Chalk up another milestone for Seagate, which this week announced it has shipped over 1 million self-encrypting laptop and enterprise hard drives. Seagate's hunch that there's a market for HDDs with built-in encryption so far seems to be spot on, and it hasn't hurt that these drives have managed to win U.S. government certifications. And thanks in part to computer makers like Dell, Fujitsu, Hitachi, IBM, and others stepping on board, Seagate said its enterprise SED shipments have tripled over the two quarters, while its laptop SED shipments have doubled in the past three years.
Google has announced today that the 2-step authentication system that was rolled out for Apps users a few months back is going to be available to everyone soon. This system will dramatically increase your account security to hopefully alleviate the risk that your account could be hacked, or your password phished. The set up process will only take about 15 minutes, and makes use of your mobile phone.
Mozilla has released an eleventh beta of Firefox 4, which includes a handful of bug fixes, speed improvements, and a new "Do Not Track" privacy feature. This last bit is perhaps the biggest change, or at least the one Mozilla is talking most about. Firefox users can check a "Do Not Track" box in the latest beta, which is found in the "Advanced" screen of Firefox's options. When selected, a header is sent to websites alerting them you want to opt-out of online behavioral tracking.
An odd message on Mark Zuckerberg's fan page racked up over 1,800 likes and over 400 comments before the hacked post was removed, TechCrunch reports. Here's what it said:
"Let the hacking begin: i facebook needs money, instead of going to the banks, why doesn't Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a 'social business' the way Nobel Price winner Muhammad Yunus described it? http://bit.ly/fs6rT3 What do you think? #hackercup2011"
Assuming Zuckerberg didn't fall down a flight of steps head first in a drunken stupor as he made his way to his PC, it's pretty evident his fan page was hacked and the above message came from someone else. The post has since been removed, though not before raising questions about Facebook's security if it can't even keep its founder's fan page free from intrusion.
You may remember early last summer when the brand new iPad 3G ended up being a bit of an embarrassment for AT&T thanks to a security exploit. Some industrious hackers managed to use a brute force attack to extract user email addresses and names. Now, Reuters is reporting that Daniel Spitler and Andrew Auernheimer have been arrested and charged with perpetrating the attack. Auernheimer was previously arrested on an unrelated drug charge.
These shady folks created a hacking tool that masqueraded as 3G iPad, and queries AT&T's servers with random ICC numbers. When a number turned out to be valid, the AT&T servers would autofill the corresponding user's real email address and name. The security hole was blamed on a feature AT&T said was included to make log-ins more convenient for users. The hack exposed the information of high-profile politicians, business execs, and journalists. It's no surprise arrests have been the result.
Both defendants were charged with one count of fraud and one count of conspiracy to access a computer without authorization. If convicted, each charge could net the accused five years in prison and a $250,000 fine.
The Organization for Economic Co-operation and Development (OECD) released a controversial security report (PDF) on Monday in which the organization said "it is unlikely that there will ever be a true cyberware." In the report, its authors Peter Sommer, Information Systems and Innovation Group, London School of Economics, and Ian Brown, Oxford Internet Institute, Oxford University, called into question not only the real risks of cyber warfare, but even what they claim is exaggerated language when discussing such risks.
"Analysis of cybersecurity issues has been weakened by the lack of agreement on terminology and the use of exaggerated language," the report states. "An 'attack' or an 'incident' can include anything from an easily-identified 'phishing' attempt to obtain password details, a readily detected virus, or a failed log-in to a highly sophisticated multi-stranded stealth onslaught. Rolling all these activities into a single statistic leads to grossly misleading conclusions."
The report includes over 100 pages of rhetoric, but the bottom line is we have little to fear in terms of cybersecurity risks. After all, "it is unlikely that there will ever be a true cyberware" for a number of reasons. One of those is that many critical computer systems are protected against known exploits. But more importantly, the authors say, "there is no strategic reason why an aggressor would limit themselves to only one class of weaponry."
Heed this warning, privacy advocates: Facebook apps are now allowed to request access to your phone number and address, Facebook developer Jeff Bowen announced.
"We are now making a user's address and mobile phone number accessible as part of the User Graph object," Bowen said. "Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions. These permissions must be explicitly granted to your application by the user via our standard permissions dialogs."
The announcement drew immediate criticism from users, who posted their concerns in the comments section below the announcement.
"Before you even consider implementing this very intrusive feature, Facebook needs to stop the scammers from making rogue applications and scamming people," Facebook user Tony Mazan wrote.
The general consensus seems to be that there are few, if any, reasons why a developer would truly need this information, making the risk far outweigh the reward.
Deleting your browser cookies is supposed to throw websites off your trail, but that isn't always the case. All a determined website has to do is drop a backup cookie into Adobe Flash's local storage, so unless you clean that out as well, they can still track you. These so-called 'zombie cookies' aren't something that only obscure websites use, but according to InfoWorld.com, several prominent sites -- Disney, ABC, ESPN, MTV, and many others -- have been using this approach, and have ended up in court as a result.
So what, if anything, is Adobe doing to ensure a user's privacy isn't compromised?
"Since local storage allows sites and apps to remember information, there are concerns about the use of local storage to store tracking information – or of greater concern, to restore tracking information to a browser cookie that a user has intentionally deleted," Adobe's Emmy Huang wrote in a blog post. "This use of local data storage has raised questions about privacy. So we’re continually working to make sure that users have better control over the local data stored by applications running in Flash Player.
"Most recently, we’ve been collaborating with browser vendors to integrate LSO management with the browser UI. The first capability, one that we believe will have the greatest immediate impact, is to allow users to clear LSOs (and any local storage, such as that of HTML5 and other plugin technologies) from the browser settings interface—similar to how users can clear their browser cookies today."
Adobe claims it's working with Mozilla and Google to define a new browser API for clearing local data, and that you'll see this feature show up soon on the Google Chrome dev channel. After that, you can expect this capability to come integrated in all major browsers.
Vodafone believes its customer database was compromised from an employee or dealer sharing the access password, giving the recipient access to the personal details of millions of customers, ABC News in Australia reports.
"It appears to have been a one-off incident, but we are investigating that thoroughly now and we will have a much better picture of that in the next 24 to 48 hours," said Nigel Dews, Vodafone's chief executive. "We did take this data security issue very seriously. It's very important that we uphold the highest standards of data integrity for our customers."
Dews went on say that passwords are being reset every 24 hours to make sure his company's customer records are kept safe until the investigation concludes.
California's highest court leaned on old U.S. Supreme Court cases to rule that police can confiscate a cell phone from a suspect right after he's arrested and sift through text messages looking for evidence, and do so without first obtaining a warrant, the Ventura County Star reports.
The ruling came as part of a Fourth Amendment decision involving the 2007 arrest of a Thousand Oaks man who wound up arrested after buying ecstasy from a police informant. Text messages on the suspect's cell phone implicated him of the crime.
Jay Leiderman, the criminal lawyer representing who represented the suspect, described the decision as "weak" and "scary" because it cited older U.S. Supreme Court cases that don't have anything to do with today's technology.
"This type of thing opens up the doors for Big Brother to come flying in," he said.
The decision relied on a pair of cases from the early 1970s, one which involved the search of a suspect's clothing and another involving the search of small physical containers, like a crumpled cigarette package.