Dad’s Custom Stereo

My Dad, Dave Johnson was an audiophile in a time before the word came into widespread use. An avid fan of modern Jazz in his youth, he came of age in the 1950s. While 33 1/3 RPM records were well established as the contemporary standard, stereo had not yet come to market. I’m not sure what year it was when he built his audiophile stereo system but it was around the time that stereo records were just starting to become available starting in 1958. It was made up of a pair of Heathkit Preamplifiers, a pair of 20/25 Watt Heathkit Power Amplifiers, a Music Master Idler Drive Turntable and a pair of 2 way speaker cabinets he built from scratch. Here are some pictures of the amps and turntable…

The Power Amplifier…
Heathkit W5M

The Preamplifier…
Heathkit WAP Preamplifier

The Turntable…
Music Master Idler Drive Turntable

No photos of the long gone speaker cabs though.

I have many fond memories of listening to that system as a child

PC Speedy Phone Scam

Monday Monday! Got a call this morning from “PC Speedy” 🙂

Not a lot of time to play today so here is an example of a “Go away quickly” script. They get discouraged fairly fast when there doesn’t appear to be a good mark on the line…

If you get one of these calls and have some time, keep them on the line as long as you can. You will be doing your part to help prevent other more vulnerable people from being robbed. Seriously. hanging up has no effect and sometimes they just call right back. Identify yourself as an unprofitable target and they won’t call back. If you can, record the call, toy with them (that typically angers them once they catch on). If you have the time, waste their time. It takes time away from them for other calls and can help prevent others from being robbed.

PS: IF you record one of these calls please share it with Engineer LLC to help keep people informed.

The state of Malware: Mid 2014

My family participates in a Community Supported Agriculture (CSA) program where we pay a Quarterly Membership Fee and receive a basket of fresh locally grown vegetables and fruit every two weeks. Apparently, their mailing list was also recently “harvested” for what appears to be less legitimate purposes.

I received the message below this morning (6/27/2014). The timing was such that my initial reaction was “Good, it’s an announcement on the July 4th holiday CSA schedule adjustment”. But then I saw the link text and the fact that the link was pretty much all that was in the message body. Alarm bells went off… So, out of curiosity, I did an analysis of where this thing is coming from. See that below the original message, if interested.

From: My CSA [mailto:redactedRealAttorney@Redacted-Real-Law-Firm.com]
Sent: Friday, June 27, 2014 5:17 AM
To: RecipientYouShouldntHaveSpammed; numerous other recipients…
Subject: from CSA
Hi!

News: http://blog.carpediem.in/xxx/@@@@@@@.php

My CSA

So what was the payload? The link above was pasted (unredacted) into a private browser on a secure remote server and it produced an application window that looked like an Internet Explorer browser full of phony “Diet News” and suspicious related as content. An attempt to close the window with the upper right red X brought up a new window with an “Are you sure… blah blah blah and an OK button that would likely install the mailware. Some other time maybe.

Analysis:

The first clue it’s a malicious message is the link URL. The domain carpediem.in just doesn’t equate with my CSA and the TLD (top level domain) of .in means it is a registration originating in India. Furthermore the file type (the .php) of the page in the link indicates it is a dynamic page and possibly some sort of application that seeks to do something malicious.

Analyzing the header of the message reveals more clues…

The alleged sender email address indicated in the header is redactedRealAttorney@Redacted-Real-Law-Firm.com. Probably spoofed at random and likely another stolen piece of identity. This person apparently actually exists and has a law firm according to an internet search.

The last hop before my ISP was… Received: from maui.mirahost.com ([75.126.255.131]) For the non geeks out there this means the last known place the message came from before my service provider got it. According to http://whatismyipaddress.com/ip/75.126.255.131 it is a server at Softlayer in Texas.
Before Softlayer it came from… Received: from Redacted-Real-Law-Firm.com (unknown [41.141.0.85]) The word “unknown” in there is another indication that the association of the domain Redacted-Real-Law-Firm.com with this address was not resolved by known legitimate DNS servers. Looking up the numeric address reveals (no surprise) that it resolves to Morocco, a low enforcement region for internet concerns http://whatismyipaddress.com/ip/41.141.0.85

Below is the message with an abridged full header…

Return-Path:
Received: from eastrmimpi109 ([68.230.240.49]) by RecipientISP.Redacted
(InterMail vM.8.01.05.15 201-2260-151-145-20131218) with ESMTP
id 20140627111709.YCVC18287.RecipientISP.Redatced@RecipientISP.Redacted
for redacted@redacted.com; Fri, 27 Jun 2014 07:17:09 -0400
Received: from maui.mirahost.com ([75.126.255.131])
by RecipientISP.redacted with
id KPH71o0052qsbMn01PH8tv; Fri, 27 Jun 2014 07:17:08 -0400
Message-Id: KPH71o0052qsbMn01PH8ua
Received: from maui.mirahost.com (unknown [127.0.0.1])
by maui.mirahost.com (Postfix) with ESMTP id B307993E286E;
Fri, 27 Jun 2014 11:17:00 +0000 (UTC)
Received: from Redacted-Real-Law-Firm.com (unknown [41.141.0.85])
by maui.mirahost.com (Postfix) with ESMTP;
Fri, 27 Jun 2014 11:17:00 +0000 (UTC)
Message-ID: <90cf96820dc5$315b9241$750189c6$@Redacted-Real-Law-Firm.com>
From: My CSA
Subject: from My CSA
Date: Thu, 27 Jun 2014 12:17:00 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”—-=_NextPart_000_B777_9B6157E3.01563C3F”
X-Mailer: iPad Mail (11D201)
Hi!

News: http://blog.carpediem.in/xxx/@@@@@@@.php

My CSA

In Conclusion: This is what they do these days. It’s a blended threat with a portion old fashioned Identity Theft, a bit of deception and social engineering. If you fall for it and your device isn’t protected and secure you may end up running a malicious application on your system before you know it.

KIller Asteroids, More Abundant Than You May Imagine

The following entertaining Astronomical information is provided in full by the B612 Foundation

B612 Impact Video 4-20-14 H264 from Spine Films on Vimeo.

Between 2000 and 2013, a network of sensors that monitors Earth around the clock listening for the infrasound signature of nuclear detonations detected 26 explosions on Earth ranging in energy from 1 to 600 kilotons – all caused not by nuclear explosions, but rather by asteroid impacts. These findings were recently released from the Nuclear Test Ban Treaty Organization, which operates the network.

To put this data in perspective, the atomic bomb that destroyed Hiroshima in 1945 exploded with an energy impact of 15 kilotons. While most of these asteroids exploded too high in the atmosphere to do serious damage on the ground, the evidence is important in estimating the frequency of a potential “city-killer-size” asteroid.

A list of the impacts shown in the video can be found here.
https://b612foundation.org/list-of-impacts-from-impact-video/

For more information on this data, please check out our Impact Video FAQ.
https://b612foundation.org/impact-video-faq/

You can read or download the press release about today’s event here.
https://b612foundation.org/wp-content/uploads/2014/04/B612_PR_042214.pdf

Aluminum Wiring Fire Hazard

If your home was built in or around 1970 to 1974, there is a chance it may have been built with aluminum (Aluminium if you are from the UK) electrical wiring. If your home is wired with aluminum, it has probably had a retrofit by now, no longer has electricity, or has already burned down. In our case there are some circuits that were either skipped or poorly done in the original retrofit and they have caused a few spooky and frightening events.

Aluminum Wire

Our house was built in 1970 and was “allegedly” retrofitted under warranty sometime before 1984 when last sold. The procedure was to verify that all exposed connections were at least covered in a dielectric grease to prevent oxidation. A better method is to extend all aluminum wire ends with copper pigtails using wire nuts filled with the dielectric grease. That’s what I do when I find one of these hazardous connections. In the image above, the source side neutral wire shows some extreme arcing evidence with the built up fingers and charring of the wire and outlet body plastic. This convenience outlet was only used to power a night light, but a downstream outlet in the same circuit is used more extensively. The downstream outlet lost power first. An inspection of that outlet did not reveal the source, neither did the subsequent inspection of the circuit breaker (although it appeared to be well past it’s maximum useful life, see image below). The search then led to this outlet.

Old Breaker

How does this happen? Well, all metals oxidize when exposed to air. Aluminum oxide is white or nearly transparent but more importantly it is non conductive. As the aluminum wire oxidizes under the terminal screw. It begins to develop a resistance at the connection. The now resistive junction generates heat (and a small voltage drop). Heating softens the wire. The softened wire can stretch under the mechanical stress of lateral tension and/or the pressure of the terminal screw. As the wire stretches, it becomes thinner. As the wire becomes thinner, it becomes loose. Once the connection is loose enough, it will begin arcing when current flows through. Once it begins arcing, the entire process accelerates. In summary: Aluminum wiring should never have been allowed!

Screen Sharing on a MAC (Alternative Method)

Many are familiar with the “Screen Sharing” feature in MAC OS X. It allows you to connect remotely to the desktop of another MAC when that other MAC is accessible as a network share and has the Screen Sharing feature enabled under the Sharing setting in System Preferences. A “Share Screen” button will be displayed to the left of the connnect/disconnect button for the network computer in the upper right of the finder window when that remote computer is selected in the network page or in the sidebar.

Unless… If you have a network with multiple subnets, routers and/or firewalls. Network discovery services like DNS and Bonjour may not get through these boundaries. Then you may not see the “Share Screen” button, so what do you do?

Watch the video for an alternative method…

This method uses Safari to launch Screen Sharing via the http port.

bGeigie Nano part 1 (unboxing the kit)

The bGeigie nano is an updated and smaller version of the original bGeigie nuclear radiation monitor and geo-referenced radiation mapping device. These devices were developed by the Safecast organization to provide radiation monitoring and data mapping by and for the public.

The kits were offered for pre-order recently, so I signed up on the waiting list and was able to get one in the first batch of kits provided in the US by International Medcom. The kit arrived at the end of June (they sent a resistor to change out an incorrect value part in the kit a few days later) and It’s finally time to open the box after about a month on the shelf.

The first video in a series on the bGeigie nano, unboxing and discovering what parts are in the kit.

To get your own bGeigie nano kit, see this page at International Medcom.

Electromechanical Timer Teardown

This basic electromechanical timer was installed in a low voltage landscape lighting transformer.  It lasted a couple months short of 10 years.  I opened it up to see and show how it was designed and why it failed.  The clock motor was still working.  The contacts got eroded enough over the years that they were no longer closing.

A good example of simple and low cost electromechanical product design.