Wide open gate in Telstra’s Walled Garden

There I was perusing the Sensis WAP site from an Optus mobile phone when I seem to have clicked my way into the Telstra/Bigpond walled garden.  For those of you that don’t know a walled garden is supposed to be impenetrable to users not on that telcos network.  e.g. Vodafone Live is for Vodafone, Optus Zoo is for Optus and Bigpond mobile is for Telstra.Here is the entry screenBigpond Welcome screen Here is the portalbigpond portal Here is the news and weather, this is almost certainly premium content and should not be seen by non-telstra customers. news and weatherAnd here is the account information page, predictably this has errors due to Telstra not having a clue who is browsing the site.Telstra Account   How to fix: 

  • Lock down content to IP ranges of Telstra mobiles
  • Look for special headers containing customer id or msisdn, deny access if not found

Coming soon: Naive (i.e. exploitable) examples of ‘send to a friend’ SMS tools on mobile sites


