[Asterisk-Users] VoIP hackers gut Caller ID

Stuart Baggs stuartbaggs at t-hosting.biz
Thu Jul 8 05:32:53 MST 2004


It is imperative that the ability to set caller ID's is kept as we need this
in everyday business.

stuart
----- Original Message -----
From: "Brian Cuthie" <brian at systemix.com>
To: <asterisk-users at lists.digium.com>
Sent: Thursday, July 08, 2004 1:28 PM
Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID


>
> The real problem here is that people shouldn't be using callerid as an
> authentication scheme. Lots of people have had the ability to set
> arbitrary clid for years and yet banks and other institutions have
> stupidly used it to authenticate callers. Complaints should be directed
> to them and not the VoIP industry.
>
> -brian
>
>
> Alex wrote:
>
> >Here is what you can possibly do:
> > - Steal calling cards if they are useing caller id authentication
> >scheme
> > - Get access to personal banking information (Citibank uses callerid
> >as part of authentication process.)
> > - Purchase goods and services backed up by calling verification.
> >
> >I can go on and on for hours. Main point of story that s@#t will hit the
fan
> >and VOIP will be regulated badly. Especially if some known terrorist will
> >confess about using Vonage in Afaganistan.....or some of drug
dealers/weapon
> >traders will be cought .....
> >
> >Bug generraly author of that article is an idiot. He does not understand
the
> >difference beteween VOIP and ISDN PRI.
> >
> >
> >-----Original Message-----
> >From: asterisk-users-admin at lists.digium.com
> >[mailto:asterisk-users-admin at lists.digium.com] On Behalf Of listas iPfone
> >Sent: Wednesday, July 07, 2004 6:26 PM
> >To: asterisk-users at lists.digium.com
> >Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID
> >
> >This is very interesting...
> >
> >Regulations..USA...
> >
> >But... what can i do faking a caller id? stolen what? what is the point?
> >
> >miklos
> >
> >----- Original Message -----
> >From: "Steve Totaro" <asterisk at totarotechnologies.com>
> >To: <asterisk-users at lists.digium.com>
> >Sent: Wednesday, July 07, 2004 12:56 PM
> >Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID
> >
> >
> >
> >
> >>why regulate?  nobody regulates the return address on a letter sent via
> >>USPS.
> >>
> >>
> >>----- Original Message -----
> >>From: "Kevin Walsh" <kevin at cursor.biz>
> >>To: <asterisk-users at lists.digium.com>
> >>Sent: Wednesday, July 07, 2004 10:00 AM
> >>Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID
> >>
> >>
> >>
> >>
> >>>Adam Hart [adam at teragen.com.au] wrote:
> >>>
> >>>
> >>>>Chris Foster wrote:
> >>>>
> >>>>
> >>>>>The Register is carrying a article written by Kevin Poulsen of
> >>>>>Securtiy Focus, calling asterisk  "..the most powerful tool for
> >>>>>manipulating and accessing CPN data.."
> >>>>>
> >>>>>I hope NuFone doesn't drop asterisk-set-able callerid's after this
> >>>>>article; i've been wanting that feature from voicepluse for a long
> >>>>>time.
> >>>>>
> >>>>>
> >>>>>
> >>>>These kind of things will be reason (excuse) for Voip to be regulated
> >>>>
> >>>>
> >>>>
> >>>Perhaps service providers who allow the Caller*ID to be set should
> >>>insist that customers provide evidence that they own the phone numbers
> >>>that they want to publish, and then limit the customers' choices to
> >>>only the numbers in their approved list.  Calling the customer on the
> >>>provided number(s) would be an easy way to check, and a setup fee
> >>>could be levied to cover the provider's time and expenses, if required.
> >>>
> >>>Being able to discover a "blocked" Caller*ID is another matter.  Both
> >>>are good areas for regulation.
> >>>
> >>>--
> >>>   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
> >>>  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
> >>> _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
> >>>_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/
> >>>
> >>>_______________________________________________
> >>>Asterisk-Users mailing list
> >>>Asterisk-Users at lists.digium.com
> >>>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>To UNSUBSCRIBE or update options visit:
> >>>   http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>
> >>>
> >>>
> >>_______________________________________________
> >>Asterisk-Users mailing list
> >>Asterisk-Users at lists.digium.com
> >>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>To UNSUBSCRIBE or update options visit:
> >>   http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> >>
> >>
> >>
> >_______________________________________________
> >Asterisk-Users mailing list
> >Asterisk-Users at lists.digium.com
> >http://lists.digium.com/mailman/listinfo/asterisk-users
> >To UNSUBSCRIBE or update options visit:
> >   http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> >_______________________________________________
> >Asterisk-Users mailing list
> >Asterisk-Users at lists.digium.com
> >http://lists.digium.com/mailman/listinfo/asterisk-users
> >To UNSUBSCRIBE or update options visit:
> >   http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> >
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
>




More information about the asterisk-users mailing list