28 Years of the Digest ... founded August 21, 1981

Classified Ads
TD Extra News

Add this Digest to your personal   or  

 
 
Message Digest 
Volume 28 : Issue 262 : "text" Format

Messages in this Issue:
  UMass Amherst: Computer Intrusion 
  Re: What could/would cause a SIM card to belly-up? 
  Re: What could/would cause a SIM card to belly-up? 
  Re: What could/would cause a SIM card to belly-up? 
  Re: What could/would cause a SIM card to belly-up? 
  Re: What could/would cause a SIM card to belly-up? 
  New Cookie Technologies: Harder to See and Remove, Widely Used to Track You 
  Re: What if People Don't Take the Bait to Go Paperless?  
  Re: What if People Don't Take the Bait to Go Paperless?   
  Re: What could/would cause a SIM card to belly-up? 


====== 28 years of TELECOM Digest -- Founded August 21, 1981 ====== Telecom and VOIP (Voice over Internet Protocol) Digest for the Internet. All contents here are copyrighted by Patrick Townson and the individual writers/correspondents. Articles may be used in other journals or newsgroups, provided the writer's name and the Digest are included in the fair use quote. By using -any name or email address- included herein for -any- reason other than responding to an article herein, you agree to pay a hundred dollars to the recipients of the email. =========================== Addresses herein are not to be added to any mailing list, nor to be sold or given away without explicit written consent. Chain letters, viruses, porn, spam, and miscellaneous junk are definitely unwelcome. We must fight spam for the same reason we fight crime: not because we are naive enough to believe that we will ever stamp it out, but because we do not want the kind of world that results when no one stands against crime. Geoffrey Welsh =========================== See the bottom of this issue for subscription and archive details and the name of our lawyer, and other stuff of interest.
Date: Tue, 22 Sep 2009 00:13:07 -0400 From: Monty Solomon <monty@roscom.com> To: redacted@invalid.telecom.csail.mit.edu Subject: UMass Amherst: Computer Intrusion Message-ID: <p062408a9c6ddfed0bb1e@[10.0.1.3]> Computer Intrusion August 5, 2009 UMass Amherst Reports Attack by Computer Hackers on Server; No Evidence of Loss of Personal Information AMHERST, Mass. - The University of Massachusetts Amherst has suffered an illegal intrusion into its computing network, but there is no evidence of theft of personal information. In the incident, hackers gained access to a departmental server that contained individuals' Social Security numbers and a very limited amount of credit card information, but there is no evidence that the hackers targeted this particular information nor that they removed large amounts of data from the server. A detailed analysis by an independent computer forensics company also concluded that the intruders' attack was not specifically designed to look for personally identifiable information, John Dubach, chief information officer, said. He also said records do not show large amounts of data being extracted from the server, but that the potential for a loss of data did exist for a short period of time. Therefore, based on Massachusetts General Law, Chapter 93H, the university has proceeded to notify the state attorney general and the public. The server contained names and Social Security numbers of students who attended the university between 1982 and 2002 as well as a few others attending before 1982. ... http://www.umass.edu/computerintrusion/ Computer Intrusion NOTIFICATION OF SECURITY BREACH PURSUANT TO MASSACHUSETTS GENERAL LAWS CHAPTER 93H http://www.umass.edu/computerintrusion/legal.html
Date: Mon, 21 Sep 2009 21:36:50 -0700 From: Thad Floryan <thad@thadlabs.com> To: redacted@invalid.telecom.csail.mit.edu Subject: Re: What could/would cause a SIM card to belly-up? Message-ID: <4AB85462.1000605@thadlabs.com> On 9/21/2009 12:10 PM, Doug McIntyre wrote: > Thad Floryan <thad@thadlabs.com> writes: >> Some numbers are, in fact, stored in the phone along with a bunch of >> other things, but most numbers were on the SIM. > > The SIM can only store a small set of numbers, compared to the size of > most phone's Addressbooks. It can also only store a few items of info. > While the SIM's phonebook entries are nice to carry over a few > entries, most people have alot more info and way more entries than can > be stored on the SIM card now. All the addressbook numbers that > carried over for you were stored in your phone's memory.. About 15 numbers survived because they were in the phone's memory. After some arduous Googling, I discovered the RAZR V3 can have 1000 entries in its Addressbook, but nothing as to how many can be in the phone and how many on the SIM. Neither the hardcopy manual, five different PDF manual versions, nor the official Motorola Repair Manual for the RAZR V3 give any more info in this regard. The "Installing the SIM Card" says only "Your Subscriber Identity Module (SIM) card contains your phone number, service details, and address book and message memory." That's it. Nowhere in the manuals is it even shown that one can choose to store address book entries in the phone or on the SIM, and the V3 software itself defaults to storing addressbook entries on the SIM though one can select "SIM" or "Phone" when saving new or edited entries. And there's a capability to move them between the SIM and the phone. Basically, all Motorola documentation about the SIM is poor and lacking, and there's nothing better on the AT&T website(s). Moto documentation is even worse than the Motorola "Mobile Phone Tools" which claims to sync between a PC and the phone in a very non-obvious way last time I tried it a few years ago. > [...] > This is where things aren't going to work for you. The SIM card is not > static storage. It has a processor on it with a crypto engine, as well > as some storage. Some info I found elsewhere claims the processor's duties include separating areas of the SIM for different purposes, and crypto. > You can read the information off of it, but you can't duplicate it, > nor create a copy of it. It sounds like you want to create yourself a > backup plan in order to restore data, but going to the store is your > only way to get a working SIM again. > > All the contact list info is really stored in your phone memory instead. New entries STILL go to the SIM by default. I have to manually change the destination each and every time; this is a very poor design, though I can understand why some people may want the address book on the SIM if they're moving the SIM around to other phones (which, apparently, a lot of people do: one phone for work, one phone for evening, one phone for the car, etc.). >> User reports of many/most SIM card readers are horrible from what >> I've seen so far, and those whose specs seem good are located in the >> far east (per a whois) and don't sell over the web as far as I can >> tell from their webpages. > >> Does anyone here have a recommendation for a SIM card reader? > > http://www.adafruit.com/index.php?main_page=product_info&cPath=27&products_id=101&zenid=d22be06f9b529959582bef135603ddde > > Although you'd have to do some soldering on the kit there. OUTSTANDING! That one looks great, kit and parts are USA-made, and the software is for Linux, Mac and Windows. I will order it right after sending this message. RS-232 serial is not a problem for me. :-) I've built 100s of Heathkits and many things of my own design; you might get a kick out of seeing this: http://thadlabs.com/Illuminator/ . Thank you VERY much for the reference to that kit!
Date: 22 Sep 2009 21:01:27 -0000 From: John Levine <johnl@iecc.com> To: redacted@invalid.telecom.csail.mit.edu Subject: Re: What could/would cause a SIM card to belly-up? Message-ID: <20090922210127.56196.qmail@simone.iecc.com> >After some arduous Googling, I discovered the RAZR V3 can have 1000 >entries in its Addressbook, but nothing as to how many can be in the >phone and how many on the SIM. That's the size of the phone's memory. The SIM's memory is what ever size it is. Newer SIMs have more memory than old ones. >address book entries in the phone or on the SIM, and the V3 software >itself defaults to storing addressbook entries on the SIM though one >can select "SIM" or "Phone" when saving new or edited entries. And >there's a capability to move them between the SIM and the phone. That's odd. I've had lots of moto phones and they all stored stuff to the phone. There's invariably a menu option to copy the phone address book to the SIM and vice versa. R's, John
Date: Tue, 22 Sep 2009 03:27:40 -0700 From: Thad Floryan <thad@thadlabs.com> To: redacted@invalid.telecom.csail.mit.edu Subject: Re: What could/would cause a SIM card to belly-up? Message-ID: <4AB8A69C.1090101@thadlabs.com> On 9/21/2009 12:10 PM, Doug McIntyre wrote: > Thad Floryan <thad@thadlabs.com> writes: >> Some numbers are, in fact, stored in the phone along with a bunch of >> other things, but most numbers were on the SIM. > [...] > You can read the information off of it, but you can't duplicate it, > nor create a copy of it. It sounds like you want to create yourself a > backup plan in order to restore data, but going to the store is your > only way to get a working SIM again. > [...] > ***** Moderator's Note ***** > > Please tell us how the encryption engine prevents duplicating the SIM. TIA. > > Bill Horne > Moderator I'm not sure Doug will see or saw your moderator's note, so ... One thing I learned is the SIM's onboard CPU controls who/what has access to certain portions of the memory. Some carrier info can only be entered once and never changed. An addressbook can be read and written. Etc. One good site I found is this one: http://www.billingworld.com/articles/archives/-Smart-Tactics-for-Smothering-Fraud.html Some other good info is here: http://www.gsm-security.net/faq/subscriber-identity-module-sim.shtml FWIW, the SIM only has 6 contacts so the I/O is serial. The contacts are CLK, RST (Reset?), Vcc, I/O, Vpp, and GND. I should be able to provide more info when I receive the kit that Doug mentioned and "play" with the software which is all FOSS. The kit's user manual is here: http://www.ladyada.net/make/simreader/use.html#soft Source code: http://www.ladyada.net/media/simreader/pySimReader-Serial-src-v2.zip requires: http://www.wxpython.org/ and: http://pyserial.sourceforge.net/ SIM Reader schematic in PNG: http://www.ladyada.net/make/simreader/simreaderv1_0.png
Date: Tue, 22 Sep 2009 04:01:45 -0700 From: Thad Floryan <thad@thadlabs.com> To: redacted@invalid.telecom.csail.mit.edu Subject: Re: What could/would cause a SIM card to belly-up? Message-ID: <4AB8AE99.5090403@thadlabs.com> On 9/21/2009 12:10 PM, Doug McIntyre wrote: > Thad Floryan <thad@thadlabs.com> writes: >> Some numbers are, in fact, stored in the phone along with a bunch of >> other things, but most numbers were on the SIM. > [...] > ***** Moderator's Note ***** > > Please tell us how the encryption engine prevents duplicating the SIM. TIA. > > Bill Horne > Moderator One additional thing I just now noticed in the RAZR V3 Repair Manual is there are DSPs and other circuits to perform addition encryption as can be seen in the block diagram I extracted from the manual: http://thadlabs.com/FILES/RAZR_V3_Block_Diagram.pdf
Date: Mon, 21 Sep 2009 21:51:01 -0700 From: Thad Floryan <thad@thadlabs.com> To: redacted@invalid.telecom.csail.mit.edu Subject: Re: What could/would cause a SIM card to belly-up? Message-ID: <4AB857B5.9000502@thadlabs.com> On 9/21/2009 7:07 PM, tlvp wrote: > On Mon, 21 Sep 2009 10:49:50 -0400, Thad Floryan <thad@thadlabs.com> wrote: >> [...] >> Does anyone here have a recommendation for a SIM card reader? > > There's just the barest of chances your AT&T store may have one > they'll let you use on premises. My local store (Grant Rd, Mountain View CA) didn't; I asked. :-) > Or they may offer what T-Mobile included in the package when they > sent new T-Mo SIM cards for our two phones (and a request that we > replace the old SIMS with the new ones), viz., a SIM copier, with > slots for origin and target SIMS, and a START button for starting > the copying process. > > Of course, if your handset thinks the SIM is flaky, such a copier > may well think so, too :-{ . Still, worth asking about ... . Perhaps. I had a laptop with an IBM Travelstar HD that "suddenly" wouldn't boot any more or even recognize the disk -- this is a common problem with IBM/Hitachi Travelstar HDs as I found on the 'Net. Using specifically a NexStar 3 external USB drive case (and none of the other 5 brands I tried), I was able to read everything off that HD with zero loss, and the HD works fine in that USB case but will not be seen by any of my laptops if mounted inside. Go figure. :-) I may luck out with the SIM reader Doug McIntyre cited (and which I'll be buying in a moment). If not, at least it appears to be an easier way to backup the SIM after I rebuild the address book; luckily, most of the numbers I need are in saved email, and others (for restaurants and stores) can be found on the web or in a phone book, so it's no big deal, just annoying. I still don't fully understand why, over 5 years, about 15 numbers were saved in the phone and about 100 or so in the SIM (knowing (now) that storage into the SIM is the default). > Good luck! And cheers, -- tlvp Thank you!
Date: Tue, 22 Sep 2009 01:03:52 -0400 From: Monty Solomon <monty@roscom.com> To: redacted@invalid.telecom.csail.mit.edu Subject: New Cookie Technologies: Harder to See and Remove, Widely Used to Track You Message-ID: <p062408abc6de0abc8693@[10.0.1.3]> New Cookie Technologies: Harder to See and Remove, Widely Used to Track You Technical Analysis by Seth Schoen September 14th, 2009 This is part 1 of a three-part series on user tracking on the web today. Cookies are still a privacy problem for web users, many years after privacy advocates first raised concerns about their use to track web browsing. Today, cookies are one of the main mechanisms that advertising companies like Google use to track and profile users across sites and over time -- often building up a single gigantic profile for years and years. Many EFF members respond to this threat by using their browsers' cookie management features to limit which cookies they'll accept or how long they'll be retained. But it turns out that the cookie situation is quite a bit trickier today, and sites that want to track users have new technical options that are hard for users to respond to. The traditional "cookie" is an HTTP cookie, invented by Lou Montulli and John Giannandrea at Netscape in 1994. But today many browsers implement a range of things with the same kind of cookie-like tracking behavior -- mechanisms that are far less familiar, harder to notice, and often harder to control. ... http://www.eff.org/deeplinks/2009/09/new-cookie-technologies-harder-see-and-remove-wide
Date: Tue, 22 Sep 2009 11:22:52 EDT From: Wesrock@aol.com To: redacted@invalid.telecom.csail.mit.edu Subject: Re: What if People Don't Take the Bait to Go Paperless? Message-ID: <c16.6dc38fe6.37ea45cc@aol.com> In a message dated 9/21/2009 11:09:48 PM Central Daylight Time, dannyb@panix.com writes: In <p00gb59pshodiofr3o7r50fvhga3ne25h7@4ax.com> "Tony Toews \[MVP\]" <ttoews@telusplanet.net> writes: [ snip... regarding e-bills and web site retrieval ] >> Canada Post has been offering something similar for a number of >> years now. http://www.epost.ca/main/en/home.shtml And you can store >> the bills for up to seven years which is the length of time the Cdn >> tax authorities want you to keep documents. So, if you are being >> audited, then you could likely give the tax folks your account and >> password so they could check the bills themselves. > "Risks Digest", a periodic compilation of, well, Risks in computing > and related endeavors, has had many a reference to the problems people > have in getting this information. > > Typical issue: you move your phone service to a different provider and > the first one closes your account. Can you still get that info? Guess > what the answer usually is... > > Same, by the way, with banks. When I closed an account with a bank they told me I'd better get my account history off their web site before I did because it would be gone after I closed my account. Just what you said. Wes Leatherock wesrock@aol.com wleathus@yahoo.com
Date: Tue, 22 Sep 2009 19:44:03 GMT From: "Tony Toews \[MVP\]" <ttoews@telusplanet.net> To: redacted@invalid.telecom.csail.mit.edu Subject: Re: What if People Don't Take the Bait to Go Paperless? Message-ID: <b2aib5ti4b6f5dcohj9g86239o8q6vhovg@4ax.com> danny burstein <dannyb@panix.com> wrote: >> Canada Post has been offering something similar for a number of years >> now. http://www.epost.ca/main/en/home.shtml And you can store the >> bills for up to seven years which is the length of time the Cdn tax >> authorities want you to keep documents. So, if you are being audited, >> then you could likely give the tax folks your account and password so >> they could check the bills themselves. > > "Risks Digest", a periodic compilation of, well, Risks in > computing and related endeavors, has had many a reference > to the problems people have in getting this information. Excellent points. I'd would've been downloading all those files as PDFs onto my own system anyhow. I read comp.risks whenever it comes out. > Typical issue: you move your phone service to a different > provider and the first one closes your account. Can you > still get that info? Guess what the answer usually is... > > Same, by the way, with banks. That said this particular service is run by an organization external to the phone company and the banks. So I wouldn't think closing your account would make any difference to the accessibility of the data. Tony -- Tony Toews, Microsoft Access MVP Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/ Granite Fleet Manager http://www.granitefleet.com/
Date: 22 Sep 2009 21:03:08 -0000 From: John Levine <johnl@iecc.com> To: redacted@invalid.telecom.csail.mit.edu Subject: Re: What could/would cause a SIM card to belly-up? Message-ID: <20090922210308.56217.qmail@simone.iecc.com> >Please tell us how the encryption engine prevents duplicating the SIM. TIA. The SIM has a crypto key that's not externally visible. You can tell it to use the key to encrypt stuff, but you can't get the key out. This is a reasonable feature, since part of the point of a SIM is to uniquely identify the account to which calls are to be billed. R's, John
TELECOM Digest is an electronic journal devoted mostly to telecom- munications topics. It is circulated anywhere there is email, in addition to Usenet, where it appears as the moderated newsgroup 'comp.dcom.telecom'. TELECOM Digest is a not-for-profit, mostly non-commercial educational service offered to the Internet by Bill Horne. All the contents of the Digest are compilation-copyrighted. You may reprint articles in some other media on an occasional basis, but please attribute my work and that of the original author. The Telecom Digest is moderated by Bill Horne. Contact information: Bill Horne Telecom Digest 43 Deerfield Road Sharon MA 02067-2301 781-784-7287 bill at horne dot net Subscribe: telecom-request@telecom-digest.org?body=subscribe telecom Unsubscribe: telecom-request@telecom-digest.org?body=unsubscribe telecom This Digest is the oldest continuing e-journal about telecomm- unications on the Internet, having been founded in August, 1981 and published continuously since then. Our archives are available for your review/research. We believe we are the oldest e-zine/mailing list on the internet in any category! URL information: http://telecom-digest.org Copyright (C) 2009 TELECOM Digest. All rights reserved. Our attorney is Bill Levant, of Blue Bell, PA. --------------------------------------------------------------- Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of fifty dollars per year per reader is considered appropriate. See our address above. Please make at least a single donation to cover the cost of processing your name to the mailing list. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization.
End of The Telecom digest (10 messages)

Return to Archives**Older Issues