Bugtraq mailing list archives
Re: otp - the next generation
From: Ben Laurie <ben () ALGROUP CO UK>
Date: Fri, 23 Mar 2001 14:39:06 +0000
Gregory Steuck wrote:
2) SMS source address can not be forged. I am pretty sure that both assumptions are wrong. Phone company (or companies, I don't know how the messages are routed) will most certainly be able to sniff your messages and forge the source address.
Indeed. And SMPP (the protocol usually used to inject SMSes into the network over TCP) also allows the source address to be specified, though I believe some telcos impose restrictions on valid source addresses. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ApacheCon 2001! http://ApacheCon.com/
Current thread:
- otp - the next generation Lukasz Luzar (Mar 22)
- Re: otp - the next generation Szilveszter Adam (Mar 23)
- Re: otp - the next generation Casper Dik (Mar 23)
- Re: otp - the next generation Denis A. Doroshenko (Mar 23)
- Re: otp - the next generation Gregory Steuck (Mar 23)
- Re: otp - the next generation Tollef Fog Heen (Mar 23)
- Re: otp - the next generation Ben Laurie (Mar 23)
- Re: otp - the next generation Dag-Erling Smorgrav (Mar 23)
- Re: otp - the next generation Tristam Fenton-May (Mar 23)
- <Possible follow-ups>
- Re: otp - the next generation Elias Levy (Mar 23)
- Re: otp - the next generation Szilveszter Adam (Mar 23)