gmail security is a joke
mysidia at gmail.com
Fri May 29 11:17:43 UTC 2015
On Wed, May 27, 2015 at 8:42 AM, Joel Maslak <jmaslak at antelope.net> wrote:
> I also suspect not every telco validates number porting requests against
> social engineering properly.
What national wireless provider _does_ validate porting requests
against social engineering?
As far as I knew, as soon as the gaining provider receives the filled
out online form or written form, with the billing address, Or copy
of a bill from the old provider printed off from the losing
provider's web portal signed off with a forged signature from the
scammer (All information that can be derived through pre-texting or
social engineering), The gaining wireless carrier can proceed, and
will proceed with a simple port without having to call the number for
The sufficiently evil scammer will have the wireless number ported to
their pre-paid cell phone within 48 hours, and be ready to receive
insecure SMS message from the target's online banking service to
confirm the second factor for login.
More information about the NANOG