TerraCom and YourTel threaten journalists who exposed massive personal data breach


4 Responses to “TerraCom and YourTel threaten journalists who exposed massive personal data breach”

  1. lasermike026 says:

    In the past when security holes in essential services were identified by using the service, not by attacking or probing the service, the owners of the running service were notified by the discoverer and given a grace period to fix the bug.  Grace periods where about 3 to 6 months which is more than enough time to fix the bug.  After the grace period full disclosure was made to the public whether the bug was fixed or not, especial if it wasn’t so people could protect their data.  Disclosure was usually made on the bugtraq email list.

    Now the act of discovering and disclosing security holes have been made illegal.  This intolerable, grossly unjust legal construct can not be allow to continue and I have no respect for it all.  It is wrong.

    In the short term a security consortium could be created to receive security notification, manage remediation, and protect the discoveries.  Perhaps a legal team can be bolted on to SecurityFocus.com.

    In the meantime, the real crackers are accessing your data.

  2. userw014 says:

    There is a part of me that looks forward to the day when social security numbers, driver’s license numbers, etc. will all have to be abandoned because they are unsupportable in an era of internet connectedness and poor software design and operations.
    Just imagine not having to worry about identity theft – because for both practical reasons and even legal reasons, digital identities are both given up as a bad idea – and made illegal to attempt too.  (I’d like to make the case that poorly managed “digital identity systems” that get hacked, etc. put the operators at risk of LIBEL when the “digital identity” is used by someone else to run up debts, commit crimes or mischief, etc.)

    Certain things would be harder – such as quick loans that can quickly put you in over your head/ability to repay.  But the relief that your digital identity can’t be stolen – because it’s impossible to have one – that relief would be incredible.

  3. hugh crawford says:

    The whole concept of “identity theft” is wrong. It is just a way of shifting responsibility from careless institutions to individuals.For example:Someone goes to a bank , convinces the bank that they are me , and the bank gives them some of the bank’s money. Someone stole the banks money, not my identity, and not my money. This concept that a third party can create some sort of independent “identity” I am responsible for , and that somehow someone can “steal” it , and that it is my fault that idiots can’t tell who they are doing business with is so absurd. In 1991 some reporter in Boston coined the term “identity theft” when we had perfectly good terms like impersonation , fraud , and other terms for conning stupid people. Then institutions seized on the idea as a way of shifting responsibility for their failures on to individuals.If institutions can’t figure out who they are dealing with, then that should be the institutions’ problem not the problem of people who are being impersonated.

    •  hugh

      This is exactly the way I have always framed the issues in my mind as well.. 

      Not only does it wrongly shift the responsibility to you, but it does the cost as well. Then, as an extra cherry on this shit cake, they will gladly charge you 14.95 (or more) so that you can monitor your information and ensure that their poor practices do not ruin your life…  Nice people, from start to finish..

Leave a Reply