ATT is funny. Not that new, hip, “ironic” funny, but funny-like-a-clown. From the WSJ article:
AT&T Inc., reaching out to iPad users Sunday to explain why their email addresses were released last week, blamed the incident on “computer hackers” who “maliciously exploited” an attempt by the carrier to speed the process of logging in to its website.
It would have taken some forethought and planning to make the process convenient and secure. So, they just didn’t bother.
Somewhere, inside the bowels of ATT/Cingular/SBMS/Ameritech/C1, there’s a security guy saying “you shouldn’t have relied on user-agent!”. That solitary voice probably remains ignored. The iPad masses, now compromised, will cry in pain for a while.
I await comments and commiseration from old friends in that place.
There’s so much to say, but so little knowledge to be gained. All I can advise is not to use world readable fileshares, be they user directories or the standard corporate-style file-dump. Just don’t. You will always regret it.
Threat Forward 