[asterisk-users] Suing Dell||Dull Computers for CID abuse
Reposted to this list: (http://lists.virus.org/voipsec-0610/msg00046.html) That's exactly the type of thing that needs to be stopped. If Dell outsourcing calls me from India, the CLI must be their number in India not a faked-in number of some office in the US. That to me is exactly the purpose of this proposed law. It is equivalent to the law regarding FAX calls that has been around for a long time. Here is the single biggest issue facing anything anyone on this list can speak about: Validation. Let's be realistic here using (again) Dell. We know based on someone's accent and lack of proper use of grammar, they are not speaking to us from a location in the USA. How can we validate that such instance is illegal. It would be hearsay because all we have is a notion without factual evidence. So how does anyone propose addressing a situation such as this. It's not like there is a reverse-ip-to-DID lookup from switch to switch implementation going on. Even if someone were insane enough to attempt to engineer a feat such as that, what would happen when numbers get ported. It would be an engineering nightmare. So how would one propose a fix for validating the origination of a number. All I can see happening is stronger and more ingenious methods someone would find to circumvent that NEW fix. Lose lose situation if you ask me. Well, millions of people subscribe to CLI and use it to decide whether or not to answer the phone, and to block calls that do not provide CLI. I would say that it is a valuable use to a lot of people. That purpose doesn't require 100% validation. What happens when CLI is meaningless to the majority. To me, CLI has been semi meaningless. While I do use it to sift through calls I want to pick up or not, I don't use it as a source of validation. Maybe its based on what I know and have seen. Slowly, many of my non technical friends sometimes refuse to answer the phone because the CLI is false, and my non technical friends know this based on answering calls from non working 800 numbers. This signifies to me that there are others aware of the current situation regarding bogus CLI. It also signifies to me that slowly others aren't taking CLI so serious anymore. And when I say others, I'm meaning other people outside of the networking, security, technology field. Think about it, farmer John who is 50 a computerphobe who knows that caller ID can't be trusted. That says something to me. Because it *IS* coming from the VoIP end of things, its sad, but because of the logic (the hard coded, stone cold logic) of networks, people, etc., a law won't prevent this by any means. In addition, many 800 number subscribers use the CLI to fetch the calling customer's account information so that it is ready when a person answers to handle the call. That doesn't need 100% validation. This is one of the dangers I am speaking of regarding security. Let's take this situation right now, supposing I dislike you and have enough information about you. I set out to make life disruptive for you so I change my CLI to your phone number. First I want to call the bank (with your information) hopefully I can get someone insane enough to use caller ID as a source of information. Then, I decide to call the credit card companies in hopes they're going to bring up your information based on caller ID, and the scenario goes on and on. Should a company make a decision based on caller ID? Would you irrate by their actions? I know I would. All of these uses would become useless if a large percentages of the calls had invalid CLI. Thus the need for the law and for techincal means to prevent spoofing. Any law you can dish out will be worthless. Why? Because of the fact that other countries aren't bound by US rules. So you pass a law in the US and force (dis)organized criminals to act from abroad. Here is the hair that will break the camel's back: Russian (dis)organized crime figures break into VoIP services in the US and spoof CLI information. Honest law abiding companies will have to pay for their actions via suits and breaking the law since they passed off incorrect CLI information. Is this fair? What about overseas companies passing off bogus information, what mechanisms exist for checking the validity of where the call is coming from? E.g.: Russian-VoIP-ISP.com is a known VoIP despot who routes calls through some point to point in the US. That point to point routes it through Level3 down the chain, there is no mechanism I know of that can do reverse checking to validate that this number is coming from a legitimate source. Is this Level3's fault? Even if there were a mechanism in place, what happens on a failure when a provider has to route calls through another junction point? I presume from your comment that you, like others in the Internet/VoIP arena I have corresponded with, believe that the PSTN did everything wrong and that VoIP is doing everything correctly. I don't think the PSTN did
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
. . . We let you win, you were terrorists and England's never been good at fighting terrorists. Now you're having the same problem !!! One is stuck by the semi-irony. Those who do not learn from History are doomed to repeat it. However, the current unpleasantness has dis-similar roots. Tho one could say it is the dark heart of Man at the core of it all. . . . Oh, so anyway, who was guy Eng you named the country after? And who was America named after ? Steve An Italian explorer called Amerigo Vespucci, I believe. (look it up) joea ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
On 7/3/07, Joe acquisto [EMAIL PROTECTED] wrote: Contrary to the opinions of Anglo-Philes, we, here in the Colonies, speak American, not English. In some places, 'Murican. We get to do that, because, back in the late 1700's . . . we won. It is only referred to as English out of a sense of compassion. Oh, so anyway, who was guy Eng you named the country after? joe a. ANd here I thought we spoke Spanish, because where I'm from, you better or else you won't be able to talk to any of the contractors that show up at your house or business (plumbers, electricians, cable installers, etc.) nor the people at the grocery stores, restaurants, just about anyone. The official language around here is Spanish. They just, for some reason, haven't passed the law yet. ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
On Wed, Jul 04, 2007 at 08:06:49AM -0500, Lacy Moore - Aspendora wrote: On 7/3/07, Joe acquisto [EMAIL PROTECTED] wrote: Contrary to the opinions of Anglo-Philes, we, here in the Colonies, speak American, not English. In some places, 'Murican. Merkins speaking Murican ... We get to do that, because, back in the late 1700's . . . we won. We let you win, you were terrorists and England's never been good at fighting terrorists. Now you're having the same problem !!! It is only referred to as English out of a sense of compassion. American English ... Oh, so anyway, who was guy Eng you named the country after? And who was America named after ? Steve -- NetTek Ltd UK mob +44-(0)7775 755503 UK +44-(0)20 79932612 / US +1-(310)8577715 / Fax +44-(0)20 7483 2455 Skype/GoogleTalk/AIM/Gizmo/Mac stevekennedyuk / MSN [EMAIL PROTECTED] Euro Tech News Blog http://eurotechnews.blogspot.com ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
On Jul 4, 2007, at 9:59 AM, Steve Kennedy wrote: Oh, so anyway, who was guy Eng you named the country after? And who was America named after ? Amerigo Vespucci -chris www.mythtech.net ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
Being Independence Day and all Oh, so anyway, who was guy Eng you named the country after? And who was America named after ? Steve The name was derived from the Latinized http://en.wikipedia.org/wiki/Latinversion of the explorer Amerigo Vespucci http://en.wikipedia.org/wiki/Amerigo_Vespucci's name, *Americus Vespucius*, in its feminine form, *America*, as the other continents all have Latin feminine names. Wikipedia and a memory for things historical. Have a good 4th. Bruce Reeves Nortex Networks ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
In fact it is nearly the same thing with the English who come from a group of germanic speaking group the Angles... So it is not Eng but Angles (like in geometry) ... you can see http://en.wikipedia.org/wiki/Angles 2007/7/4, Bruce Reeves [EMAIL PROTECTED]: Being Independence Day and all Oh, so anyway, who was guy Eng you named the country after? And who was America named after ? Steve The name was derived from the Latinizedhttp://en.wikipedia.org/wiki/Latinversion of the explorer Amerigo Vespucci http://en.wikipedia.org/wiki/Amerigo_Vespucci's name, *Americus Vespucius*, in its feminine form, *America*, as the other continents all have Latin feminine names. Wikipedia and a memory for things historical. Have a good 4th. Bruce Reeves Nortex Networks ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
Steve Kennedy wrote: On Wed, Jul 04, 2007 at 08:06:49AM -0500, Lacy Moore - Aspendora wrote: On 7/3/07, Joe acquisto [EMAIL PROTECTED] wrote: Contrary to the opinions of Anglo-Philes, we, here in the Colonies, speak American, not English. In some places, 'Murican. Merkins speaking Murican ... merkin - n. A pubic wig for women (http://www.yourdictionary.com/ahd/m/m0230750.html) -- Drew Gibson Systems Administrator OANDA Corporation www.oanda.com ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
Mark Phillips wrote: Damn!!! Beat me to it ;-} As an Englishman now living in New Jersey (strangely nowhere near an exit) I have to say that the local idiom and accent leaves a significant amount to be desired. Terms like New Joisey, Shuwa ,wadder, badderies, congradulations etc make me wonder if I'm in an English speaking country at all. I've heard better English spoken in Nigeria. And I've heard unintelligible English in parts of England. -Stephen- ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
Andrew Kohlsmith wrote: On Tuesday 03 July 2007 9:47 pm, Joe acquisto wrote: We get to do that, because, back in the late 1700's . . . we won. Hey man, I'm Canadian... We've got our own set of funny accents, and don't get us started on the Quebecois. Not even the Parisians can understand THEM! :-) Parisians only PRETEND not to understand them. French is French, even in Québec. You might be referring to joual, which is a street dialect. And France has its share of regional dialects unintelligible to the Parisians. I suspect the Parisian ignorance is feigned; a bit of snobbery vis-à-vis the colonies. -Stephen- ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
On 7/3/07, J. Oquendo [EMAIL PROTECTED] wrote: Reposted to this list: (http://lists.virus.org/voipsec-0610/msg00046.html) That's exactly the type of thing that needs to be stopped. If Dell outsourcing calls me from India, the CLI must be their number in India not a faked-in number of some office in the US. That to me is exactly the purpose of this proposed law. It is equivalent to the law regarding FAX calls that has been around for a long time. Here is the single biggest issue facing anything anyone on this list can speak about: Validation. Let's be realistic here using (again) Dell. We know based on someone's accent and lack of proper use of grammar, they are not speaking to us from a location in the USA. How can we validate that such instance is illegal. It would be hearsay because all we have is a notion without factual evidence. So how does anyone propose addressing a situation such as this. If Dell owns the number, it's not spoofing. Point-to-point T1s and such have been allowing companies to use toll bypass for years. VoIP just makes it easier and cheaper. Now, if someone pretends to be Dell in order to sell you Dekk computers, then that's fraud, spoofing, etc. This is one of the dangers I am speaking of regarding security. Let's take this situation right now, supposing I dislike you and have enough information about you. I set out to make life disruptive for you so I change my CLI to your phone number. First I want to call the bank (with your information) hopefully I can get someone insane enough to use caller ID as a source of information. Then, I decide to call the credit card companies in hopes they're going to bring up your information based on caller ID, and the scenario goes on and on. Should a company make a decision based on caller ID? Would you irrate by their actions? I know I would. We are already protected by fraud from everything you mentioned by other laws. And yet it still happens. So, what purpose will another law serve? I presume from your comment that you, like others in the Internet/VoIP arena I have corresponded with, believe that the PSTN did everything wrong and that VoIP is doing everything correctly. I don't think the PSTN did anything worse or better than VoIP, in fact I would prefer to rely on the PSTN than VoIP for certain reasons. 1) With the PSTN, any utility company, emergency service company knows with 100% accuracy that a copper line with the number 12035551212 is coming from 1 Main Street, New Haven as opposed to VoIP's 12035551212 being registered via some pre-filled out form, stating at the point in time that the form was submitted, it was at 1 Main Street however, it truly might not be at that location anymore. Someone may have moved their ATA or server. And yet, the Bells sometimes got the address wrong. And when a PRI got moved for a company I did work with, their local carrier failed to update the address in the 911 database. So, it can be screwed up, no matter what technology is used. Look, we can spoof CID through our PRI. So what? We've been able to do it for years. Have we? No, we have no need to. I'm sick and tired of all these news stories about how people can suddenly spoof CID. It's been going on for years. And anyone who gives out personal information when receiving a phone call deserves whatever happens to them. When I got a call from my CC fraud department, I simply asked for a reference number, and said that I'd call back on the number on the back of my card. Turns out it was legit, but it only took me an extra ~30 seconds to be sure. As for things VoIP has done better? The only thing that comes to me thusfar is saved someone money. Anyhow, I think this was a pretty good discussion on the topic, but bottom line if you ask me, Truth in Caller ID does nothing more than give a politician something to boast about during election time. Nothing more. Hear hear! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
Keep in mind that this law is proposed by the Senator who thinks the Internet is a series of interconnected tubes which can get clogged. What did you expect? ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
On 7/3/07, mlists [EMAIL PROTECTED] wrote: Keep in mind that this law is proposed by the Senator who thinks the Internet is a series of interconnected tubes which can get clogged. ommm, isn't that conceptually what a DoS attack is? ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
On Tuesday 03 July 2007 7:20 am, J. Oquendo wrote: (again) Dell. We know based on someone's accent and lack of proper use of grammar, they are not speaking to us from a location in the USA. How can we validate that such instance is illegal. It You obviously have not been around any city centre in North America if you believe that to be true. :-) -A. ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
Damn!!! Beat me to it ;-} As an Englishman now living in New Jersey (strangely nowhere near an exit) I have to say that the local idiom and accent leaves a significant amount to be desired. Terms like New Joisey, Shuwa ,wadder, badderies, congradulations etc make me wonder if I'm in an English speaking country at all. I've heard better English spoken in Nigeria. Mark On Tue, 2007-07-03 at 17:07 -0400, Andrew Kohlsmith wrote: On Tuesday 03 July 2007 7:20 am, J. Oquendo wrote: (again) Dell. We know based on someone's accent and lack of proper use of grammar, they are not speaking to us from a location in the USA. How can we validate that such instance is illegal. It You obviously have not been around any city centre in North America if you believe that to be true. :-) -A. ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
Contrary to the opinions of Anglo-Philes, we, here in the Colonies, speak American, not English. In some places, 'Murican. We get to do that, because, back in the late 1700's . . . we won. It is only referred to as English out of a sense of compassion. Oh, so anyway, who was guy Eng you named the country after? joe a. On 7/3/2007 at 6:13 PM, Mark Phillips [EMAIL PROTECTED] wrote: Damn!!! Beat me to it ;-} As an Englishman now living in New Jersey (strangely nowhere near an exit) I have to say that the local idiom and accent leaves a significant amount to be desired. Terms like New Joisey, Shuwa ,wadder, badderies, congradulations etc make me wonder if I'm in an English speaking country at all. I've heard better English spoken in Nigeria. Mark On Tue, 2007-07-03 at 17:07 -0400, Andrew Kohlsmith wrote: On Tuesday 03 July 2007 7:20 am, J. Oquendo wrote: (again) Dell. We know based on someone's accent and lack of proper use of grammar, they are not speaking to us from a location in the USA. How can we validate that such instance is illegal. It You obviously have not been around any city centre in North America if you believe that to be true. :-) -A. ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Suing Dell||Dull Computers for CID abuse
On Tuesday 03 July 2007 9:47 pm, Joe acquisto wrote: We get to do that, because, back in the late 1700's . . . we won. Hey man, I'm Canadian... We've got our own set of funny accents, and don't get us started on the Quebecois. Not even the Parisians can understand THEM! :-) -A. ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users