The media recently reported that information from over 500 million Yahoo accounts was breached. According to USA Today, the information may have included “names, email addresses, telephone numbers, dates of birth, and, in some cases, encrypted or unencrypted security questions and answers.” Aside from Continue reading Account breaches and the CFAA
Two men have been arrested for allegedly hacking Photobucket and accessing private photos. This is another reminder that you can’t always trust a site’s privacy settings to protect you. If you want something to stay private, consider not putting it online at all.
As many Americans have no doubt heard, probable 2016 presidential candidate Jeb Bush has publicly released a large number of e-mails from his tenure as Florida’s governor. Unfortunately, in their rush to release the e-mails, his staff neglected to redact sensitive information from his constituents such as real names, physical addresses, e-mail addresses, and Social Security numbers! According to the article, Bush’s staff is working on fixing the problem.
I’m not sure why anyone would include their Social Security numbers in an e-mail to their governor, but the incident reminds us that we may not always be the weakest link when a leak or breach occurs. This particular one may have been averted if senders had been more careful about including personal information in an e-mail to a public figure or if Bush’s staff had been more thorough, but there will be times when we have to send sensitive information or otherwise place it in the hands of another party, thus taking it out of our direct control. It is therefore not merely as individuals but as a society that we need to be more vigilant about our privacy and security.
Recently, media outlets have been reporting on privacy concerns with Samsung’s SmartTV. Much of the concern appears to be focused on the “Voice Recognition” section of their SmartTV privacy statement:
“If you enable Voice Recognition, you can interact with your Smart TV using your voice. To provide you the Voice Recognition feature, some voice commands may be transmitted (along with information about your device, including device identifiers) to a third-party service that converts speech to text or to the extent necessary to provide the Voice Recognition features to you. In addition, Samsung may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features. Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.” Continue reading Privacy Concerns With Samsung’s SmartTV
In a recent article, the New York Times has cast a spotlight on a new website called Hacker’s List; possibly a reference to the popular classified advertising site Craigslist. The website allows its clients to “Find professional hackers for hire.” Despite the use of the word “professional,” the types of jobs clients desire seem to be limited to relatively mundane, if illegal activities. ZDNet gives several examples of job offers that were posted on the site, including the following:
$10-$350: Need some info and messages from a Facebook account. Other jobs to come if successfull
$300-$600: I need a hacker to change my final grade, it should be done in a week.
$200-$300: Hack into a company email account. Copy all emails in that account. Give copies of the emails employer. Send spam emails confessing to lying and defamation of character to everyone in the email list.
In October last year, I posted a summary of phone carriers injecting unique identifiers into outgoing http requests made by customers. From the perspective of privacy, the main problem with this scheme is that it provides a way for third parties such as advertising networks to uniquely identify their users without using cookies.
Recent developments show that this threat is not merely theoretical. John Mayer recently discovered Continue reading An Update on Verizon’s UIDH Injection
There’s a new Pew report on what experts believe the future of privacy will look like. The responses range from optimistic to grim.
Twitter has just made every public Tweet made since the inception of Twitter available through its search engine. The Guardian has suggested several approaches to scrubbing potentially embarrassing Tweets from being found through this search engine. The approaches range from deleting a single Tweet to closing your entire Twitter account.
The consequences to not exercising discretion in sharing information (or allowing others to share it) on social media can be serious. College admissions officers commonly use social networks to find out more about their applicants. Employees at fast food restaurants have lost their jobs. Continue reading Twitter Makes Every Public Tweet Searchable
Some of the more serious allegations made by The Guardian are as follows:
1. Whisper tracks the location of users who have expressly opted out of geolocation services
2. Whisper shares information with the US Department of Defense from smartphones it knows are used from military bases.
3. Four days after learning The Guardian intended to publish their story, Whisper rewrote its terms of service to Continue reading Analyzing the Whisper CEO’s Response To The Guardian’s Allegations
The incident dubbed the “Snappening,” in which up to 200,000 Snapchat images were leaked, has been widely reported by the media. The third-party app Snapsaved has taken responsibility for being hacked and has stated that Snapchat itself was not hacked. Snapchat confirmed this in a blog post, stating “We are grateful that the service provider acknowledged that Snapchat was never compromised,” a reference to the statement made by Snapsaved.
Snapchat also made the following statement at the end of their post: “We’ll continue to do our part by improving Snapchat’s security and calling on Apple and Google to take down third-party applications that access our API. You can help us out by avoiding the use of third-party applications.”
The question we should be asking ourselves is Continue reading Is the Snapchat Model Fundamentally Broken?