Last Updated on July 4, 2018 by Dave Farquhar
This week Cnet interviewed Phil Lapsley, the author of Exploding the Phone, a book about the early history of phone phreaking.
Phone phreaking is absolutely fair game for the CISSP exam. I couldn’t tell you anymore how many phone phreaking questions I had to answer, but let me just say I’m glad I’d read those pages in the CBK about phone phreaking.
I wouldn’t say this 416-page book is necessary to answer the questions about phone phreaking that you’ll see on the exam–let’s face it, with all of the security issues out there, the exam can’t afford to dedicate half a dozen questions to the subject–and as such, I think it’s overkill to someone seeking to get a CISSP. But it sounds like an entertaining way to pick up some CPEs.
The author posits that phone phreaking is the predecessor to computer hacking, which is something worth remembering if you’re seeking any kind of security credential. (ISC)2 and CompTIA agree with the author on that point.
Lapsley also makes the distinction between people who were curious about how the phone system worked, and those who were merely interested in abusing it to make telephone calls, or call long-distance BBSs. That’s an important distinction, and one that lives on today. If you want to know the difference between a white-hat and black-hat hacker, that’s not a bad thing to keep in mind. A black-hat abuses; a white-hat is curious above all else.
Many of them grew up. One is a software developer. Another is a prominent California politician.
He also answers a good question, which is, why would AT&T build such a vast, complex system so critical to its existence and allow such security holes in it? The answer is in the question: It was an incredibly difficult problem to solve, and such an inherently complex system will by nature have some weaknesses in it that will take time to discover and fix. That’s exactly like any other security question: Why would a software vendor spend billions of dollars writing software and allow security holes in it? As we all know, they fix the problems as they find them.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.