funsec mailing list archives
Australia: Privacy Breach at Astratel
From: "Fergie" <fergdawg () netzero net>
Date: Fri, 31 Mar 2006 18:51:26 GMT
Via Autralian IT. [snip] A security hole in Sydney internet provider Astratel's LiveBilling online account management system has seriously compromised its customers' privacy. Astratel customer Nick Adams notified the ISP after he discovered that he could view billing information and call records for other customers, by lodging their phone number into an online query form. Mr Adams also demonstrated that non-Astratel member could access the compromised web query service by transplanting code from the page where it was located and placing it at an alternative web address. "There's no security moving between the pure members section and this LiveBilling part of the web site. You can put anyone's phone number and you pull their call records and their account balance," Mr Adams said. The link to the compromised billing service was still accessible until late today. [snip] More: http://australianit.news.com.au/articles/0,7204,18665780%5E15306%5E%5Enbv%5E,00.html - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Australia: Privacy Breach at Astratel Fergie (Mar 31)