Privacy Roundup #0036 • July 2009
July 2009 turned on cascading account takeovers, remote control of devices we thought we owned, and a wave of state and corporate surveillance that pushed regulators and privacy advocates into action.
1. Hacker leaks hundreds of confidential Twitter documents
A hacker known as Hacker Croll broke into the personal accounts of Twitter staff and passed around 310 internal documents to the press. The cache held financial projections, executive notes, and the personal calendars and phone logs of employees.
2. The anatomy of the Twitter attack
A detailed account showed how the intruder chained password recovery features across Gmail, a recycled Hotmail account, and reused passwords to reach Twitter's corporate Google Apps. The breach proved that the security of an entire online identity is only as strong as the weakest service a person uses.
3. Network Solutions breach exposed half a million card accounts
Web host Network Solutions disclosed that rogue code planted on its servers had captured payment data from more than 573,000 credit and debit cardholders. The malware siphoned transactions from around 4,300 small online shops over nearly three months before anyone noticed.
4. Amazon remotely deleted Orwell from Kindle devices
Amazon quietly reached into customers' Kindles over the wireless network and erased copies of George Orwell's novels after a rights dispute. The episode showed that people who bought digital books did not truly control them, and the irony of censoring "1984" was lost on no one.
5. Canada's privacy watchdog faults Facebook
The Office of the Privacy Commissioner of Canada ruled that Facebook breached national privacy law, chiefly by handing too much user data to third-party application developers. The regulator also criticised the indefinite retention of data after account deactivation and gave the company thirty days to act.
6. EFF publishes Surveillance Self-Defense International
The Electronic Frontier Foundation released a guide aimed at activists facing surveillance and censorship under authoritarian regimes. It set out practical steps such as risk assessment, encryption, and the use of Tor to keep communications private.
7. China delays its compulsory Green Dam filter
Beijing postponed its order that every new computer ship with the Green Dam Youth Escort filtering program, just one day before the rule was to take effect. The software monitored browsing and typing, carried serious security holes, and drew protest from users, lawyers, and foreign governments alike.
8. US and South Korean websites buckle under DDoS attacks
A botnet of tens of thousands of hijacked computers flooded government, financial, and media sites in both countries around the July holiday. Targets included the White House, the Treasury, and the Federal Trade Commission, raising fresh worry about how exposed public infrastructure had become.
9. Hospital security guard arrested over botnet plot
Federal agents arrested a contract security guard who had used his physical access to plant malware on computers at a Dallas clinic. He had bragged online while controlling systems that managed the building's air conditioning, putting patient safety at risk.
10. AT&T blocks customer access to 4chan
AT&T cut off its broadband subscribers from part of the image board 4chan, prompting an outcry about censorship and network neutrality. The carrier said it had blocked the traffic to shield its network from a denial-of-service flood connected to the site.
11. Ad industry publishes behavioural advertising principles
Five advertising trade bodies released Self-Regulatory Principles for Online Behavioural Advertising covering how interest-based data is collected and used. The move answered repeated calls from regulators for greater transparency and consumer control over tracking.
12. Court hears the government's bid to dismiss Jewel v. NSA
A federal judge in San Francisco weighed the government's argument that EFF's challenge to dragnet surveillance should be thrown out to protect state secrets. EFF countered that no blanket secrecy claim could place warrantless wiretapping beyond the reach of the courts.
13. BT shelves Phorm's Webwise tracking system
BT abandoned its plan to deploy Phorm's Webwise system, which would have profiled the browsing of millions of broadband customers to target adverts. Privacy campaigners hailed the climbdown after a long fight over secret trials run without consent.
→ phys.org
14. FCC questions Apple and AT&T over Google Voice
The Federal Communications Commission opened an inquiry after Apple rejected the Google Voice application and pulled related apps from the App Store. The regulator pressed Apple, AT&T, and Google on whether the move stifled competition and consumer choice.
15. French Senate adopts the Hadopi 2 three-strikes law
The French Senate quickly passed a reworked anti-piracy bill that could suspend a household's internet access after repeated accusations of unlawful downloading. Critics warned that monitoring of peer-to-peer networks and electronic communications threatened due process and privacy.
→ edri.org
16. HSBC fined over careless handling of customer data
Britain's Financial Services Authority fined three HSBC firms a combined sum after they lost unencrypted discs holding the personal details of customers in the post. The regulator found inadequate controls had left sensitive information at risk of falling into criminal hands.
17. Researcher calls iPhone 3GS encryption useless
A security researcher demonstrated that data on the iPhone 3GS could be copied and decrypted within minutes despite the device's advertised encryption. He argued that weak protection was worse than none, since it lulled enterprise users into a false sense of security.
18. Chips in official IDs raise tracking fears
Reporting on radio chips embedded in passports and enhanced driving licences showed that a researcher could read their identifiers wirelessly from a distance. Experts warned that the unencrypted tags could enable covert tracking and identity theft without a holder's knowledge.
→ phys.org
19. Nokia and Siemens face anger over Iran surveillance
Activists turned on Nokia after reports that a Nokia Siemens venture had sold Iran a monitoring centre able to intercept calls, emails, and internet traffic. The equipment was linked to the tracking of dissidents during the crackdown that followed the disputed election.
20. Microsoft and Yahoo strike a search data pact
Microsoft and Yahoo agreed a ten-year deal that put Bing behind Yahoo searches and pooled the two firms' search query data. The consolidation concentrated a vast trove of behavioural information used to target advertising, drawing antitrust and privacy scrutiny.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: