eli@eecs.nwu.edu (07/17/89)
US Sprint has probably the most advanced code-abuse detection system in the telecom industry, if I can believe my friend who works there. He has described the system which 'caught' Mr. Fisk, the telecom reader who complained that his account was pulled without warning. As Mr. Fisk said, Sprint tried to contact him to determine what the deal was with his card. Patrick, I think you are being a bit harsh on US Sprint. They have to do something to stop the code abuse that goes on. One of their major problem areas is Port Authority and Grand Central Station in NY. Certain individuals look over the shoulder of people using calling cards, and then sell the calling card number to anyone who happens by. US Sprint's solution to this was to disable all FONCard access from Port Authority. I'm not sure if this is still the case... One time my friend travelled to Boston to work with one of their larger customers who had been experiencing code abuse. People had been dialing in to the customer's PBX and dialing out on a US Sprint WATS line. Nearly a hundred thousand dollars worth of calls to Haiti had been spent. Naturally, Sprint did not charge the customer for any of these calls. The phone bill for one month during the customer's "code-abuse" problem period was more than a foot thick! -- Steve Elias -- eli@spdcc.com, eli@chipcom.com [mail to chipcom.chipcom.com bounces!] -- voice mail: 617 859 1389 -- work phone: 617 890 6844
tanner@bikini.cis.ufl.edu (Dr. T. Andrews) (07/19/89)
There are two primary classes of security violation:
(a) unauthorized use of resources
(b) denial of service
It sounds like US Sprint doesn't want to wait for electronic
burglars to arrange for (b); their own "security" system will
assure it instead!
For their sake, I am glad that their customers are so tolerant.
It surely saves the president much unhappy mail saying "cancel
account account of lousy parody of service."
--
...!bikini.cis.ufl.edu!ki4pv!tanner ...!bpa!cdin-1!ki4pv!tanner
or... {allegra attctc gatech!uflorida uunet!cdin-1}!ki4pv!tannerben@sybase.com (ben ullrich) (07/20/89)
chipcom.com!eli@eecs.nwu.edu writes: > One time my friend travelled to Boston to work with one of their larger > customers who had been experiencing code abuse. People had been dialing > in to the customer's PBX and dialing out on a US Sprint WATS line. > Nearly a hundred thousand dollars worth of calls to Haiti had been spent. > Naturally, Sprint did not charge the customer for any of these calls. That's interesting. I would think that since the offenders had broken into the PBX to make the calls, Sprint wouldn't be at fault, and wouldn't pay. Whomever manages that PBX should shell out! I guess it was thus a goodwill gesture. This is also interesting to me, considering the war I had with Sprint trying to get them to credit us for $16 in calls someone had made to one of our *outgoing* PBX trunks without a PIN number, without true authorization. My brian-dead Sprint rep said that it is normal practice for their operators (and ``everyone else does it'') to just take a phone number and charge a call to it. No ringing the 3rd number, no nothing. For if they had done this in this case, the number would never have answered (incoming numbers don't get answered by our switch.) Not to just badmouth Sprint or anything; I think they have a nice network and decent prices. But the reps in my area are just too much (really too little ...), and they didn't pay enough attention to our needs for the $14K per month we were giving them. ...ben ---- ben ullrich consider my words disclaimed,if you consider them at all sybase, inc., emeryville, ca +1 (415) 596 - 3500 this space for rent ben@sybase.com {pyramid,pacbell,sun,lll-tis}!sybase!ben