A huge number of Web sites are employing a little-known tracking mechanism to gather information on visitors and are failing to disclose the practice in their privacy policies, according to a new paper from a group of university researchers. The technique employs cookies generated by the Adobe Flash software and the cookies often have the same value as HTTP cookies, the researchers report.
Browsing Category: Social Engineering
Dennis Fisher talks with Microsoft’s Adam Shostack about the Privacy Enhancing Technologies Symposium, the definition of privacy in today’s world and the role of technology in helping to enhance and protect that privacy.
From IDG News Service (Juan Carlos Perez)
Members of the eBay Developers Program must change their account passwords because the e-commerce company recently discovered a way in which account information could be accessed by malicious hackers.
This requirement comes “out of an abundance of caution” on the part of eBay, which hasn’t detected any suspicious activity in developer accounts, the company said Monday evening. Read the full story [cio.com] See the eBay warning [ebay.com]
Two of the largest U.S. banks — Bank of America and Citigroup — have issued new credit and debit cards to Massachusetts customers after running into data-safety concerns.
Bank of America and Citigroup each recently issued replacement cards to consumers, telling them in letters that their account numbers may have been compromised. Read the full story [bizjournals.com]
[img_assist|nid=8327|title=|desc=|link=none|align=right|width=100|height=100]Dennis Fisher talks with researcher Moxie Marlinspike about the innovative research on attacking the inherent weaknesses in the SSL infrastructure that he presented at Black Hat, and the tools he has released to demonstrate the attacks, SSLSniff and SSLStrip.
The cryptographic underpinnings of the Internet are beginning to show some serious wear, and the outlook for better days ahead is not particularly rosy. In just the last week there has been news of major new attacks on perhaps the two most widely used encryption technologies: SSL and AES. We’ve heard talk of cracks in both protocols before, but this time, even the most conservative observers are worried.
By Andrew Storms
Two years ago I took some hard hits from my peers for calling the iPhone “a security nightmare.” Two years later, I can’t find a single person who doesn’t agree that the iPhone is the number one mobile target of security researchers.Fast forward to today: Is the iPhone still a security nightmare or have those problems been relegated to annoyance status?
From TidBITS (Rich Mogull)
The original iPhone was widely criticized by security professionals for lacking essential security features for the enterprise, the large corporate networks that have special needs because of huge numbers of users and the massive back-end operations to support those users.
The original iPhone was hard to lock down, had only limited secure connectivity options, and lacked both data protection and some way to destroy data remotely if you lost the phone. Those capabilities have continued to improve with every iPhone software release and, combined with the hardware improvements in the iPhone 3GS, even regular users can now enjoy security equivalent to that provided by most corporate environments. Read the full story [tidbits.com]
Kun Liu from IBM Research discusses the potential for developing privacy-aware social networking applications through the measurement and monitoring of privacy risks.
From Google Online Security Blog (Macduff Hughes)
There’s been some discussion today about the security of online accounts, so we wanted to share our perspective. These are topics that we take very seriously because we know how important they are to our users. We run our own business on Google Apps, and we’re highly invested in providing a high level of security in our products. While we can’t discuss individual user or customer cases, we thought we’d try to clear up any confusion by taking some time to explain how account recovery works with various types of Google accounts and by revisiting some tips on how users can help keep their account data secure. Read the full story [Google Online Security Blog].