Code of attack on MobiFone website is being distributed online

Although the second largest telecom service provider in Vietnam confirmed that the security error on their website has been patched, the underworld on the Internet still transmits code can take advantage of the vulnerability at www.mobifone. com.vn to optionally edit the content on it.

VnExpress has found a link of MobiFone interface which appears to require customers to log in information to recover the password. However, instead of reporting that " Phone number 090 . and date of birth 01/01/1970 is incompatible " if customer information is incorrectly entered, this text has been replaced by " Phone number 0 VAI FUNNY NE MOBILE Mobile phone case and birth date -1 / 1 / -1 are not compatible ".

A corner of MobiFone website interface has data (red text) changed

The image enlarges the data that has been changed by hackers on MobiFone site

To find out more, at 15:40 today, the reporter tried to change the information on the link received. As a result, the content on the site is changed as well.

Half an hour later, this error was no longer on MobiFone's site. However, some parts of the security status can be found at this address. Those who lack good will may not merely "walk" over here and leave some such messages. Recently, representatives of this telecommunications business confirmed that MobiFone's system has the best safety and security today. However, VSEC information security network is determined to protect the view that MobiFone should calmly analyze the situation, take measures to improve as well as strengthen monitoring of activities on the system, preventing the possibility disclosed, lost databases for customers' rights and privacy.

Nguyen Hang