DataSecurity
Latest
Droid Incredible saves browser screenshots to internal memory, turns into a privacy nightmare?
digg_url = 'http://digg.com/gadgets/Droid_Incredible_saves_browser_screenshots_to_internal_memor'; June must be the month when privacy issues leave their hibernation and return to trouble our fragile minds. First we had Flash going loco, then AT&T's airwaves exploded with iPad users' email addresses, iPhone 4 pre-orders started sending people to the wrong account, and now this. Boy Genius Report has come across a rather worrying "feature" of the HTC Sense bookmarking widget on the Incredible, which takes sporadic screenshots of your browsing sessions. That wouldn't be so bothersome in itself, but try to remove said pictures, and you find where the problem lies. Ending the browsing session, deleting your history, and even a full reset to factory settings failed to eviscerate the indiscreet imagery. You have to manually discover their location and delete them by hand. Considering the high likelihood of Incredibles being sold and resold for years to come, this could turn the phone into a little cache of treasure for the proactive identity thief. And since it's a Sense issue, it might be affecting other HTC handsets as well. Wunderbar.
iPad still has a major browser vulnerability, says group behind AT&T security breach
You know that tiny little security snafu that allowed over a hundred thousand iPad users' email addresses out? The one that the FBI felt compelled to investigate? Well, Goatse Security -- the group that discovered that particular hole (stop laughing) -- isn't best pleased to be described as malicious by AT&T's response to the matter, and has requited with its own missive to the world. Letting us know that the breach in question took "a single hour of labor," the GS crew argues that AT&T is glossing over the fact it neglected to address the threat promptly and is using the hackers' (supposedly altruistic) efforts at identifying bugs as a scapegoat. As illustration, they remind us that the iPad is still wide open to hijacking thanks to a bug in the mobile version of Safari. Identified back in March, this exploit allows hackers to jack in via unprotected ports, and although it was fixed on the desktop that same month, the mobile browser remains delicately poised for a backdoor entry -- should malevolent forces decide to utilize it. This casts quite the unfavorable light on Apple as well, with both corporations seemingly failing to communicate problematic news with their users in a timely manner.
GadgetTrak retrieves 95 percent of stolen laptops, puts RoboCop to shame (video)
Want your stolen gear back? Don't call some gung-ho superhero who's as likely to blow up your small grocery store as he is to catch those perps, call GadgetTrak instead. The little startup company has grown since we last heard of it back in 2007, and is now operating a $25 per year tracking service that has delivered a statistically significant 95 percent success rate on reuniting gadgets with their owners. Available for Mac OS and Windows laptops, as well as mobile phones (BlackBerrys, WinMo, and iPhone) and even removable USB storage, the software's intelligent enough to remotely activate your webcam and ping the incriminating info back directly to you -- no data is sent to GadgetTrak. Check out some recent news coverage of the software and its implementation in local schools after the break.
Corsair's Padlock 2 offers 256-bit AES encryption inside a rugged body
Our British readers will already be painfully familiar with the comical propensity that government officials (even spies!) have for losing sensitive data while on the move. It might be an idea, therefore, to give your forgetful local representative a break with one of these new Corsair USB drives. The Padlock 2 features OS-agnostic password protection via the keypad you see above plus 256-bit encryption of the data stored on the flash inside. So even if someone is tenacious enough to pry the case open, he'll have a hard time getting anything useful out of it. Oh, and don't worry about forgetting the passcode, there's a procedure for wiping the drive clean and generating a new one. 8GB units are available immediately, and we've spotted them online priced at £46 in the UK and $59 in the good old US of A.
MobileMe mixup: Address book snafu exposes personal data to strangers?
These contacts, along with their notes, their phone numbers, dates of birth, and other information say a lot about the person whose address book this is, and also about the people who appear in that contact list, with all their personal and professional info. There's one big problem. The screen shot you see wasn't made by the person who owns this me.com account. Under certain very specific conditions, Apple is inadvertently sharing data from other people's accounts. Ouch. A TUAW reader sent us a video made as he renewed his me.com account from the UK. The address book data he accessed during that time included this Denver-based set shown here, as well as data from an Ireland-based user of Polish descent (all his contacts were back in Poland although his business was based in Ireland). This all went down during the period when his MobileMe account was renewing. Each time he logged off and back on, he was presented with yet another set of contacts--none of them his. He writes, "Each time I logged off and on I got a different address book. All the other options were disabled (because my renewal was being processed) but clicking the Contacts icon showed me *an* address book," just not his address book. With a little Internet-fu, he checked out some of the numbers and found that they were valid and operational. This leads him to believe that this is real data. My inspection of the local Denver data from his screen shots convinces me of the same. Further inspection of work addresses and personal family names makes us believe we know whose Denver-based address book this is. We've attempted to contact this person but as yet have not heard back. The address book glitch ended once the registration process finished, leaving our TUAW reader with a series of screen shots and videos and a deep concern about Apple's ability to safeguard personal data. He's already contacted Apple about the bug. "I contacted them by two means: their web-chat thing where they told me that they 'had no reports of such an issue'. They suggested closing and reopening Safari (helpful eh?) and a generic autoresponse saying they'd reply within 5 days when i sent an email." He adds, "I don't think the people manning the help desk appreciated the seriousness of the situation." TUAW has sent a heads-up to Apple and will keep monitoring the situation to see how it develops.
Study finds that Lockheed Martin needs to stop disposing of hard drives with top secret data intact
With all of those crazy defense contracts Lockheed Martin has goin' on, you'd think the company would have its act together as far as the need to hold down its data goes -- but according to The Daily Mail, this may not be the case. Researchers at BT's Security Research Center have found an overwhelming amount of sensitive data on hard drives purchased through computer fairs and auctions as a part of a recent study, including: bank account details, medical records, and confidential business and financial data. Although many organizations were found to be at fault, the most troubling (sensational) instance included test launch procedures for Lockheed Martin's THAAD (Terminal High Altitude Area Defense) missile defense system, found on hardware purchased from eBay. Also on the same disk were security policies, blueprints, and employees' personal info. When asked for a comment, a spokesman for the company stated that "Until Lockheed Martin can evaluate the hard drive in question, it is not possible to comment further on its potential contents or source." It looks like we're not getting to the bottom of this one any time soon, but in the meantime: if any defense contractors have any questions on the subject, we'll be happy to help.[Via Slashdot]
Software lets neighbors securely share WiFi bandwidth
Instead of fighting about property lines and whose dog is keeping everyone up at night, researchers from the University of Illinois at Urbana-Champaign want you and your neighbors to get together and share your WiFi signal in a method that supposedly delivers better performance to each individual user. Assistant computer science professor Haiyun Luo and graduate student Nathanael Thompson of the school's Systems, Wireless, and Networking Group have released a free download that analyzes local airwaves and exploits unused bandwidth from one network to complement ones experiencing heavy usage, but always gives users priority access to their own signal. Part of the two-year-old PERM project, the application uses flow-scheduling algorithms to determine bandwidth allocation, and has so-far undergone testing on Linux clients and with Linksys routers. Security is obviously a key concern in such a sharing setup, so PERM developed the software to both "preserve a user's privacy and security, and mitigate the free-riding problem."[Via PCWorld]
