|
|
|
T-Mobile Responds to Hack Claims - Nothing to See, Please Move On |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : Following on from our recent article on a claimed successful attack against the telecommunications giant, T-Mobile, it appears that the situation still remains a little murky, with reports claiming that the company has both confirmed and denied that a breach took place. Ignoring for a moment the most recent statements by T-Mobile, the original claim of a hack seemed to offer tabulated internal network data as proof of successful compromise of the company. This is the sort of information that would be easy to extract in a single file, and is something that would be expected to exist in any non-trivial network to aid administrators with keeping the network and associated systems operating smoothly. While having possession of the file reduces the need for an attacker to manually map out the network, it isn't something that many would consider overly damaging, especially if network and system security was robust. Perhaps if a company had thrown all their intrusion and detection system eggs into the basket of Network Intrusion over Host Intrusion Detection Systems (NIDS vs HIDS), then possession of this list would allow an attacker to immediately commence extremely targeted attacks against single systems, hoping to avoid triggering the NIDS (which should be triggering on the external access in the first place), but it should be triggering a properly managed HIDS. The flip side is that having an attacker in possession of a well-enumerated network map makes it simpler for them to target systems which might have an unpatched vulnerability, or which have a degraded HIDS, when their network mapping activity should have triggered on a properly managed NIDS. A blended approach, with both systems in place and properly managed isn't going to be overly threatened by an attacker having possession of a network map. All it means is that the timeline between initial contact with the network / company systems and compromise / extraction of sensitive data is compressed, reducing the available opportunity to detect, trap and stop the hack and data extraction. T-Mobile's statements seem to support this point of view, acknowledging that the information published did exist in a file (again there are conflicting reports about the validity of this statement), which has now been identified, and that an investigation is now ongoing to determine the extent and severity of any breach that took place. The downside for external observers is that T-Mobile are not obliged to make public the results of their internal investigation, and if it is confirmed that personal data was affected for customers, then it could take some time for that information to come out. If affected customers are notified individually, it may never be known just how significant any breach might have been. Truth, as it is in many cases like this, will lie somewhere between the extremes being put forward (no or minimal hack and full network access and compromise), but it is more likely to lie towards a minor network penetration and data extraction - after all, the information that was published had to come from somewhere. It is entirely possible that the information was the result of improperly disposed of hardware or a lost storage device. At the least, it put some excitement back into the old Full-Disclosure mailing list. A big welcome, by the way, to those reading this article from within T-Mobile's network. Yes, we know you're there. If you, or any of our readers would like to get in touch with us, we're always happy to discuss analysis and material beyond what is published. [] [] [] [][]
Les mots clés de la revue de presse pour cet article : t-mobile
Les derniers articles du site "Sunnet Beskerming Security Advisories" :
- Microsoft Security Patch Release March 2010 Advance Notification
- Internet Explorer, Help files, and VBScript - Remote Code Execution Allowed
- MS10-015 Issues Confirmed to be Caused by Alureon Rootkit
- Anonymous to take Protesting Into Physical World
- Microsoft Security Patch Release February 2010 Advance Notification
- Microsoft Takes Four Months to Patch Critical Exploit
- Google Taking on China is One Giant Taking on Another
- All Good Things Come to an End for Windows Versions
- Microsoft Security Patch Release January 2010 Advance Notification
- Critical Acrobat and Reader Vulnerability - a Month to Patch
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, microsoft, réseau, attaque, outil, vulnérabilité, audit, système, virus, internet, données, présentation, linux, metasploit, bluetooth, protocol, vista, réseaux, shell, scanner, engineering, rootkit, wishmaster, trames, conférence, source, paquet, téléphone, mobile, sysun, noyau, rapport, botnet, téléphones, mémoire, https, navigateur, intel, patch, reverse, libre, scapy, securitech |
| Mini-Tagwall de l'annuaire video : | | | | vmware, security, virus, windows, biometric, lockpicking, password, botnet, metasploit, tutorial, attack, crypt, linux, network, iphone, server, exploit, wimax, conficker, virtu, virtual, engineering, cisco, reverse, ettercap, wireshark, shmoocon, hacker, firewall, internet, knoppix, rootkit, arduino, conference, source, wireless, backtrack, openbsd, brucon, systm, overflow, openssh, buffer, access, remote |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
