Re: listening to people/offices when on-hold on the phone

From: David Gutierrez (davegu1@hotmail.com)
Date: Mon Jun 25 2007 - 19:58:05 EDT

• Next message: Sir Mordred: "Re: pen testing flash games."
• Previous message: crumdub12@gmail.com: "Port Scanning Issues"
• In reply to: Thor (Hammer of God): "Re: listening to people/offices when on-hold on the phone"
• Next in thread: crazy frog crazy frog: "Re: listening to people/offices when on-hold on the phone"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

And how do you turn that on .

From: "Thor (Hammer of God)" <thor@hammerofgod.com>
To: "Robin Wood" <dninja@gmail.com>,"PenTest" <pen-test@securityfocus.com>
Subject: Re: listening to people/offices when on-hold on the phone
Date: Sat, 23 Jun 2007 11:15:40 -0700
MIME-Version: 1.0
Received: from outgoing.securityfocus.com ([205.206.231.27]) by
bay0-mc3-f9.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sat, 23
Jun 2007 12:44:59 -0700
Received: from outgoing.securityfocus.com by outgoing.securityfocus.com
     via smtpd (for mx3.hotmail.com [65.54.244.72]) with ESMTP; Sat, 23 Jun
2007 12:37:44 -0700
Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid
617B023701F; Sat, 23 Jun 2007 13:36:01 -0600 (MDT)
Received: (qmail 24070 invoked from network); 23 Jun 2007 18:32:05 -0000
X-Message-Info:
LsUYwwHHNt2EFR00FEoSgsU1xMLuzsV9dWpWb3aotqi/pDSLspJnCyCGtXCuWhnT
Mailing-List: contact pen-test-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <pen-test.list-id.securityfocus.com>
List-Post: <mailto:pen-test@securityfocus.com>
List-Help: <mailto:pen-test-help@securityfocus.com>
List-Unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:pen-test-subscribe@securityfocus.com>
Resent-Sender: listbounce@securityfocus.com
Errors-To: listbounce@securityfocus.com
Delivered-To: mailing list pen-test@securityfocus.com
Delivered-To: moderator for pen-test@securityfocus.com
References: <2cf3b3170706220337n7922dc65l2240ca9101de0dac@mail.gmail.com>
<1182536195.467c12033e379@webmail.telus.net>
<2cf3b3170706230027k7c120e62y81c9510b066b9bf6@mail.gmail.com>
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6000.16480
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16480
Resent-Message-Id: <20070623193601.617B023701F@outgoing3.securityfocus.com>
Resent-Date: Sat, 23 Jun 2007 13:36:01 -0600 (MDT)
Resent-From: pen-test-return-1078484451@securityfocus.com
Return-Path:
pen-test-return-1078484451-davegu1=hotmail.com@securityfocus.com
X-OriginalArrivalTime: 23 Jun 2007 19:44:59.0969 (UTC)
FILETIME=[FC090B10:01C7B5CE]

Why worry about getting them to dial out when you can just switch on the
microphone and listen? ;)

t

----- Original Message ----- From: "Robin Wood" <dninja@gmail.com>
To: "PenTest" <pen-test@securityfocus.com>
Sent: Saturday, June 23, 2007 12:27 AM
Subject: Re: listening to people/offices when on-hold on the phone

>That is the kind of thing I was thinking of. You'd have to be very
>luck to do it but you might get something.
>
>One way you might use this is if you know there are visitors in and
>the office is open plan. Find someone who sits near where the visitors
>are likely to be, i.e. somewhere around a demo pc or maybe a key
>developers desk, and try to get them with this.
>
>Just a follow on thought from this, it is possible to hack bluetooth
>to get some mobile phones to dial out. Imagine doing this to a manager
>in a meeting, get him to call a free conference line, you get on the
>other end, and you've got your own bug in the office.
>
>Robin
>
>On 6/22/07, Joel Eusebio <joele@telus.net> wrote:
>>
>>Good point. And what if you were on hold while calling from work? And
>>suddenly
>>your co-worker shouts out loud "is the password on this server still....."
>>:)
>>
>>cheers,
>>
>>Joel
>>
>>
>>
>>Quoting Robin Wood <dninja@gmail.com>:
>>
>> > Hi
>> > Imagine the situation, you get a message to call someone, your call
>> > gets answered by an automated system which says there may be a few
>> > minutes wait and gives you the bad hold music. You hit the hands free
>> > button on the phone and get on with work while you wait for it to be
>> > answered.
>> >
>> > Unless you mute the call, the person/system on the other end of the
>> > call could be listening in while pretending to be on hold and
>> > potentially hear all that is going on around you.
>> >
>> > It is a random attack vector but it could allow an attacker to pick up
>> > all sorts of information. I thought about it while sitting on hold for
>> > over 30 mins trying to get through to my mobile phone support line
>> > last night. If they had been listening they would know what I had for
>> > dinner.
>> >
>> > Anyone tried listening in like this? Anyone got any comments?
>> >
>> > Robin
>> >
>> >
>>------------------------------------------------------------------------
>> > This List Sponsored by: Cenzic
>> >
>> > Are you using SPI, Watchfire or WhiteHat?
>> > Consider getting clear vision with Cenzic
>> > See HOW Now with our 20/20 program!
>> >
>> > http://www.cenzic.com/c/2020
>> >
>>------------------------------------------------------------------------
>> >
>> >
>>
>>
>>
>>------------------------------------------------------------------------
>>This List Sponsored by: Cenzic
>>
>>Are you using SPI, Watchfire or WhiteHat?
>>Consider getting clear vision with Cenzic
>>See HOW Now with our 20/20 program!
>>
>>http://www.cenzic.com/c/2020
>>------------------------------------------------------------------------
>>
>>
>
>------------------------------------------------------------------------
>This List Sponsored by: Cenzic
>
>Are you using SPI, Watchfire or WhiteHat?
>Consider getting clear vision with Cenzic
>See HOW Now with our 20/20 program!
>
>http://www.cenzic.com/c/2020
>------------------------------------------------------------------------
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

_________________________________________________________________
Picture this – share your photos and you could win big!
http://www.GETREALPhotoContest.com?ocid=TXT_TAGHM&loc=us

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: Sir Mordred: "Re: pen testing flash games."
• Previous message: crumdub12@gmail.com: "Port Scanning Issues"
• In reply to: Thor (Hammer of God): "Re: listening to people/offices when on-hold on the phone"
• Next in thread: crazy frog crazy frog: "Re: listening to people/offices when on-hold on the phone"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:54 EDT