Verizon Broadband: Security threat or just abuse.
 

Straight to the point:

Either Verizon has been hacked or they have installed something that should be a security concern.

I have found that following Javascript "injected" into most webpages. I know it is added via a Verizon (wireless broadband) connection because a) it does not happen when I use Embarq DSL, and b) is happens to webpages that I have created (and I certainly did not add the Javascript!). So, here it is:
It seems to be caching things. I noticed this when I was trying to fix a bug in one of my own Javascripts. I was checking the HTML source and saw this foreign code.

Foreign in more ways than one. Sometimes the pages would not fully load and the script would not run. That would leave the links unchanged in the page. So instead of src="/images/image.png" you get src="http://62.0.5.133/www.linuxquestions.orgg/images/image.png" !? I think the Javascript reverts the links after the page loads (to cover up the fact that you just loaded data from Israel)

Notes:
The source URI is always the IP/site domain.orgG/xxx (so .com becomed .comm and .net becomes .nett etc)

IP addresses used: (they resolve to a sever in Israel)

62.0.5.133
62.0.5.134
62.0.5.135
62.0.5.136

Well, that's my story. My concern is that I was able to view some private information (via a backend login) using the modified link, example: http:// 62.0.5.133/www.somedomain.comm/login/myaccount.php!! (this displayed private info!)

I have since installed Privoxy to remove the offending Javascript before it gets actuated by my browser.

I REALLY hope that this is all just a misinterpretation by me. We shall see...

Well done... though you need to be specific about exactly where you saw this and how. What exactly is the relationship to Verizon?

If this is in your web pages and you did not put it there, then you may have an issue with your hosting provider. If that's you, you have a long talk in the mirror ahead of you ;)

If this is appearing on another's pages, and was not previously there, then the sysadmin will probably appreciate a call.

If you are a customer of a service using these pages, ask Support what that code does. Tell them your concerns.

Thanks! On any website/webpage that has the closing body/html tags (</body></html>). If you check the HTML source for Google.com pages, you will notice it is missing the closing body/html tags, and is not effected.

I should have been more specific here:
It only happens when connected to the internet via my Verizon Wireless Broadband Account. I have had a few friends verify that they do not see the Javascript on the same pages that I am seeing it.

It happens on EVERY website and EVERY page (not just mine). The fact that this code is on my pages is proof that it is being added somewhere between my browser and the server. (again, it only happens when using the Verizon account). AND, it is happening right now on this very page! My Privoxy filter only removes the script, so I see: That way I can check if it is still happening. :D


My initial attempt to talk with someone in the IT department (for Verizon) went nowhere. I will try again (after the weekend).

When speaking to Verizon, you should specify that you need to speak with tier 2 support. When you call their help line, you are generally speaking with someone who only knows as much about IT as the monitor in front of him. They will send a message and a real tech should call you back.

I don't know whether this matters, but I am curious
whether it makes a difference what browser you are
using? Is it the same with all browsers?
Tom

None here---tried 4 sites at random

I don't know what the OP defines as "wireless" (or if he's actually using GNU/Linux) but a quick search of the 'net shows the IP addresses mentioned in conjunction with mobile access. Indeed something to do with caching of images. If you're forced to auth through an ISP's access point that rewrites content I doubt there's much you can do about it (except vote with your wallet).

There's always the possibility that his "modem" was tampered with, or there's a wireless hole somewhere. What wireless encryption scheme is being used?

Is there a way you could repeat your experiment from another box, using Verizon Wireless?

Chances are, its coming from your rig.

Nope, first thing I thought was the problem. Scanned, checked, tested firewall, checked localhost development websites. All clear! My rig is locked down!

New USB Pantech UM175VW. Do not know about the "wireless encryption scheme."

Ubuntu Linux. Wireless broadband USB modem. Connects to Verizons "broadband" nodes (on cell towers). My modem acually has its own phone number!

It matters, but no difference. I tested on FF3, Opera, Epiphany, and a hack install of IE6.

Thanks for that! Good to know.

Verizon Botch Job
 

Ray,

I was experiencing the same thing and I found your post here by googling the java function name in the source.

After numerous complaints to Verizon - and working my way up the tech food chain there I finally got an answer about this.

They are evidently beta testing an image compression proxy - something like an AOL - where it give the illusion of increased speed by compressing the images and reserving the webpage with the compressed imagery and the javascript that you posted here. The general tech pool there is not even aware of this project, so they were completely oblivious when I first started complaining about it.

This is supposedly only being tested on a small fraction of their broadband customers. Unfortunately, they don't bother to inform you that your cell/modem number has been routed to this test.

You can request to be removed from this if you are persistant enough with Verizon about it.

Best regards,

Archer

Thanks for that! I was unable to find anything on Google as well (which is one of the reasons for posting!) You have not only validated my hunch as to what was going on, you saved me the trouble of calling the "circus" known as customer service.

The biggest issue I have with them doing this is that it is not there place to change anything. The ISP has no business altering URLs/URIs for any reason. This is called hacking. Image compression can, and should, be done on the server level. I manage several servers and have compression active via Apache. So how much more compression can they be adding?

Anyway, thanks again!

I'd agree with you if it weren't for the fact that you're using a wireless broadband technology. They're looking to optimize performance on a technology that's slow compared to more accepted and more prominent technologies. This is one of the reasons iPhones has the capability to connect to a wireless access point...if you've ever tried to surf the 'net on 3G or Edge, its dog slow (even on a smartphone). I doubt they're the only telecom doing this...and this isn't the first time I've heard of ISPs doing this. AND, you'd be surprised at what companies do behind the scenes with your connections and data.

Not that surprised! I attempted to use PGP encryption on my email, but getting all none techy friends to work with it was impossible (and the thought I was just paranoid!).

I would like to see all web servers use HTTPS only. And all email servers require PGP (no plain text). That would be ideal.

--RayJ

PS: When I access an HTTPS page, the Verizon "injection" does not occur.

Verizon Broadband
 

I have had Verizon Broadband wireless for several years, and just this past October ONLY on one of my Dell Latitude computers, did I start experiencing problems with extraeneous code appearing in web downloads. My older laptop runs an older version of their software with Venturi included; while my newer laptop has their most recent software without Venturi. Not sure if this is pertinent.

The problem I am experiencing is what you describe, extra code appears on the web pages downloaded via Verizon Wireless Broadband service. I have used the same computer on public WiFi, and the code downloads correctly. I have wiped out my computer and reloaded the operating system, as in the process of figuring out this problem, Dell told me I had a virus (but NOT so, as the problem persists after starting from scratch).

I am comparing my own web pages I have uploaded to a server. The same pages downloaded via Verizon have the IP address you described earlier inserted, then a lot of garbage code. The garbage code appears all over, if I printed out the code of my website index.html page, the printout from file as I wrote it takes 10 printed pages, but the printout from the downloaded web page takes 14 printed pages...so go figure how much hacker code was inserted!

It has resulted in animated GIF images no longer being animated. A javascript title box pops up referring to delay in uncompressing the image. It has resulted in my e-commerce shopping cart software (web-based on another server) to download incorrectly, and insert more garbage into the data fields (particularly when I put a table into a form data field). It has resulted in the function of the shopping cart backroom to fail, as form buttons are changed to read as "clear" instead of "submit". I mean, it is just frustrating beyond belief.

I have spent hours on this with Verizon. They refuse to work on it. The last "service" agent said that since I had Internet connection, they were unable to assist me.

So now, I am wondering if I should switch to another Air-Card, like go to T-Mobile. Will I run into this same problem?