31 Years of the Digest ... founded August 21, 1981

Add this Digest to your personal   or  

The Telecom Digest for September 26, 2012
Volume 31 : Issue 226 : "text" Format
Messages in this Issue:
Data breach at IEEE.org: 100k plaintext passwords (Monty Solomon)
Bogus Called ID (Andrew Kaser)
Re: Bogus Called ID (Doug McIntyre)

====== 31 years of TELECOM Digest -- Founded August 21, 1981 ======

Telecom and VOIP (Voice over Internet Protocol) Digest for the Internet. All contents here are copyrighted by Bill Horne and the individual writers/correspondents. Articles may be used in other journals or newsgroups, provided the writer's name and the Digest are included in the fair use quote. By using any name or email address included herein for any reason other than responding to an article herein, you agree to pay a hundred dollars to that person, or email address owner.
Addresses herein are not to be added to any mailing list, nor to be sold or given away without the explicit written consent of the owner of that address. Chain letters, viruses, porn, spam, and miscellaneous junk are definitely unwelcome.

We must fight spam for the same reason we fight crime: not because we are naive enough to believe that we will ever stamp it out, but because we do not want the kind of world that results when no one stands against crime.  - Geoffrey Welsh


See the bottom of this issue for subscription and archive details and the name of our lawyer, and other stuff of interest.


Date: Tue, 25 Sep 2012 14:46:06 -0400 From: Monty Solomon <monty@roscom.com> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Data breach at IEEE.org: 100k plaintext passwords Message-ID: <p06240870cc87aba1d148@[10.0.1.8]> Data breach at IEEE.org: 100k plaintext passwords. Using the data to gain insights into the engineering and scientific community IEEE suffered a data breach which I discovered on September 18. ... http://ieeelog.com/
Date: Tue, 25 Sep 2012 15:52:12 -0700 From: Andrew Kaser <ak@europa.com> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Bogus Called ID Message-ID: <1A52D677-388A-47D0-A9C8-8A8578C04753@europa.com> Like a lot of folks, I got a robo call asking to donate as little of $3 to Romney's campaign. The call came from 202-730-9976. Of course, it is a bogus number. I am curious if there are any knowledgeable folks here who understand how the number that displays on Caller ID gets into the pike at the beginning and then gets handed off to a subsequent entity the might be carrying the call. Do subsequent entities have to accept the reported originating number? Are they any controls at the origin end to prevent bogus numbers from being accepted by the first switch that handles the call? How does the Caller ID number jive with all the other information that is needed to distribute the revenue among all the parities that carried or handled all or part of the call? (Are folks getting cheated out of their revenues?) There is a chain-of-custody process here and I wonder it is so full holes that should be abandon caller ID anyway? It has become like disguised junk mail. The packaging looks interesting enough to open, and then once opened you learn that it is junk.
Date: 26 Sep 2012 05:28:28 GMT From: Doug McIntyre <merlyn@geeks.org> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Re: Bogus Called ID Message-ID: <5062927c$0$74854$8046368a@newsreader.iphouse.net> Andrew Kaser <ak@europa.com> writes: >Like a lot of folks, I got a robo call asking to donate as little of $3 to >Romney's campaign. The call came from 202-730-9976. Of course, it is a bogus >number. I am curious if there are any knowledgeable folks here who understand >how the number that displays on Caller ID gets into the pike at the beginning >and then gets handed off to a subsequent entity the might be carrying the >call. Do subsequent entities have to accept the reported originating number? >Are they any controls at the origin end to prevent bogus numbers from being >accepted by the first switch that handles the call? How does the Caller ID >number jive with all the other information that is needed to distribute the >revenue among all the parities that carried or handled all or part of the >call? (Are folks getting cheated out of their revenues?) There is a >chain-of-custody process here and I wonder it is so full holes that should be >abandon caller ID anyway? It has become like disguised junk mail. The >packaging looks interesting enough to open, and then once opened you learn >that it is junk. Caller-ID is an informational data carried along with the call. It is separate from ANI, which is the data used for billing. Caller-ID data can be supplied by the originating PBX or even VoIP phone. ANI is supplied by the originating LEC, but is typically not as precise. Ie. for my block of DIDs, I can set the outbound callerID to any number in my range, but if I don't, the ANI is picked up and used, which is the set by my LEC to be the my first DID. ANI is what is used for billing purposes of which LEC terminates the call and the reprocity aggrements within. ANI typically stays within the phone companies, it usually isn't presented to the end user (unless they have 1-800 service, or something else billing sensitive to the calling data). Other than my example if my PBX doesn't push calling-ID out, then the LEC adds in their IE with my ANI as the calling-ID info. As I mentioned, my LEC filters what I can send as calling-ID info, but many other LECs don't, especially the iLECs. When I had PRI trunks with the iLEC I could send any data out I wanted. Also, many VoIP carriers have negotiated with the LECs in each of their service areas to be able to provide calling-ID, so that their customers can present their VoIP individual number out their PRI trunks. It wouldn't do to have VoIP service, and every single one of the VoIP service customers has calling-ID data showing up as the first DID that the VoIP carrier has. But, many VoIP carriers aren't as strict to filter calling-ID data to make sure it is correct and valid. Some services let the end-subscriber supply whatever they want with no further filtering. Some have a control panel that lets you set your data there. Others lock it to your DID for your VoIP service and don't let you modify it in any fashion. (won't bother getting into the CNAM database, not too relavent here). I guess personally, that the junk calls I get all have empty caller-ID or something like 'Out of Area', so they are easy enough to ignore. Unfortunately, many cell-phone carriers don't bother putting in useful callerID for their customers (T-Mobile of old, and AT&T do, but I probably get more cell-phone calls from friends that lack it and have generic CNAM data for their phone #s). I don't think it is too broken, it is useful. There is some abuse of it, and there are laws that try to fix some of the more blatent abuse. (ie. Truth in Caller ID Act of 2009). But it was never designed to be very secure, with much of the data coming from end-user run PBXs (besides the LEC sending their single-line customers data onwards).
TELECOM Digest is an electronic journal devoted mostly to telecom- munications topics. It is circulated anywhere there is email, in addition to Usenet, where it appears as the moderated newsgroup 'comp.dcom.telecom'. TELECOM Digest is a not-for-profit, mostly non-commercial educational service offered to the Internet by Bill Horne. All the contents of the Digest are compilation-copyrighted. You may reprint articles in some other media on an occasional basis, but please attribute my work and that of the original author. The Telecom Digest is moderated by Bill Horne.
Contact information: Bill Horne
Telecom Digest
43 Deerfield Road
Sharon MA 02067-2301
339-364-8487
bill at horne dot net
Subscribe: telecom-request@telecom-digest.org?body=subscribe telecom
Unsubscribe: telecom-request@telecom-digest.org?body=unsubscribe telecom
This Digest is the oldest continuing e-journal about telecomm-
unications on the Internet, having been founded in August, 1981 and
published continuously since then.  Our archives are available for
your review/research. We believe we are the oldest e-zine/mailing list
on the internet in any category!

URL information: http://telecom-digest.org


Copyright (C) 2012 TELECOM Digest. All rights reserved.
Our attorney is Bill Levant, of Blue Bell, PA.

Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of fifty dollars per year per reader is considered appropriate. See our address above. Please make at least a single donation to cover the cost of processing your name to the mailing list. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization.

End of The Telecom Digest (3 messages)

Return to Archives ** Older Issues