Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment: Re:Sounds like a lot of BS (Score 1) 119

by GrenDel Fuego (#31988186) Attached to: All GSM Phones Open To Attack, Tracking

I should say that I think a lot of the confusion comes in because it was a long talk covering a lot of different related topics, some related some not. There were bits covering calling IMSI info by acting as a tower, determining a phone's carrier by the block of numbers, the caller ID piece and more.

Comment: Re:Sounds like a lot of BS (Score 1) 119

by GrenDel Fuego (#31988158) Attached to: All GSM Phones Open To Attack, Tracking

The article is BS and overblown. The talk itself was interesting.

The "find the name of the subscriber" bit has to do with the fact that a lot of carriers register the mobile phone subscribers name with the caller ID database. Since most cellphones don't use caller ID and only pair the number with their local address book, you wouldn't notice this unless the cellphone is calling your landline.

They demonstrated a technique to use a VOIP line to call another VOIP line spoofing the calling number (say 555-555-0001). They then harvested the caller ID info and moved onto the next number (555-555-0002), creating a massive database of number/name combinations.

Kind of like wardialing in reverse (cycling through source numbers not destinations).

Comment: Re:Openfire (Score 1) 360

by GrenDel Fuego (#27487767) Attached to: Internal Instant Messaging Client / Server Combo?

I second Openfire. I set it up at work integrated into Active Directory for a user store, using Mysql replicating to a second box as a DR instance.

My server currently averages about 370 users per day or so, but I fully expect it to eventually handle the 1000+ employees in the company.

I don't use the chat logging functionality myself, but it is available in the product.

If you're using the Spark client you can also configure the FastPath plugin in order to create a "Live Support" chat queue for your helpdesk people so that other employees can talk to the next available person via a web interface.

Comment: Re:Ok then... (Score 5, Insightful) 244

by GrenDel Fuego (#26896967) Attached to: Researchers Hack Biometric Faces

I definitely disagree here. While passwords can be brute forced given enough time, your face is almost certainly available to someone who has access to get at your computer.

There is a difference between identification and authentication (your claim of who you are, and your proof of that claim). What you look like is identification.

Comment: Re:Have Teleco Block Outgoing International Calls? (Score 4, Insightful) 300

by GrenDel Fuego (#26176219) Attached to: Hacked Business Owner Stuck With $52k Phone Bill

If a stranger hacks my WIFI encryption in my neighborhood and downloads child prOn, warez, illegal MP3, etc.. through my router/IP that DOES NOT mean that I did it and I AM NOT responsible for those communications/transfers as I have made reasonable accommodations to prevent that (plus I shutter to think that any of my neighbors are into any of that).

There's a difference between criminal liability and financial. You wouldn't be convicted of downloading child porn (or shouldn't be at least), but if your internet access was pay as you go, you may still be required to pay for the bandwidth used.

Comment: Why would they do that? (Score 5, Informative) 300

by GrenDel Fuego (#26176037) Attached to: Hacked Business Owner Stuck With $52k Phone Bill

This certainly isn't the first time someone has exploited the phone system and stuck another with the bill. Maybe it's time for the phone company to get their fraud detection and prevention services at least on par with what the credit card companies have done.

As long as the customers are responsible for the charges, they have no business reason to invest in fraud protection.

Bruce Schenier refers to this as an externality, and had written about it a number of times in the context of credit card security and computer security.

http://www.schneier.com/blog/archives/2007/01/information_sec_1.html

http://www.schneier.com/blog/archives/2006/03/credit_card_com.html

http://www.schneier.com/blog/archives/2005/10/preventing_iden.html

Some people carve careers, others chisel them.

Working...