Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Worldcom Security Hole Risked Computers
- From: Howell, Paul
- Date: Wed Dec 05 19:49:02 2001
At http://dailynews.yahoo.com/h/ap/20011205/tc/worldcom_security_1.html
Wednesday December 5 6:15 PM ET
Worldcom Security Hole Risked Computers
By D. IAN HOPPER, AP Technology Writer
WASHINGTON (AP) - A security hole at telecommunications giant Worldcom left
internal networks at several of the nation's top companies open to hackers,
according to Worldcom and the security researcher who discovered the
problem.
Adrian Lamo, a consultant in San Francisco, worked with Worldcom to fix the
months-old problem over the weekend, and the company said there is no
evidence hackers exploited the security hole.
Internal networks belonging to AOL Time Warner, Bank of America, CitiCorp,
News Corp., JP Morgan, McDonald's Corp., Sun Microsystems and many other
companies were vulnerable, he said.
``These networks were never designed to be connected to the Internet,'' Lamo
said. ``They were private circuits running between locations.''
The security problem could have allowed hackers to reconfigure or shut down
the corporate networks, also known as intranets, that are used for
everything from e-mail to financial transactions.
Worldcom spokeswoman Jennifer Baker said none of Worldcom's customers were
affected.
``Adrian worked very cooperatively with us throughout the weekend,'' Baker
said. ``It was a human error on a router.''
A router is a device that serves as a traffic light for messages on computer
networks.
Lamo said he found the hole by poking through Worldcom's public Web site.
``Tons of times there's data that shouldn't be available to anybody that is
out on a public Web server,'' Lamo said.
Lamo praised Worldcom's security procedures, and said he used an
unconventional way to enter the company network that is not often addressed
by security experts. He stressed that he didn't attempt to damage the
internal networks.
Within the last several months, Lamo has found security problems at several
major computer firms, including Microsoft and AOL Time Warner. In September,
he discovered a hole on Yahoo's news site that allowed him to alter several
stories.
In addition to Worldcom's clients, the company itself was also at risk, Lamo
said.
Lamo found ways to reset company passwords, give himself all the computer
power of a company director, redirect e-mail and find personal information
for Worldcom's employees.
``It would have been possible for anyone who was really motivated to change
direct deposit information for employee paychecks to arbitrary accounts
without the employee being notified,'' Lamo said.
|
