Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Bulletin: Home Addresses for Unlisted Numbers Exposed on Web -- For Free!

From: David Farber <dave () farber net>
Date: Fri, 14 Dec 2007 12:50:33 -0500


Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: December 13, 2007 4:18:46 PM EST
To: dave () farber net
Cc: lauren () vortex com
Subject: Bulletin: Home Addresses for Unlisted Numbers Exposed on Web -- For Free!
Bulletin: Home Addresses for Unlisted Numbers Exposed on Web -- For Free! 

            http://lauren.vortex.com/archive/000341.html


Greetings.  This message is basically a heads-up warning.  I have
discovered a serious and easily exploited security flaw in the
operations of a major commercial Web services provider, which
exposes the street address and/or billing address information for
(apparently) a very large proportion of U.S. landline phone numbers,
*even if those numbers are unlisted*.

While such "reverse lookups" for *listed* numbers are common,
unlisted number information is supposedly held to the highest
security standards of telephone company customer premises
information -- though third party mining of this data has been of
increasing concern.  How this unlisted number data has found its way
into this publicly accessible database is a very interesting
question indeed.

Most people must pay extra for unlisted numbers, and often have them
for security reasons.  With numbers so widely exposed by calling
number identification systems (CNID) and in the course of routine
business transactions, the easy availability of the addresses
associated with these unlisted numbers is a very serious matter.

I am still attempting to reach responsible parties at the firm
involved.  I will not expose the technique for obtaining these
addresses here and now for obvious reasons, but I will consider
providing more details upon request to bona fide security experts
and media -- under appropriate confidentiality guidelines to protect
this data until the breach has been closed.

More later.

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
  - People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
  - Network Neutrality Squad - http://www.nnsquad.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com


-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: