Slashdot Mirror


User: FireFury03

FireFury03's activity in the archive.

Stories
0
Comments
3,710
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,710

  1. Re:Sounds like security specialists spreading FUD on Net Phone Customers Brace For 'VoIP Spam' · · Score: 1

    That's true but you could also be taking calls on a laptop, a desktop PC, a PDA... therefore the SIP server needs to know what answering devices are available and what the capabilities of each one is.

    Yes, but there's nothing stopping you doing as I have and running Asterisk on the internet-facing server. Your SIP phones then either register with Asterisk or be on static IPs that asterisk knows about anyway. In either case no third party VoIP providers are involved. Although I'm not sure this is relevent - blacklisting SIP traffic on the registration server is no easier than blacklisting SIP traffic going to the phone itself. The problem you face though is that blacklists are unmaintainable - you can block persistent offenders but you know from blocking spam that just maintaining a list of blacklisted IP addresses is of limited use...

    However, it certainly wouldn't be the science of rockets to apply SPF to VoIP as well as email (and now would be a really good time to do it since VoIP is still relatively unused). I.e. I can call you and send my URI as callerID (e.g. IAX2/pabx.nexusuk.org/slashdot), you can then do a DNS lookup for pabx.nexusuk.org to retrieve SPF-style records which tells you which VoIP servers on my network are authorised to make calls with that identification. If the IP the call came from isn't in that list then you reject the call as having spoofed callerID.

  2. Re:Fighting spam.. on Net Phone Customers Brace For 'VoIP Spam' · · Score: 1

    If you can get that message through to the people who buy spamvertised anti-spam software and popup blockers that are advertised through popups, I'll give you a medal. I can't comprehend how anyone can be that stupid, but obviously they are - if someone put a brick through your window and then explained that they could supply you with more secure windows would you buy windows off them or have them arrested... go figure :)

  3. Re:Phone Systems on Net Phone Customers Brace For 'VoIP Spam' · · Score: 1

    Actually, I'm currently researching 2nd-hand (maybe even new) small PBXs & associated phones.

    Check out Asterisk - very configurable and you can either use IP phones or soft-phones, either way you're using either your existing cat-5 wiring or 802.11.

  4. Re:Sounds like security specialists spreading FUD on Net Phone Customers Brace For 'VoIP Spam' · · Score: 1

    Having read the article, I'm amazed that one very important fact has been almost completely overlooked - namely that every call will have a charge associated to it.

    Wrong.

    If the VoIP world goes the way of SIP (Session Initiation Protocol) then everyone will need to use a service provider to assist in routing calls outside of a business network.

    And wrong. Go look at the ENUM system (http://www.e164.org/) which will translate PSTN phone numbers into VoIP URIs. Besides, I think in the long term the PSTN will die along with it's hard to remember phone numbers and we will be using URIs to phone people - when was the last time you emailed someone at their IP address instead of domain name? e.g. IAX2/pabx.nexusuk.org/slashdot is set up to give you the speaking clock :)

    Secondly, in a SIP environment, any call needs to go via a SIP registration server

    Again, wrong - if the IP address is known (i.e. you could've resolved it by DNS or ENUM) the SIP phone doesn't need to be registered with anything.

  5. Re:Back door... on Net Phone Customers Brace For 'VoIP Spam' · · Score: 1

    No, because while they all use VoIP, they themselves are not (yet) interconnected. Even if they were, the only call switch that your phone should talk to is the one hosted by your provider, since it is the determining factor as to where calls go, and all voice packets are routed through their network anyways.

    Not true - anyone on the internet can call me over VoIP if they know my POTS number: they just make an ENUM lookup for it (a DNS system used for translating POTS numbers to VoIP URIs) and they get back my VoIP URI, they can then call me on that. You're making the (false) assumption that all VoIP calls are made by a "VoIP provider" who will route the calls out over the PSTN.

    Here is how my VoIP setup works:
    - I have a bunch of DDIs registered on a VoIP DDI provider - you can make a PSTN call to those DDIs and it'll get VoIPed to my PABX (Asterisk).
    - I also have a POTS line plugged into my PABX - you can call that too if you want.
    - My VoIP PABX obviously also has an internet connection.

    So if I want to make an outgoing call, I dial a number on one of the IP phones connected to my PABX and the following events will happen:
    1. My PABX checks the number I dialled is an external number (i.e. not an internal extension).
    2. It makes an ENUM lookup for the number
    3. If the ENUM lookup succeeds then it uses the returned VoIP URI to place the call over the internet - this could be IAX2, SIP, H323, etc.
    4. If the ENUM lookup fails or the remote VoIP server isn't responding then it routes the call over my POTS line (this could quite easilly be a 3rd party VoIP->PSTN gateway instead, who will charge accordingly)

    So as you can see, the only time an outgoing call even goes through a 3rd party provider or the PSTN is if the person I'm calling doesn't have their phone number registered in the ENUM system. Obviously this means that all the VoIP users registered in the ENUM system need to be able to accept calls from anywhere (but there's nothing stopping them presenting unknown callers with a "press 1 for foor, press 2 for bar" menu which would likely trip up automatic diallers.

    However I really don't see how wardialling IP addresses is any easier than wardialling DDIs (which already goes on anyway) and at least you might be able to report the offending spammer to their ISP - if you've ever tried to report a phone spammer you'll know how hard it is - the telcos don't care and the authorities (ICSTIS here in the UK) are too snowed under by other complaints to help.

  6. Re:Back door... on Net Phone Customers Brace For 'VoIP Spam' · · Score: 1

    Well, I certainly know nothing about VoIP but couldn't there be a number of ways to screen the calls such as white listing or some sort of public/private key pairs or trusted certificates? These are all ways that one can deal with email spam, so could they be applicable for VoIP?

    I would've thought filtering VoIP spam would be reasonably easy - how is an automated caller going to deal with "press 1 for foo, press 2 for bar, press 3 to leave a voicemail"?

    Besides, why is picking a random IP address to dial any easier than picking a random phone number?

    Setting up trusted certificates is fine if you regularly call. Next time you need to urgently call a someone you never called before like a plumber, etc. you might have a problem setting up the trust certificates before your house floods :)

  7. Re:Optical SETI on Should SETI Be Looking For Lasers Instead? · · Score: 1

    Yeah, I get all this - I was just making the point that if you _were_ going to use a omnidirectional light source for signalling it would make sense for it to be monochromatic and coherent since you then eliminate destructive interference.

    I know that omnidirectional lightsources aren't anywhere near practical for signalling over interstallar distances (unless you're dealing with star-brightness sources :), but I was replying to the original poster who was asking if it is possible to have an "ambient laser", which is essentially describing a coherent monochromatic omnidirectional light amplification device.

  8. Re:Optical SETI on Should SETI Be Looking For Lasers Instead? · · Score: 1

    A LASER doesn't produce light because of waves contructively interfering. The light is amplified by the absorbtion and emission of photons at specific wavelengths.

    A LASER doesn't produce light _because_ the waves are constructively interfering (I was never suggesting that coherency is a cause, only the effect).

    The reason that you get monochromatic light (normally) is that the wavelength of the photons produced is exactly related to the energy levels in the atom producing them.

    Yes, this is exactly the same as normal gas discharge tubes.

    The reason you get coherent light is because the photons are travelling in the same direction.

    Correct me if I'm wrong, but since each photon is produced in response to another their waves are synchronised, so the light is coherent. In contrast, the photons are not at all synchronised in a normal gas discharge tube since they rely on electrons (travelling at less than light speed) to stimulate the emission of a photon, so even if the photons were all being released in the same direction they wouldn't be coherent.

  9. Re:Quantum SETI on Should SETI Be Looking For Lasers Instead? · · Score: 1

    Anyone know about beam splitting entangled pairs etc.

    I think the idea of quantum communication is that you take 2 entangled particles, leave one at the source and take the other to the destination. You could then (in theory) use the entanglement to communicate instantaneously. This obviously requires first physically transporting one of the particles to the destination whilest storing the other particle at the source. Although this would seem to lead to some problems:

    Lets say ET is only 10 light years away and your entangled particles are going to be photons. ET entangles a pair and stores one of them at their end. the other one gets sent our way in the hope that we will capture it and then use the entanglement to facilitate instantaneous communication.
    1. it's going to take 10 years for the light to get to us - how does ET store a photon for 10 years? (I guess bouncing it between perfect mirrors, slowing down the light or refracting it in a circular path)
    2. AFAIK the entanglement decays after a fraction of a second so you're going to need to find some way of sustaining the entanglement.

  10. Re:Optical SETI on Should SETI Be Looking For Lasers Instead? · · Score: 1

    And because the light waves are synchronous, they can't be diffuse

    You could organise the wave fronts to expand away from the source in a spherical pattern - the light would still be coherent (observe it from one point and all the photons that hit you would be synchronised) but it would also be omnidirectional. (No idea how you would generate such a light - I am not a physacist :)

    If laser light travels, it loses this coherency

    Why is that? (you go on to talk about losing collimation, not coherency). I guess in the atmosphere the photons would pass through slightly different density matter, interact with different particles, etc and so would travel at slightly different speeds and also lose slightly different amounts of energy (since the energy of a photon determines it's frequency then your light will stop being monochromatic if the photons lose differing amounts of energy). But in space, ignoring the interstellar medium, the only thing that would cause the photons to lose coherence would be gravity... and unless you're dealing with very large tidal forces is the difference between the wave fronts of the photons collected by the relatively small area of a telescope really going to be significant? (again, IANAP - I'm just going on my limited understanding of physics).

  11. Re:Optical SETI on Should SETI Be Looking For Lasers Instead? · · Score: 5, Informative

    A diffuse source contradicts with LASER

    Not necessarilly. A LASER does 3 things:

    1. Produces a narrow beam of light
    2. Produces monochromatic light
    3. Produces coherent light

    Monochromatic light is produced by gas-discharge tubes (e.g. sodium lights, etc) - nothing special here.

    You can produce a narrow beam of light using a point lightsource and mirrors/lenses.

    Now, the special bit - your normal light bulbs produce incoherent light - you get lots of photons emitted but their waves aren't synchronised, so they interfere destructively with eachother. By contrast the light you get off a LASER is coherent - all the waves are synchronised, so they interfere constructively, making the light appear brighter.

    So if you want to create a omnidirectional optical light beacon, rather than using a normal light bulb and ending up with the photons randomly interfering with eachother destructively, it makes more sense if you can synchronise the wave fronts so they expand away from your light source in neat coherent spheres.

    (I have no idea if the technology exists to do this ATM - it seems like a rather complex problem)

  12. Re:Optical SETI on Should SETI Be Looking For Lasers Instead? · · Score: 1

    The counter argument of course is that to detect laser light, the remote civilisation have to be pointing their laser at us, whereas with radio it doesn't matter since it's not a directed beam.

    Why are you assuming that radio signals wouldn't be directional? Assuming ET knows where to direct a LASER, there's nothing stopping them pointing a MASER at us either. Although I would've thought that we're far more likley to pick up distinctive omnidirectional signals since it seems somewhat more likely that ET wouldn't know specifically where to direct the signal.

    I've seen some suggestions that advanced civilisations may use twisted light or graviton waves to communicate too.

  13. Re:Just do what I do on Passwords - 64 Characters, Changed Daily? · · Score: 1

    No I didn't check. OTOH, Fubar is not my password. Just cause I give you the data you ask for doesn't mean that it is correct data. Fubar might have been last month's password however... (unlikely as it isn't long enough)

    Yes, this is entirely true as well - I have seen a few reports recently where people have done research and said "this is a huge security problem, xx% of people happilly gave up their home computer passwords in exchange for a Marsbar"... That research is obviously completely flawed - if someone offered me a Marsbar in exchange for my password I would give them some random password that I don't use just so I can get the chocolate. :)

    Having said that, if you phone up an average computer user and tell them you're from tech support and you need their password, 99% _will_ give you their actual password.

  14. Re:Ironically on Japanese Deploy Solar Sail · · Score: 3, Interesting

    There is probably some engineering trick to work around this. It might be possible to use mirrors to shine on the opposite side of the sail. Almost surely wouldn't be as fast, but seems like it would be doable.

    Interesting idea... you wouldn't be able to carry the mirror with you once you turned around (since the mirror would be producing exactly the opposite force of your solar sail), but you could probably drop it in space pointing in the right direction - the mirror would accellerate backwards because of the light pressure but it would still reflect the light forwards which I guess you could use.

  15. Re:Stellar Pong? on Japanese Deploy Solar Sail · · Score: 5, Informative

    Same principles apply as in Earth-based ocean sailing - if you angle the sail, you can deflect the particles, thus allowing you to use the solar wind of another star even though you are approaching it rather than leaving it.

    I'm not so sure that's the case - when we sail in water, we can either be on a run (the wind directly behind us, as you would expect a solar sail to work) or on a reach (the wind to one side).

    On a reach the sail acts more or less like an aeroplane wing because of it's curved surfaces and as well as generating a forward force it generates a lot of lateral force too. The closer to the wind you sail, the greater the proportion of lateral force.

    The only reason that's not a big problem for us is that your craft has a centreboard which greatly reduces it's ability to slide sideways, especially at speed - when I'm windsurfing in a reasonable wind, I will be doing about 30-35 knots and can easilly sail upwind with about 300cm^2 of fin area, but I won't be able to go upwind if the wind drops off because my speed will have greatly dropped. In space there is no way to have a centreboard to prevent the lateral forces pushing you sideways since there is nothing for it to react against.

    I'm also not sure about the "aerodynamics" of a solar sail - as I described above, a modern sail works very much like an aeroplane wing when reaching and relies on the air have a laminar flow over both sides of the sail. I very much doubt photons are going to have a laminar flow over your sail so the sail isn't going to be anywhere near as efficient for reaching as boat or windsurfing sail. In windsurfing the most efficient point of sailing is on a slightly broad reach - i.e. the wind is coming from one side and slightly behind you, I would expect the most efficient use of a solar sail would be on a run.

  16. Re:another idea stolen :P on Clear Solar Panels Double As Projection Screens · · Score: 1

    Maybe they rely only on a part of the suns rays and not all of it?

    Well as I understand it (I could be completely wrong here), normal silicon photovoltaic cells are essentially very thin diodes with a large surface area. When a photon (within the required energy band) hits an electron in the silicon it pushes the electron through the junction, giving up some of it's energy to do so. Since the junction forms a diode, the electron can't get back across the junction, producing a current which flows through whatever circuit you've attached to the cell.

    Since the energy of a photon determines it's wavelength, I'd guess that giving up the energy in the solar cell would produce a red shift in the light?

    According to how stuff works, in order to free the electron, the photon must be within a certain energy band - too low and it passes through unaltered, too high and the excess energy is lost (it doesn't explain where that energy actually goes - must go somewhere).

  17. Re:Just do what I do on Passwords - 64 Characters, Changed Daily? · · Score: 2, Insightful

    What I never got was this: If I have a password, and no one else ever knows it, AND I check my logs so I know if someone is trying to hack my account, what good does changing it anyway?

    Yep, I don't think there is a need to change passwords until someone uses one to compromise your system: if you change passwords every 6 months, what are the chances that someone cracking it coincides with you changing it. If someone cracks your password they're going to use it immediately, not wait 6 months until you change it.

    The biggest problem with users is that they don't give any thought to security so are open to social engineering...

    "Hello, this is the system administrator - I'm investigating a problem with your email and I need your password to check it"
    "Oh ok, it's 'Fubar'"

    Did you check that that was actually the sysadmin? nope.
    Does the sysadmin even need your password to access your email? unlikely.

    So long as noone gets hold of your /etc/shadow (which would allow them to brute-force it at a reasonable speed without leaving traces in your logs) and you didn't just give your password to some random person then you're pretty much fine.

  18. Re:Just do what I do on Passwords - 64 Characters, Changed Daily? · · Score: 2, Insightful

    Frankly, I think the best bet is to encourage users to just select longish (>8 characters), complex password (no word substrings, more than just alphabetic characters, etc), but don't force them to change it. After all, brute-forcing a complex, 8-character password is still a fairly difficult process.

    I agree with this, although the people enforcing the passwords should really be asking what level of security do they need. Forcing people to have the most complex passwords possible all the time encourages people to write them down on a post it note and stick it to their monitor.

    There are different levels of security needed - an email password is usually not as important as a banking password, so forcing them both to abide by the same security rules seems wrong - the banking password should indeed be very strong since there is an incentive for someone to break it, whereas the email password is not especially important and it is probably worth allowing the user to have a slightly more memorable password.

    There is also some self-discipline involved here - users should be encouraged to have a number of passwords for different levels of security - it is a good compromise between one password for everything (not a good idea) and a different password for everything (impossible to remember). I myself have a few levels of passwords:

    Root password
    Normal user password
    Banking password
    Password for stuff I don't really care about (mailing lists, etc).

    I think sooner or later we will stop using complex passwords and instead use a challenge/response system - the user can carry a key around with them which they could plug into a USB port, etc. The server connects to the key over the network and does a cryptographic challenge. The key sends a cryptographic response to the challenge which confirms it's identity. It would probably be wise to have the user enter a PIN to prevent someone immediately using the key if it is stolen.
    This has many advantages over passwords:
    - it is actually something physical - you know when it's been stolen and can revoke it ASAP
    - if designed correctly, the key is essentially uncopyable since it never reveals it's encryption key
    - both the key and the server systems can be designed to reduce the ability to brute force the keys - the server can induce a delay after an incorrect response, the key can do the same if you enter the PIN incorrectly. And the key could be designed to destroy itself if the pin is entered incorrectly too many times.

    This type of system would be by no means costly and would be far more secure than the current system involving people actually having to use their brains.

  19. Re:The problems of Biometrics on Estonia Tests "Contactless" ID-Cards · · Score: 1

    just cut off the affected finger :)

  20. Re:so ? on Estonia Tests "Contactless" ID-Cards · · Score: 1

    but otoh, UK is against just about anything new :-)

    I think in general we're not against everything new here in the UK - infact we're generally quite pissed off at usually being the last to get something. The problem ATM is that the government wants to bring in a ill thought out ID scheme which will cost us tax payers millions, won't do any good, and most of the population don't want it. Unfortunately that goes for everything this government does - huge nationwide protests about the amount of tax on fuel, government does nothing. Huge protests about going to war with Iraq - government still goes ahead with it (despite the flawed evidence including outright lies). And now, the population protests about the ID cards (which the government's own reports says are going to be pretty useless) and guess what, the government is still going ahead with it.

    They have no chance of winning the next election, and good ridence to them.

  21. Re:Secret to the fast release revealed! on MSIE 7 May Beat Longhorn Out The Gate · · Score: 1

    I hope microsoft have patented their innovative features like tabbed browsing :)

  22. Re:Spyware is just another form of a virus on Analysis of Spyware · · Score: 1

    Nope, what the media call "virus" is nothing to do with anything. The media definition of "virus" is any bad software (what non-media types with a clue call malware).

    A virus is a piece of malware that embeds itself in other programs. This is often done by gluing the malware code onto the end of an innocent executable and modifying the start of the real program so it jumps to the malware code first.

    AFAIK there hasn't been a virus written in a _long_ time.

    By contrast, most of what the media call viruses these days are trojans, worms or a trojan/worm hybrid:

    Trojans are pieces of malware that claim to be something innocent. They rely on the user being gullible enough to execute them, whereupon they either deliver their payload immediately or become resident in memroy and deliver their payload at a later date.

    Worms are pieces of software that propogate across a network and require no intervention from any users.

    So the modern email-bourn malware is a combination of a trojan (requires the user to execute it manually) and a worm (once executed, tries to spread over the network). They are most definately _not_ viruses since they do not embed themselves in legitimate software.

    IMHO virus writing has really gone down hill - viruses used to be well coded (often in assembler) things that did some fairly complex stuff in a very small space. Modern malware by comparison is badly coded, buggy, probably written in visual basic by someone who hasn't the first clue how to code and often does nothing more complex than copying itself into the startup folder when executed.

  23. Re:That's fine... but on Anti-Wi-Fi Wallpaper · · Score: 2, Interesting

    Or you could simply use wired networks.

    In situations where wired networks are a good solution I see absolutely no reason to use wireless networks - wired networks are faster, more reliable, more secure. However there are a lot of situations where wireless networks are useful - I have a wireless network so I can move my notebook anywhere in my house without having to get tangled up in long network cables. On a factory floor I can see many times where you might want to access the corporate LAN or the internet without having to plug cables in. Like it or not, there are many situations where a wired network in impractical, but IMHO if you don't understand security you have absolutely no business setting up a wireless network - go pay someone who has a clue and get them to do it.

  24. Re:What, you want me to put wallpaper on my window on Anti-Wi-Fi Wallpaper · · Score: 1

    Get real... the people who want security in the first place WON'T USE WIFI.

    No - people who want real security will use secure protocols over WiFi. I want security, and as such I run IPSEC over my WEP encrypted 802.11g network.

    Of course a bit of driving around Southampton (UK) shows that there are a hell of a lot of insecure networks and a worrying number where the access points are left in their factory default configuration.

    People who don't understand security should not be allowed to set up any publically accessible networks (publically accessible == internet facing or wireless). Like it or not, security does (and probably always will) involve a clue and no amount of whinging by the unwashed masses is going to change that. And why should it - you don't expect someone with absolutely no idea about cars to be able to rebuild their car engine do you?

  25. Re:That's fine... but on Anti-Wi-Fi Wallpaper · · Score: 2, Insightful

    Seems like a far more sensible (and cheap) way to deal with the insecurity of wireless networks is to use frickin' secure protocols!

    I mean, how hard is it to run IPSEC over the network?!?