[7123] in Kerberos
Re: Dial-In Servers and Kerberos
daemon@ATHENA.MIT.EDU (Joe Kovara)
Thu Apr 18 19:21:57 1996
To: kerberos@MIT.EDU
Date: Thu, 18 Apr 1996 06:21:08 GMT
From: joek@CyberSafe.com (Joe Kovara)
houle@acns.fsu.edu (Art Houle) in comp.protocols.kerberos wrote:
>To steal info from someone elses dialup session, you need to tap the
>wires at the user premises, at the central office, at the answering
>equipment, or off the cables and none of these are easily avaiable.
>Then you need to de-modulate the stream of tones with a pair of compatible
>modems that has been hacked at the system-ROM level by someone with
>knowledge of internal modem design. Far easier to bribe someone for the
>information than find a team of talented technical conspirators.
All you need is maintenance-level access to the switch; a PC, a modem,
and a phone line is all the facilities needed. Serious computer
system compromises have occurred as a result of telco switch
compromises, several of which have been well documented; "phreaking"
is not restricted to toll fraud or pbx abuse. You can't trust the
phone system.
Joe Kovara / Director of Engineering / CyberSafe Corp.
1605 NW Sammamish Road, Suite 310 / Issaquah, WA 98027
joek@cybersafe.com / 206-391-6000 (phone) / 206-391-0508 (fax)
