Can you trust basic shoddy programming?
This is a basic mistake, done by amateurs. Hopefully they haven't sent athe information via a form post instead thinking that is more secure!
Disgraceful, O2 should be ashamed.
O2 has plugged a security hole that allowed customers to view text messages sent by other UK subscribers online. The issue involves O2's Bluebook application, which allows subscribers to save any text messages they send or receive for viewing online. Coding errors in Bluebook created a means for registered users to view other …
I reported this, but I didn't post it to the media as I thought it was somewhat irresponsible to do so and once fixed it is kind of a moot point really.
It was fixed by the end of Monday 11th and my initial phone call was.... 5pm-ish Monday 4th February. I asked to speak to a manager, they rang me back at 7pm. Midday Tuesday another manager rang for permission to give my details to someone else. Someone else rang me on Wednesday, I emailed them screenshots and a description around 4.20pm Wednesday. Tuesday 12th had a voicemail from the same someone else to check the problem was solved.
Without doubt the hardest part was explaining that this wasn't just a case of someone else using my computer and me needing to clear my cache.
Why should O2 be ashamed? They didn't write the bluebook application. I have it on strong authority that they are using a third party piece of software from a company called newbay called lifecache to host bluebook, so it is not their coding error, it is the fault of a third party and all blame should lie with them.
http://www.newbay.com/productsandservices.php