[VOIPSEC] Caller ID hacks and trust boundaries in the world of SIP
Dan York
dyork at voxeo.com
Tue Jul 22 20:51:00 CDT 2008
VOIPSEC readers,
Some of you may have read in the press about Kevin Mitnick's
demonstration at the Last HOPE conference over the weekend of a
modification to Asterisk that allows blocked Caller ID to be
displayed. As I note in this lengthy post to the VOIPSA blog, it's
really an issue related to where the "trust boundaries" are
established as we continue in our ongoing work as an industry of
blowing apart the network formerly known as the PSTN:
http://voipsa.org/blog/2008/07/23/asterisk-hack-to-show-blocked-caller-id-points-to-larger-trust-issues-with-sip/
If that URL breaks in your mail client, try: http://bit.ly/bl7xT
I've already had it pointed out to me (thanks!) that SS7 has the
basically identical "privacy bit" feature, but the SS7 trust boundary
was such that this information wouldn't be passed to subscriber/
customer equipment. In our new world of SIP, those boundaries aren't
yet established.
Dan
--
Dan York, CISSP, Director of Emerging Communication Technology
Office of the CTO Voxeo Corporation dyork at voxeo.com
Phone: +1-407-455-5859 Skype: danyork http://www.voxeo.com
Blogs: http://blogs.voxeo.com http://www.disruptivetelephony.com
Build voice applications based on open standards.
Find out how at http://www.voxeo.com/free
More information about the Voipsec
mailing list