[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] 'Hacking' Journalists Case Dredges Up Security Research Legal Debates
From: InfoSec News <alerts () infosecnews ! org>
Date: 2013-05-23 5:48:05
Message-ID: alpine.DEB.2.02.1305230102070.25935 () infosecnews ! org
[Download RAW message or body]
http://www.darkreading.com/attacks-breaches/hacking-journalists-case-dredges-up-secu/240155428
By Ericka Chickowski
DarkReading.com
May 22, 2013
A legal storm is brewing between researchers who uncovered a cache of sensitive
information about 170,000 consumers through a Google search and the company
which left the information freely available online. It sounds like the typical
disclosure scuffle that the security research community has come to expect as
part of the territory, with the exposed firm threatening to ring up researchers
for violating the Computer Fraud and Abuse Act. But this one comes with a
twist: the researchers in this incident weren't code slingers, they were word
slingers.
The exposed information was discovered by two journalists with Scripps-Howard
news service who stumbled into the openly searchable information from data
stores held by telecom vendor TerraCom Inc. through Google. Their search came
while investigating a story on why so many consumer participants in a
government subsidized cell phone program called Lifeline, a program in which
TerraCom and its affiliate company YourTel participated.
"The Scripps News team discovered the unsecured records while looking into
companies participating in Lifeline. A simple online search into TerraCom
yielded a Lifeline application that had been filled out and was posted on a
site operated by Call Centers India Inc., under contract for TerraCom and
YourTel," Many in the security community say the incident and its legal fallout
could stand to draw attention to a more mainstream audience some of the biggest
legal and ethical problems facing white and grey hat hackers today.
"I love this, this is a perfect example because what you effectively have here
is a very innocent set of research. They stumbled on this data through simple
searches," says Trey Ford, Black Hat general manager. "The custodian of this
data was not properly managing authorized access. And just because the
custodian didn't feel like they wanted this other company or the rest of the
Internet to have 'authorized' access to this data, they cited a law that
allowed them to hide and sue someone doing something that was ultimately trying
to help them out."
[...]
______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic