|
|
Message Digest
Volume 28 : Issue 262 : "text" Format
Messages in this Issue:
UMass Amherst: Computer Intrusion
Re: What could/would cause a SIM card to belly-up?
Re: What could/would cause a SIM card to belly-up?
Re: What could/would cause a SIM card to belly-up?
Re: What could/would cause a SIM card to belly-up?
Re: What could/would cause a SIM card to belly-up?
New Cookie Technologies: Harder to See and Remove, Widely Used to Track You
Re: What if People Don't Take the Bait to Go Paperless?
Re: What if People Don't Take the Bait to Go Paperless?
Re: What could/would cause a SIM card to belly-up?
====== 28 years of TELECOM Digest -- Founded August 21, 1981 ======
Telecom and VOIP (Voice over Internet Protocol) Digest for the
Internet. All contents here are copyrighted by Patrick Townson and
the individual writers/correspondents. Articles may be used in other
journals or newsgroups, provided the writer's name and the Digest are
included in the fair use quote. By using -any name or email address-
included herein for -any- reason other than responding to an article
herein, you agree to pay a hundred dollars to the recipients of the
email.
===========================
Addresses herein are not to be added to any mailing list, nor to be
sold or given away without explicit written consent. Chain letters,
viruses, porn, spam, and miscellaneous junk are definitely unwelcome.
We must fight spam for the same reason we fight crime: not because we
are naive enough to believe that we will ever stamp it out, but because
we do not want the kind of world that results when no one stands
against crime. Geoffrey Welsh
===========================
See the bottom of this issue for subscription and archive details
and the name of our lawyer, and other stuff of interest.
Date: Tue, 22 Sep 2009 00:13:07 -0400
From: Monty Solomon <monty@roscom.com>
To: redacted@invalid.telecom.csail.mit.edu
Subject: UMass Amherst: Computer Intrusion
Message-ID: <p062408a9c6ddfed0bb1e@[10.0.1.3]>
Computer Intrusion
August 5, 2009
UMass Amherst Reports Attack by Computer Hackers on Server; No
Evidence of Loss of Personal Information
AMHERST, Mass. - The University of Massachusetts Amherst has suffered
an illegal intrusion into its computing network, but there is no
evidence of theft of personal information. In the incident, hackers
gained access to a departmental server that contained individuals'
Social Security numbers and a very limited amount of credit card
information, but there is no evidence that the hackers targeted this
particular information nor that they removed large amounts of data
from the server.
A detailed analysis by an independent computer forensics company also
concluded that the intruders' attack was not specifically designed to
look for personally identifiable information, John Dubach, chief
information officer, said. He also said records do not show large
amounts of data being extracted from the server, but that the
potential for a loss of data did exist for a short period of time.
Therefore, based on Massachusetts General Law, Chapter 93H, the
university has proceeded to notify the state attorney general and the
public. The server contained names and Social Security numbers of
students who attended the university between 1982 and 2002 as well as
a few others attending before 1982.
...
http://www.umass.edu/computerintrusion/
Computer Intrusion
NOTIFICATION OF SECURITY BREACH PURSUANT TO MASSACHUSETTS GENERAL
LAWS CHAPTER 93H
http://www.umass.edu/computerintrusion/legal.html
Date: Mon, 21 Sep 2009 21:36:50 -0700
From: Thad Floryan <thad@thadlabs.com>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: What could/would cause a SIM card to belly-up?
Message-ID: <4AB85462.1000605@thadlabs.com>
On 9/21/2009 12:10 PM, Doug McIntyre wrote:
> Thad Floryan <thad@thadlabs.com> writes:
>> Some numbers are, in fact, stored in the phone along with a bunch of
>> other things, but most numbers were on the SIM.
>
> The SIM can only store a small set of numbers, compared to the size of
> most phone's Addressbooks. It can also only store a few items of info.
> While the SIM's phonebook entries are nice to carry over a few
> entries, most people have alot more info and way more entries than can
> be stored on the SIM card now. All the addressbook numbers that
> carried over for you were stored in your phone's memory..
About 15 numbers survived because they were in the phone's memory.
After some arduous Googling, I discovered the RAZR V3 can have 1000
entries in its Addressbook, but nothing as to how many can be in the
phone and how many on the SIM. Neither the hardcopy manual, five
different PDF manual versions, nor the official Motorola Repair Manual
for the RAZR V3 give any more info in this regard. The "Installing
the SIM Card" says only "Your Subscriber Identity Module (SIM) card
contains your phone number, service details, and address book and
message memory." That's it.
Nowhere in the manuals is it even shown that one can choose to store
address book entries in the phone or on the SIM, and the V3 software
itself defaults to storing addressbook entries on the SIM though one
can select "SIM" or "Phone" when saving new or edited entries. And
there's a capability to move them between the SIM and the phone.
Basically, all Motorola documentation about the SIM is poor and lacking,
and there's nothing better on the AT&T website(s). Moto documentation
is even worse than the Motorola "Mobile Phone Tools" which claims to
sync between a PC and the phone in a very non-obvious way last time I
tried it a few years ago.
> [...]
> This is where things aren't going to work for you. The SIM card is not
> static storage. It has a processor on it with a crypto engine, as well
> as some storage.
Some info I found elsewhere claims the processor's duties include
separating areas of the SIM for different purposes, and crypto.
> You can read the information off of it, but you can't duplicate it,
> nor create a copy of it. It sounds like you want to create yourself a
> backup plan in order to restore data, but going to the store is your
> only way to get a working SIM again.
>
> All the contact list info is really stored in your phone memory instead.
New entries STILL go to the SIM by default. I have to manually change
the destination each and every time; this is a very poor design, though
I can understand why some people may want the address book on the SIM
if they're moving the SIM around to other phones (which, apparently, a
lot of people do: one phone for work, one phone for evening, one phone
for the car, etc.).
>> User reports of many/most SIM card readers are horrible from what
>> I've seen so far, and those whose specs seem good are located in the
>> far east (per a whois) and don't sell over the web as far as I can
>> tell from their webpages.
>
>> Does anyone here have a recommendation for a SIM card reader?
>
> http://www.adafruit.com/index.php?main_page=product_info&cPath=27&products_id=101&zenid=d22be06f9b529959582bef135603ddde
>
> Although you'd have to do some soldering on the kit there.
OUTSTANDING! That one looks great, kit and parts are USA-made, and
the software is for Linux, Mac and Windows. I will order it right after
sending this message. RS-232 serial is not a problem for me. :-)
I've built 100s of Heathkits and many things of my own design; you
might get a kick out of seeing this: http://thadlabs.com/Illuminator/ .
Thank you VERY much for the reference to that kit!
Date: 22 Sep 2009 21:01:27 -0000
From: John Levine <johnl@iecc.com>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: What could/would cause a SIM card to belly-up?
Message-ID: <20090922210127.56196.qmail@simone.iecc.com>
>After some arduous Googling, I discovered the RAZR V3 can have 1000
>entries in its Addressbook, but nothing as to how many can be in the
>phone and how many on the SIM.
That's the size of the phone's memory. The SIM's memory is what
ever size it is. Newer SIMs have more memory than old ones.
>address book entries in the phone or on the SIM, and the V3 software
>itself defaults to storing addressbook entries on the SIM though one
>can select "SIM" or "Phone" when saving new or edited entries. And
>there's a capability to move them between the SIM and the phone.
That's odd. I've had lots of moto phones and they all stored stuff
to the phone. There's invariably a menu option to copy the phone
address book to the SIM and vice versa.
R's,
John
Date: Tue, 22 Sep 2009 03:27:40 -0700
From: Thad Floryan <thad@thadlabs.com>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: What could/would cause a SIM card to belly-up?
Message-ID: <4AB8A69C.1090101@thadlabs.com>
On 9/21/2009 12:10 PM, Doug McIntyre wrote:
> Thad Floryan <thad@thadlabs.com> writes:
>> Some numbers are, in fact, stored in the phone along with a bunch of
>> other things, but most numbers were on the SIM.
> [...]
> You can read the information off of it, but you can't duplicate it,
> nor create a copy of it. It sounds like you want to create yourself a
> backup plan in order to restore data, but going to the store is your
> only way to get a working SIM again.
> [...]
> ***** Moderator's Note *****
>
> Please tell us how the encryption engine prevents duplicating the SIM. TIA.
>
> Bill Horne
> Moderator
I'm not sure Doug will see or saw your moderator's note, so ...
One thing I learned is the SIM's onboard CPU controls who/what has access
to certain portions of the memory. Some carrier info can only be entered
once and never changed. An addressbook can be read and written. Etc.
One good site I found is this one:
http://www.billingworld.com/articles/archives/-Smart-Tactics-for-Smothering-Fraud.html
Some other good info is here:
http://www.gsm-security.net/faq/subscriber-identity-module-sim.shtml
FWIW, the SIM only has 6 contacts so the I/O is serial. The contacts
are CLK, RST (Reset?), Vcc, I/O, Vpp, and GND. I should be able to
provide more info when I receive the kit that Doug mentioned and "play"
with the software which is all FOSS. The kit's user manual is here:
http://www.ladyada.net/make/simreader/use.html#soft
Source code:
http://www.ladyada.net/media/simreader/pySimReader-Serial-src-v2.zip
requires: http://www.wxpython.org/
and: http://pyserial.sourceforge.net/
SIM Reader schematic in PNG:
http://www.ladyada.net/make/simreader/simreaderv1_0.png
Date: Tue, 22 Sep 2009 04:01:45 -0700
From: Thad Floryan <thad@thadlabs.com>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: What could/would cause a SIM card to belly-up?
Message-ID: <4AB8AE99.5090403@thadlabs.com>
On 9/21/2009 12:10 PM, Doug McIntyre wrote:
> Thad Floryan <thad@thadlabs.com> writes:
>> Some numbers are, in fact, stored in the phone along with a bunch of
>> other things, but most numbers were on the SIM.
> [...]
> ***** Moderator's Note *****
>
> Please tell us how the encryption engine prevents duplicating the SIM. TIA.
>
> Bill Horne
> Moderator
One additional thing I just now noticed in the RAZR V3 Repair Manual
is there are DSPs and other circuits to perform addition encryption
as can be seen in the block diagram I extracted from the manual:
http://thadlabs.com/FILES/RAZR_V3_Block_Diagram.pdf
Date: Mon, 21 Sep 2009 21:51:01 -0700
From: Thad Floryan <thad@thadlabs.com>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: What could/would cause a SIM card to belly-up?
Message-ID: <4AB857B5.9000502@thadlabs.com>
On 9/21/2009 7:07 PM, tlvp wrote:
> On Mon, 21 Sep 2009 10:49:50 -0400, Thad Floryan <thad@thadlabs.com> wrote:
>> [...]
>> Does anyone here have a recommendation for a SIM card reader?
>
> There's just the barest of chances your AT&T store may have one
> they'll let you use on premises.
My local store (Grant Rd, Mountain View CA) didn't; I asked. :-)
> Or they may offer what T-Mobile included in the package when they
> sent new T-Mo SIM cards for our two phones (and a request that we
> replace the old SIMS with the new ones), viz., a SIM copier, with
> slots for origin and target SIMS, and a START button for starting
> the copying process.
>
> Of course, if your handset thinks the SIM is flaky, such a copier
> may well think so, too :-{ . Still, worth asking about ... .
Perhaps. I had a laptop with an IBM Travelstar HD that "suddenly"
wouldn't boot any more or even recognize the disk -- this is a common
problem with IBM/Hitachi Travelstar HDs as I found on the 'Net. Using
specifically a NexStar 3 external USB drive case (and none of the other
5 brands I tried), I was able to read everything off that HD with zero
loss, and the HD works fine in that USB case but will not be seen by
any of my laptops if mounted inside. Go figure. :-)
I may luck out with the SIM reader Doug McIntyre cited (and which I'll
be buying in a moment). If not, at least it appears to be an easier
way to backup the SIM after I rebuild the address book; luckily, most
of the numbers I need are in saved email, and others (for restaurants
and stores) can be found on the web or in a phone book, so it's no big
deal, just annoying.
I still don't fully understand why, over 5 years, about 15 numbers were
saved in the phone and about 100 or so in the SIM (knowing (now) that
storage into the SIM is the default).
> Good luck! And cheers, -- tlvp
Thank you!
Date: Tue, 22 Sep 2009 01:03:52 -0400
From: Monty Solomon <monty@roscom.com>
To: redacted@invalid.telecom.csail.mit.edu
Subject: New Cookie Technologies: Harder to See and Remove, Widely Used to Track You
Message-ID: <p062408abc6de0abc8693@[10.0.1.3]>
New Cookie Technologies: Harder to See and Remove, Widely Used to
Track You
Technical Analysis
by Seth Schoen
September 14th, 2009
This is part 1 of a three-part series on user tracking on the
web today.
Cookies are still a privacy problem for web users, many years after
privacy advocates first raised concerns about their use to track web
browsing. Today, cookies are one of the main mechanisms that
advertising companies like Google use to track and profile users
across sites and over time -- often building up a single gigantic
profile for years and years. Many EFF members respond to this threat
by using their browsers' cookie management features to limit which
cookies they'll accept or how long they'll be retained.
But it turns out that the cookie situation is quite a bit trickier
today, and sites that want to track users have new technical options
that are hard for users to respond to. The traditional "cookie" is an
HTTP cookie, invented by Lou Montulli and John Giannandrea at
Netscape in 1994. But today many browsers implement a range of things
with the same kind of cookie-like tracking behavior -- mechanisms
that are far less familiar, harder to notice, and often harder to
control.
...
http://www.eff.org/deeplinks/2009/09/new-cookie-technologies-harder-see-and-remove-wide
Date: Tue, 22 Sep 2009 11:22:52 EDT
From: Wesrock@aol.com
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: What if People Don't Take the Bait to Go Paperless?
Message-ID: <c16.6dc38fe6.37ea45cc@aol.com>
In a message dated 9/21/2009 11:09:48 PM Central Daylight Time,
dannyb@panix.com writes:
In <p00gb59pshodiofr3o7r50fvhga3ne25h7@4ax.com> "Tony Toews \[MVP\]"
<ttoews@telusplanet.net> writes:
[ snip... regarding e-bills and web site retrieval ]
>> Canada Post has been offering something similar for a number of
>> years now. http://www.epost.ca/main/en/home.shtml And you can store
>> the bills for up to seven years which is the length of time the Cdn
>> tax authorities want you to keep documents. So, if you are being
>> audited, then you could likely give the tax folks your account and
>> password so they could check the bills themselves.
> "Risks Digest", a periodic compilation of, well, Risks in computing
> and related endeavors, has had many a reference to the problems people
> have in getting this information.
>
> Typical issue: you move your phone service to a different provider and
> the first one closes your account. Can you still get that info? Guess
> what the answer usually is...
>
> Same, by the way, with banks.
When I closed an account with a bank they told me I'd better get my
account history off their web site before I did because it would be
gone after I closed my account. Just what you said.
Wes Leatherock
wesrock@aol.com
wleathus@yahoo.com
Date: Tue, 22 Sep 2009 19:44:03 GMT
From: "Tony Toews \[MVP\]" <ttoews@telusplanet.net>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: What if People Don't Take the Bait to Go Paperless?
Message-ID: <b2aib5ti4b6f5dcohj9g86239o8q6vhovg@4ax.com>
danny burstein <dannyb@panix.com> wrote:
>> Canada Post has been offering something similar for a number of years
>> now. http://www.epost.ca/main/en/home.shtml And you can store the
>> bills for up to seven years which is the length of time the Cdn tax
>> authorities want you to keep documents. So, if you are being audited,
>> then you could likely give the tax folks your account and password so
>> they could check the bills themselves.
>
> "Risks Digest", a periodic compilation of, well, Risks in
> computing and related endeavors, has had many a reference
> to the problems people have in getting this information.
Excellent points. I'd would've been downloading all those files as
PDFs onto my own system anyhow. I read comp.risks whenever it comes
out.
> Typical issue: you move your phone service to a different
> provider and the first one closes your account. Can you
> still get that info? Guess what the answer usually is...
>
> Same, by the way, with banks.
That said this particular service is run by an organization external
to the phone company and the banks. So I wouldn't think closing your
account would make any difference to the accessibility of the data.
Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
Granite Fleet Manager http://www.granitefleet.com/
Date: 22 Sep 2009 21:03:08 -0000
From: John Levine <johnl@iecc.com>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: What could/would cause a SIM card to belly-up?
Message-ID: <20090922210308.56217.qmail@simone.iecc.com>
>Please tell us how the encryption engine prevents duplicating the SIM. TIA.
The SIM has a crypto key that's not externally visible. You can tell
it to use the key to encrypt stuff, but you can't get the key out.
This is a reasonable feature, since part of the point of a SIM is to
uniquely identify the account to which calls are to be billed.
R's,
John
TELECOM Digest is an electronic journal devoted mostly to telecom-
munications topics. It is circulated anywhere there is email, in
addition to Usenet, where it appears as the moderated newsgroup
'comp.dcom.telecom'.
TELECOM Digest is a not-for-profit, mostly non-commercial educational
service offered to the Internet by Bill Horne. All the contents
of the Digest are compilation-copyrighted. You may reprint articles in
some other media on an occasional basis, but please attribute my work
and that of the original author.
The Telecom Digest is moderated by Bill Horne.
Contact information: Bill Horne
Telecom Digest
43 Deerfield Road
Sharon MA 02067-2301
781-784-7287
bill at horne dot net
Subscribe: telecom-request@telecom-digest.org?body=subscribe telecom
Unsubscribe: telecom-request@telecom-digest.org?body=unsubscribe telecom
This Digest is the oldest continuing e-journal about telecomm-
unications on the Internet, having been founded in August, 1981 and
published continuously since then. Our archives are available for
your review/research. We believe we are the oldest e-zine/mailing list
on the internet in any category!
URL information: http://telecom-digest.org
Copyright (C) 2009 TELECOM Digest. All rights reserved.
Our attorney is Bill Levant, of Blue Bell, PA.
---------------------------------------------------------------
Finally, the Digest is funded by gifts from generous readers such as
yourself who provide funding in amounts deemed appropriate. Your help
is important and appreciated. A suggested donation of fifty dollars
per year per reader is considered appropriate. See our address above.
Please make at least a single donation to cover the cost of processing
your name to the mailing list.
All opinions expressed herein are deemed to be those of the
author. Any organizations listed are for identification purposes only
and messages should not be considered any official expression by the
organization.
End of The Telecom digest (10 messages)
|
or 
