They will not submit falsified data, they will use the data to bypass
filters.


2014-02-21 18:18 GMT+02:00 J. Oquendo <***@infiltrated.net>:

> On Fri, 21 Feb 2014, Sergey Kolesnichenko wrote:
>
> > One more mailing list? :-) I'm sure it is a bad idea. I'm working for a
> > company to protect it from VoIP related attacks, but you will never have
> > gurantess that I will not be using the data in a private list to attack
> > someone as a private individual :-) it is a security hole in a private
> list
> > about VoIP security...
> >
>
> I disagree with it being a bad idea. There is never any
> guarantees in life. The purpose for a private list, is it
> protects COMPANIES data. There is a trust mechanism in the
> sense that should/if/when someone wants to contest data,
> I can go back based on checksum to determine WHO submitted
> what. I HIGHLY doubt, someone would throw away their
> reputation, and or damage company reputation by submitting
> falsified data.
>
>
> --
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> J. Oquendo
> SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
>
> "Where ignorance is our master, there is no possibility of
> real peace" - Dalai Lama
>
> 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
>

Why dont't you want to speak about tactics here openly?


2014-02-21 19:51 GMT+02:00 Peter Beckman <***@angryox.com>:

> Email sucks for this. I don't want to read an email about something hours
> or days after the issue is happening and have to do something manually to
> protect my infrastructure.
>
> This seems like something that should be an API in which trusted people can
> access.
>
> But then you have concerns about trust of the data. Do I trust your
> reasoning for an IP block? Do I even get to see your evidence?
>
> Honestly I don't need a list or an API to block stuff.
>
> HOWEVER, if this can become a private discussion list to talk about
> methods, techniques and tactics that we can all implement in order to
> prevent telecom/SIP/VoIP fraud on our own, THAT I'd be interested in.
>
> Beckman
>
>
>
> On Fri, 21 Feb 2014, J. Oquendo wrote:
>
> On Fri, 21 Feb 2014, Sergey Kolesnichenko wrote:
>>
>> One more mailing list? :-) I'm sure it is a bad idea. I'm working for a
>>> company to protect it from VoIP related attacks, but you will never have
>>> gurantess that I will not be using the data in a private list to attack
>>> someone as a private individual :-) it is a security hole in a private
>>> list
>>> about VoIP security...
>>>
>>>
>> I disagree with it being a bad idea. There is never any
>> guarantees in life. The purpose for a private list, is it
>> protects COMPANIES data. There is a trust mechanism in the
>> sense that should/if/when someone wants to contest data,
>> I can go back based on checksum to determine WHO submitted
>> what. I HIGHLY doubt, someone would throw away their
>> reputation, and or damage company reputation by submitting
>> falsified data.
>>
>>
>> --
>> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
>> J. Oquendo
>> SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
>>
>> "Where ignorance is our master, there is no possibility of
>> real peace" - Dalai Lama
>>
>> 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
>> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
>> _______________________________________________
>> VoiceOps mailing list
>> ***@voiceops.org
>> https://puck.nether.net/mailman/listinfo/voiceops
>>
>>
> ------------------------------------------------------------
> ---------------
> Peter Beckman Internet Guy
> ***@angryox.com
> http://www.angryox.com/
> ------------------------------------------------------------
> ---------------
>

On 21 February 2014 22:50, Hiers, David <***@adp.com> wrote:
> Here's a model of limited membership, private, vetted information sharing:
>
> https://www.infragard.org/

Any idea how much the vetting process for a new member costs in both
time and money?

Robin


> The notion of sharing your problems so you can learn from the problems of others is valid, but I'm not sure how well it works.
>
> There are many non-technical drivers to keep things private; your stock price could take a hit, etc.
>
> David
>
>
> -----Original Message-----
> From: Voipsec [mailto:voipsec-***@voipsa.org] On Behalf Of Mark R Lindsey
> Sent: Friday, February 21, 2014 14:26
> To: Fred Posner
> Cc: ***@voipsa.org
> Subject: Re: [VOIPSEC] [VoiceOps] Tackling VoIP fraud, new idea
>
> Why would $BIG_CORPORATION allow disclosure of any breach they're not obligated to disclose?
>
> We know the most common way that home burglaries occur is to knock in the front door. And we talk about it openly. And we build better doors.
>
> I'm with Fred Posner.
>
>>>> ***@ecg.co +1-229-316-0013 http://ecg.co/lindsey
>
> On Feb 21, 2014, at 17:20 , Fred Posner <***@palner.com> wrote:
>
>> The more difficult we make it to share information, the less information will get shared.
>>
>> Personally, I'm in favor of an open forum, as the ideal way to attack fraud would be to bring any discussion into the sunlight -- again, just my seasoned opinion.
>>
>> The more we discuss, the more they will change tactics. Which we will learn, discuss, and then they will again change tactics.
>>
>> Fraud, at it's simplest description, is an exploitation of flaws. The more we harden our systems to prevent the exploitation of a flaw, the better we will be; the better VoIP will be.
>>
>> I feel that the more cloaked these conversations will be, the more our systems and protocols will remain flawed.
>>
>> I see the potential for fraudsters to see what we know, what we don't know (potentially), and to me... that's fine. When they realize we have found a certain scheme, they will move on to discover a new method.
>>
>> --
>> Fred Posner | The Palner Group, Inc.
>> http://qxork.com
>>
>> On 2/21/14, 5:04 PM, Gast, Jim wrote:
>> > (Apologies if you got 2 copies . . . I had not been a subscriber to
>> > ***@voipsa.org<mailto:***@voipsa.org> so my reply bounced!)
>> >
>> > Hi, team -
>> >
>> > In the early days of Public Key Infrastructure, we had easy ways to
>> > solve these trust questions.
>> >
>> > The list admin creates a public-key / private-key pair called the
>> > LIST_CERT. Giving anyone the LIST_CERT gives them both keys in the
>> > pair.
>> >
>> > The list admin creates a public-key / private-key pair called the
>> > VoIPSec Certificate Authority key-pair. The public-key becomes
>> > publicly available, but the private key is NEVER GIVEN OUT to anyone.
>> > The VoIPSec_CA_CERT contains the public-key, but NOT the
>> > private-key.
>> >
>> > To join the list, each participant must prove (once) that the email
>> > address they give us is authentic. The new participant creates a
>> > personal key pair and gives ONLY the public key to the list
>> > administrator as a certificate signing request. The new participant
>> > will then be given a CERTificate that signs his personal public key
>> > with the VoIPSec_CA key.
>> >
>> > Legitimate participants to the mailing list are given the LIST_CERT.
>> > If someone does not have the LIST_CERT, eavesdroppers will be unable
>> > to decrypt emails on the list.
>> >
>> > All emails to the email list are SIGNED by an personal CERT (that is
>> > SIGNED by VoIPSec_CA) and the body of the email is also ENCRYPTED
>> > using the LIST_CERT.
>> >
>> > Since the signature will match, the email could only have come from
>> > that particular sender (and the body could not have been altered).
>> > And the body of every email can be decrypted by any authentic list
>> > member.
>> >
>> > Does that work well?
>> >
>> > Cheers,
>> >
>> > / Jim Gast, TDS Telecom
>>
>>
>> _______________________________________________
>> Voipsec mailing list
>> ***@voipsa.org
>> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
> _______________________________________________
> Voipsec mailing list
> ***@voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
> This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
>
> _______________________________________________
> Voipsec mailing list
> ***@voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

Chasing IPs or MSISDNs or GTs is very limited game, useful yes. The
things that bites you big time in fraud & security is often the new kind
of attacks, or innovative variants of existing ones. That's what I was
speaking about.

On 2/23/14 10:52 PM, Sergey Kolesnichenko wrote:
> Add IP reputation scoring to your systems and forget about posting to
> this list for several years.
>
>
>
> 2014-02-22 17:15 GMT+02:00 Philippe Langlois <***@p1sec.com
> <mailto:***@p1sec.com>>:
>
> Hi Fred,
>
> I totally agree with this:
> Telecom domain is a perfect example of the lack of script kiddies:
> Not much script kiddies -> not much publicized breaches
> -> not much security pressure from attacks/compromise
> -> not much awareness
> -> not much budget
> -> security through obscurity (STO) somewhat works
> -> disclosure of information is targeted rather than the fundamental
> problem ("shoot the messenger" paradigm)
> -> interested/experts attackers (gov, intelligence) invest time to make
> sure the attacks don't get known
> -> when compromise occur, it is massive and ultimate, with often total
> destruction or compromise of the targeted system :(
> and that's where the system fails...
>
> So indeed, openness is extremely important yet needs to be balanced.
> With vendors that are not mature (extremely resistive, patch time
> counted in YEARS, ...) and specification bodies that are closed to
> independent experts, it does not help.
>
> We're trying to change the game by making the R&D race of new attacks
> and detection faster than what some of the attackers (fraud, crackers,
> intelligence) can find. I said "some" because as you said, you NEVER
> know what they might know ;-/
>
> Best regards,
> Philippe Langlois.
> --
> P1 Security - Priority One Security
> http://www.p1sec.com
>
>
> On 2/21/14 11:20 PM, Fred Posner wrote:
> > The more difficult we make it to share information, the less
> information
> > will get shared.
> >
> > Personally, I'm in favor of an open forum, as the ideal way to attack
> > fraud would be to bring any discussion into the sunlight -- again,
> just
> > my seasoned opinion.
> >
> > The more we discuss, the more they will change tactics. Which we will
> > learn, discuss, and then they will again change tactics.
> >
> > Fraud, at it's simplest description, is an exploitation of flaws. The
> > more we harden our systems to prevent the exploitation of a flaw, the
> > better we will be; the better VoIP will be.
> >
> > I feel that the more cloaked these conversations will be, the more our
> > systems and protocols will remain flawed.
> >
> > I see the potential for fraudsters to see what we know, what we don't
> > know (potentially), and to me... that's fine. When they realize we
> have
> > found a certain scheme, they will move on to discover a new method.
> >
>
> _______________________________________________
> Voipsec mailing list
> ***@voipsa.org <mailto:***@voipsa.org>
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>