Not that T-Mobile needs to have more vulnerabilities on their website exposed, but I was looking at the URL of the my.t-mobile.com page and it is a hazard waiting to happen. The URL can be recrafted so that someone could be redirected to a page that looks like a T-Mobile page, then information could be phished from them...

Anyways, I documented the vulnerability here (http://www.ultramookie.com/wayback/2005/02/28/t-mobile-log-in-security-vulnerability/).

Have you reported this to T-Mobile? Because it would surely be to their advantage as well, not only its valuable customers

Have you reported this to T-Mobile? Because it would surely be to their advantage as well, not only its valuable customers

Yes, I reported it to T-Mobile already. Have not heard anything yet though.

Hmmm, I tried your links, and while it didn't lead me to My T-Mobile webpage, it only said there was an error and that I should try clickin on the ultramookie link...when I did, it came up with this like agreement window, so I didn't really feel like going through the trouble of it...

Whoops. I pasted a link that I was testing with and was old. I fixed it now, it should work now.