Verizon Broadband: Security threat or just abuse.
Straight to the point:
Either Verizon has been hacked or they have installed something that should be a security concern. I have found that following Javascript "injected" into most webpages. I know it is added via a Verizon (wireless broadband) connection because a) it does not happen when I use Embarq DSL, and b) is happens to webpages that I have created (and I certainly did not add the Javascript!). So, here it is: PHP Code:
Foreign in more ways than one. Sometimes the pages would not fully load and the script would not run. That would leave the links unchanged in the page. So instead of src="/images/image.png" you get src="http://62.0.5.133/www.linuxquestions.orgg/images/image.png" !? I think the Javascript reverts the links after the page loads (to cover up the fact that you just loaded data from Israel) Notes: The source URI is always the IP/site domain.orgG/xxx (so .com becomed .comm and .net becomes .nett etc) IP addresses used: (they resolve to a sever in Israel) 62.0.5.133 62.0.5.134 62.0.5.135 62.0.5.136 Well, that's my story. My concern is that I was able to view some private information (via a backend login) using the modified link, example: http:// 62.0.5.133/www.somedomain.comm/login/myaccount.php!! (this displayed private info!) I have since installed Privoxy to remove the offending Javascript before it gets actuated by my browser. I REALLY hope that this is all just a misinterpretation by me. We shall see... |
Well done... though you need to be specific about exactly where you saw this and how. What exactly is the relationship to Verizon?
If this is in your web pages and you did not put it there, then you may have an issue with your hosting provider. If that's you, you have a long talk in the mirror ahead of you ;) If this is appearing on another's pages, and was not previously there, then the sysadmin will probably appreciate a call. If you are a customer of a service using these pages, ask Support what that code does. Tell them your concerns. |
Quote:
Quote:
Quote:
Quote:
PHP Code:
Quote:
|
When speaking to Verizon, you should specify that you need to speak with tier 2 support. When you call their help line, you are generally speaking with someone who only knows as much about IT as the monitor in front of him. They will send a message and a real tech should call you back.
|
I don't know whether this matters, but I am curious
whether it makes a difference what browser you are using? Is it the same with all browsers? Tom |
Quote:
|
I don't know what the OP defines as "wireless" (or if he's actually using GNU/Linux) but a quick search of the 'net shows the IP addresses mentioned in conjunction with mobile access. Indeed something to do with caching of images. If you're forced to auth through an ISP's access point that rewrites content I doubt there's much you can do about it (except vote with your wallet).
|
There's always the possibility that his "modem" was tampered with, or there's a wireless hole somewhere. What wireless encryption scheme is being used?
|
Is there a way you could repeat your experiment from another box, using Verizon Wireless?
Chances are, its coming from your rig. |
Quote:
Quote:
Quote:
Quote:
Quote:
|
Verizon Botch Job
Ray,
I was experiencing the same thing and I found your post here by googling the java function name in the source. After numerous complaints to Verizon - and working my way up the tech food chain there I finally got an answer about this. They are evidently beta testing an image compression proxy - something like an AOL - where it give the illusion of increased speed by compressing the images and reserving the webpage with the compressed imagery and the javascript that you posted here. The general tech pool there is not even aware of this project, so they were completely oblivious when I first started complaining about it. This is supposedly only being tested on a small fraction of their broadband customers. Unfortunately, they don't bother to inform you that your cell/modem number has been routed to this test. You can request to be removed from this if you are persistant enough with Verizon about it. Best regards, Archer |
Quote:
The biggest issue I have with them doing this is that it is not there place to change anything. The ISP has no business altering URLs/URIs for any reason. This is called hacking. Image compression can, and should, be done on the server level. I manage several servers and have compression active via Apache. So how much more compression can they be adding? Anyway, thanks again! |
Quote:
|
Quote:
I would like to see all web servers use HTTPS only. And all email servers require PGP (no plain text). That would be ideal. --RayJ PS: When I access an HTTPS page, the Verizon "injection" does not occur. |
Verizon Broadband
I have had Verizon Broadband wireless for several years, and just this past October ONLY on one of my Dell Latitude computers, did I start experiencing problems with extraeneous code appearing in web downloads. My older laptop runs an older version of their software with Venturi included; while my newer laptop has their most recent software without Venturi. Not sure if this is pertinent.
The problem I am experiencing is what you describe, extra code appears on the web pages downloaded via Verizon Wireless Broadband service. I have used the same computer on public WiFi, and the code downloads correctly. I have wiped out my computer and reloaded the operating system, as in the process of figuring out this problem, Dell told me I had a virus (but NOT so, as the problem persists after starting from scratch). I am comparing my own web pages I have uploaded to a server. The same pages downloaded via Verizon have the IP address you described earlier inserted, then a lot of garbage code. The garbage code appears all over, if I printed out the code of my website index.html page, the printout from file as I wrote it takes 10 printed pages, but the printout from the downloaded web page takes 14 printed pages...so go figure how much hacker code was inserted! It has resulted in animated GIF images no longer being animated. A javascript title box pops up referring to delay in uncompressing the image. It has resulted in my e-commerce shopping cart software (web-based on another server) to download incorrectly, and insert more garbage into the data fields (particularly when I put a table into a form data field). It has resulted in the function of the shopping cart backroom to fail, as form buttons are changed to read as "clear" instead of "submit". I mean, it is just frustrating beyond belief. I have spent hours on this with Verizon. They refuse to work on it. The last "service" agent said that since I had Internet connection, they were unable to assist me. So now, I am wondering if I should switch to another Air-Card, like go to T-Mobile. Will I run into this same problem? |
All times are GMT -5. The time now is 05:37 AM. |