◆ SpookStack

Sites Revealed Passwords For Thousands Of Ameritech Users @ Page 2 of 3 information, we're going to take steps to remind our customers to proactively change their passwords in accordance with our security guidelines.” Koenig said the company still does not know why the sites were jeft unsecured or how long they had been’exposed. Ameritech, which was bought by San Antonio-based SBC Communications in 1998, serves five states in the Midwest, including Illinois, Michigan, Ohio, Oklahoma and Wisconsin. *A live intruder will inherently see things corporate integrity assurance will miss — intrusion cannot be taught at Seminars,” Lamo said. “I'm sure Ameritech does take user privacy seriously, but unfortunately, that's just not enough. This is a massive implementation error for any company. There's no way around that.” Lamo is known for tracking down Fortune 500 company Web sites that employ shoddy or nonexistent security measures. Last year, he stumbled upon a similarly unprotected Web database containing information on thousands of Microsoft’s customers. Last December, Lamo discovered an Internet-accessible Web tool that provided easy access to the keys to private network routers for dozens of companies, including AOL Time Warner, Bank of America, Citicorp, Fox News Corp., JP Morgan, McDonaids and Sun Microsystems - to name just a few. Days after the Sept. 11 attacks, Lamo used a proxy on a Yahoo story server to change the content of a story on the company’s Web site about Russian programmer Dmitry Skiyarov. In May, he alerted ExciteAtHome to several rogue proxies on the company’s network that left the personal information of nearly 3 million customers and several thousand company employees available to even the most marginal of system crackers. In the majority of those cases, the Web pages or routers in question were made vulnerablé through rogue “proxies,” machines that allow users to route through ~ or into ~ networks, often skirting past firewalls. Yet, in Ameritech’s case, the customer data pages were facing the Internet completely unsecured. Ameritech has suffered other Web-based security issues in previous years. Most recently, South Bend Hackers Club President Keith Kimmel publicized a strikingly simitar exposure on Ameritech’s eBill site. “T'd think that this would have left them with a greater awareness of the potential of web-based vulnerabilities,” Lamo said. "That said, Ameritech's response to this matter was more timely than others they've generated in the past.” Reported by Newsbytes.com, ://www.newsby com 13:30 CST Reposted 13:44 CST (20020222 /WIRES TOP, ONLINE, LEGAL, BUSINESS, TELECOM/SBC/PHOTO) © 2002 The Washington Post Company http:/Avww newsbytes.com/news/02/174719 html 3/11/02 FBI(19-cv-1495)-1060