1996-05-29 - Re: Notes from the SF Physical Cypherpunks meeting

Header Data

From: Adam Shostack <adam@lighthouse.homeport.org>
To: minow@apple.com (Martin Minow)
Message Hash: cbcedf5ad6ad05bc4dc26d5ab144e0f9d7b1f0882e97e4d75bf0310794cc43bc
Message ID: <199605291533.KAA09610@homeport.org>
Reply To: <v02140b04adbdbf22398d@[17.202.12.102]>
UTC Datetime: 1996-05-29 19:00:46 UTC
Raw Date: Thu, 30 May 1996 03:00:46 +0800

Raw message

From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Thu, 30 May 1996 03:00:46 +0800
To: minow@apple.com (Martin Minow)
Subject: Re: Notes from the SF Physical Cypherpunks meeting
In-Reply-To: <v02140b04adbdbf22398d@[17.202.12.102]>
Message-ID: <199605291533.KAA09610@homeport.org>
MIME-Version: 1.0
Content-Type: text



Dial-back does not add security to a system, and in fact, often
reduces system security.

	Dial back takes responsibility for authentication from your
system (where it belongs), and transfers it to the phone company.
Telco switches have a long history of being comprimised.  Assuming a
telco switch gets back to the right number when you're under attack is
bogus.

	Relying on an external system like this is evidence of shoddy
thinking about security issues.  That should have been obvious in the
mid 70's, when telcos knew that their switches were being abused by
phreaks.

Adam

(playing catch-up, but this is a pet peeve.)

Martin Minow wrote:

| For example, the initial Swedish implementation of a national
| criminal database in the mid 1970's (equivalent to the US NCIC) used
| dialback telexes to prevent unauthorized (and untracked) access.
| A recent newspaper article noted that some police officers were
| being investigated for unauthorized access to the personal information
| of a collegue who had complained of sexual harassment.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






Thread