Category Archives: Technology

Quote of the day—Brad Smith

Posted on by

As much as we appreciate the commitment and professionalism of so many dedicated public servants, it is apparent to us that the current state of information-sharing across the government is far from where it needs to be. It too often seems that federal agencies currently fail to act in a coordinated way or in accordance with a clearly defined national cybersecurity strategy. While parts of the federal government have been quick to seek input, information sharing with first responders in a position to act has been limited. During a cyber incident of national significance, we need to do more to prioritize the information-sharing and collaboration needed for swift and effective action. In many respects, we risk as a nation losing sight of some of the most important lessons identified by the 9/11 Commission.

One indicator of the current situation is reflected in the federal government’s insistence on restricting through its contracts our ability to let even one part of the federal government know what other part has been attacked. Instead of encouraging a “need to share,” this turns information sharing into a breach of contract. It literally has turned the 9/11 Commission’s recommendations upside down.

Brad Smith
December 17, 2020
A moment of reckoning: the need for a strong and global cybersecurity response
[Free markets have their faults. But if you want something really messed up then have a government do it. Why else do you think they are so good at war? You send your government to some other country and they mess up that country.—Joe]

Transparent aluminum

Posted on by

Interesting. I didn’t know transparent aluminum has been around since 1980. And I always thought it was science fiction in 1986:

Still, it’s very cool stuff. 1.6” (4 cm) can stop a .50 BMG AP round.

Quote of the day—Ida Auken

Posted on by

Welcome to the year 2030. Welcome to my city – or should I say, “our city”. I don’t own anything. I don’t own a car. I don’t own a house. I don’t own any appliances or any clothes.

It might seem odd to you, but it makes perfect sense for us in this city. Everything you considered a product, has now become a service. We have access to transportation, accommodation, food and all the things we need in our daily lives. One by one all these things became free, so it ended up not making sense for us to own much.

All in all, it is a good life. Much better than the path we were on, where it became so clear that we could not continue with the same model of growth. We had all these terrible things happening: lifestyle diseases, climate change, the refugee crisis, environmental degradation, completely congested cities, water pollution, air pollution, social unrest and unemployment. We lost way too many people before we realised that we could do things differently.

Ida Auken
November 11, 2016
Here’s how life could change in my city by the year 2030
[Auken also says:

Author’s note: Some people have read this blog as my utopia or dream of the future. It is not. It is a scenario showing where we could be heading – for better and for worse. I wrote this piece to start a discussion about some of the pros and cons of the current technological development. When we are dealing with the future, it is not enough to work with reports. We should start discussions in many new ways. This is the intention with this piece.

The “devil’s in the details” as they say. If you think about it just a little bit you realize it isn’t even possible. A few examples:

  • Auken’s statements are self contradictory. Everything is free? Then what is “employment” about then? They claim, “It is more like thinking-time, creation-time and development-time.” Do they get paid for this or not? If yes, then who are the consumers and do they pay for the products and/or services? If they don’t get paid, then what is their motivation to product a product and/or service someone is interesting in using?
  • They don’t explicitly say this but it’s implied that all the services are supplied by artificial-intelligence/robots. So what of crime control? Even if one were to concede there was no physical need for sustenance, shelter, entertainment, etc. there will be still be crimes of violence. Conflicts over relationships, insults, broken agreements, etc. Who pays for the cops, lawyers, judges, and prisons? Keep in mind that in a place where everything is free fines are meaningless.
  • Accommodations are not all equal. Who gets the penthouse overlooking the ocean and who gets the street view of the recycling center? They’re both free you know.
  • They don’t own anything, really? Not even clothes they say. Yet, I just demonstrated that a claim on quality of accommodations is going to occur. What about the dress they were married in? Or the food they ordered which just arrived from the robot pizza joint down the street? And what of the food they made themselves? Or the photographs they took, the art object they made, the diary they kept, or the book they wrote?

There will always be markets with sellers and buyers of property. They may be black markets in a time and place where thugs attempt to create a utopian world of free everything and equality for all, but markets will always exist.

Auken vision is not one of “for better or worse”. It’s one of reality or delusion.—Joe]

Dystopian plot point is reality

Posted on by

On a recent trip to Idaho I listened to the book Alongside Night (and from Audible):

It’s the near future and America is in trouble. Hyperinflation and disorder reign in the towns and cities of the nation.

Alongside Night tells the story of Elliot Vreeland, son of Nobel Prize-winning economist Dr. Martin Vreeland. When his family goes missing and while being shadowed by federal agents, Elliot, with the help of his mysterious companion Lorimer, explore the underground world of the Revolutionary Agorist Cadre to rescue them. It’s a story of romance, intrigue, action, adventure, and exhilarating science fiction thrills.

The original copyright is 1979. This explains the existence of phone booths in the book. One of the novel and interesting (to me) plot points was the existence of a special code certain government people could use to make phone calls even though communication services for the average person were shut down by the tyrannical government.

I didn’t realize it was created by President Kennedy by a Presidential Memorandum on August 21, 1963, was extended to wireless services, and still exists.

A security story

Posted on by

My job is computer security. My job, among other things, is to think like a bad guy and then prevent security breaches and/or catch them soon after they have begun executing their “kill chain”. Most people, even many very smart people, do not have the capacity to think like a bad guy. I have a real life story to illustrate.

Just because this is computer security don’t think this isn’t relevant to current events of a vital importance to the entire nation. I’ll tie all together before the end.

Please do not assume this happened at the company I work for. I have contacts with many other people in the security industry. We often share stories. Sometimes this story sharing is to warn others of how clever the bad guys are and how they succeeded or almost succeeded. Other times stories are shared about how mind bogglingly stupid and numerous some of the mistakes were in the implementation of a computer network system.

This story is about how stupid and numerous the mistakes were.

The type of business and other potentially identifying aspects of the story have been changed to protect the guilty. But the critical aspects of the story are true.

The company penetration testers were asked to test a tool used by customer facing employees. This tool allowed employees to assist the customers with their business with the company. It gave the employees access to personal information about the customer. The personal information access was required for the employee to do their job. The tool had been “released to production” months before the penetration testers (and apparently or other security professionals) took a look at things.

A simplified view of the tool architecture looked something like this:image

Database Servers A & B are the only servers applicable to the Customer Assist Tool. The other Database Servers are for other web applications unrelated to the Customer Assist Tool.

Everything from the Load Balancer up were Internet facing. It wasn’t originally designed that way. Originally everything seen in this diagram was inside the corporate network. But because of COVID they had “reasons” and they changed the design so employees working from home could easily access the Customer Assist Tool.

The Internet facing Customer Assist Tool required a company network username and password. The Load Balancer did not. The Load Balancer accepted connections from anyone on the Internet. The Database Servers did not require any security tokens or login. Anything coming from the Load Balancer was considered valid.

The penetration testers didn’t bother trying to do a brute force attack on the login to the Customer Assist tool. They connected directly to the Internet facing Load Balancer and sent queries to the Database Servers. If they knew just a tiny bit of unique public information about the customers, say an email address, phone number, street address, or Social Security Number, they could then get access to extremely personal information from the database.

The penetration testers sounded the ALL HANDS ON DECK alarm. The incident response people (IR) showed up.

The software developers (SDs) of the system were brought into the virtual room and told this is a really big problem. Except for biologically required breaks you’re not leaving the room until this is fixed.

SDs: “We don’t see why this is such a big deal. Someone would have to know the URL for the load balancer. And the only people that might know it are the users of the tool. And we don’t think very many, if any of them are smart enough to figure it out.”

IRs: <blink><blink> “The penetration testers figured it out. And the bad guys out there do this sort of stuff all the time. It’s how they make their money. I’m not going to waste our time explaining this to you. Fix the problem. NOW!”

The IRs then asked how far the logs go back, “You do have logs, right?” The software developers assured the IRs they had logs. The logs went back 90 days. There probably were a few days of missing traffic between when the system was released to production and the oldest log files but most of it was there.

IRs: “Okay, good. We can find out if there was actually any customer information lost.”
SDs: “Oh. You want logs for that? We just log activity at the Customer Assist Tool Web Application. The penetration testers, and any bad guy activity, won’t be in those logs.”
IRs: “Okay…. are there ANY log on the database servers?”

The SDs go looking and find there are generic web logs available that go back to the beginning of the release to production. The IRs looked at the logs for a few seconds and realized the IP addresses of all the requests are of the Load Balancer. There is no indication of the origin of the request. Requests from the Customer Assist Tool are indistinguishable from a request from anywhere else on the Internet.

What about load balancer logs? Maybe. But they don’t go back very far. And if they do exist, all the data is intermixed with the other web applications and other Database Servers.

Within a few hours the SDs have a fix.

IRs: “Tell me about your fix.”

SDs: “The login credentials of the employee used to login to the Customer Assist Tool are passed to the Database Server which validates the credentials before responding.”

IRs: “Okay, we should improve upon that, but maybe that will be good enough that we don’t have to shut down the application until a permanent fix is in place. But that’s a question for our VPs to discuss. Oh, by the way, how many employees do you have authorized to use this tool?”

SDs: “Uhhh… all company employees can use this tool.”

IRs: <blink><blink> “Everyone in the company? Really?” <IRs go to the tool and verify they have access>

SDs: “Yes. If someone improperly used the tool to gain access to customer information when they weren’t supposed to they could be caught and could lose their job. Therefore the customer information is safe from misuse.

IRs: <some facepalm><others bang their heads against the wall> “This is a large company. There are thousands of employees. Anyone on the Internet can find valid company credentials in five minutes or less. We disable hundreds of accounts per week as we find credentials on the web ourselves.”

SDs: <blink><blink>

The story goes on but the important part is that the SDs, not stupid people, made a ton of errors. These errors started with not getting a security professional in the room when they changed the design. The errors compounded dramatically from there.

They had a world view much different than the bad guys and the security professionals.Things which could not even be imagined by the SDs were child’s play to the penetration testers and the IRs.

Now to tie this to current events. Our recent election.

Several courts reviewing the lawsuits claiming foul play have concluded the election was fair and honest.or, at least, there was insufficient evidence of widespread fraud to change the results.

As seen in the story above there are failures modes which not only allow unauthorized access/fraud but make it impossible to determine if such access/fraud occurred. Furthermore, unless someone is experienced in thinking like a bad guy they can honestly believe everything is “fair and honest” and be completely, totally, catastrophically, wrong.

I trust the courts to know their profession. I don’t trust them with security issues. I trust them to accurately asses the integrity of our election far less than the SDs could accurately asses the security of their system. The system they designed and built.

The legal professionals of the court did not design or build the election system. They did not evaluate the security after the (supposedly) COVID inspired changes were made from the viewpoint of a security professional. The original election security features had evolved over hundreds of years and thousands of people poking at it, finding faults, and attempting to prevent future fraud and errors. In the span of a few months a few people made changes which did not go through nearly as rigorous review as the pre COVID system.

I don’t know with a 100% guarantee that sufficient fraud occurred to change the election results. I do know, with 100% certainty, that many people were highly motivated to commit fraud. I do know, with 100% certainly, that some fraud occurred. I’m nearly certain the system in use has issues which make it impossible to detect fraud after the fact.

The bottom line to this is that anyone who says the election was fair and honest because the courts say it was is either lying or placing their trust in a body of people that don’t know anywhere enough about security to make that call.

The Beirut Port explosion

Posted on by

As I have worked with Ammonium Nitrate both as a fertilizer and an explosive since I was about 10 years old I found this forensic analysis of the Beirut Port explosion quite interesting.

Facebook banishment

Posted on by

Last night I received a message from Barron:

Janelle and I just got permanently banned on FB. No possible appeal, no idea why.

And I mean at the same time. It was working for both of us this morning and then the traffic of me being gone started on the side channel. Janelle went to look and she was logged out and they said her account was disabled.

This is weird. It’s not like Barron and Janelle had followings which could change election outcomes. Nor were they advocating terrorist activities (although they do have three small boys which might be considered terrorists if you were sleep deprived and they were being particularly active).

So, what could be the motivation for their simultaneous banishment? I have to think it was some sort of political issue. But without additional data it’s tough to test that hypothesis.

It’s happening to others too.

This could get interesting

Posted on by

Original PDF here.

GruHackersWantedPoster

I have to wonder how many NSA people will be indicted by various countries in the next few months. Of course, to the best of my knowledge, the NSA didn’t let their “tools” go wild and take down critical infrastructure in multiple countries.

Common Barrel Thread References

Posted on by

From Silencer Shop:

One question that has always been a mainstay in our most-questions-asked category is whether a specific silencer will fit a specific gun. With threading looking similar, and acronyms being thrown around like hot tamales, we understand your plight. As the suppressor industry grows, it seems thread pitch options have too.

While some thread pitches are more popular than others due to military use or it being made common by specific firearm manufacturers, the last thing you want to happen is to finally get your suppressor in and realize that it doesn’t match up with your host firearm’s threading.

The list that we are providing you is to serve as a reference for quickly locating how your barrel may be threaded. Remember that factory barrel threadings and after market threadings aren’t always the same.

Details, which are kept up to date, are here.

Purple clouds

Posted on by

The Boomershoot web cam has been giving us purple clouds in the morning:P20061305071810

Very cool.

However, I suspect is something on the lens or perhaps a damaged sensor. There are purple spots in the upper corners even when there are no clouds:

P20062210091010

The Physics of Magnetic Monopoles

Posted on by

Via email from Boomershooter Mike T.

Very cool!

As the commenter Serious Söd6 said:

This is obviously a time lord talking about magic magnets.

Google invasion of privacy lawsuit

Posted on by

This will be interesting to see how it plays out:

Google was sued on Tuesday in a proposed class action accusing the internet search company of illegally invading the privacy of millions of users by pervasively tracking their internet use through browsers set in “private” mode.

The lawsuit seeks at least $5 billion, accusing the Alphabet Inc unit of collecting information about what people view online and where they do their browsing, despite using what Google calls Incognito mode.

It’s really, really tough to be anything close to truly anonymous on the Internet these days. You can get close enough for all practice purposes but it takes a lot of effort and a certain amount of skill.

I think it should be much easier and that Google is a huge part of the problem in achieving anonymity just further confirms my opinion that they are evil (also here and here).

I hope the lawsuit is widely successful and is applied, as needed, to other Internet privacy violators.

Truth

Posted on by

I was nearly finished with a 20 page paper (of sorts) on searching for bots in computer networks when I took a break and scanned the contents of my RSS feeds. This struck me as particularly timely and funny:

garbage_math_2x

As I told my boss last week I was disappointed in the algorithms used in what is considered “state of the art” tools. I actually found a strong inverse correlation in the “scoring” of network traffic of highly suspicious traffic compared to clearly normal traffic. The higher scoring traffic should indicate high probability of the traffic being communication with a Command and Control Server (C2 Server) and lower scores with normal traffic. I easily found instances where just the opposite was true.

When I used synthesized data I could get the expected scoring results but real world data demands new detection algorithms. It looks to me like bot builders also do research. Existing algorithms appear to be essentially garbage.

Quote of the day—Lee Enfield

Posted on by

The FGC-9 enables everyday people all around the world to build a 9mm semi-automatic firearm, from start to finish, using a 3D printer and commonly available, unregulated materials. It’s specifically designed to be accessible to folks with minimal gun building experience, and avoids using parts commonly or easily restricted by law in the US and Europe. Anyone can build it, and no one can stop it.

In case there was any doubt about the political ideology here, you should know that the ‘FGC’ in the ‘FGC-9’ stands for “fuck gun control”.

Lee Enfield
March 31, 2020
The FGC-9 Fulfills the Promise of 3D Printed Guns
[Things have come a long way:

It’s not going to make the anti-gun people give up the fight and become normal humans. They will, as is always the case, continue to lie and double down on their failing objectives.—Joe]

Quote of the day—Lisa Vaas

Posted on by

We would be remiss were we to not point out what has been demonstrated time and time again: that Big Data can be dissected, compared and contrasted to look for patterns from which to draw inferences about individuals. In other words, it’s not hard to re-identify people from anonymized records, be they records pertaining to location tracking, faceprints or, one imagines, anuses.

Lisa Vaas
April 8, 2020
As if the world couldn’t get any weirder, this AI toilet scans your anus to identify you
[It’s a lot like most encryption*. Data is only “anonymized” in the minds of those doing the anonymizing. The right people, with a big enough dataset, and enough CPU cycles can deanonymize/decrypt it.

So, other than the obvious embarrassment of having pictures of your anus being featured in the next big data security breach, what is the worst way this technology be abused?

It turns out that just like fingerprints and irises you can be uniquely identified by your anus. If all toilets were equipped with cameras and the data obtained by a totalitarian government it would becoming far more difficult to keep your location private. It would violate my Jews in the Attic Test.—Joe]

* There are exceptions. One-time-pads come to mind.

In forced quarantine

Posted on by

No. Not me. My phone.

Yesterday I noticed my phone wouldn’t lie flat. Odd. Upon further investigation I realized the battery was swelling. It’s a Galaxy S8 Active. The back doesn’t come off to allow you to replace the battery.

Rats! I don’t want to go out and buy a new phone now. I don’t want to have to move all my two factor authentication stuff to a new phone. It could take a full day to move to a new phone.

I looked on Amazon for a new phone and then decided to look for a battery anyway. Success! It includes tools and adhesive to take the phone apart and glue it back together. I ordered the battery.

But I need my phone for accessing things at work because of the two factor authentication. I can’t just put my phone in an old ammo can in the back yard to avoid explosion and fire hazards then run out there to check text messages every once in a while.

I made an indoor quarantine for it:

WP_20200325_12_21_02_Pro

The phone is inside two zip lock bags, on top of an old cookie-sheet, and surrounded by nearly 200 pounds of lead (and brass).

I pulled the phone out a few minutes ago to check something and the swelling has increased:

WP_20200325_12_25_23_Pro

The new battery is supposed to arrive in the next 45 minutes and the phone will then undergo battery replacement surgery.

Update: The battery has been replaced and the phone is functional. And it is in the process of being fully charged.

The battery replacement is not for the faint hearted. There were two electrical connecters which were the smallest I have ever seen. I put on my magnifying glasses to see many of the components I needed to manipulate. The adhesive replacement was a bit of a sticky problem (pun intended). They supplied two large strips that needed to be cut into six (or more) pieces. No instructions on how to use the adhesive.

Quote of the day—RyanSepe

Posted on by

All this awareness would make us liable. Without them its ignorance, if we hire them it becomes negligence and I prefer ignorance.

RyanSepe
February 28, 2020
Suggested caption to this cartoon:


[There is way too much truth in this.

Companies have finite resources. They have to prioritize their cyber security efforts. If something is documented as an active issue, or even a potential weakness, and they don’t address it in a timely manner they have legal liability issues to deal with as well as fixing the problem.

In the “big picture” view of things companies have a lot of motivation to “not put it in writing” until they have the resources to deal with it. On the other hand, if managers don’t show they have a backlog and are overworked they aren’t going to get the resources to fix things in a timely manner. I have more than a little sympathy for cyber security managers caught in this dilemma.

After illegal computer access incidents have been made public Barb sometimes tells me, “I wish they would just stop doing that!” I would be out of a job, but the world would be a better place. So much money is spent on security that from a big picture you see it as huge waste of human and even natural resources (millions of computers monitor and guard against intrusion as their sole purpose). Even when the criminals are caught (extremely rare) they will never have to pay for all the resources spent in finding them and bringing them to justice.

And, of course, it’s never going to happen. Some of these criminals do it for the “free” money. Others do it for the thrill. And some do because they are spies in search of information useful to their country. There are always going to be those type of people. The best we can do is find them, stop them, and prosecute them if we can build a case against them.—Joe]

Pushing the limits

Posted on by

I like pushing the limits in certain directions.

Recently I have been spending nearly every waking hour working on my Bird Dog software for work.* I’m dealing with information on billions of network connections. I extract the stuff of interest and present it in an way which makes it easier to find the wood slivers in the hay stack. After using all the algorithmic tricks available I started finding places to do more parallel processing.

It was with great satisfaction that I found that I pretty much continuously keep all eight logical processers at 100 percent when doing certain tasks:

Limits

Each one of those processors is over 1000 times more powerful than the single processer I had on my first personal computer. And just the Bird Dog executable would take up over 75% of the hard disk space on that computer. Never mind the O/S or the database software which wouldn’t fit on a dozen hard disks I was so proud of at the time I first purchased it. “I’ll never run out of room on this disk!”, I foolishly told myself.

I now routinely open up text files in Vim for review and/or editing that are 50 to 100 times larger than what that hard disk could contain.

I like living in the future.

* I received an email from the company patent team earlier this week. They told me they are pursuing a patent on Bird Dog. I think the existing invention disclosure is okay, but the next one will be AWESOME! I’m really excited about what is coming up next. It’s as if a decade or more of my life’s work is coming to a focus on this one thing. I’ll probably need a more powerful computer, or set of computers, though.

Boomershoot weather station upgrade

Posted on by

I have been having problems with the Boomershoot weather station since the first few hours daughter Kim and I installed it. The Hoarfrost accumulated overnight immobilized the wind sensors:

There were other problems as well. The communication between the “indoor” part of the unit and the outdoor sensors, above, was not reliable. I didn’t have a indoor environment for it. This indoor part uses an ethernet cable to connect to the Internet and a 900 MHz radio link to connect to the outdoor sensors. I put it in a plastic box that only barely protected it from direct exposure to the elements. And the insects, such as earwigs and yellow jackets made it their home:

Sometimes the connection would go down just an hour or so after I rebooted things, got it working, and was on my way home six hours away. And then there was the time it stopped recording rainfall. It turned out a bird had pooped in the rain gauge and plugged it up.

I tried moving the sensor closer to the Internet connection unit without improvement. Then when I visited just before Christmas I decided it was time to purchase a new weather station. The wind sensors were immobilized by freezing rain:

20191225_101011

I realize the manufacture is based in Arizona, but they are making a product intended to be used to measure weather conditions. It’s not like I installed this sensor in Barrow Alaska or something. Sure, this is a bit hostile, but it shouldn’t be unexpected to the designers.

Last weekend I installed a new weather station and made the “indoor” environment a little better.

It’s not really a coincidence that both the initial installation and this upgrade took place in January. There isn’t time to do it just before Boomershoot. And it’s easier to do it before the mud is so soft that you can’t easily walk across the ground. But the cold does make it a hardship. This year, compared to the initial installation, I was able to drive instead of snowshoeing in like last time, to the shooting line where we have the weather station… after I shoveled a path through berm in front of the driveway.

Before:

20200125_080822

After:

20200125_082815

To improve the environment for the “indoor” electronics I dug a pit and installed an underground box for the solar charged batteries, the charge controller, the 12V –> 24V switching power supply for the Wi-Fi connection, and the 12V –> 5V switching power supply for the ethernet switch and the weather station “indoor” electronics.

20200125_094608

It was just above freezing temperatures and frequently raining when I was working. Moving 130 pound batteries into the pit and connecting all the wires was less than fun. Notice the mud I was kneeling in to work on things:

20200126_124624

The end result looks pretty good. I insulated the lid and with the underground environment, some heat from the batteries and electronics, the temperature should be less extreme both in the summer as well as the winter.

20200125_162127

Here is the new outdoor sensor array:

20200126_124853Cropped

The spikes over the rain gauge are supposed to keep the birds from sitting on the edge and building nests in it. I don’t know that the wind sensors are more resistant to frost and freezing rain but I know the old one didn’t tolerate those conditions well.

It’s been almost a week now with no interruptions in service to the Boomershoot live web page.

When I was a boy…

Posted on by

A couple days ago a coworker was talking about things “the kids these days” wouldn’t recognize. One of the things he mentioned was rotary dial phones. Or even just desktop phones in general. These days a phone is a thin rectangular object you can put in your pocket and many young people would not make the connection between what they know as a phone and what a generation or two earlier knew as phones when they were growing up.

I one upped him by telling about the phones we had at the first two houses I remember living in. Here are those houses with me in front of the first house:

Here is the type of phone:

20191224_181348Cropped

This picture is from Christmas Eve about a month ago at brother Doug’s place. The phone from my childhood is in brother Gary’s house a hundred yards away from brother Doug. Until a few years ago the phones were connected and working. There is still a similar phone in the shop between the two houses. Sometime in the last couple of decades an underground wire broke and the Huffman phone network went down for the last time when it wasn’t worth the effort to find the break and fix it.

And as late as when I was in high school there were other phones of this type on our local phone network in my two grandmothers mobile homes which were also on the property.

One of the stories I told my coworker about these phones is that these type of phones were the only type phones available at our house until I was in the third grade. We upgraded to a rotary style phone.

Mom and dad thought the older phones worked just fine and objected to the price increase (it went from something like $3/month to $5/month). They did without a phone for a year in protest before getting a new phone. It was still a party line where you had different ring types to distinguish between calls to your phone and calls to your neighbor. Our ring with both the phone type you see above and the first rotary phone was three shorts. Later there were party line phones with band pass filters for the ring signals and unless your phone used an adjacent ring frequency and the filter wasn’t that good you couldn’t hear the incoming ring for your neighbor. But if the frequency was adjacent and the filter wasn’t doing its job you could hear some vibration from the ringer and maybe a anemic “ding” or two when the call was intended for your neighbor.