> > Any attacker which is after your stuff and is able to penetrate a GSM > exchange and send an unauthrized message without anyone noticing > (remember that banks rely on the number as a ID good enough to identify > you and divolge your account details on SMS) Hey... Gilad, I expected better from you (being the one who built an SMS gateway from recycled paper and used cardboard boxes). Spoofing != sniffing. Spoofing is actually much easier. Faking the GSM number you *send* to someone is easy/ier (I just have to fake the proper SMS message). Sniffing the SMS your bank sends *you* is harder. > can just as well break into > your phisical location and take what he wants or kidnap the children of > the sysadmin or any other large scale operations such as those. That's actually easier than spoofing and/or sniffing (proof: statistically. Look how many people are in jail for kidnapping, and how many for spoofing/sniffing. QED). > It all > depends on what you are protecting. I think that for 95% of the people > and LANs out there it's secure enough, combined with a one time password > carried by the SMS message itself. > This is getting too weird for me, though. I tried to give Omer real practical advise when suddenly the conversation drifted into GSM phones and kidnapping kids. I'll be leaving this thread now :-) - Aviram ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
