VoIP and phishing

On Thu, Apr 27, 2006 at 01:12:43PM -0700, misseiden.com wrote:

> so if you are counting on the calling party being who
they say the are,
> or even within your company, based on callerid, don't.
> 
> does anyone know if time ANI from toll free services is
still unspoofable?

make that "real-time ANI"

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com

>>>>> "mis" == mis  <misseiden.com> writes:

mis> does anyone know if [real-]time ANI from
mis> toll free services is still unspoofable?

No, in general it is not unspoofable.

But you probably need the gateway into the PSTN to use SS7
and IMT
trunks; and that probably means a CLEC license in the US, or
similar
elsewhere.  That presumably means more substantial civil and
criminal
penalties for spoofing with criminal intent, not to mention
the
potential loss of the operating license for doing so.

So although it is certainly doable, it'll be expensive and
likely
beyond the means of small-time players.

In short, if you have direct SS7 access, there isn't much
you cannot
do to screw over other providers and their customers.  Hense
all of
the rules and regs for getting such access.

-JimC
-- 
James H. Cloos, Jr. <cloosjhcloos.com>

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com