Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam Over Internet Telephony (SPIT) to Come?

Posted by michael on from the argh dept.

grub writes "According to this article on NewScientist.com 'Spam and spim - spam by instant messenger -- are about to be joined by "spit" - spam over internet telephony' Yup, spam via VoIP."

22 of 194 comments (clear)

  1. Hah! by metlin · · Score: 4, Funny

    Aptly named SPIT, I see! ;-)

    Way to go.

    1. Re:Hah! by Anonymous Coward · · Score: 5, Funny

      What's next? SPam over Engineering Resource Management systems? I think we need some new terminology!

    2. Re:Hah! by Volmarias · · Score: 4, Insightful

      I have to say, this may end up turning out as a blessing in disguise. It's bad enough that most people have to deal with spam, but when you can effectively completely fuck a businesses telephony over anonymously and with little trouble, you'll end up seeing legislation. I guarentee you that.

      I'd love to see a bayesian filter for voice data.

  2. Why so surprised? by Kenja · · Score: 5, Insightful

    So long as enough people are responding to spam to make it profitable, if you build it they will spam it.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    1. Re:Why so surprised? by oGMo · · Score: 4, Interesting
      So long as enough people are responding to spam to make it profitable, if you build it they will spam it.

      I don't think that's how it works. I don't think anyone responds to your typical spam; rather, they harvest working emails and sell those to less-than-scrupulous companies. That's where the real profits are, so it doesn't matter if people respond or not.

      I could be wrong though.

      --

      Don't think of it as a flame---it's more like an argument that does 3d6 fire damage

    2. Re:Why so surprised? by TheOtherChimeraTwin · · Score: 4, Insightful
      And I think it works like this: the spammers sell spamming services to companies who think spam is a good way to sell services. As long as the spammers can sell services to somebody (even if doesn't work very well), there will be spam.

      Hint to spammers: You don't actually have to send out the spam, just say you do and pocket the money. Everyone will be happier. (Including your clients who mostly get a blackeye and aggrevation out of your services.)

    3. Re:Why so surprised? by Anonymous Coward · · Score: 4, Informative

      Real spammers get paid based upon click through/purchase rate. There is money to be made unfortunetly.

  3. Publicly behead spammers. by Anonymous Coward · · Score: 4, Funny

    You know it makes sense.

    1. Re:Publicly behead spammers. by hasdikarlsam · · Score: 4, Funny

      That would just cause more spam, you realize.

      "S33 A sPamner beh3aded! Your credit card here!"

  4. Names for tools? by ackthpt · · Score: 4, Funny

    Personal Telephoney Objectionable Object Immediate Eradication

    SPam Eradication Wirelessly

    Highly Unwanted Reduction Logic

    --

    A feeling of having made the same mistake before: Deja Foobar
  5. As somebody once said... by quigonn · · Score: 5, Funny

    When a media is used to send spam to other people it is alive and well. When it is used to transport pr0n it will have a prospective future.

    --
    A monkey is doing the real work for me.
  6. Its been said but it needs to be said again... by Anonymous Coward · · Score: 5, Funny

    I'm going to become rich when I invent a way to stab people in the face over the internet.

  7. Screening calls? by October_30th · · Score: 4, Informative
    I already screen my cellphone calls. If the caller ID is "unknown" (which is the case for most telemarketers) or if it is a foreign number that I don't recognize, I won't answer it.

    If telemarketers leaving voice mail becomes a problem, I'm sure that's quickly addressed by the service provider (=store no voice mail from abroad or from unknown numbers).

    --
    The owls are not what they seem
  8. Good luck by RCulpepper · · Score: 5, Funny

    Given that corporations are the biggest users of VoIP right now, and given that it takes a burning-bush level miracle to get in touch with a human person at most large corps, I imagine most of this will be computerized voices yammering at each other for minutes on end. "Thank you for calling Bank of America." A: "Free trial of Viagra, no commitments" B: "For information about your account, press one now."

    --
    Always a godfather; never a god. -Gore Vidal
  9. World Changing Development by contagious_d · · Score: 4, Funny

    Does this mean I will finally get telephone calls?

    --
    - /home is where the food is.
  10. Beep! Beep! Beep! by El · · Score: 5, Insightful
    Sorry, but my bullshit alarm is going off!

    He adds that viruses are also possible with VoIP. A virus sent to phones could be used to launch more spit or to bring together thousands of VoIP systems to launch denial-of-service attacks.

    Yeah, right, 'cause we always execute our voice mail messages!

    Also, how is spamming voice mail via VoIP any different than just calling everybody up POTS?!? This article sounds more like another company trying to promote their "solution in search of a problem." Here's a hint: if spammers spoof their caller id and figure out how to insert random variations in the outgoing messages, this system isn't going to work anyway!

    --

    "Freedom means freedom for everybody" -- Dick Cheney

  11. Question. by ScytheBlade1 · · Score: 5, Insightful

    Are you really that suprised?

    Read: telemarkerters.

    What do they stop at? Nothing.

  12. Not sure... by Karpe · · Score: 4, Interesting

    One of the biggest problem of spam is the inability to identify the source (and why so many people believe that solutions like SPF will help out).

    VoIP is end-to-end, so if someone starts "spitting" the network, he can easily be blocked.

    Of course, other solutions would be to have white lists for VoIP, but it is weird to think about white lists to telephony, since the idea is that anyone could reach anyone.

    I think dubious character companies will try to do it anyway for some time, but with time blocking will keep the problem to manageable levels.

  13. Re:Now Hear This.... by privaria · · Score: 4, Interesting

    From what I've read, blind people are more impacted by plain ol' email spam than anyone. It takes a lot more time for them to listen for a screen reader start reciting off the latest anatomical enlargement offer than it does for a sighted person from scanning the text and just hitting "delete."

  14. Breath People! by Amigori · · Score: 4, Insightful
    As the world becomes more and more connected and integrated, I find myself becoming more disconnected. Yes, I have my broadband connection and cell phone, but I can, and do, turn them off when I want to. The increased sense of urgency in the world of having to do everything by yesterday has only encouraged me to turn my electronics off. And its not like the world's going to end if you can't see the latest version of last nights sports scores, your friend can't call you a l00z3r on IM, or check the latest duplicate on /.; although maybe for some, it would.

    As for spit, I really don't plan on getting VoIP anytime soon as I'm satisfied by my POTS landline. Do I have to pay taxes on it, yes; so what? We pay taxes on everything, including VoIP indirectly. You might not have taxes on VoIP, yet, but I'll bet there are taxes and surcharges on your Cable/DSL bill. The article itself does not have much content past the rhetorical comments regarding growth and registries. And the moment that I get a virus on my telephone is the moment I dig out an old beige mechanical AT&T phone. Seriously, how many features does your household phone need? Caller ID, sure; Call Waiting, nah, if its important, they'll call back; voicemail, get an answering machine and save $5/mo.; etc.

    Take a deep breath people and realize that humans and our respected cultures have existed for thousands of years and by turning your electronic toys, at least for a few minutes, you might find peaceful relaxation or learn something that does not have power requirement.

    But what do I know, it seems the Slashdot audience lives behind the glow rather than under the sun, so I may be preaching to the wrong crowd. --Amigori

    --
    "The quality of life is determined by its activites."--Aristotle
  15. Not to worried.... by jemenake · · Score: 4, Interesting

    Fortunately, VoIP is young enough such that they could modify the protocols to nip this in the bud.

    Cryptographic solutions would probably be the first place to look. For example, suppose my phone will only look at incoming connections which are begun with some certificate signed by the VoIP service provider (Vonage, Skype, whatever). So, in order to be able to call me, your phone first contacts the provider, requests a certificate to connect to me, and the provider gives that to the phone, and then their phone uses that as credentials to get my phone to not ignore it. Then, all the service provider has to do is watch out for excessive numbers of connections coming from one customer.

    I wouldn't be surprised in the least if this isn't already built into the VoIP systems. After all, we've been trying for some time now to move email into the domain of cryptographic authentication (SPF is just an intermediate fix) to stop spam. So, we've known for a while that this is "the way to do it right", and we also know from the way e-mail is going that it's a major pain to try to change the system to use it after the system is already in place. So, I'd expect that they might already have this capability.

  16. No surprise, but let's get some tools by Frater+219 · · Score: 4, Informative
    Email systems developers have come up with a number of tools to reject email abuse:
    • Local access lists. Every serious SMTP MTA supports access control based on IP address, reverse DNS, attested address (HELO), and so forth.
    • DNSBLs and other sorts of published blocklists. A DNSBL is nothing but a site's IP-address access list, published over the DNS so that others can use it.
    • Protocol enforcement techniques such as greylisting. Greylisting tests that the sending host is willing to make the effort of retransmitting, as required by the protocol.
    • Content filtering. Even a server-side antivirus program is a content filter; much more so the statistical filters often used today.
    • Multi-site statistical tools. Vernon Schryver's DCC and Vipul's Razor come to mind.
    • Traffic limiting. ISPs can restrict the number of SMTP messages a host can send per day or hour.

    Many of these techniques can be adapted to VoIP systems. I am surprised that SER and Asterisk do not already support DNSBLs -- even if there is no call for them yet, we will certainly need published lists of abusive hosts or networks within a few years.

    The flexibility with which one can express access restrictions is an important part of any system's security. My workplace is just starting a VoIP deployment. I want to be able to say things like:

    • No single outside host may make calls to more than 50 different destinations in a day.
    • No host may send more than ten pending SIP invites at any time. (Prevent predictive dialing!)
    • No host may send SIP IMs to more than 20 addresses in the same minute.
    • After an inbound call is completed, the recipient can dial *666 on our Asterisk PBX to report it as an abusive call. If five different addresses report abusive calls from the same originator, that originator is flagged and blocked for 24 hours.