Having worked for Telcos I have seen first hand the mess the security is. Despite raising concerns time and time again, it always got swept under the carpet. I remember talking to one guy during an external audit. I went through my concerns with him. The report (when it was published later) was pretty scathing.
Roll forward 2 YEARS and the guy gets employed by the Telco in question. He turned up at my desk with a forlorn look on his face and said "Nothing raised in that report has been implemented. If anything, its got worse!". I just grinned and welcomed him to my hell.
Even the new network designs had such obvious security implications that anybody looking at it would say 'Hold up - you did what?' but they still got implemented because it was deemed too late to fix it.
Biting the hand that feeds IT
