@Everyone.... this is an example of how weak our information security. No doubt, their workers/IT techs don't know what actually happens.. (p/s our Streamyx billing site mips.com.my also must be double-checked, tell me why)
On Thu, Oct 7, 2010 at 1:04 AM, Hasanuddin Abu Bakar < [email protected]> wrote: > > > On Wed, Oct 6, 2010 at 4:02 PM, Hazrul Hamzah <[email protected]> wrote: > >> As expected. Anyway did u enclose any proof like screenshot etc? But on >> the other hand if u did provide the proof like screenshot or PoC, they will >> charge u for committing crime instead. As usual they ("they" is not >> exclusive for maxis only) love to shoot the messenger cause it is easier :D >> >> > I can make the PoC, but any pentest need a proper permission or it's still > a crime. Anybody from Maxis who read this message can contact me directly > for a proper arrangement. > > > > > >> >> On 06/10/2010 15:14, Hasanuddin Abu Bakar wrote: >> >> >> >> On Wed, Oct 6, 2010 at 3:09 PM, Hazrul Hamzah <[email protected]>wrote: >> >>> Bro, >>> >>> Did u notify Maxis? If yes what are their response? >>> >> >> >> As always, they said their system is fine. :) >> Actually I can't reach the "right" responsible person for the technical >> issues and it's not my job so far to dig their scope of work. >> >> >> >> >> >>> >>> >>> On 06/10/2010 14:27, Hasanuddin Abu Bakar wrote: >>> >>> Their RADIUS internet/3g billing system also get compromised. I am not >>> revealing the vulnerabilities to public because it can cause a large damage >>> to their system, financially. I am also a Maxis customer and this is not a >>> small deal. >>> >>> >>> >>> On Wed, Oct 6, 2010 at 12:01 PM, Mohd Fazli Azran <[email protected] >>> > wrote: >>> >>>> It happen regular not Maxis but other also. After upgrade they test at >>>> public. Suppose before the up to the public they must test internal and >>>> just >>>> open to their staff. But when open to the public it will cause big impact >>>> if >>>> the application going trouble. After i get this email i just test to login >>>> my old account. Erkssss... >>>> >>>> Now Maxis really really big trouble after my old number i can login >>>> ahaks..... i think my number already deactivated and my SIM card are not >>>> active.. But at web online i can used it. Already email to maxis helpline >>>> and ask to disable it. Haiya. Surprise why Maxis just like that.... just!!! >>>> >>>> Business is business :P >>>> >>>> On Wed, Oct 6, 2010 at 11:27 AM, James Tan <[email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> saw this in a tech feed.... ... >>>>> >>>>> http://arsyan.com/blog/2010/10/04/maxis-billing-system-bug/ >>>>> was read from: >>>>> http://www.lowyat.net/v2/bugged-maxis-online-account-system-shows-others-personal-info-2.html >>>>> >>>>> Anyone with Maxis account could figure out what's the likely cause? >>>>> >>>>> >>>>> thanks, >>>>> James Tan >>>>> >>>>> >>>>> _______________________________________________ >>>>> Owasp-Malaysia mailing list >>>>> [email protected] >>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>>>> >>>>> OWASP Malaysia Wiki >>>>> http://www.owasp.org/index.php/Malaysia >>>>> >>>>> OWASP Malaysia Wiki Facebook >>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Owasp-Malaysia mailing list >>>> [email protected] >>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>>> >>>> OWASP Malaysia Wiki >>>> http://www.owasp.org/index.php/Malaysia >>>> >>>> OWASP Malaysia Wiki Facebook >>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>>> >>> >>> >>> >>> -- >>> Hasanuddin Abu Bakar >>> GSEC #28858 >>> IT Security Engineer >>> +6017 913 1983 >>> >>> Sigma Rectrix Systems (M) Sdn Bhd >>> No.15 & 15-1, Jalan Equine 9A, >>> Equine Park, Bandar Putra Permai >>> 43300 Seri Kembangan Selangor >>> URL : www.sigmarectrix.com >>> >>> Phone : 03-89486696 >>> Fax : 03-89487796 >>> Helpdesk : 03-89486596 >>> >>> _______________________________________________ >>> Owasp-Malaysia mailing >>> [email protected]https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>> >>> OWASP Malaysia Wikihttp://www.owasp.org/index.php/Malaysia >>> >>> OWASP Malaysia Wiki >>> Facebookhttp://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>> >>> >>> >>> _______________________________________________ >>> Owasp-Malaysia mailing list >>> [email protected] >>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>> >>> OWASP Malaysia Wiki >>> http://www.owasp.org/index.php/Malaysia >>> >>> OWASP Malaysia Wiki Facebook >>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>> >> >> >> >> -- >> Hasanuddin Abu Bakar >> GSEC #28858 >> IT Security Engineer >> +6017 913 1983 >> >> Sigma Rectrix Systems (M) Sdn Bhd >> No.15 & 15-1, Jalan Equine 9A, >> Equine Park, Bandar Putra Permai >> 43300 Seri Kembangan Selangor >> URL : www.sigmarectrix.com >> >> Phone : 03-89486696 >> Fax : 03-89487796 >> Helpdesk : 03-89486596 >> >> _______________________________________________ >> Owasp-Malaysia mailing >> [email protected]https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> >> OWASP Malaysia Wikihttp://www.owasp.org/index.php/Malaysia >> >> OWASP Malaysia Wiki >> Facebookhttp://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >> >> >> >> _______________________________________________ >> Owasp-Malaysia mailing list >> [email protected] >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> >> OWASP Malaysia Wiki >> http://www.owasp.org/index.php/Malaysia >> >> OWASP Malaysia Wiki Facebook >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >> > > > > -- > Hasanuddin Abu Bakar > GSEC #28858 > IT Security Engineer > +6017 913 1983 > > Sigma Rectrix Systems (M) Sdn Bhd > No.15 & 15-1, Jalan Equine 9A, > Equine Park, Bandar Putra Permai > 43300 Seri Kembangan Selangor > URL : www.sigmarectrix.com > > Phone : 03-89486696 > Fax : 03-89487796 > Helpdesk : 03-89486596 > > > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > -- Fariz Luqman The Chairman of SimpleLinux Visit: http://www.simplelinux.tk "There IS a Malaysian Linux Distro"
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
