gmail security is a joke

• Previous message (by thread): gmail security is a joke
• Next message (by thread): gmail security is a joke
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 27, 2015 at 8:42 AM, Joel Maslak <jmaslak at antelope.net> wrote:
> I also suspect not every telco validates number porting requests against
> social engineering properly.

What national wireless provider _does_  validate porting requests
against social engineering?

As far as I knew,  as soon as the gaining provider receives the filled
out online form or written form,  with the billing address,  Or  copy
of a bill  from the old provider printed off from the losing
provider's  web portal  signed off with a forged signature from the
scammer (All information that can be derived through pre-texting or
social engineering),   The gaining wireless carrier can proceed,  and
will proceed with a simple port  without having to call the number for
approval.

The sufficiently evil scammer will have the wireless number ported to
their pre-paid cell phone within 48 hours,   and be ready to receive
insecure SMS message from the target's  online banking service  to
confirm the second factor for login.

--
-JH

• Previous message (by thread): gmail security is a joke
• Next message (by thread): gmail security is a joke
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]