<div dir="ltr"><div class="gmail_default" style="font-family:comic sans ms,sans-serif">ABSOLUTELY!!!!<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Apr 23, 2016 at 9:28 AM, Hiers, David <span dir="ltr"><<a href="mailto:David.Hiers@cdk.com" target="_blank">David.Hiers@cdk.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">People tend forget the existence and benefit of physical and administrative security controls until they disable them.  Sure, they are an expensive speedbump
 at times, but you can’t hack what you can’t touch.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">David<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> VoiceOps [mailto:<a href="mailto:voiceops-bounces@voiceops.org" target="_blank">voiceops-bounces@voiceops.org</a>]
<b>On Behalf Of </b>Mike Ray, MBA, CNE, CTE<br>
<b>Sent:</b> Friday, April 22, 2016 11:28<br>
<b>To:</b> <a href="mailto:voiceops@voiceops.org" target="_blank">voiceops@voiceops.org</a><br>
<b>Subject:</b> Re: [VoiceOps] SS7<u></u><u></u></span></p>
</div>
</div><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">It seems to me that this SS7 vulnerability issue is just the latest result of all of the de-regulation that’s been going on for the past… two decades or so. 
 There was a time that you could not buy commercial access to the SS7 network; to get that access you had to be a real carrier.  Also, back at that time, inter-company SS7 signalling could only occur on established, ordered signaling routes where both parties
 placed an order to open the route between them.  Therefore, this would not have been possible back then because the carrier would not have ordered a route to the hacker’s point code(s) and it therefore would not exist.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">If I am a US local carrier in 2001, I have no need to order a signaling route to a German carrier either so even the hacker having full access to a German carrier’s
 network would not compromise my network. (in response to the nation-state issue)  To get a call to Germany, I signal to the access tandem or IXC switch I’ve chosen to interconnect with in the US and that switch signals upstream, etc.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">If we were not on this path of de-regulation where whatever makes commercial sense for one company can open up the whole SS7 network to un-trusted parties, we
 likely wouldn’t be here.  At some point, a decision was made somewhere to allow this loosy-goosy inter-company signaling over the SS7 network between two point codes that would not, under the original implementation of SS7, be able to talk to each other in
 the first place.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">If the drumbeat of “solve everything with IP!” continues, I hope that at least it gets solved by establishing something close to what the VPF was supposed to
 be, and not just a general dumping of all voice traffic across the internet between carriers.  That certainly wouldn’t bode well for reliability or security.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Mike<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Mike Ray, MBA, CNE, CTE<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Astro Companies, LLC<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">11523 Palm Brush Trail #401<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Lakewood Ranch, FL  34202<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">DIRECT: call or text <a href="tel:941%20600-0207" value="+19416000207" target="_blank">941 600-0207</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__www.astrocompanies.com&d=CwMFaQ&c=N13-TaG7c-EYAiUNohBk74oLRjUiBTwVm-KSnr4bPSc&r=-GzOCp0ppLaBQPFaZ7lZ4bUUBQxpFBukitRP75oaRdQ&m=K-8CAmdREf2wOzrczAmJFVezGkW7Xaf8hyrWjWDWZTM&s=3qAav7xK7z7Y9z78Wz6C13xGAsE6OybjLD3yoSCDCMw&e=" target="_blank"><span style="color:#0563c1">http://www.astrocompanies.com</span></a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> VoiceOps [<a href="mailto:voiceops-bounces@voiceops.org" target="_blank">mailto:voiceops-bounces@voiceops.org</a>]
<b>On Behalf Of </b>Dan York<br>
<b>Sent:</b> Thursday, April 21, 2016 3:45 PM<br>
<b>To:</b> Kidd Filby <<a href="mailto:kiddfilby@gmail.com" target="_blank">kiddfilby@gmail.com</a>><br>
<b>Cc:</b> <a href="mailto:voiceops@voiceops.org" target="_blank">voiceops@voiceops.org</a><br>
<b>Subject:</b> Re: [VoiceOps] SS7<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">This is generally true if the calls are *unencrypted* on VoIP... <u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Thu, Apr 21, 2016 at 2:20 PM, Kidd Filby <<a href="mailto:kiddfilby@gmail.com" target="_blank">kiddfilby@gmail.com</a>> wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Comic Sans MS""><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Comic Sans MS"">Also folks, don't forget, the same outcome of recording someone's call is MUCH easier to accomplish once it is VoIP.  IMHO, of course.  ;-)<u></u><u></u></span></p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">... BUT... what's fascinating is the recent rise in end-to-end (e2e) encryption among IP-based communications platforms that include voice.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">WhatsApp, for instance, just completed the rollout of e2e encryption on April 5, and not just for messaging, but also for voice and video calls as well as file transfers (
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__blog.whatsapp.com_10000618_end-2Dto-2Dend-2Dencryption&d=CwMFaQ&c=N13-TaG7c-EYAiUNohBk74oLRjUiBTwVm-KSnr4bPSc&r=-GzOCp0ppLaBQPFaZ7lZ4bUUBQxpFBukitRP75oaRdQ&m=K-8CAmdREf2wOzrczAmJFVezGkW7Xaf8hyrWjWDWZTM&s=NXBMKUweqEyjsPnLdKiYN2dxhQ18iIhqv6gKxWa8RwM&e=" target="_blank">
https://blog.whatsapp.com/10000618/end-to-end-encryption</a> ).  Just yesterday the team behind Viber announced that they will soon have e2e encryption for all clients.  The app Wire (
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__wire.com&d=CwMFaQ&c=N13-TaG7c-EYAiUNohBk74oLRjUiBTwVm-KSnr4bPSc&r=-GzOCp0ppLaBQPFaZ7lZ4bUUBQxpFBukitRP75oaRdQ&m=K-8CAmdREf2wOzrczAmJFVezGkW7Xaf8hyrWjWDWZTM&s=s0P24iUsIb4FU2rZ9YaaIn1gsVb6jA2Oeu0YoEDq6y0&e=" target="_blank">
http://wire.com</a> ) also does e2e encryption for voice, video and group chats.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">In a US Congress hearing this week, a Congressman asked a Dept of Homeland Security representative if e2e encryption available in apps would have prevented this interception that happened via SS7. The DHS answer was that it would mitigate
 the interception of the content, although the location meta-data would still be available.  (You can view the exchange via the link in this tweet: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_csoghoian_status_722854012567969794&d=CwMFaQ&c=N13-TaG7c-EYAiUNohBk74oLRjUiBTwVm-KSnr4bPSc&r=-GzOCp0ppLaBQPFaZ7lZ4bUUBQxpFBukitRP75oaRdQ&m=K-8CAmdREf2wOzrczAmJFVezGkW7Xaf8hyrWjWDWZTM&s=UJf4zA4kmH2CF_OG1ESNYtGC_6hytXx1oxXRCaijN3M&e=" target="_blank">https://twitter.com/csoghoian/status/722854012567969794</a>
 )<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">The end result is that we're definitely moving to a space where the communication over IP-based solutions will wind up being far more secure than what we had before.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Interesting times,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Dan<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal">-- <u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#888888"><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#888888">Dan York<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#888888"><a href="mailto:dyork@lodestar2.com" target="_blank"><span style="color:#0000cc">dyork@lodestar2.com</span></a>  <a href="tel:%2B1-802-735-1624" value="+18027351624" target="_blank">+1-802-735-1624</a>   Skype:danyork<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#888888">My writing ->
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__www.danyork.me_&d=CwMFaQ&c=N13-TaG7c-EYAiUNohBk74oLRjUiBTwVm-KSnr4bPSc&r=-GzOCp0ppLaBQPFaZ7lZ4bUUBQxpFBukitRP75oaRdQ&m=K-8CAmdREf2wOzrczAmJFVezGkW7Xaf8hyrWjWDWZTM&s=1tJ3a90UREz7qDElplqt-_ZCxGSIQM13CbKJzTWGQJM&e=" target="_blank">
http://www.danyork.me/</a><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#888888"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__www.danyork.com_&d=CwMFaQ&c=N13-TaG7c-EYAiUNohBk74oLRjUiBTwVm-KSnr4bPSc&r=-GzOCp0ppLaBQPFaZ7lZ4bUUBQxpFBukitRP75oaRdQ&m=K-8CAmdREf2wOzrczAmJFVezGkW7Xaf8hyrWjWDWZTM&s=kSavjgKqquFSm8Dkxir_Loji91imTbDbGoi84xbo6ok&e=" target="_blank"><span style="color:#0000cc">http://www.danyork.com/</span></a><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#888888">http://<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__twitter.com_danyork&d=CwMFaQ&c=N13-TaG7c-EYAiUNohBk74oLRjUiBTwVm-KSnr4bPSc&r=-GzOCp0ppLaBQPFaZ7lZ4bUUBQxpFBukitRP75oaRdQ&m=K-8CAmdREf2wOzrczAmJFVezGkW7Xaf8hyrWjWDWZTM&s=xbVyAccZCDshp_g-4GjTTTbCxLtHE4qF4JCEM9YlwAM&e=" target="_blank"><span style="color:#0000cc">twitter.com/danyork</span></a><u></u><u></u></span></p>
</div>
</div>
</div>
</div>
</div></div></div>

<hr>This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.<br>
</div>

<br>_______________________________________________<br>
VoiceOps mailing list<br>
<a href="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr">Kidd Filby<br>661.557.5640 (C)<br><a href="http://www.linkedin.com/in/kiddfilby" title="View public profile" name="UNIQUE_ID_SafeHtmlFilter_SafeHtmlFilter_webProfileURL" target="_blank">http://www.linkedin.com/in/kiddfilby</a><br></div></div>
</div>