[asterisk-biz] Vonage 877

[Brian Fertig]

Good lord..  You really could talk for 6 hours about nothing..

--
........::::::::::.........
Brian Fertig
Director of Engineering
Molten, Inc.
Delaware Office
Office 800.418.4380 x 160
Direct 302.338.9601


|-----Original Message-----
|From: asterisk-biz-bounces at lists.digium.com [mailto:asterisk-biz-
|bounces at lists.digium.com] On Behalf Of Trixter aka Bret McDanel
|Sent: Tuesday, May 22, 2007 4:16 PM
|To: andres at telesip.net; Commercial and Business-Oriented Asterisk
|Discussion
|Subject: Re: [asterisk-biz] Vonage 877
|
|On 5/22/07, Andres <andres at telesip.net> wrote:
|> I think a lot of 'funny business' happens in the land of number
|> porting.  Our company is a customer of XO and we in turn have our own
|> customers.  A few weeks ago one of our customers ported a number away
|> from our network (an XO DID), into some other network.  We were
|shocked
|> that this could happen.   We called up XO and demanded an explanation.
|> They dug up the LOA Letter which obviously did not have our signature
|> and all that XO could do was apologize.  They tried to get the number
|> back but it was impossible.  I could not believe this.  It could have
|> been our main sales number or any other critical number.  After this
|> incident, we lost all respect for the number porting process.
|>
|
|if you want to see how to not do porting, in ireland where I currently
|reside, I ported my mobile number from one carrier to another.  The
|proof?  my word that it was my number, they didnt even require me to
|have my handset.  Because its prepaid there is no bill or proof that
|its mine, other than perhaps I have the SIM associated with it.  The
|port happened within an hour.  The only trace that my old phone was
|ported was that its sim was no longer valid for service.
|
|It is my belief that all the documentation required, LOAs etc, arent
|verified very much, and porting is more or less an automatic response,
|unless a carrier gets upset and decides to refuse further ports.
|Customers complain after the fact, but it can be harder to un-port a
|number than it can be to port it away in the first place.
|
|With prepaid accounts, online voip accounts, etc proof can either be
|easily faked (printing out a webpage for example ...) or just not
|verified in the first place.  Going after someone after the fact can
|be just as difficult since there is no physical requirement to be in a
|friendly jurisdiction and damage can be done very quickly.  Think
|about say porting away a credit card customer service tollfree.  If
|there is a terminating POTS or some other way of routing calls to that
|call centre, they could record the calls for processing later, gathing
|infoto commit large scale fraud.  When you call in to your credit card
|company you have to give everything required to authenticate yourself
|to the company, which would not be in the hands of fraudsters.
|
|I think the eavesdropping attack is far more likely than taking a
|competitors number and routing it to your call centre, and proceeding
|as if the customer really called you.
|
|Mischief makers could just route the numbers around like that to cause
|havok and none of the parties that got their 'lines crossed' have any
|knowledge or understanding as to what happened, but who would believe
|that?
|
|The system is weak, although its hard to do anything better and still
|provide some level of security.  The best that could possibly happen
|would be to have something by physical mail be sent but its not hard
|to play games with that and still obfuscate the identity of the person
|even though you know the address the request was sent to.  It would
|also cause a delay that many would find unacceptable since it seems
|that many want to port same day and not wait upto 3 weeks for the
|mail.
|
|Online faxing, VoIP, and remailing services all provide someone in
|potentially a foreign country to look like they are within the same
|country, and fool most due diligence procedures.
|
|--
|Trixter http://www.0xdecafbad.com     Bret McDanel
|Belfast +44 28 9099 6461        US +1 516 687 5200
|http://www.trxtel.com the VoIP provider that pays you!
|_______________________________________________
|--Bandwidth and Colocation provided by Easynews.com --
|
|asterisk-biz mailing list
|To UNSUBSCRIBE or update options visit:
|   http://lists.digium.com/mailman/listinfo/asterisk-biz