[AusNOG] Optus Hack

Giles Pollock glp71s at gmail.com
Wed Sep 28 14:00:34 AEST 2022 

Voice print identification works fine until you have a cold... Or someone
who happens to have a near identical voice (eg identical twins).

What I'd like to see is something akin to a confidence/suspicion score for
identity verification that could draw from a wide variety of verification
means, whether it be push notification via government ID confirmation app
on phone (with biometrics on the device), voiceprint, password, TOTP and so
on. Similarly the suspicion score could draw from information such as
whether the call is originating from the expected source caller ID(s),
whether the person sounds the same as previous calls, did they provide a
valid verification or not and so on. Such things could be done without
necessarily validating to the caller whether any one single detail (such as
a birthdate) was necessarily correct or not too.

It's a hard problem to solve unfortunately, because it ties back to the age
old question of "Are you who you say you are?" which even in pre-internet
and pre-telephony times was a challenge mostly met by human verification
and glorified trust...

On Wed, Sep 28, 2022 at 1:48 PM Martin Visser <martinvisser99 at gmail.com>
wrote:

>
>
> On Wed, 28 Sept 2022 at 12:40, Narelle Clark <narellec at gmail.com> wrote:
>
>>
>> On Wed, 28 Sept 2022 at 12:23, DaZZa <dazzagibbs at gmail.com> wrote:
>>
>>>
>>> I flat out refuse to give them any information. My standard response is
>>> "Give me your name, switchboard number and extension and I'll call you
>>> back".
>>>
>>
>> Err no, you want to call them back on their listed number or the one
>> provided on your Official Correspondence From Them You Know To Be True.
>>
>
> And of course you will still be expected to provide the
> identifying information when you can call them back (because as
> everyone knows CALLER-ID can't be trusted).
>
> I guess the other option is voice print identification ...
>
> Regards. Martin
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> https://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ausnog.net/pipermail/ausnog/attachments/20220928/64951917/attachment.htm>

More information about the AusNOG mailing list