Archive for June 16, 2010

Understanding the AT&T security breach: Parameter tampering basics

The recent AT&T security breach that disclosed 114,000 Apple iPad e-mail addresses is lingering on the Web like a bad smell in an enclosed car.  Some details on how it was done are provided on under the “Breach Details: Who did it, and how” section. This post will explain the user-agent header and HTTP request elements, and provide an example of parameter tampering that makes a breach like AT&T’s possible.

DISCLAIMER: What I present below has nothing to do with the AT&T site itself.

Read more…