I’ll be the first to admit when I’m wrong. For one of the first chapters in the book, I wrote a post talking about how dumb companies were for not investing in caller i.d. in order to prevent these social engineering scams. Well I now learned from this chapter that these “phone-phreeks” as their called, can program the caller i.d. to show whatever number they want it to. So if they call you claiming to be President Bush, your caller i.d. will show the call coming from the White House which is pretty scary. So ignore what I said in my previous post, caller i.d. will not help.
Mitnick explains later on in the chapter that there is a service called ANI which is a lot more reliable than caller i.d. However in my opinion it is only a matter of time before someone figures out how to manipulate that as well. Before reading this book I never knew that it was possible to manipulate the phone company in so many ways. What I have learned so far is that pretty much nothing that you hear or see can be verified 100% All you can do as a manager is train your employees the best you can for basic security operations and show them plenty of examples such as the ones in this book.
1 comment:
I like you thoughts, but I find your blog hard to read because of the back ground color and lack of enough contrast. Nothing personal, but this will be my first and last comment on your blog.
Post a Comment