At least 34 of Comcast’s email servers have been compromised by a well-known hacker group that posted evidence, the exploit, and certain administrative passwords online to embarrass the company and expose its poor security practices.

Using a “Local File Inclusion” vulnerability, the hacker crew accessed the Zimbra LDAP and MySQL passwords and publicly shared their findings earlier today. Use of this type of exploit can potentially allow hackers to execute code remotely on the web server, allow insertion of malware through JavaScript, open the door to a Denial of Service attack which would slow Comcast’s servers to a crawl, and could also allow hackers access to sensitive customer information.

The security breach affecting Comcast’s email servers remains open and available as of early this afternoon, and Comcast has yet to publicly respond to the security threat.

In one tweet, NullCrew thanked Comcast for putting all of their password information in one convenient spot, making the security intrusion easier.

NullCrew considers itself a hacktivist group that exposes poor security practices at corporations, government agencies, and schools. As exploits are publicized, most affected companies immediately take steps to strengthen security.

NullCrew alerted Comcast four hours before publicizing the breach, but Comcast’s social media team appeared to lack an understanding of the nature of the threat.

NullCrew posted complete documentation about executing the hack on pastebin.com (since removed), opening the door to more attacks by other parties. It also included its latest manifesto:

1. Hello there beautiful people of the internet, once again; we here at NullCrew have some fun information for you.

2. This time, our target is Comcast, yet another internet service provider who proclaims to be a secured one; shall we test these claims as well?

3. What is Comcast?

4. Comcast Corporation is the largest mass media and communications company in the world by revenue.

5. It is the largest cable company and home Internet service provider in the United States, and the nation’s third largest home telephone service provider.

6. Comcast provides cable television, broadband Internet, telephone service and in some areas home security (including burglar alarms, surveillance cameras, fire alarm systems and home automation) to both residential and commercial customers in 40 states and the District of Columbia.

7. Okay!

8. So, it’s the LARGEST mass media and communications company in the world? Sweeeeet.

9. Let’s take a look at it, and see if we should be impressed.

10. Below us, we have a list of Comcast mail servers; and each of these mail servers run on something called, “Zimbra.”

11. But each of these mail servers also are vulnerable to LFi, and you know what LFi can lead to, right?

Phillip “Follow the Money” Dampier

“In the 1990s, U.S. policymakers faced critical choices about who should build the Internet, how it should be governed, and to what extent it should be regulated and taxed. For the most part, they chose wisely to open a regulated telecommunications market to competition, stimulate private investment in broadband and digital technologies, and democratize access.” — Will Marshall, guest columnist

Is competition in Internet access robust enough for you? Has your provider been sufficiently stimulated to invest in the latest broadband technologies to keep America at the top of broadband speed and availability rankings? Is Net Neutrality the law of the land or the latest victim of a Verizon lawsuit to overturn the concept of democratizing access to online content?

I’m not certain what country Will Marshall lives in, but for most Americans, Internet access is provided by a duopoly of providers that must be dragged kicking and screaming to upgrade their networks without jacking up prices and limiting usage.

Marshall is president and founder of the Progressive Policy Institute, a so-called “third way” group inspired by centrist Democrats led by President Bill Clinton in the 1990s. Unlike traditional liberals suspicious of corporate agendas, these Democrats were friendly to big business and welcomed the largess of corporate cash to keep them competitive in election races. It was under this atmosphere that Clinton signed the bought-and-paid-for 1996 Telecom Act, ghostwritten by lobbyists for big broadcasters, phone and cable companies, and other big media interests. Long on rhetoric about self-governing, free market competition but short on specifics, the ’96 law transformed the media landscape in ways that still impact us today.

Media ownership laws were relaxed, allowing massive buyouts of radio stations under a handful of giant corporations like Clear Channel, which promptly dispensed with large numbers of employees that provided locally produced programming. In their place, we now get cookie-cutter radio that sounds the same from Maine to Oregon. Television stations eagerly began lobbying for a similar framework for relaxing ownership limits in their business. Phone companies won their own freedoms from regulation, including largely toothless broadband regulations that allowed Internet providers to declare victory regardless of how good or bad broadband has gotten in the United States.

Marshall’s views appeared in a guest column this week in The Orlando Sentinel, which is open to publishing opinion pieces from writers hailing from Washington, D.C., without bothering to offer readers with some full disclosure.

Marshall

While Marshall’s opinions may be his own, readers should be aware that PPI would likely not exist without its corporate sponsors — among them AT&T, hardly a disinterested player in the telecommunications policy debate.

Marshall’s column suggests competition is doing a great job at keeping prices low and allows you – the consumer – to decide which technologies and services thrive. There must be another reason my Time Warner Cable bill keeps increasing and my choice for broadband technology — fiber optics — is nowhere in sight. I don’t have a choice of Verizon FiOS, in part because phone and cable companies maintain fiefdoms where other phone and cable companies don’t dare to tread. That leaves me with one other option: Frontier Communications, which is still encouraging me to sign up for their 3.1Mbps DSL.

“The broadband Internet also is a powerful magnet for private investment,” Marshall writes. “In 2013, telecom and tech companies topped PPI’s ranking of the companies investing the most in the U.S. economy. And America is moving at warp speed toward the ‘Internet of Everything,’ which promises to spread the productivity-raising potential of digital technology across the entire economy.”

Nothing about AT&T or the cable companies is about “warp speed.” In reality, AT&T and Verizon plan to pour their enormous profits into corporate set-asides to repurchase their own stock, pay dividends to shareholders, and continue to richly compensate their executives. It’s good to know that PPI offers rankings that place telecom companies on top. Unfortunately, those without a financial connection to AT&T are less optimistic. The U.S. continues its long slide away from broadband leadership as even developing countries in the former Eastern Bloc race ahead of us. Verizon’s biggest single investment of 2013 wasn’t in the U.S. economy — it was to spend $130 billion to buyout U.K.-based Vodafone’s 45% ownership interest in Verizon Wireless. Verizon’s customers get stalled FiOS expansion, Cadillac-priced wireless service, and a plan to ditch rural landlines and push those customers to cell service instead.

AT&T financially supports the Progressive Policy Institute

“A recent federal court decision regarding the FCC’s Open Internet Order has prompted pro-regulatory advocates from the ’90s to demand a rewrite of the legal framework that allowed today’s Internet to flourish,” Marshall writes in a section that also includes insidious NSA wiretapping and Internet censorship in Russia and China.

Marshall’s AT&T public policy agenda is showing.

Net Neutrality proponents don’t advocate an open Internet for no reason. It was AT&T’s former CEO Ed Whitacre that threw down the gauntlet declaring Google and other content providers would not be allowed to use AT&T’s pipes for free. AT&T has since patented technology that will allow it to discriminate in favor of preferred web traffic while artificially slowing down content it doesn’t like on its network.

“Pro-regulatory advocates” are not the ones advocating change — it is AT&T, Verizon, and Comcast, among others, that want to monetize Internet usage and web traffic for even higher profits. Net Neutrality as law protects the Internet experience Marshall celebrates. He just can’t see past AT&T’s money to realize that.

Hackers exploited poor coding practices at an Ottawa-based third-party contractor to access and eventually publish more than 20,000 usernames and passwords of Bell Canada’s small business customers on a website.

Canada’s largest phone company is being criticized for allowing the third-party contractor access to sensitive account information, which became vulnerable after IT workers introduced security holes that bypassed Bell’s own security and encryption systems. Even worse, security experts say, Bell apparently stores customer usernames and passwords in a plain text format, accessible to any hacker.

Bell has refused to comment on the security lapse or its ongoing investigation, but the hackers are talking.

“Nullcrew” claimed responsibility for the breach on Twitter, including screenshots that suggest the group used a well-known SQL (structured query language) exploit that allowed the hackers to fish for information contained in Bell’s database.

Hackers often use automated scripts to hunt sites for security exploits and often don’t know whether they will get a handful of useless data or a treasure trove like Bell’s customer records.

Trustwave Holdings, a security company based in Chicago, Ill., said in a 2013 report that poor coding practices have made the SQL injection attack a threat for more than 15 years.

“Outsourcing IT and business systems saves money only if there’s no attack,” the Trustwave report said. “Many third-party vendors leave the door open for attack, as they don’t necessarily keep client security interests top of mind.”

“Nullcrew’s” attack also discarded any pretense of encouraging clients to use passwords that are easy to remember but hard for others to guess, since Bell stored the data in an easily readable format.

Nullcrew said it alerted Bell to its security lapse more than two weeks before publishing their find online. An additional screenshot showed a Bell online customer service representative perplexed about the hacker group’s claims and likely never passed the information on to Bell’s security department.

Bell suspended the affected passwords over the weekend and is notifying customers about the security breach.

Federico Consulting has the Kansas Cable Lobby as a paying client and works behind the scenes in the state legislature to push their agenda.

A cable industry lobbying group wrote the bill introduced last week in the Kansas Senate that could dramatically restrict municipal broadband networks from launching and hamper Google Fiber from expanding its gigabit broadband network outside of Kansas City.

A Kansas Senate employee told Ars Technica the proposed bill – SB 304 was submitted for introduction in the state legislature by John Federico, president of Topeka-based lobbying firm Federico Consulting, on behalf of the Kansas Cable Telecommunications Association (KCTA). The cable industry trade association counts among its members: Cable ONE, Comcast, Cox Communications, and Time Warner Cable — the largest cable operators in the state.

Joshua Montgomery, a Kansan directly affected by the possible passage of SB 304, notes the legislation could also impact Google’s efforts to expand its gigabit broadband network outside of Kansas City, Kan., because the project relies on a close working relationship between local city officials and Google that would be prohibited under the bill.

“Even joint partnerships like the one between Google and Kansas City would be illegal under this bill.” Google Fiber, he pointed out, came to Kansas City after Google received what the Competitive Enterprise Institute called “stunning regulatory concessions and incentives from local governments, including free access to virtually everything the city owns or controls: rights of way, central office space, power, interconnections with anchor institutions, marketing and direct mail, and office space for Google employees.”

Federico denied the proposed legislation has anything to do with Google, telling Ars Technica Google never came up during KCTA board meetings. But Federico did admit the current bill’s definition of “unserved” is “overly broad.”

Federico evidently had enough sway with the Kansas Senate Committee to postpone a hearing on the bill scheduled for Tuesday until the bill can be “tweaked.”

“I don’t know about you, but I think we should all be concerned that the cable lobby is writing our telecommunications policy,” Montgomery said on his group’s Facebook page now organizing to oppose the bill.

[flv]http://www.phillipdampier.com/video/Bloomberg Anatomy of a Deal 1-29-14.flv[/flv]

Bloomberg News’ Alex Sherman and Porter Bibb, managing partner at Mediatech, break down the background and potential moves in the cable industry involving Comcast, Charter Communications and Time Warner Cable and the regulatory hurdles in their way on Bloomberg Television’s “Market Makers.” One interesting development will be the future of Cablevision, which will be an obvious takeover target for Comcast should Time Warner Cable be sold and split up. (9:14)