Alex Balashov wrote:
Precisely right, and in the general case, it seems that the essential problem is the lack of general awareness that certain forms of identification are unreliable. Thus the perceived need to clear the innocent. And also, perhaps, the reason for excessive apathy about the (general) problem in many corners.Steve Totaro wrote:This make more sense:Open WiFi AP (or cracked WEP) ----> hacked Asterisk box (who sets the CID/ANI ----> Telco ------> terminated to the PSTNWell, sure, but you can do far worse things than spoof ANI/CID with that kind of mischief. The sort of things generated in the scenario you described are hard to track down whether they're telephony-related or not.
Referring back to my earlier suggestion about public key authentication, a more widespread appreciation and understanding of it's applicability in various realms would go a long way toward helping solve many problems ranging from spam and phishing to stuff like this. It's a mind-share/social problem. There is nothing inherently wrong with spoofing; the problems arise when the receiver is unduly deceived.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
