Bulletin Board #18
#1
I'm posting this in order to reinforce the necessity of providing me with the CORRECT e-mail address when you are asking to be removerd from the list. I apolologize if the following language offends anyone, but this is what I receive when I'm not provided correct information.
"For the umpteenth time WILL YOU PLEASE TAKE ME OFF YOUR DAMNED MAILING
LIST? I am getting tired of asking so just fucking do it NOW."
This individual apparently has two or more e-mail addresses. The one the above message was sent from is no where on any of my mailing lists. I DO have an e-mail address that has the same info before the @ sign, but the last portion of the address is different. I asked the individual to respond to the above inquiry and confirm whether he/she was using TWO e-mail addresses or not. It has been almost a week and still no response. I guess I'll get one when this message arrives at the "other" e-mail address.
Please provide the correct address when asking to be added or removed; it is as simple as that.
#2
From: "Steve Uhrig" [Steve@swssec.com]
Subject: Cell intercept place out of business?
Once upon a midnight dreary, Tim Johnson pondered, weak and weary:
Trace,
I tried contacting the company that manufactured/sold the 10 channel cellular interceptor, with no results. Their phone just rang and rang; are they still in business?
Tim, I wasn't following this thread, but if the company being
referred to was Tech Support Systems (or something similar), Jude
Daggert and Gilbert Walz, they are in jail after beign busted by the
Secret Service for selling their Cellmate to anyone who walked in the
door with $$$.
Enforcement has been very vigorous of places peddling cell intercept.
A few weeks ago I got a letter from a security company who had been
trying to broker the things. They had mailed a catalog earlier with a
cell intercept system. The FCC sent them a cease and desist letter,
and required them to mail a copy plus a cover letter to all persons
recently receiving their catalog.
We get maybe one call a month from someone trying to sting us on our
pager intercept system. Well, we've sold over 300, and every single
one had a piece of paper stating it was going to a government agency.
I wouldn't want to be inquiring about purchasing these things now.
You don't know who or who not to trust.
As the emperor said to Claudius in "I, Claudius", "Trust no one, my
friend. No one."
Read between the lines. I can't say any more.
Regards ....... Steve
Steve Uhrig, SWS Security, Maryland (USA)
Manufacturers of electronic surveillance and commo equip
mailto:Steve@swssec.com
tel +1+410-879-4035, fax +1+410-836-1190
Celebrating our 25th anniversary in 1997!
"In God we trust, all others we monitor"
#3
From: PAPADUKE@aol.com
To: dbugman@amug.org
Subject: Re: Cell Phone Monitoring
The questions from "Chrissie" raised a question in my mind: how does the
private security sector determine what type of information to provide to
allegedly commercial customers, particularly OCONUS? You don't have to be
particularly paranoid to realize that a more than just a "European television
station" would like the answers to some of her questions. And, once
provided, they all will!
From Tim Johnson
My response is and always will be, the bad guys already have access to the information; they have the money and the capabilities to get what they want. The general security sector and public sector is naive about what can be done. If you don't believe that, ask for a conference with almost any corporate security director and ask what the technology threat is, from their point of view. Most aren't aware of where to obtain info on cell phone monitoring, or credit card fraud, or "keystroke monitoring, or anything else of that nature.
I believe we should pull our heads out of the sand and start educating the security sector. We will not tell them anything that isn't already available "out there" to anyone who wants to learn about it.
Now, go ahead and take your shots at me; I really stuck my neck out with this one. :>)
Tim Johnson
#4
Date: Mon, 21 Apr 1997 21:59:16 -0700
From: John Runyon [runyon@sunline.net]
The following was part of an e-mail from Bob. I don't need it because I don't intend building one. If you're interested, Bob may make it available to you once he determines who you are. He runs things a little close to the vest.
I see on the BB that you mentioned about my modification of the cell-fone. Did
you want that modification? It is quite lengthy becasue it involved alot of
cutting traces in the pc board and installing some jumpers. It also requires the
addition of a small outboard circuit to translate the channel changing
instructions data into instruction for the frequency synthesizer sub-assembly.
This one is designed for a 127/128 modulus using Hitachi phase-lock loop and
frequency synthesizer chips. I admit that it is old fashioned, but Idesigned
this long before all the control units came out.
#5
From: WillardM1@aol.com
To: dbugman@amug.org
Subject: Re: Cell Phone Monitoring
Tim.
Keystroke monitoring! The sky's the limit if an employee is connected to a
company LAN or WAN. There isn't anything an employee does that the employer
can't audit, provided the LAN or WAN runs on the right software.
My job, as a System Security Engineer for Allied Signal Technical Services
Corporation, is to assure that computer systems we deliver to our customer,
the AF SCN, which process Sensitive But Unclassified (SBU) information or
higher, have the capability to audit individual user activity.
For practical reasons, particularly on large networks, the System
Administrator, uses this capability to screen for unusual, security-relevant
activity: somebody without proper authorization (access privileges)
attempting to open files they aren't cleared for or attempts to modify the
system's security mechanisms to increase his access privileges.
When suspicious events like these are detected by the System Administrator
(who, depending on the sensitivity of the information the system processes,
is required to review the audit logs at a specified frequency: monthly,
weekly, daily, etc.) he can modify the audit features to focus on the
particular user so that, in the user's subsequent sessions, a more complete
record of that user's activity is recorded on the audit log. The audit
mechanism, when set to the maximum capability, records every stroke a user
executes and displays it in real time on the System Administrator's monitor,
where it can also be saved by the administrator as a separate file as
evidence in an administrative or judicial proceeding. The audit mechanism is
obviously far more robust than a tool for recording a user's key strokes.
It should be noted here that this capability is a prerequisit for
certification and accreditation of AF computer systems that process SBU or
higher information. No system, which can sometimes mean a single work
station, can be operated unless and until it has been certified and
accredited. There are security mechanisms in addition to audit required to
qualify for C&A. In some instances a Designated Approving Authority, will
grant C&A for a system that lacks one or more of the security mechanisms
required. In those instances, which are becoming increasingly rare, the DAA
assumes the risk.
Of significance to Chrissie is that some commercial, off-the-shelf (COTS)
operating systems have been certified by the US Government for use on C2
systems (SBU) because they include the requisite security mechanisms for
systems operating at that level of security. The most popular of these is
Windows NT. It includes the audit mechanism described above and is widely
used in commerce and industry. Consequently, any firm that use that Windows
NT (starting with Version 3.1) have the capability to audit an employee's
activity.
One word of caution. Using the security mechanisms embodied in capable
systems comes at a cost. It requires technically qualified staff (not
impossible to find), additional hardware (storage devices for the audit logs,
for example) and a significant investment in time (which effects the firm's
bottom line). Therefore, just because a firm adopts Windows NT as its
standard operation system doesn't mean it will use the audit capability or
even recognize that it exists.
Regards,
Bill
#6
From: "O.R.T.S." [orts@cybervault.com]
To: [dbugman@amug.org]
Subject: National Legal Video Association
Tim:
Interestingly enough, we were "extended" a free one year membership with
the National Legal Video Association and received a nice Certificate of
Membership. Don't know where they got our information from, nor whom they
represent.
Perhaps others on the list may have some input.
We did briefly check out the Association and found that they are not listed
in major association directories nor is their phone number currently
listed. They may be so new that the rest will follow. They do have a web
site at www.nlva.com and include a listing of "members"; we are listed
without our permission or knowledge.
Before we do more checking on these folks, anyone with information about
this Association would be appreciated.
M. D. Goslar, Ph.D., Principal
Organizational Research & Technology Services
"Internet Intellectual Property Business Military
Research, Investigations & Consultation"
P. O. Box 22169, Phoenix, AZ 85028-0169 USA
V: 602.867.3013 F: 602.867.3030 Email: orts@cybervault.com
#7
I'll be on the road a lot for the next month, going to St Louis this week and Middle California nest week and have training scheduled for the middle of the month for a foreign government, so the Bulletin Boards will be a little spotty.
But please go ahead and send your entries and responses.
Tim
#8
AF Civilian Career Program Vacancy Announcements
The following vacancy announcements are for career program positions that are either hard-to-fill, have been added as newly covered by a career program, or have specialized or specific recruiting requirements. Current civilian Air Force personnel eligible to register in the career program shown should contact their civilian personnel office and register using the appropriate career program identifier and geographic availability code shown. With the exception of the Vacancy announcements for the Intern Programs, these vacancies are open to Air Force employees only. Visit the site at:
http://www.afpc.af.mil/civ_car/vacancy/vac.htm