For your convenience in reading: Subject lines are printed in RED and
Moderator replies when issued appear in BROWN.
Previous Issue (just one)
TD Extra News
TELECOM Digest Wed, 16 Mar 2005 09:46:00 EST Volume 24 : Issue 116 Inside This Issue: Editor: Patrick A. Townson Online Banking Industry Very Vulnerable to Cross-Site Script (M Solomon) Know your Enemy: Tracking Botnets (Monty Solomon) 3 Verizon Phones -- Throw Away or What? (Paintblot) British Firm Breaks Ground in Surveillance Science (Marcus Didius Falco) What Happened To Channel 1 (davisdynasty83) Iridium II: Is Satellite Radio Doomed? (delete 'z' for my real address) Correlator (Flavia) Re: Former WorldCom CEO Guilty on All Counts (Thomas A. Horsley) Re: Vonage or Lingo Allow For Faxing? (Hank Karl) Re: Cell Phone Reception (Joseph) Attacked by a Dog Which was Playing (Patrick Townson) Telecom and VOIP (Voice over Internet Protocol) Digest for the Internet. All contents here are copyrighted by Patrick Townson and the individual writers/correspondents. Articles may be used in other journals or newsgroups, provided the writer's name and the Digest are included in the fair use quote. By using -any name or email address- included herein for -any- reason other than responding to an article herein, you agree to pay a hundred dollars to the recipients of the email. =========================== Addresses herein are not to be added to any mailing list, nor to be sold or given away without explicit written consent. Chain letters, viruses, porn, spam, and miscellaneous junk are definitely unwelcome. We must fight spam for the same reason we fight crime: not because we are naive enough to believe that we will ever stamp it out, but because we do not want the kind of world that results when no one stands against crime. Geoffrey Welsh =========================== See the bottom of this issue for subscription and archive details and the name of our lawyer; other stuff of interest. ---------------------------------------------------------------------- Date: Tue, 15 Mar 2005 11:53:47 -0500 From: Monty Solomon <monty@roscom.com> Subject: Online Banking Industry Very Vulnerable to Cross-Site Scripting Online Banking Industry Very Vulnerable to Cross-Site Scripting Frauds Phishing Attacks reported by members of the Netcraft Toolbar community show that many large banks are neglecting to take sufficient care with the development and testing of their online banking facilities. Well known banks have created an infestation of application bugs and vulnerabilities across the Internet, allowing fraudsters to insert their data collection forms into bona fide banking sites, creating convincing frauds that are undetectable to most customers. Indeed, a personal finance journalist writing for The Motley Fool was brave enough to publicly admit to having fallen for a fraud running on Suntrust's site and having her current account cleaned out. It's a reasonable premise that if a Motley Fool journalist can fall for a fraud, anyone can. One fraud recently blocked by the Netcraft Toolbar was at Citizens Bank. Fraudsters composed and mass mailed a phishing mail which exploited a program on CitizensBank.com, loading Javascript from the attackers' server hosted at Telecom Italia. Customers were presented with a page bearing the CitizensBank.com URL in the address bar, while the browser window displays a form from the Telecom Italia server asking for user login information. The script being exploited allows visitors to search for Citizens Bank branch offices in their town. Along with search scripts, branch locator pages are frequently carelessly coded and are targets for fraudsters who are actively analyzing financial web sites for weaknesses. http://news.netcraft.com/archives/2005/03/11/online_banking_industry_very_vulnerable_to_crosssite_scripting_frauds.html ------------------------------ Date: Tue, 15 Mar 2005 11:53:06 -0500 From: Monty Solomon <monty@roscom.com> Subject: Know Your Enemy: Tracking Botnets Using honeynets to learn more about Bots The Honeynet Project & Research Alliance http://www.honeynet.org Last Modified: 13 March 2005 Honeypots are a well known technique for discovering the tools, tactics, and motives of attackers. In this paper we look at a special kind of threat: the individuals and organizations who run botnets. A botnet is a network of compromised machines that can be remotely controlled by an attacker. Due to their immense size (tens of thousands of systems can be linked together), they pose a severe threat to the community. With the help of honeynets we can observe the people who run botnets -- a task that is difficult using other techniques. Due to the wealth of data logged, it is possible to reconstruct the actions of attackers, the tools they use, and study them in detail. In this paper we take a closer look at botnets, common attack techniques, and the individuals involved. We start with an introduction to botnets and how they work, with examples of their uses. We then briefly analyze the three most common bot variants used. Next we discuss a technique to observe botnets, allowing us to monitor the botnet and observe all commands issued by the attacker. We present common behavior we captured, as well as statistics on the quantitative information learned through monitoring more than one hundred botnets during the last few months. We conclude with an overview of lessons learned and point out further research topics in the area of botnet-tracking, including a tool called mwcollect2 that focuses on collecting malware in an automated fashion. http://www.honeynet.org/papers/bots/ ------------------------------ From: Paintblot <sssssssssssff@ef.com> Subject: 3 Verizon Phones - Throw Away or What? Date: Tue, 15 Mar 2005 16:04:03 -0800 Organization: Cox Communications I'm permanently leaving the USA in a few weeks. I have a Verizon account with 3 telephones, 2 of which are almost new. These phones have 2 year contracts. When we leave, what should I do? I cannot take them back to Verizon, because all they'll want is the big dollar contract buyout, which I won't pay (let them attack my credit, who cares, I'm not coming back here). Sell the phones? Aren't they banned from continuing to work on the Verizon network, and locked into the Verizon network? Just destroy them and throw them away? Any advice appreciated! [TELECOM Digest Editor's Note: My personal advice, for whatever it is worth, is sell them for a few dollars each and get what you can out of them. If you know anyone you can generally trust, sell them a phone (for ten or twenty dollars?) with the understanding that _they_ can continue to pay the bill for the remainder of the contract (or until they get tired of paying the bill and/or the phone gets turned off, whichever comes first. PAT] ------------------------------ Date: Tue, 15 Mar 2005 21:32:20 -0500 From: Marcus Didius Falco <falco_marcus_didius@yahoo.co.uk> Subject: British Firm Breaks Ground in Surveillance Science http://www.reuters.com/newsArticle.jhtml?type=topNews&storyID=7892255 By Mark Trevelyan, Security Correspondent MALVERN, England (Reuters) - The "suicide bomber" clips a shrapnel-filled belt around his waist and buttons up his jacket to conceal it. As he turns back and forth in front of a semi-circular white panel, about the size of a shower cubicle, a computer monitor shows the metal-packed cylinders standing out clearly in white against his body. This is no real security alarm: it's a demonstration at the British technology group QinetiQ of a scanning device that sees under people's clothes to spot not just metal but other potential threats like ceramic knives or hidden drugs. The electromagnetic technology, known as Millimeter Wave (MMW), is just one aspect of a potential revolution in security screening being pioneered at QinetiQ, formerly part of the research arm of the British defense ministry. "Actually, detecting a suicide bomber in the lobby of an airport is not a great thing to happen," Simon Stringer, new managing director of QinetiQ's security business, says with British understatement. "It's slightly better than having him do it in the departure lounge or perhaps on the plane, but you're still doing to have to deal with a significant problem." That's why, he says, the trend for the future will be to move the scanners outside the terminal building and operate them in "stand-off mode" -- checking people from a distance before they even set foot inside. The advantage is obvious: to spot potential attackers without alerting them to the fact, and gain precious seconds for security forces to prevent an attack. ARE YOU SWEATING TOO MUCH? Another prospect in store for air travelers is "hyperspectral sensing" that will check for chemicals called pheromones, secreted by the human body, which may indicate agitation or stress. "People under stress tend to exude slightly different pheromones, and you can pick this up ... There are sensing techniques we're working on," Stringer said. The stress may have an innocent cause, such as fear of flying, but could also betray the nervousness of a potential attacker. The point is to alert security staff to something unusual that may need further investigation. As with MMW, the technology could function at a distance and without the need for people to wait in line. By conducting such checks while people are approaching the airport and moving through it, authorities could avoid bottlenecks and queues. SUSPICIOUS MOVEMENTS As the passenger proceeds through the terminal, the next layer of surveillance could be carried out through "cognitive software" which monitors his or her movements and sounds a silent alarm if it picks up an unusual pattern. "Someone who's been back in and out of the same place three times or keeps bumping into the same people might be something that's worthy of further investigation ... I think that's really the sort of capabilities we're going to be looking at," Stringer said in an interview. While many of these technologies are still under development, others have already been rolled out to clients by QinetiQ, which made group operating profit of 28 million pounds ($53.9 million) in the six months to last September. Millimeter wave, for example, has been tested at airports and, in a different application, is being used by British immigration authorities and Channel Tunnel operator Eurotunnel to detect illegal immigrants trying to enter the country as stowaways in the back of trucks. Stringer says the potential market for MMW runs into the hundreds of millions of dollars and goes well beyond the transport sector. "We're spending quite a lot of time talking to multinationals who want to establish perimeter security systems around plant, installations and buildings," he said. QinetiQ -- owned 30 percent by private equity group Carlyle and 56 percent by the British government -- expects rapid growth for its security business as it gears up for a stock market launch. BIG BROTHER? But how will ordinary people embrace the prospect of surveillance technology that sees through their clothes, checks how much they're sweating and tracks their airport wanderings between the tax-free shops and the toilets? Stringer acknowledges that some might see this as George Orwell's Big Brother come true. "There are always going to be issues of privacy here and they're not to be belittled, they're important." But he says smarter technology will actually make the checks less intrusive than those now in standard practice, such as being searched head to foot after setting off a metal detector alarm. "Personally I find that more irritating than the idea of someone just scanning me as I walk through," he said. "You're under surveillance in airports anyway. What you're looking at here is just being applied more intelligently." NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at http://telecom-digest.org/td-extra . Hundreds of new articles daily. *** FAIR USE NOTICE. This message contains copyrighted material the use of which has not been specifically authorized by the copyright owner. This Internet discussion group is making it available without profit to group members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of literary, educational, political, and economic issues, for non-profit research and educational purposes only. I believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner, in this instance, Reuters Limited. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml ------------------------------ From: davisdynasty83 <davisdynasty83@yahoo.com> Subject: What Happened To Channel 1 Date: 15 Mar 2005 19:06:16 -0800 Organization: http://groups.google.com I've always wondered what happened to Channel 1 as a viable television channel. Is there a substantial reason behind this? I am very interested in this particular issue and if anyone could provide me with any information pertaining to this subject I would greatly apprecaite it. [TELECOM Digest Editor's Note: This is a topic we have covered here on a few occassions in the past. The generally accepted answer is that the lowest of the television channels (one through four or five) are allocated in very close proximity to the 'VHF-low' radio frequencies. In fact, channel one on television overlapped a section of the VHF-low area and caused much interference with VHF-low radio activities (30-50 megs) so it was decided to return the use of that frequency to the VHF-low people (often times small town police/sheriff forces, etc). This decision (to return the 'channel one' allocation to the VHF-low people) was made back in the early days of television, around the 1940's. So for most people, they can never remember a time when there 'used to be a channel one'. More modern (over the air) television sets do not even include a '1' dial any longer, and haven't for about a half-century. Now cable-ready television sets and channel one is a totally different matter. PAT] ------------------------------ From: Walter Dnes (delete the 'z')<wzaltdnes@waltdnes.org> Subject: Iridium II: Is Satellite Radio Doomed? Date: 16 Mar 2005 05:27:14 GMT Reply-To: see_my_sig_at_bottom_of_message@waltdnes.org I was originally going to post this in answer to another posting, but this goes off on its own tangent, so I'm giving it a separate thread. When the original Iridium was being drawn up on the planning boards, the accountants went over the numbers very meticulously. They compared the cost of of an inconvenient bulky Iridium receiver with the cost of an inconvenient bulky mobile-telephone receiver (break-even). They compared the projected worldwide coverage of Iridium with the miniscule footprints of mobile-telephone transmitters, which were almost all located in a few major city centres (advantage Iridium). They compared the horrendously high cost-per-minute of Iridium usage with the horrendously high cost-per-minute of international long distance (break even). Etc, etc. After going through the entire business plan, Iridium looked like a winner. But the telecom industry changed between the drawing board and launch pad. Inconvenient bulky mobile-telephone receivers were replaced by dinky little cellphones. Cellphone companies built out their coverage area to include almost all potential customers in the 1st world. And cellphone and long distance rates plummeted due to competition. Iridium was doomed even if it launched on budget and on spec. The only major customers now are mineral exploration companies and US DOD in really isolated places with no telecom infrastructure. I'm sure that satellite radio went through much the same number crunching under the eyes of watchful accountants 10 years ago. Back then, we had reached the extreme limit of regular modems at 33.6 kbits/sec. FM-mono yes, but nowhere near good enough for FM-stereo quality, let alone CD quality. Besides, if someone really wanted to listen to it a lot, you'd need a second phone line, another $30/month. Things change. A lot of satellite radio's target households have broadband and can get "internet radio" now. Both satellite and internet radio have to pay royalties. But internet radio only pays incremental bandwidth costs over the net, while satellite radio has to pay for a network of satellites to be launched and maintained in orbit. Satellite radio requires an antenna or dish of some sort, while internet radio is simply another item in your browser's bookmark list. The car was supposed to be the last refuge of satellite radio that internet radio couldn't touch. But 3G, WiFi, and WiMax are showing that it can be done. I think that satellite radio will be another "Pola-Vision". Interesting technology that was rendered obsolete by other developments as it came out. Walter Dnes; my email address is *ALMOST* like wzaltdnes@waltdnes.org Delete the "z" to get my real address. If that gets blocked, follow the instructions at the end of the 550 message. ------------------------------ From: flavia_rafols@yahoo.es (Flavia) Subject: Correlator Date: 16 Mar 2005 02:15:10 -0800 Organization: http://groups.google.com Hello! I work in a project with Spread Spectrum Technik. I must to program a correlator. I have read about matched filters. That is wie to program a fir filter? I have a question. I wanted to know how can I choose a PN-Code. I have a noise and die Spectrum, and ideal I want to choose a code which the spectrum complementary. How can I make it? I know that I can produce codes with simulink, but how can I choose a code with the complementary spectrum for my noise? Thanks and regards, Flavia Rafols ------------------------------ Subject: Re: Former WorldCom CEO Guilty on All Counts From: tom.horsley@att.net (Thomas A. Horsley) Organization: AT&T Worldnet Date: Wed, 16 Mar 2005 02:13:21 GMT I think what the jurors "got" wasn't necessarily a complete grasp of a complex case, but simple recognition that Ebbers should have known what was going on even if he really didn't, and that he should go to jail for either fraud or incompetence, so they might as well convict him :-). >>==>> The *Best* political site <URL:http://www.vote-smart.org/> >>==+ email: Tom.Horsley@worldnet.att.net icbm: Delray Beach, FL | <URL:http://home.att.net/~Tom.Horsley> Free Software and Politics <<==+ [TELECOM Digest Editor's Note: I am reminded of a new book written by Fred Goldstein entitled 'The Great Telecom Meltdown' which does cover a lot of the history of telecom since 1879 to the present, but with much emphasis on the post-divestiture era, and specifically the time frame from 1996-2003. It is a very technical book; you cannot just flip the pages to read it. I'll do a more detailed review of it here in a few days, but not only WorldCom/MCI but Qwest as well are discussed. And the story of Bernard Ebbers is _not_ the end of the tale. It appears the folks in Denver are in for some hard times with the law in the near future. Fred also gets into a discussion of the 'dot.com' bubble bursting and the myth of 'the internet is doubling in size every hundred days' which was considered to be gospel in the late 1990's. PAT] ------------------------------ From: Hank Karl <notgiven@nothere.com> Subject: Re: Vonage or Lingo Allow For Faxing? Date: Tue, 15 Mar 2005 22:06:06 -0500 Organization: NETPLEX Internet Services - http://www.ntplx.net/ They both have a fax line "free" with the business service. On 13 Mar 2005 18:57:54 -0800, zcarenow@yahoo.com wrote: > Do any of these services allow the capability for me to use my fax > machine to fax out and receive faxes from others? Thanks. ------------------------------ From: Joseph <JoeOfSeattle@yahoo.com> Subject: Re: Cell Phone Reception Date: Tue, 15 Mar 2005 22:43:38 -0800 Reply-To: JoeOfSeattle@yahoo.com On Mon, 14 Mar 2005 22:39:56 GMT, tom.horsley@att.net (Thomas A. Horsley) wrote: > Go visit the forums over on http://www.howardforums.com/, the > phone hackers there have info on just about every model phone > (where to find cables that hook to your computer, what software > and drivers you need to extract info off the phone, etc). > I have an audiovox 8910 I extract pictures from all the time > using bitpm and a cable for a different model LG phone. I really don't think those who contribute to Howardforums would appreciate you calling them *hackers!* Would you like someone to call you a hacker? Howardforums prides itself for not allowing information that is proprietary. They do not even allow discussion of phone unlocking which is very legal but it's a subject that the board owner has forbidden in discussions. Be very careful of what you accuse someone of being. ------------------------------ From: ptownson@massis.lcs.mit.edu (Patrick Townson) Date: Wed, 16 Mar 2005 6:00:00 EST Subject: Attacked by a Dog Which was Playing Buffy is _huge_ dog of the Australian Cattle Dog variety. When I say huge, I mean of the Irish Wolfhound type of animal. She is several months old, very playful, and came into my life about two weeks ago. She is very 'rough around the edges, had not been housebroken when I got her and had obviously been mistreated in her younger days by her previous master. I say that because when I roll up a newspaper in my hands and she sees me doing it, she becomes _very_ submissive and quiet, afraid she is going to get swatted, etc. And, very important, she has not been 'fixed' as of yet. When she came here to live, she had a collar which was far too tight, had caused some skin irritations on her. One of the guys who hangs around here a lot, a kid named Eric brought her over and asked me if I could 'give her a good home'. After finding out the hard way that Buffy had not been housebroken, and watching her cower and become submissive right after she made a mess in my parlor, I saw the problem. She was expecting to get swatted for doing what comes natural for dogs -- for all of us I guess. By using the word 'potty' and opening the door to my backyard I finally got her to understand to let me know when she wanted to go outside to do 'it', and now she is pretty much housebroken. And that brings me to the gist of this story: About 4 AM this morning, while I was asleep, Buffy started making a ruccus. I stumbled out of bed, went to the back door mumbling 'potty' and pushed the door open. Buffy was all excited and in trying to get out the door with me in it she knocked me down. I fell, banged up my own face pretty well, and chipped a tooth which was about gone anyway. Remember, she _is_ a very big dog, weighing close to a hundred pounds, who likes to jump in the air and race around the room as she communicates with me. She came back inside, saw my face all bloody as I laid on the bed and decided she would lick my face to tell me she was sorry, etc. Needless to say, the two cats totally *hate* Buffy, and run to hide when they see her coming. Now comes about 8 AM, I had not been able to get back to sleep, my face is all swollen up and I am missing a couple of teeth. Lisa's mother shows up (she had a key to get in and out as does Justin (Lisa's husband) and Eric, mainly in case I wind up croaking sometime in the middle of the night. She gets _very_ anxious seeing me there with swollen face, missing tooth and calls Lisa to come over. Lisa arrives, looks me over and says sarcastically 'well what happened to you, did Justin or Eric come over during the night and decide to beat you up, or punish you?' I told her it was that damn dog that Eric had brought over. Now they want me to call the Animal Control officer for the city and have Buffy taken away to the Animal Shelter and a certain death I imagine. But I am going to continue trying to work with the animal if I can; she loves me and I love her, and even if the two cats still hate her, I am sure they will learn to at least tolerate her. But, I have to go to the doctor myself later today and have him decide what to do about my swollen face, if anything. And as for now, Buffy is curled up under my feet at the computer desk sound asleep. PAT ------------------------------ TELECOM Digest is an electronic journal devoted mostly but not exclusively to telecommunications topics. It is circulated anywhere there is email, in addition to various telecom forums on a variety of networks such as Compuserve and America On Line, Yahoo Groups, and other forums. It is also gatewayed to Usenet where it appears as the moderated newsgroup 'comp.dcom.telecom'. TELECOM Digest is a not-for-profit, mostly non-commercial educational service offered to the Internet by Patrick Townson. All the contents of the Digest are compilation-copyrighted. You may reprint articles in some other media on an occasional basis, but please attribute my work and that of the original author. Contact information: Patrick Townson/TELECOM Digest Post Office Box 50 Independence, KS 67301 Phone: 620-402-0134 Fax 1: 775-255-9970 Fax 2: 530-309-7234 Fax 3: 208-692-5145 Email: editor@telecom-digest.org Subscribe: telecom-subscribe@telecom-digest.org Unsubscribe:telecom-unsubscribe@telecom-digest.org This Digest is the oldest continuing e-journal about telecomm- unications on the Internet, having been founded in August, 1981 and published continuously since then. Our archives are available for your review/research. We believe we are the oldest e-zine/mailing list on the internet in any category! URL information: http://telecom-digest.org Anonymous FTP: mirror.lcs.mit.edu/telecom-archives/archives/ (or use our mirror site: ftp.epix.net/pub/telecom-archives) Email <==> FTP: telecom-archives@telecom-digest.org Send a simple, one line note to that automated address for a help file on how to use the automatic retrieval system for archives files. You can get desired files in email. ************************************************************************* * TELECOM Digest is partially funded by a grant from * * Judith Oppenheimer, President of ICB Inc. and purveyor of accurate * * 800 & Dot Com News, Intelligence, Analysis, and Consulting. * * http://ICBTollFree.com, http://1800TheExpert.com * * Views expressed herein should not be construed as representing * * views of Judith Oppenheimer or ICB Inc. * ************************************************************************* ICB Toll Free News. Contact information is not sold, rented or leased. One click a day feeds a person a meal. Go to http://www.thehungersite.com Copyright 2004 ICB, Inc. and TELECOM Digest. All rights reserved. Our attorney is Bill Levant, of Blue Bell, PA. ************************ DIRECTORY ASSISTANCE JUST 65 CENTS ONE OR TWO INQUIRIES CHARGED TO YOUR CREDIT CARD! REAL TIME, UP TO DATE! SPONSORED BY TELECOM DIGEST AND EASY411.COM SIGN UP AT http://www.easy411.com/telecomdigest ! ************************ Visit http://www.mstm.okstate.edu and take the next step in your career with a Master of Science in Telecommunications Management (MSTM) degree from Oklahoma State University (OSU). This 35 credit-hour interdisciplinary program is designed to give you the skills necessary to manage telecommunications networks, including data, video, and voice networks. The MSTM degree draws on the expertise of the OSU's College of Business Administration; the College of Arts and Sciences; and the College of Engineering, Architecture and Technology. The program has state-of-the-art lab facilities on the Stillwater and Tulsa campus offering hands-on learning to enhance the program curriculum. Classes are available in Stillwater, Tulsa, or through distance learning. Please contact Jay Boyington for additional information at 405-744-9000, mstm-osu@okstate.edu, or visit the MSTM web site at http://www.mstm.okstate.edu ************************ --------------------------------------------------------------- Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of fifty dollars per year per reader is considered appropriate. See our address above. Please make at least a single donation to cover the cost of processing your name to the mailing list. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization. End of TELECOM Digest V24 #116 ****************************** | |