Verizon probes security flaw

Subscriber data left flapping in the wind...

The US wireless operator Verizon's web site has a security hole that could allow access to customers' mobile phone account information. The Vodafone subsidiary's web server flaw was first discovered by US developer Marc Slemko, who posted his findings on the security professional's mailing list Bugtraq. Slemko claimed the site allows access via the 'My Account' feature on the site by simply manipulating the URL on the relevant page. Once the URL is changed, it allows free access to customer details, such as account information and home address. Slemko said he notified Verizon first in August 19 saying he would publicise his findings unless the company improved the security of its site. Verizon was unavailable for a comment at the time of writing.