The problem is that the customer never gave out the passwords and the server is behind a firewall not controlled by Qwest so how do the phones have access to the server for email without ever asking for a password during setup or at time of request? Dave H -----Original Message----- From: Stephen A Santos [SMTP:steveat_private] Sent: Wednesday, August 22, 2001 6:26 AM To: 'David B. Harrison'; vuln-devat_private Subject: RE: Cell phone access to email If it is anything like Nextels system the password information is stored on their end and authentication is made the same way the system knows which number goes with which phone. So yes, anyone with a cloned cell can get the email. =================== Stephen A Santos 63 W Fountainhead Dr #107 Westmont, IL 60559 H: 630-241-0493 M: 630-561-9368 -----Original Message----- From: David B. Harrison [mailto:hdavid11580at_private] Sent: Tuesday, August 21, 2001 11:07 PM To: vuln-devat_private Subject: Cell phone access to email I am hoping someone can answer a question for me. A customer of mine is testing a new cell phone from Qwest. It gives them access to cheap cell phone connection and Internet mail. The problem is it connects to exchange without a password. I can see if qwest was the server location and they were doing a copy of some sort, but the server is behind a firewall from Qwest yet they are getting email to the phone both external and local. Any Ideas? Dave H
This archive was generated by hypermail 2b30 : Wed Aug 22 2001 - 08:07:44 PDT