Follow up on T-mobile Security
So this weekend, the blog started getting a ton of hits from google searches for "Paris Hitlon T-moble hacked SideKick" etc. I couldn't figure out why the big rush all the sudden until I read the Register this a.m..
According the Register , someone figured out her password. Time for me to lob another call to the CTO at Sidekick, perhaps? Think they might need a strong authentication system that runs on a java-enabled wireless device?
It's clear it's not Nicolas Jacobsen, who broke into T-Mobile previously and just plead guilty. (OK, so it's not 100% clear, but assume he's not 100% stupid.). The dates on the e-mails are from Saturday, Feb. 19th. Chances are it was just someone who watches her show and knows the name of her dog and that's what she uses as a password. Perhaps, not however, there are indications that T-Mobile's security is still lacking.
The Ethical Hacking and Computer Forensics recent posted a blog on SQL Injection attacks and the T-Moble site. Clearly T-Mobile needs to up their security. However, it is also encumbent upon Sidekick to improve their security. They have to recognize that passwords are simply not going to cut it in today's world.
If you want to supply technology to the consumer market, you will have to supply security that works in the consumer market. Strong passwords do not work in the consumer market. People hate them and forget them. Simple passwords clearly don't work either. It's is time for consumer friendly two-factor authentication.
If anyone knows Paris, let her know that I think she would be a great spokes person for WiKID. ;). And if you google here looking for the pictures and the address book, sorry. Keep looking.
- Category(s)
- Authentication Attacks
Digg this!
Del.ico.us
Google
Yahoo bookmarks
Reddit
Spurl
Simpy
