en proves
Contingut
1 de març del 2005
El "hacker" va aprofitar un forat sense tapar de T-Mobile
Un vulnerabilitat coneguda però no corregida, va permetre a Nicolas Jacobsen, de 22 anys, disposar d’accés durant un any a les dades personals de clients de l’operadora T-Mobile, fins i tot va poder llegir el correu electrònic d’un agent del servei secret dels EUA. Un inusual secretisme envolta el cas.
Vota:
  • Actualment 2 sobre 5
  • 1
  • 2
  • 3
  • 4
  • 5
(..) Nicolas Jacobsen, 22, pleaded guilty (..) to a single felony charge of intentionally gaining access to a protected computer and recklessly causing damage. His cybercrime spree in T-Mobile's network began in late 2003, and didn’t end until his arrest last fall.

(..) a vulnerability discovered in early 2003 in the BEA WebLogic application server produced by San Jose, California. (..) BEA produced a patch for the bug in March 2003 and issued a public advisory rating it a high-severity vulnerability.

In July of that year, the hole was spotlighted in a presentation at the Black Hat Briefings convention in Las Vegas. (..) detailed precisely how to exploit the vulnerability. (..) Jacobsen learned (..) from the advisory, crafted his own 20-line exploit in Visual Basic (..) By October 2003, he'd hit pay dirt at T-Mobile, where he used the exploit to gain a foothold in the company's systems. He then wrote his own front-end to the customer database to which he could return at his convenience.

(..)

(..) The hacker had access to T-Mobile customer passwords, Social Security numbers, dates-of-birth and other information, which he offered to make available to fraudsters and identity thieves over an online web forum.

Additionally, Jacobson used passwords stolen from the database to read T-Mobile customers' e-mail, including that of a U.S. Secret Service agent. (..)

(..)

(..) the company said last week it couldn't comment on its vulnerabilities or patching policies without placing customers at further risk.

(..)

Jacobsen's hacks were neither the first nor the last consumer privacy problem at T-Mobile. Last year, the company faced criticism for giving cell phone users a default voice mail configuration that leaves them open to Caller I.D.-spoofing snoops -- an issue that lingers today.

And last week a copycat hacker penetrated Paris Hilton's T-Mobile Sidekick account a second time, posting the hotel chain heiress' electronic memo pad, address book and a new batch of private photos on the web. The company's security thus became the unlikely topic of tabloid media interest.

(..)


  • Es pot llegir la primera noticia sobre el cas, amb especulacions incloses, a: Hacker 'Gets More' From T-Mobile.
  • Comentaris
    Digues la teva *
    Informació Relacionada
    En general
    Per temes
    Des del punt de vista de la tecnologia
    Hacker
    Servidor d'aplicacions
    Des del punt de vista de l'empresa, i legal
    Telecomunicacions
    Accions judicials
    Des del punt de vista local i de les persones
    Casa, personal