I work for AT&T _Wireless_ (to be pedantic, AT&T doesn't provide cellular service). Your implication that we sell or disseminate your mobile phone numbers to telemarketers sullies ATT Wireless' good name based on groundless, rash supposition.
Here are some plausible alternative explanations for how your mom could get telemarketing calls on her cellphone:
1. _She_ (not ATT Wireless) gave it to someone who gave it to someone...
2. Someone who had her number before her did #1. Numbers are recycled (thrown back into the pool) so this is entirely possible. The likelihood of this depends on how long she's had the number.
3. A telmarketing organization just guessed at the number, perhaps at random, and found that it works. Number prefixes are not a secret and autodialers could most certainly try numbers within an NPA-NXX range until they hit pay dirt. I don't know if this is used in practice but there's nothing stopping them from doing so if they decide to disobey the law prohibiting them from doing so.
You should probably start by sending e-mail to privacy@attws.com for someone to investigate the merits of your claim rather than air this dirty laundry in public. You could also have her call Customer Care at 611. This has never happened to me in about 7 years of having ATT Wireless service but I have heard of other cases, so Customer Care is probably well equipped to assist you.
Senator Maria Cantwell (from my state of Washington) made a great speech regarding this legislation.
However, she did vote for it. That's what gets me: if they really don't think it is a good idea, why do they vote for it?
She indicates that there is still the hope that it can be blocked later if not fully addressed.
Right. Bruce would say that if you think cryptography is the answer to your problem, then you don't understand your problem, nor do you understand cryptography.
Think about this: cryptography can't even solve the basic problem of maintaining confidentiality of cryptographic keys...
It is not a panacaea and is often not the place that attackers will break the system. It's usually in the protocols or the design/implementation of the scheme.
Through an unfortunate run-in with Slashdot's imperfect moderation system, my comments on this issue and others were never modded up to a level to be seen. I posted this link to an online petition earlier this week:
This sounds like exactly how real-time operating systems work: you make the actual OS preemptable. They do it by running the real OS "as a process" on a RT OS kernel so that they can preempt it. Big deal--why should they get a patent for this?
If it is illegal to use cryptography, therefore criminals won't do this.
Now replace "cryptography" with "hijack planes and kill thousands of people":
If it is illegal to hijack planes and kill thousands of people, therefore criminals won't do this.
Now ask yourself why you think that actual criminals who engage in terrorism will obey _crypto_ laws when they have such careless regard for more serious laws.
Get real lawmakers!! Do something that will actually HELP the situation and not just do NOTHING except ERODE OUR RIGHTS!!!!!!
The flights that were hijacked, from United and AA, were numbered as follows:
11, 93, 175, and 77 11 = Yesterday 9+3 = 12 = Today 1+7+5 = 13 = Thursday 7+7 = 14 = Friday
Ugh.
Such illogical drivel. Trying to find meaning in the meaningless and trashing rationality in the process.
Notice how you tried to make a consistent point but conveniently ignored the inconsistency that would have destroyed your so-called "order": all of the numbers you derived were found by adding the numbers of the flight numbers _except_ for the first one. You took that one without modification simply because it seemed to support your hypothesis and would not have if you were consistent in adding the numbers of all flights.
"When you get your reading, you may find yourself ignoring the parts that don't fit you at all, and focusing on those parts that do seem to fit. They may actually fit you or they may fit your image of how you would like to be. No matter; if they fit, you may fall for it."
>>I know you think complaining and mispelling windows makes you 1337 and all<<
Sorry, you don't know. Platform dependent distributions are annoying. This was a.exe. I only run *nix: hence the frustration.
<i>>> but have you should really try running unzip on a self extracting zip file. I think you'll be pleasantly suprised.<<</i>
Thanks. I'll remember that and try next time.
As others have pointed out now, USWest has finally made v2.4.1 available for download. Too bad it's a self-extracting zip so you need windoze. However, the latest release is v2.4.2. v2.4.2 release notes don't mention any of these DoS issues being resolved. I've upgraded to v2.4.1 and want to get to v2.4.2 but there are two versions on the Cisco Software Center:
nsrouter.c675.2.4.2.bin Image v2.4.2 for 675 2.4.2 996518 bytes
And
c675.2.4.2.bin Mixed header image v2.4.2 for 675 2.4.2 996560 bytes
Anyone know what the difference is?
Cisco's site really sucks for updates. It would only make sense to at least link to the latest firmware in the release notes for each version...
Their security advisory in May http://www.cisco.com/warp/public/707/CBOS-multiple 2-pub.html even didn't have a link to upgraded versions of CBOS. It said to call the TAC!
Calling the TAC resulted in them saying that contracts require going through the ISP (Qwest). I was on hold with Qwest for over an hour until my phone battery died.
The instructions given when calling Qwest's DSL support line 1-888-777-9569, option 2 are:
1) set web disable
2) write
3) reboot
Perhaps not doing the last two steps is why you are still apparently vulnerable. Of course, if you are running the device in bridging mode, this is irrelevant since the device does not have an IP address and must be accessed via the serial console port.
I'm on hold right now to see if I can get the latest firmware anyhow.
GAO audit after audit shows how piss-poor in general government site security is. Now they want to put _more_ information out on the Internet? They should take that money and start by closing the existing security holes and ensuring that new ones don't crop up. All we need is to have more potential for our personal data to be pilfered by 13 year olds.
This attitude of "it's secure until you show me a tool that can break it" is preposterous. I agree that many academic papers show theoretical flaws in systems that are generally not practical. However, these are _practical_ flaws. If you base security decisions on whether there is a tool to exploit a practical flaw, you're looking to get 0wn3d. Would you not drive a car with faulty gas tanks just because nobody has reported any problems with them?
It is fallacious to argue against stronger security in one area because security in another may be weaker. Then, you simply end up with "lowest common denominator" security, which is usually not much security at all.
I don't buy the argument that WEP and 802.11b were supposed to be no more secure than your wired LAN. They are, in fact, much _less_ secure because your network is not bounded by physical means anymore. Someone with a high gain antenna can "plug in" to your lan from a few kilometers away and you wouldn't be the wiser. You'd probably notice a 2km cat5 cable running into the hills away from your building.
I ask you this, if the FHSS or DSSS were meant to provide security (and not the S/N increase, etc. originally intended), why do you need WEP at all? WEP was introduced with 802.11a (which uses your beloved SS system) and lives on in 802.11b.
My read of the 802.11x specs shows no mention of FHSS or DSSS to provide security. The sequence is not meant to be secret! Read the paper and see that associate/disassociate messages are all sent in the clear (and all devices can communicate with APs regardless of FHSS/DSSS because that facilitates interoperability). Also, an attacker could steal a WLAN card and all security of your FHSS/DSSS is gone with the card or laptop (assuming you had a secret sequence to provide security in the first place, which you don't).
The Extreme category includes URLs that may fall into other categories, but push the limits of acceptability because of their
particularly graphic nature. These URLs are typically extremely violent, gory, or horrific in nature and may be related to sex,
bodily functions, obscenity, or perverse activities. Sites include:
Pixman's Vault of Porn Pix - contains extreme hard-core pornography
Bizaree & Maximum Perversum - sex site with extreme and bizarre pornography
http://www.fuckedcompany.com is listed as "Extreme". Yeah a dot-com-deadpool is in the same leage as hard-core porn or excessive violence. They use the word "Fuck"! That's all it takes!
Uh, oh, I may have just gotten slashdot banned as "Extreme"...
Perhaps smartfilter's parent company showed up on fuckedcompany and this is retaliation? If they didn't, maybe they should...
"The signatures law is interesting - essentially claiming that a digital signature law is/not/ the same as signatures."
Okay, this contains many of the words from the crypto gram article but not in the right order or context:
Bruce does not argue that the digital signature law != "signatures" but that digital signatures themselves are not the same as conventional signatures. If you read the article the basic reason is because nothing about a digital "signature" binds a person to the act--so a digital signature does not show intent.
Also, the digital signature law does not claim this (as the slashdot article text would lead you to believe). Bruce argues this.
BTW, a vote for Bush means a dismantling of all kinds of environmental controls: smog/pollution controls, the superfund project, decimating natural treasures for corporate greed, overturning the recent designations of national treasures all over the country that would protect those areas from development, etc., etc.
http://www.lammah.com/pad/ is where you can download a program called PAD which has a really cool idea and program for protecting free speech: split a file that is banned into separate pieces that can be recombined to the original file, but no piece can be said to be the file in question or part of it! Now, the MPAA wouldn't be able to prove that either piece was the DeCSS code! Combine that with some wheat and chaff by including bogus file 'pieces' so that they can't even point to which files are enabling 'linking' to the code!
From the website:
"PAD is a small command-line utility to separate one file into two- each indistinguishable from white noise, and
put them back together into the original."
They actually suggest doing this with DeCSS on the website:
"Free speech enforcement:
Let's say you have a file called decss.c (for example;), and want to distribute it, but are afraid of censorship. Break it up into two pad files, distribute these each on separate unrelated systems, and tell people where to get each (and
how to re-assemble them). Should someone go to one (or both) of the hosting systems and pressure them to remove it, each can claim they're only hosting harmless, random data. It is mathematically impossible to prove that either one is the random one and the other was derived from the original file.
The Sega Dreamcast ships with a modem module. Anyone know of an ethernet card module for the Dreamcast? It would be cool to do networked games over DSL than dialup...
Slashdot Mirror
I work for AT&T _Wireless_ (to be pedantic, AT&T doesn't provide cellular service). Your implication that we sell or disseminate your mobile phone numbers to telemarketers sullies ATT Wireless' good name based on groundless, rash supposition.
Here are some plausible alternative explanations for how your mom could get telemarketing calls on her cellphone:
1. _She_ (not ATT Wireless) gave it to someone who gave it to someone...
2. Someone who had her number before her did #1. Numbers are recycled (thrown back into the pool) so this is entirely possible. The likelihood of this depends on how long she's had the number.
3. A telmarketing organization just guessed at the number, perhaps at random, and found that it works. Number prefixes are not a secret and autodialers could most certainly try numbers within an NPA-NXX range until they hit pay dirt. I don't know if this is used in practice but there's nothing stopping them from doing so if they decide to disobey the law prohibiting them from doing so.
You should probably start by sending e-mail to privacy@attws.com for someone to investigate the merits of your claim rather than air this dirty laundry in public. You could also have her call Customer Care at 611. This has never happened to me in about 7 years of having ATT Wireless service but I have heard of other cases, so Customer Care is probably well equipped to assist you.
Boy, automatically installing patches--that's secure...
-core
Gotta love the inflammatory headline, a trademark of slashdot:
"Senate Trashes Civil Liberties; House to Vote Today"
Of course it _is_ true though.;-)
BTW, I just heard on CBS news that the house passed its so-called "anti-terrorism" bill. What a crock of crap.
-core
Senator Maria Cantwell (from my state of Washington) made a great speech regarding this legislation.
1 2_01_statement.html
However, she did vote for it. That's what gets me: if they really don't think it is a good idea, why do they vote for it? She indicates that there is still the hope that it can be blocked later if not fully addressed.
http://cantwell.senate.gov/news/releases/2001_10_
Have you called your senators/representatives to express your opinion?
-core
Right. Bruce would say that if you think cryptography is the answer to your problem, then you don't understand your problem, nor do you understand cryptography.
Think about this: cryptography can't even solve the basic problem of maintaining confidentiality of cryptographic keys...
It is not a panacaea and is often not the place that attackers will break the system. It's usually in the protocols or the design/implementation of the scheme.
-core
Get the word out!!
-core
A Petition Against Government Required Cryptography Backdoors [petitiononline.com]
There are only 51 signatures as of this morning. This needs to get the slashdot treatment so we get that into the thousands.
Don't think that this is a substitute for calling/writing/faxing/e-mailing your congressman though....
-core
This sounds like exactly how real-time operating systems work: you make the actual OS preemptable. They do it by running the real OS "as a process" on a RT OS kernel so that they can preempt it. Big deal--why should they get a patent for this?
-core
A Petition Against Government Required Cryptography Backdoors
-core
This faulty logic is driving me freaking crazy:
If it is illegal to use cryptography, therefore criminals won't do this.
Now replace "cryptography" with "hijack planes and kill thousands of people":
If it is illegal to hijack planes and kill thousands of people, therefore criminals won't do this.
Now ask yourself why you think that actual criminals who engage in terrorism will obey _crypto_ laws when they have such careless regard for more serious laws.
Get real lawmakers!! Do something that will actually HELP the situation and not just do NOTHING except ERODE OUR RIGHTS!!!!!!
-core
Ugh.
Such illogical drivel. Trying to find meaning in the meaningless and trashing rationality in the process.
Notice how you tried to make a consistent point but conveniently ignored the inconsistency that would have destroyed your so-called "order": all of the numbers you derived were found by adding the numbers of the flight numbers _except_ for the first one. You took that one without modification simply because it seemed to support your hypothesis and would not have if you were consistent in adding the numbers of all flights.
See http://skepdic.com/numology.html for interesting look at the fallacy of "numerology".
-core>>I know you think complaining and mispelling windows makes you 1337 and all<<
.exe. I only run *nix: hence the frustration.
Sorry, you don't know. Platform dependent distributions are annoying. This was a
<i>>> but have you should really try running unzip on a self extracting zip file. I think you'll be pleasantly suprised.<<</i>
Thanks. I'll remember that and try next time.
-core
Right, but which file? There are two for the 675 listed in the table on that site.
-core
The latest version available from Qwest is 2.4.1. The latest from Cisco is v2.4.2.
-core
As others have pointed out now, USWest has finally made v2.4.1 available for download. Too bad it's a self-extracting zip so you need windoze. However, the latest release is v2.4.2. v2.4.2 release notes don't mention any of these DoS issues being resolved. I've upgraded to v2.4.1 and want to get to v2.4.2 but there are two versions on the Cisco Software Center:
e 2-pub.html even didn't have a link to upgraded versions of CBOS. It said to call the TAC!
nsrouter.c675.2.4.2.bin Image v2.4.2 for 675 2.4.2 996518 bytes
And
c675.2.4.2.bin Mixed header image v2.4.2 for 675 2.4.2 996560 bytes
Anyone know what the difference is?
Cisco's site really sucks for updates. It would only make sense to at least link to the latest firmware in the release notes for each version...
Their security advisory in May http://www.cisco.com/warp/public/707/CBOS-multipl
Calling the TAC resulted in them saying that contracts require going through the ISP (Qwest). I was on hold with Qwest for over an hour until my phone battery died.
-core
The instructions given when calling Qwest's DSL support line 1-888-777-9569, option 2 are:
1) set web disable
2) write
3) reboot
Perhaps not doing the last two steps is why you are still apparently vulnerable. Of course, if you are running the device in bridging mode, this is irrelevant since the device does not have an IP address and must be accessed via the serial console port.
I'm on hold right now to see if I can get the latest firmware anyhow.
-core
GAO audit after audit shows how piss-poor in general government site security is. Now they want to put _more_ information out on the Internet? They should take that money and start by closing the existing security holes and ensuring that new ones don't crop up. All we need is to have more potential for our personal data to be pilfered by 13 year olds.
-core
This attitude of "it's secure until you show me a tool that can break it" is preposterous. I agree that many academic papers show theoretical flaws in systems that are generally not practical. However, these are _practical_ flaws. If you base security decisions on whether there is a tool to exploit a practical flaw, you're looking to get 0wn3d. Would you not drive a car with faulty gas tanks just because nobody has reported any problems with them?
-core
It is fallacious to argue against stronger security in one area because security in another may be weaker. Then, you simply end up with "lowest common denominator" security, which is usually not much security at all.
I don't buy the argument that WEP and 802.11b were supposed to be no more secure than your wired LAN. They are, in fact, much _less_ secure because your network is not bounded by physical means anymore. Someone with a high gain antenna can "plug in" to your lan from a few kilometers away and you wouldn't be the wiser. You'd probably notice a 2km cat5 cable running into the hills away from your building.
I ask you this, if the FHSS or DSSS were meant to provide security (and not the S/N increase, etc. originally intended), why do you need WEP at all? WEP was introduced with 802.11a (which uses your beloved SS system) and lives on in 802.11b.
My read of the 802.11x specs shows no mention of FHSS or DSSS to provide security. The sequence is not meant to be secret! Read the paper and see that associate/disassociate messages are all sent in the clear (and all devices can communicate with APs regardless of FHSS/DSSS because that facilitates interoperability). Also, an attacker could steal a WLAN card and all security of your FHSS/DSSS is gone with the card or laptop (assuming you had a secret sequence to provide security in the first place, which you don't).
-core
Child Pornography: Excessive Violence / Mutilation
The Extreme category includes URLs that may fall into other categories, but push the limits of acceptability because of their particularly graphic nature. These URLs are typically extremely violent, gory, or horrific in nature and may be related to sex, bodily functions, obscenity, or perverse activities. Sites include:
Pixman's Vault of Porn Pix - contains extreme hard-core pornography Bizaree & Maximum Perversum - sex site with extreme and bizarre pornography
http://www.fuckedcompany.com is listed as "Extreme". Yeah a dot-com-deadpool is in the same leage as hard-core porn or excessive violence. They use the word "Fuck"! That's all it takes!
Uh, oh, I may have just gotten slashdot banned as "Extreme"...
Perhaps smartfilter's parent company showed up on fuckedcompany and this is retaliation? If they didn't, maybe they should...
-c o r e
Bruce does not argue that the digital signature law != "signatures" but that digital signatures themselves are not the same as conventional signatures. If you read the article the basic reason is because nothing about a digital "signature" binds a person to the act--so a digital signature does not show intent.
Also, the digital signature law does not claim this (as the slashdot article text would lead you to believe). Bruce argues this.
-core
Al Gore and the Internet
The New Science of Character Assassination
campaign lunacy
BTW, a vote for Bush means a dismantling of all kinds of environmental controls: smog/pollution controls, the superfund project, decimating natural treasures for corporate greed, overturning the recent designations of national treasures all over the country that would protect those areas from development, etc., etc.
-c o r e
Funny to see a CEO use the incorrect word twice in this document. He said "loose" when he meant "lose". They're not the same!
Spend less money on lawyers and more on editors!
-core
The Sega Dreamcast ships with a modem module. Anyone know of an ethernet card module for the Dreamcast? It would be cool to do networked games over DSL than dialup...
-core