So, you don’t click on “phishy” links, keep your pc free from spyware, only bank at secure websites, do all the good things a cautious computer user is supposed to do to keep from having your identity stolen. Your safe right? Not entirely. I just found this in the Security Fix… Verizon Wireless Fixes leaky website.
Apparently someone was writing a script to check their minutes and discovered that the site didn’t properly verify information and once logged in he could check ANY users minutes and billing just by using the phone number. He contacted Verizon Wireless who says that it only affected (or could have been exploited by) Verizon Wireless customers who signed up to view billing information online.
They fixed this problem Thursday morning and found two other web programming flaws that could expose the handset a user uses, plus their general location. What was more scary was this…. the person that discovered the original flaw says there is another flaw in the site that could allow “an attacker” to map a users cell phone number to theirs. In other words it could be possible to have your verizon wireless cell phone number hijacked. Accepting incoming calls and making outgoing calls as the “victims” account. He couldn’t confirm it but was fairly sure this was possible.
So, the moral of the story is this…. check your bills, do what you’re supposed to do to keep yourself safe. On the other end businesses need to do their part as well. I’m impressed that on the disclosure of one vulnerability Verizon Wireless combed the billing areas of the sites looking for other problems. That’s the kind of initiative you like to see. Of course, it would have been nice to see this not be an issue in the first place. There was no confirmation from Verizon on the more disturbing “phone hijacking” issue. That makes me uncomfortable to say the least.
A lot of times I talk to people about ordering online. It’s the usual tutorial about making sure it’s a “secure” site. (Either with https in the address bar, or with the “lock” icon in the browser window.) Some are still very cautious about wanting to do anything related to money transfer online though because they see it as risky. I explain that in some ways it CAN be more secure than going to a restaurant and giving the waiter(tress) a credit card to pay and then they come back in a few minutes. It CAN be a more secure way of dealing with transactions IF ALL of the following are true 1)your end of things is secure from viruses/keyloggers and spyware, 2) you use an encrypted connection (https or “the lock icon” usually symbolize this.) AND 3) the business on the other end takes security seriously.
Unfortunately I have a nightmarish vision that some online businesses have a Windows 98 (We don’t need no stinkin windows updates….) PC running their ecommerce server with no antivirus protection. And there’s the rub. How secure is our data on “the other end”. Most larger businesses we would hope are on top of the game, but when there were stories of ATM’s going down due to the Blaster worm a couple years back you really wonder who is concerned about securing businesses data?
On an offline scale though you have similar problems…. Not too many years ago in our area the police broke up a ring of people that were stealing credit card information. Not online, but they worked in restaurants in the area (2 or 3 different restaurants had employees that were nabbed if I recall.) They would take the bill to the customer, retrieve the credit card and bill, swipe the card through a hand held reader on their way to the register, ring it up and take it back to the table. The customer wouldn’t know they’d had their card data stolen until weeks (months?) later.
Let’s hope Verizon Wireless continues to audit their web interface and make sure they’ve got a tight ship. AND hope this gets the media coverage it deserves to keep the pressure on them.
Related PostsRelated Posts
- Network Security guide for the home or small business network - Part 8 - Don't be afraid to ask for help Deep breath time. We've covered a lot of good topics and it's important at this point to take a close look at what we've talked about and think. "Am I overwhelmed?" If so that's fine. Maybe you don't have enough time to think about all of this network security stuff.......
- Network Security guide for the home or small business network - Part 17 - The Security Mindset This may be one of the most important entries in this series. An important defence against those that would try to access your network is to constantly have the "security mindset". Ask yourself "do I need this, how could it be exploited, what are the implications of this"... When it......
- Upgrading laptop wireless George Ou had a good article on upgrading a laptops wireless to a multiband adapter. It looks like a fairly straightforward process. Personally, I've not risked much with regards to laptop repairs. (Keyboard replacement, battery replacement, hard drive replacement and memory have been the typical laptop repairs I've done -......
- Small Business Financing: Taking Advantage Of Credit Cards And Knowing When To Avoid Them If you’re looking at starting a small business, you may be overwhelmed by the prospect of finding a way to fund your new venture. While there are a variety of options out there, one size does not fit all, and you’ll want to take a careful look at your own......
- Prosper Ordered to Cease and Desist by SEC http://www.sec.gov/litigation/admin/2008/33-8984.pdf It appears to me that the ruling isÂ that they have been selling unregistered securities without a license.Â Â What does that mean for the lenders?Â Â Doesn't the board and company officers have some personal liability too? There is some discussion at prospers.org: http://www.prospers.org/forum/prosper_order_to_cease_and_desist_by_sec-t10903.0.html No one seems sure just yet... SEC: UNITED......
- Using Credit Cards to Make More Money When it comes to credit cards, most of us think of them as a way to get things we really want right now. We may not actually "need" these things, but we sure do want them. Whether it's a new couch, a new stereo or even a new wardrobe, we......
- Verizon emails a customer spreadsheet by mistake….
- Google cache revealing critical personal infromation
- How common is data theft?
- Scottrade announces compromise that put eCheck secure infromation at risk
- Some companies unable to secure your data