Re: Neato Bell Atlantic Feature

[Russell Berry <russ () BERREX COM>]

When I saw this I decided to do some investigating of other websites.  My bank,
and a few of my credit cards have online sites to access data.  A couple take
your social security number for a log in name.  On at least one site, I could
put in my social security number, and a b0gus password.  Java runs, and even
though it returns an invalid login, the souce of the script running spews out
account information.  Go figure.

Stop looking at this as a toy to go play with, and start looking for similar
breaches in the institutions you all use and warn them accordingly.  I fear
there is a LOT of this kind of vulnerability going around.

Regards,

Russell

On 14-Aug-00 Seth Cohn wrote:
> Had someone in BA country check it out.  Among other things, it returns
> name and address for a phone number and also a PUB notation.  I wonder if
> private numbers will also be listed... could be, looks like a db lookup.
> In which case, a autoscanner could compile a list of private numbers. :(
>
> Expect this to go away rsn.  Too easy to abuse.

Words to Live by...
        Work like you don't need money,
        Love like you've never been hurt,
        Dance like nobody's watching.