Bill Michaelson wrote: > Alex Balashov wrote: >> Steve Totaro wrote: >> >> >>> This make more sense: >>> Open WiFi AP (or cracked WEP) ----> hacked Asterisk box (who sets the >>> CID/ANI ----> Telco ------> terminated to the PSTN >>> >> >> Well, sure, but you can do far worse things than spoof ANI/CID with that >> kind of mischief. The sort of things generated in the scenario you >> described are hard to track down whether they're telephony-related or not. >> >> > Precisely right, and in the general case, it seems that the essential > problem is the lack of general awareness that certain forms of > identification are unreliable. Thus the perceived need to clear the > innocent. And also, perhaps, the reason for excessive apathy about > the (general) problem in many corners. > > Referring back to my earlier suggestion about public key > authentication, a more widespread appreciation and understanding of > it's applicability in various realms would go a long way toward > helping solve many problems ranging from spam and phishing to stuff > like this. It's a mind-share/social problem. There is nothing > inherently wrong with spoofing; the problems arise when the receiver > is unduly deceived. >
I motion that this thread be moved to the Asterisk Users (already copied to Users List) For those that do not subscribe to the Biz list, this thread may be interesting to you. http://lists.digium.com/pipermail/asterisk-biz/2008-May/subject.html I am done giving examples of what could be done as far as current exploits. The purpose was to clue some people into what can actually be done that could cause *real harm*. I would like to see what Bill and others can offer as solutions. This particular issue could result in many forms of real harm and is worth more discussion. *Maybe the "Asterisk Community" can do more than talk about Asterisk. We are numerous, smart, and many are influential or have influential contacts.* Thanks, Steve Totaro _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
