[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest)

To: joe@xxxxxxxxxxxxxx
Subject: Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest)
From: Lance James <lancej@xxxxxxxxxxxxxxxxx>
Date: Thu, 12 Aug 2004 16:34:44 -0700

Joe Eversole wrote:

On Wed, 11 Aug 2004 14:10:18 -0700, Secure Science Corporation
Advisory Notice <bugtraq@xxxxxxxxxxxxxxxxx> wrote:

Solution:
- ---------
Add 2-factor authentication (passcode requirement) by default and cease
implicit trust of Caller-ID information.

T-Mobile's messaging system (in Indianapolis, at least. I do not know
if they have migrated to a single VM system) has a setting the user
can specify to require passcode when calling from mobile phone.

Hence, by default! It is not on by default.

--je

--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.com

References:
- SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest)
  - From: Secure Science Corporation Advisory Notice
- Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest)
  - From: Joe Eversole

Prev by Date: Advanced usage of system() function.
Next by Date: MDKSA-2004:081 - Updated gaim packages fix remotely exploitable vulnerabilities
Previous by thread: Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest)
Next by thread: Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest)
Index(es):
- Date
- Thread