Skip to content

Posts tagged ‘news’

Sep Compromised, OpenSSH Source Not Backdoored, the primary site for the Linux kernel source, was compromised sometime in August. It is believed that the attackers gained access using compromised user credentials, and then escalated their privileges to root. Early pieces of information implied that some OpenSSH source code was stored on the compromised server(s), apparently this may not be the case. So far the investigation has found that several modifications were made to the compiled OpenSSH client and server binaries running on the system to log user activity. The full extent of the changes is not yet known, and nobody has yet come forward to claim this hack.

If you’ve installed or updated your kernel or OpenSSH recently, you may want to reinstall from a known good version, although it is not yet known if any kernel sources were modified. Although in this case OpenSSH wasn’t compromised, admins can consider running some form of Single Packet Authorization, such as fwknop, as an additional layer of protection for your SSH server against these kinds of issues (backdoors) and other potential future 0days.

Hopefully more info will come to light as the investigation progresses. Hit the jump for more details.

Read moreRead more


Steve Jobs Resigns as Apple CEO, Tim Cook Named as Successor

Today is a sad day. Steve Jobs, the man who founded Apple and single-handedly turned the company back around and redefined the music and mobile computing industry, has announced his resignation as CEO. Steve has been an inspiration to me for as long as I can remember, and his vision and attention to detail has defined a generation and brought us products that are, without a doubt, insanely great. Unfortunately Steve has struggled with health issues over the past few years, and I wish him all the best. I’m very happy to see him continue as part of Apple as Chairman of the Board. Here is Steve’s press release:

PRESS RELEASE: Letter from Steve Jobs

August 24, 2011–To the Apple Board of Directors and the Apple Community:

I have always said if there ever came a day when I could no longer meet my duties and expectations as Apple’s CEO, I would be the first to let you know. Unfortunately, that day has come.

I hereby resign as CEO of Apple. I would like to serve, if the Board sees fit, as Chairman of the Board, director and Apple employee.

As far as my successor goes, I strongly recommend that we execute our succession plan and name Tim Cook as CEO of Apple.

I believe Apple’s brightest and most innovative days are ahead of it. And I look forward to watching and contributing to its success in a new role.

I have made some of the best friends of my life at Apple, and I thank you all for the many years of being able to work alongside you.

As far as Apple goes, well, it’s always difficult to know what the company will do, but it’s safe to say that they’re in the most stable and dominant position they’ve ever been. Although Steve was the visionary, he’s had a rock solid team of executives working with him, and I’m sure that his succession plan was developed to leave Apple in the best possible situation. Apple has already announced Tim Cook as his successor, and Steve being elected to Chairman of the Board. In my opinion Tim will be a solid CEO, and proved to be extremely capable during Steve’s previous absence; I just hope he also shares some of Steve’s creative vision.

Apple stocks crashed nearly 5% in after-hours trading, which is to be expected. As the world has been aware of Steve’s medical condition for a while now, his resignation did not come as too much of a shock, otherwise the drop would’ve been far more significant. Apple has strong fundamentals, and an excellent performance capped off by a massive cash store. If the stock does drop, it will be very short lived as investors realise that the company is as solid as ever. Not to mention that Apple’s roadmap is more or less fixed for the next two years anyway.

Again, Steve I wish you all the best, get well soon, and welcome to Tim as the new leader of what will continue to be a source of innovation for years to come! I look forward to reading Steve’s official biography. Hit the jump for Apple’s full press release.

Read moreRead more


LIGATT CEO Gregory D Evans Hacked and Exposed

It appears that the website (rm’d), email and Twitter account of the much disliked LIGATT CEO Gregory D Evans have been hacked, and 84,668 of his emails have been leaked in a 4.15GB torrent. Evans, self-declared “World’s Number 1 Hacker” and also a convicted felon, is frequently outed by many in the security industry for his use of plagiarism, fraud and unethical practices. This leak is probably due to his consistent harassment of security professionals who have been vocal about exposing his activities. A full and descriptive profile of Evans is available at

Messages were posted on Evans’ hacked Twitter account (above), pointing to a Pastebin (since removed). Here is an excerpt:

Do not meddle in the affairs of hackers, for they are subtle and quick to anger.

When one thinks of frauds in the infosec community, most people are quick to point to Gregory D Evans of LIGATT Security[…]

He’s gone after people at their home to intimidate them and their family. He’s gone after them at their work to discredit them with their employer. And as everyone knows, he recklessly sues anyone who speaks negatively of him on the internet[…]

Enough is enough. He must be stopped by any means necessary. To that end, at the end of this message is a torrent of the inbox of [email protected]

The end of the message contained a link to another pastebin (also removed), which was a Base64-encoded torrent file. The password for the archive in the torrent, as posted on his Twitter feed, is “DoomedCharlatan”. Ligattleaks (now offline), a site dedicated to leaking information about Gregory Evans’ activity (although they say they were not involved in this particular leak), have announced that they will be trawling the emails for evidence of fraud and unethical behaviour.

[Updated] Ligattleaks is back online offline online offline, for good it seems. Another security firm (HBGary) hacked and exposed for investigating Anonymous.

[Update 15/2/2011] CBS Atlanta had a news segment about LIGATT and Gregory Evans entitled “Hacker or Hoax”.  LIGATT responds to CBS Atlanta (link removed as his site was found to be distributing malware). This post debunks LIGATT’s response.

When one thinks of frauds in the infosec community, most people are
When one thinks of frauds in the infosec community, most people are
quick to point to Gregory D Evans of LIGATT Security.quick to point to Gregory D Evans of LIGATT Security.

UVB-76 Activity Updates

UVB-76 Satellite ImageThis post will be updated to cover news and activity of interest from UVB-76 (MDZhB/94ZhT). Latest/newest update at the top.

Latest Transmission: Thu, Nov 3 2011 @ 12:47 UTC (recording)

Buzzer Status: ON

For most of the recent recordings, follow this page (or this one). An archive of historical recordings is being developed here. Also check out for lots more Numbers Station info.

Comments are welcome.

Mon, 12 Sep 2011 09:40:00 +0100

There appear to have been a few transmission in the past month with different callsigns. On September 8 2011, a year after UVB-76 changed its callsign to MDZhB, it transmitted a message using another new callsign: 94ZhT. It is unknown yet whether there is any significance to this change.

Here is the transmission:

Thu, 27 Jan 2011 16:51:57 +0000

Just put up a short post analysing the transmission times of MDZhB/UVB-76.

Summary: tune in between 12:50 and 15:20 UTC for the best chance to catch a broadcast.

Fri, 19 Nov 2010 20:05:04 +0000

Check out this page for a full list of UVB-76/MDZhB transmissions and their transcriptions.

Mon, 15 Nov 2010 15:21:30 +0000

On the 11th at exactly 1400 UTC, a series of conversations were broadcast between different people on the UVB-76 frequency. It is not yet known where this transmission originated from, although the buzzer can still be heard faintly in the background. Either someone made a mistake, or it’s an unrelated or pirate transmission over UVB-76’s frequency.

UVB-76 2010-11-11 14.00 UTC by danix111

A full translation of these conversations is not yet available (feel free to post one), although they appear to be military in nature.

Mon, 08 Nov 2010 21:11:06 +0000

A few guys (Webweasel, Presentedin4D and danix111) from the UVB-76 IRC channel have started a podcast. Here is the first episode:

Fri, 05 Nov 2010 10:08:45 +0000

There have been a number of transmissions since my last post, in fact too many to summarize here. Buzzer has since stopped, however some counting/unknown beeps have been heard. The beeps are interesting as nothing of that kind has been heard so far.

ThursdayNovember42010at063545UTC Beeps by Anonym0us

ThursdayNovember42010at130700UTC TX Counting by Anonym0us

Thu, 14 Oct 2010 01:35:17 +0100

There hasn’t been much to report on recently. Unfortunately the interest in UVB-76 has waned recently, as the mystery of its silence has died down. It’s believed that the frequency is now being used to transmit messages from another relay.

I’ll update this page when something significant happens. I encourage the readers who actively follow UVB-76 to continue posting updates in the comments (many people visit this page for updates).

For those who ever feel nostalgic about the summer of mystery, there’s always UVB-76 Forever!

Sun, 03 Oct 2010 23:10:59 +0100

Here are audio clips of the recent transmissions:

Laid at the UVB-76 Internet Repeater has posted an update on recent events. Here’s one section of that post I think is important to note:

“It has been already disputed that UVB-76 may have changed to that callsign permanently […] As far as communication dispatches seem to be built up, the transmission site (and the frequency associated) is a separate entity from the party what actually airs the “content”. Therefore in any moment can someone decide that particular transmission site will now service another “content provider” and so will be. In that context, MDZhB is now simply using the same transmission unit as UVB-76.”

Thu, 30 Sep 2010 15:24:54 +0100

Based on some comments at the bottom of the page (thanks Jan), apparently there have been some reported transmissions. I haven’t yet been able to confirm these from a secondary source…

Buzzer is currently off.

Thu, 23 Sep 2010 20:12:00 +0100

There have been a few transmission in the past couple days. Unfortunately no recordings or transcriptions are currently available. Other than that the buzzer has been operating more or less ceaselessly.

This evening the buzzer stopped, and the carrier signal has also disappeared.

Sun, 19 Sep 2010 18:25:48 +0100

One transmission today.

MDZhB 75476 Prizmatin 8087 6428 Khrizopraz 0621 5018

Voice-Transmission-2010-09-19-15h44m07s-UVB-76-MDZhB-cleared by soundinfo

Sun, 19 Sep 2010 15:36:26 +0100

Another transmission yesterday. The transmissions from the so-called MDZhB appear quite frequent with 1-2 transmissions daily. What the connection is with the original UVB-76 – apart from the constant buzzer – is unknown. Perhaps the station has been re-purposed to broadcast these coded messages once a day.

Yesterday’s transmission:

MDZhB 2551 BRIZ 2934 7683

Voice_Transmission-2010-09-18-17h30m22s-UVB-76-cleared by soundinfo

Fri, 17 Sep 2010 13:05:33 +0100

A combined stream of the WinradHD waterfall with audio (USB) are now available on

There have been two supposed transmissions today (check comments for initial details).

First transmission at 11:52 UTC:

MDZhB 19 620 Priroda 15 76 95 38

Second transmission at 12:26 UTC:

MDZhB 94864 Tritil 6098 1359

Haven’t been able to source the audio recordings in order to confirm these. If anyone has recordings please let me know, or upload them to Soundcloud.

Thu, 16 Sep 2010 17:06:46 +0100

There have been two interruptions to the buzzer today, during which voice transmissions were made.

The first transmission occurred around 13.24 GMT. Further details and audio recording coming soon.

MDZhB 21 157 SPIThNEJ 00 20 5 5 5 3

Male Voice September 16 2010 13.18UTC by uvb76repeater

The second transmission occurred at 15.39 GMT. A male voice read out the following message (all letters spelled out in names):

MDZhB MDZhB 85 343 KRINUM 01 48 04 95 PRIORITYT 14 08 28 71

I wonder what the ‘priority’ is.

UVB-76 Male voice transmission 16.39GMT 2010-09-16 by secgen

Buzzer is still going.

Tue, 14 Sep 2010 17:20:12 +0100

For the enjoyment of everyone who has had the strange pleasure of following UVB-76, I’ve created this experimental track which puts together most of the interesting recent events from the station. Enjoy!

UVB-76 Forever by secgen

Digg it, Tweet it, hate it, I dunno… just do something! ;)

Also available on YouTube: UVB-76 Forever Video.

Tue, 14 Sep 2010 12:55:03 +0100

UVB-76 is buzzing again. Strong signal too.

Sun, 12 Sep 2010 23:37:44 +0100

Not much to report on today apart from another male voice transmission. The buzzer is still missing.

Micha… MDZhB 13 626 TRJHLJTOK 2 0 0 45 29 47 …. MDZhB 13 626 TRJHLJTOK 0 0 45 29 47

Note: all letters are spelled out phonetically, eg. Michail, Dimitry, Zhenya, Boris, etc.

Male Voice September 12 2010 13.04UTC

Sun, 12 Sep 2010 11:53:21 +0100

Latest transmission yesterday from a female voice (believed to be genuine UVB-76):

Mihhail Dimitry Zhenja Boris 80 0 30 3 Pavel Roman Jelena Pavel Roman Jelena Konstantin Anna 73 82 67 63

Female Voice September 11 13.53UTC

Towards the end it is possible to hear another voice talking in the background. Whether this is from the same transmission is unknown.

Other interesting transmissions, include voices that appear to be answering a phone, now leading to the speculation that UVB-76 is in some way connected to a telephone exchange. Possible if it’s a communications centre. More info on this theory in this post.

There was one other male voice transmission recently, but this is believed to be from pirates.

Fri, 10 Sep 2010 12:18:27 +0100

Feel free to drop by the live chat to discuss UVB-76. Not much happening at the moment as everyone is waiting for the buzz to return. The updates on this page contain all the info that is currently available.

Fri, 10 Sep 2010 08:51:29 +0100

The buzzer has stopped again since yesterday.

Wed, 08 Sep 2010 17:35:56 +0100

After the better part of another day with no activity – there’s been plenty. First a weak buzzer returned, shortly followed by the appearance of a strong carrier signal. After that it seems like they turned on the power because both the buzzer and subsequent voice transmissions have been extremely loud and clear.

The buzzer stopped briefly twice. Once for a male voice doing a test run of counting, and the second time for a female voice making a full voice transmission. The transmission transcodes to:

82 366 prutjnoi 63 85 99 71

This transmission did not use the callsign UVB-76, but instead “MDZhB” (Rus. МДЖБ), although the transmission was very clearly on 4.625 kHz. The transmissions appear to be genuine from UVB-76/MDZhB.

As of this post the buzzer is still on, so listen live.

Tue, 07 Sep 2010 22:37:06 +0100

Apart from one unverified audio transmission, there has been little-to-no activity today.

Still no buzzer.

Tue, 07 Sep 2010 01:17:47 +0100

As this page was auto-refreshing, it was causing the flash players to reload constantly. I’ve now disabled the auto-updating. This means you’ll have to refresh this page manually to see any new posts.

Tue, 07 Sep 2010 00:52:57 +0100

Some interesting activity over the past few days, some legitimate, some not. Firstly, the UVB-76 temporary internet repeater kit has been upgraded, and it’s now possible to watch a live stream of the WinradHD screen (shows a visual waterfall output of the frequency). Someone is now also recording both the AM and USB feeds into a publicly-accessible archive. Worth checking out if you want a recording of something you heard.

In other news: It appears some pirates have been trying to broadcast over UVB-76’s frequency, and managed to make a message (“XYN”) appear in the waterfall view of the stream (screenshot below – click to enlarge):

Waterfall Message (click to enlarge)Apparently those three letters mean “dick” in Russian. Admittedly this is a cool prank to pull off, however it does detract from everyone’s efforts of following UVB-76. There has also been some “counting” transmissions which were broadcast on UVB-76’s frequency, but may not be genuine.

Aside from that, The Buzzer has been silent. Laid (who runs the live stream) has found a new sine wave being transmitted right next to UVB-76’s frequency. There is currently speculation as to whether this may be related to The Buzzer in some way; possibly as an upgrade/replacement? Follow that discussion here.

As of this post there is still no buzzer.

Sun, 05 Sep 2010 20:58:12 +0100

Will post a full update of activities tomorrow. Stay tuned!

Fri, 03 Sep 2010 00:29:50 +0100

Just heard some more counting. But apart from that UVB-76 is silent again (no buzzer).

Thu, 02 Sep 2010 22:05:37 +0100

Plenty of activity this afternoon. The first piece of interest was a male voice in the background heard saying something along the lines of “these should work, but are very weak” (audio below).

UVB-76 then came back on air and continued the seemingly maintenance-related loop of buzzer-music-buzzer (same as yesterday).

This was interwoven with very clear morse (whether this is directly on UVB-76’s frequency is to be confirmed), and new voice transmissions of at least three people (two male, one female), counting from 1 to 10. Sound clips below.

The third one is most interesting as it’s very clear and contains buzzer, music, morse and counting.

As of this update, we’re still hearing the occasional loop of buzzer-music-buzzer. Just heard one more very distorted male voice counting.

Thu, 02 Sep 2010 09:51:08 +0100

Confirmed the morse code from yesterday was not actually on 4.625 MHz (UVB-76’s frequency), but on a neighbouring frequency used by Russian Navy.

UVB-76 itself is currently silent.

Thu, 02 Sep 2010 01:56:19 +0100

Summary of 1 September 2010:

  1. UVB-76 carrier (buzzing) went off the air
  2. A repeating morse code signal appeared (60 second loop)
  3. Another deeper morse code could briefly be heard
  4. UVB-76 buzzer returns together with a loop of swan lake music (extract below)
  5. UVB-76 carrier went off the air again
  6. Currently broadcasting more morse code on loop (no buzzer)

Current belief is that the station is undergoing maintenance.