From editor@telecom-digest.org Thu Mar 25 20:43:15 2004 Received: (from ptownson@localhost) by massis.lcs.mit.edu (8.11.6p2/8.11.3) id i2Q1hEj00941; Thu, 25 Mar 2004 20:43:15 -0500 (EST) Date: Thu, 25 Mar 2004 20:43:15 -0500 (EST) From: editor@telecom-digest.org Message-Id: <200403260143.i2Q1hEj00941@massis.lcs.mit.edu> X-Authentication-Warning: massis.lcs.mit.edu: ptownson set sender to editor@telecom-digest.org using -f To: ptownson Approved: patsnewlist Subject: TELECOM Digest V23 #141 TELECOM Digest Thu, 25 Mar 2004 20:43:00 EST Volume 23 : Issue 141 Inside This Issue: Editor: Patrick A. Townson Book Review: "Best Practices in Internet Commerce Security" (Rob Slade) Netsky.P and iframe src cid Variant (Rob Slade) VoIP Sends a Warning Signal (VOIP News) Experimenting With Cell Phones (Eric Friedebach) Comcast Agrees to Purchase TechTV (Monty Solomon) Help Needed in Finding a Creed Telex Machine (iop890 _25) Help Needed: Finding Replacement Parts for Telecom Cabinet (B. Haskin) Headset mp3 Player Comes Out with a Very Good Price! (Emma) Re: 110 V Cord and USB Connectors (Michael D. Sullivan) Last Laugh! Re:Correcting 411/555-1212 Info Unlisted Service (Cryderman) All contents here are copyrighted by Patrick Townson and the individual writers/correspondents. Articles may be used in other journals or newsgroups, provided the writer's name and the Digest are included in the fair use quote. By using -any name or email address- included herein for -any- reason other than responding to an article herein, you agree to pay a hundred dollars to the recipients of the email. =========================== Addresses herein are not to be added to any mailing list, nor to be sold or given away without explicit written consent. Chain letters, viruses, porn, spam, and miscellaneous junk are definitely unwelcome. We must fight spam for the same reason we fight crime: not because we are naive enough to believe that we will ever stamp it out, but because we do not want the kind of world that results when no one stands against crime. Geoffrey Welsh =========================== See the bottom of this issue for subscription and archive details and the name of our lawyer; other stuff of interest. ---------------------------------------------------------------------- From: Rob Slade Organization: Vancouver Institute for Research into User Date: Thu, 25 Mar 2004 08:41:56 -0800 Subject: Book Review: "Best Practices in Internet Commerce Security" BKBPIICS.RVW 20031205 "Best Practices in Internet Commerce Security", Charles Cresson Wood, 2001, 1881585050, U$295.00 %A Charles Cresson Wood %C 1800-1233 West Loop South, Houston Texas 77027 %D 2001 %G 1881585050 %I PentaSafe %O U$295.00 800-829-9955 infopolicy@pentasafe.com www.pentasafe.com %O http://www.amazon.com/exec/obidos/ASIN/1881585050/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1881585050/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1881585050/robsladesin03-20 %P 92 p. %T "Best Practices in Internet Commerce Security" The management summary (also known as chapter one) states that this book outlines the major controls necessary to perform business functions over the Internet. Chapter two, titularly asking "what's new about Internet commerce," simply lists potential problems. The heart of the book is chapter three, a listing of 240 suggestions most of which are in the form of "this practice prevents that risk." Not all are either terribly clear or useful, such as the statement that "payment protocol with integrated digital certificates prevents fraud," which adequately describes making a purchase using a credit card over an SSL (Secure Sockets Layer) link to a Website, a practice that would prevent neither merchant fraud, nor fraud involving stolen credit cards. (I assume that the author was thinking of the SET [Secure Electronic Transactions] protocol, but the wording is not specific.) The bulk of the recommendations are reasonable in terms of improving security, but the explanations are extremely limited. As a quick once over lightly introduction to the requirements for online commerce the book may have its uses, albeit in a very restricted compass. copyright Robert M. Slade, 2003 BKBPIICS.RVW 20031205 ====================== (quote inserted randomly by Pegasus Mailer) rslade@vcn.bc.ca slade@victoria.tc.ca rslade@sun.soci.niu.edu To make no mistake is not in the power of man; but from their errors and mistakes the wise and good learn wisdom for the future - Plutarch http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade ------------------------------ From: Rob Slade Organization: Vancouver Institute for Research into User Date: Thu, 25 Mar 2004 12:31:27 -0800 Subject: Netsky.P and Iframe src=cid Variant I assume that everyone is, by now, well aware of the Bagle.Q virus that used an interesting trick to spread a virus via email without an attachment. Netsky, in its latest incarnation, appears to reverse that in an intriguing twist. I have noted, in the past few days, the sudden spurt of Netsky.P messages, and, simultaneously, queries about messages containing the string "iframe src=??cid:" in the body. (In the samples I've got the ?? has been 3D, but I don't know if this is the same in all cases.) In the Netsky.P infected messages as they are described in the virus encyclopedias (I have checked F-Secure and Sophos in detail), the message carries a standard attachment, in the normal MIME format as: Content-Type: application/octet-stream; name="photo.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="photo.zip" There are a few twists on this: occasionally the filename has the username in it, such as document_rslade.zip. In some cases the filename a multiple extensions and a large number of spaces, such as: document.txt .exe which is a fairly obvious attempt to convince people that the attachment is a harmless text file. (Netsky, like most other recent email viruses, uses a wide variety of subject lines and message bodies, and spoofs the "from" line using addresses harvested from the infected machine.) From samples I have extracted of the "cid" postings, these messages are a version of Netsky.P: the executable file is the same size (29,568 bytes) and a quick look at the internal contents seems to be the same. F-Prot DOS with signatures as of 20040321 identifies it as Netsky.P. The important part of the internal structure of the message follows the general form: bgColor=3D#ffffff If the message will not displayed automatically,
follow the link to read the delivered message.

Received message is available at:
www.sprint.ca/inbox/rslade/read.php?sessionid-1165
 
Content-Type: audio/x-wav; name="message.scr" Content-Transfer-Encoding: base64 Content-ID:<031401Mfdab4$3f3dL780$73387018@57W81fa70Re> Note that, in a reverse of the Bagle.Q trick, the URL does not actually point to an external website, but to a subsequent part of the same message. (In all the samples I have received the filename used is message.scr.) The structure of the message appears to use two different known vulnerabilities in Outlook. (Given the numbers of Netsky.P that I am receiving, it is rather depressing to note that vulnerabilities that were known, in general terms, as far back as 1997, and specifically patched as early as 2001, are still effective. People, if you must use MS products, please keep them patched!) Because of the use of the iframe vulnerability, users of mailers other than Outlook may see the message appear in various ways. In Pegasus (which I use) the message has no body, but does have a normal attachment. (In most viruses that use iframe to directly invoke the attachment, Pegasus doesn't show any attachment.) I note that neither the Sophos nor the F-Secure encyclopedias mention this version of the message. The Trend advisory does mention the iframe vulnerability (without giving details) but not the second, and also does not mention the non-iframe version of the messages. (Having two radically different forms of messages appears to be similar to Swen.A and Swen.B, both of which produce two different types of messages, each of which is somewhat polymorphic within the version.) ====================== (quote inserted randomly by Pegasus Mailer) rslade@vcn.bc.ca slade@victoria.tc.ca rslade@sun.soci.niu.edu The magnificent and the ridiculous are so close that they touch. - Le Bovier de Fontenelle http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade ------------------------------ From: VOIP News Date: Thu, 25 Mar 2004 17:39:39 -0500 Subject: VoIP Sends a Warning Signal (VOIP News) Reply-To: VoIPnews@yahoogroups.com Note: This opinion piece was written by a senior fellow and director of communications policy studies at the Progress & Freedom Foundation, which is a libertarian think tank. You have to be careful of these folks because they believe that free markets can solve almost any problem, which totally ignores the fact that companies can and do attempt to achieve monopolies (or at least, to limit competition) so they can jack up prices to consumers and do other Bad Things. Arguing their basic philosophies is beyond the scope of this list, and some of their ideas are good ones despite their underlying beliefs, but when opinion pieces are published it's always instructive to know about any biases that the writer might have. http://zdnet.com.com/2100-1107_2-5179376.html VoIP sends a warning signal By Randolph J. May Special to ZDNet COMMENTARY--In his classic 1942 work, "Capitalism, Socialism and Democracy," economist Joseph Schumpeter described capitalism as a "process of industrial mutation ... that incessantly revolutionizes the economic structure from within, incessantly destroying the old one, incessantly creating a new one." He famously called this relentless process Creative Destruction -- and it is an essential characteristic of free markets. Services and applications using voice over Internet Protocol capabilities, commonly called VoIP or Internet telephony, are gaining momentum, as cable operators, wireline telephone companies and wireless providers install Internet Protocol throughout their broadband networks. What's also clear is that VoIP's accelerating proliferation will push existing regulatory paradigms to the breaking point -- sooner rather than later. In other words, all of the brouhaha about VoIP is a blast from Schumpeter's trumpet, warning that old regulatory regimes are about to be destroyed. Far better that policymakers act with dispatch to construct new approaches attuned to present-day realities. Here are four suggestions for creatively replacing old ideas with new ones: Full commentary at: http://zdnet.com.com/2100-1107_2-5179376.html How to Distribute VoIP Throughout a Home: http://michigantelephone.mi.org/distribute.html If you live in Michigan, subscribe to the MI-Telecom group: http://groups.yahoo.com/group/MI-Telecom/ ------------------------------ From: friedebach@yahoo.com (Eric Friedebach) Subject: Experimenting With Cell Phones Date: 25 Mar 2004 10:28:42 -0800 Organization: http://groups.google.com Aude Lagorce, 03.24.04, Forbes.com NEW YORK - In ten years, your cell phone, wirelessly connected to a calorie intake monitor on your wrist, will automatically detect if you're hungry, order your favorite food and have it delivered to your exact location. The process will generate billions of dollars in additional revenue for telecom operators. Sound outlandish? It shouldn't. In fact, the technology required to make the described sequence of events possible already exists; it simply hasn't been fully integrated and marketed yet. Before it is, handset makers and cell phone carriers are trying to gauge consumers' interest in the new features. The flow of announcements made at the Cellular Telecommunications and Internet Association (CTIA) trade show this week confirmed that the race to get multimedia equipped handsets on the market is heating up. Siemens announced three new upscale models with high-resolution screens and enough memory for users to download games, movie trailers and other applications. On the CX66, menu navigation is achieved by means of a joy stick. Networks are adapting too: At the beginning of the week Samsung and UTStarcom showed off a new technology called 1xEV-DV, which could, among other things, allow DVD and movie preview downloads. http://www.forbes.com/personaltech/2004/03/24/cx_al_0324cellphones.html Eric Friedebach /Tonight's Skywarn training cancelled due to... weather?/ ------------------------------ Date: Thu, 25 Mar 2004 18:36:14 -0500 From: Monty Solomon Subject: Comcast Agrees to Purchase TechTV PHILADELPHIA, March 25 /PRNewswire/ -- Comcast Corporation (Nasdaq: CMCSA, CMCSK) announced today that it has signed an agreement with Vulcan Programming Inc. to acquire TechTV, Inc. Upon closing, Comcast will merge TechTV with G4, the Comcast-owned television network devoted to video games and the gamer lifestyle. Building on the complementary strengths of two niche programming networks that combine the worlds of technology and entertainment, the acquisition of TechTV would create a network that complements Comcast's growing content portfolio and expands G4's distribution. The combined channel would be available to 44 million cable and satellite customers nationwide. Charles Hirschhorn, founder and CEO of G4, will be the CEO of the combined network. "This merger is a win for G4; a win for TechTV; and a win for our advertising and affiliate partners," said Hirschhorn. "The result will be one compelling TV channel that showcases the fun and entertaining side of games and technology with the distribution necessary to achieve broad appeal." EchoStar Communications Corporation (Nasdaq: DISH) will have an equity interest in the combined entity and has agreed to make the channel available to its DISH Network customers who subscribe to its mid-level America's Top 120 programming package or greater. - http://finance.lycos.com/home/news/story.asp?story=40930681 ------------------------------ From: iop890 _25 Subject: Help in Finding a Creed Telex Machine Date: Thu, 25 Mar 2004 15:56:13 +0000 Dear Sir/Madam, I got your name from and Internet site, I am desperately trying to find a High Speed-Creed Telex Machine. These were supplied by the General Post office in the late 50's 60's. Do you know of any where I could try or do you know any on that could have one?? I am opening a Museum and this would be on show there. Please let me know if you could be of any help? Thanks, Sammy ------------------------------ From: lightforce3@hotmail.com (B. Haskin) Subject: Need Help: Finding Replacement Parts for Telecom Rackmount Cabinet Date: 25 Mar 2004 06:42:41 -0800 Organization: http://groups.google.com I'm a member of the Linux Users Group at the university I attend. We were recently given an old, large rackmount cabinet with removable sides for our new server. I am looking for information on (or a source for) the clips/pins/connectors (I'm not exactly sure what they are) that are used to attach the sides to the cabinet at the bottom. These parts are missing, and I doubt that we will be able to get them from the donator. There is a receptacle on the cabinet itself that is rectangular with two flat, recessed prongs that pull apart. There is a small rectangular hole in the removable side panel that lines up with each receptacle on the cabinet. I imagine there must be something that connects the two, but I have no idea what it's called or where to find it. There are no distinguishing marks on the cabinet (like model numbers, etc) except for "EIS International, Inc." on the power supply. After some Googling, I found that EIS (who makes call center equipment) is now a part of SER. I've contacted SER via phone and email, but have not received any reply. If anybody has information on how exactly the sides attach, what hardware (as in connectors/clips/pins/whatever) I need, and/or where I can get it, please submit it here. Thanks very much! ~~LightForce ------------------------------ From: Emma Subject: Headset mp3 Player Comes Out With a Very Good Price! Reply-To: frankhe1978@163.com Date: Fri, 26 Mar 2004 02:11:34 +0800 [TELECOM Digest Editor's Note: Is this spam or not? I am sort of suspicious of it, but got to thinking maybe it will be useful for some readers. PAT] Dear friends, Good day! Just a short message from HY Technology Co, Ltd. We just updated our Mp3 players with internal FM radio function to support 8 languages, English, Chinese, French, Italian, German, Spanish, Czech, Swede. From now on, our BX1002Na, BX1002Nd and BXKing can come with internal FM radio function and support 8 languages also. The price is only 50 USD for 128M and 68 USD for 256M. By the way, did you get our introduction about our latest Mp3 player -- Butterfly, the headset Mp3 player? The Mp3 IC and pc board are already installed in headphone. You can enjoy music completely free now, without any wire around you! The price is only 54 USD for 128M and 75 USD for 256M. We have 20 kings of mp3 players to satisfy your demand. And the smallest mp3 player in the world -- BXDIOMAND! If you need catalogue and price list, please kindly tell us and we will send them to you. Looking forward to any comment from you. Have a nice day! Emma HY Technology (Hong Kong) Company Ltd. ------------------------------ From: Michael D. Sullivan Subject: Re: 110 V Cord and USB Cable Standards? Date: Fri, 26 Mar 2004 00:49:50 GMT In article , siegman@stanford.edu says... > 1) The USB cable that comes with the camera has the standard USB > connector on the computer end and a "mini" USB device connector > (similar to but smaller than the standard computer device connectors > that I'm used to) on the other end. > Is this "mini-USB" connector also a general USB standard, used for > physically small devices? There are Type A and Type B standard USB connectors. The wide ones are Type A, the mini ones are Type B. Type B are typically used on cameras, scanners, etc. Bethesda, MD, USA Delete nospam from my address and it won't work. Michael D. Sullivan ------------------------------ From: Charles Cryderman Subject: Last Laugh! Re: Correcting 411/555-1212 Info; Unlisted Service Date: Thu, 25 Mar 2004 10:38:02 -0500 Our esteemed moderator told us a wonderful story about the old manual days off calling across country. This reminded me of an old joke back in my Army communications days. It seems a Army communications tech lost his clearance and was sent to Artillery school. One day at the range every battery was hitting the target but one. When they asked this old communications tech what the problem was with hitting the target his response was "I don't know, they are leaving here 5 by 5. [TELECOM Digest Editor's Note: Not a bad story, Charles. An idea just occurred to me also which may help our original correspondent. Every- time he is around a phone, and does not mind spending the two bucks for a directory inquiry, or whatever they charge these days, use a small tape recorder to tape a call of himself asking the operator for his number. Be sure to have the tape running from the very second the DA connection is established, so you can get on tape the answering phrase which may be something like this: "Taco Bell Directory, May I Help You" (or whatever). In the event one of them blurts out your number, its good to catch not only the recitation on tape, but also the identification of the company/call center that has it. No need to get into a discussion of the matter; the operator, nor her supervisor nor anyone else at that level can (or will) do anything about it. But now you have the 'ammunition' you need when you go back to *your* telco to inquire about the matter. Be sure the tape hears you asking for the number of John Q. Citizen, some address, city, state. Also, anytime you are around a computer, try the various web lookup services. You cannot *prove* that telco was at fault, and in fact the directories on the web are woefully out of date many times, but you might be able to figure out who the 'operator' was who gave out your number to start with. PAT] ------------------------------ TELECOM Digest is an electronic journal devoted mostly but not exclusively to telecommunications topics. It is circulated anywhere there is email, in addition to various telecom forums on a variety of networks such as Compuserve and America On Line, Yahoo Groups, and other forums. It is also gatewayed to Usenet where it appears as the moderated newsgroup 'comp.dcom.telecom'. TELECOM Digest is a not-for-profit, mostly non-commercial educational service offered to the Internet by Patrick Townson. All the contents of the Digest are compilation-copyrighted. You may reprint articles in some other media on an occasional basis, but please attribute my work and that of the original author. Contact information: Patrick Townson/TELECOM Digest Post Office Box 50 Independence, KS 67301 Phone: 620-402-0134 Fax 1: 775-255-9970 Fax 2: 530-309-7234 Fax 3: 208-692-5145 Email: editor@telecom-digest.org Subscribe: telecom-subscribe@telecom-digest.org Unsubscribe:telecom-unsubscribe@telecom-digest.org This Digest is the oldest continuing e-journal about telecomm- unications on the Internet, having been founded in August, 1981 and published continuously since then. Our archives are available for your review/research. We believe we are the oldest e-zine/mailing list on the internet in any category! URL information: http://telecom-digest.org Anonymous FTP: mirror.lcs.mit.edu/telecom-archives/archives/ (or use our mirror site: ftp.epix.net/pub/telecom-archives) Email <==> FTP: telecom-archives@telecom-digest.org Send a simple, one line note to that automated address for a help file on how to use the automatic retrieval system for archives files. You can get desired files in email. ************************************************************************* * TELECOM Digest is partially funded by a grant from * * Judith Oppenheimer, President of ICB Inc. and purveyor of accurate * * 800 & Dot Com News, Intelligence, Analysis, and Consulting. * * http://ICBTollFree.com, http://1800TheExpert.com * * Views expressed herein should not be construed as representing * * views of Judith Oppenheimer or ICB Inc. * ************************************************************************* ICB Toll Free News. Contact information is not sold, rented or leased. One click a day feeds a person a meal. Go to http://www.thehungersite.com Copyright 2004 ICB, Inc. and TELECOM Digest. All rights reserved. Our attorney is Bill Levant, of Blue Bell, PA. --------------------------------------------------------------- Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of fifty dollars per year per reader is considered appropriate. See our address above. Please make at least a single donation to cover the cost of processing your name to the mailing list. If you donate at least fifty dollars per year we will send you our two-CD set of the entire Telecom Archives; this is every word published in this Digest since our beginning in 1981. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization. End of TELECOM Digest V23 #141 ******************************