Apple USB modem 'hangs' Mac OS 10.5.2

Work around discovered!

As a recent 'switcher' from Microsoft Windows to Apple, I have been very happy with my laptop and with OS X. Happy enough to help 3 family members purchase new laptops over the last year. Along with this recommendation power, comes great responsibility, as I am now the default computer support person for these folks. One of these folks does not yet have DSL and has been happily using the Apple USB modem.

Problem
The Macbook and Apple USB modem worked fine for 8 months, until the day I installed 10.5.2 for them. Immediately after the install of 10.5.2, the OS started to "hang" whenever the Apple USB modem was used. The "hang" symptoms were that the keyboard and trackpad were unresponsive and only the power key would respond to bring up the shutdown choices. Had to hold down the power button to hard power-down the machine.

Troubleshooting
The week of 3/31/08 I took the Macbook to the Apple store's Genius Bar to troubleshoot this problem. Here are some of the things we tried:
A different modem = same problems
Used modem without any programs running = same problems
Searched the console logs for any clues (none)
Verified the dialup numbers and modem settings (OK)
Checked for 3rd party printer drivers (none)

Second opinion
A second Genius recalled an old issue where the Apple USB modem would not work with one USB port, but would work with the other USB port. We ran 2 tests in the store and it seems we are onto something here. The genius collected info with a software tool and escalated the case to Apples second level support. I will update the post if I hear back from them. Great support Genius guys!

The USB port matters
I setup my own tests to see if it mattered which USB port was used... and it does! In my tests, the USB port furthest from the magsafe power port worked every time (10 of 10 tries). Conversely, the USB port closest to the magsafe port HUNG the OS 10 of 11 tries). I don't know what could cause this in one USB port and not the other, but I?ll leave that to the two star Apple Genius?s (second level support). From now on, I am using the port that works.

Read the details of my test results here

First 'vishing' attack surfaces

excerpts from John E. Dunn, TechWorld, 07/12/06

Secure Computing has reported an ingenious new type of phishing scam that uses VoIP telephony to entrap its victims.

Dubbed "vishing", the fraud involves a randomly dialled user being phoned by an automated system and told that their credit card has been used illegally.

They are then asked to dial a fake 1-800 telephone number, which accesses a system requesting they confirm their account details and credit card number. Armed with this information, criminals then empty the victim?s account by buying products and services on the card.

Because the scam is carried out offline, it represents a form of social engineering that no computer security system can stop. Once a credit card customer has fallen for the story - and it is quite possible that the average account holder will be less suspicious of phone contact than they would be of the same message received via e-mail - they are heading for an empty account.

VoIP attacks

Here is an exerpt from a great article on VoIP security.

VoIP is here to stay. In fact many incumbent telecommunication carriers have started offering VoIP service for sometime and several new VoIP service providers have emerged. Aside from issues such as quality of service, the aspect of security, or lack thereof, is misunderstood by some of the VoIP service providers.

This purpose of this article is to discuss two of the most well known attacks that can be carried out in current VoIP deployments. The first attack demonstrates the ability to hijack a user's VoIP Subscription and subsequent communications. The second attack looks at the ability to eavesdrop in to VoIP communications. Although VoIP is implemented using various signaling protocols, this article focuses on attacks associated with the SIP (Session Initiation Protocol), an IETF standard (RFC 3261). The two attacks, among others such as DoS, have been discussed in various research papers but they haven't been acknowledged publicly as active attacks.