<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#ffffff" text="#000000">
    As expected. Anyway did u enclose any proof like screenshot etc?
    But on the other hand if u did provide the proof like screenshot
    or PoC, they will charge u for committing crime instead. As usual
    they ("they" is not exclusive for maxis only) love to shoot the
    messenger cause it is easier :D<br>
    <br>
    On 06/10/2010 15:14, Hasanuddin Abu Bakar wrote:
    <blockquote
cite="mid:AANLkTinXjtd4H3FGrcDVyWWB4Cs0fcuu56WQnaOExO4S@mail.gmail.com"
      type="cite"><br>
      <br>
      <div class="gmail_quote">On Wed, Oct 6, 2010 at 3:09 PM, Hazrul
        Hamzah <span dir="ltr">&lt;<a moz-do-not-send="true"
            href="mailto:hazrul@hazrulnz.net">hazrul@hazrulnz.net</a>&gt;</span>
        wrote:<br>
        <blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
          0.8ex; border-left: 1px solid rgb(204, 204, 204);
          padding-left: 1ex;">
          <div bgcolor="#ffffff" text="#000000"> Bro,<br>
            <br>
            Did u notify Maxis? If yes what are their response?</div>
        </blockquote>
        <div><br>
        </div>
        <div><br>
        </div>
        <div>As always, they said their system is fine. :)</div>
        <div>Actually I can't reach the "right" responsible person for
          the technical issues and it's not my job so far to dig their
          scope of work.</div>
        <div><br>
        </div>
        <div><br>
        </div>
        <div><br>
        </div>
        <div>&nbsp;</div>
        <blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
          0.8ex; border-left: 1px solid rgb(204, 204, 204);
          padding-left: 1ex;">
          <div bgcolor="#ffffff" text="#000000"> <br>
            <div>
              <div class="h5"> <br>
                On 06/10/2010 14:27, Hasanuddin Abu Bakar wrote:
                <blockquote type="cite">
                  <div>Their RADIUS internet/3g billing system also
                    get compromised. I am not revealing the
                    vulnerabilities to public because it can cause a
                    large damage to their system, financially. I am
                    also a Maxis customer and this is not a small
                    deal.<br>
                  </div>
                  <div><br>
                  </div>
                  <div><br>
                  </div>
                  <br>
                  <div class="gmail_quote">On Wed, Oct 6, 2010 at
                    12:01 PM, Mohd Fazli Azran <span dir="ltr">&lt;<a
                        moz-do-not-send="true"
                        href="mailto:mfazliazran@gmail.com"
                        target="_blank">mfazliazran@gmail.com</a>&gt;</span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin: 0pt
                      0pt 0pt 0.8ex; border-left: 1px solid rgb(204,
                      204, 204); padding-left: 1ex;">It happen regular
                      not Maxis but other also. After upgrade they
                      test at public. Suppose before the up to the
                      public they must test internal and just open to
                      their staff. But when open to the public it will
                      cause big impact if the application going
                      trouble. After i get this email i just test to
                      login my old account. Erkssss...&nbsp;
                      <div> <br>
                      </div>
                      <div>Now Maxis really really big trouble after
                        my old number i can login ahaks..... i think
                        my number already deactivated and my SIM card
                        are not active.. But at web online i can used
                        it. Already email to maxis helpline and ask to
                        disable it. Haiya.&nbsp;Surprise&nbsp;why Maxis just
                        like that.... just!!!
                        <div> <br>
                        </div>
                        <div>Business is business :P<br>
                          <br>
                          <div class="gmail_quote">
                            <div>
                              <div>On Wed, Oct 6, 2010 at 11:27 AM,
                                James Tan <span dir="ltr">&lt;<a
                                    moz-do-not-send="true"
                                    href="mailto:jameztcc@gmail.com"
                                    target="_blank">jameztcc@gmail.com</a>&gt;</span>
                                wrote:<br>
                              </div>
                            </div>
                            <blockquote class="gmail_quote"
                              style="margin: 0pt 0pt 0pt 0.8ex;
                              border-left: 1px solid rgb(204, 204,
                              204); padding-left: 1ex;">
                              <div>
                                <div>
                                  <div>Hi,</div>
                                  <div><br>
                                  </div>
                                  <div>saw this in a tech feed.... ...</div>
                                  <div><br>
                                  </div>
                                  <a moz-do-not-send="true"
                                    href="http://arsyan.com/blog/2010/10/04/maxis-billing-system-bug/"
                                    target="_blank">http://arsyan.com/blog/2010/10/04/maxis-billing-system-bug/</a>
                                  <div> was read from:&nbsp;<a
                                      moz-do-not-send="true"
href="http://www.lowyat.net/v2/bugged-maxis-online-account-system-shows-others-personal-info-2.html"
                                      target="_blank">http://www.lowyat.net/v2/bugged-maxis-online-account-system-shows-others-personal-info-2.html</a></div>
                                  <div><br>
                                  </div>
                                  <div>Anyone with Maxis account could
                                    figure out what's the likely
                                    cause?</div>
                                  <div><br>
                                  </div>
                                  <div><br>
                                  </div>
                                  <div>thanks,<br>
                                    James Tan</div>
                                  <div> <br>
                                  </div>
                                  <br>
                                </div>
                              </div>
_______________________________________________<br>
                              Owasp-Malaysia mailing list<br>
                              <a moz-do-not-send="true"
                                href="mailto:Owasp-Malaysia@lists.owasp.org"
                                target="_blank">Owasp-Malaysia@lists.owasp.org</a><br>
                              <a moz-do-not-send="true"
                                href="https://lists.owasp.org/mailman/listinfo/owasp-malaysia"
                                target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-malaysia</a><br>
                              <br>
                              OWASP Malaysia Wiki<br>
                              <a moz-do-not-send="true"
                                href="http://www.owasp.org/index.php/Malaysia"
                                target="_blank">http://www.owasp.org/index.php/Malaysia</a><br>
                              <br>
                              OWASP Malaysia Wiki Facebook<br>
                              <a moz-do-not-send="true"
href="http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420"
                                target="_blank">http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420</a><br>
                            </blockquote>
                          </div>
                          <br>
                        </div>
                      </div>
                      <br>
                      _______________________________________________<br>
                      Owasp-Malaysia mailing list<br>
                      <a moz-do-not-send="true"
                        href="mailto:Owasp-Malaysia@lists.owasp.org"
                        target="_blank">Owasp-Malaysia@lists.owasp.org</a><br>
                      <a moz-do-not-send="true"
                        href="https://lists.owasp.org/mailman/listinfo/owasp-malaysia"
                        target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-malaysia</a><br>
                      <br>
                      OWASP Malaysia Wiki<br>
                      <a moz-do-not-send="true"
                        href="http://www.owasp.org/index.php/Malaysia"
                        target="_blank">http://www.owasp.org/index.php/Malaysia</a><br>
                      <br>
                      OWASP Malaysia Wiki Facebook<br>
                      <a moz-do-not-send="true"
href="http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420"
                        target="_blank">http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420</a><br>
                    </blockquote>
                  </div>
                  <br>
                  <br clear="all">
                  <br>
                  -- <br>
                  <div>Hasanuddin Abu Bakar<br>
                  </div>
                  <div>GSEC #28858</div>
                  IT Security Engineer<br>
                  +6017 913 1983<br>
                  <br>
                  Sigma Rectrix Systems (M) Sdn Bhd<br>
                  No.15 &amp; 15-1, Jalan Equine 9A,<br>
                  Equine Park, Bandar Putra Permai<br>
                  43300 Seri Kembangan Selangor<br>
                  URL&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; : <a moz-do-not-send="true"
                    href="http://www.sigmarectrix.com" target="_blank">www.sigmarectrix.com</a><br>
                  <br>
                  Phone&nbsp; &nbsp; &nbsp; &nbsp; : 03-89486696<br>
                  Fax&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; : 03-89487796<br>
                  Helpdesk&nbsp; : 03-89486596<br>
                  <br>
                  <pre>_______________________________________________
Owasp-Malaysia mailing list
<a moz-do-not-send="true" href="mailto:Owasp-Malaysia@lists.owasp.org" target="_blank">Owasp-Malaysia@lists.owasp.org</a>
<a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-malaysia" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-malaysia</a>

OWASP Malaysia Wiki
<a moz-do-not-send="true" href="http://www.owasp.org/index.php/Malaysia" target="_blank">http://www.owasp.org/index.php/Malaysia</a>

OWASP Malaysia Wiki Facebook
<a moz-do-not-send="true" href="http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420" target="_blank">http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420</a></pre>
                </blockquote>
                <br>
              </div>
            </div>
          </div>
          <br>
          _______________________________________________<br>
          Owasp-Malaysia mailing list<br>
          <a moz-do-not-send="true"
            href="mailto:Owasp-Malaysia@lists.owasp.org">Owasp-Malaysia@lists.owasp.org</a><br>
          <a moz-do-not-send="true"
            href="https://lists.owasp.org/mailman/listinfo/owasp-malaysia"
            target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-malaysia</a><br>
          <br>
          OWASP Malaysia Wiki<br>
          <a moz-do-not-send="true"
            href="http://www.owasp.org/index.php/Malaysia"
            target="_blank">http://www.owasp.org/index.php/Malaysia</a><br>
          <br>
          OWASP Malaysia Wiki Facebook<br>
          <a moz-do-not-send="true"
href="http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420"
            target="_blank">http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420</a><br>
        </blockquote>
      </div>
      <br>
      <br clear="all">
      <br>
      -- <br>
      <div>Hasanuddin Abu Bakar<br>
      </div>
      <div>GSEC #28858</div>
      IT Security Engineer<br>
      +6017 913 1983<br>
      <br>
      Sigma Rectrix Systems (M) Sdn Bhd<br>
      No.15 &amp; 15-1, Jalan Equine 9A,<br>
      Equine Park, Bandar Putra Permai<br>
      43300 Seri Kembangan Selangor<br>
      URL&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; : <a moz-do-not-send="true"
        href="http://www.sigmarectrix.com" target="_blank">www.sigmarectrix.com</a><br>
      <br>
      Phone&nbsp; &nbsp; &nbsp; &nbsp; : 03-89486696<br>
      Fax&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; : 03-89487796<br>
      Helpdesk&nbsp; : 03-89486596<br>
      <br>
      <pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Owasp-Malaysia mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Owasp-Malaysia@lists.owasp.org">Owasp-Malaysia@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-malaysia">https://lists.owasp.org/mailman/listinfo/owasp-malaysia</a>

OWASP Malaysia Wiki
<a class="moz-txt-link-freetext" href="http://www.owasp.org/index.php/Malaysia">http://www.owasp.org/index.php/Malaysia</a>

OWASP Malaysia Wiki Facebook
<a class="moz-txt-link-freetext" href="http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420">http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420</a></pre>
    </blockquote>
    <br>
  </body>
</html>