Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

domenica 22 gennaio 2012

T-Mobile staff data and passwords hacked and published

The hacktivist group TeaMp0isoN has published the names and passwords of T-Mobile staff.

Following a dump of knowledge on Pastebin, it said: "Take a look at the passwords, epic fail. All of the passwords are manually given to staff via an admin who uses the identical set of passwords." Speaking to Softpedia the hackers said they targeted T-Mobile because it is supporting the Patriot Act within the US â€" and they'd view any cell phone company doing in order a valid target.

“One of the foremost reasons for the hack is because they're corrupted, but we also desired to show how weak their security is,” the gang said. It claimed to have found SQL injection vulnerabilities at the T-Mobile website where it found the names, email addresses, phone numbers and passwords of the directors and staff members.

T-Mobile's parent company, Deutsche Telekom, said that only the newsroom part of the web site was compromised and no other T-Mobile proprieties were affected. No customers had been affected, it said.

John Stock, senior security consultant at Outpost24, said: “The most worrying aspects of this attack are twofold. Firstly, the passwords utilized by T-Mobile staff appear to have been given to them by administrators who employ a similar password for every individual, a fundamental security error. Secondly, TeaMp0isoN appear to have used an SQL injection to breach defences, essentially the mostsome of the most used and most simply defended against strategy of attack.

“On closer analysis, these points may be attributed to a single failing by T-Mobile â€" a scarcity of understanding of current security threats. By now companies must be familiar with the dangers posed to their IT systems by common vulnerabilities, corresponding to SQL and XSS attacks. Additionally, if companies are handing out passwords to staff they ought to be unique to every person, meaning that if one account is compromised, others aren't.”

TeaMp0isoN has previously targeted large organisations, with the United Nations targeted in November, and hit the headlines in the summer when the official BlackBerry blog was defaced after its parent, RIM, said it'll co-operate fully with the house Office and police following the London riots.



Pubblicato da alle 23:59

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)