Jump to content

T-Mobile USA's Servers May Have Been Comprimised


sablefoxx

Recommended Posts

Looks kinda legit... this can't be good.

http://seclists.org/fulldisclosure/2009/Jun/0062.html

Looks like Slashdot picked it up;

http://it.slashdot.org/story/09/06/07/2019...t-T-Mobile-Hard

Link to comment
Share on other sites

Thats what they get for trying to own Megenta.

Link to comment
Share on other sites

Just read this, given the amount of poorly secured data on the internet, I'm surprised this doesn't happen more often to be honest.

I have to say I lol'd when I read they blamed the competitors for not buying the data because they talked to the wrong people. I hope they had the sense to say no because they'd be in more trouble being found with the data then doing the job itself.

Link to comment
Share on other sites

Thats almost as bad as StrongWebMail asking to have its CEO's email hacked, then it happens, and they are like, "We'll get back to you, we're not sure you followed the rules." Rules?? Its the inernet. There are no rules, no lines on a map, borders or walls for us to climb over. You leave the front door open thats your fault, but people would probably still climb in the back window, just because they can and want to see whats inside. Walking in the front door might only get you to the foyer before being spotted. Having a tunnel from the house across the street might give you enough time to swipe everything in the place, inlcuding the kitchen sink.

T-Mobile is a pretty big target, and I'm sure they get attacked all the time. What big company doesn't these days, but the people who did this probably had one of two things going for them. 1, someone on the inside helped(wether intentionally or unintentional), or 2, a severe flaw was unpatched which allowed any half wit script kiddy high on andrenaline and looking to exploit every site he/she visits to gain access to this data. I imagine for the size of some of these hacks, its probably not all accessable via just the website itself and requires intimate knowledge of their network, so they would need to know things like their corporate network topology, routers, firewalls, user names and passwords or even VPN tunnels into the companies servers. Maybe even thrid party off site data storage, like a lot of companies use, only some of these companies don't encrypt their offsite backups, which is a big no-no to begin with. Working for a bank, I know that we don't send off site backups out unless they are encrypted, but it wasn't always done this way.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...