31 Years of the Digest ... founded August 21, 1981Add this Digest to your personal or   The Telecom Digest for November 29, 2012 ====== 31 years of TELECOM Digest -- Founded August 21, 1981 ====== |
Telecom and VOIP (Voice over Internet Protocol) Digest for the
Internet. All contents here are copyrighted by Bill Horne and
the individual writers/correspondents. Articles may be used in other
journals or newsgroups, provided the writer's name and the Digest are
included in the fair use quote. By using any name or email address
included herein for any reason other than responding to an article
herein, you agree to pay a hundred dollars to that person, or email address
owner.
Addresses herein are not to be added to any mailing list, nor to be sold or given away without the explicit written consent of the owner of that address. Chain letters, viruses, porn, spam, and miscellaneous junk are definitely unwelcome. We must fight spam for the same reason we fight crime: not because we are naive enough to believe that we will ever stamp it out, but because we do not want the kind of world that results when no one stands against crime. - Geoffrey Welsh See the bottom of this issue for subscription and archive details and the name of our lawyer, and other stuff of interest. |
Date: Tue, 27 Nov 2012 01:32:33 -0500 From: Monty Solomon <monty@roscom.com> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Minority Report becomes reality: New software that predicts when laws are about to be broken Message-ID: <p0624081eccda0d92acb0@[10.0.1.10]> Minority Report becomes reality: New software that predicts when laws are about to be broken * U.S. funding research into AI that can predict how people will behave * Software recognises activities and predicts what might happen next * Intended for use in both military and civilian contexts By DAMIEN GAYLE 23 November 2012 Mail Online An artificial intelligence system that connects to surveillance cameras to predict when people are about to commit a crime is under development, funded by the U.S. military. The software, dubbed Mind's Eye, recognises human activities seen on CCTV and uses algorithms to predict what the targets might do next - then notify the authorities. The technology has echoes of the Hollywood film Minority Report, where people are punished for crimes they are predicted to commit, rather than after committing a crime. Scientists from Carnegie Mellon University in Pittsburgh, Pennsylvania, have presented a paper demonstrating how such so-called 'activity forecasting' would work. Their study, funded by the U.S. Army Research Laboratory, focuses on the 'automatic detection of anomalous and threatening behaviour' by simulating the ways humans filter and generalise information from the senses. The system works using a high-level artificial intelligence infrastructure the researchers call a 'cognitive engine' that can learn to link relevant signals with background knowledge and tie it together. ... http://www.dailymail.co.uk/sciencetech/article-2237302/Minority-Report-reality-New-software-predicts-laws-broken.html
Date: Tue, 27 Nov 2012 12:34:31 -0500 From: Pete Cresswell <PeteCress@invalid.telecom-digest.org> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Re: Why passwords have never been weaker-and crackers have never been stronger Message-ID: <5cu9b8h5ruh3t93jf6ju3f5o7fg8f321oo@4ax.com> Telecom Digest Moderator said: >The trick is to use easily-memorable pass-/*PHRASES*/ that won't be >in anyone's dictionary. Somebody suggested the "Dead Pet System"... concatenate the names of two dead pets and add digits to taste. - - Pete Cresswell ***** Moderator's Note ***** Since one of the most common "secret" questions that sites offer to remember in order to help me recover a forgotten password is "What was your first pet's name?", I have a couple of "virtual" pets and I use those names, which can't ever be guessed. For sites that insist on knowning my father's middle name, or my mother's maiden name, I have a couple of pseudonyms handy. The main thing to remember is that anything which is in a public record is NOT secure. Bill Horne Moderator
Date: 27 Nov 2012 18:15:04 GMT From: Doug McIntyre <merlyn@geeks.org> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Re: Why passwords have never been weaker-and crackers have never been stronger Message-ID: <50b50328$0$74853$8046368a@newsreader.iphouse.net> bonomi@host122.r-bonomi.com (Robert Bonomi) writes: >In article <p062408c4ccd8113a8752@[10.0.1.10]>, >'standard' hacker technique for 'dictionary'-based attacks has included >such spelling 'variations' for AT LEAST A DECADE. Actually, more like 3+ decades. Dictionary attacks were known in the '70s, and simple substitution were known then. Password hash salting was originated because of dictionary attacks. Telecom Digest Moderator wrote: >Everyone knows that Using *ANY* dictionary word as a password is an >invitation to attack. What many users don't know is that hacker >dictionaries have all the common variants in them, such as putting an >exclamation point at the end of a word. The trick is to use >easily-memorable pass-/*PHRASES*/ that won't be in anyone's >dictionary. Also, what people may not realize is that odd words are in dictionaries too. Your Swedish Gr-Grandfather's given name that hasn't been in common use in a century? That is in a hacker dictionary. That technical term in some very non-IT related field? That is in a dictionary. Simple passphrases of slammed together words are no-longer sufficient either. More recent hacker cracking tools will take dictionary words and slam them togther for testing. A password such as "Cow-Pucks#Yesterday" will be found by standard tools and enough GPU power to cycle through everything.
Date: Wed, 28 Nov 2012 11:44:08 -0500 From: Bill Horne <bill@horneQRM.net> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Re: Why passwords have never been weaker-and crackers have never been stronger Message-ID: <20121128164408.GC16992@telecom.csail.mit.edu> On Tue, Nov 27, 2012 at 06:15:04PM +0000, Doug McIntyre wrote: > bonomi@host122.r-bonomi.com (Robert Bonomi) writes: > >In article <p062408c4ccd8113a8752@[10.0.1.10]>, > >'standard' hacker technique for 'dictionary'-based attacks has included > >such spelling 'variations' for AT LEAST A DECADE. > > Actually, more like 3+ decades. Dictionary attacks were known in the '70s, > and simple substitution were known then. Password hash salting was > originated because of dictionary attacks. > > Telecom Digest Moderator wrote: > >Everyone knows that Using *ANY* dictionary word as a password is an > >invitation to attack. What many users don't know is that hacker > >dictionaries have all the common variants in them, such as putting an > >exclamation point at the end of a word. The trick is to use > >easily-memorable pass-/*PHRASES*/ that won't be in anyone's > >dictionary. > > Also, what people may not realize is that odd words are in dictionaries too. > Your Swedish Gr-Grandfather's given name that hasn't been in common use in a > century? That is in a hacker dictionary. That technical term in some > very non-IT related field? That is in a dictionary. > > Simple passphrases of slammed together words are no-longer sufficient either. > > More recent hacker cracking tools will take dictionary words and slam > them togther for testing. A password such as "Cow-Pucks#Yesterday" > will be found by standard tools and enough GPU power to cycle through > everything. Dictionary attacks are fast for the same reason that hashing algorithms are fast: the idea of comparing one password hash to another is to make verification quick so as not to take too much of the user's time. That's why dictionary attacks are the preferred vector: if an attacker has a good dictionary, (s)he will have a "hit" often enough that there's no need to actually decrypt the password hash, assuming that (s)he has access to it (see below). In The Cuckoo's Egg, author Clifford Stoll recounted his surprise in the moment that he learned what a dictionary attack is: he was puzzled at the way the attacker who was in his system always copied the /etc/passwd file, which (at that time) contained the password hashes for every user on the system. It wasn't until he was talking with NSA cryptographer Robert Morris that Stoll realized how far behind the (pun intended) curve he was: Morris dismissed Stoll's questions about the /etc/passwd file by mentioning that he had an application that would do a dictionary attack in seconds. This is so great an advantage that NSA crackers spend a lot of time developing new dictionaries, because they can do a million guesses for the same computing cost as a single "brute force" decryption attack. Of course, the key (again, pun intended) factor is having the hashes available to work on in the first place, which is why reports of breakins at major retailers take on so much importance: not only does a thief gain the advantage of having a data source (s)he can work on at his leisure, but (s)he also benefits from the divergence between business and security needs that is an ever-present gorilla in every IT manager's inbox: large companies are always looking for ways to speed up responses, and database administrators are always under pressure to speed up database dips. While the hashing algorithms that they use for their own computer logins may be up-to-snuff, a DBA who wants to go home on time might choose an older, but faster, hash function to create the password hashes for customers, just to get those few extra milliseconds. That's why a stolen database of password hashes is worth serious coin in the underground cracking world: whomever has it can do "dictionary" attacks without any risk of lockout or getting caught in a Honeypot. Once the attacker finds a password that matches a given hash, (s)he can use the other info in the stolen database to find the account(s) the victim was likely to use the password for. Of course, this is all moot, because there's a new attack avail #$@@ CARRIER LOST -- Bill Horne (Remove QRM from my address to write to me directly)
Date: Tue, 27 Nov 2012 01:25:27 -0500 From: Monty Solomon <monty@roscom.com> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: How our over-reliance on satellite images led to the mystery of the South Pacific island that wasn't there Message-ID: <p0624081bccda0cb979f3@[10.0.1.10]> How our over-reliance on satellite images led to the mystery of the South Pacific island that wasn't there * It has also emerged that the latest non-finding was the SECOND time Sandy Island had been 'un-discovered' * Radio enthusiasts on an expedition to send a message from the most-remote possible place reported its non-existence in 2000 * Cartography expert tells MailOnline Sandy Island could be just one of many errors added to maps as satellite photos were digitised By DAMIEN GAYLE 23 November 2012 Mail Online The mysterious South Pacific island that wasn't there could be just one many errors made in the process of digitising satellite maps of the world, an expert said today. Sandy Island, which appears on satellite images as an dark blob in the Coral Sea, sparked interest worldwide yesterday when it emerged that geologists who went looking for it found nothing there. The Australian team who made the 'un-discovery' are now investigating how the error could have been made, but a UK-based cartography expert said it could merely be the result of our over-reliance on satellites. ... http://www.dailymail.co.uk/sciencetech/article-2237499/How-reliance-satellite-images-led-mystery-South-Pacific-island-wasnt-there.html
Date: Tue, 27 Nov 2012 14:49:17 -0500 From: Reed <reedh@rmi.net> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Re: Calling Card Services Message-ID: <PJCdnQXYyumjhCjNnZ2dnUVZ_vednZ2d@giganews.com> On 11/26/12 7:33 PM, Scott Dorsey wrote: > I just received a letter in the mail telling me that due to changes in > their billing system, Credo will no longer be able to provide calling card > services past Dec 31. I find the calling card very useful and use it a > lot, but in bursts. > > Does anyone have any suggestions for other providers for calling cards? > I find purchasing prepaid phone cards at the corner bodega is not worth > the trouble since they often go out of date before I use them. I'll make > a lot of calls when I'm on travel but it can sometimes be three or even > six months between trips. > --scott > Have you looked at or tried One Suite ? http://www.onesuite.com/long-distance I've used them for the last 8 years for just what you describe. I've left as little as $2.00 on the account for over a year. You do have to use or recharge at least once per year. They will send a reminder e-mail warning if not used.
Date: Tue, 27 Nov 2012 12:30:45 -0500 From: Pete Cresswell <PeteCress@invalid.telecom-digest.org> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Re: Calling Card Services Message-ID: <3st9b8lduj5psre9roq0gjdu06cja29749@4ax.com> Per Scott Dorsey: > >Does anyone have any suggestions for other providers for calling cards? >I find purchasing prepaid phone cards at the corner bodega is not worth >the trouble since they often go out of date before I use them. I'll make >a lot of calls when I'm on travel but it can sometimes be three or even >six months between trips. Until I switched to VOIP, I was using these guys: CyberCalling.com A couple of advantages: They charged fractional minutes instead of rounding up to the nearest minute and did not charge for unanswered calls. Big disadvantages: Their page is in simplified Mandarin. I had somebody who could deal with it for me, so I don't know if they offer an English-language page. But their service/prices were good enough that I'd give them a call to see if they do have an English-language page. -- Pete Cresswell
Date: 28 Nov 2012 02:53:53 -0000 From: "John Levine" <johnl@iecc.com> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Re: Calling Card Services Message-ID: <20121128025353.25328.qmail@joyce.lan> I have a Globetrotter prepaid card that I got here: http://speedypin.com/prepaid/phone-card/GTR10 They say it expires if not used for 10 months, but I think I've gone longer. Domestic rate is 2.7cpm for 800 access, 1.7cpm via a vast array of local numbers. They have access numbers in a lot of countries and reasonable international rates.
Date: Tue, 27 Nov 2012 14:58:41 -0600 From: Frank Stearns <franks.pacifier.com@pacifier.net> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Re: Why passwords have never been weaker-and crackers have never been stronger Message-ID: <P8qdna8PQYUctCjNnZ2dnUVZ_tCdnZ2d@posted.palinacquisition> "John C. Fowler" <johnfpublic@yahoo.com> writes: >Replying to Message-ID: <mtv6b8h6lf7s8d3lrshtut28ohrl3i44ja@4ax.com> >References: <p062408c4ccd8113a8752@[10.0.1.10]> >Pete Cresswell: >> Can anybody comment on the specifics/methodology of this >> improvement? >While there have always been people who have chosen weak passwords, >even some of the stronger ones are starting to fall. The main reason >for that is PCs are getting faster, and large numbers of systems that >can work in parallel are becoming more available. That is, even if >you don't control a botnet of other people's infected computers, you >can still rent a bunch of virtual machines from Amazon or some other >cloud service provider, and do your dirty work there at a fraction of >what it used to cost. Forgive me for being ignorant, but doesn't the bad guy have to then try each password variant s/he generates? Once upon a time, some login systems put a 10 or 30 or 60 minute time-out interval if you had more than three failed login attempts in a row. (The shell account of my ISP gives you three tries, then a 10 minute lockout.) I have a few security USB sticks that scramble the data stored on them and go inert if there are more than seven failed logins in a row. What am I missing? Do most login systems now allow a barrage of login attempts without pause or question? Seems that regardless of how much password cracking horsepower one has, some sort of time-out on multiple login attempts -- coupled with some sort of alert being sent -- would greatly slow or even pre-empt this bad behavior. Frank -- .
Date: Tue, 27 Nov 2012 08:22:20 -0800 (PST) From: HAncock4 <withheld@invalid.telecom-digest.org> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Washington Post: Defending against hacker attacks with model town Message-ID: <425360a5-54b5-4546-b580-f8728428096b@r4g2000vbi.googlegroups.com> "CyberCity has all the makings of a regular town. There's a bank, a hospital and a power plant. A train station operates near a water tower. The coffee shop offers free WiFi. But only certain people can get in: government hackers preparing for battles in cyberspace. The Pentagon is building a virtual city that will enable government hackers to practice attacking and defending the computers and networks that increasingly run the world's water, power and other critical systems." for full article please see: http://www.washingtonpost.com/investigations/cybercity-allows-government-hackers-to-train-for-attacks/2012/11/26/588f4dae-1244-11e2-be82-c3411b7680a9_stor y.html?hpid=z4
Date: Tue, 27 Nov 2012 23:45:19 -0500 From: Monty Solomon <monty@roscom.com> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Court Temporarily Blocks School District From Suspending Student For Refusing To Wear Student ID/Tracking Device Message-ID: <p06240854ccdb45fae5a0@[10.0.1.10]> Court Temporarily Blocks School District From Suspending Student For Refusing To Wear Student ID/Tracking Device by Tim Cushing Nov 27 2012 Techdirt from the maybe-someone-should-ask-the-administration-to-wear-one-during-the-work-day dept A few months back, Tim Geigner covered the story of a Texas school district's efforts to track its students' whereabouts using student ID cards with embedded RFID chips. The district attempted to paint this "students-as-livestock/prisoners" effort as being there for the safety of students and staff. But underneath all the "safety" talk was a large pile of money that the school district hoped to pocket. The so-called "Student Locator" project Texas' Northside Independent School District was implementing put school officials within handout distance of nearly $1.7 million in state government funds. http://www.techdirt.com/articles/20121125/15041521137/court-temporarily-blocks-school-district-suspending-student-refusing-to-wear-student-idtracking-device.shtml -or- http://goo.gl/sAJtE ***** Moderator's Note ***** or, perhaps it's from-the-children-as-chattel department ... Bill Horne Moderator
Date: Tue, 27 Nov 2012 23:45:19 -0500 From: Monty Solomon <monty@roscom.com> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Barnes & Noble Decides That Purchased Ebooks Are Only Yours Until Your Credit Card Expires Message-ID: <p06240853ccdb4535b769@[10.0.1.10]> Barnes & Noble Decides That Purchased Ebooks Are Only Yours Until Your Credit Card Expires by Tim Cushing Nov 27 2012 Techdirt from the ebooks:-where-'buying'-means-'renting-for-an-indefinite-period' dept DRM rears its ugly, malformed, malignant, cross-eyed head again. Despite the fact that, as Cory Doctorow so aptly put it, no one has ever purchased anything because it came with DRM, an ever-slimming number of content providers insist on punishing paying customers with idiotic "anti-piracy" schemes. http://www.techdirt.com/articles/20121126/18084721154/barnes-noble-decides-that-purchased-ebooks-are-only-yours-until-your-credit-card-expires.shtml -or- http://goo.gl/DZxSo
Date: Tue, 27 Nov 2012 13:07:37 -0800 (PST) From: Oh Better <ohthatsbetter@yahoo.com> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Jane Barbe's Octel Recordings Message-ID: <1354050457.43304.YahooMailNeo@web161904.mail.bf1.yahoo.com> I'm a big fan of Jane Barbe, the Time Lady. Phone Trips ( http://www.wideweb.com/phonetrips/ ) has a lot of great recordings of her Bell System work, but I can't seem to find her Octel voice mail recordings anywhere online. I had the chance to record them about 20 years ago just before my university switched to the Marsha Graham prompt set, but unfortunately, I didn't. Does anyone have any of these recordings or know of a site or a person who does? Or is there a machine out there someplace that's still running "American English (Jane)"? I'd really love to hear the system again, and I'd really appreciate any pointers. Thank you, Bobby Evans
Date: Tue, 27 Nov 2012 23:17:09 -0500 From: Monty Solomon <monty@roscom.com> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Reports: Apple Lets Go One More Employee In Maps Fiasco Message-ID: <p0624083eccdb40689738@[10.0.1.10]> Reports: Apple Lets Go One More Employee In Maps Fiasco by EYDER PERALTA November 27, 2012 In the aftermath of the maps fiasco, the heads continue to roll at Apple. Today, there is news that one more employee has been let go. This time it was manager Richard Williamson, who oversaw the maps project, who lost his job. ... http://www.npr.org/blogs/thetwo-way/2012/11/27/166023849/reports-apple-lets-go-one-more-employee-in-maps-fiasco
TELECOM Digest is an electronic journal devoted mostly to telecom- munications topics. It is circulated anywhere there is email, in addition to Usenet, where it appears as the moderated newsgroup 'comp.dcom.telecom'. TELECOM Digest is a not-for-profit, mostly non-commercial educational service offered to the Internet by Bill Horne. All the contents of the Digest are compilation-copyrighted. You may reprint articles in some other media on an occasional basis, but please attribute my work and that of the original author. The Telecom Digest is moderated by Bill Horne.
Contact information: |
Bill Horne Telecom Digest 43 Deerfield Road Sharon MA 02067-2301 339-364-8487 bill at horne dot net |
Subscribe: | telecom-request@telecom-digest.org?body=subscribe telecom |
Unsubscribe: | telecom-request@telecom-digest.org?body=unsubscribe telecom |
This Digest is the oldest continuing e-journal about telecomm- unications on the Internet, having been founded in August, 1981 and published continuously since then. Our archives are available for your review/research. We believe we are the oldest e-zine/mailing list on the internet in any category! URL information: http://telecom-digest.org Copyright (C) 2012 TELECOM Digest. All rights reserved. Our attorney is Bill Levant, of Blue Bell, PA.
Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of fifty dollars per year per reader is considered appropriate. See our address above. Please make at least a single donation to cover the cost of processing your name to the mailing list. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization.