Kevin Poulsen explains the lax security procedures at T-Mobile that made last week’s Paris Hilton leak possible on WiredNews. Apparently an exploit to their WebLogic application server allowed anyone to extract customer records for at least 18 months after the vulnerability was first announced. T-Mobile has publically started they’ve contacted 400 people whose information might have been compromised, but it seems likely that thousands more could be at risk. T-Mo says they have the holes patched up, but won’t list specifics of their actions. Obviously some holes, like the Caller ID spoofing voice mail issue we thought we discovered last week (but has been known for a lot longer, it seems), are still wide open.
https://gizmodo.com/paris-hiltons-sidekick-ii-hacked-what-about-yours-33637
Known Hole Aided T-Mobile Breach [Wired]
