What Really Happened to Paris?

There has been a lot of speculation about exactly what happened to Paris’ Sidekick (her little mobile PDA device)… Just in case you haven’t heard, Paris Hilton suffered a very unfortunate exposure of her personal information when the data from her sidekick was exposed to the world.

The question I’ve seen over and over is… how did it happen? Did she have a weak password? Or was there a known exploit? In the absence of further evidence, all we really can do is speculate (although the ‘sploit on rootsecure looks pretty convincing to this casual observer.)

One of the things that I find interesting is how T-Mobile can insinuate that this is somehow Paris’ fault. Lest we forget, one of the parties in this equation has a sordid history of having their private bits exposed over and over again in the public eye… and I don’t mean Paris. For example, remember when that guy had complete run of the T-Mobile network for over a year or when T-Mobile had all that data on secret service agents stolen? Oh yeah, and I almost forgot, remember when T-Mobile wasn’t sure who stole what because they didn’t keep sufficient audit data? Seems to me T-Mobile’s cry of “maybe Paris had a weak password” is looking pretty flimsy in the light of their previous security debacles.

In any event, maybe this will be a good thing for the big pink T. After all, we’ve had device ID capability for quite a while now. Maybe one of these phone companies will wake up and realize that maybe if I access their website from a sidekick that they should limit access to people with… well, sidekicks.