spoofing Twitter and other SMS-based services

Jack: <a href="http://nonsmokingarea.com/blog/2008/11/22/wordpress-mobile-optimization/#comment-88168" title="View the entire comment by Jack">New tech breaktrhough
subnet: <a href="http://nonsmokingarea.com/blog/2008/11/22/wordpress-mobile-optimization/#comment-88167" title="View the entire comment by subnet">if you plan on switching to self-hosted wordpress, I'ld recommend
ik.: <a href="http://nonsmokingarea.com/blog/2008/11/22/wordpress-mobile-optimization/#comment-88166" title="View the entire comment by ik.">nice writeup. now that i got 50 megs a month
Bob: <a href="http://nonsmokingarea.com/blog/2007/06/16/phptube-youtube-api-for-video-upload-download/#comment-88165" title="View the entire comment by Bob">The upload feature works as long as the video size
subnet: <a href="http://nonsmokingarea.com/blog/2008/11/26/feedback-army-usability-testing-for-the-rest-of-us/#comment-88164" title="View the entire comment by subnet">@Raphael: thx for getting in touch! re language: given the

Tags: FakeMyText, security, SMS, spoof, Twitter

in case you haven’t been aware how easy it is to fake the originating number (’from’) of an SMS message, ONLamp features a step-by-step guide on spoofing Twitter (and similar services involving authentication mechanisms solely based on the senders phone number). this basically means that attackers only need to know a users associated cellphone number and an SMS-service like FakeMyText to post messages in his name. there goes your identity…

This entry was posted on Sunday, April 8th, 2007 at 4:50 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

RSS feed | Trackback URI