[ISN] T-Mobile Hotspot uses SSN for passphrase

From: InfoSec News (isnat_private)
Date: Mon May 12 2003 - 01:31:22 PDT

  • Next message: InfoSec News: "[ISN] Beware of the new breed of hackers"

    http://catless.ncl.ac.uk/go/risks/22/72/7
    
    [ http://accounts.hotspot.t-mobile.com/security.htm - T-Mobile doesn't
    support WEP, and from the URL above, a small number of legacy sites
    don't encrypt your username and password.   - WK]
    
    
    Conrad Heiney <conrad (at) fringehead.org>
    Thu, 8 May 2003 16:20:34 -0700
    
    I just signed up for T-Mobile Wireless' "Hot Spot" service, which 
    provides wireless Internet access via Starbucks Coffee, Borders Books, 
    and many other semi-public places in the U.S. As a current T-Mobile 
    telephone subscriber I was given a good deal. I was also given a user 
    name and a passphrase, neither one of which can be changed. The user 
    name is my telephone number and the pass phrase is the last four 
    digits of my social security number.
    
    The obvious RISK of using the phone number and SSN in this manner is 
    pretty awful (identity theft, etc.) but what's also quite funny is 
    that those are the two things you need to identify yourself to 
    T-Mobile for any other purpose, too. Try again, guys.
    
    Conrad Heiney 
    conrad (@) fringehead.org 
    http://fringehead.org
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon May 12 2003 - 04:15:18 PDT