lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Nov 2007 23:16:13 +0200 From: "avivra" <avivra@...il.com> To: <full-disclosure@...ts.grok.org.uk>, <bugtraq@...urityfocus.com> Subject: Using CSRF to Attack Mobile Phones CSRF can be used to cause denial-of-service attacks against mobile phones by flooding the phone with SMS and service messages. Mobile phone service providers in Israel, and throughout the world, provide a web interface to send SMS messages. Fortunately, they limit the SMS sending web interface to 20 messages per day, and they also require the user to authenticate in order to send an SMS. Unfortunately, at-least when referring to the Israeli providers, they also give attackers a way to send endless SMS and service messages without any kind of authentication and with a simple HTTP request. More information: http://aviv.raffon.net/2007/11/22/UsingCSRFToAttackMobilePhones.aspx
Powered by blists - more mailing lists