Date: Mon, 10 Aug 92 17:37 PDT
From: john@ZYGOT.ATI.COM(John Higdon)
Subject: File 3--Bell System Policies (John's Response 1)

jmcarli@SRV.PACBELL.COM(Jerry M. Carlin) writes:

[Lots of stuff about how Bellcore and Pac*Bell give major lip service
to security.]

But the truth of the matter is that while Bellcore may have written a
book on the matter of security, it apparently forgot to read it. Even
to this day, it is more or less a trivial matter for a knowledgeable
person to get into things he shouldn't.

If you want to have a good horse laugh, you should read the COSMOS
training manual.  This system WAS so full of holes that you could
literally set up your own phone company using Pac*Bell's network with
the company becoming none the wiser.

This has been tightened up somewhat. And how did it get tightened up?
Go down to the LA area sometime and pull the microfilm on the LA Times
and the Orange County Register and see the pictures of the evil
desperados (a bunch of sixteen year old kids) who easily penetrated
Pac*Bell and set up all manner of telephonic conveniences for
themselves using COSMOS. This took place in the mid-eighties. Pac*Bell
should have been exceedingly embarrassed.

> Is all of this enough? Well, that is another argument but I hope it's
> clear that Bellcore and Pacbell (and the other RBOCS) are "doing
> something".

Dialups into CO switches used to have no password protection
whatsoever. Now they do. That's a start, folks. So you are now
thinking about security? Good for you. It is about time. Why has it
taken so long?

Downloaded From P-80 International Information Systems 304-744-2253