[OSM-talk-be] Cell Phones Antennas

[Pol]

Hello,

I contacted them this morning and they asked me to write down a mail
explaining the request, why, etc etc etc.
That's what I did. If you want a copy of the mail (in french), just contact
me in private.

They told me that they will forward the mail to their law departement and I
should expect an answer next week.

Let's cross our fingers ! ;) I'll keep you updated of the situation !

By the way, I'll be at the hackdemocracy this Thursday, April 28, 2011:
http://www.meetup.com/HackDemocracy/events/17010026/

Have a nice day all.

-*φol d.*-


On Thu, Apr 21, 2011 at 22:14, Pol <d.paolino at gmail.com> wrote:

> Hello,
>
> Someone forwarded me the mail from Lennard talking about the revert or not
> of my commit.
> I wasn't aware of the existence of that mailing list until now.
>
> Let me explain to all of you how it all began...
>
> One year ago I was looking, for personal purpose, the coordinates of each
> cell phones antennas in Belgium.
>
> The first site I found was: http://www.antennes-gsm.be/
> But that one seems to be old and no more maintained.
>
> Then I found the one of IBPT: http://www.sites.ibpt.be/
>
> The one you are currently seeing at this address is the new version.
> When I first found it, they were using an old version.
>
> By doing some searches, I found a huge security hole in it.
> I was unemployed at that time and I decided to make an exploit.
> The exploit was simple, using HTML and JavaScript, I could manipulate their
> databases by sending custom queries.
> I'm not a kid and I'm someone who destroy someone else's work, so I
> contacted them and explained the problem.
> The reaction was fast, some days later I was in their offices with my
> laptop, showing them the problem and the possible solutions.
> I also made a new local proof of concept that it could be done in a nicer
> and cleaner way.
> Unfortunately, they were really kind and say thanks but we do not rely on
> our team to do the map, we rely on another company and we cannot break the
> current contract with them.
> Before leaving, I asked to the head of security if it was possible to get a
> dump of the antennas coordinates in a more easy way to put it on
> OpenStreetMap and he said that it couldn't be done: "Imaginez ce que
> pourrait faire qqun de mal intentionné s'il trouve ces données!" which
> means: "Imagine what could do someone malicious if they finds these datas!".
> Which is completely a non sense because those datas can be retrieved from
> THEIR online website.
> I said him that ! Someone could spot by himself all the antennas and put
> them on OpenStreetMap. He didn't reply to that one.
> So, I leaved, quite sad.
>
> Some month later, the current new system was in place and the security hole
> vanished, problem solved.
>
> With the new system, it's even easier to get their datas.
> I decided to save in a file all the data I could get from their map in a
> file and submit it to OpenStreetMap.
>
> That's the end of the story.
>
> It's up to you now to decide if you want to remove them or not.
> If you have questions, I'll reply to them on that mailing list.
>
> Nice evening all.
>
> -*φol d.*-
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/talk-be/attachments/20110422/4bffb42e/attachment.htm>