WorldCom leaves multinationals exposed

Telecoms giant MCI WorldCom has confirmed that a security hole left internal networks at Bank of America, Sun Microsystems, British Airways, JP Morgan and Fox News among others, vulnerable to intruders.

Security researcher Adrian Lamo, who discovered the vulnerability and worked with WorldCom to fix the problem, said there was no evidence that hackers had exploited the security hole.

The information Lamo discovered could allow an intruder to divert network traffic for any of the affected companies or disable their networks altogether.

WolrdCom spokeswoman Jennifer Baker explained that a router which had an inappropriate filter had caused the problem. The filter was removed and the router was reconfigured to close the hole.

Baker confirmed that none of the company's global users were affected. "We learned that unauthorised access could be made to our administrative internal data network and made sure that no WorldCom customers were affected," she said.

Lamo told security intelligence firm SecurityFocus.com that he had discovered open internet proxy servers at WorldCom. By using a common hacker tool called Proxy Hunter, Lamo scanned WorldCom's corporate web address space and found five open proxies.

A proxy server is a dedicated machine that sits between a local network and the outside world, passing internal web requests out to the internet.

Over the last few months Lamo has found security problems at several major computer firms including Microsoft, AOL Time Warner and Yahoo.