Re: [Full-disclosure] Truths in Truth in Caller ID Act
The biggest part of this legislation is the fact it was never officially illegal to spoof your caller-ID information before. Now that it's illegal, you can be charged with it and that point of inquiry can then trigger any number of events to determine the depths of your criminality (is that a word?). Just a case of closing the loopholes that are/were used/exploited to perform further malfeasance on unsuspecting victims. Like Valdis noted: Capone was put away for tax evasion not violent crime. We're going to be seeing another similar law coming down the river soon regarding pretexting. Pretexting had not been defined as being illegal as of yet but here, post-HP, it will soon be. Thanks, Brandon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, October 01, 2006 8:53 PM To: J. Oquendo Cc: full-disclosure Subject: Re: [Full-disclosure] Truths in Truth in Caller ID Act On Sun, 01 Oct 2006 13:41:56 CDT, J. Oquendo said: It shall be unlawful for any person within the United States, in connection with any telecommunications service or VOIP service... 1) Teleco/VoIP service is out of bounds here. 2) The User who initiated the command is logged from an address somewhere over the rainbow (Tor+Privoxy). 3) within the United States which? The person, or the telco/VoIP provider? Does it have to be both - person and provider. Sounds broad to me. No, you're intentionally reading it other than what the legal guys will do. The prosecutor can charge *each and every person involved* who is both a) within the US and b) took an identifiable action which lead to the event. The person who made the request obviously took an action that lead to the event, and if they're inside the US, they may have a problem. The provider took an action (by providing the service) and if they're inside the US, they may want to find a lawyer that can create a good theory of why they aren't culpable as well. 2) Me being the provider, I didn't initiate the spoof, I provided a service. Should I be held accountable for upholding the right to privacy? You took an action which caused the forged caller ID to be sent. Better hope that the Congressman doesn't have friends over at Dept of Justice who can make your life miserable. Also, please note that you're arguing the wrong right - the right to privacy would be applicable if you were trying to protect the person from a Congressman who was trying to prove the person slept with a political rival or similar. What you *wanted* to be supporting was the First Amendment right to anonymous free speech. Let's take the case of someone blowing the whistle on government corruption. History has shown their life will be ruined. Sucks to be a whistleblower. This message is intended only for the person(s) to which it is addressed and may contain privileged, confidential and/or insider information. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Any disclosure, copying, distribution, or the taking of any action concerning the contents of this message and any attachment(s) by anyone other than the named recipient(s) is strictly prohibited. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Truths in Truth in Caller ID Act
On Mon, 2 Oct 2006, Nancy Kramer wrote: You are 100 percent right about the US government. The US Constitution may protect US citizens from the government but nothing will protect them from the big telecom companies who will own them and their data unless we enact a new neutrality law in the US. Regards, Nancy Kramer Yes. And we know the exact phrasing of the law: require common carriage on fast telecommunications, just as we require it on slow telecommunications. The issue is wiretapping, and interference with private and public communications. oo--JS. Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 04:48 PM 10/1/2006, Joe Barr wrote: On Sun, 2006-10-01 at 12:28 -0500, J. Oquendo wrote: So the United States government wants to pass the Truth in Caller ID act. Humorously it will do little do deter criminals from spoofing their caller ID and scamming innocent victims. Here is the rule/law followed by why it will fail: The U.S. government will do its duty, that is to say, they will lick the ass of the telecommunications industry lobbyists and do whatever they damn well say. -- It's a strange world when proprietary software is not worth stealing, but free software is. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.407 / Virus Database: 268.12.10/459 - Release Date: 9/29/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.407 / Virus Database: 268.12.12/461 - Release Date: 10/2/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Truths in Truth in Caller ID Act
You are 100 percent right about the US government. The US Constitution may protect US citizens from the government but nothing will protect them from the big telecom companies who will own them and their data unless we enact a new neutrality law in the US. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 04:48 PM 10/1/2006, Joe Barr wrote: On Sun, 2006-10-01 at 12:28 -0500, J. Oquendo wrote: So the United States government wants to pass the Truth in Caller ID act. Humorously it will do little do deter criminals from spoofing their caller ID and scamming innocent victims. Here is the rule/law followed by why it will fail: The U.S. government will do its duty, that is to say, they will lick the ass of the telecommunications industry lobbyists and do whatever they damn well say. -- It's a strange world when proprietary software is not worth stealing, but free software is. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.407 / Virus Database: 268.12.10/459 - Release Date: 9/29/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.407 / Virus Database: 268.12.12/461 - Release Date: 10/2/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Truths in Truth in Caller ID Act
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Nancy! On Mon, 2 Oct 2006, Nancy Kramer wrote: the big telecom companies who will own them and their data unless we enact a new neutrality law in the US. Yeah, but guess who wrote the net neutrality laws being vaoted on now? RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFFIcb68KZibdeR3qURAt21AKDYnZbDwH48cLuf8sGOrHyzxhXVIACgoCUY Z61iwKwZkShAyBJrIu66BuY= =NGtb -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Truths in Truth in Caller ID Act
I know it was the big telecoms. Been working for Net Neutrality to preserve it. Think they should just crap their telecom reform bill. Only helps the big telecoms. Do you know they want to do deep packet inspection on every packet to prioritize them. Going to be a huge security hole. I am neither a network engineer nor security engineer but deep packet inspection scares the crap out of me. Congress is clueless. They just want the campaign contributions of the big telecoms. I consider them owned by the telecoms in the hacker sense of owned. I am already seeing peering issues as the ISPs start to play with the new toys ie new Cisco Routers. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 10:12 PM 10/2/2006, Gary E. Miller wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Nancy! On Mon, 2 Oct 2006, Nancy Kramer wrote: the big telecom companies who will own them and their data unless we enact a new neutrality law in the US. Yeah, but guess who wrote the net neutrality laws being vaoted on now? RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFFIcb68KZibdeR3qURAt21AKDYnZbDwH48cLuf8sGOrHyzxhXVIACgoCUY Z61iwKwZkShAyBJrIu66BuY= =NGtb -END PGP SIGNATURE- -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.407 / Virus Database: 268.12.12/461 - Release Date: 10/2/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.407 / Virus Database: 268.12.12/461 - Release Date: 10/2/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Truths in Truth in Caller ID Act
So the United States government wants to pass the Truth in Caller ID act. Humorously it will do little do deter criminals from spoofing their caller ID and scamming innocent victims. Here is the rule/law followed by why it will fail: It shall be unlawful for any person within the United States, in connection with any telecommunications service or VOIP service, to cause any caller identification service to transmit misleading or inaccurate caller identification information, with the intent to defraud or cause harm. Re-read it a few times and let some common sense kick in. unlawful for any person within the United States, in connection with any telecommunications service or VOIP service, to cause any caller identification service to transmit misleading or inaccurate caller identification information What in this bill exactly deters someone from abroad to continue their activities? Firstly they're not bound by U.S. laws, secondly if their servers are abroad those servers are in their lawful means to do what is legally appropriate for their location. Now argumentatively how will the United States seek to prosecute say a telemarketer from using a service abroad to traverse back into the U.S.? Let's re-read the letter of the law again shall we? unlawful for any person within the United States, etc., etc., to cause any caller identification, etc., etc. So how does caller ID change, is it cause by the telemarketer, the server sending out the caller ID information, or the provider of that server. Obviously the telemarketer led the server to change the information, but ultimately the provider dished out the number, hence the provider being the true culprit. The more I read about this law/rule/prohibition, the more I scratch my head at it. So let's now see how the government intends on tracking someone shall we? CallerIDBusterFoobar.com is a server located in Moscow. They're hosted there, their provider is their, their uplink is in Russia, etc. Joe Smith is a scumbag thief interested in stealing the credit card information of a few good men. He lives in Boondock Arizona and spends much too much time thinking up scams. He signs up for an account at CallerIDBusterFoobar.com, assigns 800-DISCOVER as his caller ID and proceeds to scam countless people out of their information. With this information he sets up fradulent drops and pickups somewhere in Moldovia. How will U.S. authorities track him down? They won't. They don't have access to the servers in Russia for starters, secondly how many people are reporting these crimes. Alright, let's be fair for a moment, someone at Discover discovers that the call actually originated from Russia. So what? Unless the foreign country is cooperating with U.S. authorities, there is little the United States government with all their so called legislation would be able to do. Now let's take it a step further, Joe Smith decided to use Privoxy with a WiFi phone from an open network. He managed to steal a VoIP account while scanning a class A for port 5060 and leveraged someone's information. He always has used Tor and Privoxy on his personal distro of Linux on a CD so he knows that there will be no residue from his crimes due to him using this CD on this machine so he is scott free technologically. How does the United States intend on stopping him again? I get it now, since the United States government in all of their mighty wisdom is passing this bill it is only obvious that criminals are going to respect U.S. laws, I mean after all those in government follow their own laws so why shouldn't a criminal. Comments, criticism? -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x1383A743 sil infiltrated . net http://www.infiltrated.net How a man plays the game shows something of his character - how he loses shows all - Mr. Luckey ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Truths in Truth in Caller ID Act
[EMAIL PROTECTED] wrote: You mis-read the legalese. It shall be unlawful for any person within the United States Define within the United States. The person, the server, the provider or all three. I don't believe it's misread it's to the letter of the law. So again step by step... It shall be unlawful for any person within the United States, in connection with any telecommunications service or VOIP service... 1) Teleco/VoIP service is out of bounds here. 2) The User who initiated the command is logged from an address somewhere over the rainbow (Tor+Privoxy). 3) within the United States which? The person, or the telco/VoIP provider? Does it have to be both - person and provider. Sounds broad to me. Can't be single sided here. So I decide to offer a service to say rape victims who want to remain anonymous, a victim decides to use Jane Smith 2035551212, she is calling from say the British Virgin Islands where she was raped by a congressman. She doesn't want her identity known, but would like counseling over the phone. 1) She is in the British Virgin Islands so technically she is not breaking the law. 2) Me being the provider, I didn't initiate the spoof, I provided a service. Should I be held accountable for upholding the right to privacy? 3) Sure caller ID blocking could have been used, it still could be traced. Let's take the case of someone blowing the whistle on government corruption. History has shown their life will be ruined. This is a great avenue worry free to make a report yet at the same time if I decided to set my caller ID as that of the White House, I'm sure I can con a reporter to report something bogus. Dual edged sword. What will be next outlawing telco service unless it passes through DCS100 along with a photo and fingerprint at Fort Meade. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x1383A743 sil infiltrated . net http://www.infiltrated.net How a man plays the game shows something of his character - how he loses shows all - Mr. Luckey ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Truths in Truth in Caller ID Act
On Sun, 01 Oct 2006 12:28:41 CDT, J. Oquendo said: Now argumentatively how will the United States seek to prosecute say a telemarketer from using a service abroad to traverse back into the U.S.? Let's re-read the letter of the law again shall we? unlawful for any person within the United States, etc., etc., to cause any caller identification, etc., etc. So how does caller ID change, is it cause by the telemarketer, the server sending out the caller ID information, or the provider of that server. Obviously the telemarketer led the server to change the information, but ultimately the provider dished out the number, hence the provider being the true culprit. You mis-read the legalese. unlawful for any person... to cause.. is the important text here. That means If you did something that as an end result made it happen, you're in trouble. If you're in Pensacola, Florida, and issued a command that led to a server in Moscow, Russia generating a bogus caller-ID, then you caused it to happen, and it doesn't matter where/how it *actually* goes down. How will U.S. authorities track him down? They won't. In general, these things usually succumb to a follow the money investigation. If the fraudster in Pensacola collected any money, he can be tracked down that way. Also, the intent here isn't to give the LEOs new ways to track down the crooks, it's giving them new ways to *lock them up*. Let's say they do their follow the money thing, and they *know* that Joe Foobar did it. However, some of their evidence and methods are a bit... ummm unconventional, and likely to not hold up if it goes to a jury trial, after all the motions to suppress evidence and so on. However, they *do* have rock-solid proof that Foobar did in fact forge caller-IDs as part of the scam. So you send him up the river for 3 to 5 on 23 counts of forged caller-ID. Remember - Al Capone never got convicted of any of the evil things everybody knows he did. He ended up in the slammer for income tax evasion pgpYEUzZw9qM9.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Truths in Truth in Caller ID Act
On Sun, 2006-10-01 at 12:28 -0500, J. Oquendo wrote: So the United States government wants to pass the Truth in Caller ID act. Humorously it will do little do deter criminals from spoofing their caller ID and scamming innocent victims. Here is the rule/law followed by why it will fail: The U.S. government will do its duty, that is to say, they will lick the ass of the telecommunications industry lobbyists and do whatever they damn well say. -- It's a strange world when proprietary software is not worth stealing, but free software is. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/