31 Years of the Digest ... founded August 21, 1981
Add this Digest to your personal
or 
The Telecom Digest for November 29, 2012
Volume 31 : Issue 280 : "text" Format
====== 31 years of TELECOM Digest -- Founded August 21, 1981 ======
|
Telecom and VOIP (Voice over Internet Protocol) Digest for the
Internet. All contents here are copyrighted by Bill Horne and
the individual writers/correspondents. Articles may be used in other
journals or newsgroups, provided the writer's name and the Digest are
included in the fair use quote. By using any name or email address
included herein for any reason other than responding to an article
herein, you agree to pay a hundred dollars to that person, or email address
owner.
Addresses herein are not to be added to any mailing list, nor to be
sold or given away without the explicit written consent of the owner of
that address. Chain letters, viruses, porn, spam, and miscellaneous junk
are definitely unwelcome.
We must fight spam for the same reason we fight crime: not because we
are naive enough to believe that we will ever stamp it out, but because
we do not want the kind of world that results when no one stands
against crime. - Geoffrey Welsh
See the bottom of this issue for subscription and archive details
and the name of our lawyer, and other stuff of interest.
|
Date: Tue, 27 Nov 2012 01:32:33 -0500
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Minority Report becomes reality: New software that predicts when laws are about to be broken
Message-ID: <p0624081eccda0d92acb0@[10.0.1.10]>
Minority Report becomes reality: New software that predicts when laws
are about to be broken
* U.S. funding research into AI that can predict how people will behave
* Software recognises activities and predicts what might happen next
* Intended for use in both military and civilian contexts
By DAMIEN GAYLE
23 November 2012
Mail Online
An artificial intelligence system that connects to surveillance
cameras to predict when people are about to commit a crime is under
development, funded by the U.S. military.
The software, dubbed Mind's Eye, recognises human activities seen on
CCTV and uses algorithms to predict what the targets might do next -
then notify the authorities.
The technology has echoes of the Hollywood film Minority Report,
where people are punished for crimes they are predicted to commit,
rather than after committing a crime.
Scientists from Carnegie Mellon University in Pittsburgh,
Pennsylvania, have presented a paper demonstrating how such so-called
'activity forecasting' would work.
Their study, funded by the U.S. Army Research Laboratory, focuses on
the 'automatic detection of anomalous and threatening behaviour' by
simulating the ways humans filter and generalise information from the
senses.
The system works using a high-level artificial intelligence
infrastructure the researchers call a 'cognitive engine' that can
learn to link relevant signals with background knowledge and tie it
together.
...
http://www.dailymail.co.uk/sciencetech/article-2237302/Minority-Report-reality-New-software-predicts-laws-broken.html
Date: Tue, 27 Nov 2012 12:34:31 -0500
From: Pete Cresswell <PeteCress@invalid.telecom-digest.org>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Re: Why passwords have never been weaker-and crackers have never been stronger
Message-ID: <5cu9b8h5ruh3t93jf6ju3f5o7fg8f321oo@4ax.com>
Telecom Digest Moderator said:
>The trick is to use easily-memorable pass-/*PHRASES*/ that won't be
>in anyone's dictionary.
Somebody suggested the "Dead Pet System"... concatenate the names of
two dead pets and add digits to taste.
- -
Pete Cresswell
***** Moderator's Note *****
Since one of the most common "secret" questions that sites offer to
remember in order to help me recover a forgotten password is "What was
your first pet's name?", I have a couple of "virtual" pets and I use
those names, which can't ever be guessed.
For sites that insist on knowning my father's middle name, or my
mother's maiden name, I have a couple of pseudonyms handy. The main
thing to remember is that anything which is in a public record is
NOT secure.
Bill Horne
Moderator
Date: 27 Nov 2012 18:15:04 GMT
From: Doug McIntyre <merlyn@geeks.org>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Re: Why passwords have never been weaker-and crackers have never been stronger
Message-ID: <50b50328$0$74853$8046368a@newsreader.iphouse.net>
bonomi@host122.r-bonomi.com (Robert Bonomi) writes:
>In article <p062408c4ccd8113a8752@[10.0.1.10]>,
>'standard' hacker technique for 'dictionary'-based attacks has included
>such spelling 'variations' for AT LEAST A DECADE.
Actually, more like 3+ decades. Dictionary attacks were known in the '70s,
and simple substitution were known then. Password hash salting was
originated because of dictionary attacks.
Telecom Digest Moderator wrote:
>Everyone knows that Using *ANY* dictionary word as a password is an
>invitation to attack. What many users don't know is that hacker
>dictionaries have all the common variants in them, such as putting an
>exclamation point at the end of a word. The trick is to use
>easily-memorable pass-/*PHRASES*/ that won't be in anyone's
>dictionary.
Also, what people may not realize is that odd words are in dictionaries too.
Your Swedish Gr-Grandfather's given name that hasn't been in common use in a
century? That is in a hacker dictionary. That technical term in some
very non-IT related field? That is in a dictionary.
Simple passphrases of slammed together words are no-longer sufficient either.
More recent hacker cracking tools will take dictionary words and slam
them togther for testing. A password such as "Cow-Pucks#Yesterday"
will be found by standard tools and enough GPU power to cycle through
everything.
Date: Wed, 28 Nov 2012 11:44:08 -0500
From: Bill Horne <bill@horneQRM.net>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Re: Why passwords have never been weaker-and crackers have never been stronger
Message-ID: <20121128164408.GC16992@telecom.csail.mit.edu>
On Tue, Nov 27, 2012 at 06:15:04PM +0000, Doug McIntyre wrote:
> bonomi@host122.r-bonomi.com (Robert Bonomi) writes:
> >In article <p062408c4ccd8113a8752@[10.0.1.10]>,
> >'standard' hacker technique for 'dictionary'-based attacks has included
> >such spelling 'variations' for AT LEAST A DECADE.
>
> Actually, more like 3+ decades. Dictionary attacks were known in the '70s,
> and simple substitution were known then. Password hash salting was
> originated because of dictionary attacks.
>
> Telecom Digest Moderator wrote:
> >Everyone knows that Using *ANY* dictionary word as a password is an
> >invitation to attack. What many users don't know is that hacker
> >dictionaries have all the common variants in them, such as putting an
> >exclamation point at the end of a word. The trick is to use
> >easily-memorable pass-/*PHRASES*/ that won't be in anyone's
> >dictionary.
>
> Also, what people may not realize is that odd words are in dictionaries too.
> Your Swedish Gr-Grandfather's given name that hasn't been in common use in a
> century? That is in a hacker dictionary. That technical term in some
> very non-IT related field? That is in a dictionary.
>
> Simple passphrases of slammed together words are no-longer sufficient either.
>
> More recent hacker cracking tools will take dictionary words and slam
> them togther for testing. A password such as "Cow-Pucks#Yesterday"
> will be found by standard tools and enough GPU power to cycle through
> everything.
Dictionary attacks are fast for the same reason that hashing
algorithms are fast: the idea of comparing one password hash to
another is to make verification quick so as not to take too much of
the user's time. That's why dictionary attacks are the preferred
vector: if an attacker has a good dictionary, (s)he will have a "hit"
often enough that there's no need to actually decrypt the password
hash, assuming that (s)he has access to it (see below).
In The Cuckoo's Egg, author Clifford Stoll recounted his surprise in
the moment that he learned what a dictionary attack is: he was
puzzled at the way the attacker who was in his system always copied
the /etc/passwd file, which (at that time) contained the password
hashes for every user on the system. It wasn't until he was talking
with NSA cryptographer Robert Morris that Stoll realized how far
behind the (pun intended) curve he was: Morris dismissed Stoll's
questions about the /etc/passwd file by mentioning that he had an
application that would do a dictionary attack in seconds. This is so
great an advantage that NSA crackers spend a lot of time developing
new dictionaries, because they can do a million guesses for the same
computing cost as a single "brute force" decryption attack.
Of course, the key (again, pun intended) factor is having the hashes
available to work on in the first place, which is why reports of
breakins at major retailers take on so much importance: not only does
a thief gain the advantage of having a data source (s)he can work on
at his leisure, but (s)he also benefits from the divergence between
business and security needs that is an ever-present gorilla in every
IT manager's inbox: large companies are always looking for ways to
speed up responses, and database administrators are always under
pressure to speed up database dips. While the hashing algorithms that
they use for their own computer logins may be up-to-snuff, a DBA who
wants to go home on time might choose an older, but faster, hash
function to create the password hashes for customers, just to get
those few extra milliseconds.
That's why a stolen database of password hashes is worth serious coin
in the underground cracking world: whomever has it can do "dictionary"
attacks without any risk of lockout or getting caught in a
Honeypot. Once the attacker finds a password that matches a given
hash, (s)he can use the other info in the stolen database to find the
account(s) the victim was likely to use the password for.
Of course, this is all moot, because there's a new attack avail #$@@ CARRIER LOST
--
Bill Horne
(Remove QRM from my address to write to me directly)
Date: Tue, 27 Nov 2012 01:25:27 -0500
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: How our over-reliance on satellite images led to the mystery of the South Pacific island that wasn't there
Message-ID: <p0624081bccda0cb979f3@[10.0.1.10]>
How our over-reliance on satellite images led to the mystery of the
South Pacific island that wasn't there
* It has also emerged that the latest non-finding was the SECOND
time Sandy Island had been 'un-discovered'
* Radio enthusiasts on an expedition to send a message from the
most-remote possible place reported its non-existence in 2000
* Cartography expert tells MailOnline Sandy Island could be just one
of many errors added to maps as satellite photos were digitised
By DAMIEN GAYLE
23 November 2012
Mail Online
The mysterious South Pacific island that wasn't there could be just
one many errors made in the process of digitising satellite maps of
the world, an expert said today.
Sandy Island, which appears on satellite images as an dark blob in
the Coral Sea, sparked interest worldwide yesterday when it emerged
that geologists who went looking for it found nothing there.
The Australian team who made the 'un-discovery' are now investigating
how the error could have been made, but a UK-based cartography expert
said it could merely be the result of our over-reliance on satellites.
...
http://www.dailymail.co.uk/sciencetech/article-2237499/How-reliance-satellite-images-led-mystery-South-Pacific-island-wasnt-there.html
Date: Tue, 27 Nov 2012 14:49:17 -0500
From: Reed <reedh@rmi.net>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Re: Calling Card Services
Message-ID: <PJCdnQXYyumjhCjNnZ2dnUVZ_vednZ2d@giganews.com>
On 11/26/12 7:33 PM, Scott Dorsey wrote:
> I just received a letter in the mail telling me that due to changes in
> their billing system, Credo will no longer be able to provide calling card
> services past Dec 31. I find the calling card very useful and use it a
> lot, but in bursts.
>
> Does anyone have any suggestions for other providers for calling cards?
> I find purchasing prepaid phone cards at the corner bodega is not worth
> the trouble since they often go out of date before I use them. I'll make
> a lot of calls when I'm on travel but it can sometimes be three or even
> six months between trips.
> --scott
>
Have you looked at or tried One Suite ?
http://www.onesuite.com/long-distance
I've used them for the last 8 years for just what you describe. I've
left as little as $2.00 on the account for over a year. You do have to
use or recharge at least once per year. They will send a reminder
e-mail warning if not used.
Date: Tue, 27 Nov 2012 12:30:45 -0500
From: Pete Cresswell <PeteCress@invalid.telecom-digest.org>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Re: Calling Card Services
Message-ID: <3st9b8lduj5psre9roq0gjdu06cja29749@4ax.com>
Per Scott Dorsey:
>
>Does anyone have any suggestions for other providers for calling cards?
>I find purchasing prepaid phone cards at the corner bodega is not worth
>the trouble since they often go out of date before I use them. I'll make
>a lot of calls when I'm on travel but it can sometimes be three or even
>six months between trips.
Until I switched to VOIP, I was using these guys:
CyberCalling.com
A couple of advantages: They charged fractional minutes instead
of rounding up to the nearest minute and did not charge for
unanswered calls.
Big disadvantages: Their page is in simplified Mandarin. I had
somebody who could deal with it for me, so I don't know if they
offer an English-language page. But their service/prices were
good enough that I'd give them a call to see if they do have an
English-language page.
--
Pete Cresswell
Date: 28 Nov 2012 02:53:53 -0000
From: "John Levine" <johnl@iecc.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Re: Calling Card Services
Message-ID: <20121128025353.25328.qmail@joyce.lan>
I have a Globetrotter prepaid card that I got here:
http://speedypin.com/prepaid/phone-card/GTR10
They say it expires if not used for 10 months, but I think I've gone
longer.
Domestic rate is 2.7cpm for 800 access, 1.7cpm via a vast array of
local numbers. They have access numbers in a lot of countries and
reasonable international rates.
Date: Tue, 27 Nov 2012 14:58:41 -0600
From: Frank Stearns <franks.pacifier.com@pacifier.net>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Re: Why passwords have never been weaker-and crackers have never been stronger
Message-ID: <P8qdna8PQYUctCjNnZ2dnUVZ_tCdnZ2d@posted.palinacquisition>
"John C. Fowler" <johnfpublic@yahoo.com> writes:
>Replying to Message-ID: <mtv6b8h6lf7s8d3lrshtut28ohrl3i44ja@4ax.com>
>References: <p062408c4ccd8113a8752@[10.0.1.10]>
>Pete Cresswell:
>> Can anybody comment on the specifics/methodology of this
>> improvement?
>While there have always been people who have chosen weak passwords,
>even some of the stronger ones are starting to fall. The main reason
>for that is PCs are getting faster, and large numbers of systems that
>can work in parallel are becoming more available. That is, even if
>you don't control a botnet of other people's infected computers, you
>can still rent a bunch of virtual machines from Amazon or some other
>cloud service provider, and do your dirty work there at a fraction of
>what it used to cost.
Forgive me for being ignorant, but doesn't the bad guy have to then try each
password variant s/he generates?
Once upon a time, some login systems put a 10 or 30 or 60 minute time-out interval
if you had more than three failed login attempts in a row. (The shell account of my
ISP gives you three tries, then a 10 minute lockout.)
I have a few security USB sticks that scramble the data stored on them and go inert
if there are more than seven failed logins in a row.
What am I missing? Do most login systems now allow a barrage of login attempts
without pause or question?
Seems that regardless of how much password cracking horsepower one has, some sort of
time-out on multiple login attempts -- coupled with some sort of alert being sent --
would greatly slow or even pre-empt this bad behavior.
Frank
--
.
Date: Tue, 27 Nov 2012 08:22:20 -0800 (PST)
From: HAncock4 <withheld@invalid.telecom-digest.org>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Washington Post: Defending against hacker attacks with model town
Message-ID: <425360a5-54b5-4546-b580-f8728428096b@r4g2000vbi.googlegroups.com>
"CyberCity has all the makings of a regular town. There's a bank, a
hospital and a power plant. A train station operates near a water
tower. The coffee shop offers free WiFi. But only certain people can
get in: government hackers preparing for battles in cyberspace. The
Pentagon is building a virtual city that will enable government
hackers to practice attacking and defending the computers and networks
that increasingly run the world's water, power and other critical
systems."
for full article please see:
http://www.washingtonpost.com/investigations/cybercity-allows-government-hackers-to-train-for-attacks/2012/11/26/588f4dae-1244-11e2-be82-c3411b7680a9_stor
y.html?hpid=z4
Date: Tue, 27 Nov 2012 23:45:19 -0500
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Court Temporarily Blocks School District From Suspending Student For Refusing To Wear Student ID/Tracking Device
Message-ID: <p06240854ccdb45fae5a0@[10.0.1.10]>
Court Temporarily Blocks School District From Suspending Student For
Refusing To Wear Student ID/Tracking Device
by Tim Cushing
Nov 27 2012
Techdirt
from the maybe-someone-should-ask-the-administration-to-wear-one-during-the-work-day dept
A few months back, Tim Geigner covered the story of a Texas school
district's efforts to track its students' whereabouts using student ID
cards with embedded RFID chips. The district attempted to paint this
"students-as-livestock/prisoners" effort as being there for the safety
of students and staff. But underneath all the "safety" talk was a
large pile of money that the school district hoped to pocket. The
so-called "Student Locator" project Texas' Northside Independent
School District was implementing put school officials within handout
distance of nearly $1.7 million in state government funds.
http://www.techdirt.com/articles/20121125/15041521137/court-temporarily-blocks-school-district-suspending-student-refusing-to-wear-student-idtracking-device.shtml
-or-
http://goo.gl/sAJtE
***** Moderator's Note *****
or, perhaps it's from-the-children-as-chattel department ...
Bill Horne
Moderator
Date: Tue, 27 Nov 2012 23:45:19 -0500
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Barnes & Noble Decides That Purchased Ebooks Are Only Yours Until Your Credit Card Expires
Message-ID: <p06240853ccdb4535b769@[10.0.1.10]>
Barnes & Noble Decides That Purchased Ebooks Are Only Yours Until
Your Credit Card Expires
by Tim Cushing
Nov 27 2012
Techdirt
from the ebooks:-where-'buying'-means-'renting-for-an-indefinite-period' dept
DRM rears its ugly, malformed, malignant, cross-eyed head
again. Despite the fact that, as Cory Doctorow so aptly put it, no one
has ever purchased anything because it came with DRM, an ever-slimming
number of content providers insist on punishing paying customers with
idiotic "anti-piracy" schemes.
http://www.techdirt.com/articles/20121126/18084721154/barnes-noble-decides-that-purchased-ebooks-are-only-yours-until-your-credit-card-expires.shtml
-or-
http://goo.gl/DZxSo
Date: Tue, 27 Nov 2012 13:07:37 -0800 (PST)
From: Oh Better <ohthatsbetter@yahoo.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Jane Barbe's Octel Recordings
Message-ID: <1354050457.43304.YahooMailNeo@web161904.mail.bf1.yahoo.com>
I'm a big fan of Jane Barbe, the Time Lady. Phone Trips
(
http://www.wideweb.com/phonetrips/
) has a lot of great recordings of
her Bell System work, but I can't seem to find her Octel voice mail
recordings anywhere online. I had the chance to record them about 20
years ago just before my university switched to the Marsha Graham
prompt set, but unfortunately, I didn't.
Does anyone have any of these recordings or know of a site or a person
who does? Or is there a machine out there someplace that's still
running "American English (Jane)"? I'd really love to hear the system
again, and I'd really appreciate any pointers.
Thank you,
Bobby Evans
Date: Tue, 27 Nov 2012 23:17:09 -0500
From: Monty Solomon <monty@roscom.com>
To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org.
Subject: Reports: Apple Lets Go One More Employee In Maps Fiasco
Message-ID: <p0624083eccdb40689738@[10.0.1.10]>
Reports: Apple Lets Go One More Employee In Maps Fiasco
by EYDER PERALTA
November 27, 2012
In the aftermath of the maps fiasco, the heads continue to roll at
Apple. Today, there is news that one more employee has been let go.
This time it was manager Richard Williamson, who oversaw the maps
project, who lost his job.
...
http://www.npr.org/blogs/thetwo-way/2012/11/27/166023849/reports-apple-lets-go-one-more-employee-in-maps-fiasco
TELECOM Digest is an electronic journal devoted mostly to telecom-
munications topics. It is circulated anywhere there is email, in
addition to Usenet, where it appears as the moderated newsgroup
'comp.dcom.telecom'.
TELECOM Digest is a not-for-profit, mostly non-commercial educational
service offered to the Internet by Bill Horne. All the contents
of the Digest are compilation-copyrighted. You may reprint articles in
some other media on an occasional basis, but please attribute my work
and that of the original author.
The Telecom Digest is moderated by Bill Horne.
This Digest is the oldest continuing e-journal about telecomm-
unications on the Internet, having been founded in August, 1981 and
published continuously since then. Our archives are available for
your review/research. We believe we are the oldest e-zine/mailing list
on the internet in any category!
URL information: http://telecom-digest.org
Copyright (C) 2012 TELECOM Digest. All rights reserved.
Our attorney is Bill Levant, of Blue Bell, PA.
Finally, the Digest is funded by gifts from generous readers such as
yourself who provide funding in amounts deemed appropriate. Your help
is important and appreciated. A suggested donation of fifty dollars
per year per reader is considered appropriate. See our address above.
Please make at least a single donation to cover the cost of processing
your name to the mailing list.
All opinions expressed herein are deemed to be those of the
author. Any organizations listed are for identification purposes only
and messages should not be considered any official expression by the
organization.
End of The Telecom Digest (14 messages)
Return to Archives ** Older Issues