[Owasp-Malaysia] telco info leak via web app?

Raja Iskandar Shah rajaiskandars at gmail.com
Wed Oct 6 02:42:47 EDT 2010


i liked this comment on arsyan's blog post:

Ben Dover says:
October 5, 2010 at 2:04
pm<http://arsyan.com/blog/2010/10/04/maxis-billing-system-bug/#comment-146>

This is what happen when you outsource your whole IT to IBM and they bring
in a bunch of shitty Indian contractors


On Wed, Oct 6, 2010 at 2:27 PM, Hasanuddin Abu Bakar <
hasanuddin at sigmarectrix.com> wrote:

> Their RADIUS internet/3g billing system also get compromised. I am not
> revealing the vulnerabilities to public because it can cause a large damage
> to their system, financially. I am also a Maxis customer and this is not a
> small deal.
>
>
>
> On Wed, Oct 6, 2010 at 12:01 PM, Mohd Fazli Azran <mfazliazran at gmail.com>wrote:
>
>> It happen regular not Maxis but other also. After upgrade they test at
>> public. Suppose before the up to the public they must test internal and just
>> open to their staff. But when open to the public it will cause big impact if
>> the application going trouble. After i get this email i just test to login
>> my old account. Erkssss...
>>
>> Now Maxis really really big trouble after my old number i can login
>> ahaks..... i think my number already deactivated and my SIM card are not
>> active.. But at web online i can used it. Already email to maxis helpline
>> and ask to disable it. Haiya. Surprise why Maxis just like that.... just!!!
>>
>> Business is business :P
>>
>> On Wed, Oct 6, 2010 at 11:27 AM, James Tan <jameztcc at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> saw this in a tech feed.... ...
>>>
>>> http://arsyan.com/blog/2010/10/04/maxis-billing-system-bug/
>>> was read from:
>>> http://www.lowyat.net/v2/bugged-maxis-online-account-system-shows-others-personal-info-2.html
>>>
>>> Anyone with Maxis account could figure out what's the likely cause?
>>>
>>>
>>> thanks,
>>> James Tan
>>>
>>>
>>> _______________________________________________
>>> Owasp-Malaysia mailing list
>>> Owasp-Malaysia at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>
>>> OWASP Malaysia Wiki
>>> http://www.owasp.org/index.php/Malaysia
>>>
>>> OWASP Malaysia Wiki Facebook
>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>
>>
>>
>> _______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebook
>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
>
>
>
> --
> Hasanuddin Abu Bakar
> GSEC #28858
> IT Security Engineer
> +6017 913 1983
>
> Sigma Rectrix Systems (M) Sdn Bhd
> No.15 & 15-1, Jalan Equine 9A,
> Equine Park, Bandar Putra Permai
> 43300 Seri Kembangan Selangor
> URL             : www.sigmarectrix.com
>
> Phone        : 03-89486696
> Fax              : 03-89487796
> Helpdesk  : 03-89486596
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20101006/fadb77e9/attachment.html 


More information about the Owasp-Malaysia mailing list