[Owasp-Malaysia] telco info leak via web app?

Hazrul Hamzah hazrul at hazrulnz.net
Wed Oct 6 04:02:30 EDT 2010


 As expected. Anyway did u enclose any proof like screenshot etc? But on
the other hand if u did provide the proof like screenshot or PoC, they
will charge u for committing crime instead. As usual they ("they" is not
exclusive for maxis only) love to shoot the messenger cause it is easier :D

On 06/10/2010 15:14, Hasanuddin Abu Bakar wrote:
>
>
> On Wed, Oct 6, 2010 at 3:09 PM, Hazrul Hamzah <hazrul at hazrulnz.net
> <mailto:hazrul at hazrulnz.net>> wrote:
>
>     Bro,
>
>     Did u notify Maxis? If yes what are their response?
>
>
>
> As always, they said their system is fine. :)
> Actually I can't reach the "right" responsible person for the
> technical issues and it's not my job so far to dig their scope of work.
>
>
>
>  
>
>
>
>     On 06/10/2010 14:27, Hasanuddin Abu Bakar wrote:
>>     Their RADIUS internet/3g billing system also get compromised. I
>>     am not revealing the vulnerabilities to public because it can
>>     cause a large damage to their system, financially. I am also a
>>     Maxis customer and this is not a small deal.
>>
>>
>>
>>     On Wed, Oct 6, 2010 at 12:01 PM, Mohd Fazli Azran
>>     <mfazliazran at gmail.com <mailto:mfazliazran at gmail.com>> wrote:
>>
>>         It happen regular not Maxis but other also. After upgrade
>>         they test at public. Suppose before the up to the public they
>>         must test internal and just open to their staff. But when
>>         open to the public it will cause big impact if the
>>         application going trouble. After i get this email i just test
>>         to login my old account. Erkssss... 
>>
>>         Now Maxis really really big trouble after my old number i can
>>         login ahaks..... i think my number already deactivated and my
>>         SIM card are not active.. But at web online i can used it.
>>         Already email to maxis helpline and ask to disable it.
>>         Haiya. Surprise why Maxis just like that.... just!!!
>>
>>         Business is business :P
>>
>>         On Wed, Oct 6, 2010 at 11:27 AM, James Tan
>>         <jameztcc at gmail.com <mailto:jameztcc at gmail.com>> wrote:
>>
>>             Hi,
>>
>>             saw this in a tech feed.... ...
>>
>>             http://arsyan.com/blog/2010/10/04/maxis-billing-system-bug/
>>             was read
>>             from: http://www.lowyat.net/v2/bugged-maxis-online-account-system-shows-others-personal-info-2.html
>>
>>             Anyone with Maxis account could figure out what's the
>>             likely cause?
>>
>>
>>             thanks,
>>             James Tan
>>
>>
>>             _______________________________________________
>>             Owasp-Malaysia mailing list
>>             Owasp-Malaysia at lists.owasp.org
>>             <mailto:Owasp-Malaysia at lists.owasp.org>
>>             https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>>             OWASP Malaysia Wiki
>>             http://www.owasp.org/index.php/Malaysia
>>
>>             OWASP Malaysia Wiki Facebook
>>             http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
>>
>>
>>         _______________________________________________
>>         Owasp-Malaysia mailing list
>>         Owasp-Malaysia at lists.owasp.org
>>         <mailto:Owasp-Malaysia at lists.owasp.org>
>>         https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>>         OWASP Malaysia Wiki
>>         http://www.owasp.org/index.php/Malaysia
>>
>>         OWASP Malaysia Wiki Facebook
>>         http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
>>
>>
>>
>>     -- 
>>     Hasanuddin Abu Bakar
>>     GSEC #28858
>>     IT Security Engineer
>>     +6017 913 1983
>>
>>     Sigma Rectrix Systems (M) Sdn Bhd
>>     No.15 & 15-1, Jalan Equine 9A,
>>     Equine Park, Bandar Putra Permai
>>     43300 Seri Kembangan Selangor
>>     URL             : www.sigmarectrix.com <http://www.sigmarectrix.com>
>>
>>     Phone        : 03-89486696
>>     Fax              : 03-89487796
>>     Helpdesk  : 03-89486596
>>
>>     _______________________________________________
>>     Owasp-Malaysia mailing list
>>     Owasp-Malaysia at lists.owasp.org <mailto:Owasp-Malaysia at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>>     OWASP Malaysia Wiki
>>     http://www.owasp.org/index.php/Malaysia
>>
>>     OWASP Malaysia Wiki Facebook
>>     http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
>
>     _______________________________________________
>     Owasp-Malaysia mailing list
>     Owasp-Malaysia at lists.owasp.org <mailto:Owasp-Malaysia at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
>     OWASP Malaysia Wiki
>     http://www.owasp.org/index.php/Malaysia
>
>     OWASP Malaysia Wiki Facebook
>     http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
>
>
>
> -- 
> Hasanuddin Abu Bakar
> GSEC #28858
> IT Security Engineer
> +6017 913 1983
>
> Sigma Rectrix Systems (M) Sdn Bhd
> No.15 & 15-1, Jalan Equine 9A,
> Equine Park, Bandar Putra Permai
> 43300 Seri Kembangan Selangor
> URL             : www.sigmarectrix.com <http://www.sigmarectrix.com>
>
> Phone        : 03-89486696
> Fax              : 03-89487796
> Helpdesk  : 03-89486596
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20101006/c30a6164/attachment.html 


More information about the Owasp-Malaysia mailing list