The Telecom Digest for May 11, 2010
Volume 29 : Issue 129 : "text" Format
Messages in this Issue:
New attack bypasses virtually all AV protection (Monty Solomon)
Facebook's Gone Rogue; It's Time for an Open Alternative (Monty Solomon)
Re: Phone number helped track terror suspect (Adam H. Kerman)
====== 28 years of TELECOM Digest -- Founded August 21, 1981 ======
Telecom and VOIP (Voice over Internet Protocol) Digest for the
Internet. All contents here are copyrighted by Patrick Townson and
the individual writers/correspondents. Articles may be used in other
journals or newsgroups, provided the writer's name and the Digest are
included in the fair use quote. By using -any name or email address-
included herein for -any- reason other than responding to an article
herein, you agree to pay a hundred dollars to the recipients of the
Addresses herein are not to be added to any mailing list, nor to be
sold or given away without explicit written consent. Chain letters,
viruses, porn, spam, and miscellaneous junk are definitely unwelcome.
We must fight spam for the same reason we fight crime: not because we
are naive enough to believe that we will ever stamp it out, but because
we do not want the kind of world that results when no one stands
against crime. Geoffrey Welsh
See the bottom of this issue for subscription and archive details
and the name of our lawyer, and other stuff of interest.
Date: Sun, 9 May 2010 23:20:20 -0400
From: Monty Solomon <email@example.com>
Subject: New attack bypasses virtually all AV protection
New attack bypasses virtually all AV protection
Bait, switch, exploit!
By Dan Goodin in San Francisco
Posted in Security, 7th May 2010 18:17 GMT
Researchers say they've devised a way to bypass protections built in
to dozens of the most popular desktop anti-virus products, including
those offered by McAfee, Trend Micro, AVG, and BitDefender.
The method, developed by software security researchers at
matousec.com (http://www.matousec.com/), works by exploiting the
driver hooks the anti-virus programs bury deep inside the Windows
operating system. In essence, it works by sending them a sample of
benign code that passes their security checks and then, before it's
executed, swaps it out with a malicious payload.
The exploit has to be timed just right so the benign code isn't
switched too soon or too late. But for systems running on multicore
processors, matousec's "argument-switch" attack is fairly reliable
because one thread is often unable to keep track of other
simultaneously running threads. As a result, the vast majority of
malware protection offered for Windows PCs can be tricked into
allowing malicious code that under normal conditions would be blocked.
Date: Mon, 10 May 2010 00:35:50 -0400
From: Monty Solomon <firstname.lastname@example.org>
Subject: Facebook's Gone Rogue; It's Time for an Open Alternative
Facebook's Gone Rogue; It's Time for an Open Alternative
By Ryan Singel
May 7, 2010
Facebook has gone rogue, drunk on founder Mark Zuckerberg's dreams of
world domination. It's time the rest of the web ecosystem recognizes
this and works to replace it with something open and distributed.
Facebook used to be a place to share photos and thoughts with friends
and family and maybe play a few stupid games that let you pretend you
were a mafia don or a homesteader. It became a very useful way to
connect with your friends, long-lost friends and family members. Even
if you didn't really want to keep up with them.
Soon everybody - including your uncle Louie and that guy you hated
from your last job - had a profile.
And Facebook realized it owned the network.
Then Facebook decided to turn "your" profile page into your identity
online - figuring, rightly, that there's money and power in being the
place where people define themselves. But to do that, the folks at
Facebook had to make sure that the information you give it was public.
So in December, with the help of newly hired Beltway privacy experts,
it reneged on its privacy promises and made much of your profile
information public by default. That includes the city that you live
in, your name, your photo, the names of your friends and the causes
you've signed onto.
This spring Facebook took that even further. All the items you list
as things you like must become public and linked to public profile
pages. If you don't want them linked and made public, then you don't
get them - though Facebook nicely hangs onto them in its database in
order to let advertisers target you.
This includes your music preferences, employment information, reading
preferences, schools, etc. All the things that make up your profile.
They all must be public - and linked to public pages for each of
those bits of info - or you don't get them at all. That's hardly a
choice, and the whole system is maddeningly complex.
***** Moderator's Note *****
ObTelecom: What if Google voice follows a similar path?
Date: Mon, 10 May 2010 21:16:41 +0000 (UTC)
From: "Adam H. Kerman" <email@example.com>
Subject: Re: Phone number helped track terror suspect
Gary <firstname.lastname@example.org> wrote:
>"jch" <email@example.com> wrote:
>>Isn't it great how the NY Times tells future bombers how not to get
>>caught next time. What's with that anyway. Why are key details
>>made available so they can be published?
>I don't think the NYT did anything wrong here. The guy gave his phone
>number to a government agency and then 3 months later used it to call people
>in Pakistan. Anybody with half a clue should have been able to figure out
>that wasn't such a smart idea. Heck, shows and movies like "24" and "The
>Bourne XXX" show you more about how to avoid detection than the NYT
>Mythbusters recently had a show where they demostrated what it takes to blow
>up a propane tank (a lot, actually). They were trying to see if they could
>turn the tank into a rocket (no), but the show could serve as a lesson on
>how to make one go boom. Should we censor them, too?
When I was at university, the student newspaper published a method that
student library employees were using to steal library books. Quite frankly,
the method was somewhat obvious if anything thought about it and didn't
require that one be a library employee. I was rather annoyed each time
I couldn't find certain books in the stacks that I needed for papers
and wondered if they were stolen based on the method described in the
I don't think newspapers and books turn people into criminals, but yes, I
do think that those who are so inclined may learn from what they read. No,
that doesn't make newspaper publishers and authors accomplises.
TELECOM Digest is an electronic journal devoted mostly to telecom-
munications topics. It is circulated anywhere there is email, in
addition to Usenet, where it appears as the moderated newsgroup
TELECOM Digest is a not-for-profit, mostly non-commercial educational
service offered to the Internet by Bill Horne. All the contents
of the Digest are compilation-copyrighted. You may reprint articles in
some other media on an occasional basis, but please attribute my work
and that of the original author.
The Telecom Digest is moderated by Bill Horne.
Contact information: Bill Horne
43 Deerfield Road
Sharon MA 02067-2301
bill at horne dot net
Subscribe: firstname.lastname@example.org?body=subscribe telecom
Unsubscribe: email@example.com?body=unsubscribe telecom
This Digest is the oldest continuing e-journal about telecomm-
unications on the Internet, having been founded in August, 1981 and
published continuously since then. Our archives are available for
your review/research. We believe we are the oldest e-zine/mailing list
on the internet in any category!
URL information: http://telecom-digest.org
Copyright (C) 2009 TELECOM Digest. All rights reserved.
Our attorney is Bill Levant, of Blue Bell, PA.
Finally, the Digest is funded by gifts from generous readers such as
yourself who provide funding in amounts deemed appropriate. Your help
is important and appreciated. A suggested donation of fifty dollars
per year per reader is considered appropriate. See our address above.
Please make at least a single donation to cover the cost of processing
your name to the mailing list.
All opinions expressed herein are deemed to be those of the
author. Any organizations listed are for identification purposes only
and messages should not be considered any official expression by the
End of The Telecom Digest (3 messages)