hardware | madrock

Archives for : hardware

No need to bypass security with a boot disk – 17 year old Windows exploit found

Posted by :Derek On : February 18, 2010

Tags:access, attack, authentication, bar, Corporate, Explorer, hack, hardware, Internet, Microsoft, network, patch, Pin, security, server, support, template, text, type, Vulnerabilities, vulnerability, Vulnerable

The problem has been discovered in the Virtual DOS Machine (VDM) introduced in 1993 to support 16-bit applications (real mode applications for 8086). VDM is based on the Virtual 8086 Mode (VM86) in 80386 processors and, among other things, intercepts hardware routines such as BIOS calls. Google security team member Tavis Ormandy has found several vulnerabilities in this implementation that allow an unprivileged 16-bit program to manipulate the kernel stack of each process via a number of tricks. This potentially enables attackers to execute code at system privilege level.

In addition to the unpatched hole in Internet Explorer, a now published hole in Windows allows users with restricted access to escalate their privileges to system level â€“ and this is believed to be possible on all 32-bit versions of Windows from Windows NT 3.1 up to, and including Windows 7. While the vulnerability is likely to affect home users in only a minor way, the administrators of corporate networks will probably have their hands full this week.

The problem is caused by flaws in the Virtual DOS Machine (VDM) introduced in 1993 to support 16-bit applications (real mode applications for 8086). VDM is based on the Virtual 8086 Mode (VM86) in 80386 processors and, among other things, intercepts hardware routines such as BIOS calls. Google security team member Tavis Ormandy has found several vulnerabilities in this implementation that allow an unprivileged 16-bit program to manipulate the kernel stack of each process via a number of tricks. This potentially enables attackers to execute code at system privilege level.

Ormandy has also published a suitable exploit which functions under Windows XP, Windows Server 2003 and 2008, Windows Vista and Windows 7. When tested by the The H’s associates at heise Security, the exploit opened a command prompt in the system context, which has the highest privilege level, under Windows XP and Windows 7. No patch has become available, although Ormandy reports that Microsoft was already informed of the hole in mid 2009. The developer decided to publish the information regardless because, in his opinion, there is a simple workaround: to disable the MS-DOS subsystem.

The workaround requires users to start the group policy editor and enable the “Prevent access to 16-bit applications” option in the Computer ConfigurationAdministrative TemplatesWindows ComponentsApplication Compatibility section. When tested with these settings by the heise Security team, the exploit no longer functioned. The settings reportedly don’t cause any major compatibility problems for most users while no 16-bit applications are being used.

Update – The above option is only available through the group policy editor on Windows 2003 systems. Some versions of Windows do not include a group policy editor. As an alternative, users can also create a registry key under HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsAppCompat with a D-Word value of VDMDissallowed = 1. Under Windows XP, to prevent the system from being vulnerable to the exploit, users can place the following text:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsAppCompat]

“VDMDisallowed”=dword:00000001

into a file called vdmdisallow.reg and double click the file. Windows will then automatically import the key (admin rights are required to perform this action).

Update 2 -Â Microsoft has now confirmed the privilege escalation hole in Windows. The company says that it wants to complete its investigation of the vulnerability and will then decide whether, how and when to close it.

See Also:

Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack, security advisory from Travis Ormandy.

REDMOND — When it rains, it pours. Especially in the Seattle area. Tavis Ormandy has published full details on a privilege escalation hack of all versions of Windows including Windows 7.

The exploit takes advantage of a bug in the Windows implementation of the ‘virtual DOS machine’ used to run legacy 16-bit programs. The exploit can be avoided by turning the VDM ‘feature’ off but the danger of course is that enough Windows lusers won’t know about the bug and/or bother turning the ‘feature’ off.

16-bit applications need BIOS support; the Windows kernel supports virtual BIOS interrupts in its ‘Virtual-8086’ mode monitor code. The code is implemented in two stages. The #GP trap handler transitions to the second stage when CS:EIP faults with specific ‘magic’ values.

The transition requires (subsequent to authentication) restoring the context and the call stack from the faulting trap frame. But the authentication process is flawed, relying as it does on three incorrect assumptions.

Setting up a VDM context requires SeTcbPrivilege.The barrier to getting a VDM context can be subverted by requesting the NT VDM subsystem and then using CreateRemoteThread() to run code in the context of the VDM subsystem. The VDM subsystem already has the necessary flag set.
Ring 3 (unprivileged) code cannot install arbitrary code segment selectors.Using the two least significant bits of CS/SS to calculate the privilege of a task doesn’t work when it comes to Virtual-8086 mode. The 20-bit addressing (by adding CS << 4 to the 16-bit IP) is also used to map onto the protected linear Virtual-8086 address space. If CS can be set to an arbitrary value, then the privilege calculation can be circumvented.
Ring 3 (unprivileged) code cannot forge a trap frame.Returns to user mode are through IRET. An invalid context can cause IRET to fail pre-commit, which in turn forges a trap frame. And even with address randomisation it’s trivial to use NtQuerySystemInformation() to obtain the address of the second stage BIOS handler.

Affected Systems

This bug dates back 17 years and affects all systems released since 27 July 1993 – Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. See the links below for further details.

Ham Radio Links

Posted by :Derek On : November 29, 2009

Category: Amateur Radio

Tags:access, Adelaide, Adelaide Hills, Amateur Radio, amateur radio operator, antenna, AREG, ASP, Australia, Australian, bar, Barossa, broadcast, Cafe, Card, Chip, circuit, Communications, Corporate, data, Debit, DES, Digital, DNS, dream, Dust, EDR, EFT, Electronic, Enterprise, Ford, frequency, GHz, Guide, hack, hardware, HSM, interface, Internet, Iphone, ISP, Mall, network, online, phone, php, Pin, Protection, Radio, RSA, SAP, School, server, SLA, Stirling, support, Technical, technology, telnet, text, transmission, utility, web

Amateur Packet Radio Australian

Aussiewide Packet Radio Network http://www.ampr.org.au/

AAPRA http://members.optusnet.com.au/aapra

Queensland APRS Users Group http://www.tech-software.net/

VK2KFJ’s Packet Radio Links page http://www.qsl.net/vk2kfj/pacradio.html

VK4ZU http://www.users.on.net/~trevorb/

VK5 AX25 Packet Network Map (VK5AH) http://homepages.picknowl.com.au/wavetel/vk5pack.htm

Winlink

Winpack

International

Amateur Packet Radio Gateways http://www.ampr-gates.net/frame_e.htm

Amateur Packet Radio, net 44, and AMPR.ORG `http://www.ampr.org/

American Febo Enterprises http://www.febo.com/index.html

BayCom http://www.baycom.org/

FUNET http://www.funet.fi/pub/ham/packet/

FUNET ftp://ftp.funet.fi/pub/ham/packet/

F4DAY http://perso.wanadoo.fr/jf.fourcadier/index_e.htm

F6FBB http://www.f6fbb.org/

GB7DIP TNOS/PBBS http://www.qsl.net/gb7dip/access.html

G4JKQ TCP/IP Telnet listing http://www.qsl.net/g4jkq/tcp.htm

G7JJF TNC Driver Support (WINTNC) http://www.g7jjf.demon.co.uk/

High speed packet http://hydra.carleton.ca/articles/hispeed.html

High Speed Packet radio http://www.lmrgroup.com/ke3ht/hspr.html

High-speed Packet Radio http://cacofonix.nt.tuwien.ac.at/~oe1kib/Radio/

KE5FX http://www.qsl.net/ke5fx/

K4ABT (home page) http://www.packetradio.com/

Linux® / Amateur Radio Information http://delbert.matlock.com/linux-radio.htm

Linux AX25-HOWTO http://tldp.org/HOWTO/AX25-HOWTO/

PA3CGO http://www.qsl.net/pa3gco/

Packet Info and Downloads http://www.packetradio.com/

Packet Links http://www.stack.serpukhov.su/~victor/hamradio/packet/packet.html

Packet Net (VK5 packet map) http://www.packetnet.org/

Packet Net (FBB software) http://www.packetnet.org/fbb.htm

PAcket Digital Amateur Network (PADAN) http://www.weaksignals.com/

Radio-TNC Wiring Diagrams http://users3.ev1.net/~medcalf/ztx/wire/

RST http://www.qsl.net/on1blu/

Slovenian ATV/Packet http://lea.hamradio.si/~s51kq/

Sound Card Packet http://www.qsl.net/soundcardpacket/index.html

TAPR http://www.tapr.org/

TNC-X http://www.tnc-x.com/

TPK http://www.f6fbb.org/f1ebn/index.htm

TNOS Central http://www.lantz.com/tnos/

TVIPUG http://www.tvipug.org

WA4DSY 56k RF Modem http://www.wa4dsy.net/

Yet Another 9k6 Modem http://www.microlet.com/yam/

Sound Card Packet

ILINKBOARDS.com http://www.ilinkboards.com/

Sound Card Buddy http://www.sparetimegizmos.com/Hardware/SoundBuddy.htm

Soundcard Interfacing http://www.qsl.net/wm2u/interface.html

Sound Card Packet AGWPE (KC2RLM) http://www.patmedia.net/ralphmilnes/soundcardpacket/

Sound Card Interface with Tone Keyer (WA8LMF) http://members.aol.com/wa8lmf/ham/tonekeyer.htm

QDG sound card interface

Return to Top

Winlink

Winlink! 2000 http://winlink.org/

Aussie Winlink http://www.aussiewinlink.org

Pactor Communications Australia http://www.pca.cc/

Winpack

Winpack home page http://www.peaksys.co.uk/

Winpack info http://www2.tpg.com.au/users/peteglo/winpack.htm

TNC information

General

Setting Your TNC’s Audio Drive Level http://www.febo.com/packet/layer-one/transmit.html

TNC and Radio mods http://www.johnmather.free-online.co.uk/tnc.htm

MFJ

MFJ-1278B Care and maintenance http://www.qsl.net/ke4mob/

AEA

AEA radio and TNC mods http://www.k7on.com/mods/aea/mods/aeamod.txt

Other suppliers

BYONICS http://byonics.com/

Fox Delta http://www.foxdelta.com/

Kantronics http://www.kantronics.com/

PacComm http://www.paccomm.com/

The DXZone Digital and Packet Radio http://www.dxzone.com/catalog/Manufacturers/Digital_and_Packet_Radio/

Tigertronics http://www.tigertronics.com/

Timewave http://www.timewave.com/amprods.html

TNC-X – The Expandable TNC http://www.tnc-x.com/

Gateways

Amateur Packet Radio Gateways http://www.ampr-gates.net

G4JKQ http://www.g4jkq.co.uk/

The Gateways Home Page http://www.ampr-gateways.org/

High-Speed Digital Networks and Multimedia (Amateur)

North Texas High Speed MultiMedia group http://groups.yahoo.com/group/ntms-hsmm/

Also take a look at the wireless LAN pages

APRS

Aus APRS http://www.radio-active.net.au/vk2_aprs.html

APRS http://www.radio-active.net.au/web/gpsaprs/aprsrept.html

APRS http://aprs.rutgers.edu/

APRS http://www.cave.org/aprs/

APRS in Adelaide http://vk5.aprs.net.au/

AVR-Microcontroller http://www.qsl.net/dk5jg/aprs_karten/index.html

APRS in the UK http://www.aprsuk.net/

aprsworld http://www.aprsworld.net

APRS.DE http://www.aprs.de/

APRS-Berlin http://www.aprs-berlin.de/

APRS-Frankfurt http://www.aprs-frankfurt.de/

BYONICS (Electronics Projects for Amateur Radio) http://www.byonics.com/

CanAPRS http://www.canaprs.net/

Dansk APRS Gruppe http://www.aprs.dk/

findU.com http://www.findu.com/

France APRS http://www.franceaprs.net/

Kansas City APRS Working Group http://www.kcaprs.org/

KD4RDB http://wes.johnston.net/aprs/

Live Australian APRS data maps http://www.aprs.net.au/japrs_live.html

NIAN http://nian.aprs.org/

Queensland APRS Users Group http://www.tech-software.net/

Tri-State APRS Working Group http://www.tawg.org/

Other Digital Modes

General

HF-FAX http://www.hffax.de/index.html

ZL1BPU http://www.qsl.net/zl1bpu/

Morse Code

CW Operators’ QRP Club Inc. http://www.users.on.net/~zietz/qrp/club.htm

Fists Down Under http://fistsdownunder.morsekeys.com

LEARN MORSE CODE in one minute ! http://www.learnmorsecode.com/

MRX morse code http://www.mrx.com.au/

Not Morse Code, Slow Scan , Packet or APRS

HamDream by HB9TLK (digital radio) http://www.qslnet.de/member/hb9tlk/

JE3HHT, Makoto (Mako) Mori http://www.qsl.net/mmhamsoft/

PSK31 and other PC Magic http://www.psk31.com/

WSJT ACTIVITY IN AU (follow link) http://www.tased.edu.au/tasonline/vk7wia/

Amateur Digital Radio

AR Digital Voice Communications http://www.hamradio-dv.org/

Australian National D-Star http://www.dstar.org.au/

Ham Radio digital info http://www.hamradio.com/pdf/dstar.pdf

ICOM America digital http://www.icomamerica.com/amateur/dstar/

Temple University Digital Voice Project http://www.temple.edu/k3tu/digital_voice.htm

Temple University Vocoder Redux http://www.temple.edu/k3tu/VocoderRedux.pdf

WinDRM – HF Digital Radio Mondiale http://n1su.com/windrm/

D-Star

Australian D-Star information http://www.dstar.org.au/

D-Star wikipedia http://en.wikipedia.org/wiki/D-STAR

ICOM America D-Star Forums http://www.icomamerica.com/en/support/forums/tt.asp?forumid=2

Software Defined Radio

FlexRadio Systems Software Defined Radios http://www.flex-radio.com/

Rocky software for SoftRock-40 hardware http://www.dxatlas.com/rocky/

SDRadio – a Software Defined Radio http://digilander.libero.it/i2phd/sdradio/

SoftRock-40 Software Defined Radio http://www.amqrp.org/kits/softrock40/index.html

The Weaksignals pages og Alberto I2PHD (software) http://www.weaksignals.com/

Digital Radio

BBC digital Radio http://www.bbc.co.uk/digitalradio/

Digital Audio Broadcasting http://www.digitalradio.ca/

Digital Radio Broadcasting http://happy.emu.id.au/lab/info/digradio/index.html

Digital Radio http://www.magi.com/~moted/dr/

DRDB http://www.drdb.org/

DRM – Digitaler Rundfunk unter 30 MHz http://www.b-kainka.de/drm.htm#dritte

Amateur Radio Direction Finding

Amateur Radio Direction Finding and Orienteering http://vkradio.com/ardf.html

Amateur Radio Direction Finding Webring http://www.qsl.net/vk3zpf/webring1.htm

Homing In http://members.aol.com/homingin/

RON GRAHAM ELECTRONICS (ARDF and more) http://users.mackay.net.au/~ron/

Victorian ARDF Group Inc. http://www.ardf.org.au/

Repeater Linking

There are currently There are 5 internet linking projects that I know of :-

IRLP,Â iPHONE, iLINK, eCHOLINK and WIN SYSTEM (May 2005)

EchoLink http://www.echolink.org/

Hamlink (K1RFD) http://www.hamlink.net/

KWARC (live audio) http://www.kwarc.org/listen/

Internet Linking http://www.qsl.net/g3zhi/index2.html

IRLP http://www.irlp.net/

IRLP status http://status.irlp.net

WIN SYSTEM http://www.winsystem.org/

iLINK

G4CDY-L Internet Gateway http://www.g4cdy.co.uk/

iLink http://www.aacnet.net./

VA3TO iLINK INTERFACE http://www.ilinkca.com/

VK2JTP iLINK gateway http://www.qsl.net/vk2jtp/

WB2REM & G4CDY’SÂ iLINK boards http://www.ilinkboards.com/

WB4FAY http://www.wb4fay.com/ilink_FAQ.html

INTERFACES

ILINKBOARDS.com http://www.ilinkboards.com/

laser diodes

A R Laser Communications http://www.qsl.net/wb9ajz/laser/laser.htm

Australian Optical DX Group http://groups.yahoo.com/group/Optical_DX/

Driver Enhancements http://www.misty.com/people/don/laserdps.htm#dpsdepm

European Laser Communications http://www.emn.org.uk/laser.htm

Ronja http://atrey.karlin.mff.cuni.cz/~clock/twibright/ronja/

Amateur Radio Licence

radiofun http://www.alphalink.com.au/~parkerp/gateway.htm

Worldwide Information on Licensing for Radio Amateurs by OH2MCN http://www.qsl.net/oh2mcn/license.htm

Amateur Radio Clubs and Organisations

Also see ATV link page

and VHF link page

Australian

Adelaide Hills Amateur Radio Society http://www.qsl.net/vk5bar/

Amateur Radio Victoria http://www.amateurradio.com.au/

Barossa Amateur Radio Club VK5BRC http://www.qsl.net/vk5brc/

Brisbane Amateur Radio Club http://www.qsl.net/vk4ba/index.html

Brisbane VHF Group

Central Coast Amateur Radio Club http://www.ccarc.org.au/

Central Goldfields A R Club http://www.cgfar.com/

CHIFLEY A R CLUB http://chifley.radiocorner.net/

Coffs Harbour & District Amateur Radio Club http://www.qsl.net/vk2ep/index.html

CW Operators’ QRP Club Inc. http://www.users.on.net/~zietz/qrp/club.htm

Eastern and Mountain District Radio Club http://www.emdrc.com.au

Gold Coast AR Society http://www.gcars.com.au/

Healesville Amateur Radio Group http://www.harg.org.au/

Historical Wireless Society of South East Queensland http://www.hws.org.au/

Ipswich Metro Radio Group http://imrg.ips-mesh.net/

Lockyer Valley Radio and Electronic Club Inc http://www.qsl.net/vk4wil/

Manly-Warringah Radio Society http://www.qsl.net/vk2mb/

NWTARIG http://vk7ax.tassie.net.au/nwtarig/

QRP Amateur Radio Club International http://www.qrparci.org/

Queensland APRS Users Group http://www.tech-software.net/

RADAR Club Inc http://radarclub.tripod.com

Radio Amateurs Old Timers Club Australia Inc http://www.raotc.org.au/

Radio Sport http://www.uq.net.au/radiosport/

Radio and Electronics Association of Southern Tasmania http://reast.asn.au/

Riverland Amateur Radio Club http://www.rrc.org.au/

South Australian Packet User Group Inc. (SAPUG) http://www.sapug.ampr.org/

SERG http://serg.mountgambier.org

South Coast AMATEUR RADIO Club http://www.scarc.org.au/

SOUTHSIDE AMATEUR RADIO SOCIETY http://www.qsl.net/vk4wss/

Sunshine Coast Amateur Radio Club http://vk4wis.org/

VK Young Amateur Radio Operator’s Net http://www.geocities.com/vk_ya/

VK3APC http://www.mdrc.org.au/

VK3BEZ (WIA Eastern Zone Amateur Radio Club) http://www.qsl.net/vk3bez/

VK4WIL http://www.qsl.net/vk4wil/

West Australia Repeater Group http://www.warg.org.au

WESTLAKES AR Club http://www.westlakesarc.org.au/

WIA VK4 Qld http://www.wiaq.com/

WIA VK4 QNEWS NEWSROOM http://www.wiaq.com/qnews/upload/qnews.htm

WIA http://www.wia.org.au/

WICEN Australia http://www.wicen.org.au/

WICEN Brisbane Qld

New Zealand

NZART http://www.nzart.org.nz/nzart/

Papakura Radio Club http://www.qsl.net/zl1vk/

Wanganui Amateur Radio Society Inc. http://www.zl2ja.org.nz/

Wellington VHF Group http://www.vhf.org.nz/

International

American QRP Club http://www.amqrp.org/index.html

ARRL http://www.arrl.org/

Clear Lake Amateur Radio Club http://www.clarc.org/

FRARS http://www.frars.org.uk/

HKAR http://www.hkra.org/

HRDXA http://www.qsl.net/vr2dxa/

KIDSHAMRADIO http://www.kidshamradio.com/

K2MFF Amateur Radio club http://www-ec.njit.edu/~k2mff/

North TeXas Repeater Association http://www.ntxra.com/main_page.htm

N0WGE http://www.sckans.edu/~sireland/radio/

The Repeater Builders Technical Information Page http://www.repeater-builder.com/rbtip/index.html#main-index

Richardson Wireless Klub http://www.k5rwk.org/

RADARS http://www.mbc.co.uk/RADARS/

RSGB http://www.rsgb.org/

SARL http://www.sarl.org.za/

Submarine Veterans Amateur Radio http://w0oog.50megs.com/

Southgate AR club http://www.southgatearc.org/index.htm

TEARA http://www.teara.org/

The 500 KC Experimental Group for Amateur Radio http://www.500kc.com/

Tucson Amateur Packet Radio http://www.tapr.org/

W6DEK 435 Los Angeles http://www.w6dek.com/

Amateur Radio

Australian

Australian AR Repeater Map http://vkham.com/australimaps.html

AMATEUR RADIO WIKI http://www.amateur-radio-wiki.net

HAM SHACK COMPUTERS http://www4.tpgi.com.au/users/vk6pg/

Ham Radio in Australia with VK1DA http://members.ozemail.com.au/~andrewd/hamradio/

HF Radio Antenna Tuners http://www.users.bigpond.net.au/eagle33/elect/ant_tuner.htm

Queensland AR Repeater listings http://vkham.com/Repeater/vk4map.html

Radioactive Networks: Ham http://www.radio-active.net.au/web/ham/

Tony Hunt VK5AH (Home of Adelaides 10m Repeater) http://homepages.picknowl.com.au/wavetel/default.htm

VK1DA’s Amateur Radio Web Directory vk1da.net/radlink.html

VK1KEP http://www.pcug.org.au/~prellis/amateur/

VK1OD owenduffy.net

VK2BA (AM radio) http://www.macnaughtonart.com/default.htm

VK3PA http://www.vk3pa.com/home.asp

VK3UKF http://members.fortunecity.co.uk/vk3ukf/index.html

VK3XPD http://www.users.bigpond.com/alandevlin/index.html

VK3YE’s Gateway to AR http://www.alphalink.com.au/~parkerp/gateway.htm

VK3ZQB http://members.datafast.net.au/vk3zqb/

VK4CEJ http://www.hfradio.org/vk4cej/hamlinks.html

VK4TEC http://www.tech-software.net/

VK4TUB http://www.vk4tub.org/

VK4ZGB http://members.optusnet.com.au/jamieb/index.html

VK4ZU http://www.users.on.net/~trevorb/

VK5BR http://users.tpg.com.au/users/ldbutler/

VK5KK http://www.ozemail.com.au/~tecknolt/index.html

VK8JJ http://www.qsl.net/vk8jj/

New Zealand

Micro Controller Projects for Radio Amateurs and Hobbyists http://www.qsl.net/zl1bpu/micro/index.htm

Precision Frequency Transmission and Reception http://www.qsl.net/zl1bpu/micro/Precision/index.htm

ZL3TMB http://www.hamradio.co.nz/

International

AC6V’s AR & DX Reference http://www.ac6v.com/

Amateur radio with Knoppix http://www.afu-knoppix.de/

Amateur Radio Soundblaster Software Collection http://www.muenster.de/~welp/sb.htm

AM fone.net http://www.amfone.net

AMRAD Low Frequency Web Page http://www.amrad.org/projects/lf/index.html

DL4YHF http://www.qsl.net/dl4yhf/

Direction finding http://members.aol.com/homingin/

DSP Links http://users.iafrica.com/k/ku/kurient/dsp/links.html

Electric-web.org www.electric-web.org

EI4HQ http://www.4c.ucc.ie/~cjgebruers/index.htm

EI8IC http://www.qsl.net/ei8ic/

EHAM http://www.eham.net/

eQSL (electronic QSL) http://www.eqsl.cc/qslcard/

HamInfoBar http://www.haminfobar.co.uk/

Felix Meyer http://home.datacomm.ch/hb9abx/

FUNET http://www.funet.fi/pub/ham/

F4DAY http://perso.wanadoo.fr/jf.fourcadier/index_e.htm

Gateway to Amateur Radio http://www.alphalink.net.au/~parkerp/gabra.htm

Grid Square Locator http://www.arrl.org/locate/grid.html

G3PTO http://www.qsl.net/g3pto/

G4KLX (The [ON/]G4KLX Page) http://www.qslnet.de/member/g4klx/

HAM RADIO EQUIPMENT & ACCESSORIES http://www.area-ham.org/library/equip/equip.htm

Ham-Links http://www.k1dwu.net/ham-links/

HAMUNIVERSE.COM http://www.hamuniverse.com/

Hamview DSP software http://www.qsl.net/k3pgp/Hamview/hamview.htm

Homebrew RF Test Equipment And Software http://www.qsl.net/n9zia/wireless/appendixF.html#10

KB4VOLÂ Â link site http://pages.prodigy.com/kb4vol/

KE5FX http://www.qsl.net/ke5fx/

KF6VTA & KG4TBJ http://www.geocities.com/silensiosham/index.html

KU4AY ham radio directory http://www.ku4ay.net/

K1DWU http://www.k1dwu.net/

K1TTT http://www.k1ttt.net/

K1TTT Technical Reference http://www.k1ttt.net/technote/techref.html

K3PGP http://www.k3pgp.org/

K3TZ Ham Radio Experimentation http://www.qsl.net/k3tz/

K6XC (links) http://home.earthlink.net/~rluttringer/

Lighthouses (International Lighthouse/ Lightship Weekend) http://illw.net

Links2go http://www.links2go.net/more/www.ampr.org/

Mels AMATEUR RADIO LINK’S http://www.users.zetnet.co.uk/melspage/amlinks.htm

Michael Todd Computers & Communications http://www.arcompanion.com/

MoDTS http://www.m0dts.co.uk/

NT8N http://www.qsl.net/nt8n

NW7USÂ Â (Amateur and Shortwave Radio) http://hfradio.org/

N3EYR’s Radio Links http://www.isrv.com/~joel/radio.html

PD0RKC http://www.qsl.net/pd0rkc/

PI6ATV (ATV, Antenna, software, info) http://members.tripod.lycos.nl/PI6ATV/software.htm

Radio Links http://www.angelfire.com/ri/theboss1/

Radio Corner (forum) http://www.radiocorner.net

Ray Vaughan http://rayvaughan.com/

Reference http://www.panix.com/~clay/ham/

streaming radio programs http://live365.com/home/index.live

The Elmer HAMlet (information) http://www.qth.com/antenna/index.htm

VE1XYL and VE1ALQ http://www.qsl.net/ve1alq/downloads/tetrode-ps/pwrsup.htm

WB6VUB (links) http://www.mpicomputers.com/ham/

WL7LP http://www.geocities.com/TimesSquare/Castle/3782/wl7lp.html

W2XO http://www.w2xo.pgh.pa.us/

XE1BEFÂ (DX, mods, links and more) http://www.geocities.com/xe1bef/

Communications Equipment

Australian

Andrews Communication Systems http://www.andrewscom.com.au/

AUSTRALIAN ENTERPRISE INDUSTRIAL http://www.spin.net.au/~aeitower/

BENELEC www.benelec.com.au

Bushcomm www.bushcomm.com.au

G. & C. COMMUNICATIONS www.gccomm.com.au

Hamak (RM Products Italy) http://www.hamak.com.au/

Hamshack http://www.hamshack.com.au

KENWOOD Australia http://www.kenwood.com.au/

Kyle Communications http://www.kyle.com.au/

ICOM Australia http://www.icom.net.au

Mini-kits http://www.minikits.com.au/

OZGEAR http://www.ozgear.com.au/

Radio-Data (links) http://www.radio-data.net/

Radio Specialists (equipment connectors and antenna) http://www.radiospecialists.com.au

STRICTLY HAM http://www.strictlyham.com.au/

TET-EMTRON www.tet-emtron.com

Townsville CB& Communications http://www.vk4tub.org/tcb/tcb.html

TTS Systems http://www.ttssystems.com.au/

VK4-ICE Communications http://www.vk4ice.com

WiNRADiO (PC based receivers) http://www.winradio.com.au

International

MFJ http://www.mfjenterprises.com/index.php

Vertex Standard http://www.vxstd.com/en/index.html

W7FG VINTAGE MANUALS CATALOGUE http://www.w7fg.com/index.html

Z Communications Company (repair of old radio equipment) http://home.comcast.net/~zcomco/

Equipment suppliers and manufacturers

Easy-radio (your DNS server may have problems finding this site) http://www.easy-radio.co.uk/

Kits and Components

Australian and selected international suppliers

ACRES ELECTRONICS http://www.acreselectronics.co.nz/product.htm

Allthings http://www.allthings.com.au/

Altronics http://www.altronics.com.au/

Antique Electronic Supply http://www.tubesandmore.com/

Antenna Systems and Supplies Inc. (sm) http://www.antennasystems.com/

Av-COMM http://www.avcomm.com.au/

BYONICS http://www.byonics.com/

Clarke & Severn Electronics http://www.clarke.com.au

Cliff Electronics (Aus) Pty. Ltd http://www.cliff.com.au/

Computronics http://www.computronics.com.au/tools/

David Hall Electronics http://www.dhe.com.au

Dick Smith Electronics http://www.dse.com.au/cgi-bin/dse.storefront

Digi-Key http://www.digikey.com/

Dominion Electronics http://www.dominion.net.au/

Electronics http://www.michelletroutman.com/index.htm

Elliott Sound Products http://sound.westhost.com/index2.html

Farnell http://www.farnell.com/

Fox Delta http://www.foxdelta.com/

G1MFG.com (ATV and more) http://www.g1mfg.com/index.html

Hammond Mfg http://www.hammondmfg.com/

Hy-Q International http://www.hy-q.com.au

IRH Components http://www.irh.com.au/index.htm

Jaycar http://www.jaycar.com.au/

Microwave Dynamics http://www.microwave-dynamics.com/

MicroZed Computers http://www.microzed.com.au/

Mini-Circuits http://www.minicircuits.com/

Mini-kits http://www.minikits.com.au/

Mouser Electronics http://www.mouser.com/

NEWTEK ELECTRONICS http://www.newtek.com.au/

Oatley electronics http://www.oatleyelectronics.com/

Ocean State Electronics http://www.oselectronics.com/

Ozitronics http://www.ozitronics.com/

pacific DATACOM http://www.pacificdatacom.com.au

Picaxe http://www.Picaxe.com.au

Prime Electronics http://www.prime-electronics.com.au/

Radio Parts http://www.radioparts.com.au/

R.C.S. Radio (circuit boards) http://www.rcsradio.com.au/

RF Modules Australia (ZigBee) http:\www.rfmodules.com.au

RFShop (Brisbane) http://www.rfshop.com.au/

Rockby Electronics and Computers http://www.rockby.com.au/

RS Components http://www.rsaustralia.com/

Semtronics http://www.semtronics.com.au/

Sicom http://www.sircom.co.nz

Silvertone Electronics http://www.silvertone.com.au/

South Island Component Centre (New Zealand) http://www.sicom.co.nz/

Surplus Sales of Nebraska http://www.surplussales.com/

Surplustronics (New Zealand) http://www.surplustronics.co.nz/

Tandy (Australia) http://www.tandy.com.au/

Teckics http://www.techniks.com/

TTS Systems http://www.ttssystems.com.au/

WB9ANQ’s Surplus Store http://www.qsl.net/wb9anq/

Wiltronics http://www.wiltronics.com.au/

Worldwide Electronic Components http:/www.iinet.net.au/~worcom

13cm.co.uk http://www.13cm.co.uk/

Also look at the ATV links

PCB layout and schematic programs baas electronics LAYo1 PCB http://www.baas.nl/layo1pcb/uk/index.html

Easytrax http://www.cia.com.au/rcsradio/

Electronics WORKBENCH http://www.ewbeurope.com/Franklin Industries http://www.franklin-industries.com/Eagle/starteagle.html McCAD http://www.mccad.com/ OrCAD http://www.orcad.com/downloads.aspx TARGET 3001! http://www.ibfriedrich.com/english/engl_vordownload.htm Tech5 http://www.tech5.nl/eda/pcblayout TinyCAD http://tinycad.sourceforge.net/ VEGO ABACOM http://www.vego.nl/abacom/download/download.htm

Amateur Satellites and space

AMSAT http://www.amsat.org/

AMSAT-DL http://www.amsat-dl.org/

AMSAT-ZL (kiwisat) http://www.amsat-zl.org.nz/

CSXT Civilian Space eXploration Team http://www.civilianspace.com/

electric-web.org http://www.electric-web.org

esa http://www.esa.int/esaCP

Heavens-above http://www.heavens-above.com/

ISS fan club http://www.issfanclub.com

SATSCAPEÂ Â Â (free satellite tracking program) http://www.satscape.co.uk/

Satellite tracking software http://perso.club-internet.fr/f1orl/index.html

Satsignal http://www.satsignal.net/

Space.com http://www.space.com/

UHF-Satcom.com http://www.uhf-satcom.com

Propagation

NOAA http://www.sec.noaa.gov/

IPS Radio and Space Services http://www.ips.gov.au/

ITS http://www.its.bldrdoc.gov/

Near-Real-Time MUF Map http://www.spacew.com/www/realtime.php

Radio Mobile (path prediction) http://www.cplus.org/rmw/english1.html

VK4ZU (Propagation) http://www.users.on.net/~trevorb/

Satellite TV

AV-COMM http://www.avcomm.com.au/

KANSAT http://www.kansat.com.au/

KRISTAL electronics http://www.kristal.com.au/index.html

Lyngsat http://lyngsat.com/

Nationwide Antenna Systems http://www.uq.net.au/~zznation/index.html

Satcure http://www.satcure.com/

SAT TV http://www.sattv.com.au/

Radio and Scanning

Australian

Brisbane Radio Scanner http://www.angelfire.com/id/samjohnson/

Extreme Worldwide Scanner Radio http://members.optushome.com.au/extremescan/scanning.html

Newcastle Area Radio Frequency Guide http://scanhunter.tripod.com/index.html

RADIO FREQUENCIES AND INFORMATION http://www.qsl.net/vk1zmc/information.html

New Zealand

Kiwi Radio http://kiwiradio.blakjak.net/

NZscanners http://www.nzscanners.org.nz/

Wellington Scanner Frequencies http://wsf2003.tripod.com/

ZLScanner http://homepages.paradise.net.nz/lovegrov/

ZL3TMB (Christchurch NZ) http://www.hamradio.co.nz/

International

Frequency guide http://www.panix.com/~clay/scanning/

Incident Broadcast Network (including Australian feeds) http://www.incidentbroadcast.com

Radio H.F.Â (some ham stuff) http://www3.sympatico.ca/radiohf/

RadioReference.com http://www.radioreference.com/index.php

Amateur Radio DX and Contest

DX Cluster

AA1V’s DX Info-Page http://www.goldtel.net/aa1v/

AC6V’s AR & DX Reference http://www.ac6v.com/

Australian contesting http://www.vkham.com/index.html

Buckmaster callsign database http://www.buck.com/cgi-bin/do_hamcall

DX Greyline http://www.fourmilab.ch/cgi-bin/uncgi/Earth/action?opt=-p

DX Summit http://oh2aq.kolumbus.com/dxs/

DX 425 News http://www.425dxn.org/

EHAM http://www.eham.net/

EI8IC Global Overlay Mapper http://www.mapability.com/ei8ic/

eQSL (electronic QSL) http://www.eqsl.cc/qslcard/

German DX Foundation-GDXF http://www.gdxf.de/

GlobalTuners (provides access to remotely controlled radio receivers all over the world) http://www.globaltuners.com/

Ham Atlas by SP6NVK http://www.hamatlas.eu/

Kiwi DX List http://groups.yahoo.com/group/kiwidxlist/

Oceania Amateur Radio DX Group Incorporated http://odxg.org/

Oceania DX Contest http://www.oceaniadxcontest.com/

QRZ.COM http://www.qrz.com/site.html

The AM Window http://www.amwindow.org/index.htm

The Daily DX http://www.dailydx.com

IARU QSL Bureaus http://www.iaru.org/iaruqsl.html

International DX Association http://www.indexa.org/

Internet Ham Atlas http://www.hamatlas.eu/

IOTA http://www.425dxn.org/iota/

IOTA groups and Reference http://www.logiciel.co.uk/iota/shtlist.html

IOTA RSGB http://rsgbiota.org

IOTA 425 http://www.425dxn.org/iota

Island Radio Expedition Fondation http://www.islandradio.org/

LA9HW HF Contest page http://home.online.no/~janalme/hammain.html

NG3K Contest/DX Page http://www.cpcug.org/user/wfeidt/

Northern California DX Foundation http://www.ncdxf.org

Simple phrases in European Languages http://web.onetel.com/~stephenseabrook/

SUMMITS on the AIR http://www.sota.org.uk/

Telnet Access to DX Packet Clusters http://cpcug.org/user/wfeidt/Misc/cluster.html

The DX Notebook http://www.dxer.org/

VE6OA’s DX Links http://www.compusmart.ab.ca/agirard/dxlinks.htmVK Contest Club http://www.vkcc.com

World of DK4KQ http://www.dl4kq.de/

XE1BEFÂ DX and links http://www.geocities.com/xe1bef/

Logging Software

VK Contest Log (VKCL) http://web.aanet.com.au/mnds/

VK/ZL Logger http://www.vklogger.com

WinRD+ logging program http://www.rjmb.net/rd/index.htm

Cluster

AR-Technology AB5K.net http://www.ab5k.net/Home.aspx

Clusse http://he.fi/clusse/

CLX Home page http://clx.muc.de/

DX CLUSTER programs http://pages.cthome.net/n1mm/html/English/DXClusters.htm

DXCluster http://www.dxcluster.org/

DXCluster.Info http://www.dxcluster.info/

DxNet http://www.dxnet.free.fr/

DX PacketCluster Sites on the Internet http://www.n4gn.com/cluster.html

DXSpider – DX cluster system is written in perl http://linux.maruhn.com/sec/dxspider.html

Packet Cluster user manual http://www.yccc.org/Resources/ysa/manual/

The DXSpider User Manual http://www.dxcluster.org/main/usermanual_en.html

VE7CC-1 Dx Spider Cluster http://www.ve7cc.net/

Short Wave DX

AUSTRALIAN RADIO DX CLUB http://www.ardxc.info/

Electronic DX Press (HF, MW and VHF) http://members.tripod.com/~bpadula/edxp.html

Contesting.com http://www.contesting.com/

CQ World Wide DX Contest http://www.cqww.com/

K6XX http://www.k6xx.com/

Longwave Club of America (also Ham) http://www.lwca.org

NIST time stations http://www.boulder.nist.gov/timefreq/stations/wwvb.htm

OK1RR DX & Contesting Page http://www.qsl.net/ok1rr/

Prime Time Shortwave http://www.primetimeshortwave.com/

Radio Interval Signals http://www.intervalsignals.org/

shortWWWave http://swww.dwerryhouse.com.au/

SM3CER Contest Service http://www.sk3bg.se/contest/index.htm

The British DX Club http://www.bdxc.org.uk/

Yankee Clipper Contest Club http://www.yccc.org/

Radio Scouting

Scouts Australia JOTA/JOTI http://www.international.scouts.com.au/main.asp?iMenuID=9071085

The history of the Jamboree On The Air http://home.tiscali.nl/worldscout/Jota/jota history.htm

World Organization of the Scout Movement http://www.scout.org/jota/

Australian Regulator

ACMA http://www.acma.gov.au/

International Regulator

ITU http://www.itu.int/home/index.html

Electronic Information and technical reference

AC6V’s Technical Reference http://www.ac6v.com/techref.htm

Chip directory http://www.embeddedlinks.com/chipdir/abc/s.htm#simm

Circuit Sage http://www.circuitsage.com/

CommLinx Solutions Pty Ltd http://www.commlinx.com.au/default.htm

Computer Power Supply Mods http://www.qsl.net/vk4ba/projects/index.html

Discover Circuits http://www.discovercircuits.com/

Electronic Information http://www.beyondlogic.org/

Electronics Links and Resources http://yallara.cs.rmit.edu.au/~pleelave/electronics1.html

Epanorama (lots of links) http://www.epanorama.net/

Electronics Tutorials http://www.electronics-tutorials.com/

Electronic Theory http://www.electronicstheory.com/

Fox Delta http://www.foxdelta.com/

GREG’S DOWNLOAD PAGE http://www.rfcascade.com/index.html

Hobby Projects (electronic resource) http://www.hobbyprojects.com/tutorial.html

Hittite http://www.hittite.com

Information site http://www.epanorama.net/

ISO Date / Time http://wwp.greenwichmeantime.com/info/iso.htm

Latitude/Longitude Conversion utility – 3 formats http://www.directionsmag.com/latlong.php

New Wave Instruments (check out SS Resources) http://www.newwaveinstruments.com/index.htm

Paul Falstad (how electronic circuits work) http://www.falstad.com/circuit/

PINOUTS.RU (Handbook of hardware pinouts) http://pinouts.ru/

PUFF http://www.cco.caltech.edu/~mmic/puffindex/puffE/puffE.htm

RadioReference http://www.radioreference.com/

RF Cafe http://www.rfcafe.com/

RF Globalnet http://www.rfglobalnet.com

RHR Laboratories http://www.rhrlaboratories.com/#Software

rfshop http://www.rfshop.com.au/page7.htm

RS232 Connections, and wiring up serial devices http://www.airborn.com.au/rs232.html

RF Power Table

Science Lobby (electronic links) http://www.sciencelobby.com/

Tech FAQ http://www.tech-faq.com/

The12volt.com (technical information for mobile electronics installers) http://www.the12volt.com/

Electronic service

Repair of TV Sets http://www.repairfaq.org/sam/tvfaq.htm

Sci.Electrinic.Repair FAQ http://www.repairfaq.org/sam/tvfaq.htm

Service engineers Forum http://www.e-repair.co.uk/index.htm

Cable Data

Andrews http://www.andrew.com/default.aspx

Belden http://www.belden.com/

CO-AX CABLE DATA http://www.electric-web.org/coax.htm

Coaxial cable data http://www.qsl.net/kc6uut/coax.html

Coaxial Cable Page http://www.cdi2.com/build_it/coaxloss.htm

HB9ABX http://home.datacomm.ch/hb9abx/coaxdat.htm

HB9HD http://www.hb9hd.ch/PDF/coaxcable.pdf

KC6UUT http://www.qsl.net/kc6uut/coax.html

NESS Engineering http://www.nessengr.com/techdata/coaxdata.html

RF Industries cables http://www.rfindustries.com.au/rfiproducts/cablesConnectors/coaxialCables.htm

THERFC http://www.therfc.com/coax.htm

Times Microwave http://www.timesmicrowave.com/

VK3KHB http://www.gak.net.au/vk3khb/atv/coaxchrt.html

W4ZT http://w4zt.com/coax.html

X.net Antenna cable chart http://www.x.net.au/antenna_cable.html

50 W Coaxial Cable Information http://www.dma.org/~millersg/coax50.html

75 W Coaxial Cable Information http://www.dma.org/~millersg/coax75.html

Antique Radio

Antique Electronic Supply http://www.tubesandmore.com/

Alan Lord http://www.dundeecoll.ac.uk/sections/cs/staff/al_radio/

Antique Radio http://antiqueradios.com/

Apex Jr http://www.apexjr.com/

Archives of Boatanchors http://www.tempe.gov/archives/boatanchors.html

Australian Vintage Radio MK II http://www.southcom.com.au/~pauledgr/

Australian Wireless (OZ-Wireless) Email List http://www.clarion.org.au/wireless/

AWA and Fisk Radiola http://203.44.53.131/Radiola/AWA1b.htm

Crystal Radio http://www.crystalradio.net/

Glowbugs http://www.mines.uidaho.edu/~glowbugs/

Hammond Museum of Radio http://www.hammondmuseumofradio.org/

Historical Radio Society of Australia Inc. http://www.hrsa.asn.au/

JMH’s Virtual Valve Museum http://www.tubecollector.org/numbers.htm

John Rose’s Vintage Radio Home http://personal.nbnet.nb.ca/jrose/radios/radiomain.htm

Klausmobile Russian Tube Directory http://klausmobile.narod.ru/td/indexe.htm

KK7TV http://www.kk7tv.com/kk7tv.html

Kurrajong Radio Museum http://www.vk2bv.org/museum/

Links to Vintage Radios (Amateur) http://www.qsl.net/ka4pnv/vrlinks.htm

Mike’s Electric Stuff http://www.netcomuk.co.uk/~wwl/electric.html

Nostalgiar Air http://www.nostalgiaair.org/

Phil’s Old Radios http://antiqueradio.org/

Radio A’s Vintage Radio Page http://www.mnsi.net/~radioa/radioa.htm

Radio Era http://www.radioera.com/

Rap ‘n Tap http://www.midnightscience.com/rapntap/

Replacing Capacitors http://antiqueradio.org/recap.htm

Savoy Hill Publications http://www.valvesunlimited.demon.co.uk/Noframes/savoy_hill_publications.htm

South East Qld Group of the HRSA http://seqg.tripod.com

SEQG of the HRSA Crystal comp http://www.clarion.org.au/crystalset/

SEQG One Tube Radio comp http://seqg.tripod.com/onetube/onetube.html

TEARA’S VINTAGE RADIO LINK PAGE http://www.ipass.net/~teara/vin.html

The Vintage Radio Emporium http://www.vintageradio.info/

The Wireless Works http://www.wirelessworks.co.uk/

Triode Tube Data http://www.triodeel.com/tubedata.htm TubesworldÂ (Valve Audio and Valve data) http://www.tubesworld.com/

Vintage Radio http://www.vintage-radio.com/index.shtml

Vintage Radio Times http://www.vintageradiotimes.com/Page_1x.html

Vintage Radios and programs http://www.compusmart.ab.ca/agirard/VINTAGE.HTM

Vintage Radios UK http://www.valve.demon.co.uk/

Vintage Radio and Test Equipment Site http://www.geocities.com/eb5agv/

Vintage Radio World http://www.burdaleclose.freeserve.co.uk/

Vintage Radio and Audio Pages http://www.mcallister.simplenet.com/

VMARS http://www.vmars.org.uk/

W7FG VINTAGE MANUALS CATALOGUE http://www.w7fg.com/index.html

Ye Olde Hurdy Gurdy Museum of Vintage Radio http://ei5em.110mb.com/museum.html

Valve Audio and Valve data Ake’e Tube Data http://w1.871.telia.com/~u87127076/index.htm CVC http://www.chelmervalve.com/index.html

Data Sheet Locator http://www.duncanamps.co.uk/cgi-bin/tdsl3.exe/

Eimac http://www.cpii.com/eimac/index.html

Frank’s Electron tube Pages http://home.wxs.nl/~frank.philipse/frank/frank.html

HammondÂ Manufacturing http://www.hammondmfg.com/

House of Tubes http://www.house-of-tubes.com/home/Library.asp

High Voltage Tube Archive http://www.funet.fi/pub/sci/electrical/tesla/tubes/

Kiewavly http://home.mira.net/~kiewavly/audio1.html

Industrial Valve Data http://www.netcomuk.co.uk/~wwl/data.html

Machmat http://www.machmat.com/

NJ7P Tube Data Search http://hereford.ampr.org/cgi-bin/tube?index=1

RCA-R10 Data http://www.nmr.mgh.harvard.edu/~reese/RC10/

SAS Audio Labs http://www.sasaudiolabs.com/

Sowter Audio Transformers http://www.sowter.co.uk/

Spice Valves http://www.duncanamps.com/spicevalves.html

Tubetec http://www.tubetec.freeserve.co.uk/

TUBEWORLD INC. http://www.tubeworld.com/

Tube datasheets http://www.wps.com/archives/tube-datasheets/index.html

Vacuum Tube Links http://www.michelletroutman.com/tubes.htm

Valves and Tubes http://www.euramcom.freeserve.co.uk/tubes.html

Valve Data Links http://www.thevalvepage.com/links/valvdata.htm

Valve Data http://www.arrakis.es/~igapop/referenc.htm

Valves Unlimited http://www.valvesunlimited.demon.co.uk/Noframes/links.htm

Valve and Tube Supplies http://www.valves.uk.com/

Valveamps.com http://www.valveamps.com/

Audio

Audio Calculators and Links http://www.audioscientific.com/Audio Calculators & References Links.htm

BKC GROUP http://www.bkcgroup.fsnet.co.uk/

Car Audio Australia http://www.caraudioaustralia.com/

DIY Audio http://www.diyaudio.com/

Duncan’s Amp Pages http://www.duncanamps.com/

Elliott Sound Products http://sound.westhost.com/audiolink.htm

GM ARTS http://users.chariot.net.au/~gmarts/

Norman Koren http://www.normankoren.com/Audio/

Rane http://www.rane.com/

The Self Site http://www.dself.demon.co.uk/

The Class-A Amplifier Site http://www.gmweb.btinternet.co.uk/

Magazines

DUBUS (VHF magazine) http://www.dubus.org/

Elektor Electronics http://www.elektor-electronics.co.uk/

Harlan Technologies (Amateur Television Quarterly) http://www.hampubs.com/

Radio & Communications Monitoring Monthly http://www.monitoringmonthly.co.uk/

SILICON CHIP http://www.siliconchip.com.au/

VHF Communications Mag http://www.vhfcomm.co.uk/

SETI

SETI http://www.setileague.org/homepg.htm

SETI Australia http://www.seti.org.au/

DUKPT Overview and Transaction notes

Posted by :Derek On : June 22, 2009

Category: Banking & EFTPoS, Security

Tags:bank, Banking and EFTPoS, Cambodia, Card, data, decrypt, decryption, DES, DUKPT, EFT, EFTPoS, encapsulation, encryption, environment, financial transaction, Guide, hardware, HSM, Material, Merchant, Pin, processing, reporting, security, server, Shiraz, SLA, text, transaction, type

Hi,

I was asked on another post relating to DUKPT to provide some backgound. Given I have lots of material on the subject, I thought I would create this thread. Link

I will come back at some stage and expand on this when I get time.

Transaction Process narrative:

The diagram describes a mobile terminal/ATM is described using the a AS2805 (‘2805’) message type and 3DES DUKPT and dual direction auth SSL from the terminal to the aquirer (transaction switch).

A good explanation of DUKPT can also be found at Wikipedia.

Diagram of the flow

DUKPT transaction flow - terminal to bank

Background notes:

The terminal or ATM firstly encrypts the user entered pin (may be a unique DUKPT key or static, depending on the design and banks involved) prior to incorporating it into the AS 2805 transaction message.
the message is then encrypted again using the DUKPT key which has been established through the merchant logon process within the aquirer Host Security Module (HSM) i.e. the user entered pin is encrypted separately and encapsulated within the DUKPT encrypted 2805 message to provide full message encryption.
In the diagram a separate dual authenticating SSL session is also used between the terminal/ATM and the aquirers infrastructure. This allowing the transaction including the pin to traverse the external Wired/GPRS/LAN within 2 primary independent layers of encryption, with a 3^rd protecting the PIN.
When the transaction enters the aquirer environment the message encapsulation layer provided by SSL is removed.Â This leaving the DUKPTâ€™ed 2805 message which also encapsulates the separately encrypted PIN.
This encrypted message is passed to the aquirer switch engine through to the aquirer’s HSM for decryption of the 2805 message excluding the user entered pin.
This is when transactional information necessary for aquirerâ€™s merchant reporting (truncated card number, transaction amount, transaction type, etc.) and fraud management data is collected.
The aquirer switch then passes the encrypted PIN to the aquirer HSM requesting that the PIN be decrypted using the aquirer’s PIN encryption and translated to the next banks (Bank 1)Â PIN Encryption Key (Pin translation only occurs within the aquirer HSM) This is then sent back to the aquirer Switch engine as the Bank 1 encrypted PIN.
The aquirer switch engine then send the decrypted 2805 message with the newly encrypted PIN back to aquirer HSM to be encrypted with the Bank 1 MAC key.
The resultant Bank 1 key encrypted message is then sent to Bank 1 for processing and/or passing to the card issuer (using a similar process as described above).
When the result is received back from the issuing bank it is encrypted with the Bank 1 MAC key (the pin will not be present in the result message).
This is then decrypted by the aquirer HSM, the transaction fate result stored into the aquirer merchant reporting system and the transaction fate re-encrypted with the original aquirer DUKPT key (should be different per terminal/merchant instance) and the result sent back to the terminal through the original established SSL encrypted terminal connection.

The aquirer may terminate the the SSL connection on a hardware device such as a CISCO Content Service Switch (CSS), or equivalent instead of the design described in the diagram which terminates onto a SSL session server/gateway (Possibly including a Certificate Authority) or on the aquirer transaction switch.

When PIN blocks are received by the aquirer processing centre, the PIN encryption is translated from the terminal key to the Local Master Key (LMK) by the Host Security Modules (HSM).

When the message is sent on the upstream bank interchange link to the issuer or gateway , the aquirer HSM translates the encrypted PIN block from the LMK to the Zone Master Key (ZMK) of the aquirer interchange link. The PIN block is always encrypted using DEA3 (3DES) whenever outside of the Terminal or ATM.

HSM-8000-User Guide V2.2

EFT Syetms and Device Considerations

Posted by :Derek On : August 5, 2008

EFT devices and systems differ depending on hardware vendor, country and bank / payment aggregator.
Below is a list of things you may like to consider. This list is off the top of my head so it is probably not complete.

Looking at the products and relationships us usually a good start.

Things to consider:

Card skimming methods
Some EFT POS devices restrict the connection of a skimmer
Review levels of associated fraud
Review devices and EFT methods
Review terminal identification (merchant and customer)
Manual processing. (internal and external)
eCommerce products
PC based software
Dedicated server services (Nobil, etc.)
Web based engine (Custom objects, Web pop-ups, etc)
Authorisation / identification methods (Merchant and customer)
TCPIP session hijacking / session spoofing
Direct Debit as well as Credit Cards.
Swift (methods and controls)
Telegraphic transfer (methods and controls)
Payment aggregator relationships (eg. Payment Tech, manual processing, cheque scanning, etc.)
Internet banking facilities (attack / penetration,Â Certificate registration / management, ISP SLA’s, etc.)
Implementation of Smart Card and / or alternative customer recognition devices.
Outsourcing and associated risks / service level agreements
Payment processing
Payment clearance
Payment switching
Reporting (segregation of merchant / customers / aggregators / partners / local / international)
Fraud detection and reporting
3rd party acquiring risks
Single merchant ID many businesses
Allows moneys to be laundered if the payment aggregator does not place appropriate controls on the merchant.
Encryption used
Internet / trusted partner / inter-bank / extranet
Private and / or public certificates
Single use certificates
Client side certificates
Remittance advice processes and controls.
EFT disaster recovery and manual fall back procedures (associated security and reconciliation risks)
Trusted partner relationships, SLA’s, liabilities and risks.
EFT regulatory / legal requirements (inter-bank and government)
Refund processing / authorisation. (policies, procedures, controls, etc.)
CVV, CVV-2 / CVC-2 processing and management. (http://www.atlanticpayment.com/CVV.htm)
Fraud detection mechanism (neural networks, inter-bank / department customer checks, etc)
Supported card schemes (AMEX/Visa/Mastercard/Discover/etc )
Review EFT floor limits (corporate and SME merchants)
Review the ability to withhold merchant settlement until the presence of fraud has been determined.
Review customer identification details. Such as (This varies around the world depending on local regulations / privacy laws)
Review real-time and batched processing methods and controls (sequence numbers, access to raw data, etc.)
Review processing with and without expiry dates. (exception controls and policies)
Review exception / fraud reports.
Review payment store and forward policies and procedures.
Review Pre-Auth and Completion controls.
Token based payment (eCash, etc)
Merchant reconciliation, reporting methods and controls (paper, Internet, email, PDF, Fax, etc.) and associated security.
Real time gross settlement policies, procedures and controls. (IT and amounts)
Card issuing policies and procedures. (customer ID checks, etc)
Banking infrastructure (ingress / egress) controls and security. (Web, partner, payment switches, outsourced infrastructure, monitoring / reporting.)
Use of Internet technologies for inter-bank transfers and remote equipment.
Physical security and controls of devices, ATM,s, line encryptors, etc.

Internet Banking Security Assessment Considerations

Posted by :Derek On : August 5, 2008

I was asked some time ago to provide a list of things which may be considered when looking at Internet Banking.

Below is the list. It was just a brain dump and as such may not be complete.

Don’t underestimate the value of standards for your infrastructure, website configuration, database engine configuration/architecture,staging environment and development/QA environments.

Some thoughts:

Many don’t lock accounts after X failed logins, this is normally done for good customer service, but leaves the system vulnerable.

– And all the other things expected for a remote login session (forced password changes, aging, etc))
– Tools such as Brutus may be use to brute force hack authenticated sessions.

Many allow session sequence numbers to be incremented, allowing an authenticated user to view other customer session.

– These may be server side, client side, cookie based, etc.
– Get someone to check the development methodologies and the code being used.
– Database query strings can be placed into test entry fields, allowing table dumps to browser.
– Check all pages served are secure and contain user authentication flags.

Customer data may not be segregated, this needs to be checked.
Customer data should not reside on the Web Server.

Authentication databases / system data should not reside on the webserver.
The databases should reside on a private/semi-private network.

– A different segment to the main banking system.

Webserver should be dual homed or equivalent (some VLAN techniques are good)

– Separate private and public network cards, monitoring/backup/administration
– Infrastructure set-up to explicitly deny inbound/outbound ports, private IP & monitoring escaping from the network.

At all data segregation points ensure rules are in place which appreciates the traffic though that point.

All customer data where possible should be sourced from a secure back-end database.

– This may be a staging environment. i.e. no the main banking system.
– This usually allows for transactions to appear real time to the customer.
– Many transactions may be batched in reality. (internal or external to the bank)

Ensure suitable rules have been set-up on firewalls.

– There should be inbound and outbound rules on firewalls and filtering routers.

Don’t allow any infrastructure on the front end to allow remote administrative connections. (telnet, etc.)

– Use the serial console port to connect to a server or back-end terminal server.

Look for the segregation / staging of online customer content from main banking systems

Ensure that a separate development / QA / production environment system and suitable process is in place.

Services not used by the system are active

– These should be disabled.

Port scan of the supporting infrastructure (routers /switches) and server(s).

– Investigate the reasons for all open ports.

Don’t use the main gateway for trusted partner access (clearing / RAS / etc.)
Do all that standard IIS checks and NT checks (Sample scripts, change management, patching methodologies, etc.)
Ensure denial of service precaution have been taken into account for all infrastructure and server equipment.
Check the adequacy of the escalation procedures used.

– Look for real-time monitoring and alerting.
– Look for responsibility matrix.
– Look for ownership of issues.

Consider upstream carrier(s) vulnerability (denial of service, IP spoofing, DNS hacking, etc)
Consider social engineering of customer, administrative, partner accounts / systems / infrastructure.

– Helpdesk procedures and policies and/or alternate technologies (Caller ID, Gateway IP, etc.).

Use dynamic passwords where possible (SecureID, TACACS, etc.).
Use encrypted tunnelling where needed (IPSec, Firewall 1, etc)
Consider looking at other customer authentication methods to enhance existing methods.

– Digital cert, IP address locked to account, etc.
– Consider use of CVV or CVN for bank issued cards.

Consider how passwords are distributed /changed for customers.

– Plain text email, telephone, etc.
– Can passwords be changed online?

Is additional authentication used between sections of the services once authenticated?
Consider what the customer has access to once authenticated.

– Look at SWIFT, RTGS, inter-bank transfers, access to credit cards, etc.
– If an attacker does get in, what can the do?

Use techniques to ensure pages, customer details are not cached at ISP, or client system.

– These are flags that can be set within pages.
– Normally SSL is cached, but some proxy vendors have been playing with techniques to do so.
– Caching of SSL pages on the client system can be turned on on some browsers.
– May banks use a Java (or similar) applet for all customer interaction, restricting all caching issues.

Ensure paper based and on-line liability clauses are available are address all effected areas.
Ensure within the customer sign-up process banking liability is reduced.

– I’ve seen statements like “use this system at your own risk, responsibility for any liability or claim will NOT……”
– Not very customer focused, but that’s what their legal department recommended.

All of the above can effect the security and/or operation of an on-line banking system.

Other things to consider:

External development and support of the application.
Ownership and management of the hardware/applications
Publishing points for new content (internal/private/trusted network or Internet)
Topology of front end.Â i.e. Security Architecture document should be in place and managed appropriately.
Are limited AP tests performed whenever changes are made to the environment? i.e. integrated AP into Change management process.
Database access. Is it buffered or is it live to the core banking systems.
What facilities are provided? Direct debit + Credit Card + SWIFT + ……. Consider different scenarios for your attack depending on the feature.
What other services are shared within the network segment that the Internet Banking service is running. Can this be used to compromise the Internet Banking site. eg. different support/business/development organisations with differing security strategies/profiles.
Consider all external supporting services within you AP. Look at internal/external DNS poisoning opportunities, mail relay, etc. What IPS’s do they use has the ISP any opportunity to access systems or supporting services which may affect Internet Banking.
Depending on the size of the Bank, many organisation do not use the same support groups for infrastructure and the application. As a result external connections to the infrastructure may be provided for an external support organisation to administer the infrastructure.
Look at the business and user authentication methods and paths (client side certs, secure ID, SMART Card, etc). Consider two factor authentication and modern user identification methods. eg. what is your favourite food in addition to normal usernames and passwords. Do system administration staff use dynamic passwords (secureID, etc)?
See if the Internet Banking application sends email to users which may contain interesting information.
Better access to the application can generally be gained after access to the system. i.e. get an legitimate account on the system. I have found that some sample/administration screens have been restricted to authenticated users only.
Consider social engineering the Help desk to have an account password reset.

DNS Hack Needs Patching – Serious Problem

Posted by :Derek On : July 10, 2008

Category: Infrastructure, Internet, Security

Tags:attack, DNS, dns checker, dns provider, dns servers, hack, hardware, Internet, internet attack, ISP, network, operating systems, patch, Patching, rogue, rogue server, security, Serious, server, Shiraz, threat, threat level, vendor patches, vulnerability

This has been kept under wraps by the Operating System and Hardware vendors for the last few weeks and now patches have finally been released for many Operating Systems, DNS software applications and Hardware devices.
If you provide or rely on DNZ services (external and Internal) you should consider quickly patching your servers/devices.

Although Internal DNS servers may not be exposed to an Internet attack, we see many more internal attacks within larger organisations which involve rogue server or services being established within the firewalled trusted network. As a result, this lifts the threat level of internal systems/services and therefore the need for effective timely patching.

Also consider asking the question of your hosting facility, upstream ISP or DNS provider to see if they have patched their DNS servers and forwarders.

http://www.doxpara.com/?p=1162 This link also has a DNS checker.
http://afp.google.com/article/ALeqM5hwFqcnWAuDWlcqfvfyHu5PGG9RMQ
http://www.kb.cert.org/vuls/id/800113

This is a full list of vendor patch links
http://www.betanews.com/article/Major_fix_to_DNS_vulnerability_impacts_Windows_Debian/1215551008

Good Luck

Financial Transaction Processing

Posted by :Derek On : July 2, 2008

Category: Banking & EFTPoS, Infrastructure, Security

Tags:algorithm, architecture, Australia, bank, Banking and EFTPoS, BogoAtalla, Card, card verification, computations, Credit, CVV, data, Debit, debit card, debit cards, decrypt, decryption, decryption tools, DES, development, DUKPT, EFT, emulation, emulator, Eracom, financial transaction, hardware, hardware security, HSM, Linksys, Mall, mechanisms, payment, Pin, pin pad, processing, Protection, PVV, SAP, script, security, security architecture, server, Shiraz, simulation tools, SLA, SMS, technique, text, Thales, transaction, triple des, utility, Verification, VISA

I have been recently working inside one of the larger Banks in Australia.
Through this work, I have been looking at the controls and mechanisms surrounding the processing of credit and debit cards around the Asia Pacific.

I get to perform many security architecture and payment systems assessments.
Over the years I have always considered the protection of the card data as one of the key considerations.

Until yesterday I had never seen an CVV or PVV decryption tools. I think some scripted use of these tools could be very interesting.
The site hziggurat29.com

Many of the other tools on this site are also very unique and worth a look.
Big thanks to ziggurat29 for providing such awesome tools.

As many of these sites are of this nature are difficult to find and often seem to vanish over the years, I have chosen to replicate the the text from this page and provide local copies on the files.
It is worth periodically visiting the ziggurat29 site every now and again to see if any additional tools have been posted.

One of the more extraordinary files is the Atalla Hardware Security Module (HSM) and BogoAtalla for Linksys emulation (simulation) tools. So I wonder if Eracom and Thales are shaking in their boots. Some how I don’t think so. 😉

——– ziggurat29 Text ———

These are all Windows command-line utilities (except where noted); execute with the -help option
to determine usage.

DUKPT Decrypt (<- the actual file to download)

This is a utility that will decrypt Encrypted PIN Blocks that have been produced via the DUKPT triple-DES method. I used this for testing the output of some PIN Pad software I had created, but is also handy for other debugging purposes.

VISA PVV Calculator (<- the actual
file to download)

This is a utility that will compute and verify PIN Verification Values that have been produced using the VISA PVV technique. It has a bunch of auxiliary functions, such as verifying and fixing a PAN (Luhn computations), creating and encrypting PIN blocks, decrypting and extracting PINs from encrypted PIN blocks, etc.

VISA CVV Calculator (<- the actual file to download)

This is a utility that will compute Card Verification Values that have been produced using the VISA CVV technique. MasterCard CVC uses the CVV algorithm, so it will work for that as well. It will compute CVV, CVV2, CVV3, iCVV, CAVV, since these are just variations on service code and the
format of the expiration date. Verification is simply comparing the computed value with what you have received, so there is no explicit verification function.

Atalla AKB Calculator (<- the actual file to download)

This is a utility that will both generate and decrypt Atalla AKB cryptograms. You will need the plaintext MFK to perform these operations. When decrypting, the MAC will also be checked and the results shown.

BogoAtalla (<- the actual file to
download)

This is an Atalla emulator (or simulator). This software emulation (simulation) of the well-known Atalla Hardware Security Module (HSM) that is used by banks and processors for cryptographic operations, such as verifying/translating PIN blocks, authorising transactions by verifying
CVV/CSC numbers, and performing key exchange procedures, was produced for testing purposes. This implementation is not of the complete HP Atalla command set, but rather the just
portions that I myself needed. That being said, it is complete enough if you are performing acquiring and/or issuing processing functions, and are using more modern schemes such as Visa PVV and DUKPT, and need to do generation, verification, and translation.

This runs as a listening socket server and handles the native Atalla command set. I have taken some liberties with the error return values and have not striven for high-fidelity there (i.e., you may get a different error response from native hardware), but definitely should get identical positive
responses. Some features implemented here would normally require purchasing premium commands, but all commands here implemented are available. Examples are generating PVV values and encrypting/decrypting plaintext PIN values.

BogoAtalla for Linksys (<- the actual file to download)

This is the Atalla emulator ported to Linux and build for installation on an OpenWRT system. Makes for a really cheap ($60 USD) development/test device.

Local Files

bogoatalla002
atallaakbcalc
bogoatalla_10-1_mipsel
dukptdecrypt
visacvvcalc
visapvvcalc

Bluetooth Wireless Specification

Posted by :madrock.net On : March 24, 2008

Category: Bluetooth, Radio General, Security

Tags:access, algorithm, antenna, architecture, ASP, attack, authenticate, authentication, Bluejacking, Bluetooth, bluetooth profiles, bluetooth special interest group, broadcast, Card, Chip, Communications, Cryptographically, data, DES, Digital, Dust, EDR, EFT, Electronic, encryption, environment, Ericsson, Ethernet, frequency, GHz, Guide, hardware, HCI, identification, identity, interface, ISP, JAVA, javascript, Mall, mobile phones, network, personal area networks, phone, php, Pin, Radio, RSA, SAP, scatternet, script, security, security concerns, Serious, Shiraz, SLA, SNARF, standards, support, Technical, technology, template, transmission, trunk, USB, VOIP, Vulnerable, web, wireless personal area, wireless personal area networks

Source

This article is about the Bluetooth wireless specification. For King Harold Bluetooth, see Harold I of Denmark

Bluetooth is an industrial specification for wireless personal area networks (PANs).

Bluetooth provides a way to connect and exchange information between devices like personal digital assistants (PDAs), mobile phones, laptops, PCs, printers and digital cameras via a secure, low-cost, globally available short range radio frequency.

Bluetooth lets these devices talk to each other when they come in range, even if they’re not in the same room, as long as they are within 10 metres (32 feet) of each other.

The spec was first developed by Ericsson, later formalised by the Bluetooth Special Interest Group (SIG). The SIG was formally announced on May 20, 1999. It was established by Sony Ericsson, IBM, Intel, Toshiba and Nokia, and later joined by many other companies as Associate or Adopter members.

* 1 About the name
* 2 General information
o 2.1 Embedded Bluetooth
* 3 Features by version
o 3.1 Bluetooth 1.0 and 1.0B
o 3.2 Bluetooth 1.1
o 3.3 Bluetooth 1.2
o 3.4 Bluetooth 2.0
* 4 Future Bluetooth uses
* 5 Security concerns
* 6 Bluetooth profiles
* 7 See also
* 8 External links

About the name

The system is named after a Danish king Harald BlÃ¥tand (<arold Bluetooth in English), King of Denmark and Norway from 935 and 936 respectively, to 940 known for his unification of previously warring tribes from Denmark, Norway and Sweden. Bluetooth likewise was intended to unify different technologies like computers and mobile phones. The Bluetooth logo merges the Nordic runes for H and B.

General information

A typical Bluetooth mobile phone headset

The latest version currently available to consumers is 2.0, but few manufacturers have started shipping any products yet. Apple Computer, Inc. offered the first products supporting version 2.0 to end customers in January 2005. The core chips have been available to OEMs (from November 2004), so there will be an influx of 2.0 devices in mid-2005. The previous version, on which all earlier commercial devices are based, is called 1.2.

Bluetooth is a wireless radio standard primarily designed for low power consumption, with a short range (up to 10 meters [1], ) and with a low-cost transceiver microchip in each device.

It can be used to wirelessly connect peripherals like printers or keyboards to computers, or to have PDAs communicate with other nearby PDAs or computers.

Cell phones with integrated Bluetooth technology have also been sold in large numbers, and are able to connect to computers, PDAs and, specifically, to handsfree devices. BMW was the first motor vehicle manufacturer to install handsfree Bluetooth technology in its cars, adding it as an option on its 3 Series, 5 Series and X5 vehicles. Since then, other manufacturers have followed suit, with many vehicles, including the 2004 Toyota Prius and the 2004 Lexus LS 430. The Bluetooth car kits allow users with Bluetooth-equipped cell phones to make use of some of the phone’s features, such as making calls, while the phone itself can be left in a suitcase or in the boot/trunk, for instance.

The standard also includes support for more powerful, longer-range devices suitable for constructing wireless LANs.

A Bluetooth device playing the role of “master” can communicate with up to 7 devices playing the role of “slave”. At any given instant in time, data can be transferred between the master and one slave; but the master switches rapidly from slave to slave in a round-robin fashion. (Simultaneous transmission from the master to multiple slaves is possible, but not used much in practice). These groups of up to 8 devices (1 master and 7 slaves) are called piconets.

The Bluetooth specification also allows connecting two or more piconets together to form a scatternet, with some devices acting as a bridge by simultaneously playing the master role in one piconet and the slave role in another piconet. These devices have yet to come, though are supposed to appear within the next two years.

Any device may perform an “inquiry” to find other devices to which to connect, and any device can be configured to respond to such inquiries.

Pairs of devices may establish a trusted relationship by learning (by user input) a shared secret known as a “passkey”. A device that wants to communicate only with a trusted device can cryptographically authenticate the identity of the other device. Trusted devices may also encrypt the data that they exchange over the air so that no one can listen in.

The protocol operates in the license-free ISM band at 2.45 GHz. In order to avoid interfering with other protocols which use the 2.45 GHz band, the Bluetooth protocol divides the band into 79 channels (each 1 MHz wide) and changes channels up to 1600 times per second. Implementations with versions 1.1 and 1.2 reach speeds of 723.1 kbit/s. Version 2.0 implementations feature Bluetooth Enhanced Data Rate (EDR), and thus reach 2.1 Mbit/s. Technically version 2.0 devices have a higher power consumption, but the three times faster rate reduces the transmission times, effectively reducing consumption to half that of 1.x devices (assuming equal traffic load).

Bluetooth differs from Wi-Fi in that the latter provides higher throughput and covers greater distances but requires more expensive hardware and higher power consumption. They use the same frequency range, but employ different multiplexing schemes. While Bluetooth is a cable replacement for a variety of applications, Wi-Fi is a cable replacement only for local area network access. A glib summary is that Bluetooth is wireless USB whereas Wi-Fi is wireless Ethernet.

Many USB Bluetooth adapters are available, some of which also include an IrDA adapter.

Embedded Bluetooth

Bluetooth devices and modules are increasingly being made available which come with an embedded stack and a standard UART port. The UART protocol can be as simple as the industry standard AT protocol, which allows the device to be configured to cable replacement mode. This means it now only takes a matter of hours (instead of weeks) to enable legacy wireless products that communicate via UART port.

Features by version

Bluetooth 1.0 and 1.0B

Versions 1.0 and 1.0B had numerous problems and the various manufacturers had great difficulties in making their products interoperable. 1.0 and 1.0B also had mandatory Bluetooth Hardware Device Address (BD_ADDR) transmission in the handshaking process, rendering anonymity impossible at a protocol level, which was a major set-back for services planned to be used in Bluetooth environments, such as Consumerism.

Bluetooth 1.1

In version 1.1 many errata found in the 1.0B specifications were fixed. There was added support for non-encrypted channels.

Bluetooth 1.2

This version is backwards compatible with 1.1 and the major enhancements include

Adaptive Frequency Hopping (AFH), which improves resistance to radio interference by avoiding using crowded frequencies in the hopping sequence
Higher transmission speeds in practice
extended Synchronous Connections (eSCO), which improves voice quality of audio links by allowing retransmissions of corrupted packets.
Received Signal Strength Indicator (RSSI)
Host Controller Interface (HCI) support for 3-wire UART
HCI access to timing information for Bluetooth applications.

Bluetooth 2.0

This version is backwards compatible with 1.x and the major enhancements include

Non-hopping narrowband channel(s) introduced. These are faster but have been criticised as defeating a built-in security mechanism of earlier versions; however frequency hopping is hardly a reliable security mechanism by today’s standards. Rather, Bluetooth security is based mostly on cryptography.
Broadcast/multicast support. Non-hopping channels are used for advertising Bluetooth service profiles offered by various devices to high volumes of Bluetooth devices simultaneously, since there is no need to perform handshaking with every device. (In previous versions the handshaking process takes a bit over one second.)
Enhanced Data Rate (EDR) of 2.1 Mbit/s.
Built-in quality of service.
Distributed media-access control protocols.
Faster response times.
Halved power consumption due to shorter duty cycles.

Future Bluetooth uses

One of the ways Bluetooth technology may become useful is in Voice over IP. When VOIP becomes more widespread, companies may find it unnecessary to employ telephones physically similar to today’s analogue telephone hardware. Bluetooth may then end up being used for communication between a cordless phone and a computer listening for VOIP and with an infrared PCI card acting as a base for the cordless phone. The cordless phone would then just require a cradle for charging. Bluetooth would naturally be used here to allow the cordless phone to remain operational for a reasonably long period.

Security concerns

In November 2003, Ben and Adam Laurie from A.L. Digital Ltd. discovered that serious flaws in Bluetooth security lead to disclosure of personal data (see http://bluestumbler.org). It should be noted however that the reported security problems concerned some poor implementations of Bluetooth, rather than the protocol itself.

In a subsequent experiment, Martin Herfurt from the trifinite.group was able to do a field-trial at the CeBIT fairgrounds showing the importance of the problem to the world. A new attack called BlueBug was used for this experiment.

In April 2004, security consultants @Stake revealed a security flaw that makes it possible to crack into conversations on Bluetooth based wireless headsets by reverse engineering the PIN.

This is one of a number of concerns that have been raised over the security of Bluetooth communications. In 2004 the first purported virus using Bluetooth to spread itself among mobile phones appeared for the Symbian OS. The virus was first described by Kaspersky Labs and requires users to confirm the installation of unknown software before it can propagate. The virus was written as a proof-of-concept by a group of virus writers known as 29a and sent to anti-virus groups. Because of this, it should not be regarded as a security failure of either Bluetooth or the Symbian OS. It has not propagated ‘in the wild’.

In August 2004, a world-record-setting experiment (see also Bluetooth sniping) showed that with directional antennas the range of class 2 Bluetooth radios could be extended to one mile. This enables attackers to access vulnerable Bluetooth-devices from a distance beyond expectation.

Bluetooth uses the SAFER+ algorithm for authentication and key generation.

Bluetooth profiles

In order to use Bluetooth, a device must be able to interpret certain Bluetooth profiles. These define the possible applications. Following profiles are defined:

Generic Access Profile (GAP)
Service Discovery Application Profile (SDAP)
Cordless Telephony Profile (CTP)
Intercom Profile (IP)
Serial Port Profile (SPP)
Headset Profile (HSP)
Dial-up Networking Profile (DUNP)
Fax Profile
LAN Access Profile (LAP)
Generic Object Exchange Profile (GOEP)
Object Push Profile (OPP)
File Transfer Profile (FTP)
Synchronisation Profile (SP)

This profile allows synchronisation of Personal Information Manager (PIM) items. As this profile originated as part of the infra-red specifications but has been adopted by the Bluetooth SIG to form part of the main Bluetooth specification, it is also commonly referred to as IrMC Synchronisation.

Hands-Free Profile (HFP)
Human Interface Device Profile (HID)
Hard Copy Replacement Profile (HCRP)
Basic Imaging Profile (BIP)
Personal Area Networking Profile (PAN)
Basic Printing Profile (BPP)
Advanced Audio Distribution Profile (A2DP)
Audio Video Remote Control Profile (AVRCP)
SIM Access Profile (SAP)

Compatibility of products with profiles can be verified on the Bluetooth Qualification website.

External links

Bluetooth Tutorial Includes information on Architecture, Protocols, Establishing Connections, Security and Comparisons
Bluetooth connecting and paire guide
The Official BluetoothÂ® Wireless Info Site<SIG public pages
Howstuffworks.com explanation of bluetooth
The Bluetooth Car Concept
A series of guides on how-to connect devices like mobile phones, PDAs, desktop/laptops, headsets and use different Bluetooth services
Mapping Salutation Architecture APIs to Bluetooth Service Discovery Layer
Bluetoothâ„¢ Security White Paper
Security Concerns
Laptops, PDA and mobile (cell) phones with Bluetooth(TM) and Linux
Bluetooth qualified products
Bluecarkit discussion forum about Bluetooth car handsfree
Bluetooth in spanish
Radio-Electronics.ComÂ â€“ Overview of Bluetooth and its operationi>
Bluetooth Background information about bluetooth (German)
Bluetooth.orgÂ â€“ The Official Bluetooth Membership Sitei>

Archives for : hardware

No need to bypass security with a boot disk – 17 year old Windows exploit found

Affected Systems

Ham Radio Links

Equipment suppliers and manufacturers

Electronic service

DUKPT Overview and Transaction notes

EFT Syetms and Device Considerations

DNS Hack Needs Patching – Serious Problem

Financial Transaction Processing

Bluetooth Wireless Specification

Table of contents

About the name

General information

Embedded Bluetooth

Features by version

Bluetooth 1.0 and 1.0B

Bluetooth 1.1

Bluetooth 1.2

Bluetooth 2.0

Future Bluetooth uses

Security concerns

Bluetooth profiles

See also

External links

Categories

Archives

Blogrolls