Please REGISTER or login.
 
VoIP Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read Advertise


VoIP Forum > VoIP Pub > VoIP Articles > VoIP News from Feeds : Digium CTO parses unblocked Caller ID hack

Digium CTO parses unblocked Caller ID hack

Reply
 
LinkBack Thread Tools Display Modes
Old 07-22-2008, 08:41 PM   #1 (permalink)
Senior Member
 
Join Date: Feb 2007
Posts: 144
Feed-Gator is on a distinguished road
Default Digium CTO parses unblocked Caller ID hack
Normally, punching *67 should block Caller ID informationbeing passed through to a receiving caller. But, as security consultant Kevin Mitnick has demonstrated and DigiumCTO Mark Spencer explains, it's not 100 percent foolproof.
At The Last HOPE hacker conference over the weekend, Mitnickdemonstrated how an appropriately configured Asterisk box and a suitable SIPtrunking service can be used to deliver Caller ID information even on inboundcalls that have a "Private" flag set.
"There are legitimate reasons why you need to set the CallerID to normal [and carry that information forward,]" said Digium CTO MarkSpencer. "If, for example, I'm in an enterprise environment and I want to havecalls forwarded [from my office number] to my cell phone, [the PBX] needs thatinformation."
Mitnick used the "enterprise class" VoIP/SIP trunkingprovider FlowRoute to get a phone number (DID) and service that would deliverall of the call information to an Asterisk server. The Asterisk server is simply setup/scriptedto pass along all Caller ID information for inbound calls regardless of thesetting of the privacy flag on the call.
Spencer also noted that Caller ID information is alsocarried along and recorded for "private" calls to toll free numbers; theinformation is necessary for proper billing.
Mark is not happy with the use of Asterisk for questionableuses, but since it is open source, there is little he can do about it. "I hate to say it, but the same reasons whyAsterisk is attractive to a lot of businesses, it's low cost, it can be easilytweaked, it's more flexible, make it easy for using it for an illegitimatepurpose," said Spencer. "It's a very powerful platform. I'm not thrilled aboutit being used for fraud and I'm not thrilled with companies who build productson it in competition with Digium, but there's not a lot I can do about it."
For more:
- Engadget snags Mitnickdemo video from The Last HOPE conference
Related articles:
Last Hope Launches SecuritySeason
VoIP Security and the Circleof Trust


More...
Feed-Gator is offline Submit to Digg Submit to Del.icio.us Submit to Reddit   Reply With Quote
Sponsored Links

Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



  
» Sponsored Links
- Voip Directory
- Cheap micro SD cards
- Mobile Phone memory
- Your Text Link Here

» Sponsors

» Featured Products


Internet Telephony Secrets

New Research Reveals How to Use Voice Over IP, Internet Telephony and Skype™As Affordable But Lethal Marketing Weapons
All times are GMT. The time now is 01:16 PM. Powered by vBulletin Version 3.6.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.1.0

VoiP Community Forum since 2005
Archive - Site Statistics - Google Maps - Top