THE ORIONID meteor shower promises to dazzle stargazers with a spectacular display of shooting stars TONIGHT. But what is the best time too watch the meteor shower?
When its the Orionids meteor shower?
If you can’t view it, either it being cloudy or heavey lit area, Slooh will be Live streaming the event from tonight. Join Paul Cox, Dr. Paige Godfrey, and Bob Berman for a decidedly casual and far-ranging chat as as we train our telescopes on the Orionids. SLOOH Live Event of the Orionid Meteor Shower
The Orionids light up the night sky every year towards the end of October in “one of the most beautiful showers of the year”, according to Nasa.
The meteor shower will peak in the early of hours of Saturday (October 20) and once again in the early hours of Sunday (October 22). Sporadic meteors have already been dashing across the night sky from October 15 and should remain visible until November.
During the peak, stargazers can expect anywhere up to 50 meteors per hour, though this year Nasa believes that the numbers may not be as spectacular.
Nasa’s Jane Houston Jones said: “The Orionids peak on October 20, a dark, moonless night. Look near Orion’s club in the hours before dawn and you may see up to 10 to 15 meteors per hour. “Use binoculars to look for bright asteroid 7 Iris in the constellation Aries. Newbies to astronomy should be able to spot this magnitude 6.9 asteroids even from the city.”
What is the best time to view the Orionids meteor shower?
The peak of the Orionids will be visible anywhere on Earth in the early morning hours of tonight and tomorrow night, usually after midnight and just before dawn.
The best time for skywatchers to head outside is usually around 2am when the shower is at its most intense.
Star gazers will be aided this year by the lack of moonlight which should keep the skies clear of any hindering light pollution.
But Storm Brian will make the sky overcast tonight much of the UK as the weather bomb unleashes strong winds and rainstorms.
A Met Office spokesman said: “There’s quite a lot of cloud around this evening and overnight. The best chance of seeing them will be in the early hours before dawn.” He said that the clearest skies will be from 3am in the eastern part of England across East Anglia, the South East, Lincolnshire and the Midlands.”
To get the best views, stay away from any sources of light pollution and give your eyes some time to adjust to the dark of space.
Where will the Orionid meteor shower appear?
The Orionids derive their name from there point of origin next to the Orion constellation, which ascends in the east.
But the shower’s radiant point is mostly irrelevant because the meteors will shoot out in all sorts of directions, and usually remain unseen until about 30 degrees from the radiant.
However, if you spot a streaking meteor, you should be able to trace its path back to its origin next to Orion’s club.
What are the Orionids?
The spectacular shooting stars are remnants of the prolific Halley’s Comet, which visits Earth every 74 to 79 years.
When the comet passes through the solar system, chunks (Debris) of ice and rock break off from the comet thanks to the sun, and trail in the comet’s path. The first recorded reports of the shower date back to 1839, when it was spotted in America.
The Orionids are incredibly fast meteors and crash into Earth’s atmosphere at a speed of 66 km/s. Many of the falling stars leave ionised trails of glowing gas in their path.
Orionid Meteors Over Turkey Credit & Copyright: Tunc TezelExplanation: Meteors have been flowing out from the constellation Orion. This was expected, as mid-October is the time of year for the Orionids Meteor Shower. Pictured above, over a dozen meteors were caught in successively added exposures over three hours taken this past weekend from a town near Bursa, Turkey. The above image shows brilliant multiple meteor streaks that can all be connected to a single point in the sky just above the belt of Orion, called the radiant. The Orionids meteors started as sand sized bits expelled from Comet Halley during one of its trips to the inner Solar System. Comet Halley is actually responsible for two known meteor showers, the other known as the Eta Aquarids and visible every May. Next month, the Leonids Meteor Shower from Comet Tempel-Tuttle might show an even more impressive shower from some locations.
Eclipsosaurus Rex Image Credit & Copyright: Fred Espenak (MrEclipse.com)Explanation: We live in an era where total solar eclipses are possible because at times the apparent size of the Moon can just cover the disk of the Sun. But the Moon is slowly moving away from planet Earth. Its distance is measured to increase about 1.5 inches (3.8 centimeters) per year due to tidal friction. So there will come a time, about 600 million years from now, when the Moon is far enough away that the lunar disk will be too small to ever completely cover the Sun. Then, at best only annular eclipses, a ring of fire surrounding the silhouetted disk of the too small Moon, will be seen from the surface of our fair planet. Of course the Moon was slightly closer and loomed a little larger 100 million years ago. So during the age of the dinosaurs there were more frequent total eclipses of the Sun. In front of the Tate Geological Museum at Casper College in Wyoming, this dinosaur statue posed with a modern total eclipse, though. An automated camera was placed under him to shoot his portrait during the Great American Eclipse of August 21.
Global Aurora at Mars Image Credit: MAVEN, LASP, University of Colorado, NASAExplanation: A strong solar event last month triggered intense global aurora at Mars. Before (left) and during (right) the solar storm, these projections show the sudden increase in ultraviolet emission from martian aurora, more than 25 times brighter than auroral emission previously detected by the orbiting MAVEN spacecraft. With a sunlit crescent toward the right, data from MAVEN’s ultraviolet imaging spectrograph is projected in purple hues on the right side of Mars globes simulated to match the observation dates and times. On Mars, solar storms can result in planet-wide aurora because, unlike Earth, the Red Planet isn’t protected by a strong global magnetic field that can funnel energetic charged particles toward the poles. For all those on the planet’s surface during the solar storm, dangerous radiation levels were double any previously measured by the Curiosity rover. MAVEN is studying whether Mars lost its atmosphere due to its lack of a global magnetic field.
I woke up on the 12th of May, it was my birthday, and I looked on the news feed and saw a burst of articles regarding the WannaCry Ransomware that has swept across the globe.
In the last few days, a new type of malware called Wannacrypt has done worldwide damage. It combines the characteristics of ransomware and a worm and has hit a lot of machines around the world from different enterprises or government organizations:
While everyone’s attention related to this attack has been on the vulnerabilities in Microsoft Windows XP, please pay attention to the following:
The attack works on all versions of Windows if they haven’t been patched since the March patch release!
The malware can only exploit those vulnerabilities it first has to get on the network. There are reports it is being spread via email phishing or malicious web sites, but these reports remain uncertain.
Please take the following actions immediately:
Make sure all systems on your network are fully patched, particularly servers.
As a precaution, please ask all colleagues at your location to be very careful about opening email attachments and minimise browsing the web while this attack is on-going.
The vulnerabilities are fixed by the below security patches from Microsoft which was released in Mar of 2017, please ensure you have patched your systems:
This video explains how the RSA public key and private key are created to be fully dependent on each other. The first part of the video explains the concepts with paint and colors. The second part contains heavy duty math, which may not be as easily understood:
Watching this video may help you understand the XOR Activity in Section 3.3.
These links detail the Heartbleed bug from 2014. This vulnerability shows that even though data is protected both in transit and at rest with encryption, data that is being processed is not protected. The encrypted data needs to be decrypted before it’s processed, and therefore is vulnerable at this stage.
This is a Netmask Translation Table. It can be used to determine what IPs should be used and which ones cannot be used.
Netmask CIDR Notes
255.255.255.255 /32 Host (single address)
255.255.255.254 /31 Unusable
255.255.255.252 /30 4 IPs with 2 Usable
255.255.255.248 /29 8 IPs with 6 Usable
255.255.255.240 /28 16 IPs with 14 Usable
255.255.255.224 /27 32 IPs with 30 Usable
255.255.255.192 /26 64 IPs with 62 Usable
255.255.255.128 /25 128 IPs with 126 Usable
255.255.255.0 /24 256 IPs with 254 Usable "Class C"
Note: The first and last IP of a series are NOT usable and the first
usable IP is normally set up for the router.
The 1st IP is the network address. The last IP is the broadcast address.
Each customer will be given their own unique IP block necessary to configure their own network. This unique IP information will be supplied by their Account Manager.
The below is only an EXAMPLE, do NOT use its IPs, instead, use those IP numbers that come from your Account Manager.
Your Account Manager should give you all the following information.
Your IP block is 18.104.22.168/28
Gateway IP address (Router IP) 22.214.171.124
Useable IP's 126.96.36.199-46
Subnet Mask 255.255.255.240
DNS Servers: ns.cais.com 188.8.131.52
Subnetmask Translation Table
This is a Netmask Translation Table. It can be used to determine what IPs should be used and which ones cannot be used.
Subnetmask Subnetmask (binary) CIDR Notes
255.255.255.255 11111111.11111111.11111111.11111111 /32 Host (single address)
255.255.255.254 11111111.11111111.11111111.11111110 /31 Unusable
255.255.255.252 11111111.11111111.11111111.11111100 /30 4 IPs with 2 Usable
255.255.255.248 11111111.11111111.11111111.11111000 /29 8 IPs with 6 Usable
255.255.255.240 11111111.11111111.11111111.11110000 /28 16 IPs with 14 Usable
255.255.255.224 11111111.11111111.11111111.11100000 /27 32 IPs with 30 Usable
255.255.255.192 11111111.11111111.11111111.11000000 /26 64 IPs with 62 Usable
255.255.255.128 11111111.11111111.11111111.10000000 /25 128 IPs with 126 Usable
255.255.255.0 11111111.11111111.11111111.00000000 /24 256 IPs with 254 Usable
255.255.254.0 11111111.11111111.11111110.00000000 /23
255.255.252.0 11111111.11111111.11111100.00000000 /22
255.255.248.0 11111111.11111111.11111000.00000000 /21
255.255.240.0 11111111.11111111.11110000.00000000 /20
255.255.224.0 11111111.11111111.11100000.00000000 /19
255.255.192.0 11111111.11111111.11000000.00000000 /18
255.255.128.0 11111111.11111111.10000000.00000000 /17
255.255.0.0 11111111.11111111.00000000.00000000 /16
255.254.0.0 11111111.11111110.00000000.00000000 /15
255.252.0.0 11111111.11111100.00000000.00000000 /14
255.248.0.0 11111111.11111000.00000000.00000000 /13
255.240.0.0 11111111.11110000.00000000.00000000 /12
255.224.0.0 11111111.11100000.00000000.00000000 /11
255.192.0.0 11111111.11000000.00000000.00000000 /10
255.128.0.0 11111111.10000000.00000000.00000000 /9
255.0.0.0 11111111.00000000.00000000.00000000 /8
254.0.0.0 11111110.00000000.00000000.00000000 /7
252.0.0.0 11111100.00000000.00000000.00000000 /6
248.0.0.0 11111000.00000000.00000000.00000000 /5
240.0.0.0 11110000.00000000.00000000.00000000 /4
184.108.40.206 11100000.00000000.00000000.00000000 /3
192.0.0.0 11000000.00000000.00000000.00000000 /2
220.127.116.11 10000000.00000000.00000000.00000000 /1
0.0.0.0 00000000.00000000.00000000.00000000 /0
IP spaceNote: The first and last IP of a series are NOT usable and the first
usable IP is normally set up for the router.
The 1st IP is the network address. The last IP is the broadcast address.
Boldly going where no man has gone before, the Kirk Ransomware brings so much nerdy goodness to the table that it could make anyone in IT interested. We have Star Trek, Low Orbital Ion Cannons, a cryptocurrency payment other than Bitcoin, and a decryptor named Spock! Need I say more?
Discovered today by Avast malware researcher Jakub Kroustek, the Kirk Ransomware is written in Python and may be the first ransomware to utilize Monero as the ransom payment of choice.
At this time there are no known victims of this ransomware and it does not appear to be decryptable. For those who want to discuss this ransomware or receive updates about it, they can subscribe to our Kirk Ransomware Support & Help topic.
Kirk Ransomware uses Monero for Ransom Payments
Ever since Monero was released, it has been highly touted as a more secure and anonymous payment system than Bitcoin. This has caused underground criminal sites, like AlphaBay, to accept it as payment and for criminals to mine it using mining Trojans. It was only a matter of time until ransomware developers started requesting it.
For possibly the first time, with the release of Kirk Ransomware, Monero has been introduced as a ransom payment. The problem is that this is only going to confuse victims even more. Even with Bitcoin becoming more accepted, it is still not easy to acquire them. By introducing a new cryptocurrency into the mix, victims are just going to become more confused and make paying ransoms even more difficult.
How the Kirk Ransomware Encrypts a Computer
While it is not currently known how the Kirk Ransomware is being distributed, we do know that it is masquerading as the network stress tool called Low Orbital Ion Cannon. Currently named loic_win32.exe, when executed Kirk Ransomware will now generate a AES password that will be used to encrypt a victim’s files. This AES key will then be encrypted by an embedded RSA-4096 public encryption key and saved in the file called pwd in the same directory as the ransomware executable.
If you plan on paying the ransom for the Kirk Ransomware, you must not delete the pwd file as it contains an encrypted version of your decryption key. Only the ransomware developer can decrypt this file and if a victim wishes to pay the ransom they will be required to send them this file.
Below is the current embedded RSA key used to encrypt the victim’s encryption key.
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
Kirk Ransomware will now display a message box that displays the same slogan as the LOIC network stress tool. This slogan is: “Low Orbital Ion Cannon | When harpoons, air strikes and nukes fail | v18.104.22.168”.
At this point, the ransomware infection will begin to scan the C: drive for files that have certain file extensions. At the time of this writing, Kirk Ransomware targets 625 file types, which are listed at the end of the article.
If a matching file is detected, it will encrypt it using the previously created AES encryption key and then append the .kirked extension to the encrypted file’s name. For example, a file called test.jpg would be encrypted and renamed to test.jpg.kirked.
When the ransomware finishes encrypting the files it will drop a ransom note called RANSOM_NOTE.txt in the same folder as the executable. It will also display the ransom note in a Window on your desktop. A full version of the ransom note can be see at the end of the article.
This ransom note tells the victim that they must purchase ~1,100 worth of the Monero currency and send it to the enclosed Monero address. Once a payment is made, the victim must email the pwd file and the payment transaction ID to the email@example.com or firstname.lastname@example.org email addresses to receive the decryptor.
The Spock Decryptor
This wouldn’t be a Star Trek themed ransomware without Spock. The developer agrees as they have named the decryptor “Spock” and it will be supplied to the victim once a a payment is made.
At this time we have not seen a sample of the decryptor, so cannot provide more info regarding it.
As previously said, unfortunately at this time the ransomware does not look like it can be decrypted. For those who want to discuss this ransomware or receive updates about it, they can subscribe to our Kirk Ransomware Support & Help topic.
oWMKxd, .,lxNKKOo;. :xWXklcc;. ...'.
k lMMNl . ON. :c. ''. ':....
.WXc ;WMMMXNNXKKxdXMM. . .
.NdoK: XMMMMMMMMMMMMMMM;oo; ...;,cxxxll. .
KK:xKKWMMMXNMMMMW; .. :WNKd, .. .'cdOXKXNNNNNWWMMMMMMMW0,
lNMXXMMMMMMMMWWMMWKk, ;0k' .,cxxk0K0O0XXWWMMMMMMMMMMMMMMX:.. ..
..,;XMMMMMMMWXWWK0KK: .;. .:lddddxOOO0XWMMMMMMMMMMMMMMMMMMO. .,
.kKXMMMMMWkoxolcc;.. .':loodxO00OO0NNXNWMMMMMMMMMMMMMMMN; '.
.MK;kWMMMWWKOc. . ..';cdxkKNX0kOOOKNMMMMMMMMMMMMMMMMMW: .
,MW:,:x0NMMMMWW0x' ..,:dXNWW0xkkKWMMMMMMMMMMMMMMMMMMWk. ..
oMMN; ;odoccc;c:. ...lXWWMOok0NMMMMMWNXKXKXWMMMMMMMOc.
XMMMX, ....';lldkWkodK0loc'. .'lxx0kOKNMMMXo.
'XMMMMMNc .dldXWx. ..,,coOXOkXMMMK,
,. .:dk0KNWMk. ... .kWMK,. ..:c .:.. .0MWMMMMO.
.':x0K0:. .. . . .OWMNNXO:cccdxKXWMW0o0WWMMMM;.
00000000000kdl:,'. ..'o00l 'KMMNKNWWNKXWWMMMMMMMMMMMMMM0.
0000000000000000000Oxl:' .;xKWWx .xNMMMWNMMMMMMMMMMMMMMMMMMMMMMl
0000000000000000000000000x;. ..,::,. .ck0KKk' '0WMMMMMMMWWMMMMMMMMMMMMMMMMMM0. .'
0000000000000000000000000000Oxdllc:;,....,'... .cdkOko: ,cOKKXWMMMKd0WMMMMMMMMMMMMMWW0. 'Kc:,
000000000000000000000000000000000OkkkxdoodxOkoooool .;okOx, .,'...cKMXl'oKWMMMMMMMWWNXN0 'MMc0.
0000OO000000000000000000000000000000000000000kc. .:dk0c ,KNKxdKMMM0;;kMMMMMMMMWNKXO ,kW0xl
OdloxO000000000000000000000000000000000000000000x, .,ll; .lokKWMMMMMMMMM0xNMMMMMMMNXXNo.xK;cXKx
lx000000000000000000000000000000000000000000000000l .'.. .'cKWXOXMMMMMMMMMMMMMMMMMWWNXXNKX0MNkNK0..
00000000000000000000000000000000000000000000000000O .. ..,;ok0X000KKXWMNNMMMMMMMMNNXKKXX00MMMWWc',
00000000000000000000000000000000000000000000000000d .. ..........;;.cKMMMMMWNXKKXNKxkNMMX,
:;ok00000000000000000000000000000000000O.;.d00000dc ... .........cONMMMMMMMMMNXXXN0dlddxN.
.dk000000000000000000000000000000000000;ld,.O00kocc .. ...,;::lokKNMMMMMMMMWKOO0OxloocxM:
OO0000000000000000000000000000000000000ol0Koc0xc:ll . ..;lxO0XNNMMMMMMMMMMMN0xoxOdl::,;0Md
:;,'..;loxk000000000000000000000000000000000lx..loo ,0 .'';lkKKNMMMMMMMMMNOd:;lc:;'..,kWMK
cccldxkkkO00Okdooddxk00000000000000000000000Oc'lddl dK, .':ollokOOOOOOOc'.........lXMMMM,
000000kdoc,....;cldkO0000000000000000000000Okdodddo'K0'. ....... .oKMMMMMM0
_ _____ ____ _ __ ____ _ _ _ ____ ___ __ ____ ___ ____ _____
| |/ /_ _| _ \| |/ / | _ \ / \ | \ | / ___| / _ \| \/ \ \ / / \ | _ \| ____|
| ' / | || |_) | ' / | |_) | / _ \ | \| \___ \| | | | |\/| |\ \ /\ / / _ \ | |_) | _|
| . \ | || _ <| . \ | _ < / ___ \| |\ |___) | |_| | | | | \ V V / ___ \| _ <| |___
|_|\_\___|_| \_\_|\_\ |_| \_\/_/ \_\_| \_|____/ \___/|_| |_| \_/\_/_/ \_\_| \_\_____|
Oh no! The Kirk ransomware has encrypted your files!
> ! IMPORTANT ! READ CAREFULLY:
Your computer has fallen victim to the Kirk malware and important files have been encrypted - locked
up so they don't work. This may have broken some software, including games, office suites etc.
Here's a list of some the file extensions that were targetted:
.3g2 .rar .jar .cgi .class .jtd .potx .xex .dds
.3gp .jpg .csv .pl .cd .jtt .potm .tiger .ff
.asf .jpeg .psd .com .java .hwp .sda .lbf .yrp
.asx .png .wav .wsf .swift .602 .sdd .cab .pck
.avi .tiff .ogg .bmp .vb .pdb .sdp .rx3 .t3
.flv .zip .wma .bmp .ods .psw .cgm .epk .ltx
.ai .7z .aif .gif .xlr .xlw .wotreplay.vol .uasset
.m2ts .dif.z .mpa .tif .xls .xlt .rofl .asset .bikey
.mkv .exe .wpl .tiff .xlsx .xlsm .pak .forge .patch
.mov .tar.gz .arj .htm .dot .xltx .big .lng .upk
.mp4 .tar .deb .js .docm .xltm .bik .sii .uax
.mpg .mp3 .pkg .jsp .dotx .xlsb .xtbl .litemod .mdl
.mpeg .sh .db .php .dotm .wk1 .unity3d .vef .lvl
mpeg4 .c .dbf .xhtml .wpd .wks .capx .dat .qst
.rm .cpp .sav .cfm .wps .123 .ttarch .papa .ddv
.swf .h .xml .rss .rtf .sdc .iwi .psark .pta
.vob .mov .html .key .sdw .slk .rgss3a .ydk
.wmv .gif .aiml .odp .sgl .pxl .gblorb .mpq
.doc .txt .apk .pps .vor .wb2 .xwm .wtf
.docx .py .bat .ppt .uot .pot .j2e .bsa
.pdf .pyc .bin .pptx .uof .pptm .mpk .re4
There are an additional 441 file extensions that are targetted. They are mostly to do with games.
To get your files back, you need to pay. Now. Payments recieved more than 48 hours after the time of
infection will be charged double. Further time penalties are listed below. The time of infection has
Any files with the extensions listed above will now have the extra extension '.kirked', these files
are encrypted using military grade encryption.
In the place you ran this program from, you should find a note (named RANSOM_NOTE.txt) similar to this one.
You will also find a file named 'pwd' - this is your encrypted password file. Although it was
generated by your computer, you have no way of ever decrypting it. This is due to the security
of both the way it was generated and the way it was encrypted. Your files were encrypted using
____ ____ ___ ____ _ __ _____ ___ _____ _ _ _____ ____ _____ ____ ____ _ _ _____ _
/ ___|| _ \ / _ \ / ___| |/ / |_ _/ _ \ |_ _| | | | ____| | _ \| ____/ ___| / ___| | | | ____| |
\___ \| |_) | | | | | | ' / | || | | | | | | |_| | _| | |_) | _| \___ \| | | | | | _| | |
___) | __/| |_| | |___| . \ | || |_| | | | | _ | |___ | _ <| |___ ___) | |___| |_| | |___|_|
|____/|_| \___/ \____|_|\_\ |_| \___/ |_| |_| |_|_____| |_| \_\_____|____/ \____|\___/|_____(_)
"Logic, motherfucker." ~ Spock.
Decrypting your files is easy. Take a deep breath and follow the steps below.
1 ) Make the proper payment.
Payments are made in Monero. This is a crypto-currency, like bitcoin.
You can buy Monero, and send it, from the same places you can any other
crypto-currency. If you're still unsure, google 'bitcoin exchange'.
Sign up at one of these exchange sites and send the payment to the address below.
Make note of the payment / transaction ID, or make one up if you have the option.
Payment Address (Monero Wallet):
Days : Monero : Offer Expires
0-2 : 50 : 03/18/17 15:32:14
3-7 : 100 : 03/23/17 15:32:14
8-14 : 200 : 03/30/17 15:32:14
15-30 : 500 : 04/15/17 15:32:14
Note: In 31 days your password decryption key gets permanently deleted.
You then have no way to ever retrieve your files. So pay now.
2 ) Email us.
Send your pwd file as an email attachment to one of the email addresses below.
Include the payment ID from step 1.
Active email addresses:
3 ) Decrypt your files.
You will recieve your decrypted password file and a program called 'Spock'.
Download these both to the same place and run Spock.
Spock reads in your decrypted password file and uses it to decrypt all of the
affected files on your computer.
> IMPORTANT !
The password is unique to this infection.
Using an old password or one from another machine will result in corrupted files.
Corrupted files cannot be retrieved.
Don't fuck around.
4 ) Breathe.
_ _____ _______ _ ___ _ _ ____
| | |_ _\ \ / / ____| | | / _ \| \ | |/ ___|
| | | | \ \ / /| _| | | | | | | \| | | _
| |___ | | \ V / | |___ | |__| |_| | |\ | |_| |
|_____|___| \_/ |_____| |_____\___/|_| \_|\____|
_ _ _ ____ ____ ____ ___ ____ ____ _____ ____
/ \ | \ | | _ \ | _ \| _ \ / _ \/ ___|| _ \| ____| _ \
/ _ \ | \| | | | | | |_) | |_) | | | \___ \| |_) | _| | |_) |
/ ___ \| |\ | |_| | | __/| _ <| |_| |___) | __/| |___| _ <
/_/ \_\_| \_|____/ |_| |_| \_\\___/|____/|_| |_____|_| \_\
In my previous post “Pentestit Lab v10 – The Mail Token”, we attained usernames through Intelligence Gathering, brute forced the SMTP Service, attained login credentials, and scored our first token. Today we will take our first steps at compromising the Global Data Security website – which will include the following: