[asterisk-users] Suing Dell||Dull Computers for CID abuse

David Gomillion david.gomillion at gmail.com
Tue Jul 3 09:15:00 CDT 2007


On 7/3/07, J. Oquendo <sil at infiltrated.net> wrote:
>
> Reposted to this list: (http://lists.virus.org/voipsec-0610/msg00046.html)
>
>
> > That's exactly the type of thing that needs to be stopped. If Dell
> outsourcing calls me from India, the CLI must be their number in India
> not a faked-in number of some office in the US. That to me is exactly
> the purpose of this proposed law. It is equivalent to the law regarding
> FAX calls that has been around for a long time.
> >
>
> Here is the single biggest issue facing anything anyone on this
> list can speak about: "Validation". Let's be realistic here using
> (again) Dell. We know based on someone's accent and lack of proper
> use of grammar, they are not speaking to us from a location in
> the USA. How can we "validate" that such instance is illegal. It
> would be hearsay because all we have is a notion without factual
> evidence. So how does anyone propose addressing a situation such
> as this.


If Dell owns the number, it's not spoofing. Point-to-point T1s and such have
been allowing companies to use toll bypass for years. VoIP just makes it
easier and cheaper. Now, if someone pretends to be Dell in order to sell you
"Dekk" computers, then that's fraud, spoofing, etc.


> This is one of the dangers I am speaking of regarding security.
> Let's take this situation right now, supposing I dislike you and
> have enough information about you. I set out to make life disruptive
> for you so I change my CLI to your phone number. First I want to call
> the bank (with your information) hopefully I can get someone insane
> enough to use caller ID as a source of information. Then, I decide
> to call the credit card companies in hopes they're going to bring up
> your information based on caller ID, and the scenario goes on and on.
> Should a company make a decision based on caller ID? Would you
> irrate by their actions? I know I would.


We are already protected by fraud from everything you mentioned by other
laws. And yet it still happens. So, what purpose will another law serve?

> I presume from your comment that you, like others in the
> Internet/VoIP arena I have corresponded with, believe that the PSTN did
> everything wrong and that VoIP is doing everything correctly.
>
> I don't think the PSTN did anything worse or better than VoIP, in
> fact I would prefer to rely on the PSTN than VoIP for certain reasons.
> 1) With the PSTN, any utility company, emergency service company knows
> with 100% accuracy that a copper line with the number 12035551212 is
> coming from 1 Main Street, New Haven as opposed to VoIP's 12035551212
> being registered via some pre-filled out form, stating at the point
> in time that the form was submitted, it was at 1 Main Street however,
> it truly might not be at that location anymore. Someone may have
> moved their ATA or server.


And yet, the Bells sometimes got the address wrong. And when a PRI got moved
for a company I did work with, their local carrier failed to update the
address in the 911 database. So, it can be screwed up, no matter what
technology is used.

Look, we can spoof CID through our PRI. So what? We've been able to do it
for years. Have we? No, we have no need to. I'm sick and tired of all these
"news" stories about how people can suddenly spoof CID. It's been going on
for years. And anyone who gives out personal information when receiving a
phone call deserves whatever happens to them. When I got a call from my CC
fraud department, I simply asked for a reference number, and said that I'd
call back on the number on the back of my card. Turns out it was legit, but
it only took me an extra ~30 seconds to be sure.

As for things VoIP has done better? The only thing that comes to me
> thusfar is saved someone money. Anyhow, I think this was a pretty
> good discussion on the topic, but bottom line if you ask me, Truth
> in Caller ID does nothing more than give a politician something to
> boast about during election time. Nothing more.


Hear hear!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20070703/650b95e9/attachment.htm 


More information about the asterisk-users mailing list