gmail security is a joke

Jimmy Hess mysidia at
Fri May 29 11:17:43 UTC 2015

On Wed, May 27, 2015 at 8:42 AM, Joel Maslak <jmaslak at> wrote:
> I also suspect not every telco validates number porting requests against
> social engineering properly.

What national wireless provider _does_  validate porting requests
against social engineering?

As far as I knew,  as soon as the gaining provider receives the filled
out online form or written form,  with the billing address,  Or  copy
of a bill  from the old provider printed off from the losing
provider's  web portal  signed off with a forged signature from the
scammer (All information that can be derived through pre-texting or
social engineering),   The gaining wireless carrier can proceed,  and
will proceed with a simple port  without having to call the number for

The sufficiently evil scammer will have the wireless number ported to
their pre-paid cell phone within 48 hours,   and be ready to receive
insecure SMS message from the target's  online banking service  to
confirm the second factor for login.


More information about the NANOG mailing list