----------------------------------------------------------------------
Message-ID: <20170917095421.40087.qmail@ary.lan>
Date: 17 Sep 2017 09:54:21 -0000
From: "John Levine" <johnl@iecc.com>
Subject: Re: Verizon's nixing some cell service in rural Montana has
locals scared about emergencies
In article <20170917200317.GA31675@telecom.csail.mit.edu> you write:
>By Kristen Inbody, Great Falls (Mont.) Tribune
>
>Some rural Montana residents are learning they'll soon be without cell
>phone service after Verizon Wireless quietly informed them they're
>dropping them.
>
>At issues are accounts that use too much data outside the network.
>
>
https://www.usatoday.com/story/tech/2017/09/17/verizons-nixing-some-cell-service-rural-montana-has-locals-scared-emergencies/674986001/
A little digging finds a great deal of complexity here. The Verizon
customers are using an obscure rural plan that roams on other
carriers' towers, and the subsidy that VZ gets from the plan is way
less than they're paying the other carriers.
The obvious solution would be to sign up with the actual local
providers that operate the local towers, but some reports say that the
local providers aren't taking new customes. One of them is
Mid-Rivers, whose website sure looks like they offer cell service to
new customers.
R's,
John
------------------------------
Message-ID: <98D3B579-DEC3-4D13-9743-D9084434B169@roscom.com>
Date: Sun, 17 Sep 2017 19:52:27 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Android Toast Overlay Attack: "Cloak and Dagger" with No
Permissions
Android Toast Overlay Attack: "Cloak and Dagger" with No Permissions
Palo Alto Networks Unit 42 researchers have uncovered a high severity
vulnerability in the Android overlay system, which allows a new
Android overlay attack by using the "Toast type" overlay. All Android
devices with OS version < 8.0 are affected by this vulnerability and
patches are available as part of the September 2017 Android Security
Bulletin. Android 8.0 was just released and is unaffected by this
vulnerability. Because Android 8.0 is recent, this vulnerability
affects nearly all Android devices currently in the market and users
should apply updates as soon as possible.
Overlay attacks permit an attacker to draw on top of other windows and
apps running on the affected device. To launch such an attack, malware
normally needs to request the "draw on top" permission. However, this
newly discovered overlay attack does not require any specific
permissions or conditions to be effective. Malware launching this
attack does not need to possess the overlay permission or to be
installed from Google Play. With this new overlay attack, malware can
entice users to enable the Android Accessibility Service and grant the
Device Administrator privilege or perform other dangerous actions. If
these privileges are granted, a number of powerful attacks can be
launched on the device, including stealing credentials, installing
apps silently, and locking the device for the ransom.
https://researchcenter.paloaltonetworks.com/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/
------------------------------
Message-ID: <36vvrcl03tteuna4e44h214e4u6g75vsf8@4ax.com>
Date: Mon, 18 Sep 2017 13:06:31 -0400
From: Pete Cresswell <PeteCress@invalid.telecom-digest.org>
Subject: Re: RoboCaller now Showing Legitimate Numbers in CallerID
Per Arnie Goetchius:
>Starting about two weeks ago, some of the robo calls I receive are
>showing real, working numbers. As a routine matter, I submit these
>calls to nomorobo.com and they block any further calls from that
>number for people who have subscribed to nomorobo. Unfortunately,
>those working legitimate numbers are now blocked for anybody
>subscribing to nomorobo.
>
>I'm not sure of the significance of this new practice by the scammers.
I have been seeing this for quite a few months - chiefly on robocalls to
my cell phone.
Seems like a logical and inevitable progression towards all of us
needing some sort of challenge/response or, like the Euro systems,
charging the caller instead of the call-ee.
--
Pete Cresswell
------------------------------
*********************************************
End of telecom Digest Tue, 19 Sep 2017