So yesterday, I emailed a state court system that appears to be linked to the exposed data I mentioned recently and that the host notified on or about July 28.

No reply was received.

Today, I sent a contact form message to the lawyer for a juvenile whose records were sealed. Sealed, except 11 of them were exposed to anyone who can access the data. I told him what was going on and suggested he contact the court and tell them to get the data secured.

No reply was received.

Today, I sent an email to the judge who ordered the juvenile's records sealed and I cc:d the district attorney. I gave them the juvenile's name, case number and that I could see all the sealed records. I urged them to have their IT or vendor call me and I could give them the IP address over the phone, etc.

No reply was received.

Dear Russia, China, and North Korea:

You do not need to hack our courts. They are leaking like sieves and do not respond when we try to tell them they need to secure the data.

Yours in total frustration,

/Dissent

#infosec #cybersecurity #incident_response #dataleak #databreach#WAKETHEFUCKUP

So yesterday, I emailed a state court system that appears to be linked to the exposed data I mentioned recently and that the host notified on or about July 28.

No reply was received.

Today, I sent a contact form message to the lawyer for a juvenile whose records were sealed. Sealed, except 11 of them were exposed to anyone who can access the data. I told him what was going on and suggested he contact the court and tell them to get the data secured.

No reply was received.

Today, I sent an email to the judge who ordered the juvenile's records sealed and I cc:d the district attorney. I gave them the juvenile's name, case number and that I could see all the sealed records. I urged them to have their IT or vendor call me and I could give them the IP address over the phone, etc.

No reply was received.

Dear Russia, China, and North Korea:

You do not need to hack our courts. They are leaking like sieves and do not respond when we try to tell them they need to secure the data.

Yours in total frustration,

/Dissent

#infosec #cybersecurity #incident_response #dataleak #databreach#WAKETHEFUCKUP

This is something you need to read in order to believe

subject: VoLTE
provider O2 UK
nightmare: infosec

Enormous. Outragerous are some of the words I would use. Take you time to read and learn because they are not the only culprits on the planet with such bad data protection practices

Excerpt

>>

Quite quickly I realised something was wrong. The responses I got from the network were extremely detailed and long, and were unlike anything I had seen before on other networks. The messages contained information such as the IMS/SIP server used by O2 (Mavenir UAG) along with version numbers, occasional error messages raised by the C++ services processing the call information when something went wrong, and other debugging information. However, most notable were a set of five headers near the bottom of the message:

SIP Msg
...
P-Mav-Extension-IMSI: 23410123456789
P-Mav-Extension-IMSI: 23410987654321
P-Mav-Extension-IMEI: 350266809828927
P-Mav-Extension-IMEI: 350266806365261
...
Cellular-Network-Info: 3GPP-E-UTRAN-FDD;utran-cell-id-3gpp=2341010037A60773;cell-info-age=26371

Synthesised excerpt of IMS signalling message for demonstration; not a genuine IMEI/IMSI/cell ID.

Two sets of IMSIs, two sets of IMEIs, and a Cell ID header. How curious…

Sure enough, when comparing both the IMSIs and IMEIs in the message to those of my own devices, I had been given both the IMSI and IMEI of my phone which initiated the call, but also the call recipient's.

<<
^Z

#O2#UK#TeleCom#InfoSec#DataLeak#WTF

https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/