Hello, I contacted them this morning and they asked me to write down a mail explaining the request, why, etc etc etc. That's what I did. If you want a copy of the mail (in french), just contact me in private.
They told me that they will forward the mail to their law departement and I should expect an answer next week. Let's cross our fingers ! ;) I'll keep you updated of the situation ! By the way, I'll be at the hackdemocracy this Thursday, April 28, 2011: http://www.meetup.com/HackDemocracy/events/17010026/ Have a nice day all. -*φol d.*- On Thu, Apr 21, 2011 at 22:14, Pol <[email protected]> wrote: > Hello, > > Someone forwarded me the mail from Lennard talking about the revert or not > of my commit. > I wasn't aware of the existence of that mailing list until now. > > Let me explain to all of you how it all began... > > One year ago I was looking, for personal purpose, the coordinates of each > cell phones antennas in Belgium. > > The first site I found was: http://www.antennes-gsm.be/ > But that one seems to be old and no more maintained. > > Then I found the one of IBPT: http://www.sites.ibpt.be/ > > The one you are currently seeing at this address is the new version. > When I first found it, they were using an old version. > > By doing some searches, I found a huge security hole in it. > I was unemployed at that time and I decided to make an exploit. > The exploit was simple, using HTML and JavaScript, I could manipulate their > databases by sending custom queries. > I'm not a kid and I'm someone who destroy someone else's work, so I > contacted them and explained the problem. > The reaction was fast, some days later I was in their offices with my > laptop, showing them the problem and the possible solutions. > I also made a new local proof of concept that it could be done in a nicer > and cleaner way. > Unfortunately, they were really kind and say thanks but we do not rely on > our team to do the map, we rely on another company and we cannot break the > current contract with them. > Before leaving, I asked to the head of security if it was possible to get a > dump of the antennas coordinates in a more easy way to put it on > OpenStreetMap and he said that it couldn't be done: "Imaginez ce que > pourrait faire qqun de mal intentionné s'il trouve ces données!" which > means: "Imagine what could do someone malicious if they finds these datas!". > Which is completely a non sense because those datas can be retrieved from > THEIR online website. > I said him that ! Someone could spot by himself all the antennas and put > them on OpenStreetMap. He didn't reply to that one. > So, I leaved, quite sad. > > Some month later, the current new system was in place and the security hole > vanished, problem solved. > > With the new system, it's even easier to get their datas. > I decided to save in a file all the data I could get from their map in a > file and submit it to OpenStreetMap. > > That's the end of the story. > > It's up to you now to decide if you want to remove them or not. > If you have questions, I'll reply to them on that mailing list. > > Nice evening all. > > -*φol d.*- >
_______________________________________________ Talk-be mailing list [email protected] http://lists.openstreetmap.org/listinfo/talk-be
