I am a big proponent of the SIP protocol, and have been weeping silently at its lackluster adoption for general Internet use while Skype attracts millions of users. So I have been following Gizmo pretty closely as they have a Skype kind of model with a SIP based infrastructure.
Well recently I have been playing with it with the usual ups and downs when I came upon this post on the Gizmo message boards.
I laughed myself silly, so I decided to share. I suspect Gizmo isn’t doing proper validation (or outright rewriting) of the SIP “from” header on inbound calls, which they probably translate into caller-id when it hits the public telephone network. It pains me to say it, but the hundred year old telco gets a lot of things right.
Other than that, I found a serious security hole in their system, but I’ll give them a chance to fix it before I post anything.