Received: by bu-cs.BU.EDU (5.58/4.7) id AA23281; Wed, 25 Jan 89 02:36:42 EST Message-Id: <8901250736.AA23281@bu-cs.BU.EDU> Date: Wed, 25 Jan 89 1:42:03 EST From: The Moderator Reply-To: TELECOM@bu-cs.BU.EDU Subject: TELECOM Digest V9 #28 To: TELECOM@bu-cs.bu.edu TELECOM Digest Wed, 25 Jan 89 1:42:03 EST Volume 9 : Issue 28 Today's Topics: PINs and Calling Cards as credit cards Re: Pacific Bell Calling Card Blunder Kredit Kard Kwestions Re: Cellular Setup Re: Cellular Setup videotex EHKP-protocol Where To Find Telecom Archives [Moderator's Note: This is *part two* of two parts for Wednesday 1-25.] -------------------------------------------------------------------- Date: Tue, 24 Jan 89 13:31:09 CST From: Will Martin -- AMXAL-RI To: telecom@bu-cs.bu.edu Subject: PINs and Calling Cards as credit cards The recent discussion on PINs on cards in cleartext, and the Moderator's Note in Digest #23 on treating a Calling Card like a credit card (in regard to the individual being responsible for the first $50 in illicit charges on that card if it is stolen) prompts this note: First off, here in SW Bell territory, the PIN has *always* been on both the cardboard SW Bell calling card and the plastic AT&T card. So I was a bit taken aback when reading the posting of the individual who was outraged that the PIN was on his new card. I would contend that NOT having it on the card was the exception, and his telco was merely coming into line with the other BOC's in putting it on the card. (This is not a claim that having it on the card is a *good idea*; it just is how things are.) As regards equating calling cards with credit cards, I think I differ with the moderator on this. Also, I would be interested to see references which state that the calling card actually does fall under the federal credit-card regulations. As I recall, I never did request a calling card. It was sent to me by the telco on their initiative. I seem to recall that credit cards sent by an issuer when there was no specific request or application for them made by the individual do NOT fall under the $50 rule, but that those are specifically exempted. Also, I don't think that credit cards can legally be sent out to non-requesters, like they used to be. (If you recall, years back, firms like oil companies would send out credit cards en masse to college graduating classes and suchlike groups. That no longer happens. I think that was made illegal.) Since I haven't changed phone service in many years, I have no way of knowing how calling cards are now distributed. Maybe some others on the list can post their experiences; do you get a calling card in the mail automatically without requesting it when you set up new phone service? Or do you have to specifically request one to receive one (in writing or just verbally)? The other aspect that makes me wonder if calling cards are legally equivalent to credit cards is the fact that there is usually a secondary element of identification with the use of a credit card. In person, there is a signature. For telephone orders of merchandise to be shipped, some firms will ship only to the address-of-record of the credit card holder. (This latter admittedly breaks down, especially with regard to having gifts shipped to other people at Christmas, etc.) Plus there is a verification or check with the credit card company for charges over a certain dollar amount. Calling cards have no such secondary identification, nor do they have the verification process. (If they DID have the PIN issued separately, and require the user to type it in to complete the call, like an ATM requires for a transaction, then they *would* have a secondary identification, of course.) I believe that the calling-card-number info is stored and then run through the billing process in batch mode daily, right? So the use of a stolen calling card or an illicitly-acquired number would only be detected after-the-fact in that batch run. (I may well be wrong on this -- maybe there is a massive central on-line database to catch illegally-used calling card numbers as they are used. Is there? There would have to be one for each LD carrier, I guess...) All this leads me to contend that calling cards are not legally the same as credit cards. Therefore, we cannot maintain that regulations referring to credit cards apply to calling cards. However, that doesn't mean that tarriffs or contracts do not contain wording that may actualy result in the obligations of a calling card holder being similar to those of a credit card holder. But that would then differ with each issuer. Will Martin ------------------------------ To: comp-dcom-telecom@rutgers.edu From: ron@hardees.rutgers.edu (Ron Natalie) Subject: Re: Pacific Bell Calling Card Blunder Date: 24 Jan 89 16:37:40 GMT Actually, there is no excuse for carrying around your telephone credit card anyhow. As I only rarely find a phone with a reader I almost always type it in after the DONG. I just do this from memory. If I'm calling home, which I usually am, at least AT&T lets you hit just the pin after the DONG which is even faster. -Ron [Am I the only one that terminates the call with the # so I can tell the nice lady who says "You may dial another number now," "No, thank you, I'm finished now." ------------------------------ Date: Tue, 24 Jan 89 10:50:48 EST From: Jerry Glomph Black To: telecom@bu-cs.bu.edu Subject: Kredit Kard Kwestions First, a comment on the PIN brouhaha: AT&T cards (and BOC cards) always have had your PIN number right on the card, but as it's a 4-digit number, most people can remember it. There are numerous ways to write down your secret code numbers on a wallet card so as to maintain security: use 10's complement, or subtract 1 from each digit, or you-name-it. I'm a bit perplexed by the 'international' number on the bottom: 1M,<10-digit phone no.>,<1 digit>. It seems pretty easy to guess or 'exhaustively' determine the digit for anyone, if it only takes a maximum of 10 tries! A mundane question: I have a Sprint FON card. It gives the 800-877-8000 number to access the service, but no mention of a 950-1022 or whatever the local access # is. Do you get a cheaper rate if you avoid the 800 number? The scanty documents which accompanied the card give no clue. Is this another case of deviousness, or what? JG Black, black@micro@LL-VLSI.ARPA ------------------------------ To: comp-dcom-telecom@rutgers.edu From: ron@ron.rutgers.edu (Ron Natalie) Subject: Re: Cellular Setup Date: 24 Jan 89 17:41:05 GMT > Question: Is it possible to access cellular setup channels and place > fraudulent call with a ham radio? Technically no, because a radio operating on the appropriate freqencies would not be an amateur radio. The words "ham radio" is a synonym for amateur radio, a regulated radio service by the FCC that allows radio enthusiasts to construct and operate their own radios. The modes of operation and frequencies in use are well defined by the commissions rules. Use of the term to mean any person building his own radios (for degenerate purposes) is like the bastardization of the term hacker. Please avoid doing it. It is by far easier to defraud the phone company by modifying a legitimate cellular telephone. The thing already does most of the work (the radio part and most of the dialing). All you have to do is hack the roms a bit to make them operate with phony ID's. -Ron [Moderator's Note: It is far easier to go to the penitentiary that way also. Remind me to search my files for the newspaper story of the fellow here in Chicago last year who was convicted of operating a 'reprogramming for profit' cellular phone 'repair shop'. When IBT security representatives, Chicago police and FCC personnel raided his place, they found not only cellular phones being liberated from billing constraints. It seems the dude was also into freeking CB radios; getting them broadbanded and oscillating in the ten meter band. Six months in the custody of the Attorney General or his authorized representative followed by two years federal probation is not my idea of how to spend my summer vacation. P. Townson] ------------------------------ To: telecom@bu-cs.bu.edu From: dave@rutgers.edu (Dave Levenson) Subject: Re: Cellular Setup Date: 25 Jan 89 03:29:34 GMT In article , boottrax@csd4.milw.wisc.edu (Perry Victor Lea) writes: > Question: Is it possible to access cellular setup channels and place fraudulent call with a ham radio? It is probably possible to place a fraudulent radio telephone call from an amateur radio station, but it's easier (and just as illegal) to use a cellular telephone set. When a valid call-attempt is made, the cellular telephone set transmits its phone number and its serial number (an electronic PIN), as well as the number dialed by the user. The local cellular carrier is supposed to validate the combination. A cellular telephone user who fiddles with the proms or other administerable memory can probably impersonate a valid subscriber. It may be high tech, but it's functionally equivalent to stealing and using another telephone subscribers calling card number. -- Dave Levenson Westmark, Inc. The Man in the Mooney Warren, NJ USA {rutgers | att}!westmark!dave ------------------------------ To: telecom@bu-cs.bu.edu From: tor@eva.slu.se Subject: videotex EHKP-protocol Date: 24 Jan 89 08:33:29 +200 Communications protocol EHKP for Videotex via X.25/Datapak ========================================================== The Swedish University of Agricultural Sciences is planning to participate in the Swedish Videotex system as a Videotex (database) host. We are interested in software that support the EHKP protocol for connecting to Videotex. We would appreciate any information on: - Hints on good litterature that describes the EHKP protocol. Any public domain software? - Avialable EHKP protocol software for connecting VAX/VMS minis to Videotex via X.25/Datapak or any software running under unix or MS-DOS. Features and price? Torbjoern Leuchovius ------------------------------ Date: 24 Jan 89 11:50:51 PST (Tuesday) Subject: Where Are Telecom Archives? From: "Arthur_Axelrod.WBST128"@Xerox.COM To: TELECOM@bu-cs.bu.edu Patrick, re your item in V9 #16 offering the file [TELECOM Digest Guide to North American Area Codes], or 'guide.to.areacodes' within the telecom-archives . . . Alas, I can't recall where the telecom archives are. Could you please tell me? I can FTP the file. Thanks. Art Axelrod Xerox Webster Research Center [Moderator's Gleeful Note: Ah! A chance to beat my own drum again! Thanks for asking, Art. The telecom archives is housed for the time being at bu-cs.bu.edu. Slightly under 10 megs of reading material is there for you, or anyone who wants it. An almost complete set of {TELECOM Digest} for the past 7.5 years -- it began in June, 1981 -- is available in 8 volumes. The most recent issues are in a file called appropriately, 'telecom-recent'. Many other text files are also available; some of which appeared in various issues of the Digest, much of which has not ever appeared here. Follow normal FTP protocol. After you 'ftp bu-cs.bu.edu', login as anonymous and provide a password. You would then 'cd telecom-archives', and 'ls -l' to see what all is available. Please help yourself. In the meantime, I have mailed you a copy of the North American Area Code Guide. See you tomorrow! P. Townson] ------------------------------ End of TELECOM Digest *********************