A new report from security expert Bernard Marienfeldt illustrates a fairly big security hole in the way the iPhone secures user data. When plugged into a Windows or OSX box, and iPhone will only display the DCIM pictures folder. But on the newest Lucid Lynx build of Ubuntu Linux, users can get full read access to the phone. If you think setting a security PIN will help, you're wrong - it doesn't seem to do a thing.
This doesn't require the phone to be specially configured, or compromised in any way. Part of the problem is that in order to make syncing easier, the iPhone does not need any software switches to be flipped in order to exchange data with a computer. Another problem that allows this bug is the iPHone's lack of data encryption.
Marienfeldt says that full write access may be easy to gain as well with further investigation. If this is accomplished, an unauthorized party could access phone functions like calls and text messaging. The real lesson here is that maybe enterprise users should think twice about deploying iPhones. Does this change to calculation for anyone out there?
Can't go a week on any given tech site nowadays without seeing the "F" word. By that, of course, I'm referring to Facebook--and all the privacy implications for its users that have been arguing about on the Web for the past many weeks.
I'm not here to tell you that Facebook is good, evil, or a delicious chocolate-vanilla-strawberry mix. Make that decision yourself. What I can do, however, is point you to a wonderful tool for assessing your own privacy levels on the service. Trying to navigate Facebook's litany of settings and options for keeping this, that, and the other in (or out) of the public eye is indeed treacherous. Don't give up hope, though; salvation lies in the form of a tiny little bookmarklet that you can run on your profile at a moment's notice.
It looks like Facebook is actually planning to make some changes in the wake of repeated recent privacy issues. While on stage at TechCrunch Disrupt, Facebook's VP of product, Chris Cox said that so-called "drastically simplified" privacy controls will roll out starting tomorrow. Many were skeptical about the likelihood of real changes this soon, but Cox claims the new controls will ease privacy fears.
Facebook CEO Mark Zuckerberg wrote an op-ed in the Washington Post admitting Facebook had made mistakes. Some did, however, note he neglected to actually apologize for said mistakes. When the changes start taking place, we'll see if Facebook is actually listening to the concerns. It is unlikely that Facebook will cease the practice of requiring users to opt out of privacy changes, though.
We're a little concerned with the implications of "drastically simplified". There is such a thing as too simple. What are your predictions for Facebook's new privacy controls? Will it make more sense, or just lead to new complaints?
If you're under the impression that big tech firms are most concerned with the possibility of data breaches, think again. According to research released by BDO, a professional services firm, there are much bigger concerns when it comes to security risks.
According to BDO, natural disasters, wars, conflicts, and terrorist attacks were cited by 55 percent of respondents as a risk concern and was 16th on the list. So where did breaches of technology security rank? Far below at 23rd on the listed and mentioned by 44 percent of respondents, or less than half.
"I think it has to do not only with the general difficulty one might encounter as result, but also, at the end of the day, what they are concerned about is business continuity," said Aftab Jamil, leader of the Technology Practice at BDO. "Can they get back on their feet relatively quickly? If you in the path of a hurricane or an oil spill, can you keep your business going?"
As for the top spot, that belonged in part to failure to develop or market new products/services, which tied with strong competition as the leading risk factor with 94 percent mentioning those two areas.
All the recent hoopla surrounding Facebook's privacy policies has users of the social networking service more than a little nervous. So much so, in fact, that some 60 percent of Facebook users are ready to walk away and find a new virtual stomping ground, suggests a new poll by Internet security firm Sophos.
Out of the 1,588 Facebook users that were polled, 30 percent said that they were "highly likely" to quit over privacy concerns, while another 30 percent said they "possibly" would. Combined with the 16 percent who indicated they already have moved on, that's more than three-fourths who have either already walked away or are considering doing so.
"What this poll shows is that the majority of the people we polled are fed up with the lack of control that Facebook gives them over their own data," Sophos wrote in a blog post. "Most still don't know how to set their Facebook privacy options safely, finding the whole system confusing. What's needed is a fundamental shift towards asking users to 'opt-in' to sharing information, rather than to 'opt-out'."
Sophos also said that mass exodus from Facebook seems unlikely, but did note that "delete Facebook account" has become an increasingly hot search term on Google.
Lordy. It's hard to spend but a week surfing the Internet without seeing a group of people getting caught up in a situation that they've volunteered themselves into. And it would be remiss of me to go a single sentence further without mentioning the latest elephant in the room--Facebook.
I can't log into Facebook without seeing a growing number of my friends joining those silly little, "Facebook is opening up my entire life and I wish it was like it was back in 2005" groups/fan pages/whatever we're calling them now. But Dave's Comrades aren't the only ones joining in on the fun--tech pundits Jason Calacanis and Peter Rojas, amongst others, are nuking their accounts in protest as well! It's a Facebook meltdown!
Unlike the open-source world, where the concept of "something for nothing" is pretty widely understood and accepted--even by those that just download away and never contribute a single iota of code or absent thought to an application's development--the general Internet populace seems pretty peeved at an otherwise free service's attempts to branch out its offerings. This, in turn, leads to a stronger advertising platform and/or additional service expansions, but mainly the former. Facebook ain't charity, after all--the company has human overhead and server costs, to name a few, and it's not as if every status update magically conjures up a shiny nickel for Mark Zuckerberg.
Traveling to Australia this summer? If so, be prepared to have your laptops and mobile phones searched for pornography, a spokeswoman for the Australian sex industry says.
According to Fiona Patten, president of the Australian Sex Party, a new question now appears on Incoming Passenger Cards asking people if they're toting around "pornography." But that isn't all - apparently Australian officials have the right to examine your electronic gadgets for illicit material.
"Is it fair that customs officers rummage through someone's luggage and pull out a legal men's magazine or a lesbian journal in front of their children or their mother-in-law?" Patten said. "If you and your partner have filmed or photographed yourselves making love in an exotic destination or even taking a bath, you will have to answer 'Yes' to the question or you will be breaking the law."
If it's any consolation, a spokesman for Australia's customs officials said officers have been been trained to use "tact and discretion" when dealing with passengers. By why search for porn in the first place?
"Including an express reference to pornography is intended to enhance the interception of prohibited pornography at the border, by making passengers aware that some forms of pornography may be a prohibited import," the spokesman said.
A word to the wise, that innocuous looking copier in the corner of the office might be out to share your personal data with an unscrupulous lot. The good news is that the FTC has your back. Data security when it comes to digital copiers is a blind spot, even in many IT departments. FTC Chairman Jon Leibowitz made it clear in a recent letter that the agency was looking into the problem, and was starting an educational campaign to inform users of the danger.
These machines have hard drives that store the images scanned into them. If not properly secured, anyone can log in and retrieve the documents. The letter was sent to US Representative Markey in the wake of a CBS investigation that found used copiers often have personal data on the hard drives.
Have you made any copies at work you now wish you hadn't? Let us (and the IT department) know if you can access the data on your office copiers.
Turn the clock back a couple of months and the only Facebook news you could find was sites trying to dissect its runaway success. With more than 400 million users, a growing ecosystem of interconnected platforms tied back to your profile, and no end to its potential in site Facebook seemed to have it all. Fast forward to the present day and you see a company struggling to explain eroding privacy controls, and a downright flippant attitude towards users who made the service popular under an expectation of privacy that they seem unwilling to defend.
Facebook may eventually turn its mistakes around and get back on track, but if you're tired of waiting and want to make a statement, you might want to check out quitfacebookday.com. Users who sign up at the website are agreeing to deactivate their Facebook accounts on May 31st in a single unified act of defiance to help bring awareness to the privacy issues that plague the site.
"For us it comes down to two things: fair choices and best intentions. In our view, Facebook doesn't do a good job in either department. Facebook gives you choices about how to manage your data, but they aren't fair choices, and while the onus is on the individual to manage these choices, Facebook makes it damn difficult for the average user to understand or manage this. We also don't think Facebook has much respect for you or your data, especially in the context of the future."
At the time this article was posted the headcount was up to 1,500, a bit shy of 400 million but a good start anyway. Anyone else thinking of committing to the cause?
Maximum PC readers don't need to be reminded why encrypting their wireless networks is important, but a recent slip up by the Google Street View team only serves to drive home the point. In a posting released on the European Public Policy Blog Google was forced to admit that in addition to collecting SSID and MAC address information about passing networks, payload information was also collected and archived. In Google's defense the only information that was acquired is data that was being transmitted over open Wi-Fi, but it only serves to fuel the fears, particularly in Europe that the Street View Cars are up to no good.
So how exactly did this happen? In a follow up post Google explained that "in 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data," Google's Senior VP, Engineering & Research Alan Eustace wrote. "A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google's Street View cars, they included that code in their software-although the project leaders did not want, and had no intention of using, payload data."
Google is consulting with a third party to help them confirm what was collected, and ensure it is properly deleted. You could argue that anyone operating an open hotspot deserves what they get, but at the same time it is important for Google to show the world it has at least a passing respect for our privacy given the sheer volume of personal information they seem to be privileged to.