[Asterisk-Users] VoIP hackers gut Caller ID

Brian Cuthie brian at systemix.com
Thu Jul 8 05:28:47 MST 2004


The real problem here is that people shouldn't be using callerid as an 
authentication scheme. Lots of people have had the ability to set 
arbitrary clid for years and yet banks and other institutions have 
stupidly used it to authenticate callers. Complaints should be directed 
to them and not the VoIP industry.

-brian


Alex wrote:

>Here is what you can possibly do:
>	- Steal calling cards if they are useing caller id authentication
>scheme
>	- Get access to personal banking information (Citibank uses callerid
>as part of authentication process.)
>	- Purchase goods and services backed up by calling verification.
>
>I can go on and on for hours. Main point of story that s@#t will hit the fan
>and VOIP will be regulated badly. Especially if some known terrorist will
>confess about using Vonage in Afaganistan.....or some of drug dealers/weapon
>traders will be cought .....
>
>Bug generraly author of that article is an idiot. He does not understand the
>difference beteween VOIP and ISDN PRI. 
>
>
>-----Original Message-----
>From: asterisk-users-admin at lists.digium.com
>[mailto:asterisk-users-admin at lists.digium.com] On Behalf Of listas iPfone
>Sent: Wednesday, July 07, 2004 6:26 PM
>To: asterisk-users at lists.digium.com
>Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID
>
>This is very interesting...
>
>Regulations..USA...
>
>But... what can i do faking a caller id? stolen what? what is the point? 
>
>miklos
>
>----- Original Message ----- 
>From: "Steve Totaro" <asterisk at totarotechnologies.com>
>To: <asterisk-users at lists.digium.com>
>Sent: Wednesday, July 07, 2004 12:56 PM
>Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID
>
>
>  
>
>>why regulate?  nobody regulates the return address on a letter sent via
>>USPS.
>>
>>
>>----- Original Message ----- 
>>From: "Kevin Walsh" <kevin at cursor.biz>
>>To: <asterisk-users at lists.digium.com>
>>Sent: Wednesday, July 07, 2004 10:00 AM
>>Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID
>>
>>
>>    
>>
>>>Adam Hart [adam at teragen.com.au] wrote:
>>>      
>>>
>>>>Chris Foster wrote:
>>>>        
>>>>
>>>>>The Register is carrying a article written by Kevin Poulsen of
>>>>>Securtiy Focus, calling asterisk  "..the most powerful tool for
>>>>>manipulating and accessing CPN data.."
>>>>>
>>>>>I hope NuFone doesn't drop asterisk-set-able callerid's after this
>>>>>article; i've been wanting that feature from voicepluse for a long
>>>>>time.
>>>>>
>>>>>          
>>>>>
>>>>These kind of things will be reason (excuse) for Voip to be regulated
>>>>
>>>>        
>>>>
>>>Perhaps service providers who allow the Caller*ID to be set should
>>>insist that customers provide evidence that they own the phone numbers
>>>that they want to publish, and then limit the customers' choices to
>>>only the numbers in their approved list.  Calling the customer on the
>>>provided number(s) would be an easy way to check, and a setup fee
>>>could be levied to cover the provider's time and expenses, if required.
>>>
>>>Being able to discover a "blocked" Caller*ID is another matter.  Both
>>>are good areas for regulation.
>>>
>>>-- 
>>>   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
>>>  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
>>> _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
>>>_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/
>>>
>>>_______________________________________________
>>>Asterisk-Users mailing list
>>>Asterisk-Users at lists.digium.com
>>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>>To UNSUBSCRIBE or update options visit:
>>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>>
>>>      
>>>
>>_______________________________________________
>>Asterisk-Users mailing list
>>Asterisk-Users at lists.digium.com
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>
>>    
>>
>_______________________________________________
>Asterisk-Users mailing list
>Asterisk-Users at lists.digium.com
>http://lists.digium.com/mailman/listinfo/asterisk-users
>To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
>_______________________________________________
>Asterisk-Users mailing list
>Asterisk-Users at lists.digium.com
>http://lists.digium.com/mailman/listinfo/asterisk-users
>To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>  
>




More information about the asterisk-users mailing list