[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100717183304.97F.0@paddy.troja.mff.cuni.cz>
Date: Sat, 17 Jul 2010 23:41:16 +0200 (CEST)
From: Pavel Kankovsky <peak@...o.troja.mff.cuni.cz>
To: full-disclosure@...ts.grok.org.uk
Subject: In-band signalling (was: Re: NuralStorm Webmail
Multiple Vulnerabilities)
On Thu, 15 Jul 2010 Valdis.Kletnieks@...edu wrote:
> > (*) In-band signalling in telephone networks.
> Feel free to elucidate a *feasible* way to have deployed out-of-band
> signaling on the installed copper-pair base back then.
I won't pretent I am an expert on PSTN technology. Nevertheless
frequency-division multiplexing was already in use in 1950s so I do not
find the idea of literal out-of-band signalling (i.e. to make the bandwith
of trunk link channels slightly wider than what is allowed to come from
local loops and use that extra bandwidth for signalling) completely
implausible.
> Also, compare the *actual* costs and losses due to phreakers snagging
> free service due to in-band signaling to the eventual cost of upgrading
> every single central office to something that supported out-of-band.
This smells like a red herring. They had to upgrade all of them to support
direct distance dialing in the first place and there have been more
upgrades not related to the eventual widespread deployment of SS7 in
1990s.
> Maybe those bell-heads weren't so dumb...
That was not my point.
It might have paid off to accept the risk of abuse when hardware was
crude and expensive and when knowledge and gear needed to exploit the
vulnerability was not easily available. Although I suspect it was more
a case of being lucky enough to get away with a lack of foresight than
a deliberate risk management decision.
But it is 2010 now. Everything I mentioned earlier has changed years ago.
Hardware is incredibly more powerful and much cheaper. Every kiddie has
got a PC and high-speed Internet connection. All knowledge is one Google
search away (okay, I am a little bit exaggerating here). Yet the old 2600
Hz whistle lives on in apostrophes and less-than signs because we still
have not learned to keep control data and user data segregated.
--
Pavel Kankovsky aka Peak / Jeremiah 9:21 \
"For death is come up into our MS Windows(tm)..." \ 21st century edition /
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists