30 Years of the Digest ... founded August 21, 1981
The Telecom Digest for December 1, 2011
====== 30 years of TELECOM Digest -- Founded August 21, 1981 ======
Telecom and VOIP (Voice over Internet Protocol) Digest for the
Internet. All contents here are copyrighted by Bill Horne and
the individual writers/correspondents. Articles may be used in other
journals or newsgroups, provided the writer's name and the Digest are
included in the fair use quote. By using any name or email address
included herein for any reason other than responding to an article
herein, you agree to pay a hundred dollars to that person, or email address
Addresses herein are not to be added to any mailing list, nor to be sold or given away without the explicit written consent of the owner of that address. Chain letters, viruses, porn, spam, and miscellaneous junk are definitely unwelcome.
We must fight spam for the same reason we fight crime: not because we are naive enough to believe that we will ever stamp it out, but because we do not want the kind of world that results when no one stands against crime. - Geoffrey Welsh
See the bottom of this issue for subscription and archive details and the name of our lawyer, and other stuff of interest.
Date: Wed, 30 Nov 2011 10:14:51 -0500 From: Pete Cresswell <email@example.com> To: firstname.lastname@example.org. Subject: Re: Pending legislation would allow robot calls to cell phones Message-ID: <email@example.com> Per HAncock4: > This bill apparently will allow sales calls to go to cell phones. > As a low use cell phone user who still pays a la carte usage > charges, I am naturally very upset at this proposal. +1 - and, in spite of the obvious negative effects on a small business operator who gets calls from customers, I am coming around to the view expressed by others that "Caller Pays" would solve the telemarketing problem. -- PeteCresswell
Date: Wed, 30 Nov 2011 18:23:51 +1100 From: David Clayton <firstname.lastname@example.org> To: email@example.com. Subject: Re: Re.: Cell phones: more texting, less talking? Message-ID: <firstname.lastname@example.org> On Mon, 28 Nov 2011 07:50:56 -0500, John Stahl wrote: > On November 27, 2011, "HAncock4" wrote: > >> On the commuter train on Saturday I noticed it was quieter than usual. >> Typically on a weekend many passengers, especially the younger ones, are >> yakking away on their cell phones making the train rather noisy. >> (That's why some railroads have introduced "quiet cars", though not on >> weekends). Anyway, I did notice a number of passengers 'thumbing away', >> that is, apparently sending and receiving text messages. > > Isn't it amazing how human beings (is it at a certain age level - or > should I ask is it "up to" a certain age level) have become so non-verbal > in their inter-personal communications? .......... Yeah, I noticed that about 10 years ago when e-mail was the "bee's knees" of electronic communication of that time. -- Regards, David. David Clayton Melbourne, Victoria, Australia. Knowledge is a measure of how many answers you have, intelligence is a measure of how many questions you have.
Date: Tue, 29 Nov 2011 23:42:05 -0500 From: Monty Solomon <email@example.com> To: firstname.lastname@example.org. Subject: Security flaw in Apache could allow attackers into internal networks Message-ID: <email@example.com> Security flaw in Apache could allow attackers into internal networks By Sean Gallagher Ars Technica A newly discovered flaw in Apache web servers could allow attackers to use servers configured as "reverse proxies" to gain access to or attack systems hidden from public view. The bug in Apache's reverse proxy mode only affects servers that have been configured incorrectly, but that error isn't an obvious one, since it doesn't interfere with normal operations. The flaw could be used by attackers to reach Web-enabled resources on other servers connected to the same network as the proxy. Reverse proxies are Web servers configured to pass Web requests to other servers or resources transparently, providing access to resources on an internal network to Web users while making it appear that they reside on the server being accessed. They can be used to provide load balancing of requests to back-end applications, spreading requests out across multiple hidden servers, or as a way to protect potentially vulnerable Web applications from attack. ... http://arstechnica.com/tech-policy/news/2011/11/security-flaw-in-apache-could-allow-attackers-into-internal-networks.ars
Date: Tue, 29 Nov 2011 23:41:05 -0500 From: Monty Solomon <firstname.lastname@example.org> To: email@example.com. Subject: Researchers claim HP printers can be remotely controlled by hackers Message-ID: <firstname.lastname@example.org> HP printers can be remotely controlled and set on fire, researchers claim (updated) By Jon Brodkin Ars Technica Security researchers at Columbia University have accused HP of selling printers with a flaw that could let hackers gain remote control over the devices. Once compromised, the access can be used to steal personal information, attack networks, and even set printers on fire by feeding them a continuous stream of instructions designed to heat them up. The researchers, funded by government and industry grants, reported the flaw to federal officials and HP this month, and gave a demonstration to MSNBC, which has an extensive article on the subject today. HP told MSNBC that it is reviewing the details, but denied that the problem is as extensive as claimed by Columbia PhD student Ang Cui and Professor Salvatore Stolfo. ... http://arstechnica.com/business/news/2011/11/hp-printers-can-be-remotely-controlled-and-set-on-fire-researchers-claim.ars
Date: 30 Nov 2011 19:49:26 GMT From: Doug McIntyre <email@example.com> To: firstname.lastname@example.org. Subject: Re: MSNBC/NYT: Caller ID Forging Message-ID: <email@example.com> "Geoffrey Welsh" <firstname.lastname@example.org> writes: >r.e.d. wrote: >> Can someone point to technical articles/references/etc. giving >> details about how various methods of caller-id spoofing work? >... The obvious way to stop that abuse would be for >the telco switches to verify that the number provided was associated with >the trunk in question; Most CLECs I have encounted lately do this filtering automatically. For instance, on my PRI trunks, I can not send out a CLID number that is not in my range of DIDs, whereas I could with the old ILEC trunks on the same gear. When shopping around for trunks for my customers, I couldn't find a CLEC that wouldn't not filter without going through a lot of hoops. The ILEC was clueless on the question, but since they are dinosaurs, their position may not have changed. But that doesn't discount the bazillions of existing PRI trunks in existance without the filtering. The LECs don't go around proactively doing more filtering in fear of breaking things. >I'm not sure if the proliferation of VoIP has created new mechanisms for >caller ID forging; I hope someone familiar with the topic can comment. Yep, VoIP systems can pass the CLID data along to be presented in a side channel, and depending on the provider, can be pushed out and sent along in the PSTN as the normal signalling upon normal call delivery. Not all providers support such, and even less filter based on the VoIP trunk DID ranges. Some other VoIP providers even provide a webpage to set your outbound CLID data for your line.
Date: Wed, 30 Nov 2011 13:51:26 -0500 (EST) From: danny burstein <email@example.com> To: firstname.lastname@example.org. Subject: FCC removes report on AT&T/T-Mobile merger - Looking for original Message-ID: <Pine.NEB.email@example.com> - forwarding over as the original discussion is semi-public, and he's asking for help in finding an original, unredacted, copy. ---------- Forwarded message ---------- Date: Wed, 30 Nov 2011 10:29:17 -0800 From: PRIVACY Forum mailing list <firstname.lastname@example.org> To: email@example.com Subject: [ PRIVACY Forum ] FCC removes report on AT&T/T-Mobile merger - Is the replacement version the same? FCC removes report on AT&T/T-Mobile merger - Is the replacement version the same? http://j.mp/rHEMch (This message on Google+) - - - Yesterday I noted the availability of a long FCC report explaining why they felt the AT&T/T-Mobile merger was not in the pubic interest. Various observers have interpreted the report as the FCC calling AT&T a liar regarding various issues. AT&T condemned the release of the report. This morning I was flooded with messages noting a 404 on the relevant FCC link. The original report was (as far as I can tell now) at: http://transition.fcc.gov/Daily_Releases/Daily_Business/2011/db1129/DA-11-1955A2.pdf This link is indeed now dead. Until a few minutes ago, the cover letter for the report continued to exist at: http://transition.fcc.gov/Daily_Releases/Daily_Business/2011/db1129/DA-11-1955A1.pdf But that link has also now gone dead, though the Google Search results for that URL still show that it was originally present. The report now is available at: http://transition.fcc.gov/transaction/ATT-TMO-redacted-PDF-final.pdf This version shows significant blocks of redacted "Confidential Information" and does not appear to be text searchable. I did not have time yesterday to go through the report at the original location in detail. I would appreciate it if anyone who has a local copy of the report from the original location, would confirm to me that the report from both locations were identical -- in particular that the redactions noted in the current version were present in the version that the FCC apparently removed from its original URL. Thanks much. --Lauren-- Lauren Weinstein (firstname.lastname@example.org): http://www.vortex.com/lauren Co-Founder: People For Internet Responsibility: http://www.pfir.org Founder: _______________________________________________ privacy mailing list http://lists.vortex.com/mailman/listinfo/privacy
Date: Wed, 30 Nov 2011 14:08:27 -0500 From: "Geoffrey Welsh" <email@example.com> To: firstname.lastname@example.org. Subject: Re: P.S. on Mobile Informational Call Act Message-ID: <69c23$4ed67f28$adce29b0$27560@PRIMUS.CA> HAncock4 wrote: > They say if a consumer gives someone their cell phone number - say > an airline - the airline would not be allowed to call it to report a > delayed flight. I don't think that's accurate. I wouldn't believe that to be the case, either, but when pursuing your interests in the court of public opinion, spin (and even outright deception) are the rule, not the exception. Long ago, I must have provided my bank with my cellphone number - I'm not sure whether it was clearly marked as such, but I probably would have put my home number in first so I would think that it was. A couple of years back they called it to tell me of some new service they were offering that they thought I might be interested in. When I informed them that this was my mobile number and could they kindly not use it for marketing, the indignant caller remarked that I had provided them with the number myself... I told her that I provided the bank with my mobile number so that, for instance, if they suspected my card was being used fraudulently they could reach me quickly wherever I was to verify the transaction, and that they could stick to my home number for marketing. To the bank's credit, they haven't called my cellphone since.
Date: Wed, 30 Nov 2011 10:11:20 -0500 From: Pete Cresswell <email@example.com> To: firstname.lastname@example.org. Subject: Re: Pending legislation would allow robot calls to cell phones Message-ID: <email@example.com> Per HAncock4: > Further, I don't understand how Congress could propose this given > how much everyday citizens hate the telemarketing calls they get > now. Call me a cynic, but the only explanation I can come up with is payola. -- PeteCresswell
Date: Wed, 30 Nov 2011 13:20:29 -0600 From: Dave Garland <firstname.lastname@example.org> To: email@example.com. Subject: Re: MSNBC/NYT: Caller ID Forging Message-ID: <firstname.lastname@example.org> On 11/28/2011 3:28 PM, Geoffrey Welsh wrote: > I'm not sure if the proliferation of VoIP has created new mechanisms > for caller ID forging; I hope someone familiar with the topic can > comment. I can configure my VoIP CID to show any arbitrary number. Interestingly, I can't configure the name, that is apparently controlled not by my VoIP vendor, but by another party (whether the original telco that had my number (Qwest), or the local company (XO) who seems to be somehow involved with the ported number, I don't know). Dave ***** Moderator's Note ***** Good question. Of course, the "name" shown in a caller-id display is ultimately from LIDB, but I'd like someone to review the process that populates the database from which caller-id-with-name is drawn. Bill Horne Moderator
Date: Wed, 30 Nov 2011 11:00:43 -0500 From: Monty Solomon <email@example.com> To: firstname.lastname@example.org. Subject: Video shows alarming capabilities of mobile tracking software Message-ID: <email@example.com> Carrier IQ Video Shows Alarming Capabilities Of Mobile Tracking Software Devin Coldewey You may be aware of the growing controversy surrounding Carrier IQ, a piece of software found pre-installed on Sprint phones that, according to developers who have investigated, is capable of detecting, recording, and transmitting various user actions and inputs. Among the data CIQ potentially has access to are location, SMS, apps, and key presses. http://techcrunch.com/2011/11/29/carrier-iq-video-shows-alarming-capabilities-of-mobile-tracking-software/ BUSTED! Secret app on millions of phones logs key taps Researcher says seeing is believing By Dan Goodin in San Francisco 30 November 2011 An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users. http://www.theregister.co.uk/2011/11/30/smartphone_spying_app/ Carrier IQ Part #2 http://www.youtube.com/watch?v=T17XQI_AYNo Android Security Test http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/carrieriq-part2/
TELECOM Digest is an electronic journal devoted mostly to telecom- munications topics. It is circulated anywhere there is email, in addition to Usenet, where it appears as the moderated newsgroup 'comp.dcom.telecom'. TELECOM Digest is a not-for-profit, mostly non-commercial educational service offered to the Internet by Bill Horne. All the contents of the Digest are compilation-copyrighted. You may reprint articles in some other media on an occasional basis, but please attribute my work and that of the original author. The Telecom Digest is moderated by Bill Horne.
43 Deerfield Road
Sharon MA 02067-2301
bill at horne dot net
This Digest is the oldest continuing e-journal about telecomm- unications on the Internet, having been founded in August, 1981 and published continuously since then. Our archives are available for your review/research. We believe we are the oldest e-zine/mailing list on the internet in any category! URL information: http://telecom-digest.org Copyright (C) 2011 TELECOM Digest. All rights reserved. Our attorney is Bill Levant, of Blue Bell, PA.
Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of fifty dollars per year per reader is considered appropriate. See our address above. Please make at least a single donation to cover the cost of processing your name to the mailing list. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization.