Moving quickly in network design

[Sean Donelan <sean () donelan com>]

http://www.washingtonpost.com/wp-dyn/articles/A34422-2003Aug22_2.html
> Jonathan Zittrain, a Harvard Law assistant professor. "Now one person
> really can change the world. But that's also what's terrifying."
>
> When hackers three decades ago found they could get free calls on pay
> phones using a toy whistle that mimicked the phone's network signals,
> they exploited the system's vulnerabilities in much the same manner as
> today's viruses, Zittrain said. Phone firms, though, were able to
> quickly change their network design. But the Internet is fundamentally a
> different type of technology.


Actually it took the telephone system over 30 years to convert from
multi-frequency (per-trunk) singaling to common channel interoffice
signaling.  The signaling standard has gone through a few versions and is
now known as SS7.  SS7 security isn't all its cracked up to be.

The Bell System lucked out because they had started development in the
1960's of new signaling methods not because of security, but because of
money.  Busy signals were tying up half the long distance lines in the US,
and in the old days Ma Bell didn't get paid for busy signals.  The
business case for developing CCIS was primarly driven by more efficient
(ie. more "paid" calls) use of the network, not security.

By the time Capt'n Crunch found his 2600Hz whistle in the early 1970's,
Ma Bell could "move quickly" (i.e. it still took several more years)
because it had spent a decade already working on CCIS.