Privacy Roundup #0032 • March 2009
Conficker scared the world, leaked national blacklists exposed state censorship, and Google pushed behavioural tracking onto the web.
1. Hackers read the prime minister's medical records
Someone broke into Scotland's Emergency Care Summary database and looked up the health records of Gordon Brown and other public figures. The system held details on 2.5 million people, and an NHS Fife doctor faced charges under the Data Protection Act.
2. Conficker call-backs threatened to swamp real websites
The Conficker worm picked daily web addresses to phone home, and some of those addresses belonged to ordinary firms. Infected machines would have buried four legitimate sites under a flood of update requests.
3. A new Koobface strain spread across social networks
A fresh version of the Koobface worm jumped between Facebook, MySpace and Bebo by posting fake video invites to friends. Victims who clicked were told to install a bogus Flash update that planted a backdoor on their computers.
4. The Pirate Bay rejected the law-breaking claims at trial
Defence lawyers closed the Swedish trial by arguing that BitTorrent is a lawful tool and that users, not the site, uploaded the content. They told the court that a cocky attitude is not a crime.
5. Spotify breach put user passwords at risk
Spotify admitted that a flaw found in December 2008 had exposed password hashes along with names, email addresses, birth dates and postcodes. The hashes were salted, but people who chose weak passwords or reused them across sites remained at risk.
6. Conficker upgraded itself to dodge the clean-up effort
Researchers found a new module that switched off security tools and raised the worm's daily list of contact domains from 250 to 50,000. The change was a direct attempt to beat the industry group that had been registering those domains in advance.
7. Google began tracking browsing for targeted ads
Google launched interest-based advertising, using DoubleClick cookies to build profiles of people across the sites in its network. The company refused to offer the feature on an opt-in basis, though it worked with the EFF on an opt-out plug-in.
8. Visa cut off Heartland and RBS WorldPay
After both processors suffered major breaches, Visa struck them from its list of compliant service providers. The move put every merchant that used them out of compliance and raised hard questions about whether the security standard meant anything.
9. EFF released stacks of secret surveillance files
For Sunshine Week the EFF published once-classified records on the FBI's Investigative Data Warehouse, the DCS 3000 wiretap system and several Homeland Security data-mining projects. The group warned that Justice Department lawyers still leaned on Bush-era secrecy despite the new openness order.
10. Australia's filter trial blocked Wikileaks
Australia added Wikileaks pages to its secret filtering list after the site published a banned-website list from Denmark. Anyone who linked to the blocked pages faced fines of up to 11,000 Australian dollars.
11. EPIC asked the FTC to probe Google's cloud
EPIC filed a complaint urging regulators to investigate the privacy and security of Gmail, Google Docs and Picasa. The filing followed a Google Docs glitch that had shared private files with people who lacked permission to see them.
12. Australia's secret blacklist leaked in full
Wikileaks published the confidential list of 2,395 sites that Australia's filter was set to block. Many of the entries had nothing to do with child abuse, including a Queensland dentist, gambling pages and parts of Wikipedia.
13. UK watchdog cleared Google Street View
The Information Commissioner's Office decided that Street View did not break the Data Protection Act, pointing to the blurring of faces and number plates and the removal process. Critics argued the safeguards were emotional comfort rather than real protection.
14. Campaigners urged big sites to lock out Phorm
Privacy groups asked Google, Microsoft and Amazon to tell Phorm not to scan their traffic ahead of BT's planned Webwise rollout. They argued that the interception system spied on web use without proper consent.
15. Google folded DoubleClick into its ad tracking
Reporters pressed Google on how its new behavioural ads pooled data from AdSense and DoubleClick, and the company would not say what it kept or for how long. Together the two networks controlled well over half of the non-search ad market.
16. Conficker counted down to its 1 April switch
Security teams braced for the worm to start contacting 50,000 domains a day from 1 April, with each machine trying a random 500 of them. Experts stressed that nobody knew what, if anything, the date would bring.
17. The Pirate Bay launched a VPN to beat the IPRED law
The Pirate Bay opened IPREDator, a paid VPN built to hide users from Sweden's new law that let rights holders demand subscriber details from ISPs. The operators promised to keep no data beyond the email address used to sign up.
18. Conficker infected the UK Parliament
A leaked memo showed that the worm had spread through House of Commons computers, slowing the network and locking some accounts. Staff were told to stop using USB sticks while the machines were scanned.
19. Researchers found a way to spot Conficker on a network
Just before the activation date, security teams worked out that infected machines left a clear fingerprint when scanned remotely. Scanning tools added the signature at once, giving administrators a quick way to find compromised computers.
20. Wikileaks defied Australia over the leaked blacklist
The communications minister threatened police action against whoever leaked the filtering list, and claimed the published version was wrong. Wikileaks, hosted in Sweden, told him to back off and dared the government to try to unmask its source.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: