[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Notes from the SF Physical Cypherpunks meeting
Dial-back does not add security to a system, and in fact, often
reduces system security.
Dial back takes responsibility for authentication from your
system (where it belongs), and transfers it to the phone company.
Telco switches have a long history of being comprimised. Assuming a
telco switch gets back to the right number when you're under attack is
bogus.
Relying on an external system like this is evidence of shoddy
thinking about security issues. That should have been obvious in the
mid 70's, when telcos knew that their switches were being abused by
phreaks.
Adam
(playing catch-up, but this is a pet peeve.)
Martin Minow wrote:
| For example, the initial Swedish implementation of a national
| criminal database in the mid 1970's (equivalent to the US NCIC) used
| dialback telexes to prevent unauthorized (and untracked) access.
| A recent newspaper article noted that some police officers were
| being investigated for unauthorized access to the personal information
| of a collegue who had complained of sexual harassment.
--
"It is seldom that liberty of any kind is lost all at once."
-Hume