I didn't think this was worth posting about, but it seems TerraCom has never heard of the Streisand Effect.

Blaming the discoverer of a breach probably not a wise move

More on the Lifeline breach involving TerraCom and its affiliate YourTel America:

Scripps Howard News Service has its report on the breach here, and has also published a companion piece with video of how they discovered the breach. As reported previously, Scripps reports that when notified of the leak, TerraCom had accused Scripps of accessing the records illegally.

At least two states are now investigating the breach. According to Scripps:

The Indiana attorney general’s office, responding to Scripps’ reporting, has launched an investigation into the release of TerraCom applicants’ personal records. The Texas attorney general’s office is also making inquiries about the publicly posted information.

Indiana and Texas have the highest numbers of applicants potentially at risk — 17,419 and 10,799, respectively — a partial analysis of the records shows.

According to Scripps, personal information used to verify eligibility for the federally supported Lifeline program was not supposed to have been retained. If it turns out TerraCom was retaining the information, that’s a serious matter apart from the inadequate security that led to the leak. And blaming the entity that discovers and reports the breach will likely backfire.

...as your phone listens for voice commands or like Shazam listens to music.

Music and Movies Could Trigger Mobile Malware

"Lights, sounds and magnetic fields can be used to activate malware on phones, new research has found. The lab-style attacks defined in a paper (PDF) used pre-defined signals hidden in songs and TV programmes as a trigger to activate embedded malware. Malware once activated would carry out programmed attacks either by itself or as part of a wider botnet of mobile devices."

Something for my Ethical Hackers?

http://www.bespacific.com/mt/archives/033451.html

May 19, 2013

Technology Review - What Happened When One Man Pinged the Whole Internet

A home science experiment that probed billions of Internet devices reveals that thousands of industrial and business systems offer remote access to anyone.

• "HD Moore’s census involved regularly sending simple, automated messages to each one of the 3.7 billion IP addresses assigned to devices connected to the Internet around the world (Google, in contrast, collects information offered publicly by websites). Many of the two terabytes (2,000 gigabytes) worth of replies Moore received from 310 million IPs indicated that they came from devices vulnerable to well-known flaws, or configured in a way that could let anyone take control of them. On Tuesday [April 23, 2013], Moore published results on a particularly troubling segment of those vulnerable devices: ones that appear to be used for business and industrial systems. Over 114,000 of those control connections were logged as being on the Internet with known security flaws. Many could be accessed using default passwords and 13,000 offered direct access through a command prompt without a password at all."