Wednesday, January 20, 2010

Road Runner Easily Leaks Customer Info


--- Self Investigated ---

Road Runner High Speed Online has a flaw in their 'Help' page.
To gain access to personal user information, you are required to enter your 'primary' phone number (for the account) and your Mac address.
These are things that can be easily obtained through information gathering.
The mac address of a user can be found by breaking down the properties of the ip address or by simply using the 'arp -a' (in dos/cmd prompt) command to match an IP with the 'Physical Address'.
Once the account is accessed the hacker can make changes to the account, change passwords and upgrade or cancel service.

No comments:

Post a Comment