The voicemail “hack” is a well known shortcoming of cell voicemail services.
When calling your voicemail number from your mobile your caller id is used to put you in the right mailbox, but if you call that voicemail number from another line you are asked for your mobile number and your pin code.
In the majority of cases users haven’t set a pin number so the default (lists available on the web) is used.
So all you have to do is find out what network they’re on by (in order of newbishness):

• Ring the phone till you get redirected to voicemail
• If they don’t have a personalised answer message you’ll get the default message which will say the orange/t-mobile, vodaphone etc
• IF they do have a personalised message hit * to get to the main menu same applies as above
• Google the phone number prefix -> different networks have different prefixes
• Since the availbility of number porting this may not be accurate.
• Try all the voicemail numbers till the cell number is recognised…duh
• Send a network query message (online smsc services can provide this 99% accurate)

Once you know what network they are on just dial in, enter the mobile / cell number and the default pin.

If that doesn’t work fire up google / facebook etc and get the persons key dates, dob, anniversary etc and try those. “90% of the time it works every time”

If not you could just brute force the numbers, a small vb program and a skype out account makes this easy, though any decent security program would catch this I doubt there are any running, yet!

So at best that’s brute forcing or social engineering, a hacker would bypass the passcode altogether and simply setup an asterix box with a voip provider and spoof the targets caller id.

Once that’s done, send a network query message to find out the targets network, lookup the voicemail number and dial it with the spoofed caller id.

So long as the user hasn’t set up their voicemail account to require a password when called from their own mobile you’re straight into the account and can listen to messages at will.

It’s also worth noting that in current UK legislation it’s only illegal to intercept and alter communications, so as long as you only listen to old messages and don’t delete anything you aren’t actually breaking the law.

Once an email / voicemail / text has been heard or read by the intended recipient that communication has completed and cannot be intercepted thereafter.

Time for a change I think…..Food for though eh!

A short Promo for West Cheshire College’s new Technologies Campus in Handbridge Chester.

Completed in After Effects and now on display on the large screens around the new build.

Interested in commissioning a promo for your company? Please contact us

FE providers come across similar issues on a day to day basis and it is our hope that FEBoard will allow these issues and subsequent resolutions to be archived for easy recollection should they arise again.

FEBoard will also host a number of handy tools and scripts shared by providers to help make gruelling tasks that little bit easier!

Only members with a valid .ac.uk address may register in the private forums, but if you qualify head over to http://feboard.co.uk

Non members can read the public posts at   http://feboard.co.uk/blog

For more info goto IPM Remote CCTV Monitoring

Take a look!
There’s a WCC Challenge in here somewhere

Driving Directions Between Japan and China

Take a look

…Check out point 43!

In this two parter I hope to explain the dangers and why most of us are effected though little fault of our own.

In part two show you easy ways to improve your online security in a few simple steps

You’ve already heard the privacy warnings associated with Facebook and just how much personal data you put online, and many have started to protect their details by restricting who can see your full profile.

That’s great…but that data is still online and if you can see it so can anyone else who cares to look.

“I’m safe, I always check there is a padlock and my browser says things are secure before I login!”

That’s great!

Unfortunately however, one is assuming that you need a username and password to access your websites.

Meet Chip, the friendly session cookie. Chip makes things easier for you as you browse a website.

Like all good cookies chip is completely unique so once he sits on your computer he can be used to identify your computer.

No-one likes logging in every time they visit a new page so when you log into a site like Facebook good ol’ Chip is sent to your PC so that Facebook can just check if Chip is there. If he is you can look around the site without entering your username and password again.

That’s great but Chip isn’t encrypted like your username and password…he can be copied.

It used to be quite difficult to copy Chip. You had to be on the same PC or at least on the same network.

With the rapid take up of WiFi this is no longer the case.

Wi-Fi Foe FON

Most people are familiar with Wifi.

You use it every day, a lot of us on our mobiles.

Wifi isn’t limited to the home either, now you can access the web for free or for a small charge at pubs, hotels and petrol stations around the country.

The problem is on open WiFi (where no password is required)  all the data is broadcast in the open for anyone to plug out of the air.

So as Facebook looks for Chip, anyone on the same WiFi can take a copy of Chip.

If that same person goes to Facebook, Facebook will see the Copied chip and log that person on as you.

I don’t use FaceBook

Another thumbs up from the author J, but this problem is not just associated with Facebook.

In fact it can be much more dangerous on other sites.

Access to your email means access to any emails for any sites you have joined, particularly those related to usernames, passwords and bills.

The same method can be used on:

• Windows Live (Mail, Messenger, Calendars, Blog, Webspace and any site which uses the windows live login method)
• Yahoo (Mail, Apps, Webspace, Messenger etc)
• Amazon
• Ebay
• Digg
• Gmail
• Google Apps

And many many more

I only use my own WiFi

Great…(you can see this coming can’t you)…but!

The majority of broadband internet users in the UK use the router supplied by their ISP.

Setting up a router can be tricky for the non-technically minded, so the ISP’s decided that you should be able to plug it in and have it just work.

For this reason the majority of routers are still being used with the default WiFi passwords.

It would be a really bad idea to send out thousands of routers with the same password so cunning ISP’s set the password on each router using a clever bit of math based on each routers unique ID.

Unfortunately some cleverer people quickly figured out what that math was and you can easily figure out the WiFi password of a router using free tools available online.

The most at risk are users with routers who’s names include the text: BTHomeHub, Speedtouch, Thompson,Orange, DLink, Alice, FastWeb, DMAX, WLAN, Infinitum or Eirecom

How is it’s done?

I’m not going to go into detail for obvious reasons, but the basics are as follows.

A = Attacker

U= Normal User

1. U has a BTHomeHub, he hasn’t changed the default WiFi password
2. A gets the name of U’s WiFi network and uses free calculator online to generate possible passwords
3. A checks the passwords and finds one that works
4. U is happily checking his email
5. A steals Chip the friendly session cookie and uses it to login to U’s email
6. U chats to some friends on FaceBook on his phone
7. A sees that FaceBook has sent another friendly session cookie to U so he copies that too
8. A logs into FaceBook using U’s cookie and sees that U’s using the Facebook application on his phone. A knows that the FB app uploads the phones contact list so A goes to http://facebook.com/phonebook
9. A now has a list of all the contacts in U’s mobile phone including U’s mobile number
10. A is looking through U’s emails and has spotted U’s CV and a few electronic Bills and paypal details
11. A now has all the information needed to order things online using U’s details
12. U is unaware that his details have been accessed. A has since looked at U’s ancestry.com emails and downloaded U’s family tree. At this point A probably knows more about U than U’s spouse.

Securing yourself……..Part 2 coming soon

Initial Orange Customer Service responses stated that outages were limited and service would resume shortly.

It became quickly apparent from social network postings that the issue was not limited (unless one counts UK wide as limited). I set up http://orangefail.co.uk to raise awareness of the issue and collate postings from social network twitter so the UK public could at leasts see they were not alone.

Thankfully many of these tweets, posts and emails received on orangefail.co.uk contained GEOIP data allowing a map to be constructed showing where outages were reported.

Whilst not full proof it gives a nice insight into just how widespread the problem was and how much it was understated by Orange Customer Service.

Remember to user hashtag #orangefail to appear on the site!

My idea is to create an application which will allow the same site to be browsed simultaneously in several different browser engines.
Navigating to a page in any of the browser windows will cause the other browser windows to follow the navigation.

Also one browser window can be chosen as the master (everything works here) and have any differences in rendering be automatically highlighted in the other windows.

Each set of browsers can then be tested with or without flash / js etc with an automatic log of the testing process kept to allow exact replays while issues are being addressed.

Please leave comments below.

The long awaited and much disputed BBC News application is available on your iPod Touch, iPhone and iPad free of charge via the Apple AppStore.

As you would expect from Auntie, I was quickly impressed with the overall user experience.

Those familiar with the Pulse news application will recognise the familiar carousel allowing a simple swipe to reveal other stories in each section.

Selecting a thumbnail neatly slides the story selections off to the left bringing in the full text from the right.

Twitter users who instinctively drag down to refresh content will welcome the integration of  the familiar gesture, allowing immediate updates for those too impatient for the automatic refresh.

From here you can easily move back to the thumbnails screen by poking the back button or use the familiar home screen swipe to the left or right to navigate through the other articles.

It’s nice to see the beeb keeping with it’s excellent accessibility record here providing text size adjustments via well placed buttons on the bottom right.

One should that this increases text size rather than simply zooming in, thus preserving readability and keeping the text sharp on non ‘retina’ displays.

Inset videos are identified by the now easily recognisable iplayer Tap To Play button.

Streaming is excellent on wifi and as it uses the already established iplayer wizardry tech availability and quality are second to none.

iPad users will recognise the influence of Pulse here too.

I love Pulse but the BBC news app is just more polished, though one must admit the BBC is only syndicating it’s own content so it’s much easier to make everything pretty.

Watching the embedded video is much nicer on the ipad as it happily plays in place rather than taking over the full screen.

Like Pulse, other article thumbnails can be ‘thumbed’ through with one hand whilst simultaneously scrolling the main article on the right.

Live streaming is every bit as sharp and beautiful to watch as the recorded video, though I did experience a few problems getting it working initially.

The app informed me that the content was unavailable outside the UK.

Sitting in a house in Merseyside one was a little confused.

However, if this should happen to you simply find an article with an embedded video and play that first.

After that live streaming works just fine.

**UPDATE**
Just had an update from Auntie, issues with live streaming have been fixed.

A must have app for every iWhatever owning Brit.

Well done Auntie! Click the button below to download the app!