john@zygot.ati.com (John Higdon) (02/20/90)
Today's San Jose Merkier carried an article in the business section
about voice mail and the people who break in to voice mail systems. It
was pointed out that a common "hacker" activity today was to break in
and commandier blocks of voice mail boxes for such things as drug
sales and other illegal activities. Also, those interested in
espionage will break in to active mail boxes and find out surprising
things.
The long and the short of the message was to users of voice mail: use
the security built in to your system. Don't leave unused boxes in the
system activated. Don't use weenie security codes for boxes (like four
digits) or particularly for the system administrator's password.
Examine the activity reports, particularly the activity in the late
afternoon (when kids get out of school) and in the evenings. Have
mailboxes lockout after a small number of unsuccessful access
attempts. Use ANI on your 800 numbers (if used on your system) to
track abusers.
The article pointed out that major users of voice mail are now using
all of these anti-hacker techniques, but smaller users don't seem to
feel the need. This would also apply to answering machines. Most of
the current crop have "security" that is laughable. Two digits would
hardly deter even the most casual hacker. The real annoyance is when
the hacker changes your outgoing announcement.
One would hope that answering machines would start appearing on the
market that have some measure of real security for the user.
John Higdon | P. O. Box 7648 | +1 408 723 1395
john@zygot.ati.com | San Jose, CA 95150 | M o o !
[Moderator's Note: I use Voicemail from Centel, the little suburban
telco here. And I certainly agree with you that their 'security' is
laughable. All unassigned boxes have the same default four digit
passcode, pending the box being sold to someone. Really, anyone with
some knowledge of how these things work could take over many idle
boxes -- maybe this has already been done. And their knowledge of how
to program the system, i.e. partition the boxes for people who have a
'front end' and several branch-boxes is poor. The documentation they
sent me was skimpy and I learned it mostly from trial and error. David
Tamkin also uses this system (he introduced me to it), and perhaps he
will comment. The prices are okay. For five bucks a month, anyone out
there want a voicemail box in area 708? Centel will set it up with a
miscellaneous billing account. Phone 708-518-6000 for details. PT]