The Norwegian provider gave the client’s IP number in the browser
In Norway, the other day a problem was discovered on the side of the provider NextGenTel , which made a very real threat “I will find you by ip”. On the company's routers, software was installed that gives the phone number of a specific user, according to his ip.
However, no special tools are needed. The usual browser, we drive in the address line ip, we get a page with information about the operation of the router. On the same page indicated the phone number of the client.
Of course, using the site-directory type 1881.no , the phone number could easily get the name of the person and his address.
')
The problem was discovered by the local Dinside site, whose representatives told the provider about the found vulnerability. The provider’s technical staff quickly fixed the problem, but this case shows howstupid a simple way in which private information of a client / user can be obtained by a third party can be.
All technical tools designed to protect customer / user data may be useless in case of such errors that nobody suspects.
By the way, not so long ago there was a case in Norway, which shows how usually local providers are sensitive to the protection of their clients' private information. The fact is that the Norwegian “anti-piracy” organization received the ip of the user who uploaded some movie on The Pirate Bay. The provider refused to provide customer data, and the case went to the Supreme Court.
This is not a pre-trial provision of all possible customer data on the first phone call ...
Via torrentfreak
However, no special tools are needed. The usual browser, we drive in the address line ip, we get a page with information about the operation of the router. On the same page indicated the phone number of the client.
Of course, using the site-directory type 1881.no , the phone number could easily get the name of the person and his address.
')
The problem was discovered by the local Dinside site, whose representatives told the provider about the found vulnerability. The provider’s technical staff quickly fixed the problem, but this case shows how
All technical tools designed to protect customer / user data may be useless in case of such errors that nobody suspects.
By the way, not so long ago there was a case in Norway, which shows how usually local providers are sensitive to the protection of their clients' private information. The fact is that the Norwegian “anti-piracy” organization received the ip of the user who uploaded some movie on The Pirate Bay. The provider refused to provide customer data, and the case went to the Supreme Court.
This is not a pre-trial provision of all possible customer data on the first phone call ...
Via torrentfreak
Source: https://habr.com/ru/post/215143/
All Articles