Scripps isn’t being hailed for exposing the error, though, and has been accused by telecom attorneys of hacking into computers to gain access to the records — a claim the reporters dispute.According to the journalists, they uncovered the files using nothing more than a simple Google search.Reporters with Scripps were investigating Lifeline, a government benefit-program that provides low-income Americans with discounted phone service, when they came across the sensitive data.“While looking into companies participating in the program, the Scripps News investigative team discovered more than 170,000 records posted online listing sensitive information such as Social Security numbers, home addresses and financial accounts of customers and applicants of Lifeline,” the news service wrote this week.According to Scripps, Oklahoma-based TerraCom Inc. and an affiliate, YourTel America Inc., were up until recently hosting around 170,000 files just like these on the Internet, unencrypted and easy to find for anyone looking in the right spot. In fact, the journalists say they discovered the records by keying in a basic search query into Google.com.“A simple online search into TerraCom yielded a Lifeline application that had been filled out and was posted on a site operated by Call Centers India Inc., under contract for TerraCom and YourTel,” Scripps reported.When another journalist conducted a follow-up Google search of the website, Scripps was presented with a trove of documents that were all hosted online without any security system in place to restrict access. From there, they used a computer code to download the publically available records and eventually possessed the entire trove without ever hacking any passwords or posing as an unauthorized party.The reporters put the number of Lifeline applicants whose privacy was breached at around 44,000, spanning 18 states in the US.San Antonio, Texas resident Linda Mendez, 51, was among the thousands of customers whose personal info was compromised due to the lack of security. When Scripps presented her with a completed TerraCom application she was shocked.“How can they make it so easy like this for people to steal somebody’s identity?” Mendez asked.Scripps asked similarly of TerraCom but was met with a shocker as well. Shortly after they presented their findings to the telecom, the files disappeared off the website. Then came a warning from TerraCom’s attorney.“The person or persons using the Scripps IP address have engaged in numerous violations of the Computer Fraud and Abuse Act,” insisted TerraCom’s lawyer, Jonathan Lee, “by gaining unauthorized access into confidential computer files maintained for the Companies by Vcare, and by digitally transferring the information in these folders to Scripps. I request that you take immediate steps to identify the Scripps Hackers, cause them to cease their activities described in this letter and assist the companies in mitigating the damage from the Scripps Hackers’ activities.”“Shoot the messenger,” wrote a blogger for NetworkWorld. “Reporters found a gaping security hole exposing 170,000 Lifeline phone customer records online, but were labeled Scripps Hackers and accused of violating [the] CFAA.”Lee continued:“If the purpose of the hacking was journalistic and the Scripps Hackers have not made and do not intend to make any further disclosure of the hacked data, then any financial or other risk for those applicants would be minimal and notification of the breach may not be necessary under the law of about half of the states involved. However, the downloading of more than 120,000 files over a period of several weeks may not be consistent with solely journalistic intent.”New York-based attorney Tor Ekeland represented security researcher Andrew Auernheimer during a CFAA case that ended earlier this year with a federal judge sentencing the so-called hacker to 41 months in prison. In Auernheimer’s case, he was convicted of gaining unauthorized access to the personal details of thousands of AT&T customers after he discovered — and disclosed — a major security flaw that exposed the data of Apple iPad users in a major breach.“I don’t see much difference between what happened in that case and what happened here,” Ekeland wrote on his website this week, “[e]xcept maybe that the DOJ might be a bit sensitive about going after reporters given their current track record on that front.”“By not defining its key operative phrase ‘unauthorized access’ as requiring bypassing a password or some other type of technological access barrier, it allows corporations to be negligent regarding their infosec,” or informational security, wrote Ekeland. “The corporations know that someone else, and not themselves, will suffer the consequences for discovering their confidential data that the corporation has displayed for all to see on the open Web. Why should anyone disclose any computer security flaw in that type of set up? Why risk a felony conviction? Better to keep your mouth shut and let all sorts of criminal organizations and foreign governments harvest the information than to incur the wrath of the Department of Justice and a vexatious and costly civil suit.”Before being sentenced, Auernheimer himself wrote that “in an age of rampant cyber espionage and crackdowns on dissidents,” the only ethical way to disclose security exploits was to avoid going to the company involved or the government that might prosecute you. “In a few cases, that individual might be a journalist who can facilitate the public shaming of a web application operator. However, in many cases the harm of disclosure to the un-patched masses . . . greatly outweighs any benefit that comes from shaming vendors.”Scripps’ attorney, David Giles, responded much akin to Ekeland that TerraCom was misinterpreting the CFAA. “Regardless of the flowery moniker you have used to characterize the bureau’s newsgathering activities, the bureau’s reporters have not violated the Computer Fraud and Abuse Act or any other law or regulation,” Giles wrote. “Rather, in the process of gathering newsworthy information, the bureau accessed – via a basic Internet search – personal and confidential information that apparently is available to anyone with a computer, an outlet and access to electricity.”Scripps requested an on-camera interview with TerraCom before and after making their disclosure in order to show the company face-to-face how they “hacked” into their network. TerraCom acknowledged the breach on their website and told customers that “names, addresses, Social Security numbers, tax information and other government forms used by our company to determine applicant eligibility for the federal Lifeline program” were all compromised. … Read More
LAPD to split $1mln Dorner reward among three parties
The Los Angeles Police Departmenton Tuesday announced that $800,000 of the reward would go to the couple that was found tied up in their cabin in Big Bear, Calif. Jim and Karen Reynolds said that Dorner confronted them with a gun, bound and gagged them in their mountain cabin, and stole their car. The LAPD claims that the information they provided “directly led to the hot pursuit and capture of Dorner.”“Had Mr. and Mrs. Reynolds failed promptly to escape their restraints and contact law enforcement, it is likely Dorner would have escaped,” stated the 12-page LAPD report that announced the division of the reward.But two others received a portion of the reward, which was highly anticipated and sought by at least 12 people who claim they provided information that was crucial in the manhunt. The man who found Dorner’s burning truck in the Big Bear area will receive about $150,000, and the remaining $50,000 will be awarded to the truck driver who reported seeing Dorner at a gas station.The division of the reward may be disappointing to those who may have expected the entire $1 million, and those who claim they provided a useful tip but received nothing for their help.The reward was coordinated through about 30 agencies, including the FBI, LA Dodgers, and the University of Southern California. Mayor Antonio Villaraigosa announced it during the heat of the multi-state manhunt.But because details of the offer were never recorded, it was unclear if and how the reward would be divided after Dorner was captured or killed. For months after his death, there were competing legal claims for the reward.Last week, camp ranger Rick Heltebrake, whose truck was taken by Dorner, filed a lawsuit seeking the entire $1 million reward. Heltebrake “notified law enforcement of Dorner’s exact location and whereabouts, provided a description of the vehicle he was fleeing in, and was a substantial factor in the apprehension and capture of Dorner at the cabin location,” the lawsuit states.The decision was ultimately given to a panel of judges, who wrote that they awarded the money according to the “comparative value of the information provided and how directly it causally led to Dorner’s capture.” Heltebrake received no part of it because he failed to submit a claim under the reward’s process, the document states.The first installment of the reward will be paid out on Friday, May 10, the LAPD said in its report. Recipients have so far refused to comment to the media about the judges’ decision. … Read More
Judge denies ‘erection’ for customers but hopes for ‘happy ending’ in stripper case
A federal judge with a sense of humor on Monday ruled that exotic dancers in San Antonio would have to wear bikini tops, but acknowledged that customers were seeking “an erection” of a constitutional wall with First Amendment protections and hoped that the parties could resolve their…
Next Time Somebody Says “Why Do You Need A Gun?” Point Them Here
; Countless stories get buried in the news, so it’s somewhat understandable that some people just don’t understand why others are so vehement about their right to protect themselves. Here is a quick list of recent situations where law abiding citizens have defended themselves or others simply by being armed. In some cases they were [...] … Read More
Where do YOU Draw the Line on Tyranny? – SXSW protest
http://www.youtube.com/v/fNnIhSUP6uA?version=3&f=videos&app=youtube_gdata Link to article: Where do YOU Draw the Line on Tyranny? – SXSW protest
Syrian refugees top 1 million
BEIRUT (AP) — The number of Syrians who have fled their war-ravaged country and are seeking assistance has now topped the 1 million mark, the U.N. refugee agency said Wednesday, warning that Syria is heading towards a “full-scale disaster.”The announcement came as government troops and rebels fought street battles in Syria’s strategic northern city of Raqqa, and regime forces dispatched reinforcements in an attempt to push out opposition gunmen who now control most of the city, activists said.The U.N. High Commissioner for Refugees, Antonio Guterres, said in a statement released in Geneva that the 1 million figure is based on reports from his agency’s field offices in countries neighboring Syria that have provided safe haven for refugees escaping the civil war.”With a million people in flight, millions more displaced internally, and thousands of people continuing to cross the border every day, Syria is spiraling towards full-scale disaster,” Guterres said.Syria’s uprising began in March 2011 with protests against President Bashar Assad’s authoritarian rule. When the government cracked down on demonstrators, the opposition took up arms and the conflict turned into a full-blown civil war. The United Nations estimates that more than 70,000 people have been killed.Continue Reading… … Read More
Landfill At Edge Of Bay Pits Environmentalists Against Waste Hauler – Petaluma, CA Patch
Swans, egrets and other birds are easy to spot in San Antonio Creek as it winds through northern Marin and joins the Petaluma River and eventually the San Pablo Bay.
These wetlands south of Petaluma are home to dozens of species of birds and fish, and the largest saltwater marsh on the West Coast.
