Subscribe to MAKE Magazine Today!

• Show Full Referring Source in Google Analytics
• Main
• Import and Edit PDFs

Twitter and Jott spoofing

Nitesh Dhanjani @ the ONLamp blog shows that it's fairly easy to spoof someone's Twitter & Jott - looks like you can require a PIN for twitter if you're worried-

Both Twitter and Jott authenticate users by their phone number. Twitter does this by validating users based upon the source of SMS messages sent to the phone number 40404 (US), and Jott does this by trusting the incoming Caller ID when someone calls 877-568-848. From a security perspective this means the following:

• Anyone who knows your phone number can update your Twitter page by spoofing a SMS message, i.e. post a Twitter entry as you.
• Anyone who knows your phone number can spoof his or her caller ID to send a Jott message as you.

Twitter and Jott Vulnerable to SMS and Caller ID Spoofing - O'Reilly ONLamp Blog - [via] Link.

Posted by Phillip Torrone | Apr 11, 2007 03:00 AM
Web | Permalink | Comments (0)

Recent Entries

• Poromenos' hello world curve
• USB CapsLocker and Sun keyboard simulation
• Robosapien has a coil gun
• Faster Windows shutdown
• Assign USB drives to a folder
• Little drummer bot
• CSS ad blocking for Firefox and Safari
• Design Coding: web standards rap
• Shredz64: Guitar Hero for C64
• BATMAN: adhoc mesh routing

Bloggers

Welcome to the Hacks Blog!