Table of contents
Re: Verizon's nixing some cell service in rural Montana has locals scared about emergenciesJohn Levine
Android Toast Overlay Attack: "Cloak and Dagger" with No PermissionsMonty Solomon
Re: RoboCaller now Showing Legitimate Numbers in CallerID Pete Cresswell
---------------------------------------------------------------------- Message-ID: <20170917095421.40087.qmail@ary.lan> Date: 17 Sep 2017 09:54:21 -0000 From: "John Levine" <johnl@iecc.com> Subject: Re: Verizon's nixing some cell service in rural Montana has locals scared about emergencies In article <20170917200317.GA31675@telecom.csail.mit.edu> you write: >By Kristen Inbody, Great Falls (Mont.) Tribune > >Some rural Montana residents are learning they'll soon be without cell >phone service after Verizon Wireless quietly informed them they're >dropping them. > >At issues are accounts that use too much data outside the network. > >https://www.usatoday.com/story/tech/2017/09/17/verizons-nixing-some-cell-service-rural-montana-has-locals-scared-emergencies/674986001/ A little digging finds a great deal of complexity here. The Verizon customers are using an obscure rural plan that roams on other carriers' towers, and the subsidy that VZ gets from the plan is way less than they're paying the other carriers. The obvious solution would be to sign up with the actual local providers that operate the local towers, but some reports say that the local providers aren't taking new customes. One of them is Mid-Rivers, whose website sure looks like they offer cell service to new customers. R's, John ------------------------------ Message-ID: <98D3B579-DEC3-4D13-9743-D9084434B169@roscom.com> Date: Sun, 17 Sep 2017 19:52:27 -0400 From: Monty Solomon <monty@roscom.com> Subject: Android Toast Overlay Attack: "Cloak and Dagger" with No Permissions Android Toast Overlay Attack: "Cloak and Dagger" with No Permissions Palo Alto Networks Unit 42 researchers have uncovered a high severity vulnerability in the Android overlay system, which allows a new Android overlay attack by using the "Toast type" overlay. All Android devices with OS version < 8.0 are affected by this vulnerability and patches are available as part of the September 2017 Android Security Bulletin. Android 8.0 was just released and is unaffected by this vulnerability. Because Android 8.0 is recent, this vulnerability affects nearly all Android devices currently in the market and users should apply updates as soon as possible. Overlay attacks permit an attacker to draw on top of other windows and apps running on the affected device. To launch such an attack, malware normally needs to request the "draw on top" permission. However, this newly discovered overlay attack does not require any specific permissions or conditions to be effective. Malware launching this attack does not need to possess the overlay permission or to be installed from Google Play. With this new overlay attack, malware can entice users to enable the Android Accessibility Service and grant the Device Administrator privilege or perform other dangerous actions. If these privileges are granted, a number of powerful attacks can be launched on the device, including stealing credentials, installing apps silently, and locking the device for the ransom. https://researchcenter.paloaltonetworks.com/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/ ------------------------------ Message-ID: <36vvrcl03tteuna4e44h214e4u6g75vsf8@4ax.com> Date: Mon, 18 Sep 2017 13:06:31 -0400 From: Pete Cresswell <PeteCress@invalid.telecom-digest.org> Subject: Re: RoboCaller now Showing Legitimate Numbers in CallerID Per Arnie Goetchius: >Starting about two weeks ago, some of the robo calls I receive are >showing real, working numbers. As a routine matter, I submit these >calls to nomorobo.com and they block any further calls from that >number for people who have subscribed to nomorobo. Unfortunately, >those working legitimate numbers are now blocked for anybody >subscribing to nomorobo. > >I'm not sure of the significance of this new practice by the scammers. I have been seeing this for quite a few months - chiefly on robocalls to my cell phone. Seems like a logical and inevitable progression towards all of us needing some sort of challenge/response or, like the Euro systems, charging the caller instead of the call-ee. -- Pete Cresswell ------------------------------ ********************************************* End of telecom Digest Tue, 19 Sep 2017

