] He said he discovered the problem this weekend through a ] random finding in a Sacramento Dumpster, where a Cingular ] store had discarded records about a customer's insurance ] claim for a lost phone. By simply typing in a URL listed ] on the detritus, Lamo was taken to the customer's claim ] page on a site run by lock\line LLC, which provides the ] claim management services to Cingular. ] ] Normally, this page should have been reachable only by ] passing through a password-protected gateway, but by ] simply entering the valid URL, Lamo discovered that ] individual claims pages could be accessed, no password ] authentication needed. ] ] Each page contained the customer's name, address and ] phone number, along with details on the insurance claim ] being made. Altering the claim ID numbers (which were ] assigned sequentially) in the URL gave Lamo access to the ] entire history of Cingular claims processed through ] lock\line, comprising some 2.5 million customer claims ] dating back to 1998. Bet Cingular is embarassed as hell to be exposed by a wandering hacker. Later in the article it mentions that "Lamo, 22, doesn't have a permanent address. He wanders cross-country on foot or by public bus. Spring and summer usually bring him to Northern California. Until recently, he used terminals at Kinko's to perform his hacks. He has graduated to using a Wi-Fi-ready laptop at Starbucks to do his work." |