Forwarded from: Steven Moshlak <smoshlakat_private> "Dumpster-Diving" for information is as old ad, well, J Edgar Hoover's boy's used to do it (they busted a spy ring or two), competitors would go through the trash, searching for hardcopy print-out's, not to mention the criminal element, which has made identity theft, which until late, has become a major and prolific problem. The solution is simple; if it is worth securing, it is worth shredding and/or securing your sensitive documentation. This happened in California? So what else is new? -Steve ----- Original Message ----- From: "InfoSec News" <isnat_private> To: <isnat_private> Sent: Friday, May 30, 2003 1:38 AM Subject: [ISN] Lamo Hacks Cingular Claims Site > http://www.wired.com/news/privacy/0,1848,59024,00.html > > By Christopher Null > May. 29, 2003 > > Cingular can issue insurance to its mobile-phone customers to > protect them against loss and damage, but it apparently can't ensure > that hackers won't have full access to their personal data. > > Adrian Lamo, a hacker who in the past has broken into The New York > Times and Yahoo, found a gaping security hole in a website run by a > company that issues the insurance to Cingular customers. By > accessing the site, Lamo said he could have pulled up millions of > customer records had he wanted to. > > He said he discovered the problem this weekend through a random > finding in a Sacramento Dumpster, where a Cingular store had > discarded records about a customer's insurance claim for a lost > phone. By simply typing in a URL listed on the detritus, Lamo was > taken to the customer's claim page on a site run by lock\line LLC, > which provides the claim management services to Cingular. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Jun 02 2003 - 03:28:47 PDT