Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: listening to people/offices when on-hold on the phone

from [rajat swarup] Network Security [Permanent Link]
Subject: Re: listening to people/offices when on-hold on the phone
Date: Tue, 26 Jun 2007 01:26:24 -0400
On 6/22/07, Robin Wood <dninja@gmail.com> wrote: 
Imagine the situation, you get a message to call someone, your call
gets answered by an automated system which says there may be a few
minutes wait and gives you the bad hold music. You hit the hands free
button on the phone and get on with work while you wait for it to be
answered.

Unless you mute the call, the person/system on the other end of the
call could be listening in while pretending to be on hold and
potentially hear all that is going on around you.

It is a random attack vector but it could allow an attacker to pick up
all sorts of information. I thought about it while sitting on hold for
over 30 mins trying to get through to my mobile phone support line
last night. If they had been listening they would know what I had for
dinner.

There was an interesting presentation in last year's Black Hat Las
Vegas by Jay Schulman about a phone phishing set-up.  Thought you
might be interested.
https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Schulman.pdf

Thanks,
Rajat Swarup.
http://rajatswarup.blogspot.com/

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Safe keeping super-user / root IDs, Schanulleke
Next by Date:  Port Scanning Issues, Steinar Watne
Previous by Thread:  Re: listening to people/offices when on-hold on the phone, Robin Wood
Next by Thread:  Re: listening to people/offices when on-hold on the phone, ebk_lists
Indexes:  [Date] [Thread] [Top] [All Lists]