32 Years of the Digest ... founded August 21, 1981
The Telecom Digest for July 9, 2014
====== 32 years of TELECOM Digest -- Founded August 21, 1981 ======
Telecom and VOIP (Voice over Internet Protocol) Digest for the
Internet. All contents here are copyrighted by Bill Horne and
the individual writers/correspondents. Articles may be used in other
journals or newsgroups, provided the writer's name and the Digest are
included in the fair use quote. By using any name or email address
included herein for any reason other than responding to an article
herein, you agree to pay a hundred dollars to that person, or email address
Addresses herein are not to be added to any mailing list, nor to be sold or given away without the explicit written consent of the owner of that address. Chain letters, viruses, porn, spam, and miscellaneous junk are definitely unwelcome.
We must fight spam for the same reason we fight crime: not because we are naive enough to believe that we will ever stamp it out, but because we do not want the kind of world that results when no one stands against crime. - Geoffrey Welsh
See the bottom of this issue for subscription and archive details and the name of our lawyer, and other stuff of interest.
Date: Tue, 8 Jul 2014 01:38:32 -0400 From: Monty Solomon <firstname.lastname@example.org> To: email@example.com. Subject: Crypto weakness in smart LED lightbulbs exposes Wi-Fi passwords Message-ID: <firstname.lastname@example.org> Crypto weakness in smart LED lightbulbs exposes Wi-Fi passwords More evidence the Internet of things treats security as an afterthought. by Dan Goodin Ars Technica In the latest cautionary tale involving the so-called Internet of things, white-hat hackers have devised an attack against network-connected lightbulbs that exposes Wi-Fi passwords to anyone in proximity to one of the LED devices. The attack works against LIFX smart lightbulbs, which can be turned on and off and adjusted using iOS- and Android-based devices. Ars Senior Reviews Editor Lee Hutchinson gave a good overview here of the Philips Hue lights, which are programmable, controllable LED-powered bulbs that compete with LIFX. The bulbs are part of a growing trend in which manufacturers add computing and networking capabilities to appliances so people can manipulate them remotely using smartphones, computers, and other network-connected devices. A 2012 Kickstarter campaign raised more than $1.3 million for LIFX, more than 13 times the original goal of $100,000. ... http://arstechnica.com/security/2014/07/crypto-weakness-in-smart-led-lightbulbs-exposes-wi-fi-passwords/
Date: Tue, 8 Jul 2014 01:46:28 -0400 From: Monty Solomon <email@example.com> To: firstname.lastname@example.org. Subject: Court-approved wiretaps defeating encryption, feds say Message-ID: <email@example.com> Court-approved wiretaps defeating encryption, feds say Authorities are likely to confront growing number of encrypted devices. by David Kravets July 2 2014 Ars Technica The use of court-approved wiretaps in domestic criminal cases in 2013 increased five percent from the year before, and authorities largely defeated encryption methods on the mobile, landline, and other devices they tapped, according to a report Wednesday from the US agency that oversees the country's court system. The Administrative Office of the United States Courts, using the latest available figures, said there were 3,576 wiretaps reported. That represented a nine-percent bump in federal court orders and a three percent increase from state judges. The report said that only one wiretap application was denied for all of 2013. When it comes to cracking encryption, the authorities said they encountered encryption 41 times, up from 15 the year before. ... http://arstechnica.com/tech-policy/2014/07/court-approved-wiretaps-defeating-encryption-feds-say/
Date: Tue, 8 Jul 2014 01:45:14 -0400 From: Monty Solomon <firstname.lastname@example.org> To: email@example.com. Subject: Private crypto key stashed in Cisco VoIP manager allows network hijacking Message-ID: <firstname.lastname@example.org> Private crypto key stashed in Cisco VoIP manager allows network hijacking Update closes backdoor allowing unauthorized control of sensitive messaging gear. by Dan Goodin July 2 2014 Ars Technica Cisco Systems has released a security update that closes a backdoor allowing attackers to control software that large organizations use to manage voice over IP (VoIP) calls and messaging over their networks. The default secure shell (SSH) key made it possible for hackers to gain highly privileged administrative access to the Cisco Unified Communications Domain Manager, the networking company warned in an advisory published Wednesday. From there, intruders could execute arbitrary commands or gain persistent access to the systems. The advisory didn't explicitly say that attackers could monitor discussions or track the times that calls or messages were made and who sent and received them, but it wouldn't be surprising if those capabilities were also possible in an e-mail, a Cisco representative said these capabilities were not possible. In addition to VoiP management, the Cisco Unified Communications Domain Manager also allows users to manage Cisco Jabber, a cloud-based service for instant messaging, voice and video communications, desktop sharing, and conferencing. ... http://arstechnica.com/security/2014/07/private-crypto-key-stashed-in-cisco-voip-manager-allows-network-hijacking/
Date: Tue, 8 Jul 2014 01:44:08 -0400 From: Monty Solomon <email@example.com> To: firstname.lastname@example.org. Subject: Report: Rare leaked NSA source code reveals Tor servers targeted Message-ID: <email@example.com> Report: Rare leaked NSA source code reveals Tor servers targeted NSA says it only gathers such data for "valid foreign intelligence purposes." by Cyrus Farivar July 3 2014 Ars Technica Two Germany-based Tor Directory Authority servers, among others, have been specifically targeted by the National Security Agency's XKeyscore program, according to a new report from German public broadcaster ARD. Tor is a well-known open source project designed to keep users anonymous and untraceable-users' traffic is encrypted and bounced across various computers worldwide to keep it hidden. This marks the first time that actual source code from XKeyscore has been published. ARD did not say how or where it obtained the code. Unlike many other NSA-related stories, the broadcaster did not specifically mention the information being part of the trove leaked by whistleblower Edward Snowden. ... http://arstechnica.com/tech-policy/2014/07/report-rare-leaked-nsa-source-code-reveals-tor-servers-targeted/
Date: Tue, 08 Jul 2014 15:04:45 -0400 From: Fred Goldstein <firstname.lastname@example.org> To: email@example.com. Subject: Anonymous call blocking (whether you want it or not) Message-ID: <53BC40CD.firstname.lastname@example.org> I was expecting a call yesterday and it didn't arrive... and when I called the other party today, they said that the call was blocked, because my line has anonymous call blocking turned on. Now anonymous call blocking is a nice feature if you want to avoid telemarketers who block their caller ID, which is approximately none of them, since they can simply insert fake caller ID instead and get around such blocking! But if you ever need to call the "doctor on call" for an off-hours medical emergency, for instance, the doctor on call will usually have call blocking (because they're calling you back from home). And some government agencies, as in my recent case, also block caller ID. So you don't always want this "feature" on. And I never ordered it or turned it on. But somehow my Comcast Digital Voice line was set to block anonymous calls. So if you subscriber to CDV, you may want to log in to your account and check your settings -- you can turn it on and off yourself from their web site. They're getting sloppier and sloppier as they get bigger and bigger. -- Fred R. Goldstein k1io fred "at" interisle.net Interisle Consulting Group +1 617 795 2701
Date: Tue, 8 Jul 2014 01:43:04 -0400 From: Monty Solomon <email@example.com> To: firstname.lastname@example.org. Subject: Goldman Sachs demands Google unsend one of its e-mails Message-ID: <email@example.com> Goldman Sachs demands Google unsend one of its e-mails A court order is on the table for Google to undo Goldman Sachs' mistake. by Casey Johnston - July 2 2014 Ars Technica Google won't delete Gmail message without a court order, but it will block. Goldman Sachs has demanded a court order to get Google to unsend an e-mail that the bank sent in error, according to Reuters' report Wednesday. The e-mail contained "highly confidential" information addressed to the wrong account, a mistake on Goldman Sachs' part that Google hasn't yet been tempted to rectify. ... http://arstechnica.com/business/2014/07/goldman-sachs-demands-google-unsend-one-of-its-e-mails/
TELECOM Digest is an electronic journal devoted mostly to telecom- munications topics. It is circulated anywhere there is email, in addition to Usenet, where it appears as the moderated newsgroup 'comp.dcom.telecom'. TELECOM Digest is a not-for-profit, mostly non-commercial educational service offered to the Internet by Bill Horne. All the contents of the Digest are compilation-copyrighted. You may reprint articles in some other media on an occasional basis, but please attribute my work and that of the original author. The Telecom Digest is moderated by Bill Horne.
43 Deerfield Road
Sharon MA 02067-2301
bill at horne dot net
This Digest is the oldest continuing e-journal about telecomm- unications on the Internet, having been founded in August, 1981 and published continuously since then. Our archives are available for your review/research. We believe we are the oldest e-zine/mailing list on the internet in any category! URL information: http://telecom-digest.org Copyright (C) 2014 TELECOM Digest. All rights reserved. Our attorney is Bill Levant, of Blue Bell, PA.
Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of fifty dollars per year per reader is considered appropriate. See our address above. Please make at least a single donation to cover the cost of processing your name to the mailing list. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization.