reply to discussion
Results 1 to 6 of 6
  1. #1
    John Navas
    Guest
    As an AT&T Mobility customer, when making a call to your voice-mail from
    your cell phone, you don't have to enter your pin number as you normally
    would from a landline. This is a nice convenience. It should be
    implemented by having the network verify that the call came from the
    correct AT&T Mobility SIM. Instead, AT&T Mobility has taken the easy way
    out of just using Caller ID, which can be easily spoofed by anyone.
    (I verified this by spoofing Caller ID for my own AT&T Mobility service
    from a landline.)

    This could be a very serious problem depending on what's in the
    voice-mail. In addition, this could be used to send spoofed voice
    messages to other AT&T Mobility subscribers.

    It seems the Los Angeles County District Attorney went after AT&T over
    unauthorized access to voice-mail, and they settled just last month, as
    I learned when I reported the problem to the Office of the President.
    Talking Points of the settlement:

    AT&T is committed to providing secure access to our customers'
    voicemail and we are working on technological solutions to prevent
    spoofing. We encourage customers to add a password to their voicemail
    account for added security.

    AT&T takes the security of our customers and their devices seriously.
    While reports of spoofing technology being used to access a
    customer's voicemail are extremely rare, we will be encouraging all
    customers to set up a password for voicemail access for added
    security.

    We also took steps before we were contacted by the District
    Attorney's Office to help our sales and customer service personnel
    educate customers on spoofing risks and how to set up a password, and
    we continue to explore technological solutions to combat spoofing.

    The password on voice-mail is currently set to off by default.
    Unfortunately, the password option is buried deep enough in the
    voice-mail system menus (Personal Options -> Administrative Options ->
    Password Options) that most subscribers probably won't find it.

    I have agreed to wait for up to 90 days for AT&T to resolve the issue.
    --
    Best regards, FAQ for Wireless Internet: <http://wireless.navas.us>
    John FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
    Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
    Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>



    See More: ALERT: AT&T voice-mail is not secure, access can be easily spoofed




  2. #2
    Ron
    Guest

    Re: ALERT: AT&T voice-mail is not secure, access can be easily spoofed


    You have this problem even on a Motorola?


    On Tue, 16 Dec 2008 10:27:46 -0800, John Navas
    <[email protected]> wrote:

    >As an AT&T Mobility customer, when making a call to your voice-mail from
    >your cell phone, you don't have to enter your pin number as you normally
    >would from a landline. This is a nice convenience. It should be
    >implemented by having the network verify that the call came from the
    >correct AT&T Mobility SIM. Instead, AT&T Mobility has taken the easy way
    >out of just using Caller ID, which can be easily spoofed by anyone.
    >(I verified this by spoofing Caller ID for my own AT&T Mobility service
    >from a landline.)
    >
    >This could be a very serious problem depending on what's in the
    >voice-mail. In addition, this could be used to send spoofed voice
    >messages to other AT&T Mobility subscribers.
    >
    >It seems the Los Angeles County District Attorney went after AT&T over
    >unauthorized access to voice-mail, and they settled just last month, as
    >I learned when I reported the problem to the Office of the President.
    >Talking Points of the settlement:
    >
    > AT&T is committed to providing secure access to our customers'
    > voicemail and we are working on technological solutions to prevent
    > spoofing. We encourage customers to add a password to their voicemail
    > account for added security.
    >
    > AT&T takes the security of our customers and their devices seriously.
    > While reports of spoofing technology being used to access a
    > customer's voicemail are extremely rare, we will be encouraging all
    > customers to set up a password for voicemail access for added
    > security.
    >
    > We also took steps before we were contacted by the District
    > Attorney's Office to help our sales and customer service personnel
    > educate customers on spoofing risks and how to set up a password, and
    > we continue to explore technological solutions to combat spoofing.
    >
    >The password on voice-mail is currently set to off by default.
    >Unfortunately, the password option is buried deep enough in the
    >voice-mail system menus (Personal Options -> Administrative Options ->
    >Password Options) that most subscribers probably won't find it.
    >
    >I have agreed to wait for up to 90 days for AT&T to resolve the issue.




  3. #3
    John Navas
    Guest

    Re: ALERT: AT&T voice-mail is not secure, access can be easily spoofed

    Yes, on any phone, mobile or landline.

    On Tue, 16 Dec 2008 13:35:15 -0600, Ron <[email protected]>
    wrote in <[email protected]>:

    >You have this problem even on a Motorola?
    >
    >On Tue, 16 Dec 2008 10:27:46 -0800, John Navas
    ><[email protected]> wrote:
    >
    >>As an AT&T Mobility customer, when making a call to your voice-mail from
    >>your cell phone, you don't have to enter your pin number as you normally
    >>would from a landline. This is a nice convenience. It should be
    >>implemented by having the network verify that the call came from the
    >>correct AT&T Mobility SIM. Instead, AT&T Mobility has taken the easy way
    >>out of just using Caller ID, which can be easily spoofed by anyone.
    >>(I verified this by spoofing Caller ID for my own AT&T Mobility service
    >>from a landline.)
    >>
    >>This could be a very serious problem depending on what's in the
    >>voice-mail. In addition, this could be used to send spoofed voice
    >>messages to other AT&T Mobility subscribers.
    >>
    >>It seems the Los Angeles County District Attorney went after AT&T over
    >>unauthorized access to voice-mail, and they settled just last month, as
    >>I learned when I reported the problem to the Office of the President.
    >>Talking Points of the settlement:
    >>
    >> AT&T is committed to providing secure access to our customers'
    >> voicemail and we are working on technological solutions to prevent
    >> spoofing. We encourage customers to add a password to their voicemail
    >> account for added security.
    >>
    >> AT&T takes the security of our customers and their devices seriously.
    >> While reports of spoofing technology being used to access a
    >> customer's voicemail are extremely rare, we will be encouraging all
    >> customers to set up a password for voicemail access for added
    >> security.
    >>
    >> We also took steps before we were contacted by the District
    >> Attorney's Office to help our sales and customer service personnel
    >> educate customers on spoofing risks and how to set up a password, and
    >> we continue to explore technological solutions to combat spoofing.
    >>
    >>The password on voice-mail is currently set to off by default.
    >>Unfortunately, the password option is buried deep enough in the
    >>voice-mail system menus (Personal Options -> Administrative Options ->
    >>Password Options) that most subscribers probably won't find it.
    >>
    >>I have agreed to wait for up to 90 days for AT&T to resolve the issue.

    --
    Best regards, FAQ for Wireless Internet: <http://wireless.navas.us>
    John FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
    Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
    Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>



  4. #4
    Ron
    Guest

    Re: ALERT: AT&T voice-mail is not secure, access can be easily spoofed

    So Motorola Phones are no good, then.

    On Tue, 16 Dec 2008 12:39:12 -0800, John Navas
    <[email protected]> wrote:

    >Yes, on any phone, mobile or landline.
    >
    >On Tue, 16 Dec 2008 13:35:15 -0600, Ron <[email protected]>
    >wrote in <[email protected]>:
    >
    >>You have this problem even on a Motorola?
    >>
    >>On Tue, 16 Dec 2008 10:27:46 -0800, John Navas
    >><[email protected]> wrote:
    >>
    >>>As an AT&T Mobility customer, when making a call to your voice-mail from
    >>>your cell phone, you don't have to enter your pin number as you normally
    >>>would from a landline. This is a nice convenience. It should be
    >>>implemented by having the network verify that the call came from the
    >>>correct AT&T Mobility SIM. Instead, AT&T Mobility has taken the easy way
    >>>out of just using Caller ID, which can be easily spoofed by anyone.
    >>>(I verified this by spoofing Caller ID for my own AT&T Mobility service
    >>>from a landline.)
    >>>
    >>>This could be a very serious problem depending on what's in the
    >>>voice-mail. In addition, this could be used to send spoofed voice
    >>>messages to other AT&T Mobility subscribers.
    >>>
    >>>It seems the Los Angeles County District Attorney went after AT&T over
    >>>unauthorized access to voice-mail, and they settled just last month, as
    >>>I learned when I reported the problem to the Office of the President.
    >>>Talking Points of the settlement:
    >>>
    >>> AT&T is committed to providing secure access to our customers'
    >>> voicemail and we are working on technological solutions to prevent
    >>> spoofing. We encourage customers to add a password to their voicemail
    >>> account for added security.
    >>>
    >>> AT&T takes the security of our customers and their devices seriously.
    >>> While reports of spoofing technology being used to access a
    >>> customer's voicemail are extremely rare, we will be encouraging all
    >>> customers to set up a password for voicemail access for added
    >>> security.
    >>>
    >>> We also took steps before we were contacted by the District
    >>> Attorney's Office to help our sales and customer service personnel
    >>> educate customers on spoofing risks and how to set up a password, and
    >>> we continue to explore technological solutions to combat spoofing.
    >>>
    >>>The password on voice-mail is currently set to off by default.
    >>>Unfortunately, the password option is buried deep enough in the
    >>>voice-mail system menus (Personal Options -> Administrative Options ->
    >>>Password Options) that most subscribers probably won't find it.
    >>>
    >>>I have agreed to wait for up to 90 days for AT&T to resolve the issue.




  5. #5
    John Navas
    Guest

    Re: ALERT: AT&T voice-mail is not secure, access can be easily spoofed

    That makes no sense at all.

    On Wed, 17 Dec 2008 08:32:11 -0600, Ron <[email protected]>
    wrote in <[email protected]>:

    >So Motorola Phones are no good, then.
    >
    >On Tue, 16 Dec 2008 12:39:12 -0800, John Navas
    ><[email protected]> wrote:
    >
    >>Yes, on any phone, mobile or landline.
    >>
    >>On Tue, 16 Dec 2008 13:35:15 -0600, Ron <[email protected]>
    >>wrote in <[email protected]>:
    >>
    >>>You have this problem even on a Motorola?
    >>>
    >>>On Tue, 16 Dec 2008 10:27:46 -0800, John Navas
    >>><[email protected]> wrote:
    >>>
    >>>>As an AT&T Mobility customer, when making a call to your voice-mail from
    >>>>your cell phone, you don't have to enter your pin number as you normally
    >>>>would from a landline. This is a nice convenience. It should be
    >>>>implemented by having the network verify that the call came from the
    >>>>correct AT&T Mobility SIM. Instead, AT&T Mobility has taken the easy way
    >>>>out of just using Caller ID, which can be easily spoofed by anyone.
    >>>>(I verified this by spoofing Caller ID for my own AT&T Mobility service
    >>>>from a landline.)
    >>>>
    >>>>This could be a very serious problem depending on what's in the
    >>>>voice-mail. In addition, this could be used to send spoofed voice
    >>>>messages to other AT&T Mobility subscribers.
    >>>>
    >>>>It seems the Los Angeles County District Attorney went after AT&T over
    >>>>unauthorized access to voice-mail, and they settled just last month, as
    >>>>I learned when I reported the problem to the Office of the President.
    >>>>Talking Points of the settlement:
    >>>>
    >>>> AT&T is committed to providing secure access to our customers'
    >>>> voicemail and we are working on technological solutions to prevent
    >>>> spoofing. We encourage customers to add a password to their voicemail
    >>>> account for added security.
    >>>>
    >>>> AT&T takes the security of our customers and their devices seriously.
    >>>> While reports of spoofing technology being used to access a
    >>>> customer's voicemail are extremely rare, we will be encouraging all
    >>>> customers to set up a password for voicemail access for added
    >>>> security.
    >>>>
    >>>> We also took steps before we were contacted by the District
    >>>> Attorney's Office to help our sales and customer service personnel
    >>>> educate customers on spoofing risks and how to set up a password, and
    >>>> we continue to explore technological solutions to combat spoofing.
    >>>>
    >>>>The password on voice-mail is currently set to off by default.
    >>>>Unfortunately, the password option is buried deep enough in the
    >>>>voice-mail system menus (Personal Options -> Administrative Options ->
    >>>>Password Options) that most subscribers probably won't find it.
    >>>>
    >>>>I have agreed to wait for up to 90 days for AT&T to resolve the issue.

    --
    Best regards, FAQ for Wireless Internet: <http://wireless.navas.us>
    John FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
    Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
    Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>



  6. #6
    sw
    Guest

    Re: ALERT: AT&T voice-mail is not secure, access can be easily spoofed

    Navas is a ****ing idiot. He is depressed during x'mas.


    In article <[email protected]>,
    "Elmo P. Shagnasty" <[email protected]> wrote:

    > In article <[email protected]>,
    > John Navas <[email protected]> wrote:
    >
    > > That makes no sense at all.

    >
    > To YOU, of course it doesn't.
    >
    > To the rest of the world, who knows how technology works, this is
    > child's play. Understanding it is certainly as easy as understanding
    > 2+2.
    >
    > Again--to YOU.




  • Similar Threads







  • Quick Reply Quick Reply

    If you are already a member, please login above.