I know, that sounds like the stupidest question in the world to me, but check out these quotes on the <a href="http://news.independent.co.uk/world/americas/story.jsp?story=613486">Paris Hilton phone hack</a>.<br /><br /><i>"The online Drudge Report, which revealed the phone invasion, said another star, who declined to give his name, was beyond upset. "I gave her my number after we met in Miami, <b>I did not know she kept it on her cellphone," he reportedly raged</b>."</i><br /><br /><i>"Ms Hilton, who has her own popular reality show with Nicole Richie, called <u>The Simple Life</u>, <b>may be faulted for putting the numbers into her phone</b>. But no one is blaming her for the hacking."</i><br /><br />I am confused. Where are you supposed to put the phone numbers? Now, should she have password protected the device? Sure. However, there is no indication that she didn't. It seems what was hacked was T-Mobile's site, which seems to have some sort of online sync feature with the Sidekick, though it may run through a desktop component. I could do the same with Yahoo and Outlook. I have no idea the specifics of this hack, and that isn't my point. My point is, why are people seemingly outraged that she actually stored numbers on her mobile phone? :confused totally:

I didn't vote because nothing fit.

I enter/sync contact info in either the ppc or outlook. Every week or so, I dump all my outlook info into Yahoo. On the rare occasion that I need a number and I dont have my ppc, I use the phone's wap to look up the number on Yahoo. The wap program will let you choose the number and automatically dial.

So, I don't keep any numbers on the phone, but my VCR isn't blinking on 12:00 either. If someone can hack my Yahoo, I don't think many of my contacts would be too upset. If you see me on TV, it will be purely accidental.

Well, since my phone is my pda... they're all there. And password protected with the ultra secure password of 0000, which I mainly use to prevent my 6315 from dialing random people....

I do know quite a few people that keep their entire phone books in their cell phones and don't have a backup anywhere (Its fun to watch them when they switch phones writing them all out just to re-enter on a new machine). When I had a real cell phone, the only numbers in it were the speed dials. I can't believe Paris Hilton had the nerve to use the phone's built in and advertised feature of storing phone numbers - what was she thinking???

actually, she did have a password. and rumour has it that it was PASSWORD.

there are 204 comments on this over at the venerable

MetaFilter
http://www.metafilter.com/mefi/39791

besides the usual stupid commentary to be expected, there's also some info about the service itself.

i don't give a tinker's damn about the PH, but i am interested to know about the security of these devices and the company servers.

apparently, the phone numbers and data may not be on the device, a tMobile Sidekick, by the way, but actually on the company servers.

that's good if you lose the device, you don't lose your data. just buy a new one and sync up without having to run home and connect. of course, it is crap when someone hacks the online db.

among the young, hip, rich and trendy, plus tons of teens - these are the new blackberries, so to speak.

http://www.t-mobile.com/promos/sidekickII.asp?WT.mc_n=Skick2_index&amp;WT.mc_t=OnsiteAd

I believe that she made her password something easy to crack. Or, someone watched her enter the password.

I'm not too apt to lose my PDA so I keep all of my contact info there with no password. Sensitive stuff is kept in my FlexWallet. But then my PDA contact info is not available on a web page for all to see if they just cracked a password.

I am more apt to lose my cell phone, and have. I keep only limited contacts in there.

My contacts have always been on Outlook both desktop and PPC. No password. I don't use online address books. Don't see the point.

In all fairness Paris did nothing wrong. It doesn't really matter what password she used. Someone hacked into the T-Mobile server and pulled her info. Remember that T-Mobile was recently hacked into last November with a couple hundred social security numbers and account info stolen or rather available to the hacker for almost a year.

Paris might be a dumb heiress but in this instance she did nothing wrong. Whether she used the default password or her own, T-Mo guarantees security on their servers. Apparently this isn't so.

In all fairness Paris did nothing wrong. It doesn't really matter what password she used. Someone hacked into the T-Mobile server and pulled her info.
I wouldn't call it "hacking into the server" if someone just happened to log in successfully. Gaming the system? Sure. But anyway - until we know more, it's premature to conclude what happened.

Incidentally - the Sidekick does use server-based synchronization, so no mystery in that aspect. In fact, it's a significant feature of the device. The idea is you can manage your information from anywhere, anytime. Server sync is a big upcoming trend in mobile devices, but of course there are security and privacy challenges in offering such a service to end-users.

--janak

There's no option for me: I put all the numbers in my cell phone, but find that it takes too long to actually USE them, so I always dial the number.

Why enter the numbers? Just for the custom caller ID 8)

I keep mine on my smartphone. My PDA, smartphone and PC are all perfectly synced up when it comes to contacts. I can't imagine how it was before I had my MPX200. It makes everything so easy. If I need to hard reset my PDA because I messed with it too much, or need to hard reset my smartphone, because I mess with it too much, like with the registry, I simply sync it all back again.

I'm the same. My numbers are in Outlook, my PPC and my Smartphone. I have a few duplicates on my SIM card. Artifacts from when I had a "normal" cell phone.

I keep meaning to erase them though. I don't ever see myself going back to a "normal" cell phone.

Give me a standard-esq platform. Not whatever the phone manufacturer hacked together. Oops OT.

Any chance this was a BlueJack. Wonder if she has a BT phone?

The Sidekick doesn't have Bluetooth.

Anyway, the current rumors are that she used "What is your favorite pet's name?" as her password reminder. Considering said pet made headlines when she "lost" it a few months back, somehow I'm not surprised someone else would have been able to leverage that password reminder. :roll:

--janak

My phone has about 20 numbers in it (speed dial ones) and is not password protected. My Pocket PC has tons of numbers in it, and is password protected. I voted for the not password protected choice since the question was specifically around phones.

I read the same thing Janek did about her pets name being her secret question. Bruce Schneier recently posted an article on "The Curse of the Secret Question" (http://www.schneier.com/blog/archives/2005/02/the_curse_of_th.html). His basic premise is that no matter how secure your password is, if you use an easily discoverable answer to a secret question, you can still be easily 0wned. Hopefully this will bring the issue to light, and encourage people to be more concious of their passwords and secret question answers.

Did not pick up that she was using Sidekick... :oops:

yeah, passwords and account security questions can be a real curse for sure. it's gotta be good enough to foil someone, but easy enough for you to remember. even the smartest people have problems, especially in this day and age of needing at least a password for everything. in this case, it is possible that like many, she may have had a not obvious password, but had an obvious ASQ to help her remember and/or reset the password itself.

now someone like that is in the public eye, whether deserved or not is not the point, just that she is. her whole life is under a microscope, and everything knows everything about her. probably even the name of the pony she had when she was litte, not to mention the maiden name of her grandmother on her mother's side, etc. hard for her to think of something private.

in the case of regular people, it's the same sort of problem when they are being ID-theft-ed (if that is even a word). people use things easy to remember - pet's name, mom's middle name, own birthday, kid's birthday, spouse birthday, church name, fave team name, church name, etc.

oh well, more on PH and her problem here - http://www.engadget.com/entry/1234000547032961/

Jeez... I can't believe how many news sites are picking up this story. Give the poor little rich girl a break! Celebrities are people too.

Actually, when I read the news site article, I thought the 'paris hilton' was a hotel and someone had hacked into their phone system. No wonder some of the article didn't seem to make sense to me. (I'm serious; I'm not trying to make a joke.)

I don't store numbers on my phone or PPC, and for this reason. I wish the PPC could password protect just this kind of info without having to lock the whole device (natively, I mean).

The Sidekick doesn't have Bluetooth.

Anyway, the current rumors are that she used "What is your favorite pet's name?" as her password reminder. Considering said pet made headlines when she "lost" it a few months back, somehow I'm not surprised someone else would have been able to leverage that password reminder. :roll:
Password reminder schemes are the work of the devil, plain and simple. :twisted: I cannot think of a more insecure method to put data behind and it is the sheer laziness of companies to put those in place so they don't have to fool with customers calling in. I never EVER answer them unless the system mandates it, then I litterally bank on the keyboard for a few minutes until the answer box fills up and IE beeps at me. Then I press submit.

Celebrities are people too.
I object your honor. Facts assumed not in evidence. :wink:

The Sidekick doesn't have Bluetooth.

Anyway, the current rumors are that she used "What is your favorite pet's name?" as her password reminder. Considering said pet made headlines when she "lost" it a few months back, somehow I'm not surprised someone else would have been able to leverage that password reminder. :roll:
Password reminder schemes are the work of the devil, plain and simple. :twisted: I cannot think of a more insecure method to put data behind and it is the sheer laziness of companies to put those in place so they don't have to fool with customers calling in. I never EVER answer them unless the system mandates it, then I litterally bank on the keyboard for a few minutes until the answer box fills up and IE beeps at me. Then I press submit.

Tech Support: Yes Mr. Hansberry, I can help you retrieve your account password. Can you please tell me the name of your favorite pet?
Ed: faweqtq324sdadgrq43qtdsasszzzz
Tech Support: Uh... can you spell that please?

:mrgreen:

The Sidekick doesn't have Bluetooth.

Anyway, the current rumors are that she used "What is your favorite pet's name?" as her password reminder. Considering said pet made headlines when she "lost" it a few months back, somehow I'm not surprised someone else would have been able to leverage that password reminder. :roll:
Password reminder schemes are the work of the devil, plain and simple. :twisted: I cannot think of a more insecure method to put data behind and it is the sheer laziness of companies to put those in place so they don't have to fool with customers calling in. I never EVER answer them unless the system mandates it, then I litterally bank on the keyboard for a few minutes until the answer box fills up and IE beeps at me. Then I press submit.

Tech Support: Yes Mr. Hansberry, I can help you retrieve your account password. Can you please tell me the name of your favorite pet?
Ed: faweqtq324sdadgrq43qtdsasszzzz
Tech Support: Uh... can you spell that please?Except that conversation would never take place. I don't write down what I type in. I have no clue. I have my password. I have eWallet. I have backups. I have no need of these security holes. :devilboy:

Password reminder schemes are the work of the devil, plain and simple. :twisted: I cannot think of a more insecure method to put data behind and it is the sheer laziness of companies to put those in place so they don't have to fool with customers calling in.
http://blogs.pcworld.com/techlog/archives/000532.html