Interesting People mailing list archives
Bulletin: Home Addresses for Unlisted Numbers Exposed on Web -- For Free!
From: David Farber <dave () farber net>
Date: Fri, 14 Dec 2007 12:50:33 -0500
Begin forwarded message: From: Lauren Weinstein <lauren () vortex com> Date: December 13, 2007 4:18:46 PM EST To: dave () farber net Cc: lauren () vortex comSubject: Bulletin: Home Addresses for Unlisted Numbers Exposed on Web -- For Free!
Bulletin: Home Addresses for Unlisted Numbers Exposed on Web -- For Free!
http://lauren.vortex.com/archive/000341.html Greetings. This message is basically a heads-up warning. I have discovered a serious and easily exploited security flaw in the operations of a major commercial Web services provider, which exposes the street address and/or billing address information for (apparently) a very large proportion of U.S. landline phone numbers, *even if those numbers are unlisted*. While such "reverse lookups" for *listed* numbers are common, unlisted number information is supposedly held to the highest security standards of telephone company customer premises information -- though third party mining of this data has been of increasing concern. How this unlisted number data has found its way into this publicly accessible database is a very interesting question indeed. Most people must pay extra for unlisted numbers, and often have them for security reasons. With numbers so widely exposed by calling number identification systems (CNID) and in the course of routine business transactions, the easy availability of the addresses associated with these unlisted numbers is a very serious matter. I am still attempting to reach responsible parties at the firm involved. I will not expose the technique for obtaining these addresses here and now for obvious reasons, but I will consider providing more details upon request to bona fide security experts and media -- under appropriate confidentiality guidelines to protect this data until the breach has been closed. More later. --Lauren-- Lauren Weinstein lauren () vortex com or lauren () pfir org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, NNSquad - Network Neutrality Squad - http://www.nnsquad.org Founder, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Bulletin: Home Addresses for Unlisted Numbers Exposed on Web -- For Free! David Farber (Dec 14)