sablefoxx Posted June 7, 2009 Share Posted June 7, 2009 Looks kinda legit... this can't be good. http://seclists.org/fulldisclosure/2009/Jun/0062.html Looks like Slashdot picked it up; http://it.slashdot.org/story/09/06/07/2019...t-T-Mobile-Hard Quote Link to comment Share on other sites More sharing options...
digip Posted June 7, 2009 Share Posted June 7, 2009 Thats what they get for trying to own Megenta. Quote Link to comment Share on other sites More sharing options...
stingwray Posted June 7, 2009 Share Posted June 7, 2009 Just read this, given the amount of poorly secured data on the internet, I'm surprised this doesn't happen more often to be honest. I have to say I lol'd when I read they blamed the competitors for not buying the data because they talked to the wrong people. I hope they had the sense to say no because they'd be in more trouble being found with the data then doing the job itself. Quote Link to comment Share on other sites More sharing options...
dr0p Posted June 8, 2009 Share Posted June 8, 2009 That's a pretty awesome hack... it's always interesting to read about high-profile stuff like this. Quote Link to comment Share on other sites More sharing options...
digip Posted June 8, 2009 Share Posted June 8, 2009 Thats almost as bad as StrongWebMail asking to have its CEO's email hacked, then it happens, and they are like, "We'll get back to you, we're not sure you followed the rules." Rules?? Its the inernet. There are no rules, no lines on a map, borders or walls for us to climb over. You leave the front door open thats your fault, but people would probably still climb in the back window, just because they can and want to see whats inside. Walking in the front door might only get you to the foyer before being spotted. Having a tunnel from the house across the street might give you enough time to swipe everything in the place, inlcuding the kitchen sink. T-Mobile is a pretty big target, and I'm sure they get attacked all the time. What big company doesn't these days, but the people who did this probably had one of two things going for them. 1, someone on the inside helped(wether intentionally or unintentional), or 2, a severe flaw was unpatched which allowed any half wit script kiddy high on andrenaline and looking to exploit every site he/she visits to gain access to this data. I imagine for the size of some of these hacks, its probably not all accessable via just the website itself and requires intimate knowledge of their network, so they would need to know things like their corporate network topology, routers, firewalls, user names and passwords or even VPN tunnels into the companies servers. Maybe even thrid party off site data storage, like a lot of companies use, only some of these companies don't encrypt their offsite backups, which is a big no-no to begin with. Working for a bank, I know that we don't send off site backups out unless they are encrypted, but it wasn't always done this way. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.