baineschile2600 ways to live Premium Member join:2008-05-10 Sterling Heights, MI |
Ya thinkThis type of information would be on a closed system at corporate HQ.
I wonder if its financial data on the company, or their users. | |
|
| Chaldo join:2008-03-18 West Bloomfield, MI |
Chaldo
Member
2009-Jun-8 9:17 am
Re: Ya thinkYea but its all in the inner network, if they get access to vpn somehow they can access that information. | |
|
1 recommendation |
chopper plansand the helicopter plans were on a closed network also... | |
|
PToN Premium Member join:2001-10-04 Houston, TX |
PToN
Premium Member
2009-Jun-8 9:28 am
OS or app?Is the list on the post made at insecure.org is true, i would wonder if it would be a new vulnerability in *nix..? There is a lot of HP-UX listed there as well as AIX and Sun... | |
|
| bigfitch Premium Member join:2005-06-01 Montgomery, IL |
bigfitch
Premium Member
2009-Jun-8 9:51 am
Re: OS or app?If this is true. It just adds more proof that everything is accesable if you have the know how and the time.
Wonder if said hacker left himself a backdoor to get more info for his next auction. Lol | |
|
| | PToN Premium Member join:2001-10-04 Houston, TX |
PToN
Premium Member
2009-Jun-8 10:30 am
Re: OS or app?Well, once he said he got it he close any possible backdoor he/she might have left.
He wanted this for $$$ and not for any other purpose. Any respectable hacker/cracker knows that one of the rules is to never close any doors to a system you might need later, else he would have said nothing and he might have been able to use the servers for much bigger things. However, this is just an extortion case.. | |
|
| |
to PToN
said by PToN:Is the list on the post made at insecure.org is true, i would wonder if it would be a new vulnerability in *nix..? There is a lot of HP-UX listed there as well as AIX and Sun... Could just be that the T-mobile admins were lazy about security updates. This is how their systems were breached back in 2005. They failed to patch a security exploit that had been widely known about for a while. | |
|
| | |
Re: OS or app?said by KodiacZiller:said by PToN:Is the list on the post made at insecure.org is true, i would wonder if it would be a new vulnerability in *nix..? There is a lot of HP-UX listed there as well as AIX and Sun... Could just be that the T-mobile admins were lazy about security updates. This is how their systems were breached back in 2005. They failed to patch a security exploit that had been widely known about for a while. Having worked for one of the companies that sells one of those operating systems, I will tell you that often times big companies are lax on internal security. They have a good firewall, but systems on the other side are unpatched. They make the mistake of trusting the network, but all it takes is one security breach, and then someone is in a wonderland of vulnerable systems. The company I worked for was running a number of unpatched Windows servers, and that got them in trouble when a windows virus got through via email. It then started spreading on the internal network. There were also engineers using Unix workstations running outdated releases of our Unix-based OS for which we were no longer making security patches. They were also using things like rsh, telnet, etc., which don't encrypt anything. Were someone from the outside to get a compromised machine and set ethernet in promiscuous mode -- oh man, a cornucopia of passwords! T-Mobile may be doing something similar. The lesson is don't trust the network, even if you have a firewall. | |
|
| | | |
Re: OS or app?said by cyclone_z:said by KodiacZiller:said by PToN:Is the list on the post made at insecure.org is true, i would wonder if it would be a new vulnerability in *nix..? There is a lot of HP-UX listed there as well as AIX and Sun... Could just be that the T-mobile admins were lazy about security updates. This is how their systems were breached back in 2005. They failed to patch a security exploit that had been widely known about for a while. Having worked for one of the companies that sells one of those operating systems, I will tell you that often times big companies are lax on internal security. They have a good firewall, but systems on the other side are unpatched. They make the mistake of trusting the network, but all it takes is one security breach, and then someone is in a wonderland of vulnerable systems. The company I worked for was running a number of unpatched Windows servers, and that got them in trouble when a windows virus got through via email. It then started spreading on the internal network. There were also engineers using Unix workstations running outdated releases of our Unix-based OS for which we were no longer making security patches. They were also using things like rsh, telnet, etc., which don't encrypt anything. Were someone from the outside to get a compromised machine and set ethernet in promiscuous mode -- oh man, a cornucopia of passwords! T-Mobile may be doing something similar. The lesson is don't trust the network, even if you have a firewall. Not quite sure the lesson is so much of "Don't trust the network". More along the lines of as we always say in the security world: "The weakest element in any security system is the human element." | |
|
| | | | KevNYC Premium Member join:2002-03-31 Seattle, WA |
KevNYC
Premium Member
2009-Jun-8 10:43 pm
Re: OS or app?SkyNet anyone? | |
|
| | | |
NonSecPer to cyclone_z
Anon
2009-Jun-9 3:52 pm
to cyclone_z
It is not "Don't trust the network", but "don't trust the users"! | |
|
|
Anonnn
Anon
2009-Jun-8 11:57 am
I hope he requestsHopefully he requests for them to get better data coverage and try to get on par with AT&T for voice coverage Then it wouldn't be an extortion... but rather a robin hood like effort | |
|
|
And try to get service w/o them keeping your SSN on fileI'm sure it's required for other reasons besides a credit report these days...but what's wrong with DELETING IT after you have run the credit report.
And if it is the case that stricter post 9/11 laws require such info to be kept (and thereby more available for theft)...then where is the companion legislation that cracks down on all banking and commercial entities that let you get credit and do things without full and proper verification of identity that goes beyond the current status quo.
The more this goes on the more I'm for Federal IDs that include biometrics. If I am going to lose my privacy anyway I may as well feel more confident that nobody is going to steal my identity as well. | |
|
| |
Re: And try to get service w/o them keeping your SSN on fileI had TM service without giving them my SSN. | |
|
| | dvd536as Mr. Pink as they come Premium Member join:2001-04-27 Phoenix, AZ |
dvd536
Premium Member
2009-Jun-9 2:12 am
Re: And try to get service w/o them keeping your SSN on filesaid by hottboiinnc4:I had TM service without giving them my SSN. So do i. they don't even have my real name or address. prepaid for the win! | |
|
Mannus Premium Member join:2005-10-25 Fort Wayne, IN
1 recommendation |
Mannus
Premium Member
2009-Jun-8 1:45 pm
Bwahahahahahaha!You cant' stop me and my TRS-80 from ruling the WORLD!!!!! | |
|
|
T-Mobile has confirmed....To reaffirm, the protection of our customers information and the security of our systems is paramount at T-Mobile. Regarding the recent claim on a Web site, weve identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers. We continue to investigate the matter, and have taken additional precautionary measures to further ensure our customers information and our systems are protected. At this moment, we are unable to disclose additional information in order to protect the integrity of the investigation, but customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible. -Sources » www.cio.com/article/4945 ··· _Genuine» www.cellphonesignal.com/ ··· stomers/ | |
|
|
mm8
Anon
2009-Jun-9 1:49 pm
I think they are from outside USA...I think they are from outside USA based on the language they use:
"We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are offering them for the highest bidder. "
Where it says "with" their competitors, it should be "we already contacted their competitors" without the "with"
Another example, "their competitors" , "their data" Maybe it should have been "the data" or "Alltel data"
Where it says "for" the highest bidder it should be "to" the highest bidder.
The entire thing the way is written seems a bit odd. So I think they are from outside USA. | |
|
mm8 |
mm8
Anon
2009-Jun-9 1:52 pm
One more thing...Just noticed "probably because" that is definitely not a everyday word used in USA.
I am almost convinced they are from outside USA.... | |
|
|
|