Hacker News new | comments | show | ask | jobs | submit login

Note that this was done via a Caller-ID-spoofing website where all you have to do is type in:

* The victim's phone number

* Your real phone number

* The fake one you want to appear to be coming from

Then you click Submit and it puts you through. That's it. Any idiot could do it.

The tech and telecommunications industries are WAY overdue to do at least one of the following:

1. Stop considering Caller ID a secure authentication method

2. Make Caller ID a secure authentication method




Recently I found myself in trouble when abroad because I had no secret code on my voicemail. And My carrier flat refused to do anything without a code when on a different network. I guess it is to prevent this kind of things (I could set a code on the carrier's website).


Number one is far easier to do than number two.

Sadly, it's as bad as the banking industry. Still today, they base a lot of their security on IP addresses. Sad really.


It's too bad you don't know anyone who works in the field of tech security journalism, because it might make for a good exposé...


Damn, that means it doesn't even show any creativity. How do you know that's how it was spoofed, though?





Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: