Do you know the companies PINGER and SNAPVINE?

Pinger and Snapvine are highly INSECURE!!!!

What this means: I can break into your Pinger and Snapvine phone accounts. I can listen to your messages. I can send out messages as you.

How do I do this? Easy. I mask / spoof CALLER ID / ANI. Anyone can do this, amateur hacks, etc.

Well, there are others, but suffice to say that these companies are doing new things with social networking sites and phones that help to connect people.

The problem is that these companies have a scalability problem based on inbound calling.

You see, if you have hundreds of thousands or millions of users, you can’t give everyone a unique dial in phone number.

SECURITY PROBLEM

What these companies have done is based user identification on Caller ID / ANI – meaning that you call their service, and their systems recognize your phone via Caller ID.

The problem is that Caller ID is highly insecure and can be faked.

The problem that these “dial in” companies are trying to solve is one of scalability. They simply cannot have enough dial in numbers for each user.

Therefore, they have architected a way to recognize each caller by Caller ID and to base the entire user authentication system on this insecure method.

This can easily be hacked.

SOLUTION

The solution is funny – both Pinger and SnapVine make you enter in a PIN CODE when you dial in without validating your phone.

After you validate your phone, you no longer need to enter the PIN CODE.

So in effect, when you validate your phone, you make your account INSECURE.

What Pinger and SnapVine need to do is always require the PIN CODE.

By CallerID Spoofy on 12.21.06 1:36 pm