[Hoax:] Iburst bandwidth doubled at no extra charge

[8321]

Well now this is interesting, from work I could access this URL perfectly, from home I cant (Host Not Accessible). Are you trying to censor this little mess WBS?

http://www.flickr.com/photos/13287294@N00/

Just got through OK via old fashioned dial-up. Subscriber passwords are displayed as ****** . But if you Download subscriber details the password is still in clear text.

This exploit should have been done a long time ago.

 

[alchamy]

Same story here, can access it from my Sentech but iBurst gives me nothing.

 

[nocilah]

heh... was so busy today didnt check in on this thread... i knew it was a rumour... would be intersting to see what happens out of this...

also cant see the above URL... but a friend of mine on msn could see it and he is usig adsl... interesting.

EDIT ::

the below URL works but only shows one of the photos
http://static.flickr.com/33/58900880_63316474a6.jpg?v=0

 

[mR HeAd]

BLEAK!!!!!!!!!!!!!

I feel I want to assualt the person who did this, with a brick!

What kind of sick person does this!

 

[nocilah]

ftp.uunet.co.za/pub/incoming/ibust.rar

here are the pics that are not available on thtat other link

 

[mR HeAd]

Ok, we get the picture. Everybody can stop talking about/posting on the threads, about this bloody hoax thing! It just makes me sadder and sadder, thinking that we all get a bigger cap, and then not at all.

 

[seburn]

UTD costs R2 087
UTC costs R1 812

I suppose without transport though

 

[nocilah]

Is your post aimed at WBS [that failed to protect your private data in WBS' own database(s)], or aimed at the hacker(s) that revealed just how vulnerable each and every iBurst customer's info is?

maybe he is paul rotherman

 

[RichardG]

I don't even receive any mail from WBS.
Why bother anymore.

 

[rudids]

This is a cute response from WBS:

http://www.itweb.co.za/sections/business/2005/0511031315.asp?A=SEC&S=Security&O=FPIN

 

[rudids]

This is a cute response from WBS:

http://www.itweb.co.za/sections/business/2005/0511031315.asp?A=SEC&S=Security&O=FPIN

 

[fergus]

Wireless Business Solutions (WBS) has denied reports that its iBurst server was hacked this week and says it was a case of a resellers' access privileges being compromised and abused.

So whats the difference between 'hacked' and 'compromised and abused' . If you ask me I'd say they were hacked.

 

[adsl3g]

..and why can I not get my bandwidth usage via the website - they must have taken it down to fix the 'holes'

 

[fairlady]

As a former iBurst subscriber I am shocked at seeing this! I just phoned them to check if my details are deleted from the system (though I did not believe them when they said they were).
I would urge all existing customers to ask WBS how come their details are available to ALL resellers and not just the one they signed up with! Have those resellers signed confidentiality agreements with WBS since they were granted access to sensitive customer information?
And I hope Paul sues them!

 

[8321]

So its an inside job then?

 

[Ekhaatvensters]

I also cant get to my usage... well it hadn't been updated since the first of the month yet so hope they at leasst report some usage statistics when they put it back up!

 

[Chant]

“The problem stems from the fact that we give our resellers access to the company's data centre to enable them to give our customers instant activation services."

No the problem stems from the fact that WBS keep sending confidential information over the wire using clear text and various other security loop holes.

“It was not really a hack because the intruder got into the system using a valid user name and password,” he notes

I never knew that if you obtained a username and password with elevated privledges and hack.. ummm I'm sorry I mean access someones confidential information that it isn't considered hacking!

So if I go and grab usernames and passwords that are submitted over the internet and access someone else's information with that username and password and I get caught doing it, I will inform them that it's OK because I'm using a valid username and password. HA!

 

[8321]

No the problem stems from the fact that WBS keep sending confidential information over the wire using clear text and various other security loop holes.

No, the problem stems from the fact that WBS are not known for asking for advice and suggestions from outside, let alone responding to many warnings in this forum about loopholes, since before the official iBurst launch.

 

[seburn]

Some ppl don't need to worry cause its only the reseller details they have... ie me.

 

[Jongi]

seburn: are you saying that they don't have the information of the normal consumer?