[ISN] Insecure at Softbank

From: InfoSec News (isn@private)
Date: Wed Jun 02 2004 - 01:44:38 PDT

  • Next message: InfoSec News: "[ISN] Book review: "Computer Security for the Home and Small Office" by Thomas C. Greene"

    http://news.ft.com/servlet/ContentServer?pagename=FT.com/StoryFT/FullStory&c=StoryFT&cid=1085944451298
    
    June 2 2004
    
    Softbank president Masayoshi Son would probably be feeling more
    pleased with himself about his latest deal to take over Japan Telecom,
    were it not for a public embarrassment within his own, supposedly
    techno-savvy organisation.
     
    Two men arrested and charged with trying to blackmail Softbank with
    data they held on the group's customers were, it turns out, both
    contributors to PC Japan, a Softbank publication full of tips on
    network security.
    
    Yutaka Tomiyasu allegedly obtained information on users of Yahoo BB,
    Softbank's broadband internet service provider, from its database and
    tried to extort payment in exchange for returning the information.
    
    In 3 years he had more than 30 articles appear in PC Japan, a
    publication for advanced PC users that specialises in network security
    matters. The latest is in the June edition.
    
    His unnamed partner, who was a temporary employee at Softbank, wrote a
    feature article last year about how to protect against hacking and
    viruses.
    
    How are they alleged to have got to the database? While working for
    Softbank, Tomiyasu's partner had been given a user name and password
    needed to access it from a remote terminal.
    
    Softbank - wait for it - didn't bother to change these after he left,
    since they were being used by other employees who needed access to the
    data.
    
    Oh dear.
     
     
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Wed Jun 02 2004 - 04:31:54 PDT