O2's MMS legacy Internet system a tad leaky

I was amused to see that O2 - seemingly not content with tarnishing the launch of its iPhone 3G with stock shortages and customer activation problems - has been found wanting on the IT security front.

According to the INQuirer newswire
, a legacy method of accessing MMS (picture messages) on the O2 Web portal appears to include the MMS message details in the URL of the Web page.

This old security chestnut went out - I thought - a good few years ago when it was revealed as a hacker's paradise when it was used (allegedly) as a means of getting cheap rail tickets.

But I digress.

According to the Inquirer, "whilst it's difficult for a simple user to guess the URL parameters needed, Google has no such difficulty scanning the site and indexing customers MMS messages."

The O2 Web site security flaw was discovered late last week and O2 responded - somewhat drastically over the weekend - by shutting off access to its MMS access system on the Web.

Looks like the cherubs at O2's t'Internet division have been working overtime on that security fix. Not.