Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: security curmudgeon (jerichoattrition.org)
Date: Thu Jun 10 2010 - 15:54:57 CDT
'Brute force' script snatched iPad e-mail addresses
'No hack, no infiltration, no breach,' say security experts, just sloppy AT&T software
By Gregg Keizer
June 10, 2010 06:44 AM ET
The harvesting of over 100,000 iPad 3G owners' e-mail addresses was not a
hack or a classic data breach, but a brute-force attack of a minor feature
AT&T offered to Apple customers, experts said Wednesday.
According to New York-based Praetorian Security Group, which obtained a
copy of the PHP script used to scrape e-mail addresses from AT&T's
servers, the attack succeeded because the mobile carrier used poorly
A nine-person hacking group known as Goatse Security claimed
responsibility for the script, which amassed 114,000 e-mail addresses.
"There's no hack, no infiltration, and no breach, just a really
poorly-designed Web application that returns e-mail address when ICC-ID is
passed to it," Praetorian said in a late Wednesday entry on its security
An ICC-ID (Integrated Circuit Card Identifier) is the unique number
assigned to each SIM card. A mobile device's SIM stores information that
identifies the specific wireless customer to his or her carrier. The iPad
3G contains a SIM card.
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/
Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.