fringe: verizon archive security glitch?

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: David Farber <dave () farber net>
________________________________________
From: Deborah Alexander [dsalexan () optonline net]
Subject: verizon archive security glitch?

Dave ? for IP-ers, if you think of use...

Scrolling blogs this a.m., I came across a posting that seems interesting 
in light of the presumptive Republican Presidential Candidate?s views 
about telecoms, privacy and immunity:

From
http://www.explananda.com/

On Thursday morning, I was trying to access some old cell phone bills 
online at www.verizonwireless.com. As I clicked through the months, most 
of the time the correct bill came up (as a pdf). But twice for some reason 
verizonwireless.com served up someone else?s bill. The first time I just 
absentmindedly clicked away and tried again. But the second time it 
occurred to me that there was something really squirrelly about the fact 
that I was able to access some other random dude?s bill. I could see all 
the calls that this guy made in September, 2007, his account number, and 
the fact that his bill was past due that month. That?s hardly the biggest 
security breach in history, but it?s also a legitimate concern for people 
who care about their privacy, and rely on companies to take reasonable 
steps to secure personal information.

I spent 30 minutes on the phone with Verizon trying to get someone to 
understand that there was clearly some technical glitch on their end, and 
that it raised a privacy issue (and a potential legal issue for them).

<snip>

[Verizon] promised me that someone would call me back with an explanation. 
No one has called yet.

I also made them promise to call this guy and tell him that someone else 
had been able to view information that should have been kept private, but 
about 5 minutes after I got off the phone with them I realized that that 
was unlikely. So I called the guy up and left a message. He called back a 
few hours later. No one from Verizon had called him.

<snip>

[ADDED BY WAY OF FOLLOW UP COMMENT]:

I found it sort of interesting from an organizational perspective. 
Obviously Verizon gets a lot of calls from a lot of angry or strange 
people every day. So they need pretty robust filters, so that upper level 
managers don?t have to talk to every crackpot who calls with some issue 
that the operators aren?t in a position to properly assess. The result is 
that there was apparently no way at all for them to escalate the issue 
efficiently and effectively. According to them - and this may well be true 
- they just couldn?t get a hold of a supervisor who would be high up and 
smart enough to grasp the legal implications of my point, let alone the 
privacy and public relations aspect.

<snip>

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml