Editorial - Text Messages are High Risk even if from the State of California

[Placerville Calif, 3/27/21, Cris Alarcon]

Those that know me understand "I DO NOT Text." Sorry, call or FB message me or Email me via my own server or Google. Being in Cyberspace since it went public I am very cautious with sensitive information transferred on any system that is not LOCKED into a Intranet without external contacts!

Even Decades ago I would not accept Credit Card purchases on my Servers. All CC transactions were via telephone voice or Mail [USPS paper mail.] #1

Having done my share of Whitehat work over those decades I am sure that Internet is only for things YOU DON"T MIND going public in a most viral manner.

Several new payment platforms from "PayPal" to "Google pay" are VERY secure - maybe more secure than your bank!

This is done by a Keyed Encryption at the sending end and the matching Key to unencrypt the message at the other end. That means you get a new Screen that contains a message that can only be read for a short time using encryption at Both ends. That all goes away fast and cannot be seen again except by internal records of either party.

Where do you keep such records on your end? In your email or Text records? If so, your are at GREAT RISK.

Who can you trust? As Fox Mulder said, "Trust No One"

Recently I signed up with Cal for the COVID-19 vaccine. In the sign-up form they asked me many more questions than needed and it was clear to me they were fishing for additional information to stock databases for other uses. This I expect BUT I am glad I REFISED to answer some questions.

I noted in the form's boxes that some information I would NEVER put on a single electronic form transferred over the internet. Specifically that I was refusing to add my Mother's Maidan Name to a from with My full name and Date of Birth. I know from experience that I can get a tremendous amount of Personal Information using those three pieces of information. Form a Social number and current address, employment and on and on - just with those three pieces of Personal information.

So I refused to combine them.

It may have seemed safe as they used new pages of form for the Information that was transferred [a decent safety protocol]

AND THEN emailed me back all the form information that I had supplied in several different pages online - in a single Email recap with all of it there! Including the box for my Mother's Madan Name box where I wrote REFUSED, {I even made an exclusionary statement at the end of Confirmation that I did not answer all the questions accurate and fully with the caveat "No. I refused to answer ..."

End of this: I got my shot and in my email was a BUNCH of information I would never disclose normally but in this case I did provide the information vie a Cal State Secured Form that was segmented into several forms ... Only to get all that back in my Email box! #2

-- Read this story and be careful of anything in your Email and especially ANY kind of Text like SMS.

"From an IT security perspective, this story gets far more frightening as it delves into how messed up the entire telecom universe is when it comes to protecting text communications. That is yet another reason why texting can't be trusted for authentication or, for that matter, for almost anything.

Consider this from the story: "In Sakari's case, it receives the capability to control the rerouting of text messages from another firm called Bandwidth, according to a copy of Sakari's LOA (Letter of Authorization) obtained by Motherboard. Bandwidth told Motherboard that it helps manage number assignment and traffic routing through its relationship with another company called NetNumber. NetNumber owns and operates the proprietary, centralized database that the industry uses for text message routing, the Override Service Registry (OSR), Bandwidth said."

For years, the key argument against relying on text message confirmations is that they are susceptible to man-in-the-middle attacks, which is still true. But this peek into the authorized infrastructure for text messages means that text takeovers can happen far more simply. ..."

Main Story: https://www.computerworld.com/article/3612243/text-authentication-is-eve...

#1 https://www.computerworld.com/article/2589189/mindspring-site-exposes-pa...

#2 in my reply to the email. A Image of the TEXT MESSAGE they sent back me [some obfuscated by me for display] - Note the box for Mother Median Name.