On 7/3/07, <b class="gmail_sendername">J. Oquendo</b> <<a href="mailto:sil@infiltrated.net">sil@infiltrated.net</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Reposted to this list: (<a href="http://lists.virus.org/voipsec-0610/msg00046.html">http://lists.virus.org/voipsec-0610/msg00046.html</a>)<br><br><br> > That's exactly the type of thing that needs to be stopped. If Dell
<br>outsourcing calls me from India, the CLI must be their number in India<br>not a faked-in number of some office in the US. That to me is exactly<br>the purpose of this proposed law. It is equivalent to the law regarding
<br>FAX calls that has been around for a long time.<br> ><br><br>Here is the single biggest issue facing anything anyone on this<br>list can speak about: "Validation". Let's be realistic here using<br>(again) Dell. We know based on someone's accent and lack of proper
<br>use of grammar, they are not speaking to us from a location in<br>the USA. How can we "validate" that such instance is illegal. It<br>would be hearsay because all we have is a notion without factual<br>evidence. So how does anyone propose addressing a situation such
<br>as this.</blockquote><div><br>If Dell owns the number, it's not spoofing. Point-to-point T1s and such have been allowing companies to use toll bypass for years. VoIP just makes it easier and cheaper. Now, if someone pretends to be Dell in order to sell you "Dekk" computers, then that's fraud, spoofing, etc.
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>This is one of the dangers I am speaking of regarding security.<br>Let's take this situation right now, supposing I dislike you and
<br>have enough information about you. I set out to make life disruptive<br>for you so I change my CLI to your phone number. First I want to call<br>the bank (with your information) hopefully I can get someone insane<br>enough to use caller ID as a source of information. Then, I decide
<br>to call the credit card companies in hopes they're going to bring up<br>your information based on caller ID, and the scenario goes on and on.<br>Should a company make a decision based on caller ID? Would you<br>irrate by their actions? I know I would.
</blockquote><div><br>We are already protected by fraud from everything you mentioned by other laws. And yet it still happens. So, what purpose will another law serve?<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
> I presume from your comment that you, like others in the<br>Internet/VoIP arena I have corresponded with, believe that the PSTN did<br>everything wrong and that VoIP is doing everything correctly.<br><br>I don't think the PSTN did anything worse or better than VoIP, in
<br>fact I would prefer to rely on the PSTN than VoIP for certain reasons.<br>1) With the PSTN, any utility company, emergency service company knows<br>with 100% accuracy that a copper line with the number 12035551212 is<br>
coming from 1 Main Street, New Haven as opposed to VoIP's 12035551212<br>being registered via some pre-filled out form, stating at the point<br>in time that the form was submitted, it was at 1 Main Street however,<br>
it truly might not be at that location anymore. Someone may have<br>moved their ATA or server.</blockquote><div><br>And yet, the Bells sometimes got the address wrong. And when a PRI got moved for a company I did work with, their local carrier failed to update the address in the 911 database. So, it can be screwed up, no matter what technology is used.
<br><br>Look, we can spoof CID through our PRI. So what? We've been able to do it for years. Have we? No, we have no need to. I'm sick and tired of all these "news" stories about how people can suddenly spoof CID. It's been going on for years. And anyone who gives out personal information when receiving a phone call deserves whatever happens to them. When I got a call from my CC fraud department, I simply asked for a reference number, and said that I'd call back on the number on the back of my card. Turns out it was legit, but it only took me an extra ~30 seconds to be sure.
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">As for things VoIP has done better? The only thing that comes to me<br>thusfar is saved someone money. Anyhow, I think this was a pretty
<br>good discussion on the topic, but bottom line if you ask me, Truth<br>in Caller ID does nothing more than give a politician something to<br>boast about during election time. Nothing more.</blockquote><div><br>Hear hear!
<br></div><br></div><br>