Forgot your password?
typodupeerror
This discussion has been archived. No new comments can be posted.

Spam Over Internet Telephony (SPIT) to Come?

Comments Filter:
  • Re:Why so surprised? (Score:5, Interesting)

    by oGMo (379) on Friday September 24, 2004 @06:50PM (#10345078)
    So long as enough people are responding to spam to make it profitable, if you build it they will spam it.

    I don't think that's how it works. I don't think anyone responds to your typical spam; rather, they harvest working emails and sell those to less-than-scrupulous companies. That's where the real profits are, so it doesn't matter if people respond or not.

    I could be wrong though.

  • hurray for spit! (Score:2, Interesting)

    by caldfyr (814077) on Friday September 24, 2004 @06:50PM (#10345081)
    When I get spammed I swear to myself while pounding . If my voip device rings I can swear at THEM for once! When I get a reputation for blowing out eardrums we'll see how often they sell my name.
  • Re:Why so surprised? (Score:2, Interesting)

    by garcia (6573) * on Friday September 24, 2004 @06:53PM (#10345101) Homepage
    I don't see the difference between this and what we have already. At least with VoIP we can have software install to ignore most of it.

    Basically whitelist everyone you know. If you don't know them they get forwarded to voicemail and you can check their phone number before you listen to their message.

    Easy enough to block them. If they have no caller ID information auto-block.
  • Re:Why so surprised? (Score:3, Interesting)

    by quigonn (80360) on Friday September 24, 2004 @06:56PM (#10345118) Homepage
    The response rates for spam mails are extremely low, but it's still more profitable than "traditional" commercials and ads, which means you get the same amount of customers with less investments. AFAICR, there's been a study about that about a year ago, but I can't find any link or reference anymore... :-/
  • Not sure... (Score:5, Interesting)

    by Karpe (1147) on Friday September 24, 2004 @06:58PM (#10345129) Homepage
    One of the biggest problem of spam is the inability to identify the source (and why so many people believe that solutions like SPF will help out).

    VoIP is end-to-end, so if someone starts "spitting" the network, he can easily be blocked.

    Of course, other solutions would be to have white lists for VoIP, but it is weird to think about white lists to telephony, since the idea is that anyone could reach anyone.

    I think dubious character companies will try to do it anyway for some time, but with time blocking will keep the problem to manageable levels.
  • Re:At least (Score:4, Interesting)

    by lexarius (560925) on Friday September 24, 2004 @07:03PM (#10345161)
    Someone will be paying for lots of bandwidth, but the SPITers won't be paying most of it. Viruses, trojans and zombies oh my!
  • Re:Now Hear This.... (Score:4, Interesting)

    by privaria (583781) on Friday September 24, 2004 @07:04PM (#10345166) Homepage
    From what I've read, blind people are more impacted by plain ol' email spam than anyone. It takes a lot more time for them to listen for a screen reader start reciting off the latest anatomical enlargement offer than it does for a sighted person from scanning the text and just hitting "delete."
  • by Mulletproof (513805) on Friday September 24, 2004 @07:16PM (#10345236) Homepage Journal
    It may be over the internet, but at least vocal spam already has precedents in 'do not call lists' and such. I figure the more popular VoIP becomes, the faster this crap will get squshed. It won't take the decades phone spam legistlation took to enact. Everybody is taking a good, hard look at how to crush unwanted solicitations in every form these days.
  • Not to worried.... (Score:5, Interesting)

    by jemenake (595948) on Friday September 24, 2004 @07:34PM (#10345332)
    Fortunately, VoIP is young enough such that they could modify the protocols to nip this in the bud.

    Cryptographic solutions would probably be the first place to look. For example, suppose my phone will only look at incoming connections which are begun with some certificate signed by the VoIP service provider (Vonage, Skype, whatever). So, in order to be able to call me, your phone first contacts the provider, requests a certificate to connect to me, and the provider gives that to the phone, and then their phone uses that as credentials to get my phone to not ignore it. Then, all the service provider has to do is watch out for excessive numbers of connections coming from one customer.

    I wouldn't be surprised in the least if this isn't already built into the VoIP systems. After all, we've been trying for some time now to move email into the domain of cryptographic authentication (SPF is just an intermediate fix) to stop spam. So, we've known for a while that this is "the way to do it right", and we also know from the way e-mail is going that it's a major pain to try to change the system to use it after the system is already in place. So, I'd expect that they might already have this capability.
  • by serutan (259622) <snoopdoug@geekazon . c om> on Friday September 24, 2004 @08:26PM (#10345613) Homepage
    I'm just reaching here, IANAL and all. But as far as I can tell from a quick search nobody has attacked SPAM on the basis of Disturbing the Peace. Every community enforces rules about annoying other people. In most cases I think it's pretty vague, based on the level of annoyance and on how abnormal the offending behavior is deemed. Running a gas powered lawn mower on Saturday afternoon is normal, but running it continuously for 12 hours a day 7 days a week might be considered disturbing the peace. Sending email is normal, but maybe sending a million emails an hour is disturbing the peace.

    Any attorneys care to comment?
  • SPAM the SPAMMERS (Score:3, Interesting)

    by WhiteDeath (737946) * on Friday September 24, 2004 @09:56PM (#10345950) Homepage

    I've often wondered what would happen if EVERYONE allocated just 5 minutes per day to "responding" to spam... heck we spend that long deleting the stuff or updating mail filters anyway.

    Just pick a couple of spams and:

    - View the web site

    - If you can find an email address or contact form for the seller, abuse it. (do not use your own email address if possible)

    - If you can find a free-call number, ring it - and keep them busy as long as you feel the need to - the company is paying for your call.

    - Request free samples, forms to fill out or advertising material (printed form only, email is pointless). Fake the address, or if you like, grab the freebie :)

    - Waste their time - time costs them more than anything else if they have to put on employees to deal with the crap.

    - Waste their resources (web server time/bandwidth doesn't count, printer ink & shipping does)

    If even 10% of their spam results in time wasters, the economics go right out the window :-)

    Unfortunately many spams link to a "insert credit card here, we will send goods" page with no other contact info, but many have links to the companies web site, and even an email to abuse (or better still anonymous contact form to prevent spam).

    Any company that suffered such a manual DDOS attack would likely stop spamming - and as the spammers got less, the effect would get worse (well, better actually).

    yes, some idiot will send out a spam on behalf of someone else just to get them attacked, but at least using human attakers there will be some basic checking.
    As with all wars there will be casualties. At the moment that casualty is email, and EVERY internet user suffers for it.

  • Re:Beep! Beep! Beep! (Score:2, Interesting)

    by mick88 (198800) on Friday September 24, 2004 @11:10PM (#10346259) Homepage
    You are right to sound the BS alarm - this is pure BS, for a few reasons.

    Disclaimer/Clarifier: I install/configure/troubleshoot VoIP and IP telephony for a living (Cisco's version). I do it all day everyday - this is one of the few slashdot stories I am qualified to post about. So indulge me:

    First - almost all residential VoIP customers still are using analog phones. You plug your analog phone into a device that converts analog signal to IP. So you can't fubar an analog phone with a virus or send spam to it... it's just impossible. Could you fubar the converter? if you have no firewall or router - maybe with like a DoSS attack. But it won't accept random connections from another telephony device not registered with your telco's IP PBX

    Second - every voip customer still has a regular phone number - 202.555.1212 or whatever. in order to reach me on my "VoIP phone" - you have to dial that number. You don't dial my IP address!! You dial my phone number, which goes to a T1, plugged into a Telco's router that sends the packets to my house that get converted from IP to analog by a device sitting behind my router/firewall. So everyone from the outside wishing to get to my "VoIP phone" needs to dial the number, just like any other phone.

    Third - if you really have IP Telephony (not just VoIP, cause there is a big difference) you are only vulnerable to people on your same LAN/WAN - in otherwords someone needs access to your private network. And even then, they would need to register a device with your IP PBX and then trick it into letting you send pre-canned voice calls. In otherwords, this isn't possible. I'm sorry, it's just not.

    If the entire POTS system goes away, and we all have IP phones and there is no more telephony as we know it and all our phones are on one giant, unprotected, unfirewalled network, then yes, you might be subject to SPIT. But I assure you, this won't happen for a long long long time. /rant

    Have a pleasant day and please I(gnore)TFA!

Forty two.

Working...