TELECOM Digest Mon, 8 Nov 93 19:58:00 CST Volume 13 : Issue 745 Inside This Issue: Moderator: Patrick A. Townson AT&T Secure Software (David R. Arneke) Mobitex Software and Experiences (Peter van Eijk) Book Review: "Fantastic LANtastic" by Talbott/Raker (Rob Slade) Re: Earthquakes and Telecommunications (Russell Sharpe) Re: Earthquakes and Telecommunications (Ethan Miller) Bill Collectors Calling a Neighbor (Carl Moore) Re: UK Plugs, Pinout Needed (Louis Emmet Mahoney) Re: UK Plugs, Pinout Needed (Ian Payton) Re: TRW Phone Print to Fight Cellular Fraud (coyne@thing1.cc.utexas.edu) Re: TRW Phone Print to Fight Cellular Fraud (Steve Forrette) ---------------------------------------------------------------------- From: darneke@attmail.com (David R Arneke) Date: 8 Nov 93 10:06:17 GMT Subject: AT&T Secure Software Attached is a press release from AT&T Secure Communications Systems that isn't really telecom-related, but might be of interest to Internet users. We'll be demonstrating these and other data security products at COMDEX next week (we're in the NCR booth). We have a variety of secure communications products in our line, hardware and software, voice, data, fax, video and wireless. I'll keep the information coming as we put it out. Thanks again. Sincerely, David Arneke Media Relations Manager, AT&T Secure Communications Systems 919 279-7680 david.arneke@att.com AT&T INTRODUCES SECURITY SOFTWARE TO PROTECT PC, WORKSTATION DATA AND COMMUNICATIONS GREENSBORO, North Carolina -- AT&T is introducing software programs that protect a variety of laptop, PC and workstation applications. The shrink-wrapped programs, announced today, provide data privacy, digital signatures and secure data transmission. They are the first in a series that will provide end-users with public key cryptography capabilities. AT&T Secure Communications Systems has previously developed a multilevel secure UNIX software package. The products announced today are its first security-related offerings in the DOS/Windows and Macintosh markets. "These programs are a user-friendly means of establishing privacy for files stored on laptops, PCs and workstations," said Bill Franklin, business development manager for AT&T Secure Communications Systems. "They also provide privacy and other security functions for electronic mail, electronic data interchange, electronic commerce and a variety of other communications applications that users may want to keep private. The emphasis is on enterprise and inter-enterprise security applications." The software has particularly strong business and mobile computing applications. "These programs offer key capabilities for anyone working on the road, from home, at remote work sites or in a mobile-office setting," Franklin said. "They can reduce the risks of communicating over public networks." The programs incorporate emerging and established federal standards and operate across a wide variety of platforms, including MS-DOS, Windows, Macintosh and various UNIX systems. The first programs in the series are: -- AT&T SecretAgent (R), which implements the Digital Encryption Standard for privacy and the Digital Signature Algorithm and Secure Hash Standard to protect the integrity of files stored on or transmitted from personal computers. It operates transparently to e-mail systems. -- AT&T dsaSIGN (TM), which provides authentication and data integrity assurance for electronic documents through use of the Digital Signature Algorithm and Secure Hash Standard. -- AT&T SecureZMODEM (TM), which encrypts data on the fly as it is transmitted using the ZMODEM communications protocol. Additional software products based on RSA public-key technology are also available. "We will also introduce access control products, com- patible with the products we're announcing today, for PCs, workstations and networks in the coming months," Franklin said. All three programs were developed for AT&T by Information Security Corporation of Deerfield, Illinois. They are available exclusively from AT&T and its distributors. ISC will be AT&T's primary representative in the government market for these and related products. The programs use proven technology that has been available in the government market for more than a year. "All three have gained strong acceptance among government computer users," said Tom Venn, president of Information Security Corporation. The single-copy price for AT&T SecretAgent is $329.95; for AT&T dsaSIGN, $149.95; and for AT&T SecureZMODEM, $99.95. Site and enterprise licenses and volume discounts are available. All programs are available now directly from AT&T Secure Communications Systems and its distributors. Customers can get more information on AT&T software security programs by calling 1 800 203-5563. For media inquiries, call David Arneke at AT&T Secure Communications Systems, 919 279-7680. ------------------------------ From: cvitoa!pve@uunet.UU.NET (Peter van Eijk) Subject: Mobitex Software and Experiences Date: Mon, 8 Nov 1993 10:56:34 GMT Organization: Centrum Voor Informatieverwerking, Utrecht, The Netherlands Dear datacom people, As you may be aware of, Mobitex is a protocol for mobile packet switched datacom. Mobitex networks are operational in several countries of the world, including the USA. A substantial number of these is run by RAM Mobile. My company is starting to get involved in developing and deploying Mobitex based applications. I am now following leads w.r.t. software that will help us doing so. Suppliers i know of are: Nettech of NJ, AU system of Sweden, Research in Motion of Waterloo, Ontario. At this moment i am interested in sharing experiences in Mobitex application development. Also it would be nice to have email addresses of suppliers (we do have a six to nine hour time difference with North America). Given interest, I'll summarize. Peter van Eijk, CVI (Dutch Rail Automation), +31 30 924632 pve@cvi.ns.nl PO Box 2233 3500 GE Utrecht NL. ------------------------------ Date: 8 Nov 93 14:36 -0600 From: Rob Slade Subject: Book Review: "Fantastic LANtastic" by Talbott/Raker BKFANLAN.RVW 931027 OnWord Press 1580 Center Drive Santa Fe, NM 87505 "Fantastic LANtastic", Talbott/Raker, 1992, $US29.95, 0-934605-68-8 However you feel about LANtastic itself, this book has one very major point going for it: it is written for everyone. There are four well-defined sections for users, advanced users, administrators and installers. The ordering (as listed) is very helpful. Novice users will find their material first, whereas those wanting more advanced functions will be those who are used to computer documentation. One minor quibble in this regard is that the table of contents, at more than twenty pages, may scare off the newcomer before he or she gets to the opening chapter (forty-four pages in). The text is light and informal, and well supported by screen illustrations from both the DOS and Windows versions of the network operating system interface. The informality may go too far at times. (The material contains many helpful troubleshooting hints. An early one recommends abusing the network installer, and then asking for help. I'd think it would work much better the other way around.) Also, some of the hints may not be the best approach to a problem. Using an "external" editor for mail requires that the file be saved in ASCII or DOS text format. It is recommended in Word, to print to a file using the TTY format. Word, however, does have a feature to save to a text file built in. Part four, dealing with network installation, is a valuable resource often left out of LAN-related books. Unfortunately it is long on very detailed product specific information, and short on generic advice for the novice installer. Since LANtastic is very attractive to those wanting to network a few machines to share simple resources, this latter omission could be important. Chapter nineteen (the first chapter in part four) supposedly deals with designing a network. While it asks all the right questions, it doesn't tell you how to deal with the answers. There are other omissions. Security is given a reasonable amount of space. However, while password setting, changing and aging are discussed, selection of good passwords is not. There is a brief section on viral programs. If I understand it correctly, the authors have a good grasp of the realities of the situation. Unfortunately, this is one area where their humour has been granted too much leeway, and it is difficult to interpret what has been written. Altogether, this book is a very useful "one stop" reference for LANtastic networks. Given the preference for LANtastic in situations that are either very limited or highly technical, the shortcomings of the work may be either unimportant or easily covered. copyright Robert M. Slade, 1993 BKFANLAN.RVW 931027 Permission granted to distribute with unedited copies of TELECOM Digest and associated mailing lists/newsgroups. DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 DECUS Symposium '94, Vancouver, BC, Mar 1-3, 1994, contact: rulag@decus.ca ------------------------------ From: sharpe_r@kosmos.wcc.govt.nz (russell sharpe) Subject: Re: Earthquake Preparedness Date: 8 Nov 1993 09:38:24 GMT Organization: Wellington City Council, Public Access Reply-To: sharpe_r@kosmos.wcc.govt.nz In article , ndallen@io.org (Nigel Allen) writes: > Does someone know about any report relative to the telecommunication > problems encoutered after an Earthquakes (or any document related to > this topic as for example the actions needed to prevent > telecommunication problems or about the infrastructure needed to > preserve communication after the earthquakes). References to > newspapers or books and technical documents are welcolmed. Many > thanks. In New Zealand, because of our geographical nature, on the border of the Pacific, and Austrailasion Plates, we are pretty conscious of earthquakes, and volcanoes. Here are some of the precautions we take. - Trunk Route Diversity - There is more than one Cable route in/out of each major building (ie.at least one cable entrance at one end of the building, and one at the other. - National routes, use diversified Fibre Optic Transmission systems (FOTS), Coaxial Transmission Systems, and Digital Microwave Sytems to provide more than one route. - Switches All switches, and their buildings have been maintained upto very stringent seismic rules (Some of these are Government rules, and some Telecom's). Examples are: - When a new building is erected next to an existing Switching Centre, the Switching building must be upgraded to the same seismic rating as the new. - All switches are strongly bonded to the building with steel seismic braces, so no equipment will have the tendency to fall over. - Misc equipment, such as instruments, and ladders, must be properly stored away, or strapped to the wall to prevent falling. - Staff At every site the are Civil Defence Cabinets, which contain light rescue equipment, food/water supplies, and other Civil Emergency equipment that might be needed in an emergency. Russell Sharpe UseNet: sharpe_r@kosmos.wcc.govt.nz FidoNet: 3:771/370 Voice: +64 4 5637779 snailmail: 171 Holborn Drive Stokes Valley 6008 New Zealand ------------------------------ From: elm@cs.berkeley.edu (ethan miller) Subject: Re: Earthquakes and Telecommunications Date: 8 Nov 93 10:21:51 Organization: Berkeley -- Shaken, not Stirred Reply-To: elm@cs.berkeley.edu David Chessler writes: > In approximately 1969 there was a serious earthquake in Santa > Barbara, Calif., which damaged several telephone company > central offices. > This is the only U.S. earthquake in the last twenty years that > had any significant effect on the telephone system. It may have been the only one to affect the phone system physically (destruction of telecom facilities), but most earthquakes (and other natural disasters) bring the system to its knees with the overload of phone calls. After the 1989 Loma Prieta quake, the phone system in the Bay Area was approximately useless due to the extremely high load on the system. It took minutes to get a dial tone, and so many calls came from out of the area that the LD carriers had to shut off incoming calls. Just goes to show that you can plan all you want to avoid physical trauma to the phone system, but that doesn't guarantee the system will be working usefully 100% of the time. ethan miller--cs grad student elm@cs.berkeley.edu #include ------------------------------ Date: Mon, 8 Nov 93 23:47:28 EST From: Carl Moore Subject: Bill Collectors Calling a Neighbor Page 2A of the November 5 {Baltimore Sun} has a Mike Royko column (obviously syndicated) about some bill-collector tactics. He writes of Dave Gault, age 32 and living in Chicago, getting calls from bill collectors who are not after him but after a NEIGHBOR. According to the article, Mr. Gault knows nothing about this deadbeat neighbor except that he is a neighbor. It mentions Mr. Gault making a 1:30 AM phone call to the worst of the callers, a woman in Ohio whose first name is Jane, and Jane threatened to file charges if he did that again (it was 2:30 AM in Ohio). The article goes on to say that there are federal and state laws to help people in situations like Mr. Gault's. [Moderator's Note: The same article was in the {Chicago Tribune}, and as usual, Royko made a silly commentary. Unfortunatly for Mr. Gault, 'Jane' is right and he is wrong. Under *no circumstances* according to the law could 'Jane' or others like her call at 1:30 AM to discuss whatever they want to talk about. By virtue of him placing his call deliberatly at that hour, he was harassing her. His answer was that since his sleep during the day (he is a night worker) was interuppted, 'Jane' should have her sleep interuppted also. That's not the way the law pertaining to bill collectors reads. The law says collectors can call between 8 AM and 8 PM local time, and never on Sunday. The law makes no particular allowance for night workers who may be asleep at those hours. Bill collectors working evening shifts make calls to the east coast first *then* start calling the west coast since they are allowed by law to call until 8 PM *local* time, which is maybe 10-11 PM if they themselves are on the east coast. Mr. Gault does have legal recourse: he can tell the agency to cease further contacts with him for any reason and the agency must comply. He would talk to 'Jane' when she called in the middle of the day, advising her he could not help with contacting the neighbor, and from the story was resentful of her repeated calls asking him to help, but there is no indication that at any time he specifically said *do not call me again*. Those magic words would have ended the calls, at least from any ethical collection agency which follows the law. But since 'Jane' originally called in good faith with no knowledge that Mr. Gault would be asleep during permissible calling hours, she did not harass him. By disturbing her on purpose, he did harass her. PAT] ------------------------------ From: pooka@access.digex.net (Louis Emmet Mahoney) Subject: Re: UK Plugs, Pinout Needed Date: 8 Nov 1993 17:50:39 -0500 Organization: Express Access Online Communications, Greenbelt, MD USA bnh@active.com (Brian Hess) writes: > In article heller@nirvana.imo.physik. > uni-muenchen.de (Helmut Heller) writes: > U .K. U.S. (connectors viewed from above, metal contacts up) > ^||||^ ^||||^ > WGBR RW > Where ^ = open (non-metal) contact slot > | = metallic contact > W = white, G = green, B = blue, R = red > 1) Sorry for the odd colors in the wire, but it's what I got from ye olde > local telecom shoppe when I asked for six inches of line cord. If one happens to _be_ in the U.K., Radio Shack shops there used to carry US-to-UK modular converter adapters. They are probably still available. ------------------------------ From: payton@nmp.nokia.com (Ian Payton) Subject: Re: UK Plugs, Pinout Needed Date: 8 Nov 1993 09:32:42 GMT Organization: Nokia Mobile Phones Reply-To: payton@mobira.nmp.nokia.com Just to clarify an important point ... it is illegal to connect a piece of equipment to the public network in Britain unless the equipment has been approved by the appropriate British approvals people for Telecoms equipment. This is very unlikely to be the case for equipment sold outside the UK. Ian Payton | Standard disclaimer: The views expressed above payton@mobira.nmp.nokia.com | are my own, and do not necessarily represent Camberley, UK | the views of any organisation to which I belong. ------------------------------ From: coyne@thing1.cc.utexas.edu Subject: Re: TRW Phone Print to Fight Cellular Fraud Date: 8 Nov 1993 17:45:23 GMT Organization: The University of Texas at Austin, Austin, Texas In article pjoslin@mbvlab.wpafb.af.mil (Paul Joslin) writes: > In article , Willie Smith > (wpns@newshost.pictel.com) wrote: >> erik_ramberg@SMTP.esl.com (Erik Ramberg) writes: >>> Being passed along FYI: >>> TRW INTRODUCES BREAKTHROUGH TECHNOLOGY TO BLOCK CELLULAR FRAUD >> Ha! All this probably means is you have to clone the same >> manufacturer and model of phone. Especially with the big push to Six >> Sigma (every product is identical to one part in a million), it's >> going to be really difficult to tell phones of the same model apart >> without denying service to folks at slightly different temperatures, >> battery charge levels, and altitudes. How long do you think it'll >> take the cloners to crack this one? Identifying a transmitter that would prefer to remain anonymous has been a matter of some interest to spy guys since the beginning of radio. In the days of Morse code it was easy. A skilled operator could recognize the "fist" at the key of the transmitter much as you can recognize a voice on the phone. After WWII ended Teletypes replaced Morse code and it was tougher to ID a transmitter. When a transmitter is keyed up, it does not fire up instantaneously on frequency. It may be a little low or high and it takes a while to settle. In severe cases this will be audible to the listener as a "chirp." The direction, amount, and settling time vary from radio to radio. Presumably, some attribute(s) of the chirp varies widely radio to radio even of the same model and little from day to day. It is not something you align the radio for as long as it settles "quickly" and does not interfere with adjacent channels. It seems likely that high frequency synthesizers built under fierce cost, space, and power constraints would chirp rather nicely. Currently cloners buy a scanner at Radio Shack and need only phone programming skills. Measuring a chirp requires rather expensive gear not currently available at RS. I am sure the security guys will not willingly publish which chirp attributes they measure or how closely. There may be other suitable attributes besides the chirp. It will be complicated for the good guys by the requirement to not deny service to the rightful users. It could be spoofed, but you would need to add extra components in the zero available space to tune the chirp and it would require MUCH more than the usual skill at aligning radios. Cell fraud will, at the very least, cease to be a cottage industry. The Japanese navy spoofed the US by leaving the usual code operators at home to generate the usual traffic with the usual fist when their fleet sailed for Pearl Harbor. It may have been easier then than now. ------------------------------ From: stevef@wrq.com (Steve Forrette) Subject: Re: TRW Phone Print to Fight Cellular Fraud Date: 8 Nov 1993 02:18:04 GMT Organization: Walker Richer & Quinn, Inc. Reply-To: stevef@wrq.com (Steve Forrette) In erik_ramberg@SMTP.esl.com (Erik Ramberg) writes: > TRW INTRODUCES BREAKTHROUGH TECHNOLOGY TO BLOCK CELLULAR FRAUD > TRW teams with PacTel Cellular to attack cellular fraud > SUNNYVALE, CALIFORNIA, Oct. 19, 1993 - ESL incorporated, a subsidiary > of Cleveland-based TRW Inc., is testing an electronic system with > PacTel Cellular that tracks, identifies and blocks illegally made > cellular telephone calls. > The system works by making an electronic "print" based on the > unique signal transmission characteristics for each cellular phone. > Because each phone has a unique print - an electronic version of a > human fingerprint - it cannot be duplicated. Once the real print is > recorded, detection of a counterfeit print can be made. TRW > PhonePrintTM is able to provide real-time analysis of each print every > time a call is made and can block access within seconds of a > counterfeit call be placed. One detail that is conspicuously absent from the description is how it works with roamers. Since the PacTel Los Angeles system won't have a fingerprint on file for every phone in North America, it has no way of verifying the legitimacy of a roamer. And isn't this where all of the phraud is? Will PacTel only accept roamers from systems that also have this system? This doesn't seem practical, but any other option would result in the bad guys using MINs/ESNs from systems that don't have the new system in place. Another poster assumed that the fingerprint might only be specific down to the model of phone. I think this is not true from the description others have posted, but the question came up as to how the thieves would find out the make and model for the MIN/ESN they want to clone. Aren't the ESNs issued in blocks to manufacturers from some central body, much like automobile VIN's? If so, then the manufacturer would be a matter of public record based on the first few digits of the ESN, and the breakdown amongst a single manufacturer's models could be determined through general observations. Steve Forrette, stevef@wrq.com ------------------------------ End of TELECOM Digest V13 #745 ****************************** ****************************************************************************** Downloaded From P-80 International Information Systems 304-744-2253