  baineschile2600 ways to livePremium
join:2008-05-10
Sterling Heights, MI | Ya think This type of information would be on a closed system at corporate HQ.
I wonder if its financial data on the company, or their users. | |
|
 | Chaldo
join:2008-03-18
West Bloomfield, MI | Re: Ya think Yea but its all in the inner network, if they get access to vpn somehow they can access that information. | |
|
| | chopper plans and the helicopter plans were on a closed network also...  | |
|
 PToN
join:2001-10-04
Houston, TX | OS or app? Is the list on the post made at insecure.org is true, i would wonder if it would be a new vulnerability in *nix..? There is a lot of HP-UX listed there as well as AIX and Sun... | |
|
|  bigfitchPremium
join:2005-06-01
Murrayville, IL | Re: OS or app? If this is true. It just adds more proof that everything is accesable if you have the know how and the time.
Wonder if said hacker left himself a backdoor to get more info for his next auction. Lol | |
|
| | PToN
join:2001-10-04
Houston, TX | Re: OS or app? Well, once he said he got it he close any possible backdoor he/she might have left.
He wanted this for $$$ and not for any other purpose. Any respectable hacker/cracker knows that one of the rules is to never close any doors to a system you might need later, else he would have said nothing and he might have been able to use the servers for much bigger things. However, this is just an extortion case.. | |
|
| | | said by PToN:Is the list on the post made at insecure.org is true, i would wonder if it would be a new vulnerability in *nix..? There is a lot of HP-UX listed there as well as AIX and Sun... Could just be that the T-mobile admins were lazy about security updates. This is how their systems were breached back in 2005. They failed to patch a security exploit that had been widely known about for a while. | |
|
| | | | Re: OS or app? said by KodiacZiller:said by PToN:Is the list on the post made at insecure.org is true, i would wonder if it would be a new vulnerability in *nix..? There is a lot of HP-UX listed there as well as AIX and Sun... Could just be that the T-mobile admins were lazy about security updates. This is how their systems were breached back in 2005. They failed to patch a security exploit that had been widely known about for a while. Having worked for one of the companies that sells one of those operating systems, I will tell you that often times big companies are lax on internal security. They have a good firewall, but systems on the other side are unpatched. They make the mistake of trusting the network, but all it takes is one security breach, and then someone is in a wonderland of vulnerable systems. The company I worked for was running a number of unpatched Windows servers, and that got them in trouble when a windows virus got through via email. It then started spreading on the internal network. There were also engineers using Unix workstations running outdated releases of our Unix-based OS for which we were no longer making security patches. They were also using things like rsh, telnet, etc., which don't encrypt anything. Were someone from the outside to get a compromised machine and set ethernet in promiscuous mode -- oh man, a cornucopia of passwords!
T-Mobile may be doing something similar. The lesson is don't trust the network, even if you have a firewall. | |
|
| | | | | Re: OS or app? said by cyclone_z:said by KodiacZiller:said by PToN:Is the list on the post made at insecure.org is true, i would wonder if it would be a new vulnerability in *nix..? There is a lot of HP-UX listed there as well as AIX and Sun... Could just be that the T-mobile admins were lazy about security updates. This is how their systems were breached back in 2005. They failed to patch a security exploit that had been widely known about for a while. Having worked for one of the companies that sells one of those operating systems, I will tell you that often times big companies are lax on internal security. They have a good firewall, but systems on the other side are unpatched. They make the mistake of trusting the network, but all it takes is one security breach, and then someone is in a wonderland of vulnerable systems. The company I worked for was running a number of unpatched Windows servers, and that got them in trouble when a windows virus got through via email. It then started spreading on the internal network. There were also engineers using Unix workstations running outdated releases of our Unix-based OS for which we were no longer making security patches. They were also using things like rsh, telnet, etc., which don't encrypt anything. Were someone from the outside to get a compromised machine and set ethernet in promiscuous mode -- oh man, a cornucopia of passwords! T-Mobile may be doing something similar. The lesson is don't trust the network, even if you have a firewall. Not quite sure the lesson is so much of "Don't trust the network".
More along the lines of as we always say in the security world: "The weakest element in any security system is the human element." | |
|
| | | |  KevNYCPremium
join:2002-03-31
Seattle, WA | Re: OS or app? SkyNet anyone? | |
|
| | | | | It is not "Don't trust the network", but "don't trust the users"! | |
|
| | I hope he requests Hopefully he requests for them to get better data coverage and try to get on par with AT&T for voice coverage 
Then it wouldn't be an extortion... but rather a robin hood like effort | |
|
| | And try to get service w/o them keeping your SSN on file I'm sure it's required for other reasons besides a credit report these days...but what's wrong with DELETING IT after you have run the credit report.
And if it is the case that stricter post 9/11 laws require such info to be kept (and thereby more available for theft)...then where is the companion legislation that cracks down on all banking and commercial entities that let you get credit and do things without full and proper verification of identity that goes beyond the current status quo.
The more this goes on the more I'm for Federal IDs that include biometrics. If I am going to lose my privacy anyway I may as well feel more confident that nobody is going to steal my identity as well. | |
|
| | | Re: And try to get service w/o them keeping your SSN on file I had TM service without giving them my SSN. | |
|
| |  dvd536as Mr. Pink as they comePremium
join:2001-04-27
Phoenix, AZ
kudos:4 | Re: And try to get service w/o them keeping your SSN on file said by hottboiinnc:I had TM service without giving them my SSN. So do i. they don't even have my real name or address. prepaid for the win!
--
When I gez aju zavateh na nalechoo more new yonooz tonigh molinigh - Ken Lee | |
|
 MannusPremium
join:2005-10-25
Fort Wayne, IN | Bwahahahahahaha! You cant' stop me and my TRS-80 from ruling the WORLD!!!!! | |
|
| |  T-Mobile has confirmed....
-Sources
»www.cio.com/article/494553/T_Mob···_Genuine
»www.cellphonesignal.com/t-mobile···stomers/
--
Mastermind 4 Life ® ™ © | |
|
| | I think they are from outside USA... I think they are from outside USA based on the language they use:
"We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are
offering them for the highest bidder. "
Where it says "with" their competitors, it should be "we already contacted their competitors" without the "with"
Another example, "their competitors" , "their data"
Maybe it should have been "the data" or "Alltel data"
Where it says "for" the highest bidder it should be "to" the highest bidder.
The entire thing the way is written seems a bit odd. So I think they are from outside USA. | |
|
| | One more thing... Just noticed "probably because" that is definitely not a everyday word used in USA.
I am almost convinced they are from outside USA.... | |
|
|
|
