Unless you encrypt and encapsulate, or write your own codecs and client apps, then voip traffic will not 'look' like any other type of traffic, even if sent on another port. It will still be identifiable. (search google for 'packet analysis' and you'll get a hundred or more apps that do this for you - as well as spit out the resulting files)
Another way is to simply render your questionable raw binary data as a series of black and white pixels (0, and 1). Change your reference width bit by bit and eventually you see sync patterns, or other identifying features that give the type of data away - more often than not anyway. (Falling Raster) - The vast majority of codecs can be idented this way. Sync patters.
The alternative is to just read the hex - have a big book of protocol types beside you (bonus points if it has pictures)
Isn't this like shooting yourself in the foot. The internet depends on everyone cooperating, at least a little bit. If everyone starts tagging their own self worth above that of others, then VoIP (or the net) as a whole will suffer.
It's not just limited to VoIP anyway, all kinds of protocols are rate limited, blocked, silently dropped, or built up in such a way as they seem so distant from the internet that the ISP/telco/whoever can fool the populace into paying a metric shitload for the 'privilege' of use.
Re:Avoidance and respect as alternatives to coerci
on
Tracking GPL Violators
·
· Score: 2, Interesting
Same thing, different medium.
I'm slowly converting all of what I refer to as '3d graphic stuff' to public domain. (Not that that is important at all)
I do it because it generates a bigger income - well, bigger than any other method of access control. Some will rip apart each graphic for their own use, but the people who want custom work will pay to get it done. If it was easy, everyone would do it I guess.
This is not meant to be an advertising slot for my own wares, just a curious change of mind that had a net financial gain. (That's my intention anyway)
At least one person on the planet will buy the upgrade, and within minutes it will scale world wide via P2P. Eventually it'll filter throughout asia via the usual means. CD's Stamped in Indonesia or Malaysia, shipped up through the Philippines, Thailand, and on in to China.
Free, unfortunately, does not always beat a pirated full version - which is near free as it is. The only way to sell the legit stuff is to sell it at a price point similar to the copyright infringed. It sucks, but it's true. Piracy in some parts of the world comes complete with no moral implication what so ever. If it's cheaper, they will take the chance and buy it - guarantee it'll work (no scratches, no defects) for a hundred peso more and it will sell out.
Someone has been dealing with the asian piracy market lately (at least in the Philippines) A week ago I noticed a couple of the usual sellers had packed up and replaced everything with a scant few original titles and lots of dust filled cabinets. Today all of them have (visually) cleaned up their act. Not a pirated CD in sight. The scale of it is really suprising - hundreds of shops!
Now it's like buying porn, some hustler flashes a few titles to figure your reaction. (Yes, my (human, biological) wife and I buy porn)
Here's something a little easier than guessing passwords. Purchase a satellite dish, followed by assosicated receiver, downconverter, modem, digital capture card, and a computer. A spectrum analyser is also a definite requirement, better if you can pick up an old HP that still has a good CRT, maybe an o-scope, as well as an additional down/upconverter (For figuring out symbol rates and such) None of this new digital scope crap though. (Unless it's a vector analyser)
Sync up anything at about 19.2-32kbps Keep tuning until you run across ATM's chugging out unencrypted details via satellite back to head office (there are thousands of them) As an added bonus, many do a bulk upload at some scheduled time of day, so you can capture everything in a short single burst. They are mostly using X.25 on HDLC with that EBCDIC crud.
These signals contain, among other things, Card Numbers, Names, Expiration Dates, sometimes PINs, etc, etc, etc. This is where the really BIG crime happens. The stakes are some serious jail time, but if it's money you are after, that's the easiest (passive and remote) way I can think of - off the top of my head.
I don't have enough money to set such a system up personally, but I know a few (million) taxpayer friends that have helped others out in the past:-)
I do not condone such activity, but I am aware of its existance.
You might think I'm trolling, but seriously, don't underestimate the power of paper, crayons, and cling wrap. It's been used to gain access to more than a few classified compartments. Once inside, everyone assumes you are meant to be there. Security pass or not. People would laugh at you for a hand made ID card before they would even contemplate a security problem.
Ok, that was 10 years ago, these days the guards have to walk around and discreetly make sure everything is in order.
An old boss at one time went on to become the head of DSD's personnel security, I wont say his name butt we worked together in a section known as AE - going back some years before that, when analog mobile phones were all the rage, he telephoned me on leave in another state asking for the combination to the vault safe. I refused to give it, though it wasn't the first or last amusing incident he was involved in.
TS documents, oops, I wasn't supposed to take those home last night... Very nice guy, but a little absent minded - still, I'd trust him with my life.
The most advanced form of electronic access I have ever seen in the Australian military are light based hand scanners used in combination with a PIN. This is in compounds housing TS codeword material, about as secure as it gets. In addition, you must pass through a one-person doorway (glass tube) that has additional cameras and sensors to ensure there is only one person inside.
On mobile platforms, it can be anything from a dull cloth curtain, to foot thick steel vault doorways.
Eye scanners, blood analysis, and fingerprinting will never be used since they can all be bypassed with little effort. Hand scanners, while not perfect, are the most challenging to defeat, since hands generally stay attached to their owners, it is difficult to make a copy un-noticed.
I would imagine this has already been patented by the medical profession - they use similar technology for machine/computer assisted operations. Video cameras use a similar concept, lots of prior art in lots of different hardware.
Take scattered input, mathmatically convolve a smooth output.
Early on they used to charge you for receiving a call in Australia - that model never took off fortunately.
In the Philippines (where I am now) to send an SMS costs about 0.5 US cents. Very cheap, though the moment you make a voice call, it hits your wallet hard.
SS7 has its negative side, they also hit you for the time spent waiting for the call to be answered. 20 rings to answer, that'll be an extra 100 peso thanks - just for listening to the tone. I suspect they do this all over the world though.
If you've ever worked government, it is near impossible to transition people away from CDE - 5 years ago it was the only desktop supported by the sys-admin groups. There are some very smart admins, but there are also many procedural SOP following types that have no real clue about what they are doing unless they can mandate their own comfort zones.
CDE is the defacto standard, deviate and you get nasty looks - I use enlightenment, as far as I've seen, I would appear to be in a very small minority - even though it is a vastly more productive environment for the type of work done. (Yup, I spent a few weeks debugging and messing around trying to get it to compile - that was back in 1999ish)
Problem here though, is getting software through the import process and onto the internal networks. Secrets and all...
Sun will not go under any time soon, unless they monumentially screw up by way of corporate corruption or some such - they have more government contracts across the world than I have hairs on my head. (ok, so my hairline is receeding a touch, but I still have hair)
DSD has sun workstations numbering in the thousands, plus a few hundred servers etc, etc, etc. These aren't going away any time soon. There are still sparc 5's and lower doing a fine job for their function. When a single workstation might cost upwards of $10,000 AU - that's quite an investment, even if it is at taxpayer expense.
(More than a few workstations are enterprise level machines)
Only instead of a series of images from high resolution cameras that capture all sides of the subject, they will manage it by using the enhanced reflections from the eyeballs of a hundred passers by.:-)
You are referring to active sigint, while some branches may take the short lived opportunity to diff the changes and work back to the exploit, this stunt is politically driven, not the stuff of conspiracy theory unfortunately.
NSA releasing a worm is not an option since it would, without question, infect allied systems. This is well beyond the mission statement - and the law.
Active sigint is not done lightly, or quickly.
Microsoft gets a nice tidy chunk of near free cash from the NSA each year, think money and applied pressure to key politicians.
This whole rebate thing is very rare in Australia - I've only had it happen once and that was after buying an Icom hand held air-band transceiver at Canberra airport. After a few expletives, I got the discount then and there.
I guess it doesn't sit well with Australians, otherwise I suspect it'd be common place.
I'm thinking it's just a web browser. Of all the management types I come across, and there are many, they simply don't give a crap so long as they can roughly see what is being presented. For most managers I should think a web browser is below the care threshold - unless the business depends on it of course, but they number significantly less.
I still see more than enough version 4 netscape browsers to know it never died, the source may have vanished, but the product lives on - at least where I work anyway.
Close, but not quite right. The packet switched communications path that carries the VoIP will be recorded in full, filtered and packaged up for the analyst to scan through, searching for targets of interest. In practical terms this means 'everything' going over that comms path will be stored for a period of time - typically not less than 2 days, but more realistically up to around 2 to 4 weeks depending upon the storage capacity of the collector.
Latency is irrelevant, signal paths do not need to be routed via any three letter agency, and then onward to their intended recipients. Collection systems are more akin to the ellusive 'man in the middle' - that's how it works for the most part. Private carriers tend to tell government where to get off, but get collected somewhere in the stream anyway, government owned telco's get the white box treatment. (or black depending upon tin-foil requirements)
Collection is 'fully passive', this means that it will 'never' be obvious to either party that monitoring is taking place.
This message was lovingly hand typed by your friendly neighbourhood spy. This has been the way of the past for many years, and will continue to be well into the future.
Call me a conspiracy theorist if you will... The truth is in google!
Slashdot Mirror
Unless you encrypt and encapsulate, or write your own codecs and client apps, then voip traffic will not 'look' like any other type of traffic, even if sent on another port. It will still be identifiable. (search google for 'packet analysis' and you'll get a hundred or more apps that do this for you - as well as spit out the resulting files)
Another way is to simply render your questionable raw binary data as a series of black and white pixels (0, and 1). Change your reference width bit by bit and eventually you see sync patterns, or other identifying features that give the type of data away - more often than not anyway. (Falling Raster) - The vast majority of codecs can be idented this way. Sync patters.
The alternative is to just read the hex - have a big book of protocol types beside you (bonus points if it has pictures)
Isn't this like shooting yourself in the foot. The internet depends on everyone cooperating, at least a little bit. If everyone starts tagging their own self worth above that of others, then VoIP (or the net) as a whole will suffer.
It's not just limited to VoIP anyway, all kinds of protocols are rate limited, blocked, silently dropped, or built up in such a way as they seem so distant from the internet that the ISP/telco/whoever can fool the populace into paying a metric shitload for the 'privilege' of use.
Same thing, different medium.
I'm slowly converting all of what I refer to as '3d graphic stuff' to public domain. (Not that that is important at all)
I do it because it generates a bigger income - well, bigger than any other method of access control. Some will rip apart each graphic for their own use, but the people who want custom work will pay to get it done. If it was easy, everyone would do it I guess.
This is not meant to be an advertising slot for my own wares, just a curious change of mind that had a net financial gain. (That's my intention anyway)
At least one person on the planet will buy the upgrade, and within minutes it will scale world wide via P2P. Eventually it'll filter throughout asia via the usual means. CD's Stamped in Indonesia or Malaysia, shipped up through the Philippines, Thailand, and on in to China.
Free, unfortunately, does not always beat a pirated full version - which is near free as it is. The only way to sell the legit stuff is to sell it at a price point similar to the copyright infringed. It sucks, but it's true. Piracy in some parts of the world comes complete with no moral implication what so ever. If it's cheaper, they will take the chance and buy it - guarantee it'll work (no scratches, no defects) for a hundred peso more and it will sell out.
Someone has been dealing with the asian piracy market lately (at least in the Philippines) A week ago I noticed a couple of the usual sellers had packed up and replaced everything with a scant few original titles and lots of dust filled cabinets. Today all of them have (visually) cleaned up their act. Not a pirated CD in sight. The scale of it is really suprising - hundreds of shops!
Now it's like buying porn, some hustler flashes a few titles to figure your reaction. (Yes, my (human, biological) wife and I buy porn)
Or maybe that the employer has a brain dead philosophy on life, and the worker 'sheep' have a GAF attitude (that would be 'Give A F#&*')
Yeah, that would be called the 'root' password.
:-)
Here's something a little easier than guessing passwords. Purchase a satellite dish, followed by assosicated receiver, downconverter, modem, digital capture card, and a computer. A spectrum analyser is also a definite requirement, better if you can pick up an old HP that still has a good CRT, maybe an o-scope, as well as an additional down/upconverter (For figuring out symbol rates and such) None of this new digital scope crap though. (Unless it's a vector analyser)
Sync up anything at about 19.2-32kbps Keep tuning until you run across ATM's chugging out unencrypted details via satellite back to head office (there are thousands of them) As an added bonus, many do a bulk upload at some scheduled time of day, so you can capture everything in a short single burst. They are mostly using X.25 on HDLC with that EBCDIC crud.
These signals contain, among other things, Card Numbers, Names, Expiration Dates, sometimes PINs, etc, etc, etc. This is where the really BIG crime happens. The stakes are some serious jail time, but if it's money you are after, that's the easiest (passive and remote) way I can think of - off the top of my head.
I don't have enough money to set such a system up personally, but I know a few (million) taxpayer friends that have helped others out in the past
I do not condone such activity, but I am aware of its existance.
You might think I'm trolling, but seriously, don't underestimate the power of paper, crayons, and cling wrap. It's been used to gain access to more than a few classified compartments. Once inside, everyone assumes you are meant to be there. Security pass or not. People would laugh at you for a hand made ID card before they would even contemplate a security problem.
Ok, that was 10 years ago, these days the guards have to walk around and discreetly make sure everything is in order.
An old boss at one time went on to become the head of DSD's personnel security, I wont say his name butt we worked together in a section known as AE - going back some years before that, when analog mobile phones were all the rage, he telephoned me on leave in another state asking for the combination to the vault safe. I refused to give it, though it wasn't the first or last amusing incident he was involved in.
TS documents, oops, I wasn't supposed to take those home last night... Very nice guy, but a little absent minded - still, I'd trust him with my life.
The most advanced form of electronic access I have ever seen in the Australian military are light based hand scanners used in combination with a PIN. This is in compounds housing TS codeword material, about as secure as it gets. In addition, you must pass through a one-person doorway (glass tube) that has additional cameras and sensors to ensure there is only one person inside.
On mobile platforms, it can be anything from a dull cloth curtain, to foot thick steel vault doorways.
Eye scanners, blood analysis, and fingerprinting will never be used since they can all be bypassed with little effort. Hand scanners, while not perfect, are the most challenging to defeat, since hands generally stay attached to their owners, it is difficult to make a copy un-noticed.
I haven't been able to send a single email TO aol for several years... Though this is because they refuse email unless an rDNS entry is present. :-)
I would imagine this has already been patented by the medical profession - they use similar technology for machine/computer assisted operations. Video cameras use a similar concept, lots of prior art in lots of different hardware.
Take scattered input, mathmatically convolve a smooth output.
Early on they used to charge you for receiving a call in Australia - that model never took off fortunately.
In the Philippines (where I am now) to send an SMS costs about 0.5 US cents. Very cheap, though the moment you make a voice call, it hits your wallet hard.
SS7 has its negative side, they also hit you for the time spent waiting for the call to be answered. 20 rings to answer, that'll be an extra 100 peso thanks - just for listening to the tone. I suspect they do this all over the world though.
If you've ever worked government, it is near impossible to transition people away from CDE - 5 years ago it was the only desktop supported by the sys-admin groups. There are some very smart admins, but there are also many procedural SOP following types that have no real clue about what they are doing unless they can mandate their own comfort zones.
CDE is the defacto standard, deviate and you get nasty looks - I use enlightenment, as far as I've seen, I would appear to be in a very small minority - even though it is a vastly more productive environment for the type of work done. (Yup, I spent a few weeks debugging and messing around trying to get it to compile - that was back in 1999ish)
Problem here though, is getting software through the import process and onto the internal networks. Secrets and all...
Sun will not go under any time soon, unless they monumentially screw up by way of corporate corruption or some such - they have more government contracts across the world than I have hairs on my head. (ok, so my hairline is receeding a touch, but I still have hair)
DSD has sun workstations numbering in the thousands, plus a few hundred servers etc, etc, etc. These aren't going away any time soon. There are still sparc 5's and lower doing a fine job for their function. When a single workstation might cost upwards of $10,000 AU - that's quite an investment, even if it is at taxpayer expense.
(More than a few workstations are enterprise level machines)
Only instead of a series of images from high resolution cameras that capture all sides of the subject, they will manage it by using the enhanced reflections from the eyeballs of a hundred passers by. :-)
I'm using Fedora Core 3, after installing the RPM it gave a series of warnings about an unsupported OS, which I fully ignored and it ran fine.
It's about as easy and logical to use as older versions of nero (5 and below) though this is just my own opinion having installed it 15 minutes ago.
K3B I think is better from a useability point. Again, my own opinion. YMMV.
Definitely icom with an M. (Looking at it now)
I don't recall the name of the seller any longer, but it's near Aiport Flying School, white building up against the fence near the fuel pumps.
You are referring to active sigint, while some branches may take the short lived opportunity to diff the changes and work back to the exploit, this stunt is politically driven, not the stuff of conspiracy theory unfortunately.
NSA releasing a worm is not an option since it would, without question, infect allied systems. This is well beyond the mission statement - and the law.
Active sigint is not done lightly, or quickly.
Microsoft gets a nice tidy chunk of near free cash from the NSA each year, think money and applied pressure to key politicians.
Some of the SC's around my place of work can sit idle for days sometimes. Pity really.
This whole rebate thing is very rare in Australia - I've only had it happen once and that was after buying an Icom hand held air-band transceiver at Canberra airport. After a few expletives, I got the discount then and there.
I guess it doesn't sit well with Australians, otherwise I suspect it'd be common place.
Certainly Kudos! Agree, however they might just get told to be 'silent observers' if they happen to tick anyone off.
What exactly was your experience? LimeWire, to me, appears to do exactly as he said. Nothing more, nothing less. I don't think he sold out there.
Shareaza is missing from the list, but is very similar to LimeWire - might be a good alternative (note: shareaza, not sharaza!)
http://www.shareaza.com/
I'm thinking it's just a web browser. Of all the management types I come across, and there are many, they simply don't give a crap so long as they can roughly see what is being presented. For most managers I should think a web browser is below the care threshold - unless the business depends on it of course, but they number significantly less.
I still see more than enough version 4 netscape browsers to know it never died, the source may have vanished, but the product lives on - at least where I work anyway.
Close, but not quite right. The packet switched communications path that carries the VoIP will be recorded in full, filtered and packaged up for the analyst to scan through, searching for targets of interest. In practical terms this means 'everything' going over that comms path will be stored for a period of time - typically not less than 2 days, but more realistically up to around 2 to 4 weeks depending upon the storage capacity of the collector.
Latency is irrelevant, signal paths do not need to be routed via any three letter agency, and then onward to their intended recipients. Collection systems are more akin to the ellusive 'man in the middle' - that's how it works for the most part. Private carriers tend to tell government where to get off, but get collected somewhere in the stream anyway, government owned telco's get the white box treatment. (or black depending upon tin-foil requirements)
Collection is 'fully passive', this means that it will 'never' be obvious to either party that monitoring is taking place.
This message was lovingly hand typed by your friendly neighbourhood spy. This has been the way of the past for many years, and will continue to be well into the future.
Call me a conspiracy theorist if you will... The truth is in google!