The Market Ticker
Commentary on The Capital Markets- Category [Technology]
2016-11-10 13:08 by Karl Denninger
in Technology , 300 references
[Comments enabled]  

Using your Facebook or other account sign-in for other apps?

You're in trouble.

The researchers found that 41.2 percent of the apps they tested were vulnerable to their attack, including popular dating, travel, shopping, hotel booking, finance, chat, music and news apps.

Do not use your account credentials to sign in to some third-party service.

Ever!

If you think this problem will "go away" when that specific problem is resolved (as detailed in the paper) you're wrong.  Dead wrong.

Just don't do it.

smiley

View this entry with comments (registration required to post)
 

2016-10-31 06:00 by Karl Denninger
in Technology , 290 references
 

Give me a break.

A task force of more than 30 major technology and communication companies said they have made progress but have not found a solution to eliminate "robocalls" or automated, prerecorded phone calls, but a top U.S. regulator urged faster action.

Throw some people in prison and you'll get their attention.  Yes, right here in the US, and yes, I'm talking about carrier executives.  Why?  We'll get to that:

Wheeler wrote major companies in July urging them to take new action to block robocalls, saying it was the top source of consumer complaints at the FCC. Scam artists often times based abroad try to appear to call from a bank or a government phone to trick consumers into disclosing confidential financial or account information.

How do they "appear" to call from a bank or government phone when they're not in the United States?

Ah, now see, there's the fraud and the US carriers are complicit in it.

Along with a call setup request (from one carrier to another) comes some information, which includes the "originating" number.  The carriers do exactly nothing to validate that for other than 800 (free to calling party) numbers.

But they could very trivially prevent, for example, foreign calls from appearing with US numbers.

How?  Refuse to route a call that comes from the UK unless the "originating" number is in the correct format including the country code prefixfor example.

That would stop instantly any of these calls that are originating outside of the United States.

As for those within the United States the FCC has jurisdiction, and can require that one of two things be the case:

1. The "originating" number be the actual originating number.  This will be the appropriate setting for all individual lines; simply do not allow an overridden number from a consumer account -- period.

2. For those that are overridden require, under penalty of law, that the party overriding accept both civil and criminal legal responsibility for the authenticity of their override under existing criminal fraud statutes.

There are very good reasons to allow such an override on outbound calls.  For example, at MCSNet we had outbound trunks that were all "rolled up" into high-capacity circuits (at the time DS1s); each of those trunks had a "real" phone number, but it was unpublished.  We then had DID mapping for certain people who needed "private lines" and in addition we had our "main" number (312) - 803-MCS1 that would ring into the PBX on the next available trunk in the group.  If you dialed out from our PBX those trunks (set up for bidirectional signalling) were configured to show 312-803-MCS1 as the "originating" number even though technically it was not.  That's fine, because we owned the originating number, it was "real", and it really was our number.

It would not be difficult at all to require that all such entities that purchase service from a telco provider in the United States and wish to provide "originating number" overrides do so under a contractual requirement, carrying criminal criminal penalties for lying, that any such number they put through be truthful and belong to the actual originating party of the call.

If you were to do this and at the same time hold carriers criminally responsible for accepting "foreign" calls that have originating numbers that violate the country code format of the originating nation, a software check they could easily implement, this problem would disappear instantly.

Of course there are "telco providers" (such as the SIP folks) that would scream about such a requirement -- but let's face reality here.  Enabling fraud as a business model makes you an accessory before the fact and recognizing that along with appropriate criminal sanction would go a long way to draining this swamp -- quickly and permanently.

Instead we "accept" a bunch of handwaving nonsense that comes from the FCC and various telcos.

View this entry with comments (registration required to post)
 

Main Navigation
MUST-READ Selection:
The CERTAIN Destruction Of Our Nation

Full-Text Search & Archives
Archive Access
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.