RE: Cell phone access to email

From: David B. Harrison (hdavid11580at_private)
Date: Wed Aug 22 2001 - 07:11:35 PDT

  • Next message: acz [iSecureLabs]: "TR: BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability"

    The problem is that the customer never gave out the passwords and the 
    server is behind a firewall not controlled by Qwest so how do the phones 
    have access to the server for email without ever asking for a password 
    during setup or at time of request?
    Dave H
    
    -----Original Message-----
    From:	Stephen A Santos [SMTP:steveat_private]
    Sent:	Wednesday, August 22, 2001 6:26 AM
    To:	'David B. Harrison'; vuln-devat_private
    Subject:	RE: Cell phone access to email
    
    If it is anything like Nextels system the password information is stored
    on their end and authentication is made the same way the system knows
    which number goes with which phone.  So yes, anyone with a cloned cell
    can get the email.
    
    
    ===================
    Stephen A Santos
    63 W Fountainhead Dr #107
    Westmont, IL 60559
    H: 630-241-0493
    M: 630-561-9368
    
    -----Original Message-----
    From: David B. Harrison [mailto:hdavid11580at_private]
    Sent: Tuesday, August 21, 2001 11:07 PM
    To: vuln-devat_private
    Subject: Cell phone access to email
    
    
    I am hoping someone can answer a question for me.  A customer of mine is
    
    testing a new cell phone from Qwest.  It gives them access to cheap cell
    
    phone connection and Internet mail.  The problem is it connects to
    exchange
    without a password.  I can see if qwest was the server location and they
    
    were doing a copy of some sort, but the server is behind a firewall from
    
    Qwest yet they are getting email to the phone both external and local.
    
    Any Ideas?
    Dave H
    



    This archive was generated by hypermail 2b30 : Wed Aug 22 2001 - 08:07:44 PDT