Hilton, the hotel heiress who shot to prominence after starring in a home video that became an Internet phenomenon, found herself again exposed on the Net when the. The content included the phone numbers of the socialite's friends, such as rapper Eminem, actor Vin Diesel, actress Lindsay Lohan, singers Christina Aguilera and Ashlee Simpson, and tennis players Andy Roddick and Anna Kournikova.
A representative for T-Mobile confirmed that information from Hilton's T-Mobile Sidekick has been posted online, but it's unknown whether the information was accessed via hacking or use of the password. The Sidekick allows owners to make phone calls, surf the Web, take pictures, and send e-mail and instant messages. It uses an online server to store at least some information, including phone numbers.
A mass-mailingfrom Hilton's video took to the Web soon afterward, quickly becoming the third most commonly encountered virus. The new Sober variant sends itself in German and English, using a variety of subject lines, including "Paris Hilton, pure!" and "Paris Hilton SexVideos."
While the FBI investigates the suspected Hilton hacking, it is also warning about malicious e-mails.
The mail is disguised as correspondence warning people that their Internet use has been monitored by the FBI's Internet Fraud Complaint Center and that they have "accessed illegal Web sites." The e-mails then direct recipients to open the virus-laden attachment to answer a series of questions.
Hilton was not alone in Web woes. Personal data for more than 20,000 people was exposed by two security holes on PayMaxx's automated W-2 site. The security issues couldgenerated for employees of PayMaxx's clients for the last five years, according to a former PayMaxx customer who discovered the flaws.
The alleged problems came to light after he received notification from the company that his W-2 tax form was available online for download and printing. The link to access the W-2 included an ID number, and he wondered whether the company had protected against an obvious security problem: adding one to the ID number to get the next form.
Meanwhile, a convenient voice mail feature has likelyto unauthorized attackers armed with a simple hack. The attack could be used to download a person's voice mail or take control of the victim's voice mail functions, provided the attacker knew the subscriber's phone number.
T-Mobile acknowledged the problem, but said that the solution is simple: Users should set their voice mail to require passwords.
The problem affects only Web surfers using Microsoft's Internet Explorer who fail to choose the browser's highest security settings.