The Starling

I have a hard time believing that this story is true: it’s just too crazy – but the photos are good and hard to forge without more resources than your average internet prankster. So, here’s the tale as it was told to me…

There’s a company in the States that sells automatic car washers as a complete solution, including the washing system, cash box, installation of the building, etc. These are completely automated: you drive up, put your money into the machine, then drive through.

In any case; after the installation of a particular one of these machines, the owner noticed that the return from the machine was not so much as should be expected. Diagnostics were run and the cash processor seemed to be okay, so everybody was at a loss. The owner even went so far as to accuse the supplier’s staff of having keys to his cashbox, and returning to the scene to steal the money.

Eventually, at his wits end, the owner set up security cameras to try to catch the thief in the act. Here are some stills from the footage:

Starling on the coin return slot.
The first image. Yes, that’s a starling that’s just landed on the coin return slot.

Starling entering the coin return slot.
And there’s the starling, wriggling in to the coin return slot, where, presumably, it’s pushing it’s way up into the cash box through the return chute.

Starling with coins in beak, leaving the coin return slot.
The starling with some coins!

Starling wriggling free of the coin return slot.
The starling’s dropped a couple of coins, but is still wriggling to get free of the slot with it’s remaining prize.

Apparently, they later determined that it was not one, but several, birds who were robbing the car wash. Following them discovered a cache of loose change on the roof of the car wash and beneath an exposed root of a nearby tree.

So; what do you think – real or fake?

Physical Device Fingerprinting Over TCP

A PhD student in San Deigo has written a fascinating paper which will spook internet anonymity freaks – Remote Physical Device Fingerprinting – which describes how a physical computer can be uniquely identified on the internet, regardless of operating system, IP address, or data sent, just by looking carefully at it’s TCP packets (which contain the data for a large amount – perhaps a majority – of the internet’s traffic, including all web and e-mail traffic).

The technique works by observing the deviation in the timestamps sent (in accordance with the widely-adopted RFC 1323: TCP Extensions for High Performance, specified back in 1992). Each computer’s hardware clock is made from a separate piece of quartz, and each quartz crystal is unique in it’s imperfections. By measuring these imperfections across the internet, it’s possible (with enough sample data) to identify a computer individually, which has implications both good (computer forensics) and bad (anonymity).

The paper itself [PDF] is well worth reading. And, for those that are paranoid about their anonymity online, here’s how to “turn off” this feature of TCP for Windows 2000, Windows XP, and Linux:

  • Windows 2000/XP – Run RegEdit; navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters; add (or edit, if already present) the DWORD “Tcp1323Opts” to 1. This disables TCP timestamps, but leaves Window Scaling (a really useful TCP/IP enhancement) enabled.
  • Linuxecho 0 > /proc/sys/net/ipv4/tcp_timestamps

Of course, the absence of timestamps from your machine may, if you’re in a small enough sample group, single you out even more, but at least you’re not globally unique any more; which from an anonymity perspective is a really good thing.