[Owasp-Malaysia] telco info leak via web app?

simpleLinux 2fzweb at gmail.com
Wed Oct 6 16:34:09 EDT 2010


@Everyone.... this is an example of how weak our information security. No
doubt, their workers/IT techs don't know what actually happens.. (p/s our
Streamyx billing site mips.com.my also must be double-checked, tell me why)

On Thu, Oct 7, 2010 at 1:04 AM, Hasanuddin Abu Bakar <
hasanuddin at sigmarectrix.com> wrote:

>
>
> On Wed, Oct 6, 2010 at 4:02 PM, Hazrul Hamzah <hazrul at hazrulnz.net> wrote:
>
>>  As expected. Anyway did u enclose any proof like screenshot etc? But on
>> the other hand if u did provide the proof like screenshot or PoC, they will
>> charge u for committing crime instead. As usual they ("they" is not
>> exclusive for maxis only) love to shoot the messenger cause it is easier :D
>>
>>
> I can make the PoC, but any pentest need a proper permission or it's still
> a crime. Anybody from Maxis who read this message can contact me directly
> for a proper arrangement.
>
>
>
>
>
>>
>> On 06/10/2010 15:14, Hasanuddin Abu Bakar wrote:
>>
>>
>>
>> On Wed, Oct 6, 2010 at 3:09 PM, Hazrul Hamzah <hazrul at hazrulnz.net>wrote:
>>
>>>  Bro,
>>>
>>> Did u notify Maxis? If yes what are their response?
>>>
>>
>>
>>  As always, they said their system is fine. :)
>> Actually I can't reach the "right" responsible person for the technical
>> issues and it's not my job so far to dig their scope of work.
>>
>>
>>
>>
>>
>>>
>>>
>>> On 06/10/2010 14:27, Hasanuddin Abu Bakar wrote:
>>>
>>> Their RADIUS internet/3g billing system also get compromised. I am not
>>> revealing the vulnerabilities to public because it can cause a large damage
>>> to their system, financially. I am also a Maxis customer and this is not a
>>> small deal.
>>>
>>>
>>>
>>> On Wed, Oct 6, 2010 at 12:01 PM, Mohd Fazli Azran <mfazliazran at gmail.com
>>> > wrote:
>>>
>>>> It happen regular not Maxis but other also. After upgrade they test at
>>>> public. Suppose before the up to the public they must test internal and just
>>>> open to their staff. But when open to the public it will cause big impact if
>>>> the application going trouble. After i get this email i just test to login
>>>> my old account. Erkssss...
>>>>
>>>>  Now Maxis really really big trouble after my old number i can login
>>>> ahaks..... i think my number already deactivated and my SIM card are not
>>>> active.. But at web online i can used it. Already email to maxis helpline
>>>> and ask to disable it. Haiya. Surprise why Maxis just like that.... just!!!
>>>>
>>>>  Business is business :P
>>>>
>>>>  On Wed, Oct 6, 2010 at 11:27 AM, James Tan <jameztcc at gmail.com> wrote:
>>>>
>>>>>  Hi,
>>>>>
>>>>>  saw this in a tech feed.... ...
>>>>>
>>>>>  http://arsyan.com/blog/2010/10/04/maxis-billing-system-bug/
>>>>> was read from:
>>>>> http://www.lowyat.net/v2/bugged-maxis-online-account-system-shows-others-personal-info-2.html
>>>>>
>>>>>  Anyone with Maxis account could figure out what's the likely cause?
>>>>>
>>>>>
>>>>>  thanks,
>>>>> James Tan
>>>>>
>>>>>
>>>>>  _______________________________________________
>>>>> Owasp-Malaysia mailing list
>>>>> Owasp-Malaysia at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>>
>>>>> OWASP Malaysia Wiki
>>>>> http://www.owasp.org/index.php/Malaysia
>>>>>
>>>>> OWASP Malaysia Wiki Facebook
>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-Malaysia mailing list
>>>> Owasp-Malaysia at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>
>>>> OWASP Malaysia Wiki
>>>> http://www.owasp.org/index.php/Malaysia
>>>>
>>>> OWASP Malaysia Wiki Facebook
>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>
>>>
>>>
>>>
>>> --
>>> Hasanuddin Abu Bakar
>>>  GSEC #28858
>>> IT Security Engineer
>>> +6017 913 1983
>>>
>>> Sigma Rectrix Systems (M) Sdn Bhd
>>> No.15 & 15-1, Jalan Equine 9A,
>>> Equine Park, Bandar Putra Permai
>>> 43300 Seri Kembangan Selangor
>>> URL             : www.sigmarectrix.com
>>>
>>> Phone        : 03-89486696
>>> Fax              : 03-89487796
>>> Helpdesk  : 03-89486596
>>>
>>> _______________________________________________
>>> Owasp-Malaysia mailing listOwasp-Malaysia at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>
>>> OWASP Malaysia Wikihttp://www.owasp.org/index.php/Malaysia
>>>
>>> OWASP Malaysia Wiki Facebookhttp://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-Malaysia mailing list
>>> Owasp-Malaysia at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>
>>> OWASP Malaysia Wiki
>>> http://www.owasp.org/index.php/Malaysia
>>>
>>> OWASP Malaysia Wiki Facebook
>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>
>>
>>
>>
>> --
>> Hasanuddin Abu Bakar
>>  GSEC #28858
>> IT Security Engineer
>> +6017 913 1983
>>
>> Sigma Rectrix Systems (M) Sdn Bhd
>> No.15 & 15-1, Jalan Equine 9A,
>> Equine Park, Bandar Putra Permai
>> 43300 Seri Kembangan Selangor
>> URL             : www.sigmarectrix.com
>>
>> Phone        : 03-89486696
>> Fax              : 03-89487796
>> Helpdesk  : 03-89486596
>>
>> _______________________________________________
>> Owasp-Malaysia mailing listOwasp-Malaysia at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wikihttp://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebookhttp://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
>>
>>
>> _______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebook
>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
>
>
>
> --
> Hasanuddin Abu Bakar
> GSEC #28858
> IT Security Engineer
> +6017 913 1983
>
> Sigma Rectrix Systems (M) Sdn Bhd
> No.15 & 15-1, Jalan Equine 9A,
> Equine Park, Bandar Putra Permai
> 43300 Seri Kembangan Selangor
> URL             : www.sigmarectrix.com
>
> Phone        : 03-89486696
> Fax              : 03-89487796
> Helpdesk  : 03-89486596
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>



-- 
Fariz Luqman
The Chairman of SimpleLinux
Visit: http://www.simplelinux.tk

"There IS a Malaysian Linux Distro"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20101007/641dc397/attachment-0001.html 


More information about the Owasp-Malaysia mailing list