Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!mips!pacbell.com!lll-winken!telecom-request From: foz@ihlpf.att.com (William F Thompson) Newsgroups: comp.dcom.telecom Subject: Re: AT&T's Call Manager: Security Problem? Message-ID: Date: 13 May 91 22:09:52 GMT Sender: Telecom@eecs.nwu.edu Organization: Tex and Edna Boil's Prairie Warehouse and Curio Emporium Lines: 26 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 11, Issue 356, Message 1 of 12 From article , by 0003829147@mcimail. com (Sander J. Rabinowitz): > First of all, I think it's good that AT&T is doing this, and I plan to > use the service myself. Having said that, however ... isn't there a > security problem that arises whenever 15xx can be substituted for a > valid calling card number? I would hope AT&T has a way of blocking > this particular service for people who so request it ... indeed, it > would seem blocking would become mandatory in certain situations (ie., > public telephones, COCOTS). > [Moderator's Note: I beleive it is blocked from payphones, but I don't > know about COCOTS. It would be interesting to find out how it responds > to 10288 plus calling from a COCOT. PAT] Well, since I worked on the feature, I'll respond. A customer can only use the 15XXXX code from a non-coin, non-hotel sent-paid phone, such as a residence or a business. It shouldn't work from a COCOT since those trunks are marked as coin. By the way, you can enter up to four digits after the 15 (and the 15 is changeable). Just thought you'd like to know. Bill Thompson att!ihlpf!foz