Thomas death, and found Charter Spectrum 90% responsible for the death, given Charter Spectrum’s continued refusal to correct its negligent safety practices despite a repeated pattern of violence against innocent customers by its field techs over a period of years. Of course they only way any of this will ever change is if Congress figures out their numbers are out in the wild, millions of bills have been racked up in their names, but no ones trying to collect from them like they do the little people.Jurors agreed that Charter Spectrum’s actions were the “proximate cause” of Ms. We let them turn SS#’s into the mystical secret sauce that unlocks things… and they keep leaking them, giving out credit to people who know the number & moms maiden name, then trying to sue the owner of the number who knew nothing about the credit… We need a new number system where the fscking number isn’t something every little shitty company can demand to provide service. Nothing will ever be 100%, but the more we learn about how the breeches happen… the more we should understand they don’t pay for security.Įvery American’s SS number is out there in the wild & most likely dossiers that fill in all the blanks… perhaps it is time to consider we stop using SS #’s. I sure am glad they want to run like 10 more investigations of Hillary & emails… pity they can’t find oh 10 minutes to craft a law that makes it more expensive to not have real secutiy, so that real security looks a lot nicer. The costs of the PR to say sorry < any damages to the company, security will stay shitty. And if Stevenson’s recent track record is any indication, there’s plenty more flaws likely waiting in the wings to be discovered.įiled Under: breaches, broadband, flaws, privacy The company also claims that it has no evidence to suggest that these flaws were actually exploited.īut we’re still likely talking about millions of potential subscribers, and Charter won’t specify just how many users may have had their private data exposed. Not all of Charter’s total 23 million customers are impacted only a smaller subset of the company’s 14 million “legacy,” pre-merger Time Warner Cable subscribers were impacted. That data could, in turn, be used as the cornerstone of social engineering and phishing efforts to glean even more customer information. Once the bogus ID was created, the hacker subsequently had access to oodles of private user account data, including billing address, email, and account number. That means it would be relatively easy for a hacker to take over someone?s account even without an accurate phone number.” ![]() Additionally, Ceraolo found that hackers could use a brute-force software program in the phone number field (in other words, repeatedly try different 10-digit combinations), because the Spectrum website did not limit the number of attempts. Only the phone number associated with the account needed to be accurate. But according to the security researcher Phobia, the zip code didn?t need to be correct to proceed to the next page. “The registration website tried to verify subscribers? identities by asking for their zip codes and phone numbers. If a targeted customer hadn’t yet registered for such an ID, a website flaw let a hacker trick the website into creating one by replacing their own IP address with the customer?s using the ?X-forwarded-for? technique, a relatively trivial affair: According to the report, this flaw was again discovered by Stevenson (who goes by the monicker Phobia), and involved tricking a Spectrum website that let subscribers create a Time Warner Cable (the company Charter just acquired) ID. Not to be outdone, now Buzzfeed has found that a vulnerability on the Charter Communications (Spectrum) website made it possible for just about anyone to take over customers? accounts without a password. Comcast, for example, has seen three privacy breaches in almost as many months, with security researcher Ryan Stevenson discovering numerous, previously-unreported vulnerabilities that potentially exposed the the partial home addresses and Social Security numbers of more than 26.5 million Comcast customers. ![]() In recent months, the cable industry has been showcasing how it’s simply not very good at keeping its websites secure. ![]() The rules also contained restrictions requiring that consumers opt in to more sensitive data collection (financial), as well as some requirements that ISPs and cable ops adhere to standard security procedures, and quickly inform consumers when their private data was exposed by a hacker. The rules were fairly basic, requiring that ISPs and cable operators clearly disclose what data is being collected and sold, but also provide working opt out tools for users who didn’t want to participate. Last year you’ll recall that the cable and broadband industry lobbied the government to kill off broadband privacy rules at the FCC.
0 Comments
Leave a Reply. |