[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A better Linux based firewall installation?





Aviram Jenik wrote:

>> Any attacker which is after your stuff and is able to penetrate a GSM
>> exchange and send an unauthrized message without anyone noticing
>> (remember that banks rely on the number as a ID good enough to identify
>> you and divolge your account details on SMS)
> 
> 
> Hey... Gilad, I expected better from you (being the one who built an SMS
> gateway from recycled paper and used cardboard boxes).
Actually it was half a spud and an Orchid ;-)

> Spoofing != sniffing. Spoofing is actually much easier. Faking the GSM
> number you *send* to someone is easy/ier (I just have to fake the proper SMS
> message). Sniffing the SMS your bank sends *you* is harder.

Hmm.. I did not imply that because the bank is sending you your acocunt 
details on SMS it makes it safe because the bank trusts that no one can 
READ your messages, what I meant is that Bank trust the identity they 
get from the network to send the information, that is - that the network 
is hard (enough) to spoof.

Anyway, this thread is rather silly. You could DES encrypt the SMS 
messages...

But this is getting OT ;-)

Gilad.



-- 
Gilad Ben-Yossef <gilad@benyossef.com>
http://benyossef.com :: +972(54)756701


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il