From: rajat swarup (rajats@gmail.com)
Date: Tue Jun 26 2007 - 01:26:24 EDT
On 6/22/07, Robin Wood <dninja@gmail.com> wrote:
> Imagine the situation, you get a message to call someone, your call
> gets answered by an automated system which says there may be a few
> minutes wait and gives you the bad hold music. You hit the hands free
> button on the phone and get on with work while you wait for it to be
> answered.
>
> Unless you mute the call, the person/system on the other end of the
> call could be listening in while pretending to be on hold and
> potentially hear all that is going on around you.
>
> It is a random attack vector but it could allow an attacker to pick up
> all sorts of information. I thought about it while sitting on hold for
> over 30 mins trying to get through to my mobile phone support line
> last night. If they had been listening they would know what I had for
> dinner.
>
There was an interesting presentation in last year's Black Hat Las
Vegas by Jay Schulman about a phone phishing set-up. Thought you
might be interested.
https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Schulman.pdf
Thanks,
Rajat Swarup.
http://rajatswarup.blogspot.com/
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:54 EDT