Interesting People mailing list archives
more on How we got it wrong on Calling-Number ID [RISKS] Risks Digest 24.05
From: David Farber <dave () farber net>
Date: Sun, 2 Oct 2005 18:23:00 -0400
Begin forwarded message: From: Brad Templeton <btm () templetons com> Date: October 2, 2005 6:07:54 PM EDT To: David Farber <dave () farber net> Cc: Ip Ip <ip () v2 listbox com>Subject: Re: [IP] How we got it wrong on Calling-Number ID [RISKS] Risks Digest 24.05
Unfortunately, just as caller-ID gets going, people are now learning it has no authentication. It's just a token passed along among providers, with no trust rules or contracts, and lots of people have accounts with providers that can provide fake caller id. Furthermore since theprotocol was not designed with any means to authenticate it, it's unlikely
to ever be authenticated. It's more like the From line of email.I met one fellow who runs around demonstrating to various voice mail providers who let you into your voice mail without a password if the caller-id matches the box owner how this allows any interested party into the mail box. Slowly
they are getting convinced to at least offer a passcode to the customer.This is a shame, in that there would be a lot of applications which could
be enabled by authenticated caller-id, not just quicker access to voice mail. Of course you would still want the option to not authenticate or be anonymous when desired. ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on How we got it wrong on Calling-Number ID [RISKS] Risks Digest 24.05 David Farber (Oct 02)
- <Possible follow-ups>
- more on How we got it wrong on Calling-Number ID [RISKS] Risks Digest 24.05 David Farber (Oct 02)