Slashdot Mirror
More Holes Found in T-Mobile Website
mogwhat writes "Even though T-Mobile's website was decisively hacked into over a year ago by now (in)famous cracker Nick Jacobsen, a blog posting by computer security expert Jack Koziol details many serious security holes in various T-Mobile websites. You would think that T-Mobile would have paid attention the first time? Time to get a new cell phone provider!"
I wish I could switch to a provider that protects their "secured" website better than T-Mobile but they're the only company that provides the Sidekick II in the United States. And I can't really use other phones because of my hearing disability.
I hate the feeling of being trapped to one provider because they have something the others don't, even though they treat their customers like complete and utter shit. T-Mobile customer service leaves quite a lot to be desired.
"Black holes are where God divided by zero." - Steve Wright
little known, but the Secret Service have jurisdiction over counterfeiting crimes
It's not a little known fact amongst people who follow the hacking/cracking/phreaking/carding scene, even loosely. Read the excellent book the hacker crackdown by Bruce Sterling for an informative account of what the SS does (and also does spectacularly wrong).
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
The issue is that when Nick Jacobson owned T-Mobile's website, he used that to gain access to their entire network -- every picture sent or recieved, every text message, possibly even phone calls. He owned a good portion of the company.
I mod down pyramid schemes in sigs.
Traditional Landline companies take customer privacy very seriously (at least the ones I worked for) but the new technologies - Mobility, cell, internet divisions/companies always seemed to be playing fast and loose with phone company policy. Very frustrating from the landline side of the house. Not that the landline divisions are much more secure but at least they generally have the right attitude to security.
The rock, the vulture, and the chain
according to netcraft they are running win 2k for the server.
Evolution or ID?
Insightful my hiney. I read the front page right now, i.e. 14 blurbs, and I count 2 that end with a question, one of them being the one you complain about, and the other being a valid question imho.
This said, I agree that the questions are sometime s lame (like this one). Probably submitters feel compelled to leave the blurb open-ended to start the thread of discussion, out of fear of seeing the "important news" fall flat on its face, and it sometimes really is quite annoying.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
T-Mobile is a german company. Originally it was called "Telekom" which is short for "Telecommunication", then they split up their departments into T-Com (responsible for telephone services), T-Onlien (ISP services), T-Systems (business solutions) and T-Mobile (mobile communication). They just kept the name when buying themselves into the US market.
If sensitive market data is being sent via email your provider is the least of your worries. Email is an inherently insecure form of information transfer (without encryption). In addition to that I can't imagine that T-Mobile doesn't have something in their contract legalese that explicitly says that they are not responsible for the security of email passed through their systems.
"If you're flammable and have legs, you are never blocking a fire exit." - Mitch Hedberg
The article says the site uses ASP, but that error message at the end sure looks like a Java stack trace to me.
Go ahead and waste your life with your inhibitions, just don't ruin other people's lives with your intolerances.
Email doesn't get any more secure when you encrypt your data, your data does. STMP communication is still as vulnerable to interception as it ever was, it's just that now the intercepted data is, largely, useless.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
http://www.cgisecurity.com/articles/xss-faq.shtml
http://www.cgisecurity.com/questions/sql.shtml
Numerous reasons the US wireless telecom industry sucks.
The main reason for what you're seeing, though, is that unlike Europe, we have several competing standards. GSM is finally starting to spread, but additional standards are still common.
So 1: your phone has to match your network standard. If you're not using a GSM provider, you're pretty much left with nowhere but the provider (or an authorized reseller, which just sells the same phones anyway) to buy a phone. And even if you could buy a phone elsewhere for a non-GSM network, it would still have to be programmed by your provider to work.
1a: Not all GSM providers are using the same frequency. And in the case of Cingular, they're not even always using the same frequency across their entire service area.
2: Providers are all over exclusivity contracts. Cingular, for example, is the only provider that can offer the Motorola RAZR V3. When Cingular merged with AT&T, Sony-Ericsson phones mysteriously disappeared from the other providers. In some cases, the manufacturer is still able to offer the phone unlocked and without activation to the general public. But...
3: Unlocked phone prices are outrageous. The US providers heavily subsidize the phones they sell (and SIM lock them). Without activation, the RAZR V3 is $600. With activation, it's $260. Prices for other phones are similarly disparate. Nokia's N-Gage runs $200 unlocked. Up until recently, you could get it for between $0 and -$150 (you made $150 by buying the phone) if you shopped around and signed into a new contract. And all this is assuming you can find a handset that's offered unlocked and without a plan. Most models simply aren't available that way. (For reference, the cheapest handset Nokia offers here "handset only" is $130.)
You buy the phone, you pay for the service, and unless you want to hemorrhage at the wallet, you select from the phones offered by your provider.
I and many others wish the wireless here was more like it is in Europe, but we're damn well screwed in the mean time.
[Disclaimer: Slightly off topic].
I *like* T-mobile's phones...
Err, T-Mobile doesn't make phones. Since you can get any phone T-Mobile offers from online retailers, their phones shouldn't really influence your choice of provider. Unless you're willing to get roped into a contract for the sake of saving a hundred bucks on a phone. It's often not worth it. There are very good sites online to buy unbranded GSM phones, such as ustronics.com, mobilecityonline.com, and expansys.com to name a few. And good review sites, such as gsmarena.com.
Personally, I'm getting as far away from T-Mobile as possible when my contract expires next month. Don't get me wrong, they have some very good plans and most times their customer service is wonderful. But their signal is horrific (I'm in the DC metropolitan area), and they've recently started charging for international messages. When I complained about the latter, I was told that it was not a contract violation on their part (which it is), and that I was duly informed, which I was not. So customer service is wonderful if they agree with you, and call you a liar if you're not.
For the same money, I'd rather have reception. Given the AT&T and Cingular merger, especially with free mobile-to-mobile minutes and the latter's rollover plans, T-Mobile just got some very stiff competition that I doubt they can face. Add this bad publicity for security, and I think they're in over their heads.
*blinking cursor*