-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: Have you ever been to an airshow?
Internet security breach at Vodacom
- Thread starter rpm
- Start date
magneto
Senior Member
oh it was only found out now..!!!
ROFL!!! hahahah,...
"caching front end server” ..................lollies for trollies
talk about being cheap.trying 2 save some $$$...
since they make XX millions day. oh well.
ROFL!!! hahahah,...
"caching front end server” ..................lollies for trollies
talk about being cheap.trying 2 save some $$$...
since they make XX millions day. oh well.
Last edited:
Skeptik
Banned
Why weren't we told earlier? We get 'previews' of Vodacom campaigns before the Sunday of announcement and other inside information, yet we have to see it first in the newspaper??? Somebody on this forum must have known!
I'm pretty disappointed by this.
I'm pretty disappointed by this.
vodacom3g
Vodacom Representative
Why weren't we told earlier? We get 'previews' of Vodacom campaigns before the Sunday of announcement and other inside information, yet we have to see it first in the newspaper??? Somebody on this forum must have known!
I'm pretty disappointed by this.
We found this problem long before this article and removed the problem section from 4me. A new system is being put into place.
And yes (to answer your usual feeble attempt to try and discredit myself) I knew about it and have been involved in the fix process.
As per usual you've got no clue on what actually is going on but still try to incite. You really should give it a rest.
I have to say that according to the article - which quotes a Vodacom spokesperson - it sounds like you were informed of the problem.
Now that the barn door has been closed how certain can anyone be that it wasnt exploited in the past? How long has that system been in play?
Skeptik
Banned
Never mentioned your name at all chap.We found this problem long before this article and removed the problem section from 4me. A new system is being put into place.
And yes (to answer your usual feeble attempt to try and discredit myself) I knew about it and have been involved in the fix process.
As per usual you've got no clue on what actually is going on but still try to incite. You really should give it a rest.
So when was this problem discovered exactly?
Why not make an announcement as soon as it was fixed instead of waiting for the Sunday Times to tell use. Though it did make my usual 10 minute read a bit longer.
If nobody at Vodacom tells us then obviously we will all have "no clue on what is actually going on". Doh!
vodacom3g
Vodacom Representative
Does seem that way from the article. I do not know who initially discovered the problem, got involved early on but by that time obviously it was already known. I'll confirm.
Not sure when it was introduced, probably at some point when new services were added to the 4me front-end.
The problem was the ability to RANDOMLY draw a report on another number. You could not in any way manipulate another persons account and you could not specify the number.
It still was an unacceptable problem and that's why we pulled the Report Tab but in reality you could not use this to specifically target anyone. With millions of users on 4me you can think what the odds were.
Last edited:
vodacom3g
Vodacom Representative
gregmcc
Honorary Master
Ouch. To fall victim to such a basic security flaw. Their developers should be fired 
I have some friends who work on dev projects for Vodacom (and other big companies) and they are some of the brightest brains in the industry. Unfortunately none of them are superhuman and they all make mistakes. We also have a thing called a skills shortage in this country and no - its not just political propaganda.Ouch. To fall victim to such a basic security flaw. Their developers should be fired
If you know anyone who is closer to superhuman then i'm sure their CV's would be gladly received...
gregmcc
Honorary Master
True - we do have a skills shortage, but also the problem with developers is they are also on a tight timeline to get a product out and the last thing they think about is security. Not their fault - but security is always the last thing thats thought about.
I know of a few excellent security application testing appliances that look for weaknesses in code - can i send through my CV
I know of a few excellent security application testing appliances that look for weaknesses in code - can i send through my CV
Ouch. To fall victim to such a basic security flaw. Their developers should be fired
Their testing department should be fired. Vodacom does have a dedicated Q&A section, right?
RichardG
Honorary Master
They better not find me, or else will be running away... ;p
Maybe, they'll think I'm Rich...
Well how long was the bug out for, and who truly found out about it...
Do vodacom actually test their products before launching them live to air...
Really private information like that in the wrong hands could led to me being hit...
I must now relocate to another house, as If anyone comes to my house wand starts to shoot me ;P
Maybe, they'll think I'm Rich...
Well how long was the bug out for, and who truly found out about it...
Do vodacom actually test their products before launching them live to air...
Really private information like that in the wrong hands could led to me being hit...
I must now relocate to another house, as If anyone comes to my house wand starts to shoot me ;P
vodacom3g
Vodacom Representative
True - we do have a skills shortage, but also the problem with developers is they are also on a tight timeline to get a product out and the last thing they think about is security. Not their fault - but security is always the last thing thats thought about.
I know of a few excellent security application testing appliances that look for weaknesses in code - can i send through my CV
Most definitely! PM me please.
Systems should be perfect, networks should never fail, throughput should be at max all the time and everyone should be happy and considerate all the time.......
It's only in the perfect world of a few forumites that things never go wrong.
Funnily it's also without fail the same forumites who are not system developers or networking engineers, or at least, the arm-chair variety.....
Skeptik
Banned
I wonder if the company will apologise?
vodacom3g
Vodacom Representative
Vodacom apologises for any inconvenience caused.
If you were in any way affected by this situation, please make contact with Vodacom at your earliest convenience. You can do so via any of the formal Vodacom communication channels, including the PM function of this forum.
vodacom3g
Vodacom Representative
One would think that mature forumites will use the PM system as intended. As per abusive posts, I assume abusive PM's should get reported? That's what I've done in the past, in any case.
In this specific case, I would prefer to escalate immediately if any forumite was affected by the Report Tab issue, rather than to wait for it to come via the normal support channels.
Last edited:
Skeptik
Banned
Isn't that the point though? As I understand it I (or anyone else) would not know if my personal details had been compromised.
I presume the company has not used database auditing in this situation.
The mere fact that this was possible is what concerns customers.
I hope some heads have rolled at least. In my business this would have occured quite swiftly.
Skeptik
Banned
I am a customer of all the networks, Jackass.