Privacy Roundup #0063 • October 2011
October 2011 paired a surge of Anonymous hacks and breach disclosures with hard questions about how companies and governments quietly track ordinary people.
1. Privacy advocates ask the FTC to halt Facebook's frictionless sharing
EPIC, the ACLU and other groups told the Federal Trade Commission that Facebook's new automatic sharing tools were unfair and deceptive. The apps published what people read or listened to without a clear, per-item choice.
2. California signs the Reader Privacy Act into law
Governor Jerry Brown signed SB 602, extending reader privacy protections to electronic books and online book services. The law required a court order before the state could demand records of what Californians read.
3. EFF marks 25 years of an outdated electronic privacy law
The Electronic Communications Privacy Act turned 25, and the EFF pressed Congress to require a warrant before the government read email or tracked phones. Campaigners staged an 1980s-themed event on Capitol Hill to make the point.
4. Anonymous threatens to erase the New York Stock Exchange
A faction of Anonymous posted a video vowing to knock the NYSE website off the internet on 10 October in support of Occupy Wall Street. Other parts of the group publicly opposed the plan, and trading was not affected.
5. Anonymous threatens a Mexican drug cartel in Operation Cartel
After Los Zetas allegedly kidnapped one of its members, Anonymous threatened to publish the names of cartel associates among police, politicians and journalists. The campaign began with an October video and a defaced government website before the group weighed the danger of retaliation.
6. Chaos Computer Club exposes a German government spy Trojan
The Chaos Computer Club reverse-engineered a "lawful interception" Trojan, nicknamed R2D2, used by German police forces. It could take screenshots and run extra code, going far beyond what German law allowed and adding sloppy security holes of its own.
7. Sony locks 93,000 accounts after a fresh credential attack
Sony temporarily froze about 93,000 PlayStation Network and Sony Online Entertainment accounts after attackers tested huge lists of stolen sign-in details. Most attempts failed, and Sony said credit card data was not exposed.
8. FBI arrests the celebrity email hacker behind Operation Hackerazzi
Christopher Chaney was arrested for breaking into the email accounts of more than 50 people in the entertainment industry, including Scarlett Johansson. He guessed password-reset answers from public information and leaked private photographs online.
9. FTC finalises the Google Buzz privacy settlement
The Federal Trade Commission gave final approval to its order against Google over the botched launch of Buzz. The deal required a comprehensive privacy programme and independent audits for the next twenty years.
10. An FTC commissioner makes the case for Do Not Track
In a speech at Loyola, the FTC pressed industry to honour a real Do Not Track signal as the W3C worked towards a standard. The agency argued that consumers deserved a simple, durable way to refuse online tracking.
11. Sutter Health loses a desktop holding millions of patient records
A password-protected but unencrypted desktop computer was stolen from a Sutter Health office in Sacramento. The machine held names, addresses and medical record numbers for roughly 3.3 million patients.
12. Verizon Wireless makes sharing of browsing and location data the default
Verizon changed its privacy policy to share customers' web browsing history, app usage and location with advertisers unless they opted out. The shift turned data sharing into a setting people had to actively switch off.
13. Facebook is caught tracking users after they log out
A researcher found that a Facebook cookie carrying the user's ID survived logout, letting the company link later browsing to an account. The EFF called the design a "Hotel California" problem and warned about its wider legal stakes.
14. Google makes encrypted search the default for signed-in users
Google announced that signed-in users would be redirected to an SSL version of search by default. The change shielded queries from eavesdroppers, while paradoxically hiding search terms from website owners but not from advertisers.
15. Google backs down in the nymwars over Google+ names
Google said it would let Google+ users adopt pseudonyms and other forms of identity within months. The EFF welcomed the retreat from a real-name policy that had locked out many legitimate users.
16. Anonymous hacks Boston police sites over Occupy arrests
Anonymous posted the names, email addresses and passwords of about 1,000 Boston Police Patrolmen's Association members. The group said it acted in response to mass arrests of Occupy Boston protesters and claimed to have hit dozens of police sites.
17. Anonymous attacks a hidden child abuse network in Operation Darknet
Anonymous took down Lolita City, a Tor-hosted child abuse site, and published account details for nearly 1,600 of its members. The group used a database attack and invited the FBI and Interpol to follow the trail.
18. Krebs reports that hundreds of firms were hit alongside RSA
Brian Krebs revealed that the infrastructure used in the RSA breach also reached more than 760 other organisations. Almost a fifth of the Fortune 100 appeared on the list, with much of the command system traced to China.
19. Microsoft settles part of its Kelihos botnet takedown
Microsoft reached a settlement with a subdomain provider it had named in the Kelihos botnet case. The provider agreed to hand over control of abused subdomains while Microsoft pursued the remaining unknown operators.
20. Blue Coat admits its gear ended up censoring Syria
Blue Coat confirmed that thirteen of its filtering appliances had reached Syria, where they were used to censor and monitor the web. The EFF criticised the company for fretting over export penalties rather than the surveillance of Syrian citizens.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: