Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


joe5600

94 posts

Master Geek
Inactive user


#7455 16-Apr-2006 16:48
Send private message

hello there does any one here no how security our text message's are doesd telecom/vodafone log them is it possable to pick up someone else's text message's???????????????????

Create new topic
sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #33097 16-Apr-2006 17:23
Send private message

I was told a couple of years ago that Telecom stored SMS's for a celendar month and Vodafone for 1 week. With the explosive growth of SMS and in particular threatening message sent via SMS I believe both networks store messages for at least several months. I am sure somebody on here will be able to give you exact details.

The number of cases Police are investigating re threatening txts is staggering, maybe both networks need to start emphasising the fact that messages are stored and can all be recalled.






paradoxsm
3000 posts

Uber Geek

Trusted

  #33106 16-Apr-2006 19:16
Send private message

They can be read by certain employee's, They need some good reasons to do it however,

I heard they are stored for 6 months now, following all the recent TXTbullies and TXTabuse happening. I used to get spammed by 027's when $10 unlimited SMS came out.

Remember they are 7 bit data and only 160 characters, You could easily fit 10 of them in 1KB and they compress rather well even as .ZIP.

Jama
1420 posts

Uber Geek

Trusted

#33111 16-Apr-2006 19:43
Send private message

6 months would require 2.5TB worth of storage.



tonyhughes
Hawkes Bay
8476 posts

Uber Geek

Retired Mod
Trusted
Lifetime subscriber

  #33125 16-Apr-2006 21:05
Send private message

Mauricio could hold a couple of months worth then...

To the OP: Dont treat text messages as secure. The network used to deliver them is secure at some level, but the message itself is not encrypted as far as I am aware.

Unless you encrypt a communication yourself, and trust that encryption to a strong enough degree (appropriate to the content of the communication), then you should be aware that the message can not be considered private.

No, you cannot intercept anyone elses text messages. The days of phone cloning are pretty much gone. (Unless you are in the league of governments that own fleets of black helicopters I suppose).







Torque
379 posts

Ultimate Geek


  #33332 18-Apr-2006 21:06
Send private message

Indeed, I would presume Fraud Investigators / Security team people at the telcos can read txt messages.
Cops can if they get a warrant.

Who knows what the SIS/GCSB can do in regards to that?

essamessa
12 posts

Geek


  #33348 19-Apr-2006 09:14
Send private message

SMS content is not available to anyone without a warrant.  When the Police require text data they must obtain a warrant from the Courts and present that to the telco, which then extracts the data for them. 
Only around a week of text data is stored, expressly for this purpose.

cokemaster
Exited
4929 posts

Uber Geek

Retired Mod
Trusted
Lifetime subscriber

#33355 19-Apr-2006 10:56
Send private message

I would hope that they are reasonably secure due to several banks uisng SMS (Kiwibank and ASB by memory) for various tasks.....

Though, I've been let down before.




webhosting

Loose lips may sink ships - Be smart - Don't post internal/commercially sensitive or confidential information!


 
 
 

Shop now on AliExpress (affiliate link).
sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #33359 19-Apr-2006 11:38
Send private message

cokemaster: I would hope that they are reasonably secure due to several banks uisng SMS (Kiwibank and ASB by memory) for various tasks.....



Though, I've been let down before.



Two factor authentication is a bit of a joke for bank security as it only offers a very minimal extra layer of security over the existing login/password and simply causes an inconvenience to people. Somebody at a telco intercepting messages is the least of your worries!

It will be very interesting to see the banks response in NZ when we get the first fraud case involving a customer using two factor authentication since they have hyped up the supposedly additional security it offers!

 

cokemaster
Exited
4929 posts

Uber Geek

Retired Mod
Trusted
Lifetime subscriber

#33360 19-Apr-2006 11:45
Send private message

It gets worse. In ASBs case they have TXT Banking which allows you to transfer money around your accounts (but not out of).

It has a 25c fee in addition to whatever fees apply to your account AND the cost to text (usually 20c per message)... potentially someone could have 'fun' tranferring money around in the knowledge that its racking up fees.




webhosting

Loose lips may sink ships - Be smart - Don't post internal/commercially sensitive or confidential information!


sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #33364 19-Apr-2006 12:21
Send private message

But that's still not likely to cause any significant fraud.

The big problem with two factor authentication is that with a keylogger trojan running you can capture a login, password and two factor code in realtime, redirect the user to a site that says the login has failed and then somebody somewhere in the world in realtime can have immediate access to your system. It's easy to avoid this by implimenting a second layer of security that will only allow the generated two factor code to be submitted from the same IP as the original login if the two factor code is sent via SMS - from what I understand this does not happen in NZ.



freitasm
BDFL - Memuneh
79281 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#33365 19-Apr-2006 12:29
Send private message

sbiddle: But that's still not likely to cause any significant fraud.

The big problem with two factor authentication is that with a keylogger trojan running you can capture a login, password and two factor code in realtime, redirect the user to a site that says the login has failed and then somebody somewhere in the world in realtime can have immediate access to your system.
Not really - remember the keylogger collects one number for the second authentication, but when the bad person tries to login s/he will be asked for the number again - which by that time is invalid for a second login.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #33368 19-Apr-2006 12:43
Send private message

freitasm:
sbiddle: But that's still not likely to cause any significant fraud.

The big problem with two factor authentication is that with a keylogger trojan running you can capture a login, password and two factor code in realtime, redirect the user to a site that says the login has failed and then somebody somewhere in the world in realtime can have immediate access to your system.
Not really - remember the keylogger collects one number for the second authentication, but when the bad person tries to login s/he will be asked for the number again - which by that time is invalid for a second login.



The trojan dosn't pass the two factor code to the bank site however, it merely captures it with the keylogger and then directs the user to a site saying the login has failed and sends the info to the bad guy who has to log in immediately. I was reading about this the other day when somebody demonstrated an attack on a German bank using a custom trojan, it of course requires specific programming for a certain bank but it's proof that two factor authentication isn't the bullet proof solution that the banks want.




richms
28176 posts

Uber Geek

Trusted
Lifetime subscriber

  #33882 25-Apr-2006 21:27
Send private message

Also there are trojens that allow them to take over your browsing session, so as the text code auths your session, they can then do whatever they like in another browser once the users desired transaction has happened.

A lot harder as they have to be ready to go when the user logs into the banking site and does the text confirmation, but still worth it for the gains if it allows the perps to get away with cleaning out someones account. 






Richard rich.ms

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.