35 Years of the Digest ... founded August 21, 1981
The Telecom Digest for Tue, 22 Aug 2017
Volume 36 : Issue 91 : "text" format

Table of contents
Centurylink to launch new fiber technologyEdward K
Bank-fraud malware hosted in Chrome Web Store was not detected by any AVMonty Solomon
Secret chips in replacement parts can completely hijack your phone's securityMonty Solomon
Cord cutting pricier than keeping cable, NY Post columnist findsNeal McLain
Re: Freedom from cable isn't freeBarry Margolin
---------------------------------------------------------------------- Message-ID: <20170818211123.GA10344@telecom.csail.mit.edu> Date: Fri, 18 Aug 2017 17:11:23 -0400 From: Edward K <anonymous@invalid.telecom-digest.net> Subject: Centurylink to launch new fiber technology CenturyLink trials virtual 10G-PON, sets next step of FTTP migration CenturyLink has begun a field trial of a virtualized 10G-PON solution, reflecting the service provider's move to begin virtualizing its last-mile FTTH access network. For the trial, CenturyLink is leveraging Adtran's virtualized OTL 10G-PON solution to create a simplified service delivery platform that can leverage a wide range of next-generation access technologies for wireline or mobile connectivity, accelerating the path to SD-Access. http://www.fiercetelecom.com/telecom/centurylink-dips-toe-virtual-10g-pon-sets-next-step-fttp-migration +--------------------------------------------------------------+ Edward K ***** Moderator's Note ***** This is the classic huff-n-puff PR piece, filled to overflowing with acronyms and breathless blue-sky pronouncements. Accoring to Wikipedia: NG-PON2 (Next-Generation Passive Optical Network 2) is a 2015 telecommunications network standard for a passive optical network (PON). The standard was developed by ITU and details an architecture capable of total network throughput of 40 Gbit/s, corresponding to up to 10 Gbit/s symmetric upstream/downstream speeds available at each subscriber. A passive optical network is a last mile, fibre-to-the-x telecommunications network that broadcasts data through fibre optic cables. PONs are managed by passive optics such as unpowered splitters and filters, offering high reliability and low cost compared to active networks. The PON data stream is generally converted to a more traditional service such as Ethernet and Wi-Fi at the subscriber's location. https://en.wikipedia.org/wiki/Passive_optical_network "OTL" might mean "Optical Transport Layer", or "Over The Line", or, for all I know, "Other Foolish Lies". You're welcome. Bill Horne Moderator ------------------------------ Message-ID: <218572C6-9ABE-469C-96D3-F655520F2874@roscom.com> Date: Fri, 18 Aug 2017 09:45:22 -0400 From: Monty Solomon <monty@roscom.com> Subject: Bank-fraud malware hosted in Chrome Web Store was not detected by any AV Bank-fraud malware not detected by any AV hosted in Chrome Web Store. Extension that surreptitiously steals bank passwords uploaded twice in 17 days. By Dan Goodin A researcher has uncovered an elaborate bank-fraud scam that's using a malicious extension in Google's Chrome Web Store to steal targets' passwords. Once installed, the Interface Online extension, uploaded at least twice in the past 17 days, surreptitiously monitors all connections made with the Chrome browser. When users visit specific pages programmed into the code, the extension activates a JavaScript routine that logs the user name and password entered into the form. The extension then uploads them to a server controlled by the attackers. This entry in the Google-owned Virus Total service reports the extension was not detected by any of the 58 most widely used anti-malware products at the time this post was going live. https://arstechnica.com/information-technology/2017/08/bank-fraud-malware-not-detected-by-any-av-hosted-in-chrome-web-store-twice/ ***** Moderator's Note ***** This is a social-engineering attack as much as it is a trojan horse. The article doesn't make clear if the Chrome app would run on cell phones, so I'm approving it. Bill Horne Moderator ------------------------------ Message-ID: <B5868716-B216-4106-B334-DB78396E2614@roscom.com> Date: Fri, 18 Aug 2017 09:23:45 -0400 From: Monty Solomon <monty@roscom.com> Subject: Secret chips in replacement parts can completely hijack your phone's security Secret chips in replacement parts can completely hijack your phone's security Booby-trapped touchscreens can log passwords, install malicious apps, and more. People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device. The concern arises from research that shows how replacement screens - one put into a Huawei Nexus 6P and the other into an LG G Pad 7.0 - can be used to surreptitiously log keyboard input and patterns, install malicious apps, and take pictures and e-mail them to the attacker. The booby-trapped screens also exploited operating system vulnerabilities that bypassed key security protections built into the phones. The malicious parts cost less than $10 and could easily be mass-produced. Most chilling of all, to most people, the booby-trapped parts could be indistinguishable from legitimate ones, a trait that could leave many service technicians unaware of the maliciousness. There would be no sign of tampering unless someone with a background in hardware disassembled the repaired phone and inspected it. https://arstechnica.com/information-technology/2017/08/a-repair-shop-could-completely-hack-your-phone-and-you-wouldnt-know-it/ ------------------------------ Message-ID: <c231e17e06aee58a5c531f71706d32bf.squirrel@email.fatcow.com> Date: Fri, 18 Aug 2017 15:10:36 -0500 From: "Neal McLain" <nmclain.remove-this@and-this-too.annsgarden.com> Subject: Cord cutting pricier than keeping cable, NY Post columnist finds By Daniel Frankel, FierceCable, Aug 18, 2017 Meeting TV programming needs and desires by assembling OTT services is now almost more expensive than paying a monthly bill for traditional pay TV, New York Post columnist Johnny Oleksinski is the latest to conclude. In his column headlined "Streaming TV is getting as bad as cable," Olekinski noted that combined subscriptions to HBO Now, Amazon Prime, Hulu and Netflix are taking a surprising toll on his bottom line. http://tinyurl.com/yayd2ju4 Neal McLain ------------------------------ Message-ID: <barmar-9D1A9F.13085418082017@88-209-239-213.giganet.hu> Date: Fri, 18 Aug 2017 13:08:54 -0400 From: Barry Margolin <barmar@alum.mit.edu> Subject: Re: Freedom from cable isn't free In article <68e7f294f90c2b7b5cc53738b8adb182.squirrel@email.fatcow.com>, "Neal McLain" <nmclain.remove-this@and-this-too.annsgarden.com> wrote: > In Message-ID: <F6E0C763-0733-40D4-A6AC-C69ABFC3C454@roscom.com > > Monty Solomon wrote: > > > Freedom from cable isn't free: Flood of streaming > > services will make cutting the cord more complicated. > > Disney's exit from Netflix to start its own video > > service is just the beginning. > Programmers may experiment with numerous distribution options - > bundling their programming with Netflix and other steaming > packagers, selling their programming to broadcast networks, selling > their programming directly to CATV, SatTV, and TelcoTV carriers, or > setting up their own internet distribution services - but in the end > they will always select the same choice: the option that maximizes > their bottom line. I've long said that the people who have been clamoring for a la carte cable options should be careful what they wish for. The profusion of different streaming services, at $8-10/mo for each of them, is precisely that. -- Barry Margolin, barmar@alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me *** ------------------------------ ********************************************* End of telecom Digest Tue, 22 Aug 2017

