Mailinglist Archive: opensuse (1108 mails)

< Previous Next >
Re: [opensuse] Fax vulnerability
On 2018-08-17 14:51, Anton Aylward wrote:
On 2018-08-17 7:19 a.m., James Knott wrote:
On 08/16/2018 11:17 PM, Bruce Ferrell wrote:
I worked in the telecom business for a fairly long time in central
offices and switches.  Yes, you can record the audio tones, but a fax
modem is a VERY fussy beast and that trick tends to not work.
Years ago, software FAX modems were popular.  They were generally just
an audio card with the modem software running.  Someone who was able
could modify that software for monitoring.

Around the mid 1990s I had an in with a local company that made encryption
for FAX. Yes you needed one at each end. Their primary market was embassies
and consulates, or at least Canadian ones. Yes around the world.
And yes, international phone lines can be crappy at times.

They gave me software that let the card on my Laptop which James described do
just that hacking. And yes, with the prospect's permission we'd show how we
could not only listen in, but hijack a call and substitute a fake message.
After all, what ID does the FAX have? Just the printed header, and you can
that (or not) on any machine or software.

Ah, yes.

Also people moved the dedicated fax machine and forgot to change the
identifying header.

Then came fax modem and software allowed to put anything in there.

That firm also made PC Ethernet cards that could do encrypted exchange over
Ethernet. I thought those were a wonderful idea! That was in the days
we had printers with built in network, wifi or card readers. A printer was
connected via the parallel port to a PC that was on the network. So they
showed me a encrypted print job. They had a network analyser showing the
packets ...
So we walked over to the printer to find someone shifting though all the
printout, including our supposed secure stuff, to find his own stuff.

LOL :-)

Secure, eh?
And yes, FAX machines have just the same failure mode.
Or more.
On time I was waiting for an urgent FAX but the machine was spewing out the
long, long printout of a computer generated custom astrological chart and
prediction some secretary had ordered. Unlike TCP, voice band doesn't handle
multiple channels. By the time the astrological chart finished the window for
my 'fix' had passed. My boss was furious. A new policy was enacted: no fax
longer than 5 pages. Since our standard NDA was 6 pages ....


Those times...

I heard people did Spam using FAX, but I never saw it, because in Spain
every local phone call was charged, and not really cheap.

Cheers / Saludos,

Carlos E. R.
(from 42.3 x86_64 "Malachite" at Telcontar)

< Previous Next >