lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <7365363.1171581283551031197.JavaMail.juha-matti.laurio@netti.fi>
Date: Sat, 4 Sep 2010 00:57:10 +0300 (EEST)
From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>, 
	B1towel <ben@...owel.com>
Subject: Re: Orange Spain disclosing user phone number

I'm sure this has been the source of many targeted advertising SMS's and calls during the last years.

And probably many advertisers are digging the logs now:
http://www.zdnet.co.uk/news/security/2010/08/31/orange-spain-reveals-phone-numbers-researcher-40089965/

Juha-Matti

B1towel [ben@...owel.com] kirjoitti: 
> It would be funny to see advertisers send targeted SMS ads using this. I bet that the advertisers of web sites that participate in iframe ads would also get this information, assuming the Phone would load up iframe ads. 
> 
> I think the provider should fix this, because if someone developed an exploit similar to the one that was able to compromise the iPhone a while back just by sending a maliciously formed SMS message, your phone could be compromised just by going to a website where this information is sent to the web server.
> 
> I know this is pretty obvious, just my 2 cents.
> 
> On Aug 30, 2010, at 7:00 AM, full-disclosure-request@...ts.grok.org.uk wrote:
> 
> > 
> > Message: 2
> > Date: Sun, 29 Aug 2010 21:09:50 +0200
> > From: "xufi ." <xufxuf@...il.com>
> > Subject: [Full-disclosure] Orange Spain disclosing user phone number
> > To: full-disclosure@...ts.grok.org.uk
> > Message-ID:
> > 	<AANLkTinKy8UsAkPd0gg5UoSESdfeNE8bhjAA-OepKO1Q@...l.gmail.com>
> > Content-Type: text/plain; charset=ISO-8859-1
> > 
> > Hi,
> > Doing an assessment on mobile GWs I found that Orange Spain is adding
> > the user MSISDN in any HTTP request sent in it?s network. That means
> > that is really simple to get the user phone number from a Orange Spain
> > user. On one hand, I saw that Orange Spain uses the header
> > x-up-calling-line-id to add a user temporary ID that changes every 24h
> > but I also found that in any HTTP request they will add the user phone
> > number in the header X-Network-info. In particular the HTTP header
> > looks like as follow:
> > 
> > X-Network-info: CSD,34xxxxxxxxx,unsecured
> > 
> > where xxxxxxxxx is the user MSISDN
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ