Results 1 to 7 of 7

Thread: Cingular Wireless Hacked

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    Cingular Wireless Hacked

    Adrian Lamo has done it again. After digging through some trash (I guess he was bored?) and coming up with some pertinent customer information and an "unpublished" URL he was able to access customer information of Cingular users.

    The URL was not password protected. It seems that an assumption was made that because the URL was unpublished that only people who were given the address would go to it or have a reason to view it so it didn't need security.

    The documents found in the trash should have been shredded as well to prevent something like this from happening.

    Here is the article: Wired.com Article

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    goes to show that user participation cannot be counted on where security is concerned. employees of Cingular were supposed to shred the docs. very short sighted on cingulars part not to mention the stupidity of not password protecting the site which i doubt was lock\line LLC's idea but that dosnt alter the fact that Lamo indulged in industrial espionage for personal gain. if i were cingular, lamo would be in jail. if you or i were to dumpster dive just 'to see' we'd be telling it to the judge even if we planned to report anything found to those in charge.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    Gotta love Dumpster Diving!
    Tedob, I disagree with your opinion about that, for pointing out the flaw to Cingular, he should be sent to jail. Maybe for industrial cracking for financial purposes but not for simply opening their eyes, plus nothing was affected as far as I know.
    Peace
    \"Great spirits always encounter strong opposition from mediocre minds.\"
    Albert Einstein

  4. #4
    Whether or not anything was messed, all personal info needs to be secure if it is connected to the net, and cingular should have shredded the personal information. They were lucky that someone with malicous intent din't get a hold of the urls.

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    +=+=+=+=+=+=+=+
    Maybe for industrial cracking for financial purposes but not for simply opening their eyes, plus nothing was affected as far as I know.
    +=+=+=+=+=+=+=+

    he didn't do it for the simple purpose of opening their eyes he did it for the sole purpose of promoting himself = financial gain. if you dont think spreading what he discovered to the media caused the orgs involved and the people who work for them any harm i dont know what to tell you. not that it might not be deserved.

    i didn't say or at least i didn't think i did that he "should" go to jail. i said if i were cingular i would prosecute. what he does causes more damage than hacking a site to deface it. and who do you think will suffer for this. the working person at the bottom of the chain for not carrying out a policy that was never enforced.

    i thought the ethical rules of disclosure were to notify the party and make it public if action were not taken to correct the issue. i dont see where this man has any ethics at all he dosn't care who gets hurt as long as his name is published.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    In my opinion, this was not really a hack. Basically, he pointed out to the company that customer information was accessible via a non-password protected site. Just because the site isn't published to everyone, doesn't mean you can't access it. As far as I'm concerned, he didn't hack into anything, he simply used the features of the site.

    What do you think?


    --PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  7. #7
    Senior Member
    Join Date
    Jul 2002
    Posts
    744
    I think the point, though, was that he had 'stolen' property from Cingular, whether in the garbage or not.. .he wouldn't have had the original URL's to work off of if he didn't go dumpster diving into the Cingular retail location's garbage. . . And yeah definatley not a hack.
    Every now and then, one of you won't annoy me.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •