[Owasp-Malaysia] telco info leak via web app?

Hasanuddin Abu Bakar hasanuddin at sigmarectrix.com
Wed Oct 6 02:46:53 EDT 2010


On Wed, Oct 6, 2010 at 2:42 PM, Raja Iskandar Shah
<rajaiskandars at gmail.com>wrote:

> i liked this comment on arsyan's blog post:
>
> Ben Dover says:
> October 5, 2010 at 2:04 pm<http://arsyan.com/blog/2010/10/04/maxis-billing-system-bug/#comment-146>
>
> This is what happen when you outsource your whole IT to IBM and they bring
> in a bunch of shitty Indian contractors
>
>
That remind me of their big boss




>
> On Wed, Oct 6, 2010 at 2:27 PM, Hasanuddin Abu Bakar <
> hasanuddin at sigmarectrix.com> wrote:
>
>> Their RADIUS internet/3g billing system also get compromised. I am not
>> revealing the vulnerabilities to public because it can cause a large damage
>> to their system, financially. I am also a Maxis customer and this is not a
>> small deal.
>>
>>
>>
>> On Wed, Oct 6, 2010 at 12:01 PM, Mohd Fazli Azran <mfazliazran at gmail.com>wrote:
>>
>>> It happen regular not Maxis but other also. After upgrade they test at
>>> public. Suppose before the up to the public they must test internal and just
>>> open to their staff. But when open to the public it will cause big impact if
>>> the application going trouble. After i get this email i just test to login
>>> my old account. Erkssss...
>>>
>>> Now Maxis really really big trouble after my old number i can login
>>> ahaks..... i think my number already deactivated and my SIM card are not
>>> active.. But at web online i can used it. Already email to maxis helpline
>>> and ask to disable it. Haiya. Surprise why Maxis just like that.... just!!!
>>>
>>> Business is business :P
>>>
>>> On Wed, Oct 6, 2010 at 11:27 AM, James Tan <jameztcc at gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> saw this in a tech feed.... ...
>>>>
>>>> http://arsyan.com/blog/2010/10/04/maxis-billing-system-bug/
>>>> was read from:
>>>> http://www.lowyat.net/v2/bugged-maxis-online-account-system-shows-others-personal-info-2.html
>>>>
>>>> Anyone with Maxis account could figure out what's the likely cause?
>>>>
>>>>
>>>> thanks,
>>>> James Tan
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-Malaysia mailing list
>>>> Owasp-Malaysia at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>
>>>> OWASP Malaysia Wiki
>>>> http://www.owasp.org/index.php/Malaysia
>>>>
>>>> OWASP Malaysia Wiki Facebook
>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-Malaysia mailing list
>>> Owasp-Malaysia at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>
>>> OWASP Malaysia Wiki
>>> http://www.owasp.org/index.php/Malaysia
>>>
>>> OWASP Malaysia Wiki Facebook
>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>
>>
>>
>>
>>  --
>> Hasanuddin Abu Bakar
>> GSEC #28858
>> IT Security Engineer
>> +6017 913 1983
>>
>> Sigma Rectrix Systems (M) Sdn Bhd
>> No.15 & 15-1, Jalan Equine 9A,
>> Equine Park, Bandar Putra Permai
>> 43300 Seri Kembangan Selangor
>> URL             : www.sigmarectrix.com
>>
>> Phone        : 03-89486696
>> Fax              : 03-89487796
>> Helpdesk  : 03-89486596
>>
>>
>> _______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebook
>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>



-- 
Hasanuddin Abu Bakar
GSEC #28858
IT Security Engineer
+6017 913 1983

Sigma Rectrix Systems (M) Sdn Bhd
No.15 & 15-1, Jalan Equine 9A,
Equine Park, Bandar Putra Permai
43300 Seri Kembangan Selangor
URL             : www.sigmarectrix.com

Phone        : 03-89486696
Fax              : 03-89487796
Helpdesk  : 03-89486596
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20101006/e1297f61/attachment.html 


More information about the Owasp-Malaysia mailing list