Translated to english for you chaps.
Solid safety gaps at the Telekom
Tungsten Leytz, tagesschau.de
The Telekom daughter t-Com has obviously substantial safety problems in her computer net. After information of the citizens of Berlin department of the chaos computer club (CCC) – an association of computer science specialists - for instance customers could the webeasy service of the t-Com to summers 2003 by simple manipulation in their customer accounts data of other customers see and partly also change. Due to further safety gaps it would have been easily possible hackers according to the CCC to along-read or change enamels, which went intercepting over web pages of the customers. A part of the safety problems exists still. By insufficiently protected administrator passwords that was at least possible access on several thousand customer accounts. In opinion of CCC the problems concern however numerous offers of the t-Com and/or t-Mart Web services.
Telekom regularly informs
The operational data sheet of the t-Mart-account for bundesnachrichtendienst.de
On the safety gaps the North-Rhine/Westphalian software specialist Dirk H. was pushed with the administration of an account with the t-Com. Immediately after the discovery of the first safety gaps in May 2003 it informed the Telekom. In the customer account he had succeeded in by simplest manipulations in the address line of the Browsers winning view of the contract data of other customers. In addition only the exchange of the own customer number was necessary by another number. Insight received Dirk H. thereby in on-line accounts from different companies, authorities and public mechanisms, which have Web appearances at the Telekom. It would have been possible to manipulate customer data to in addition-buy to go with achievements or pass E-Mail accounts on.
The t-Com offers the possibility with its service webeasy among other things of administering InterNet appearances to orders and. "who operates, stores its own InterNet appearance there usually important data over customers, orders and the own enterprise. (…) All servers and system components are cared for in the Hosting center of the German Telekom around the clock and are protected by a high performance gemanagetes Firewall system effectively against unauthorized accesses from the Web ", recruit the t-Com on their Website for the webeasy service. Besides the enterprise offers numerous products of the InterNet range, for instance the data protection in the InterNet on-line backup. Basis of the customer administration for these Telekom services is thereby the generic term degrees computer system in such a way specified. Everyone can furnish itself a webeasy Kundenaccount with the t-Com within fewer minutes for 4,63 euro basic charges monthly.
Full accesses over administrator passwords
Operational data sheet of the t-Mart-account for bundesnachrichtendienst.de - email accounts
In the course of the time the IT specialist discovered still several further safety gaps. Thus in the long run also that was access to "operational data sheets so mentioned" of the Telekom customers possible, in whom also the complete passwords are for the administration of web pages and the enamels belonging to it. Dirk H. discovered with its searches according to own data the on-line accounts of further authorities and numerous enterprises. The internal Mail traffic of large companies and authorities, which does not run over such Websites, is not affected by the safety gaps. Smaller companies windings however frequently their Mails over such Websiten off.
Substantially the manipulations were simplified by to simple password rules in the t-Com-system as well as a schlampige password mechanism by Telekom coworkers. These used obviously several times its user names only easily changes as password.
It succeeded to the IT expert last by simple manipulations of inquiries at Telekom servers to receive administrator passwords with which the full access to customer accounts to administrator level was possible. Enamels, which ran over the Webpraesenzen - e.g.
[email protected] or jobs@bundesnachrichtendienst, were to be seen in this case, without this by the customers could be noticed. According to data of the experts of the CCC it would have been also problem-free possible to manipulate e-Mmail-traffic between customers and the owners of the Websites completely. That access to such E-Mail accounts was demonstrated tagesschau.de still few days ago. Manipulations at customer data were never made according to data by Dirk H. and representatives of the CCC.
Telekom paid representational allowance
The responsible Telekom places were informed again and again according to the data by Dirk H., which had switched a lawyer on, about new gaps. For the referring to two at the beginning of announced safety problems by the Telekom also a representational allowance was paid to it. The Telekom agreed finally even a consultancy agreement, with that further searches of the expert to be agreed upon should tagesschau.de had view of the correspondence between Dirk H., its lawyer and the Telekom. To a conclusion of a contract it did not come in the long run.
CCC sees all t-Mart-services concerned
Concerned of the safety problems at least several thousand customer accounts are – obviously predominantly of companies, in addition, of authorities and messages. A part of the safety problems was repaired. Above all the simple manipulations are so no longer possible in the customer account. Also the password regulations were intensified.
In opinion of the CCC however all services, which are offered in the context of the t-Mart Web services, are uncertain. This applies according to estimate of the CCC also to services such as IntraSelect or the Telekom system "Brainloop", which is to offer a "document safe deposit" for lawyers and enterprises in the InterNet, in order common documents works on and to administer to be able.
The fundamental problem is according to CCC that the user and user right administration for such services are on the generic term degrees network. Thus also safety precautions are in the services themselves useless, since aggressors could arrive at the entrance passwords of customers.
„Papierwaende instead of Betonmauern“
In opinion citizens of Berlin of the IT expert and management consultant Frank Ziemann are so extensive the safety gaps that the whole system would have to be revised. "it is apparent like that that in the places, where normally solid concrete walls should be at best Japanese rice paper walls or grossmaschige Fischer nets are present", said Ziemann opposite tagesschau.de. The answer on a request of tagesschau.de at the Telekom, whether and how the customers were informed about the safety problem is pending still. Dirk H. found further safety gaps again and again according to own data when each investigating. "at the Telekom many ways lead to Rome", summarize it its estimate.
A documentation of the safety gaps has the chaos computer club under www.ccc.de/t chops published. A description of Dirk H. over the argument with the Telekom is to be found under http://ds.ccc.de/083/obsoc.
]
Why doesn't google translate Afrikaans 
]