Some people think technology has the answers. For example, they trust the public telephone network, but I’ll show you what I mean.
(Kevin then asked me for my cell phone number and took out his phone — “It’s just an ordinary Nokia,” he explained. He tapped in some numbers and then asked me what number I would like to have call me. I told him 212-555-1212 — New York City’s information number — he tapped in a few more numbers and my phone rang. The caller Id showed 212-555-1212 was calling me. I answered; it was Kevin.)
It’s a little XML script I wrote. The point is, if you think that’s your office calling because even though you don’t recognize the voice (“it’s the new guy – today’s my first day”) it’s their phone number on the caller Id, think again. If you have a system that authenticates incoming [computer] connections via caller ID, I suggest you use something else.
An Hour with Kevin Mitnick, Part 2: Page 2
We conclude our talk with Kevin Mitnick as he provides a glimpse into the mindset of a hacker, discusses attitudes toward security spending and gives author Vince Barnes (and everyone else) a reason to think twice before taking caller ID at face value.
by Vince Barnes
(2004)
http://www.esecurityplanet.com/trends/article.php/11164_3337141_2/An-Hour-with-Kevin-Mitnick-Part-2.htm