MegaZone (zonereyrie) wrote,

  • Mood:
  • Music:

Don't trust Caller ID too much

Bruce Schneier reports on Caller ID Spoofing.

I knew it was possible to do, but I didn't know it had gotten so easy to do. The security implications for companies that use CID as a verification system are major. I know several of my credit card companies use it to activate new cards, without asking for any other credentials - no PIN, nada. Steal a new card, spoof the CID, and you have an active card. If you have any kind of access system that can use CID with an optional PIN - use the PIN.
Tags: geek, security
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded