From editor@telecom-digest.org Wed Jul 14 00:33:56 2004 Received: (from ptownson@localhost) by massis.lcs.mit.edu (8.11.6p3/8.11.3) id i6E4Xud17526; Wed, 14 Jul 2004 00:33:56 -0400 (EDT) Date: Wed, 14 Jul 2004 00:33:56 -0400 (EDT) From: editor@telecom-digest.org Message-Id: <200407140433.i6E4Xud17526@massis.lcs.mit.edu> X-Authentication-Warning: massis.lcs.mit.edu: ptownson set sender to editor@telecom-digest.org using -f To: ptownson Approved: patsnewlist Subject: TELECOM Digest V23 #331 TELECOM Digest Wed, 14 Jul 2004 00:34:00 EDT Volume 23 : Issue 331 Inside This Issue: Editor: Patrick A. Townson Re: Tap Into Neighbors' WiFi? Why Not, Some Say (William Warren) Re: Tap Into Neighbors' WiFi? Why Not, Some Say (charlie3) WTS: Cisco AS5300, AS5350, AS5400, AS54HPX, AS5850 (Shane Breen) Re: Death Penalty Applies to Top Posters? (T. Sean Weintz) Serious Flaws in Bluetooth Security Lead to Disclosure (Monty Solomon) Re: How Much Does Bill Gates Know About His Software? (Lisa Hancock) Getting out of Norvergence Contracts (N. Rakeertu) Congressional Panel to Vote on Bill to Ban VoIP Taxes (VOIP News) Re: Internet Phone Service For Every Home Not Far Off (charlie3) All contents here are copyrighted by Patrick Townson and the individual writers/correspondents. Articles may be used in other journals or newsgroups, provided the writer's name and the Digest are included in the fair use quote. By using -any name or email address- included herein for -any- reason other than responding to an article herein, you agree to pay a hundred dollars to the recipients of the email. =========================== Addresses herein are not to be added to any mailing list, nor to be sold or given away without explicit written consent. Chain letters, viruses, porn, spam, and miscellaneous junk are definitely unwelcome. We must fight spam for the same reason we fight crime: not because we are naive enough to believe that we will ever stamp it out, but because we do not want the kind of world that results when no one stands against crime. Geoffrey Welsh =========================== See the bottom of this issue for subscription and archive details and the name of our lawyer; other stuff of interest. ---------------------------------------------------------------------- From: William Warren Subject: Re: Tap Into Neighbors' WiFi? Why Not, Some Say Organization: Comcast Online Date: Tue, 13 Jul 2004 03:29:38 GMT Hammond of Texas (An Organ Grinder With A Chip On His Shoulder and A Monkey On His Back) wrote in message news:telecom23.329.6@telecom-digest.org: > William Warren (the prototypical PHB) wrote: >> Think about it: the only thing the business owner gets by turning off >> SSID broadcast, restricting MAC addresses, and enabling WEP is a lot >> of headaches and maintenance and complaints from his employees. The >> default (open) installation works, the effort to restrict it and track >> the restrictions and deal with the complaints and accomodate visitors >> costs real money -- probably several times what the bandwidth costs - >> so why wouldn't a businessman make a common-sense decision to ignore >> the "problem"? > Why? Oh ... probably because his idea of "common sense" completely > discounts the very real, and potentially very serious issues that > revolve around operating a completely unsecured AP. I meant "real" as in "real world", not "real" as in "You really need to come down from the Ivory Tower". The issues may be "potentially very serious" in Never-Never land, but even Peter Pan had to grow up. > The cost to defend against lawsuit brought by someone suffering > damages at the hands of the miscreant who used your wide-open AP > will quickly outrun the cost of doing it right in the first place. I don't care if it outruns the cost of building my own private fiber-optic network over transcontinental distances. Insurance covers nonsense lawsuits, and before you go yelling at that particular wolf, take a couse in business law 101: you may as well sue the phone company for allowing a crank call. > Add to that the less tangible cost of damaged PR, etc. It's not "less" tangible, it's not tangible, for the same reason that nobody blames a bank that gets robbed. Hell, Microsoft has been hacked, more than once, and nobody even raised an eyebrow. Get real. > Planning on dropping the thing right into your LAN, like most > "businessmen" do? What will it cost when that potential customer, > "visiting" your site, manages to download your client lists, > business strategy documents, trade secrets, etc. Lan, schman: encode the data on berilium plaques, bury it under a mountain, and hire a 24/7/365 team of ex secret service agents to guard it if you want -- you'll just waste a lot of money. I said before that "security" is a red herring to me. You, obviously, don't like fish, and (also obviously) have seen "Glenn Gary, Glenn Ross" too many times. But, what the hell, I'll give you a serious answer: every business with a customer list worth protecting has schill addresses on it that actually belong to a few of the senior sales staff. They get calls, that means someone bribed a clerk to get the list, and they take the obvious action of simply alerting the customers and the police. Had you ever actually been responsible for any tangible business asset, you'd know that nobody trusts cold callers anyway: business is about relationships, not secrets. > Furthermore, there are technological solutions to all of the > objections raised above. Some are more elegant and transparent than > others, but at any rate, they would allow any reasonable person to > dismiss the "its too inconvenient to make it secure" complaint. Ewww, I'm so ashamed: I'm not a "reasonable" person in your eyes. I've scheduled a moment of silence for my ego. .... OK, time's up. The "technological solutions" would mean changing our 802.11b cards in every machine that had them -- a cost of about $70/machine, even assuming you're not in a union environment -- and they wouldn't improve security anyway, since one stolen laptop or hacked pc or bribed clerk would deliver the encryption codes to those in need. I said before, and will now repeat: that's what strong end-to-end encryption is for, because otherwise the data leaks our at the weakest link, which is the people and not the machines. > A network administrator who installed and operated an unsecured AP on > my network would get the sack in short order. ... until the manager with a deadline to meet calls him up and says he's bringing in a trainer to do a boot camp on some new software, and he wants a war room set up with wifi running by tomorrow morning. The elegance and transparency of your job prospects will become quickly obvious to you if you spout any of that nonsense in an actual business with a schedule to meet and actual people in charge who only care if it works. And, since you choose to self-annoint yourself the expert, just which network is yours? Please, email me off-list and supply the details of your annual budget, the number of IT staff, the number of stations, and the number of nodes. (Starbucks and your mother's house don't count, sorry). You must have a lot of fun erecting endless rows of dominoes that fall over on your command. Have you won any records? Bill ------------------------------ From: charlie@cdsdetroit.com (charlie3) Subject: Re: Tap Into Neighbors' WiFi? Why Not, Some Say Date: 13 Jul 2004 20:01:10 -0700 Organization: http://groups.google.com I think that people who manage networks for businesses have to be more careful because they are accountable to bosses and problems can cost money. There are people who intentionally leave their connections open and share for free with others. I am not aware this is illegal. I have my own cable modem connection and two WIFI radios to cover my property. I keep them moderately secure but only because there is no way to manage bandwidth sharing in a way I'd be willing to do. I would not tolerate a neighbor replacing my connection with his own paid account but I'd have no problem helping a person with a reduced amount of bandwidth for a temporary need. If I had software that could do this I'd use it and share my connection in that limited way. There is an unprotected radio nearby that my computer constantly logs onto on it's own. If i could locate the guy I'd ask him to secure his radio just to avoid the annoyance it causes. If an internet connection is important you aren't going to want to rely on what a neighbor might do. If I'm traveling and need to download my email I'll grab it through the first wireless connection my radio finds. Fortunately free connections are proliferating in coffee shops, parks land libraries. I don't think this will hurt the sale of private accounts in the long run and might promote them. ------------------------------ From: Shane Breen Subject: Want to Sell: Cisco AS5300, AS5350, AS5400, AS54HPX, AS5850 Date: Mon, 12 Jul 2004 23:39:17 -0400 Organization: Doretel.communications, Inc. DORETEL Communications, Inc. has the following Cisco to sell: I will work with you on the prices so please let me know where you need to be at to send me a PO:) These units can be Registered and Smart-neted. We have these in stock and ready to ship with 90 day warranty! AS535-2E1-60-AC AS535-2T1-48-AC AS535-4E1-120-AC AS535-4E1-108-AC AS535-4T1-96-AC AS535-8E1-216-AC AS535-8T1-192-AC AS5400-8E1-210-AC AS5400-8E1-240-AC=20 AS5400-8T1-192-AC=20 AS5400-16T1-384-AC AS5400-16E1-480-AC AS5400-CT3-648-AC AS54HPX- 16T1-384-AC AS54HPX-16E1-480-AC AS54HPX-CT3-648-AC We have the following used gear: AS5300-96-VOIP-A AS5300-120-VOIP-A AS5850's we have them coming in let me know the config you need. The right services, the right products, the right price ... from the people you trust. Please visit our website at: www.doretel.com **For all your Cisco AS5300/AS5350AS5400/AS54HPX & AS5850 visit www.doretel.com** Shane Breen Doretel Communications, Inc. Director Of Sales & Marketing Office: 404.808.4022 Fax: 404.521.4639 sbreen@doretel.com AIM: shanebreen2003 www.doretel.com ------------------------------ From: T. Sean Weintz Subject: Re: Death Penalty Applies to Top Posters? Date: Tue, 13 Jul 2004 12:45:34 -0400 Organization: Posted via Supernews, http://www.supernews.com > [TELECOM Digest Editor's Note: A 'top poster' is someone who reprints > the entire message (to which he is replying) at the top then prints > his reply below that rather than putting his reply first and then > follows up with a few pertinent tidbits of the message being replied > to. Some people do not care for that posting procedure, having to > read the entire (original) message twice. Now, some people say it > is the other way around: The reply posted **on top** and then the > entire original message repeated below. Either way, a good rule of > thumb is **hold quoted text to a bare minimum.** I suggest keep at > least 50 percent or more of the text in your reply as your *original* > work and hold quoting to less than 50 percent, preferably 10 or 20 > percent if possible without losing the context, etc. PAT] Actually a top poster is one who puts his reply at the top of the post, and has the quoted text he is replying to below it. It's a no-no in the internet etiquette RFC. ------------------------------ Date: Tue, 13 Jul 2004 15:17:22 -0400 From: Monty Solomon Subject: Serious Flaws in Bluetooth Security Lead to Disclosure of Data http://www.thebunker.net/release-bluestumbler.htm Summary In November 2003, Adam Laurie of A.L. Digital Ltd. discovered that there are serious flaws in the authentication and/or data transfer mechanisms on some Bluetooth enabled devices. Specifically, three vulnerabilities have been found: Firstly, confidential data can be obtained, anonymously, and without the owner's knowledge or consent, from some Bluetooth enabled mobile phones. This data includes, at least, the entire phonebook and calendar, and the phone's IMEI. Secondly, it has been found that the complete memory contents of some mobile phones can be accessed by a previously trusted ("paired") device that has since been removed from the trusted list. This data includes not only the phonebook and calendar, but media files such as pictures and text messages. In essence, the entire device can be "backed up" to an attacker's own system. Thirdly, access can be gained to the AT command set of the device, giving full access to the higher level commands and channels, such as data, voice and messaging. This third vulnerability was identified by Martin Herfurt, and they have since started working together on finding additional possible exploits resulting from this vulnerability. Finally, the current trend for "Bluejacking" is promoting an environment which puts consumer devices at greater risk from the above attacks. http://www.thebunker.net/release-bluestumbler.htm ------------------------------ From: hancock4@bbs.cpcn.com (Lisa Hancock) Subject: Re: How Much Does Bill Gates Know About His Software These Days? Date: 13 Jul 2004 13:30:58 -0700 Organization: http://groups.google.com Wesrock@aol.com wrote > "BASIC was originally developed at Dartmouth College in 1964 and was > first used on big mainframe computers. At that time the main > programming language was FORTRAN, which was very complicated given the > fact engineers and scientists originally designed it for their use." I'm not sure I'd call FORTRAN "very complicated"; one didn't have to know all of it to do simple kinds of work. However, it was/is more complicated than BASIC. It should be noted that BASIC was developed as an interactive time-sharing language, in which users communicated to the computer with Teletype machines. FORTRAN was originally a batch language. It was much easier (and more fun) to enter and run a BASIC program on a Teletype than keypunching and submitting a batch FORTRAN job. However, if extensive printouts were required or if the program was long and complex, going batch was a better way to go. The work of most students, however, tended to be simple and adaptable to BASIC. When mini-computers and personal-computers came out, their manufacturers eventually included BASIC as a function; the IBM PC came with various versions of it. (I wonder if Windows 2000 even bothers to include QuickBASIC anymore; it certainly should for compatibility purposes.) Gates and Co. got involved at that point writing compilers/interpreters for PCs. Gates most certainly did not invent BASIC, although his later versions expanded beyond the 1970s timesharing versions; and of course his VisualBASIC went far beyond that. The PC versions had a big advantage over the Teletype: The screens were much faster and could do more things. Also, PCs had their own storage and was private as opposed to being on a shared mainframe. The biggest bonus was price. I remember when I first got a home PC, a 286, which cost less yet was faster than a Teletype. To run BASIC (included with MS-DOS) I didn't even need to be online and my printer was faster and of course I had the screen. I bought the QuickBASIC compiler and that made programs run fast. Later I bought the Professional BASIC compiler (which I never ended up using). I don't think commercial time sharing (such as General Electric's service) was that cheap. ------------------------------ From: nrackeertu@cliornuwta.mailexpire.com (N. Rakeertu) Subject: Getting out of Norvergence Contracts Date: 13 Jul 2004 18:47:50 -0700 Organization: http://groups.google.com It seems to me that the key here is the relationship between the leasing companies and Norvergence. If the leasing companies knew that Norvergence was wildly inflating the value of the equipment (and it seems likely that they did) then I believe a case could be made that the leasing companies took the assigned leases subject to the defenses that the customers had against Norvergence. The customers have plenty of defenses against Norvergence, and would therefore probably not have to pay anything on the leases. I think that at some point in the proceedings the leasing companies HAD TO KNOW that Norvergence was selling the customers a pig in a poke. I think that the leasing companies had knowledge that the customers were very dissatisfied, and that Norvergence was, in many if not most cases, not fulfilling its end of the bargain. Thus I think it's arguable that the leasing companies were complicit in the Norvergence scam. Another factoid of much interest: the leasing companies routinely sent out notices to the customers that the equipment had be be insured for the capitalized value of the equipment, which ranged from $20,000 to over $30,000 depending on the deal. Yet the leasing companies must have known that the true value of the equipment was in most cases less than $5,000. Thus I think it might be argued that the leasing companies were guilty of attempted insurance fraud by requiring greatly excess insurance on equipment that they knew (or should have known) wasn't worth anywhere near what they leased it for. What needs to happen here, in my view, is that the customers of the various leasing companies (CIT, Popular, OFC Capital, Partners Equity Capital, et al) need to band together and file class action lawsuits against them. The Internet is a perfect vehicle for bringing these various groups together. Someone should start a portal where customers of the various sites can meet up and band together to defend themselves. Once assembled into groups, the customers could seek declaratory relief that the leases are unenforceable, and that the leasing companies took the assignments from Norvergence SUBJECT TO any defenses that the customer had against Norvergence. I really think that faced with such lawsuits the leasing companies would back off. I don't think they want to get into discovery on this one. I suspect that discovery would show a lot more complicity on the part of the leasing companies in the Norvergence fiasco than they would like to have made public. N. Rackeertu [TELECOm Digest Editor's Note: Have I been saying essentially this same thing since the Norvergence flap first started or was I talking only to a rock somewhere? Everytime I print here a message of mine saying 'freeze all accounts payable to Norvergence' I get all sorts of replies saying my advice is bad and how all the Norvergence customers will get sued and their credit ruined if they take my self-help advice which is such a crock of baloney I feel like making myself a sandwich or two. I do concede it makes sense to hand over all your paperwork to your lawyer, put the matrix box away safely where the company can get it back it they want it back (also unlikely) then put your money away and get on with your life otherwise. That 'holder in due course' routine is such a laugh in this instance. That's what the loan companies claimed in the encyclopedia door-to-door sales scam many years ago also; so let's all hold our breath until we turn blue in the face while we wait for the leasing companies (i.e. 'bank') to quit their blustering and bullying and acting-out and get down to the business of suing everyone and ruining their credit. PAT] ------------------------------ From: VOIP News Date: Tue, 13 Jul 2004 22:36:12 -0400 Subject: Congressional Panel to Vote on Bill to Ban VoIP Taxes Reply-To: VoIPnews@yahoogroups.com http://zdnet.com.com/2100-1104-5268319.html By Declan McCullagh CNET News.com A U.S. Senate bill that would ban states from taxing and regulating Internet phone calls will face its first hurdle in a committee vote next week. Sen. John Sununu, R-N.H., said Tuesday that the Senate Commerce Committee has scheduled a vote on his voice over Internet Protocol (VoIP) bill on July 20 at 9:30 am. If approved by the committee, the bill -- which is moving forward at an unusually rapid pace -- would be sent to the full Senate for a floor vote that could take place this year. "It is a simple choice for members: vote to establish a clear legal regime based on technological innovation and consumer choice or vote in favor of multilayered regulation of VoIP that will let chaos reign," Sununu said in a statement. "Those who use e-mail and instant messaging should know, if members vote to regulate Internet applications such as VoIP, those technologies are next." Full story at: http://zdnet.com.com/2100-1104-5268319.html How to Distribute VoIP Throughout a Home: http://michigantelephone.mi.org/distribute.html If you live in Michigan, subscribe to the MI-Telecom group: http://groups.yahoo.com/group/MI-Telecom/ ------------------------------ From: charlie@cdsdetroit.com (charlie3) Subject: Re: Internet Phone Service For Every Home Not Far Off Date: 13 Jul 2004 21:12:24 -0700 Organization: http://groups.google.com I just put a 15' mast on the roof of my remote rural farmhouse to get a landbased wireless broad band internet service from a 300' tower about 20 miles away. The performance is the equal of any other broadband service I've used including the Comcast cable connection I've used in the city for the past six years. I got Vonage VOIP phone service recenty and I'm happy with it. The Vonage box travels with me to and from the city and farmhouse. I works great in both places. I will shortly drop the POTS phone services in both locations. I would not have the confidence to do this except that I have a cell phone that works well in both places. VIOP phone is not as rock solid as the old fashioned phone but I cheerfully accept that for the other benefits. BTW, if Vonage can't communicate with my Vonage box for any reason incoming calls are automatically routed to my cell phone. The most important feature of Vonage for me is its ability to simultaneously ring my home and cell phones and allow me to answer with either one. With this arrangement no one needs my cell phone number. I never use cell phone minutes in th city or the farmhouse. Simultaneous ring is set and forget, unlike call forwarding. With this arrangement I need a lot fewer cell phone minutes. The $30 per month that Vonage costs buys 600 Verizon cell phone minutes, not enough to replace the Vonage phone. I saved enough money by dropping the farmhouse phone and the dialup service, I maintained for use at the farm, to pay for the wireless broad band connection. Dropping the city POTS phone saves enough to pay for the VONAGE VOIP phone and part of the cell phone. I have unlimited U.S. calling on the cell phone nights and weekends and 24/7 unlimited minutes on Vonage. I intend to stop paying for POTS service as soon as possible. Millions more people will do the same. If this happens as fast as it might there will be some spectacular telephone company failures. [TELECOM Digest Editor's Note: And that would really break your heart, wouldn't it. I know I could not split from Southwestern Bell fast enough, and I would not have a landline phone at all these days (opting to use a cell phone and Vonage) if it were not that I like and am personally aquainted with the owner of our local telco, Prairie Stream, and like his personal service, so I keep my landline phone for that reason only. PAT] ------------------------------ TELECOM Digest is an electronic journal devoted mostly but not exclusively to telecommunications topics. It is circulated anywhere there is email, in addition to various telecom forums on a variety of networks such as Compuserve and America On Line, Yahoo Groups, and other forums. It is also gatewayed to Usenet where it appears as the moderated newsgroup 'comp.dcom.telecom'. TELECOM Digest is a not-for-profit, mostly non-commercial educational service offered to the Internet by Patrick Townson. All the contents of the Digest are compilation-copyrighted. You may reprint articles in some other media on an occasional basis, but please attribute my work and that of the original author. Contact information: Patrick Townson/TELECOM Digest Post Office Box 50 Independence, KS 67301 Phone: 620-402-0134 Fax 1: 775-255-9970 Fax 2: 530-309-7234 Fax 3: 208-692-5145 Email: editor@telecom-digest.org Subscribe: telecom-subscribe@telecom-digest.org Unsubscribe:telecom-unsubscribe@telecom-digest.org This Digest is the oldest continuing e-journal about telecomm- unications on the Internet, having been founded in August, 1981 and published continuously since then. Our archives are available for your review/research. We believe we are the oldest e-zine/mailing list on the internet in any category! URL information: http://telecom-digest.org Anonymous FTP: mirror.lcs.mit.edu/telecom-archives/archives/ (or use our mirror site: ftp.epix.net/pub/telecom-archives) Email <==> FTP: telecom-archives@telecom-digest.org Send a simple, one line note to that automated address for a help file on how to use the automatic retrieval system for archives files. You can get desired files in email. ************************************************************************* * TELECOM Digest is partially funded by a grant from * * Judith Oppenheimer, President of ICB Inc. and purveyor of accurate * * 800 & Dot Com News, Intelligence, Analysis, and Consulting. * * http://ICBTollFree.com, http://1800TheExpert.com * * Views expressed herein should not be construed as representing * * views of Judith Oppenheimer or ICB Inc. * ************************************************************************* ICB Toll Free News. Contact information is not sold, rented or leased. One click a day feeds a person a meal. Go to http://www.thehungersite.com Copyright 2004 ICB, Inc. and TELECOM Digest. All rights reserved. Our attorney is Bill Levant, of Blue Bell, PA. ************************ DIRECTORY ASSISTANCE JUST 65 CENTS ONE OR TWO INQUIRIES CHARGED TO YOUR CREDIT CARD! REAL TIME, UP TO DATE! SPONSORED BY TELECOM DIGEST AND EASY411.COM SIGN UP AT http://www.easy411.com/telecomdigest ! ************************ --------------------------------------------------------------- Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of fifty dollars per year per reader is considered appropriate. See our address above. Please make at least a single donation to cover the cost of processing your name to the mailing list. If you donate at least fifty dollars per year we will send you our two-CD set of the entire Telecom Archives; this is every word published in this Digest since our beginning in 1981. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization. End of TELECOM Digest V23 #331 ******************************