American telecommunications giant Verizon aeration have significant security vulnerabilities, leakage of customer information-vulnerability warning-the black bar safety net

ID MYHACK58:62201562475
Type myhack58
Reporter 佚名
Modified 2015-05-16T00:00:00


The United States largest wireless communications provider Verizon to 4 4 billion USD acquisition of Aol AOL message Board this week to foreign media news headlines. However, BuzzFeed's latest report shows that Verizon in the design of a major security vulnerability could allow the telecommunications giant suffered a more challenging week, an attacker exploiting the vulnerability only required a browser plug-in and make a few phone calls you can get Verizon customer, all personal information, while controlling the customer's Verizon account. The vulnerability principle Last week, BuzzFeed received from the Cinder of the current Chief Information Security Officer Eric Taylor before the hack message, claiming that Verizon system in the presence of a vulnerability, an attacker once exploited you can easily obtain Verizon customers ' personal information: just a browser plug-in and to support to dial a few phone calls. On receipt of Taylor's information, BuzzFeed's Joseph Bernstein in a matter of hours within control of a couple of Verizon accounts. The entire process includes only“two to download, copy and paste the e-mail some information, and then with Verizon customer service for some information exchange” in. The vulnerability exists, mainly because Verizon's customer service website is through the customer's computer IP address to distinguish each client. And this IP address is provided by customer's Internet service provider. Therefore customer service website to determine the basis, whether a customer to a Verizon can identify the IP address to access their website. Because these IP address for each home network client is unique, so when it encounters one can identify the IP address, it will know the IP address corresponding to the user information, and automatically displaying the customer's location information, name, phone number, and email address, and this information is exactly what control Verizon account required. ! Verizon's official response As the largest U.S. local telephone company, the largest wireless communications company, the world's largest print Yellow Pages and online Yellow Pages information provider, Verizon in the United States, Europe, Asia, the Pacific and other Global 4 5 a state-run telecommunications and wireless services company in the New York Stock Exchange. Therefore the vulnerability of the affected user community is very large, and for every Verizon customer, now very worried about their information will be propagated to the network. However, it is noted that the vulnerability has been fixed in the release of the report before BuzzFeed has informed Verizon, and the report has been updated with Verizon's statement is as follows: “We have reason to believe this did not affect any customers, except those that were Buzzfeed, the use of the information. Once we find any problem, will directly contact these affected customers.” This is indeed a good news, but as BuzzFeed in the other parts of the update stated: the vulnerability is from 4 on 2 2 may be found, if there is a more nefarious network of organizations earlier than Taylor found the vulnerability, it will cause immeasurable loss. Now, this topic has become around the Verizon future sustained growth of the discussion of an integral part.