36 Years of the Digest ... founded August 21, 1981
Copyright © 2017 E. William Horne. All Rights Reserved.

The Telecom Digest for Sat, 24 Feb 2018
Volume 37 : Issue 45 : "text" format

Table of contents
PTR CNAME (was Re: Threat from AT&T to pull my plug)Barry Margolin
The Car of the Future Will Sell Your DataMonty Solomon
The Myth of the Hacker-Proof Voting MachineMonty Solomon
Re: Threat from AT&T to pull my plugbob prohaska
CenturyLink steals AT&T's Ethernet crown following Level 3 acquisitionBill Horne
Car companies are preparing to sell driver data to the highest bidder Monty Solomon
How a fight over Star Wars download codes could reshape copyright lawMonty Solomon
One-stop counterfeit certificate shops for all your malware–signing needsMonty Solomon
Re: Threat from AT&T to pull my plugbob prohaska
Windows Phone 7 and 8.0 devices will no longer receive push notificationsMonty Solomon
---------------------------------------------------------------------- Message-ID: <barmar-C7DA06.13312022022018@reader.eternal-september.org> Date: Thu, 22 Feb 2018 13:31:24 -0500 From: Barry Margolin <barmar@alum.mit.edu> Subject: PTR CNAME (was Re: Threat from AT&T to pull my plug) In article <p6id1s$jj$1@news.albasani.net>, bob prohaska <bp@www.zefox.net> wrote: > ... so, I'm curious why there's a "CNAME" for a PTR record: I've never > seen one before. This is RFC 2317 classless IN-ADDR.PTR delegation. It's been around for 2 decades. - - Barry Margolin, barmar@alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me *** ***** Moderator's Note ***** That's nice to know: I've been back in the tip-and-ring business for a few years, and I'm out-of-date. I've got to learn about SPF records and DKIM first, but I'll read the RFC and get up to speed. Bill -- Bill Horne Moderator ------------------------------ Message-ID: <02E9FA80-29F7-4C6F-A92B-630E4BE7220F@roscom.com> Date: Tue, 20 Feb 2018 09:36:30 -0500 From: Monty Solomon <monty@roscom.com> Subject: The Car of the Future Will Sell Your Data The Car of the Future Will Sell Your Data By Gabrielle Coppola and David Welch As smarter vehicles become troves of personal information, get ready for coupon offers at the next stoplight. Picture this: You're driving home from work, contemplating what to make for dinner, and as you idle at a red light near your neighborhood pizzeria, an ad offering $5 off a pepperoni pie pops up on your dashboard screen. Are you annoyed that your car's trying to sell you something, or pleasantly persuaded? Telenav Inc., a company developing in-car advertising software, is betting you won't mind much. Car companies - looking to earn some extra money - hope so, too. https://www.bloomberg.com/news/articles/2018-02-20/the-car-of-the-future-will-sell-your-data ***** Moderator's Note ***** If this happens, automakers and their vendors will wind up with a bad taste in their mouths: drivers will quickly deduce that those paying for the ads might also be paying to have the GPS data modified to route traffic past their stores. Bill Horne Moderator ------------------------------ Message-ID: <6A1F37E5-C802-4731-AA49-67A91E3AD335@roscom.com> Date: Fri, 23 Feb 2018 01:45:20 -0500 From: Monty Solomon <monty@roscom.com> Subject: The Myth of the Hacker-Proof Voting Machine Election officials have insisted that machines can't be remotely compromised because they're not "connected to the Internet." But security experts point out crucial ways in which they are. In 2011, the election board in Pennsylvania's Venango County - a largely rural county in the northwest part of the state - asked David A. Eckhardt, a computer science professor at Carnegie Mellon University, to examine its voting systems. In municipal and state primaries that year, a few voters had reported problems with machines "flipping" votes; that is, when these voters touched the screen to choose a candidate, the screen showed a different candidate selected. Errors like this are especially troubling in counties like Venango, which uses touch-screen voting machines that have no backup paper trail; once a voter casts a digital ballot, if the machine misrecords the vote because of error or maliciousness, there's little chance the mistake will be detected. Eckhardt and his colleagues concluded that the problem with the machines, made by Election Systems & Software (ES&S), was likely a simple calibration error. But the experts were alarmed by something else they discovered. Examining the election-management computer at the county's office - the machine used to tally official election results and, in many counties, to program voting machines - they found that remote-access software had been installed on it. https://www.nytimes.com/2018/02/21/magazine/the-myth-of-the-hacker-proof-voting-machine.html ***** Moderator's Note ***** Electronic vote-taking is the new "wild west" of the electronic world, with well-healed companies that have political connections and influence rushing poorly documented and insecure software into production to grab a share of a very lucrative market. In one case I saw reported, Computer Science professionals who had been given access to one vendor's software were astonished at the lack of routine protections and accountability tools, in an application that could corrupt the very idea of democracy. Which brings up an interesting question: does anyone else ever wonder whether George W. Bush's daddy had a backdoor into the voting machines used in Ohio? Bill Horne Moderator ------------------------------ Message-ID: <p6mv91$3vh$1@news.albasani.net> Date: Thu, 22 Feb 2018 17:39:45 +0000 (UTC) From: bob prohaska <bp@www.zefox.net> Subject: Re: Threat from AT&T to pull my plug bob prohaska <bp@www.zefox.net> wrote: > Just opened a letter claimed to come from AT&T stating in part: > > It's important that you call us at 877 377 1686 before 3/25/2018 to > set up an appointment to move your service and ensure your service > isn't interrupted when we transition customers in your area within > the next 45 days!". [mod snip] It turns out this isn't new, AT&T has been doing this for several years, under the guise of "upgrading" their hardware. I spoke with a local ISP who provides DSL over AT&T POTS lines. They say there's no indication copper service is going away. However, I gather there's nothing to keep AT&T from discontinuing DSL service. That means I can keep POTS but will have to pay another ISP for DSL service, which looks ~30% more expensive and will change my IP numbers. Which leads into: > > ***** Moderator's Note ***** > > Bob, I'm very curious about your DNS entries: here's the > output of a PTR query that I just made. > > moderator@telecom:~$ dig -t PTR -x 69.239.235.194 > > ; <<>> DiG 9.9.5-3ubuntu0.17-Ubuntu <<>> -t PTR -x 69.239.235.194 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3229 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;194.235.239.69.in-addr.arpa. IN PTR > > ;; ANSWER SECTION: > 194.235.239.69.in-addr.arpa. 7187 IN CNAME 194.192.235.239.69.in-addr.arpa. > 194.192.235.239.69.in-addr.arpa. 3600 IN PTR www.zefox.net. > > ;; AUTHORITY SECTION: > 192.235.239.69.in-addr.arpa. 3600 IN NS ns1.zefox.net. > 192.235.239.69.in-addr.arpa. 3600 IN NS ns2.pbi.net. > 192.235.239.69.in-addr.arpa. 3600 IN NS ns1.pbi.net. > 192.235.239.69.in-addr.arpa. 3600 IN NS ns2.zefox.net. > > ;; Query time: 4136 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Wed Feb 21 21:42:03 EST 2018 > ;; MSG SIZE rcvd: 181 > > +--------------------------------------------------------------+ > > ... so, I'm curious why there's a "CNAME" for a PTR record: I've never > seen one before. > > > Bill Horne > Moderator I think the CNAME is coming from my ISP, AT&T. It isn't found in my /usr/local/etc/namedb/* files. It's always troubled me how somebody wanting to reverse search, say 69.239.235.194 figures out the correct inverse name to query without knowing it's part of a /29 network. The ISP sets the netbock boundaries, so it makes sense if they're the ones to answer the query. My guess (if I'm wrong please point it out!) is that the ISP transfers the forward zones and manufactures reverse zones to match. Near as I can tell ISPs are responsible for correct reverse lookups and registrants are responsible for forward lookups Since there's some risk I'll have to reconfigure my nameservers if forced to change netblock I'd be grateful for any further enlightenment. Thanks for reading! bob prohaska ***** Moderator's Note ***** I don't know if I can provide any enlightenment: the "zefox" domain went to a website that says only "It Works!", so I decided to dig (pun intended) around. My only experience with fixed IP's from mega-ISPs is with those provided by Comcast: they supplied a /30 in the 10.0.0.0 range given for detached networks in RFC1918, and mapped it to the actual IP somewhere in their cloud. That was, of course, for a single IP: I assume they would just supply a larger subnet for multiple IPs, but I hadn't know that AT&T used "public" IP numbers for this purpose. Bill -- Bill Horne Moderator ------------------------------ Message-ID: <20180224055723.GA1880@telecom.csail.mit.edu> Date: Sat, 24 Feb 2018 00:57:23 -0500 From: Bill Horne <bill@horneQRM.net> Subject: CenturyLink steals AT&T's Ethernet crown following Level 3 acquisition by Sean Buckley CenturyLink has overtaken AT&T's nearly 13-year reign as the top domestic Ethernet provider in the United States, a feat it achieved by completing its acquisition of Level 3 Communications. The telco's rank move, according to Vertical Systems Group's year-end 2017 U.S. Ethernet "Leaderboard", was also a function of continued growth in Ethernet ports for both companies. Earlier, Level 3 ranked second to AT&T and CenturyLink ranked fifth on the Mid-2017 U.S. Ethernet [rankings]. https://www.fiercetelecom.com/telecom/centurylink-s-steals-at-t-s-top-ethernet-crown-following-level-3-acquisition -- Bill Horne (Remove QRM from my email address to write to me directly) ------------------------------ Message-ID: <592EEC54-D48C-4E48-94C4-2A662EA08A98@roscom.com> Date: Fri, 23 Feb 2018 18:19:08 -0500 From: Monty Solomon <monty@roscom.com> Subject: Car companies are preparing to sell driver data to the highest bidder Car companies are preparing to sell driver data to the highest bidder Connected cars are going to monetize data, but most drivers don't know that. By Jonathan M. Gitlin The confluence of the technology and automotive industries has given us "Mobility." It's not a great name, conjuring images of people riding rascal scooters in big box stores or those weird blue invalid carriages that the government handed out in the UK back in the last century. But in this case, it's meant as a catch-all to cover a few related trends: autonomous driving, ride-hailing, and connected cars. The last of these is what I'm here to discuss today. Specifically, the results of a pair of surveys: one that looks at consumer attitudes and awareness of connected cars and another that polled industry people. https://arstechnica.com/cars/2018/02/no-one-has-a-clue-whats-happening-with-their-connected-cars-data/ ------------------------------ Message-ID: <4873EA51-1F43-40C5-AF31-D93D6C3BAC8A@roscom.com> Date: Fri, 23 Feb 2018 20:26:14 -0500 From: Monty Solomon <monty@roscom.com> Subject: How a fight over Star Wars download codes could reshape copyright law How a fight over Star Wars download codes could reshape copyright law Legal scholar says Redbox's win over Disney is an "atomic bomb of a finding." By Timothy B. Lee A federal judge in California has rejected Disney's effort to stop Redbox from reselling download codes of popular Disney titles like Frozen, Beauty and the Beast, and the latest Star Wars movies. Judge Dean Pregerson's Tuesday ruling invoked the little-used doctrine of copyright misuse, which holds that a copyright holder loses the right to enforce a copyright if the copyright is being abused. Pregerson faulted Disney for tying digital download codes to physical ownership of discs, a practice that he argued ran afoul of copyright's first sale doctrine, which guarantees customers the right to resell used DVDs. https://arstechnica.com/tech-policy/2018/02/judge-slaps-down-disney-effort-to-stop-resale-of-star-wars-download-codes/ ------------------------------ Message-ID: <C8E254E3-6666-47B0-9CFD-27E165771F12@roscom.com> Date: Fri, 23 Feb 2018 20:26:17 -0500 From: Monty Solomon <monty@roscom.com> Subject: One-stop counterfeit certificate shops for all your malware-signing needs One-stop counterfeit certificate shops for all your malware-signing needs Certificates registered in names of real corporations are surprisingly easy to come by. The Stuxnet worm that targeted Iran's nuclear program almost a decade ago was a watershed piece of malware for a variety of reasons. Chief among them, its use of cryptographic certificates belonging to legitimate companies to falsely vouch for the trustworthiness of the malware. Last year, we learned that fraudulently signed malware was more widespread than previously believed. On Thursday, researchers unveiled one possible reason: underground services that since 2011 have sold counterfeit signing credentials that are unique to each buyer. In many cases, the certificates are required to install software on Windows and macOS computers, while in others, they prevent the OSes from displaying warnings that the software comes from an untrusted developer. The certificates also increase the chances that antivirus programs won't flag previously unseen files as malicious. A report published by threat intelligence provider Recorded Future said that starting last year, researchers saw a sudden increase in fraudulent certificates issued by browser- and operating system-trusted providers that were being used to sign malicious wares. The spike drove Recorded Future researchers to investigate the cause. What they found was surprising. https://arstechnica.com/information-technology/2018/02/counterfeit-certificates-sold-online-make-digitally-signed-malware-a-snap/ ------------------------------ Message-ID: <p6qb4k$31b$1@news.albasani.net> Date: Sat, 24 Feb 2018 00:20:37 +0000 (UTC) From: bob prohaska <bp@www.zefox.net> Subject: Re: Threat from AT&T to pull my plug > ***** Moderator's Note ***** > > I don't know if I can provide any enlightenment: the "zefox" domain > went to a website that says only "It Works!", so I decided to dig (pun > intended) around. That's a setup artifact, left in place to impede blind bots. If the bot understand ~username it'll find something to look at. > My only experience with fixed IP's from mega-ISPs is with those > provided by Comcast: they supplied a /30 in the 10.0.0.0 range given > for detached netwroks in RFC1918, and mapped it to the actual IP > somewhere in their cloud. That was, of course, for a single IP: I > assume they would just supply a larger subnet for multiple IPs, but > I hadn't know that AT&T used "public" IP numbers for this purpose. Last I checked cable companies generally discourage the running of servers. Did you have a public address by which folks could connect to your machines? Thanks for reading, bob prohaska ------------------------------ Message-ID: <73B078AE-482E-4F33-A6A5-A815FB23AE98@roscom.com> Date: Mon, 19 Feb 2018 14:46:53 -0500 From: Monty Solomon <monty@roscom.com> Subject: Windows Phone 7 and 8.0 devices will no longer receive p= ush notifications Windows Phone 7 and 8.0 devices will no longer receive push notifications By Shannon Liao Microsoft is ending support for mobile push notifications on its Windows Phone 7 and 8 software by February 20th. Devices on Windows Phone 7.5 and 8.0 will no longer receive notifications. They will also lose the useful live tile updates that displayed information at a glance, and users will no longer be able to locate devices with the "find my phone" feature. Those phones were initially released to the public in 2011 and 2012, respectively. It's yet another nail in the coffin for Windows Phone. Microsoft announced in October that it would stop developing new features or hardware for Windows 10 Mobile. Even before Microsoft admitted it, the mobile operating system had pretty much been dead for a year, as it showed dismal market share numbers through 2016 and plummeted to a mere 0.1 percent of the market by Q1 of 2017, according to IDC. https://www.theverge.com/2018/2/19/17027562/microsoft-windows-phone-push-notifications ------------------------------ ********************************************* End of telecom Digest Sat, 24 Feb 2018

Telecom Digest Archives