[ISN] Insecure at Softbank

InfoSec News isn at c4i.org
Wed Jun 2 04:44:38 EDT 2004


http://news.ft.com/servlet/ContentServer?pagename=FT.com/StoryFT/FullStory&c=StoryFT&cid=1085944451298

June 2 2004

Softbank president Masayoshi Son would probably be feeling more
pleased with himself about his latest deal to take over Japan Telecom,
were it not for a public embarrassment within his own, supposedly
techno-savvy organisation.
 
Two men arrested and charged with trying to blackmail Softbank with
data they held on the group's customers were, it turns out, both
contributors to PC Japan, a Softbank publication full of tips on
network security.

Yutaka Tomiyasu allegedly obtained information on users of Yahoo BB,
Softbank's broadband internet service provider, from its database and
tried to extort payment in exchange for returning the information.

In 3½ years he had more than 30 articles appear in PC Japan, a
publication for advanced PC users that specialises in network security
matters. The latest is in the June edition.

His unnamed partner, who was a temporary employee at Softbank, wrote a
feature article last year about how to protect against hacking and
viruses.

How are they alleged to have got to the database? While working for
Softbank, Tomiyasu's partner had been given a user name and password
needed to access it from a remote terminal.

Softbank - wait for it - didn't bother to change these after he left,
since they were being used by other employees who needed access to the
data.

Oh dear.
 
 



More information about the ISN mailing list