The General Technology Thread

[Haven]

Just heard their insurance company paid $100k, but yeah... not sure where the rest comes from. Probably... which would suck, since it's due to their own failures.

Unfortunately, like other professions, IT people vary in how good they are at their job, how much passion they have for it, etc. plus the budget needed for some proactive measures.

The City of Indianapolis was hit by one of these ransomware viruses a few years ago. It never hit the news because the server, and storage teams had the issue fixed in a few minutes. The network team found the machine that was infested and shutdown that machines network access in minutes. The desktop guys took the machine away, got the person a new machine. All told, everything was back to normal within a half hour of it being found. So no news stories.


Sent from my iPad using Tapatalk

 

[DoggyDaddy]

[h=2]Major carriers, state AGs will work to combat robocalls[/h]I guess I'll file this one under "I'll believe it when I see it."

https://www.wthr.com/article/major-carriers-state-ags-will-work-combat-robocalls-1

 

[jamil]

Not sure what they can do. VPNs. VOIP. That number that keeps calling that says, Corydon Indiana, is not from Corydon. More likely from some ****hole country.

 

[BugI02]

I thought there was some comparison between where the call says it is from and the switching pathway it is using that could flag some robocalls? The call isn't actually coming from the indicated number it is just spoofing caller ID

 

[actaeon277]

Yup, you have to prove who did it. And if it's in another country, you'd have to have some type of treaty agreement.

 

[DoggyDaddy]

Not sure what they can do. VPNs. VOIP. That number that keeps calling that says, Corydon Indiana, is not from Corydon. More likely from some ****hole country.

I thought there was some comparison between where the call says it is from and the switching pathway it is using that could flag some robocalls? The call isn't actually coming from the indicated number it is just spoofing caller ID

Allegedly they have a way to detect spoofing too. I will remain skeptical until I see it start working though. And like actaeon said, since many, if not most of these originate in foreign countries, prosecution is going to be next to impossible, but I'd settle for an effective way to block them.

 

[BugI02]

It would present some problems for VPN for anonymity as opposed to security folks, but I'd be happy if the carriers just killed any call whose pathway didn't match its number ID - a call indicating its from Texas, say, but entering the US network via an international switch would be a fine place to start

 

[JettaKnight]

I thought there was some comparison between where the call says it is from and the switching pathway it is using that could flag some robocalls? The call isn't actually coming from the indicated number it is just spoofing caller ID

Reply All did a couple of podcast on this. (I'm too lazy to look it up)

 

[KLB]

It would present some problems for VPN for anonymity as opposed to security folks, but I'd be happy if the carriers just killed any call whose pathway didn't match its number ID - a call indicating its from Texas, say, but entering the US network via an international switch would be a fine place to start

National calls coming from an international source could work, but inside the US there is no longer any real correlation between a calling number's origination and a physical area. Our company has around 50 sites spread across the US. All of their calls go out the same connection to a carrier.

I would think that the carriers should know what numbers should be sourced from any kind of connection though, and they should therefor be able to block calls that are not showing legitimate numbers. Even when using a VPN, a VOIP call has to eventually get into the phone network. If they want to be that anonymous, they can send no number.

 

[Mr Evilwrench]

There was a time, when the telco could "trace" a call a lot faster than they let on, AND they kept magnetic tape records of every connection that was made. It was literally possible for them to trace a call even after it had been terminated. They did not admit to this capability because they were afraid of people finding out about it and demanding access. They would have been overwhelmed with such demands from law enforcement and the courts, at the very least. I don't believe for a second that they can't spit out the actual origin of the call using the out-of-band control data, even faster than the in-band CLASS caller-ID. There's just more money to be made keeping that to themselves.

 

[KLB]

There was a time, when the telco could "trace" a call a lot faster than they let on, AND they kept magnetic tape records of every connection that was made. It was literally possible for them to trace a call even after it had been terminated. They did not admit to this capability because they were afraid of people finding out about it and demanding access. They would have been overwhelmed with such demands from law enforcement and the courts, at the very least. I don't believe for a second that they can't spit out the actual origin of the call using the out-of-band control data, even faster than the in-band CLASS caller-ID. There's just more money to be made keeping that to themselves.

Actually, VOIP can very much muddy those waters. IP is much easier to manipulate than old school PBX calls.

 

[Mr Evilwrench]

Actually, VOIP can very much muddy those waters. IP is much easier to manipulate than old school PBX calls.

There's still a gateway, a point where the call enters the "system". Just like with a call originating out of country, you may not be able to put a street address to a call coming from Bangalore or Quezon City, the VOIP comes from out-of-band. Thing is, IP is just as traceable unless you're intentionally routing through a foreign proxy server or an onion router that purposely discards the data. The ISP can figure out who owns the address it's coming from. Also, even though NPA/NXX is no longer a reliable indication of the origin of a call, it still enters the system through a cell which can be identified. As the cells shrink, this becomes more specific. 5G will just about put you in rock-throwing distance.

 

[BugI02]

But it still couldn't do much with, say, a person who moved to Ohio from Texas but kept their cell number. The service providers could certainly compare a claimed source number and originating cell with the location of that phone on the network (as well as sift for non-working numbers) and weed out many spoofs. They just haven't figured out how to sufficiently monetize the service. I run a white list on my VoIP, but am reluctant to go that route on my cell. Calls not in the directory are routed directly to Vmail, but I still have to take the time to look if I'm expecting a call. I try to tell people not to call from blocked numbers if they hope to talk to me in real time

Sifting through crap is yet another good job for resident AI


Edit: Once I received a spoofed call using my own number

 

[Mr Evilwrench]

Yeah, it's like I said, there's more money to be made, or at least less to spend, if nobody knows what could be done, because you know they'd be demanding it.

 

[jamil]

It would present some problems for VPN for anonymity as opposed to security folks, but I'd be happy if the carriers just killed any call whose pathway didn't match its number ID - a call indicating its from Texas, say, but entering the US network via an international switch would be a fine place to start

What about legitimate voip users? Gonna block their calls?

 

[KLB]

VOIP calls are still setup by a carrier. They should be able to confirm the number being sent with the call.

 

[BugI02]

What about legitimate voip users? Gonna block their calls?

I would support experiments in lethality that test killer robots by using them to hunt down spam callers and call in drone strikes

 

[Jludo]

Is it just a validation issue? In theory couldn't there be or is there a voip protocol that could validate phone numbers? It just hasn't been a big problem until recently

 

[jamil]

I would support experiments in lethality that test killer robots by using them to hunt down spam callers and call in drone strikes

I just want a button on my phone that causes the other end to blow up.

 

[KLB]

Is it just a validation issue? In theory couldn't there be or is there a voip protocol that could validate phone numbers? It just hasn't been a big problem until recently

Not really. It really is up to the carriers to do. Only they know what numbers are supposed to be used by a specific customer.