I have the equivalent service from one of the SBC companies. They call it privacy manager. A couple of comments inline. I apologize for the large reply quote count. Ken Williams ----- Original Message ----- From: "Mike Smith" <msmithat_private> To: <vuln-devat_private> Sent: Tuesday, May 28, 2002 4:22 PM Subject: RE: Verizon Call Intercept > > The Call Intercept service from Verizon (and > > possibly others) is supposed to screen callers > > that withhold their callerid or don't have one > > because they're out of area etc.... A recorded > > voice invites them to leave their name, then puts > > them on hold while it contacts the number with call > > intercept. They either accept the call or they don't. > > I tried this service and found it to have a lot of practical problems. > > 1) It just asks for a name, records whatever they say, then rings through to replay the recording to you. That means (a) there's no guarantee you'll get the person's actual identity; (b) you're still disturbed by the phone ringing; and (c) you still have to pick up to find out who it is! Kinda defeats the whole purpose of the service. While this is true one of the greatest benefits I find is that I no longer get those annoying calls from computerized dialers because the dialer does not understand how to break through to ring my phone. In addition once you pick up the phone you have choices. 1. accept the call based on the ID 2. send it to voicemail 3. reject it outright with a we don't take telemarketing call announcement > > 2) Some people mistake the name prompt for an answering machine, so they leave a message, then hang up. Since they've hung up, the call never rings through, and their message isn't saved anywhere. The caller thinks you got their message, but you're unaware they ever called! I lost out on a job interview once because of this. If they listen to the messages it tells them what is happening > > Getting back to the security side of things, the service description says it allows the use of a 4-digit PIN to break through. Do we know whether it really enforces the 4-digit length? Maybe people are choosing null or single-digit PINs. Or perhaps if you choose "0000" as your PIN, mashing the "0" key long enough might be interpreted as 4 0's instead of one long one. The pin on my service is at least 10 digits in fact they recommend assigning the pin as the callers real phone number so it is easy to recognize > > If I still had the service, I'd experiment with blue-boxing it or something, but I've already cancelled it for the practical reasons mentioned above. fooling the service probably could be done but in the end if I answered and discovered I was fooled I would mearky accomplish the same thing by hanging up. > > Mike Smith > <www.netlocksmith.com> > >
This archive was generated by hypermail 2b30 : Tue May 28 2002 - 18:25:49 PDT