32 Years of the Digest ... founded August 21, 1981
Add this Digest to your personal
or 
The Telecom Digest for September 8, 2013
Volume 32 : Issue 190 : "text" Format
====== 32 years of TELECOM Digest -- Founded August 21, 1981 ======
|
Telecom and VOIP (Voice over Internet Protocol) Digest for the
Internet. All contents here are copyrighted by Bill Horne and
the individual writers/correspondents. Articles may be used in other
journals or newsgroups, provided the writer's name and the Digest are
included in the fair use quote. By using any name or email address
included herein for any reason other than responding to an article
herein, you agree to pay a hundred dollars to that person, or email address
owner.
Addresses herein are not to be added to any mailing list, nor to be
sold or given away without the explicit written consent of the owner of
that address. Chain letters, viruses, porn, spam, and miscellaneous junk
are definitely unwelcome.
We must fight spam for the same reason we fight crime: not because we
are naive enough to believe that we will ever stamp it out, but because
we do not want the kind of world that results when no one stands
against crime. - Geoffrey Welsh
See the bottom of this issue for subscription and archive details
and the name of our lawyer, and other stuff of interest.
|
Date: Sat, 7 Sep 2013 10:32:52 -0400
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: After patent loss, Apple tweaks FaceTime-and logs 500,000 complaints
Message-ID: <p06240844ce50e9241f52@[10.0.1.11]>
Report: After patent loss, Apple tweaks FaceTime-and logs 500,000 complaints
Apple is doing a "design around" in a case where it already lost $368 million.
by Joe Mullin
Aug 30 2013
Ars Technica
http://arstechnica.com/tech-policy/2013/08/report-after-patent-loss-apple-tweaks-facetime-and-logs-500000-complaints/
Date: Sat, 7 Sep 2013 10:17:59 -0400
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Dear NSA, Thanks for Making Us All Insecure
Message-ID: <p06240840ce50e4e620a9@[10.0.1.11]>
http://www.businessweek.com/articles/2013-09-06/dear-nsa-thanks-for-making-us-all-insecure
Dear NSA, Thanks for Making Us All Insecure
By David Meyer
September 06, 2013
Dear stupid, stupid NSA,
I've got to hand it to you: As an agency set up with the task of
breaking codes and spying on people, you seem to be doing a pretty
sterling job.
You and your counterparts in the U.K., Australia, Canada, and New
Zealand (and possibly elsewhere) are able to monitor most of the
communications flowing around the world. You appear to have
successfully subverted the American Web services that everyone uses,
and you've used the value and size of the U.S. market to bring all
manner of Internet backbone providers and hardware vendors on-side
too.
Now we also know that you have-in your own words-some capabilities
against the encryption in TLS/SSL, HTTPS, SSH, VPNs, VoIP, WEBMAIL,
and other network communication technologies. So even if it takes a
fair amount of effort (unlike your indiscriminate data-trawling
techniques), that's basic Internet security out the window then.
Nicely done.
We're still pretty sure that strong cryptography is safe (Edward
Snowden said so, and he's yet to be proven wrong on this stuff), but
even there it's not unreasonable to suspect you can muscle your way
in if the situation merits it.
Again, well played, maybe.
However, you've not stopped at code breaking-you have also made sure
that vulnerabilities have been inserted into commercial encryption
systems, IT systems, networks, and endpoint communications devices
used by targets.
Here's where the stupidity creeps in: You actively work to influence
policies, standards, and specifications for commercial public key
technologies and shape the worldwide commercial cryptography
marketplace to make it more tractable to advanced cryptanalytic
capabilities being developed by yourself.
In other words, instead of just building a better lock pick, you are
trying to make sure that all locks are faulty by design.
What is so jaw-droppingly idiotic about your actions is that you have
not only subverted key elements of modern cryptography, but you have
also appointed yourself as the guardian of the knowledge that the
resulting vulnerabilities exist. And if your own security systems
were up to the task, then those secrets wouldn't be sitting in the
offices of the New York Times and ProPublica.
One must possess a Panglossian view on things to assume that Edward
Snowden was the first person out of the many thousands in his
position to make away with such material. He brought it to the
public, and without that move there's a good chance you wouldn't have
even known he took it. So who else has it? Bet you have no idea. So
well done; you've probably put your own citizens at risk.
But let's ignore that distinct likelihood for a moment, and
concentrate on the aftermath of Snowden's revelations.
If the first tranche of those revelations will hit the U.S. Web
services and cloud economy hard-estimates vary as to how hard, and
only time will tell-then the crypto scandal is going to do the same
to the U.S. security industry. In fact, it's probably going to hurt
more. Most people have too much invested in American Web services to
pull out on short notice; it's relatively trivial in many cases to
switch security services.
Of course, the implications aren't only glum for U.S. firms. There
are enough hints in your leaked documents to suggest that you got to
some foreign firms, too. And as you seem to have influenced the
standards-setting process (sometimes cackhandedly) the global
security industry must now think about starting from scratch.
Sadly for you, this time round your influence will be vastly
diminished: It's going to be much harder to insert your demands into
the finished product. As far as the rest of the world is concerned,
the forum provided by the U.S. National Institute of Standards and
Technology will now carry less weight. And because the security
industry will now shift to open source-there is no other option if
the new standards are to be trusted-installing hidden backdoors will
be nearly impossible.
But what's really going to hurt is the U.S.'s slow loss of control
over the Internet itself. As crypto guru Bruce Schneier wrote on
Thursday:
I have resisted saying this up to now, and I am saddened to say it,
but the U.S. has proved to be an unethical steward of the Internet.
The U.K. is no better. The NSA's actions are legitimizing the
Internet abuses by China, Russia, Iran, and others. We need to
figure out new means of Internet governance, ones that make it
harder for powerful tech countries to monitor everything. For
example, we need to demand transparency, oversight, and
accountability from our governments and corporations.
Unfortunately, this is going to play directly into the hands of
totalitarian governments that want to control their country's
Internet for even more extreme forms of surveillance. We need to
figure out how to prevent that, too. We need to avoid the mistakes
of the International Telecommunications Union, which has become a
forum to legitimize bad government behavior, and create truly
international governance that can't be dominated or abused by any
one country.
Just because the U.S. invented the Internet doesn't mean it gets to
maintain the level of control it now exercises forever. Particularly
when you've now forced everyone to think about reengineering it.
Oh, and by the way, whether or not you do succeed in cracking the
encryption protecting 4G communications by the end of this financial
year, as you have predicted, you can probably expect U.S. influence
in international telecommunications standards-setting to take a
knock, too.
So in summary, you've blown it-and not just for yourselves. Good luck
readjusting in the coming years!
Yours etc.,
David
Date: Sat, 7 Sep 2013 10:40:03 -0400
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: How App Store grifters clone an overnight success to make a quick buck
Message-ID: <p06240847ce50eaff8e8c@[10.0.1.11]>
How App Store grifters clone an overnight success to make a quick buck
The iOS app A Beautiful Mess suffered a true attack of the clones.
by Casey Johnston
Aug 29 2013
Ars Technica
The app had only been out three months, and already the creators of A
Beautiful Mess were scrambling to deal with a big problem: clones,
copycats, and rip-offs, as many as seven of them, crowding the search
results in the App Store. The clones appeared to be legitimate,
affiliated versions, yet as all the developers knew, they were
anything but. The CEO of the company that created the original A
Beautiful Mess called them "infuriating."
Attack of the clones
The legitimate version of the app is a product of the lifestyle blog
A Beautiful Mess; it allows users to augment photos or background
patterns with text, doodles, and filters. The app was launched by Red
Velvet Art LLC, which was affiliated with the blog, and it was
developed by Rocket Mobile, a brand agency based in Austin, Texas.
The app launched on May 14 and debuted as the number three paid app
in the App Store. Shortly thereafter, it moved to the number one spot.
A Beautiful Mess lets you do things like this to photos of your cats,
as well as photos of other things.
In June, the first clone appeared. It used the same icon and
screenshots as A Beautiful Mess but came with a modified name: A
Beautiful Mess Free. The second clone was produced by a developer
named John Harlampa: A Beautiful Mess Plus. By the beginning of
August, seven clones cluttered up the App Store, and one rip-off was
charting in the top 50, according to AppTweak. It hovered in that
range until the day it was pulled, sometime on August 19.
The original app, which had sustained a fairly high position on the
paid charts, dropped as low as the fifties.
...
http://arstechnica.com/apple/2013/08/how-app-store-grifters-clone-an-overnight-success-to-make-a-quick-buck/
Date: Sat, 7 Sep 2013 10:21:07 -0400
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Fwd: California poised to implement first electronic license plates
Message-ID: <p06240841ce50e69e87b4@[10.0.1.11]>
California poised to implement first electronic license plates
Cops, license plate readers are obsolete. You can now track us closer.
by Cyrus Farivar
Sept 6 2013
Ars Technica
This week, the California State Senate approved a bill that would
create the nation's first electronic license plate. Having already
passed the state's assembly, the bill now goes to Gov. Jerry Brown
(D) for his signature.
The idea is that rather than have a static piece of printed metal
adorned with stickers to display proper registration, the plate would
be a screen that could wirelessly (likely over a mobile data network)
receive updates from a central server to display that same
information. In an example shown by a South Carolina vendor, messages
such as "STOLEN," "EXPIRED," or something similar could also be
displayed on a license plate.
...
http://arstechnica.com/tech-policy/2013/09/california-poised-to-implement-nations-first-electronic-license-plate-program/
***** Moderator's Note *****
OBTelecom: Substitute "Cell phone" for "License Plate" ...
Bill Horne
Moderator
Date: Sat, 7 Sep 2013 10:55:03 -0400
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: NSA surveillance: A guide to staying secure
Message-ID: <p0624084ace50ee3a505f@[10.0.1.11]>
NSA surveillance: A guide to staying secure
The NSA has huge capabilities - and if it wants in to your computer,
it's in. With that in mind, here are five ways to stay safe
Bruce Schneier
6 September 2013
Now that we have enough details about how the NSA eavesdrops on the
internet, including today's disclosures of the NSA's deliberate
weakening of cryptographic systems, we can finally start to figure
out how to protect ourselves.
For the past two weeks, I have been working with the Guardian on NSA
stories, and have read hundreds of top-secret NSA documents provided
by whistleblower Edward Snowden. I wasn't part of today's story - it
was in process well before I showed up - but everything I read
confirms what the Guardian is reporting.
At this point, I feel I can provide some advice for keeping secure
against such an adversary.
...
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
Date: Sat, 7 Sep 2013 10:37:04 -0400
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Apple confirms Apple Store iPhone trade-in program has launched today
Message-ID: <p06240845ce50ea165802@[10.0.1.11]>
Apple confirms Apple Store iPhone trade-in program has launched today
August 30, 2013
In line with our reports from earlier this week, Apple has announced
that its Apple Store iPhone trade-in-program has launched today. The
confirmation comes by way of comment to CNBC.
The trade-in-program is officially called the "iPhone Reuse and
Recycling Program" and it is available in Apple Stores across the
United States. It is powered in-part by BrightStar?
The trade-in process can be conducted on the store floor, or at the
Genius Bar. Apple will not be heavily promoting the program with
marketing signage (as of now), but Apple Store employees have been
instructed to recommend the program to applicable customers.
...
http://9to5mac.com/2013/08/30/apple-confirms-apple-store-iphone-trade-in-program-launches-today/
Date: Sat, 7 Sep 2013 10:48:46 -0400
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: iOS and Android weaknesses allow stealthy pilfering of website credentials
Message-ID: <p06240849ce50ed230ed5@[10.0.1.11]>
iOS and Android weaknesses allow stealthy pilfering of website credentials
Scientists call on Apple and Google to mitigate "origin crossing" attacks.
by Dan Goodin
Aug 27 2013
Ars Technica
Computer scientists have uncovered architectural weaknesses in both
the iOS and Android mobile operating systems that make it possible
for hackers to steal sensitive user data and login credentials for
popular e-mail and storage services.
Both OSes fail to ensure that browser cookies, document files, and
other sensitive content from one Internet domain are off-limits to
scripts controlled by a second address without explicit permission,
according to a just-published academic paper from scientists at
Microsoft Research and Indiana University. The so-called same-origin
policy is a fundamental security mechanism enforced by desktop
browsers, but the protection is woefully missing from many iOS and
Android apps. To demonstrate the threat, the researchers devised
several hacks that carry out so-called cross-site scripting (XSS) and
cross-site request forgery (CSRF) attacks to surreptitiously download
user data from handsets.
The most serious of the attacks worked on both iOS and Android
devices and required only that an end-user click on a booby-trapped
link in the official Google Plus app. Behind the scenes, a script
sent instructions that caused a text-editing app known as PlainText
to send documents and text input to a Dropbox account controlled by
the researchers. The attack worked against other apps, including
TopNotes and Nocs.
...
http://arstechnica.com/security/2013/08/ios-and-android-weaknesses-allow-stealthy-pilfering-of-website-credentials/
TELECOM Digest is an electronic journal devoted mostly to telecom-
munications topics. It is circulated anywhere there is email, in
addition to Usenet, where it appears as the moderated newsgroup
'comp.dcom.telecom'.
TELECOM Digest is a not-for-profit, mostly non-commercial educational
service offered to the Internet by Bill Horne. All the contents
of the Digest are compilation-copyrighted. You may reprint articles in
some other media on an occasional basis, but please attribute my work
and that of the original author.
The Telecom Digest is moderated by Bill Horne.
This Digest is the oldest continuing e-journal about telecomm-
unications on the Internet, having been founded in August, 1981 and
published continuously since then. Our archives are available for
your review/research. We believe we are the oldest e-zine/mailing list
on the internet in any category!
URL information: http://telecom-digest.org
Copyright (C) 2013 TELECOM Digest. All rights reserved.
Our attorney is Bill Levant, of Blue Bell, PA.
Finally, the Digest is funded by gifts from generous readers such as
yourself who provide funding in amounts deemed appropriate. Your help
is important and appreciated. A suggested donation of fifty dollars
per year per reader is considered appropriate. See our address above.
Please make at least a single donation to cover the cost of processing
your name to the mailing list.
All opinions expressed herein are deemed to be those of the
author. Any organizations listed are for identification purposes only
and messages should not be considered any official expression by the
organization.
End of The Telecom Digest (7 messages)
Return to Archives ** Older Issues