Telecom's response to the 027 hack has been somewhere between arrogant and ignorant.
It surely falls far short of the responsible behaviour that one would expect of such a major player in telecommunications in this country.
FIRST, they left the 027 mailboxes exposed to a well know exploit, presumably hoping that no-one would find it ... security by obscurity never works.
THEN they didn't do anything about it when the "hacker" approached them and told them of the weakness.
This "hacker" then demonstrated his immaturity by the way he subsequently publicized his discovery; accessing high profile mailboxes without permission. (Appropriate "white-hat" behaviour would be to demonstrate the exploit on mailboxes where you have the owner's permission).
THEN they involve the police in laying charges, when really the crime of not adequately protecting customers' information was committed by Telecom. (I wonder how the Privacy Act applies here?)
AND NOW:
it is reported that they have blocked access by their customers to the site where there is information about the exploit.
Like that's going to be of value! It won't stop someone from another ISP from accessing the information, and the only motivation can be to stop the dull-witted would-be hacker from gaining access to the web-site, and to stop customers from seeing how inept they have been in this matter. Not to mention the pong of corporate censorship.
Does Telecom have a Security Officer?
Where is his response? He must be feeling pretty stupid at the moment.
Has the exploit been closed yet? It's not *that* hard; restricting access from offshore sources is a good interim measure.
What else is he NOT doing?
1 Comments:
What's the website they blocked?
Post a Comment
Back to Jonathan's Liverstone