[Owasp-Malaysia] telco info leak via web app?

Hazrul Hamzah hazrul at hazrulnz.net
Wed Oct 6 03:09:33 EDT 2010


 Bro,

Did u notify Maxis? If yes what are their response?

On 06/10/2010 14:27, Hasanuddin Abu Bakar wrote:
> Their RADIUS internet/3g billing system also get compromised. I am not
> revealing the vulnerabilities to public because it can cause a large
> damage to their system, financially. I am also a Maxis customer and
> this is not a small deal.
>
>
>
> On Wed, Oct 6, 2010 at 12:01 PM, Mohd Fazli Azran
> <mfazliazran at gmail.com <mailto:mfazliazran at gmail.com>> wrote:
>
>     It happen regular not Maxis but other also. After upgrade they
>     test at public. Suppose before the up to the public they must test
>     internal and just open to their staff. But when open to the public
>     it will cause big impact if the application going trouble. After i
>     get this email i just test to login my old account. Erkssss... 
>
>     Now Maxis really really big trouble after my old number i can
>     login ahaks..... i think my number already deactivated and my SIM
>     card are not active.. But at web online i can used it. Already
>     email to maxis helpline and ask to disable it. Haiya. Surprise why
>     Maxis just like that.... just!!!
>
>     Business is business :P
>
>     On Wed, Oct 6, 2010 at 11:27 AM, James Tan <jameztcc at gmail.com
>     <mailto:jameztcc at gmail.com>> wrote:
>
>         Hi,
>
>         saw this in a tech feed.... ...
>
>         http://arsyan.com/blog/2010/10/04/maxis-billing-system-bug/
>         was read
>         from: http://www.lowyat.net/v2/bugged-maxis-online-account-system-shows-others-personal-info-2.html
>
>         Anyone with Maxis account could figure out what's the likely
>         cause?
>
>
>         thanks,
>         James Tan
>
>
>         _______________________________________________
>         Owasp-Malaysia mailing list
>         Owasp-Malaysia at lists.owasp.org
>         <mailto:Owasp-Malaysia at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
>         OWASP Malaysia Wiki
>         http://www.owasp.org/index.php/Malaysia
>
>         OWASP Malaysia Wiki Facebook
>         http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
>
>
>     _______________________________________________
>     Owasp-Malaysia mailing list
>     Owasp-Malaysia at lists.owasp.org <mailto:Owasp-Malaysia at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
>     OWASP Malaysia Wiki
>     http://www.owasp.org/index.php/Malaysia
>
>     OWASP Malaysia Wiki Facebook
>     http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
>
>
>
> -- 
> Hasanuddin Abu Bakar
> GSEC #28858
> IT Security Engineer
> +6017 913 1983
>
> Sigma Rectrix Systems (M) Sdn Bhd
> No.15 & 15-1, Jalan Equine 9A,
> Equine Park, Bandar Putra Permai
> 43300 Seri Kembangan Selangor
> URL             : www.sigmarectrix.com <http://www.sigmarectrix.com>
>
> Phone        : 03-89486696
> Fax              : 03-89487796
> Helpdesk  : 03-89486596
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20101006/09c82697/attachment.html 


More information about the Owasp-Malaysia mailing list