Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!accuvax.nwu.edu!nucsrl!telecom-request From: Randal Schwartz Newsgroups: comp.dcom.telecom Subject: Re: Answering Machine Messages Message-ID: <11620@accuvax.nwu.edu> Date: 1 Sep 90 07:26:07 GMT Sender: news@accuvax.nwu.edu Reply-To: Randal Schwartz Organization: Stonehenge; netaccess via Intel, Beaverton, Oregon, USA Lines: 38 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 10, Issue 613, Message 7 of 7 In article <11589@accuvax.nwu.edu>, wagner@utoday (Mitch Wagner) writes: | I notice most people have just their first name, or even just "You | have reached 555-1212." This is, I think, so people don't give out | information that can be used to take advantage of them. | But, what information is that? "Gosh, you know my full name! Here's my | car keys!" Is there an actual reason for withholding this information? | Or is it just one of those paranoid, half-baked Krimestopper Tips that | makes just enough sense on he surface to keep people from questioning | it? Presume I'm a bad guy (I've been called that before, but you probably shouldn't know that :-). I am calling my friend. I misdial. I hear your message. If you're female, and I'm into harrassing, I wanna know what number I dialed so I can look it up again, and harrass you later when you are home (sexist comment intended ... there are probably other combinations too). If I'm a thief, I now know you probably aren't home, so I can look up your address in the book, and rob you. Basically, if I've looked you up in the book in the first place (or I'm already in an ongoing interaction with you), I *know* who I've called, so your message should just confirm it (with the minimum information possible). If I *don't* know who I've called, there's no point in filling me in, from a security standpoint. (Are there any other uses for ID besides these two? Write me if there are ... I'm trying to keep up on pop security issues.) Just another security weenie, Randal L. Schwartz, Stonehenge Consulting Services (503)777-0095 on contract to Intel's iWarp project, Beaverton, Oregon, USA, Sol III merlyn@iwarp.intel.com ...!any-MX-mailer-like-uunet!iwarp.intel.com!merlyn