This morning the press covered a mixed bag of security troubles at Bloomberg (dossier), Safeway U.K. and Verizon. The first two suffered embarrassing break-ins; Bloomberg provided a rare happy ending.
Bloomberg's story was the most dramatic - the company's founder and chief played a role in the arrest of two extortionists - but the Bloomberg news agency itself played the story short and cool. It fell to the Wall Street Journal to gush over Michael Bloomberg's "apparent turn as James Bond." The New York Times' John Sullivan provided extensive background and detail on an extortion plot by two Kazakhstanis that unfolded over the last six months and unraveled last Thursday in London.
Officials at Safeway U.K. probably wish they had a Michael Bloomberg on their staff. On Friday, hackers embarrassed Safeway by breaking into its Web server and downloading the e-mail addresses of thousands of customers. The merry perps then sent an official-looking, if crude, e-mail from Safeway's server to the company's customers, announcing an immediate 25 percent price hike and inviting the customers to shop elsewhere. Safeway has shut down its U.K. Web site, Reuters and Bloomberg reported.
Also in the news was a security and privacy leak at Verizon. Its Web site offered a self-help application enabling customers to report equipment problems and track repair progress. Unfortunately, a visitor to this site could type in any phone number on the East Coast and the program would cheerfully reveal details of that customer's identity and service history. SecurityFocus told Verizon of the problem on Sunday, and Bloomberg (again) and MSNBC reported that Verizon took the site down. But an updated story running on SecurityFocus.com this morning claimed that Verizon merely removed a link to the application from its top page - anyone who had bookmarked the troublesome site can still get to it. Kevin Poulsen, writing for SecurityFocus, provided all the gearhead details on how the security flaw works.
Adding insult to Verizon troubles, the New York Post reported - in the best-headlined story of the morning - on a little spat the company is having with 2600, the hacker quarterly. It seems that before announcing its new name, the merged Bell Atlantic (VZ)-GTE (GTE) dropped $50,000 on 707 domain names such as verizonstinks.com and verizonbites.com. The hacker magazine posted a list of these names and then registered one of its own: verizonREALLYstinks.com. And after Verizon's lawyers sent them a nastygram, 2600 registered one more name: verizonshouldspendmoretimefixingitsnetworkandlessmoneyonlawyers.com. - Keith Dawson
Two Charged in Hacking, Extortion Scheme (Bloomberg)
Michael Bloomberg Assists in Suspected Hacker Arrest
Wall Street Journal
(Paid subscription required.)
2 Arrested in Bloomberg Extortion Case
New York Times
Bloomberg Computers Hacked (Reuters)
Safeway's U.K. Web Site Hacked (Bloomberg)
Hacker Hoax at Safeway (Reuters)
Verizon Site Exposed Customer Data
Verizon Self-Help Site Halted After Notice of Security Breach (Bloomberg)
Update: Verizon Hole Still Open
New York Post