◆ SpookStack

[esis PM 12/5/2001, Fwd: Hacker Story b6 -2,5 bic -2,5 To: Fron Subject: Fwd: Hacker Story Ca Bee: Attached: [sh forwarded this to me. MCT Security Hole Put AOL, Others, In Hacker's Crosshairs 8y Brian Krebs, Newsbytes WASHINGTON, D.C, U.S.A., 05 Dee 2002, 2:10 PM CST MCI WorldCom [NASDAQ:MCIT] recently moved to secure several vulnerable portions of their network that allowed a researcher to obtain the keys to private network routers for dozens of Fortune 500 companies. AOL Time Wamer, Bank of America, Citicorp, Fox News Corp., JP Morgan, McDonald s, and Sun Microsystems - to name just a few - were among those firms whose internal systems information was vulnerable to compromise. Security researcher Adrian Lam discovered the vulnerability after stumbling upon several proxy Web servers on MCI's Internet address space. The proxy allowed Lamo to gain access to the company’s Intranet, and to a tool that MCI technicians use to perform routine router maintenance for hundreds of the company's largest customers. After realizing the full extent of the information and access at hand, Lamo contacted WorldCom through security intelligence firm SecurityFocus.com. Not only did the security hole allow Lamo to remotely manage custorrer routers, this vector paved the way to customer access information including router dialups, logins, and "enable" passwords - the administrative passwords needed to take total control of a router. b7C -5 FBI(19-cv-1495)-2165