A breach is not a 'hack'

On Saturday my wife burst into my our game room to tell me that South Carolina suffered another breach. It was all over Facebook via WLTX. Here's the headline:

Another Hack; More South Carolinians Potentially at Risk - by WLTX

/facepalm

Aside from the salacious headline, the article doesn't tell you anything. This passes for news? My gosh. No wonder local media outlets are struggling. They're essentially tabloids.

Yes, Experian has had a BREACH of their customer data. It wasn't a 'hack' per se. Instead Experian bought out a data brokerage firm, which sells and buys people's personal information, called Court Ventures. The BREACH occurred when a Vietnamese identity theft ring was posing as a private investigative service purchasing personally identifiable information (PII) from Court Ventures. Essentially, once Court Ventures was bought out by Experian, and Experian didn't vet Court Ventures processes or clients, the Vietnamese identity theft ring got access to Experian's customer data.

I would highly recommend the link below if you want more details on the BREACH. This isn't just South Carolinians PII this is all Experian customers PII.

Experian ID Theft Exposed 200M Consumer Records - Matthew J. Schwartz - Dark Reading

This is just another example of why I don't get my new from local media outlets.

MLB's Pressbox WiFi password scheme

The Houston Astros have a new information board for the press box. It includes the day's schedule, lineups, game notes, upcoming probables, and the pressbox wifi info:

Woops! That’s the SSID and password for the pressbox WiFi. The password would have taken 4-6 days to crack with offline cracking password, but it’s now 0 days considering it’s on the internet.


Media members need to be very careful what they’re communicating out and teams need to be careful what they’re displaying for those media members to communicate out. I did inform the Astros about this and it appears they’ve removed the pressbox WiFi information from the TV display, per another journalists tweet that was taken at a different angle.

But I’ve seen the pressbox password WiFi somewhere before

Security tip: When being interviewed on TV, make sure passwords aren't written behind you - Graham Cluley

Interesting, not only does it appear that SSID’s are shared among MLB ball parks it appears they have a particular scheme for both the SSID and password that get updated yearly with only a one character change. I don’t know that they use that same scheme for every ball park, but it’s in at least two stadiums and likely several more.

Is this a big deal?

It’s not a huge deal, if MLB and the ball clubs have segmented the WiFi network from their internal network, which I would assume they do. Criminal’s are looking for the easiest way to make money and this would be a risky-targeted attack on, for the most part, journalists that probably isn’t likely to be all that profitable. Still, the WiFi network is password for a reason and I don’t think MLB or journalists, for that matter, want unauthorized people getting into their systems.

 

Tweets worth sharing April 4, 2014

Public Service Broadcasting Summary

If you ever wanted to know a little bit more about the inner workings of British television, here's a paper I wrote for my British Contemporary Television class I'm currently taking:

Public Service Broadcasting (PSB) in the United Kingdom (UK) was first introduced with the creation of the British Broadcasting Company back in the early 1920s. The government created entity was considered ‘a public utility’ that was created as a national service in the public’s interest. Though the service was created by the government it would be committees that would help mold and shape what the BBC and future PSBs stations would become. To that effect one of the first reports to come out of the committee “rejected direct government control,” and instead argued for indirect control (Scannell, pg. 46-47). What this meant was that the government wouldn’t dictate or control what was broadcast, but instead would have an influence over what was broadcast in the best interest of the nation. Today PSB includes several different television channels. The BBC (One, Two, Three, etc.), ITV and Channel 4 make up the majority of viewership in the UK. The publicly funded BBC has the largest share, followed by the commercially funded ITV and then the publicly owned Channel 4. Other channels like the satellite service Sky and the free-to-air Five make up a very small portion of the viewership (Benson & Powers, pg 54).

Universally, there are two ways in which a broadcasting is typically financed: taxation and advertising (Scannell, pg. 46). Both ways of financing are used by stations under the PSB model. The BBC, started in 1920, uses taxation through license fees, revenue from it’s foreign services (BBC Worldwide) and grants from the Foreign and Commonwealth Office (Benson & Powers, pg. 55). ITV, created in 1950, on the other hand uses advertising to help finance its programming. Despite being commercial it still has to adhere to the governments PSB standards. Channel Four was created, in 1980, because a duopoly had emerged between the BBC and ITV and the Annan Committee wanted to create a wider range of programmes for minorities and those whose interests were being under-represented by the other channels (Scannell, pg. 51-53). It’s largely funded through commercial shares (Benson & Powers, pg. 54).

The state department that oversees the PSB system is Ofcom and is the equivalent of the U.S. Federal Communications Commissions, otherwise known as the FCC (Benson & Powers, pg. 57). What Ofcom does is provide the PSB channels guidance on policy, as well as monitor compliance with program quality standards (Benson & Powers, pg. 55-57). Ofcom’s criteria includes four purposes and seven characteristics for channels to represent in the programs it broadcasts. “The four purposes reviewed are: informing our understanding of the world; stimulating knowledge and learning; reflecting UK cultural identity; and representing diversity and alternative viewpoints.” The characteristics of the system include: high quality, original, innovative, challenging, engaging, widely available and trust. To assess these areas an audience survey to evaluate audience opinions, broadcaster spending and output and viewing data are all reviewed. Recently under the Digital Economy Act of 2010, the review has been extended to include online content(Ofcom Report 2011, pg. 2-3).

PSB in the UK is a government run system, however, the government does not have direct control and instead relies on committees and regular reviews by Ofcom to ensure that television stations are adhering to a service that benefits the country. Funding is provided by both the government and more commercialized means, whether through advertising or the licensing of it’s content to other nations around the globe. Though it may feel like the government or advertisers could influence content on these stations, the set of standards in place, monitored by Ofcom, help the PSB system provide quality content to it’s viewership in the UK.



 

References

Rodney Benson and Matthew Powers. “Public Media And Political Independence: Lessons For The Future of Journalism from Around the World.” Department of Media, Culture and Communication. New York University. February 2011. Web. 14 February 2014.  http://www.freepress.net/sites/default/files/stn-legacy/public-media-and-political-independence.pdf

 

Paddy Scannell. “Public Service Broadcasting: The History of a Concept.” Web. 14 February 2014. https://blackboard.sc.edu/bbcswebdav/pid-7458102-dt-content-rid-11363817_2/courses/FILM598-001-SPRING-2014/Week%2001%20-%20Public%20Service%20TV.pdf

 

Ofcom. “Public Service Broadcasting: Report 2011 Annexes.” 21 July 2010. Web. 14 February 2014. https://blackboard.sc.edu/bbcswebdav/pid-7458081-dt-content-rid-11363804_2/courses/FILM598-001-SPRING-2014/Week%2001%20-%20OFCOM.pdf