what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

verizonBill.txt

verizonBill.txt
Posted Aug 12, 2005
Authored by Jonathan Zdziarski | Site nuclearelephant.com

A sanity check failed to exist in ebillpay's unbilled-usage modules to to correlate phone numbers with accounts. This could have been used by a malicious user to mine data through Verizon Wireless' website about other Verizon Wireless customers.

tags | advisory
SHA-256 | f353ab176a9e04fc59c8897a00b39596a2da68f7d47cbb92dfe69650f1cefb42
Download | Favorite | View

verizonBill.txt

Change Mirror Download

--Apple-Mail-1--567951525
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
  charset=US-ASCII;
  delsp=yes;
  format=flowed

Jonathan A. Zdziarski
Nuclear Elephant
August 11, 2005

Description: East-Coast Verizon Wireless Customer Data at Risk

Synopsis:

Verizon Wireless customers in the east may have had limited personal  
information about their account viewed by other Verizon Wireless  
customers up until early August 11, 2005, when the problem was  
corrected by Verizon Wireless' Security Response Team.

The problem appears to have been localized to the systems containing  
information about Verizon Wireless customers in the east, or  
approximately one third of the customer base. Therefore, only  
customers living in the east were at risk for having any personal  
information leaked.

The problem was confirmed fixed on August 11 at 2AM EST by a Verizon  
Wireless Information Security Team member, and tested and confirmed  
fixed by Nuclear Elephant.

About the Vulnerability:

A sanity check failed to exist in ebillpay's unbilled-usage modules  
to to correlate phone numbers with accounts. This could have been  
used by a malicious user to mine data through Verizon Wireless'  
website about other Verizon Wireless customers. The data available  
included statement activity such as current balance and last payment  
made, and usage information. It may have also been possible at one  
point to activate a handset on another customers' phone number (this,  
however, remained unconfirmed due to the entire activation tool being  
unavailable at the time the vulnerability was discovered; Verizon  
Wireless has not commented on whether this particular vulnerability  
existed).


Contact Information:

Jonathan Zdziarski
jonathan@nuclearelephant.com

Tom Pica
Verizon Wireless
Thomas.Pica@VerizonWireless.com
908-306-4385

Original URL:

http://www.nuclearelephant.com/papers/verizon.html

Notes:

This advisory is in no way affiliated with Verizon Wireless and is  
informational only



--Apple-Mail-1--567951525
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
  charset=ISO-8859-1

<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier">Jonathan A. =
Zdziarski</FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">Nuclear Elephant</FONT></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier">August 11, =
2005</FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">Description: East-Coast Verizon Wireless Customer Data =
at Risk</FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">Synopsis:</FONT></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">Verizon Wireless customers in the east may have had =
limited personal</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">=A0</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">information about their account viewed by other Verizon =
Wireless customers up</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">=A0</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">until early August 11, 2005, when the problem was =
corrected by Verizon</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">=A0</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">Wireless' Security Response Team.</FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 12px/normal Courier; =
min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier">The problem appears to have =
been localized to the systems containing=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">information about Verizon =
Wireless customers in the east, or approximately one</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">third of the customer base. =
Therefore, only customers living in the east were</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">at risk for having any =
personal information leaked.</FONT></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Courier">The =
problem was confirmed fixed on August 11 at 2AM EST by a Verizon =
Wireless=A0</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">Information Security Team member, and tested and =
confirmed fixed by Nuclear=A0</FONT><FONT class=3D"Apple-style-span" =
face=3D"Courier">Elephant.</FONT></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">About the Vulnerability:</FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 12px/normal Courier; =
min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier">A sanity check failed to =
exist in ebillpay's unbilled-usage modules to=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">to correlate phone numbers =
with accounts. This could have been used by a</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">malicious user to mine data =
through Verizon Wireless' website about other</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">Verizon Wireless customers. =
The data available included statement activity such=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">as current balance and last =
payment made, and usage information. It may have=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">also been possible at one =
point to activate a handset on another customers'=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">phone number (this, however, =
remained unconfirmed due to the entire activation=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">tool being unavailable at =
the time the vulnerability was discovered; Verizon=A0</FONT><FONT =
class=3D"Apple-style-span" face=3D"Courier">Wireless has not commented =
on whether this particular vulnerability existed).</FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 12px/normal Courier; =
min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">Contact Information:</FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 12px/normal Courier; =
min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier">Jonathan =
Zdziarski</FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier"><A =
href=3D"mailto:jonathan@nuclearelephant.com">jonathan@nuclearelephant.com<=
/A></FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Courier">Tom =
Pica</FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">Verizon Wireless</FONT></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier"><A =
href=3D"mailto:Thomas.Pica@VerizonWireless.com">Thomas.Pica@VerizonWireles=
s.com</A></FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">908-306-4385</FONT></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 12px/normal Courier; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier">Original URL:</FONT></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 12px/normal Courier; min-height: 14px; =
"><BR></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier"><A =
href=3D"http://www.nuclearelephant.com/papers/verizon.html">http://www.nuc=
learelephant.com/papers/verizon.html</A></FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Courier"><BR =
class=3D"khtml-block-placeholder"></FONT></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier">Notes:</FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Courier"><BR =
class=3D"khtml-block-placeholder"></FONT></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier">This advisory is in no way =
affiliated with Verizon Wireless and is informational =
only</FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><FONT class=3D"Apple-style-span" =
face=3D"Courier"><BR class=3D"khtml-block-placeholder"></FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT class=3D"Apple-style-span" face=3D"Courier"><BR =
class=3D"khtml-block-placeholder"></FONT></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
class=3D"Apple-style-span" face=3D"Courier"></FONT></DIV></BODY></HTML>=

--Apple-Mail-1--567951525--

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close