Avoiding Vodafone's Wikileaks moment

Summary:What an unhappy New Year for Vodafone! News emerged across the weekend that customers' personal information has been leaked thanks to dealer log-ins on the loose. This comes on top of a planned class action suit against Vodafone alleging poor 3G service quality.

What an unhappy New Year for Vodafone! News emerged across the weekend that customers' personal information has been leaked thanks to dealer log-ins on the loose. This comes on top of a planned class action suit against Vodafone alleging poor 3G service quality.

According to at least one information security expert, Vodafone's apparent problem isn't so much that customer details were being accessed "over the internet", but that poor database design would allow anyone with a valid log-in to view all the personal details of every customer.

In Patch Monday this week, Paul Ducklin, Sophos' head of technology for the Asia-Pacific region, compares Vodafone's situation with the US Government's problem with Wikileaks: that even relatively low-level access to the system provides access to a vast quantity of supposedly secret information. And part of the problem is that many organisations collect and store too much private information to begin with.

As usual, Patch Monday also includes my random look at last week's IT news.

To leave an audio comment for Patch Monday, Skype to stilgherrian or phone Sydney 02 8011 3733.

Running time: 29 minutes, 27 seconds

Topics: Security, Telcos

About

Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust. He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit tr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.