Re: To amuse the community
 

Went to a two days trip with ny kids who missed the summer holiday because of the deadline I was given to finish my car. In the hotel room here was a tablet. Was. We are still here but the tablet isn't. I tried the tablet and it launched a default launcher for hotel guests but could not connect to wifi. And I wasn't able to get to wifi settings.

I was annoyed. First I started to tap the screen untill I managed to see a flash of the normal desktop. So it's there. Then I rebooted the machine and tapped the screen again and got to a point that it possibly concluded there is an error and let me choose the launcher. i chose the normal view and got in to the normal desktop. Wen't to settings and noticed that the developer mode is on and also installing software from unknown sources.

At this point the wifi started to work. It connected to a private wifi. It was a security providers wifi and even if I closed the wifi it put the wifi on again and connected to it. So I tapped all the connections and tapped "forget" and the device stopped putting the wifi on.

After this started to check the settings more. Administrator settings. Find my device is on. Not anymore. But there was this one app (which I assume was the security providers app) that I could not put off. But I had been able to do enough.

In this room there is a tablet with developer mode on and possibly it has programs from untrusted sources, because I got access to almost everything. And it had the bluetooth and wifi on when we came to the room. And it did not work as supposed when I first tried the device. So I took the device to the reception and told that this device has bad security problems and I do not know what programs have been installed on it and don't want to have it in my room. I also wrote to a piece of paper the problems I had found. That was yesterday.

This morning went for a morning coffee and cigarrette outside the hotel. When I went out the were two eastern european guys outside. When I got out the other guy went a bit further to smoke his cigarrette but the other guy with a backpack came to stand like 1,5m from me. I thought he was about to ask for a cigarrette but he just stood there while I drank the coffee and smoked. Then he went to his friend and they both started to look the guys phone. Aaargh. Skimmer! The guys shooked their head, watched me and left.

I was first alert that now I got skimmed and I have this my daughter's old unsecure Honor 9 lite android in use. But - I have always bluetooth off, I have wifi off, I had also turned mobile data off for the night, I have no paying apps, I have set the firefox as the default browser and set it to delete everything when closed so there should be not too much to be found from my device.

But I got my wallet in my pocket! Remembered I asked for and got a bank a card without the wireless option, so no paying without the pin should take place. Or yes, I think there still is this less than 25 or 50 eur buys accepted without the pin. So there is a possibility that they will get some money. But I believe bank has some sort of alert if they notice unnatural money traffic from my account.

To know makes life more interesting, but it also makes you paranoid.

Re: To amuse the community
 

So what's the scam they're working? I've been wary of the contactless cards since first hearing about them, but the companies say there's no risk. A fraudster would first have to have a device capable of communicating with the RF responder in the card. I'd assume that a POS terminal would work for this purpose, and one could be stripped down to the essentials for portability, and perhaps equipped with a purpose-specific antenna so it could get a little better range when "talking" to the embedded chip.

So, my guess would be:

1. Use bootleg POS to initiate a transaction to, say, Ivan's Candy and Cigarette Vending Co.
2. Collect funds (while providing nothing in return, of course)
3. Launder that money out of the system before financial network notices you're a scammer.

#3 would be the tricky thing, right? You need to have a legitimate account of some kind to collect the money, don't you? Banks wouldn't hand these out willy-nilly, would they? When I open a bank account, I gotta show ID, prove where I live, provide my tax ID number -- and all of that in person. It would irritate me, to say the least, that this process is easier for an organized mob :p (Heck, they wanted me to present my child -- in person with both parents present -- to open a linked "kid's account" at my bank. Not a new account, mind you, just an accounting trick to segregate kiddo's money so they can feel it's theirs and learn to bank!)

Maybe I lack the imagination required to lead an international crime ring. And the muscle to be a regular goon.

But . . . when I did receive a contactless card recently, I still "disabled" that feature. Amusing to see clerks whack it repeatedly on the POS. I'm easily amused -- we don't have cable TV, after all.

Re: To amuse the community
 

Put on youtube RFID cloning and you will be shown all the equipment and techniques you need for cloning cards from a distance. Have watched too many of them to feel secure anymore.

Re: To amuse the community
 

1) the amount maximum limits the (potential) damage
2) after a number of transactions, pin is required
3) you need an aquirer agreement, to recieve payments (no, not just a bank account)
4) aquirer, and banks, fraud systems will very quickly catch the fraud

If you want to play, get a proxmark. ;)

Re: To amuse the community
 

That's how it worked at same start when first contactless card has been used. Now those thieves are using the smartphone with NFC connected with android app, which can be purchased somewhere over darknet which is connected to the rigged account and then they just buy cryptocurrency to laundry the money. Even if they can make one transaction with each card, they can make a lot of money just in one bus/tram/train.

Re: To amuse the community
 

Use your car , no bus no train,no tram : ) Avoid crowds ( covid. 19) and use protective shield with card.

Re: To amuse the community
 

So it looks like they're cloning RFID cards, like access cards for offices (or hotel rooms) but not bank cards with the contactless EMV (ISO/IEC 14443) right?

I think the only RFID thing I have with any access to anything financial is the card I use with the EV charging station. That's got $10 of stored value on it, and it can "recharge" (it's a pun) from a credit card automagically $10 at a time. I guess a crook could sell the charging credit at a discount, like a stolen gift card would be . . .

Re: To amuse the community
 

Re: To amuse the community
 

Interesting.

I liked this quote:

"The key attack, the one that's most used, is just stealing the card out of someone's mail."

I didn't quite figure out what the presenter meant by cloning transactions (possible) vs cloning cards (uneconomical). I mean, I know all the words -- I have the best words -- but I didn't quite get what he was doing with it. Not a crime-nerd, just a regular nerd I guess.

Also, the idea that places where chip "dipping" requires a PIN but chip waving doesn't seems incredibly contradictory. I mean, you know someone has physical possession of a card if they can insert it in a POS.

Anyway, the only bank card I have with a contactless feature has been deactivated by Bosch (with assistance from MagLite) JIC.

Re: To amuse the community
 

Anyone willing to help? Bought Moto G8 and tried to install LineageOs on it. Now my phone still tries to boot on adroid, the wellcome screen appears but the display is unresponsive so can't anymore start even the android. So if someone knows these stuff well you could pm me and I can give you detailed explanation what I have done and which guided I have followed, what images I have used etc. I have unlocked the device with code I got from motorola and have followed guides from xda, droidtips etc. pages. I think I need some fasboot commands to wipe stuff before I can continue. I have tried to install LineageOs 18.1 from xda member sjill or something. The reason may be that I possibly have updated the android system to newer than 10, then I have tried to flash the stock10 android as told in the guide I should have, but maybe I did something wrong and in wrong order.

Re: To amuse the community
 

Okay, so I finally got all setup on the phone. But the learning curve was long and hard.

First of all LineageOs is a new thing to me as well as android and adb tools. Have used tools only twice years ago. I installed on my debian adb-tools and fastboot and downloaded xda member build LineageOs 18.1 for moto g8 plus recovery.img from the member as well.

First I had to get the OEM unlocked. Searched and found instructions and got the code from Motorola and got the device unlocked.

Then I tried to flash Lineage. Not working and device boots to normal system. Read instructions more carefully. Need to have first flashed to stock rom.

Searched and found out there are different roms for my model. Found the right one with copy and paste scripts for flashing and tried. Device doesn't boot to system anymore at all. Why?

Maybe if I try with twrp recovery instead of recovery from the xda member? Nope. Doesn't work. TWRP needs that I have set a passcode on my system to which I am now not able to boot on (so I thought atleast).

So I try to install stock rom and lineage back and forth with recovery.img and twrp.img and from sdcard and adb sideload from linux untill my device ends up to a black screen with red text only and not even booting to bootloader.

So after almost giving up I start to search more, now just wanting to get even android on my device. I find another instruction scripts for installing stock rom which differ from the ones I first used. I add scripts from the new instructions but without success. Finally I notice that with the stock rom there is included an xml file which have the scripts for installing rom. In the scripts which I had used there was many system.something.im files but in this instruction they are labeled super.something.img. So I change the codes I have on my text file to match with this and got the device to boot!

So now I know how to get the device to work again so I continue trying to install Lineage with linux. Search more info and I have used adb tools from debian repo which are too old to work. Finally I switch to win 7 machine, download and install motorola drivers and try to install Lineage, and this time it doesn't anymore state "FAILED" in the last 5/5 with system.img. I sideload NickGapps and that installs too. I sideload Magisk and that installs also. I reboot, and see first time in my life LineageOs booting logo!!!

After getting that to install I can't rest yet. I wan't to use Maltego program and that needs linux on my device. So more searching and looking for options. Userland, Andronix, Linux deploy. All new stuff to me. I try userland but am able to only get a small terminal window to appear and don't at that moment know how to get things work. I know Maltego is included in Kali linux so I switch to see options. Nethunter Rootless edition sounds good because I do not wan't to mess up my system. But I have Magisk so my device is rooted. Well I can always try.

I download F-droid Nethunter appstore and install everything mentioned: Hacker's keyboard, Termux and Vnc viewer. I start the installation and everything seems to go okay but then there comes these questions: Do you wan't to install the package maintainer's version or stick with the default? How would I know? I choose to stick with default. I also do after installation update and full-upgrade and also install all kali stuff. Takes about 13 Gb of internal memory. Then I try to open kali in termux with commands given: nethunter kex &. No server. I try to connect with viewer. A big list of problems and nothing happens. I end up removing all the stuff from my device.

After couple of days I decide to try again. The installation process takes about 2 hours. This time I choose to install package maintainer's options. I end up the same situation. I don't know anything about vnc, servers or viewers so I start to search info, install servers and viewers, changing confs and trying everything. First I install stuff on termux instead of nethunter in termux so maybe I have messed up my system after all.

Finally after many mistakes I managed to start the server with tigervncserver -xstartup /usr/bin/share and I got the viewer to connect - to too small terminal window again. Tried to set up resolution on viewer settings without help, tried to add resolution to nethunter conf with geometry settings and start the server with them without success. And I have not been able to even start the desktop yet!

Finally found startxfce4 and I got into desktop, and in control panel I managed to set right resolution. After starting nethunter again I got a working kali system and desktop. I installed Maltego, the program I use only to check online sellers, which took the 13Gb from my system and it seems to work. It only took couple of weeks!

But then phone's case. I had normal black leather case and I searched online and found some pretty good looking toughcases which I thought to buy. But maybe I could pimp my black case? After some (many) days of work got my case ready. Had to drill and cut, I hadn't noticed my case works as a stand and put an unnecesary hinge on it, and painted which took some time. Here is a link to my project folder where the case images are named incognitostyle.

https://www.dropbox.com/sh/7czcyp7b8...nZQdfOwpa?dl=0

Re: To amuse the community
 

When I made the last post there was one guest in the thread. Suddenly there was 75 guests at most in the thread. Either someone shared a link to the thread or we have robots after us checking what is written. Let's see. Kali nethunter plus deploy plus hacker's keyboard plus Maltego. Before posting one guest.

Re: To amuse the community
 

After I made the post I tried to make a search on startpage. My access was denied because there have become too many requests from my ip. Interesting. I may have messed up things again.

Re: To amuse the community
 

^ That happens from time to time.
Startpage uses Google and they - well, they do what they want.
Just try later, or use DDG instead.

Interesting observation.
I thought it was for this thread alone, but it doesn't have the statistics at the bottom, only the front page has. And currently it has 91 guests. I don't think that comes from just those juicy keywords in your post.
People online are interested in the topics discussed here - and so are the crawlers: alternative phone OS, mostly. Maemo Leste, Sailfish, some Lineage...

Re: To amuse the community
 

Ok. I thought it was thread specific viewers. Good then.

Re: To amuse the community
 

Fsecure Freedome espoo and amsterdam location seems to be banned from maemo. Can't open page with those locations in vpn.

Re: To amuse the community
 

Have to ask to make clear: When it says in the bottom of this thread "Currently Active Users viewing this thread: 1 members and 0 guests" doesn't it refer to this spesific thread? I understand it does and it gave a peak of 75 users the other day.

Re: To amuse the community
 

I see 1 user (me).

Re: To amuse the community
 

One more user (me).

Re: To amuse the community
 

I find that just using a VPN with google (sometimes, and regardless of VPN exit point) gets me the " too many searches, find all the blurry crosswalks" message and I have to hand the phone over to a kid to solve the captcha.

Re: To amuse the community
 

I have now melbourne as a location and so far no problems. I think I had a severy problem going on when I visited these pages through freedome abouy a year ago when there came a unnatural visitor peak on one day and in that hassle the locations I used at that time got banned with freedome: Espoo, Amsterdam and Stockholm.


Would there be a way to get those ips from the blacklist? I can give the ips of the proxy servers freedome has in those locations but to where?

Re: To amuse the community
 

Ask from techstaff on #maemo channel?

Re: To amuse the community
 

#maemo channel?

Re: To amuse the community
 

Yes, on IRC. (you know, like freenet)

Re: To amuse the community
 

Never used. Seriously. For real. I feel like this blows my cover. I'm a mere wannabe and lookalike.

Re: To amuse the community
 

https://talk.maemo.org/attachment.ph...1&d=1627901661They know their master.https://talk.maemo.org/attachment.ph...1&d=1627901661

Re: To amuse the community
 

Here is a link to the Xtreme Car Show folder. They called and wanted my car there. Managed to equiptthe car with caravan stuff which has been my vision from the beginning.

Sleeping place for two
Gas grill
12V cooling bag
Laptop stand
Clothes stored near roof
Lenghtened astray for spoons and stuff

Tomorrow installing an LP player

https://www.dropbox.com/sh/wrig1g6rh...qV6yR7T4a?dl=0

Re: To amuse the community
 

I hope a wind-up one.

Re: To amuse the community
 

https://www.dropbox.com/s/c6ylwufj8at3mdy/LP1.jpg?dl=0




https://www.dropbox.com/s/rrx8em40lmwcdm7/lp2.mp4?dl=0

Re: To amuse the community
 

Once upon a time, this was a thing. But not many, and not for too long, for several obvious and less obvious reasons.

Re: To amuse the community
 

One teacher from a pre scool has a single LP player from sixties, just a bit bigger than a single record. He told it was bought from germany and they had in their car when he was a kid. For me to have a player to play big LPs has been a vision from the beginning of this car project. I just need to make a wire to plug JBL Cube on it to get good sounds.

Re: To amuse the community
 

After the great development your project has made, i expect nothing less then a regular LP player (ideally high end for good damping in all parts) stripped from the original casing and install just the tonearm and the belt driven table to the car chassis. Plus points for exterior placement on roof or hood!
Further plus points if the turntable belt is directly powered by your engines belt system via some genius 33/44prm transmission translated from the running motor.

Re: To amuse the community
 

I got an oldLP player from my father and I was going to strip it down as you describe but then something came up and I forgot it. Now found this lp player ehich I could use straight.

Re: To amuse the community
 

My internet connection started to feel sluggish. Linux Mint LMDE has 173 threads on it. Scanning with ClamTk. Interesting to see what they are.

I have a pretty good idea why I am in this situation and it doesn't feel good. Made a basic check of an online seller. One hint led to a webpage which was an orient online casino. There came a pop up with chinese looking letters and a red star on it. Took a picture with my phone but haven't yet checked whst it says.

After couple of days I made a normal search with google. I got many hits of the IT related subject I was after, all search hits showing a portion of a legit article. I clicked couple to open and they led to a page where browser said it blocked connection to an unknown site.

I tried another hit. Same thing. Then I understood to check the search hits site's url which should have been first thing to do. They were all some phony sites and these google search hits were many, each one having a portion of the legit article I was after.

So while checking that online seller even though I used a virtual machine and I think tor in it and proxy enabled, I think my ip and mac leaked and I got someone after me.

174 threads now and still scanning. I hope I can save some files and then install a new Os. And have to go through all machines in out family, reboot the router, change all the passwords to everything etc. Bummer. Haven't happen for a while.

Re: To amuse the community
 

Downloading CubesOs.

Re: To amuse the community
 

261 threads and rising.

Re: To amuse the community
 

Last time I got this bad was when I downloaded Pwnyexpress for N900 to test it and extracted the zip file on windows machine. Have to say Kaspersky was a bit busy.

Re: To amuse the community
 

Didn't wan't to sleep but wait. Ended up sleeping maybe three hours. Woke up: 613 threads!!!

So wisemen probably already guessed. Clamav flags libreoffice PUAs as thread and ad to that a timeshift backups.

Another thread is a gif exploit on flatpak which is just related how the flatpak determines the display size and rendering.

My learning curves are exhausting.

Re: To amuse the community
 

Hm. did you try to
a) completely close your broser
b) remove your browser's cache & configuration
before reinstalling?

I am a little unsure how a threat could have escaped your browser and infected the operating system itself.
Keep in mind that clamav reports possible threats.

In the future, use the noscript addon, or uBlock origin in expert mode, disallowing all javascript by default!
I always do that and while I still don't like visiting dodgy sites, it is much safer this way.

There's a second part to your report I did not fully understand; maybe there's a DNS problem, too. That could also reside inside your browser (which browser btw?), but also outside of it, wherever your system does name resolution.
Or maybe even the router.

Re: To amuse the community
 

My wife threw in the air as a joke a request to make her a wooden madonna triptych out of wood, of which se showed a picture, with opening doors and inside carved with religious images. I am a hardcore christian believer, so no problem, but - I don't know what Madonna, Jesus or God looks like. And I don't wan't to lead people astray with something I make.

But I knew what something else looks like. Took me the whole autumn to make this in my free time at work. Had to keep it as a secret from my wife.
One smaller item and one bigger. Merry christmas to everyone!

https://www.dropbox.com/s/5fq17swaq6...thon0.jpg?dl=0

https://www.dropbox.com/s/3272c3zf3h...thon1.jpg?dl=0

https://www.dropbox.com/s/d8kfbry52m...thon2.jpg?dl=0

https://www.dropbox.com/s/hmqavedf9t...thon3.jpg?dl=0

https://www.dropbox.com/s/l5m0v7qjzl...thon4.jpg?dl=0

https://www.dropbox.com/s/w253284x09...thon5.jpg?dl=0