Return-Path: <sentto-279987-3908-1006287717-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 20 Nov 2001 12:24:08 -0800 (PST) Received: (qmail 10135 invoked by uid 510); 20 Nov 2001 20:20:34 -0000 Received: from n9.groups.yahoo.com (216.115.96.59) by all.net with SMTP; 20 Nov 2001 20:20:34 -0000 X-eGroups-Return: sentto-279987-3908-1006287717-fc=all.net@returns.groups.yahoo.com Received: from [10.1.4.56] by n9.groups.yahoo.com with NNFMP; 20 Nov 2001 20:21:55 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 20 Nov 2001 20:21:56 -0000 Received: (qmail 44786 invoked from network); 20 Nov 2001 20:21:56 -0000 Received: from unknown (216.115.97.171) by m12.grp.snv.yahoo.com with QMQP; 20 Nov 2001 20:21:56 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3.grp.snv.yahoo.com with SMTP; 20 Nov 2001 20:21:54 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fAKKN5f01150 for iwar@onelist.com; Tue, 20 Nov 2001 12:23:05 -0800 Message-Id: <200111202023.fAKKN5f01150@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 20 Nov 2001 12:23:05 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [risks] Risks Digest 21.76 (fwd) Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Date: Fri, 16 Nov 2001 12:03:56 -0700 From: Brett Glass <brett@lariat.org> Subject: IP: 800 directory "assistance" redirecting calls [From David Farber's IP http://www.interesting-people.org/archives/interesting-people/] IPers might be interested in something that happened to me today. I am planning a trip to Denver, and wanted to stay at the Adam's Mark hotel. Not knowing the toll-free number for the chain, I called 800-555-1212 (toll-free information) to ask for the number. "Toll-free directory assistance, powered by TellMe!" said a recorded message. I told the recording that I wanted the number of the Adam's Mark. However, instead of receiving the correct number for the chain (listed on their Web site as 800-444-ADAM), I received a different number: 800-866-5038. This number was not actually the number of the hotel chains, but rather that of a third party room wholesaler in Orlando, Florida. Calling the correct number, I confirmed that the hotel chain had no idea that calls were being diverted to a third party. As the economy continues into recession, we are likely to see more and more instances of "customer hijacking," in which companies -- perceiving their markets as a zero sum game -- work to grab customers from one another in any way possible, regardless of ethics. "Slamming," and the hijacking of ISPs' DSL customers by ILECs, are only two of the many other hijacking techniques which are now becoming prevalent in slowly growing, or shrinking, markets. Brett Glass ------------------------------ Date: Fri, 16 Nov 2001 09:53:48 +0000 (GMT) From: Ian Chard <ichard@cadence.com> Subject: Paperless billing and opening a bank account I recently opted for paperless (i.e., e-mailed) billing from both British Telecom and my electricity provider, and am now finding that's it's much harder for me to convince some financial institutions of my identity. Many banks insist on a "recent utility bill" [1] as partial proof of ID, and the application processing staff seem to be trained to reject anything that looks remotely unusual. Unsurprisingly, they rejected a printout of my "e-bill" as well as my (paper) gas bill, as I'm not on mains gas and they hadn't heard of the supplier. The only way I could satisfy them was to ask the electricity company to provide a printed copy of my bill (something they tried to charge me for). Ironically, this was an application for a paperless account! [1] Of course, this means that the bank have an implied trust in the utility companies to do some checking of their own. Ian Chard, Unix Systems Administrator, European IT, Cadence Design Systems Ltd The Alba Campus, Livingston, Scotland EH54 7HH +44 (0)1506 595019 ------------------------------ Date: Fri, 16 Nov 2001 10:49:44 -0000 From: "Chris Leeson" <CHRIS.LEESON@london.sema.slb.com> Subject: Metro Headline: "Windows hacked in hours" The 01 Nov 2001 edition of Metro (a free newspaper in London) had this article on the front page, which began as follows. "Hackers cracked and copied Microsoft's much-lauded new Windows software within hours of its launch, it emerged last night. Black market copies of the supposedly uncrackable Windows XP, which took 16 years to develop, are already on sale for 5 pounds." After making a reference to Microsoft's advertising, the article goes on to mention that: - Hackers were exploiting two "simple security loopholes" - One of these was a security key "now widely available on the Internet" - Microsoft had admitted that illegal copies were already on sale in China. Not being an expert on such things, I cannot comment on the "security loopholes", but I thought that the "16 years to develop" was a classic! ------------------------------ Date: Thu, 15 Nov 2001 16:00:44 -0500 From: Jonathan Epstein <Jonathan_Epstein@nih.gov> Subject: Windows XP accounts by default are administrator with no password The Register has an entertaining article: http://www.theregister.co.uk/content/4/22863.html which, among other things, points out Microsoft Knowledge Base article Q293834: http://support.microsoft.com/support/kb/articles/Q293/8/34.ASP whose summary reads: "After you install Windows XP, you have the option to create user accounts. If you create user accounts, by default, they will have an account type of Administrator with no password." ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST