[VOIPSEC] Google's new service ripe for CID spoofing
Bill Rippon
bjripp at us.ibm.com
Mon Nov 20 08:49:16 CST 2006
Hello,
I just read about a similar service in information week, a web service to
bridge calls together called Jajah.
This one appears to be more subscription based so a little more
accountability. I tested it and
it has the same issue, the caller-id of who I called showed up on my phone.
http://www.informationweek.com/outsourcing/showArticle.jhtml?articleID=193402917
http://www.jajah.com/
I'm still thinking through the overall issue but another area of concern is
the potential for programatic
attacks, if the user is not required to put in a special code that obscured
to automated programs
(like ticketmaster).
Bill Rippon
Networking
"J. Oquendo"
<sil at infiltrated.
net> To
Sent by: voipsec at voipsa.org
voipsec-bounces at v cc
oipsa.org
Subject
[VOIPSEC] Google's new service ripe
11/18/06 10:52 PM for CID spoofing
Thought this may interest some on the list.
made available a new "Click-to-Call" service that will automatically
connect users to business phone listings found via Google search results.
order for this feature to function, the user must provide their telephone
number so that Google can bridge the free call between the business and the
user (including long distance calls).
is that there is no reasonable way to validate the user phone number that
is provided. Google says that they have mechanisms in place to try avoid
repeated prank calls, but the potential for abuse is obvious.
http://lauren.vortex.com/archive/000200.html
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
@infiltrated|sed 's/^/sil/g;s/$/.net/g'
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
"How a man plays the game shows something of his
shows all" - Mr. Luckey
_______________________________________________
list
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list