Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Verizon FiOS app vulnerability Exposes 5 MILLION Customers' Email Addresses


  • Please log in to reply
1 reply to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:11 PM

Posted 19 January 2015 - 02:06 AM

 

A critical vulnerability discovered in Verizon's FiOS mobile application allowed an attacker to access the email account of any Verizon customer with relative ease, leaving almost five million user accounts of Verizon's FiOS application at risk.
 
The FiOS API flaw was discovered by XDA senior software developer Randy Westergren on January 14, 2015, when he found that it was possible to not only read the contents of other users' inboxes, but also send message on their behalf.
 
The issue was discovered while analyzing traffic generated by the Android version of My FiOS, which is used for account management, email and scheduling video recordings.
 
Westergren took time to put together a proof-of-concept showing serious cause for concern, and then reported it to Verizon. The telecom giant acknowledged the researcher of the notification the same day and issued a fix on Friday, just two days after the vulnerability was disclosed. That's precisely how it should be done - quickly and efficiently.
 
 

Microsoft could learn a lot more from Verizon, as Microsoft wasn't able to fix the security flaws in its software reported by Google’s Project Zero team even after a three-month-long time period provided to the company. One-after-one three serious zero-day vulnerabilities in Windows 7 and 8.1 were disclosed by Google’s security team before Microsoft planned to patch them.
Verizon FiOS app vulnerability Exposes 5 MILLION Customers' Email Addresses

 

 


Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


BC AdBot (Login to Remove)

 


#2 czarboom

czarboom

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central Texas
  • Local time:07:11 AM

Posted 02 March 2015 - 02:53 AM

HA, you can add this to Verizons reply to the FCC and Net neutrality, stupid ISPs. 


CZARBOOM 
 
"Never Stop Asking Questions, Question Your Environment, Question Your Government, above all Question Yourself.  We all lose when you Stop asking Why?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users