what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

verizonBill.txt

verizonBill.txt
Posted Aug 12, 2005
Authored by Jonathan Zdziarski | Site nuclearelephant.com

A sanity check failed to exist in ebillpay's unbilled-usage modules to to correlate phone numbers with accounts. This could have been used by a malicious user to mine data through Verizon Wireless' website about other Verizon Wireless customers.

tags | advisory
SHA-256 | f353ab176a9e04fc59c8897a00b39596a2da68f7d47cbb92dfe69650f1cefb42
Download | Favorite | View

verizonBill.txt

Change Mirror Download

--Apple-Mail-1--567951525
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
  charset=US-ASCII;
  delsp=yes;
  format=flowed

Jonathan A. Zdziarski
Nuclear Elephant
August 11, 2005

Description: East-Coast Verizon Wireless Customer Data at Risk

Synopsis:

Verizon Wireless customers in the east may have had limited personal  
information about their account viewed by other Verizon Wireless  
customers up until early August 11, 2005, when the problem was  
corrected by Verizon Wireless' Security Response Team.

The problem appears to have been localized to the systems containing  
information about Verizon Wireless customers in the east, or  
approximately one third of the customer base. Therefore, only  
customers living in the east were at risk for having any personal  
information leaked.

The problem was confirmed fixed on August 11 at 2AM EST by a Verizon  
Wireless Information Security Team member, and tested and confirmed  
fixed by Nuclear Elephant.

About the Vulnerability:

A sanity check failed to exist in ebillpay's unbilled-usage modules  
to to correlate phone numbers with accounts. This could have been  
used by a malicious user to mine data through Verizon Wireless'  
website about other Verizon Wireless customers. The data available  
included statement activity such as current balance and last payment  
made, and usage information. It may have also been possible at one  
point to activate a handset on another customers' phone number (this,  
however, remained unconfirmed due to the entire activation tool being  
unavailable at the time the vulnerability was discovered; Verizon  
Wireless has not commented on whether this particular vulnerability  
existed).


Contact Information:

Jonathan Zdziarski
jonathan@nuclearelephant.com

Tom Pica
Verizon Wireless
Thomas.Pica@VerizonWireless.com
908-306-4385

Original URL:

http://www.nuclearelephant.com/papers/verizon.html

Notes:

This advisory is in no way affiliated with Verizon Wireless and is  
informational only



--Apple-Mail-1--567951525
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
  charset=ISO-8859-1

<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier">Jonathan A. =
Zdziarski</FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">Nuclear Elephant</FONT></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier">August 11, =
2005</FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">Description: East-Coast Verizon Wireless Customer Data =
at Risk</FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">Synopsis:</FONT></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">Verizon Wireless customers in the east may have had =
limited personal</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">=A0</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">information about their account viewed by other Verizon =
Wireless customers up</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">=A0</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">until early August 11, 2005, when the problem was =
corrected by Verizon</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">=A0</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">Wireless' Security Response Team.</FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 12px/normal Courier; =
min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier">The problem appears to have =
been localized to the systems containing=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">information about Verizon =
Wireless customers in the east, or approximately one</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">third of the customer base. =
Therefore, only customers living in the east were</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">at risk for having any =
personal information leaked.</FONT></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Courier">The =
problem was confirmed fixed on August 11 at 2AM EST by a Verizon =
Wireless=A0</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">Information Security Team member, and tested and =
confirmed fixed by Nuclear=A0</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">Elephant.</FONT></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">About the Vulnerability:</FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 12px/normal Courier; =
min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier">A sanity check failed to =
exist in ebillpay's unbilled-usage modules to=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">to correlate phone numbers =
with accounts. This could have been used by a</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">malicious user to mine data =
through Verizon Wireless' website about other</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">Verizon Wireless customers. =
The data available included statement activity such=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">as current balance and last =
payment made, and usage information. It may have=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">also been possible at one =
point to activate a handset on another customers'=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">phone number (this, however, =
remained unconfirmed due to the entire activation=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">tool being unavailable at =
the time the vulnerability was discovered; Verizon=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">Wireless has not commented =
on whether this particular vulnerability existed).</FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 12px/normal Courier; =
min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">Contact Information:</FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 12px/normal Courier; =
min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier">Jonathan =
Zdziarski</FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier"><A =
href=3D"mailto:jonathan@nuclearelephant.com">jonathan@nuclearelephant.com<=
/A></FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Courier">Tom =
Pica</FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">Verizon Wireless</FONT></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier"><A =
href=3D"mailto:Thomas.Pica@VerizonWireless.com">Thomas.Pica@VerizonWireles=
s.com</A></FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">908-306-4385</FONT></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">Original URL:</FONT></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 12px/normal Courier; min-height: 14px; =
"><BR></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier"><A =
href=3D"http://www.nuclearelephant.com/papers/verizon.html">http://www.nuc=
learelephant.com/papers/verizon.html</A></FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Courier"><BR =
class=3D"khtml-block-placeholder"></FONT></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier">Notes:</FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Courier"><BR =
class=3D"khtml-block-placeholder"></FONT></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier">This advisory is in no way =
affiliated with Verizon Wireless and is informational =
only</FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier"><BR class=3D"khtml-block-placeholder"></FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Courier"><BR =
class=3D"khtml-block-placeholder"></FONT></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier"></FONT></DIV></BODY></HTML>=

--Apple-Mail-1--567951525--

Login or Register to add favorites

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    13 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    32 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close