Tag Archives: privacy

Google shifts stance on Google+ anonymity, will support pseudonyms

Hooray for all the individuals who don’t want everything they post online automatically associated their actual identity!

Google social vice president Vic Gundotra said Google+ will begin allowing people to use pseudonyms. While the Electronic Frontier Foundation declared victory, after having lobbied against Google’s requirement that people use their real names, Gundotra did not actually say when pseudonym support will be enabled.

via Google shifts stance on Google+ anonymity, will support pseudonyms.

Common vulnerabilities expose Sara Palin, Bill O’Reilly’s Paying Fans

So again: Palin’s AOL account was hacked because it used publicly-known answers for password-retrieval questions, a common/known exploit exposed users on O’Reilly’s site, and password-reuse by users exposed their other personal accounts.

On September 19, 2008, hackers from the Anonymous collective attacked the website of Fox News host Bill O’Reilly. The hackers found and immediately posted e-mail addresses, passwords, and physical addresses of 205 O’Reilly site members paying $5 a month to hear Bill’s wisdom. The next day, a distributed denial of service (DDoS) attack hit the site with 5,000 packets per second. That night, another attack flooded two O’Reilly servers with 1.5GB/s of data.

[…]

The attack itself wasn’t particularly clever, but it was effective. Billoreilly.com’s administrative interface was protected by a servlet that locked down access to all back-end material, but the site administrator made one small mistake: he once created a “New premium member report” showing a list of the most recent subscribers, and he created it in such a way that it bypassed the servlet. As later FBI interview notes show, this was “just an error”—but it made the new member report available outside the secure admin structure to someone who knew the location.

[…]

The attackers took the name at the top of the list, an account registered only one hour before, and used it to log into the O’Reilly site as a check of the data’s accuracy. The information was then posted to Wikileaks and discussed on 4chan. Three O’Reilly members who had used the same password on multiple other sites experienced additional fraudulent use of that information.

The article doesn’t differentiate whether the portion of Bill’s site that was hacked contained cardholder data, so I don’t know if this will be considered a breach meriting PCI DSS penalties.  But it’d be quite embarrassing for Bill if his site now has to post the  “We’ve been hacked!” banner.

via Exclusive: How the FBI investigates the hacktivities of Anonymous.

WiFi-hacking neighbor from hell gets 18 years in prison

Yet another reason to keep your WiFi secured: psycho-nutball neighbors:

Barry Ardolf, 46, repeatedly hacked into his next-door neighbors’ WiFi network in 2009, and used it to try and frame them for child pornography, sexual harassment, various kinds of professional misconduct and to send threatening e-mail to politicians, including Vice President Joe Biden.

[…]

Ardolf downloaded WiFi hacking software and spent two weeks cracking the Kostolnik’s WEP encryption.

Step 1: Do not use WEP.  It is easy to crack, and there’s plenty of documentation on the subject, as illustrated by the suspect’s library:

The FBI got a search warrant for Ardolf’s house and computer, and found reams of evidence, including copies of data swiped from the Kostolniks’ computer, and hacking manuals with titles such as Cracking WEP Using Backtrack: A Beginner’s Guide, Tutorial: Simple WEP Crack Aircrack-ng, and Cracking WEP with BackTrack 3 – Step by Step instructions. They also found handwritten notes laying out Ardolf’s revenge plans, and a cache of snail mail that Ardolf had apparently stolen from the Kostolniks’ mailbox and stashed under his bed.

Kick your encryption up to WPA2 at least, and use a nice long key with many different types of characters and symbols.

And if you don’t actually have wireless devices in your home, turn off the radio!

via WiFi-hacking neighbor from hell gets 18 years in prison.

The Government’s New Right to Track Your Every Move And Remotely Strip-Search You

Privacy Item 1:

Government agents can sneak onto your property in the middle of the night, put a GPS device on the bottom of your car and keep track of everywhere you go. This doesn’t violate your Fourth Amendment rights, because you do not have any reasonable expectation of privacy in your own driveway – and no reasonable expectation that the government isn’t tracking your movements.

That is the bizarre – and scary – rule that now applies in California and eight other Western states. The U.S. Court of Appeals for the Ninth Circuit, which covers this vast jurisdiction, recently decided the government can monitor you in this way virtually anytime it wants – with no need for a search warrant. (See a TIME photoessay on Cannabis Culture.)

via The Government’s New Right to Track Your Every Move With GPS – Yahoo! News.

Privacy item 2:

As the privacy controversy around full-body security scans begins to simmer, it’s worth noting that courthouses and airport security checkpoints aren’t the only places where backscatter x-ray vision is being deployed. The same technology, capable of seeing through clothes and walls, has also been rolling out on U.S. streets.

American Science & Engineering, a company based in Billerica, Massachusetts, has sold U.S. and foreign government agencies more than 500 backscatter x-ray scanners mounted in vans that can be driven past neighboring vehicles to see their contents, Joe Reiss, a vice president of marketing at the company told me in an interview. While the biggest buyer of AS&E’s machines over the last seven years has been the Department of Defense operations in Afghanistan and Iraq, Reiss says law enforcement agencies have also deployed the vans to search for vehicle-based bombs in the U.S.

via Full-Body Scan Technology Deployed In Street-Roving Vans – Andy Greenberg – The Firewall – Forbes.

Cops love iPhone data trail :: CHICAGO SUN-TIMES :: Metro & Tri-State

Keep that thing on a leash!

Detective Josh Fazio of the Will County Sheriff’s Department loves it when an iPhone turns up as evidence in a criminal case.

The sophisticated cell phone and mobile computer is becoming as popular with police as it is with consumers because it can provide investigators with so much information that can help in solving crimes.

“When someone tells me they have an iPhone in a case, I say, ‘Yeah!’ I can do tons with an iPhone,” said Fazio, who works in the sheriff’s department high-tech crimes unit.

The iPhones generally store more data than other high-end phones — and investigators such as Fazio frequently can tap in to that information for evidence.

And while some phone users routinely delete information from their devices, that step is seldom as final as it seems.

via Cops love iPhone data trail :: CHICAGO SUN-TIMES :: Metro & Tri-State.

100 Million Facebook Users Learn True Meaning of Going Public

It’s easy to forget, or be ignorant that, anything posted to the Internet will probably be publicly available forever after.

A program written by Ron Bowes, a security consultant at Skull Security, scanned all the listings in Facebook’s open-access directory and then compiled a text file that lists the information he uncovered. That data potentially exposes some Facebook users’ birthdays, addresses, phone numbers and more — but only because they chose not to keep those details private.

“All I’ve done is compile public information into a nice format for statistical analysis,” Bowes told the BBC. He explained that he had simply accessed the same information that’s available to search engines like Google, Bing and Yahoo — or the countless white-pages services available online.

[…]

Facebook users should also be aware that after they have changed their privacy settings, their old profile pages may still be publicly available because they are often stored (or cached) by search engines.

via FOXNews.com – 100 Million Facebook Users Learn True Meaning of Going Public.