Service USPS disclose information to the 60 million users

The gate Arab News Technical The Gate Arab News Technical

خدمة USPS تكشف معلومات 60 مليون مستخدم

Announced the U.S. Postal Service. the USPS on the reform of the security bug that allowed anyone with an account in its website, the USPS introduced the details of the account for about 60 million users last, and in some cases modify the account details on his behalf, and mail service the United States an independent agency of the Federal Government of the United States and is responsible for the provision of postal services in the United States, it is one of the few government agencies explicitly mandated by the Constitution of the United States.

The discovery of this bug for the first time more than a year ago by independent security researcher, which tell the mail service of the United States, but he did not receive any reply from them, and raised the problem of weak authentication in the components within the USPS website e-mail known as the “application program interface” or API, which is basically a set of tools that determine how the interaction of different parts with each other such as databases and web pages.

This place was linked to the initiative of the Postal Service called “clear vision” Informed Visibility, which has been designed in accordance with postal service United States USPS to allow companies, advertisers and other senders of mail to take better decisions by providing them access to feature tracking in real-time.

Presents defect data in near real-time on the package and mail sent by customer commercial in USPS, it also allows any user logged on to the USPS website, electronic searches through the system to get the account details belonging to any other user such as email address, user name and user ID, account number, Street address, phone number and users of Accredited Data Protection, postal and other information.

And many of the features of the application program interface the consequences of the search variable, which means the possibility of retrieving all records for given data set without having to search for specific terms, without the need for tools hacking special to pull this data, other than knowing how to view and modify the data elements that is processed by a regular web browser such as Chrome Chrome or Firefox.

It seems that the USPS has included Step Verification to prevent unauthorized changes to some data fields, as obviously the account passwords of the USPS is not exposed via this security flaw, said Nicholas Weaver Nicholas Weaver, a researcher at the Institute of Computer Science International and a lecturer at the University of California at Berkeley, he should have been on the application program interface to verify that the account making the request has permission to read the required data”.

“This isn’t about the basics of information security for beginners, but how to implement access control, and if you can access other people’s data because they do not impose access control on read those data, it is very bad, and I’m willing to bet that it does not impose controls on the writing of this data also”.

A representative from the USPS via a statement: “We do not have currently any information indicating that this vulnerability had been exploited to derive customer records. Allowed information shared with the Postal Service to mitigate these vulnerabilities quickly. Related to computer networks are constantly under attack by criminals who attempt to exploit weaknesses to obtain information illegally”.

The statement added “program uses the Security Information Service, mail of best practices in the industry to monitor our network constantly to prevent suspicious activity, and any information that would indicate that criminals have tried to exploit potential weaknesses in our network to be taken seriously, and the Postal Service should conduct further investigations to ensure that any person had attempted to access our systems inappropriately to be followed to the fullest extent through law.”

The gate Arab News Technical Service USPS disclose information to the 60 million users

If you are watching what you read now, be aware that this content a user is illegally in this location, and the original position of the gate Arab News Technical

Leave a Reply

Your email address will not be published. Required fields are marked *