KCLUG January 2006

kclug@kclug.org

46 participants
45 discussions

RE: state of Missouri to archive cell phone location data?
by Kelsay, Brian - Kansas City, MO 31 Jan '06

31 Jan '06

>From the Article: "The program charts drivers' relative speed by measuring the time between the intermittent signals cell phones send to towers along a stretch of road. Then, that information - stripped of the personal identification and serial numbers that identify the cell phone's owner - is overlaid with highway maps to determine where the phones are and how fast they are moving." This says ABSOLUTELY NOTHING about issuing speeding tickets. I assume that this is to add functionality to the KCScout system. The call for hoax on the original email stands. Though this has the POTENTIAL to do the speeding ticket thing, there is no proof that this is what it is intended for and there are still many major hurdles to overcome. -----Original Message----- From: Jeremy Turner Sent: Monday, January 30, 2006 10:41 AM I can't find a date of Feb 1, but it has been approved: http://www.kansascity.com/mld/kansascity/news/local/13314831.htm http://hardware.slashdot.org/article.pl?sid=05/11/01/159241 >From what I read, it is more for aggregate data, traffic conditions, etc. Although they could probably start tracking individual users if they wanted to. If this became more common place and people heard about it, you'd have some upset users. I've heard that OnStar can't pass on speed info to authorities. Although, they could probably be strong-armed. Jeremy

5 4

RE: getting to www servers from inside where they have an Internal IP
by Jeremy Fowler 31 Jan '06

31 Jan '06

> The "wacky" port numbers for the httpd are to keep it off low numbered > ports and run as non-root. Any suggestions for something > better and how > to do it? Well, I think the only security reason to run an http server on a port other than 80 is to hide it from the general public. Port scanners can get around this hurdle quite easily though. Plus, the fact that you SNAT port 80 to that high number port, as far as I can see, makes it useless. Might as well just run the server on port 80 and save yourself some potential headaches. > ah.. "split dns" cute term... what iptables rules can be put in the > firewall to bounce the traffic back? Tried it and failed :( Split DNS has nothing to do with iptables. Its just telling your DNS server to resolve a host to a different address if the request comes from inside your network. It would be the ideal solution. Just host you http server on port 80, and split your DNS to resolve local requests to the internal IP. Problem solved. However, if you insist on keeping the high port, you could still DNAT requests for the external IP of your http server back to the internal IP:port. So anything going to port 80 of the external IP address of your webserver thru your firewall is redirected back into your network. Try this: Assuming: External IP of HTTP Server: 63.63.63.63 Internal IP of HTTP Server: 10.1.1.3 External Port of HTTP Server: 80 Internal Port of HTTP Server: 7777 External interface of your firewall: eth0 Internal interface of your firewall: eth1 iptables -t nat -A PREROUTING -i eth1 -p tcp -d 63.63.63.63 \ --dport 80 -j DNAT --to-destination 10.1.1.3:7777

4 4

OT: Teir 1 technical support Job Opening @ VoIP company
by crash3m 31 Jan '06

31 Jan '06

We have an opening for a Teir 1 tech support rep at our company. The more tech savvy the better, though VoIP experience is not required. There is a definate chance for advancement at this position. Must have pleasent phone demeanoer. You can send your resumes to me, and I will pass them on to management. While the other techs do run windows on their workstations, you can run linux. Our service runs strictly from linux servers, so being comfortable with a shell will help, as will knowledge of tethereal/ethereal and ngrep. Good luck! Matt Luettgen -- Got gmail? I do hahaha

1 0

(no subject)
by Kelsay, Brian - Kansas City, MO 31 Jan '06

31 Jan '06

Where's my tinfoil hat today? Is it work release day at the nuthouse? -----Original Message----- From: kclug-bounces(a)kclug.org On Behalf Of James Nelson Sent: Monday, January 30, 2006 3:13 PM It's a heck of a lot more simple than that and it's not only the U.S. Government that can 'tap' your calls at will. Check out this Fox News story from 2001: http://www.informationclearinghouse.info/article6480.htm > -----Original Message----- > From: kclug-bounces(a)kclug.org On Behalf > Of David Nicol > Sent: Monday, January 30, 2006 2:53 PM > To: kclug; kcpm > Subject: more hot gossip to distract you from your real work > > ---------- Forwarded message ---------- > From: Marsee Henon <> > Date: Jan 30, 2006 10:11 AM > Subject: O'Reilly Podcast Includes NSA Wiretapping News Scoop > To: kcpm-moderate(a)davidnicol.com > > > Hello-- > > "Distributing the Future" this week features a scoop we > thought was worth sharing: > > Wiretapping doesn't require someone lurking in the bushes with a > directional antenna and headphones, or a pair of aligator clips and a > tape recorder, or someone sneaking into your room while you're out to > place a transmitter on your phone. In the U.S., if it's the government > doing the wiretapping, it's technically simple. At the O'Reilly Emerging > Telephony Conference Jack Herrington, author of "Podcasting Hacks" > interviewed Electronic Frontier Foundation Chairman of the Board Brad > Templeton about the technical, social, and political aspects of > wiretapping. At the end there's a nice juicy hint about upcoming action > from the EFF with regards to the recent NSA wiretapping case. > http://www.oreillynet.com/future > > --Marsee

4 3

more hot gossip to distract you from your real work
by David Nicol 30 Jan '06

30 Jan '06

---------- Forwarded message ---------- From: Marsee Henon <marsee(a)oreilly.com> Date: Jan 30, 2006 10:11 AM Subject: O'Reilly Podcast Includes NSA Wiretapping News Scoop To: kcpm-moderate(a)davidnicol.com Hello-- "Distributing the Future" this week features a scoop we thought was worth sharing: Wiretapping doesn't require someone lurking in the bushes with a directional antenna and headphones, or a pair of aligator clips and a tape recorder, or someone sneaking into your room while you're out to place a transmitter on your phone. In the U.S., if it's the government doing the wiretapping, it's technically simple. At the O'Reilly Emerging Telephony Conference Jack Herrington, author of "Podcasting Hacks" interviewed Electronic Frontier Foundation Chairman of the Board Brad Templeton about the technical, social, and political aspects of wiretapping. At the end there's a nice juicy hint about upcoming action from the EFF with regards to the recent NSA wiretapping case. http://www.oreillynet.com/future --Marsee ================================================================ O'Reilly 1005 Gravenstein Highway North Sebastopol, CA 95472 http://ug.oreilly.com/ http://www.oreilly.com ================================================================ -- David L Nicol "It is pointless to give advice and sometimes dangerous to take it." -- Gore Vidal

2 1

Permissions for webadmin access on FC4
by Jon Moss 30 Jan '06

30 Jan '06

I know I'm probably going to get slammed for being an idiot, but oh well . . . I've finally got some help (volunteer) for the church webserver I host at home. It's an FC4 server with Apache 2.x installed. She's from the M$ world and asking me about ASP and DreamWeaver access, which I told her was a no go. Learn PHP! :) Anyway, I created a webadmin account that I want to have full access to the /var/www/html folder tree. I added that account to the apache group, but that didn't work. What is the proper process for accomplishing this? I don't want to give this person root access to the server. -- Thanks very much, Jon Moss jon.moss(a)cnonline.net

2 3

OT: D&D video
by Jeremy Fowler 30 Jan '06

30 Jan '06

Funniest damn video I've seen in quite awhile... http://video.google.com/videoplay?docid=7521044027821122670

1 0

RE: state of Missouri to archive cell phone location data?
by Kelsay, Brian - Kansas City, MO 30 Jan '06

30 Jan '06

Sorry, but none of those links said anything about Missouri, nor about specifically tracking us to check our speed. I'm telling you that right now, one specific cell provider that I know of, Sprint, is overwhelmed by the number of cell records requests of all forms. It is not fully automated, I'm assuming a human has to have security access and such to request and process each request. There is NO interface there for them to track speed, only general location during a selected period. As your Ledger article reveals, they only have resolution down to about 300 yards. And how do they know what car I'm in or if I'm on a bus, train, passenger in a car, jet or whatever? I still call BS. -----Original Message----- From: Jeremy Fowler [mailto:JFowler@westrope.com] Sent: Monday, January 30, 2006 10:27 AM > > Sorry to be a kill-joy, but I call hoax. > Maybe not... http://www.stallman.org/archives/2005-sep-dec.html#13%20December%202005% 20(Cell%20phone%20to%20track%20people) http://www.theledger.com/apps/pbcs.dll/article?AID=/20051210/ZNYT01/5121 00416/1001/BUSINESS http://news.bbc.co.uk/2/hi/programmes/click_online/4534674.stm

1 0

RE: state of Missouri to archive cell phone location data?
by Kelsay, Brian - Kansas City, MO 30 Jan '06

30 Jan '06

Do we put this in the hoax category along with the emails that insist Bill Gates will give us all money or send us to DisneyLand if only we forward this message? I'm guessing that someone just wants to get a few speeders to hang up the bloody phone while driving. I imagine this would've made a far bigger splash in the news if real. If it is real, then how about a link to some real info? Which engineering firms? >From what I understand from Sprint employees who actually do this by Federal subpeona, it's a pain in the ass and not something they could do for everyone at the same time. It's not like you get a little Google Map of all users within a cell zone moving around. Real life is not as cool or technologically advanced as the movies make it out to be. Sorry to be a kill-joy, but I call hoax. Brian http://www.snopes.com/ http://urbanlegends.about.com/od/internet/a/current_netlore.htm http://hoaxbusters.ciac.org/ -----Original Message----- From: On Behalf Of David Nicol enjoy ---------- Forwarded message ---------- From: Margaret Q <margaretq(a)gmail.com> Date: Jan 28, 2006 1:24 PM Subject: Re: MO's contract begins feb 1 in KC and St. Louis. REALLY briefly 'cuz I'm swamped. The state of MO has contracted with 2 engineering firms to track divers by cell phone. All cellphones have tracking chips. In modern phones - there is a setting that allows you to disable the tracking device for all but 911 centers (which allows them to track emergency calls in case of instances where you cannot communicate addresses). You cannot disable the 911 tracker. Starting Feb 1, the state of MO will use the SAME tracking channel/whatever its called to track ALL motorists. If you have a cell phone on - it is tracking you and entering your locations, times, speeds into a database. The database allows them to search for specific people's records of movement as well as general area traffic flows. The stated reason is to collect traffic flow information to build better roadways. And the state hopes to begin using it to issue traffic TICKETS by mail (hence all the personal info attached). You speed - they'll know. The deal also lets the state have access to your cell phone records. (Which is actually amazingly easy to do. I could get your cell phone records if I knew JUST your name and social security number and carrier) Missouri is the ONLY state to attempt this thus far. And it is not unlikely that this will end up in court quickly - but until then - the govt is tracking your movement. At this time Kansas has no such plans. The system is being tested in Kansas City and Missouri beginning feb 1. It will eventually be statewide. This was discussed at length on KCUR on Monday. It is also a story we are considering covering for our news show. Citizens of MO are STRONGLY encouraged to write Matt Blunt and the Dept of Transportation and let them know you are opposed to this use of technology and consider it invasive and an infringement on you right to privacy. how this story slipped under everyone's radars (pun half intended) until now is AMAZING. The point is that if your phone is ON - you are being tracked in these areas. Because the signal goes through cell towers - if the phone is turned OFF, the tracking device cannot transmit information. You cannot otherwise disable this. Vehicles with ONSTAR in service will be tracked regardless. You cannot disable that short of cancelling OnStar service. however - turnign off your phone also keeps emergency dispatchers from being able to track you in cases of emergency.

2 1

Samba, PAM, LDAP and SASL
by Jack 30 Jan '06

30 Jan '06

Just doing some playing around. I want to use one of my PCs on my home LAN as a fileserveer. Mainly, the idea is to share the directory of family photos locally. I know all I really need here is samba. But I thought I mught as well use PAM to do authentication. Which led me to consider using LDAP and SASL. Why? I don't know. He's on third. Anyway after having installed Samba, and relevant PAM modules and SASL and LDAP and setting up an LDAP server, I'm left wondering what LDAP is really useful for? I've read the FAQ, quickstart guide, several HOWTOs and the Administrator's manual. I have a working LDAP daemon running, but am left wondering what to do with it. Does anyone use LDAP? How? Why? Now at some point I might like allowing some of my remote family members to access this content from outside. Which was one reason I thought I'd play around with some of these tools. So that I could add users without creating local accounts, and also to maintain a single password database for managing passwords. Thanks. Brian JD

2 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

KCLUG January 2006