Information Security News mailing list archives
T-Mobile Hotspot uses SSN for passphrase
From: InfoSec News <isn () c4i org>
Date: Mon, 12 May 2003 03:31:22 -0500 (CDT)
http://catless.ncl.ac.uk/go/risks/22/72/7 [ http://accounts.hotspot.t-mobile.com/security.htm - T-Mobile doesn't support WEP, and from the URL above, a small number of legacy sites don't encrypt your username and password. - WK] Conrad Heiney <conrad (at) fringehead.org> Thu, 8 May 2003 16:20:34 -0700 I just signed up for T-Mobile Wireless' "Hot Spot" service, which provides wireless Internet access via Starbucks Coffee, Borders Books, and many other semi-public places in the U.S. As a current T-Mobile telephone subscriber I was given a good deal. I was also given a user name and a passphrase, neither one of which can be changed. The user name is my telephone number and the pass phrase is the last four digits of my social security number. The obvious RISK of using the phone number and SSN in this manner is pretty awful (identity theft, etc.) but what's also quite funny is that those are the two things you need to identify yourself to T-Mobile for any other purpose, too. Try again, guys. Conrad Heiney conrad (@) fringehead.org http://fringehead.org - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- T-Mobile Hotspot uses SSN for passphrase InfoSec News (May 12)
- <Possible follow-ups>
- Re: T-Mobile Hotspot uses SSN for passphrase InfoSec News (May 13)