mmmh I have done this stuff quite some time ago. See: http://www.mulliner.org/security/httpheaderprivacy.php
I even made a site where you can check your operator (by visiting it from your phone): http://www.mulliner.org/pc.cgi xufi . wrote: > Hi, > Doing an assessment on mobile GWs I found that Orange Spain is adding > the user MSISDN in any HTTP request sent in it´s network. That means > that is really simple to get the user phone number from a Orange Spain > user. On one hand, I saw that Orange Spain uses the header > x-up-calling-line-id to add a user temporary ID that changes every 24h > but I also found that in any HTTP request they will add the user phone > number in the header X-Network-info. In particular the HTTP header > looks like as follow: > > X-Network-info: CSD,34xxxxxxxxx,unsecured > > where xxxxxxxxx is the user MSISDN > > I notified Orange Spain more than a month ago regarding the > misconfiguration and its effects on their own customers but > unfortunately they just ignored it. > > If you are a user of Orange Spain have in mind that every web site you > access with your mobile phone will get your phone number. > > I posted more details in > http://certificateerror.blogspot.com/2010/08/orange-spain-disclosing-user-phone.html > > @xuf_ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- Collin R. Mulliner <[email protected]> info/pgp: finger [email protected] If you have to run heating in winter, you don't own enough computers. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
