Jump to content
The Inquirer-Home
Communications > Security

O2 responds to MMS leak

By turning server off
By Dean Pullen
Sunday, 20 July 2008, 16:24

THOUGH O2 has yet to comment on allegations that the company has allowed access to customers MMS messages, photos, and mobile phone numbers, the coverage of the incident has not passed without notice.

It seems O2 is unable to secure the legacy MMS application - utilised by poorly configure MMS capable phones, or non-MMS capable phones like the newly launched Iphone 3G - and has instead had to resort to shutting down the service.

Shortly after the INQUIRER posted news of public access toMMS messages indexed by Google, O2's legacy MMS service ceased to function.

Now if you attempt to go to any of the links indexed by Google (here), you will receive a standard Apache error.

Resorting to the root of the sub-domain will show the test page for Apache, viewable on a default install of the HTTP server software.

It seems plan B for O2 consists of resorting to the most desperate of measures. µ

Share this:

< Previous article| Next article >
Comments
Still cached!

It's still cached by Google though! Seems like O2 are going to have to speak nicely to Google about this one too!

posted by : Giles, 20 July 2008 Complain about this comment
Google Cache

Evidence of O2's ineptitude can still be found in Google's Cache - O2 can't deny it!

posted by : Guymer, 20 July 2008 Complain about this comment
Cached

You can still see the picture by using googles "Cached" function!

posted by : Lillebror, 20 July 2008 Complain about this comment
Google cache

What's even more amusing is that if you click on the "cached" link of any of the google search results, you still get the full page (mobile number, pictures and all!). Looks like the photos are served from a different server, which they still haven't turned off or secured...

posted by : Ian Cullinan, 21 July 2008 Complain about this comment
Flushing

You cant turn off google cache though ;)

posted by : Stinomus, 21 July 2008 Complain about this comment
Unfortunately for O2...

...Google seems to have chached some of the content.

posted by : Dundz, 21 July 2008 Complain about this comment
Still there

They haven't solved the problem, just papered over it while they reprogram the authentication (I hope). They only appear to be using Apache's rewriteengine to return an error if referred by an external site.&#xD;
&#xD;
If you copy modify and paste the urls directly then they are accessble, but are anonymous and completely uninteresting!&#xD;
&#xD;
O2 should just approach Google et al to prevent these URLs being indexed.&#xD;
&#xD;
Chances are that the users would prefer security by obscurity so they can send urls to their friends, but a simple password would help a lot.

posted by : Andy Haveland-Robinson, 30 July 2008 Complain about this comment
Advertisement
Subscribe to the INQ Newsletter
Sign-up for the INQBot weekly newsletter
Click here to sign up Existing user
INQ Whitepapers

Business Intelligence Software

Customer Relationship Management (CRM)

Enterprise Accounting Software

Enterprise Resource Planning (ERP)

Enterprise Systems Management

Jobs
Powered by INQJOBS
Advertisement
INQ Poll

Browsers

Who will win the next round of browser wars?

View other polls
Follow us:
Business & Technology websites:
Business research resources:
Products:
Investment Market IT websites:
Find out what you are worth:
Search for a job: