Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!decwrl!labrea!rutgers!im4u!woton!riddle
From: riddle@woton.UUCP (Prentiss Riddle )
Newsgroups: comp.sys.att
Subject: Telephone numbers and security
Message-ID: <941@woton.UUCP>
Date: Tue, 3-Nov-87 12:53:05 EST
Article-I.D.: woton.941
Posted: Tue Nov  3 12:53:05 1987
Date-Received: Sat, 7-Nov-87 09:13:26 EST
References: <221@safari.UUCP>
Organization: Shriners Burns Institute, Galveston
Lines: 17
Summary: Was: LOGFILE & SPOOLDIR permissions
Mist-Creature: "Bob"


In article <221@safari.UUCP>, dave@safari.UUCP (dave munroe) writes:
> I notice that with 3.5, LOGFILE now shows the phone numbers of dialed
> systems.  How much of a security problem is this?

It's a pretty severe security problem in an institutional environment
such as ours, where phone numbers are likely to include long distance
access codes which *must* be kept private. 

A similar problem which we have identified but not fixed is related to
phone numbers used by the phone manager.  Not only should users' phone
directories default to being read-protected, but the way the CTRL-F2
"Call" function key works is a misfeature: it dumps you into the last
call screen used, which may be that of another user! 

--- Prentiss Riddle ("Aprendiz de todo, maestro de nada.")
--- Opinions expressed are not necessarily those of Shriners Burns Institute.
--- riddle@woton.UUCP  {ihnp4,harvard}!ut-sally!im4u!woton!riddle