Privacy Roundup #0042 • January 2010
January 2010 turned privacy into front-page news, as the China hack pushed Google to drop censorship, airport body scanners triggered a strip-search row, and surveillance abuses at the FBI came to light.
1. Google takes a new approach to China
Google revealed that a sophisticated attack from China had aimed at the Gmail accounts of human rights activists and the theft of its intellectual property. The company said it would stop censoring results on Google.cn and might leave the country altogether.
2. Google may exit China after a highly targeted attack
The Register reported that the intrusion, discovered in mid-December, had breached two Gmail accounts directly while dozens of activist accounts were compromised through phishing and malware. The campaign struck at least twenty companies across several sectors.
3. Uncensoring China: Bravo Google
The Electronic Frontier Foundation praised Google for refusing to keep filtering its Chinese search engine after the attacks on activists. It urged other technology firms to follow that lead rather than comply with state censorship.
4. Google in China: unanswered questions
The EFF examined what Google's stand really meant for users and pointed to the danger lurking in surveillance compliance systems. It warned that the very tools built to satisfy government wiretap demands had become a target for attackers.
5. Microsoft confirms IE zero-day used in Google attack
Microsoft issued a security advisory acknowledging that an unpatched Internet Explorer hole had been used to breach Google, Adobe and more than thirty other companies. The flaw allowed remote code execution once a victim was lured to a booby-trapped web page.
6. Germany and France warn against Internet Explorer
Government security agencies in both countries told citizens to switch browsers until Microsoft had fixed the flaw exploited in the China attacks. Microsoft countered that no browser was free of vulnerabilities.
7. Microsoft ships an emergency Internet Explorer patch
Microsoft broke from its monthly schedule to issue an out-of-band fix for the critical browser flaw. The vulnerability was by then being exploited on hundreds of websites.
8. Clinton demands China investigate the Google attack
Secretary of State Hillary Clinton used a speech on internet freedom to press China over the hacking of activists' accounts. She called censorship a barrier that companies and governments alike should refuse to accept.
9. Gmail switches on HTTPS by default
Google made encrypted connections the standard for every Gmail session rather than an option buried in settings. The change protected message contents and login details from interception on shared networks.
10. RockYou breach exposes the weakness of stored passwords
Analysis of thirty-two million credentials taken from RockYou showed that almost half were trivial choices such as "123456" or "password". Because the data sat in plain text, the breach also threatened the email and banking accounts that users had paired with the same passwords.
11. Report confirms FBI misuse of authority over phone records
The EFF described findings that the bureau had gathered more than two thousand call records through improper emergency requests. The Communications Analysis Unit had leaned on informal letters that bypassed the law.
12. Exploit code for potent IE zero-day bug goes wild
Working exploits for the Internet Explorer flaw behind the China attacks appeared in the Metasploit framework and the Immunity Canvas tool. The public release put the bug within reach of ordinary criminals while Microsoft had yet to ship a fix.
13. Post-underwear-bomber airport security
Bruce Schneier argued that the rush to install body scanners after the Christmas Day plot was security theatre. He maintained that intelligence and investigation, not reactive scanning, kept travellers safe.
14. Airport scanners could break child porn laws
Campaigners warned that the new full-body scanners produced graphic images amounting to a virtual strip search. Children's rights groups said the machines might breach laws against creating indecent images of minors.
15. EPIC sues Homeland Security over scanner images
The Electronic Privacy Information Center filed a second freedom of information lawsuit demanding the full-resolution pictures captured by airport scanners. It also sought records of passenger complaints and any security breaches that had exposed the images.
16. ACTA: international harmonisation at what cost
The EFF examined the secret counterfeiting treaty as a fresh round of talks opened in Guadalajara. It warned that the agreement could force internet providers to police their users and so threaten privacy and free expression.
17. A primer on information theory and privacy
Peter Eckersley explained how seemingly harmless facts combine to identify a person. He used the idea of entropy to show how a postcode, a birth date and a gender together can single someone out.
18. Et tu, U2? Bono and net surveillance
The EFF criticised Bono for suggesting in a newspaper column that internet providers should monitor users to protect copyright. It argued that such surveillance would endanger citizens living under repressive governments.
19. Privacy and control
Responding to claims by technology bosses that privacy was finished, Bruce Schneier argued that the real issue was control over personal data. He noted that declaring the age of privacy over served the companies that profit from collecting it.
20. Help EFF research web browser tracking
The EFF launched its Panopticlick experiment to measure how easily a browser can be fingerprinted. The project showed that details such as installed plug-ins and fonts could identify a computer even without cookies.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: