Feb 10 2012

proxy.DiGMi.org

Today I’ve installed Glype on my server, which is located in the USA by the way, to allow you guys to surf the web anonymously.

So go ahead and give it a shot! proxy.DiGMi.org


Jan 24 2012

Cellcom login information revealed – Part III

Well, I didn’t believe I will write another post in the subject so quick. But a bit after publishing my last post (reminder read this post first), I’ve went and changed my password to a random keystrokes. The interesting thing was, that my original password kept working! At first I thought that maybe I had a mistake and that I didn’t changed the password but then I tried to login with the same random keystrokes and it worked as well.

Apparently, You can’t  change your password, you can just add a new one. So if someone hacked your account, there is no way to lock him out.

Great security… just great….

Update: It seems like my old password doesn’t work anymore. It seems like It just worked for a few long minuets. I’ve tried reseting the password again while being logged in from another computer. It did not logged the other user out. It seems like I can keep the session forever.

Oh, And another cool thing, You can send 5 free text messages from the website, meaning you can impersonate the user and send messages that will seem to the receiver like the victim sent it.


Jan 24 2012

Cellcom login information revealed – Part II

Today I’ve received a phone call from Cellcom regarding my previous post. On the other side of the line was a customer relations representative. I’ve tried to explain to her that saving a password in plain-text is not legitimate, and that showing it to everyone with access to my phone is even less legitimate.

The representative tried to persuade me that the israeli ministry of communications made them show the login information. I told her that I don’t buy it and that it is violating the first rule of security. She told me that she will send my post to the team that handles the website, so I asked her to keep me notified and that the team will contact me, but she refused.

I don’t believe that they will change it anytime soon (Maybe if a Saudian hacker will find a way to exploit it and publish all the information in their database…)

I recommend that the password you use for Cellcom’s website won’t be the same password you use for your email etc, because anyone with access to their database can access it as well as anyone with access to your phone.