Good lord.. You really could talk for 6 hours about nothing.. -- ........::::::::::......... Brian Fertig Director of Engineering Molten, Inc. Delaware Office Office 800.418.4380 x 160 Direct 302.338.9601
|-----Original Message----- |From: [EMAIL PROTECTED] [mailto:asterisk-biz- |[EMAIL PROTECTED] On Behalf Of Trixter aka Bret McDanel |Sent: Tuesday, May 22, 2007 4:16 PM |To: [EMAIL PROTECTED]; Commercial and Business-Oriented Asterisk |Discussion |Subject: Re: [asterisk-biz] Vonage 877 | |On 5/22/07, Andres <[EMAIL PROTECTED]> wrote: |> I think a lot of 'funny business' happens in the land of number |> porting. Our company is a customer of XO and we in turn have our own |> customers. A few weeks ago one of our customers ported a number away |> from our network (an XO DID), into some other network. We were |shocked |> that this could happen. We called up XO and demanded an explanation. |> They dug up the LOA Letter which obviously did not have our signature |> and all that XO could do was apologize. They tried to get the number |> back but it was impossible. I could not believe this. It could have |> been our main sales number or any other critical number. After this |> incident, we lost all respect for the number porting process. |> | |if you want to see how to not do porting, in ireland where I currently |reside, I ported my mobile number from one carrier to another. The |proof? my word that it was my number, they didnt even require me to |have my handset. Because its prepaid there is no bill or proof that |its mine, other than perhaps I have the SIM associated with it. The |port happened within an hour. The only trace that my old phone was |ported was that its sim was no longer valid for service. | |It is my belief that all the documentation required, LOAs etc, arent |verified very much, and porting is more or less an automatic response, |unless a carrier gets upset and decides to refuse further ports. |Customers complain after the fact, but it can be harder to un-port a |number than it can be to port it away in the first place. | |With prepaid accounts, online voip accounts, etc proof can either be |easily faked (printing out a webpage for example ...) or just not |verified in the first place. Going after someone after the fact can |be just as difficult since there is no physical requirement to be in a |friendly jurisdiction and damage can be done very quickly. Think |about say porting away a credit card customer service tollfree. If |there is a terminating POTS or some other way of routing calls to that |call centre, they could record the calls for processing later, gathing |infoto commit large scale fraud. When you call in to your credit card |company you have to give everything required to authenticate yourself |to the company, which would not be in the hands of fraudsters. | |I think the eavesdropping attack is far more likely than taking a |competitors number and routing it to your call centre, and proceeding |as if the customer really called you. | |Mischief makers could just route the numbers around like that to cause |havok and none of the parties that got their 'lines crossed' have any |knowledge or understanding as to what happened, but who would believe |that? | |The system is weak, although its hard to do anything better and still |provide some level of security. The best that could possibly happen |would be to have something by physical mail be sent but its not hard |to play games with that and still obfuscate the identity of the person |even though you know the address the request was sent to. It would |also cause a delay that many would find unacceptable since it seems |that many want to port same day and not wait upto 3 weeks for the |mail. | |Online faxing, VoIP, and remailing services all provide someone in |potentially a foreign country to look like they are within the same |country, and fool most due diligence procedures. | |-- |Trixter http://www.0xdecafbad.com Bret McDanel |Belfast +44 28 9099 6461 US +1 516 687 5200 |http://www.trxtel.com the VoIP provider that pays you! |_______________________________________________ |--Bandwidth and Colocation provided by Easynews.com -- | |asterisk-biz mailing list |To UNSUBSCRIBE or update options visit: | http://lists.digium.com/mailman/listinfo/asterisk-biz _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
