To be fair to T-Mobile, from what I've read elsewhere, it sounds like someone just guessed Paris's password -- she probably used her dogs name or something.
Frankly, the information on the servers can be as secure as you like, but if you give users access to it, and let them set their own passwords, then this is going to be the weakest link. You could make the security regime much more difficult to log on (RSA SecurID, random number/letter passwords, etc.). The problem with this is, people just write their passwords down -- usually on a PostIt note on the side of their PC. This in the end is generally far less secure.
From what I understand, the security of T-Mobile USA's servers is now very much higher thanks to the previous large scale hacker; so it seems less likely that someone actually hacked the Sidekick system. If they did, expect other 'celeb' Sidekick user's details to appear on the web soon...
As for the issue with keeping information only on the servers -- this is probably much more secure than on the actual phone. I recently lost my own phone, with all my contacts in it, diary dates, notes, etc. If all this had been secure on a server, as soon as I barred my old phone, the theif wouldn't have access. Swings and roundabouts...
Reader Comments (Page 1 of 1)
Rich @ Dec 19th 2005 12:10AM
To be fair to T-Mobile, from what I've read elsewhere, it sounds like someone just guessed Paris's password -- she probably used her dogs name or something.
Frankly, the information on the servers can be as secure as you like, but if you give users access to it, and let them set their own passwords, then this is going to be the weakest link. You could make the security regime much more difficult to log on (RSA SecurID, random number/letter passwords, etc.). The problem with this is, people just write their passwords down -- usually on a PostIt note on the side of their PC. This in the end is generally far less secure.
From what I understand, the security of T-Mobile USA's servers is now very much higher thanks to the previous large scale hacker; so it seems less likely that someone actually hacked the Sidekick system. If they did, expect other 'celeb' Sidekick user's details to appear on the web soon...
As for the issue with keeping information only on the servers -- this is probably much more secure than on the actual phone. I recently lost my own phone, with all my contacts in it, diary dates, notes, etc. If all this had been secure on a server, as soon as I barred my old phone, the theif wouldn't have access. Swings and roundabouts...