Prev-20 Home Next-20 8 msg Understanding Asterisk 1 msg Re: [asterisk-dev] UWB Codec / Command-linesoft... 1 msg No sound with Playback() and Background() 4 msg Setting CallerID UNKNOWN on an outgoing call 11 msg No-mobo PC for USB Drives Enclosure? 3 msg Zaptel Install Error 25 msg voicemail not sending emails Re: [asterisk-biz] ANI \ Steve Totaro (13 May 2008) . \ Alexander Lopez (14 May 2008) . . \ Steve Totaro (14 May 2008) 8 msg Installation Question 1 msg Call retard from a softphone to a hardphone 14 msg BLF Compatible Phones 4 msg Call only for registered sip users... 1 msg Asterisk 1.4.19.2 Released 2 msg queue problem 2 msg More one way audio... 5 msg New Asterisk Deployment - Need some tips 4 msg How to test dialplan w/o a trunk 1 msg Fwd: [asterisk-dev] Paging intercom extensions 1 msg Asterisk-Tag.org conference, May 26th/27th, Ber... 4 msg Queues, monitor-join=yes, and volume Prev-20 Home Next-20

Prev-Msg Prev-Thread Asterisk-users May-2008 Next-Thread Next-Msg Subject: Re: [asterisk-biz] ANI Group: Asterisk-users From: Steve Totaro Date: 13 May 2008 Bill Michaelson wrote: > Alex Balashov wrote: >> Steve Totaro wrote: >> >> >>> This make more sense: >>> Open WiFi AP (or cracked WEP) ----> hacked Asterisk box (who sets the >>> CID/ANI ----> Telco ------> terminated to the PSTN >>> >> >> Well, sure, but you can do far worse things than spoof ANI/CID with that >> kind of mischief. The sort of things generated in the scenario you >> described are hard to track down whether they're telephony-related or not. >> >> > Precisely right, and in the general case, it seems that the essential > problem is the lack of general awareness that certain forms of > identification are unreliable. Thus the perceived need to clear the > innocent. And also, perhaps, the reason for excessive apathy about > the (general) problem in many corners. > > Referring back to my earlier suggestion about public key > authentication, a more widespread appreciation and understanding of > it's applicability in various realms would go a long way toward > helping solve many problems ranging from spam and phishing to stuff > like this. It's a mind-share/social problem. There is nothing > inherently wrong with spoofing; the problems arise when the receiver > is unduly deceived. > I motion that this thread be moved to the Asterisk Users (already copied to Users List) For those that do not subscribe to the Biz list, this thread may be interesting to you. http://lists.digium.com/pipermail/asterisk-biz/2008-May/subject.html I am done giving examples of what could be done as far as current exploits. The purpose was to clue some people into what can actually be done that could cause *real harm*. I would like to see what Bill and others can offer as solutions. This particular issue could result in many forms of real harm and is worth more discussion. *Maybe the "Asterisk Community" can do more than talk about Asterisk. We are numerous, smart, and many are influential or have influential contacts.* Thanks, Steve Totaro _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users Prev-Msg Prev-Thread Asterisk-users May-2008 Next-Thread Next-Msg

© 2004-2008 readlist.com