October 2009 Archives

Configured to leak data

By Tom on October 30, 2009 9:19 AM | No Comments | No TrackBacks
The Stellenwerk Newsletter of the University of Hamburg was leaking data from some of their users. Because of a configuration error the mailing list relayed replys to their e-mails to all subscribed users. Unsubscribe messages and advertisement were spread over the mailinglist within this period of time. The responsible persons apologised for the inconvenience caused and already fixed the problem.

The original e-mail in German:

Subject: Entschuldigung vom Stellenwerk

 

Sehr geehrte Damen und Herren,

 

unsere gestrige E-Mail an Sie und andere Kunden hatte aufgrund eines Systemfehlers unangenehme Folgen: Einige Antworten wurden nicht nur an uns, sondern an andere Empfänger gesendet. So sind sie eventuell auch in Ihrem Postfach gelandet.

 

Dafür möchten wir uns bei Ihnen entschuldigen und können Ihnen versichern, dass der Fehler mittlerweile behoben werden konnte und dass es nicht wieder vorkommen wird.

 

Wir sind alle sehr betroffen und hoffen, dass Sie auch zukünftig unseren Service gerne nutzen.

 

Wir bitten um Ihr Verständnis und verbleiben  

mit freundlichen Grüßen

xxxxx xxxxxxxx 
Leitung Stellenwerk 
_______________________________________


Thanks to Sup for reporting this incindent.

Not even Security by Obscurity

By Tom on October 16, 2009 3:34 AM | No Comments | No TrackBacks
Got the link to this image from vmorbit - thanks for your contribution to the project. 

Is this really working? Can't add anything more to this - check it out yourself. 

epic-fail-wifi-network-fail.jpg
(c) by Cheezburger Network (Failblog.org) - pls contact them, if you want to use the image in further documents

Unattended Working Places - Part 1

By Tom on October 9, 2009 5:21 AM | No Comments | No TrackBacks
Our unattended series goes on and this time we discovered an unattended working place at the airport in Munich. At first, I was not really shure what was going on, should have people really left the place unattended or was she just around the corner?

Unattended_WP_Munich_01.JPG

But, indeed, after 5 minutes of waiting, no one was showing up and the blue sign on the desk saying "Be right back." seemed to be there for a reason. I took a second, closer picture of the working place, noticing that all the screens were not locked and paper sheets were lying on the desk. 

Unattended_WP_Munich_02.JPG

Apart from the possibility that an attacker could exploit this situation to try to get access to the systems, it may have been enough for an attacker to study all the information presented to him by the paper sheets and the computer screens.

Therefore, companies should raise awareness for such problems and insist their employees to always lock the computer desktops when leaving the working place and to hide important working papers when there's the possibility that attackers could get advantage by reading them. 
« September 2009 | Main Index | Archives | November 2009 »

Search

User ranking

User     Reported Pitfalls
Flo4
Norb4
Berni2
Sup2
Ali1
Churchy1
JG1
Nuuz1
Trixi1
vmorbit1

Idea behind SecurityPitfalls.org

SecurityPitfalls is an educational, supportive and fun project and depends strongly on the community that drives this project. For further information visit the article What's the basic idea behind SecurityPitfalls.org

About this Archive

This page is an archive of entries from October 2009 listed from newest to oldest.

September 2009 is the previous archive.

November 2009 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Categories

Monatsarchive Archives

Send in your photos and stories

SecurityPitfalls.org is a community project where we work together and collect situations where security fails, primarily for educational purpose, as source for discussions and presentations and fun. Send your photos (digi cam/handy), stories or movies to incoming {at} securitypitfalls.org and we will post your experiences you want to share with other people.

Recent Comments

  • Flo: nice one :) read more
  • Tom: In addition, you could perform some dumpster diving exercises. :) read more
  • fl0: Hoi, additionally you could try to get hold of the read more
  • philipp: A link to the original blogpost of Schneier would be read more