35 Years of the Digest ... founded August 21, 1981
Copyright © 2017 E. William Horne. All Rights Reserved.

The Telecom Digest for Tue, 09 May 2017
Volume 36 : Issue 54 : "text" format

Table of contents
When a ghost becomes a zombie: The dating phenomenon, in one screenshotMonty Solomon
Comcast, Plume, and the next step for ISP Wi-FiMonty Solomon
Sextortion suspect must unlock her seized iPhone, judge rules Monty Solomon
Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocolMonty Solomon
The hijacking flaw that lurked in Intel chips is worse than anyone thoughtMonty Solomon
---------------------------------------------------------------------- Message-ID: <CA571231-4A0D-4E5F-A78F-F18094C1CA91@roscom.com> Date: Sat, 6 May 2017 18:08:00 -0400 From: Monty Solomon <monty@roscom.com> Subject: When a ghost becomes a zombie: The dating phenomenon, in one screenshot When a ghost becomes a zombie: The dating phenomenon, in one screenshot By Lisa Bonos When you're being ghosted, it takes a while to recognize. Last summer, for example, I was casually seeing someone. We made plans to hang out on a Friday night. Friday rolls around; I check in. (First green bubble above.) Nothing. By Sunday, it was clear I'd been ghosted. I gently called him out on it. (Second bubble.) https://www.washingtonpost.com/news/soloish/wp/2017/03/20/when-a-ghost-becomes-a-zombie-the-dating-phenomenon-in-one-screenshot/ ------------------------------ Message-ID: <EC3E1CFA-532C-4ED9-87C8-36B4535BBFA8@roscom.com> Date: Mon, 8 May 2017 02:49:22 -0400 From: Monty Solomon <monty@roscom.com> Subject: Comcast, Plume, and the next step for ISP Wi-Fi Comcast, Plume, and the next step for ISP Wi-Fi Broadband ISPs have been painted into a corner for a long time when it comes to Wi-Fi. If you're a broadband ISP and you don't offer Wi-Fi, hordes of your customer base will leave you for a competitor who does. But if you're a broadband ISP and you do offer Wi-Fi, you've just given your customer a good reason to hate you that has nothing to do with your core business model - they have dead spots in their house that your gateway device's radios don't reach, and it's your problem, because you told the customer that you'd handle their Wi-Fi. As a technical enthusiast, it's easy to think "well, yeah, ISP Wi-Fi always sucks" and not even bother your ISP about it - you just go to the store, look for something better, and take the burden onto your own shoulders as though the ISP never offered Wi-Fi in the first place. But that's not how most consumers think - which, for many years now, has left ISPs footing the bill for support calls and truck rolls for a problem that isn't actually their core business and that they're not particularly well-equipped to solve. https://arstechnica.com/gadgets/2017/05/comcast-officially-partners-with-plume-to-deliver-mesh-wi-fi/ ***** Moderator's Note ***** Comcast and lots of other ISP's are pushing WiFi because Verizon Wireless, at&t, T-Mobile and a lot of other cellular providers are looking to WiFi connections provided by their customers to solve a very expensive problem. Cellular phones are worming their way into the pockets of late adopters like me, and we, as a class, are demanding and suspicious buyers. We're likely to ask rude questions when the radio transceiver we just bought to take the place of our reliable POTS line starts droping calls every time our car turns a corner. So, the cellular giants are doing a quick end-run around the problem: rather than buy all those oh-so-expensive hilltops and put in all those cellular towers, theyr'e quietly putting "Work-via-wifi" options in their phones, and encouraging their users to pay for the infra- structure that we thought we were getting along with the cell phone. Never mind that the "femtocells" we're all loaning to the cellular gods for free are useless more than ten feet beyond our houses: they've figured the odds, and they know that it's "close enough" to the habits of their late-adoptees that they'll be able to sell it long enough to be rich and gone - when the ISP's demand their cut, and start taking it out of the pockets of the users who were paying the bill all along. Those users will, in turn, seek other options: namely, the "4G" or "5G" whichever "g" the cell carriers will sell them - for slightly less than the new prices that the ISPs will be charging. Bill Horne Moderator ------------------------------ Message-ID: <8DC64C54-050B-4FAC-980E-6E3EA9658888@roscom.com> Date: Fri, 5 May 2017 22:57:28 -0400 From: Monty Solomon <monty@roscom.com> Subject: Sextortion suspect must unlock her seized iPhone, judge rules Sextortion suspect must unlock her seized iPhone, judge rules A Miami-Dade county judge has ruled that two defendants in a sextortion case must provide police with the passwords to their respective iPhones so authorities can unlock the devices and execute a search warrant. Whether or not courts can force individuals to give up passwords to their locked computers or phones is not a settled matter. In essence, the question it boils down to is: "Is giving up a password testimonial, and therefore in violation of the Fifth Amendment? Or is it more like being asked to give up a key to a safety deposit box?" https://arstechnica.com/tech-policy/2017/05/judge-miami-reality-tv-star-must-unlock-her-iphone-in-extortion-case/ ***** Moderator's Note ***** The key to a safe-deposit box isn't anywhere near as secure as a 4096-bit cipher that the NSA can't break in any reasonable amount of time (or won't admit they can crack, which has the same result) - if a suspect won't hand over the key, a judge can order a bank to drill the lock, and the courts see whatever was in the box. However, if a suspect has a lock that can't be drilled, i.e., an encryption protected smart phone, then the courts have to try to coerce them into surrendering the key. If the suspect says "No", we're into new and uncharted waters. The Clipper chip died stillborn, so the remaining options are to force manufacturers to put hidden backdoors into their algorithms, or to start reminding the peasants of their lowly status in the new world order. It remains to be seen if our newly-minted SCOTUS will hold that indefinite jail terms and/or torture are really what the founding fathers intended all along. Bill Horne Moderator ------------------------------ Message-ID: <8AFDC471-9C4A-41FC-BD7F-1663C800EC53@roscom.com> Date: Fri, 5 May 2017 22:56:36 -0400 From: Monty Solomon <monty@roscom.com> Subject: Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol *Moderators note: "2fa" means "Two factor authentication".* Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol The same weakness could be used to eavesdrop on calls and track users' locations. by Dan Goodin A known security hole in the networking protocol used by cellphone providers around the world played a key role in a recent string of attacks that drained bank customer accounts, according to a report published Wednesday. The unidentified attackers exploited weaknesses in Signalling System No. 7, a telephony signaling language that more than 800 telecommunications companies around the world use to ensure their networks interoperate. SS7, as the protocol is known, makes it possible for a person in one country to send text messages to someone in another country. It also allows phone calls to go uninterrupted when the caller is traveling on a train. https://arstechnica.com/security/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-routing-protocol/ ------------------------------ Message-ID: <D483AE88-57CF-48C0-BFF6-3FADDACA513C@roscom.com> Date: Sun, 7 May 2017 11:16:20 -0400 From: Monty Solomon <monty@roscom.com> Subject: The hijacking flaw that lurked in Intel chips is worse than anyone thought A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password. This is according to technical analyses published Friday. As Ars reported Monday, the authentication bypass vulnerability resides in a feature known as Active Management Technology. AMT, as it's usually called, allows system administrators to perform a variety of powerful tasks over a remote connection. Among the capabilities: changing the code that boots up computers, accessing the computer's mouse, keyboard, and monitor, loading and executing programs, and remotely powering on computers that are turned off. In short, AMT makes it possible to log into a computer and exercise the same control enjoyed by administrators with physical access. https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/ ------------------------------ ********************************************* End of telecom Digest Tue, 09 May 2017

Telecom Digest Archives