31 Years of the Digest ... founded August 21, 1981
Add this Digest to your personal
or 
The Telecom Digest for November 28, 2012
Volume 31 : Issue 279 : "text" Format
====== 31 years of TELECOM Digest -- Founded August 21, 1981 ======
|
Telecom and VOIP (Voice over Internet Protocol) Digest for the
Internet. All contents here are copyrighted by Bill Horne and
the individual writers/correspondents. Articles may be used in other
journals or newsgroups, provided the writer's name and the Digest are
included in the fair use quote. By using any name or email address
included herein for any reason other than responding to an article
herein, you agree to pay a hundred dollars to that person, or email address
owner.
Addresses herein are not to be added to any mailing list, nor to be
sold or given away without the explicit written consent of the owner of
that address. Chain letters, viruses, porn, spam, and miscellaneous junk
are definitely unwelcome.
We must fight spam for the same reason we fight crime: not because we
are naive enough to believe that we will ever stamp it out, but because
we do not want the kind of world that results when no one stands
against crime. - Geoffrey Welsh
See the bottom of this issue for subscription and archive details
and the name of our lawyer, and other stuff of interest.
|
Date: Tue, 27 Nov 2012 08:58:14 -0500
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: New York City Police Amassing a Trove of Cellphone Logs
Message-ID: <p06240827ccda71e02f2e@[10.0.1.10]>
City Is Amassing Trove of Cellphone Logs
By JOSEPH GOLDSTEIN
November 26, 2012
When a cellphone is reported stolen in New York, the Police
Department routinely subpoenas the phone's call records, from the day
of the theft onward. The logic is simple: If a thief uses the phone,
a list of incoming and outgoing calls could lead to the suspect.
But in the process, the Police Department has quietly amassed a trove
of telephone logs, all obtained without a court order, that could
conceivably be used for any investigative purpose.
The call records from the stolen cellphones are integrated into a
database known as the Enterprise Case Management System, according to
Police Department documents from the detective bureau. Each phone
number is hyperlinked, enabling detectives to cross-reference it
against phone numbers in other files.
The subpoenas not only cover the records of the thief's calls, but
also encompass calls to and from the victim on the day of the theft.
In some cases the records can include calls made to and from a
victim's new cellphone, if the stolen phone's number has been
transferred, three detectives said in interviews.
Police officials declined to say how many phone records are contained
in the database, or how often they might have led to arrests. But
police documents suggest that thousands of subpoenas have been issued
each year, with each encompassing anywhere from dozens to hundreds of
phone calls.
For example, T-Mobile, which has a smaller market share than some of
its competitors, like Verizon, fulfilled 297 police subpoenas issued
in January 2012, according to a police document.
...
http://www.nytimes.com/2012/11/27/nyregion/new-york-city-police-amassing-a-trove-of-cellphone-logs.html
Date: Mon, 26 Nov 2012 23:12:09 -0500
From: danny burstein <dannyb@panix.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: more domain seizures by ICE
Message-ID: <Pine.NEB.4.64.1211262311410.7077@panix5.panix.com>
[press release]
WASHINGTON - U.S. Immigration and Customs Enforcement's (ICE)
Homeland Security Investigations (HSI), law enforcement agencies
from Belgium, Denmark, France, Romania and the United Kingdom, and
the European Police Office (Europol) seized 132 domain names today
that were illegally selling counterfeit merchandise online to
unsuspecting consumers.
========
rest:
http://www.ice.gov/news/releases/1211/121126washingtondc.htm
_____________________________________________________
Knowledge may be power, but communications is the key
dannyb@panix.com
[to foil spammers, my address has been double rot-13 encoded]
Date: Mon, 26 Nov 2012 22:06:16 +0000 (UTC)
From: wollman@bimajority.org (Garrett Wollman)
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Re: Why passwords have never been weaker-and crackers have never been stronger
Message-ID: <k90p4o$qul$1@grapevine.csail.mit.edu>
In article <mtv6b8h6lf7s8d3lrshtut28ohrl3i44ja@4ax.com>,
Pete Cresswell <PeteCress@invalid.telecom-digest.org> wrote:
>Per Monty Solomon:
>>The ancient art of password cracking has advanced further in the past
>>five years than it did in the previous several decades combined.
>
>Can anybody comment on the specifics/methodology of this
>improvement?
A consumer-grade PC with a few gamer-grade video cards can crack an
eight-character password in less than a day. Of course, this will
depend on how the password is protected; I believe that number is for
weak cryptographic hashes such as MD5, which is used in HTTP Digest
authentication and numberous other protocols. There's a growing
literature of password-strengthening algorithms, which aim to make
even shorter passwords stronger by increasing the computational
difficulty of checking for a valid crack.
-GAWollman
--
Garrett A. Wollman | What intellectual phenomenon can be older, or more oft
wollman@bimajority.org| repeated, than the story of a large research program
Opinions not shared by| that impaled itself upon a false central assumption
my employers. | accepted by all practitioners? - S.J. Gould, 1993
Date: Tue, 27 Nov 2012 00:40:49 -0500
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Another blow for state's anti-eavesdropping law
Message-ID: <p0624080eccda02ac1ec8@[10.0.1.10]>
Another blow for state's anti-eavesdropping law
By MICHAEL TARM
Associated Press / November 26, 2012
CHICAGO (AP) - The U.S. Supreme Court on Monday delivered another
blow to a 50-year-old anti-eavesdropping law in Illinois, choosing to
let stand a lower court finding that key parts of the hotly debated
law run counter to constitutional protections of free speech.
In that critical lower-court ruling in May, the 7th U.S. Circuit
Court of Appeals found that the law - one of the toughest of its kind
in the country - violates the First Amendment when used against those
who record police officers doing their jobs in public.
Civil libertarians say the ability to record helps guard against
police abuse. The law's proponents, however, say it protects the
privacy rights of officers and civilians, as well as ensures that
those wielding recording devices don't interfere with urgent police
work.
The Illinois Eavesdropping Act, enacted in 1961, makes it a felony
for someone to produce an audio recording of a conversation unless
all the parties involved agree. It sets a maximum punishment of 15
years in prison if a law enforcement officer is recorded.
As it drew the ire of civil liberties groups, state legislators
endeavored to soften the law earlier this year, but those efforts
stalled. The high-court's decision could prompt a renewed push to
overhaul it.
...
http://www.boston.com/news/nation/2012/11/26/another-blow-for-state-anti-eavesdropping-law/e0PPFIIdGj0NMOtxOfEcnN/story.html
Date: Tue, 27 Nov 2012 01:15:22 -0800
From: Thad Floryan <thad@thadlabs.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Re: Why passwords have never been weaker-and crackers have never been stronger
Message-ID: <50B484AA.6070403@thadlabs.com>
On 11/26/2012 6:42 AM, Pete Cresswell wrote:
> Per Monty Solomon:
>> The ancient art of password cracking has advanced further in the past
>> five years than it did in the previous several decades combined.
>
> Can anybody comment on the specifics/methodology of this
> improvement?
>
> - -
> Pete Cresswell
>
> ***** Moderator's Note *****
>
> It has become easier to "crack" passwords by guessing them: samples of
> passwords entered by users show that user are prone to using the names
> of relatives, pets, or objects in their immediate vicinity when they
> have to enter a new password. Common substitutions, such as using
> "leet speek", a patois once popular with the online hacking community,
> are also included in the lists used for "dictionary" attacks.
Too many people are ignorant about passwords. There's an interesting
article in the December 2012 issue of WIRED (page 180) entitled "HACKED"
but I couldn't find an URL of it (yet). Another article by the same
author is here:
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/
The December 2012 article has many errors of fact (e.g., concerning the
computer systems at MIT, etc.) but there are some good suggestions/tips
that people should abide, the most important of which is NOT to use the
same password for more than one service or system.
A good friend [Mark Crispin (author of the email IMAP RFC and many
others)] whose bio is here:
http://en.wikipedia.org/wiki/Mark_Crispin
once confided in me that he used the same password on some 50+ systems
including BBS systems where the passwords were stored in plaintext and
his BBS password was used by an unscrupulous SYSOP to get into many of
the other systems to Mark's extreme discomfiture.
Date: Tue, 27 Nov 2012 11:36:08 -0500
From: Bill Horne <bill@horneQRM.net>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Re: Why passwords have never been weaker-and crackers have never been stronger
Message-ID: <20121127163608.GA25806@telecom.csail.mit.edu>
On Tue, Nov 27, 2012 at 01:15:22AM -0800, Thad Floryan wrote:
> A good friend ... once confided in me that he used the same password
> on some 50+ systems including BBS systems where the passwords were
> stored in plaintext and his BBS password was used by an unscrupulous
> SYSOP to get into many of the other systems to [his] extreme
> discomfiture.
The usual rules apply: things that cost more need better protection.
If you use a weak password for your online banking, you'll get bitten
sooner or later, but even a strong password is no guarantee of safety
if you don't review the account regularly of if you keep more money in
it than you can afford to lose.
The problem with passwords is that they are, in effect, a "feel good"
process, akin to the TSA: they are what Bruce Schneier calls "security
theater". Password-based authentication was implemented to prevent
time-sharing users from denying how much time they spent using someone
else's computer, and only later came to be used as a way to "protect"
users' data: passwords have always been a limited technique that is
used only because there isn't anything better that computer owners are
willing to adopt without external pressure being brought to bear.
Actually securing information from prying eyes is a lot harder than
what most companies and/or users are willing to pay for. Two or
three-factor authentication is just too complicated for the average
user, and too expensive for firms to justify: when an online marketer
is working on a two to five percent markup, every second of the IT
staff's time is going to be committed to increasing sales, not to
protecting data. The data, bluntly put, isn't their problem: the cost
of the loss of a social-security or credit-card number is externalized
onto the customers, most of whom don't have the ability to take legal
action following an attack.
The only effective drivers for improved security are insurance
underwriters and governments, and (as Schneier pointed out years ago)
they are likely to drive changes in security for the same reasons that
they drive effective alarms in banks, night watchmen at high-value
targets, etc.: i.e., they are people left holding the bag when
too-big-to-deny disasters strike.
The insurance industry is a driver because it's the ultimate loser in
any major hack, and they are the only group that has the political and
societal muscle needed to force change. That's why there are airbags
in cars, and that's why there is an Underwriters Laboratories seal on
the electrical panel in your home: the cost of failure is too high to
bear, and too visceral for any politician to ignore.
When there's a major computer attack that costs a lot of wealthy
people a lot of money (think triple-witching-days on Wall Street),
then we'll all be signing on with smart cards after retina
verification. In the meantime, we have passwords.
Bill
--
Bill Horne
(Remove QRM from my address to write to me directly)
Date: Mon, 26 Nov 2012 08:09:17 -0800 (PST)
From: "John C. Fowler" <johnfpublic@yahoo.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Re: Why passwords have never been weaker-and crackers have never been stronger
Message-ID: <1353946157.50354.YahooMailClassic@web163906.mail.gq1.yahoo.com>
Replying to Message-ID: <mtv6b8h6lf7s8d3lrshtut28ohrl3i44ja@4ax.com>
References: <p062408c4ccd8113a8752@[10.0.1.10]>
Pete Cresswell:
> Can anybody comment on the specifics/methodology of this
> improvement?
While there have always been people who have chosen weak passwords,
even some of the stronger ones are starting to fall. The main reason
for that is PCs are getting faster, and large numbers of systems that
can work in parallel are becoming more available. That is, even if
you don't control a botnet of other people's infected computers, you
can still rent a bunch of virtual machines from Amazon or some other
cloud service provider, and do your dirty work there at a fraction of
what it used to cost.
Encryption that was fine a few years ago is now no longer considered
acceptable. However, companies have not bothered to update their
encryption, as customers are not demanding it. (Saying "Of course our
passwords are encrypted!" is good enough for most people.) Many of
the recent password breaches, while encrypted, have turned out not to
be encrypted very well by modern standards.
Your best strategy is to just use different passwords at different
sites, so compromise of one will not lead to compromise of all. Even
if you have a really strong password, you shouldn't use it everywhere.
John C. Fowler, johnfpublic@yahoo.com
Date: Mon, 26 Nov 2012 13:04:39 -0600
From: bonomi@host122.r-bonomi.com (Robert Bonomi)
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Re: Why passwords have never been weaker-and crackers have never been stronger
Message-ID: <xbKdnYbPbIbaIC7NnZ2dnUVZ_hKdnZ2d@posted.nuvoxcommunications>
In article <p062408c4ccd8113a8752@[10.0.1.10]>,
>
>***** Moderator's Note *****
>
>Let me get this straight: do they mean that changing my els to ones
>and my o's to zeroes doesn't keep me safe anymore?
On the off-chance that that is not a Rhett-orical[1] question --
'standard' hacker technique for 'dictionary'-based attacks has included
such spelling 'variations' for AT LEAST A DECADE.
[1] A question one asks, but "frankly my dear, don't give a damn" about the
answer to.
***** Moderator's Note *****
It was not Rhett-orical. It was Puckish.
Everyone knows that Using *ANY* dictionary word as a password is an
invitation to attack. What many users don't know is that hacker
dictionaries have all the common variants in them, such as putting an
exclamation point at the end of a word. The trick is to use
easily-memorable pass-/*PHRASES*/ that won't be in anyone's
dictionary.
Bill Horne
Moderator
Date: 26 Nov 2012 19:33:35 -0500
From: kludge@panix.com (Scott Dorsey)
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Calling Card Services
Message-ID: <k911ov$4tu$1@panix2.panix.com>
I just received a letter in the mail telling me that due to changes in
their billing system, Credo will no longer be able to provide calling card
services past Dec 31. I find the calling card very useful and use it a
lot, but in bursts.
Does anyone have any suggestions for other providers for calling cards?
I find purchasing prepaid phone cards at the corner bodega is not worth
the trouble since they often go out of date before I use them. I'll make
a lot of calls when I'm on travel but it can sometimes be three or even
six months between trips.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."
Date: Tue, 27 Nov 2012 00:54:35 -0500
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Cambridge's Bluefin Labs decodes social media chatter
Message-ID: <p0624080fccda03243ad7@[10.0.1.10]>
Cambridge's Bluefin Labs decodes social media chatter
Facebook users "like" things 2.7 billion times a day. People share
their opinions more than 500 million times daily on Twitter. Now,
this start-up is betting it can change everything from product
placement to how we elect our president.
By Neil Swidey
NOVEMBER 25, 2012
IN THE 1930S AND '40S, Hollywood had a way of tracking the popularity
of its movie stars. Studios would sift through the quarter of a
million or so fan letters that arrived each month and sort them into
separate bags by actor name. Then studio employees would heave these
bulging bags onto a scale, according to industry researcher Leo
Handel. A big spike in weight meant the star was trending up. A sharp
decline suggested the star was on the way to becoming yesterday's
news.
As measurements go, this was pretty crude. Even back then, the people
who would take the time to write a letter represented a tiny subset
of the population, usually teenagers motivated by an excess of
adoration (or antipathy). So, in time, movie executives would follow
the lead of their counterparts in radio, television, and advertising
and adopt the techniques of opinion research to understand what their
audiences wanted.
The push toward data collection in television brought us Nielsen
families, those chosen few whose living room diaries and, eventually,
People Meters were powerful enough to keep their favorite shows on
the air. And it brought us the ubiquitous focus group, where a dozen
unhurried souls would be steered into a conference room and, in
exchange for 50 bucks and all the M&M's they could eat, be asked to
render a verdict on a new program.
Yet it hasn't always been clear how much we've gained from this
relentless pursuit of audience preferences. High Nielsen ratings -
scores that were extrapolated from just several thousand households -
kept shows like Three's Company and The Love Boat on the air long
past their sell-by dates. And I've been suspicious of the focus group
ever since the seventh grade, when on a trip to New York I somehow
got shanghaied into testing a sitcom starring Harold Gould as a
skirt-chasing widower. Against the heated objection of this
13-year-old out-of-towner, CBS went ahead and aired Foot in the Door
in 1983, though the network thankfully mercy-killed it after just six
episodes. What's the point of market research if it regularly leads
to doozies like that? We might as well bring back the fan-mail scales.
Thanks to social media, thousands of fan letters and complaint
missives, huzzahs and boos, are now being written every single
minute. Twitter alone processes half a billion tweets each day. But
there are problems. As with those letter-writing fans of the past,
today's social media commenters skew young. And right now, the most
common methods for tracking their views resemble the "trending by
weight" measures the old studios favored: Multiple firms tally all
mentions of a TV show or movie made on social media, then report
grand totals across general categories. This is useful only to a
point.
Twitter, Facebook, and other services have already transformed media
from a one-way conversation into a democratized, constantly churning
feedback loop. In time, social media hold the promise of exercising
enormous influence over everything from the shows we watch on TV to
the toothpaste we buy in the supermarket to the politicians we send
to Washington. "Social TV" and the "second screen" experience -
watching the TV set while cradling a smartphone or tablet - may even
rescue live television viewing from the dustbin into which the DVR
has swept it.
Yet the only way any of this is going to happen is if somebody can
reliably convert all that online chatter into meaningful information.
After all, if someone tweets "the office is making me cry," is that
person referring to a particularly poignant episode of the NBC comedy
or a hostile workplace? Even more difficult is discerning sentiment.
Are most of those millions of mentions about your show praising it or
panning it? And what if the name of the show isn't even mentioned?
Making those kinds of interpretations are easy for humans yet
exceedingly difficult for computers.
But they're learning. A Cambridge start-up called Bluefin Labs is
marrying the computational power of machines with the interpretive
guidance of humans to make sense of - and profit from - the fire hose
of nonstop social media. The company's work builds on the research of
its two cofounders, MIT guys who have dedicated their professional
lives to teaching machines to understand human language. Now they are
using that knowledge to teach machines to understand what we really
mean when we tweet or post about everyone from President Obama to
Honey Boo Boo. The outcome just may be as important to the president
as it is to that cringe-worthy pint-size product of reality TV.
...
http://www.bostonglobe.com/2012/11/25/cambridge-bluefin-labs-decodes-social-media-chatter/SLDp9nflJK0tFQKBPuVZhP/story.html?s_campaign=8315
Bluefin Labs: Decoding online chatter
http://bostonglobe.com/lifestyle/style/2012/11/21/bluefin-labs-the-social-media-eavesdroppers/caE7V0V26bZXBXU9vLPcDM/story.html?s_campaign=8315
***** Moderator's Note *****
Ascertaining the "true" message content of millions of online missives
won't mean anything until, and unless, Bluefin can ascertain the true
identity of the senders. Until the company is able to identify
end-users and screen out hype-bots, they're just another scale to put
the bags on.
Bill Horne
Moderator
TELECOM Digest is an electronic journal devoted mostly to telecom-
munications topics. It is circulated anywhere there is email, in
addition to Usenet, where it appears as the moderated newsgroup
'comp.dcom.telecom'.
TELECOM Digest is a not-for-profit, mostly non-commercial educational
service offered to the Internet by Bill Horne. All the contents
of the Digest are compilation-copyrighted. You may reprint articles in
some other media on an occasional basis, but please attribute my work
and that of the original author.
The Telecom Digest is moderated by Bill Horne.
This Digest is the oldest continuing e-journal about telecomm-
unications on the Internet, having been founded in August, 1981 and
published continuously since then. Our archives are available for
your review/research. We believe we are the oldest e-zine/mailing list
on the internet in any category!
URL information: http://telecom-digest.org
Copyright (C) 2012 TELECOM Digest. All rights reserved.
Our attorney is Bill Levant, of Blue Bell, PA.
Finally, the Digest is funded by gifts from generous readers such as
yourself who provide funding in amounts deemed appropriate. Your help
is important and appreciated. A suggested donation of fifty dollars
per year per reader is considered appropriate. See our address above.
Please make at least a single donation to cover the cost of processing
your name to the mailing list.
All opinions expressed herein are deemed to be those of the
author. Any organizations listed are for identification purposes only
and messages should not be considered any official expression by the
organization.
End of The Telecom Digest (10 messages)
Return to Archives ** Older Issues