Information Security News mailing list archives
Re: Lamo Hacks Cingular Claims Site
From: InfoSec News <isn () c4i org>
Date: Mon, 2 Jun 2003 03:08:25 -0500 (CDT)
Forwarded from: Steven Moshlak <smoshlak () interserv com> "Dumpster-Diving" for information is as old ad, well, J Edgar Hoover's boy's used to do it (they busted a spy ring or two), competitors would go through the trash, searching for hardcopy print-out's, not to mention the criminal element, which has made identity theft, which until late, has become a major and prolific problem. The solution is simple; if it is worth securing, it is worth shredding and/or securing your sensitive documentation. This happened in California? So what else is new? -Steve ----- Original Message ----- From: "InfoSec News" <isn () c4i org> To: <isn () attrition org> Sent: Friday, May 30, 2003 1:38 AM Subject: [ISN] Lamo Hacks Cingular Claims Site
http://www.wired.com/news/privacy/0,1848,59024,00.html By Christopher Null May. 29, 2003 Cingular can issue insurance to its mobile-phone customers to protect them against loss and damage, but it apparently can't ensure that hackers won't have full access to their personal data. Adrian Lamo, a hacker who in the past has broken into The New York Times and Yahoo, found a gaping security hole in a website run by a company that issues the insurance to Cingular customers. By accessing the site, Lamo said he could have pulled up millions of customer records had he wanted to. He said he discovered the problem this weekend through a random finding in a Sacramento Dumpster, where a Cingular store had discarded records about a customer's insurance claim for a lost phone. By simply typing in a URL listed on the detritus, Lamo was taken to the customer's claim page on a site run by lock\line LLC, which provides the claim management services to Cingular.
- ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Re: Lamo Hacks Cingular Claims Site InfoSec News (Jun 02)