Domain: spoofcard.com
Stories and comments across the archive that link to spoofcard.com.
Comments · 11
-
Re:Autoimmune disorder...
Like what? You said "numerous". Name three.
I can name more than three. Skype or other IP telephony (gatewayed through public wifi for extra measure), Hacked PBX call redirectors (which are a favorite of many scammers), prepaid cell phone, disposable SIM cards, telephone call anonymizing services, public pay phone.
-
Re:Placing blame
-
Spoof caller ID right here
-
Re:Seconded.
I appreciate the response. I think I'll still connect to my self-cert IMAP mail server via SSL rather than plain text. It also provides the added benefit of bypassing most content filtering firewalls
:)
Clearly we have different ideas as to what is easy and what is difficult in pulling off an attack, and what is and isn't worth bothering to protect yourself against. A passive listener (Eve) seems to be much more common and very easy to protect against than an actual attacker (Mallory). If you're worried about that more aggressive attacker it seems to me that CA provided SSL isn't enough, you need to worry more about the endpoints as well. I totally get what you're saying about the availability of tools, but they're far from automated. Getting fragrouter/ettercap/dnsspoof/webmitm/wireshark/ssldump to attack/trap/decrypt/re-encrypt/pass all other traffic/store/filter data all at the same time, in real time, in two directions is not trivial. Maybe metasploit put something together I haven't seen. But setting up any of a number of different packet sniffers with a simple filter for "username" that will work for pop/imap/telnet/ftp/http/etc traffic is much easier; I could walk my mom through it over the phone.
The caller ID spoofing bit of the phone attack I described isn't that difficult at all actually, there are many websites that will do it for you easily - they have made the news from people being scammed and whatnot.
It all just comes down to your perception of the threat based on your own knowledge. That's why choices are good. -
so much for this business: spoofcard.com
http://www.spoofcard.com/ found it via cruel.com so caveat emptor.
Mitnick's The Art of Deception mentions how he did some demo callerid spoofing on a talk show.
What's next? Spoof ip addresses becoming illegal? After all as other poster said all you need to spoof callerid is your own pbx. -
It's all Paris Hilton's fault...
...or is it just a coincidence that this law comes up after "SpoofCard.com Terminates Accounts of Paris Hilton and 50 Other Customers for Using its Service to Break Into Voicemail Boxes"?
I think not.
Anyway, please people, the whole reason for this law is not to make spoofing a thing of the past, but to make sure only cops and feds are allowed to spoof caller ID to harass, intimidate and spy on me by pretending to be my loved ones, creditors, ex-girlfriends who want their DVDs back, one night stands who I never called back, etc. I mean, how naive are we about them spying on me? Laws are about power and who has it. That's why they won't let me buy a tank on eBay.
Damn government.
-
Re:I say, "Yes. Yes they should."
Not much. When a bank calls, Caller ID should show bank's name rather than "Private Caller" from some call center in India.
Caller ID information is little more trustworthy than the "From" address on an e-mail. Caller ID can be spoofed with readily available VOIP equipment and absolutely anybody can change their transmitted caller ID info to anything they want easily and inexpensively without buying thier own equipment. (Great stuff for prank calls, tho.)
-
Caller ID??
Pleease don't tell me they plan on using Caller ID as a secure method of verification. Funny enough, TFA doesn't mention caller id at all, but I'd hope that something slightly more secure is actually implemented.
-
Think again!
Consumer Caller ID is easily faked
http://www.spoofcard.com/
Obviously in your case it was real, but it's entirely possible that scammers could dial you faking the caller ID of a real bank. -
It's always hackable
and *not* hackable!
It's always hackable. Your grandma can hack caller id on a regular phone. Your standards are higher for the brand new technology? -
Re:Whatsa matter?
That's just not the point at all.
Caller ID is a paid service. The telcos make millions a month selling that and other "services", all of which come with the switching equipment, it costs them nothing to give it to you, but they get paid by you. It might be bundled but it is never free. One way or another they are getting paid.
Now it is found to be unreliable. It turns out the telcos have an insecure system. They've known about it for years, they haven't done anything whatsoever to secure it, and they are still cashing their customer's checks for caller ID service which can be completely subverted for $10.00 to http://spoofcard.com/
Wouldn't the correct response be to make it ILLEGAL for anyone to spoof caller ID, and for any telephone provider to provide false caller ID data to any subscriber?
If that were the case and their were civil and criminal penalties for providing false Caller ID data one or maybe two things would happen:
The telcos would stop providing unreliable data by stopping selling Caller ID, or they would finally take the effort to secure their own systems. They would probably do both. Shut it down and then secure it.
They shouldn't have to be forced to do either of those things but apparently they need to be.