Apparently all it takes to assess the security of the data traffic from an Android phone is an inquisitive undergraduate security class. Princeton's Freedom to Tinker blog has the rundown of what the class learned after using a sniffer to inspect Wi-Fi traffic on one Android phone. The verdict? It was a bit hit and miss for security on this day. Google's own technology mostly behaved, but the class did find some troubling data being transmitted by third-party apps.
Many users today are having issues logging into their Twitter accounts from mobile apps UberTwitter, Echofon, and Twitdroyd. According to Twitter itself, there's a really good reason for that. They've suspended the apps from the service for violation of Twitter's policies. The remedy? Twitter says you should use the official apps.
The rise of social networking can be a two-fold problem for parents when it comes to policing teens. First, there's a lot that goes on in Facebook, from potentially inappropriate chats to exchanging photos that show too much and don't cover enough. And secondly, today's teens are more computer savvy than ever. According to ABC New York, James Batelli, a New Jersey police chief, has an interesting solution: hack your child's account.
Chalk up another milestone for Seagate, which this week announced it has shipped over 1 million self-encrypting laptop and enterprise hard drives. Seagate's hunch that there's a market for HDDs with built-in encryption so far seems to be spot on, and it hasn't hurt that these drives have managed to win U.S. government certifications. And thanks in part to computer makers like Dell, Fujitsu, Hitachi, IBM, and others stepping on board, Seagate said its enterprise SED shipments have tripled over the two quarters, while its laptop SED shipments have doubled in the past three years.
Google has announced today that the 2-step authentication system that was rolled out for Apps users a few months back is going to be available to everyone soon. This system will dramatically increase your account security to hopefully alleviate the risk that your account could be hacked, or your password phished. The set up process will only take about 15 minutes, and makes use of your mobile phone.
Mozilla has released an eleventh beta of Firefox 4, which includes a handful of bug fixes, speed improvements, and a new "Do Not Track" privacy feature. This last bit is perhaps the biggest change, or at least the one Mozilla is talking most about. Firefox users can check a "Do Not Track" box in the latest beta, which is found in the "Advanced" screen of Firefox's options. When selected, a header is sent to websites alerting them you want to opt-out of online behavioral tracking.
An odd message on Mark Zuckerberg's fan page racked up over 1,800 likes and over 400 comments before the hacked post was removed, TechCrunch reports. Here's what it said:
"Let the hacking begin: i facebook needs money, instead of going to the banks, why doesn't Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a 'social business' the way Nobel Price winner Muhammad Yunus described it? http://bit.ly/fs6rT3 What do you think? #hackercup2011"
Assuming Zuckerberg didn't fall down a flight of steps head first in a drunken stupor as he made his way to his PC, it's pretty evident his fan page was hacked and the above message came from someone else. The post has since been removed, though not before raising questions about Facebook's security if it can't even keep its founder's fan page free from intrusion.
You may remember early last summer when the brand new iPad 3G ended up being a bit of an embarrassment for AT&T thanks to a security exploit. Some industrious hackers managed to use a brute force attack to extract user email addresses and names. Now, Reuters is reporting that Daniel Spitler and Andrew Auernheimer have been arrested and charged with perpetrating the attack. Auernheimer was previously arrested on an unrelated drug charge.
These shady folks created a hacking tool that masqueraded as 3G iPad, and queries AT&T's servers with random ICC numbers. When a number turned out to be valid, the AT&T servers would autofill the corresponding user's real email address and name. The security hole was blamed on a feature AT&T said was included to make log-ins more convenient for users. The hack exposed the information of high-profile politicians, business execs, and journalists. It's no surprise arrests have been the result.
Both defendants were charged with one count of fraud and one count of conspiracy to access a computer without authorization. If convicted, each charge could net the accused five years in prison and a $250,000 fine.
The Organization for Economic Co-operation and Development (OECD) released a controversial security report (PDF) on Monday in which the organization said "it is unlikely that there will ever be a true cyberware." In the report, its authors Peter Sommer, Information Systems and Innovation Group, London School of Economics, and Ian Brown, Oxford Internet Institute, Oxford University, called into question not only the real risks of cyber warfare, but even what they claim is exaggerated language when discussing such risks.
"Analysis of cybersecurity issues has been weakened by the lack of agreement on terminology and the use of exaggerated language," the report states. "An 'attack' or an 'incident' can include anything from an easily-identified 'phishing' attempt to obtain password details, a readily detected virus, or a failed log-in to a highly sophisticated multi-stranded stealth onslaught. Rolling all these activities into a single statistic leads to grossly misleading conclusions."
The report includes over 100 pages of rhetoric, but the bottom line is we have little to fear in terms of cybersecurity risks. After all, "it is unlikely that there will ever be a true cyberware" for a number of reasons. One of those is that many critical computer systems are protected against known exploits. But more importantly, the authors say, "there is no strategic reason why an aggressor would limit themselves to only one class of weaponry."
Heed this warning, privacy advocates: Facebook apps are now allowed to request access to your phone number and address, Facebook developer Jeff Bowen announced.
"We are now making a user's address and mobile phone number accessible as part of the User Graph object," Bowen said. "Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions. These permissions must be explicitly granted to your application by the user via our standard permissions dialogs."
The announcement drew immediate criticism from users, who posted their concerns in the comments section below the announcement.
"Before you even consider implementing this very intrusive feature, Facebook needs to stop the scammers from making rogue applications and scamming people," Facebook user Tony Mazan wrote.
The general consensus seems to be that there are few, if any, reasons why a developer would truly need this information, making the risk far outweigh the reward.