[Noisebridge-discuss] Unlocking the door via SMS

Jonathan Lassoff jof at thejof.com
Thu Mar 11 01:25:47 UTC 2010


Excerpts from Jacob Appelbaum's message of Wed Mar 10 16:24:26 -0800 2010:
> Spoofing caller ID is trivial. An ACL like that should probably not be
> called a very strong ACL if an ACL at all... They're basically a weak,
> long running version of a shared secret. Many of us have published our
> cell phone numbers on the wiki.

Indeed, spoofing Caller ID is easy. But SMS? I'm sure it's possible, but
would you need to clone the Ki of the target SIM?

It was my understanding that mobile-originated SMS was signalled over
the LAPD control channels and marked with the MIN as it's routed through
the provider's network.

> > It'd be pretty simply to create a method of adding a phone number to
> > an ACL, but require they either have an account on pony or be
> > connected to our internal network.  As google voice already logs all
> > messages, the exposure of privacy would not be realistically increased
> > -- those wishing to keep their phone numbers entirely private would
> > not want to use this method anyway.
> > 
> 
> Who has access to those logs?

Whomever has access to an account on pony that is either UID 0, or is in
the "adm" group.
Only a few people, but who knows what unknown root access there is to
this machine.

It seems like pony is keeping copious apache logs. Logrotate is
configured to keep 52 rolled-out copies of logs on pony.

I think we should keep a clearly-stated log retention policy that
perhaps keep some minimal logs for a couple days, but does a secure-ish
deletion of old logs past a known interval.

Does this seem like a sensible thing to to?

Would anyone mind if I just went ahead and did that?

Cheers,
jof



More information about the Noisebridge-discuss mailing list