Skip to main content

t-mobile-hilton-follow-up

(0 comments)

From the washingtonpost.com:

The group already had spent a year studying weaknesses in T-Mobile's Web sites. The group member interviewed for this story had already written a simple computer program that could reset the password for any T-Mobile user whose phone number the hackers knew.

The hacker called a T-Mobile store and convinced the employee that they were calling from HQ

When prompted, the employee then offered the Internet address of the Web site used to manage T-Mobile's customer accounts -- a password-protected site not normally accessible to the general public -- as well as a user name and password that employees at the store used to log on to the system.

There are a lot of other interesting tid-bits, the whole article is worth a read.

Companies like T-Mobile face a big problem in how they can convince an employee that the passwords for their systems are important, when they don't pay them much money.

Of course, since the exposure provided by the Hilton attack actually increased Sidekick sales, why should they? Perhaps this is why my calls to Danger have gone unanswered ;).

BTW, if anyone has a Sidekick and would be willing to test our J2ME software token on it, please contact me (nowen at wikidsystems.com) or just try it out here. You will not get any obnoxious sales emails.


Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

Recent Posts

Archive

2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom