Privacy

At first glance, two recent security stories, the Stuxnet attack on Iran’s nuclear industry and the WikiLeaks breach of US State Department communications, don’t seem to have much in common, but they do. They are united by a vector, a method of transmission and that vector is removable media. I am sure that the Iranians felt pretty secure with air-gapped systems, but like a spark from the burning house next door that finds its way into your shingles, the right USB found its way into the right PC and then suddenly all those uranium enrichment centrifuges running at 807-1210 hz started to act funny and fail in unexpected and reportedly fairly energetic ways (you can see some pics of failed centrifuges here http://web.mit.edu/charliew/www/centrifuge.html and here http://www.chem.purdue.edu/chemsafety/NewsAndStories/CentrifugeDamages.htm). ...

Oh look, Microsoft is late to the party again? They are finally launching full-session SSL encryption to Hotmail a mere 2 years after Google did the same thing for Gmail. It looks like the release of FireSheep really has had an impact on web-application vendors due to the amount of mainstream media coverage it got and the sheer number of downloads. ...

Sophos Labs: Two weeks ago, an automatic session-hijacking plugin was released for Firefox. It was named Firesheep, and it’s been downloaded over 600,000 times so far. The decision to release Firesheep publicly is a controversial one. On the good side, it’s reminded people that some of their common web surfing habits are dangerously insecure. Many websites use HTTPS (secure HTTP) for login, which protects your password. But they revert to insecure HTTP for the rest of the session. After you have logged in, security relies on the browser sending a session cookie – a secret authentication token – in every request. ...

Let’s take a look in the Email I got from Google right now: Google rarely contacts Gmail users via email, but we are making an exception to let you know that we’ve reached a settlement in a lawsuit regarding Google Buzz (http://buzz.google.com), a service we launched within Gmail in February of this year. Shortly after its launch, we heard from a number of people who were concerned about privacy. In addition, we were sued by a group of Buzz users and recently reached a settlement in this case. ...

Internet is great, and everyday millions of people spend their day surfing it, using Google, Gmail, Youtube, Twitter, Facebook, etc. Some people buy at ebay, or Amazon. Even some people use it to work, though these cases maybe not that common As a reader of this blog, you are concerned about security and therefore you already know that connecting through public WiFi is a risky sport. But it is also really convenient, how many of you have done it in McDonalds,Starbucks, etc.? Yeah, me too ...

New York (CNN) — Social networking site MySpace, while acknowledging it shares profile information with advertisers, said Saturday that it is taking action against app developers who may have violated the website’s terms of use by sharing user data. A spokesman for MySpace who refused to be named told CNN that it shares information with advertisers, but that it does not identify a user. Although MySpace users are not required to provide an actual name when registering, their user IDs link the public information displayed on their profile, which can sometimes reveal names, addresses and other critical information. ...

(Reuters) – Google Inc said its “Street View” cars around the world accidentally collected more personal data than previously disclosed, and that it was changing its privacy practices. Regulators in some of the more than 30 countries where the cars operated are looking into the issue. Google’s Street View cars, which are well known for crisscrossing the globe and taking panoramic pictures of the city’s streets, collected the data. The company displays the pictures in its online street maps. ...

Facebook has proposed a solution to a recent security flaw that allowed apps to transmit personal data that involves encrypting the relevant string of numbers, according to a post on its Developer Blog on Thursday. The new set of parameters would allow developers to apply encryption within the next few weeks, preventing data that identifies application users from leaking to places it shouldn’t be. ...

Google Official Blog: In May we announced that we had mistakenly collected unencrypted WiFi payload data (information sent over networks) using our Street View cars. We work hard at Google to earn your trust, and we’re acutely aware that we failed badly here. So we’ve spent the past several months looking at how to strengthen our internal privacy and security practices, as well as talking to external regulators globally about possible improvements to our policies. Here’s a summary of the changes we’re now making. ...

218 million “class members” probably won’t settle for Farmville dollar A suit has been filed in U.S. District Court in San Francisco on behalf of a Minnesota woman charging game maker Zynga with leaking the personal information of 218 million Facebook members in violation of federal law. The suit seeks class action status. The action follows by three days an investigative story by The Wall Street Journal that found a large number of Facebook’s apps – including Zynga games such as Farmville and Mafia Wars – leaked the user IDs of Facebook players and their friends to outside companies. ...