In another misguided attempt to stop some dubious behavior, the House of Representatives is trying to outlaw caller ID spoofing. This is another example of legislation that will not achieve the desired outcome (i.e. getting the baddies to stop using spoofing techniques in their social engineering games), and could possibly hurt unsuspecting companies.
Why? It is a trivial task to change your caller id these days to be any arbitrary value that you want. With the advent of widespread VOIP providers that actually let you do this explicitly, even the script kiddies can do this. Those savvier folks can either reprogram their phone switch (with VOIP switches like the NBX 3000 from 3com at less than $2k these days), or program their Asterisk switch (open source -- free) to present any caller ID you want to.
Caller ID should never be used as a form of security. For example, there is a HUGE security loophole for most people's cell phone voicemail. I've tested both Cingular and T-Mobile -- both of these providers at least in southern California use caller ID as an authentication mechanism for voicemail. What does this mean? If you set your call ID to be somebody's cell number, then dial that cell number, you get thrown into voicemail without any authentication. Wow. What a security problem. The easy work-around is to put a password on your cell phone voice mail (how many of us do that?)
My point is that the easier the work-around/hack to let you do something, the more silly/infeasible/stupid a legal remedy becomes. It's reminds me of the issues with copyright and shared music -- if the workaround is trivial, then the legal remedy is foolish and irrelevant (but more on that for a later entry).
The danger here is that certain company practices might fall afoul of this new law. Say, for example, that I am selling products to people in San Diego. I might want the caller ID presentation to my company's outbound calls to be a local San Diego number (that forwards to the main company number). Is this spoofing? Who knows? With telephony advances (and commoditzation of 800 numbers and local number call forwarding), these types of practices will become more common. They are beneficial to the consumer/customer (they get to call a local number), as well as the business (you have a local presence).
So stop using caller id for any form of security authentication, and put a password on your cell voicemail. And merely use caller ID as a suggested number that you might call back on. You've been warned.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Careers Resource Alerts
Recommend This
