Am Sonntag, 26. Dezember 2021, 14:38:04 CET schrieb rhkra...@gmail.com:
Hi there,
I think, the more important is not, how the attacker got into the phone
connection, the more important IMHO is that he said: "They asked me a lot of
questions, very personbal questions about me and my family and so
Intentionally top posting:
Just in an effort to keep my warning on target, I (and I think the consensus of
others on this list) is that the problem that occurred was not an XSS attack).
Remember that the incident was that I dialed a known good number of a financial
institution 3 times, 2 times
On Ma, 21 dec 21, 10:13:07, Jeremy Ardley wrote:
> On 21/12/21 10:09 am, Jeremy Ardley wrote:s.
> > There is a type of attack called cross-site scripting (XSS). It's mostly
> > been eliminated by latest version browsers, but there are always
> > zero-day vulnerabilities.
> >
> > The effect is that
On Fri, Dec 24, 2021, 10:26 John Hasler wrote:
> Philippe LeCavalier writes:
> > If the device isn't compromised (which, you saying so doesn't in any
> > way vet the device as safe and not compromised btw) then the desktop
> > you got the number from is the next step to vet.
>
> How do you expla
Philippe LeCavalier writes:
> If the device isn't compromised (which, you saying so doesn't in any
> way vet the device as safe and not compromised btw) then the desktop
> you got the number from is the next step to vet.
How do you explain the Google Voice log entries?
--
John Hasler
j...@sugar
On Fri, Dec 24, 2021, 09:57 wrote:
> On Thursday, December 23, 2021 04:26:54 PM Jeremy Ardley wrote:
> > Getting back to the OP, on the scale of likelihood:
> >
> > - zero probability a bad guy was sitting across the street to intercept
> > his phone
> >
> > - zero probability a carrier exchange
On Thursday, December 23, 2021 04:26:54 PM Jeremy Ardley wrote:
> Getting back to the OP, on the scale of likelihood:
>
> - zero probability a bad guy was sitting across the street to intercept
> his phone
>
> - zero probability a carrier exchange was compromised by a non-state actor
>
> - moder
On Thu, Dec 23, 2021, 16:27 Jeremy Ardley wrote:
>
> On 24/12/21 5:03 am, Curt wrote:
> >
> > It wasn't really that "rhetorical" a van because it was precisely the
> > very concrete "mobile FBI van" described on the Wikipedia page the OP
> > referenced.
> >
> > As for the accurate representation
On 24/12/21 5:03 am, Curt wrote:
It wasn't really that "rhetorical" a van because it was precisely the
very concrete "mobile FBI van" described on the Wikipedia page the OP
referenced.
As for the accurate representation of reality, I'm afraid we can only
hope, however vainly, that people are c
On 2021-12-23, harrywea...@tutanota.com wrote:
>>>
>>
>> Tracking of a cell phone by a mobile FBI van (Wireless Intercept and Tracking
>> Team) which seeks to locate a cell phone lacking GPS tracking by scanning
>> for
>> its emissions. This first became known for its use in tracking hacker Kev
24 Dec 2021, 00:07 by cu...@free.fr:
> On 2021-12-23, rhkra...@gmail.com wrote:
>
>>>
>>> I can find no example of this with a cell phone.
>>>
>>
>> Somebody yesterday posted about Triggerfish -- I can't find that post
>> immediately.
>>
>> Wikipedia says (about Triggerfish):
>>
>> "Intercept
On 2021-12-23, rhkra...@gmail.com wrote:
>>
>> I can find no example of this with a cell phone.
>
> Somebody yesterday posted about Triggerfish -- I can't find that post
> immediately.
>
> Wikipedia says (about Triggerfish):
>
> "Intercepting a cell phone call by a man in the middle attack, if
On Wednesday, December 22, 2021 02:02:13 PM Curt wrote:
> On 2021-12-22, rhkra...@gmail.com wrote:
> >* the other implied / inferred meaning is that of what I described,
> >that is
> >
> > calling one number and having it be intercepted by another party who
> > might masquerade as the cal
--
Sent with Tutanota, the secure & ad-free mailbox.
23 Dec 2021, 00:19 by cu...@free.fr:
> On 2021-12-21, rhkra...@gmail.com wrote:
>
>>
>> That is a known thing (a telephone intercept of a cell phone call), I have
>> found nothing so far about such a thing happening with a VOIP phone
Philippe LeCavalier writes:
> For this to work, you're implying someone is between you and google
> and the google voice service doesn't know.
Or someone has cracked either Google Voice or the bank (could be an
inside job in either case).
--
John Hasler
j...@sugarbit.com
Elmwood, WI USA
On Wednesday, December 22, 2021 02:02:13 PM Curt wrote:
> On 2021-12-22, rhkra...@gmail.com wrote:
> >* the other implied / inferred meaning is that of what I described,
> >that is
> >
> > calling one number and having it be intercepted by another party who
> > might masquerade as the cal
On 2021-12-22, rhkra...@gmail.com wrote:
>
>* the other implied / inferred meaning is that of what I described, that
> is
> calling one number and having it be intercepted by another party who might
> masquerade as the called party. (Somebody on the list pointed out
> essentially
> the s
On Wed, Dec 22, 2021 at 1:45 PM wrote:
> On Wednesday, December 22, 2021 09:19:31 AM Curt wrote:
> > On 2021-12-21, rhkra...@gmail.com wrote:
> > > That is a known thing (a telephone intercept of a cell phone call), I
> > > have found nothing so far about such a thing happening with a VOIP
> pho
On Wednesday, December 22, 2021 09:19:31 AM Curt wrote:
> On 2021-12-21, rhkra...@gmail.com wrote:
> > That is a known thing (a telephone intercept of a cell phone call), I
> > have found nothing so far about such a thing happening with a VOIP phone
> > or land line.
>
> It's a known thing to dia
On Tue, Dec 21, 2021, 17:23 tv.deb...@googlemail.com <
tv.deb...@googlemail.com> wrote:
> Le 21/12/2021 à 16:20, Richmond a écrit :
> > Jeremy Ardley writes:
> >
> >> On 21/12/21 9:59 am, rhkra...@gmail.com wrote:
> >>> On Monday, December 20, 2021 02:28:13 PM Brian wrote:
> On Mon 20 Dec 20
On 2021-12-21, rhkra...@gmail.com wrote:
>
> That is a known thing (a telephone intercept of a cell phone call), I have
> found nothing so far about such a thing happening with a VOIP phone or land
> line.
>
>
It's a known thing to dial one number and reach another? Can you provide
a link? What
On 2021-12-21 5:23 p.m., tv.deb...@googlemail.com wrote:
> Le 21/12/2021 à 16:20, Richmond a écrit :
>> Jeremy Ardley writes:
>>
>>> On 21/12/21 9:59 am, rhkra...@gmail.com wrote:
On Monday, December 20, 2021 02:28:13 PM Brian wrote:
> On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmai
On 22/12/21 6:23 am, tv.deb...@googlemail.com wrote:
One possiblity is that the target (recipient of the call) company
internal communication network was compromised. That happens quite
often, not as much as mail servers but it is still not unknown.
This is completely hypothetical, but with
Le 21/12/2021 à 16:20, Richmond a écrit :
Jeremy Ardley writes:
On 21/12/21 9:59 am, rhkra...@gmail.com wrote:
On Monday, December 20, 2021 02:28:13 PM Brian wrote:
On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmail.com wrote:
My identity has been stolen, and although it has nothing to do
On Tue, 21 Dec 2021 10:34:49 -0500
The Wanderer wrote:
> On 2021-12-21 at 09:10, Tim Woodall wrote:
>
> > On Tue, 21 Dec 2021, tv.deb...@googlemail.com wrote:
> >
> >> Le 21/12/2021 ? 14:24, Eike Lantzsch ZP6CGE a ?crit?:
> >>
> >> It is the second one, "Noscript" in one word [1]. Several
> >>
--
Sent with Tutanota, the secure & ad-free mailbox.
22 Dec 2021, 01:20 by richm...@criptext.com:
> Jeremy Ardley writes:
>
>> On 21/12/21 9:59 am, rhkra...@gmail.com wrote:
>>
>>> On Monday, December 20, 2021 02:28:13 PM Brian wrote:
>>>
On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra.
On Tuesday, December 21, 2021 01:44:51 PM Curt wrote:
> On 2021-12-21, rhkra...@gmail.com wrote:
> > Ahh, thank you -- maybe some confirmation that I'm not crazy. ;-)
> >
> > What kind of phone did you use to make the call -- I mean cell phone,
> > POTS, VOIP phone, or maybe something else?
>
>
On Tuesday, December 21, 2021 12:46:35 PM rhkra...@gmail.com wrote:
> What kind of phone did you use to make the call -- I mean cell phone, POTS,
> VOIP phone, or maybe something else?
Ahh, darn, sorry for the noise -- on first reading I missed the part about a
cell phone.
That is a known thing
On 2021-12-21, rhkra...@gmail.com wrote:
>>
>> I called a major international financial institution the other day with
>> a telephone number memorized by my cell phone that I've used conceivably
>> a hundred times previously over the years (I telephone monthly). I call
>> a specific department in
On Tue, 21 Dec 2021, The Wanderer wrote:
On 2021-12-21 at 09:10, Tim Woodall wrote:
Will umatrix still work in firefox 91?
Certainly didn't work for me in android v92.
Is uMatrix on the whitelist of extensions that are allowed on the mobile
version of Firefox?
Some good number of releases
On Tuesday, December 21, 2021 10:52:56 AM Curt wrote:
> On 2021-12-21, rhkra...@gmail.com wrote:
> > I used my eyes to read the number off the screen and then dial my
> > separate phone (not attached to a computer (well, other than the ObiHai
> > VOIP device).
>
> I called a major international f
On Monday, December 20, 2021 09:09:05 PM Jeremy Ardley wrote:
> There is a type of attack called cross-site scripting (XSS). It's mostly
> been eliminated by latest version browsers, but there are always
> zero-day vulnerabilities.
>
> The effect is that if you are vulnerable and have two tabs ope
On Monday, December 20, 2021 09:13:07 PM Jeremy Ardley wrote:
> On 21/12/21 10:09 am, Jeremy Ardley wrote:s.
>
> > There is a type of attack called cross-site scripting (XSS). It's
> > mostly been eliminated by latest version browsers, but there are
> > always zero-day vulnerabilities.
> >
> > Th
On 2021-12-21, rhkra...@gmail.com wrote:
>
> I used my eyes to read the number off the screen and then dial my separate
> phone (not attached to a computer (well, other than the ObiHai VOIP device).
>
>
I called a major international financial institution the other day with
a telephone number me
Jeremy Ardley writes:
> On 21/12/21 9:59 am, rhkra...@gmail.com wrote:
>> On Monday, December 20, 2021 02:28:13 PM Brian wrote:
>>> On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmail.com wrote:
My identity has been stolen, and although it has nothing to do with
>>> [...]
>>>
>>> May we kno
On 2021-12-21 at 09:10, Tim Woodall wrote:
> On Tue, 21 Dec 2021, tv.deb...@googlemail.com wrote:
>
>> Le 21/12/2021 ? 14:24, Eike Lantzsch ZP6CGE a ?crit?:
>>
>> It is the second one, "Noscript" in one word [1]. Several
>> look-alike have spawn over the years. I also use Umatrix [2], but
>> it
Tim Woodall wrote:
> On Tue, 21 Dec 2021, tv.deb...@googlemail.com wrote:
>
> > Le 21/12/2021 ? 14:24, Eike Lantzsch ZP6CGE a ?crit?:
> > It is the second one, "Noscript" in one word [1]. Several look-alike
> > have spawn over the years. I also use Umatrix [2], but it is more
> > complex.
> >
>
21.12.21, 15:10 +0100, Tim Woodall:
Will umatrix still work in firefox 91?
Yes.
--
Regards
mks
On Tue, 21 Dec 2021, tv.deb...@googlemail.com wrote:
Le 21/12/2021 ? 14:24, Eike Lantzsch ZP6CGE a ?crit?:
It is the second one, "Noscript" in one word [1]. Several look-alike have
spawn over the years. I also use Umatrix [2], but it is more complex.
For Firefox:
[1] https://addons.mozilla.or
Le 21/12/2021 à 14:24, Eike Lantzsch ZP6CGE a écrit :
On Dienstag, 21. Dezember 2021 09:43:42 -03 Kenneth Parker wrote:
On Tue, Dec 21, 2021, 3:15 AM local10 wrote:
Dec 21, 2021, 02:13 by jer...@ardley.org:
You can mitigate XSS by having a single browser that is used
solely to>
access high v
Le 21/12/2021 à 14:24, Eike Lantzsch ZP6CGE a écrit :
On Dienstag, 21. Dezember 2021 09:43:42 -03 Kenneth Parker wrote:
On Tue, Dec 21, 2021, 3:15 AM local10 wrote:
Dec 21, 2021, 02:13 by jer...@ardley.org:
You can mitigate XSS by having a single browser that is used
solely to>
access high v
On Dienstag, 21. Dezember 2021 09:43:42 -03 Kenneth Parker wrote:
> On Tue, Dec 21, 2021, 3:15 AM local10 wrote:
> > Dec 21, 2021, 02:13 by jer...@ardley.org:
> > > You can mitigate XSS by having a single browser that is used
> > > solely to>
> > access high value sites. e.g. if you routinely run
On Tue, Dec 21, 2021, 3:15 AM local10 wrote:
> Dec 21, 2021, 02:13 by jer...@ardley.org:
>
> > You can mitigate XSS by having a single browser that is used solely to
> access high value sites. e.g. if you routinely run Firefox, have a copy of
> Vivaldi that you use to access your banks - one at a
Dec 21, 2021, 02:13 by jer...@ardley.org:
> You can mitigate XSS by having a single browser that is used solely to access
> high value sites. e.g. if you routinely run Firefox, have a copy of Vivaldi
> that you use to access your banks - one at a time.
>
Installing NoScript also may help as it
rhkramer writes:
> I used my eyes to read the number off the screen and then dial my
> separate phone (not attached to a computer (well, other than the
> ObiHai VOIP device).
Didn't you also say that you later verified the number by checking the
logs in your Google account?
--
John Hasler
j...@s
On 21/12/21 10:18 am, Nicole wrote:
More at https://owasp.org/www-community/attacks/xss/
just out of curiousity: I understand XSS are like code injections into
the HTML through user controlled input or attacker controlled input, e.g.
the password field or the message you send someone. what yo
On 21/12/21 10:09 am, Jeremy Ardley wrote:s.
There is a type of attack called cross-site scripting (XSS). It's
mostly been eliminated by latest version browsers, but there are
always zero-day vulnerabilities.
The effect is that if you are vulnerable and have two tabs open, one
to the legitima
On 21/12/21 9:59 am, rhkra...@gmail.com wrote:
On Monday, December 20, 2021 02:28:13 PM Brian wrote:
On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmail.com wrote:
My identity has been stolen, and although it has nothing to do with
[...]
May we know the URL of the financial website you cont
On Monday, December 20, 2021 02:28:13 PM Brian wrote:
> On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmail.com wrote:
> > My identity has been stolen, and although it has nothing to do with
>
> [...]
>
> May we know the URL of the financial website you contacted and the
> help number you phoned
On Monday, December 20, 2021 02:09:13 PM Jeremy Nicoll wrote:
> On Mon, 20 Dec 2021, at 18:30, John Hasler wrote:
> > Jeremy Nicoll writes:
> >> How would Google intercept a financial institution's valid
> >> phone number?
> >
> > He was using Google Voice.
>
> When the OP "found" a number on scr
On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmail.com wrote:
> My identity has been stolen, and although it has nothing to do with Debian,
> Linux, or computing (well, in general). I thought it would be educational /
> important to notify everyone I can of what happened.
>
> I did not believ
On Mon, 20 Dec 2021, at 18:30, John Hasler wrote:
> Jeremy Nicoll writes:
>> How would Google intercept a financial institution's valid
>> phone number?
>
> He was using Google Voice.
When the OP "found" a number on screen, to ring, does that
mean he eg clicked on the display of a number and then
On Mon, Dec 20, 2021 at 12:47 PM Nicholas Geovanis
wrote:
>
> On Mon, Dec 20, 2021 at 12:31 PM John Hasler wrote:
>
>> Jeremy Nicoll writes:
>> > How would Google intercept a financial institution's valid phone
>> > number?
>>
>> He was using Google Voice.
>>
>
> Moreover the vast bulk of the US
On Mon, Dec 20, 2021 at 12:31 PM John Hasler wrote:
> Jeremy Nicoll writes:
> > How would Google intercept a financial institution's valid phone
> > number?
>
> He was using Google Voice.
>
Moreover the vast bulk of the USA's phone traffic outside the local central
office
service area is VoIP ov
Jeremy Nicoll writes:
> How would Google intercept a financial institution's valid phone
> number?
He was using Google Voice.
--
John Hasler
j...@sugarbit.com
Elmwood, WI USA
On Mon, 20 Dec 2021, at 16:12, John Hasler wrote:
> Did you notify Google? Seems likely that's where the hole is.
How would Google intercept a financial institution's valid phone
number?
--
Jeremy Nicoll - my opinions are my own.
Did you notify Google? Seems likely that's where the hole is.
--
John Hasler
j...@sugarbit.com
Elmwood, WI USA
On Mon, Dec 20, 2021 at 9:33 AM wrote:
> My identity has been stolen, and although it has nothing to do with
> Debian,
> Linux, or computing (well, in general). I thought it would be educational
> /
> important to notify everyone I can of what happened.
>
>
> This is part of what prompted my
58 matches
Mail list logo
