Download our application Save 5% on your next mobile top up

Mobile top up promotions:

Movistar Argentina: Get Additional Mobile Bonus on Top Ups from October, 20 2014 to December, 31 2014 (GMT -0300)

Tigo Bolivia: Get Additional Bonus on Mobile Recharges from December, 08 2014 to January, 18 2015 (GMT -0400)

Movistar Ecuador: Get Double Online Bonus on Mobile Recharges from December, 02 2014 to December, 31 2014 (GMT -0500)

Movistar El Salvador: Receive Triple Bonus Credit on Top Ups from December, 19 2014 to December, 21 2014 (GMT -0600)

Movistar Guatemala: Receive Triple Balance on Mobile Refills from December, 15 2014 to December, 21 2014 (GMT -0600)

Tigo Guatemala: Receive 100% Online Bonus on Mobile Refills from December, 20 2014 to December, 21 2014 (GMT -0600)

Digicel Haiti: Receive Triple Bonus and Free Minutes for Calls on Mobile Recharges from December, 19 2014 to December, 21 2014 (GMT -0500)

Digicel Haiti: Win Weekly Prizes on Top Ups from November, 03 2014 to December, 28 2014 (GMT -0500)

Tigo Honduras: Get Triple Balance on Mobile Refills from December, 01 2014 to December, 31 2014 (GMT -0600)

Digicel Jamaica: Get 100% and 200% Online Bonus on Top Ups from December, 19 2014 to December, 21 2014 (GMT -0500)

Digicel Jamaica: Win Weekly Prizes on Mobile Recharges from November, 03 2014 to December, 28 2014 (GMT -0500)

Cellcom Liberia: Receive 500% Online Bonus on Mobile Recharges from December, 11 2014 to December, 31 2014 (GMT +0000)

MTN Liberia: Receive 100% Online Bonus on Mobile Recharges from December, 09 2014 to December, 31 2014 (GMT +0000)

Movistar Mexico: Get Triple Balance on Mobile Recharges from December, 15 2014 to December, 21 2014 (GMT -0600)

Telcel Mexico: Get Online Bonus on Top Ups from September, 01 2014 to January, 01 2015 (GMT -0500)

Claro Nicaragua: Receive Quintuple Online Bonus on Top Ups December, 20 2014 (GMT -0600)

Movistar Nicaragua: Get Triple Bonus Credit on Mobile Recharges from December, 15 2014 to December, 21 2014 (GMT -0600)

Glo Nigeria: Get Additional Online Bonus on Mobile Recharges from December, 16 2014 to February, 10 2015 (GMT +0100)

Telenor Pakistan: Receive Online Bonus on Top Ups from December, 05 2014 to January, 04 2015 (GMT +0500)

Movistar Panama: Get Quintuple Online Bonus on Top Ups from December, 15 2014 to December, 21 2014 (GMT -0500)

Teen Reported to Police After Finding Security Hole in Website

AddThis Social Bookmark Button

Joshua RogersA teenager in Australia who thought he was doing a good deed by reporting a security vulnerability in a government website was reported to the police.

Joshua Rogers, a 16-year-old in the state of Victoria, found a basic security hole that allowed him to access a database containing sensitive information for about 600,000 public transport users who made purchases through the Metlink web site run by the Transport Department.

It was the primary site for information about train, tram and bus timetables. The database contained the full names, addresses, home and mobile phone numbers, email addresses, dates of birth, and a nine-digit extract of credit card numbers used at the site, according to The Age newspaper in Melbourne.

Rogers says he contacted the site after Christmas to report the vulnerability but never got a response. After waiting two weeks, he contacted the newspaper to report the problem. When The Age called the Transportation Department for comment, it reported Rogers to the police.

“It’s truly disappointing that a government agency has developed a website which has these sorts of flaws,” Phil Kernick, of cyber security consultancy CQR, told the paper. “So if this kid found it, he was probably not the first one. Someone else was probably able to find it too, which means that this information may already be out there.”

The paper doesn’t say how Rogers accessed the database, but says he used a common vulnerability that exists in many web sites. It’s likely he used a SQL injection vulnerability, one of the most common ways to breach web sites and gain access to backend databases.

The practice of punishing security researchers instead of thanking them for uncovering vulnerabilities is a tradition that has persisted for decades, despite extensive education about the important role such researchers play in securing systems.

The Age doesn’t say whether the police took any action against Rogers. But in 2011, Patrick Webster suffered a similar consequence after reporting a website vulnerability to First State Super, an Australian investment firm that managed his pension fund. The flaw allowed any account holder to access the online statements of other customers, thus exposing some 770,000 pension accounts — including those of police officers and politicians. Webster didn’t stop at simply uncovering the vulnerability, however. He wrote a script to download about 500 account statements to prove to First State that its account holders were at risk. First State responded by reporting him to police and demanding access to his computer to make sure he’d deleted all of the statements he had downloaded.

In the U.S., hacker Andrew Auernheimer, aka “weev”, is serving a three-and-a-half-year sentence for identity theft and hacking after he and a friend discovered a hole in AT&T’s website that allowed anyone to obtain the email addresses and ICC-IDs of iPad users. The ICC-ID is a unique identifier that’s used to authenticate the SIM card in a customer’s iPad to AT&T’s network.

Auernheimer and his friend discovered that the site would leak email addresses to anyone who provided it with a ICC-ID. So the two wrote a script to mimic the behavior of numerous iPads contacting the web site in order to harvest the email addresses of about 120,000 iPad users. They were charged with hacking and identity theft after reporting the information to a journalist at Gawker. Auernheimer is currently appealing his conviction.

Rogers confirmed: the vulnerability he found was a SQL-injection vulnerability. He says the police have not contacted him and that he only learned he’d been reported to the police from the journalist who wrote the story for The Age.

(wired.com)