Slashdot Mirror
More Holes Found in T-Mobile Website
mogwhat writes "Even though T-Mobile's website was decisively hacked into over a year ago by now (in)famous cracker Nick Jacobsen, a blog posting by computer security expert Jack Koziol details many serious security holes in various T-Mobile websites. You would think that T-Mobile would have paid attention the first time? Time to get a new cell phone provider!"
I wish I could switch to a provider that protects their "secured" website better than T-Mobile but they're the only company that provides the Sidekick II in the United States. And I can't really use other phones because of my hearing disability.
I hate the feeling of being trapped to one provider because they have something the others don't, even though they treat their customers like complete and utter shit. T-Mobile customer service leaves quite a lot to be desired.
"Black holes are where God divided by zero." - Steve Wright
little known, but the Secret Service have jurisdiction over counterfeiting crimes
It's not a little known fact amongst people who follow the hacking/cracking/phreaking/carding scene, even loosely. Read the excellent book the hacker crackdown by Bruce Sterling for an informative account of what the SS does (and also does spectacularly wrong).
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
The issue is that when Nick Jacobson owned T-Mobile's website, he used that to gain access to their entire network -- every picture sent or recieved, every text message, possibly even phone calls. He owned a good portion of the company.
I mod down pyramid schemes in sigs.
Traditional Landline companies take customer privacy very seriously (at least the ones I worked for) but the new technologies - Mobility, cell, internet divisions/companies always seemed to be playing fast and loose with phone company policy. Very frustrating from the landline side of the house. Not that the landline divisions are much more secure but at least they generally have the right attitude to security.
The rock, the vulture, and the chain
according to netcraft they are running win 2k for the server.
Evolution or ID?
Insightful my hiney. I read the front page right now, i.e. 14 blurbs, and I count 2 that end with a question, one of them being the one you complain about, and the other being a valid question imho.
This said, I agree that the questions are sometime s lame (like this one). Probably submitters feel compelled to leave the blurb open-ended to start the thread of discussion, out of fear of seeing the "important news" fall flat on its face, and it sometimes really is quite annoying.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
T-Mobile is a german company. Originally it was called "Telekom" which is short for "Telecommunication", then they split up their departments into T-Com (responsible for telephone services), T-Onlien (ISP services), T-Systems (business solutions) and T-Mobile (mobile communication). They just kept the name when buying themselves into the US market.
If sensitive market data is being sent via email your provider is the least of your worries. Email is an inherently insecure form of information transfer (without encryption). In addition to that I can't imagine that T-Mobile doesn't have something in their contract legalese that explicitly says that they are not responsible for the security of email passed through their systems.
"If you're flammable and have legs, you are never blocking a fire exit." - Mitch Hedberg
The article says the site uses ASP, but that error message at the end sure looks like a Java stack trace to me.
Go ahead and waste your life with your inhibitions, just don't ruin other people's lives with your intolerances.