PersonalInformation
Latest
E-ticketing flaw could allow hackers to print boarding passes
E-ticketing systems used by eight major airlines, including Southwest, suffer from a lax security that could expose personal information and result in tampering with seats and boarding passes. Researchers at mobile security firm Wandera published a report highlighting vulnerability found in check-in emails delivered to passengers. While there is no evidence of any significant breach, the vulnerability may still give travelers pause.
Tech companies face scrutiny from Congress over data sharing
Facebook, Twitter, Google and other tech companies are about to face some close scrutiny from the House Energy and Commerce Committee, which has oversight over the tech and telecom industries. According to Chairman Greg Walden (R-OR), it's all in the name of consumer protection. Hearings are currently scheduled for November, but Walden sees this as a long-term process.
India’s privacy ruling could disrupt its biometric society
A landmark judgement has ruled that Indian citizens have a fundamental right to privacy, despite the country's vast biometric identification scheme. In a case bought forward by opponents of the government's Aadhaar biometric program, Chief Justice J.S Khehar said privacy was "protected as an intrinsic part of Article 21 that protects life and liberty". The unanimous verdict from the nine-judge bench overturns two previous rulings by the Supreme Court which said privacy was not a fundamental right.
Google's 'About me' is your all-inclusive profile for the company's apps
In its on-going quest to strip Google+ down to its frame, Mountain View has spun yet another feature from the sputtering social network as a standalone item. A new "About me" page is Google's one-stop shop for updating your profile details across the company's arsenal of apps. Changes made here will update how your personal information is display in the likes of Google+, Photos, Drive and more. In terms of what's included, About me displays all of your contact info, education, work history, places, gender, birthday and more. If your Google+ profile is listed as public, the information here, and across Google's apps, will be as well. Not to worry, you can lock down individual cards as private should you choose to do so. The company says it's also working on a way for users to see what their profile will look like to those ogling it. If you're unsure about your security settings across Photos, YouTube and other apps, there's a handy link to Google's Privacy Checkup tool at the bottom of the page. Ready to check it out? You can do just that via the source link below.
WSJ: Safari loophole lets Google track Apple users through web ads
Stanford researcher Jonathan Mayer has discovered a curious Safari loophole that allows Google to track a user's browsing activity via cookie-laced web ads. As it turns out, Apple's browser normally accepts cookies from sites that a user visits, but automatically blocks them from third-party advertisers. As Mayer found out, though, advertisers can still circumvent this filter by enticing users to interact with ads in different ways. In the case of Google, the search giant embedded a "+1" button on ads produced with its DoubleClick technology, as part of an opt-in feature for Google+ users. If a user was logged in to Google+ and had agreed to see +1 ad displays, he or she would have a cookie planted on their device, thanks to a system that sent invisible forms from Apple computers or iPhones. This made it seem as if a user actually submitted the form intentionally, thereby convincing Safari to allow cookies. These cookies were only temporary, with shelf lives of up to 24 hours, but they could open the door for many more, since Safari allows sites to plant them after having received access to install at least one.After the Wall Street Journal notified Google of this loophole, the company promptly disabled it and duly apologized, adding that it didn't realize that its +1 system would plant tracking cookies on a user's device. "We didn't anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers," Google's Rachel Whetstone explained. "It's important to stress that, just as on other browsers, these advertising cookies do not collect personal information." An Apple spokesperson, meanwhile, issued the following statement: "We are aware that some third parties are circumventing Safari's privacy features and we are working to put a stop to it."
Oops! Motorola sold refurbished Xooms without deleting previous owners' data
Usually, when passwords and personal information are exposed, it's because someone hacked a company's not-so-secure system. Motorola, however, managed to put people's info at risk without such malfeasance when it failed to wipe the memory of a batch of refurbished Xooms. The tablets in question were sold by Woot.com between October and December of last year, and Moto is claiming that it made the mistake on only small number of slates. Of course, we don't know exactly how many Xooms were shipped with previous owners' data onboard, but we do know that the company is actively attempting to make amends. Moto's offering two years of Experian identification protection services to those whose info was exposed and owners of affected Xooms are getting a little something too. Just send the device back to Motorola on the company's dime -- where it'll be properly reset and sent back to you, along with a $100 American Express gift card for your efforts. Wondering if you're among the unlucky? Hit the PR after the break for more info, and those with Wooted Xooms can plug in their slate's serial number at the source link below to find out for sure.[Thanks, Scott]
EU regulators ask Google to 'pause' its privacy changes, need more time to investigate
Google has gone to great lengths to clarify its revamped privacy policy, but a regulatory body in the European Union thinks the company is moving a little too fast. Today, European regulators formally requested that Google "pause" its rollout, in order to give the EU more time to investigate its forthcoming changes. "Given the wide range of services you offer, and the popularity of these services, changes in your privacy policy may affect many citizens in most or all of the EU member states," the EU's Data Protection Working Party wrote in a letter to Google CEO Larry Page yesterday. "We wish to check the possible consequences for the protection of the personal data of these citizens in a coordinated way." The body didn't specify how much time it would need to investigate, but it stressed that doing so would help to ensure absolute transparency among European users. "[W]e call for a pause in the interests of ensuring that there can be no misunderstanding about Google's commitments to information rights of their users and EU citizens, until we have completed our analysis," the letter reads. Viviane Reding, Europe's commissioner on data protection, heralded the move as an important step in asserting EU authority over online privacy and regulations, but Google was somewhat taken aback by the request. "We briefed most of the members of the working party in the weeks leading up to our announcement," said company spokesman Al Verney. "None of them expressed substantial concerns at the time, but of course we're happy to speak with any data protection authority that has questions." It's worth noting that Google isn't legally bound to heed the Working Party's request, though we'd expect the company to seek some sort of compromise with Europe's regulators, as it has in the past.
Carrier IQ VP says software poses no threat to user privacy, backs up his argument with metaphor
The final chapter of the Carrier IQ saga has yet to be written, but at this juncture, even the rosiest of rose-tinted observers would be hard pressed to find a silver lining. The specter of federal investigation looms larger by the day. Implicated carriers and manufacturers are washing their hands with Macbethian fury. Al Franken is on the verge of going Al Franken. And at the epicenter of all this sits Carrier IQ -- a California-based analytics company that has already gone to great lengths to defend its innocence. First, it sought to discredit Trevor Eckhart's ostensibly damning research with a cease-and-desist letter. Then, CEO Larry Lenhart flatly denied Eckhart's findings with an impassioned YouTube address. In recent days, the company has markedly softened its stance, arguing that its apps are only designed to meet operator demands and to "make your phones better." Now, Carrier IQ has elaborated upon these arguments with a more detailed breakdown of how its software functions, and a more substantive defense of its practices. Head past the break to read more.
Verizon begins collecting user data for targeted ads, is kind enough to offer 'opt-out' escape route
Verizon still wants to collect your personal information, but it'll understand if you decide to opt out. Really, it's cool. No hard feelings. The provider said as much yesterday, in an e-mail titled "Important notice about how Verizon Wireless uses information." The missive, sent to all VZW customers, essentially lays out the company's revamped privacy policy, originally unveiled last month. Under the new framework, Verizon will be able to monitor your browsing history, location, app usage, and demographic data, all in the name of targeted advertising and vaguely-titled "business and marketing reports." The good news is that you can always opt out of the scheme, either by phone or online. The bad news is that you'll probably have to explain the whole thing to your grandma.
US government to beat back botnets with a cybersecurity code of conduct
Old Uncle Sam seems determined to crack down on botnets, but he still needs a little help figuring out how to do so. On Wednesday, the Department of Homeland Security and National Institute of Standards and Technology (NIST) published a request for information, inviting companies from internet and IT companies to contribute their ideas to a voluntary "code of conduct" for ISPs to follow when facing a botnet infestation. The move comes as an apparent response to a June "Green Paper" on cybersecurity, in which the Department of Commerce's Internet Policy Task Force called for a unified code of best practices to help ISPs navigate through particularly treacherous waters. At this point, the NIST is still open to suggestions from the public, though Ars Technica reports that it's giving special consideration to two models adopted overseas. Australia's iCode program, for example, calls for providers to reroute requests from shady-looking systems to a site devoted to malware removal. The agency is also taking a hard look at an initiative (diagrammed above) from Japan's Cyber Clean Center, which has installed so-called "honeypot" devices at various ISPs, allowing them to easily detect and source any attacks, while automatically notifying their customers via e-mail. There are, however, some lingering concerns, as the NIST would need to find funding for its forthcoming initiative, whether it comes from the public sector, corporations or some sort of public-private partnership. Plus, some are worried that anti-botnet programs may inadvertently reveal consumers' personal information, while others are openly wondering whether OS-makers should be involved, as well. The code's public comment period will end on November 4th, but you can find more information at the source link, below.
Skype for Android update adds US 3G calling, fixes personal data hole
Verizon Android users have had 3G Skype calling since this time last year, but the latest app release -- v1.0.0.983 for those of you keeping tabs -- brings 3G calling to the masses, without the need for a VZW-sanctioned app. The update also patches a rather significant security hole discovered last week, which could let third-party apps get hold of your personal information. We're glad to see that's no longer the case, and who's going to object to free calling as part of the deal as well? Make sure your phone's running Android 2.1 (2.2 for Galaxy S devices) and head on over to the Android Market to get updated.
Skype for Android vulnerable to hack that compromises personal info
If you didn't already have enough potential app privacy leaks to worry about, here's one more -- Android Police discovered that Skype's Android client leaves your personal data wide open to assault. The publication reports that the app has SQLite3 databases where all your info and chat logs are stored, and that Skype forgot to encrypt the files or enforce permissions, which seems to be a decision akin to leaving keys hanging out of the door. Basically, that means a rogue app could grab all your data and phone home -- an app much like Skypwned. That's a test program Android Police built to prove the vulnerability exists, and boy, oh boy does it work -- despite only asking for basic Android storage and phone permissions, it instantly displayed our full name, phone number, email addresses and a list of all our contacts without requiring so much as a username to figure it out. Android Police says Skype is investigating the issue now, but if you want to give the VoIP company an extra little push we're sure it couldn't hurt.
Pandora mobile app found to be sending birth date, gender and location information to ad servers
We still haven't heard much more about that Federal Grand Jury investigation into Pandora and other mobile apps over privacy concerns, but an independent security firm has now gone ahead and taken matters into its own hands. According to an analysis done by the folks at Veracode, Pandora does indeed seem to be sharing more information about you then it lets on. More specifically, they found that the Android app (they haven't yet gotten around to the iOS version) "appears" to be sending information about users' birth date, gender, Android ID and GPS location to various advertising companies -- bits of information that the firm notes could be combined to determine who someone is, what they do for a living, and even who they associate with. For its part, Pandora is simply declining to to comment at the moment, and we're guessing that's unlikely to change anytime soon given the aforementioned investigation. Hit up the source link below for Veracode's complete findings.
Contactizer 3.7 adds Dayboard, other enhancements
Contactizer, the personal information management application from Objective Decision, LLC, has been updated to version 3.7. The update, which applies to both the Pro and Express versions of Contactizer, includes over 20 new features. One of the more significant changes is the addition of a new standalone application called Dayboard that allows users to see calendar events, task list items, and birthdays when Contactizer is closed. Other enhancements include the ability to define custom types for tasks and events, QuickLook previews of attachments, and a Cover Flow mode for Leopard users that displays contacts like business cards. The update is available now and is free to all registered users of previous 3.x releases. Contactizer Express and Pro 3.7 are available in a free 30-day trial, or you can purchase the software for US$119 (€99) for Pro or US$54.90 (€49) for Express. Contactizer requires Mac OS X 10.4 or 10.5 to operate.
