Does your organization use caller I.D.as a form of security authentication?
If so, you run the risk of being labeled clueless! Think of the efficacy of such a policy as about on the same level with that post 9/11 airport ticket counter questioning about whether you packed your bags yourself and if you happen to be carrying anything bad.
“It is a trivial task to change your caller id these days to be any arbitrary value that you want. With the advent of widespread VOIP providers that actually let you do this explicitly, even the script kiddies can do this,” writes Paul Ryan in s ITXtreme blog on the InfoWorld site. “Those savvier folks can either reprogram their phone switch (with VOIP switches like the NBX 3000 from 3com at less than $2k these days), or program their Asterisk switch (open source — free) to present any caller ID you want to.”
Paul also makes the point that some cell carriers let you set your call ID to be somene’s cell number- but not necessarily your own.
“What does this mean? If you set your call ID to be somebody’s cell number, then dial that cell number, you get thrown into voicemail without any authentication,” Paul writes. “Wow. What a security problem.”
So please don’t use Caller ID as a form of authentication. Passwords aren’t totally secure either, but compared to Caller ID, we’re talkin’ the doors of Fort Knox.