsl.net/vk3zpf/webring1.htm
Homing In http://members.aol.com/homingin/
RON GRAHAM ELECTRONICS (ARDF and more) http://users.mackay.net.au/~ron/
Victorian ARDF Group Inc. http://www.ardf.org.au/
Repeater Linking
There are currently There are 5 internet linking projects that I know of :-
IRLP, iPHONE, iLINK, eCHOLINK and WIN SYSTEM (May 2005)
EchoLink http://www.echolink.org/
Hamlink (K1RFD) http://www.hamlink.net/
KWARC (live audio) http://www.kwarc.org/listen/
Internet Linking http://www.qsl.net/g3zhi/index2.html
IRLP http://www.irlp.net/
IRLP status http://status.irlp.net
IRLP VK2RBM http://www.bmarc.oz-hams.org/irlp.html
IRLP VK4MTV http://www.throbware.com.au/irlp/
WIN SYSTEM http://www.winsystem.org/
Wires http://www.vxstd.com/en/wiresinfo-en/
iLINK
G4CDY-L Internet Gateway http://www.g4cdy.co.uk/
G7WFM Repeater Linking http://www.g7wfm.co.uk/
iLink http://www.aacnet.net./
VA3TO iLINK INTERFACE http://www.ilinkca.com/
VK2JTP iLINK gateway http://www.qsl.net/vk2jtp/
WB2REM & G4CDY’S iLINK boards http://www.ilinkboards.com/
WB4FAY http://www.wb4fay.com/ilink_FAQ.html
INTERFACES
ILINKBOARDS.com http://www.ilinkboards.com/
laser diodes
A Lightwave Communication http://www.n1bug.net/tech/laser/alc_wa6ejo.html
A R Laser Communications http://www.qsl.net/wb9ajz/laser/laser.htm
Australian Optical DX Group http://groups.yahoo.com/group/Optical_DX/
Driver Enhancements http://www.misty.com/people/don/laserdps.htm#dpsdepm
European Laser Communications http://www.emn.org.uk/laser.htm
Laser Communications http://www.arrl.org/tis/info/laser.html
Laser Communications http://www.gbonline.com/~multiplx/wireless/laser/
Mike’s Electric Stuff http://www.netcomuk.co.uk/~wwl/electric.html
Ronja http://atrey.karlin.mff.cuni.cz/~clock/twibright/ronja/
Amateur Radio Licence
Amateur Regulations Examination Guide http://www.wiavic.org.au/edu/regs.html
Australian info http://www.wia.org.au/info/gettingstarted.html
radiofun http://www.alphalink.com.au/~parkerp/gateway.htm
Radio and electronics School http://www.radioelectronicschool.com/about_course.html
Worldwide Information on Licensing for Radio Amateurs by OH2MCN http://www.qsl.net/oh2mcn/license.htm
Amateur Radio Clubs and Organisations
Australian
Adelaide Hills Amateur Radio Society http://www.qsl.net/vk5bar/
Amateur Radio Victoria http://www.amateurradio.com.au/
APC news http://vk3apc.mdrc.org.au/apcnews/
Barossa Amateur Radio Club VK5BRC http://www.qsl.net/vk5brc/
Bayside and District A R Society http://www.freewebs.com/vk4bar/
Brisbane Amateur Radio Club http://www.qsl.net/vk4ba/index.html
Central Coast Amateur Radio Club http://www.ccarc.org.au/
Central Goldfields A R Club http://www.cgfar.com/
CHIFLEY A R CLUB http://chifley.radiocorner.net/
Coffs Harbour & District Amateur Radio Club http://www.qsl.net/vk2ep/index.html
CW Operators’ QRP Club Inc. http://www.users.on.net/~zietz/qrp/club.htm
Darling Downs Radio Club http://www.qslnet.de/member/ddrc/
Eastern and Mountain District Radio Club http://www.emdrc.com.au
Gippsland Gate Radio and Electronics Club http://home.vicnet.net.au/~ggrec/
Gold Coast AR Society http://www.gcars.com.au/
Healesville Amateur Radio Group http://www.harg.org.au/
Historical Wireless Society of South East Queensland http://www.hws.org.au/
Ipswich Metro Radio Group http://imrg.ips-mesh.net/
Ipswich Radio Club http://www.vkradio.org.au/
Lockyer Valley Radio and Electronic Club Inc http://www.qsl.net/vk4wil/
Locan West http://www.loganwest.cableable.com
Manly-Warringah Radio Society http://www.qsl.net/vk2mb/
Mid North Coast Amateur Radio Group http://www.mncarg.org
NWTARIG http://vk7ax.tassie.net.au/nwtarig/
QRP Amateur Radio Club International http://www.qrparci.org/
Queensland APRS Users Group http://www.tech-software.net/
RADAR Club Inc http://radarclub.tripod.com
Radio Amateurs Old Timers Club Australia Inc http://www.raotc.org.au/
Radio Sport http://www.uq.net.au/radiosport/
Radio and Electronics Association of Southern Tasmania http://reast.asn.au/
Redcliffe & Districts Radio Club Inc. http://vk4rc.we.net.au/
Riverland Amateur Radio Club http://www.rrc.org.au/
South Australian Packet User Group Inc. (SAPUG) http://www.sapug.ampr.org/
SERG http://serg.mountgambier.org
South Coast AMATEUR RADIO Club http://www.scarc.org.au/
SOUTHSIDE AMATEUR RADIO SOCIETY http://www.qsl.net/vk4wss/
Summerland Amateur Radio Club Inc http://www.nor.com.au/community/sarc/
Sunshine Coast Amateur Radio Club http://vk4wis.org/Tablelands Radio and Electronics http://www.trec.aussiewide.com Townsville Amateur Radio Club http://vk4zz.no-ip.org/tarc/
Twin Cities Radio & Electronics Club http://members.iinet.net.au/~sargeant644/tcrec/index.html
VK Young Amateur Radio Operator’s Net http://www.geocities.com/vk_ya/
VK3APC http://www.mdrc.org.au/
VK3BEZ (WIA Eastern Zone Amateur Radio Club) http://www.qsl.net/vk3bez/
VK4WIL http://www.qsl.net/vk4wil/
West Australia Repeater Group http://www.warg.org.au
WESTLAKES AR Club http://www.westlakesarc.org.au/
WIA VK4 Qld http://www.wiaq.com/
WIA VK4 QNEWS NEWSROOM http://www.wiaq.com/qnews/upload/qnews.htm
WIA VK3 http://www.wiavic.org.au
WIA http://www.wia.org.au/ WICEN Australia http://www.wicen.org.au/ WIA WICEN Queensland page http://www.wiaq.com/wiaq/wicen.htm
New Zealand
NZART http://www.nzart.org.nz/nzart/
NZART Branches http://www.nzart.org.nz/nzart/Branches/
Papakura Radio Club http://www.qsl.net/zl1vk/
Tauranga AR Club http://home.clear.net.nz/pages/chrisle/index.htm
Wanganui Amateur Radio Society Inc. http://www.zl2ja.org.nz/
Wellington VHF Group http://www.vhf.org.nz/
International
American QRP Club http://www.amqrp.org/index.html
ARAC Online http://homepage.ntlworld.com/mikeadams/index.htm
ARRL http://www.arrl.org/
Clear Lake Amateur Radio Club http://www.clarc.org/
FRARS http://www.frars.org.uk/
HKAR http://www.hkra.org/
HRDXA http://www.qsl.net/vr2dxa/
ISSARO http://www.issaro.net
KIDSHAMRADIO http://www.kidshamradio.com/
K2MFF Amateur Radio club http://www-ec.njit.edu/~k2mff/
K9IU Indiana University AR Club http://www.indiana.edu/~k9iu/
North TeXas Repeater Association http://www.ntxra.com/main_page.htm
N0WGE http://www.sckans.edu/~sireland/radio/
Peterlee Radio Club G0KVJ http://www.g0fbw.demon.co.uk/
The Repeater Builders Technical Information Page http://www.repeater-builder.com/rbtip/index.html#main-index
Richardson Wireless Klub http://www.k5rwk.org/
RADARS http://www.mbc.co.uk/RADARS/
RSGB http://www.rsgb.org/
Submarine Veterans Amateur Radio http://w0oog.50megs.com/
Southgate AR club http://www.southgatearc.org/index.htm
TEARA http://www.teara.org/
The 500 KC Experimental Group for Amateur Radio http://www.500kc.com/
Tucson Amateur Packet Radio http://www.tapr.org/
Winona Amateur Radio Club http://www.jarviscomputer.com/warc/
W6DEK 435 Los Angeles http://www.w6dek.com/
Amateur Radio
Australian
Amateur Radio Australia http://www.amateurradio.org.au/index4alt.htm
Amateur and other Links http://members.ozemail.com.au/~vk2wi/links.html
Australian AR Repeater Map http://vkham.com/australimaps.html
AMATEUR RADIO WIKI http://www.amateur-radio-wiki.net
HAM FAQ http://members.ozemail.com.au/~andrewd/hamradio/hamfaq.html
HAM SHACK COMPUTERS http://www4.tpgi.com.au/users/vk6pg/
Ham Radio in Australia with VK1DA http://members.ozemail.com.au/~andrewd/hamradio/
HF Radio Antenna Tuners http://www.users.bigpond.net.au/eagle33/elect/ant_tuner.htm
Queensland AR Repeater listings http://vkham.com/Repeater/vk4map.html
Radioactive Networks: Ham http://www.radio-active.net.au/web/ham/
Tony Hunt VK5AH (Home of Adelaides 10m Repeater) http://homepages.picknowl.com.au/wavetel/default.htm
VK Amateur Radio Page http://www.home.gil.com.au/~bpittman/
VK1DA’s Amateur Radio Web Directory http://members.ozemail.com.au/~andrewd/hamradio/radlink.html
VK1KEP http://www.pcug.org.au/~prellis/amateur/
VK1OD http://www.vk1od.net/
VK2AFL http://www.qsl.net/vk2afl/
VK2BA (AM radio) http://www.macnaughtonart.com/default.htm
VK3PA http://www.vk3pa.com/home.asp
VK3UKF http://members.fortunecity.co.uk/vk3ukf/index.html
VK3XPD http://www.users.bigpond.com/alandevlin/index.html
VK3YE’s Gateway to AR http://www.alphalink.com.au/~parkerp/gateway.htm
VK3ZQB http://members.datafast.net.au/vk3zqb/
VK4CEJ http://www.hfradio.org/vk4cej/hamlinks.html
VK4TEC http://www.tech-software.net/
VK4TUB http://www.vk4tub.org/
VK4ZGB http://members.optusnet.com.au/jamieb/index.html
VK4ZQ http://users.bigpond.net.au/vk4zq/
VK4ZU http://www.users.on.net/~trevorb/
VK5ARD http://www.vk5ard.com/
VK5BR http://users.tpg.com.au/users/ldbutler/
VK5KK http://www.ozemail.com.au/~tecknolt/index.html
VK7AX http://www.vk7ax.tassie.net.au/
VK8JJ http://www.qsl.net/vk8jj/
New Zealand
Micro Controller Projects for Radio Amateurs and Hobbyists http://www.qsl.net/zl1bpu/micro/index.htm
Precision Frequency Transmission and Reception http://www.qsl.net/zl1bpu/micro/Precision/index.htm
ZL2TZE http://zl2tze.ath.cx
ZL3TMB http://www.hamradio.co.nz/
International
AC6V’s AR & DX Reference http://www.ac6v.com/
A DTMF Beacon controller http://ns1.mesh.net/~g4fre/dtmf.htm
Amateur radio with Knoppix http://www.afu-knoppix.de/
Amateur Radio Resources http://hamster.ivey.uwo.ca/~amsoft/amsoft0.htm
Amateur Radio Soundblaster Software Collection http://www.muenster.de/~welp/sb.htm
AM fone.net http://www.amfone.net
AMRAD Low Frequency Web Page http://www.amrad.org/projects/lf/index.html
Colin’s site http://website.lineone.net/~colin_mccord/Radio/index.htm
CX2SA http://cx2sa.net/
DL4YHF http://www.qsl.net/dl4yhf/
Direction finding http://members.aol.com/homingin/
DSP Links http://users.iafrica.com/k/ku/kurient/dsp/links.html
Electric-web.org www.electric-web.org
EI4HQ http://www.4c.ucc.ie/~cjgebruers/index.htm
EI8IC http://www.qsl.net/ei8ic/
EHAM http://www.eham.net/
eQSL (electronic QSL) http://www.eqsl.cc/qslcard/
HamInfoBar http://www.haminfobar.co.uk/
Felix Meyer http://home.datacomm.ch/hb9abx/
ftp list http://ftp.pspt.fi/pub/ham/ftp.ucsd.edu/
FUNET http://www.funet.fi/pub/ham/
F4DAY http://perso.wanadoo.fr/jf.fourcadier/index_e.htm
Gateway to Amateur Radio http://www.alphalink.net.au/~parkerp/gabra.htm
Grid Square Locator http://www.arrl.org/locate/grid.html
G3PTO http://www.qsl.net/g3pto/
G4FGQ’s Software http://www.btinternet.com/~g4fgq.regp/
G4KLX (The [ON/]G4KLX Page) http://www.qslnet.de/member/g4klx/
HAM RADIO EQUIPMENT & ACCESSORIES http://www.area-ham.org/library/equip/equip.htm
Ham-Links http://www.k1dwu.net/ham-links/
HAMUNIVERSE.COM http://www.hamuniverse.com/
Hamview DSP software http://www.qsl.net/k3pgp/Hamview/hamview.htm
Harry’s PDF Library http://hem.passagen.se/sm0vpo/
HA8ET http://www.pollak.sulinet.hu/www/radio.html
Homebrew RF Test Equipment And Software http://www.qsl.net/n9zia/wireless/appendixF.html#10
KA7NOC http://www.magiclink.com/web/shurst/
KB4VOL link site http://pages.prodigy.com/kb4vol/
KE5FX http://www.qsl.net/ke5fx/
KF6VTA & KG4TBJ http://www.geocities.com/silensiosham/index.html
KU4AY ham radio directory http://www.ku4ay.net/
KU5F Ham tools and links http://www.wtrt.net/~ku5s/
KU9Z AR links http://my.ais.net/~n9bkm/page1.htm
K1DWU http://www.k1dwu.net/
K1TTT http://www.k1ttt.net/
K1TTT Technical Reference http://www.k1ttt.net/technote/techref.html
K3PGP http://www.k3pgp.org/
K3TZ Ham Radio Experimentation http://www.qsl.net/k3tz/
K6XC (links) http://home.earthlink.net/~rluttringer/
Lighthouses (International Lighthouse/ Lightship Weekend) http://illw.net
Links2go http://www.links2go.net/more/www.ampr.org/
Links http://imc23.univ.trieste.it/links.html
Mels AMATEUR RADIO LINK’S http://www.users.zetnet.co.uk/melspage/amlinks.htm
Michael Todd Computers & Communications http://www.arcompanion.com/
MoDTS http://www.m0dts.co.uk/
n e o a m a t e u r . o r g http://neoamateur.org/
NW7US (Amateur and Shortwave Radio) http://hfradio.org/
N3EYR’s Radio Links http://www.isrv.com/~joel/radio.html
PD0RKC http://www.qsl.net/pd0rkc/
PI6ATV (ATV, Antenna, software, info) http://members.tripod.lycos.nl/PI6ATV/software.htm
QRP and SWL HomeBuilder http://www.qrp.pops.net/
Radio Links http://www.angelfire.com/ri/theboss1/
Radio Corner (forum) http://www.radiocorner.net
Ray Vaughan http://rayvaughan.com/
Reference http://www.panix.com/~clay/ham/
Simplex radio software http://perso.clubinternet.fr/f1orl/simplexg.htm
S-Meter http://www.smeter.net/
streaming radio programs http://live365.com/home/index.live
The DX Zone http://www.dxzone.com/catalog/Reference/Radio_Spectrum/
The Elmer HAMlet (information) http://www.qth.com/antenna/index.htm
VE1XYL and VE1ALQ http://www.qsl.net/ve1alq/downloads/tetrode-ps/pwrsup.htm
WB6VUB (links) http://www.mpicomputers.com/ham/
WL7LP http://www.geocities.com/TimesSquare/Castle/3782/wl7lp.html
WA6TWJ http://www.jps.net/nwr/wa6twj.htm
W2XO http://www.w2xo.pgh.pa.us/
XE1BEF (DX, mods, links and more) http://www.geocities.com/xe1bef/
Communications Equipment
Australian
Andrews Communication Systems http://www.andrewscom.com.au/
AUSTRALIAN ENTERPRISE INDUSTRIAL http://www.spin.net.au/~aeitower/
BENELEC www.benelec.com.au
Bushcomm www.bushcomm.com.au
connektron www.connektron.com.au
G. & C. COMMUNICATIONS www.gccomm.com.au
Hamak (RM Products Italy) http://www.hamak.com.au/
Hamshack http://www.hamshack.com.au
Jenlex http://home.vicnet.net.au/~jenlex/
KENWOOD Australia http://www.kenwood.com.au/
Kyle Communications http://www.kyle.com.au/
ICOM Australia http://www.icom.net.au
Mini-kits http://www.minikits.com.au/
One Man Towers http://homepages.ihug.com.au/~aeitower/
OZGEAR http://www.ozgear.com.au/
Radio-Data (links) http://www.radio-data.net/
Radio Specialists (equipment connectors and antenna) http://www.radiospecialists.com.au
STRICTLY HAM http://www.strictlyham.com.au/
TET-EMTRON www.tet-emtron.com
Tower communications http://www.tower.visionimage.com.au/
Townsville CB& Communications http://www.vk4tub.org/tcb/tcb.html
TTS Systems http://www.ttssystems.com.au/
VK4-ICE Communications http://www.vk4ice.com
WiNRADiO (PC based receivers) http://www.winradio.com.au
International
MFJ http://www.mfjenterprises.com/index.php
Vertex Standard http://www.vxstd.com/en/index.html
W7FG VINTAGE MANUALS CATALOGUE http://www.w7fg.com/index.html
Z Communications Company (repair of old radio equipment) http://home.comcast.net/~zcomco/
Radio mods, cables, connection info
batlabs (Motorola radio connection, cable info) http://www.batlabs.com/
Philips FM900 information http://members.fortunecity.com/romeo_fox_53/
Hall Electronics http://www.hallelectronics.com/getech/proglink.htm
Radio Mods http://www.mods.dk/
WWW.ham.dmz.ro (mods info and more) http://www.ham.dmz.ro/
W4RP IC-2720H Page http://www.w4rp.com/ic2720/
XE1BEF (DX, mods, links and more) http://www.geocities.com/xe1bef/
Please also look at manufacture’s sites
Lightning Protection
ARRL Lightning Protection http://www.arrl.org/tis/info/lightning.html
www.DaStrike.com (video and links) http://www.dastrike.com/
Grounding and Lightning Protection http://www.packetradio.com/grounds.htm
K9WK Amateur Radio http://www.k9wk.com/litenin.html
Lightning Protection Institute http://www.lightning.org/
Marine Grounding Systems http://www.sailmail.com/grounds.htm
Moonraker boat lightning information http://www.moonraker.com.au/techni/lightning-marine.htm
NLSI http://www.lightningsafety.com/nlsi_lhm/effect.html
PolyPhaser http://www.polyphaser.com/
RFI Lightning protection http://www.rfindustries.com.au/rfiproducts/lightning/lightning.htm
WIND&SUN http://www.windsun.com/Lightning_Protection.htm
Amateur Spread Spectrum
Spread Spectrum Scene http://www.sss-mag.com/map.html
Spread spectrum http://www.amrad.org/projects/ss/
Spread Spectrum (TAPR) http://www.tapr.org/ss/
SS Info http://www.ictp.trieste.it/~radionet/1997_workshop/wireless/notes/index.htm
Call-sign finders
The DX Notebook http://www.dxer.org/callbook.html
QSL.NET http://www.qsl.net/
LIPD Information
AREG http://www.cck.net.au/areg/radio/lipd/lipd.html
VK3YNG http://users.bigpond.net.au/vk3yng/lipd/
Barry’s LIPD information http://members.optusnet.com.au/~barryog/freqs/mlipd.html
ACA class licensing http://www.austel.gov.au/publications/info/lipd.htm
Equipment suppliers and manufacturers
Easy-radio (your DNS server may have problems finding this site) http://www.easy-radio.co.uk/
Kits and Components
Australian and selected international suppliers
ACRES ELECTRONICS http://www.acreselectronics.co.nz/product.htm
Allthings http://www.allthings.com.au/
Altronics http://www.altronics.com.au/
Antique Electronic Supply http://www.tubesandmore.com/
Antenna Systems and Supplies Inc. (sm) http://www.antennasystems.com/
Av-COMM http://www.avcomm.com.au/
BYONICS http://www.byonics.com/
Chassis Kits & Custom Enclosures http://home.flash.net/~k3iwk/
Clarke & Severn Electronics http://www.clarke.com.au
Cliff Electronics (Aus) Pty. Ltd http://www.cliff.com.au/
Computronics http://www.computronics.com.au/tools/
David Hall Electronics http://www.dhe.com.au
Dick Smith Electronics http://www.dse.com.au/cgi-bin/dse.storefront
Digi-Key http://www.digikey.com/
Dominion Electronics http://www.dominion.net.au/
DOWN EAST MICROWAVE www.downeastmicrowave.com
Electronics http://www.michelletroutman.com/index.htm
Elliott Sound Products http://sound.westhost.com/index2.html
Farnell http://www.farnell.com/
Fox Delta http://www.foxdelta.com/
G1MFG.com (ATV and more) http://www.g1mfg.com/index.html
Hammond Mfg http://www.hammondmfg.com/
Hy-Q International http://www.hy-q.com.au
IRH Components http://www.irh.com.au/index.htm
Jackson Brothers http://www.jacksonbrothers.com.au
Jaycar http://www.jaycar.com.au/
Kuhne electronic GmbH http://www.kuhne-electronic.de/english/frameset.htm
Microwave Dynamics http://www.microwave-dynamics.com/
MicroZed Computers http://www.microzed.com.au/
Mini-Circuits http://www.minicircuits.com/
Mini-kits http://www.minikits.com.au/
Mouser Electronics http://www.mouser.com/
NEWTEK ELECTRONICS http://www.newtek.com.au/
Oatley electronics http://www.oatleyelectronics.com/
Ocean State Electronics http://www.oselectronics.com/
Ozitronics http://www.ozitronics.com/
pacific DATACOM http://www.pacificdatacom.com.au
Phil Rice’s Home Page (frequency meter and other projects) http://ironbark.bendigo.latrobe.edu.au/~rice/
Picaxe http://www.Picaxe.com.au
Prime Electronics http://www.prime-electronics.com.au/
Radio Parts http://www.radioparts.com.au/
Raedale Pty Ltd http://www.raedale.com.au/products.htm
R.C.S. Radio (circuit boards) http://www.rcsradio.com.au/
RF Modules Australia (ZigBee) http:\\www.rfmodules.com.au
RFShop (Brisbane) http://www.rfshop.com.au/
Rockby Electronics and Computers http://www.rockby.com.au/
Rojone (antenna, cables and connectors) http://www.rojone.com.au/index.html
RS Components http://www.rsaustralia.com/
Semtronics http://www.semtronics.com.au/
Sicom http://www.sircom.co.nz
Silvertone Electronics http://www.silvertone.com.au/
South Island Component Centre (New Zealand) http://www.sicom.co.nz/
Surplus Sales of Nebraska http://www.surplussales.com/
Surplustronics (New Zealand) http://www.surplustronics.co.nz/
Tandy (Australia) http://www.tandy.com.au/
Teckics http://www.techniks.com/
TTS Systems http://www.ttssystems.com.au/
VK2XGL (Microwave and RF Modules) http://www.users.bigpond.com/graham.lewis/Module Man.htm
VK3TFH Designs http://www.users.bigpond.com/vk3tfh/
WB9ANQ’s Surplus Store http://www.qsl.net/wb9anq/
Wiltronics http://www.wiltronics.com.au/
Worldwide Electronic Components http:/www.iinet.net.au/~worcom
13cm.co.uk http://www.13cm.co.uk/
PCB layout and schematic programs baas electronics LAYo1 PCB http://www.baas.nl/layo1pcb/uk/index.html circuitsonline http://www.circuitsonline.net/ Easytrax http://www.cia.com.au/rcsradio/
Electronics WORKBENCH http://www.ewbeurope.com/Franklin Industries http://www.franklin-industries.com/Eagle/starteagle.html McCAD http://www.mccad.com/ OrCAD http://www.orcad.com/downloads.aspx TARGET 3001! http://www.ibfriedrich.com/english/engl_vordownload.htm Tech5 http://www.tech5.nl/eda/pcblayout TinyCAD http://tinycad.sourceforge.net/ VEGO ABACOM http://www.vego.nl/abacom/download/download.htm
Amateur Satellites and space
AMSAT http://www.amsat.org/
AMSAT Australia http://www.physics.usyd.edu.au/~ptitze/amsatvk/index2.html
AMSAT-DL http://www.amsat-dl.org/
AMSAT-ZL (kiwisat) http://www.amsat-zl.org.nz/
Australian Space Research Institute http://www.asri.org.au/ASRI/index.xml
bluesat project http://www.bluesat.unsw.edu.au/
CSXT Civilian Space eXploration Team http://www.civilianspace.com/
electric-web.org http://www.electric-web.org
Heavens-above http://www.heavens-above.com/
International Space Station (ARISS) http://ariss.gsfc.nasa.gov/
JAESAT http://www.asri.org.au/ASRI/research/satellite/JAESAT/index.xml
liftoff http://liftoff.msfc.nasa.gov:80/RealTime/JTrack/Spacecraft.html
ISS fan club http://www.issfanclub.com
PCsat http://web.usna.navy.mil/~bruninga/pcsat.html
PCSAT2 Operations http://www.ew.usna.edu/~bruninga/pec/pc2ops.html
Sarex http://sarex.gsfc.nasa.gov/
SATSCAPE (free satellite tracking program) http://www.satscape.co.uk/
Satellite tracking software http://perso.club-internet.fr/f1orl/index.html
Satsignal http://www.satsignal.net/
Space.com http://www.space.com/
UHF-Satcom.com http://www.uhf-satcom.com
Viktor Kudielka http://cacofonix.nt.tuwien.ac.at/~oe1vkw/
Propagation
IPS Radio and Space Services http://www.ips.gov.au/
IPS prediction services http://www.ips.gov.au/asfc/current/predsvs.html
ITS http://www.its.bldrdoc.gov/
Near-Real-Time MUF Map http://www.spacew.com/www/realtime.php
Radio Mobile (path prediction) http://www.cplus.org/rmw/english1.html
Tropospheric Ducting Forecast http://iprimus.ca/~hepburnw/tropo_aus.html
VK2KRR sporadic E study http://www.users.bigpond.com/vk2krr/sporadic_e_study.htm
VK4ZU (Propagation) http://www.users.on.net/~trevorb/
W1AW propagation bulletins http://www.arrl.org/w1aw/prop/
Satellite TV
AV-COMM http://www.avcomm.com.au/
Dalsat http://www.dalsat.com.au/
John’s Electronics http://www.johnselectronics.com.au/index.html
KANSAT http://www.kansat.com.au/
KRISTAL electronics http://www.kristal.com.au/index.html
Lyngsat http://lyngsat.com/
Nationwide Antenna Systems http://www.uq.net.au/~zznation/index.html
Satcomm20 http://www.satcomm20.co.uk/
Satcure http://www.satcure.com/
SatcoDX1 http://www.satcodx1.com/
SAT TV http://www.sattv.com.au/
Radio Education
Radio and Electronics School http://www.radioelectronicschool.com/
Radio and Scanning
Australian
Australian Airport Frequencies http://www.labyrinth.net.au/~wombatt/
Australian Scanning Encyclopaedia http://www.scanaustralia.bigpondhosting.com/
Brisbane Radio Scanner http://www.angelfire.com/id/samjohnson/
Extreme Worldwide Scanner Radio http://members.optushome.com.au/extremescan/scanning.html
FM broadcast maps http://welcome.to/pacificfm
Gold Coast Radio Scanner Frequencies http://users.ion.com.au/~young/index.html
Kev’s Scanner Page http://members.dodo.com.au/~kevcat/kevs_scan_page.htm
Newcastle Area Radio Frequency Guide http://scanhunter.tripod.com/index.html
RADIO FREQUENCIES AND INFORMATION http://www.qsl.net/vk1zmc/information.html
Scanner Fanatics http://www.scannerfanatics.au.tt/
Scanner Monitoring in South Australia http://users.chariot.net.au/~mattb/scan/scanner.htm
Scan Victoria http://www.scanvictoria.com/
New Zealand
Kiwi Radio http://kiwiradio.blakjak.net/
NZscanners http://www.nzscanners.org.nz/
Wellington Scanner Frequencies http://wsf2003.tripod.com/
ZLScanner http://homepages.paradise.net.nz/lovegrov/
ZL3TMB (Christchurch NZ) http://www.hamradio.co.nz/
International
Frequency guide http://www.panix.com/~clay/scanning/
Incident Broadcast Network (including Australian feeds) http://www.incidentbroadcast.com
Radio H.F. (some ham stuff) http://www3.sympatico.ca/radiohf/
RadioReference.com http://www.radioreference.com/index.php
Amateur Radio DX and Contest
AA1V’s DX Info-Page http://www.goldtel.net/aa1v/
AC6V’s AR & DX Reference http://www.ac6v.com/
Announced DX Operations http://cpcug.org/user/wfeidt/Misc/adxo.html
ARRL DXCC Countries List http://www.arrl.org/awards/dxcc/listmain.html
ARRL DXCC rules http://www.arrl.org/awards/dxcc/rules.html#si
Australian contesting http://www.vkham.com/index.html
Buckmaster callsign database http://www.buck.com/cgi-bin/do_hamcall
DX CENTRAL http://www.dx-central.com/
DX Greyline http://www.fourmilab.ch/cgi-bin/uncgi/Earth/action?opt=-p
DX Summit http://oh2aq.kolumbus.com/dxs/
DX 425 News http://www.425dxn.org/
EHAM http://www.eham.net/
EI8IC Global Overlay Mapper http://www.mapability.com/ei8ic/
eQSL (electronic QSL) http://www.eqsl.cc/qslcard/
German DX Foundation-GDXF http://www.gdxf.de/
GlobalTuners (provides access to remotely controlled radio receivers all over the world) http://www.globaltuners.com/
Ham Atlas by SP6NVK http://www.hamatlas.eu/
Ham FTP email database http://members.eunet.at/hagenbu/ftp.htm
Kiwi DX List http://groups.yahoo.com/group/kiwidxlist/
Oceania Amateur Radio DX Group Incorporated http://odxg.org/
Oceania DX Contest http://www.oceaniadxcontest.com/
QRZ.COM http://www.qrz.com/site.html
The AM Window http://www.amwindow.org/index.htm
The Daily DX http://www.dailydx.com
The DX Zone http://www.dxzone.com/catalog/Reference/Radio_Spectrum/
IARU QSL Bureaus http://www.iaru.org/iaruqsl.html
International DX Association http://www.indexa.org/
Internet Ham Atlas http://www.hamatlas.eu/
IOTA http://www.425dxn.org/iota/
IOTA groups and Reference http://www.logiciel.co.uk/iota/shtlist.html
IOTA RSGB http://rsgbiota.org
IOTA 425 http://www.425dxn.org/iota
Island Radio Expedition Fondation http://www.islandradio.org/
Islands on the air Japan http://www3.ocn.ne.jp/~iota/
LA9HW HF Contest page http://home.online.no/~janalme/hammain.html
NG3K Contest/DX Page http://www.cpcug.org/user/wfeidt/
Northern California DX Foundation http://www.ncdxf.org
Simple phrases in European Languages http://web.onetel.com/~stephenseabrook/
SUMMITS on the AIR http://www.sota.org.uk/
Telnet Access to DX Packet Clusters http://cpcug.org/user/wfeidt/Misc/cluster.html
The DX Notebook http://www.dxer.org/
VE6OA’s DX Links http://www.compusmart.ab.ca/agirard/dxlinks.htmVK Contest Club http://www.vkcc.com
World of DK4KQ http://www.dl4kq.de/
XE1BEF DX and links http://www.geocities.com/xe1bef/
Logging Software
RD logging program http://vk5dj.mountgambier.org/Amateur_radio.html VK Contest Log (VKCL) http://web.aanet.com.au/mnds/ VK/ZL Logger http://www.vklogger.com
WinRD+ logging program http://www.rjmb.net/rd/index.htm
Cluster
AR-Technology AB5K.net http://www.ab5k.net/Home.aspx
Clusse http://he.fi/clusse/
Clusse download page http://www.euronet.nl/~icu13524/download/clusse.html
CLX Home page http://clx.muc.de/
DX CLUSTER programs http://pages.cthome.net/n1mm/html/English/DXClusters.htm
DXCluster http://www.dxcluster.org/
DXCluster.Info http://www.dxcluster.info/
DxNet http://www.dxnet.free.fr/
DX PacketCluster Sites on the Internet http://www.n4gn.com/cluster.html
DXSpider – DX cluster system is written in perl http://linux.maruhn.com/sec/dxspider.html
Packet Cluster user manual http://www.yccc.org/Resources/ysa/manual/
The DXSpider User Manual http://www.dxcluster.org/main/usermanual_en.html
VE7CC-1 Dx Spider Cluster http://www.ve7cc.net/
WinCluster http://kh2d.net/software/wc/index.cfm
Short Wave DX
Australian Broadcasting http://www.aba.gov.au/broadcasters/
AUSTRALIAN RADIO DX CLUB http://www.ardxc.info/
Australian MW Group http://members.optushome.com.au/onleydw/mwoz/
Electronic DX Press (HF, MW and VHF) http://members.tripod.com/~bpadula/edxp.html
Contesting.com http://www.contesting.com/
CQ World Wide DX Contest http://www.cqww.com/
Glenn Hauser’s DX Listening Digest http://www.dxing.com/dxr/dxld2196.htm
K3SA http://www.affcom.com/cqcontest/
K6XX http://www.k6xx.com/
Longwave Club of America (also Ham) http://www.lwca.org
NIST time stations http://www.boulder.nist.gov/timefreq/stations/wwvb.htm
OK1RR DX & Contesting Page http://www.qsl.net/ok1rr/
Prime Time Shortwave http://www.primetimeshortwave.com/
Radio Interval Signals http://www.intervalsignals.org/
shortWWWave http://swww.dwerryhouse.com.au/
SM3CER Contest Service http://www.sk3bg.se/contest/index.htm
The British DX Club http://www.bdxc.org.uk/
The DX Zone http://www.dxzone.com/catalog/Reference/Radio_Spectrum/
The OZ Radio DX Club www.ardxc.fl.net.au
Yankee Clipper Contest Club http://www.yccc.org/
Radio Scouting
Jota /JOTI Queensland http://jota.scouting.net.au/
Scouts Australia JOTA/JOTI http://www.international.scouts.com.au/main.asp?iMenuID=9071085
The history of the Jamboree On The Air http://home.tiscali.nl/worldscout/Jota/jota history.htm
World Organization of the Scout Movement http://www.scout.org/jota/
Australian Regulator
International Regulator
ITU http://www.itu.int/home/index.html
Electronic Information and technical reference
AC6V’s Technical Reference http://www.ac6v.com/techref.htm
Bowden’s Hobby Circuits http://ourworld.compuserve.com/homepages/Bill_Bowden/homepage.htm#menu
Chip directory http://www.embeddedlinks.com/chipdir/abc/s.htm#simm
Circuit Sage http://www.circuitsage.com/
COAX calculator http://www.ocarc.ca/coax.htm
CommLinx Solutions Pty Ltd http://www.commlinx.com.au/default.htm
Computer Power Supply Mods http://www.qsl.net/vk4ba/projects/index.html
Data Sheets http://www.techstuff.co.uk/electronics/datasheets.htm
Dictionary of Electronic Components http://www.jfk.herts.sch.uk/class/technology/ks4/electronics/glossary/electro.htm
Discover Circuits http://www.discovercircuits.com/
Electronic Information http://www.beyondlogic.org/
Electronics Links and Resources http://yallara.cs.rmit.edu.au/~pleelave/electronics1.html
electronic calculators http://www.radioelectronicschool.com/elecal.html
Epanorama (lots of links) http://www.epanorama.net/
Electronics Tutorials http://www.electronics-tutorials.com/
Electronic Theory http://www.electronicstheory.com/
Fox Delta http://www.foxdelta.com/
GREG’S DOWNLOAD PAGE http://www.rfcascade.com/index.html
GridSquare Conversion http://www.amsat.org/cgi-bin/gridconv
Hobby Projects (electronic resource) http://www.hobbyprojects.com/tutorial.html
Hittite http://www.hittite.com
Information site http://www.epanorama.net/
ISO Date / Time http://wwp.greenwichmeantime.com/info/iso.htm
Latitude/Longitude Conversion utility – 3 formats http://www.directionsmag.com/latlong.php
latrobe Electronic Engineering Links http://www.ee.latrobe.edu.au/internal/links.html
Mark Gentiles http://www.ee.latrobe.edu.au/~mg/
Mike’s Electric Stuff http://www.netcomuk.co.uk/~wwl/electric.html
New Wave Instruments (check out SS Resources) http://www.newwaveinstruments.com/index.htm
Paul Falstad (how electronic circuits work) http://www.falstad.com/circuit/
PINOUTS.RU (Handbook of hardware pinouts) http://pinouts.ru/
PUFF http://www.cco.caltech.edu/~mmic/puffindex/puffE/puffE.htm
RadioReference http://www.radioreference.com/
RF Cafe http://www.rfcafe.com/
RF Circuits http://www.mitedu.freeserve.co.uk/Circuits/RF/rf.html
RF Globalnet http://www.rfglobalnet.com
RHR Laboratories http://www.rhrlaboratories.com/#Software
rfshop http://www.rfshop.com.au/page7.htm
RS232 Connections, and wiring up serial devices http://www.airborn.com.au/rs232.html
SCHEMATICS http://www.mitedu.freeserve.co.uk/schematics.htm
Science Lobby (electronic links) http://www.sciencelobby.com/
Tech FAQ http://www.tech-faq.com/
The Electronics Calculator Website http://www.cvs1.uklinux.net/calculators/
the12volt.com (technical information for mobile electronics installers) http://www.the12volt.com/
101science.com http://www.101science.com/
Electronic service
Repair of TV Sets http://www.repairfaq.org/sam/tvfaq.htm
Sci.Electrinic.Repair FAQ http://www.repairfaq.org/sam/tvfaq.htm
Service engineers Forum http://www.e-repair.co.uk/index.htm
Television Repair Answered http://www.mgh.jeeran.com/televisionrepair1.htm
Cable Data
Andrews http://www.andrew.com/default.aspx
Belden http://www.belden.com/
CDi2 http://www.cdi2.com/build_it/coaxloss.htm
CO-AX CABLE DATA http://www.electric-web.org/coax.htm
Coaxial cable data http://www.qsl.net/kc6uut/coax.html
Coaxial Cable Page http://www.cdi2.com/build_it/coaxloss.htm
HB9ABX http://home.datacomm.ch/hb9abx/coaxdat.htm
HB9HD http://www.hb9hd.ch/PDF/coaxcable.pdf
KC6UUT http://www.qsl.net/kc6uut/coax.html
NESS Engineering http://www.nessengr.com/techdata/coaxdata.html
RF Industries cables http://www.rfindustries.com.au/rfiproducts/cablesConnectors/coaxialCables.htm
Selected Coaxial Cable Data http://www.vhfdx.oz-hams.org/CoaxCable.html
THERFC http://www.therfc.com/coax.htm
Times Microwave http://www.timesmicrowave.com/
VK3KHB http://www.gak.net.au/vk3khb/atv/coaxchrt.html
W4ZT http://w4zt.com/coax.html
X.net Antenna cable chart http://www.x.net.au/antenna_cable.html
50 W Coaxial Cable Information http://www.dma.org/~millersg/coax50.html
75 W Coaxial Cable Information http://www.dma.org/~millersg/coax75.html
Antique Radio
Antique Electronic Supply http://www.tubesandmore.com/
Alan Lord http://www.dundeecoll.ac.uk/sections/cs/staff/al_radio/
Antique Radio http://antiqueradios.com/
Apex Jr http://www.apexjr.com/
Archives of Boatanchors http://www.tempe.gov/archives/boatanchors.html
Australian Vintage Radio MK II http://www.southcom.com.au/~pauledgr/
Australian Wireless (OZ-Wireless) Email List http://www.clarion.org.au/wireless/
AWA and Fisk Radiola http://203.44.53.131/Radiola/AWA1b.htm
Crystal Radio http://www.crystalradio.net/
Glowbugs http://www.mines.uidaho.edu/~glowbugs/
Hammond Museum of Radio http://www.hammondmuseumofradio.org/
Historical Radio Society of Australia Inc. http://www.hrsa.asn.au/
JMH’s Virtual Valve Museum http://www.tubecollector.org/numbers.htm
John Rose’s Vintage Radio Home http://personal.nbnet.nb.ca/jrose/radios/radiomain.htm
Klausmobile Russian Tube Directory http://klausmobile.narod.ru/td/indexe.htm
KK7TV http://www.kk7tv.com/kk7tv.html
Kurrajong Radio Museum http://www.vk2bv.org/museum/
Links to Vintage Radios (Amateur) http://www.qsl.net/ka4pnv/vrlinks.htm
Mike’s Electric Stuff http://www.netcomuk.co.uk/~wwl/electric.html
Nostalgiar Air http://www.nostalgiaair.org/
Phil’s Old Radios http://antiqueradio.org/
Radio A’s Vintage Radio Page http://www.mnsi.net/~radioa/radioa.htm
Radio Era http://www.radioera.com/
Rap ‘n Tap http://www.midnightscience.com/rapntap/
Replacing Capacitors http://antiqueradio.org/recap.htm
Savoy Hill Publications http://www.valvesunlimited.demon.co.uk/Noframes/savoy_hill_publications.htm
South East Qld Group of the HRSA http://seqg.tripod.com
SEQG of the HRSA Crystal comp http://www.clarion.org.au/crystalset/
SEQG One Tube Radio comp http://seqg.tripod.com/onetube/onetube.html
TEARA’S VINTAGE RADIO LINK PAGE http://www.ipass.net/~teara/vin.html
The Vintage Radio Emporium http://www.vintageradio.info/
The Wireless Works http://www.wirelessworks.co.uk/
Triode Tube Data http://www.triodeel.com/tubedata.htm Tubesworld (Valve Audio and Valve data) http://www.tubesworld.com/
Vintage Radio http://www.vintage-radio.com/index.shtml
Vintage Radio Times http://www.vintageradiotimes.com/Page_1x.html
Vintage Radios and programs http://www.compusmart.ab.ca/agirard/VINTAGE.HTM
Vintage Radios UK http://www.valve.demon.co.uk/
Vintage Radio and Test Equipment Site http://www.geocities.com/eb5agv/
Vintage Radio World http://www.burdaleclose.freeserve.co.uk/
Vintage Radio and Audio Pages http://www.mcallister.simplenet.com/
VMARS http://www.vmars.org.uk/
W7FG VINTAGE MANUALS CATALOGUE http://www.w7fg.com/index.html
Ye Olde Hurdy Gurdy Museum of Vintage Radio http://ei5em.110mb.com/museum.html
Valve Audio and Valve data Ake’e Tube Data http://w1.871.telia.com/~u87127076/index.htm CVC http://www.chelmervalve.com/index.html
Data Sheet Locator http://www.duncanamps.co.uk/cgi-bin/tdsl3.exe/
Eimac http://www.cpii.com/eimac/index.html
Frank’s Electron tube Pages http://home.wxs.nl/~frank.philipse/frank/frank.html
Hammond Manufacturing http://www.hammondmfg.com/
House of Tubes http://www.house-of-tubes.com/home/Library.asp
High Voltage Tube Archive http://www.funet.fi/pub/sci/electrical/tesla/tubes/
Kiewavly http://home.mira.net/~kiewavly/audio1.html
Industrial Valve Data http://www.netcomuk.co.uk/~wwl/data.html
Machmat http://www.machmat.com/
NJ7P Tube Data Search http://hereford.ampr.org/cgi-bin/tube?index=1
RCA-R10 Data http://www.nmr.mgh.harvard.edu/~reese/RC10/
SAS Audio Labs http://www.sasaudiolabs.com/
Sowter Audio Transformers http://www.sowter.co.uk/
Spice Valves http://www.duncanamps.com/spicevalves.html
Tubetec http://www.tubetec.freeserve.co.uk/
TUBEWORLD INC. http://www.tubeworld.com/
Tube datasheets http://www.wps.com/archives/tube-datasheets/index.html
Vacuum Tube Links http://www.michelletroutman.com/tubes.htm
Valves and Tubes http://www.euramcom.freeserve.co.uk/tubes.html
Valve Data Links http://www.thevalvepage.com/links/valvdata.htm
Valve Data http://www.arrakis.es/~igapop/referenc.htm
Valves Unlimited http://www.valvesunlimited.demon.co.uk/Noframes/links.htm
Valve and Tube Supplies http://www.valves.uk.com/
Valveamps.com http://www.valveamps.com/
Audio
Audio Calculators and Links http://www.audioscientific.com/Audio Calculators & References Links.htm
BKC GROUP http://www.bkcgroup.fsnet.co.uk/
Car Audio Australia http://www.caraudioaustralia.com/
DIY Audio http://www.diyaudio.com/
Duncan’s Amp Pages http://www.duncanamps.com/
Elliott Sound Products http://sound.westhost.com/audiolink.htm
GM ARTS http://users.chariot.net.au/~gmarts/
Norman Koren http://www.normankoren.com/Audio/
Rane http://www.rane.com/
The Self Site http://www.dself.demon.co.uk/
The Class-A Amplifier Site http://www.gmweb.btinternet.co.uk/
Magazines
DUBUS (VHF magazine) http://www.dubus.org/
Elektor Electronics http://www.elektor-electronics.co.uk/
Harlan Technologies (Amateur Television Quarterly) http://www.hampubs.com/
Radio & Communications Monitoring Monthly http://www.monitoringmonthly.co.uk/
SILICON CHIP http://www.siliconchip.com.au/
VHF Communications Mag http://www.vhfcomm.co.uk/
SETI
SETI http://www.setileague.org/homepg.htm
SETI Australia http://www.seti.org.au/
DUKPT Overview and Transaction notes
by Derek on Jun.22, 2009, under Banking and EFTPoS
Hi,
Recently I a questing was asked on another post relating to DUKPT. Given I have lots of material on the subject I thought I would create this thread. Link
I will come back at some stage and expand on this when I get time.
Transaction Process narrative:
The diagram describes a mobile terminal/ATM is described using the a AS2805 (‘2805′) message type and 3DES DUKPT and dual direction auth SSL from the terminal to the aquirer (transaction switch).
A good explanation of DUKPT can also be found at Wikipedia.
DUKPT transaction flow - terminal to bank
Background notes:
- The terminal or ATM firstly encrypts the user entered pin (may be a unique DUKPT key or static, depending on the design and banks involved) prior to incorporating it into the AS 2805 transaction message.
- the message is then encrypted again using the DUKPT key which has been established through the merchant logon process within the aquirer Host Security Module (HSM) i.e. the user entered pin is encrypted separately and encapsulated within the DUKPT encrypted 2805 message to provide full message encryption.
- In the diagram a separate dual authenticating SSL session is also used between the terminal/ATM and the aquirers infrastructure. This allowing the transaction including the pin to traverse the external Wired/GPRS/LAN within 2 primary independent layers of encryption, with a 3rd protecting the PIN.
- When the transaction enters the aquirer environment the message encapsulation layer provided by SSL is removed. This leaving the DUKPT’ed 2805 message which also encapsulates the separately encrypted PIN.
- This encrypted message is passed to the aquirer switch engine through to the aquirer’s HSM for decryption of the 2805 message excluding the user entered pin.
- This is when transactional information necessary for aquirer’s merchant reporting (truncated card number, transaction amount, transaction type, etc.) and fraud management data is collected.
- The aquirer switch then passes the encrypted PIN to the aquirer HSM requesting that the PIN be decrypted using the aquirer’s PIN encryption and translated to the next banks (Bank 1) PIN Encryption Key (Pin translation only occurs within the aquirer HSM) This is then sent back to the aquirer Switch engine as the Bank 1 encrypted PIN.
- The aquirer switch engine then send the decrypted 2805 message with the newly encrypted PIN back to aquirer HSM to be encrypted with the Bank 1 MAC key.
- The resultant Bank 1 key encrypted message is then sent to Bank 1 for processing and/or passing to the card issuer (using a similar process as described above).
- When the result is received back from the issuing bank it is encrypted with the Bank 1 MAC key (the pin will not be present in the result message).
- This is then decrypted by the aquirer HSM, the transaction fate result stored into the aquirer merchant reporting system and the transaction fate re-encrypted with the original aquirer DUKPT key (should be different per terminal/merchant instance) and the result sent back to the terminal through the original established SSL encrypted terminal connection.
The aquirer may terminate the the SSL connection on a hardware device such as a CISCO Content Service Switch (CSS), or equivalent instead of the design described in the diagram which terminates onto a SSL session server/gateway (Possibly including a Certificate Authority) or on the aquirer transaction switch.
When PIN blocks are received by the aquirer processing centre, the PIN encryption is translated from the terminal key to the Local Master Key (LMK) by the Host Security Modules (HSM).
When the message is sent on the upstream bank interchange link to the issuer or gateway , the aquirer HSM translates the encrypted PIN block from the LMK to the Zone Master Key (ZMK) of the aquirer interchange link. The PIN block is always encrypted using DEA3 (3DES) whenever outside of the Terminal or ATM.
EFT Syetms and Device Considerations
by Derek on Aug.05, 2008, under Banking and EFTPoS, Security
EFT devices and systems differ depending on hardware vendor, country and bank / payment aggregator.
Below is a list of things you may like to consider. This list is off the top of my head so it is probably not complete.
Looking at the products and relationships us usually a good start.
Things to consider:
- Card skimming methods
- Some EFT POS devices restrict the connection of a skimmer
- Review levels of associated fraud
- Review devices and EFT methods
- Review terminal identification (merchant and customer)
- Manual processing. (internal and external)
- eCommerce products
- PC based software
- Dedicated server services (Nobil, etc.)
- Web based engine (Custom objects, Web pop-ups, etc)
- Authorisation / identification methods (Merchant and customer)
- TCPIP session hijacking / session spoofing
- Direct Debit as well as Credit Cards.
- Swift (methods and controls)
- Telegraphic transfer (methods and controls)
- Payment aggregator relationships (eg. Payment Tech, manual processing, cheque scanning, etc.)
- Internet banking facilities (attack / penetration, Certificate registration / management, ISP SLA’s, etc.)
- Implementation of Smart Card and / or alternative customer recognition devices.
- Outsourcing and associated risks / service level agreements
- Payment processing
- Payment clearance
- Payment switching
- Reporting (segregation of merchant / customers / aggregators / partners / local / international)
- Fraud detection and reporting
- 3rd party acquiring risks
- Single merchant ID many businesses
- Allows moneys to be laundered if the payment aggregator does not place appropriate controls on the merchant.
- Encryption used
- Internet / trusted partner / inter-bank / extranet
- Private and / or public certificates
- Single use certificates
- Client side certificates
- Remittance advice processes and controls.
- EFT disaster recovery and manual fall back procedures (associated security and reconciliation risks)
- Trusted partner relationships, SLA’s, liabilities and risks.
- EFT regulatory / legal requirements (inter-bank and government)
- Refund processing / authorisation. (policies, procedures, controls, etc.)
- CVV, CVV-2 / CVC-2 processing and management. (http://www.atlanticpayment.com/CVV.htm)
- Fraud detection mechanism (neural networks, inter-bank / department customer checks, etc)
- Supported card schemes (AMEX/Visa/Mastercard/Discover/etc )
- Review EFT floor limits (corporate and SME merchants)
- Review the ability to withhold merchant settlement until the presence of fraud has been determined.
- Review customer identification details. Such as (This varies around the world depending on local regulations / privacy laws)
- Review real-time and batched processing methods and controls (sequence numbers, access to raw data, etc.)
- Review processing with and without expiry dates. (exception controls and policies)
- Review exception / fraud reports.
- Review payment store and forward policies and procedures.
- Review Pre-Auth and Completion controls.
- Token based payment (eCash, etc)
- Merchant reconciliation, reporting methods and controls (paper, Internet, email, PDF, Fax, etc.) and associated security.
- Real time gross settlement policies, procedures and controls. (IT and amounts)
- Card issuing policies and procedures. (customer ID checks, etc)
- Banking infrastructure (ingress / egress) controls and security. (Web, partner, payment switches, outsourced infrastructure, monitoring / reporting.)
- Use of Internet technologies for inter-bank transfers and remote equipment.
- Physical security and controls of devices, ATM,s, line encryptors, etc.
Internet Banking Security Assessment Considerations
by Derek on Aug.05, 2008, under Banking and EFTPoS, Security
I was asked some time ago what sort of things may be considered when looking at Internet Banking.
Below is a list of things which could be considered. It was just a brain dump and as such may not be complete.
Don’t underestimate the value of standard for your infrastructure, website configuration, database engine configuration/architecture,staging environment and development/QA environments.
Some thoughts:
- Many don’t lock accounts after X failed logins, this is normally done for good customer service, but leaves the system vulnerable.
- And all the other things expected for a remote login session (forced password changes, aging, etc))
- Tools such as Brutus may be use to brute force hack authenticated sessions.
- Many allow session sequence numbers to be incremented, allowing an authenticated user to view other customer session.
- These may be server side, client side, cookie based, etc.
- Get someone to check the development methodologies and the code being used.
- Database query strings can be placed into test entry fields, allowing table dumps to browser.
- Check all pages served are secure and contain user authentication flags.
- Customer data may not be segregated, this needs to be checked.
- Customer data should not reside on the Web Server.
- Authentication databases / system data should not reside on the webserver.
- The databases should reside on a private/semi-private network.
- A different segment to the main banking system.
- Webserver should be dual homed or equivalent (some VLAN techniques are good)
- Separate private and public network cards, monitoring/backup/administration
- Infrastructure set-up to explicitly deny inbound/outbound ports, private IP & monitoring escaping from the network.
- At all data segregation points ensure rules are in place which appreciates the traffic though that point.
- All customer data where possible should be sourced from a secure back-end database.
- This may be a staging environment. i.e. no the main banking system.
- This usually allows for transactions to appear real time to the customer.
- Many transactions may be batched in reality. (internal or external to the bank)
- Ensure suitable rules have been set-up on firewalls.
- There should be inbound and outbound rules on firewalls and filtering routers.
- Don’t allow any infrastructure on the front end to allow remote administrative connections. (telnet, etc.)
- Use the serial console port to connect to a server or back-end terminal server.
- Look for the segregation / staging of online customer content from main banking systems
- Ensure that a separate development / QA / production environment system and suitable process is in place.
- Services not used by the system are active
- These should be disabled.
- Port scan of the supporting infrastructure (routers /switches) and server(s).
- Investigate the reasons for all open ports.
- Don’t use the main gateway for trusted partner access (clearing / RAS / etc.)
- Do all that standard IIS checks and NT checks (Sample scripts, change management, patching methodologies, etc.)
- Ensure denial of service precaution have been taken into account for all infrastructure and server equipment.
- Check the adequacy of the escalation procedures used.
- Look for real-time monitoring and alerting.
- Look for responsibility matrix.
- Look for ownership of issues.
- Consider upstream carrier(s) vulnerability (denial of service, IP spoofing, DNS hacking, etc)
- Consider social engineering of customer, administrative, partner accounts / systems / infrastructure.
- Helpdesk procedures and policies and/or alternate technologies (Caller ID, Gateway IP, etc.).
- Use dynamic passwords where possible (SecureID, TACACS, etc.).
- Use encrypted tunnelling where needed (IPSec, Firewall 1, etc)
- Consider looking at other customer authentication methods to enhance existing methods.
- Digital cert, IP address locked to account, etc.
- Consider use of CVV or CVN for bank issued cards.
- Consider how passwords are distributed /changed for customers.
- Plain text email, telephone, etc.
- Can passwords be changed online?
- Is additional authentication used between sections of the services once authenticated?
- Consider what the customer has access to once authenticated.
- Look at SWIFT, RTGS, inter-bank transfers, access to credit cards, etc.
- If an attacker does get in, what can the do?
- Use techniques to ensure pages, customer details are not cached at ISP, or client system.
- These are flags that can be set within pages.
- Normally SSL is cached, but some proxy vendors have been playing with techniques to do so.
- Caching of SSL pages on the client system can be turned on on some browsers.
- May banks use a Java (or similar) applet for all customer interaction, restricting all caching issues.
- Ensure paper based and on-line liability clauses are available are address all effected areas.
- Ensure within the customer sign-up process banking liability is reduced.
- I’ve seen statements like “use this system at your own risk, responsibility for any liability or claim will NOT……”
- Not very customer focused, but that’s what their legal department recommended.
All of the above can effect the security and/or operation of an on-line banking system.
Other things to consider:
- External development and support of the application.
- Ownership and management of the hardware/applications
- Publishing points for new content (internal/private/trusted network or Internet)
- Topology of front end. i.e. Security Architecture document should be in place and managed appropriately.
- Are limited AP tests performed whenever changes are made to the environment? i.e. integrated AP into Change management process.
- Database access. Is it buffered or is it live to the core banking systems.
- What facilities are provided? Direct debit + Credit Card + SWIFT + ……. Consider different scenarios for your attack depending on the feature.
- What other services are shared within the network segment that the Internet Banking service is running. Can this be used to compromise the Internet Banking site. eg. different support/business/development organisations with differing security strategies/profiles.
- Consider all external supporting services within you AP. Look at internal/external DNS poisoning opportunities, mail relay, etc. What IPS’s do they use has the ISP any opportunity to access systems or supporting services which may affect Internet Banking.
- Depending on the size of the Bank, many organisation do not use the same support groups for infrastructure and the application. As a result external connections to the infrastructure may be provided for an external support organisation to administer the infrastructure.
- Look at the business and user authentication methods and paths (client side certs, secure ID, SMART Card, etc). Consider two factor authentication and modern user identification methods. eg. what is your favourite food in addition to normal usernames and passwords. Do system administration staff use dynamic passwords (secureID, etc)?
- See if the Internet Banking application sends email to users which may contain interesting information.
- Better access to the application can generally be gained after access to the system. i.e. get an legitimate account on the system. I have found that some sample/administration screens have been restricted to authenticated users only.
- Consider social engineering the Help desk to have an account password reset.
DNS Hack Needs Patching – Serious Problem
by Derek on Jul.10, 2008, under Security
This has been kept under wraps by the Operating System and Hardware vendors for the last few weeks and now patches have finally been released for many Operating Systems, DNS software applications and Hardware devices.
If you provide or rely on DNZ services (external and Internal) you should consider quickly patching your servers/devices.
Although Internal DNS servers may not be exposed to an Internet attack, we see many more internal attacks within larger organisations which involve rogue server or services being established within the firewalled trusted network. As a result, this lifts the threat level of internal systems/services and therefore the need for effective timely patching.
Also consider asking the question of your hosting facility, upstream ISP or DNS provider to see if they have patched their DNS servers and forwarders.
http://www.doxpara.com/?p=1162 This link also has a DNS checker.
http://afp.google.com/article/ALeqM5hwFqcnWAuDWlcqfvfyHu5PGG9RMQ
http://www.kb.cert.org/vuls/id/800113
This is a full list of vendor patch links
http://www.betanews.com/article/Major_fix_to_DNS_vulnerability_impacts_Windows_Debian/1215551008
Good Luck
Financial Transaction Processing
by Derek on Jul.02, 2008, under Banking and EFTPoS
I have been recently working inside one of the larger Banks in Australia.
Through this work I have been looking at the controls and mechanisms surrounding the processing of credit and debit cards around the Asia Pacific.
I get perform many security architecture and payment systems assessments.
Over the years I have always considered the protection of the card data as one of the key considerations.
Until yesterday I had never seen an CVV or PVV decryption tools. I think some scripted use of these tools could be very interesting.
The site hziggurat29.com
Many of the other tools on this site are also very unique and worth a look.
Big thanks to ziggurat29 for providing such awesome tools.
As many of these sites are of this nature are difficult to find and often seem to vanish over the years, I have chosen to replicate the the text from this page and provide local copies on the files.
It is worth periodically visiting the ziggurat29 site every now and again to see if any additional tools have been posted.
One of the more extraordinary files is the Atalla Hardware Security Module (HSM) and BogoAtalla for Linksys emulation (simulation) tools. So I wonder if Eracom and Thales are shaking in their boots. Some how I don’t think so. ;-)
——– ziggurat29 Text ———
These are all Windows command-line utilities (except where noted); execute with the -help option
to determine usage.
DUKPT Decrypt (<- the actual file to download)
This is a utility that will decrypt Encrypted PIN Blocks that have been produced via the DUKPT triple-DES method. I used this for testing the output of some PIN Pad software I had created, but is also handy for other debugging purposes.
VISA PVV Calculator (<- the actual
file to download)
This is a utility that will compute and verify PIN Verification Values that have been produced using the VISA PVV technique. It has a bunch of auxiliary functions, such as verifying and fixing a PAN (Luhn computations), creating and encrypting PIN blocks, decrypting and extracting PINs from encrypted PIN blocks, etc.
VISA CVV Calculator (<- the actual file to download)
This is a utility that will compute Card Verification Values that have been produced using the VISA CVV technique. MasterCard CVC uses the CVV algorithm, so it will work for that as well. It will compute CVV, CVV2, CVV3, iCVV, CAVV, since these are just variations on service code and the
format of the expiration date. Verification is simply comparing the computed value with what you have received, so there is no explicit verification function.
Atalla AKB Calculator (<- the actual file to download)
This is a utility that will both generate and decrypt Atalla AKB cryptograms. You will need the plaintext MFK to perform these operations. When decrypting, the MAC will also be checked and the results shown.
BogoAtalla (<- the actual file to
download)
This is an Atalla emulator (or simulator). This software emulation (simulation) of the well-known Atalla Hardware Security Module (HSM) that is used by banks and processors for cryptographic operations, such as verifying/translating PIN blocks, authorising transactions by verifying
CVV/CSC numbers, and performing key exchange procedures, was produced for testing purposes. This implementation is not of the complete HP Atalla command set, but rather the just
portions that I myself needed. That being said, it is complete enough if you are performing acquiring and/or issuing processing functions, and are using more modern schemes such as Visa PVV and DUKPT, and need to do generation, verification, and translation.
This runs as a listening socket server and handles the native Atalla command set. I have taken some liberties with the error return values and have not striven for high-fidelity there (i.e., you may get a different error response from native hardware), but definitely should get identical positive
responses. Some features implemented here would normally require purchasing premium commands, but all commands here implemented are available. Examples are generating PVV values and encrypting/decrypting plaintext PIN values.
BogoAtalla for Linksys (<- the actual file to download)
This is the Atalla emulator ported to Linux and build for installation on an OpenWRT system. Makes for a really cheap ($60 USD) development/test device.
Local Files
bogoatalla002
atallaakbcalc
bogoatalla_10-1_mipsel
dukptdecrypt
visacvvcalc
visapvvcalc
Bluetooth
by admin on Mar.24, 2008, under Bluetooth
This article is about the Bluetooth wireless specification. For King Harold Bluetooth, see Harold I of Denmark
Bluetooth is an industrial specification for wireless personal area networks (PANs).
Bluetooth provides a way to connect and exchange information between devices like personal digital assistants (PDAs), mobile phones, laptops, PCs, printers and digital cameras via a secure, low-cost, globally available short range radio frequency.
Bluetooth lets these devices talk to each other when they come in range, even if they’re not in the same room, as long as they are within 10 metres (32 feet) of each other.
The spec was first developed by Ericsson, later formalised by the Bluetooth Special Interest Group (SIG). The SIG was formally announced on May 20, 1999. It was established by Sony Ericsson, IBM, Intel, Toshiba and Nokia, and later joined by many other companies as Associate or Adopter members.
Table of contents* 1 About the name |
About the name
The system is named after a Danish king Harald Blåtand (<arold Bluetooth in English), King of Denmark and Norway from 935 and 936 respectively, to 940 known for his unification of previously warring tribes from Denmark, Norway and Sweden. Bluetooth likewise was intended to unify different technologies like computers and mobile phones. The Bluetooth logo merges the Nordic runes for H and B.
General information
A typical Bluetooth mobile phone headset
The latest version currently available to consumers is 2.0, but few manufacturers have started shipping any products yet. Apple Computer, Inc. offered the first products supporting version 2.0 to end customers in January 2005. The core chips have been available to OEMs (from November 2004), so there will be an influx of 2.0 devices in mid-2005. The previous version, on which all earlier commercial devices are based, is called 1.2.
Bluetooth is a wireless radio standard primarily designed for low power consumption, with a short range (up to 10 meters [1], ) and with a low-cost transceiver microchip in each device.
It can be used to wirelessly connect peripherals like printers or keyboards to computers, or to have PDAs communicate with other nearby PDAs or computers.
Cell phones with integrated Bluetooth technology have also been sold in large numbers, and are able to connect to computers, PDAs and, specifically, to handsfree devices. BMW was the first motor vehicle manufacturer to install handsfree Bluetooth technology in its cars, adding it as an option on its 3 Series, 5 Series and X5 vehicles. Since then, other manufacturers have followed suit, with many vehicles, including the 2004 Toyota Prius and the 2004 Lexus LS 430. The Bluetooth car kits allow users with Bluetooth-equipped cell phones to make use of some of the phone’s features, such as making calls, while the phone itself can be left in a suitcase or in the boot/trunk, for instance.
The standard also includes support for more powerful, longer-range devices suitable for constructing wireless LANs.
A Bluetooth device playing the role of “master” can communicate with up to 7 devices playing the role of “slave”. At any given instant in time, data can be transferred between the master and one slave; but the master switches rapidly from slave to slave in a round-robin fashion. (Simultaneous transmission from the master to multiple slaves is possible, but not used much in practice). These groups of up to 8 devices (1 master and 7 slaves) are called piconets.
The Bluetooth specification also allows connecting two or more piconets together to form a scatternet, with some devices acting as a bridge by simultaneously playing the master role in one piconet and the slave role in another piconet. These devices have yet to come, though are supposed to appear within the next two years.
Any device may perform an “inquiry” to find other devices to which to connect, and any device can be configured to respond to such inquiries.
Pairs of devices may establish a trusted relationship by learning (by user input) a shared secret known as a “passkey”. A device that wants to communicate only with a trusted device can cryptographically authenticate the identity of the other device. Trusted devices may also encrypt the data that they exchange over the air so that no one can listen in.
The protocol operates in the license-free ISM band at 2.45 GHz. In order to avoid interfering with other protocols which use the 2.45 GHz band, the Bluetooth protocol divides the band into 79 channels (each 1 MHz wide) and changes channels up to 1600 times per second. Implementations with versions 1.1 and 1.2 reach speeds of 723.1 kbit/s. Version 2.0 implementations feature Bluetooth Enhanced Data Rate (EDR), and thus reach 2.1 Mbit/s. Technically version 2.0 devices have a higher power consumption, but the three times faster rate reduces the transmission times, effectively reducing consumption to half that of 1.x devices (assuming equal traffic load).
Bluetooth differs from Wi-Fi in that the latter provides higher throughput and covers greater distances but requires more expensive hardware and higher power consumption. They use the same frequency range, but employ different multiplexing schemes. While Bluetooth is a cable replacement for a variety of applications, Wi-Fi is a cable replacement only for local area network access. A glib summary is that Bluetooth is wireless USB whereas Wi-Fi is wireless Ethernet.
Many USB Bluetooth adapters are available, some of which also include an IrDA adapter.
Embedded Bluetooth
Bluetooth devices and modules are increasingly being made available which come with an embedded stack and a standard UART port. The UART protocol can be as simple as the industry standard AT protocol, which allows the device to be configured to cable replacement mode. This means it now only takes a matter of hours (instead of weeks) to enable legacy wireless products that communicate via UART port.
Features by version
Bluetooth 1.0 and 1.0B
Versions 1.0 and 1.0B had numerous problems and the various manufacturers had great difficulties in making their products interoperable. 1.0 and 1.0B also had mandatory Bluetooth Hardware Device Address (BD_ADDR) transmission in the handshaking process, rendering anonymity impossible at a protocol level, which was a major set-back for services planned to be used in Bluetooth environments, such as Consumerism.
Bluetooth 1.1
In version 1.1 many errata found in the 1.0B specifications were fixed. There was added support for non-encrypted channels.
Bluetooth 1.2
This version is backwards compatible with 1.1 and the major enhancements include
- Adaptive Frequency Hopping (AFH), which improves resistance to radio interference by avoiding using crowded frequencies in the hopping sequence
- Higher transmission speeds in practice
- extended Synchronous Connections (eSCO), which improves voice quality of audio links by allowing retransmissions of corrupted packets.
- Received Signal Strength Indicator (RSSI)
- Host Controller Interface (HCI) support for 3-wire UART
- HCI access to timing information for Bluetooth applications.
Bluetooth 2.0
This version is backwards compatible with 1.x and the major enhancements include
- Non-hopping narrowband channel(s) introduced. These are faster but have been criticised as defeating a built-in security mechanism of earlier versions; however frequency hopping is hardly a reliable security mechanism by today’s standards. Rather, Bluetooth security is based mostly on cryptography.
- Broadcast/multicast support. Non-hopping channels are used for advertising Bluetooth service profiles offered by various devices to high volumes of Bluetooth devices simultaneously, since there is no need to perform handshaking with every device. (In previous versions the handshaking process takes a bit over one second.)
- Enhanced Data Rate (EDR) of 2.1 Mbit/s.
- Built-in quality of service.
- Distributed media-access control protocols.
- Faster response times.
- Halved power consumption due to shorter duty cycles.
Future Bluetooth uses
One of the ways Bluetooth technology may become useful is in Voice over IP. When VOIP becomes more widespread, companies may find it unnecessary to employ telephones physically similar to today’s analogue telephone hardware. Bluetooth may then end up being used for communication between a cordless phone and a computer listening for VOIP and with an infrared PCI card acting as a base for the cordless phone. The cordless phone would then just require a cradle for charging. Bluetooth would naturally be used here to allow the cordless phone to remain operational for a reasonably long period.
Security concerns
In November 2003, Ben and Adam Laurie from A.L. Digital Ltd. discovered that serious flaws in Bluetooth security lead to disclosure of personal data (see http://bluestumbler.org). It should be noted however that the reported security problems concerned some poor implementations of Bluetooth, rather than the protocol itself.
In a subsequent experiment, Martin Herfurt from the trifinite.group was able to do a field-trial at the CeBIT fairgrounds showing the importance of the problem to the world. A new attack called BlueBug was used for this experiment.
In April 2004, security consultants @Stake revealed a security flaw that makes it possible to crack into conversations on Bluetooth based wireless headsets by reverse engineering the PIN.
This is one of a number of concerns that have been raised over the security of Bluetooth communications. In 2004 the first purported virus using Bluetooth to spread itself among mobile phones appeared for the Symbian OS. The virus was first described by Kaspersky Labs and requires users to confirm the installation of unknown software before it can propagate. The virus was written as a proof-of-concept by a group of virus writers known as 29a and sent to anti-virus groups. Because of this, it should not be regarded as a security failure of either Bluetooth or the Symbian OS. It has not propagated ‘in the wild’.
In August 2004, a world-record-setting experiment (see also Bluetooth sniping) showed that with directional antennas the range of class 2 Bluetooth radios could be extended to one mile. This enables attackers to access vulnerable Bluetooth-devices from a distance beyond expectation.
Bluetooth uses the SAFER+ algorithm for authentication and key generation.
Bluetooth profiles
In order to use Bluetooth, a device must be able to interpret certain Bluetooth profiles. These define the possible applications. Following profiles are defined:
- Generic Access Profile (GAP)
- Service Discovery Application Profile (SDAP)
- Cordless Telephony Profile (CTP)
- Intercom Profile (IP)
- Serial Port Profile (SPP)
- Headset Profile (HSP)
- Dial-up Networking Profile (DUNP)
- Fax Profile
- LAN Access Profile (LAP)
- Generic Object Exchange Profile (GOEP)
- Object Push Profile (OPP)
- File Transfer Profile (FTP)
- Synchronisation Profile (SP)
This profile allows synchronisation of Personal Information Manager (PIM) items. As this profile originated as part of the infra-red specifications but has been adopted by the Bluetooth SIG to form part of the main Bluetooth specification, it is also commonly referred to as IrMC Synchronisation.
- Hands-Free Profile (HFP)
- Human Interface Device Profile (HID)
- Hard Copy Replacement Profile (HCRP)
- Basic Imaging Profile (BIP)
- Personal Area Networking Profile (PAN)
- Basic Printing Profile (BPP)
- Advanced Audio Distribution Profile (A2DP)
- Audio Video Remote Control Profile (AVRCP)
- SIM Access Profile (SAP)
Compatibility of products with profiles can be verified on the Bluetooth Qualification website.
See also
- Bluechat
- Bluejacking – a form of communication via Bluetooth
- Bluetooth sniping
- Bluesnarfing
- Blunt – Bluetooth protocol stack for Newton OS 2.1
- Cable spaghetti – a problem wireless technology hopes to solve
- IrDA
- OBEX
- Jini
- LibertyLink
- OSGi Alliance
- Salutation
- Service Location Protocol
- Toothing
- Universal plug-and-play
- Wi-Fi
- Wireless dating
- Wireless AV kit with Bluetooth for modern LCD TV and computer displays.
- ZigBee – an alternative digital radio technology that claims to be simpler and cheaper than
External links
- Bluetooth Tutorial Includes information on Architecture, Protocols, Establishing Connections, Security and Comparisons
- Bluetooth connecting and paire guide
- The Official Bluetooth® Wireless Info Site<SIG public pages
- Howstuffworks.com explanation of bluetooth
- The Bluetooth Car Concept
- A series of guides on how-to connect devices like mobile phones, PDAs, desktop/laptops, headsets and use different Bluetooth services
- Mapping Salutation Architecture APIs to Bluetooth Service Discovery Layer
- Bluetooth™ Security White Paper
- Security Concerns
- Laptops, PDA and mobile (cell) phones with Bluetooth(TM) and Linux
- Bluetooth qualified products
- Bluecarkit discussion forum about Bluetooth car handsfree
- Bluetooth in spanish
- Radio-Electronics.Com – Overview of Bluetooth and its operationi>
- Bluetooth Background information about bluetooth (German)
- Bluetooth.org – The Official Bluetooth Membership Sitei>
Translator
