Privacy Roundup #0082 • May 2013
May 2013 brought government surveillance of journalists, corporate snooping, and a wave of breaches that exposed how loosely personal data was held.
1. Mozilla tells spyware maker to stop dressing FinFisher up as Firefox
Mozilla sent a cease and desist letter to Gamma International after researchers found its FinSpy surveillance tool disguised as the Firefox browser. The company said it would not let its name and trademark be used to trick targets into installing government spyware.
2. EFF ranks which companies have your back against government data demands
The Electronic Frontier Foundation released its third annual report grading eighteen technology and telecom firms on how they handle government requests for user data. Twitter and Sonic.net earned full marks, while Verizon and MySpace received none.
3. Schneier warns of the public and private surveillance partnership
Bruce Schneier argued that governments increasingly obtain personal data by buying or compelling it from the corporations that already collect it. He warned that this arrangement lets the state sidestep legal limits on direct surveillance.
4. EFF report shows automated licence plate readers threaten privacy
The Electronic Frontier Foundation detailed how police cameras scan and permanently store the location of millions of cars. It warned that aggregated plate data can reveal where people live, work, worship, and associate.
5. Eight charged in coordinated $45 million ATM cyber heist
Federal prosecutors in Brooklyn unsealed charges against a New York cell accused of draining $45 million from cash machines in a matter of hours. The gang raised prepaid card limits after hacking card processors, then cashed out across two dozen countries.
6. Washington state courts breach exposes 160,000 Social Security numbers
The Washington State Administrative Office of the Courts disclosed that hackers had reached its public website through an Adobe ColdFusion flaw. Up to 160,000 Social Security numbers and a million driving licence numbers may have been accessed.
7. Bloomberg reporters caught snooping on terminal client activity
Bloomberg apologised after admitting its journalists could see when clients logged into its financial terminals and which functions they used. Goldman Sachs and others complained, and the company cut off the access it called a mistake.
→ iapp.org
8. Justice Department secretly seized two months of Associated Press phone records
The Justice Department obtained records for more than twenty Associated Press telephone lines as part of a leak investigation. The news agency called the sweeping subpoena a massive and unprecedented intrusion into its newsgathering.
9. Massachusetts plan to feed pupil data into inBloom draws alarm
Privacy advocates raised the alarm over a state plan to share detailed student records with the Gates funded nonprofit inBloom. Critics warned that names, test scores, race, and behavioural notes could be exposed in a single cloud database.
10. Members of Congress press Google over Google Glass privacy
Eight members of the Congressional Privacy Caucus wrote to Larry Page asking how Google Glass would protect the privacy of users and bystanders. They questioned whether the device would gather data without consent or support facial recognition.
11. Yahoo Japan suspects 22 million user IDs were stolen
Yahoo Japan detected unauthorised access to an administrative system and warned that a file holding 22 million user IDs may have been taken. The company urged its users to change their passwords as a precaution.
12. Pew finds teenagers sharing more yet managing privacy themselves
A Pew Research Center study found teenagers posting more personal information than before while taking their own steps to control who sees it. Few expressed much concern about advertisers and other third parties reaching their data.
13. Microsoft found scanning the links people send over Skype
Researchers showed that web links sent through Skype were soon visited by a Microsoft server, proving the company could read supposedly private messages. Microsoft said it scanned the content to filter spam and phishing.
14. EFF fights an FBI push for backdoors into online communications
The Electronic Frontier Foundation opposed reports that the White House might back an FBI plan to extend wiretap mandates to internet services. The group warned that building decryption backdoors would weaken security for everyone.
15. Twitter adds two-factor authentication after a run of account hijacks
Twitter introduced login codes sent by text message following a string of high profile account takeovers. The move was meant to make it harder for attackers to hijack accounts with a stolen password alone.
16. Fox News reporter James Rosen revealed as a target of DOJ surveillance
Court documents showed the Justice Department had tracked the emails, phone records, and building movements of Fox News reporter James Rosen in a leak probe. Investigators had labelled him a possible criminal co-conspirator to obtain the warrant.
17. Skype beta closes a leak that exposed users' IP addresses
Brian Krebs reported that a Skype beta finally restricted who could see a user's internet address. Until then, resolver services let anyone learn the IP address of any Skype user just by supplying a username.
18. Colorado and Washington bar employers from demanding social media passwords
Colorado and Washington both enacted laws stopping employers from forcing workers and applicants to hand over personal social media login details. The statutes also barred retaliation against those who refuse.
19. Nordstrom stops tracking shoppers through their phones' Wi-Fi
Nordstrom ended a pilot that followed shoppers around seventeen stores by detecting the Wi-Fi signals from their smartphones. The retailer stopped after customers who saw the in-store notices complained about the surveillance.
20. Drupal.org forces a million password resets after a breach
The Drupal Association disclosed that attackers had reached account data through third party software on its servers. It reset every Drupal.org password after usernames, email addresses, and hashed passwords were exposed.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: