Hackers Penetrate Nasdaq Computers

Found on Wall Street Journal on Saturday, 05 February 2011
Browse Internet

The intrusions did not compromise the tech-heavy exchange's trading platform, which executes investors' trades, but it was unknown which other sections of the network were accessed, according to the report.

The Nasdaq, which is thought to be as critical from a security standpoint as the national power grid or air traffic control operations, has been targeted by hackers before.

The real criminals are operating the Nasdaq computers.

"Dating" site imports 250,000 Facebook profiles, without permission

Found on Ars Technica on Thursday, 03 February 2011
Browse Internet

"Facebook, an endlessly cool place for so many people, becomes at the same time a goldmine for identity theft and dating - unfortunately, without the user's control."

"Scraping people's information violates our terms," said Barry Schnitt, Facebook's director of policy communications.

Moreover, it's a bit funny hearing Facebook complain about scraping of personal data that is quasi-public.

Mark Zuckerberg, the company's founder, made his name at Harvard in 2003 by scraping the names and photos of fellow classmates off school servers to feed a system called FaceMash. With the photos, Zuckerberg created a controversial system that pitted one co-ed against another, by allowing others to vote on which one was better looking.

Seems like it's not so funny when others do what Zucky did. It would be interesting to hear the lawyers explain why Cirio and Ludovic deserve a punishment while their CEO did exactly the same before. Besides, claiming that it violates some terms of service isn't much of a defense when it's about public information anybody can see without consenting to those terms.

At Facebook, defense is offense

Found on CNet News on Sunday, 30 January 2011
Browse Internet

The wall of scalps is a source of pride for Facebook's security team and is representative of the company's aggressive, no-holds-barred approach to keeping fraudsters and thieves away from its more than 500 million users.

On Christmas Day, the security staff started hearing complaints from political activists in Tunisia--who had been protesting against the government since December--that their Facebook accounts were being compromised.

Facebook came up with a solution to fix the problem and began rolling it out to users in Tunisia over the next week.

Lacking an essential security protocol and hailing its introduction as an awesome invention is not something to be proud of. It's also embarrassing to have your CEO's account hacked. Or to have a default setup which reveals private information which in turn helps solving security questions to gain access to email accounts.

Egypt's Internet goes dark during political unrest

Found on CNet News on Thursday, 27 January 2011
Browse Internet

In a stunning development unprecedented in the modern history of the Internet, a country of more than 80 million people has found itself almost entirely disconnected from the rest of the world.

Early in the morning in Cairo, a series of complaints of mobile phone outages said Mobinil, the country's largest mobile provider, was no longer providing service.

Yes, you can stick your head into the sand; but that doesn't change anything that's happening.

Facebook lets users turn on crypto

Found on CNet News on Tuesday, 25 January 2011
Browse Internet

Facebook announced today that it is now offering users the ability to use encryption to protect their accounts from being compromised when they are interacting with the site, something security experts have been seeking for a while.

"Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries, or schools," the post says.

Facebook should be terribly embarrassed for not providing HTTPS by default; instead, they make a huge PR announcement out of their lack of security. Or perhaps the hack of Zucky's page yesterday was all that it took.

Web images to get expiration date

Found on BBC News on Monday, 24 January 2011
Browse Internet

German researchers have created software called X-Pire that gives images an expiration date by tagging them with an encrypted key.

Dr Backes said development work began about 18 months ago as potentially risky patterns of activity on social networks, such as Facebook, showed a pressing need for such a system.

Viewing these images requires the free X-Pire browser add-on. Currently only a version that works with Firefox is available. Those without the viewer will be unable to see any protected image.

If you read through their FAQ, you will notice a nice little gem: "X-pire! offers no protection against the intentional copying of an image during the validity period (e.g. by taking a screnshot)". So, in other words, the team worked 1.5 years on an encoder that costs about $33 per year and a FireFox-only plugin which does not stop the user from taking a screenshot. Honestly, even if I could be bothered to install that plugin, the first thing to do is taking screenshots; especially because it is obvious that whoever put the picture online thinks it's embarrassing. Even if they disable screenshots one can simply use a virtual machine and grab the picture from the host system.

Google ready for action against content farms

Found on CNet News on Saturday, 22 January 2011
Browse Internet

Google is ready to fire a shot across the bow of the so-called content farms, willing to acknowledge recent criticism of the quality of its search results but still not quite ready to detail specific remedies.

Google has been thinking for quite some time about how to deal with content that isn't obvious spam but is clearly not designed with the best interests of the user in mind, Cutts said.

Spam has been annoying for years now. Every time you try to inform yourself about anything that can be bought, your search results are loaded with spammy sites offering price comparisons and cheap deals.

Playboy iPad app 'to show nudity', Hugh Hefner claims

Found on BBC News on Wednesday, 19 January 2011
Browse Internet

Playboy's current app features no naked photos, in line with Apple's strict no nudity policy.

In April 2010, founder Steve Jobs wrote to a customer who complained about the company's stance, saying it was Apple's "moral responsibility" to keep porn off the iPhone.

"If you want porn, get an Android," he said, referring to the operating system used on rival smartphones.

I doubt Steve will make an exception for Hugh. If he would, a lot of others would want to sell porn apps too.

Infected PC Compromises Pentagon Credit Union

Found on Threadpost on Tuesday, 11 January 2011
Browse Internet

The credit union used by members of the U.S. armed forces and their families has admitted that a laptop infected with malware was used to access a database containing the personal and financial information of customers.

PenFed says it doesn't know of any efforts to misuse the stolen information, but the organization's connection to members of the military, Department of Defense and other U.S. government agencies may well raise the spectre of state-sponsored attack that may, or may not have a financial motive.

Another day, another break-in.

Vodafone says security breach a 'one-off'

Found on ABC News on Saturday, 08 January 2011
Browse Internet

Vodafone has confirmed it believes its secure customer database has been breached by an employee or dealer who has shared the access password, revealing the personal details of millions of customers.

The details are reportedly accessible from any computer because they are kept on an internet site rather than Vodafone's internal system.

Mobile phone dealers have also admitted that anyone with full access to the system can look up a customer's bills and make changes to accounts.

"The access password". Not "his", not "passwords". Meaning Vodafone has a single global password for everybody to look up confidental customer information on an Internet facing server. You think companies would learn something thanks to the ongoing security breaks and data leaks.