Privacy Roundup #0037 • August 2009
August 2009 turned location, tracking and old-fashioned card theft into front-page worries, as a record breach indictment, a Twitter blackout and quiet browser snooping all landed in the same month.
1. Twitter meltdown raises questions about site stability
A flood of traffic aimed at a single pro-Georgian blogger knocked Twitter offline for roughly two hours on 7 August and degraded Facebook and LiveJournal. The episode showed how fragile a major social platform could be when one user became a target.
2. TJX suspect indicted in Heartland, Hannaford breaches
Federal prosecutors charged Albert Gonzalez and two Russian associates with stealing data for at least 130 million payment cards from Heartland Payment Systems and other firms. It was billed as the largest identity theft prosecution in United States history at the time.
3. Facebook agrees to address the Canadian Privacy Commissioner's concerns
On 27 August Facebook agreed to rework its application platform so that apps must seek express consent for each category of personal information they wished to access. The company also promised clearer wording about deletion, advertising and the handling of a deceased user's account.
4. AT&T, Apple and Google respond to the FCC over Google Voice
Filings published on 21 August revealed Apple's worry that Google Voice transferred a user's entire contacts database to Google's servers. AT&T denied any role in the rejection, leaving the regulator to weigh competing accounts of why the app was blocked.
5. More seek privacy from the Google Book Search settlement
Authors, librarians and scholars warned on 14 August that the settlement let Google compile records of what people read. They pressed the company to commit to protecting reader anonymity before any digital library opened.
6. Op-ed on lawless surveillance by Cindy Cohn
EFF's legal director argued on 24 August that the new administration had adopted the previous one's most extreme surveillance positions. She criticised efforts to dismiss wiretapping lawsuits so that courts could never review the programmes.
7. Twitter helps users track tweets by location
Twitter announced on 21 August a forthcoming developer interface that would attach latitude and longitude to individual posts. The feature was to be switched off by default, with exact coordinates not stored for long, in a nod to location worries.
8. CBP to continue searches of travellers' laptops
The Department of Homeland Security confirmed on 28 August that border officers could keep examining laptops and phones without any suspicion of wrongdoing. New directives set time limits and supervisory sign-off, yet civil liberties groups said officials retained sweeping power.
9. Who knows where you are, and why?
EFF published a report on 5 August warning that toll tags, phones and location services were quietly recording people's movements. The authors argued that the safest design was one that never collected the data in the first place.
10. Malaysia mulls Chinese Green Dam twin
Reports on 7 August said Malaysia was weighing a national internet filter modelled on China's Green Dam, justified as a defence against child pornography. Critics noted the country's record of jailing bloggers and feared the tool would suppress dissent.
11. Twitter hack spawns spam and scareware scams
By 10 August criminals were exploiting the Twitter outage to poison search results and push fake security software. Researchers found the spam and the denial-of-service traffic came from the same botnet of hijacked machines.
12. FTC and HHS issue breach notification rules
August brought twin federal rules requiring health organisations and personal health record vendors to tell people, and sometimes the press, when their data was exposed. The measures implemented the breach provisions of the 2009 stimulus law.
13. Marines ban social networking, citing security risk
An order issued on 3 August barred Marines from reaching Facebook, Twitter and MySpace on the corps network for a year. Officials called such sites a haven for malicious content that exposed sensitive information to adversaries.
14. China softens stance on Green Dam filter
On 24 August Beijing confirmed that its Green Dam filtering software would no longer be forced onto every new computer. The minister conceded the original mandate had been ill considered after a wave of privacy and security objections.
15. Apache site hacked through SSH key compromise
The Apache Software Foundation disclosed on 28 August that attackers had used a stolen automated-backup key to plant scripts on its servers. The foundation said no end users were harmed but admitted its handling of SSH keys had been weak.
16. Fake ATM scam rumbled by Defcon hackers
Security researchers at the Defcon conference spotted a counterfeit cash machine planted in their Las Vegas hotel on 3 August. A flashlight revealed a hidden PC built to harvest card numbers and PINs from anyone who used it.
17. Joe Grand on hacking parking meters and the hazards of research
In an interview posted on 5 August, hardware hacker Joe Grand described how he defeated the smart cards behind San Francisco's parking meters. He explained how cloned cards could fool every meter in the city, exposing the weak security of public payment kit.
18. Sites pulling sneaky Flash cookie-snoop
Researchers reported on 19 August that more than half of popular sites used Flash storage to track visitors, often rebuilding ordinary cookies that people had deleted. The persistent identifiers survived private browsing and rarely appeared in any privacy policy.
19. IEEE group aims to forge malware sharing standard
On 20 August the major antivirus firms joined a new IEEE group to standardise how they swapped malware samples. The effort sought to bring order to ad-hoc cooperation as the volume of new threats grew beyond informal arrangements.
20. Apple sneaks malware protection into Snow Leopard
Days before Snow Leopard shipped, Apple was found on 25 August to have built a quiet malware check into the system. The feature warned users about two known trojans when files arrived through certain browsers and mail clients, though its coverage was narrow.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: