john@zygot.ati.com (John Higdon) (02/20/90)
Today's San Jose Merkier carried an article in the business section about voice mail and the people who break in to voice mail systems. It was pointed out that a common "hacker" activity today was to break in and commandier blocks of voice mail boxes for such things as drug sales and other illegal activities. Also, those interested in espionage will break in to active mail boxes and find out surprising things. The long and the short of the message was to users of voice mail: use the security built in to your system. Don't leave unused boxes in the system activated. Don't use weenie security codes for boxes (like four digits) or particularly for the system administrator's password. Examine the activity reports, particularly the activity in the late afternoon (when kids get out of school) and in the evenings. Have mailboxes lockout after a small number of unsuccessful access attempts. Use ANI on your 800 numbers (if used on your system) to track abusers. The article pointed out that major users of voice mail are now using all of these anti-hacker techniques, but smaller users don't seem to feel the need. This would also apply to answering machines. Most of the current crop have "security" that is laughable. Two digits would hardly deter even the most casual hacker. The real annoyance is when the hacker changes your outgoing announcement. One would hope that answering machines would start appearing on the market that have some measure of real security for the user. John Higdon | P. O. Box 7648 | +1 408 723 1395 john@zygot.ati.com | San Jose, CA 95150 | M o o ! [Moderator's Note: I use Voicemail from Centel, the little suburban telco here. And I certainly agree with you that their 'security' is laughable. All unassigned boxes have the same default four digit passcode, pending the box being sold to someone. Really, anyone with some knowledge of how these things work could take over many idle boxes -- maybe this has already been done. And their knowledge of how to program the system, i.e. partition the boxes for people who have a 'front end' and several branch-boxes is poor. The documentation they sent me was skimpy and I learned it mostly from trial and error. David Tamkin also uses this system (he introduced me to it), and perhaps he will comment. The prices are okay. For five bucks a month, anyone out there want a voicemail box in area 708? Centel will set it up with a miscellaneous billing account. Phone 708-518-6000 for details. PT]