IP: Privacy Flaw Found at Verizon Wireless Site

[David Farber <dave () farber net>]

>

Damn and I use this djf

> Date: Tue, 04 Sep 2001 17:38:30 -0400
> To: dave  Farber <farber () cis upenn edu>
> From: Brian McWilliams <brian () pc-radio com>
> Subject: Privacy Flaw Found at Verizon Wireless Site
>
> FYI ...
>
> Privacy Flaw Found at Verizon Wireless Site
> http://www.newsbytes.com/news/01/169729.html
>
> Verizon Wireless is leaking private information about cell phone customers 
> who use its Web site, Newsbytes has confirmed.
>
> The privacy flaw, discovered by a Seattle software developer, enables 
> unauthorized individuals to browse customer account information, including 
> billing details.
>
> Using instructions posted Saturday by Marc Slemko to a security mailing 
> list, Newsbytes was able to pull up detailed billing records of Verizon 
> Wireless customers who use the firm's My Account service.
>
> Brian Wood, executive director of corporate communications, said Verizon 
> Wireless is still investigating the validity and scope of the problem.
>
> "If our investigations uncover a security lapse, we will take immediate 
> action to fix it," said Wood.
>
> Verizon Wireless has 28 million customers, an undisclosed number of which 
> use the company's Web site to manage their accounts, said Wood.
>
> Slemko, a founding member of the Apache Software Foundation, said he 
> decided to go public with his discovery after reporting the privacy flaw 
> to the wireless carrier two weeks ago and receiving no reply.
>
> [snip]



For archives see: http://www.interesting-people.org/