1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News T-Mobile investigates database crack

Discussion in 'Article Discussion' started by CardJoe, 9 Jun 2009.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,343
    Likes Received:
    292
  2. DarkLord7854

    DarkLord7854 New Member

    Joined:
    22 Jun 2005
    Posts:
    4,643
    Likes Received:
    121
    Well, I hope the ******* gets caught and I hope my info is not part of what he stole :(
     
  3. thehippoz

    thehippoz New Member

    Joined:
    19 Dec 2008
    Posts:
    5,780
    Likes Received:
    174
    lol I dunno.. that's pretty ballsy to try and sell it whole like that- I'm sure he'll get offers if it has the right kind of information.. but that's a big risk if he's in the states (I doubt it).. betting russian
     
  4. p3n

    p3n New Member

    Joined:
    31 Jan 2002
    Posts:
    778
    Likes Received:
    1
    Was reading about this on slashdot, the amerifags in the comments were saying t-mobile cant 'encrypt' the data because of all the police/agency access rules or whatever - still sounds like this guy has been in their system for a while - if its true then some admins are in for a sacking :p
     
  5. n3mo

    n3mo New Member

    Joined:
    15 Oct 2007
    Posts:
    184
    Likes Received:
    1
    Well, this amount of data translates into hundreds of gigabytes, of not terabytes. So either this guy exaggerates a bit or T-Mobile have the worst admins in the world, missing such amounts of data going "somewhere". This could also be done from the inside or by an pissed-off ex-employee, in such cases it would be much harder to spot. Either way, it's a big failure for T-Mobile.

    @p3n
    Encryption of corporate data is a "grey area" and most companies are still afraid to do it at all. In UK for example all kinds of encryption are technically illegal, legally you can't even use SSH or sFTP, in US encryption is okay but the companies are afraid of being accused of trying to hide the data - that happened several times indifferend cases, judges often fail to understand data encryption and assume it's an attempt to hide evidence.
     
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    13,019
    Likes Received:
    2,129
    Are you *absolutely* certainly about that? Because I think you'll find that "HTTPS" (or HTTP over SSL) is encryption, and is sort of at the heart of all Internet commerce - and is even used on government websites.

    Last I checked, encryption was perfectly legal in the UK. The Regulation of Investigatory Powers Act (RIPA) requires you to hand over your key on request or face several years in gaol, but it's not the *encryption* that's illegal - it's the refusal to decrypt on demand.
     
  7. mclean007

    mclean007 Officious Bystander

    Joined:
    22 May 2003
    Posts:
    2,035
    Likes Received:
    15
    Gareth - you are absolutely right. Love the use of the archaic spelling of "gaol" btw. Good to see someone flying the flag for good old British English in the face of the scourge of AmericaniZation.

    n3mo - with respect, you're talking rubbish.
     
  8. n3mo

    n3mo New Member

    Joined:
    15 Oct 2007
    Posts:
    184
    Likes Received:
    1
    @mclean007
    According to this place:
    http://rechten.uvt.nl/koops/cryptolaw/cls2.htm#uk
    I was partly wrong. While not entirely illegal, the fact that you encrypt something may be an incriminating fact in itself: "the fact of the appellants' knowledge of the keys may itself become an incriminating fact" (§21)
    Also, refusal of handing in the keys on demand doesn't fall under the privilege against self-incrimination, not very democratic if you ask me.
     
Tags: Add Tags

Share This Page